commit 1c4c595cd67b789fa1bb2d0ef6bd207cac1e16e4
Author: Christoph <ckubu@oopen.de>
Date:   Tue May 8 03:01:03 2018 +0200

    Initial commit

diff --git a/123/README.txt b/123/README.txt
new file mode 100644
index 0000000..23870a4
--- /dev/null
+++ b/123/README.txt
@@ -0,0 +1,28 @@
+
+-------
+Notice:
+-------
+
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.123: ppp0 comes over eth2
+      interfaces.123: see above
+      default_isc-dhcp-server.123
+      ipt-firewall.123: LAN device (mostly ) = eth1
+      second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/123/bin/admin-stuff b/123/bin/admin-stuff
new file mode 160000
index 0000000..6c91fc0
--- /dev/null
+++ b/123/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
diff --git a/123/bin/clean_log_files.sh b/123/bin/clean_log_files.sh
new file mode 120000
index 0000000..4a65412
--- /dev/null
+++ b/123/bin/clean_log_files.sh
@@ -0,0 +1 @@
+admin-stuff/clean_log_files.sh
\ No newline at end of file
diff --git a/123/bin/manage-gw-config b/123/bin/manage-gw-config
new file mode 160000
index 0000000..db1c282
--- /dev/null
+++ b/123/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit db1c28271bd7e7442aa75b3be3ac8c796162abe9
diff --git a/123/bin/monitoring b/123/bin/monitoring
new file mode 160000
index 0000000..0611d0a
--- /dev/null
+++ b/123/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
diff --git a/123/bin/os-upgrade.sh b/123/bin/os-upgrade.sh
new file mode 120000
index 0000000..02ddc66
--- /dev/null
+++ b/123/bin/os-upgrade.sh
@@ -0,0 +1 @@
+admin-stuff/os-upgrade.sh
\ No newline at end of file
diff --git a/123/bin/postfix b/123/bin/postfix
new file mode 160000
index 0000000..c1934d5
--- /dev/null
+++ b/123/bin/postfix
@@ -0,0 +1 @@
+Subproject commit c1934d5bdeee88e6f5b868c7d0bdb955539d34d4
diff --git a/123/bin/test_email.sh b/123/bin/test_email.sh
new file mode 120000
index 0000000..86f3e17
--- /dev/null
+++ b/123/bin/test_email.sh
@@ -0,0 +1 @@
+admin-stuff/test_email.sh
\ No newline at end of file
diff --git a/123/bind/bind.keys b/123/bind/bind.keys
new file mode 100644
index 0000000..db22d4b
--- /dev/null
+++ b/123/bind/bind.keys
@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};
diff --git a/123/bind/db.0 b/123/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/123/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/123/bind/db.123.netz b/123/bind/db.123.netz
new file mode 100644
index 0000000..e0103dd
--- /dev/null
+++ b/123/bind/db.123.netz
@@ -0,0 +1,52 @@
+;
+; BIND data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.123.netz. argus.oopen.de. (
+      2017032801     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+;
+; NS Records
+;
+                  IN NS    ns.123.netz.
+
+
+; Gateway/Firewall
+gw-123                  IN A     192.168.142.254
+gate                    IN CNAME gw-123
+gw                      IN CNAME gw-123
+
+gw-ipmi                 IN A     172.16.142.15
+
+gw-ext                  IN A     172.16.142.1
+
+; (Caching ) Nameserver
+ns                      IN A     192.168.142.1
+nscache                 IN CNAME ns
+
+; Drucker - Brother MFC-J5910DW
+brother-mfc-j5190dw     IN A     192.168.142.5
+brn001ba9df6ae0         IN CNAME brother-mfc-j5190dw
+mfc-j5190dw             IN CNAME brother-mfc-j5190dw
+brother                 IN CNAME brother-mfc-j5190dw
+drucker                 IN CNAME brother-mfc-j5190dw
+
+; NAS Server
+file-123                IN A     192.168.142.10
+file                    IN CNAME file-123
+nas                     IN CNAME file-123
+
+; TP-Link TL-WR842N/ND v3
+ac-buero                IN A     192.168.143.253
+ac1                     IN CNAME ac-buero
+tl-wr842n               IN CNAME ac-buero
+
+; Telekom Router  Speedport W 723V Typ B
+dsl-router              IN A     172.16.142.254
+fritzbox                IN CNAME dsl-router
diff --git a/123/bind/db.127 b/123/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/123/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/123/bind/db.172.16.142.0 b/123/bind/db.172.16.142.0
new file mode 100644
index 0000000..dda882a
--- /dev/null
+++ b/123/bind/db.172.16.142.0
@@ -0,0 +1,27 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.123.netz. argus.oopen.de. (
+      2017031001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+;
+; NS Records
+;
+
+@                 IN NS    ns.123.netz.
+
+; Gateway - extern
+1                 IN PTR   gw-ext.123.netz.
+
+; IPMI Gateway
+15                IN PTR   gw-ipmi.123.netz.
+
+; Telekom Router Speedport W 723V Typ B
+254               IN PTR   tk-router.123.netz.
diff --git a/123/bind/db.192.168.142.0 b/123/bind/db.192.168.142.0
new file mode 100644
index 0000000..e9f0590
--- /dev/null
+++ b/123/bind/db.192.168.142.0
@@ -0,0 +1,30 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.123.netz. argus.oopen.de. (
+      2017031001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+;
+; NS Records
+;
+
+@                 IN NS    ns.123.netz.
+
+; Gateway/Firewall
+254               IN PTR   gw-123.123.netz.
+
+5                 IN PTR   brother-mfc-j5190dw.123.netz.
+
+; (Caching ) Nameserver
+1                 IN PTR   ns.123.netz.
+
+; NAS Server
+10                IN PTR   file-123.123.netz.
+
diff --git a/123/bind/db.192.168.143.0 b/123/bind/db.192.168.143.0
new file mode 100644
index 0000000..23d74fc
--- /dev/null
+++ b/123/bind/db.192.168.143.0
@@ -0,0 +1,22 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.123.netz. argus.oopen.de. (
+      2017031001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+;
+; NS Records
+;
+
+@                 IN NS    ns.123.netz.
+
+; TP-Link TL-WR842N/ND v3 (123Comics-Buro)
+;
+253               IN PTR   ac-buero.123.netz.
diff --git a/123/bind/db.192.168.144.0 b/123/bind/db.192.168.144.0
new file mode 100644
index 0000000..e5126c8
--- /dev/null
+++ b/123/bind/db.192.168.144.0
@@ -0,0 +1,19 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.123.netz. argus.oopen.de. (
+      2017031001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+;
+; NS Records
+;
+
+@                 IN NS    ns.123.netz.
+
diff --git a/123/bind/db.255 b/123/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/123/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/123/bind/db.empty b/123/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/123/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/123/bind/db.local b/123/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/123/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/123/bind/db.root b/123/bind/db.root
new file mode 100644
index 0000000..f0b79d2
--- /dev/null
+++ b/123/bind/db.root
@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file
diff --git a/123/bind/named.conf b/123/bind/named.conf
new file mode 100644
index 0000000..880786a
--- /dev/null
+++ b/123/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/123/bind/named.conf.default-zones b/123/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/123/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/123/bind/named.conf.local b/123/bind/named.conf.local
new file mode 100644
index 0000000..7d10e7d
--- /dev/null
+++ b/123/bind/named.conf.local
@@ -0,0 +1,32 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+zone "123.netz" {
+   type master;
+   file "/etc/bind/db.123.netz";
+};
+
+zone "142.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.142.0";
+};
+
+zone "143.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.143.0";
+};
+
+zone "144.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.144.0";
+};
+
+zone "142.16.172.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.172.16.142.0";
+};
diff --git a/123/bind/named.conf.local.ORIG b/123/bind/named.conf.local.ORIG
new file mode 100644
index 0000000..7a57b10
--- /dev/null
+++ b/123/bind/named.conf.local.ORIG
@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
diff --git a/123/bind/named.conf.options b/123/bind/named.conf.options
new file mode 100644
index 0000000..d7aef1a
--- /dev/null
+++ b/123/bind/named.conf.options
@@ -0,0 +1,93 @@
+options {
+   directory "/var/cache/bind";
+
+   // If there is a firewall between you and nameservers you want
+   // to talk to, you may need to fix the firewall to allow multiple
+   // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+   // If your ISP provided one or more IP addresses for stable
+   // nameservers, you probably want to use them as forwarders.
+   // Uncomment the following block, and insert the addresses replacing
+   // the all-0's placeholder.
+
+   // forwarders {
+   //    0.0.0.0;
+   // };
+
+   //========================================================================
+   // If BIND logs error messages about the root key being expired,
+   // you will need to update your keys.  See https://www.isc.org/bind-keys
+   //========================================================================
+   dnssec-validation auto;
+
+   // Security options
+   listen-on port 53 {
+      127.0.0.1;
+      192.168.142.1;
+   };
+
+   allow-query {
+      127.0.0.1;
+      192.168.0.0/16;
+      172.16.0.0/12;
+      10.0.0.0/8;
+   };
+
+   // caching name services
+   recursion yes;
+   allow-recursion {
+      127.0.0.1;
+      192.168.0.0/16;
+      172.16.0.0/12;
+      10.0.0.0/16;
+   };
+
+   allow-transfer { none; };
+
+   auth-nxdomain no;    # conform to RFC1035
+   listen-on-v6 { any; };
+};
+
+logging {
+   channel simple_log {
+      file "/var/log/named/bind.log" versions 3 size 5m;
+      //severity warning;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category  yes;
+   };
+   channel queries_log {
+      file "/var/log/named/query.log" versions 10 size 5m;
+      severity debug;
+      //severity notice;
+      print-time yes;
+      print-severity yes;
+      print-category no;
+   };
+   channel log_zone_transfers {
+      file "/var/log/named/axfr.log" versions 5 size 2m;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   category resolver {
+      queries_log;
+   };
+   category queries {
+      queries_log;
+   };
+   category xfer-in {
+      log_zone_transfers;
+   };
+   category xfer-out {
+      log_zone_transfers;
+   };
+   category notify {
+      log_zone_transfers;
+   };
+   category default{
+      simple_log;
+   };
+};
diff --git a/123/bind/named.conf.options.ORIG b/123/bind/named.conf.options.ORIG
new file mode 100644
index 0000000..b1bef51
--- /dev/null
+++ b/123/bind/named.conf.options.ORIG
@@ -0,0 +1,26 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/123/bind/rndc.key b/123/bind/rndc.key
new file mode 100644
index 0000000..dcb96a9
--- /dev/null
+++ b/123/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "9MykRXgPrxPffmZqSfl0Gw==";
+};
diff --git a/123/bind/zones.rfc1918 b/123/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/123/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/123/cron_root.123 b/123/cron_root.123
new file mode 100644
index 0000000..0f4de39
--- /dev/null
+++ b/123/cron_root.123
@@ -0,0 +1,48 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.VjzDUW/crontab installed on Fri Jan 26 01:17:27 2018)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# - Check if postfix mailservice is running. Restart service if needed.
+# -
+*/10 * * * * /root/bin/monitoring/check_postfix.sh
+
+# - check if nameservice (bind) is running if not restart the service
+# -
+*/10 * * * * /root/bin/monitoring/check_dyndns.sh 123.homelinux.org
+
+# - check if nameservice (bind) is running if not restart the service
+# -
+*/10 * * * * /root/bin/monitoring/check_dns.sh
+
+# - check if openvpn is running if not restart the service
+# -
+#*/30 * * * * /root/bin/monitoring/check_vpn.sh
+
+# - copy gateway configuration
+# -
+13 4 * * * /root/bin/manage-gw-config/copy_gateway-config.sh 123
+
diff --git a/123/ddclient.conf.123 b/123/ddclient.conf.123
new file mode 100644
index 0000000..363722f
--- /dev/null
+++ b/123/ddclient.conf.123
@@ -0,0 +1,15 @@
+# Configuration file for ddclient generated by debconf
+#
+# /etc/ddclient.conf
+
+protocol=dyndns2
+use=web, web=checkip.dyndns.com, web-skip='IP Address'
+server=members.dyndns.org
+login=ckubu
+password=7213b4e6178a11e6ab1362f831f6741e
+123.homelinux.org
+
+
+ssl=yes
+#mail=argus@oopen.de
+mail-failure=root
diff --git a/123/default_isc-dhcp-server.123 b/123/default_isc-dhcp-server.123
new file mode 100644
index 0000000..df30daa
--- /dev/null
+++ b/123/default_isc-dhcp-server.123
@@ -0,0 +1,21 @@
+# Defaults for isc-dhcp-server initscript
+# sourced by /etc/init.d/isc-dhcp-server
+# installed at /etc/default/isc-dhcp-server by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPD_CONF=/etc/dhcp/dhcpd.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPD_PID=/var/run/dhcpd.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACES=""
diff --git a/123/dhcpd.conf.123 b/123/dhcpd.conf.123
new file mode 100644
index 0000000..93ceca7
--- /dev/null
+++ b/123/dhcpd.conf.123
@@ -0,0 +1,171 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.142.255;
+
+option domain-name "123.netz";
+option domain-name-servers ns.123.netz;
+
+option routers gw.123.netz;
+option ntp-servers 192.168.142.254;
+
+default-lease-time 86400;
+max-lease-time 259200;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+subnet 192.168.142.0 netmask 255.255.255.0 {
+
+   # --- 192.168.142.160/27 ---
+   # network address....: 192.168.142.160
+   # Broadcast address..: 192.168.142.191
+   # netmask............: 255.255.255.224
+   # network range......: 192.168.142.160 - 192.168.142.191
+   # Usable range.......: 192.168.142.161 - 192.168.142.190
+
+  range 192.168.142.161 192.168.142.190;
+  option domain-name-servers ns.123.netz;
+  option subnet-mask 255.255.255.0;
+  option broadcast-address 192.168.142.255;
+  option routers 192.168.142.254;
+  option ntp-servers 192.168.142.254;
+}
+
+# - Drucker - Brother MFC-JJ5910DW
+# -
+host brother-mfc-j5190dw {
+   hardware ethernet 00:1b:a9:df:6a:e0 ;
+   fixed-address brother-mfc-j5190dw.123.netz ;
+}
+
+subnet 192.168.143.0 netmask 255.255.255.0 {
+
+   # --- 192.168.143.160/27 ---
+   # network address....: 192.168.143.160
+   # Broadcast address..: 192.168.143.191
+   # netmask............: 255.255.255.224
+   # network range......: 192.168.143.160 - 192.168.143.191
+   # Usable range.......: 192.168.143.161 - 192.168.143.190
+
+  range 192.168.143.161 192.168.143.190;
+  option domain-name-servers ns.123.netz;
+  option subnet-mask 255.255.255.0;
+  option broadcast-address 192.168.143.255;
+  option routers 192.168.143.254;
+  option ntp-servers 192.168.142.254;
+}
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+subnet 192.168.144.0 netmask 255.255.255.0 {
+
+   # --- 192.168.144.160/27 ---
+   # network address....: 192.168.144.160
+   # Broadcast address..: 192.168.144.191
+   # netmask............: 255.255.255.224
+   # network range......: 192.168.144.160 - 192.168.144.191
+   # Usable range.......: 192.168.144.161 - 192.168.144.190
+
+  range 192.168.144.161 192.168.144.190;
+  option domain-name-servers ns.123.netz;
+  option subnet-mask 255.255.255.0;
+  option broadcast-address 192.168.144.255;
+  option routers 192.168.144.254;
+  option ntp-servers 192.168.144.254;
+}
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/123/dhcpd6.conf.123 b/123/dhcpd6.conf.123
new file mode 100644
index 0000000..87786b4
--- /dev/null
+++ b/123/dhcpd6.conf.123
@@ -0,0 +1,102 @@
+# Server configuration file example for DHCPv6
+# From the file used for TAHI tests - addresses chosen
+# to match TAHI rather than example block.
+
+# IPv6 address valid lifetime
+#  (at the end the address is no longer usable by the client)
+#  (set to 30 days, the usual IPv6 default)
+default-lease-time 2592000;
+
+# IPv6 address preferred lifetime
+#  (at the end the address is deprecated, i.e., the client should use
+#   other addresses for new connections)
+#  (set to 7 days, the	usual IPv6 default)
+preferred-lifetime 604800;
+
+# T1, the delay before Renew
+#  (default is 1/2 preferred lifetime)
+#  (set to 1 hour)
+option dhcp-renewal-time 3600;
+
+# T2, the delay before Rebind (if Renews failed)
+#  (default is 3/4 preferred lifetime)
+#  (set to 2 hours)
+option dhcp-rebinding-time 7200;
+
+# Enable RFC 5007 support (same than for DHCPv4)
+allow leasequery;
+
+# Global definitions for name server address(es) and domain search list
+option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
+option dhcp6.domain-search "test.example.com","example.com";
+
+# Set preference to 255 (maximum) in order to avoid waiting for
+# additional servers when there is only one
+##option dhcp6.preference 255;
+
+# Server side command to enable rapid-commit (2 packet exchange)
+##option dhcp6.rapid-commit;
+
+# The delay before information-request refresh
+#  (minimum is 10 minutes, maximum one day, default is to not refresh)
+#  (set to 6 hours)
+option dhcp6.info-refresh-time 21600;
+
+# Static definition (must be global)
+#host myclient {
+#	# The entry is looked up by this
+#	host-identifier option
+#		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
+#
+#	# A fixed address
+#	fixed-address6 3ffe:501:ffff:100::1234;
+#
+#	# A fixed prefix
+#	fixed-prefix6 3ffe:501:ffff:101::/64;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
+#
+#	# For debug (to see when the entry statements are executed)
+#	#  (log "sol" when a matching Solicitation is received)
+#	##if packet(0,1) = 1 { log(debug,"sol"); }
+#}
+#
+#host otherclient {
+#        # This host entry is hopefully matched if the client supplies a DUID-LL
+#        # or DUID-LLT containing this MAC address.
+#        hardware ethernet 01:00:80:a2:55:67;
+#
+#        fixed-address6 3ffe:501:ffff:100::4321;
+#}
+
+# The subnet where the server is attached
+#  (i.e., the server has an address in this subnet)
+#subnet6 3ffe:501:ffff:100::/64 {
+#	# Two addresses available to clients
+#	#  (the third client should get NoAddrsAvail)
+#	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
+#
+#	# Use the whole /64 prefix for temporary addresses
+#	#  (i.e., direct application of RFC 4941)
+#	range6 3ffe:501:ffff:100:: temporary;
+#
+#	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
+#	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
+#}
+
+# A second subnet behind a relay agent
+#subnet6 3ffe:501:ffff:101::/64 {
+#	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
+#
+#}
+
+# A third subnet behind a relay agent chain
+#subnet6 3ffe:501:ffff:102::/64 {
+#	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
+#}
diff --git a/123/hostname.123 b/123/hostname.123
new file mode 100644
index 0000000..0594f74
--- /dev/null
+++ b/123/hostname.123
@@ -0,0 +1 @@
+gw-123
diff --git a/123/hosts.123 b/123/hosts.123
new file mode 100644
index 0000000..1855cae
--- /dev/null
+++ b/123/hosts.123
@@ -0,0 +1,7 @@
+127.0.0.1	localhost
+172.16.142.1	gw-123.123.netz	gw-123
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/123/interfaces.123 b/123/interfaces.123
new file mode 100644
index 0000000..7753fed
--- /dev/null
+++ b/123/interfaces.123
@@ -0,0 +1,71 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+
+#-----------------------------
+# lo - loopback interface
+#-----------------------------
+auto lo
+iface lo inet loopback
+
+
+#-----------------------------
+# eth0 - LAN 1 (WLAN)
+#-----------------------------
+
+auto eth0
+iface eth0 inet static
+   address 192.168.143.254
+   network 192.168.143.0
+   netmask 255.255.255.0
+   broadcast 192.168.143.255
+
+
+#-----------------------------
+# eth1 - LAN 2 (Buero Netzwerk)
+#-----------------------------
+
+auto eth1
+iface eth1 inet static
+   address 192.168.142.254
+   network 192.168.142.0
+   netmask 255.255.255.0
+   broadcast 192.168.142.255
+
+auto eth1:ns
+iface eth1:ns inet static
+   address 192.168.142.1
+   network 192.168.142.1
+   netmask 255.255.255.255
+   broadcast 192.168.142.1
+   pre-up /sbin/ifconfig eth1 up
+
+
+#-----------------------------
+# eth2 - WAN
+#-----------------------------
+
+auto eth2
+iface eth2 inet static
+	address 172.16.142.1
+	netmask 255.255.255.0
+	network 172.16.142.0
+	broadcast 172.16.142.255
+	gateway 172.16.142.254
+	# dns-* options are implemented by the resolvconf package, if installed
+	#dns-nameservers 127.0.0.1
+	#dns-search 123.netz
+
+
+#-----------------------------
+# eth3 - LAN 3 (Gast Netzwerk)
+#-----------------------------
+
+auto eth3
+iface eth3 inet static
+   address 192.168.144.254
+   network 192.168.144.0
+   netmask 255.255.255.0
+   broadcast 192.168.144.255
diff --git a/123/ipt-firewall.service.123 b/123/ipt-firewall.service.123
new file mode 100644
index 0000000..9842090
--- /dev/null
+++ b/123/ipt-firewall.service.123
@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+SyslogIdentifier="ipt-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/123/ipt-firewall/default_ports.conf b/123/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..a6ee932
--- /dev/null
+++ b/123/ipt-firewall/default_ports.conf
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/123/ipt-firewall/include_functions.conf b/123/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/123/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/123/ipt-firewall/interfaces_ipv4.conf b/123/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..6039fc4
--- /dev/null
+++ b/123/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="eth0"
+local_if_2="eth1"
+local_if_3="eth3"
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/123/ipt-firewall/load_modules_ipv4.conf b/123/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/123/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/123/ipt-firewall/load_modules_ipv6.conf b/123/ipt-firewall/load_modules_ipv6.conf
new file mode 100644
index 0000000..2c55689
--- /dev/null
+++ b/123/ipt-firewall/load_modules_ipv6.conf
@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle
diff --git a/123/ipt-firewall/logging_ipv4.conf b/123/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..e653972
--- /dev/null
+++ b/123/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/123/ipt-firewall/logging_ipv6.conf b/123/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..a024215
--- /dev/null
+++ b/123/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/123/ipt-firewall/main_ipv4.conf b/123/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..e6007c1
--- /dev/null
+++ b/123/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1359 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+read -a gateway_ipv4_address_arr <<<$(ifconfig | grep "inet Ad" | awk '{print$2}' | cut -d':' -f2)
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# - =====
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                    86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip="192.168.143.0/24:192.168.142.5"
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks=""
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs="eth3"
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195 1196"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - Blank separated list
+# -
+# - 192.168.142.10   NAS Server
+# - 172.16.142.15   IPMI Gateway
+# -
+http_server_only_local_ips="192.168.142.10 172.16.142.15 192.168.143.253"
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+#http_server_dmz_arr[192.168.143.253]=$ext_if_static_1
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - SMTP server (i.e. mail relay service) Gateway
+# -
+local_smtp_service=false
+
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+# - 192.168.142.10   NAS Server
+# -
+samba_server_local_ips="192.168.142.10"
+
+# - Samba Service DMZ
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips=""
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=false
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - Blank seoarated list
+# -
+# - 172.16.142.15   IPMI Gateway
+# -
+ipmi_server_ips="172.16.142.15"
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_port=623
+ipmi_tcp_ports="623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - 192.168.142.5    Brother MFC-J5190DW
+# -
+# - Blank separated list
+# -
+printer_ips="192.168.142.5"
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - 192.168.142.5    Brother MFC-J5190DW
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips="192.168.142.5"
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade (NAT) networks
+# -
+# -    nat_networks="<src-network>:<output-device> [<src-network>:<output-device>] [.."
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -    nat_network="172.16.1.0/24:${local_if_2}
+# -                 172.16.63.0/24:${ext_if_static_1}"
+# -
+# - 172.16.1.0/24    Rescue network (routers)
+# -
+nat_networks=""
+
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+# -    172.16.142.254      FRITZ!Box 7490
+# -    172.16.142.15       IPMI Gateway (from intern)
+# -
+# - Blank separated list
+# -
+masquerade_tcp_cons="
+   192.168.63.0/24:172.16.142.254:80:${ext_if_static_1}
+   10.0.0.0/8:172.16.142.254:80:${ext_if_static_1}
+   192.168.63.0/24:172.16.142.254:43204:${ext_if_static_1}
+   10.0.0.0/8:172.16.142.254:43204:${ext_if_static_1}
+   192.168.63.0/24:172.16.142.15:443:${ext_if_static_1}
+   10.0.0.0/8:172.16.142.15:443:${ext_if_static_1}
+   "
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# - Blank separated list
+# -
+portforward_tcp=""
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+allow_cisco_vpn_out=false
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=true
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=false
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=true
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14"
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/123/ipt-firewall/post_decalrations.conf b/123/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..7d0e9bf
--- /dev/null
+++ b/123/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/123/mailname.123 b/123/mailname.123
new file mode 100644
index 0000000..a5f54e7
--- /dev/null
+++ b/123/mailname.123
@@ -0,0 +1 @@
+gw-123.123.netz
diff --git a/123/main.cf.123 b/123/main.cf.123
new file mode 100644
index 0000000..7829dad
--- /dev/null
+++ b/123/main.cf.123
@@ -0,0 +1,268 @@
+# ============ Basic settings ============
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+
+## - The Internet protocols Postfix will attempt to use when making 
+## - or accepting connections.
+## - DEFAULT: ipv4
+inet_protocols = ipv4
+
+#inet_interfaces = all
+inet_interfaces =
+   127.0.0.1
+   #192.168.142.254
+
+myhostname = gw-123.123.netz
+
+mydestination = 
+   gw-123.123.netz
+   localhost
+
+## - The list of "trusted" SMTP clients that have more 
+## - privileges than "strangers"
+## -
+mynetworks = 
+   127.0.0.0/8
+   192.168.142.254/32
+
+#smtp_bind_address = 192.168.142.254
+#smtp_bind_address6 = 
+
+
+## - The method to generate the default value for the mynetworks parameter.
+## -
+## -   mynetworks_style = host" when Postfix should "trust" only the local machine
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -                       clients in the same IP subnetworks as the local machine.
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -                      IP class A/B/C networks as the local machine.
+## -
+#mynetworks_style = host
+
+
+## - The maximal size of any local(8) individual mailbox or maildir file, 
+## - or zero (no limit). In fact, this limits the size of any file that is 
+## - written to upon local delivery, including files written by external 
+## - commands that are executed by the local(8) delivery agent. 
+## -
+mailbox_size_limit = 0
+
+## - The maximal size in bytes of a message, including envelope information.
+## -
+## - we user 50MB
+## -
+message_size_limit = 52480000
+
+## - The system-wide recipient address extension delimiter
+## -
+recipient_delimiter = +
+
+## - The alias databases that are used for local(8) delivery.
+## -
+alias_maps =
+   hash:/etc/aliases
+
+## - The alias databases for local(8) delivery that are updated 
+## - with "newaliases" or with "sendmail -bi". 
+## -
+alias_database =
+   hash:/etc/aliases
+
+
+## - The maximal time a message is queued before it is sent back as 
+## - undeliverable. Defaults to 5d (5 days)
+## - Specify 0 when mail delivery should be tried only once.
+## - 
+maximal_queue_lifetime = 3d
+bounce_queue_lifetime = $maximal_queue_lifetime
+
+## - delay_warning_time (default: 0h)
+## -
+## - The time after which the sender receives a copy of the message 
+## - headers of mail that is still queued. To enable this feature, 
+## - specify a non-zero time value (an integral value plus an optional 
+## - one-letter suffix that specifies the time unit). 
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
+## - The default time unit is h (hours). 
+delay_warning_time = 1d
+
+
+
+# ============ Relay parameters ============
+
+#relayhost =
+
+
+# ============ SASL authentication ============
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+
+
+
+# ============ TLS parameters ============
+
+## - Aktiviert TLS für den Mailempfang
+## -
+## - may:
+## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - SMTP server, otherwise use plaintext
+## -
+## - This overrides the obsolete parameters smtpd_use_tls and 
+## - smtpd_enforce_tls. This parameter is ignored with 
+## - "smtpd_tls_wrappermode = yes".
+#smtpd_use_tls=yes
+smtp_tls_security_level=encrypt
+
+## - Aktiviert TLS für den Mailversand
+## -
+## - may:
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - but do not require that clients use TLS encryption.
+# smtp_use_tls=yes
+smtpd_tls_security_level=may
+
+## -    0 Disable logging of TLS activity. 
+## -    1 Log TLS handshake and certificate information. 
+## -    2 Log levels during TLS negotiation. 
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
+
+smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
+smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024
+## -
+#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
+## - also possible to use 2048 key with that parameter
+## -
+smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512
+## -
+smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
+
+
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
+## - server certificates or intermediate CA certificates. These are loaded into 
+## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
+## - 
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - necessary "hash" links with, for example, "
+## - /bin/c_rehash /etc/postfix/certs". 
+## -
+## - !! Note !!
+## - To use this option in chroot mode, this directory (or a copy) must be inside 
+## - the chroot jail. 
+## -
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - queue directory (/var/spool/postfix)
+## -
+#smtpd_tls_CApath = /etc/postfix/certs
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP server 
+# 
+# List of TLS protocols that the Postfix SMTP server will exclude or  
+# include with opportunistic TLS encryption.  
+smtpd_tls_protocols = !SSLv2, !SSLv3
+# 
+# The SSL/TLS protocols accepted by the Postfix SMTP server  
+# with mandatory TLS encryption. 
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP client 
+#  
+# List of TLS protocols that the Postfix SMTP client will exclude or  
+# include with opportunistic TLS encryption.  
+smtp_tls_protocols = !SSLv2, !SSLv3
+# 
+# List of SSL/TLS protocols that the Postfix SMTP client will use  
+# with mandatory TLS encryption 
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
+## -    openssl > 1.0
+## -
+smtpd_tls_eecdh_grade = strong
+
+# standard list cryptographic algorithm
+tls_preempt_cipherlist = yes
+
+# Disable ciphers which are less than 256-bit:
+#
+#smtpd_tls_mandatory_ciphers = high
+#
+# opportunistic
+smtpd_tls_ciphers = high
+
+
+# Exclude ciphers
+#smtpd_tls_exclude_ciphers =
+#   RC4
+#   aNULL
+#   SEED-SHA
+#   EXP
+#   MD5
+smtpd_tls_exclude_ciphers =
+   aNULL
+   eNULL
+   EXPORT
+   DES
+   RC4
+   MD5
+   PSK
+   aECDH
+   EDH-DSS-DES-CBC3-SHA
+   EDH-RSA-DES-CDC3-SHA
+   KRB5-DE5, CBC3-SHA
+
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
diff --git a/123/openvpn/ccd/server-gw-ckubu/VPN-123Comics-gw-ckubu b/123/openvpn/ccd/server-gw-ckubu/VPN-123Comics-gw-ckubu
new file mode 100644
index 0000000..484476c
--- /dev/null
+++ b/123/openvpn/ccd/server-gw-ckubu/VPN-123Comics-gw-ckubu
@@ -0,0 +1,4 @@
+ifconfig-push 10.1.142.2 255.255.255.0
+push "route 172.16.142.0 255.255.255.0 10.1.142.1"
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0
diff --git a/123/openvpn/ccd/server-home/VPN-123Comics-chris b/123/openvpn/ccd/server-home/VPN-123Comics-chris
new file mode 100644
index 0000000..caa61c9
--- /dev/null
+++ b/123/openvpn/ccd/server-home/VPN-123Comics-chris
@@ -0,0 +1 @@
+ifconfig-push 10.0.142.2 255.255.255.0
diff --git a/123/openvpn/crl.pem b/123/openvpn/crl.pem
new file mode 100644
index 0000000..23ea493
--- /dev/null
+++ b/123/openvpn/crl.pem
@@ -0,0 +1,13 @@
+-----BEGIN X509 CRL-----
+MIIB+DCB4TANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjNDb21pY3MtY2Ex
+FjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFk
+bUBvb3Blbi5kZRcNMTgwMTI1MjMwODQwWhcNMjgwMTIzMjMwODQwWjANBgkqhkiG
+9w0BAQsFAAOCAQEACi4ntL7wo7DvF+i3I8I44fI3Gx2tWARiTKzXs3M66ICzy8uG
+CLFEIF0Sz2jNHZDIWqpzmy5wbzdekRJbmwj4LWErKvcPULjoBxpnz4N1HRF0j7fw
+IcAacdfw9lDZFX/ia545xt/mQx4s7gMksc4cwwyZ8EJYcyZaYlLN/edxY5tn32z7
+OgWY4xDXvsXfgucCYT7k+SJ4ElNXroh5TIMrvSPCvLtWylzoOCZg9kSv1a0slkLl
+EmrwTAZLJTkl6Yv/G7ebNUDvjg6N0oA0NdTaDdA9oVaTqDGw3k/AVL5i7mgqdFoB
+6kFHw4oJfFRQ6vNIZsGX0rH60zLmL+Ea7jDT/Q==
+-----END X509 CRL-----
diff --git a/123/openvpn/easy-rsa/build-ca b/123/openvpn/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/123/openvpn/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/build-dh b/123/openvpn/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/123/openvpn/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/build-inter b/123/openvpn/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/123/openvpn/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/build-key b/123/openvpn/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/123/openvpn/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/build-key-pass b/123/openvpn/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/123/openvpn/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/build-key-pkcs12 b/123/openvpn/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/123/openvpn/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/build-key-server b/123/openvpn/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/123/openvpn/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/build-req b/123/openvpn/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/123/openvpn/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/build-req-pass b/123/openvpn/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/123/openvpn/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/clean-all b/123/openvpn/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/123/openvpn/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/inherit-inter b/123/openvpn/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/123/openvpn/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/list-crl b/123/openvpn/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/123/openvpn/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/openssl-0.9.6.cnf b/123/openvpn/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/123/openvpn/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/123/openvpn/easy-rsa/openssl-0.9.8.cnf b/123/openvpn/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/123/openvpn/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/123/openvpn/easy-rsa/openssl-1.0.0.cnf b/123/openvpn/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..5db8851
--- /dev/null
+++ b/123/openvpn/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,289 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+#default_crl_days= 30			# how long before next CRL
+default_crl_days= 3650			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/123/openvpn/easy-rsa/openssl-1.1.0.cnf b/123/openvpn/easy-rsa/openssl-1.1.0.cnf
new file mode 100644
index 0000000..5db8851
--- /dev/null
+++ b/123/openvpn/easy-rsa/openssl-1.1.0.cnf
@@ -0,0 +1,289 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+#default_crl_days= 30			# how long before next CRL
+default_crl_days= 3650			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/123/openvpn/easy-rsa/openssl.cnf b/123/openvpn/easy-rsa/openssl.cnf
new file mode 120000
index 0000000..170b02d
--- /dev/null
+++ b/123/openvpn/easy-rsa/openssl.cnf
@@ -0,0 +1 @@
+openssl-1.1.0.cnf
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/pkitool b/123/openvpn/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/123/openvpn/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/revoke-full b/123/openvpn/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/123/openvpn/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/sign-req b/123/openvpn/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/123/openvpn/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/123/openvpn/easy-rsa/vars b/123/openvpn/easy-rsa/vars
new file mode 100644
index 0000000..aad216b
--- /dev/null
+++ b/123/openvpn/easy-rsa/vars
@@ -0,0 +1,95 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="O.OPEN"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="ckubu-adm@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN 123Comics"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-123Comics"
+
+export KEY_ALTNAMES="VPN 123Comics"
diff --git a/123/openvpn/easy-rsa/whichopensslcnf b/123/openvpn/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/123/openvpn/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/123/openvpn/ipp.txt b/123/openvpn/ipp.txt
new file mode 100644
index 0000000..e69de29
diff --git a/123/openvpn/keys/01.pem b/123/openvpn/keys/01.pem
new file mode 100644
index 0000000..cbd7e47
--- /dev/null
+++ b/123/openvpn/keys/01.pem
@@ -0,0 +1,101 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 11 02:18:50 2017 GMT
+            Not After : Mar 11 02:18:50 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-server/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:dc:9a:13:40:1a:60:e4:03:90:5a:6c:6e:19:9a:
+                    2d:03:7d:a2:58:70:0b:d1:ac:1c:79:2e:e4:62:2c:
+                    89:62:94:36:0c:8f:81:91:7c:65:ee:52:97:0f:c6:
+                    53:a8:4f:a8:65:a5:15:6d:03:95:92:46:d1:b2:62:
+                    a7:39:eb:f3:cd:b5:65:c8:7c:3d:0c:e9:16:25:f1:
+                    61:f5:76:8f:0c:a8:f7:c0:76:83:11:45:59:d5:f7:
+                    d4:c5:c3:33:66:1d:33:90:66:8f:65:d2:20:f7:8a:
+                    b1:a3:73:58:79:a6:ec:a9:b0:a3:71:90:49:61:d3:
+                    c2:be:72:19:92:38:ac:35:28:99:f6:5b:57:bb:28:
+                    5c:9a:4c:15:05:24:b8:2d:c3:11:82:25:75:a3:59:
+                    81:33:04:03:b7:f6:86:3b:27:48:0c:b9:11:0d:a3:
+                    cb:43:13:bc:60:65:e8:eb:42:2d:e9:c6:2d:6f:ce:
+                    49:59:ae:24:4f:06:29:21:d9:43:5e:8d:15:91:24:
+                    d1:0c:7d:a4:93:93:5e:56:f7:f9:39:b6:2c:ae:c2:
+                    80:7d:1c:6e:13:83:d5:26:b0:db:f4:fd:20:75:f9:
+                    d4:3a:c8:b6:00:8a:96:f8:3b:82:b0:f0:4f:98:49:
+                    3e:1d:49:d6:15:a9:3c:9b:b8:5f:c8:14:85:27:54:
+                    e5:57
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                44:47:4F:F6:97:8F:87:FB:A3:02:61:45:7F:69:1F:2E:CA:32:37:63
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         9b:9a:81:35:cb:4f:32:b4:c0:aa:09:b7:e8:9b:ca:d4:7e:c5:
+         e8:4a:21:6b:41:a0:34:e4:a6:bf:07:20:42:6c:e5:a8:50:6b:
+         67:c4:1e:9d:2a:76:e3:ea:7d:68:67:12:ab:54:64:83:dd:7a:
+         d1:13:95:76:5e:57:38:6b:59:4c:47:14:63:a4:4d:25:41:e4:
+         e2:79:35:36:fd:98:c4:47:80:b4:d4:31:7a:db:d1:88:3d:5d:
+         25:20:0b:c4:40:0a:dd:b5:48:21:92:86:18:85:22:f3:6a:80:
+         ad:a1:71:d7:8a:69:a9:78:b1:dd:90:b8:eb:ec:90:0b:68:e1:
+         40:2c:99:02:2b:31:18:2b:e0:d4:22:d1:1e:f3:77:98:9f:bb:
+         68:00:f4:6e:51:45:1b:a8:ad:ee:03:fb:62:1d:fb:57:c6:7d:
+         fe:91:3c:c1:6e:f9:34:0c:cb:a0:ce:7f:9b:ed:41:b6:65:c1:
+         5c:e9:83:de:98:00:bb:7f:4c:b3:7d:bf:f4:e3:0a:6b:e5:ad:
+         71:ae:8b:b9:98:d6:a2:8d:ed:5c:b8:87:fb:35:f5:90:11:9e:
+         89:90:f9:b1:ee:6f:e3:a8:d4:42:6b:c4:43:04:13:24:a2:5c:
+         33:8a:43:f1:95:bf:ab:7a:db:4b:6a:fe:49:f0:de:ef:39:86:
+         90:25:19:54
+-----BEGIN CERTIFICATE-----
+MIIFejCCBGKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMTEwMjE4NTBaFw0zNzAzMTEwMjE4
+NTBaMIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEdMBsGA1UEAxMUVlBOLTEyM0NvbWljcy1zZXJ2ZXIxFjAUBgNVBCkTDVZQTiAx
+MjNDb21pY3MxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyaE0AaYOQDkFpsbhmaLQN9olhw
+C9GsHHku5GIsiWKUNgyPgZF8Ze5Slw/GU6hPqGWlFW0DlZJG0bJipznr8821Zch8
+PQzpFiXxYfV2jwyo98B2gxFFWdX31MXDM2YdM5Bmj2XSIPeKsaNzWHmm7Kmwo3GQ
+SWHTwr5yGZI4rDUomfZbV7soXJpMFQUkuC3DEYIldaNZgTMEA7f2hjsnSAy5EQ2j
+y0MTvGBl6OtCLenGLW/OSVmuJE8GKSHZQ16NFZEk0Qx9pJOTXlb3+Tm2LK7CgH0c
+bhOD1Saw2/T9IHX51DrItgCKlvg7grDwT5hJPh1J1hWpPJu4X8gUhSdU5VcCAwEA
+AaOCAZUwggGRMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG
++EIBDQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0G
+A1UdDgQWBBRER0/2l4+H+6MCYUV/aR8uyjI3YzCB5gYDVR0jBIHeMIHbgBRgch7q
+Ry2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjNDb21pY3MtY2Ex
+FjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFk
+bUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1Ud
+DwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcNAQELBQADggEBAJua
+gTXLTzK0wKoJt+ibytR+xehKIWtBoDTkpr8HIEJs5ahQa2fEHp0qduPqfWhnEqtU
+ZIPdetETlXZeVzhrWUxHFGOkTSVB5OJ5NTb9mMRHgLTUMXrb0Yg9XSUgC8RACt21
+SCGShhiFIvNqgK2hcdeKaal4sd2QuOvskAto4UAsmQIrMRgr4NQi0R7zd5ifu2gA
+9G5RRRuore4D+2Id+1fGff6RPMFu+TQMy6DOf5vtQbZlwVzpg96YALt/TLN9v/Tj
+CmvlrXGui7mY1qKN7Vy4h/s19ZARnomQ+bHub+Oo1EJrxEMEEySiXDOKQ/GVv6t6
+20tq/knw3u85hpAlGVQ=
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/02.pem b/123/openvpn/keys/02.pem
new file mode 100644
index 0000000..a773173
--- /dev/null
+++ b/123/openvpn/keys/02.pem
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 11 02:24:18 2017 GMT
+            Not After : Mar 11 02:24:18 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-chris/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ac:3d:7f:1e:1e:d7:15:85:96:bf:74:de:56:88:
+                    9c:7c:dd:45:e5:51:6f:db:c5:a6:0e:48:ab:33:0d:
+                    f6:d7:16:6b:5b:9c:63:ab:7b:20:49:aa:f4:6c:31:
+                    02:cc:24:46:01:fe:c2:c3:42:b8:46:3d:6c:09:13:
+                    e7:d3:81:10:e7:09:0b:5d:63:e8:cf:61:01:bf:53:
+                    00:a4:2e:e6:1e:6b:eb:02:ed:4a:e8:5c:c1:0d:e1:
+                    b2:5d:b1:a1:11:92:5e:7b:21:50:a2:e0:1b:77:53:
+                    fd:e2:13:a5:9f:2f:3d:ed:5b:a0:68:6f:b0:75:22:
+                    05:f9:dd:94:cc:e7:87:ee:be:c7:77:a3:cd:c2:78:
+                    b0:d3:f5:40:8b:c8:ba:70:9f:f5:99:b7:49:0f:a4:
+                    c4:b7:70:94:7c:d8:3a:87:bd:58:af:f7:71:45:7b:
+                    b7:2f:a9:09:dc:71:89:85:42:5f:b1:0d:cc:c1:46:
+                    8a:22:fb:44:26:e2:f6:00:10:df:3f:76:43:6b:92:
+                    ed:f9:0e:41:fa:b1:bc:43:29:45:5d:48:05:8c:83:
+                    fd:c4:31:1f:7a:41:a5:97:05:e5:2b:a1:8a:ca:70:
+                    37:09:81:c7:52:80:c2:93:07:1f:81:6c:fd:f3:e0:
+                    46:58:00:6a:ef:7a:eb:37:ca:fb:cf:71:67:87:86:
+                    bb:31
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                8B:AE:40:F9:23:AD:01:8E:59:9A:6E:80:8A:C5:CD:9E:ED:2A:29:A8
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         b8:5e:18:10:4f:91:50:53:78:26:cd:c7:5a:1f:2e:50:e8:79:
+         cc:ae:d4:92:21:fb:08:25:69:44:c5:a0:a6:67:a9:23:f7:40:
+         c7:d8:66:c9:21:50:34:1e:d9:8c:12:9d:ab:de:f6:a3:bc:78:
+         fa:85:cc:d7:1b:84:4a:f1:19:10:9c:39:4d:c5:21:bc:db:32:
+         25:51:d1:44:96:a8:32:0f:57:e5:1a:60:b2:01:7a:6e:d6:c8:
+         00:3b:2f:82:0c:3d:10:bc:81:df:4f:eb:a3:7f:cf:a4:79:21:
+         ba:1e:25:e4:eb:fb:65:5e:dd:ec:27:4a:15:c5:45:70:ae:60:
+         a0:dc:7d:25:37:de:8c:79:a1:49:38:00:8f:9b:7c:94:d6:02:
+         0a:4c:d3:c3:28:86:1d:ec:5d:11:97:7d:7c:07:0d:92:67:dc:
+         0c:29:8c:c8:16:68:a4:df:8a:db:89:ed:dc:e8:88:1a:6d:58:
+         c5:74:3c:f0:25:ad:58:f6:e8:1e:89:78:4d:d7:1c:a3:8d:8a:
+         93:89:9e:7e:19:24:03:7e:c8:1f:7d:48:98:4e:f1:ba:86:e5:
+         ae:d1:45:a8:80:f0:90:ed:b5:23:8c:75:6f:9b:f4:73:04:c0:
+         82:e0:b4:df:7f:33:36:bc:c7:32:de:52:cc:4c:33:0c:e6:e4:
+         b7:23:16:9e
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMTEwMjI0MThaFw0zNzAzMTEwMjI0
+MThaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1jaHJpczEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD1/Hh7XFYWWv3TeVoicfN1F5VFv
+28WmDkirMw321xZrW5xjq3sgSar0bDECzCRGAf7Cw0K4Rj1sCRPn04EQ5wkLXWPo
+z2EBv1MApC7mHmvrAu1K6FzBDeGyXbGhEZJeeyFQouAbd1P94hOlny897VugaG+w
+dSIF+d2UzOeH7r7Hd6PNwniw0/VAi8i6cJ/1mbdJD6TEt3CUfNg6h71Yr/dxRXu3
+L6kJ3HGJhUJfsQ3MwUaKIvtEJuL2ABDfP3ZDa5Lt+Q5B+rG8QylFXUgFjIP9xDEf
+ekGllwXlK6GKynA3CYHHUoDCkwcfgWz98+BGWABq73rrN8r7z3Fnh4a7MQIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSLrkD5I60BjlmaboCKxc2e7Sop
+qDCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVjaHJpczAN
+BgkqhkiG9w0BAQsFAAOCAQEAuF4YEE+RUFN4Js3HWh8uUOh5zK7UkiH7CCVpRMWg
+pmepI/dAx9hmySFQNB7ZjBKdq972o7x4+oXM1xuESvEZEJw5TcUhvNsyJVHRRJao
+Mg9X5RpgsgF6btbIADsvggw9ELyB30/ro3/PpHkhuh4l5Ov7ZV7d7CdKFcVFcK5g
+oNx9JTfejHmhSTgAj5t8lNYCCkzTwyiGHexdEZd9fAcNkmfcDCmMyBZopN+K24nt
+3OiIGm1YxXQ88CWtWPboHol4Tdcco42Kk4mefhkkA37IH31ImE7xuoblrtFFqIDw
+kO21I4x1b5v0cwTAguC0338zNrzHMt5SzEwzDObktyMWng==
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/03.pem b/123/openvpn/keys/03.pem
new file mode 100644
index 0000000..48e0fb4
--- /dev/null
+++ b/123/openvpn/keys/03.pem
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 27 01:22:52 2017 GMT
+            Not After : Mar 27 01:22:52 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-gw-ckubu/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d6:4a:11:c9:92:5d:41:10:43:41:f9:d0:31:82:
+                    47:6f:9c:10:dd:f2:2d:c1:14:0a:56:6a:82:54:01:
+                    7c:7c:aa:ec:13:c9:26:c1:38:cb:f5:ae:3c:c2:1f:
+                    f0:88:ba:7b:84:e1:ce:bf:40:54:a2:87:40:49:e7:
+                    4e:e0:5c:1a:e5:cb:a5:37:73:99:5f:f2:ed:38:c1:
+                    a5:10:72:8a:10:3d:d6:41:dc:a5:e3:28:f1:2b:b0:
+                    6b:0a:f2:4a:9a:be:15:07:e1:0d:40:69:e2:53:b4:
+                    1e:1e:32:fe:1c:65:4f:38:d5:e8:a1:38:eb:fa:8a:
+                    46:2e:e3:2d:ed:be:1e:e9:5a:c9:62:e3:59:f2:28:
+                    fc:28:c0:9e:ee:8a:12:73:d2:a2:be:6d:41:eb:f1:
+                    85:29:2e:3e:cd:73:ba:37:a0:eb:cf:a3:04:29:db:
+                    79:5f:9b:a8:80:e9:ec:80:94:6a:8e:83:5f:bd:9d:
+                    02:20:27:0b:00:1d:17:3d:50:71:a2:b8:fd:92:c8:
+                    f8:db:a1:1d:98:43:3a:d9:b0:66:0d:ce:62:26:a6:
+                    e2:cb:92:04:de:9d:1c:ea:5a:3b:53:10:a8:36:4c:
+                    b7:07:37:da:aa:01:9a:a9:98:37:b1:23:b2:19:a7:
+                    e7:40:20:09:0b:e8:b1:5c:87:66:05:27:90:a8:a1:
+                    fd:3d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                88:EE:C2:37:75:7A:6F:00:9C:EF:11:64:CD:08:96:0A:45:18:63:1B
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         66:20:ee:15:bf:c7:8e:47:40:4c:1b:6e:b6:c9:82:53:a9:67:
+         52:51:f1:38:c0:b8:19:90:c2:40:49:2e:b4:27:d3:b8:0f:4a:
+         a2:cc:0b:5b:5a:34:07:aa:32:3e:7f:bf:1d:75:5a:69:19:7f:
+         37:a7:89:dd:6d:c5:8c:6a:68:c7:c7:e3:96:83:cc:26:b1:86:
+         a9:02:07:6c:f1:52:9a:0a:00:b2:39:9b:b2:6b:3b:01:97:9e:
+         02:53:28:07:0f:3d:77:24:3e:69:98:aa:28:99:ac:fa:18:06:
+         a2:ae:c5:ca:b5:3f:4b:ab:30:db:65:99:95:55:52:1e:a4:b4:
+         c6:94:eb:b5:66:ef:2c:7e:5d:cd:0c:0d:be:9d:8e:79:46:90:
+         50:5e:29:99:36:c8:9d:83:5f:d9:da:3d:e9:56:17:2e:0c:8c:
+         57:84:2c:75:92:5f:ac:69:58:59:db:2d:d8:e6:c8:e8:b4:74:
+         c7:b5:33:a5:95:cc:8f:0f:f6:c1:73:4e:40:4b:a3:a1:60:40:
+         d8:2a:2d:87:84:d5:77:35:37:d0:b7:8e:e7:31:01:8e:cf:03:
+         9e:80:3c:25:0e:83:63:34:e7:5e:4e:1f:c6:d6:6f:da:96:b8:
+         c0:9d:fd:d5:57:84:98:9d:28:f7:ca:9d:c5:1b:87:03:4a:46:
+         60:94:02:18
+-----BEGIN CERTIFICATE-----
+MIIFZDCCBEygAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMjcwMTIyNTJaFw0zNzAzMjcwMTIy
+NTJaMIG3MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEfMB0GA1UEAxMWVlBOLTEyM0NvbWljcy1ndy1ja3VidTEWMBQGA1UEKRMNVlBO
+IDEyM0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1koRyZJdQRBDQfnQMYJHb5wQ
+3fItwRQKVmqCVAF8fKrsE8kmwTjL9a48wh/wiLp7hOHOv0BUoodASedO4Fwa5cul
+N3OZX/LtOMGlEHKKED3WQdyl4yjxK7BrCvJKmr4VB+ENQGniU7QeHjL+HGVPONXo
+oTjr+opGLuMt7b4e6VrJYuNZ8ij8KMCe7ooSc9Kivm1B6/GFKS4+zXO6N6Drz6ME
+Kdt5X5uogOnsgJRqjoNfvZ0CICcLAB0XPVBxorj9ksj426EdmEM62bBmDc5iJqbi
+y5IE3p0c6lo7UxCoNky3BzfaqgGaqZg3sSOyGafnQCAJC+ixXIdmBSeQqKH9PQID
+AQABo4IBfTCCAXkwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0Eg
+R2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSI7sI3dXpvAJzvEWTNCJYK
+RRhjGzCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCB
+sTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGlu
+MQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAX
+BgNVBAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3Mx
+ITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMG
+A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNVHREEDDAKgghndy1j
+a3VidTANBgkqhkiG9w0BAQsFAAOCAQEAZiDuFb/HjkdATBtutsmCU6lnUlHxOMC4
+GZDCQEkutCfTuA9KoswLW1o0B6oyPn+/HXVaaRl/N6eJ3W3FjGpox8fjloPMJrGG
+qQIHbPFSmgoAsjmbsms7AZeeAlMoBw89dyQ+aZiqKJms+hgGoq7FyrU/S6sw22WZ
+lVVSHqS0xpTrtWbvLH5dzQwNvp2OeUaQUF4pmTbInYNf2do96VYXLgyMV4QsdZJf
+rGlYWdst2ObI6LR0x7UzpZXMjw/2wXNOQEujoWBA2Coth4TVdzU30LeO5zEBjs8D
+noA8JQ6DYzTnXk4fxtZv2pa4wJ391VeEmJ0o98qdxRuHA0pGYJQCGA==
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/04.pem b/123/openvpn/keys/04.pem
new file mode 100644
index 0000000..e484ef4
--- /dev/null
+++ b/123/openvpn/keys/04.pem
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:38:42 2017 GMT
+            Not After : Mar 31 19:38:42 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ellen/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ec:72:92:5c:45:07:06:c3:ef:8b:49:fb:53:2b:
+                    64:9f:07:47:e4:2f:84:64:35:a9:6a:93:77:a9:3e:
+                    8a:47:fe:52:fc:1f:e9:9c:05:13:74:a6:d5:5e:12:
+                    ab:c9:55:1d:d7:83:a7:9e:e4:76:f9:c3:ee:b4:b5:
+                    c6:d7:ae:fb:05:e1:5f:3e:d5:c5:08:31:cc:40:bf:
+                    9e:17:ea:b5:69:c1:e3:f5:8a:55:b7:39:10:4c:39:
+                    d4:a5:1a:6c:da:1c:df:08:60:41:43:cc:78:cc:9b:
+                    3f:f0:64:35:a6:bd:7d:0c:86:55:20:66:e8:7f:d9:
+                    0d:06:03:d5:42:d2:b0:43:54:92:69:5e:97:20:d6:
+                    d9:0d:5a:95:86:5b:82:59:f0:d4:6a:5c:4c:01:ca:
+                    ae:17:da:7c:04:27:d5:55:1b:22:88:0f:82:ea:0d:
+                    3b:3e:0a:92:6c:7f:5c:a4:4f:4d:b3:ea:b1:fd:e9:
+                    25:20:87:af:52:36:ad:3c:d5:1a:f1:45:9a:8d:a8:
+                    33:8c:0c:0c:97:24:7b:5d:32:fe:ad:f9:b7:15:5d:
+                    a4:16:c5:a9:52:89:d3:4d:26:08:10:6f:3b:5a:3b:
+                    0a:32:c0:8a:fb:a0:23:8c:bf:bd:d8:b1:8e:b4:a7:
+                    05:86:1f:99:6f:7c:c0:57:7d:ba:19:f0:5f:3b:d2:
+                    91:53
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                CB:73:DC:89:31:5E:B7:F6:7A:2D:B1:39:A7:E3:03:5C:38:75:B6:FC
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:ellen
+    Signature Algorithm: sha256WithRSAEncryption
+         41:78:fd:3e:cc:67:5a:80:3e:7a:e2:1f:21:fe:de:be:54:29:
+         f4:96:b3:22:ec:8e:55:8e:da:af:97:9f:d7:71:97:c6:83:9a:
+         26:da:9d:47:f1:a2:3f:75:a0:26:09:e4:e9:cd:cc:d2:c0:3b:
+         fc:76:1e:08:1a:23:23:b0:e2:c6:52:63:57:c3:ca:55:d5:32:
+         c8:d2:ac:d3:5c:c2:16:e6:03:72:b3:cf:67:74:f4:ae:64:a4:
+         bf:10:0d:ba:ed:f4:89:df:7d:c3:61:e1:76:9a:81:8d:f7:ec:
+         a9:b0:20:25:7f:57:4d:36:87:dc:bb:34:8f:e2:95:0f:41:85:
+         fc:10:e0:ff:31:9d:c4:fd:79:81:ee:34:33:24:72:a8:19:77:
+         49:66:ea:9b:28:90:14:29:fb:3d:e6:81:98:55:4f:d5:be:95:
+         7a:8c:46:d8:78:e7:5d:16:2a:de:6c:fe:a8:46:d0:e1:04:c7:
+         f7:25:64:7a:fd:ed:ef:ef:98:44:96:3a:15:f7:c6:e9:16:09:
+         ea:8c:fc:c6:34:4e:83:fe:88:46:71:25:fb:3e:62:76:92:15:
+         05:44:43:12:75:b7:f8:8f:5c:64:be:36:83:ba:8b:be:b1:46:
+         3f:d0:c7:01:81:1d:49:00:f3:fa:42:74:3c:c9:b1:37:78:30:
+         2e:4f:c3:61
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTM4NDJaFw0zNzAzMzExOTM4
+NDJaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1lbGxlbjEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7HKSXEUHBsPvi0n7UytknwdH5C+E
+ZDWpapN3qT6KR/5S/B/pnAUTdKbVXhKryVUd14OnnuR2+cPutLXG1677BeFfPtXF
+CDHMQL+eF+q1acHj9YpVtzkQTDnUpRps2hzfCGBBQ8x4zJs/8GQ1pr19DIZVIGbo
+f9kNBgPVQtKwQ1SSaV6XINbZDVqVhluCWfDUalxMAcquF9p8BCfVVRsiiA+C6g07
+PgqSbH9cpE9Ns+qx/eklIIevUjatPNUa8UWajagzjAwMlyR7XTL+rfm3FV2kFsWp
+UonTTSYIEG87WjsKMsCK+6AjjL+92LGOtKcFhh+Zb3zAV326GfBfO9KRUwIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTLc9yJMV639notsTmn4wNcOHW2
+/DCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVlbGxlbjAN
+BgkqhkiG9w0BAQsFAAOCAQEAQXj9PsxnWoA+euIfIf7evlQp9JazIuyOVY7ar5ef
+13GXxoOaJtqdR/GiP3WgJgnk6c3M0sA7/HYeCBojI7DixlJjV8PKVdUyyNKs01zC
+FuYDcrPPZ3T0rmSkvxANuu30id99w2HhdpqBjffsqbAgJX9XTTaH3Ls0j+KVD0GF
+/BDg/zGdxP15ge40MyRyqBl3SWbqmyiQFCn7PeaBmFVP1b6VeoxG2HjnXRYq3mz+
+qEbQ4QTH9yVkev3t7++YRJY6FffG6RYJ6oz8xjROg/6IRnEl+z5idpIVBURDEnW3
++I9cZL42g7qLvrFGP9DHAYEdSQDz+kJ0PMmxN3gwLk/DYQ==
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/05.pem b/123/openvpn/keys/05.pem
new file mode 100644
index 0000000..afe0b06
--- /dev/null
+++ b/123/openvpn/keys/05.pem
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:39:19 2017 GMT
+            Not After : Mar 31 19:39:19 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-henny/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:df:b0:f5:e3:00:76:72:1f:19:3d:f1:1b:cb:bc:
+                    52:1c:ec:3c:65:14:bd:ac:c7:cd:f3:5a:4e:16:c5:
+                    af:a9:f6:60:0e:c8:de:62:51:1c:9c:d0:0c:64:d6:
+                    5d:16:51:53:22:3a:f1:f0:1b:92:9c:a9:ae:39:82:
+                    87:82:23:62:5c:68:7d:0c:fc:61:ec:f8:02:c8:57:
+                    bd:27:da:1c:65:0d:69:25:2a:25:13:af:91:79:4c:
+                    55:be:7e:ae:80:e7:d3:69:e1:79:cd:94:a7:98:25:
+                    9a:bc:9c:de:9a:62:42:5c:06:b8:de:1e:82:d5:a8:
+                    06:0e:c2:d0:11:96:a4:4c:76:f8:17:40:20:4f:f1:
+                    d4:d9:94:8a:fc:06:04:e5:5c:cd:a1:70:51:4c:41:
+                    13:00:ed:6d:f3:73:f0:3a:b3:c1:94:45:57:6b:d2:
+                    19:f3:b0:43:d6:8c:bd:89:5f:e3:ad:93:7d:3d:f5:
+                    61:e7:96:89:a1:08:5c:2d:74:32:03:77:8f:74:e7:
+                    f2:36:49:c6:e8:20:ec:e4:67:e0:0b:d0:38:2a:c0:
+                    84:d9:fa:da:db:75:0d:c0:86:d5:89:ef:33:9d:bf:
+                    dd:6b:a1:78:83:fe:78:1e:32:56:38:84:d3:fb:4f:
+                    28:41:ee:9f:9e:1d:51:c1:2e:f6:67:87:bb:c6:83:
+                    d0:f5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                37:06:33:52:9E:7C:42:62:7C:AA:37:82:9F:97:4D:89:25:8B:1B:03
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:henny
+    Signature Algorithm: sha256WithRSAEncryption
+         b3:7a:5c:64:cd:53:5a:23:ec:35:79:4b:ac:ca:c3:0c:39:c7:
+         e9:2b:89:d6:a2:51:1c:a1:ce:48:a9:8b:f7:5f:dd:fb:43:70:
+         2a:17:bc:04:90:31:ea:e6:85:cb:df:41:a4:f0:63:fb:d9:bf:
+         33:6b:6e:80:b5:62:d9:83:6d:4e:01:f7:e0:ae:b6:20:6b:eb:
+         d0:76:7d:e0:1e:f9:de:d6:e3:c2:cf:91:2c:59:f2:01:1e:63:
+         46:7b:a8:7a:8e:af:e4:45:43:4b:f9:c8:5c:b9:e2:26:d8:a8:
+         b1:74:91:d0:ff:ae:fe:c4:73:f4:06:07:40:00:72:16:5c:44:
+         29:af:37:31:4b:3f:3e:09:64:a0:e3:d5:fe:6c:f7:e6:2e:c5:
+         4b:61:41:df:0b:66:b4:7b:3e:21:7e:24:7d:27:b2:2a:cd:ef:
+         9d:a1:f7:bf:57:c1:f6:a8:24:52:ba:0c:31:fd:6e:24:e1:11:
+         b9:a8:62:27:54:3c:59:3f:3a:d2:45:9d:81:77:d8:2e:b1:4e:
+         6e:41:a6:e8:89:e3:44:f0:be:da:58:02:67:d8:c8:51:fb:2c:
+         57:01:10:19:d8:10:7e:d6:9c:70:f7:32:91:ed:26:53:66:39:
+         19:99:f8:63:cd:c6:a8:c2:35:1d:f4:0c:b7:02:a8:4d:3b:ac:
+         68:ec:f9:de
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTM5MTlaFw0zNzAzMzExOTM5
+MTlaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1oZW5ueTEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37D14wB2ch8ZPfEby7xSHOw8ZRS9
+rMfN81pOFsWvqfZgDsjeYlEcnNAMZNZdFlFTIjrx8BuSnKmuOYKHgiNiXGh9DPxh
+7PgCyFe9J9ocZQ1pJSolE6+ReUxVvn6ugOfTaeF5zZSnmCWavJzemmJCXAa43h6C
+1agGDsLQEZakTHb4F0AgT/HU2ZSK/AYE5VzNoXBRTEETAO1t83PwOrPBlEVXa9IZ
+87BD1oy9iV/jrZN9PfVh55aJoQhcLXQyA3ePdOfyNknG6CDs5GfgC9A4KsCE2fra
+23UNwIbVie8znb/da6F4g/54HjJWOITT+08oQe6fnh1RwS72Z4e7xoPQ9QIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQ3BjNSnnxCYnyqN4Kfl02JJYsb
+AzCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVoZW5ueTAN
+BgkqhkiG9w0BAQsFAAOCAQEAs3pcZM1TWiPsNXlLrMrDDDnH6SuJ1qJRHKHOSKmL
+91/d+0NwKhe8BJAx6uaFy99BpPBj+9m/M2tugLVi2YNtTgH34K62IGvr0HZ94B75
+3tbjws+RLFnyAR5jRnuoeo6v5EVDS/nIXLniJtiosXSR0P+u/sRz9AYHQAByFlxE
+Ka83MUs/PglkoOPV/mz35i7FS2FB3wtmtHs+IX4kfSeyKs3vnaH3v1fB9qgkUroM
+Mf1uJOERuahiJ1Q8WT860kWdgXfYLrFObkGm6InjRPC+2lgCZ9jIUfssVwEQGdgQ
+ftaccPcyke0mU2Y5GZn4Y83GqMI1HfQMtwKoTTusaOz53g==
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/06.pem b/123/openvpn/keys/06.pem
new file mode 100644
index 0000000..1dc5ba0
--- /dev/null
+++ b/123/openvpn/keys/06.pem
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:39:47 2017 GMT
+            Not After : Mar 31 19:39:47 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-kaya/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b6:4c:3e:b1:90:01:7e:74:fe:03:c4:de:9c:5d:
+                    37:23:f6:93:fd:c0:08:bc:49:ea:df:4b:ff:39:22:
+                    1b:42:a6:fd:86:6c:52:2a:69:ae:9f:5a:d7:1c:e3:
+                    fa:c9:c1:15:e8:64:ee:01:90:28:ad:9b:42:8d:09:
+                    e7:42:ef:b3:db:0d:4f:52:05:bc:22:05:ac:e5:78:
+                    ce:64:9e:96:ed:dc:45:04:bb:99:b7:1b:f6:31:3e:
+                    3f:b7:04:cb:9d:8e:44:f0:9d:c5:9e:08:3d:fe:46:
+                    7a:fd:9d:56:8b:49:1d:b7:f1:b6:7c:e1:da:e8:4a:
+                    fe:ae:28:70:10:88:c2:04:cc:83:14:8e:65:da:6e:
+                    c3:1b:83:81:67:9f:df:d4:39:ce:48:71:37:7b:49:
+                    fa:3c:19:dd:75:33:bc:cc:82:75:af:6f:dd:06:eb:
+                    3a:cd:a0:d5:c3:10:e2:0b:58:3f:95:35:35:0e:ce:
+                    34:ed:03:13:a5:24:7a:24:8f:32:7c:c8:09:a9:6b:
+                    23:54:19:13:23:af:b0:54:e5:0f:27:9a:e6:33:dc:
+                    0f:2a:2c:d2:3e:60:ee:b3:8c:7d:c2:a5:43:d9:07:
+                    0a:84:76:10:8a:6f:f1:db:6e:22:1e:b9:71:aa:c4:
+                    52:e3:56:a1:26:6f:c6:17:0f:f2:4f:8d:88:e9:a0:
+                    3b:b5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E2:E0:31:7D:AC:4D:8F:1B:67:83:67:66:52:39:CA:43:4C:FF:99:B0
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:kaya
+    Signature Algorithm: sha256WithRSAEncryption
+         8f:ef:78:2e:54:f1:b4:a3:92:89:25:cc:85:b9:28:2d:aa:2e:
+         28:9a:53:f1:09:99:95:34:6c:f3:58:d8:4c:6d:a1:cc:f5:93:
+         07:53:8c:53:4b:0f:80:29:33:83:a2:f5:13:64:ae:23:d4:c8:
+         6f:75:48:41:42:81:40:a8:b7:7f:70:fb:7f:97:55:5d:82:b8:
+         1d:7e:96:50:5e:2d:a9:eb:66:cd:c0:89:5f:ca:ec:c2:bc:7f:
+         33:db:e2:fa:28:54:00:6a:3e:72:2e:71:fe:d8:d2:d3:4d:fe:
+         6e:1b:e2:71:e2:e5:cf:7d:aa:4e:92:9f:d4:b7:20:fe:2b:98:
+         2f:a1:a2:f8:87:07:a1:a9:7b:5f:b9:d6:f9:b2:b5:23:17:98:
+         99:c7:00:d0:29:cb:59:2e:9e:c6:b0:f3:54:a4:c7:3d:82:d1:
+         aa:f8:f2:e1:23:cf:74:ed:25:f3:b8:24:c9:c6:0a:d9:41:6d:
+         d6:a8:c1:a7:96:85:51:13:f3:cc:36:fa:5e:e1:32:aa:f6:e8:
+         93:a2:43:ce:40:33:33:5e:6a:b4:65:c2:32:e3:0c:62:a6:f6:
+         48:c5:0e:2e:02:cd:92:45:9e:dc:2f:a5:66:57:b4:ca:35:0f:
+         5d:ed:10:42:d9:0d:7b:0b:0a:75:62:5f:12:ac:9b:29:bd:14:
+         9e:e4:5a:9f
+-----BEGIN CERTIFICATE-----
+MIIFXDCCBESgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTM5NDdaFw0zNzAzMzExOTM5
+NDdaMIGzMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEbMBkGA1UEAxMSVlBOLTEyM0NvbWljcy1rYXlhMRYwFAYDVQQpEw1WUE4gMTIz
+Q29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2TD6xkAF+dP4DxN6cXTcj9pP9wAi8
+SerfS/85IhtCpv2GbFIqaa6fWtcc4/rJwRXoZO4BkCitm0KNCedC77PbDU9SBbwi
+BazleM5knpbt3EUEu5m3G/YxPj+3BMudjkTwncWeCD3+Rnr9nVaLSR238bZ84dro
+Sv6uKHAQiMIEzIMUjmXabsMbg4Fnn9/UOc5IcTd7Sfo8Gd11M7zMgnWvb90G6zrN
+oNXDEOILWD+VNTUOzjTtAxOlJHokjzJ8yAmpayNUGRMjr7BU5Q8nmuYz3A8qLNI+
+YO6zjH3CpUPZBwqEdhCKb/HbbiIeuXGqxFLjVqEmb8YXD/JPjYjpoDu1AgMBAAGj
+ggF5MIIBdTAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5l
+cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFOLgMX2sTY8bZ4NnZlI5ykNM/5mw
+MIHmBgNVHSMEgd4wgduAFGByHupHLaqzcRgy4TAcdwix1CQRoYG3pIG0MIGxMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UE
+AxMQVlBOLTEyM0NvbWljcy1jYTEWMBQGA1UEKRMNVlBOIDEyM0NvbWljczEhMB8G
+CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA4KYz/4Mr9Y8wEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaCBGtheWEwDQYJ
+KoZIhvcNAQELBQADggEBAI/veC5U8bSjkoklzIW5KC2qLiiaU/EJmZU0bPNY2Ext
+ocz1kwdTjFNLD4ApM4Oi9RNkriPUyG91SEFCgUCot39w+3+XVV2CuB1+llBeLanr
+Zs3AiV/K7MK8fzPb4vooVABqPnIucf7Y0tNN/m4b4nHi5c99qk6Sn9S3IP4rmC+h
+oviHB6Gpe1+51vmytSMXmJnHANApy1kunsaw81Skxz2C0ar48uEjz3TtJfO4JMnG
+CtlBbdaowaeWhVET88w2+l7hMqr26JOiQ85AMzNearRlwjLjDGKm9kjFDi4CzZJF
+ntwvpWZXtMo1D13tEELZDXsLCnViXxKsmym9FJ7kWp8=
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/07.pem b/123/openvpn/keys/07.pem
new file mode 100644
index 0000000..a123e83
--- /dev/null
+++ b/123/openvpn/keys/07.pem
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 7 (0x7)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:40:21 2017 GMT
+            Not After : Mar 31 19:40:21 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-imke/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a8:e8:10:ee:4a:85:18:13:fe:a5:da:ff:1f:22:
+                    95:6f:f3:49:52:31:30:0d:0e:fd:c4:22:06:39:c7:
+                    36:d9:39:2f:61:f1:c7:e4:2e:fa:8e:45:e2:37:74:
+                    fb:74:07:4a:9f:14:02:f6:76:b4:bc:f2:23:0f:18:
+                    e2:37:d0:db:32:3f:a7:48:45:0f:87:f7:d1:43:fa:
+                    64:3b:9d:b0:05:b3:95:9a:77:53:43:05:61:26:54:
+                    4e:c9:9e:a5:f7:ff:3b:e2:da:45:3e:2c:ca:f0:d7:
+                    84:99:be:57:2a:d3:f1:ac:f1:4a:33:82:d8:ba:8a:
+                    49:35:e5:7c:cf:87:ad:ec:12:b2:15:34:8e:6b:ae:
+                    e9:2e:12:8e:3f:cf:5d:51:bc:30:fc:76:8d:ea:c7:
+                    a8:dd:25:8b:c0:b4:6f:f1:15:60:55:81:28:8f:80:
+                    eb:38:77:44:f8:0e:e4:53:ed:fb:18:32:cf:23:21:
+                    7f:ab:23:d6:5d:10:44:11:c3:c3:3e:6a:8d:38:cd:
+                    c2:a2:9c:de:34:54:3b:88:0d:a8:ab:7b:a5:b7:fc:
+                    9c:0e:8c:62:36:cc:71:1e:f0:1f:7e:f4:ab:81:03:
+                    27:ca:5d:0b:13:0a:06:1a:ca:a3:4d:72:7c:3a:f4:
+                    79:9b:3a:04:8b:6d:12:90:8d:ad:16:78:3a:8d:b4:
+                    b4:57
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                FB:3D:B0:64:04:E9:11:FC:C6:DC:25:61:27:3E:BE:35:30:38:FD:20
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:imke
+    Signature Algorithm: sha256WithRSAEncryption
+         a7:0a:bf:f1:a9:64:1a:a6:a5:98:1d:de:3a:11:01:1d:1f:17:
+         bf:e2:ae:d6:46:08:f0:6f:fe:63:32:5f:00:60:24:ad:a4:0e:
+         04:8b:40:01:a7:cb:64:bb:48:a6:c0:21:d0:33:dd:89:c0:68:
+         aa:b2:50:c9:73:2a:32:e3:ac:93:0c:d4:cd:73:92:21:5f:df:
+         0c:a9:c4:d4:57:33:c4:b2:88:a9:c9:0f:73:06:98:d4:d9:ca:
+         81:3d:17:45:8b:55:8f:5c:f1:f7:55:dd:42:0d:d2:bc:96:fa:
+         5d:cd:7f:45:08:61:88:5f:22:9c:e5:26:62:c1:ef:f5:0a:51:
+         a8:a1:83:e9:36:ea:7a:3f:7e:d4:c7:70:73:ca:c3:ec:44:ca:
+         47:c9:f1:7e:fa:46:e4:e0:c2:9b:75:cc:02:cc:e8:e5:50:18:
+         76:0c:88:28:4a:db:90:f5:60:f1:55:88:fa:e6:27:54:3f:b1:
+         50:7c:30:8d:9e:9b:b0:0f:f2:e1:3e:d2:99:f7:b2:8b:25:04:
+         0b:dc:76:4a:6f:29:8e:9a:e3:9c:17:c6:a9:a0:2d:b3:d8:2a:
+         f5:d8:e1:b7:73:32:ef:b0:39:48:ca:f8:5a:c2:d0:69:0b:37:
+         0f:50:ef:1f:53:0a:1c:6a:1f:7f:9c:a1:47:f3:9c:8f:10:27:
+         52:bc:d9:5a
+-----BEGIN CERTIFICATE-----
+MIIFXDCCBESgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTQwMjFaFw0zNzAzMzExOTQw
+MjFaMIGzMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEbMBkGA1UEAxMSVlBOLTEyM0NvbWljcy1pbWtlMRYwFAYDVQQpEw1WUE4gMTIz
+Q29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo6BDuSoUYE/6l2v8fIpVv80lSMTAN
+Dv3EIgY5xzbZOS9h8cfkLvqOReI3dPt0B0qfFAL2drS88iMPGOI30NsyP6dIRQ+H
+99FD+mQ7nbAFs5Wad1NDBWEmVE7JnqX3/zvi2kU+LMrw14SZvlcq0/Gs8Uozgti6
+ikk15XzPh63sErIVNI5rrukuEo4/z11RvDD8do3qx6jdJYvAtG/xFWBVgSiPgOs4
+d0T4DuRT7fsYMs8jIX+rI9ZdEEQRw8M+ao04zcKinN40VDuIDaire6W3/JwOjGI2
+zHEe8B9+9KuBAyfKXQsTCgYayqNNcnw69HmbOgSLbRKQja0WeDqNtLRXAgMBAAGj
+ggF5MIIBdTAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5l
+cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPs9sGQE6RH8xtwlYSc+vjUwOP0g
+MIHmBgNVHSMEgd4wgduAFGByHupHLaqzcRgy4TAcdwix1CQRoYG3pIG0MIGxMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UE
+AxMQVlBOLTEyM0NvbWljcy1jYTEWMBQGA1UEKRMNVlBOIDEyM0NvbWljczEhMB8G
+CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA4KYz/4Mr9Y8wEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaCBGlta2UwDQYJ
+KoZIhvcNAQELBQADggEBAKcKv/GpZBqmpZgd3joRAR0fF7/irtZGCPBv/mMyXwBg
+JK2kDgSLQAGny2S7SKbAIdAz3YnAaKqyUMlzKjLjrJMM1M1zkiFf3wypxNRXM8Sy
+iKnJD3MGmNTZyoE9F0WLVY9c8fdV3UIN0ryW+l3Nf0UIYYhfIpzlJmLB7/UKUaih
+g+k26no/ftTHcHPKw+xEykfJ8X76RuTgwpt1zALM6OVQGHYMiChK25D1YPFViPrm
+J1Q/sVB8MI2em7AP8uE+0pn3soslBAvcdkpvKY6a45wXxqmgLbPYKvXY4bdzMu+w
+OUjK+FrC0GkLNw9Q7x9TChxqH3+coUfznI8QJ1K82Vo=
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/08.pem b/123/openvpn/keys/08.pem
new file mode 100644
index 0000000..d71d55e
--- /dev/null
+++ b/123/openvpn/keys/08.pem
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 8 (0x8)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:41:04 2017 GMT
+            Not After : Mar 31 19:41:04 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-jonas/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d5:bf:31:fd:f5:63:4a:66:e5:7a:36:e9:07:ab:
+                    db:50:b4:92:9c:9e:ad:28:4e:86:ac:b0:6d:c2:b9:
+                    e7:dd:fb:8d:01:21:82:33:ed:cf:dc:ee:2b:84:96:
+                    37:c7:fa:e7:12:42:af:b1:4d:70:37:9a:7b:de:27:
+                    6b:8f:dd:67:20:90:2c:29:ed:b0:fa:05:01:5c:9d:
+                    74:13:19:41:a7:da:7d:b5:f2:f4:3b:97:71:28:97:
+                    b0:62:eb:5a:93:75:70:6d:45:53:57:14:a2:c4:73:
+                    2f:3a:d6:f0:84:74:25:ae:50:db:6b:44:4b:e0:8f:
+                    70:87:49:49:be:b8:f8:58:df:89:ab:dd:66:6f:46:
+                    39:90:00:26:d4:fd:3d:94:31:bb:45:0b:60:54:9a:
+                    5c:53:2e:52:bd:6b:c3:1a:ec:7a:a3:d7:b6:20:52:
+                    3f:7c:25:e6:2d:e8:68:ca:fb:76:a0:fa:fb:65:71:
+                    77:46:44:ee:9f:fc:b6:7d:d3:28:11:ee:35:5e:08:
+                    ff:d5:6c:5e:a9:21:44:12:79:98:3b:3a:87:df:d7:
+                    df:a0:12:dd:58:fb:9a:be:b8:4d:b4:92:28:d8:22:
+                    24:ed:0c:e5:04:c0:b3:42:7e:c6:61:1b:4b:b6:9d:
+                    5f:31:de:34:3e:f7:5a:51:cc:70:83:11:3d:0d:01:
+                    56:bb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                4C:7D:CA:9A:DA:5B:60:31:54:FD:35:1D:60:7E:04:4C:0D:30:76:44
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:jonas
+    Signature Algorithm: sha256WithRSAEncryption
+         b0:7c:4a:7b:47:83:33:f3:76:c5:33:32:14:17:ed:3b:44:e2:
+         d0:4c:f6:66:90:76:be:16:1c:62:95:25:f3:78:cb:6d:c1:ef:
+         6c:ba:66:ed:10:16:07:26:83:89:78:49:58:fc:46:d8:c6:8e:
+         26:c6:51:12:37:20:ca:30:c8:35:5a:68:69:70:95:a9:7f:20:
+         3e:af:8d:73:c5:f2:1f:28:50:0d:48:18:cb:9f:46:45:16:b1:
+         f2:ac:e7:1c:54:dd:af:c8:06:ec:bb:4c:dd:71:d0:e9:c8:54:
+         8f:8c:12:e1:d7:1e:53:f9:42:61:98:0e:3a:b6:35:d8:e8:c7:
+         2a:d6:e2:78:74:8e:f5:4e:1e:1b:98:aa:e3:84:fd:d4:d7:27:
+         95:a5:fd:b5:db:f5:42:e1:9a:9a:2e:b7:f7:0d:e5:49:10:50:
+         c4:01:e3:95:6e:53:b3:6b:7f:34:38:7c:49:1e:84:85:6a:8e:
+         63:01:49:b9:b1:e5:71:09:31:0a:7c:2c:ce:ea:d7:33:4b:11:
+         fa:e2:69:ed:30:96:a5:08:2b:fd:b9:1e:13:30:3f:bf:4d:7c:
+         2a:56:8a:7a:ef:a1:76:2c:fa:12:5a:46:ed:bf:4c:90:54:24:
+         7d:91:a7:b3:ef:2b:09:dc:f8:06:56:ac:e7:f5:52:43:80:5c:
+         73:93:f4:01
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTQxMDRaFw0zNzAzMzExOTQx
+MDRaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1qb25hczEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1b8x/fVjSmblejbpB6vbULSSnJ6t
+KE6GrLBtwrnn3fuNASGCM+3P3O4rhJY3x/rnEkKvsU1wN5p73idrj91nIJAsKe2w
++gUBXJ10ExlBp9p9tfL0O5dxKJewYutak3VwbUVTVxSixHMvOtbwhHQlrlDba0RL
+4I9wh0lJvrj4WN+Jq91mb0Y5kAAm1P09lDG7RQtgVJpcUy5SvWvDGux6o9e2IFI/
+fCXmLehoyvt2oPr7ZXF3RkTun/y2fdMoEe41Xgj/1WxeqSFEEnmYOzqH39ffoBLd
+WPuavrhNtJIo2CIk7QzlBMCzQn7GYRtLtp1fMd40PvdaUcxwgxE9DQFWuwIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRMfcqa2ltgMVT9NR1gfgRMDTB2
+RDCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVqb25hczAN
+BgkqhkiG9w0BAQsFAAOCAQEAsHxKe0eDM/N2xTMyFBftO0Ti0Ez2ZpB2vhYcYpUl
+83jLbcHvbLpm7RAWByaDiXhJWPxG2MaOJsZREjcgyjDINVpoaXCVqX8gPq+Nc8Xy
+HyhQDUgYy59GRRax8qznHFTdr8gG7LtM3XHQ6chUj4wS4dceU/lCYZgOOrY12OjH
+KtbieHSO9U4eG5iq44T91NcnlaX9tdv1QuGami639w3lSRBQxAHjlW5Ts2t/NDh8
+SR6EhWqOYwFJubHlcQkxCnwszurXM0sR+uJp7TCWpQgr/bkeEzA/v018KlaKeu+h
+diz6ElpG7b9MkFQkfZGns+8rCdz4Blas5/VSQ4Bcc5P0AQ==
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/09.pem b/123/openvpn/keys/09.pem
new file mode 100644
index 0000000..a77f2b8
--- /dev/null
+++ b/123/openvpn/keys/09.pem
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 9 (0x9)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:41:44 2017 GMT
+            Not After : Mar 31 19:41:44 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-julia/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c4:08:b1:f5:86:9b:8a:90:97:32:4e:a7:55:cc:
+                    65:85:5a:f5:10:2e:5b:ef:8d:61:60:66:3a:53:5d:
+                    fc:90:82:ec:0c:ba:b3:ab:7d:b8:56:9b:4c:6e:73:
+                    d6:72:61:bc:74:17:2f:a3:6b:f5:66:c6:72:b7:11:
+                    f5:bb:8c:47:5b:04:d8:4c:74:6e:22:d3:21:8a:32:
+                    41:9e:1d:8a:8b:e0:b4:ec:b8:15:40:26:08:3d:97:
+                    7c:a7:20:1e:ca:60:8d:0e:7e:58:cd:a6:0b:f7:c2:
+                    7b:7e:9f:c7:55:87:01:3d:ce:37:7c:32:b8:36:bd:
+                    1b:90:24:43:e1:c3:5c:5f:bd:f3:5c:32:0f:5d:7c:
+                    0f:87:ef:8d:03:0a:e9:23:eb:8d:7b:89:f2:4b:cc:
+                    83:d8:32:58:26:75:ff:81:74:83:d7:ea:2f:11:07:
+                    59:97:08:e1:38:e4:be:14:d1:2c:8b:1c:f5:b8:53:
+                    65:b7:25:8f:5f:e6:5d:f1:d8:76:ab:64:df:b3:e5:
+                    09:3b:84:f1:9c:34:f0:7e:bb:e7:e0:3c:da:0f:87:
+                    77:44:95:c2:e5:bd:29:3f:43:0b:d8:8d:d5:07:cf:
+                    26:54:b3:50:dc:64:1c:a7:67:3d:c1:3c:fa:9e:0f:
+                    db:3d:97:fa:28:7f:bb:6f:92:b6:e3:44:a2:47:1a:
+                    18:51
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                8D:D2:9E:D6:B2:D3:DA:D0:60:7D:69:D6:5C:EA:40:5A:E4:39:01:34
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:julia
+    Signature Algorithm: sha256WithRSAEncryption
+         10:0f:b3:1e:bd:29:70:ac:a3:20:8d:77:b2:5c:6d:bf:25:9f:
+         07:b3:c2:0c:ec:41:8e:98:cc:3f:d2:0c:84:17:55:97:1b:e6:
+         4e:76:c5:12:a3:7c:32:a3:81:e4:53:06:4e:c6:67:e4:ad:14:
+         70:4e:1f:ca:e8:5f:dd:b1:d9:e4:ac:4c:b5:d2:51:25:89:27:
+         48:05:a5:2f:c0:de:ed:7a:8b:84:59:73:19:ee:6d:6d:e0:be:
+         5d:36:d4:ea:c3:40:0f:60:94:f3:e8:3d:5d:86:88:75:c1:38:
+         f4:91:6e:4f:5c:ff:11:d8:56:d3:9f:89:58:89:c6:24:32:d3:
+         ad:d2:5b:f1:cd:62:ed:95:12:d7:79:5c:ec:86:45:39:4d:97:
+         02:9e:f5:06:d7:4f:12:2c:f7:b2:ce:59:6b:3d:3f:88:b6:e3:
+         03:24:1e:cf:9c:6f:d6:3c:6f:6c:ed:5b:50:ef:0a:cf:96:f5:
+         98:f8:a5:fa:ce:e3:2c:f8:8f:0f:84:0e:0b:27:c4:07:87:6f:
+         e2:a5:ef:73:db:e5:c9:20:a1:81:e0:a3:16:ec:de:d0:47:a6:
+         ac:ad:c3:a5:16:c2:7d:de:27:67:58:59:4b:20:c6:08:01:55:
+         62:ce:14:f3:5a:5e:23:9b:c5:d6:ba:4c:e4:d6:40:12:09:b1:
+         58:8f:b8:05
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTQxNDRaFw0zNzAzMzExOTQx
+NDRaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1qdWxpYTEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAix9YabipCXMk6nVcxlhVr1EC5b
+741hYGY6U138kILsDLqzq324VptMbnPWcmG8dBcvo2v1ZsZytxH1u4xHWwTYTHRu
+ItMhijJBnh2Ki+C07LgVQCYIPZd8pyAeymCNDn5YzaYL98J7fp/HVYcBPc43fDK4
+Nr0bkCRD4cNcX73zXDIPXXwPh++NAwrpI+uNe4nyS8yD2DJYJnX/gXSD1+ovEQdZ
+lwjhOOS+FNEsixz1uFNltyWPX+Zd8dh2q2Tfs+UJO4TxnDTwfrvn4DzaD4d3RJXC
+5b0pP0ML2I3VB88mVLNQ3GQcp2c9wTz6ng/bPZf6KH+7b5K240SiRxoYUQIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSN0p7WstPa0GB9adZc6kBa5DkB
+NDCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVqdWxpYTAN
+BgkqhkiG9w0BAQsFAAOCAQEAEA+zHr0pcKyjII13slxtvyWfB7PCDOxBjpjMP9IM
+hBdVlxvmTnbFEqN8MqOB5FMGTsZn5K0UcE4fyuhf3bHZ5KxMtdJRJYknSAWlL8De
+7XqLhFlzGe5tbeC+XTbU6sNAD2CU8+g9XYaIdcE49JFuT1z/EdhW05+JWInGJDLT
+rdJb8c1i7ZUS13lc7IZFOU2XAp71BtdPEiz3ss5Zaz0/iLbjAyQez5xv1jxvbO1b
+UO8Kz5b1mPil+s7jLPiPD4QOCyfEB4dv4qXvc9vlySChgeCjFuze0EemrK3DpRbC
+fd4nZ1hZSyDGCAFVYs4U81peI5vF1rpM5NZAEgmxWI+4BQ==
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/ca.crt b/123/openvpn/keys/ca.crt
new file mode 100644
index 0000000..1996d94
--- /dev/null
+++ b/123/openvpn/keys/ca.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFAzCCA+ugAwIBAgIJAOCmM/+DK/WPMA0GCSqGSIb3DQEBCwUAMIGxMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
+VlBOLTEyM0NvbWljcy1jYTEWMBQGA1UEKRMNVlBOIDEyM0NvbWljczEhMB8GCSqG
+SIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDMxMTAyMTYyOFoXDTQ5
+MDMxMTAyMTYyOFowgbExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tMTIzQ29taWNzLWNhMRYwFAYDVQQpEw1W
+UE4gMTIzQ29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI6ZDkXY0diPbLB91BnCq6
+yzxnCn/zp6jHE1D/pHWSRFcitbne4z4n7uHg9rVo+ytwS32KOSqDKUw7nV1SdoGT
+29R6Hoy6RV5aub7UD6CeF7ksZ2xd7359PIYedeyBKB/R3TlLo/2w+sW1womyEdpl
+USvG3nVYGBL/KFKxIaKUXxzTAPagzBUfzgI0AfVCzOJlRmw7Oin/xmrf7Bp0FQnx
+labMu0FVWuKrwvNL0IeQkRvm4zVICFsajjzaWribwKxVZe88iDVCCkizgv9HI7yk
+G+YrnZJbYxYvWisv5Gf6yDBfixgRES1itkGHEco4qBjTNfXxc1TvxBQZdHVkes3L
+AgMBAAGjggEaMIIBFjAdBgNVHQ4EFgQUYHIe6kctqrNxGDLhMBx3CLHUJBEwgeYG
+A1UdIwSB3jCB24AUYHIe6kctqrNxGDLhMBx3CLHUJBGhgbekgbQwgbExCzAJBgNV
+BAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UE
+ChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBW
+UE4tMTIzQ29taWNzLWNhMRYwFAYDVQQpEw1WUE4gMTIzQ29taWNzMSEwHwYJKoZI
+hvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQDgpjP/gyv1jzAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBqSNHim3BDVX4ptcnhYaw1RNEHq2sWkL6O
+m6MLJpwk1BW0ZhKG45/lA8x+FB1npsL9ck/GcTG41UOwCJU3jIKyS5rug7hHAz7t
+GShvWEOLnk0Y9veMOM0Iwsqs4d4qeDQZH2RZCnQqjVt5bXRFDGE0X0Lqa04nVXVU
+8JThZvjNq19jzEulZwg/x356J/VbNX/gtqddqRHw1j5uvsiAnTjQeDZTLjP3SDOS
+vYVjJGF35QyarN0iJpH8TQGeA89EOJyLaQjfd+MG05cDYHo44brJgc26rJRp5QCa
+cp2h9ajosKcIhk1lrY+kLf/XiwYDZ3TyhYhqoM998XggUuinF1r9
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/ca.key b/123/openvpn/keys/ca.key
new file mode 100644
index 0000000..e35cb7b
--- /dev/null
+++ b/123/openvpn/keys/ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDI6ZDkXY0diPbL
+B91BnCq6yzxnCn/zp6jHE1D/pHWSRFcitbne4z4n7uHg9rVo+ytwS32KOSqDKUw7
+nV1SdoGT29R6Hoy6RV5aub7UD6CeF7ksZ2xd7359PIYedeyBKB/R3TlLo/2w+sW1
+womyEdplUSvG3nVYGBL/KFKxIaKUXxzTAPagzBUfzgI0AfVCzOJlRmw7Oin/xmrf
+7Bp0FQnxlabMu0FVWuKrwvNL0IeQkRvm4zVICFsajjzaWribwKxVZe88iDVCCkiz
+gv9HI7ykG+YrnZJbYxYvWisv5Gf6yDBfixgRES1itkGHEco4qBjTNfXxc1TvxBQZ
+dHVkes3LAgMBAAECggEAOUvy2E2dquieiTRK8yUYQoEnTrN93fzYcz2dAeri5L28
+o9dzlI718Ol9XWy+O5w1vSaqPLsk1pb2eKHeNWA6f/JXXCROOekCiZkjRNLYGX3m
+fzVXgEqGpiyWiyVSN1s8B9uxNVMlTE2YCMfcAP56bB6D/4j9qgvjjwTu4DkZZnpf
+iGswdUf2KJZ2Wr08wVjvmKBnJYazXDjMbhXQ+hCSK6yr8zaJIrchdkgJc1lC9Z49
+8HEpc2SwSJrrOUpyQNQ/dNbtYeK1cqqgADguXuxwDRmV/BYycpJ8Yg4hynsWqDR/
+nUOiy/UqisYaEVCW2nLKOsj29YGguGhMXPwPL7oxQQKBgQD5pRuoDmQNOPMcnjfQ
+uVCh1f+VoeKHMuguDmJBEl62hbamAesOdOL0ghmcTAb1JQCtwbdPlvuUuGsvukky
+yCLa4sz7UU6ZSSW6XYD/9oEq/Usp1sdX8MP3Dd8nOXVPxdGzEc8syKDMULkVh/2C
+y8qENGgg9sA5X4RJKIzaFnCFkQKBgQDOBuBWJ1f1RB/O29eutL7Hs68MpiM37B90
+XLLDAIz8DrgGrwBaasdfFxhRZEmU2KHG5LmVCPvZg6au8NFYFoixdqyJZghWBAOO
+pzO8wk939kqSHwgpJcRPXWKG7TCltVEcxO/iocW7qgTGpTeBfK1NbaRqTKDHGzTo
+GTIr8yd/mwKBgQCJjgdaJ2vLuViDqU5Z7PJX6gFlYojeNBeo4PYUotmbOrw0ZpQt
+KAyx60nPTDj9NMFV/IpUCX5gKOmup7eTiqFh+Fw4Ekn7vklSkhj1cM8lb+HNkPHQ
+K/Lemz8dbtSL+xUb1TFRnM61JbmF+qOeQUo6ZGIH3851DoNmiDhsJrcjcQKBgQCW
+/zMr8WnluCgX08gfoxiwBGEnRBxLwCLNhaL+iEjL832saFY57khwyNxpyrajAKKQ
+wtHBCPSMVpCzZowHo3xLlE6f5Mf3QrnYs3KXxVG4+iltLpEslyFpiWfMu8oLqPfp
+veySjT3+bH1TmYM0w8vAE7uMrNypEKeV8+FxlKQ+QQKBgDmUIEgJVMjrD26GJeuB
+bgeAHoC1XDNZCpp3g99n/za373MnJPahxo6Pz2rHv5WGE1lm8AE2CTtQjtzIE0KB
+VsiFP4srSvNtYRuH3gAuEL28ETc5ZAYYrPRlsErNi+KbM3TNNzV9FuvAaRAMb9l0
+Nuvd4s7RiQllg5o+aM+I3V8f
+-----END PRIVATE KEY-----
diff --git a/123/openvpn/keys/chris.crt b/123/openvpn/keys/chris.crt
new file mode 100644
index 0000000..a773173
--- /dev/null
+++ b/123/openvpn/keys/chris.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 11 02:24:18 2017 GMT
+            Not After : Mar 11 02:24:18 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-chris/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ac:3d:7f:1e:1e:d7:15:85:96:bf:74:de:56:88:
+                    9c:7c:dd:45:e5:51:6f:db:c5:a6:0e:48:ab:33:0d:
+                    f6:d7:16:6b:5b:9c:63:ab:7b:20:49:aa:f4:6c:31:
+                    02:cc:24:46:01:fe:c2:c3:42:b8:46:3d:6c:09:13:
+                    e7:d3:81:10:e7:09:0b:5d:63:e8:cf:61:01:bf:53:
+                    00:a4:2e:e6:1e:6b:eb:02:ed:4a:e8:5c:c1:0d:e1:
+                    b2:5d:b1:a1:11:92:5e:7b:21:50:a2:e0:1b:77:53:
+                    fd:e2:13:a5:9f:2f:3d:ed:5b:a0:68:6f:b0:75:22:
+                    05:f9:dd:94:cc:e7:87:ee:be:c7:77:a3:cd:c2:78:
+                    b0:d3:f5:40:8b:c8:ba:70:9f:f5:99:b7:49:0f:a4:
+                    c4:b7:70:94:7c:d8:3a:87:bd:58:af:f7:71:45:7b:
+                    b7:2f:a9:09:dc:71:89:85:42:5f:b1:0d:cc:c1:46:
+                    8a:22:fb:44:26:e2:f6:00:10:df:3f:76:43:6b:92:
+                    ed:f9:0e:41:fa:b1:bc:43:29:45:5d:48:05:8c:83:
+                    fd:c4:31:1f:7a:41:a5:97:05:e5:2b:a1:8a:ca:70:
+                    37:09:81:c7:52:80:c2:93:07:1f:81:6c:fd:f3:e0:
+                    46:58:00:6a:ef:7a:eb:37:ca:fb:cf:71:67:87:86:
+                    bb:31
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                8B:AE:40:F9:23:AD:01:8E:59:9A:6E:80:8A:C5:CD:9E:ED:2A:29:A8
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         b8:5e:18:10:4f:91:50:53:78:26:cd:c7:5a:1f:2e:50:e8:79:
+         cc:ae:d4:92:21:fb:08:25:69:44:c5:a0:a6:67:a9:23:f7:40:
+         c7:d8:66:c9:21:50:34:1e:d9:8c:12:9d:ab:de:f6:a3:bc:78:
+         fa:85:cc:d7:1b:84:4a:f1:19:10:9c:39:4d:c5:21:bc:db:32:
+         25:51:d1:44:96:a8:32:0f:57:e5:1a:60:b2:01:7a:6e:d6:c8:
+         00:3b:2f:82:0c:3d:10:bc:81:df:4f:eb:a3:7f:cf:a4:79:21:
+         ba:1e:25:e4:eb:fb:65:5e:dd:ec:27:4a:15:c5:45:70:ae:60:
+         a0:dc:7d:25:37:de:8c:79:a1:49:38:00:8f:9b:7c:94:d6:02:
+         0a:4c:d3:c3:28:86:1d:ec:5d:11:97:7d:7c:07:0d:92:67:dc:
+         0c:29:8c:c8:16:68:a4:df:8a:db:89:ed:dc:e8:88:1a:6d:58:
+         c5:74:3c:f0:25:ad:58:f6:e8:1e:89:78:4d:d7:1c:a3:8d:8a:
+         93:89:9e:7e:19:24:03:7e:c8:1f:7d:48:98:4e:f1:ba:86:e5:
+         ae:d1:45:a8:80:f0:90:ed:b5:23:8c:75:6f:9b:f4:73:04:c0:
+         82:e0:b4:df:7f:33:36:bc:c7:32:de:52:cc:4c:33:0c:e6:e4:
+         b7:23:16:9e
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMTEwMjI0MThaFw0zNzAzMTEwMjI0
+MThaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1jaHJpczEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD1/Hh7XFYWWv3TeVoicfN1F5VFv
+28WmDkirMw321xZrW5xjq3sgSar0bDECzCRGAf7Cw0K4Rj1sCRPn04EQ5wkLXWPo
+z2EBv1MApC7mHmvrAu1K6FzBDeGyXbGhEZJeeyFQouAbd1P94hOlny897VugaG+w
+dSIF+d2UzOeH7r7Hd6PNwniw0/VAi8i6cJ/1mbdJD6TEt3CUfNg6h71Yr/dxRXu3
+L6kJ3HGJhUJfsQ3MwUaKIvtEJuL2ABDfP3ZDa5Lt+Q5B+rG8QylFXUgFjIP9xDEf
+ekGllwXlK6GKynA3CYHHUoDCkwcfgWz98+BGWABq73rrN8r7z3Fnh4a7MQIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSLrkD5I60BjlmaboCKxc2e7Sop
+qDCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVjaHJpczAN
+BgkqhkiG9w0BAQsFAAOCAQEAuF4YEE+RUFN4Js3HWh8uUOh5zK7UkiH7CCVpRMWg
+pmepI/dAx9hmySFQNB7ZjBKdq972o7x4+oXM1xuESvEZEJw5TcUhvNsyJVHRRJao
+Mg9X5RpgsgF6btbIADsvggw9ELyB30/ro3/PpHkhuh4l5Ov7ZV7d7CdKFcVFcK5g
+oNx9JTfejHmhSTgAj5t8lNYCCkzTwyiGHexdEZd9fAcNkmfcDCmMyBZopN+K24nt
+3OiIGm1YxXQ88CWtWPboHol4Tdcco42Kk4mefhkkA37IH31ImE7xuoblrtFFqIDw
+kO21I4x1b5v0cwTAguC0338zNrzHMt5SzEwzDObktyMWng==
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/chris.csr b/123/openvpn/keys/chris.csr
new file mode 100644
index 0000000..98191c9
--- /dev/null
+++ b/123/openvpn/keys/chris.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC+jCCAeICAQAwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRwwGgYDVQQDExNWUE4tMTIzQ29taWNzLWNocmlzMRYwFAYDVQQp
+Ew1WUE4gMTIzQ29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
+ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsPX8eHtcVhZa/dN5W
+iJx83UXlUW/bxaYOSKszDfbXFmtbnGOreyBJqvRsMQLMJEYB/sLDQrhGPWwJE+fT
+gRDnCQtdY+jPYQG/UwCkLuYea+sC7UroXMEN4bJdsaERkl57IVCi4Bt3U/3iE6Wf
+Lz3tW6Bob7B1IgX53ZTM54fuvsd3o83CeLDT9UCLyLpwn/WZt0kPpMS3cJR82DqH
+vViv93FFe7cvqQnccYmFQl+xDczBRooi+0Qm4vYAEN8/dkNrku35DkH6sbxDKUVd
+SAWMg/3EMR96QaWXBeUroYrKcDcJgcdSgMKTBx+BbP3z4EZYAGrveus3yvvPcWeH
+hrsxAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEASmlVisLd3+jGo6+VsSaSGU6f
+18zt8X6ZPjJghwdEUcoHecUTFLUgob9yVW5VJkMvO6OZf76kv84Wy/TuqaHjzlr9
+YmEYdiRASTUsKs4EdUHqbgk5tkB82+TOHsSUeqdU/IzjhvYo2/+S/S35w6coMJ2v
+rje585Qt0uRBZFjre0dPufpwCi68ss0WR9pOUsnFczM+t2WjU9eRgrHlkD5oFhvI
+Jfr9yRKRcKKneDycRbMEQr8hWBU18OSuM2bPfzjin0n/K9LI2kWYyb2lxJw4wjwv
+bovWlHsrRa4ejn7XPKoQraqavtknw1oTJTfSaaBrUY4HB99zvMUpn2+tILymmA==
+-----END CERTIFICATE REQUEST-----
diff --git a/123/openvpn/keys/chris.key b/123/openvpn/keys/chris.key
new file mode 100644
index 0000000..fcc4a16
--- /dev/null
+++ b/123/openvpn/keys/chris.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIF9LLzSpsCMUCAggA
+MBQGCCqGSIb3DQMHBAifugS728VxeASCBMiRBT6FcoCVZiCBpRqbL8jwWTvOpwMQ
+bHbKobUVCNK2WJddIA0bvnhj2xlNHx0Ka9B182f0h1AE/5fRyONc+IrwazswOJ0D
+hKWnYNwSmhTZdUy6r0zQWBEr4tzJKNxSNqMrXVBnZPVQYfNWHuxNTcaOR8qu5DW1
+bAhJ9WVBLgKA/D8tssoqcyxEBKPmhQiPj1m1TewkaxaOCHe9fF+cQUZ8AdTkd0po
+FehYPSqkPJ6MYJwX+yNXFct47LioQWkl+v/GtURgkszKRY9AT3c3YqWZ4QJwQZG9
+mGEMqQq9vDzAclLaeol4C5yHZ3cpP5xdRyg3D6xb1H51zj0hQvDuVqSBanNbM1zo
+rYR2s9gNpeWS7KbJuFZ0CLlRFFJK074r6HLuBp5Xwtcj0TPj0xKpAGHFAZ8vplCm
+YqOUZiDOUlSVuEylXxeXR71G9CKqyu+ZPGqjd/kkGuCUzS3m7OKayuy4MAmPyU6O
+zQ1Ggn1/LgAhgpH5n4QVkWnGciUx+17ePgQNuYiT2gyLDaFS+AMeF+myl8fW39UK
+CrwaqzSZxewKj+NJNIoofFPXDP8HC3lU1nRdxRjke7zLNhWvtmfmeLmJOx8kGE4o
+zV+1ifL171JT0I1k+xc7lX/fgVV/JNWqj47ncgbCDaUV14t8P2L9EfBDdueghm9i
+phniM9DrqZncGeBsVUTMqVwjF2R4CAPQjxR6ZALzYBTLVVjiEl9IDQFuxeLTAS72
+o03yZQCMBud0YKXrVb6rPLQKrMENXSEMBUfJ7KQ/twSG2RMZ/fohcPu86wNWStPe
+ZlcPB8QvVbNrOgt51+tLMmsFGNYo1JEiZ8WTbuu5O6dsiapb9v3e4+5scW/f65Gh
+NNFC9cTv9kdfwXUZMqF6cQP/3A/DcG6otycXXui5AES3dyzeL+FDYn+TPMlFS79c
+deWCZ/lvjZl/VapyrFfO4xZYNTd+um5zovfCuWYb88SVz203iuw6dqvI4mcIoXoa
+SW+vSjpm3DXpHxYJ3dK3FfclRMg931d9VxTjwCUmBjuxxcm4YHa13PI2VJG8gCF2
+UyO9gBzbuIl5coMRsee0TWbeTatsjVHRhl2Vr1n/5ZVw/Jghj4WhejnsjKGDItGU
+YLWaQJ1oHSW3XK1f/l/QGrETiO0sTOqDHs7AKZMoeKoKG+wZrv+CU4gskmSHkw3T
+rBaJL5MeQwJYG4Y9sT7q8G74SlRBOfyu1dKYB827Ev/JB75KDbuct6ClX4RS84Nk
+8kaJ8xeCBDKVagNQV/uQJ1BJtyNp8paAEmiEIn+uAyosmFBhOL1op1UfydA4GQO2
+x8VcNkIz+gnESL2g1/w0/WfCaR5RsuSI9KwdzvWFl2bfpAh1A3hU7WRjJytzh5Nk
+9nPj1f5OqP9rl/9Lgl3JlY1zSS+g2ZDlIZAVF6gHrApFh2FrCVaT82o5maiJNIKm
+DMwus2EAUAlL8Yc9XK/5Cgh9mh5Sjd/qrTdiSr/bVvVl28gDeyKPGrQdlB0X6F7E
+Pb77QGdyt+0FRlwu3mEKsfPvOTAVPF3TIz0eMUPsP7+f4Nf+Vk/5WUDd2ViAzWWg
+YCJTlvkeORhU79ClFKc12bQdF6UBfRFQYqQXQfdD8326XWH89c5wFIsrPfA1s5pj
+Uwo=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/123/openvpn/keys/crl.pem b/123/openvpn/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/123/openvpn/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/123/openvpn/keys/dh2048.pem b/123/openvpn/keys/dh2048.pem
new file mode 100644
index 0000000..3913e41
--- /dev/null
+++ b/123/openvpn/keys/dh2048.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA75kjXi5DAAimhQ0GKJ/22y2OWcZAkNqVc2bfStyQUlYnm2E2NFxN
+nakpLWICxxWB7FpxKA/H7qM3i5lY6MIumrw8Fk/NKxtKwxYf3guNW12lVU3qFY5M
+h1vvMovyiZYxvftWIA2xxAlZLDS9UpO1dTzZspTIWJkRjOpOdq+4VHG216EWkH/b
+dP+epeDPLAksZ46iiQs80d9PSOSeHg5uVDtRK+1S5Xf9dAvTzWBRSDiS5r/PLskJ
+KasyUM+4dLG+Ex/M/ertR/nAQ9JhVfsKjIJaH9BRc+6Wq7NX1yLRwYWYHuRyBG1q
+1o7fcpMvteFXJe7CB8xifSAoNdEg1UeUcwIBAg==
+-----END DH PARAMETERS-----
diff --git a/123/openvpn/keys/ellen.crt b/123/openvpn/keys/ellen.crt
new file mode 100644
index 0000000..e484ef4
--- /dev/null
+++ b/123/openvpn/keys/ellen.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:38:42 2017 GMT
+            Not After : Mar 31 19:38:42 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ellen/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ec:72:92:5c:45:07:06:c3:ef:8b:49:fb:53:2b:
+                    64:9f:07:47:e4:2f:84:64:35:a9:6a:93:77:a9:3e:
+                    8a:47:fe:52:fc:1f:e9:9c:05:13:74:a6:d5:5e:12:
+                    ab:c9:55:1d:d7:83:a7:9e:e4:76:f9:c3:ee:b4:b5:
+                    c6:d7:ae:fb:05:e1:5f:3e:d5:c5:08:31:cc:40:bf:
+                    9e:17:ea:b5:69:c1:e3:f5:8a:55:b7:39:10:4c:39:
+                    d4:a5:1a:6c:da:1c:df:08:60:41:43:cc:78:cc:9b:
+                    3f:f0:64:35:a6:bd:7d:0c:86:55:20:66:e8:7f:d9:
+                    0d:06:03:d5:42:d2:b0:43:54:92:69:5e:97:20:d6:
+                    d9:0d:5a:95:86:5b:82:59:f0:d4:6a:5c:4c:01:ca:
+                    ae:17:da:7c:04:27:d5:55:1b:22:88:0f:82:ea:0d:
+                    3b:3e:0a:92:6c:7f:5c:a4:4f:4d:b3:ea:b1:fd:e9:
+                    25:20:87:af:52:36:ad:3c:d5:1a:f1:45:9a:8d:a8:
+                    33:8c:0c:0c:97:24:7b:5d:32:fe:ad:f9:b7:15:5d:
+                    a4:16:c5:a9:52:89:d3:4d:26:08:10:6f:3b:5a:3b:
+                    0a:32:c0:8a:fb:a0:23:8c:bf:bd:d8:b1:8e:b4:a7:
+                    05:86:1f:99:6f:7c:c0:57:7d:ba:19:f0:5f:3b:d2:
+                    91:53
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                CB:73:DC:89:31:5E:B7:F6:7A:2D:B1:39:A7:E3:03:5C:38:75:B6:FC
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:ellen
+    Signature Algorithm: sha256WithRSAEncryption
+         41:78:fd:3e:cc:67:5a:80:3e:7a:e2:1f:21:fe:de:be:54:29:
+         f4:96:b3:22:ec:8e:55:8e:da:af:97:9f:d7:71:97:c6:83:9a:
+         26:da:9d:47:f1:a2:3f:75:a0:26:09:e4:e9:cd:cc:d2:c0:3b:
+         fc:76:1e:08:1a:23:23:b0:e2:c6:52:63:57:c3:ca:55:d5:32:
+         c8:d2:ac:d3:5c:c2:16:e6:03:72:b3:cf:67:74:f4:ae:64:a4:
+         bf:10:0d:ba:ed:f4:89:df:7d:c3:61:e1:76:9a:81:8d:f7:ec:
+         a9:b0:20:25:7f:57:4d:36:87:dc:bb:34:8f:e2:95:0f:41:85:
+         fc:10:e0:ff:31:9d:c4:fd:79:81:ee:34:33:24:72:a8:19:77:
+         49:66:ea:9b:28:90:14:29:fb:3d:e6:81:98:55:4f:d5:be:95:
+         7a:8c:46:d8:78:e7:5d:16:2a:de:6c:fe:a8:46:d0:e1:04:c7:
+         f7:25:64:7a:fd:ed:ef:ef:98:44:96:3a:15:f7:c6:e9:16:09:
+         ea:8c:fc:c6:34:4e:83:fe:88:46:71:25:fb:3e:62:76:92:15:
+         05:44:43:12:75:b7:f8:8f:5c:64:be:36:83:ba:8b:be:b1:46:
+         3f:d0:c7:01:81:1d:49:00:f3:fa:42:74:3c:c9:b1:37:78:30:
+         2e:4f:c3:61
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTM4NDJaFw0zNzAzMzExOTM4
+NDJaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1lbGxlbjEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7HKSXEUHBsPvi0n7UytknwdH5C+E
+ZDWpapN3qT6KR/5S/B/pnAUTdKbVXhKryVUd14OnnuR2+cPutLXG1677BeFfPtXF
+CDHMQL+eF+q1acHj9YpVtzkQTDnUpRps2hzfCGBBQ8x4zJs/8GQ1pr19DIZVIGbo
+f9kNBgPVQtKwQ1SSaV6XINbZDVqVhluCWfDUalxMAcquF9p8BCfVVRsiiA+C6g07
+PgqSbH9cpE9Ns+qx/eklIIevUjatPNUa8UWajagzjAwMlyR7XTL+rfm3FV2kFsWp
+UonTTSYIEG87WjsKMsCK+6AjjL+92LGOtKcFhh+Zb3zAV326GfBfO9KRUwIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTLc9yJMV639notsTmn4wNcOHW2
+/DCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVlbGxlbjAN
+BgkqhkiG9w0BAQsFAAOCAQEAQXj9PsxnWoA+euIfIf7evlQp9JazIuyOVY7ar5ef
+13GXxoOaJtqdR/GiP3WgJgnk6c3M0sA7/HYeCBojI7DixlJjV8PKVdUyyNKs01zC
+FuYDcrPPZ3T0rmSkvxANuu30id99w2HhdpqBjffsqbAgJX9XTTaH3Ls0j+KVD0GF
+/BDg/zGdxP15ge40MyRyqBl3SWbqmyiQFCn7PeaBmFVP1b6VeoxG2HjnXRYq3mz+
+qEbQ4QTH9yVkev3t7++YRJY6FffG6RYJ6oz8xjROg/6IRnEl+z5idpIVBURDEnW3
++I9cZL42g7qLvrFGP9DHAYEdSQDz+kJ0PMmxN3gwLk/DYQ==
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/ellen.csr b/123/openvpn/keys/ellen.csr
new file mode 100644
index 0000000..f7f1e44
--- /dev/null
+++ b/123/openvpn/keys/ellen.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC+jCCAeICAQAwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRwwGgYDVQQDExNWUE4tMTIzQ29taWNzLWVsbGVuMRYwFAYDVQQp
+Ew1WUE4gMTIzQ29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
+ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDscpJcRQcGw++LSftT
+K2SfB0fkL4RkNalqk3epPopH/lL8H+mcBRN0ptVeEqvJVR3Xg6ee5Hb5w+60tcbX
+rvsF4V8+1cUIMcxAv54X6rVpweP1ilW3ORBMOdSlGmzaHN8IYEFDzHjMmz/wZDWm
+vX0MhlUgZuh/2Q0GA9VC0rBDVJJpXpcg1tkNWpWGW4JZ8NRqXEwByq4X2nwEJ9VV
+GyKID4LqDTs+CpJsf1ykT02z6rH96SUgh69SNq081RrxRZqNqDOMDAyXJHtdMv6t
++bcVXaQWxalSidNNJggQbztaOwoywIr7oCOMv73YsY60pwWGH5lvfMBXfboZ8F87
+0pFTAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAqG7Pm86xMI259YHJgwVxEex7
+DLKabh2Xe/JHCBRyc6ZrzthjexIQocIg8XbjHuU0ReciUbk2GvBHt89/s0Mrpo+C
+1iqKrgFXMM5W8igCZaTWMRxJ5f8EDj99W8cps29/NojakzyO2UMA7iYRv54qDCJb
+tR7tqadpgzn/x6DbyjzJOPTTb2FK/PWYxP8t3SVvXSOrwgmHSTqsh4KWocTdfokk
+VHSl9R/Larcl/XieShOzsGBXjmupJL2G9xk286bahaLaSob865IhwTKJ1sMwLPOn
+4f0003qE5ptK6V5cAhsBtyIjZvnoni/gRHSSnwsgoqmC5wOKVtraScHEmAxk6Q==
+-----END CERTIFICATE REQUEST-----
diff --git a/123/openvpn/keys/ellen.key b/123/openvpn/keys/ellen.key
new file mode 100644
index 0000000..37dc10b
--- /dev/null
+++ b/123/openvpn/keys/ellen.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqYNbs1KjCD4CAggA
+MBQGCCqGSIb3DQMHBAjQbwXPEJZtUgSCBMhTxI7dblWQWEPoEqmxGV2qWiQrw3y3
+ZboekVfEP57rNyKS+xgJuo/gYTncgeTYe0c9aoqO4tZneIa5KavsrKyKCTGQLnOM
+qq2rlZDJ2uPi1u4qo8GDaILQ19rNMy1HSL0NrLuxG7zyRPnhhacnoEDr1z2ypv9k
+U6Tz3oKyIA9617xxSQ7KPV7FzJMmTuxDEO/tX0TDeoAOxfVMU463S4XDEiCFXUUN
+ETSXed626B7FE4Q3RI7vVRnWOOPTcAoEJoj6TZxaqfwOZGSofluKYyu9LS9CNX91
+EteAGRWAzTj0MGWtfUwChCo9z0ZAwNAlHltXJyFmPnyuTZ0WRZ+iFtbXUeuHfis+
+CF07SrNqlDLGu2TctuQR0CvvpFzs+pAJBX//x4A+R03aJZ+30M/VkgHhQUIGMFeI
+daxWDSpPqLBkQDmTgJaO9F4PFyNylYIC0VZhvmGlX+obTbLfuaDVW4HvR1dwglQs
+9PQoJAHg9HJIb1CW30vJMc892C6e/SEOK3VNzsT0Pr1EIo6GqiTg/GRpvxjRHsLW
+HzuCm/X6MOLlLy7lQkV9I6ewNCIjeY045B8UpKUmd/bEC6LRU8qTTx+N+3eub4/C
+e9amZyvBk334dB0IfSMO/eYEbuoVkqjmYWQUokLtK7+JwXFPUkjJ9InqaDTIqbtn
+pxOlShzH2A5guPsclkNrKXVmv6VWGke0JQ/tMgaXBpVaTl/SeFEKs56zJ8SVN6Ep
+3I1r1nWkUZbGypdu/CNVZmmdRII4PFtxsqQjag7+YNJlp/e58m7FBinDS4q4vT4f
+UjNNSP9T9tD5f/PaK+j9q5ZynBguHS3SbFA3zO8Wfed8YB+1qsLJ93coaBJNfTaY
+S/DCLVLXnP8LcGvcFHkHOfrUKQuSnW0or+rtifbXwdQSEX2xiTNG0CjXZnRlS1oq
+70ZOG97/QYyssEGdVN+OHPQ1aywnkf5qhruafG1Ue8W45CIGHQ7bmSlLzMzVo0Py
+5o6b93bVIiN7LCS6vojM+s2Sa5s0VWC+JsdJHX8IGF/Evf4gn1e+yLO1g8qNuGO4
+7GhUxFmM0OlhRo9CW5/t8x862p6kvOcTYeddDlRzgAwOJ8sfwpwHUmnloigb4jb6
+McCR/MJvq3KGGf5K8bcAwPkQFZBtBHl9jdjPpBxpjobQp9GitfjwXYZ41HepCtNU
+XIEnJWcpj77okAuz9PSmS4NtK9OdBK0IBm+vsSPxJUvDy7QYekqSaab9MUCk20Vy
+lDPwZfLuFuHrhyRqrx3n1vjGc7T3amANo0BEG+yFZruMwqkC15bGKnPmy95kCvGB
+uFpymGJBZJOQe9hUML5jJNIEReQHIoPO5CFzTzoCDGP3NzgP6nXUOY0SsCG17k46
+rWpFTVMM8TJWVEhhn7RrTk/QM0pCfCFUcpe591jgS/XewuzFKeOGyvBcQL2azhY/
+OLhh/byqX2XPDT/dISUM7uyxbMn0/o9MXx86kKbCP9mLWir6GYqOrw+SvNKIYDPg
+rABZ4Lm2YhHur0WU4aICloUO1/qm9iPiVqBcGmOneh5TuSO02u8HAdR/Bh62s7k9
+xdXGaYtqHW2jgM90gYTRGbP8CQL5QGu8/MXJdslaEuAZvlEcVgd0I5kI1TvgjTRg
+eNI=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/123/openvpn/keys/gw-ckubu.crt b/123/openvpn/keys/gw-ckubu.crt
new file mode 100644
index 0000000..48e0fb4
--- /dev/null
+++ b/123/openvpn/keys/gw-ckubu.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 27 01:22:52 2017 GMT
+            Not After : Mar 27 01:22:52 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-gw-ckubu/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d6:4a:11:c9:92:5d:41:10:43:41:f9:d0:31:82:
+                    47:6f:9c:10:dd:f2:2d:c1:14:0a:56:6a:82:54:01:
+                    7c:7c:aa:ec:13:c9:26:c1:38:cb:f5:ae:3c:c2:1f:
+                    f0:88:ba:7b:84:e1:ce:bf:40:54:a2:87:40:49:e7:
+                    4e:e0:5c:1a:e5:cb:a5:37:73:99:5f:f2:ed:38:c1:
+                    a5:10:72:8a:10:3d:d6:41:dc:a5:e3:28:f1:2b:b0:
+                    6b:0a:f2:4a:9a:be:15:07:e1:0d:40:69:e2:53:b4:
+                    1e:1e:32:fe:1c:65:4f:38:d5:e8:a1:38:eb:fa:8a:
+                    46:2e:e3:2d:ed:be:1e:e9:5a:c9:62:e3:59:f2:28:
+                    fc:28:c0:9e:ee:8a:12:73:d2:a2:be:6d:41:eb:f1:
+                    85:29:2e:3e:cd:73:ba:37:a0:eb:cf:a3:04:29:db:
+                    79:5f:9b:a8:80:e9:ec:80:94:6a:8e:83:5f:bd:9d:
+                    02:20:27:0b:00:1d:17:3d:50:71:a2:b8:fd:92:c8:
+                    f8:db:a1:1d:98:43:3a:d9:b0:66:0d:ce:62:26:a6:
+                    e2:cb:92:04:de:9d:1c:ea:5a:3b:53:10:a8:36:4c:
+                    b7:07:37:da:aa:01:9a:a9:98:37:b1:23:b2:19:a7:
+                    e7:40:20:09:0b:e8:b1:5c:87:66:05:27:90:a8:a1:
+                    fd:3d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                88:EE:C2:37:75:7A:6F:00:9C:EF:11:64:CD:08:96:0A:45:18:63:1B
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         66:20:ee:15:bf:c7:8e:47:40:4c:1b:6e:b6:c9:82:53:a9:67:
+         52:51:f1:38:c0:b8:19:90:c2:40:49:2e:b4:27:d3:b8:0f:4a:
+         a2:cc:0b:5b:5a:34:07:aa:32:3e:7f:bf:1d:75:5a:69:19:7f:
+         37:a7:89:dd:6d:c5:8c:6a:68:c7:c7:e3:96:83:cc:26:b1:86:
+         a9:02:07:6c:f1:52:9a:0a:00:b2:39:9b:b2:6b:3b:01:97:9e:
+         02:53:28:07:0f:3d:77:24:3e:69:98:aa:28:99:ac:fa:18:06:
+         a2:ae:c5:ca:b5:3f:4b:ab:30:db:65:99:95:55:52:1e:a4:b4:
+         c6:94:eb:b5:66:ef:2c:7e:5d:cd:0c:0d:be:9d:8e:79:46:90:
+         50:5e:29:99:36:c8:9d:83:5f:d9:da:3d:e9:56:17:2e:0c:8c:
+         57:84:2c:75:92:5f:ac:69:58:59:db:2d:d8:e6:c8:e8:b4:74:
+         c7:b5:33:a5:95:cc:8f:0f:f6:c1:73:4e:40:4b:a3:a1:60:40:
+         d8:2a:2d:87:84:d5:77:35:37:d0:b7:8e:e7:31:01:8e:cf:03:
+         9e:80:3c:25:0e:83:63:34:e7:5e:4e:1f:c6:d6:6f:da:96:b8:
+         c0:9d:fd:d5:57:84:98:9d:28:f7:ca:9d:c5:1b:87:03:4a:46:
+         60:94:02:18
+-----BEGIN CERTIFICATE-----
+MIIFZDCCBEygAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMjcwMTIyNTJaFw0zNzAzMjcwMTIy
+NTJaMIG3MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEfMB0GA1UEAxMWVlBOLTEyM0NvbWljcy1ndy1ja3VidTEWMBQGA1UEKRMNVlBO
+IDEyM0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1koRyZJdQRBDQfnQMYJHb5wQ
+3fItwRQKVmqCVAF8fKrsE8kmwTjL9a48wh/wiLp7hOHOv0BUoodASedO4Fwa5cul
+N3OZX/LtOMGlEHKKED3WQdyl4yjxK7BrCvJKmr4VB+ENQGniU7QeHjL+HGVPONXo
+oTjr+opGLuMt7b4e6VrJYuNZ8ij8KMCe7ooSc9Kivm1B6/GFKS4+zXO6N6Drz6ME
+Kdt5X5uogOnsgJRqjoNfvZ0CICcLAB0XPVBxorj9ksj426EdmEM62bBmDc5iJqbi
+y5IE3p0c6lo7UxCoNky3BzfaqgGaqZg3sSOyGafnQCAJC+ixXIdmBSeQqKH9PQID
+AQABo4IBfTCCAXkwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0Eg
+R2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSI7sI3dXpvAJzvEWTNCJYK
+RRhjGzCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCB
+sTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGlu
+MQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAX
+BgNVBAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3Mx
+ITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMG
+A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNVHREEDDAKgghndy1j
+a3VidTANBgkqhkiG9w0BAQsFAAOCAQEAZiDuFb/HjkdATBtutsmCU6lnUlHxOMC4
+GZDCQEkutCfTuA9KoswLW1o0B6oyPn+/HXVaaRl/N6eJ3W3FjGpox8fjloPMJrGG
+qQIHbPFSmgoAsjmbsms7AZeeAlMoBw89dyQ+aZiqKJms+hgGoq7FyrU/S6sw22WZ
+lVVSHqS0xpTrtWbvLH5dzQwNvp2OeUaQUF4pmTbInYNf2do96VYXLgyMV4QsdZJf
+rGlYWdst2ObI6LR0x7UzpZXMjw/2wXNOQEujoWBA2Coth4TVdzU30LeO5zEBjs8D
+noA8JQ6DYzTnXk4fxtZv2pa4wJ391VeEmJ0o98qdxRuHA0pGYJQCGA==
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/gw-ckubu.csr b/123/openvpn/keys/gw-ckubu.csr
new file mode 100644
index 0000000..2eac540
--- /dev/null
+++ b/123/openvpn/keys/gw-ckubu.csr
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC/TCCAeUCAQAwgbcxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMR8wHQYDVQQDExZWUE4tMTIzQ29taWNzLWd3LWNrdWJ1MRYwFAYD
+VQQpEw1WUE4gMTIzQ29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWShHJkl1BEENB
++dAxgkdvnBDd8i3BFApWaoJUAXx8quwTySbBOMv1rjzCH/CIunuE4c6/QFSih0BJ
+507gXBrly6U3c5lf8u04waUQcooQPdZB3KXjKPErsGsK8kqavhUH4Q1AaeJTtB4e
+Mv4cZU841eihOOv6ikYu4y3tvh7pWsli41nyKPwowJ7uihJz0qK+bUHr8YUpLj7N
+c7o3oOvPowQp23lfm6iA6eyAlGqOg1+9nQIgJwsAHRc9UHGiuP2SyPjboR2YQzrZ
+sGYNzmImpuLLkgTenRzqWjtTEKg2TLcHN9qqAZqpmDexI7IZp+dAIAkL6LFch2YF
+J5Coof09AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAFpE/mx+rBsU1MCbDfpBi
+cvggKoOMmjBy8+jhdhK95waWF+V2VykOi4/+WLZZRM9BEIblpWqT5jcbap74ScQ5
+dfbXLcFO6tKumqppbw099C6wI2tXpwinDsd6dze1P7s+Sng5lcwUmwRcjD9xlNrs
+C5ia/RXPeKqj/BGbQpN5Prc7Etxx6ip3YNM2khaSSdsHQ13l7f4IYW3H1sUzUqMI
+hgvsk+Tkva5CusmxE3qI37BKaAwi9Jm0r5feinBwRNy4/8ogvXFerbJyOOe0PQH3
+pi97H1Ia33NYmYNKTYiTDR3/AF6rw4Flv99pxuBAargxaf8g+o0cup1e3uFsUEto
+Kg==
+-----END CERTIFICATE REQUEST-----
diff --git a/123/openvpn/keys/gw-ckubu.key b/123/openvpn/keys/gw-ckubu.key
new file mode 100644
index 0000000..5bd9c9e
--- /dev/null
+++ b/123/openvpn/keys/gw-ckubu.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIUPPvb55y11ACAggA
+MBQGCCqGSIb3DQMHBAjjOqpaPsnUowSCBMiALIvfB2vXtETRZxybvvubeJLEp5eA
+qkQ7cdy331ti8XJ6fkHcU3mBQwbBDD5KSDBLRnRU8LegMWvRTKGjQ8lRGCULTvxI
+sr3HuR5omwXUMVwRLWTht++I1IIYoIwwnVU9/7vMy3nJPixP3OKRGwkmv5IedCvc
+5a/KqJuc+ezRVjQ8/Dl8fs+VRefd5Tmh3TYROu1vuV0pQaT33ceXDVJqZ2B+dmoT
+AHFE3FUex60YlXt5iUhdGWzItdeXnI5tDMnoFcAtCPbBAB7DhynqfEn7dlaxrCrH
+4POq5KvMUu5/sXlQoZR+SvkOx7Z3JNTYj/PL0OpM8tXJFvc5nT733iVcNjyauLhf
+rcXqnih6MUrWYaBAfL4od6/ne27vqriKwtFUfASTqlW8pN4uESbngXx2Ww5CqM7+
+K7Hz3XDF04Y92YBndBr1ZTUiFbypO5PjygZz8Jeia6RYXLUU+6kO/VQ4WsnbGep1
+ftQGc5tNhwEwJC+tacFzPdd6hRnosGSs9jhHk7v8CY58V2wBcgXxBDgVZeHbp2bL
+9lJmyohvZ/nzxmb99TxD6j154OqC+4cJLze5AG2AO5QmrNhMcFt+mEIxL1uiBU77
+SHe+konUZuAH67UPR5oJm1x7KmGjYOmdeke3wgkFKUIRCQ04OikOvUkIJB5mO2D0
+uoG6caj/KQQdweqhOMELoOj/GDQhxNCtD4Zx8LhKDz4VL/c5+s23oJX/pALuDlNs
+JpxI/v6gkxVLIZwyxhNVxKFNYEMERmxN6GePdPki0iEDGRRuSjat3xnMh0N+Yp2f
+N3lNDNoBfZRuBcgugF70O7P38tQXgEZF8tECwRHogmCDDSSOw4DbvbBSVdMhlMIF
+oUmNKqSyGKIONwsvCYHSKJ37DDIyvi/nEbSLHy+HRQ7/foM0nwnmxrgUk17VVknK
+RUqob0PeSFBMsjVV6kDrTHj2uiRYq5qD5bRh9hCKOWCdk0WgRspjUlBm4Yw1sTan
+/Zakk8MAyIl3dOrwnaTuiiYVFi2mIWwRSrjV0wYriGypez5LdVew01ISx/tqudzC
+6XvwMcNFeM0bzIT8PJI0g9b8JZrDGk8UbMIw0AfV1jakzZoDUNcv9BQHNGxcdcLN
+TFNY6BiTgAAsZvaapUU+oRqPB6UHubbfmRAfX2AzrctucYtVNZTNExytM85qslPF
+ZE4dx+yJ/irUzenP5ABVobpbvriX78d6hiuRHiAqbO90Co9nBffwDQnZptSdXRGT
++aubzGluIA0piOyW3r2s4KGRH+2s5TqHeW3WoTJTJuFlGB2lqn/Ieg0xl9Xy6rNp
+31oh/n8K6XjqIl1k7NWjLq++gzkoRyidZjvjzkKGkCEqfbZvE31m9LQ3ntxAsMgs
+WWXfWz+O9INtN2YzcVEDPNvbNA31FdtUs5nLVO5KPut2Rl/po2d8m+5WTdgQkpmm
+8x2IA7ZEUyYXKmFa0nFEZ7H2XhRizk4jfr0eQyx43nfXab7s7L2wy5IAxpksO54P
+H0VNIaaADeV/4PdbHODB4zOrrYEigUeMBVJaiZAyjvC1u1mLEtFkajWwBMaqgWA0
+0A31VtMvPn8b8lEhQhirgcJzHK/550hkEAgm5kmiWe8ZoLCw0Ej8Dofr5HA/GuZg
+mNs=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/123/openvpn/keys/henny.crt b/123/openvpn/keys/henny.crt
new file mode 100644
index 0000000..afe0b06
--- /dev/null
+++ b/123/openvpn/keys/henny.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:39:19 2017 GMT
+            Not After : Mar 31 19:39:19 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-henny/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:df:b0:f5:e3:00:76:72:1f:19:3d:f1:1b:cb:bc:
+                    52:1c:ec:3c:65:14:bd:ac:c7:cd:f3:5a:4e:16:c5:
+                    af:a9:f6:60:0e:c8:de:62:51:1c:9c:d0:0c:64:d6:
+                    5d:16:51:53:22:3a:f1:f0:1b:92:9c:a9:ae:39:82:
+                    87:82:23:62:5c:68:7d:0c:fc:61:ec:f8:02:c8:57:
+                    bd:27:da:1c:65:0d:69:25:2a:25:13:af:91:79:4c:
+                    55:be:7e:ae:80:e7:d3:69:e1:79:cd:94:a7:98:25:
+                    9a:bc:9c:de:9a:62:42:5c:06:b8:de:1e:82:d5:a8:
+                    06:0e:c2:d0:11:96:a4:4c:76:f8:17:40:20:4f:f1:
+                    d4:d9:94:8a:fc:06:04:e5:5c:cd:a1:70:51:4c:41:
+                    13:00:ed:6d:f3:73:f0:3a:b3:c1:94:45:57:6b:d2:
+                    19:f3:b0:43:d6:8c:bd:89:5f:e3:ad:93:7d:3d:f5:
+                    61:e7:96:89:a1:08:5c:2d:74:32:03:77:8f:74:e7:
+                    f2:36:49:c6:e8:20:ec:e4:67:e0:0b:d0:38:2a:c0:
+                    84:d9:fa:da:db:75:0d:c0:86:d5:89:ef:33:9d:bf:
+                    dd:6b:a1:78:83:fe:78:1e:32:56:38:84:d3:fb:4f:
+                    28:41:ee:9f:9e:1d:51:c1:2e:f6:67:87:bb:c6:83:
+                    d0:f5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                37:06:33:52:9E:7C:42:62:7C:AA:37:82:9F:97:4D:89:25:8B:1B:03
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:henny
+    Signature Algorithm: sha256WithRSAEncryption
+         b3:7a:5c:64:cd:53:5a:23:ec:35:79:4b:ac:ca:c3:0c:39:c7:
+         e9:2b:89:d6:a2:51:1c:a1:ce:48:a9:8b:f7:5f:dd:fb:43:70:
+         2a:17:bc:04:90:31:ea:e6:85:cb:df:41:a4:f0:63:fb:d9:bf:
+         33:6b:6e:80:b5:62:d9:83:6d:4e:01:f7:e0:ae:b6:20:6b:eb:
+         d0:76:7d:e0:1e:f9:de:d6:e3:c2:cf:91:2c:59:f2:01:1e:63:
+         46:7b:a8:7a:8e:af:e4:45:43:4b:f9:c8:5c:b9:e2:26:d8:a8:
+         b1:74:91:d0:ff:ae:fe:c4:73:f4:06:07:40:00:72:16:5c:44:
+         29:af:37:31:4b:3f:3e:09:64:a0:e3:d5:fe:6c:f7:e6:2e:c5:
+         4b:61:41:df:0b:66:b4:7b:3e:21:7e:24:7d:27:b2:2a:cd:ef:
+         9d:a1:f7:bf:57:c1:f6:a8:24:52:ba:0c:31:fd:6e:24:e1:11:
+         b9:a8:62:27:54:3c:59:3f:3a:d2:45:9d:81:77:d8:2e:b1:4e:
+         6e:41:a6:e8:89:e3:44:f0:be:da:58:02:67:d8:c8:51:fb:2c:
+         57:01:10:19:d8:10:7e:d6:9c:70:f7:32:91:ed:26:53:66:39:
+         19:99:f8:63:cd:c6:a8:c2:35:1d:f4:0c:b7:02:a8:4d:3b:ac:
+         68:ec:f9:de
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTM5MTlaFw0zNzAzMzExOTM5
+MTlaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1oZW5ueTEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37D14wB2ch8ZPfEby7xSHOw8ZRS9
+rMfN81pOFsWvqfZgDsjeYlEcnNAMZNZdFlFTIjrx8BuSnKmuOYKHgiNiXGh9DPxh
+7PgCyFe9J9ocZQ1pJSolE6+ReUxVvn6ugOfTaeF5zZSnmCWavJzemmJCXAa43h6C
+1agGDsLQEZakTHb4F0AgT/HU2ZSK/AYE5VzNoXBRTEETAO1t83PwOrPBlEVXa9IZ
+87BD1oy9iV/jrZN9PfVh55aJoQhcLXQyA3ePdOfyNknG6CDs5GfgC9A4KsCE2fra
+23UNwIbVie8znb/da6F4g/54HjJWOITT+08oQe6fnh1RwS72Z4e7xoPQ9QIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQ3BjNSnnxCYnyqN4Kfl02JJYsb
+AzCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVoZW5ueTAN
+BgkqhkiG9w0BAQsFAAOCAQEAs3pcZM1TWiPsNXlLrMrDDDnH6SuJ1qJRHKHOSKmL
+91/d+0NwKhe8BJAx6uaFy99BpPBj+9m/M2tugLVi2YNtTgH34K62IGvr0HZ94B75
+3tbjws+RLFnyAR5jRnuoeo6v5EVDS/nIXLniJtiosXSR0P+u/sRz9AYHQAByFlxE
+Ka83MUs/PglkoOPV/mz35i7FS2FB3wtmtHs+IX4kfSeyKs3vnaH3v1fB9qgkUroM
+Mf1uJOERuahiJ1Q8WT860kWdgXfYLrFObkGm6InjRPC+2lgCZ9jIUfssVwEQGdgQ
+ftaccPcyke0mU2Y5GZn4Y83GqMI1HfQMtwKoTTusaOz53g==
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/henny.csr b/123/openvpn/keys/henny.csr
new file mode 100644
index 0000000..903616c
--- /dev/null
+++ b/123/openvpn/keys/henny.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC+jCCAeICAQAwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRwwGgYDVQQDExNWUE4tMTIzQ29taWNzLWhlbm55MRYwFAYDVQQp
+Ew1WUE4gMTIzQ29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
+ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfsPXjAHZyHxk98RvL
+vFIc7DxlFL2sx83zWk4Wxa+p9mAOyN5iURyc0Axk1l0WUVMiOvHwG5Kcqa45goeC
+I2JcaH0M/GHs+ALIV70n2hxlDWklKiUTr5F5TFW+fq6A59Np4XnNlKeYJZq8nN6a
+YkJcBrjeHoLVqAYOwtARlqRMdvgXQCBP8dTZlIr8BgTlXM2hcFFMQRMA7W3zc/A6
+s8GURVdr0hnzsEPWjL2JX+Otk3099WHnlomhCFwtdDIDd4905/I2ScboIOzkZ+AL
+0DgqwITZ+trbdQ3AhtWJ7zOdv91roXiD/ngeMlY4hNP7TyhB7p+eHVHBLvZnh7vG
+g9D1AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAlOXGdx6QKaFjIIuk84NOYSU/
+cE0RPVt9JT3sQjSVdNgLK0zk0R77VTSgdeBj95DymXw4ddPUHVZn14WUgjJ+wgv4
+HFsjJgDeeHfubNa0I8W0CJVP9Odh+C70luwODL7yMqf5dPVxy9JDQ9VsQvxQvd2T
++m8rqlzufMs06gyOy+N0mWT9Yhkqc/8nP34Cj/AQ7ZvzCi40xj9Iu50gu5tkZ7mn
+Kl7ioLrduYnuS627m+HdQawooSuCiy5Z7WPZUFht8sAI+xYIZlp9UrjO2HfkadDa
+8+6XMsUxdbrqpWQ3M3fPZAS3f03TOUtFNYbPQyzaKM7jK5yYIM86vb0gZMGVrA==
+-----END CERTIFICATE REQUEST-----
diff --git a/123/openvpn/keys/henny.key b/123/openvpn/keys/henny.key
new file mode 100644
index 0000000..1fc2a35
--- /dev/null
+++ b/123/openvpn/keys/henny.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQILw41jEbgddACAggA
+MBQGCCqGSIb3DQMHBAge9xlKHjSx/gSCBMhCXhTMBoLct77t+mgoYWhvHhJh2TEC
+7XsQ6ucs3SvcbQXqRDT7rQ/OZwepuw2pepCoLdsI48BVhMqehqsCEK35wrSDP81I
+dt513F0KjAIuZn8BrUUnNB5PnzjCnf9S45GFtX22uVwZvfXSOm6qGPe/5RyEn+p1
+5HJyrmBYZD4SdT50dOTbOrxqSWNthW34hB7YwJIdcXLA4xUKtSSY5JfEkWnuCZnJ
+DDOWoKLXOLHASX4D9OvhOZmmDH/QGYLzNVbgewl1Na0nQofL1RQoQxbvkVD8Mtng
+TJ8XT9svTZVayBVfjlgvxdHll4XFcDQOmQO9OipxsZW03JCG78jJMv2YoiZhdv2l
+cmFMpMKV1RnGVeW1VNAi5bYujreihCMRnfiJ0Brp+tiDJAKQvowCeeEiMDFPh/M7
+qLee7V73u1kAzf0wt4JLIcJ51PGh585tr/zWt9Hgp5ajAS8TiIG/53WzWmXeU5L1
+2CcFQEydZCDt4L2lFoVBPqQLr9mykVqnsGjGuznKjv8CaMji4Ko/jv/huR3mVYlq
+EjA75DH8SHcKHrOJMTVzLUt23LntIPjwt2So0WNtey1q5MFO91DHw7+Bi3he95uy
+GEfnrGlMZuinMoXdCIX3AnCU2dArSw7l5ugd3CSnZOz6ggpnSaeq5+hUGCKpfDx3
+nqUNjlycN213QQF/9u73kotOkEDvy0SdYY8Uab/0x7LavH5fRvES7icdh0zMYcFA
+qQipRFWEbXh7EQ1cUMO1Gv5KE/QIu8z34lPKPiYbReAdkazkEaiEC4LxiMA12o5e
++s7QeXR3oSqo+zOcwtxuHVLLwbQzCrxJzNIndH7VjEqa1A8iGdo6AQxNoyRd1uyA
+bq8YZLavwVho89NCFv1bZaMGUi6XaA7WiYDUtcE07I9yjwFIdh+Ymd3KRYL0g0YP
+ec/1xPgqpdKiX2exuwiP347zHBwI5w1VF/oHD89iBnC2Y2ZV2nShlCZRzT12Mkqs
+JffCOGj3iY15qxytayLXE/Kfl+qScyxf925L8sVCVNOm2D9eH1jkUDfk6vg9lFZ5
+NxDaej+hjODr6FQgUE98obZwLucpWQKSSw8UC87yQUnS1cNvK9mUD2zHnTuFZg2Q
+EW+GTxhkl3OdajHNSTpkJjn+XLR0ctvFa8pPG9lcrTm3h4T45RpmNVty0zCbR/9I
+INmWQt/3s8Fse393ZKg65356eCH5JJqDbQIptfy6fpgSWlsS+EjiQib2ZvDD0jOC
+JsBvE0kMGOC4seOn8xDhajiXTO09U/rcHXAIPdyEqRAQRUrNe+hA3ZdgFi4CYhWb
+72N34OAYFXmO1qnJsAxjADNeaLa3LSNd5kZALs1S9TWshBxXpfBpWxERzUanyW4y
+joLmdC/uq6xj/FSvJ8vWb81gc/68dQobY1T4fI5Jbsr2l2dtf9/qfA4RF069CRXN
+r3Xe46hRzVVbQBS6dBlPDnYn+Rcy0mAYh+OL3FW1DMnTsKR7CRlPSG9FP5YbDiq1
+s0/heClAF15O4bzotHSKMMrOoJOB02a6QlyxgWy8n8mndIXO9tYrxPA6TYeAWMng
+U4cwP1EEeBK0CaLb+KfPGlrf9VqW46LvkShCmr4vTgBnX2x658lbDRA2Ynk1gbp8
+eBw=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/123/openvpn/keys/imke.crt b/123/openvpn/keys/imke.crt
new file mode 100644
index 0000000..a123e83
--- /dev/null
+++ b/123/openvpn/keys/imke.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 7 (0x7)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:40:21 2017 GMT
+            Not After : Mar 31 19:40:21 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-imke/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a8:e8:10:ee:4a:85:18:13:fe:a5:da:ff:1f:22:
+                    95:6f:f3:49:52:31:30:0d:0e:fd:c4:22:06:39:c7:
+                    36:d9:39:2f:61:f1:c7:e4:2e:fa:8e:45:e2:37:74:
+                    fb:74:07:4a:9f:14:02:f6:76:b4:bc:f2:23:0f:18:
+                    e2:37:d0:db:32:3f:a7:48:45:0f:87:f7:d1:43:fa:
+                    64:3b:9d:b0:05:b3:95:9a:77:53:43:05:61:26:54:
+                    4e:c9:9e:a5:f7:ff:3b:e2:da:45:3e:2c:ca:f0:d7:
+                    84:99:be:57:2a:d3:f1:ac:f1:4a:33:82:d8:ba:8a:
+                    49:35:e5:7c:cf:87:ad:ec:12:b2:15:34:8e:6b:ae:
+                    e9:2e:12:8e:3f:cf:5d:51:bc:30:fc:76:8d:ea:c7:
+                    a8:dd:25:8b:c0:b4:6f:f1:15:60:55:81:28:8f:80:
+                    eb:38:77:44:f8:0e:e4:53:ed:fb:18:32:cf:23:21:
+                    7f:ab:23:d6:5d:10:44:11:c3:c3:3e:6a:8d:38:cd:
+                    c2:a2:9c:de:34:54:3b:88:0d:a8:ab:7b:a5:b7:fc:
+                    9c:0e:8c:62:36:cc:71:1e:f0:1f:7e:f4:ab:81:03:
+                    27:ca:5d:0b:13:0a:06:1a:ca:a3:4d:72:7c:3a:f4:
+                    79:9b:3a:04:8b:6d:12:90:8d:ad:16:78:3a:8d:b4:
+                    b4:57
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                FB:3D:B0:64:04:E9:11:FC:C6:DC:25:61:27:3E:BE:35:30:38:FD:20
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:imke
+    Signature Algorithm: sha256WithRSAEncryption
+         a7:0a:bf:f1:a9:64:1a:a6:a5:98:1d:de:3a:11:01:1d:1f:17:
+         bf:e2:ae:d6:46:08:f0:6f:fe:63:32:5f:00:60:24:ad:a4:0e:
+         04:8b:40:01:a7:cb:64:bb:48:a6:c0:21:d0:33:dd:89:c0:68:
+         aa:b2:50:c9:73:2a:32:e3:ac:93:0c:d4:cd:73:92:21:5f:df:
+         0c:a9:c4:d4:57:33:c4:b2:88:a9:c9:0f:73:06:98:d4:d9:ca:
+         81:3d:17:45:8b:55:8f:5c:f1:f7:55:dd:42:0d:d2:bc:96:fa:
+         5d:cd:7f:45:08:61:88:5f:22:9c:e5:26:62:c1:ef:f5:0a:51:
+         a8:a1:83:e9:36:ea:7a:3f:7e:d4:c7:70:73:ca:c3:ec:44:ca:
+         47:c9:f1:7e:fa:46:e4:e0:c2:9b:75:cc:02:cc:e8:e5:50:18:
+         76:0c:88:28:4a:db:90:f5:60:f1:55:88:fa:e6:27:54:3f:b1:
+         50:7c:30:8d:9e:9b:b0:0f:f2:e1:3e:d2:99:f7:b2:8b:25:04:
+         0b:dc:76:4a:6f:29:8e:9a:e3:9c:17:c6:a9:a0:2d:b3:d8:2a:
+         f5:d8:e1:b7:73:32:ef:b0:39:48:ca:f8:5a:c2:d0:69:0b:37:
+         0f:50:ef:1f:53:0a:1c:6a:1f:7f:9c:a1:47:f3:9c:8f:10:27:
+         52:bc:d9:5a
+-----BEGIN CERTIFICATE-----
+MIIFXDCCBESgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTQwMjFaFw0zNzAzMzExOTQw
+MjFaMIGzMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEbMBkGA1UEAxMSVlBOLTEyM0NvbWljcy1pbWtlMRYwFAYDVQQpEw1WUE4gMTIz
+Q29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo6BDuSoUYE/6l2v8fIpVv80lSMTAN
+Dv3EIgY5xzbZOS9h8cfkLvqOReI3dPt0B0qfFAL2drS88iMPGOI30NsyP6dIRQ+H
+99FD+mQ7nbAFs5Wad1NDBWEmVE7JnqX3/zvi2kU+LMrw14SZvlcq0/Gs8Uozgti6
+ikk15XzPh63sErIVNI5rrukuEo4/z11RvDD8do3qx6jdJYvAtG/xFWBVgSiPgOs4
+d0T4DuRT7fsYMs8jIX+rI9ZdEEQRw8M+ao04zcKinN40VDuIDaire6W3/JwOjGI2
+zHEe8B9+9KuBAyfKXQsTCgYayqNNcnw69HmbOgSLbRKQja0WeDqNtLRXAgMBAAGj
+ggF5MIIBdTAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5l
+cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPs9sGQE6RH8xtwlYSc+vjUwOP0g
+MIHmBgNVHSMEgd4wgduAFGByHupHLaqzcRgy4TAcdwix1CQRoYG3pIG0MIGxMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UE
+AxMQVlBOLTEyM0NvbWljcy1jYTEWMBQGA1UEKRMNVlBOIDEyM0NvbWljczEhMB8G
+CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA4KYz/4Mr9Y8wEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaCBGlta2UwDQYJ
+KoZIhvcNAQELBQADggEBAKcKv/GpZBqmpZgd3joRAR0fF7/irtZGCPBv/mMyXwBg
+JK2kDgSLQAGny2S7SKbAIdAz3YnAaKqyUMlzKjLjrJMM1M1zkiFf3wypxNRXM8Sy
+iKnJD3MGmNTZyoE9F0WLVY9c8fdV3UIN0ryW+l3Nf0UIYYhfIpzlJmLB7/UKUaih
+g+k26no/ftTHcHPKw+xEykfJ8X76RuTgwpt1zALM6OVQGHYMiChK25D1YPFViPrm
+J1Q/sVB8MI2em7AP8uE+0pn3soslBAvcdkpvKY6a45wXxqmgLbPYKvXY4bdzMu+w
+OUjK+FrC0GkLNw9Q7x9TChxqH3+coUfznI8QJ1K82Vo=
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/imke.csr b/123/openvpn/keys/imke.csr
new file mode 100644
index 0000000..425f28b
--- /dev/null
+++ b/123/openvpn/keys/imke.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC+TCCAeECAQAwgbMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRswGQYDVQQDExJWUE4tMTIzQ29taWNzLWlta2UxFjAUBgNVBCkT
+DVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5k
+ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKjoEO5KhRgT/qXa/x8i
+lW/zSVIxMA0O/cQiBjnHNtk5L2Hxx+Qu+o5F4jd0+3QHSp8UAvZ2tLzyIw8Y4jfQ
+2zI/p0hFD4f30UP6ZDudsAWzlZp3U0MFYSZUTsmepff/O+LaRT4syvDXhJm+VyrT
+8azxSjOC2LqKSTXlfM+HrewSshU0jmuu6S4Sjj/PXVG8MPx2jerHqN0li8C0b/EV
+YFWBKI+A6zh3RPgO5FPt+xgyzyMhf6sj1l0QRBHDwz5qjTjNwqKc3jRUO4gNqKt7
+pbf8nA6MYjbMcR7wH370q4EDJ8pdCxMKBhrKo01yfDr0eZs6BIttEpCNrRZ4Oo20
+tFcCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBmA8hL1SJTtgroRER8GcUw/Cj8
+t02bzIK4Luk8qrq9bRq7chYveJ/iVJaLsEmuEeVSaeT0U0icC2P7aE1YiuVGG8F4
+bREHreTr9oiM/oGhMl6IYdAdrZ+mXGtDqhJWt4L7z/T+niifdF3zIW2CtDQXk8DU
+veMdkK0sgc5jKFLtwVdIzayHe66i/eI+M9MukZZsPulqDOBb8VKCNRbDe03CnWkr
+u17JNYT3rokXLL7I/vNPd3GMGf57CbAxYQiIy1xYd3pDpncCOO4DWxtW8s+mDX25
+YrgxWFAL40clQjap5bsgv6s2yWrOXkPF16Q2eMl8eXkE20dnQT/XAFQdXtiK
+-----END CERTIFICATE REQUEST-----
diff --git a/123/openvpn/keys/imke.key b/123/openvpn/keys/imke.key
new file mode 100644
index 0000000..1f5eac4
--- /dev/null
+++ b/123/openvpn/keys/imke.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIFCaCOMCjiYsCAggA
+MBQGCCqGSIb3DQMHBAhLlMMTBOxONASCBMjfXIeGDEskJXziKjnBKcDNYL5C0tss
+uHyXI6XtBjk1SfnQUkbdTJpwLcc74/uU/fG0+Sjp6otGqU8Tf4+D+g1PXQOT2zNI
+B1h6Zm6I5+0jCRXv9v7MIo0CdnNQWMyogCcVwh5eK+1H+y83hP3zmZzWKQDbp3cp
+8TkNayRdcH7vMa3m5I2VS0bTs5aRCDa8gBwzBQzb7Vw+/brpD5OzZ9cBmrmawYFK
+v1Ah3AaUCEaa1PzAkgrK+Xtr49HGRokDEOUbi+5+Q82L4G7C5gJG7I9snGQUNDL2
+uEEX+REBQ/T0zX8pNz8+N18k8m/YwgzqEm3NIvui4PjddipRU03Zf0HWepVZECe9
+Jh7xJwEED4j397p3pUHU77A6X40g9FB5pMsLMyWm4KANUZlVHtnMU3KrmG0qBGfW
+q2PPjum5n2N14DLxQlx1WU9gXfAgcnA36z8rxZdyFKzSZLePKnPV2kMwqqb1sI/k
+Hro2cGQ4nSyBDsGCogIXzxS7i13x+0rMAa4U/UJ30OPFQN8kBAmYrnAyR957GGhz
+araleXoRY2ZkBHohISNDwPCzBT0AXNADlCNP4zsXINmFo30WmyhOtTdpk2DXeYfY
+fy6GFlUq+RX7+lFnA6LdTrJ895byXGjpI+dAToLLSL5T5AeHvh+kweaWU8cJ0Dp0
+5u8sUlzKvaVONL7crULB/5P7JBx1XTK1loOP8o789UPB2isAY3268ltZEkLcjS72
+Hx+rNhSj+G2iABK29QaifyvKQUeu0hd5aoYaSWTjfiYtJ4JpMgaIfLWGcLjZycuk
+DyLcobEXDHtlXjCIG3mea0+zZNwbwipAs4qVz2p7fIOQMQKQ0et5cY0ml0L+AQLO
+LrozREuUaNB6JzB5ZikTGWw+iIbGRGh08wGidhVd0TnZ3MjtTos65V1/vVcEbjp2
+SArbX3aZKN40Sp7G6QhaM5tLR7hxzwmiSJgb2qEJBU1H8kIgRS6mKI2WOfmNMBMt
+QQ8CyxiYQmuVLu4Hx0Vos0QXZsDeNAIQVITokPB+IbiinY7RugOgExtqvwnHclri
+98Dh9zGMONS88mP8cCCBbFuPibgrOg91V15tke/SsNMXxI8/nsG6f7SsI5kXHdws
+h7SEwN7vAR4VTC0WNBPbZYo42DpRPlXPSaFVDrmOBseeU8QoUPALGrlkaRteFqnW
+U8V1o0mjLt0vdjaGPcT9AR+TNpmxE9ZSF7vYKl2DssQ+GXf2mWryPJtfNVpNDD9s
+/igBsFRwNSiRDVpOhhZViHjzi1CZr+PHXr0v6RKXPRHJ5oA7fxHMtETaJTFuQQKQ
+f/Y6srD0rRTq3PtApZCPA7vJC2iYI3KxmMSF725wIqFYFiKoAc7bLQSZogZRYrvw
+1gDPzgZbYQz1Oeix5INdiL8Tb4dkdvuSeYUmTk9Eqvi5wOQ3i3mDwcuNpT9G491P
+B2St++lvcv/WpDiCEYQytXQS2iFEoecn6idY2zRn1akHaU8OIu0yml7rDg/uWFbH
+OD8mUPlFd2OlLRbDIK0eMkUMbMqvFrJinkURl9T6c/HTD8N+dtNosCH+s1WQfxSd
+hBCq/40Ql1JpIb0+hbBfU/hkXNvbppABzjZL9JpD60yXACMnvayJidWHizT/V7An
+jzk=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/123/openvpn/keys/index.txt b/123/openvpn/keys/index.txt
new file mode 100644
index 0000000..b4438e8
--- /dev/null
+++ b/123/openvpn/keys/index.txt
@@ -0,0 +1,9 @@
+V	370311021850Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-server/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+V	370311022418Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-chris/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+V	370327012252Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-gw-ckubu/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+V	370331193842Z		04	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ellen/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+V	370331193919Z		05	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-henny/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+V	370331193947Z		06	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-kaya/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+V	370331194021Z		07	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-imke/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+V	370331194104Z		08	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-jonas/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+V	370331194144Z		09	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-julia/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
diff --git a/123/openvpn/keys/index.txt.attr b/123/openvpn/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/123/openvpn/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/123/openvpn/keys/index.txt.attr.old b/123/openvpn/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/123/openvpn/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/123/openvpn/keys/index.txt.old b/123/openvpn/keys/index.txt.old
new file mode 100644
index 0000000..5056da4
--- /dev/null
+++ b/123/openvpn/keys/index.txt.old
@@ -0,0 +1,8 @@
+V	370311021850Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-server/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+V	370311022418Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-chris/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+V	370327012252Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-gw-ckubu/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+V	370331193842Z		04	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ellen/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+V	370331193919Z		05	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-henny/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+V	370331193947Z		06	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-kaya/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+V	370331194021Z		07	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-imke/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+V	370331194104Z		08	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-jonas/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
diff --git a/123/openvpn/keys/jonas.crt b/123/openvpn/keys/jonas.crt
new file mode 100644
index 0000000..d71d55e
--- /dev/null
+++ b/123/openvpn/keys/jonas.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 8 (0x8)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:41:04 2017 GMT
+            Not After : Mar 31 19:41:04 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-jonas/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d5:bf:31:fd:f5:63:4a:66:e5:7a:36:e9:07:ab:
+                    db:50:b4:92:9c:9e:ad:28:4e:86:ac:b0:6d:c2:b9:
+                    e7:dd:fb:8d:01:21:82:33:ed:cf:dc:ee:2b:84:96:
+                    37:c7:fa:e7:12:42:af:b1:4d:70:37:9a:7b:de:27:
+                    6b:8f:dd:67:20:90:2c:29:ed:b0:fa:05:01:5c:9d:
+                    74:13:19:41:a7:da:7d:b5:f2:f4:3b:97:71:28:97:
+                    b0:62:eb:5a:93:75:70:6d:45:53:57:14:a2:c4:73:
+                    2f:3a:d6:f0:84:74:25:ae:50:db:6b:44:4b:e0:8f:
+                    70:87:49:49:be:b8:f8:58:df:89:ab:dd:66:6f:46:
+                    39:90:00:26:d4:fd:3d:94:31:bb:45:0b:60:54:9a:
+                    5c:53:2e:52:bd:6b:c3:1a:ec:7a:a3:d7:b6:20:52:
+                    3f:7c:25:e6:2d:e8:68:ca:fb:76:a0:fa:fb:65:71:
+                    77:46:44:ee:9f:fc:b6:7d:d3:28:11:ee:35:5e:08:
+                    ff:d5:6c:5e:a9:21:44:12:79:98:3b:3a:87:df:d7:
+                    df:a0:12:dd:58:fb:9a:be:b8:4d:b4:92:28:d8:22:
+                    24:ed:0c:e5:04:c0:b3:42:7e:c6:61:1b:4b:b6:9d:
+                    5f:31:de:34:3e:f7:5a:51:cc:70:83:11:3d:0d:01:
+                    56:bb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                4C:7D:CA:9A:DA:5B:60:31:54:FD:35:1D:60:7E:04:4C:0D:30:76:44
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:jonas
+    Signature Algorithm: sha256WithRSAEncryption
+         b0:7c:4a:7b:47:83:33:f3:76:c5:33:32:14:17:ed:3b:44:e2:
+         d0:4c:f6:66:90:76:be:16:1c:62:95:25:f3:78:cb:6d:c1:ef:
+         6c:ba:66:ed:10:16:07:26:83:89:78:49:58:fc:46:d8:c6:8e:
+         26:c6:51:12:37:20:ca:30:c8:35:5a:68:69:70:95:a9:7f:20:
+         3e:af:8d:73:c5:f2:1f:28:50:0d:48:18:cb:9f:46:45:16:b1:
+         f2:ac:e7:1c:54:dd:af:c8:06:ec:bb:4c:dd:71:d0:e9:c8:54:
+         8f:8c:12:e1:d7:1e:53:f9:42:61:98:0e:3a:b6:35:d8:e8:c7:
+         2a:d6:e2:78:74:8e:f5:4e:1e:1b:98:aa:e3:84:fd:d4:d7:27:
+         95:a5:fd:b5:db:f5:42:e1:9a:9a:2e:b7:f7:0d:e5:49:10:50:
+         c4:01:e3:95:6e:53:b3:6b:7f:34:38:7c:49:1e:84:85:6a:8e:
+         63:01:49:b9:b1:e5:71:09:31:0a:7c:2c:ce:ea:d7:33:4b:11:
+         fa:e2:69:ed:30:96:a5:08:2b:fd:b9:1e:13:30:3f:bf:4d:7c:
+         2a:56:8a:7a:ef:a1:76:2c:fa:12:5a:46:ed:bf:4c:90:54:24:
+         7d:91:a7:b3:ef:2b:09:dc:f8:06:56:ac:e7:f5:52:43:80:5c:
+         73:93:f4:01
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBCDANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTQxMDRaFw0zNzAzMzExOTQx
+MDRaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1qb25hczEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1b8x/fVjSmblejbpB6vbULSSnJ6t
+KE6GrLBtwrnn3fuNASGCM+3P3O4rhJY3x/rnEkKvsU1wN5p73idrj91nIJAsKe2w
++gUBXJ10ExlBp9p9tfL0O5dxKJewYutak3VwbUVTVxSixHMvOtbwhHQlrlDba0RL
+4I9wh0lJvrj4WN+Jq91mb0Y5kAAm1P09lDG7RQtgVJpcUy5SvWvDGux6o9e2IFI/
+fCXmLehoyvt2oPr7ZXF3RkTun/y2fdMoEe41Xgj/1WxeqSFEEnmYOzqH39ffoBLd
+WPuavrhNtJIo2CIk7QzlBMCzQn7GYRtLtp1fMd40PvdaUcxwgxE9DQFWuwIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRMfcqa2ltgMVT9NR1gfgRMDTB2
+RDCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVqb25hczAN
+BgkqhkiG9w0BAQsFAAOCAQEAsHxKe0eDM/N2xTMyFBftO0Ti0Ez2ZpB2vhYcYpUl
+83jLbcHvbLpm7RAWByaDiXhJWPxG2MaOJsZREjcgyjDINVpoaXCVqX8gPq+Nc8Xy
+HyhQDUgYy59GRRax8qznHFTdr8gG7LtM3XHQ6chUj4wS4dceU/lCYZgOOrY12OjH
+KtbieHSO9U4eG5iq44T91NcnlaX9tdv1QuGami639w3lSRBQxAHjlW5Ts2t/NDh8
+SR6EhWqOYwFJubHlcQkxCnwszurXM0sR+uJp7TCWpQgr/bkeEzA/v018KlaKeu+h
+diz6ElpG7b9MkFQkfZGns+8rCdz4Blas5/VSQ4Bcc5P0AQ==
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/jonas.csr b/123/openvpn/keys/jonas.csr
new file mode 100644
index 0000000..bd88a92
--- /dev/null
+++ b/123/openvpn/keys/jonas.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC+jCCAeICAQAwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRwwGgYDVQQDExNWUE4tMTIzQ29taWNzLWpvbmFzMRYwFAYDVQQp
+Ew1WUE4gMTIzQ29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
+ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVvzH99WNKZuV6NukH
+q9tQtJKcnq0oToassG3Cuefd+40BIYIz7c/c7iuEljfH+ucSQq+xTXA3mnveJ2uP
+3WcgkCwp7bD6BQFcnXQTGUGn2n218vQ7l3Eol7Bi61qTdXBtRVNXFKLEcy861vCE
+dCWuUNtrREvgj3CHSUm+uPhY34mr3WZvRjmQACbU/T2UMbtFC2BUmlxTLlK9a8Ma
+7Hqj17YgUj98JeYt6GjK+3ag+vtlcXdGRO6f/LZ90ygR7jVeCP/VbF6pIUQSeZg7
+Ooff19+gEt1Y+5q+uE20kijYIiTtDOUEwLNCfsZhG0u2nV8x3jQ+91pRzHCDET0N
+AVa7AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAkHF5JHvvdzX10B8ETEzngL5O
+uTQVTnN+xQo6Ub8/2ASEMS8PDDNYVo42iam3oYVIMDXdOVwXklQ9FIeX8IKkA2Rt
+vSBVEoKnkNL0Z7/Zy1+u6wndtqS8vIjtKncI0FczhVMDiK8Ad7LmTOSICBzCwhor
+PnTwxpz9qYb2nm39kD0OwtcasaWR9IyahSRv0bCk9aCgLadtcBtfEg/WLhmKBoDr
++/a/pQQU7KFL5Tkkb9kEqqATjnTFFmE1FYn/GFc2lnSVNJKfEU55LRwVEdaNQ3XQ
+ZVWrNtjmgaisgI7ulxn9OWZ5SnRnldO5X62mCrzBLKaApv5WQ9smgrQSp5e0zg==
+-----END CERTIFICATE REQUEST-----
diff --git a/123/openvpn/keys/jonas.key b/123/openvpn/keys/jonas.key
new file mode 100644
index 0000000..89804b2
--- /dev/null
+++ b/123/openvpn/keys/jonas.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIu5RbzGRy+DcCAggA
+MBQGCCqGSIb3DQMHBAi8C64C7zzAAgSCBMioHPaAWEaWjsDDqZ4St2lUHtBOGm89
+wfoqRtL9Hf/sLjNw0Hld4fOTTVW8Mo4uRw6VMUOtpfxh/sOSYBNvhkvD38YXWHnb
+rdptvyCP4ZoHXjwdvLpkV0iTV0UXbGSUgHPcFGMNDQ7rZvD8EN/Hw6Y6A8PqAAeV
+p2rBSY7YeWLofcWPTlXDvEJ00tzBZc8eTtyNYbNij7TTSTjYORt60O6Wr9I7adt4
+BbY1vtWbQJY5+JFiipzclWfiAkeWc8hPmn2EKAvl5aIx9wJLLn5Al81seC6KueTt
+ejLEXSRZFX0KbuxSKQ+ExkmWFkvqnYPr+MjtvHphgfCf7mSjvtb7NS/y8WD9Vb7t
+z57yIbMLTGO/nuynTwhuyQ/KnPgQOOvQHiG9HaCXqj85y3/5M6Z0/Jcg+uYMv9Z+
+bjlJ95v5OyWZpy40T1O9v8U61QiZ8pE7SkFO90bvRDxsLw15VlaiXtY+A0ux7+pp
+7qoXX00RKrinTKtRARYurRE8X8lus5YKC7W58v2d7JfJfPZiwWhg7qAW7Ef1dYOb
+SK2RWu/HnW0yEC10RrHhbE340h+ihgBir4Re7THO+QKaJLHTm75FC2a8+kQKMQ3y
+F1zqADdtw6E1ltMhbJcU0Aiolxn+tVsQvy/GsGlD5QQI+3Bwab7d8RDXsSIe6HUB
+Ggg6up6OKSPVLraYiCc1WLil5P5sgxKDiFtM5XT/HFRgL5tdnn1fkJAQbIU3ps12
+6aZkAVgEs+urBrdjMDCRBoUdkUEZtcE7CQ0v2imGKNtsy0KXqYrP4eTBwopBFi/H
+huN3jk+4pW5BqXkGqqfEzzAAi/cFsltOfxlXSF2YRu+rdPX80FJWbJPp0zxzxTmS
+FNCwbSdZHrwd83BpNry3hm1hqMVDYjLmhY4bk5ehtuhzBdRF5m6NvN3MUdv5QgWj
+VCzjZziov4P3vOfdJ5XHKWNpkJTCfIHHH4uGXyAcCUopyIs0XoSjDIttUu+JfgD4
+DaH3FOvJBSocftagp6Be1lYqpstRsIeeNPgW6vCzjCsPlQBUdBCMWyo87p37G8FX
+o6Uw9ZMBxTPqDRpsFs3PyPqpuEj41pFy7lH4U/DzcdYxtyB5GKvRLYAo40HJFEQx
+4jEOhvRwS/Mj/g7ETAr6ag2L0Cl1YMTFwKCgGzAy4zLV2kP3DKZ92L4eG+60ZEGh
+2K1TZ5Vb0g53Ug44uBfnxDpVdQzJT8L/noMUAYlubDgMXOiy1Xu8d8TGJr1pYApR
+5jNmBLUNBjlDh4Whg75xDtVM+yPsgmu7t+/E4ujpMQsl9KPsYZ20JX8FYso3NN+Z
+gKBlQfssipR8kqY6wLP4l9wNdNC4ZQGXvTyB1eZu6+feN1DzVJH3+7adgEOQLm6h
+BwteuuABrpQZIgT+2ROAuBykn6lEBf2Etxzd4HkQXemX43r9lgidq+3M3tMhKhuw
+i2T6/TjirsNZ5suXW8ePk4A2qDSFvCZaSfgEBypFMLbD5+YrwOWyqt7HU3gCEw0U
+ojlwI9awRXAjTl3h1Uk/G3Z4UIY02oxikxUztbhlcuYqZI4jrLdP637082Xdq82E
+lHTZyv9+0fjRetZNgie0dWIprFnjwyAOcrmNqNWopkMTiDx9wxOlXDp/gyyROtAM
+lBk=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/123/openvpn/keys/julia.crt b/123/openvpn/keys/julia.crt
new file mode 100644
index 0000000..a77f2b8
--- /dev/null
+++ b/123/openvpn/keys/julia.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 9 (0x9)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:41:44 2017 GMT
+            Not After : Mar 31 19:41:44 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-julia/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c4:08:b1:f5:86:9b:8a:90:97:32:4e:a7:55:cc:
+                    65:85:5a:f5:10:2e:5b:ef:8d:61:60:66:3a:53:5d:
+                    fc:90:82:ec:0c:ba:b3:ab:7d:b8:56:9b:4c:6e:73:
+                    d6:72:61:bc:74:17:2f:a3:6b:f5:66:c6:72:b7:11:
+                    f5:bb:8c:47:5b:04:d8:4c:74:6e:22:d3:21:8a:32:
+                    41:9e:1d:8a:8b:e0:b4:ec:b8:15:40:26:08:3d:97:
+                    7c:a7:20:1e:ca:60:8d:0e:7e:58:cd:a6:0b:f7:c2:
+                    7b:7e:9f:c7:55:87:01:3d:ce:37:7c:32:b8:36:bd:
+                    1b:90:24:43:e1:c3:5c:5f:bd:f3:5c:32:0f:5d:7c:
+                    0f:87:ef:8d:03:0a:e9:23:eb:8d:7b:89:f2:4b:cc:
+                    83:d8:32:58:26:75:ff:81:74:83:d7:ea:2f:11:07:
+                    59:97:08:e1:38:e4:be:14:d1:2c:8b:1c:f5:b8:53:
+                    65:b7:25:8f:5f:e6:5d:f1:d8:76:ab:64:df:b3:e5:
+                    09:3b:84:f1:9c:34:f0:7e:bb:e7:e0:3c:da:0f:87:
+                    77:44:95:c2:e5:bd:29:3f:43:0b:d8:8d:d5:07:cf:
+                    26:54:b3:50:dc:64:1c:a7:67:3d:c1:3c:fa:9e:0f:
+                    db:3d:97:fa:28:7f:bb:6f:92:b6:e3:44:a2:47:1a:
+                    18:51
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                8D:D2:9E:D6:B2:D3:DA:D0:60:7D:69:D6:5C:EA:40:5A:E4:39:01:34
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:julia
+    Signature Algorithm: sha256WithRSAEncryption
+         10:0f:b3:1e:bd:29:70:ac:a3:20:8d:77:b2:5c:6d:bf:25:9f:
+         07:b3:c2:0c:ec:41:8e:98:cc:3f:d2:0c:84:17:55:97:1b:e6:
+         4e:76:c5:12:a3:7c:32:a3:81:e4:53:06:4e:c6:67:e4:ad:14:
+         70:4e:1f:ca:e8:5f:dd:b1:d9:e4:ac:4c:b5:d2:51:25:89:27:
+         48:05:a5:2f:c0:de:ed:7a:8b:84:59:73:19:ee:6d:6d:e0:be:
+         5d:36:d4:ea:c3:40:0f:60:94:f3:e8:3d:5d:86:88:75:c1:38:
+         f4:91:6e:4f:5c:ff:11:d8:56:d3:9f:89:58:89:c6:24:32:d3:
+         ad:d2:5b:f1:cd:62:ed:95:12:d7:79:5c:ec:86:45:39:4d:97:
+         02:9e:f5:06:d7:4f:12:2c:f7:b2:ce:59:6b:3d:3f:88:b6:e3:
+         03:24:1e:cf:9c:6f:d6:3c:6f:6c:ed:5b:50:ef:0a:cf:96:f5:
+         98:f8:a5:fa:ce:e3:2c:f8:8f:0f:84:0e:0b:27:c4:07:87:6f:
+         e2:a5:ef:73:db:e5:c9:20:a1:81:e0:a3:16:ec:de:d0:47:a6:
+         ac:ad:c3:a5:16:c2:7d:de:27:67:58:59:4b:20:c6:08:01:55:
+         62:ce:14:f3:5a:5e:23:9b:c5:d6:ba:4c:e4:d6:40:12:09:b1:
+         58:8f:b8:05
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTQxNDRaFw0zNzAzMzExOTQx
+NDRaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEcMBoGA1UEAxMTVlBOLTEyM0NvbWljcy1qdWxpYTEWMBQGA1UEKRMNVlBOIDEy
+M0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAix9YabipCXMk6nVcxlhVr1EC5b
+741hYGY6U138kILsDLqzq324VptMbnPWcmG8dBcvo2v1ZsZytxH1u4xHWwTYTHRu
+ItMhijJBnh2Ki+C07LgVQCYIPZd8pyAeymCNDn5YzaYL98J7fp/HVYcBPc43fDK4
+Nr0bkCRD4cNcX73zXDIPXXwPh++NAwrpI+uNe4nyS8yD2DJYJnX/gXSD1+ovEQdZ
+lwjhOOS+FNEsixz1uFNltyWPX+Zd8dh2q2Tfs+UJO4TxnDTwfrvn4DzaD4d3RJXC
+5b0pP0ML2I3VB88mVLNQ3GQcp2c9wTz6ng/bPZf6KH+7b5K240SiRxoYUQIDAQAB
+o4IBejCCAXYwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSN0p7WstPa0GB9adZc6kBa5DkB
+NDCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNV
+BAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAf
+BgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1Ud
+JQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVqdWxpYTAN
+BgkqhkiG9w0BAQsFAAOCAQEAEA+zHr0pcKyjII13slxtvyWfB7PCDOxBjpjMP9IM
+hBdVlxvmTnbFEqN8MqOB5FMGTsZn5K0UcE4fyuhf3bHZ5KxMtdJRJYknSAWlL8De
+7XqLhFlzGe5tbeC+XTbU6sNAD2CU8+g9XYaIdcE49JFuT1z/EdhW05+JWInGJDLT
+rdJb8c1i7ZUS13lc7IZFOU2XAp71BtdPEiz3ss5Zaz0/iLbjAyQez5xv1jxvbO1b
+UO8Kz5b1mPil+s7jLPiPD4QOCyfEB4dv4qXvc9vlySChgeCjFuze0EemrK3DpRbC
+fd4nZ1hZSyDGCAFVYs4U81peI5vF1rpM5NZAEgmxWI+4BQ==
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/julia.csr b/123/openvpn/keys/julia.csr
new file mode 100644
index 0000000..797e544
--- /dev/null
+++ b/123/openvpn/keys/julia.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC+jCCAeICAQAwgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRwwGgYDVQQDExNWUE4tMTIzQ29taWNzLWp1bGlhMRYwFAYDVQQp
+Ew1WUE4gMTIzQ29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
+ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDECLH1hpuKkJcyTqdV
+zGWFWvUQLlvvjWFgZjpTXfyQguwMurOrfbhWm0xuc9ZyYbx0Fy+ja/VmxnK3EfW7
+jEdbBNhMdG4i0yGKMkGeHYqL4LTsuBVAJgg9l3ynIB7KYI0OfljNpgv3wnt+n8dV
+hwE9zjd8Mrg2vRuQJEPhw1xfvfNcMg9dfA+H740DCukj6417ifJLzIPYMlgmdf+B
+dIPX6i8RB1mXCOE45L4U0SyLHPW4U2W3JY9f5l3x2HarZN+z5Qk7hPGcNPB+u+fg
+PNoPh3dElcLlvSk/QwvYjdUHzyZUs1DcZBynZz3BPPqeD9s9l/oof7tvkrbjRKJH
+GhhRAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAGj/5sGbgVaTn0vf/MjMXKDVi
+Nv90OqQSe1bnpGPjzPwJ1GvsIFjV+nwtwxZhjIVB83Om/ZoM6z/9G+IGSaIyyqu2
+43v/BCUhGAgMLKfTWLuoQimzX7FUH78S+gZeM5TeK5PeIU+9QUgR+DJIalOpLQp8
+l7LW+/A/HxqjeFb98yfEyRErJd+NahJi8MC4dxKXHIfCPEPe2G/zL54c5DAmJdYH
+tDZgXRIEaG77V4UCQXhEgBNFEhKHFCs1N7wTtv92YPJ19hJmJpNpEzu6ABVJQHAi
+VAb9eM67gZycJvA7Wn89uNXBGDs+jSHqKTDSM3J7a1x1e1LY/D7m3djfrjjCiA==
+-----END CERTIFICATE REQUEST-----
diff --git a/123/openvpn/keys/julia.key b/123/openvpn/keys/julia.key
new file mode 100644
index 0000000..70dfe64
--- /dev/null
+++ b/123/openvpn/keys/julia.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIh1L9hbhN1U0CAggA
+MBQGCCqGSIb3DQMHBAjahUyThcGRIgSCBMgr5U/k0QU94nv8Ta0G5dMcoHY1Dm7J
+rYkovynP1CU36zf0HmgG7D616ZxWdvkSs+3onh3pvi9XHteLfqtdAIBBvG9n996C
+jVgMofTKATeLjZ69tU6re/U//4vqSRv4lEjGDQi9di/B0pacAmsInjfUjMcSY63f
+gz9qptBRc353LtY1X65N4eTpM8XmG94tcOaKIUYF7PX7TJAKBdSfj2Whxs3dMDF6
+djbPqGcaeT/rH0V7x01Y6B+1fCafNaRjerdNjTmMqxTOQAvfVcpo8sPOkAr6D9k2
+suz98XltDd4PCSENGVoU+7lR8uv9HfKQihAGaU1qvpDrA0UoybKt56mbcl4/COiI
+Y/8Hhcbcq2GzpMRwOGQ5HqS0cWetvWeCn0UncWOsNcHV64nRwJnmQc1OqIkxUXfP
+I919Hfnq0LpRN8pVb04fbY3nyQolqh9vZABqATs2cHbkjfvgpzzWQJ5+TudJhRZo
+BFNxvuv0sA8R/vHyxAgt179Q9vGWgvhOdTFhFxIZYRvGjo5rpRRiFgtF4TLpGCu3
++6OJwgmphNipoV3GRE9LNjf2onTRvbyxTNUNw+P7UkXIZUlGuAc3Uxal0HQqlSkn
+zkPeyXaGCny8+iKCMRgJ/5UPVFe5s3Jx4Pv6p/WpTdcqSBSlx62yD2fdp9R/ohS2
+o4w9h/CV0GU7wT2xTbAvAU1vJdZKjS2tTteVS0/GDKtnlCpGGjTTRSd7FwEjImPH
+GvzZ2I8GjjpSd9bWDx1Nd+1QxfKDZDFgDzSdI1VH/qYO3ji5BeCBW/0OyQc4JrBF
+ER49/dFs0o2csSWPb/D0XGZxV7dmtIFrkzT4Wlh6Hzx2Q9PDqV5RjqmKrH7uxQXE
+Aa7hAS+qgyEdJMD05mApbXXjYrOAiRypIsaF/mRtBAjbgNhy0JpQL+1Y5HGF/vDv
+QAeQk+aa4Y0UAKLgJITsa++NmI1LC9xh3C8sFvM4u7+wacmxqwWTkj6TughIhtS5
+3nrvJK4csSJOgC4ZU8AkYzg1bScv9/h4o5OEO7AC7hqu56wKCeDwUnR5pw2VmX4h
+bLXBrwegYmi737/DXAFALmVByIIY/o2iUPeJJG64cl8Oauef1XF+bapaYaPLk/Nz
+Cc8lx1gSVxJdGmMAaC9FEslJw6JKvx6wcEcqV5uwJOX9t7VCD854EgJb8QI7DVUV
+0LUWt1OkyW4AU3n8dLSpYNCFIfOppjaBQOoIhYzKPO+w6VFR36CzEDkwgZdluYVO
+yS4Xtawgmv6+x7X+/q7uq2KcF38NkvLiDWVU18cikDBE8DJvIfcO6culTssYiyfA
+yhN3z56kZnUwnWAt281Q8Sin3SFaAqqbYCl/ZGO327i0Wa1NJk92GDEeXHCmreoZ
+lax435h56fcQo73xynZlPl7ytNB3T2pZ3UjEoPVzBhNDOrTQMEg7LLgSiM3sHI7q
+THURX7MYY9TfzY7WGgTBsA27BUjrPD5Sz/NvVOx/2c72PUlD30yIWa7xgVeotr3u
+PfNijqCR8siaWoEhx48zS/D4Vx5lIHc5hq1gtS4YvJmFYz5KcAbRYacJmpZt3hM4
+Cl53ZjCpkNGYT/oYjf+DFM4GWBXYsrIfIenvtZ8s2piPZguGnyIzl6LbY8Ioq9Su
+9w0=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/123/openvpn/keys/kaya.crt b/123/openvpn/keys/kaya.crt
new file mode 100644
index 0000000..1dc5ba0
--- /dev/null
+++ b/123/openvpn/keys/kaya.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 31 19:39:47 2017 GMT
+            Not After : Mar 31 19:39:47 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-kaya/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b6:4c:3e:b1:90:01:7e:74:fe:03:c4:de:9c:5d:
+                    37:23:f6:93:fd:c0:08:bc:49:ea:df:4b:ff:39:22:
+                    1b:42:a6:fd:86:6c:52:2a:69:ae:9f:5a:d7:1c:e3:
+                    fa:c9:c1:15:e8:64:ee:01:90:28:ad:9b:42:8d:09:
+                    e7:42:ef:b3:db:0d:4f:52:05:bc:22:05:ac:e5:78:
+                    ce:64:9e:96:ed:dc:45:04:bb:99:b7:1b:f6:31:3e:
+                    3f:b7:04:cb:9d:8e:44:f0:9d:c5:9e:08:3d:fe:46:
+                    7a:fd:9d:56:8b:49:1d:b7:f1:b6:7c:e1:da:e8:4a:
+                    fe:ae:28:70:10:88:c2:04:cc:83:14:8e:65:da:6e:
+                    c3:1b:83:81:67:9f:df:d4:39:ce:48:71:37:7b:49:
+                    fa:3c:19:dd:75:33:bc:cc:82:75:af:6f:dd:06:eb:
+                    3a:cd:a0:d5:c3:10:e2:0b:58:3f:95:35:35:0e:ce:
+                    34:ed:03:13:a5:24:7a:24:8f:32:7c:c8:09:a9:6b:
+                    23:54:19:13:23:af:b0:54:e5:0f:27:9a:e6:33:dc:
+                    0f:2a:2c:d2:3e:60:ee:b3:8c:7d:c2:a5:43:d9:07:
+                    0a:84:76:10:8a:6f:f1:db:6e:22:1e:b9:71:aa:c4:
+                    52:e3:56:a1:26:6f:c6:17:0f:f2:4f:8d:88:e9:a0:
+                    3b:b5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E2:E0:31:7D:AC:4D:8F:1B:67:83:67:66:52:39:CA:43:4C:FF:99:B0
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:kaya
+    Signature Algorithm: sha256WithRSAEncryption
+         8f:ef:78:2e:54:f1:b4:a3:92:89:25:cc:85:b9:28:2d:aa:2e:
+         28:9a:53:f1:09:99:95:34:6c:f3:58:d8:4c:6d:a1:cc:f5:93:
+         07:53:8c:53:4b:0f:80:29:33:83:a2:f5:13:64:ae:23:d4:c8:
+         6f:75:48:41:42:81:40:a8:b7:7f:70:fb:7f:97:55:5d:82:b8:
+         1d:7e:96:50:5e:2d:a9:eb:66:cd:c0:89:5f:ca:ec:c2:bc:7f:
+         33:db:e2:fa:28:54:00:6a:3e:72:2e:71:fe:d8:d2:d3:4d:fe:
+         6e:1b:e2:71:e2:e5:cf:7d:aa:4e:92:9f:d4:b7:20:fe:2b:98:
+         2f:a1:a2:f8:87:07:a1:a9:7b:5f:b9:d6:f9:b2:b5:23:17:98:
+         99:c7:00:d0:29:cb:59:2e:9e:c6:b0:f3:54:a4:c7:3d:82:d1:
+         aa:f8:f2:e1:23:cf:74:ed:25:f3:b8:24:c9:c6:0a:d9:41:6d:
+         d6:a8:c1:a7:96:85:51:13:f3:cc:36:fa:5e:e1:32:aa:f6:e8:
+         93:a2:43:ce:40:33:33:5e:6a:b4:65:c2:32:e3:0c:62:a6:f6:
+         48:c5:0e:2e:02:cd:92:45:9e:dc:2f:a5:66:57:b4:ca:35:0f:
+         5d:ed:10:42:d9:0d:7b:0b:0a:75:62:5f:12:ac:9b:29:bd:14:
+         9e:e4:5a:9f
+-----BEGIN CERTIFICATE-----
+MIIFXDCCBESgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMzExOTM5NDdaFw0zNzAzMzExOTM5
+NDdaMIGzMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEbMBkGA1UEAxMSVlBOLTEyM0NvbWljcy1rYXlhMRYwFAYDVQQpEw1WUE4gMTIz
+Q29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2TD6xkAF+dP4DxN6cXTcj9pP9wAi8
+SerfS/85IhtCpv2GbFIqaa6fWtcc4/rJwRXoZO4BkCitm0KNCedC77PbDU9SBbwi
+BazleM5knpbt3EUEu5m3G/YxPj+3BMudjkTwncWeCD3+Rnr9nVaLSR238bZ84dro
+Sv6uKHAQiMIEzIMUjmXabsMbg4Fnn9/UOc5IcTd7Sfo8Gd11M7zMgnWvb90G6zrN
+oNXDEOILWD+VNTUOzjTtAxOlJHokjzJ8yAmpayNUGRMjr7BU5Q8nmuYz3A8qLNI+
+YO6zjH3CpUPZBwqEdhCKb/HbbiIeuXGqxFLjVqEmb8YXD/JPjYjpoDu1AgMBAAGj
+ggF5MIIBdTAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5l
+cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFOLgMX2sTY8bZ4NnZlI5ykNM/5mw
+MIHmBgNVHSMEgd4wgduAFGByHupHLaqzcRgy4TAcdwix1CQRoYG3pIG0MIGxMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UE
+AxMQVlBOLTEyM0NvbWljcy1jYTEWMBQGA1UEKRMNVlBOIDEyM0NvbWljczEhMB8G
+CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA4KYz/4Mr9Y8wEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaCBGtheWEwDQYJ
+KoZIhvcNAQELBQADggEBAI/veC5U8bSjkoklzIW5KC2qLiiaU/EJmZU0bPNY2Ext
+ocz1kwdTjFNLD4ApM4Oi9RNkriPUyG91SEFCgUCot39w+3+XVV2CuB1+llBeLanr
+Zs3AiV/K7MK8fzPb4vooVABqPnIucf7Y0tNN/m4b4nHi5c99qk6Sn9S3IP4rmC+h
+oviHB6Gpe1+51vmytSMXmJnHANApy1kunsaw81Skxz2C0ar48uEjz3TtJfO4JMnG
+CtlBbdaowaeWhVET88w2+l7hMqr26JOiQ85AMzNearRlwjLjDGKm9kjFDi4CzZJF
+ntwvpWZXtMo1D13tEELZDXsLCnViXxKsmym9FJ7kWp8=
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/kaya.csr b/123/openvpn/keys/kaya.csr
new file mode 100644
index 0000000..efd0dd8
--- /dev/null
+++ b/123/openvpn/keys/kaya.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC+TCCAeECAQAwgbMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRswGQYDVQQDExJWUE4tMTIzQ29taWNzLWtheWExFjAUBgNVBCkT
+DVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5k
+ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALZMPrGQAX50/gPE3pxd
+NyP2k/3ACLxJ6t9L/zkiG0Km/YZsUipprp9a1xzj+snBFehk7gGQKK2bQo0J50Lv
+s9sNT1IFvCIFrOV4zmSelu3cRQS7mbcb9jE+P7cEy52ORPCdxZ4IPf5Gev2dVotJ
+Hbfxtnzh2uhK/q4ocBCIwgTMgxSOZdpuwxuDgWef39Q5zkhxN3tJ+jwZ3XUzvMyC
+da9v3QbrOs2g1cMQ4gtYP5U1NQ7ONO0DE6UkeiSPMnzICalrI1QZEyOvsFTlDyea
+5jPcDyos0j5g7rOMfcKlQ9kHCoR2EIpv8dtuIh65carEUuNWoSZvxhcP8k+NiOmg
+O7UCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCx5tFgFP2Tey7DNs+J5rCZg8LI
+HMmptqZJ4oX2TEJcJtjyfZcJXQ/m/cKnLBkTi86LsNArgWnnALAq7Ax8O1Q/4AVZ
+5wxe7i8H/EB07wJiz+EQi0yIezztAzYuWeWqYRFlVG3OQiTlpYJoLdHj7hgYZMf3
+kOK20TfrtD0hiB5IIkw4IKEmYmeDM1mKklaagFONHkCm+qRnqNFqrAQTDL0+oFsg
+11gKAvYh500n7p3aUuRJKTNBWtl2t8bvB1Gdg5Gn5o+0rJ+vblb6Ws0slcH7YZEY
+Xsa54GgQ/+ZkBsc8eC+3kEZ9/Y+77hCSWwC0iY9CdK+zBgaMwe1bthOJr2MX
+-----END CERTIFICATE REQUEST-----
diff --git a/123/openvpn/keys/kaya.key b/123/openvpn/keys/kaya.key
new file mode 100644
index 0000000..54dd60c
--- /dev/null
+++ b/123/openvpn/keys/kaya.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIlBrWBsuF9nMCAggA
+MBQGCCqGSIb3DQMHBAhcdEybYkVf6gSCBMg9O9QPAMrh8k/+IW53q4NspUyg3kR8
+PKbrLaGd3LB8WdOV0cKxiJ+u+BhNpX0v2lIedOVq2yaUJkWwE5jCwc6XpBDkvD/l
+N4XzoNNvG6v+ExK+pkXmxvTluEmjTAZG3CUIdcj3n+CGsKBJZO+APgz0BYi2pskk
+Oi/cX2Rm67lKt/dT/bA7W9nrB4K0YbYARsFFuDu/5ggdEEcalc75WZMxd5Bxt811
+xOLQSrpDcYFIBB/9pMG+kZhUIRFnqmeKNUpQZKhR5d2CWN20q9HRT5UDkaGowoTe
+xk0uA8JjVarFM8VRX6JqmGSPLVOoxtPB+47/QWv2XQtYXMJm3UNmC8gD0cKvr0up
+9G/3Or0QU7FE/W/O06/5uPKRsrTfouNUhkEAlyE3gMMvIVmnOSeEuifKR1QGX7Bt
+2foqnnHZtjadRP0TeM17JvDKNZSEU+S/YNBpFoORxVvzklZYICPX7GVUKxfwrCfi
+P3ecVoVeM6DwdAyhuUVFRsQ9XeU2U5f+BD56QsCNcKqd8jqGCYPvT3oKFXazFsx4
+KRrT6X8xgKrTwbI5Tfff7S3Vy3FbGVhHs9XzCQlHGsETc6dq54kIcoKhQxAE35Sl
+xxa9RHkvHVqoUwaTJDhldIbDsIgWErO/gcRSHzxpJofoFDoEngXc4oKRHNLkWB3M
+JgXLnIEO3C9rVzTi9x3Di382/FJLQWAMWv8u6pB7KQ6VDYJM6oP2d4Pccm0a60z9
+q1ZhrAFiGFrAnpKSAhmYWBznu9pFn7h08N3fZLt43CzS05q2akoktkNMDz9w6eFb
+XfpHoBLjZNx5hc3e04T5flEFAIYsW/VQpceyCS7xIPCLFwm/wb3Mv9Tfp62ortJl
+BXjzFEcwuvMMlZrcJnsPlcnPnKJWYgzxKrrtCWfFg+0z3zKUN5hYhxmrFFShIork
+rNzxf922RTE75umJHeLwEQAN1+hw4smke9ooJGz7oFRwSVYhvUUigvHTrNouNVWz
+P7vS+xAzOqdrZvROV++PdzsCwZOF/3QXd0muR65HoX1PC9zBun/TSbk5gyF17aZ+
+wOoMM2XOmrUyDi+A6+DnjN7w/VfNiohFR2WxnPG3dsPsHkf7FNG9Osv0PUqpB/oj
+6gymendOB5rP3LfiD6jXnCHFA40cH+ATYEhqzKF3ICb3Wb5xy2aWDH79lvMB+BAI
+YJJeVlt5oc8lqJEOyz+KsreCrmRgTlbVUVkPyQMcmliFfPG3W7nFTiI+2cflunGL
+zQNJrx7xQ8LUt71Ea6KRuhaqJKhUz/vGUg+aL1O+42yms2QvurfpDd5zL7XIlASO
+13SfptI9ffCxe/eLDkNd2vFy0E7yTAAVPw9bD88buZ3io2SQsfNqxVlygkb6GTHE
+tJ6j6idudeLj6doO9AKQfXwIYkU3qegRN7JKDN2yRCMxwVXeqiCnIJ+cUPisvMPf
+bhXXcQGz7coFbviGDBc8lttzY0Ig1mq6rp1he9+63A+VSAgqNfHlhmJFVzPj2sr4
+JVTDXw17yBV8mXNevLayfVA1LtLWle/UQtMUjxWN+YIFkYFO30nn2EHP603Llm/3
+VJw1A8niIJnG0dQe8vQFXjh2Pa1SQIZ6SJc1n735n9coHpJid8622odCjT1Wdf2d
+GNI=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/123/openvpn/keys/serial b/123/openvpn/keys/serial
new file mode 100644
index 0000000..d9bb888
--- /dev/null
+++ b/123/openvpn/keys/serial
@@ -0,0 +1 @@
+0A
diff --git a/123/openvpn/keys/serial.old b/123/openvpn/keys/serial.old
new file mode 100644
index 0000000..86397e5
--- /dev/null
+++ b/123/openvpn/keys/serial.old
@@ -0,0 +1 @@
+09
diff --git a/123/openvpn/keys/server.crt b/123/openvpn/keys/server.crt
new file mode 100644
index 0000000..cbd7e47
--- /dev/null
+++ b/123/openvpn/keys/server.crt
@@ -0,0 +1,101 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 11 02:18:50 2017 GMT
+            Not After : Mar 11 02:18:50 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-server/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:dc:9a:13:40:1a:60:e4:03:90:5a:6c:6e:19:9a:
+                    2d:03:7d:a2:58:70:0b:d1:ac:1c:79:2e:e4:62:2c:
+                    89:62:94:36:0c:8f:81:91:7c:65:ee:52:97:0f:c6:
+                    53:a8:4f:a8:65:a5:15:6d:03:95:92:46:d1:b2:62:
+                    a7:39:eb:f3:cd:b5:65:c8:7c:3d:0c:e9:16:25:f1:
+                    61:f5:76:8f:0c:a8:f7:c0:76:83:11:45:59:d5:f7:
+                    d4:c5:c3:33:66:1d:33:90:66:8f:65:d2:20:f7:8a:
+                    b1:a3:73:58:79:a6:ec:a9:b0:a3:71:90:49:61:d3:
+                    c2:be:72:19:92:38:ac:35:28:99:f6:5b:57:bb:28:
+                    5c:9a:4c:15:05:24:b8:2d:c3:11:82:25:75:a3:59:
+                    81:33:04:03:b7:f6:86:3b:27:48:0c:b9:11:0d:a3:
+                    cb:43:13:bc:60:65:e8:eb:42:2d:e9:c6:2d:6f:ce:
+                    49:59:ae:24:4f:06:29:21:d9:43:5e:8d:15:91:24:
+                    d1:0c:7d:a4:93:93:5e:56:f7:f9:39:b6:2c:ae:c2:
+                    80:7d:1c:6e:13:83:d5:26:b0:db:f4:fd:20:75:f9:
+                    d4:3a:c8:b6:00:8a:96:f8:3b:82:b0:f0:4f:98:49:
+                    3e:1d:49:d6:15:a9:3c:9b:b8:5f:c8:14:85:27:54:
+                    e5:57
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                44:47:4F:F6:97:8F:87:FB:A3:02:61:45:7F:69:1F:2E:CA:32:37:63
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         9b:9a:81:35:cb:4f:32:b4:c0:aa:09:b7:e8:9b:ca:d4:7e:c5:
+         e8:4a:21:6b:41:a0:34:e4:a6:bf:07:20:42:6c:e5:a8:50:6b:
+         67:c4:1e:9d:2a:76:e3:ea:7d:68:67:12:ab:54:64:83:dd:7a:
+         d1:13:95:76:5e:57:38:6b:59:4c:47:14:63:a4:4d:25:41:e4:
+         e2:79:35:36:fd:98:c4:47:80:b4:d4:31:7a:db:d1:88:3d:5d:
+         25:20:0b:c4:40:0a:dd:b5:48:21:92:86:18:85:22:f3:6a:80:
+         ad:a1:71:d7:8a:69:a9:78:b1:dd:90:b8:eb:ec:90:0b:68:e1:
+         40:2c:99:02:2b:31:18:2b:e0:d4:22:d1:1e:f3:77:98:9f:bb:
+         68:00:f4:6e:51:45:1b:a8:ad:ee:03:fb:62:1d:fb:57:c6:7d:
+         fe:91:3c:c1:6e:f9:34:0c:cb:a0:ce:7f:9b:ed:41:b6:65:c1:
+         5c:e9:83:de:98:00:bb:7f:4c:b3:7d:bf:f4:e3:0a:6b:e5:ad:
+         71:ae:8b:b9:98:d6:a2:8d:ed:5c:b8:87:fb:35:f5:90:11:9e:
+         89:90:f9:b1:ee:6f:e3:a8:d4:42:6b:c4:43:04:13:24:a2:5c:
+         33:8a:43:f1:95:bf:ab:7a:db:4b:6a:fe:49:f0:de:ef:39:86:
+         90:25:19:54
+-----BEGIN CERTIFICATE-----
+MIIFejCCBGKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMTEwMjE4NTBaFw0zNzAzMTEwMjE4
+NTBaMIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEdMBsGA1UEAxMUVlBOLTEyM0NvbWljcy1zZXJ2ZXIxFjAUBgNVBCkTDVZQTiAx
+MjNDb21pY3MxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyaE0AaYOQDkFpsbhmaLQN9olhw
+C9GsHHku5GIsiWKUNgyPgZF8Ze5Slw/GU6hPqGWlFW0DlZJG0bJipznr8821Zch8
+PQzpFiXxYfV2jwyo98B2gxFFWdX31MXDM2YdM5Bmj2XSIPeKsaNzWHmm7Kmwo3GQ
+SWHTwr5yGZI4rDUomfZbV7soXJpMFQUkuC3DEYIldaNZgTMEA7f2hjsnSAy5EQ2j
+y0MTvGBl6OtCLenGLW/OSVmuJE8GKSHZQ16NFZEk0Qx9pJOTXlb3+Tm2LK7CgH0c
+bhOD1Saw2/T9IHX51DrItgCKlvg7grDwT5hJPh1J1hWpPJu4X8gUhSdU5VcCAwEA
+AaOCAZUwggGRMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG
++EIBDQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0G
+A1UdDgQWBBRER0/2l4+H+6MCYUV/aR8uyjI3YzCB5gYDVR0jBIHeMIHbgBRgch7q
+Ry2qs3EYMuEwHHcIsdQkEaGBt6SBtDCBsTELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjNDb21pY3MtY2Ex
+FjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFk
+bUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1Ud
+DwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcNAQELBQADggEBAJua
+gTXLTzK0wKoJt+ibytR+xehKIWtBoDTkpr8HIEJs5ahQa2fEHp0qduPqfWhnEqtU
+ZIPdetETlXZeVzhrWUxHFGOkTSVB5OJ5NTb9mMRHgLTUMXrb0Yg9XSUgC8RACt21
+SCGShhiFIvNqgK2hcdeKaal4sd2QuOvskAto4UAsmQIrMRgr4NQi0R7zd5ifu2gA
+9G5RRRuore4D+2Id+1fGff6RPMFu+TQMy6DOf5vtQbZlwVzpg96YALt/TLN9v/Tj
+CmvlrXGui7mY1qKN7Vy4h/s19ZARnomQ+bHub+Oo1EJrxEMEEySiXDOKQ/GVv6t6
+20tq/knw3u85hpAlGVQ=
+-----END CERTIFICATE-----
diff --git a/123/openvpn/keys/server.csr b/123/openvpn/keys/server.csr
new file mode 100644
index 0000000..00fe0dc
--- /dev/null
+++ b/123/openvpn/keys/server.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC+zCCAeMCAQAwgbUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMR0wGwYDVQQDExRWUE4tMTIzQ29taWNzLXNlcnZlcjEWMBQGA1UE
+KRMNVlBOIDEyM0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVu
+LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3JoTQBpg5AOQWmxu
+GZotA32iWHAL0awceS7kYiyJYpQ2DI+BkXxl7lKXD8ZTqE+oZaUVbQOVkkbRsmKn
+OevzzbVlyHw9DOkWJfFh9XaPDKj3wHaDEUVZ1ffUxcMzZh0zkGaPZdIg94qxo3NY
+eabsqbCjcZBJYdPCvnIZkjisNSiZ9ltXuyhcmkwVBSS4LcMRgiV1o1mBMwQDt/aG
+OydIDLkRDaPLQxO8YGXo60It6cYtb85JWa4kTwYpIdlDXo0VkSTRDH2kk5NeVvf5
+ObYsrsKAfRxuE4PVJrDb9P0gdfnUOsi2AIqW+DuCsPBPmEk+HUnWFak8m7hfyBSF
+J1TlVwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAGvR7iwOtDyLU80L/CXRBWLX
+sTa4sNTLHe/mCs8nGSTjNGrP++rNgBnkaSeRQorw8bXZJ1/xNtIUaEEZTvNYry+z
+nKU25wdsxwge2Cz5bYYLKaZxTAdVEJgY8uYRZCd76SajfFZKGwBQBiv9tBTbFlw8
+d7QJqIZHWHgOW+6uRiWCdQ3pGSLFjPSxpDbw09SDsHPC8TaZHRmaN835JjytXODX
+mRWRe2pWXTFwn55+5+iiJS9D33NJKnY2UpdSCwg96CwEd+3juvCnhgbpAllJku2k
+PoeFl4e6pI4mZF3tOkK94Guchuf+fzWwkGimxulQSt5N/PT+lv6MucYjir2akHI=
+-----END CERTIFICATE REQUEST-----
diff --git a/123/openvpn/keys/server.key b/123/openvpn/keys/server.key
new file mode 100644
index 0000000..9fcdd2d
--- /dev/null
+++ b/123/openvpn/keys/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDcmhNAGmDkA5Ba
+bG4Zmi0DfaJYcAvRrBx5LuRiLIlilDYMj4GRfGXuUpcPxlOoT6hlpRVtA5WSRtGy
+Yqc56/PNtWXIfD0M6RYl8WH1do8MqPfAdoMRRVnV99TFwzNmHTOQZo9l0iD3irGj
+c1h5puypsKNxkElh08K+chmSOKw1KJn2W1e7KFyaTBUFJLgtwxGCJXWjWYEzBAO3
+9oY7J0gMuRENo8tDE7xgZejrQi3pxi1vzklZriRPBikh2UNejRWRJNEMfaSTk15W
+9/k5tiyuwoB9HG4Tg9UmsNv0/SB1+dQ6yLYAipb4O4Kw8E+YST4dSdYVqTybuF/I
+FIUnVOVXAgMBAAECggEAbrFtWWwjFCbpp0XjVTt0vNysur22YIaBXxl1hgGdCnce
+S90ygcMvDpAotsSos7sM37wfbS0wP08D6APyr3DDTIRqR1h39eN7tpxRsC7Ghu6+
+KrgM+nyXIHOUM4vIXcPnXNzptYjj+/J/QmodiiWFeXxl9xUUjV8JyDBOvn1rg9wm
+Lp3Ukspx0zBmGg3kdO7nU59iD3QSn5I9xJ0BwMxGvH3gvV4d8qy7RDhpAFoZ81SK
+gp1sUVIZE9aP0yJaABCub1Ul7vbtSIhT/MkPDjG1b+Ibe1rKO4Gd2xTTZD5SVgFE
+Zv8XNOky48nD0HgroXl15qKDOjaUSYkK+uiv4SWH0QKBgQDvBFBsNQ8uVggLL4vh
+p5DGoNBAs08CpoU809daTBDT7ID6wuJwSga/E2fnHXgYxuRNUzy5ql1g8ytBSyyE
+cxJmIHxbUn74BzJRf32x0P0zhkmX8lYSVeG/uDHICR22MIjARzCcqEKAogQpV6a2
+35A/A+Z314TRyXdagsfCUoi/TwKBgQDsRsttLldcMwNcXz8Hl7GUA26eWAUvP7FA
+E6QvnhxpnEtyIlCbZpOEc41oSJegpn6XLursI1HlhsBquaTty8xH20/OOt8m3aeJ
+X2vs2P7SDQjmMf7200iYgUqJALbwHHNXEbeUKgORXcke5j7IZ9i9VU/Eb0fjZc98
+BNpV2L+3eQKBgF3rPA7I6qYyeAatMDIDPghOuIYz7yADfudf9ocszI/5ptTiL0gg
+TnZWkcVm9wIFZUBdLMdoAjlOU/jcKSoCbYBj03mu+OVNLqCHkESG8neElPZ36wpZ
+ZNOI9Ua9DkfA2ntzfc6Q71DMWQZFwuSpBG0+gxkkPrSQja2rJgNdmw5RAoGAXXrw
+9yRzidXhCYXhgRaCOoZVGK7IdlYjwa9DsVdD9IDS1LhA3grqaGfzVYQLAZN92EDG
+z2B2AXKb5F3IpBCSpQde/sAKE+10YIRxRcbgoqhnkfPL5UnYmgXlQGkY98y50YP/
+9s3clYHelawQwOddOCNtqNFCRvS771xYKcjUqTkCgYEAw4IHPbNI6LuUUaMaoWqi
+jFC8nL/odvhrsbjeKA1pKTNmhwEJsSFhydhm3urCL2x2wH6ybFNFtGZqz0T9Rb1k
+iyJo542QMIy7OeY+agdp6Q9yB5V7bcXuOXInKqGqs/GGZXgdGpmOfE9k0RIhl8+G
++W9rQ41MPu7kY0ZebBUgeAk=
+-----END PRIVATE KEY-----
diff --git a/123/openvpn/keys/ta.key b/123/openvpn/keys/ta.key
new file mode 100644
index 0000000..8bdac31
--- /dev/null
+++ b/123/openvpn/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+92f8950e3eeb9728413080949bac24e9
+d84bc4e08de921cb7c64250dbbe03d9c
+27040263bc8d4c035bb5f5d7b6445cd7
+ac017ce7ab6830264b1246289401cfc4
+84e6173530cc4e602cfac0d736e7633e
+54314d44704842dab40b638bd9860bec
+a770067ee4aa7d35ed085359f0ac6370
+ec85b7a1eddd369eca7b9aad36651484
+1836322e2d1dd5dc1b405f042f19c9b4
+9857030d1d37880f26a17c9e7eb9cb50
+97e7927acdd974d34f1eb57b3d4c1dad
+ad3bb0380b80b673508022c3895bb6d2
+9b9f1b3b4b3ecb9155523799708032bd
+c3172244a5f639bc8dd1d94c1197e0b1
+94f69490aee75ba48ae63b442119918a
+707bfc5c40ae6ebfe6fe3f93f311a924
+-----END OpenVPN Static key V1-----
diff --git a/123/openvpn/server-gw-ckubu.conf b/123/openvpn/server-gw-ckubu.conf
new file mode 100644
index 0000000..fe54667
--- /dev/null
+++ b/123/openvpn/server-gw-ckubu.conf
@@ -0,0 +1,317 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\Program Files\OpenVPN\config\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1195
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+
+topology subnet
+route 192.168.63.0 255.255.255.0 10.1.142.1
+route 192.168.64.0 255.255.255.0 10.1.142.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca keys/ca.crt
+cert keys/server.crt
+key keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh keys/dh2048.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.1.142.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.142.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+
+client-config-dir /etc/openvpn/ccd/server-gw-ckubu
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+
+# - Do NOT push DNS settings in THIS configuration. We use
+# - this VPN tunnel as a static line, and the remote host
+# - should user his own dns settings.
+# -
+;push "dhcp-option DNS 192.168.142.1"
+;push "dhcp-option DOMAIN 123.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+status /var/log/openvpn/status-server-gw-ckubu.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+log         /var/log/openvpn/server-gw-ckubu.log
+;log-append  openvpn.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+crl-verify /etc/openvpn/keys/crl.pem
+
diff --git a/123/openvpn/server-home.conf b/123/openvpn/server-home.conf
new file mode 100644
index 0000000..015276c
--- /dev/null
+++ b/123/openvpn/server-home.conf
@@ -0,0 +1,312 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\Program Files\OpenVPN\config\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+
+topology subnet
+#route 192.168.63.0 255.255.255.0 10.1.72.1
+#route 192.168.64.0 255.255.255.0 10.1.72.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca keys/ca.crt
+cert keys/server.crt
+key keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh keys/dh2048.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.0.142.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.142.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+
+client-config-dir /etc/openvpn/ccd/server-home
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.142.1"
+push "dhcp-option DOMAIN 123.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+status /var/log/openvpn/status-server-home.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+log         /var/log/openvpn/server-home.log
+;log-append  openvpn.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+crl-verify /etc/openvpn/keys/crl.pem
+
diff --git a/123/openvpn/update-resolv-conf b/123/openvpn/update-resolv-conf
new file mode 100755
index 0000000..fc2f031
--- /dev/null
+++ b/123/openvpn/update-resolv-conf
@@ -0,0 +1,58 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+# 
+# Example envs set from openvpn:
+#
+#     foreign_option_1='dhcp-option DNS 193.43.27.132'
+#     foreign_option_2='dhcp-option DNS 193.43.27.133'
+#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+[ -x /sbin/resolvconf ] || exit 0
+[ "$script_type" ] || exit 0
+[ "$dev" ] || exit 0
+
+split_into_parts()
+{
+	part1="$1"
+	part2="$2"
+	part3="$3"
+}
+
+case "$script_type" in
+  up)
+	NMSRVRS=""
+	SRCHS=""
+	for optionvarname in ${!foreign_option_*} ; do
+		option="${!optionvarname}"
+		echo "$option"
+		split_into_parts $option
+		if [ "$part1" = "dhcp-option" ] ; then
+			if [ "$part2" = "DNS" ] ; then
+				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
+			elif [ "$part2" = "DOMAIN" ] ; then
+				SRCHS="${SRCHS:+$SRCHS }$part3"
+			fi
+		fi
+	done
+	R=""
+	[ "$SRCHS" ] && R="search $SRCHS
+"
+	for NS in $NMSRVRS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
+	;;
+  down)
+	/sbin/resolvconf -d "${dev}.openvpn"
+	;;
+esac
+
diff --git a/123/rc.local.123 b/123/rc.local.123
new file mode 100755
index 0000000..f4ed2f1
--- /dev/null
+++ b/123/rc.local.123
@@ -0,0 +1,21 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+# By default this script does nothing.
+
+if ! cat /proc/swaps | grep -q "/dev/sda1" ; then
+   swapon -p 1 /dev/sda1 > /dev/null 2>&1 || /bin/true
+fi
+if ! cat /proc/swaps | grep -q "/dev/sdb1" ; then
+   swapon -p 1 /dev/sdb1 > /dev/null 2>&1 || /bin/true
+fi
+
+exit 0
diff --git a/123/resolv.conf.123 b/123/resolv.conf.123
new file mode 100644
index 0000000..7a13af6
--- /dev/null
+++ b/123/resolv.conf.123
@@ -0,0 +1,3 @@
+domain 123.netz
+search 123.netz
+nameserver 127.0.0.1
diff --git a/123/sasl_passwd.123 b/123/sasl_passwd.123
new file mode 100644
index 0000000..9f044b9
--- /dev/null
+++ b/123/sasl_passwd.123
@@ -0,0 +1 @@
+[b.mx.oopen.de] 123@b.mx.oopen.de:474FVmftrd
diff --git a/123/sasl_passwd.db.123 b/123/sasl_passwd.db.123
new file mode 100644
index 0000000..c58da32
Binary files /dev/null and b/123/sasl_passwd.db.123 differ
diff --git a/123/sbin/ipt-firewall-gateway b/123/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..5be1a57
--- /dev/null
+++ b/123/sbin/ipt-firewall-gateway
@@ -0,0 +1,3947 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/123/sbin/rebind b/123/sbin/rebind
new file mode 100755
index 0000000..c60e07b
--- /dev/null
+++ b/123/sbin/rebind
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+case "$1" in
+   on)
+      set -x
+      mount --bind /proc    /ro/proc
+      mount --bind /sys     /ro/sys
+      mount --bind /dev     /ro/dev
+      mount --bind /dev/pts /ro/dev/pts
+   ;;
+   off)
+      set -x
+      umount /ro/dev/pts
+      umount /ro/dev
+      umount /ro/sys
+      umount /ro/proc
+   ;;
+   *)
+      echo "Use: $0 (on|off)"
+esac
diff --git a/123/src/ipt-gateway b/123/src/ipt-gateway
new file mode 160000
index 0000000..de0ebb6
--- /dev/null
+++ b/123/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
diff --git a/123/src/mailsystem b/123/src/mailsystem
new file mode 160000
index 0000000..03b820b
--- /dev/null
+++ b/123/src/mailsystem
@@ -0,0 +1 @@
+Subproject commit 03b820b8b869d6be229340a99ed5994dcd0edec9
diff --git a/123/src/openvpn b/123/src/openvpn
new file mode 160000
index 0000000..ebff5a5
--- /dev/null
+++ b/123/src/openvpn
@@ -0,0 +1 @@
+Subproject commit ebff5a557b537bcb8192d94f733c4df86594258d
diff --git a/AK/README.txt b/AK/README.txt
new file mode 100644
index 0000000..f1d1d3e
--- /dev/null
+++ b/AK/README.txt
@@ -0,0 +1,25 @@
+
+Notice:
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.AK: ppp0 comes over eth2
+      interfaces.AK: see above
+      default_isc-dhcp-server.AK
+      ipt-firewall.AK: LAN device (mostly ) = eth1
+                                second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620.zip b/AK/bin/IPMICFG_1.27.0_build.170620.zip
new file mode 100644
index 0000000..1099bca
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620.zip differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/DOS/DCMICap.dat b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/DCMICap.dat
new file mode 100755
index 0000000..368e2d4
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/DCMICap.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/DOS/GenEvt.dat b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/GenEvt.dat
new file mode 100755
index 0000000..92b4c92
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/GenEvt.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/DOS/IPMICFG.exe b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/IPMICFG.exe
new file mode 100755
index 0000000..af97ffe
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/IPMICFG.exe differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/DOS/MBType.dat b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/MBType.dat
new file mode 100755
index 0000000..10aa814
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/MBType.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode.dat b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode.dat
new file mode 100755
index 0000000..518dbbe
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode2.dat b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode2.dat
new file mode 100755
index 0000000..6cadcfc
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode2.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/DOS/Menu.dat b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/Menu.dat
new file mode 100755
index 0000000..da10666
--- /dev/null
+++ b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/Menu.dat
@@ -0,0 +1,96 @@
+  -m                    Show IP and MAC.
+  -m IP                 Set IP (format: ###.###.###.###).
+  -a MAC                Set MAC (format: ##:##:##:##:##:##).
+  -k                    Show Subnet Mask.
+  -k Mask               Set Subnet Mask (format: ###.###.###.###).
+  -dhcp                 Get the DHCP status.
+  -dhcp on              Enable the DHCP.
+  -dhcp off             Disable the DHCP.
+  -g                    Show Gateway IP.
+  -g IP                 Set Gateway IP (format: ###.###.###.###).
+  -r                    BMC cold reset.
+                        option: -d | Detected IPMI device for BMC reset.
+  -garp on              Enable the Gratuitous ARP.
+  -garp off             Disable the Gratuitous ARP.
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -ver                  Get Firmware revision.
+  -vlan                 Get VLAN status.
+  -vlan on <vlan tag>   Enable the VLAN and set the VLAN tag.
+                        If VLANtag is not given it uses previously saved value.
+  -vlan off             Disable the VLAN.
+  -selftest             Checking and reporting on the basic health of BMC.
+  -raw                  Send a RAW IPMI request and print response.
+                        Format: NetFn Cmd [Data1 ... DataN]
+  -fru info             Show FRU inventory area Info.
+  -fru list             Show all FRU values.
+  -fru cthelp           Show chassis type code.
+  -fru help             Show help of FRU Write.
+  -fru <field>          Show FRU field value.
+  -fru <field> <value>  Write FRU.
+  -fru 1m               Update Product-Manufacturer from DMITable to IPMI FRU.
+  -fru 1p               Update Product-Product Name from DMITable to IPMI FRU.
+  -fru 1s               Update Product-S/N from DMITable to IPMI FRU.
+  -fru 2m               Update Board-Manufacturer from DMITable to IPMI FRU.
+  -fru 2p               Update Board-Product Name from DMITable to IPMI FRU.
+  -fru 2s               Update Board-S/N from DMITable to IPMI FRU.
+  -fru 3s               Update Chassis-S/N from DMITable to IPMI FRU.
+  -fru backup <file>    Backup FRU to file <Binary format>.
+  -fru restore <file>   Restore FRU from file <Binary format>.
+  -fru tbackup <file>   Backup FRU to file <Text format>.
+  -fru trestore <file>  Restore FRU from file <Text format>.
+  -fru ver <v1> <v2>    Get/Set FRU version. (v1 v2 are BCD format)
+  -sel info             Show SEL info.
+  -sel list             Show SEL records.
+  -sel del              Delete all SEL records.
+  -sel raw              Show SEL raw data.
+  -sdr [full]           Show SDR records and reading.
+  -sdr del <sdr id>     Delete SDR record.
+  -sdr ver <v1> <v2>    Get/Set SDR version. (v1 v2 are BCD format)
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>           Set Fan Mode.
+  -pminfo [full]        Power supply PMBus health.
+  -psfruinfo            Power supply FRU health.
+  -psbbpinfo            Battery backup power status.
+  -autodischarge        Set auto discharge by days.
+   <module> <day>.      
+  -discharge <module>   Manually discharge battery.
+  -user list            List user privilege information.
+  -user help            Show user privilege code.
+  -user add <user id>   Add user.
+   <name> <password>    
+   <privilege>          
+  -user del <user id>   Delete user.
+  -user level <user id> Update user privilege.
+   <privilege>          
+  -user setpwd          Update user password.
+   <user id> <password> 
+  -conf upload <file>   Upload IPMI configuration form binary file.
+   <option>             option: -p | Bypass warning message.
+  -conf download <file> Download IPMI configuration to binary file.
+  -conf tupload <file>  Upload IPMI configuration from text file.
+   <option>             option: -p | Bypass warning message.
+  -conf tdownload       Download IPMI configuration to text file.
+   <file>               
+  -clrint               Clear chassis intrusion.
+  -reset <index>        Reset System and force to boot from device.
+  -soft <index>         Initiate a soft-shutdown for OS and force to boot from
+                        device.
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/DOS/PMBusStatus.dat b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/PMBusStatus.dat
new file mode 100755
index 0000000..d5b8630
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/PMBusStatus.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt1.dat b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt1.dat
new file mode 100755
index 0000000..8b10a40
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt1.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt2.dat b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt2.dat
new file mode 100755
index 0000000..6cfe076
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt2.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt3.dat b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt3.dat
new file mode 100755
index 0000000..aef67c7
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt3.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt4.dat b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt4.dat
new file mode 100755
index 0000000..505e391
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt4.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt5.dat b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt5.dat
new file mode 100755
index 0000000..fed4cfc
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt5.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/DOS/sdc.exe b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/sdc.exe
new file mode 100755
index 0000000..8ce02a8
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/DOS/sdc.exe differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/IPMICFG_UserGuide.pdf b/AK/bin/IPMICFG_1.27.0_build.170620/IPMICFG_UserGuide.pdf
new file mode 100755
index 0000000..fe6b137
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/IPMICFG_UserGuide.pdf differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/DCMICap.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/DCMICap.dat
new file mode 100755
index 0000000..368e2d4
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/DCMICap.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/GenEvt.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/GenEvt.dat
new file mode 100755
index 0000000..92b4c92
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/GenEvt.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/IPMICFG-Linux.x86 b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/IPMICFG-Linux.x86
new file mode 100755
index 0000000..d971ad9
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/IPMICFG-Linux.x86 differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MBType.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MBType.dat
new file mode 100755
index 0000000..10aa814
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MBType.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode.dat
new file mode 100755
index 0000000..518dbbe
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode2.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode2.dat
new file mode 100755
index 0000000..6cadcfc
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode2.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/Menu.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/Menu.dat
new file mode 100755
index 0000000..84a1273
--- /dev/null
+++ b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/Menu.dat
@@ -0,0 +1,96 @@
+  -m                    Show IP and MAC.
+  -m IP                 Set IP (format: ###.###.###.###).
+  -a MAC                Set MAC (format: ##:##:##:##:##:##).
+  -k                    Show Subnet Mask.
+  -k Mask               Set Subnet Mask (format: ###.###.###.###).
+  -dhcp                 Get the DHCP status.
+  -dhcp on              Enable the DHCP.
+  -dhcp off             Disable the DHCP.
+  -g                    Show Gateway IP.
+  -g IP                 Set Gateway IP (format: ###.###.###.###).
+  -r                    BMC cold reset.
+                        option: -d | Detected IPMI device for BMC reset.
+  -garp on              Enable the Gratuitous ARP.
+  -garp off             Disable the Gratuitous ARP.
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -ver                  Get Firmware revision.
+  -vlan                 Get VLAN status.
+  -vlan on <vlan tag>   Enable the VLAN and set the VLAN tag.
+                        If VLANtag is not given it uses previously saved value.
+  -vlan off             Disable the VLAN.
+  -selftest             Checking and reporting on the basic health of BMC.
+  -raw                  Send a RAW IPMI request and print response.
+                        Format: NetFn Cmd [Data1 ... DataN]
+  -fru info             Show FRU inventory area Info.
+  -fru list             Show all FRU values.
+  -fru cthelp           Show chassis type code.
+  -fru help             Show help of FRU Write.
+  -fru <field>          Show FRU field value.
+  -fru <field> <value>  Write FRU.
+  -fru 1m               Update Product-Manufacturer from DMITable to IPMI FRU.
+  -fru 1p               Update Product-Product Name from DMITable to IPMI FRU.
+  -fru 1s               Update Product-S/N from DMITable to IPMI FRU.
+  -fru 2m               Update Board-Manufacturer from DMITable to IPMI FRU.
+  -fru 2p               Update Board-Product Name from DMITable to IPMI FRU.
+  -fru 2s               Update Board-S/N from DMITable to IPMI FRU.
+  -fru 3s               Update Chassis-S/N from DMITable to IPMI FRU.
+  -fru backup <file>    Backup FRU to file <Binary format>.
+  -fru restore <file>   Restore FRU from file <Binary format>.
+  -fru tbackup <file>   Backup FRU to file <Text format>.
+  -fru trestore <file>  Restore FRU from file <Text format>.
+  -fru ver <v1> <v2>    Get/Set FRU version. (v1 v2 are BCD format)
+  -sel info             Show SEL info.
+  -sel list             Show SEL records.
+  -sel del              Delete all SEL records.
+  -sel raw              Show SEL raw data.
+  -sdr [full]           Show SDR records and reading.
+  -sdr del <sdr id>     Delete SDR record.
+  -sdr ver <v1> <v2>    Get/Set SDR version. (v1 v2 are BCD format)
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>           Set Fan Mode.
+  -pminfo [full]        Power supply PMBus health.
+  -psfruinfo            Power supply FRU health.
+  -psbbpinfo            Battery backup power status.
+  -autodischarge        Set auto discharge by days.
+   <module> <day>.      
+  -discharge <module>   Manually discharge battery.
+  -user list            List user privilege information.
+  -user help            Show user privilege code.
+  -user add <user id>   Add user.
+   <name> <password>    
+   <privilege>          
+  -user del <user id>   Delete user.
+  -user level <user id> Update user privilege.
+   <privilege>          
+  -user setpwd          Update user password.
+   <user id> <password> 
+  -conf upload <file>   Upload IPMI configuration form binary file.
+   <option>             option: -p | Bypass warning message.
+  -conf download <file> Download IPMI configuration to binary file.
+  -conf tupload <file>  Upload IPMI configuration from text file.
+   <option>             option: -p | Bypass warning message.
+  -conf tdownload       Download IPMI configuration to text file.
+   <file>               
+  -clrint               Clear chassis intrusion.
+  -reset <index>        Reset System and force to boot from device.
+  -soft <index>         Initiate a soft-shutdown for OS and force to boot from
+                        device.
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/PMBusStatus.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/PMBusStatus.dat
new file mode 100755
index 0000000..d5b8630
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/PMBusStatus.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt1.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt1.dat
new file mode 100755
index 0000000..8b10a40
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt1.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt2.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt2.dat
new file mode 100755
index 0000000..6cfe076
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt2.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt3.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt3.dat
new file mode 100755
index 0000000..aef67c7
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt3.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt4.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt4.dat
new file mode 100755
index 0000000..505e391
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt4.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt5.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt5.dat
new file mode 100755
index 0000000..fed4cfc
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt5.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/DCMICap.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/DCMICap.dat
new file mode 100755
index 0000000..368e2d4
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/DCMICap.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/GenEvt.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/GenEvt.dat
new file mode 100755
index 0000000..92b4c92
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/GenEvt.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/IPMICFG-Linux.x86_64 b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/IPMICFG-Linux.x86_64
new file mode 100755
index 0000000..1051cd8
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/IPMICFG-Linux.x86_64 differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MBType.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MBType.dat
new file mode 100755
index 0000000..10aa814
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MBType.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode.dat
new file mode 100755
index 0000000..518dbbe
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode2.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode2.dat
new file mode 100755
index 0000000..6cadcfc
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode2.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/Menu.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/Menu.dat
new file mode 100755
index 0000000..84a1273
--- /dev/null
+++ b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/Menu.dat
@@ -0,0 +1,96 @@
+  -m                    Show IP and MAC.
+  -m IP                 Set IP (format: ###.###.###.###).
+  -a MAC                Set MAC (format: ##:##:##:##:##:##).
+  -k                    Show Subnet Mask.
+  -k Mask               Set Subnet Mask (format: ###.###.###.###).
+  -dhcp                 Get the DHCP status.
+  -dhcp on              Enable the DHCP.
+  -dhcp off             Disable the DHCP.
+  -g                    Show Gateway IP.
+  -g IP                 Set Gateway IP (format: ###.###.###.###).
+  -r                    BMC cold reset.
+                        option: -d | Detected IPMI device for BMC reset.
+  -garp on              Enable the Gratuitous ARP.
+  -garp off             Disable the Gratuitous ARP.
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -ver                  Get Firmware revision.
+  -vlan                 Get VLAN status.
+  -vlan on <vlan tag>   Enable the VLAN and set the VLAN tag.
+                        If VLANtag is not given it uses previously saved value.
+  -vlan off             Disable the VLAN.
+  -selftest             Checking and reporting on the basic health of BMC.
+  -raw                  Send a RAW IPMI request and print response.
+                        Format: NetFn Cmd [Data1 ... DataN]
+  -fru info             Show FRU inventory area Info.
+  -fru list             Show all FRU values.
+  -fru cthelp           Show chassis type code.
+  -fru help             Show help of FRU Write.
+  -fru <field>          Show FRU field value.
+  -fru <field> <value>  Write FRU.
+  -fru 1m               Update Product-Manufacturer from DMITable to IPMI FRU.
+  -fru 1p               Update Product-Product Name from DMITable to IPMI FRU.
+  -fru 1s               Update Product-S/N from DMITable to IPMI FRU.
+  -fru 2m               Update Board-Manufacturer from DMITable to IPMI FRU.
+  -fru 2p               Update Board-Product Name from DMITable to IPMI FRU.
+  -fru 2s               Update Board-S/N from DMITable to IPMI FRU.
+  -fru 3s               Update Chassis-S/N from DMITable to IPMI FRU.
+  -fru backup <file>    Backup FRU to file <Binary format>.
+  -fru restore <file>   Restore FRU from file <Binary format>.
+  -fru tbackup <file>   Backup FRU to file <Text format>.
+  -fru trestore <file>  Restore FRU from file <Text format>.
+  -fru ver <v1> <v2>    Get/Set FRU version. (v1 v2 are BCD format)
+  -sel info             Show SEL info.
+  -sel list             Show SEL records.
+  -sel del              Delete all SEL records.
+  -sel raw              Show SEL raw data.
+  -sdr [full]           Show SDR records and reading.
+  -sdr del <sdr id>     Delete SDR record.
+  -sdr ver <v1> <v2>    Get/Set SDR version. (v1 v2 are BCD format)
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>           Set Fan Mode.
+  -pminfo [full]        Power supply PMBus health.
+  -psfruinfo            Power supply FRU health.
+  -psbbpinfo            Battery backup power status.
+  -autodischarge        Set auto discharge by days.
+   <module> <day>.      
+  -discharge <module>   Manually discharge battery.
+  -user list            List user privilege information.
+  -user help            Show user privilege code.
+  -user add <user id>   Add user.
+   <name> <password>    
+   <privilege>          
+  -user del <user id>   Delete user.
+  -user level <user id> Update user privilege.
+   <privilege>          
+  -user setpwd          Update user password.
+   <user id> <password> 
+  -conf upload <file>   Upload IPMI configuration form binary file.
+   <option>             option: -p | Bypass warning message.
+  -conf download <file> Download IPMI configuration to binary file.
+  -conf tupload <file>  Upload IPMI configuration from text file.
+   <option>             option: -p | Bypass warning message.
+  -conf tdownload       Download IPMI configuration to text file.
+   <file>               
+  -clrint               Clear chassis intrusion.
+  -reset <index>        Reset System and force to boot from device.
+  -soft <index>         Initiate a soft-shutdown for OS and force to boot from
+                        device.
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/PMBusStatus.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/PMBusStatus.dat
new file mode 100755
index 0000000..d5b8630
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/PMBusStatus.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt1.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt1.dat
new file mode 100755
index 0000000..8b10a40
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt1.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt2.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt2.dat
new file mode 100755
index 0000000..6cfe076
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt2.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt3.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt3.dat
new file mode 100755
index 0000000..aef67c7
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt3.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt4.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt4.dat
new file mode 100755
index 0000000..505e391
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt4.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt5.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt5.dat
new file mode 100755
index 0000000..fed4cfc
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt5.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/ReleaseNotes.txt b/AK/bin/IPMICFG_1.27.0_build.170620/ReleaseNotes.txt
new file mode 100755
index 0000000..dda7966
--- /dev/null
+++ b/AK/bin/IPMICFG_1.27.0_build.170620/ReleaseNotes.txt
@@ -0,0 +1,246 @@
+-------------------------------------------------------------------------------
+Supermicro IPMICFG Release Notes
+Copyright(c) 2017 by Super Micro Computer, Inc.          http://supermicro.com/
+-------------------------------------------------------------------------------
+
+-------------------------------------------------------------------------------
+Introduction
+-------------------------------------------------------------------------------
+IPMICFG is a command line tool that let user set IPMI command through keyboard
+controller style (KCS) to the device that support Intelligent Platform
+Management Interface (IPMI) version 2.0 specifications.
+
+-------------------------------------------------------------------------------
+Requirements
+-------------------------------------------------------------------------------
+ - Operating system:
+    * Microsoft DOS 5.0 or later version
+    * Windows Server 2003, 2008, 2012 (32/64bit), 2016
+         - Operating system must be pre-installed Microsoft Visual C++ 2008 SP1
+           Redistributable Package
+           Download Link:
+               http://www.microsoft.com/en-us/download/details.aspx?id=29
+         - Windows 2008 R2 x64 must be pre-installed KB3033929 patch
+           Download Link:
+               https://www.microsoft.com/en-us/download/details.aspx?id=46083
+      Windows 7/8/8.1/10:
+         - Need disabled UAC(User Account Control) or open a command prompt
+           with a run as administrator.
+         - Windows 7 x64 must be pre-installed KB3033929 patch
+           Download Link:
+               https://www.microsoft.com/en-us/download/details.aspx?id=46148
+    * Linux Kernel version 2.6.x or higher.
+      ex: Red Hat Enterprise Linux (RHEL) 6.8 and 7.2,
+          SUSE Linux Enterprise Server (SLES) 11 SP4 and 12 SP1
+          Ubuntu Server 14.04 LTS and 16.04 LTS
+    * Free Disk Space: 200 MB (Linux, Windows)
+    * Available RAM: 64 MB
+ - Hardware:
+    * Baseboard Management Controller (BMC) must support Intelligent Platform
+      Management Interface (IPMI) version 2.0 specifications.
+ - Software:
+    * -tas, -nvme commands must be installed Thin-Agent Service. The TAS
+      minimum required version is 1.4.0.
+
+-------------------------------------------------------------------------------
+Installation and Upgrade Instructions
+-------------------------------------------------------------------------------
+ - DOS
+   Execute IPMICFG.exe
+ - Windows
+   Execute IMPICFG-Win.exe
+ - Linux
+   If your system has installed OpenIPMI driver, you can enabled Linux IPMI
+   driver:
+        # /etc/init.d/ipmi start
+        or
+        # modprobe ipmi_msghandler
+        # modprobe ipmi_devintf
+        # modprobe ipmi_si
+   Then execute IPMICFG-Linux.x86 or IPMICFG-Linux.x86_64
+   
+-------------------------------------------------------------------------------
+Third Party Software
+-------------------------------------------------------------------------------
+ - Phymem
+   Please refer to
+   http://www.codeproject.com/Articles/35378/Access-Physical-Memory-Port-and-PC
+   I-Configuration for more information.
+ - IPMITool
+   Please refer to
+   http://sourceforge.net/projects/ipmitool for more information.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.27.0 build 170620
+-------------------------------------------------------------------------------
+1.  Add DCMI commands.
+2.  Add MCU ID support for 0xA5, 0xA6, 0xA7 and 0xA8 on IPMICFG with the "tp"
+    command.
+3.  Disabled Microblade "VBAT" sensor all the upper threshold value.
+4.  Fix getting PMBus's detail status has duplicate information.
+5.  Update NM commands to Node Manager 4.0.
+6.  Support ATEN 8U Superblade firmware.
+7.  Update board ID.
+8.  Update KCS driver.
+9.  Modify PMBus Revision info.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.26.0 build 161123
+-------------------------------------------------------------------------------
+1.  Support MultiNode config ID = 6 and 12.
+2.  Support MultiNode MCU ID = 0xA7.
+3.  Support TAS 1.4.0.
+4.  Update event log description in SEL command.
+5.  Presenting power module full status information in -pminfo command.
+6.  Improve NVME firmware information in "-nvme info" command.
+7.  Support the watchdog sensor in "-sdr" command.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.25.0 build 160823
+-------------------------------------------------------------------------------
+1.  Support discrete sensor.
+2.  Support NVME 48 nodes.
+3.  Update FRU chassis type.
+4.  Update board id.
+5.  Modify parameter list format.
+6.  Fix FRU fields too many characters lead to FRU wrong issue.
+7.  Add Get/Set host name command.
+8.  Update Windows KCS driver.
+9.  Fix can't boot from UEFI device issue.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.24.2 build 160517
+-------------------------------------------------------------------------------
+1.  Fix power reading is incorrect with command nm oem power.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.24.1 build 160222
+-------------------------------------------------------------------------------
+1.  Update Windows KCS driver.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.24.0 build 160105
+-------------------------------------------------------------------------------
+1.  Add TAS commands. (Not supported DOS)
+2.  Update NVME commands. (Not supported DOS)
+3.  Add summary command.
+4.  Update board id.
+5.  Update MRC Code for SEL.
+6.  Update SEL description.
+7.  Fix MCU Version value wrong issue.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.23.0 build 151106
+-------------------------------------------------------------------------------
+1.  Support MicroCloud device in tp commands.
+2.  Fix temperature sensor reading can't display negative issue.
+3.  Fix TJmax value wrong issue.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.22.0 build 150814
+-------------------------------------------------------------------------------
+1.  Update board id.
+2.  Update GUID.
+3.  When impicfg failed, error message will store to stderr variable.
+4.  When input wrong parameter, ipmicfg will print all the parameters
+    explaination and cancel pause screen mechanism. (Not supported DOS)
+5.  When use not root permission account to launch ipmicfg, ipmicfg will show
+    tip message.
+6.  Fix -sdr hang issue at SuperBlade.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.21.0 build 150615
+-------------------------------------------------------------------------------
+1.  Add BIOS MRC Code for SEL.
+2.  Add support power consumption sensor(SDR record type = 0x0b).
+3.  Add SDR Type 2 to support PS Status Compact SDR.
+4.  Update Fan mode.
+5.  Udpate SEL description and board id.
+6.  Modify FatTwin Right side node ID.
+7.  Modify TwinPro commands.
+8.  Replace KCS driver.
+9.  Update length of PWS Module Number from 12 bytes to 13 bytes.
+10. Fix memory ECC error description.
+
+-------------------------------------------------------------------------------
+Known Issues, Limitations & Restrictions
+-------------------------------------------------------------------------------
+1. 'Destination IP address' in the first entry under alerts subsection is
+   volatile as per the IPMI spec. So, this field will not be saved if restored
+   to factory defaults.
+
+2. Some parameters need IPMI OEM commands support. If not, the execute result
+   will response error message or information. The parameters include:
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>                       Set Fan Mode.
+  -pminfo                           Power supply PMBus health.
+  -psfruinfo                        Power supply FRU health.
+  -psbbpinfo                        Battery backup power status.
+  -autodischarge <module> <day>     Set auto discharge by days.
+  -discharge <module>               Manually discharge battery.
+  -conf upload <file> <option>      Upload IPMI configuration form binary file.
+                                    option: -p | Bypass warning message.
+  -conf download <file>             Download IPMI configuration to binary file.
+  -conf tupload <file> <option>     Upload IPMI configuration from text file.
+                                    option: -p | Bypass warning message.
+  -conf tdownload <file>            Download IPMI configuration to text file.
+  -clrint                           Clear chassis intrusion.
+  -reset <index>                    Reset System and force to boot from device.
+  -soft <index>                     Initiate a soft-shutdown for OS and force
+                                    to boot from device.
+  -recoverbiosinfo                  Get recovery BIOS information.
+  -reset <index>                    Reset System and force to boot from device.
+  -soft <index>                     Initiate a soft-shutdown for OS and force
+                                    to boot from device.
+  -recoverbiosinfo                  Get recovery BIOS information.
+  -nvme list                        Display the existing NVME SSD list.
+  -nvme info                        NVME SSD information.
+  -nvme rescan                      Rescan all devices by in band.
+  -nvme insert <aoc> <group> <slot> Insert SSD by out of band.
+  -nvme locate <HDD Name>           Locate SSD. (in band)
+  -nvme locate <aoc> <group> <slot> Locate SSD. (out of band)
+  -nvme stoplocate <HDD Name>           Stop Locate SSD. (in band)
+  -nvme stoplocate <aoc> <group> <slot> Stop Locate SSD. (out of band)
+  -nvme remove <HDD Name> [option]  Remove NVME device. (in band)
+        Usage: option 0: Do eject after remove (Default).
+               option 1: Do not eject after remove.
+  -nvme remove <aoc> <group> <slot> Remove NVME device. (out of band)
+  -nvme smartdata [HDD Name]        NVME SMART data.
+  -tp info                          Get MCU Info.
+  -tp info <type>                   Get MCU Type Info. (type: 1 - 3)
+  -tp nodeid                        Get Node ID.
+  -tas info                         Get TAS Information.
+  -tas pause                        Pause TAS Service.
+  -tas resume                       Resume TAS Service.
+  -tas refresh                      Trigger TAS to recollect data.
+  -tas clear                        Clear TAS collected data in BMC.
+  -tas period <sec>                 Set TAS update period <limit 5 to 60 sec>.
+  -tas exec <cmd>                   Execute a user's specified command.
+
+-------------------------------------------------------------------------------
+Technical Support
+-------------------------------------------------------------------------------
+Web Site:        www.supermicro.com
+Headquarters:    support@supermicro.com
+European Branch: support@supermicro.nl
+Asian Branch:    support@supermicro.com.tw
\ No newline at end of file
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/DCMICap.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/DCMICap.dat
new file mode 100755
index 0000000..368e2d4
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/DCMICap.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/GenEvt.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/GenEvt.dat
new file mode 100755
index 0000000..92b4c92
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/GenEvt.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/IPMICFG-Win.exe b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/IPMICFG-Win.exe
new file mode 100755
index 0000000..3bd611f
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/IPMICFG-Win.exe differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MBType.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MBType.dat
new file mode 100755
index 0000000..10aa814
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MBType.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode.dat
new file mode 100755
index 0000000..518dbbe
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode2.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode2.dat
new file mode 100755
index 0000000..6cadcfc
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode2.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/Menu.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/Menu.dat
new file mode 100755
index 0000000..da10666
--- /dev/null
+++ b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/Menu.dat
@@ -0,0 +1,96 @@
+  -m                    Show IP and MAC.
+  -m IP                 Set IP (format: ###.###.###.###).
+  -a MAC                Set MAC (format: ##:##:##:##:##:##).
+  -k                    Show Subnet Mask.
+  -k Mask               Set Subnet Mask (format: ###.###.###.###).
+  -dhcp                 Get the DHCP status.
+  -dhcp on              Enable the DHCP.
+  -dhcp off             Disable the DHCP.
+  -g                    Show Gateway IP.
+  -g IP                 Set Gateway IP (format: ###.###.###.###).
+  -r                    BMC cold reset.
+                        option: -d | Detected IPMI device for BMC reset.
+  -garp on              Enable the Gratuitous ARP.
+  -garp off             Disable the Gratuitous ARP.
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -ver                  Get Firmware revision.
+  -vlan                 Get VLAN status.
+  -vlan on <vlan tag>   Enable the VLAN and set the VLAN tag.
+                        If VLANtag is not given it uses previously saved value.
+  -vlan off             Disable the VLAN.
+  -selftest             Checking and reporting on the basic health of BMC.
+  -raw                  Send a RAW IPMI request and print response.
+                        Format: NetFn Cmd [Data1 ... DataN]
+  -fru info             Show FRU inventory area Info.
+  -fru list             Show all FRU values.
+  -fru cthelp           Show chassis type code.
+  -fru help             Show help of FRU Write.
+  -fru <field>          Show FRU field value.
+  -fru <field> <value>  Write FRU.
+  -fru 1m               Update Product-Manufacturer from DMITable to IPMI FRU.
+  -fru 1p               Update Product-Product Name from DMITable to IPMI FRU.
+  -fru 1s               Update Product-S/N from DMITable to IPMI FRU.
+  -fru 2m               Update Board-Manufacturer from DMITable to IPMI FRU.
+  -fru 2p               Update Board-Product Name from DMITable to IPMI FRU.
+  -fru 2s               Update Board-S/N from DMITable to IPMI FRU.
+  -fru 3s               Update Chassis-S/N from DMITable to IPMI FRU.
+  -fru backup <file>    Backup FRU to file <Binary format>.
+  -fru restore <file>   Restore FRU from file <Binary format>.
+  -fru tbackup <file>   Backup FRU to file <Text format>.
+  -fru trestore <file>  Restore FRU from file <Text format>.
+  -fru ver <v1> <v2>    Get/Set FRU version. (v1 v2 are BCD format)
+  -sel info             Show SEL info.
+  -sel list             Show SEL records.
+  -sel del              Delete all SEL records.
+  -sel raw              Show SEL raw data.
+  -sdr [full]           Show SDR records and reading.
+  -sdr del <sdr id>     Delete SDR record.
+  -sdr ver <v1> <v2>    Get/Set SDR version. (v1 v2 are BCD format)
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>           Set Fan Mode.
+  -pminfo [full]        Power supply PMBus health.
+  -psfruinfo            Power supply FRU health.
+  -psbbpinfo            Battery backup power status.
+  -autodischarge        Set auto discharge by days.
+   <module> <day>.      
+  -discharge <module>   Manually discharge battery.
+  -user list            List user privilege information.
+  -user help            Show user privilege code.
+  -user add <user id>   Add user.
+   <name> <password>    
+   <privilege>          
+  -user del <user id>   Delete user.
+  -user level <user id> Update user privilege.
+   <privilege>          
+  -user setpwd          Update user password.
+   <user id> <password> 
+  -conf upload <file>   Upload IPMI configuration form binary file.
+   <option>             option: -p | Bypass warning message.
+  -conf download <file> Download IPMI configuration to binary file.
+  -conf tupload <file>  Upload IPMI configuration from text file.
+   <option>             option: -p | Bypass warning message.
+  -conf tdownload       Download IPMI configuration to text file.
+   <file>               
+  -clrint               Clear chassis intrusion.
+  -reset <index>        Reset System and force to boot from device.
+  -soft <index>         Initiate a soft-shutdown for OS and force to boot from
+                        device.
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/PMBusStatus.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/PMBusStatus.dat
new file mode 100755
index 0000000..d5b8630
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/PMBusStatus.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt1.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt1.dat
new file mode 100755
index 0000000..8b10a40
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt1.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt2.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt2.dat
new file mode 100755
index 0000000..6cfe076
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt2.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt3.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt3.dat
new file mode 100755
index 0000000..aef67c7
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt3.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt4.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt4.dat
new file mode 100755
index 0000000..505e391
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt4.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt5.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt5.dat
new file mode 100755
index 0000000..fed4cfc
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt5.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/phymem32.sys b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/phymem32.sys
new file mode 100755
index 0000000..d14bac3
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/phymem32.sys differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/pmdll.dll b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/pmdll.dll
new file mode 100755
index 0000000..58e5bcb
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/pmdll.dll differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/DCMICap.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/DCMICap.dat
new file mode 100755
index 0000000..368e2d4
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/DCMICap.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/GenEvt.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/GenEvt.dat
new file mode 100755
index 0000000..92b4c92
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/GenEvt.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/IPMICFG-Win.exe b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/IPMICFG-Win.exe
new file mode 100755
index 0000000..91fb973
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/IPMICFG-Win.exe differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MBType.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MBType.dat
new file mode 100755
index 0000000..10aa814
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MBType.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode.dat
new file mode 100755
index 0000000..518dbbe
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode2.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode2.dat
new file mode 100755
index 0000000..6cadcfc
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode2.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/Menu.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/Menu.dat
new file mode 100755
index 0000000..da10666
--- /dev/null
+++ b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/Menu.dat
@@ -0,0 +1,96 @@
+  -m                    Show IP and MAC.
+  -m IP                 Set IP (format: ###.###.###.###).
+  -a MAC                Set MAC (format: ##:##:##:##:##:##).
+  -k                    Show Subnet Mask.
+  -k Mask               Set Subnet Mask (format: ###.###.###.###).
+  -dhcp                 Get the DHCP status.
+  -dhcp on              Enable the DHCP.
+  -dhcp off             Disable the DHCP.
+  -g                    Show Gateway IP.
+  -g IP                 Set Gateway IP (format: ###.###.###.###).
+  -r                    BMC cold reset.
+                        option: -d | Detected IPMI device for BMC reset.
+  -garp on              Enable the Gratuitous ARP.
+  -garp off             Disable the Gratuitous ARP.
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -ver                  Get Firmware revision.
+  -vlan                 Get VLAN status.
+  -vlan on <vlan tag>   Enable the VLAN and set the VLAN tag.
+                        If VLANtag is not given it uses previously saved value.
+  -vlan off             Disable the VLAN.
+  -selftest             Checking and reporting on the basic health of BMC.
+  -raw                  Send a RAW IPMI request and print response.
+                        Format: NetFn Cmd [Data1 ... DataN]
+  -fru info             Show FRU inventory area Info.
+  -fru list             Show all FRU values.
+  -fru cthelp           Show chassis type code.
+  -fru help             Show help of FRU Write.
+  -fru <field>          Show FRU field value.
+  -fru <field> <value>  Write FRU.
+  -fru 1m               Update Product-Manufacturer from DMITable to IPMI FRU.
+  -fru 1p               Update Product-Product Name from DMITable to IPMI FRU.
+  -fru 1s               Update Product-S/N from DMITable to IPMI FRU.
+  -fru 2m               Update Board-Manufacturer from DMITable to IPMI FRU.
+  -fru 2p               Update Board-Product Name from DMITable to IPMI FRU.
+  -fru 2s               Update Board-S/N from DMITable to IPMI FRU.
+  -fru 3s               Update Chassis-S/N from DMITable to IPMI FRU.
+  -fru backup <file>    Backup FRU to file <Binary format>.
+  -fru restore <file>   Restore FRU from file <Binary format>.
+  -fru tbackup <file>   Backup FRU to file <Text format>.
+  -fru trestore <file>  Restore FRU from file <Text format>.
+  -fru ver <v1> <v2>    Get/Set FRU version. (v1 v2 are BCD format)
+  -sel info             Show SEL info.
+  -sel list             Show SEL records.
+  -sel del              Delete all SEL records.
+  -sel raw              Show SEL raw data.
+  -sdr [full]           Show SDR records and reading.
+  -sdr del <sdr id>     Delete SDR record.
+  -sdr ver <v1> <v2>    Get/Set SDR version. (v1 v2 are BCD format)
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>           Set Fan Mode.
+  -pminfo [full]        Power supply PMBus health.
+  -psfruinfo            Power supply FRU health.
+  -psbbpinfo            Battery backup power status.
+  -autodischarge        Set auto discharge by days.
+   <module> <day>.      
+  -discharge <module>   Manually discharge battery.
+  -user list            List user privilege information.
+  -user help            Show user privilege code.
+  -user add <user id>   Add user.
+   <name> <password>    
+   <privilege>          
+  -user del <user id>   Delete user.
+  -user level <user id> Update user privilege.
+   <privilege>          
+  -user setpwd          Update user password.
+   <user id> <password> 
+  -conf upload <file>   Upload IPMI configuration form binary file.
+   <option>             option: -p | Bypass warning message.
+  -conf download <file> Download IPMI configuration to binary file.
+  -conf tupload <file>  Upload IPMI configuration from text file.
+   <option>             option: -p | Bypass warning message.
+  -conf tdownload       Download IPMI configuration to text file.
+   <file>               
+  -clrint               Clear chassis intrusion.
+  -reset <index>        Reset System and force to boot from device.
+  -soft <index>         Initiate a soft-shutdown for OS and force to boot from
+                        device.
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/PMBusStatus.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/PMBusStatus.dat
new file mode 100755
index 0000000..d5b8630
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/PMBusStatus.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt1.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt1.dat
new file mode 100755
index 0000000..8b10a40
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt1.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt2.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt2.dat
new file mode 100755
index 0000000..6cfe076
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt2.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt3.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt3.dat
new file mode 100755
index 0000000..aef67c7
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt3.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt4.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt4.dat
new file mode 100755
index 0000000..505e391
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt4.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt5.dat b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt5.dat
new file mode 100755
index 0000000..fed4cfc
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt5.dat differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/phymem64.sys b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/phymem64.sys
new file mode 100755
index 0000000..0b8798d
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/phymem64.sys differ
diff --git a/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/pmdll.dll b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/pmdll.dll
new file mode 100755
index 0000000..c3d2f58
Binary files /dev/null and b/AK/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/pmdll.dll differ
diff --git a/AK/bin/admin-stuff b/AK/bin/admin-stuff
new file mode 160000
index 0000000..6c91fc0
--- /dev/null
+++ b/AK/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
diff --git a/AK/bin/manage-gw-config b/AK/bin/manage-gw-config
new file mode 160000
index 0000000..2a96dfd
--- /dev/null
+++ b/AK/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit 2a96dfdc8f50605a84059b07e64b8ae6b41b5688
diff --git a/AK/bin/monitoring b/AK/bin/monitoring
new file mode 160000
index 0000000..0611d0a
--- /dev/null
+++ b/AK/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
diff --git a/AK/bin/postfix b/AK/bin/postfix
new file mode 160000
index 0000000..c1934d5
--- /dev/null
+++ b/AK/bin/postfix
@@ -0,0 +1 @@
+Subproject commit c1934d5bdeee88e6f5b868c7d0bdb955539d34d4
diff --git a/AK/bind/bind.keys b/AK/bind/bind.keys
new file mode 100644
index 0000000..db22d4b
--- /dev/null
+++ b/AK/bind/bind.keys
@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};
diff --git a/AK/bind/db.0 b/AK/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/AK/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/AK/bind/db.127 b/AK/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/AK/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/AK/bind/db.172.16.0.0 b/AK/bind/db.172.16.0.0
new file mode 100644
index 0000000..8198a8b
--- /dev/null
+++ b/AK/bind/db.172.16.0.0
@@ -0,0 +1,23 @@
+;
+; BIND reverse data file for local ak.netz zone
+;
+$TTL  43600
+@  IN SOA   ns-ak.ak.netz. ckubu.oopen.de. (
+      2014121401     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-ak.ak.netz.
+
+
+
+; - Fritz! Box Accesspoint
+1              IN PTR   gw-ak.ak.netz.
+
+
+; - (Caching ) Nameserver
+254            IN PTR   gw-fritz.ak.netz.
+
diff --git a/AK/bind/db.192.168.0.0 b/AK/bind/db.192.168.0.0
new file mode 100644
index 0000000..d9347a4
--- /dev/null
+++ b/AK/bind/db.192.168.0.0
@@ -0,0 +1,103 @@
+;
+; BIND reverse data file for local ak.netz zone
+;
+$TTL  43600
+@  IN SOA   ns-ak.ak.netz. ckubu.oopen.de. (
+      2016022601     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-ak.ak.netz.
+
+
+
+; - Alter Server
+1              IN PTR   at-1.ak.netz.
+
+; - Frankiermaschine
+5              IN PTR   at-5.ak.netz.
+
+; - Fileserver (neu)
+10             IN PTR   at-10.ak.netz.
+
+; IPMI
+11             IN PTR   ipmi-at-10.ak.netz.
+12             IN PTR   ipmi-at-44.ak.netz.
+
+; - w2k-Server
+14             IN PTR   at-14.ak.netz.
+
+15             IN PTR   at-15.ak.netz.
+16             IN PTR   at-16.ak.netz.
+17             IN PTR   at-17.ak.netz.
+18             IN PTR   at-18.ak.netz.
+19             IN PTR   at-19.ak.netz.
+
+; - Renate ALT
+20             IN PTR   at-20.ak.netz.
+22             IN PTR   at-22.ak.netz.
+
+; - Anke
+21             IN PTR   at-21.ak.netz.
+
+; - Renate NEU
+22             IN PTR   at-22.ak.netz.
+
+; - fibu
+23             IN PTR   at-23.ak.netz.
+
+24             IN PTR   at-24.ak.netz.
+25             IN PTR   at-25.ak.netz.
+
+; - Redaktion/Technik
+26             IN PTR   at-26.ak.netz.
+27             IN PTR   at-27.ak.netz.
+28             IN PTR   at-28.ak.netz.
+
+30             IN PTR   at-30.ak.netz.
+31             IN PTR   at-31.ak.netz.
+32             IN PTR   at-32.ak.netz.
+
+40             IN PTR   at-40.ak.netz.
+41             IN PTR   at-41.ak.netz.
+
+; - Neuer server
+;44             IN PTR   at-44.ak.netz.
+44             IN PTR   at-44.ak.netz.
+
+; - Server LAN 2
+45             IN PTR   at-45.ak.netz.
+
+; - VPN, CMS Backup
+48             IN PTR   at-48.ak.netz.
+
+; - Hans Hermann (Vertrieb)
+49             IN PTR   at-49.ak.netz.
+
+; - Redaktionsrechner (einer von 4) Jens
+50             IN PTR   at-50.ak.netz.
+
+; - dialin-adresse
+100            IN PTR   at-100.ak.netz.
+
+; - reserviert fuer Notebook Martin
+101            IN PTR   at-101.ak.netz.
+
+; - lancom-1
+102            IN PTR   at-102.ak.netz.
+
+; - nas
+103            IN PTR   at-103.ak.netz.
+
+; - Drucker
+249            IN PTR   hp-lj5000.ak.netz.
+252            IN PTR   canon-ir.ak.netz.
+253            IN PTR   canon-c5030i.ak.netz.
+
+
+; - (Caching ) Nameserver
+254            IN PTR   ns-ak.ak.netz.
+
diff --git a/AK/bind/db.192.168.128.0 b/AK/bind/db.192.168.128.0
new file mode 100644
index 0000000..ab8c384
--- /dev/null
+++ b/AK/bind/db.192.168.128.0
@@ -0,0 +1,23 @@
+;
+; BIND reverse data file for local ak.netz zone
+;
+$TTL  43600
+@  IN SOA   ns-ak.ak.netz. ckubu.oopen.de. (
+      2014121401     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-ak.ak.netz.
+
+
+
+; - Fritz! Box Accesspoint
+103            IN PTR   ap-fritz.ak.netz.
+
+
+; - (Caching ) Nameserver
+254            IN PTR   ns-ak.ak.netz.
+
diff --git a/AK/bind/db.255 b/AK/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/AK/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/AK/bind/db.ak.local b/AK/bind/db.ak.local
new file mode 100644
index 0000000..e477c1b
--- /dev/null
+++ b/AK/bind/db.ak.local
@@ -0,0 +1,135 @@
+;
+; BIND data file for local ak.local zone
+;
+$TTL  43600
+@  IN SOA   ns-ak.ak.local. ckubu.oopen.de. (
+      2016051601     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+               IN NS     ns-ak.ak.local.
+
+; - Alter Server
+at-1           IN A     192.168.0.1
+
+; - Frankiermaschine
+at-5           IN A     192.168.0.5
+
+; - Fileserver (neu)
+at-10          IN A     192.168.0.10
+at-server      IN CNAME at-10
+ldap           IN CNAME at-10
+git            IN CNAME at-10
+web            IN CNAME at-10
+wiki           IN CNAME at-10
+
+; IPMI
+ipmi-at-10     IN A     192.168.0.11
+ipmi-at-44     IN A     192.168.0.12
+ipmi           IN CNAME ipmi-at-44
+
+; - w2k-Server
+at-14          IN A     192.168.0.14
+wsus           IN CNAME at-14
+
+at-15          IN A     192.168.0.15
+at-16          IN A     192.168.0.16
+at-17          IN A     192.168.0.17
+at-18          IN A     192.168.0.18
+at-19          IN A     192.168.0.19
+
+; - Renate ALT
+at-20          IN A     192.168.0.20
+at-22          IN A     192.168.0.22
+renate         IN CNAME at-22
+; - Anke
+at-21          IN A     192.168.0.21
+anke           IN CNAME at-21
+; - Renate NEU
+at-22          IN A     192.168.0.22
+
+; - fibu
+at-23          IN A     192.168.0.23
+fibu           IN CNAME at-23
+
+at-24          IN A     192.168.0.24
+at-25          IN A     192.168.0.25
+
+; - Redaktion/Technik
+at-26          IN A     192.168.0.26
+at-27          IN A     192.168.0.27
+at-28          IN A     192.168.0.28
+
+at-30          IN A     192.168.0.30
+at-31          IN A     192.168.0.31
+at-32          IN A     192.168.0.32
+
+at-40          IN A     192.168.0.40
+at-41          IN A     192.168.0.41
+
+; - Vertrieb
+at-42          IN A     192.168.0.42
+at-43          IN A     192.168.0.43
+
+; - Neuer server
+;at-44          IN A     192.168.0.44
+at-44          IN A     192.168.0.44
+imap           IN CNAME at-44
+smtp           IN CNAME at-44
+
+; - Server LAN 2
+at-45          IN A     192.168.0.45
+
+; - VPN, CMS Backup
+at-48          IN A     192.168.0.48
+
+; - Hans Hermann (Vertrieb)
+at-49          IN A     192.168.0.49
+
+; - Redaktionsrechner (einer von 4) Jens
+at-50          IN A     192.168.0.50
+at-51          IN A     192.168.0.51
+at-52          IN A     192.168.0.52
+
+; - dialin-adresse
+at-100         IN A     192.168.0.100
+
+; - reserviert fuer Notebook Martin
+at-101         IN A     192.168.0.101
+
+; - lancom-1
+lancom-1       IN A     192.168.0.102
+
+; - nas
+nas-1          IN A     192.168.0.103
+
+; - Drucker
+hp-lj5000      IN A     192.168.0.249
+canon-ir       IN A     192.168.0.252
+canon-c5030i   IN A     192.168.0.253
+
+; (Caching ) Nameserver
+ns-ak          IN A     192.168.0.254
+ns             IN CNAME ns-ak
+nscache        IN CNAME ns-ak
+resolver       IN CNAME ns-ak
+at-254         IN CNAME ns-ak
+
+
+; - 192.168.128.0/24
+
+ap-fritz       IN A     192.168.128.103
+accesspoint    IN CNAME ap-fritz
+
+
+; - 172.16.0.0/24
+
+; - Fritz! Box 7390
+gw-fritz       IN A     172.16.0.254
+fritz.box      IN CNAME gw-fritz
+
+gw-ak          IN A     172.16.0.1
diff --git a/AK/bind/db.ak.netz b/AK/bind/db.ak.netz
new file mode 100644
index 0000000..843ee58
--- /dev/null
+++ b/AK/bind/db.ak.netz
@@ -0,0 +1,136 @@
+;
+; BIND data file for local ak.netz zone
+;
+$TTL  43600
+@  IN SOA   ns-ak.ak.netz. ckubu.oopen.de. (
+      2016051601     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+               IN NS     ns-ak.ak.netz.
+
+; - Alter Server
+at-1           IN A     192.168.0.1
+
+; - Frankiermaschine
+at-5           IN A     192.168.0.5
+
+; - Fileserver (neu)
+at-10          IN A     192.168.0.10
+at-server      IN CNAME at-10
+ldap           IN CNAME at-10
+git            IN CNAME at-10
+web            IN CNAME at-10
+wiki           IN CNAME at-10
+
+; IPMI
+ipmi-at-10     IN A     192.168.0.11
+ipmi-at-44     IN A     192.168.0.12
+ipmi           IN CNAME ipmi-at-44
+
+; - w2k-Server
+at-14          IN A     192.168.0.14
+wsus           IN CNAME at-14
+
+at-15          IN A     192.168.0.15
+at-16          IN A     192.168.0.16
+at-17          IN A     192.168.0.17
+at-18          IN A     192.168.0.18
+at-19          IN A     192.168.0.19
+
+; - Renate ALT
+at-20          IN A     192.168.0.20
+at-22          IN A     192.168.0.22
+renate         IN CNAME at-22
+
+; - Anke
+at-21          IN A     192.168.0.21
+anke           IN CNAME at-21
+; - Renate NEU
+at-22          IN A     192.168.0.22
+
+; - fibu
+at-23          IN A     192.168.0.23
+fibu           IN CNAME at-23
+
+at-24          IN A     192.168.0.24
+at-25          IN A     192.168.0.25
+
+; - Redaktion/Technik
+at-26          IN A     192.168.0.26
+at-27          IN A     192.168.0.27
+at-28          IN A     192.168.0.28
+
+at-30          IN A     192.168.0.30
+at-31          IN A     192.168.0.31
+at-32          IN A     192.168.0.32
+
+at-40          IN A     192.168.0.40
+at-41          IN A     192.168.0.41
+
+; - Vertrieb
+at-42          IN A     192.168.0.42
+at-43          IN A     192.168.0.43
+
+; - Neuer server
+;at-44          IN A     192.168.0.44
+at-44          IN A     192.168.0.44
+imap           IN CNAME at-44
+smtp           IN CNAME at-44
+
+; - Server LAN 2
+at-45          IN A     192.168.0.45
+
+; - VPN, CMS Backup
+at-48          IN A     192.168.0.48
+
+; - Hans Hermann (Vertrieb)
+at-49          IN A     192.168.0.49
+
+; - Redaktionsrechner (einer von 4) Jens
+at-50          IN A     192.168.0.50
+at-51          IN A     192.168.0.51
+at-52          IN A     192.168.0.52
+
+; - dialin-adresse
+at-100         IN A     192.168.0.100
+
+; - reserviert fuer Notebook Martin
+at-101         IN A     192.168.0.101
+
+; - lancom-1
+lancom-1       IN A     192.168.0.102
+
+; - nas
+nas-1          IN A     192.168.0.103
+
+; - Drucker
+hp-lj5000      IN A     192.168.0.249
+canon-ir       IN A     192.168.0.252
+canon-c5030i   IN A     192.168.0.253
+
+; (Caching ) Nameserver
+ns-ak          IN A     192.168.0.254
+ns             IN CNAME ns-ak
+nscache        IN CNAME ns-ak
+resolver       IN CNAME ns-ak
+at-254         IN CNAME ns-ak
+
+
+; - 192.168.128.0/24
+
+ap-fritz       IN A     192.168.128.103
+accesspoint    IN CNAME ap-fritz
+
+
+; - 172.16.0.0/24
+
+; - Fritz! Box 7390
+gw-fritz       IN A     172.16.0.254
+fritz.box      IN CNAME gw-fritz
+
+gw-ak          IN A     172.16.0.1
diff --git a/AK/bind/db.empty b/AK/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/AK/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/AK/bind/db.k1371.dyndns.org b/AK/bind/db.k1371.dyndns.org
new file mode 100644
index 0000000..9ffd276
--- /dev/null
+++ b/AK/bind/db.k1371.dyndns.org
@@ -0,0 +1,17 @@
+;
+; BIND data file for k1371.dyndns.org zone
+;
+$TTL  43600
+@  IN SOA   ns-ak.ak.netz. ckubu.oopen.de. (
+      2016051601     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+               IN NS     ns-ak.ak.netz.
+
+;@              IN A 192.168.0.44
+@              IN A 192.168.0.10
diff --git a/AK/bind/db.local b/AK/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/AK/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/AK/bind/db.root b/AK/bind/db.root
new file mode 100644
index 0000000..f0b79d2
--- /dev/null
+++ b/AK/bind/db.root
@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file
diff --git a/AK/bind/named.conf b/AK/bind/named.conf
new file mode 100644
index 0000000..880786a
--- /dev/null
+++ b/AK/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/AK/bind/named.conf.default-zones b/AK/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/AK/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/AK/bind/named.conf.local b/AK/bind/named.conf.local
new file mode 100644
index 0000000..b4edad2
--- /dev/null
+++ b/AK/bind/named.conf.local
@@ -0,0 +1,38 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+zone "ak.local" {
+   type master;
+   file "/etc/bind/db.ak.local";
+};
+
+zone "ak.netz" {
+   type master;
+   file "/etc/bind/db.ak.netz";
+};
+
+zone "0.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.0.0";
+};
+
+zone "128.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.128.0";
+};
+
+zone "0.16.172.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.172.16.0.0";
+};
+
+
+zone "k1371.dyndns.org" {
+   type master;
+   file "/etc/bind/db.k1371.dyndns.org";
+};
diff --git a/AK/bind/named.conf.local.ORIG b/AK/bind/named.conf.local.ORIG
new file mode 100644
index 0000000..7a57b10
--- /dev/null
+++ b/AK/bind/named.conf.local.ORIG
@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
diff --git a/AK/bind/named.conf.options b/AK/bind/named.conf.options
new file mode 100644
index 0000000..d19a195
--- /dev/null
+++ b/AK/bind/named.conf.options
@@ -0,0 +1,110 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+   /*
+   forwarders {
+      // OpenDNS servers
+      208.67.222.222;
+      208.67.220.220;
+      // DNS-Cache des CCC
+      213.73.91.35;
+      // ISP DNS Servers
+      217.0.43.193;
+      194.25.2.129;
+   };
+   */
+
+
+   // Security options
+   listen-on port 53 {
+      127.0.0.1;
+      192.168.0.254;
+      172.16.0.1;
+   };
+   allow-query {
+      127.0.0.1;
+      192.168.0.0/16;
+      172.16.0.0/16;
+      10.0.0.0/8;
+      #fe80::/8;
+      #::1/128;
+   };
+   allow-recursion {
+      127.0.0.1;
+      192.168.0.0/16;
+      172.16.0.0/16;
+      10.0.0.0/16;
+      #fe80::/8;
+      #::1/128;
+   };
+   allow-transfer { none; };
+
+	auth-nxdomain no;    # conform to RFC1035
+
+   // turns off IPv6
+   listen-on-v6 { none; };
+
+   // turns on IPv6 for port 53
+   /*
+	listen-on-v6 { 
+      ::1;
+   };
+   */
+
+};
+
+logging {
+   channel simple_log {
+      file "/var/log/named/bind.log" versions 3 size 5m;
+      severity warning;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   channel queries_log {
+      file "/var/log/named/query.log" versions 5 size 2m;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category no;
+   };
+   channel log_zone_transfers {
+      file "/var/log/named/axfr.log" versions 3 size 2m;
+      //severity info;
+      severity debug 4;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   category resolver {
+      queries_log;
+   };
+   category queries {
+      queries_log;
+   };
+   category xfer-in {
+      log_zone_transfers;
+   };
+   category xfer-out {
+      log_zone_transfers;
+   };
+   category notify {
+      log_zone_transfers;
+   };
+   category default{
+      simple_log;
+   };
+};
diff --git a/AK/bind/named.conf.options.ORIG b/AK/bind/named.conf.options.ORIG
new file mode 100644
index 0000000..b1bef51
--- /dev/null
+++ b/AK/bind/named.conf.options.ORIG
@@ -0,0 +1,26 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/AK/bind/rndc.key b/AK/bind/rndc.key
new file mode 100644
index 0000000..13f02ee
--- /dev/null
+++ b/AK/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "ckecWIFiA+MZIA/mQdCjxQ==";
+};
diff --git a/AK/bind/zones.rfc1918 b/AK/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/AK/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/AK/cron_root.AK b/AK/cron_root.AK
new file mode 100644
index 0000000..5f660d7
--- /dev/null
+++ b/AK/cron_root.AK
@@ -0,0 +1,40 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.WePILJ/crontab installed on Wed Feb 28 14:42:06 2018)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+PATH=/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# - Check if postfix mailservice is running. Restart service if needed.
+# -
+*/10 * * * * /root/bin/monitoring/check_postfix.sh
+
+# - Copy gateway configuration
+# -
+09 4 * * * /root/bin/manage-gw-config/copy_gateway-config.sh AK
+
+
+# - Poweroff machine at 2018-03-07 11:50h
+# -
+55 11 * * * /root/bin/admin-stuff/machine_poweroff.sh 2018-03-07
+
diff --git a/AK/ddclient.conf.AK b/AK/ddclient.conf.AK
new file mode 100644
index 0000000..545b2c2
--- /dev/null
+++ b/AK/ddclient.conf.AK
@@ -0,0 +1,14 @@
+# Configuration file for ddclient generated by debconf
+#
+# /etc/ddclient.conf
+
+protocol=dyndns2
+use=web, web=checkip.dyndns.com, web-skip='IP Address'
+server=members.dyndns.org
+login=ckubu
+password=7213b4e6178a11e6ab1362f831f6741e
+k1371.homelinux.org
+
+ssl=yes
+#mail=argus@oopen.de
+#mail-failure=root
diff --git a/AK/default_isc-dhcp-server.AK b/AK/default_isc-dhcp-server.AK
new file mode 100644
index 0000000..df30daa
--- /dev/null
+++ b/AK/default_isc-dhcp-server.AK
@@ -0,0 +1,21 @@
+# Defaults for isc-dhcp-server initscript
+# sourced by /etc/init.d/isc-dhcp-server
+# installed at /etc/default/isc-dhcp-server by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPD_CONF=/etc/dhcp/dhcpd.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPD_PID=/var/run/dhcpd.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACES=""
diff --git a/AK/dhcpd.conf.AK b/AK/dhcpd.conf.AK
new file mode 100644
index 0000000..9e74fdf
--- /dev/null
+++ b/AK/dhcpd.conf.AK
@@ -0,0 +1,277 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.0.255;
+
+
+option domain-name "ak.local";
+option domain-name-servers 192.168.0.254;
+#option domain-name "example.org";
+#option domain-name-servers ns1.example.org, ns2.example.org;
+option routers 192.168.0.254;
+
+
+default-lease-time 86400;
+max-lease-time 259200;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+subnet 192.168.0.0 netmask 255.255.255.0 {
+
+   # --- 192.168.0.128/27 ---
+   # network address....: 192.168.0.128
+   # Broadcast address..: 192.168.0.191
+   # netmask............: 255.255.255.192
+   # network range......: 192.168.0.128 - 192.168.0.191
+   # Usable range.......: 192.168.0.129 - 192.168.0.190
+
+   range 192.168.0.129 192.168.0.190;
+   option domain-name "ak.local";
+   option subnet-mask 255.255.255.0;
+   option broadcast-address 192.168.0.255;
+   option domain-name-servers 192.168.0.254;
+   option routers 192.168.0.254;
+   default-lease-time 86400;
+   max-lease-time 259200;
+
+}
+
+## - Drucker
+## -
+host canon-c5030i {
+   hardware ethernet 00:1e:8f:2f:8e:c7;
+   fixed-address canon-c5030i.ak.local;
+}
+#host hp-lj5000 {
+#   hardware ethernet ;
+#   fixed-address hp-lj5000.ak.local;
+#}
+
+
+## - Uralter Server
+host at-1 {
+   hardware ethernet 00:11:11:f1:fb:a7;
+   fixed-address at-1.ak.local;
+}
+
+host at-10 {
+   hardware ethernet 0c:c4:7a:b3:46:1e;
+   fixed-address at-10.ak.local;
+}
+
+## - renate
+host at-22 {
+   hardware ethernet 70:4d:7b:29:bf:97;
+   fixed-address at-22.ak.local;
+}
+
+## - fibu
+host at-23 {
+   hardware ethernet 00:19:db:68:bc:93;
+   fixed-address at-23.ak.local;
+}
+
+host at-24 {
+   hardware ethernet 00:1d:92:06:ee:60;
+   fixed-address at-24.ak.local;
+}
+
+host at-26 {
+   hardware ethernet 00:0b:6a:18:a4:e4;
+   fixed-address at-26.ak.local;
+}
+
+host at-29 {
+   hardware ethernet 00:0c:29:43:7a:17;
+   fixed-address at-29.ak.local;
+}
+
+host at-30 {
+   hardware ethernet 6c:f0:49:00:61:31;
+   fixed-address at-30.ak.local;
+}
+
+host at-31 {
+   hardware ethernet 6c:f0:49:00:5a:fa;
+   fixed-address at-31.ak.local;
+}
+
+host at-32 {
+   hardware ethernet 6c:f0:49:7b:d7:42;
+   fixed-address at-32.ak.local;
+}
+
+## - Vertrieb
+host at-42 {
+   #hardware ethernet 44:8a:5b:85:50:81;
+   hardware ethernet 00:0C:29:D4:51:85;
+   fixed-address at-42.ak.local;
+}
+
+## - Neuer server (LAN 1)
+host at-44 {
+   hardware ethernet 00:25:90:34:3A:44;
+   fixed-address at-44.ak.local;
+}
+
+## - VPN, CMS Backup
+host at-48 {
+   hardware ethernet 08:60:6e:55:44:13;
+   fixed-address at-48.ak.local;
+}
+
+host at-49 {
+   hardware ethernet 44:8A:5B:85:50:81;
+   fixed-address at-49.ak.local;
+}
+
+## - Redaktionsrechner (einer von 4) Jens
+host at-52 {
+   hardware ethernet 00:1d:7d:02:6a:15;
+   fixed-address at-52.ak.local;
+}
+
+## - reserviert fuer Notebook Martin
+host at-101 {
+   hardware ethernet 00:0c:29:69:9e:71;
+   fixed-address at-101.ak.local;
+}
+
+## - lancom-1
+host at-102 {
+   hardware ethernet 02:A0:57:12:BB:D1;
+   fixed-address at-102.ak.local;
+}
+
+## - nas^
+host at-103 {
+   hardware ethernet 00:16:01:BB:25:31;
+   fixed-address at-103.ak.local;
+}
+
+#host at- {
+#   hardware ethernet ;
+#   fixed-address at-.ak.local;
+#}
+
+subnet 172.16.0.0 netmask 255.255.255.0 {
+}
+
+subnet 192.168.128.0 netmask 255.255.255.0 {
+
+   # --- 192.168.128.128/27 ---
+   # network address....: 192.168.128.128
+   # Broadcast address..: 192.168.128.191
+   # netmask............: 255.255.255.192
+   # network range......: 192.168.128.128 - 192.168.128.191
+   # Usable range.......: 192.168.128.129 - 192.168.128.190
+
+   range 192.168.128.129 192.168.128.190;
+   option domain-name "ak.local";
+   option subnet-mask 255.255.255.0;
+   option broadcast-address 192.168.128.255;
+   option domain-name-servers 192.168.0.254;
+   option routers 192.168.128.254;
+   default-lease-time 86400;
+   max-lease-time 259200;
+
+}
+
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/AK/dhcpd6.conf.AK b/AK/dhcpd6.conf.AK
new file mode 100644
index 0000000..87786b4
--- /dev/null
+++ b/AK/dhcpd6.conf.AK
@@ -0,0 +1,102 @@
+# Server configuration file example for DHCPv6
+# From the file used for TAHI tests - addresses chosen
+# to match TAHI rather than example block.
+
+# IPv6 address valid lifetime
+#  (at the end the address is no longer usable by the client)
+#  (set to 30 days, the usual IPv6 default)
+default-lease-time 2592000;
+
+# IPv6 address preferred lifetime
+#  (at the end the address is deprecated, i.e., the client should use
+#   other addresses for new connections)
+#  (set to 7 days, the	usual IPv6 default)
+preferred-lifetime 604800;
+
+# T1, the delay before Renew
+#  (default is 1/2 preferred lifetime)
+#  (set to 1 hour)
+option dhcp-renewal-time 3600;
+
+# T2, the delay before Rebind (if Renews failed)
+#  (default is 3/4 preferred lifetime)
+#  (set to 2 hours)
+option dhcp-rebinding-time 7200;
+
+# Enable RFC 5007 support (same than for DHCPv4)
+allow leasequery;
+
+# Global definitions for name server address(es) and domain search list
+option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
+option dhcp6.domain-search "test.example.com","example.com";
+
+# Set preference to 255 (maximum) in order to avoid waiting for
+# additional servers when there is only one
+##option dhcp6.preference 255;
+
+# Server side command to enable rapid-commit (2 packet exchange)
+##option dhcp6.rapid-commit;
+
+# The delay before information-request refresh
+#  (minimum is 10 minutes, maximum one day, default is to not refresh)
+#  (set to 6 hours)
+option dhcp6.info-refresh-time 21600;
+
+# Static definition (must be global)
+#host myclient {
+#	# The entry is looked up by this
+#	host-identifier option
+#		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
+#
+#	# A fixed address
+#	fixed-address6 3ffe:501:ffff:100::1234;
+#
+#	# A fixed prefix
+#	fixed-prefix6 3ffe:501:ffff:101::/64;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
+#
+#	# For debug (to see when the entry statements are executed)
+#	#  (log "sol" when a matching Solicitation is received)
+#	##if packet(0,1) = 1 { log(debug,"sol"); }
+#}
+#
+#host otherclient {
+#        # This host entry is hopefully matched if the client supplies a DUID-LL
+#        # or DUID-LLT containing this MAC address.
+#        hardware ethernet 01:00:80:a2:55:67;
+#
+#        fixed-address6 3ffe:501:ffff:100::4321;
+#}
+
+# The subnet where the server is attached
+#  (i.e., the server has an address in this subnet)
+#subnet6 3ffe:501:ffff:100::/64 {
+#	# Two addresses available to clients
+#	#  (the third client should get NoAddrsAvail)
+#	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
+#
+#	# Use the whole /64 prefix for temporary addresses
+#	#  (i.e., direct application of RFC 4941)
+#	range6 3ffe:501:ffff:100:: temporary;
+#
+#	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
+#	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
+#}
+
+# A second subnet behind a relay agent
+#subnet6 3ffe:501:ffff:101::/64 {
+#	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
+#
+#}
+
+# A third subnet behind a relay agent chain
+#subnet6 3ffe:501:ffff:102::/64 {
+#	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
+#}
diff --git a/AK/hostname.AK b/AK/hostname.AK
new file mode 100644
index 0000000..6495957
--- /dev/null
+++ b/AK/hostname.AK
@@ -0,0 +1 @@
+at-254
diff --git a/AK/hosts.AK b/AK/hosts.AK
new file mode 100644
index 0000000..ec11030
--- /dev/null
+++ b/AK/hosts.AK
@@ -0,0 +1,7 @@
+127.0.0.1	localhost
+127.0.1.1	at-254.ak.netz	at-254
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/AK/interfaces.AK b/AK/interfaces.AK
new file mode 100644
index 0000000..656e896
--- /dev/null
+++ b/AK/interfaces.AK
@@ -0,0 +1,33 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+#allow-hotplug eth2
+
+auto eth2
+iface eth2 inet static
+   address 172.16.0.1
+   network 172.16.0.0
+   netmask 255.255.255.0
+   gateway 172.16.0.254
+   broadcast 172.16.0.255
+
+
+
+auto eth1
+iface eth1 inet static
+   address 192.168.0.254
+   network 192.168.0.0
+   netmask 255.255.255.0
+   broadcast 192.168.0.255
+
+auto eth0
+iface eth0 inet static
+   address 192.168.128.254
+   network 192.168.128.0
+   netmask 255.255.255.0
+   broadcast 192.168.128.255
diff --git a/AK/ipt-firewall.AK b/AK/ipt-firewall.AK
new file mode 100755
index 0000000..2b7b323
--- /dev/null
+++ b/AK/ipt-firewall.AK
@@ -0,0 +1,982 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# Load appropriate modules.
+/sbin/modprobe ip_tables
+/sbin/modprobe iptable_nat > /dev/null 2>&1
+
+## -Load modules for FTP Connection tracking and NAT
+## -
+/sbin/modprobe ip_conntrack > /dev/null 2>&1
+/sbin/modprobe ip_conntrack_ftp > /dev/null 2>&1
+/sbin/modprobe ip_nat_ftp > /dev/null 2>&1
+
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_to_lo=false
+log_blocked=false
+log_rejected=false
+
+# IP's / IP-Ranges to block
+#
+#    222.184.0.0 CHINANET-JS
+#    61.160.0.0/16 - CHINANET-JS
+#    116.8.0.0/14 CHINANET-GX
+#    70.42.149.69 - ssh attack 30.06.2014
+#
+blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14 70.42.149.69"
+
+
+ipt="/sbin/iptables"
+
+## - external interface
+## -
+ext_if="eth0"
+
+ext_ip="172.16.0.1"
+
+
+## - VPN interface
+## -
+vpn_if="tun+"
+
+
+## - local interfaces
+## -
+local_if_1="eth1+"
+local_if_2="eth2+"
+
+
+local_ip="192.168.0.254"
+local_net_1="192.168.0.0/24"
+
+
+## - local Services
+## -
+webmail="192.168.0.44"
+mail_server="192.168.0.44"
+mail_server_alt="192.168.0.1"
+ak_web="192.168.0.44"
+at_10="192.168.0.10"
+ftp_server="192.168.0.44"
+ldap_server="192.168.0.44"
+
+
+## - Ports
+## -
+ssh_port=22
+mail_user_ports="465,587,58736,995,993"
+www_ports="80,443"
+www_ports_akweb="81"
+www_extra_ports="8080,8443"
+
+# unpriviligierte Ports
+unprivports="1024:65535"
+
+loopback="127.0.0.0/8"
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+class_d_multicast="224.0.0.0/4"
+class_e_reserved="240.0.0.0/5"
+
+broadcast_addr="83.223.85.255"
+
+## - IP Forwarding aktivieren
+## -
+echo 1 > /proc/sys/net/ipv4/ip_forward
+echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+
+
+## - Reduce DoS'ing ability by reducing timeouts
+## -
+echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+echo 0 > /proc/sys/net/ipv4/tcp_sack
+echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+
+## - SYN COOKIES
+## -
+echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+
+
+## - Schutz gegen gefälschte Fehlermeldungen einschalten.
+## -
+echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+
+
+## - Ignorieren von broadcast Pings
+## -
+echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+
+
+## - NO SOURCE ROUTE
+## -
+## - Sperren von quellbasierendem Paket-Routing
+## -
+for asr in /proc/sys/net/ipv4/conf/*/accept_source_route; do
+   echo 0 > $asr
+done
+
+
+## - Keine ICMP Umleitungspakete akzeptieren.
+## -
+## - Diese können zur Veränderung der Routing Tables verwendet 
+## - werden, möglicherweise mit einem böswilligen Ziel. 
+## - 
+echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
+
+## - ANTISPOOFING
+## -
+## - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+## - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+## - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+## - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+## - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+## - nicht voll funktionsfähig ist. 
+## -
+for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter; do
+   echo 1 > $rp_filter
+done
+
+
+## - NUMBER OF CONNECTIONS TO TRACK
+## -
+echo "65535" > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
+
+
+## - Protokollieren von Paketen die gespoofed sind, quellbasierendes 
+## - Routing verwenden oder Umleitungen sind.
+## -
+#echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
+
+
+while read p; do
+   case $p in
+   -*) $ipt $p;;
+   esac
+done << EOR
+## - flush chains
+## -
+-F
+-F INPUT
+-F OUTPUT
+-F FORWARD
+-F -t mangle
+-F -t nat
+-X
+-Z
+
+## - default policies
+## -
+-P INPUT ACCEPT
+-P OUTPUT ACCEPT
+-P FORWARD ACCEPT
+
+-t nat -P PREROUTING ACCEPT
+-t nat -P POSTROUTING ACCEPT
+
+#-t nat -A POSTROUTING -o $ext_if -j MASQUERADE
+-I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+## - Fritz!BOX 7390 via VPN
+## -
+-t nat -A POSTROUTING -o $ext_if -p tcp -s 10.0.0.0/8 -d 172.16.0.254 --dport 80 -j MASQUERADE
+
+## - Fritz!BOX (AcccessPoint) via VPN
+## -
+-t nat -A POSTROUTING -o $local_if_2 -p tcp -s 10.0.0.0/24 -d 192.168.128.103 --dport 80 -j MASQUERADE
+
+
+EOR
+
+case $1 in
+   sto*) exit 0;;
+esac
+#$ipt -A FORWARD -i $local_if_1 -o $local_if_2 -p ALL -m state --state NEW -j ACCEPT
+#$ipt -A FORWARD -i $local_if_2 -o $local_if_1 -p ALL -m state --state NEW -j ACCEPT
+
+$ipt -A INPUT -s 192.168.63.0/24 -j ACCEPT
+$ipt -A FORWARD -s 192.168.63.0/24 -j ACCEPT
+$ipt -A FORWARD -d 192.168.63.0/24 -j ACCEPT
+$ipt -A OUTPUT -d 192.168.63.0/24 -j ACCEPT
+
+
+## - Protection against syn-flooding
+## -
+## - chains to DROP too many SYNs
+## -
+$ipt -N syn-flood
+$ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+if $log_syn_flood || $log_all ; then
+   $ipt -A syn-flood -j LOG --log-prefix "IPv4: SYN flood: " --log-level debug
+fi
+$ipt -A syn-flood -j DROP
+
+
+## FRAGMENTS
+# I have to say that fragments scare me more than anything.
+# Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+# Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+# fragments is very OS-dependent (see this paper for details).
+# I am not going to trust any fragments.
+# Log fragments just to see if we get any, and deny them too.
+if $log_fragments || $log_all ; then
+   $ipt -A INPUT -i $ext_if -f -j LOG --log-prefix "IPv4: IPTABLES FRAGMENTS: " --log-level debug
+fi
+$ipt -A INPUT -i $ext_if -f -j DROP
+
+
+## - drop new packages without syn flag
+## -
+if $log_new_not_sync || $log_all  ; then
+   $ipt -A INPUT -p tcp ! --syn -m state --state NEW -j  LOG --log-prefix "IPv4: New but not SYN: " --log-level debug
+   $ipt -A OUTPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "IPv4: New but not SYN: " --log-level debug
+fi
+$ipt -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
+$ipt -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP
+
+
+## - drop invalid packages
+## -
+if $log_invalid_state || $log_all  ; then
+   $ipt -A INPUT -m state --state INVALID -j LOG --log-prefix "IPv4: Invalid state: " --log-level debug
+fi
+$ipt -A INPUT -m state --state INVALID -j DROP
+
+
+## - ungewöhnliche Flags verwerfen
+## -
+if $log_invalid_flags || $log_all ; then
+   $ipt -A INPUT -i $ext_if -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "IPv4: Invalid flags: " --log-level debug
+   $ipt -A INPUT -i $ext_if -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "IPv4: Invalid flags: " --log-level debug
+   $ipt -A INPUT -i $ext_if -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "IPv4: Invalid flags: " --log-level debug
+fi
+$ipt -A INPUT -i $ext_if -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+$ipt -A INPUT -i $ext_if -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+$ipt -A INPUT -i $ext_if -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+
+
+## - private Adressen auf externen interface verwerfen
+## -
+
+# Refuse spoofed packets pretending to be from your IP address.
+if $log_spoofed || $log_all ; then
+   $ipt -A INPUT -i $ext_if -s $ext_ip -j LOG --log-prefix "IPv4: Spoofed (own ip): " --log-level debug
+fi
+$ipt -A INPUT -i $ext_if -s $ext_ip -j DROP
+
+
+# Refuse packets claiming to be from a 
+#   Class A private network
+#   Class B private network
+#   Class C private network
+#   loopback interface
+#   Class D multicast address
+#   Class E reserved IP address
+#   broadcast address
+if $log_spoofed || $log_all ; then
+   $ipt -A INPUT -i $ext_if -s $priv_class_a -j LOG --log-prefix "IPv4: Class A private net: " --log-level debug
+   #$ipt -A INPUT -i $ext_if -s $priv_class_b -j LOG --log-prefix "IPv4: Class B private net: " --log-level debug
+   $ipt -A INPUT -i $ext_if -s $priv_class_c -j LOG --log-prefix "IPv4: Class C private net: " --log-level debug
+   $ipt -A INPUT -i $ext_if -s $loopback -j LOG --log-prefix "IPv4: From Loopback: " --log-level debug
+   $ipt -A INPUT -i $ext_if -s $class_d_multicast -j LOG --log-prefix "IPv4: Class D Multicast: " --log-level debug
+   $ipt -A INPUT -i $ext_if -s $class_e_reserved -j LOG --log-prefix "IPv4: Class E reserved: " --log-level debug
+   $ipt -A INPUT -i $ext_if -d $broadcast_addr -j LOG --log-prefix "IPv4: Broadcast Address: " --log-level debug
+fi
+# Refuse packets claiming to be from a Class A private network.
+$ipt -A INPUT -i $ext_if -s $priv_class_a -j DROP
+# Refuse packets claiming to be from a Class B private network.
+#$ipt -A INPUT -i $ext_if -s $priv_class_b -j DROP
+# Refuse packets claiming to be from a Class C private network.
+$ipt -A INPUT -i $ext_if -s $priv_class_c -j DROP
+# Refuse packets claiming to be from loopback interface.
+$ipt -A INPUT -i $ext_if -s $loopback -j DROP
+# Refuse Class D multicast addresses. Multicast is illegal as a source address.
+$ipt -A INPUT -i $ext_if -s $class_d_multicast -j DROP
+# Refuse Class E reserved IP addresses.
+$ipt -A INPUT -i $ext_if -s $class_e_reserved -j DROP
+# Refuse broadcast address packets.
+$ipt -A INPUT -i $ext_if -d $broadcast_addr -j DROP
+
+
+# Refuse packets claiming to be to the loopback interface.
+# Refusing packets claiming to be to the loopback interface protects against
+# source quench, whereby a machine can be told to slow itself down by an icmp source
+# quench to the loopback.
+if $log_to_lo || $log_all ; then
+   $ipt -A INPUT -i $ext_if -d $loopback -j LOG --log-prefix "IPv4: To Loopback: " --log-level debug
+fi
+$ipt -A INPUT -i $ext_if -d $loopback -j DROP
+
+
+# Don't allow spoofing from that server
+$ipt -A OUTPUT -o $ext_if -s $priv_class_a -j DROP
+#$ipt -A OUTPUT -o $ext_if -s $priv_class_b -j DROP
+#$ipt -A OUTPUT -o $ext_if -s $priv_class_c -j DROP
+$ipt -A OUTPUT -o $ext_if -s $loopback -j DROP
+
+
+# ------------- CHINANET-JS  222.184.0.0 - 222.191.255.255 -------------
+#
+for _ip in $blocked_ips ; do
+   if $log_blocked || $log_all ; then
+      $ipt -A INPUT -i $ext_if -s $_ip -j LOG --log-prefix "IPv4: Blocked ${_ip}: " --log-level debug
+   fi
+   $ipt -A INPUT -p ALL -s $_ip -j DROP
+done
+#
+# ------------- Ende: CHINANET-JS  222.184.0.0 - 222.191.255.255 -------------
+
+
+## - We don't want these packages on gatewy
+# 
+# --- We are not a cups server
+$ipt -A INPUT -i $local_if_1 -p tcp --sport 631 -j DROP
+$ipt -A INPUT -i $local_if_1 -p udp --sport 631 -j DROP
+# --- No NETBIOS Packages
+# -- LAN
+$ipt -A INPUT -p udp -i $local_if_1 --dport 137:139 -j DROP
+$ipt -A INPUT -p tcp -i $local_if_1 --dport 137:139 -j DROP
+$ipt -A INPUT -p tcp -i $local_if_1 --dport 445 -j DROP
+## - WLAN (LAN2)
+$ipt -A INPUT -p udp -i $local_if_2 --dport 137:139 -j DROP
+$ipt -A INPUT -p tcp -i $local_if_2 --dport 137:139 -j DROP
+$ipt -A INPUT -p tcp -i $local_if_2 --dport 445 -j DROP
+
+
+echo "Starting firewall iptables (IpV4).."
+
+while read r; do
+   case $r in
+      -*) $ipt $r;;
+   esac
+done << EOR
+
+
+# ------------- das loopbackdevice -------------
+# alles erlaubt
+#
+-A INPUT -i lo -j ACCEPT
+-A OUTPUT -o lo -j ACCEPT
+#
+# ---------- Ende: das loopbackdevice ----------
+
+
+
+# ---------- alle Anfragen aus den internen Netzen nach draussen -------------
+#
+-A FORWARD  -o $ext_if -p ALL -m state --state NEW -j ACCEPT
+#
+# ---------- Ende: alle Anfragen aus den internen Netzen nach draussen ----------
+
+
+
+# ------------- Zugriffe zwischen WLAN und LAN  -------------
+#
+# Drucker IP-Adressen freigeben
+# - hp-lj5000
+#-A FORWARD -i $local_if_2 -d 192.168.0.249 -p ALL -m state --state NEW -j ACCEPT
+-A FORWARD -i $local_if_2 -d 192.168.0.249 -p ALL -j ACCEPT
+-A FORWARD -o $local_if_2 -s 192.168.0.249 -p ALL -j ACCEPT
+# - canon-c5030i
+#-A FORWARD -i $local_if_2 -d 192.168.0.253 -p ALL -m state --state NEW -j ACCEPT
+-A FORWARD -i $local_if_2 -d 192.168.0.253 -p ALL -j ACCEPT
+-A FORWARD -o $local_if_2 -s 192.168.0.253 -p ALL -j ACCEPT
+#
+# Samba Ports auf at-44
+-A FORWARD -i $local_if_2 -p udp -d 192.168.0.44 --dport 137:139 -m state --state NEW -j ACCEPT
+-A FORWARD -i $local_if_2 -p tcp -d 192.168.0.44 --dport 137:139 -m state --state NEW -j ACCEPT
+-A FORWARD -i $local_if_2 -p tcp -d 192.168.0.44 --dport 445 -m state --state NEW -j ACCEPT
+#
+#
+# ---------- Ende: Zugriffe zwischen WLAN und LAN ----------
+
+
+
+# ------------- zwischen lokalen Netzen -------------
+#
+#
+#-A FORWARD -i $local_if_1 -o $local_if_2 -p ALL -m state --state NEW -j ACCEPT
+#-A FORWARD -i $local_if_2 -o $local_if_1 -p ALL -m state --state NEW -j ACCEPT
+#
+# - needed because sometimes i add temporarily other networks to that interface
+#
+#-A FORWARD -i $local_if_1 -o $local_if_1 -j ACCEPT
+#
+# ---------- Ende: zwischen lokalen Netzen ----------
+
+
+# ------------- betsehende Verbindungen -------------
+# bereits bestehende Verbindungen durchlassen
+#
+# -- rein --
+#
+-A INPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
+#
+# -- raus --
+#
+-A OUTPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
+#
+# foreward
+#
+-A FORWARD -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
+#
+
+# ---------- Ende betsehende Verbindungen -----------
+
+
+#############################################################
+# ----------------- Konfiguration  VPN   ------------------ #
+
+# -- initial via internet
+#
+-A INPUT -p udp  -i $ext_if --dport 1194 -m state --state NEW -j ACCEPT
+-A INPUT -p udp  -i $ext_if --dport 1195 -m state --state NEW -j ACCEPT
+#
+# -- initial via lan1
+-A INPUT -p udp  -i $local_if_1 --dport 1194 -m state --state NEW -j ACCEPT
+#
+# -- initial via lan2
+-A INPUT -p udp  -i $local_if_2 --dport 1194 -m state --state NEW -j ACCEPT
+#
+# ausgehende Anfragen
+#
+#-A OUTPUT -o $ext_if -p udp --dport 1194 -m state --state NEW -j ACCEPT
+#
+# forward
+#
+-A FORWARD -o $ext_if -p udp --dport 1194 -m state --state NEW -j ACCEPT
+#
+# -- alles via vpn device zulassen/durchrouten
+#
+-A INPUT -i $vpn_if -j ACCEPT
+-A OUTPUT -o $vpn_if -j ACCEPT
+-A FORWARD -i $vpn_if -j ACCEPT
+-A FORWARD -o $vpn_if -j ACCEPT
+
+# ------------ Ende Konfiguration  VPN -------------------- #
+#############################################################
+
+
+# ------------- smbclient / smbmount -------------
+#
+-A OUTPUT -o $local_if_1 -p tcp --dport 445 -j ACCEPT
+-A OUTPUT -o $local_if_1 -p tcp --dport 137:139 -j ACCEPT
+#
+# ---------- Ende smbclient / smbmount -----------
+
+
+# ------------- grundsaetzlich ablehnen -------------
+# reinlaufenden windows kram
+#
+-A INPUT -p udp -i $ext_if --dport 137:139 -j DROP
+-A INPUT -p tcp -i $ext_if --dport 137:139 -j DROP
+-A INPUT -p tcp -i $ext_if --dport 445 -j DROP
+#
+# .. und forwards
+#
+-A FORWARD -i $local_if_1 -o $ext_if -p tcp  --dport 137:139 -j DROP
+-A FORWARD -i $local_if_1 -o $ext_if -p tcp  --dport 445 -j DROP
+#
+#
+# authentication tap ident
+#
+-A INPUT -p tcp -i $ext_if --dport 113 -j REJECT --reject-with tcp-reset
+-A FORWARD -p tcp -i $ext_if --dport 113 -j REJECT --reject-with tcp-reset
+#
+#
+# Location Service
+#
+-A INPUT -p tcp -i $ext_if --dport 135 -j DROP
+-A INPUT -p udp -i $ext_if --dport 135 -j DROP
+#
+# ---------- Ende: grundsaetzlich ablehnen -------------
+
+
+# ------------- SSH -------------
+# reingehende Anfragen
+#
+-A INPUT -i $ext_if -p tcp --syn --dport 22 -m state --state NEW -j ACCEPT
+-A INPUT -i $local_if_1 -p tcp --syn --dport 22 -m state --state NEW -j ACCEPT
+-A INPUT -i $local_if_2 -p tcp --syn --dport 22 -m state --state NEW -j ACCEPT
+#
+# ausgehende Anfragen
+#
+-A OUTPUT -o $ext_if -p tcp --syn --dport 22 -m state --state NEW -j ACCEPT
+-A OUTPUT -o $local_if_1 -p tcp --dport 22 -m state --state NEW -j ACCEPT
+-A OUTPUT -o $local_if_2 -p tcp --dport 22 -m state --state NEW -j ACCEPT
+#
+-A FORWARD -o $ext_if -p tcp --syn --dport 22 -m state --state NEW -j ACCEPT
+-A FORWARD -i $ext_if -o $local_if_1 -p tcp --syn --dport 22 -m state --state NEW -j ACCEPT
+-A FORWARD -o $local_if_2 -p tcp --syn --dport 22 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende SSH ------------
+
+
+
+# ------------- DHCP -------------
+# reingehende Anfragen
+#
+-A INPUT -p udp  -i $local_if_1 -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+-A INPUT -p udp  -i $local_if_2 -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+#
+# ausgehende Anfragen
+#
+-A OUTPUT -p udp  -o $local_if_1 --sport 67 -d 0/0 --dport 68 -j ACCEPT
+-A OUTPUT -p udp  -o $local_if_2 --sport 67 -d 0/0 --dport 68 -j ACCEPT
+#
+# ---------- Ende DHCP ------------
+
+
+# ------------- DNS  -------------
+#
+# nameserver
+#
+# -- rein --
+#
+-A INPUT -i $local_if_1 -p udp --dport 53 -m state --state NEW -j ACCEPT
+-A INPUT -i $local_if_2 -p tcp --dport 53 -m state --state NEW -j ACCEPT
+#
+-A INPUT -i $local_if_1 -p udp --dport 53 -m state --state NEW -j ACCEPT
+-A INPUT -i $local_if_2 -p udp --dport 53 -m state --state NEW -j ACCEPT
+#
+# -- raus --
+#
+-A OUTPUT -o $ext_if -p udp --dport 53 -m state --state NEW -j ACCEPT
+#
+-A OUTPUT -o $ext_if -p udp --dport 53 -m state --state NEW -j ACCEPT
+#
+# forward
+#
+-A FORWARD -o $ext_if -p udp --dport 53 -m state --state NEW -j ACCEPT
+#
+-A FORWARD -o $ext_if -p udp --dport 53 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende DNS  -----------
+   
+
+# ------------- MAIL  -------------
+# rausgehende SMTP-Verbindungen akzeptieren
+#
+-A OUTPUT -p tcp --syn -o $ext_if --dport 25 -m state --state NEW -j ACCEPT
+#
+# ansonsten nur forward
+#
+# -- SMTP
+# rausschicken dürfen alle
+-A FORWARD -p tcp --syn -o $ext_if --dport 25 -m state --state NEW -j ACCEPT
+# von ueberall zum internen mailserver
+-A FORWARD -p tcp --syn -d $mail_server --dport 25 -m state --state NEW -j ACCEPT
+-A FORWARD -p tcp --syn -d $mail_server_alt --dport 25 -m state --state NEW -j ACCEPT
+#
+# -- SUBMISSION
+# rausschicken dürfen alle
+-A FORWARD -p tcp --syn -o $ext_if --dport 587 -m state --state NEW -j ACCEPT
+# von ueberall zum internen mailserver
+-A FORWARD -p tcp --syn -d $mail_server --dport 587 -m state --state NEW -j ACCEPT
+-A FORWARD -p tcp --syn -d $mail_server_alt --dport 587 -m state --state NEW -j ACCEPT
+#
+# -- SMTPS
+# rausschicken dürfen alle
+-A FORWARD -p tcp --syn -o $ext_if --dport 465 -m state --state NEW -j ACCEPT
+# von ueberall zum internen mailserver
+-A FORWARD -p tcp --syn -d $mail_server --dport 465 -m state --state NEW -j ACCEPT
+-A FORWARD -p tcp --syn -d $mail_server_alt --dport 465 -m state --state NEW -j ACCEPT
+#
+# POP
+# nach draussen dürfen alle
+-A FORWARD -p tcp --syn -o $ext_if --dport 110 -m state --state NEW -j ACCEPT
+# von ueberall zum internen mailserver
+-A FORWARD -p tcp --syn -d $mail_server --dport 110 -m state --state NEW -j ACCEPT
+-A FORWARD -p tcp --syn -d $mail_server_alt --dport 110 -m state --state NEW -j ACCEPT
+#
+# -- POP/SSL
+# nach draussen dürfen alle
+-A FORWARD -p tcp --syn -o $ext_if --dport 995 -m state --state NEW -j ACCEPT
+# von ueberall zum internen mailserver
+-A FORWARD -p tcp --syn -d $mail_server --dport 995 -m state --state NEW -j ACCEPT
+-A FORWARD -p tcp --syn -d $mail_server_alt --dport 995 -m state --state NEW -j ACCEPT
+#
+# -- IMAP
+# nach draussen dürfen alle
+-A FORWARD -p tcp --syn -o $ext_if --dport 143 -m state --state NEW -j ACCEPT
+# von ueberall zum internen mailserver
+-A FORWARD -p tcp --syn -d $mail_server --dport 143 -m state --state NEW -j ACCEPT
+-A FORWARD -p tcp --syn -d $mail_server_alt --dport 143 -m state --state NEW -j ACCEPT
+#
+# -- IMAP/SSL
+# nach draussen dürfen alle
+-A FORWARD -p tcp --syn -o $ext_if --dport 993 -m state --state NEW -j ACCEPT
+# von ueberall zum internen mailserver
+-A FORWARD -p tcp --syn -d $mail_server --dport 993 -m state --state NEW -j ACCEPT
+-A FORWARD -p tcp --syn -d $mail_server_alt --dport 993 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende MAIL  -----------
+
+
+# ------------- HTTP  -------------
+#
+# rausgehende Verbindungen vom Gateway akzeptieren 
+# ( update clamav/freshclam, dyndns, apt-get )
+#
+-A OUTPUT -p tcp --syn -o $local_if_1 --dport 80 -m state --state NEW -j ACCEPT
+-A OUTPUT -p tcp --syn -o $ext_if --dport 80 -m state --state NEW -j ACCEPT
+#
+# ansonsten nach draussen nur forward
+#
+-A FORWARD -p tcp --syn -o $ext_if -m multiport --dports $www_ports -m state --state NEW -j ACCEPT
+#
+# -- interne Webservices
+# webmailer
+-A FORWARD -p tcp --syn -d $webmail -m multiport --dports $www_ports -m state --state NEW -j ACCEPT
+# akweb lokal
+-A FORWARD -p tcp --syn -d $ak_web -m multiport --dports $www_ports -m state --state NEW -j ACCEPT
+# at-10
+-A FORWARD -p tcp --syn -d $at_10 -m multiport --dports $www_ports -m state --state NEW -j ACCEPT
+#
+# ---------- Ende HTTP  -----------
+
+
+# ------------- FTP  -------------
+#
+# ftp ( lokaler Client remote ftp-Server )
+#
+# (Datenkanal aktiv)
+-A INPUT -i $ext_if -p tcp --sport 20 -m state --state NEW -j ACCEPT
+-A FORWARD -i $ext_if -p tcp --sport 20 -m state --state NEW -j ACCEPT
+#
+# (Datenkanal passiv)
+-A OUTPUT -o $ext_if -p tcp --sport $unprivports --dport $unprivports -m state --state NEW -j ACCEPT
+-A FORWARD -o $ext_if -p tcp --sport $unprivports --dport $unprivports -m state --state NEW -j ACCEPT
+#
+# (Kontrollverbindung)
+-A OUTPUT -o $ext_if -p tcp --dport 21 -m state --state NEW -j ACCEPT
+-A FORWARD -o $ext_if -p tcp --dport 21 -m state --state NEW -j ACCEPT
+#
+# ftp (Server)
+#
+# Datenkanal (aktiver modus)
+-A FORWARD -o $ext_if -p tcp -s $ftp_server --sport 20 -m state --state NEW -j ACCEPT
+#
+# Datenkanal (passiver modus)
+-A FORWARD -i $ext_if -p tcp -d $ftp_server --dport $unprivports --sport $unprivports -m state --state NEW -j ACCEPT
+#
+# - Kontrollverbindung
+-A FORWARD -i $ext_if -p tcp -d $ftp_server --dport 21 --sport $unprivports -m state --state NEW  -j ACCEPT
+#
+# ftp-tls ? ( keine Ahnung warum )
+#
+-A OUTPUT -p tcp --sport $unprivports  -o $ext_if -m state --state NEW -j ACCEPT
+-A FORWARD -p tcp --sport $unprivports -i $ext_if -o $ext_if  -m state --state NEW -j ACCEPT
+# 
+# ---------- Ende FTP  -----------
+
+
+# ------------- NTP  -------------
+# (network time protokoll)
+#
+# rein
+#
+-A INPUT -i $local_if_1 -p tcp --sport 123 -m state --state NEW -j ACCEPT
+-A INPUT -i $local_if_2 -p tcp --sport 123 -m state --state NEW -j ACCEPT
+#
+-A INPUT -i $local_if_1 -p udp --sport 123 -m state --state NEW -j ACCEPT
+-A INPUT -i $local_if_2 -p udp --sport 123 -m state --state NEW -j ACCEPT
+#
+# raus
+#
+-A OUTPUT -o $ext_if -p tcp --dport 123 -m state --state NEW -j ACCEPT
+#
+-A OUTPUT -o $ext_if -p udp --dport 123 -m state --state NEW -j ACCEPT
+#
+# forward
+#
+-A FORWARD -o $ext_if -p udp --dport 123 -j ACCEPT
+#
+-A FORWARD -o $ext_if -p tcp --dport 123 -j ACCEPT
+#
+# ---------- Ende NTP  -----------
+
+
+# ------------- pgpkeyserver -------------
+#
+# Forward -- nur Anfragen nach draussen 
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 11370:11371 -m state --state NEW -j ACCEPT
+-A OUTPUT -p tcp --syn -o $ext_if --dport 11370:11371 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende pgpkeyserver ------------
+
+# ------------- ldap / (z.Bsp. einige pgpkeyserver) -------------
+#
+# Forward -- nur Anfragen nach draussen 
+#
+-A FORWARD -p tcp -o $ext_if --dport 389 -m state --state NEW -j ACCEPT
+-A FORWARD -p udp  -o $ext_if --dport 389 -m state --state NEW -j ACCEPT
+-A OUTPUT -p tcp -o $ext_if --dport 389 -m state --state NEW -j ACCEPT
+-A OUTPUT -p udp  -o $ext_if --dport 389 -m state --state NEW -j ACCEPT
+#
+# ldaps LDAP over SSL
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 636 -j ACCEPT
+-A FORWARD -p udp  -o $ext_if --dport 636 -j ACCEPT
+-A OUTPUT -p tcp --syn -o $ext_if --dport 636 -j ACCEPT
+-A OUTPUT -p udp  -o $ext_if --dport 636 -j ACCEPT
+#
+# ---------- Ende ldap ------------
+
+
+# ------------- Newsserver nntp -------------
+#
+# Forward -- nur Anfragen nach draussen 
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 119 -m state --state NEW -j ACCEPT
+-A OUTPUT -p tcp --syn -o $ext_if --dport 119 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende Newsserver nntp ------------
+
+
+# ------------- Whois  -------------
+# nur ausgehende Anfragen und forward
+#
+#
+-A OUTPUT -o $ext_if -p tcp --dport 43 -j ACCEPT
+-A FORWARD -o $ext_if -p tcp --dport 43 -j ACCEPT
+#
+# ---------- Ende Whois  ----------
+
+
+# ------------- Chat -------------
+# --- silc ---
+#
+# Forward und  Anfragen nach draussen 
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 706 -m state --state NEW -j ACCEPT
+-A OUTPUT -p tcp --syn -o $ext_if --dport 706 -m state --state NEW -j ACCEPT
+#
+# --- irc ---
+#
+# forward und Anfragen nach draussen 
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 194 -m state --state NEW -j ACCEPT
+-A FORWARD -p udp -o $ext_if --dport 194 -m state --state NEW -j ACCEPT
+-A OUTPUT -p tcp --syn -o $ext_if --dport 194 -m state --state NEW -j ACCEPT
+-A OUTPUT -p udp -o $ext_if --dport 194 -m state --state NEW -j ACCEPT
+#
+# ---jabber ---
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 5222:5223 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende chat ------------
+
+
+# ------------- HBCI -------------
+# hbci - port  3000/tcp 
+#
+-A FORWARD -o $ext_if -p tcp --syn --dport 3000 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende HBCI  -----------
+
+
+# ------------- Hylafax (Port 4559)  -------------
+# reingehende Verbindungen zum Hylafax-Server
+#
+-A INPUT -i $local_if_1 -p tcp --dport 4559 -m state --state NEW -j ACCEPT
+-A INPUT -i $local_if_2 -p tcp --dport 4559 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende Hylafax  -----------
+
+
+# ------------- CUPS  -------------
+# (cupssys printer system)
+#
+-A FORWARD -i $local_if_1 -p tcp --dport 631 -m state --state NEW -j ACCEPT
+-A FORWARD -i $local_if_2 -p tcp --dport 631 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende CUPS -----------
+
+
+# ------------- Drucken Port 9100  -------------
+#
+-A FORWARD -i $local_if_1 -p tcp --dport 9100 -m state --state NEW -j ACCEPT
+-A FORWARD -i $local_if_2 -p tcp --dport 9100 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende Drucken Port 9100 -----------
+
+
+# ---------- SNMP ----------
+#
+#-A FORWARD -i $local_if_1 -p tcp --dport 161 -m state --state NEW -j ACCEPT
+#-A FORWARD -i $local_if_2 -p tcp --dport 161 -m state --state NEW -j ACCEPT
+#
+# ---------- SNMP ----------
+
+
+# ------------- VOIP -------------
+#
+# SIP
+#
+# Standard:
+# Port: 5060 / UDP (SIP-Signalisierung)
+# Port: 5004 / UDP (RTP, Sprache)
+# Port: 10000 UDP (STUN)
+#
+# X-Lite:
+# Port 5060 / UDP
+# Port 8000 - 8019 / UDP
+# Port 10000 /UDP
+
+# reingehende Anfragen
+#
+-A INPUT -p tcp --syn -i $ext_if --dport 5060 -j ACCEPT
+-A INPUT -p udp  -i $ext_if --dport 5060 -j ACCEPT
+#
+# ausgehende Anfragen
+#
+-A OUTPUT -p tcp --syn -o $ext_if --dport 5060 -j ACCEPT
+-A OUTPUT -p udp -o $ext_if --dport 5060 -j ACCEPT
+#
+# Forward -- nur Anfragen nach draussen 
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 5060 -j ACCEPT
+-A FORWARD -p udp -o $ext_if --dport 5060 -j ACCEPT
+-A FORWARD -p udp -i $ext_if --dport 5060 -j ACCEPT
+-A FORWARD -p udp -o $ext_if --dport 5004 -j ACCEPT
+-A FORWARD -p udp -i $ext_if --dport 5004 -j ACCEPT
+-A FORWARD -p tcp --syn -o $ext_if --dport 10000 -j ACCEPT
+-A FORWARD -p udp -o $ext_if --dport 10000 -j ACCEPT
+-A FORWARD -p udp -i $ext_if --dport 10000 -j ACCEPT
+-A FORWARD -p udp -o $ext_if --sport 8000:8019 -j ACCEPT
+-A FORWARD -p udp -i $ext_if --sport 8000:8019 -j ACCEPT
+-A FORWARD -p udp -o $ext_if --sport 32700:32799 -j ACCEPT
+#
+# SKIPE
+#
+# reingehende Anfragen
+#
+# -A INPUT -p tcp --syn -i $ext_if --dport 54196 -j  ACCEPT
+# -A INPUT -p udp  -i $ext_if --dport 54196 -j ACCEPT
+#
+# ausgehende Anfragen
+#
+#
+# Forward -- Anfragen von draussen 
+#
+# -- Linux
+-A FORWARD -p tcp --syn -i $ext_if --dport 34957 -j ACCEPT
+-A FORWARD -p tcp --syn -o $ext_if --sport 34957 -j ACCEPT
+-A FORWARD -p udp -i $ext_if --dport 34957 -j ACCEPT
+-A FORWARD -p udp  -o $ext_if --sport 34957 -j ACCEPT
+
+
+# -- Windows --
+-A FORWARD -p tcp --syn -i $ext_if --dport 54196 -j ACCEPT
+-A FORWARD -p tcp --syn -o $ext_if --dport 54196 -j ACCEPT
+-A FORWARD -p udp -i $ext_if --dport 54196 -j ACCEPT
+-A FORWARD -p udp -o $ext_if --sport 54196 -j ACCEPT
+#
+# ---------- Ende VOIP ------------
+
+
+# ------------- Traceroute  -------------
+#
+-A OUTPUT -p udp --dport 33434:33530 -o $local_if_1 -j ACCEPT
+-A INPUT -p udp --dport 33434:33530 -i $local_if_1 -j ACCEPT
+-A FORWARD -p udp --dport 33434:33530 -o $ext_if -j ACCEPT
+#
+# -------- Ende Traceroute  -------------
+
+
+## -------- WakeOnLAN --------
+#
+-A OUTPUT -p udp -o $local_if_1 --dport 9 -j ACCEPT
+-A OUTPUT -p udp -o $local_if_2 --dport 9 -j ACCEPT
+#
+## -------- Ende WakeOnLAN --------
+
+
+# ------------ Ping ------------
+#
+-A INPUT -i $ext_if -p icmp --icmp-type destination-unreachable -j ACCEPT
+-A INPUT -i $ext_if -p icmp --icmp-type time-exceeded -j ACCEPT
+-A INPUT -i $ext_if -p icmp --icmp-type echo-reply -j ACCEPT
+-A INPUT -i $ext_if -p icmp --icmp-type echo-request -j ACCEPT
+#-A INPUT -i $ext_if -p icmp -j ACCEPT
+-A INPUT -i $local_if_1 -j ACCEPT
+-A INPUT -i $local_if_2 -j ACCEPT
+#-A OUTPUT -o $ext_if -p icmp -j ACCEPT
+-A OUTPUT -p icmp -j ACCEPT
+#-A FORWARD -o $ext_if -p icmp -j ACCEPT
+-A FORWARD -p icmp -j ACCEPT
+#
+# ------- Ende Ping ------------
+
+
+# ------------ Portforwarding ------------- #
+# -
+# -- VNC pcbuero1 ---
+#
+#-t nat -A PREROUTING -i $ext_if -p tcp --syn \
+#   --dport 80 -j DNAT --to 172.16.0.254:80
+#-t filter -A FORWARD -p tcp --dport 5900 -d 192.168.4.101 \
+#   -i $ext_if -o $local_if_1 -j ACCEPT
+#
+# -- VNC pcbuero2 ---
+#
+#-t nat -A PREROUTING -i $ext_if -p tcp --syn \
+#   --dport 5902 -j DNAT --to 192.168.4.4:5900
+#-t filter -A FORWARD -p tcp --dport 5900 -d 192.168.4.102 \
+#   -i $ext_if -o $local_if_1 -j ACCEPT
+#
+# ---------- Ende Portforwarding ---------- #
+
+
+EOR
+
+
+# ------------- Loggen -------------
+#
+if $log_rejected || $log_all ; then
+   #$ipt -A OUTPUT -j LOG --log-level debug
+   #$ipt -A INPUT -j LOG --log-level debug
+   #$ipt -A INPUT -j LOG --log-level debug
+   $ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "IPv4: Rejected: "  --log-level debug
+   $ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "IPv4: Rejected: " --log-level debug
+   $ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "IPv4: Rejected: " --log-level debug
+fi
+#
+# ---------- Ende: Loggen ----------
+
+
+# -------------  DROP -------------
+# drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+
+
+exit 0
diff --git a/AK/ipt-firewall.service.AK b/AK/ipt-firewall.service.AK
new file mode 100644
index 0000000..9842090
--- /dev/null
+++ b/AK/ipt-firewall.service.AK
@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+SyslogIdentifier="ipt-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/AK/ipt-firewall/default_ports.conf b/AK/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..a6ee932
--- /dev/null
+++ b/AK/ipt-firewall/default_ports.conf
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/AK/ipt-firewall/include_functions.conf b/AK/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/AK/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/AK/ipt-firewall/interfaces_ipv4.conf b/AK/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..b520fb4
--- /dev/null
+++ b/AK/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="eth1"
+local_if_2="eth0"
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=false
diff --git a/AK/ipt-firewall/load_modules_ipv4.conf b/AK/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/AK/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/AK/ipt-firewall/load_modules_ipv6.conf b/AK/ipt-firewall/load_modules_ipv6.conf
new file mode 100644
index 0000000..2c55689
--- /dev/null
+++ b/AK/ipt-firewall/load_modules_ipv6.conf
@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle
diff --git a/AK/ipt-firewall/logging_ipv4.conf b/AK/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..e653972
--- /dev/null
+++ b/AK/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/AK/ipt-firewall/logging_ipv6.conf b/AK/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..a024215
--- /dev/null
+++ b/AK/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/AK/ipt-firewall/main_ipv4.conf b/AK/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..d8939c7
--- /dev/null
+++ b/AK/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1377 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+read -a gateway_ipv4_address_arr <<<$(ifconfig | grep "inet Ad" | awk '{print$2}' | cut -d':' -f2)
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# - =====
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                    86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service="192.168.128.0/24:192.168.0.249:$standard_ipp_port:tcp
+                                  192.168.128.0/24:192.168.0.249:$standard_print_raw_port:tcp
+                                  192.168.128.0/24:192.168.0.249:$standard_print_port:tcp
+                                  192.168.128.0/24:192.168.0.253:$standard_ipp_port:tcp
+                                  192.168.128.0/24:192.168.0.253:$standard_print_raw_port:tcp
+                                  192.168.128.0/24:192.168.0.253:$standard_print_port:tcp
+                                  192.168.128.0/24:192.168.0.10:137:tcp
+                                  192.168.128.0/24:192.168.0.10:138:tcp
+                                  192.168.128.0/24:192.168.0.10:139:tcp
+                                  192.168.128.0/24:192.168.0.10:137:udp
+                                  192.168.128.0/24:192.168.0.10:138:udp
+                                  192.168.128.0/24:192.168.0.10:139:udp
+                                  192.168.128.0/24:192.168.0.10:445:tcp
+                                  192.168.0.0/24:192.168.128.103:80:tcp
+                                  192.168.0.0/24:192.168.128.103:443:tcp"
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip=""
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks=""
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - Ist this Gateway DHCP Client?
+# - 
+# - local_dhcp_client_interfaces="<interface1> [<interface> [.."
+# -
+# - Example:
+# -    dhcp_client_interfaces="$ext_if_static_1"
+# -
+dhcp_client_interfaces=""
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+ssh_server_dmz_arr[192.168.0.10]=$ext_if_static_1
+ssh_server_dmz_arr[192.168.0.44]=$ext_if_static_1
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - Webservice at-10:                   192.168.0.10
+# -    is also in DMZ, so configure it there..
+# -
+# - Canon IR-ADV C5240:                 192.168.0.253
+# -
+# - Blank separated list
+# -
+http_server_only_local_ips="192.168.0.253"
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+http_ssl_server_dmz_arr[192.168.0.10]=$ext_if_static_1
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - SMTP server (i.e. mail relay service) Gateway
+# -
+local_smtp_service=false
+
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.0.10]=$ext_if_static_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+samba_server_local_ips="192.168.0.10"
+
+# - Samba Service DMZ
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips="192.168.0.0/24"
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=false
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - Blank seoarated list
+# -
+ipmi_server_ips="172.16.0.15 192.168.0.11"
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_ports="623 5900"
+ipmi_tcp_ports="80 443 623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - Canon IR-ADV C5240:                 192.168.0.253
+# -
+# - Blank separated list
+# -
+printer_ips="192.168.0.253"
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips=""
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services="172.16.0.15:8080:tcp 172.16.0.15:8443:tcp 192.168.0.253:8000:tcp"
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade (NAT) networks
+# -
+# -    nat_networks="<src-network>:<output-device> [<src-network>:<output-device>] [.."
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -    nat_network="172.16.1.0/24:${local_if_2}
+# -                 172.16.63.0/24:${ext_if_static_1}"
+# -
+# - 172.16.1.0/24    Rescue network (routers)
+# -
+nat_networks=""
+
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+# - Fritz!BOX 7390 via VPN
+# - Fritz!BOX (AcccessPoint) via VPN
+# -
+# - Blank separated list
+# -
+masquerade_tcp_cons="10.0.0.0/8:172.16.0.254:80:$ext_if_static_1
+                     192.168.0.0/16:172.16.0.254:80:$ext_if_static_1
+                     10.0.0.0/8:192.168.128.103:80:$local_if_1
+                     192.168.0.0/16:192.168.128.103:80:$local_if_1"
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# - Blank separated list
+# -
+portforward_tcp=""
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+allow_cisco_vpn_out=false
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=false
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=true
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=false
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips=""
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/AK/ipt-firewall/post_decalrations.conf b/AK/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..7d0e9bf
--- /dev/null
+++ b/AK/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/AK/mailname.AK b/AK/mailname.AK
new file mode 100644
index 0000000..dc16e98
--- /dev/null
+++ b/AK/mailname.AK
@@ -0,0 +1 @@
+at-254.ak.netz
diff --git a/AK/main.cf.AK b/AK/main.cf.AK
new file mode 100644
index 0000000..d22b030
--- /dev/null
+++ b/AK/main.cf.AK
@@ -0,0 +1,268 @@
+# ============ Basic settings ============
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+
+## - The Internet protocols Postfix will attempt to use when making 
+## - or accepting connections.
+## - DEFAULT: ipv4
+inet_protocols = ipv4
+
+#inet_interfaces = all
+inet_interfaces =
+   127.0.0.1
+   192.168.0.254
+
+myhostname = at-254.ak.netz
+
+mydestination =
+   at-254.ak.netz
+   localhost
+
+## - The list of "trusted" SMTP clients that have more 
+## - privileges than "strangers"
+## -
+mynetworks =
+   127.0.0.0/8
+   192.168.0.254/32
+
+smtp_bind_address = 192.168.0.254
+#smtp_bind_address6 = 
+
+
+## - The method to generate the default value for the mynetworks parameter.
+## -
+## -   mynetworks_style = host" when Postfix should "trust" only the local machine
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -                       clients in the same IP subnetworks as the local machine.
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -                      IP class A/B/C networks as the local machine.
+## -
+#mynetworks_style = host
+
+
+## - The maximal size of any local(8) individual mailbox or maildir file, 
+## - or zero (no limit). In fact, this limits the size of any file that is 
+## - written to upon local delivery, including files written by external 
+## - commands that are executed by the local(8) delivery agent. 
+## -
+mailbox_size_limit = 0
+
+## - The maximal size in bytes of a message, including envelope information.
+## -
+## - we user 50MB
+## -
+message_size_limit = 52480000
+
+## - The system-wide recipient address extension delimiter
+## -
+recipient_delimiter = +
+
+## - The alias databases that are used for local(8) delivery.
+## -
+alias_maps =
+   hash:/etc/aliases
+
+## - The alias databases for local(8) delivery that are updated 
+## - with "newaliases" or with "sendmail -bi". 
+## -
+alias_database =
+   hash:/etc/aliases
+
+
+## - The maximal time a message is queued before it is sent back as 
+## - undeliverable. Defaults to 5d (5 days)
+## - Specify 0 when mail delivery should be tried only once.
+## - 
+maximal_queue_lifetime = 3d
+bounce_queue_lifetime = $maximal_queue_lifetime
+
+## - delay_warning_time (default: 0h)
+## -
+## - The time after which the sender receives a copy of the message 
+## - headers of mail that is still queued. To enable this feature, 
+## - specify a non-zero time value (an integral value plus an optional 
+## - one-letter suffix that specifies the time unit). 
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
+## - The default time unit is h (hours). 
+delay_warning_time = 1d
+
+
+
+# ============ Relay parameters ============
+
+#relayhost =
+
+
+# ============ SASL authentication ============
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+
+
+
+# ============ TLS parameters ============
+
+## - Aktiviert TLS für den Mailempfang
+## -
+## - may:
+## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - SMTP server, otherwise use plaintext
+## -
+## - This overrides the obsolete parameters smtpd_use_tls and 
+## - smtpd_enforce_tls. This parameter is ignored with 
+## - "smtpd_tls_wrappermode = yes".
+#smtpd_use_tls=yes
+smtp_tls_security_level=encrypt
+
+## - Aktiviert TLS für den Mailversand
+## -
+## - may:
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - but do not require that clients use TLS encryption.
+# smtp_use_tls=yes
+smtpd_tls_security_level=may
+
+## -    0 Disable logging of TLS activity. 
+## -    1 Log TLS handshake and certificate information. 
+## -    2 Log levels during TLS negotiation. 
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
+
+smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
+smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
+## -
+smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
+## - also possible to use 2048 key with that parameter
+## -
+#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
+## -
+smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
+
+
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
+## - server certificates or intermediate CA certificates. These are loaded into 
+## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
+## - 
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - necessary "hash" links with, for example, "
+## - /bin/c_rehash /etc/postfix/certs". 
+## -
+## - !! Note !!
+## - To use this option in chroot mode, this directory (or a copy) must be inside 
+## - the chroot jail. 
+## -
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - queue directory (/var/spool/postfix)
+## -
+#smtpd_tls_CApath = /etc/postfix/certs
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP server 
+# 
+# List of TLS protocols that the Postfix SMTP server will exclude or  
+# include with opportunistic TLS encryption.  
+smtpd_tls_protocols = !SSLv2, !SSLv3
+# 
+# The SSL/TLS protocols accepted by the Postfix SMTP server  
+# with mandatory TLS encryption. 
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP client 
+#  
+# List of TLS protocols that the Postfix SMTP client will exclude or  
+# include with opportunistic TLS encryption.  
+smtp_tls_protocols = !SSLv2, !SSLv3
+# 
+# List of SSL/TLS protocols that the Postfix SMTP client will use  
+# with mandatory TLS encryption 
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
+## -    openssl > 1.0
+## -
+smtpd_tls_eecdh_grade = strong
+
+# standard list cryptographic algorithm
+tls_preempt_cipherlist = yes
+
+# Disable ciphers which are less than 256-bit:
+#
+#smtpd_tls_mandatory_ciphers = high
+#
+# opportunistic
+smtpd_tls_ciphers = high
+
+
+# Exclude ciphers
+#smtpd_tls_exclude_ciphers =
+#   RC4
+#   aNULL
+#   SEED-SHA
+#   EXP
+#   MD5
+smtpd_tls_exclude_ciphers =
+   aNULL
+   eNULL
+   EXPORT
+   DES
+   RC4
+   MD5
+   PSK
+   aECDH
+   EDH-DSS-DES-CBC3-SHA
+   EDH-RSA-DES-CDC3-SHA
+   KRB5-DE5, CBC3-SHA
+
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
diff --git a/AK/openvpn/ak/chris.conf b/AK/openvpn/ak/chris.conf
new file mode 100644
index 0000000..996d772
--- /dev/null
+++ b/AK/openvpn/ak/chris.conf
@@ -0,0 +1,257 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-ak.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGxjCCBK6gAwIBAgIJAOsCU4dMDXNfMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLUFLMQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMCAXDTE4MDIwNjEyMTIxNVoYDzIwNTAwMjA2MTIxMjE1WjCBnDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
+BlZQTi1BSzEPMA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYNRn3v3bgu
+7yd9rSSHGfKeKuCoT/KQg8054E0HB7zOjCpI3HMrK+UaA/BB47k82aj4zrGBz179
+Gw3E7EqlMXUeUfWa46FADakj6QrimSzaIctCy5bCHCogBV0HhVaMnTO6+GCoPuLP
+D779zJ/YzIO3476pWIVuK5AAgqobyGaJ5OPR0rUWrl1yQK48yYQfSbnU0IcchDny
+VS42E64k+TbOixg5dRHxr/8JQ6UbPHJWE5oePbm5Rx345jV2dU3QjfJTe8HtoUeL
+TwHsSE+JilWxq1ID4sEIY7+5bvaQCsjVUwim5XHg/8iv0ekHlwmFmz/ycQ1+xMcz
+NzBqpuZCqkY4NJHclZGwS5L1dEfaLLEAKueUbqFURsyMSoKb0N5S78Gf96E6PgJV
+De+YtbdxM3S3EAa0Y0NkukBHUGOPiBd9g2EnbW4GfKhsPPWMOWFANl22xupgt5SU
+HnqF71ofKCNi2Zkc32lJzbHQNIO86N52wI2E8F8iy9SJ2+969SsCxNhBKP8pRFaG
+9HSeRoi8nTsDcYczERlEb5qhA8+rWho4XpWgDXE4qrT0wmuMqoo1bTPCDsGSkzUe
+CdUD5/m174RVrnc0o+SyHLIGuS2XpU9KuPBLV4d8CzKakGLudUG/4ikntBZBW7hL
+IJOOGAv3kaWOj3GbfF/zNza2lC/WvMiXAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
+6meVlB1GjkS/l6QJvUA9ANnT7kAwgdEGA1UdIwSByTCBxoAU6meVlB1GjkS/l6QJ
+vUA9ANnT7kChgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQTiBBSzEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDrAlOHTA1zXzAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAMzcwewxPfcS4H5YYlvYgmy4iCUson
+vz4RVsyQxinlmnBDMZc7YrkERSQ8O9GWq2Qzge0c0xaEMZxhrkosQi7mAL4JrFjr
+i1fWYYsocBd/6ZXNkro3uJ231RyOiNWGaFNc3kkorWeGlQmlJsYSK2jtEZtezTGu
+4yEHZwDLK7ArI1IydUAJ1K4k/P0YLsQw4fcMXtJF5GRpunwy2VGXBOF2WlIMHaMU
+XKpFDOZGlvnbshIoDuNhdTSVZ3UWkNQSfMnVjv1UDNsxleeJWIjpvB/wNDsIgMmd
+y4DWJzYO8p9w4bBq4GEdvhiL5tNFdHPRS3v42zAmsjvyJChUbFWApXRdb8p8dmtP
+qneRvgUKTc+03nv5z7bO653yzuxRCk/4g8SqMKC6qIMeKEOcG9ZDEGs3YJ3d2NMg
+OHSEkfXSJKGkQfaM3vORjF3zuC6ZFpNSYMMVctAwLfwu7q0YdOfIWPsUFgAtaePp
+JRDpVjbWGk+/WDVIWO/tVEFmy1xT7CPMEMgMbTGl1mGPezPBeAqgs4LXWlYgQfox
+K2BhLOD+YwlfvDUaJPhp10oJ6rhfnveTPhmhGslTZzaLYShP1Bg5J21gZf7+Wou7
+fwpliRLlB8gFk6czpGspmyGdTPjqXOvVxIqffmxRtzsMZJSEJWV/6023AxQdnFz2
+U7OFfF99B7LFVw==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHIjCCBQqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
+MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODAyMDYxMzM3NTRaFw0zODAyMDYxMzM3NTRaMIGiMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLUFLLWNo
+cmlzMQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAm9o3YQBBbQtW48vI
+VigK2757feiRej46t4mRxAERSB3J+XAookCyrouPslZ1eV+yb5Yf4riDwXWz+dJC
+RKLGA0jFCRf8dxPPOqeyczkQB7k7oCjo2oIHhxeGk5W/+l0qOWiMbtWO/ZvObCgT
+ijPwarQXBz/RfaWl/KDjJnNJCrrXhG+kU+zv5xc7yrad0ohCFtzAUN5e0sWIuSjw
+A9dehs28WX7i1tWj7c+X3trgzcgNlvoGxbxtedBlq2717qmI3Y77LHZIcxC3WosF
+rJLfzqfImOLEEKFK95u4wLlZlJ2olVlJ4ckp1p4Z97Soqp6SBLplEUi7+C7sCKSz
+Ny4u0tZKzvzeFRh4NJe5luPBmPkPZ33qTRK68n/0nmGB5GHf7lXWF7NLwBuvMJ9/
+p5OBZhQtCH6DXddXXCHyQ0nfUJpYLfizy9VakQyQR1njXniCk2zbgn4iclxHjtlJ
+Kmme2PFwN9BpggVCEgLX8ni5iOr+kprVILTbiuhU62EmBd0xWbLhk5pDgsBV/9SM
+0Lq99sSaWHMUO5aqAf4tyX/3tZMupxl/YKsB57EqGqJOhabZe5J6zuPeUKyPZdVt
+nV4r0YbeByJWGAVSV4XKziWAaS83dNzKPkLZBffEWncm0+xSLgJSYQDEBqj6TSNC
+g3Ywbz1OeqYX/l4GpYehN9r7vIcCAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
+YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQULsSnl6CMeLmzJQ6wxK6kQGqCpz8wgdEGA1UdIwSByTCBxoAU6meVlB1G
+jkS/l6QJvUA9ANnT7kChgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQ
+TiBBSzEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDrAlOHTA1zXzAT
+BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hy
+aXMwDQYJKoZIhvcNAQELBQADggIBAGfnOVfi7lZodG1UTw0dwcMhOkzv4zFArpvn
+rxwj6lji+pf+4wG4MroLCxlJA5LTht/lV9fVUQAoURH9I+ihUUcoBilKF8WTOrhf
+kVipTa+QfcoV4AM+oC4bibrLkY/tUHp7p45USFQ2kh2BaweL+nPhFjA8rSqStxUD
+eIEnmTa+982RZCWQJyt2cHf/pMjIeS2NORxsVsV7XLIK5nfiFC4hbsVhCDeeieji
+wgaczpO2K4Lp2+7ZHB7OG0ChybGndrqWgCo2QOLwPWjLzI6zD2IUlQzHNM/guJTS
+eTKgugfZpxC+hPtK3dBAB1+Pu1JwT0a+c88OKREqUrPjV7BybqNHYh9T1ceKMlQT
+C2iO1o//LUNsC6w41oFvpFdpPCco2mBCAaq5TjGK3kfFXLIcn5SOk7g+hfDWpkVJ
+OhTXrtLzV8AElbgNgvH1pJDGMi5ysrRcVp77ehalIayO48JImHME2nO5BBQJfVW5
+U3FilEruSXpzbEteAl2N721g2elpKRCXqf1NndCcyKcmDX/CsumVF3sxJX5D5i/u
+I8OxfNUOHFxcSfLKHQbm7OtAIYqMWbTgmgj69TU0vRzF6N301f97rFsZFdddCRz+
+JQfnsH6tSuB4BY0quHzSmk0ZC9UVA/nG/r0vbN4mOx44RG93E3u1CTqzvFT6OFYF
+rlg1WFOF
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI8D+IDkooTeUCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOeFJGd9/t0cBIIJSBRyHxbI/0Jv
+mraoNvyjbi4l27LhE8fsI6p7f5YIg2kMATDHyrnt4uPUnv8d1ah+C39TdNpu9Sbt
+HPEljwfULWlkWQbkCvvESfIufjhdiIphA4krzxTdofs/afR24v6HehYa2F9rnWoH
+iEb+c0El8YV+AvWU7mp1Mr3l6DYGvnioSGm6a+G1Ww2RouKFKAOSsKE2ozUNGAsr
+jXROHfpk4MdlsZBySHuMfmatoDyPYEYcnvJ67n378aShBb4OXP15Q4qY3O4nnwe4
+/QeBSjiuumcJE3Xu+QpiyftnaPH4jgOiCKqUQtXIgTzR0MbosE5epsvZHj0BeCGF
+VUq52VV6sFnsOphairq186juiFs3HRIfW1xcjk8uQVk88gKf/JswYDeBvXxRfOde
+gO2LhE9Q1Jej4buqet0xWuVe4r3YAcittfesXrsVjx+9NJPujBm5Iz/wbW72xo0J
++OqLQiq9DOcO/K7Gzt6x6TJ1VfG1bbAii52YyOK5acCzJFPp/C385jTv7yF8NGDY
+E6ROoGzU5jMkLs0WYiJvQimMeX4rPWXxVyCCerSyBFAfSDkY++9yXjjtgWICDYzd
+GJKOSnp52T1gHEf+IPdxUwPm6MrVcbY+dQqyXXSeKZdGkPuRK5WVz8qtAIAMvoKo
+jjSI55MLhxSGdJFX0nYOfbzU4LTlnKeTzSby929dyWwDu1/tRVzhWkiyDCBxUVkA
+MXc6csOSRm9gV4lgILQlc+XLTa+5mOdCz//sP49DdoiPuosclRfJPQp1LIXGoKm6
+s0Qwvw6hpa5aPUrzDpAtgA6j59YZU1QSE57vYUNVoyDJo/6X/bk0hwh+LE18XC6l
+KchLtOWf3D8Ca2TLWpIsUWuW7zuySG35A5OQhmzJXe7Fbx02MW1ppvDDRP6t366a
+qMlIQgQYhN9Bj3lNYdrMragqURfUQhCTWQG5CXfbKXgQHSQsA8F0XnpmtXq9gtaq
+7foW3ecw6asOfTM2imgTfLGFtkybRfA0ZInUgz2WSikZwrG7wIjeSJ0OIg4ckI9y
+bKLDMwNJGeyGZcdcsJVBxjaKje0Il9UZJxJGQ+p+BAj82cWrMFbloVNgnHEcOu5v
+KI88ucMUTOaPS/bPSo2Orj5UQIID/2lqymoqXvFLqX2ftYQT/xkGFdm2cjB/7x3T
+jsvFZezPjUcWp5t0oJncER0vWM29aTSwWyybyeGX1TWrvul85aRBr3RU4OZ2e/9P
+/W4g/pDXDuuYxqIWkxwAlcuncmcb0OfR+GBKelIPKsItlyoBS2tRFAaUCjItV4PJ
+PAopqedq4QT4mypmw+5MKObRqfdpxDoKCHzJhakDmw77miXdON2V1M7xWk+kfD9B
+H8t1QdJyzB87FQwsXlrMVh1jF+m0PIytM3l4DNqIft8AYEulbinkeB67XAhWGIqo
+IAmxhYpFfhWxmECDwUQ+nrrz6jW0LJtZKwUITH5C42BBw0I5OmVJhYNlStj8VayR
+ykkAeoiC361DKvlqHabh6KRZT/yhNtQ2TH13UGgOBDeXUQMGaKhYmdUiEjnuek4P
+lbu4cG1BtjIHtpD1LRON29rvRGw44FEEeuxmd+KyJfLdJWJQ/zjXg3owM/cZzAum
+t1qbMwxEE/EZJdRhD5cyVoWiAiFmgRfjPpv3CUCPP88QvdueRURe+i53TbqFGVqR
+dRs5hC6gjJ/nTnmF5ZjsbYqy+IKWCiGNjZA8P3pKzgXY4J45y6rRD8HNVZqWzIen
+rD2OOpvchPVCJPJUk5L7AreaMZENAyciKuLtBOp+D2INo+exE+IVaBtM5NeNnKXn
+7veiczJguLkUXMQXyxYLv7J49RbAA2WQNRcbLGuJklFVkyWYdtB+nGejMdiHjkri
+bVJcGazlJmFXhBhwEHROEJW3SOLcPwsfxjDE7LmzF80uCZbG6HFDVjPkyGZGz6y5
+g9+Kh4dQuboCT+3nhGYTUxcRe6FzHWBplq/tBPmyJNeTCvNBpOD8xVlNOi/2PUTx
+FsaIE3XGnJH9E5GpLoYA9K6oHW0w1rb7U5P0Z9arTKhPyeQYlUJwNjrLUAw++pgl
+QfY3MR8VMLAzZ/jbp0k30JE2SPAE8Bnoe3U0oQOwhGJCS36hQnMsWtW+CF+OIeV1
+Uwz+OysJKWQbB1QLUDYN36D5XRIwwcDyt3+RIl34hSai8PWC/IA52SytS8d0z+bc
+L4bavw/5JNVgGTmrMYYvFa2vY2f5VHoLnfdB7hnZJzHfbkpziuD4qB9Q/bxmywDF
+lYnZq19t2LHtE+z8Arv+NEhJULUz86O7bZq2PjWe46FhNwzVxZdtsJWH/KSg137S
+DcdAc7a4yNk3602EFBUTIKWeEuEr6SsPG9IjBq6gZbCiPbSRj8EhH8pk2d40/64B
+1ZMS/7Qd1qES1G/ggC7Xby0ggRGR9D8Uu9Ismd6EOZ1pnNP8bfeajnCyNo17MAsH
+I/2W2ZF847wjoC8kmPHxWiN3pbGaHeZb4bwNw5PxuQboGxY4nR8yf7qxOgv4ST7T
+08V+nDawKDL43vSz9cWK6Q0Cdhpsc6H72rv3eMXcQ9+6oOrsG/VsqNtUxXX0dAUB
+nqlgPLfmyneVJwBfRboDEicxEvsJtxLDNe5PKyYk1ilCmD1vi8hWu9JPp4LBmLgm
+wr9HEL0qNz8E8QLQkBPxmdOXH4bx9bagN2/TMd7As9h2klZ1gru+Vq9VZ7/gE+gh
+kbG5VlmhGQycNP2b0JZauA9fsNwAFEqsHczGw7fKdtAscm4b09DJe3o8gpdVqIFe
+qi+zdZl9NhUyvcNU67hfoTxe7hmy2Ht7hkrNnlUfCPPLIip6a75TiEOUsZMpEHBV
+h2NNoWmnOBiFT8ptA9vSAuJZifrsjK3DPDuLIN6Le/XAMLOMA2mYdxA/fB6A67Vc
+9Sr/DgK6DCTZ1Z3PaND6W+tY6LM73LfolSPOGYGcL10F0exEcIkWDEF9z3lqfUrg
+mPnbi3GzA/zFz0HE8+4wcb9zUzmfunaZGSemPXVtDkco/UgsTOfduyV7C2FDYhTQ
+yXlrj+lZYazKF2wu7kDvho4kmudkKTmfsv6/1k2+GybWisNIQmxCe8KsjZVB+f9E
+dQq6AzY/4SWMmC2h0E9ou5x4qWiVZPyX6l5dN9kmkwleGZQf/kTJaL5SKcR8RFy7
+v0RsRna9sOxc6YrsiqAeGg==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+6ba2290fe261ac9beea46806d40e5667
+f5f0149c4b65bbad8c2c5ee859b29c49
+ea7edf2232bd81b43f1e9409d4c39d92
+de7d1d585330fdf6a617531896bff6af
+7cb96947de1e4153efc626fa93641f60
+7f3ce648d309155f2724318b119e6212
+d8f736d8997ee84ed55050d526c2849e
+685c531da93df302ee6ec2cf6c32c2c7
+0a08aee8d9efc3ef0a2a3611b92dcc88
+13aba6c2a566f297bbb63470b4cc098a
+e8631344b68825a1299101e3d0995274
+f0b404ed4a34579ceb3235a7f7597158
+ed052b0d74f3fca57344151330858dd4
+741deb038c30416db61b6ebd984957f2
+f5483a7dc8ac95c5d5a0ca9fa8f26901
+f85d64bac4b39ed010e52c07f0d30b68
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/AK/openvpn/ak/crl.pem b/AK/openvpn/ak/crl.pem
new file mode 100644
index 0000000..259e28f
--- /dev/null
+++ b/AK/openvpn/ak/crl.pem
@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC5TCBzjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEPMA0GA1UEKRMG
+VlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZRcNMTgwMjA2MTIz
+NzIzWhgPMjA1MDAyMDYxMjM3MjNaMA0GCSqGSIb3DQEBCwUAA4ICAQAdBAzogWGb
+pzQi6FLfTzN/5T8lyZ2ogSE80/Z0kOinhuMwSso5Bp6urQIjp94sc6476FxAOYWF
+I081NS+a87QNNI77Z8moFZ/5cqeUPhfCHD5XnGCGd9LxAkqsxG2MwQS9ageErWYp
+9swB9OHd/d7W5f1qSpCZuCtoFVsJS3Bjuvd2qkW2V8uzsmyXHg+Jk0NhcE04K9n9
+Ri8ZILOG84UHex1P2rpaK7G5HntAxUqe/6mkh6a1bliMNr37D9ufgj2nwuooL59S
+AxFMXK3dH2H2mrBc4i+oo/6b9P3VvRjsZGb34Mzcp8fefV/aogh2ZawC/fKGIwgT
+DZi41VPtNZm1akQtR9ILHaXLbFIkA0jFRzFSJUdVIaXLfyHC8AtpZhg0jHrVZYXz
+gsgaAA405mCwKJguRdwE8wQRgQ7om8qa4mSA99HeQq2655eSS77laLMrxG9LtmwJ
+7QTtWT/lIuK9svVL/2ucAq3UDDFRdn1eaX2mS9bKZ88N4SPmnDi2muvNGfQHXNZD
+kkvgmOkkz2SgDOJ5oTBcUJx1h74LXMi6TBs/hWEKIqQcfq1vNes1/qu9PWYP7sB6
+THyq6coO+WU7YXYidzBwyerYEg4nHZ0bxWyJziCvHZPTeX3m8r2sHoxG6/s+jKiU
+0uxTXsuGKNLhDbJFxQX16xw8rYQXt2wRxg==
+-----END X509 CRL-----
diff --git a/AK/openvpn/ak/easy-rsa/build-ca b/AK/openvpn/ak/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/build-dh b/AK/openvpn/ak/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/build-inter b/AK/openvpn/ak/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/build-key b/AK/openvpn/ak/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/build-key-pass b/AK/openvpn/ak/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/build-key-pkcs12 b/AK/openvpn/ak/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/build-key-server b/AK/openvpn/ak/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/build-req b/AK/openvpn/ak/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/build-req-pass b/AK/openvpn/ak/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/clean-all b/AK/openvpn/ak/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/inherit-inter b/AK/openvpn/ak/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/list-crl b/AK/openvpn/ak/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/openssl-0.9.6.cnf b/AK/openvpn/ak/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/AK/openvpn/ak/easy-rsa/openssl-0.9.8.cnf b/AK/openvpn/ak/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/AK/openvpn/ak/easy-rsa/openssl-1.0.0.cnf b/AK/openvpn/ak/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..30689ad
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/AK/openvpn/ak/easy-rsa/openssl-1.0.0.cnf.ORIG b/AK/openvpn/ak/easy-rsa/openssl-1.0.0.cnf.ORIG
new file mode 100644
index 0000000..c301e44
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/openssl-1.0.0.cnf.ORIG
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/AK/openvpn/ak/easy-rsa/openssl.cnf b/AK/openvpn/ak/easy-rsa/openssl.cnf
new file mode 120000
index 0000000..66be481
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/openssl.cnf
@@ -0,0 +1 @@
+/etc/openvpn/ak/easy-rsa/openssl-1.0.0.cnf
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/pkitool b/AK/openvpn/ak/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/revoke-full b/AK/openvpn/ak/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/sign-req b/AK/openvpn/ak/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/AK/openvpn/ak/easy-rsa/vars b/AK/openvpn/ak/easy-rsa/vars
new file mode 100644
index 0000000..ed8fa03
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/vars
@@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/ak"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="o.open"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="argus@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN AK"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-AK"
+
+export KEY_ALTNAMES="VPN AK"
diff --git a/AK/openvpn/ak/easy-rsa/vars.2018-02-06-1310 b/AK/openvpn/ak/easy-rsa/vars.2018-02-06-1310
new file mode 100644
index 0000000..e60420c
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/vars.2018-02-06-1310
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/AK/openvpn/ak/easy-rsa/whichopensslcnf b/AK/openvpn/ak/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/AK/openvpn/ak/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/AK/openvpn/ak/ipp.txt b/AK/openvpn/ak/ipp.txt
new file mode 100644
index 0000000..7f4b5bb
--- /dev/null
+++ b/AK/openvpn/ak/ipp.txt
@@ -0,0 +1 @@
+VPN-AK-chris,10.0.0.2
diff --git a/AK/openvpn/ak/keys-created.txt b/AK/openvpn/ak/keys-created.txt
new file mode 100644
index 0000000..d4656bf
--- /dev/null
+++ b/AK/openvpn/ak/keys-created.txt
@@ -0,0 +1,4 @@
+
+key...............: chris.key
+common name.......: VPN-AK-chris
+password..........: dbddhkpuka.&EadGl15E.
diff --git a/AK/openvpn/ak/keys/01.pem b/AK/openvpn/ak/keys/01.pem
new file mode 100644
index 0000000..c27ffa9
--- /dev/null
+++ b/AK/openvpn/ak/keys/01.pem
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  6 12:37:16 2018 GMT
+            Not After : Feb  6 12:37:16 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK-server/name=VPN AK/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c3:e5:c6:ea:48:8b:ac:0a:03:79:75:38:5b:f0:
+                    4a:42:eb:30:af:31:fe:cd:81:25:29:7d:eb:7c:fb:
+                    2d:fe:73:f3:3a:bd:fc:fa:09:c7:36:3a:dc:52:22:
+                    d3:7f:01:d3:3d:c3:86:01:c0:ec:76:6a:89:0c:49:
+                    e9:12:41:72:8e:41:b0:35:23:d0:35:5f:21:00:3f:
+                    be:80:03:ac:e2:f8:05:3a:bc:19:0a:48:13:8a:56:
+                    4d:65:ea:9a:8d:00:51:52:4f:8c:1f:8a:fa:bd:39:
+                    41:e2:7e:a6:d9:5c:42:a6:40:2a:88:59:54:91:5b:
+                    6d:69:ec:21:84:aa:fa:41:75:7b:8d:08:1f:7a:f9:
+                    71:60:73:60:9b:31:73:32:27:5c:34:2e:7f:ff:f8:
+                    be:26:eb:dd:aa:c1:b6:c2:70:d1:90:b5:47:e3:c9:
+                    2e:d3:bc:3d:11:69:58:aa:36:93:1a:11:b5:94:ca:
+                    e2:44:1a:9b:4d:3b:04:63:cd:d8:28:57:8c:f6:35:
+                    70:bd:fe:bb:ef:8c:95:82:91:a8:c1:2a:8d:d4:77:
+                    57:64:a5:cc:57:f3:b1:8a:2f:52:d8:d8:8d:e2:e1:
+                    3c:21:49:bf:b0:42:71:3a:71:cf:4f:5a:18:99:79:
+                    44:d1:72:06:4a:7d:30:29:fe:a7:43:2c:92:23:9b:
+                    69:2f:d2:88:3c:6c:c9:d1:8e:cd:d3:5d:24:3e:c9:
+                    f3:b5:8b:60:99:48:ff:90:bf:ad:f3:f7:3b:c6:7d:
+                    27:8f:d2:b8:88:02:0a:03:91:8a:3d:3c:25:53:6d:
+                    07:59:6c:b1:0d:f8:e5:93:02:58:54:60:0b:29:08:
+                    39:92:71:01:dc:0d:8d:b2:94:87:4b:08:39:20:cf:
+                    a7:e5:3b:66:91:c5:01:15:3c:2c:df:6a:9d:4b:48:
+                    b5:5e:fa:3f:6d:49:11:2b:92:bc:7a:46:70:b0:cf:
+                    cd:79:be:90:e1:ce:41:fa:43:31:cd:bb:b7:34:5f:
+                    c7:71:80:75:83:6e:f6:45:a0:ee:a7:b4:de:43:f1:
+                    fc:df:19:d8:6d:00:b5:ae:59:17:f7:7d:19:cd:c8:
+                    b7:4a:92:da:6d:ad:3c:d5:b0:db:6e:5b:b8:2d:62:
+                    d5:5f:e4:23:b0:65:8c:b5:da:d8:27:0a:34:9e:32:
+                    02:7e:bc:89:39:aa:7f:b2:07:26:2e:39:0a:21:c6:
+                    da:4e:d2:cf:53:45:9f:c2:9c:d0:c6:86:37:20:60:
+                    9c:7d:14:3a:2f:1c:5c:50:36:5d:d3:15:2e:94:f1:
+                    04:b8:22:4b:c9:85:6a:ec:59:ec:e2:01:e3:c9:e1:
+                    02:56:40:c1:8f:01:61:68:26:72:89:de:ba:29:2f:
+                    15:8f:d5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                3F:C0:FA:95:43:C6:88:A3:2E:18:8E:43:3C:BA:1C:97:2F:70:C7:59
+            X509v3 Authority Key Identifier: 
+                keyid:EA:67:95:94:1D:46:8E:44:BF:97:A4:09:BD:40:3D:00:D9:D3:EE:40
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+                serial:EB:02:53:87:4C:0D:73:5F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         14:3a:a6:f8:86:88:7c:db:9b:ce:b1:59:57:de:3e:e0:34:7d:
+         ce:a3:95:15:f8:89:54:e3:d4:02:0e:b8:51:35:14:4d:e9:31:
+         21:25:3c:77:55:d4:b2:9b:f0:d5:b1:80:6d:ef:e7:86:f4:e7:
+         e9:03:5a:12:c2:5b:42:e5:90:8a:8e:e5:f9:83:13:6d:60:43:
+         aa:13:1f:f2:99:3d:66:84:ec:21:1f:68:a6:b5:64:ad:c3:e2:
+         d0:6f:96:9f:eb:37:94:12:a7:89:94:de:5c:69:4c:8f:f8:75:
+         b8:76:c7:81:c7:88:81:34:6d:cf:ea:23:eb:05:87:a1:fd:d7:
+         e8:88:a0:34:81:f4:15:a6:cb:ff:53:47:10:e6:04:86:49:09:
+         7e:0f:ed:0c:47:5a:df:bc:a3:23:ed:80:4d:e0:88:81:be:32:
+         1c:0f:16:c6:c0:6e:0c:d7:24:63:1e:88:e2:82:e7:00:f2:a6:
+         0c:01:b1:a6:7e:4d:69:4e:9f:8a:e3:78:12:cb:fa:d2:b9:a6:
+         b7:ac:07:98:9e:38:aa:a8:56:81:9b:06:c2:11:ec:f1:4f:e5:
+         5a:21:45:ed:8f:b1:a0:48:21:e7:ba:7b:5f:5b:a9:7a:51:ca:
+         6d:84:1b:b9:78:38:18:91:9c:e0:ca:0e:97:e0:e7:bd:36:10:
+         ed:c9:80:0a:73:c1:ae:0c:d6:b1:dd:be:fc:7b:a7:83:4f:0d:
+         b6:7c:2f:15:4b:b6:e1:b0:5f:81:bb:c5:4d:3e:fd:84:82:65:
+         65:8a:4e:f5:66:19:e4:4d:9f:31:9d:d2:21:44:7c:9e:ff:55:
+         1f:f3:17:bc:d4:d3:e2:c4:51:fd:f9:f6:b8:b8:53:42:11:94:
+         f0:aa:df:6e:0f:07:0a:1d:2f:31:7a:6e:28:32:63:1d:a7:fa:
+         da:93:9d:37:25:3e:53:f7:f4:f2:e8:97:23:d9:39:dd:1d:39:
+         c1:1c:03:b6:b1:b9:21:6f:ed:a6:c9:b8:e4:aa:f5:6f:d6:33:
+         94:d4:70:e6:c7:e2:38:6c:33:3c:d9:19:4e:af:90:0c:13:f5:
+         b3:d8:fc:7a:21:8a:3e:43:e5:14:3f:4f:72:de:2a:71:13:db:
+         7e:b6:d9:aa:1c:d1:f9:ed:f6:cc:c1:ae:c9:c1:4e:4e:f8:dd:
+         85:ec:4f:b7:7a:7a:90:26:44:8b:a7:8d:67:26:0e:82:02:92:
+         14:d4:ad:38:28:ff:36:e8:59:3e:dc:1a:76:bb:b6:cc:b1:32:
+         d9:44:85:f5:c4:45:db:92:55:54:78:05:88:db:0a:fb:42:17:
+         e0:b7:76:0f:c2:c8:69:67:ed:fb:b4:e8:72:e7:ee:6a:03:d9:
+         8b:4d:22:d5:ed:00:68:6d
+-----BEGIN CERTIFICATE-----
+MIIHPjCCBSagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
+MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODAyMDYxMjM3MTZaFw0zODAyMDYxMjM3MTZaMIGjMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEWMBQGA1UEAxMNVlBOLUFLLXNl
+cnZlcjEPMA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPlxupIi6wKA3l1
+OFvwSkLrMK8x/s2BJSl963z7Lf5z8zq9/PoJxzY63FIi038B0z3DhgHA7HZqiQxJ
+6RJBco5BsDUj0DVfIQA/voADrOL4BTq8GQpIE4pWTWXqmo0AUVJPjB+K+r05QeJ+
+ptlcQqZAKohZVJFbbWnsIYSq+kF1e40IH3r5cWBzYJsxczInXDQuf//4vibr3arB
+tsJw0ZC1R+PJLtO8PRFpWKo2kxoRtZTK4kQam007BGPN2ChXjPY1cL3+u++MlYKR
+qMEqjdR3V2SlzFfzsYovUtjYjeLhPCFJv7BCcTpxz09aGJl5RNFyBkp9MCn+p0Ms
+kiObaS/SiDxsydGOzdNdJD7J87WLYJlI/5C/rfP3O8Z9J4/SuIgCCgORij08JVNt
+B1lssQ345ZMCWFRgCykIOZJxAdwNjbKUh0sIOSDPp+U7ZpHFARU8LN9qnUtItV76
+P21JESuSvHpGcLDPzXm+kOHOQfpDMc27tzRfx3GAdYNu9kWg7qe03kPx/N8Z2G0A
+ta5ZF/d9Gc3It0qS2m2tPNWw225buC1i1V/kI7BljLXa2CcKNJ4yAn68iTmqf7IH
+Ji45CiHG2k7Sz1NFn8Kc0MaGNyBgnH0UOi8cXFA2XdMVLpTxBLgiS8mFauxZ7OIB
+48nhAlZAwY8BYWgmconeuikvFY/VAgMBAAGjggGAMIIBfDAJBgNVHRMEAjAAMBEG
+CWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJh
+dGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUP8D6lUPGiKMuGI5DPLoc
+ly9wx1kwgdEGA1UdIwSByTCBxoAU6meVlB1GjkS/l6QJvUA9ANnT7kChgaKkgZ8w
+gZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8w
+DQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQTiBBSzEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGWCCQDrAlOHTA1zXzATBgNVHSUEDDAKBggrBgEFBQcDATAL
+BgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IC
+AQAUOqb4hoh825vOsVlX3j7gNH3Oo5UV+IlU49QCDrhRNRRN6TEhJTx3VdSym/DV
+sYBt7+eG9OfpA1oSwltC5ZCKjuX5gxNtYEOqEx/ymT1mhOwhH2imtWStw+LQb5af
+6zeUEqeJlN5caUyP+HW4dseBx4iBNG3P6iPrBYeh/dfoiKA0gfQVpsv/U0cQ5gSG
+SQl+D+0MR1rfvKMj7YBN4IiBvjIcDxbGwG4M1yRjHojigucA8qYMAbGmfk1pTp+K
+43gSy/rSuaa3rAeYnjiqqFaBmwbCEezxT+VaIUXtj7GgSCHnuntfW6l6UcpthBu5
+eDgYkZzgyg6X4Oe9NhDtyYAKc8GuDNax3b78e6eDTw22fC8VS7bhsF+Bu8VNPv2E
+gmVlik71ZhnkTZ8xndIhRHye/1Uf8xe81NPixFH9+fa4uFNCEZTwqt9uDwcKHS8x
+em4oMmMdp/rak503JT5T9/Ty6Jcj2TndHTnBHAO2sbkhb+2mybjkqvVv1jOU1HDm
+x+I4bDM82RlOr5AME/Wz2Px6IYo+Q+UUP09y3ipxE9t+ttmqHNH57fbMwa7JwU5O
++N2F7E+3enqQJkSLp41nJg6CApIU1K04KP826Fk+3Bp2u7bMsTLZRIX1xEXbklVU
+eAWI2wr7Qhfgt3YPwshpZ+37tOhy5+5qA9mLTSLV7QBobQ==
+-----END CERTIFICATE-----
diff --git a/AK/openvpn/ak/keys/02.pem b/AK/openvpn/ak/keys/02.pem
new file mode 100644
index 0000000..e386f9f
--- /dev/null
+++ b/AK/openvpn/ak/keys/02.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  6 13:37:54 2018 GMT
+            Not After : Feb  6 13:37:54 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK-chris/name=VPN AK/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:9b:da:37:61:00:41:6d:0b:56:e3:cb:c8:56:28:
+                    0a:db:be:7b:7d:e8:91:7a:3e:3a:b7:89:91:c4:01:
+                    11:48:1d:c9:f9:70:28:a2:40:b2:ae:8b:8f:b2:56:
+                    75:79:5f:b2:6f:96:1f:e2:b8:83:c1:75:b3:f9:d2:
+                    42:44:a2:c6:03:48:c5:09:17:fc:77:13:cf:3a:a7:
+                    b2:73:39:10:07:b9:3b:a0:28:e8:da:82:07:87:17:
+                    86:93:95:bf:fa:5d:2a:39:68:8c:6e:d5:8e:fd:9b:
+                    ce:6c:28:13:8a:33:f0:6a:b4:17:07:3f:d1:7d:a5:
+                    a5:fc:a0:e3:26:73:49:0a:ba:d7:84:6f:a4:53:ec:
+                    ef:e7:17:3b:ca:b6:9d:d2:88:42:16:dc:c0:50:de:
+                    5e:d2:c5:88:b9:28:f0:03:d7:5e:86:cd:bc:59:7e:
+                    e2:d6:d5:a3:ed:cf:97:de:da:e0:cd:c8:0d:96:fa:
+                    06:c5:bc:6d:79:d0:65:ab:6e:f5:ee:a9:88:dd:8e:
+                    fb:2c:76:48:73:10:b7:5a:8b:05:ac:92:df:ce:a7:
+                    c8:98:e2:c4:10:a1:4a:f7:9b:b8:c0:b9:59:94:9d:
+                    a8:95:59:49:e1:c9:29:d6:9e:19:f7:b4:a8:aa:9e:
+                    92:04:ba:65:11:48:bb:f8:2e:ec:08:a4:b3:37:2e:
+                    2e:d2:d6:4a:ce:fc:de:15:18:78:34:97:b9:96:e3:
+                    c1:98:f9:0f:67:7d:ea:4d:12:ba:f2:7f:f4:9e:61:
+                    81:e4:61:df:ee:55:d6:17:b3:4b:c0:1b:af:30:9f:
+                    7f:a7:93:81:66:14:2d:08:7e:83:5d:d7:57:5c:21:
+                    f2:43:49:df:50:9a:58:2d:f8:b3:cb:d5:5a:91:0c:
+                    90:47:59:e3:5e:78:82:93:6c:db:82:7e:22:72:5c:
+                    47:8e:d9:49:2a:69:9e:d8:f1:70:37:d0:69:82:05:
+                    42:12:02:d7:f2:78:b9:88:ea:fe:92:9a:d5:20:b4:
+                    db:8a:e8:54:eb:61:26:05:dd:31:59:b2:e1:93:9a:
+                    43:82:c0:55:ff:d4:8c:d0:ba:bd:f6:c4:9a:58:73:
+                    14:3b:96:aa:01:fe:2d:c9:7f:f7:b5:93:2e:a7:19:
+                    7f:60:ab:01:e7:b1:2a:1a:a2:4e:85:a6:d9:7b:92:
+                    7a:ce:e3:de:50:ac:8f:65:d5:6d:9d:5e:2b:d1:86:
+                    de:07:22:56:18:05:52:57:85:ca:ce:25:80:69:2f:
+                    37:74:dc:ca:3e:42:d9:05:f7:c4:5a:77:26:d3:ec:
+                    52:2e:02:52:61:00:c4:06:a8:fa:4d:23:42:83:76:
+                    30:6f:3d:4e:7a:a6:17:fe:5e:06:a5:87:a1:37:da:
+                    fb:bc:87
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                2E:C4:A7:97:A0:8C:78:B9:B3:25:0E:B0:C4:AE:A4:40:6A:82:A7:3F
+            X509v3 Authority Key Identifier: 
+                keyid:EA:67:95:94:1D:46:8E:44:BF:97:A4:09:BD:40:3D:00:D9:D3:EE:40
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+                serial:EB:02:53:87:4C:0D:73:5F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         67:e7:39:57:e2:ee:56:68:74:6d:54:4f:0d:1d:c1:c3:21:3a:
+         4c:ef:e3:31:40:ae:9b:e7:af:1c:23:ea:58:e2:fa:97:fe:e3:
+         01:b8:32:ba:0b:0b:19:49:03:92:d3:86:df:e5:57:d7:d5:51:
+         00:28:51:11:fd:23:e8:a1:51:47:28:06:29:4a:17:c5:93:3a:
+         b8:5f:91:58:a9:4d:af:90:7d:ca:15:e0:03:3e:a0:2e:1b:89:
+         ba:cb:91:8f:ed:50:7a:7b:a7:8e:54:48:54:36:92:1d:81:6b:
+         07:8b:fa:73:e1:16:30:3c:ad:2a:92:b7:15:03:78:81:27:99:
+         36:be:f7:cd:91:64:25:90:27:2b:76:70:77:ff:a4:c8:c8:79:
+         2d:8d:39:1c:6c:56:c5:7b:5c:b2:0a:e6:77:e2:14:2e:21:6e:
+         c5:61:08:37:9e:89:e8:e2:c2:06:9c:ce:93:b6:2b:82:e9:db:
+         ee:d9:1c:1e:ce:1b:40:a1:c9:b1:a7:76:ba:96:80:2a:36:40:
+         e2:f0:3d:68:cb:cc:8e:b3:0f:62:14:95:0c:c7:34:cf:e0:b8:
+         94:d2:79:32:a0:ba:07:d9:a7:10:be:84:fb:4a:dd:d0:40:07:
+         5f:8f:bb:52:70:4f:46:be:73:cf:0e:29:11:2a:52:b3:e3:57:
+         b0:72:6e:a3:47:62:1f:53:d5:c7:8a:32:54:13:0b:68:8e:d6:
+         8f:ff:2d:43:6c:0b:ac:38:d6:81:6f:a4:57:69:3c:27:28:da:
+         60:42:01:aa:b9:4e:31:8a:de:47:c5:5c:b2:1c:9f:94:8e:93:
+         b8:3e:85:f0:d6:a6:45:49:3a:14:d7:ae:d2:f3:57:c0:04:95:
+         b8:0d:82:f1:f5:a4:90:c6:32:2e:72:b2:b4:5c:56:9e:fb:7a:
+         16:a5:21:ac:8e:e3:c2:48:98:73:04:da:73:b9:04:14:09:7d:
+         55:b9:53:71:62:94:4a:ee:49:7a:73:6c:4b:5e:02:5d:8d:ef:
+         6d:60:d9:e9:69:29:10:97:a9:fd:4d:9d:d0:9c:c8:a7:26:0d:
+         7f:c2:b2:e9:95:17:7b:31:25:7e:43:e6:2f:ee:23:c3:b1:7c:
+         d5:0e:1c:5c:5c:49:f2:ca:1d:06:e6:ec:eb:40:21:8a:8c:59:
+         b4:e0:9a:08:fa:f5:35:34:bd:1c:c5:e8:dd:f4:d5:ff:7b:ac:
+         5b:19:15:d7:5d:09:1c:fe:25:07:e7:b0:7e:ad:4a:e0:78:05:
+         8d:2a:b8:7c:d2:9a:4d:19:0b:d5:15:03:f9:c6:fe:bd:2f:6c:
+         de:26:3b:1e:38:44:6f:77:13:7b:b5:09:3a:b3:bc:54:fa:38:
+         56:05:ae:58:35:58:53:85
+-----BEGIN CERTIFICATE-----
+MIIHIjCCBQqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
+MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODAyMDYxMzM3NTRaFw0zODAyMDYxMzM3NTRaMIGiMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLUFLLWNo
+cmlzMQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAm9o3YQBBbQtW48vI
+VigK2757feiRej46t4mRxAERSB3J+XAookCyrouPslZ1eV+yb5Yf4riDwXWz+dJC
+RKLGA0jFCRf8dxPPOqeyczkQB7k7oCjo2oIHhxeGk5W/+l0qOWiMbtWO/ZvObCgT
+ijPwarQXBz/RfaWl/KDjJnNJCrrXhG+kU+zv5xc7yrad0ohCFtzAUN5e0sWIuSjw
+A9dehs28WX7i1tWj7c+X3trgzcgNlvoGxbxtedBlq2717qmI3Y77LHZIcxC3WosF
+rJLfzqfImOLEEKFK95u4wLlZlJ2olVlJ4ckp1p4Z97Soqp6SBLplEUi7+C7sCKSz
+Ny4u0tZKzvzeFRh4NJe5luPBmPkPZ33qTRK68n/0nmGB5GHf7lXWF7NLwBuvMJ9/
+p5OBZhQtCH6DXddXXCHyQ0nfUJpYLfizy9VakQyQR1njXniCk2zbgn4iclxHjtlJ
+Kmme2PFwN9BpggVCEgLX8ni5iOr+kprVILTbiuhU62EmBd0xWbLhk5pDgsBV/9SM
+0Lq99sSaWHMUO5aqAf4tyX/3tZMupxl/YKsB57EqGqJOhabZe5J6zuPeUKyPZdVt
+nV4r0YbeByJWGAVSV4XKziWAaS83dNzKPkLZBffEWncm0+xSLgJSYQDEBqj6TSNC
+g3Ywbz1OeqYX/l4GpYehN9r7vIcCAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
+YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQULsSnl6CMeLmzJQ6wxK6kQGqCpz8wgdEGA1UdIwSByTCBxoAU6meVlB1G
+jkS/l6QJvUA9ANnT7kChgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQ
+TiBBSzEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDrAlOHTA1zXzAT
+BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hy
+aXMwDQYJKoZIhvcNAQELBQADggIBAGfnOVfi7lZodG1UTw0dwcMhOkzv4zFArpvn
+rxwj6lji+pf+4wG4MroLCxlJA5LTht/lV9fVUQAoURH9I+ihUUcoBilKF8WTOrhf
+kVipTa+QfcoV4AM+oC4bibrLkY/tUHp7p45USFQ2kh2BaweL+nPhFjA8rSqStxUD
+eIEnmTa+982RZCWQJyt2cHf/pMjIeS2NORxsVsV7XLIK5nfiFC4hbsVhCDeeieji
+wgaczpO2K4Lp2+7ZHB7OG0ChybGndrqWgCo2QOLwPWjLzI6zD2IUlQzHNM/guJTS
+eTKgugfZpxC+hPtK3dBAB1+Pu1JwT0a+c88OKREqUrPjV7BybqNHYh9T1ceKMlQT
+C2iO1o//LUNsC6w41oFvpFdpPCco2mBCAaq5TjGK3kfFXLIcn5SOk7g+hfDWpkVJ
+OhTXrtLzV8AElbgNgvH1pJDGMi5ysrRcVp77ehalIayO48JImHME2nO5BBQJfVW5
+U3FilEruSXpzbEteAl2N721g2elpKRCXqf1NndCcyKcmDX/CsumVF3sxJX5D5i/u
+I8OxfNUOHFxcSfLKHQbm7OtAIYqMWbTgmgj69TU0vRzF6N301f97rFsZFdddCRz+
+JQfnsH6tSuB4BY0quHzSmk0ZC9UVA/nG/r0vbN4mOx44RG93E3u1CTqzvFT6OFYF
+rlg1WFOF
+-----END CERTIFICATE-----
diff --git a/AK/openvpn/ak/keys/ca.crt b/AK/openvpn/ak/keys/ca.crt
new file mode 100644
index 0000000..a5a395c
--- /dev/null
+++ b/AK/openvpn/ak/keys/ca.crt
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIGxjCCBK6gAwIBAgIJAOsCU4dMDXNfMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLUFLMQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMCAXDTE4MDIwNjEyMTIxNVoYDzIwNTAwMjA2MTIxMjE1WjCBnDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
+BlZQTi1BSzEPMA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYNRn3v3bgu
+7yd9rSSHGfKeKuCoT/KQg8054E0HB7zOjCpI3HMrK+UaA/BB47k82aj4zrGBz179
+Gw3E7EqlMXUeUfWa46FADakj6QrimSzaIctCy5bCHCogBV0HhVaMnTO6+GCoPuLP
+D779zJ/YzIO3476pWIVuK5AAgqobyGaJ5OPR0rUWrl1yQK48yYQfSbnU0IcchDny
+VS42E64k+TbOixg5dRHxr/8JQ6UbPHJWE5oePbm5Rx345jV2dU3QjfJTe8HtoUeL
+TwHsSE+JilWxq1ID4sEIY7+5bvaQCsjVUwim5XHg/8iv0ekHlwmFmz/ycQ1+xMcz
+NzBqpuZCqkY4NJHclZGwS5L1dEfaLLEAKueUbqFURsyMSoKb0N5S78Gf96E6PgJV
+De+YtbdxM3S3EAa0Y0NkukBHUGOPiBd9g2EnbW4GfKhsPPWMOWFANl22xupgt5SU
+HnqF71ofKCNi2Zkc32lJzbHQNIO86N52wI2E8F8iy9SJ2+969SsCxNhBKP8pRFaG
+9HSeRoi8nTsDcYczERlEb5qhA8+rWho4XpWgDXE4qrT0wmuMqoo1bTPCDsGSkzUe
+CdUD5/m174RVrnc0o+SyHLIGuS2XpU9KuPBLV4d8CzKakGLudUG/4ikntBZBW7hL
+IJOOGAv3kaWOj3GbfF/zNza2lC/WvMiXAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
+6meVlB1GjkS/l6QJvUA9ANnT7kAwgdEGA1UdIwSByTCBxoAU6meVlB1GjkS/l6QJ
+vUA9ANnT7kChgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQTiBBSzEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDrAlOHTA1zXzAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAMzcwewxPfcS4H5YYlvYgmy4iCUson
+vz4RVsyQxinlmnBDMZc7YrkERSQ8O9GWq2Qzge0c0xaEMZxhrkosQi7mAL4JrFjr
+i1fWYYsocBd/6ZXNkro3uJ231RyOiNWGaFNc3kkorWeGlQmlJsYSK2jtEZtezTGu
+4yEHZwDLK7ArI1IydUAJ1K4k/P0YLsQw4fcMXtJF5GRpunwy2VGXBOF2WlIMHaMU
+XKpFDOZGlvnbshIoDuNhdTSVZ3UWkNQSfMnVjv1UDNsxleeJWIjpvB/wNDsIgMmd
+y4DWJzYO8p9w4bBq4GEdvhiL5tNFdHPRS3v42zAmsjvyJChUbFWApXRdb8p8dmtP
+qneRvgUKTc+03nv5z7bO653yzuxRCk/4g8SqMKC6qIMeKEOcG9ZDEGs3YJ3d2NMg
+OHSEkfXSJKGkQfaM3vORjF3zuC6ZFpNSYMMVctAwLfwu7q0YdOfIWPsUFgAtaePp
+JRDpVjbWGk+/WDVIWO/tVEFmy1xT7CPMEMgMbTGl1mGPezPBeAqgs4LXWlYgQfox
+K2BhLOD+YwlfvDUaJPhp10oJ6rhfnveTPhmhGslTZzaLYShP1Bg5J21gZf7+Wou7
+fwpliRLlB8gFk6czpGspmyGdTPjqXOvVxIqffmxRtzsMZJSEJWV/6023AxQdnFz2
+U7OFfF99B7LFVw==
+-----END CERTIFICATE-----
diff --git a/AK/openvpn/ak/keys/ca.key b/AK/openvpn/ak/keys/ca.key
new file mode 100644
index 0000000..91d8bbf
--- /dev/null
+++ b/AK/openvpn/ak/keys/ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCmDUZ97924Lu8n
+fa0khxnynirgqE/ykIPNOeBNBwe8zowqSNxzKyvlGgPwQeO5PNmo+M6xgc9e/RsN
+xOxKpTF1HlH1muOhQA2pI+kK4pks2iHLQsuWwhwqIAVdB4VWjJ0zuvhgqD7izw++
+/cyf2MyDt+O+qViFbiuQAIKqG8hmieTj0dK1Fq5dckCuPMmEH0m51NCHHIQ58lUu
+NhOuJPk2zosYOXUR8a//CUOlGzxyVhOaHj25uUcd+OY1dnVN0I3yU3vB7aFHi08B
+7EhPiYpVsatSA+LBCGO/uW72kArI1VMIpuVx4P/Ir9HpB5cJhZs/8nENfsTHMzcw
+aqbmQqpGODSR3JWRsEuS9XRH2iyxACrnlG6hVEbMjEqCm9DeUu/Bn/ehOj4CVQ3v
+mLW3cTN0txAGtGNDZLpAR1Bjj4gXfYNhJ21uBnyobDz1jDlhQDZdtsbqYLeUlB56
+he9aHygjYtmZHN9pSc2x0DSDvOjedsCNhPBfIsvUidvvevUrAsTYQSj/KURWhvR0
+nkaIvJ07A3GHMxEZRG+aoQPPq1oaOF6VoA1xOKq09MJrjKqKNW0zwg7BkpM1HgnV
+A+f5te+EVa53NKPkshyyBrktl6VPSrjwS1eHfAsympBi7nVBv+IpJ7QWQVu4SyCT
+jhgL95Gljo9xm3xf8zc2tpQv1rzIlwIDAQABAoICAA4dhMeB02QrwTKnMUewoFkK
+bvSn+hvRgxK3/8Qse9Dl8e5KQUsc+V9BReJvh28gqBQACnn2Ye1eMKWL/tYdksW0
+7RymrQDxE/gz0ESXnJO+ey7vH6VSHNjL3gjZcdE4pMhX9XMp+iaHmXwP0QwpfsEX
+qal0dczp35QfJvxU3kUxJZ7kIDg6lFnnM25cRnkPu9GrMIq7ttXCLtF90VB1XiX1
+isdlYvlChUZ1wCVR2mKRxJrORUr7X/tBRDh5OGGD//0Acb27eIE/a1jrf/4a4AKG
+1txi7iygjPIoTjFxbylBUQykO07h5Hxnzb00YvdxPxBBiLCv/QQ960wXVNawBg9M
+9TH/PZ2nx2xYdTbz6YNMAjkTfAXkMnkBiHGtxSWjLfAKNg0CvBT+7dOJUO4MWD6H
+rg3Q3HKTPl7qLq3I47YB/Buc4FfRg6YPmzhTzlqfzpOeAsLlZSZgKu4MMT8jh+FZ
+swvAfVshdRDlWH0A1v+QcOaXq3WHFjzmyvRs+IuR5bR6cVfzkBywSPygsIxDi3gq
+9Y74CIlywJdwuLQc7owJ/wjrzVanerwlTXe1u8YGCOsE/NkjHOhfLqQAD2RE8pee
+q0qfqqUKNhDRCWae9HMd65teX9XQ+yg/+LIEGyisKAuLpx5Xpcnqhu8RRorrTUIx
+FzjkQxcqFRveeNsDLUUpAoIBAQDWhbV2+mSBYTCveVeSA1tBII3mO4/RQ/GlHM0u
+8XLY0NhKk+TTSPYXOpZlVdcMwnuEVKPY1y8+/H0sdjdLPKbX3qAebus8jQc8Xvcr
+p8FM/TAr3g4KfyjGWtuYns5f0msiuDwu8Bc8T8dlw40Ba+m3mhxxW8wtS0LiCjtp
+iaJV3A4OOmRAL2UH/okd9DBLxi4X2AjY0EqH8o+GaMD8b6VUfpROENV3KfsRMaYo
+z6ep7v0QWwxK5L2XIJy7tQQEXumHBbt0P6TaiV4rBFEpQ9wpdfUnk8oEkXHRvu44
+jV7EYOBfqVGVIdzYol7pGcmznCBWd6SM/lAkOGxu0Alcw20DAoIBAQDGKGgeH0tD
+i2UU+Cmf3OggTCZpRDy+Io2E6XW5wkRy1Xg8/Bp57mWqAV8Hss25HixYtSjqbHGJ
+XkQdB9nZKD7NhlomFYBEm2subgLVWSE01XzrzjZxJXQPgf24jETC6xHsNAt6ONyP
+tiUftIskoHVkjpFmkVksAypyBALVaGJgemUwabFubq0xUPSRl3W1RnOyIDqXe/jQ
+tKMB9/r8i3mBoC5oK3Vwp6o3rQf3M6FBa7FAzapYXDCqHCBmjjStthNfvAUX31Kw
+a1kLzvpIpo8BhXXsy91pdhy6nxfCHv5bAbwLJdWYDARUifzw1ROhjj408v56nnBB
+IMwLuCJuYY/dAoIBAEU+T36iAAMK/g4F2tBUqQXynhrsqtVfWwZyr4Axi2KUttwL
+tNbGPDjvPlBjTtDdjcT/FQwPGT75fOX3Go38e9Y+E+z+3Itk8ir4dEvxECHrr7rZ
+KCsXNHAiL7Opvu+LGe3RDgwQj092aOReJIuK65vJ8NheSx9rpaEUsGy2cmHIb/kD
+vAxDwBa+gD/c7CHpTEOCBgkF4qjTEKTP90sENpd5bCFuqZiXQmUgY4PU00e0zpaS
+7PrXrqKzciPcn/lRMYvVu9YgHPQ1VuIHuLLbJptzabhmqdSjpduQB5DVgPteUc5O
+9vhuP7zlXEFdg4+oG4ANil3AUNoAJG/4Uq1Qn0UCggEBAKAUHmBPKY8MOgFhpMan
+P8Jvogwh+uwin67Cpr8EyCT4fGTPyFe+FdTrvKhMctLcJDkZSE9wgZvWUjIdmIhM
+cce4hHUFo5RI9aIRbyqJEUFMQdmAwgxPlF2+xofikN3h5p2pQahf7RYPsBfX0xwo
+oA02+xEf1Ciw+gYXZW6fH/IOjlY43AR5VmJjot9GuulRW7+HN64OkWeQtaqueMyx
+o9vq2fJ/QSVb3S+TEb9KrzdZV10hiD5PY2TYyffvY3D9iNMq4fZyC6vHXK0kbJ5q
+J1a0SRqdamV67CR6x0ejoBlG4nEjBFULSCg/PN4VVAGMFobR0nCeM9L5Or0w6GfB
+WuUCggEAckvTl30f7e+8hEq6GyXmc8445JxoDOWtVpUMO0wfKQFjBctIX4LDRuHx
+lssvyoVzZAPvcZxSC0vAOz3vB+QqDrPZBUT76uFYmuwmtOyu5bylwFfj52cwYciZ
+4Capr7HRwA8Q8/fDFZNey1vmw1paCEsr6Javw3wW6jz1ojMANQfwxcNrWlVAyxOM
+fMhIkAvgV6x2YLwurmMPxUnmnEuo6KIRy0oMpPIVTCghjU2nygTkB+DISzPTd53m
+ln8pIUtg5vyDpMQnt0KgCT7xwaYdHdkokzrXWi01pZtp/n7A0Rh3uLCFUmtV4OTj
+4Oj5DBZmk/i6ez4YnL7/SoQRfBdtlw==
+-----END PRIVATE KEY-----
diff --git a/AK/openvpn/ak/keys/chris.crt b/AK/openvpn/ak/keys/chris.crt
new file mode 100644
index 0000000..e386f9f
--- /dev/null
+++ b/AK/openvpn/ak/keys/chris.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  6 13:37:54 2018 GMT
+            Not After : Feb  6 13:37:54 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK-chris/name=VPN AK/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:9b:da:37:61:00:41:6d:0b:56:e3:cb:c8:56:28:
+                    0a:db:be:7b:7d:e8:91:7a:3e:3a:b7:89:91:c4:01:
+                    11:48:1d:c9:f9:70:28:a2:40:b2:ae:8b:8f:b2:56:
+                    75:79:5f:b2:6f:96:1f:e2:b8:83:c1:75:b3:f9:d2:
+                    42:44:a2:c6:03:48:c5:09:17:fc:77:13:cf:3a:a7:
+                    b2:73:39:10:07:b9:3b:a0:28:e8:da:82:07:87:17:
+                    86:93:95:bf:fa:5d:2a:39:68:8c:6e:d5:8e:fd:9b:
+                    ce:6c:28:13:8a:33:f0:6a:b4:17:07:3f:d1:7d:a5:
+                    a5:fc:a0:e3:26:73:49:0a:ba:d7:84:6f:a4:53:ec:
+                    ef:e7:17:3b:ca:b6:9d:d2:88:42:16:dc:c0:50:de:
+                    5e:d2:c5:88:b9:28:f0:03:d7:5e:86:cd:bc:59:7e:
+                    e2:d6:d5:a3:ed:cf:97:de:da:e0:cd:c8:0d:96:fa:
+                    06:c5:bc:6d:79:d0:65:ab:6e:f5:ee:a9:88:dd:8e:
+                    fb:2c:76:48:73:10:b7:5a:8b:05:ac:92:df:ce:a7:
+                    c8:98:e2:c4:10:a1:4a:f7:9b:b8:c0:b9:59:94:9d:
+                    a8:95:59:49:e1:c9:29:d6:9e:19:f7:b4:a8:aa:9e:
+                    92:04:ba:65:11:48:bb:f8:2e:ec:08:a4:b3:37:2e:
+                    2e:d2:d6:4a:ce:fc:de:15:18:78:34:97:b9:96:e3:
+                    c1:98:f9:0f:67:7d:ea:4d:12:ba:f2:7f:f4:9e:61:
+                    81:e4:61:df:ee:55:d6:17:b3:4b:c0:1b:af:30:9f:
+                    7f:a7:93:81:66:14:2d:08:7e:83:5d:d7:57:5c:21:
+                    f2:43:49:df:50:9a:58:2d:f8:b3:cb:d5:5a:91:0c:
+                    90:47:59:e3:5e:78:82:93:6c:db:82:7e:22:72:5c:
+                    47:8e:d9:49:2a:69:9e:d8:f1:70:37:d0:69:82:05:
+                    42:12:02:d7:f2:78:b9:88:ea:fe:92:9a:d5:20:b4:
+                    db:8a:e8:54:eb:61:26:05:dd:31:59:b2:e1:93:9a:
+                    43:82:c0:55:ff:d4:8c:d0:ba:bd:f6:c4:9a:58:73:
+                    14:3b:96:aa:01:fe:2d:c9:7f:f7:b5:93:2e:a7:19:
+                    7f:60:ab:01:e7:b1:2a:1a:a2:4e:85:a6:d9:7b:92:
+                    7a:ce:e3:de:50:ac:8f:65:d5:6d:9d:5e:2b:d1:86:
+                    de:07:22:56:18:05:52:57:85:ca:ce:25:80:69:2f:
+                    37:74:dc:ca:3e:42:d9:05:f7:c4:5a:77:26:d3:ec:
+                    52:2e:02:52:61:00:c4:06:a8:fa:4d:23:42:83:76:
+                    30:6f:3d:4e:7a:a6:17:fe:5e:06:a5:87:a1:37:da:
+                    fb:bc:87
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                2E:C4:A7:97:A0:8C:78:B9:B3:25:0E:B0:C4:AE:A4:40:6A:82:A7:3F
+            X509v3 Authority Key Identifier: 
+                keyid:EA:67:95:94:1D:46:8E:44:BF:97:A4:09:BD:40:3D:00:D9:D3:EE:40
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+                serial:EB:02:53:87:4C:0D:73:5F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         67:e7:39:57:e2:ee:56:68:74:6d:54:4f:0d:1d:c1:c3:21:3a:
+         4c:ef:e3:31:40:ae:9b:e7:af:1c:23:ea:58:e2:fa:97:fe:e3:
+         01:b8:32:ba:0b:0b:19:49:03:92:d3:86:df:e5:57:d7:d5:51:
+         00:28:51:11:fd:23:e8:a1:51:47:28:06:29:4a:17:c5:93:3a:
+         b8:5f:91:58:a9:4d:af:90:7d:ca:15:e0:03:3e:a0:2e:1b:89:
+         ba:cb:91:8f:ed:50:7a:7b:a7:8e:54:48:54:36:92:1d:81:6b:
+         07:8b:fa:73:e1:16:30:3c:ad:2a:92:b7:15:03:78:81:27:99:
+         36:be:f7:cd:91:64:25:90:27:2b:76:70:77:ff:a4:c8:c8:79:
+         2d:8d:39:1c:6c:56:c5:7b:5c:b2:0a:e6:77:e2:14:2e:21:6e:
+         c5:61:08:37:9e:89:e8:e2:c2:06:9c:ce:93:b6:2b:82:e9:db:
+         ee:d9:1c:1e:ce:1b:40:a1:c9:b1:a7:76:ba:96:80:2a:36:40:
+         e2:f0:3d:68:cb:cc:8e:b3:0f:62:14:95:0c:c7:34:cf:e0:b8:
+         94:d2:79:32:a0:ba:07:d9:a7:10:be:84:fb:4a:dd:d0:40:07:
+         5f:8f:bb:52:70:4f:46:be:73:cf:0e:29:11:2a:52:b3:e3:57:
+         b0:72:6e:a3:47:62:1f:53:d5:c7:8a:32:54:13:0b:68:8e:d6:
+         8f:ff:2d:43:6c:0b:ac:38:d6:81:6f:a4:57:69:3c:27:28:da:
+         60:42:01:aa:b9:4e:31:8a:de:47:c5:5c:b2:1c:9f:94:8e:93:
+         b8:3e:85:f0:d6:a6:45:49:3a:14:d7:ae:d2:f3:57:c0:04:95:
+         b8:0d:82:f1:f5:a4:90:c6:32:2e:72:b2:b4:5c:56:9e:fb:7a:
+         16:a5:21:ac:8e:e3:c2:48:98:73:04:da:73:b9:04:14:09:7d:
+         55:b9:53:71:62:94:4a:ee:49:7a:73:6c:4b:5e:02:5d:8d:ef:
+         6d:60:d9:e9:69:29:10:97:a9:fd:4d:9d:d0:9c:c8:a7:26:0d:
+         7f:c2:b2:e9:95:17:7b:31:25:7e:43:e6:2f:ee:23:c3:b1:7c:
+         d5:0e:1c:5c:5c:49:f2:ca:1d:06:e6:ec:eb:40:21:8a:8c:59:
+         b4:e0:9a:08:fa:f5:35:34:bd:1c:c5:e8:dd:f4:d5:ff:7b:ac:
+         5b:19:15:d7:5d:09:1c:fe:25:07:e7:b0:7e:ad:4a:e0:78:05:
+         8d:2a:b8:7c:d2:9a:4d:19:0b:d5:15:03:f9:c6:fe:bd:2f:6c:
+         de:26:3b:1e:38:44:6f:77:13:7b:b5:09:3a:b3:bc:54:fa:38:
+         56:05:ae:58:35:58:53:85
+-----BEGIN CERTIFICATE-----
+MIIHIjCCBQqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
+MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODAyMDYxMzM3NTRaFw0zODAyMDYxMzM3NTRaMIGiMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLUFLLWNo
+cmlzMQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAm9o3YQBBbQtW48vI
+VigK2757feiRej46t4mRxAERSB3J+XAookCyrouPslZ1eV+yb5Yf4riDwXWz+dJC
+RKLGA0jFCRf8dxPPOqeyczkQB7k7oCjo2oIHhxeGk5W/+l0qOWiMbtWO/ZvObCgT
+ijPwarQXBz/RfaWl/KDjJnNJCrrXhG+kU+zv5xc7yrad0ohCFtzAUN5e0sWIuSjw
+A9dehs28WX7i1tWj7c+X3trgzcgNlvoGxbxtedBlq2717qmI3Y77LHZIcxC3WosF
+rJLfzqfImOLEEKFK95u4wLlZlJ2olVlJ4ckp1p4Z97Soqp6SBLplEUi7+C7sCKSz
+Ny4u0tZKzvzeFRh4NJe5luPBmPkPZ33qTRK68n/0nmGB5GHf7lXWF7NLwBuvMJ9/
+p5OBZhQtCH6DXddXXCHyQ0nfUJpYLfizy9VakQyQR1njXniCk2zbgn4iclxHjtlJ
+Kmme2PFwN9BpggVCEgLX8ni5iOr+kprVILTbiuhU62EmBd0xWbLhk5pDgsBV/9SM
+0Lq99sSaWHMUO5aqAf4tyX/3tZMupxl/YKsB57EqGqJOhabZe5J6zuPeUKyPZdVt
+nV4r0YbeByJWGAVSV4XKziWAaS83dNzKPkLZBffEWncm0+xSLgJSYQDEBqj6TSNC
+g3Ywbz1OeqYX/l4GpYehN9r7vIcCAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
+YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQULsSnl6CMeLmzJQ6wxK6kQGqCpz8wgdEGA1UdIwSByTCBxoAU6meVlB1G
+jkS/l6QJvUA9ANnT7kChgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQ
+TiBBSzEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDrAlOHTA1zXzAT
+BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hy
+aXMwDQYJKoZIhvcNAQELBQADggIBAGfnOVfi7lZodG1UTw0dwcMhOkzv4zFArpvn
+rxwj6lji+pf+4wG4MroLCxlJA5LTht/lV9fVUQAoURH9I+ihUUcoBilKF8WTOrhf
+kVipTa+QfcoV4AM+oC4bibrLkY/tUHp7p45USFQ2kh2BaweL+nPhFjA8rSqStxUD
+eIEnmTa+982RZCWQJyt2cHf/pMjIeS2NORxsVsV7XLIK5nfiFC4hbsVhCDeeieji
+wgaczpO2K4Lp2+7ZHB7OG0ChybGndrqWgCo2QOLwPWjLzI6zD2IUlQzHNM/guJTS
+eTKgugfZpxC+hPtK3dBAB1+Pu1JwT0a+c88OKREqUrPjV7BybqNHYh9T1ceKMlQT
+C2iO1o//LUNsC6w41oFvpFdpPCco2mBCAaq5TjGK3kfFXLIcn5SOk7g+hfDWpkVJ
+OhTXrtLzV8AElbgNgvH1pJDGMi5ysrRcVp77ehalIayO48JImHME2nO5BBQJfVW5
+U3FilEruSXpzbEteAl2N721g2elpKRCXqf1NndCcyKcmDX/CsumVF3sxJX5D5i/u
+I8OxfNUOHFxcSfLKHQbm7OtAIYqMWbTgmgj69TU0vRzF6N301f97rFsZFdddCRz+
+JQfnsH6tSuB4BY0quHzSmk0ZC9UVA/nG/r0vbN4mOx44RG93E3u1CTqzvFT6OFYF
+rlg1WFOF
+-----END CERTIFICATE-----
diff --git a/AK/openvpn/ak/keys/chris.csr b/AK/openvpn/ak/keys/chris.csr
new file mode 100644
index 0000000..64cbef3
--- /dev/null
+++ b/AK/openvpn/ak/keys/chris.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6DCCAtACAQAwgaIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRUwEwYDVQQDEwxWUE4tQUstY2hyaXMxDzANBgNVBCkTBlZQTiBB
+SzEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCb2jdhAEFtC1bjy8hWKArbvnt96JF6Pjq3iZHEARFI
+Hcn5cCiiQLKui4+yVnV5X7Jvlh/iuIPBdbP50kJEosYDSMUJF/x3E886p7JzORAH
+uTugKOjaggeHF4aTlb/6XSo5aIxu1Y79m85sKBOKM/BqtBcHP9F9paX8oOMmc0kK
+uteEb6RT7O/nFzvKtp3SiEIW3MBQ3l7SxYi5KPAD116GzbxZfuLW1aPtz5fe2uDN
+yA2W+gbFvG150GWrbvXuqYjdjvssdkhzELdaiwWskt/Op8iY4sQQoUr3m7jAuVmU
+naiVWUnhySnWnhn3tKiqnpIEumURSLv4LuwIpLM3Li7S1krO/N4VGHg0l7mW48GY
++Q9nfepNErryf/SeYYHkYd/uVdYXs0vAG68wn3+nk4FmFC0IfoNd11dcIfJDSd9Q
+mlgt+LPL1VqRDJBHWeNeeIKTbNuCfiJyXEeO2UkqaZ7Y8XA30GmCBUISAtfyeLmI
+6v6SmtUgtNuK6FTrYSYF3TFZsuGTmkOCwFX/1IzQur32xJpYcxQ7lqoB/i3Jf/e1
+ky6nGX9gqwHnsSoaok6Fptl7knrO495QrI9l1W2dXivRht4HIlYYBVJXhcrOJYBp
+Lzd03Mo+QtkF98RadybT7FIuAlJhAMQGqPpNI0KDdjBvPU56phf+Xgalh6E32vu8
+hwIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAGhjr8r2wIjgRUBCHjdtz8PpAiCs
+EcsgSy8gPqueiora4B6IVMtHu1x/SahQRUASzBDrwaRuo+6nppiVfNOEa2ep63Gb
+AKnn1RzhPLAUpSkUBeFW0yNdbaNTReDUvlNTLNMxqQDL1DcWWer1GjIz3+lw7E5w
+mzwDOhyIh4LYCnRCC5wzeOABys5XDgo/KJsBQSbMRRsvsE/Q52GS0+giVZ6RZydu
+efkugGAAocvxPGlYSMScjwZVwqvbjTMnjq4NKMp38Z0RjwzBqZJ2UMEx4ZRUrlke
+SFvRT7m8zLe9fdBJLD+tVEBVyeyhNooGMSf0EKtqp78WpEfSIoFDg/CAXJi5+CCE
+MeelEI6bh6H7YTyNGsqgVJokFq/SYwiPBRSOty0yVn4HY1TMGPVT245ytnyJ1IaA
+e3eBF7RK4okXyVmsCsVYHM1qLroLOKcJvNVXkVuVw2FsyAooSmGHENRYTeYseGIo
+CmZOMuHc2CeimB8rHcZEN8aVyeE34EqNNAALQD+wL46XcdkO/P2MRbvBbCnc/7hH
+ocs8vL7idg14wk0bZTJI2Cb8RHdbUaFBRoUHGU+bwM7FK2J+KVRrTNAJBx0eeNQ3
+cvR6MRCl9Qt3/Ug/QmCWzxkmJ1b9oXWRR9YZBGyli0ODGKAJReo/q3tg1MOQosB5
+e90Bda4vLDdfzUk5
+-----END CERTIFICATE REQUEST-----
diff --git a/AK/openvpn/ak/keys/chris.key b/AK/openvpn/ak/keys/chris.key
new file mode 100644
index 0000000..1e7bfc7
--- /dev/null
+++ b/AK/openvpn/ak/keys/chris.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI8D+IDkooTeUCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOeFJGd9/t0cBIIJSBRyHxbI/0Jv
+mraoNvyjbi4l27LhE8fsI6p7f5YIg2kMATDHyrnt4uPUnv8d1ah+C39TdNpu9Sbt
+HPEljwfULWlkWQbkCvvESfIufjhdiIphA4krzxTdofs/afR24v6HehYa2F9rnWoH
+iEb+c0El8YV+AvWU7mp1Mr3l6DYGvnioSGm6a+G1Ww2RouKFKAOSsKE2ozUNGAsr
+jXROHfpk4MdlsZBySHuMfmatoDyPYEYcnvJ67n378aShBb4OXP15Q4qY3O4nnwe4
+/QeBSjiuumcJE3Xu+QpiyftnaPH4jgOiCKqUQtXIgTzR0MbosE5epsvZHj0BeCGF
+VUq52VV6sFnsOphairq186juiFs3HRIfW1xcjk8uQVk88gKf/JswYDeBvXxRfOde
+gO2LhE9Q1Jej4buqet0xWuVe4r3YAcittfesXrsVjx+9NJPujBm5Iz/wbW72xo0J
++OqLQiq9DOcO/K7Gzt6x6TJ1VfG1bbAii52YyOK5acCzJFPp/C385jTv7yF8NGDY
+E6ROoGzU5jMkLs0WYiJvQimMeX4rPWXxVyCCerSyBFAfSDkY++9yXjjtgWICDYzd
+GJKOSnp52T1gHEf+IPdxUwPm6MrVcbY+dQqyXXSeKZdGkPuRK5WVz8qtAIAMvoKo
+jjSI55MLhxSGdJFX0nYOfbzU4LTlnKeTzSby929dyWwDu1/tRVzhWkiyDCBxUVkA
+MXc6csOSRm9gV4lgILQlc+XLTa+5mOdCz//sP49DdoiPuosclRfJPQp1LIXGoKm6
+s0Qwvw6hpa5aPUrzDpAtgA6j59YZU1QSE57vYUNVoyDJo/6X/bk0hwh+LE18XC6l
+KchLtOWf3D8Ca2TLWpIsUWuW7zuySG35A5OQhmzJXe7Fbx02MW1ppvDDRP6t366a
+qMlIQgQYhN9Bj3lNYdrMragqURfUQhCTWQG5CXfbKXgQHSQsA8F0XnpmtXq9gtaq
+7foW3ecw6asOfTM2imgTfLGFtkybRfA0ZInUgz2WSikZwrG7wIjeSJ0OIg4ckI9y
+bKLDMwNJGeyGZcdcsJVBxjaKje0Il9UZJxJGQ+p+BAj82cWrMFbloVNgnHEcOu5v
+KI88ucMUTOaPS/bPSo2Orj5UQIID/2lqymoqXvFLqX2ftYQT/xkGFdm2cjB/7x3T
+jsvFZezPjUcWp5t0oJncER0vWM29aTSwWyybyeGX1TWrvul85aRBr3RU4OZ2e/9P
+/W4g/pDXDuuYxqIWkxwAlcuncmcb0OfR+GBKelIPKsItlyoBS2tRFAaUCjItV4PJ
+PAopqedq4QT4mypmw+5MKObRqfdpxDoKCHzJhakDmw77miXdON2V1M7xWk+kfD9B
+H8t1QdJyzB87FQwsXlrMVh1jF+m0PIytM3l4DNqIft8AYEulbinkeB67XAhWGIqo
+IAmxhYpFfhWxmECDwUQ+nrrz6jW0LJtZKwUITH5C42BBw0I5OmVJhYNlStj8VayR
+ykkAeoiC361DKvlqHabh6KRZT/yhNtQ2TH13UGgOBDeXUQMGaKhYmdUiEjnuek4P
+lbu4cG1BtjIHtpD1LRON29rvRGw44FEEeuxmd+KyJfLdJWJQ/zjXg3owM/cZzAum
+t1qbMwxEE/EZJdRhD5cyVoWiAiFmgRfjPpv3CUCPP88QvdueRURe+i53TbqFGVqR
+dRs5hC6gjJ/nTnmF5ZjsbYqy+IKWCiGNjZA8P3pKzgXY4J45y6rRD8HNVZqWzIen
+rD2OOpvchPVCJPJUk5L7AreaMZENAyciKuLtBOp+D2INo+exE+IVaBtM5NeNnKXn
+7veiczJguLkUXMQXyxYLv7J49RbAA2WQNRcbLGuJklFVkyWYdtB+nGejMdiHjkri
+bVJcGazlJmFXhBhwEHROEJW3SOLcPwsfxjDE7LmzF80uCZbG6HFDVjPkyGZGz6y5
+g9+Kh4dQuboCT+3nhGYTUxcRe6FzHWBplq/tBPmyJNeTCvNBpOD8xVlNOi/2PUTx
+FsaIE3XGnJH9E5GpLoYA9K6oHW0w1rb7U5P0Z9arTKhPyeQYlUJwNjrLUAw++pgl
+QfY3MR8VMLAzZ/jbp0k30JE2SPAE8Bnoe3U0oQOwhGJCS36hQnMsWtW+CF+OIeV1
+Uwz+OysJKWQbB1QLUDYN36D5XRIwwcDyt3+RIl34hSai8PWC/IA52SytS8d0z+bc
+L4bavw/5JNVgGTmrMYYvFa2vY2f5VHoLnfdB7hnZJzHfbkpziuD4qB9Q/bxmywDF
+lYnZq19t2LHtE+z8Arv+NEhJULUz86O7bZq2PjWe46FhNwzVxZdtsJWH/KSg137S
+DcdAc7a4yNk3602EFBUTIKWeEuEr6SsPG9IjBq6gZbCiPbSRj8EhH8pk2d40/64B
+1ZMS/7Qd1qES1G/ggC7Xby0ggRGR9D8Uu9Ismd6EOZ1pnNP8bfeajnCyNo17MAsH
+I/2W2ZF847wjoC8kmPHxWiN3pbGaHeZb4bwNw5PxuQboGxY4nR8yf7qxOgv4ST7T
+08V+nDawKDL43vSz9cWK6Q0Cdhpsc6H72rv3eMXcQ9+6oOrsG/VsqNtUxXX0dAUB
+nqlgPLfmyneVJwBfRboDEicxEvsJtxLDNe5PKyYk1ilCmD1vi8hWu9JPp4LBmLgm
+wr9HEL0qNz8E8QLQkBPxmdOXH4bx9bagN2/TMd7As9h2klZ1gru+Vq9VZ7/gE+gh
+kbG5VlmhGQycNP2b0JZauA9fsNwAFEqsHczGw7fKdtAscm4b09DJe3o8gpdVqIFe
+qi+zdZl9NhUyvcNU67hfoTxe7hmy2Ht7hkrNnlUfCPPLIip6a75TiEOUsZMpEHBV
+h2NNoWmnOBiFT8ptA9vSAuJZifrsjK3DPDuLIN6Le/XAMLOMA2mYdxA/fB6A67Vc
+9Sr/DgK6DCTZ1Z3PaND6W+tY6LM73LfolSPOGYGcL10F0exEcIkWDEF9z3lqfUrg
+mPnbi3GzA/zFz0HE8+4wcb9zUzmfunaZGSemPXVtDkco/UgsTOfduyV7C2FDYhTQ
+yXlrj+lZYazKF2wu7kDvho4kmudkKTmfsv6/1k2+GybWisNIQmxCe8KsjZVB+f9E
+dQq6AzY/4SWMmC2h0E9ou5x4qWiVZPyX6l5dN9kmkwleGZQf/kTJaL5SKcR8RFy7
+v0RsRna9sOxc6YrsiqAeGg==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/AK/openvpn/ak/keys/crl.pem b/AK/openvpn/ak/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/AK/openvpn/ak/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/AK/openvpn/ak/keys/dh4096.pem b/AK/openvpn/ak/keys/dh4096.pem
new file mode 100644
index 0000000..0ba05ac
--- /dev/null
+++ b/AK/openvpn/ak/keys/dh4096.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAmxffquckZfZCrGEUJ5w3NnbbyHYlpyaqhZw9HumlHGhKq2K8bnIq
+fTwPNvpUqYK14yJxjbw2ZZIEQhP5qacYeWVLHGOegjqgWgGzZZUgnbBzfrvzFVEQ
+ewif3TFNpFN9k53or+MyWyORs/XdpOO0TalkTdwWprk3fAPJBgE3ExXremHp7qgI
+KfLWHTF1vGPuzgLYnYFSymcEgJhbt6VoS3LmwccoTkycvyXoz0M5w9gwMao0rJJh
+mCeLE1vgbQBJkMw6EU59HS68TmNvAEzwzg7MWWORVzl047/8MukFGqWbdJdhVqd3
+TilZWOdv44r0d0R+TdlT/+zMrDwYOfh/E72ofxGcf7awz4AekmL4kEg1yUX2biiF
+Ex2A09wGklSJWrGr/k2zTSx0I6gBso2Y/8MFaUnTsBM6XEPD+CpDvEc1y++aDUyP
+UvBdL9tqwNZ44u8ijWjxyqdUmUKo+wBCK0ztH2yl07bL5CJxqIGFjZpoIj4WKskI
+OM5bIoyDEcK5qVJxfCBmuszhcQh254iS7xZkzZ/sDyN2L3B6v+rYgK8OUAK0gIOY
+f4iHtiPVG9Xxpt4XniAcvs9VB/aYOhgCMdTg5CVQXyK66fnTgicslU9smMOoGDew
+ARruSU55xTFZb9Fi6nu7XZbodP1ANUGZROvl0V8zyoq89LLoMSVtIvsCAQI=
+-----END DH PARAMETERS-----
diff --git a/AK/openvpn/ak/keys/index.txt b/AK/openvpn/ak/keys/index.txt
new file mode 100644
index 0000000..2f26faa
--- /dev/null
+++ b/AK/openvpn/ak/keys/index.txt
@@ -0,0 +1,2 @@
+V	380206123716Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK-server/name=VPN AK/emailAddress=argus@oopen.de
+V	380206133754Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK-chris/name=VPN AK/emailAddress=argus@oopen.de
diff --git a/AK/openvpn/ak/keys/index.txt.attr b/AK/openvpn/ak/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/AK/openvpn/ak/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/AK/openvpn/ak/keys/index.txt.attr.old b/AK/openvpn/ak/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/AK/openvpn/ak/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/AK/openvpn/ak/keys/index.txt.old b/AK/openvpn/ak/keys/index.txt.old
new file mode 100644
index 0000000..7534611
--- /dev/null
+++ b/AK/openvpn/ak/keys/index.txt.old
@@ -0,0 +1 @@
+V	380206123716Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK-server/name=VPN AK/emailAddress=argus@oopen.de
diff --git a/AK/openvpn/ak/keys/serial b/AK/openvpn/ak/keys/serial
new file mode 100644
index 0000000..75016ea
--- /dev/null
+++ b/AK/openvpn/ak/keys/serial
@@ -0,0 +1 @@
+03
diff --git a/AK/openvpn/ak/keys/serial.old b/AK/openvpn/ak/keys/serial.old
new file mode 100644
index 0000000..9e22bcb
--- /dev/null
+++ b/AK/openvpn/ak/keys/serial.old
@@ -0,0 +1 @@
+02
diff --git a/AK/openvpn/ak/keys/server.crt b/AK/openvpn/ak/keys/server.crt
new file mode 100644
index 0000000..c27ffa9
--- /dev/null
+++ b/AK/openvpn/ak/keys/server.crt
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  6 12:37:16 2018 GMT
+            Not After : Feb  6 12:37:16 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK-server/name=VPN AK/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c3:e5:c6:ea:48:8b:ac:0a:03:79:75:38:5b:f0:
+                    4a:42:eb:30:af:31:fe:cd:81:25:29:7d:eb:7c:fb:
+                    2d:fe:73:f3:3a:bd:fc:fa:09:c7:36:3a:dc:52:22:
+                    d3:7f:01:d3:3d:c3:86:01:c0:ec:76:6a:89:0c:49:
+                    e9:12:41:72:8e:41:b0:35:23:d0:35:5f:21:00:3f:
+                    be:80:03:ac:e2:f8:05:3a:bc:19:0a:48:13:8a:56:
+                    4d:65:ea:9a:8d:00:51:52:4f:8c:1f:8a:fa:bd:39:
+                    41:e2:7e:a6:d9:5c:42:a6:40:2a:88:59:54:91:5b:
+                    6d:69:ec:21:84:aa:fa:41:75:7b:8d:08:1f:7a:f9:
+                    71:60:73:60:9b:31:73:32:27:5c:34:2e:7f:ff:f8:
+                    be:26:eb:dd:aa:c1:b6:c2:70:d1:90:b5:47:e3:c9:
+                    2e:d3:bc:3d:11:69:58:aa:36:93:1a:11:b5:94:ca:
+                    e2:44:1a:9b:4d:3b:04:63:cd:d8:28:57:8c:f6:35:
+                    70:bd:fe:bb:ef:8c:95:82:91:a8:c1:2a:8d:d4:77:
+                    57:64:a5:cc:57:f3:b1:8a:2f:52:d8:d8:8d:e2:e1:
+                    3c:21:49:bf:b0:42:71:3a:71:cf:4f:5a:18:99:79:
+                    44:d1:72:06:4a:7d:30:29:fe:a7:43:2c:92:23:9b:
+                    69:2f:d2:88:3c:6c:c9:d1:8e:cd:d3:5d:24:3e:c9:
+                    f3:b5:8b:60:99:48:ff:90:bf:ad:f3:f7:3b:c6:7d:
+                    27:8f:d2:b8:88:02:0a:03:91:8a:3d:3c:25:53:6d:
+                    07:59:6c:b1:0d:f8:e5:93:02:58:54:60:0b:29:08:
+                    39:92:71:01:dc:0d:8d:b2:94:87:4b:08:39:20:cf:
+                    a7:e5:3b:66:91:c5:01:15:3c:2c:df:6a:9d:4b:48:
+                    b5:5e:fa:3f:6d:49:11:2b:92:bc:7a:46:70:b0:cf:
+                    cd:79:be:90:e1:ce:41:fa:43:31:cd:bb:b7:34:5f:
+                    c7:71:80:75:83:6e:f6:45:a0:ee:a7:b4:de:43:f1:
+                    fc:df:19:d8:6d:00:b5:ae:59:17:f7:7d:19:cd:c8:
+                    b7:4a:92:da:6d:ad:3c:d5:b0:db:6e:5b:b8:2d:62:
+                    d5:5f:e4:23:b0:65:8c:b5:da:d8:27:0a:34:9e:32:
+                    02:7e:bc:89:39:aa:7f:b2:07:26:2e:39:0a:21:c6:
+                    da:4e:d2:cf:53:45:9f:c2:9c:d0:c6:86:37:20:60:
+                    9c:7d:14:3a:2f:1c:5c:50:36:5d:d3:15:2e:94:f1:
+                    04:b8:22:4b:c9:85:6a:ec:59:ec:e2:01:e3:c9:e1:
+                    02:56:40:c1:8f:01:61:68:26:72:89:de:ba:29:2f:
+                    15:8f:d5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                3F:C0:FA:95:43:C6:88:A3:2E:18:8E:43:3C:BA:1C:97:2F:70:C7:59
+            X509v3 Authority Key Identifier: 
+                keyid:EA:67:95:94:1D:46:8E:44:BF:97:A4:09:BD:40:3D:00:D9:D3:EE:40
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+                serial:EB:02:53:87:4C:0D:73:5F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         14:3a:a6:f8:86:88:7c:db:9b:ce:b1:59:57:de:3e:e0:34:7d:
+         ce:a3:95:15:f8:89:54:e3:d4:02:0e:b8:51:35:14:4d:e9:31:
+         21:25:3c:77:55:d4:b2:9b:f0:d5:b1:80:6d:ef:e7:86:f4:e7:
+         e9:03:5a:12:c2:5b:42:e5:90:8a:8e:e5:f9:83:13:6d:60:43:
+         aa:13:1f:f2:99:3d:66:84:ec:21:1f:68:a6:b5:64:ad:c3:e2:
+         d0:6f:96:9f:eb:37:94:12:a7:89:94:de:5c:69:4c:8f:f8:75:
+         b8:76:c7:81:c7:88:81:34:6d:cf:ea:23:eb:05:87:a1:fd:d7:
+         e8:88:a0:34:81:f4:15:a6:cb:ff:53:47:10:e6:04:86:49:09:
+         7e:0f:ed:0c:47:5a:df:bc:a3:23:ed:80:4d:e0:88:81:be:32:
+         1c:0f:16:c6:c0:6e:0c:d7:24:63:1e:88:e2:82:e7:00:f2:a6:
+         0c:01:b1:a6:7e:4d:69:4e:9f:8a:e3:78:12:cb:fa:d2:b9:a6:
+         b7:ac:07:98:9e:38:aa:a8:56:81:9b:06:c2:11:ec:f1:4f:e5:
+         5a:21:45:ed:8f:b1:a0:48:21:e7:ba:7b:5f:5b:a9:7a:51:ca:
+         6d:84:1b:b9:78:38:18:91:9c:e0:ca:0e:97:e0:e7:bd:36:10:
+         ed:c9:80:0a:73:c1:ae:0c:d6:b1:dd:be:fc:7b:a7:83:4f:0d:
+         b6:7c:2f:15:4b:b6:e1:b0:5f:81:bb:c5:4d:3e:fd:84:82:65:
+         65:8a:4e:f5:66:19:e4:4d:9f:31:9d:d2:21:44:7c:9e:ff:55:
+         1f:f3:17:bc:d4:d3:e2:c4:51:fd:f9:f6:b8:b8:53:42:11:94:
+         f0:aa:df:6e:0f:07:0a:1d:2f:31:7a:6e:28:32:63:1d:a7:fa:
+         da:93:9d:37:25:3e:53:f7:f4:f2:e8:97:23:d9:39:dd:1d:39:
+         c1:1c:03:b6:b1:b9:21:6f:ed:a6:c9:b8:e4:aa:f5:6f:d6:33:
+         94:d4:70:e6:c7:e2:38:6c:33:3c:d9:19:4e:af:90:0c:13:f5:
+         b3:d8:fc:7a:21:8a:3e:43:e5:14:3f:4f:72:de:2a:71:13:db:
+         7e:b6:d9:aa:1c:d1:f9:ed:f6:cc:c1:ae:c9:c1:4e:4e:f8:dd:
+         85:ec:4f:b7:7a:7a:90:26:44:8b:a7:8d:67:26:0e:82:02:92:
+         14:d4:ad:38:28:ff:36:e8:59:3e:dc:1a:76:bb:b6:cc:b1:32:
+         d9:44:85:f5:c4:45:db:92:55:54:78:05:88:db:0a:fb:42:17:
+         e0:b7:76:0f:c2:c8:69:67:ed:fb:b4:e8:72:e7:ee:6a:03:d9:
+         8b:4d:22:d5:ed:00:68:6d
+-----BEGIN CERTIFICATE-----
+MIIHPjCCBSagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
+MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODAyMDYxMjM3MTZaFw0zODAyMDYxMjM3MTZaMIGjMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEWMBQGA1UEAxMNVlBOLUFLLXNl
+cnZlcjEPMA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPlxupIi6wKA3l1
+OFvwSkLrMK8x/s2BJSl963z7Lf5z8zq9/PoJxzY63FIi038B0z3DhgHA7HZqiQxJ
+6RJBco5BsDUj0DVfIQA/voADrOL4BTq8GQpIE4pWTWXqmo0AUVJPjB+K+r05QeJ+
+ptlcQqZAKohZVJFbbWnsIYSq+kF1e40IH3r5cWBzYJsxczInXDQuf//4vibr3arB
+tsJw0ZC1R+PJLtO8PRFpWKo2kxoRtZTK4kQam007BGPN2ChXjPY1cL3+u++MlYKR
+qMEqjdR3V2SlzFfzsYovUtjYjeLhPCFJv7BCcTpxz09aGJl5RNFyBkp9MCn+p0Ms
+kiObaS/SiDxsydGOzdNdJD7J87WLYJlI/5C/rfP3O8Z9J4/SuIgCCgORij08JVNt
+B1lssQ345ZMCWFRgCykIOZJxAdwNjbKUh0sIOSDPp+U7ZpHFARU8LN9qnUtItV76
+P21JESuSvHpGcLDPzXm+kOHOQfpDMc27tzRfx3GAdYNu9kWg7qe03kPx/N8Z2G0A
+ta5ZF/d9Gc3It0qS2m2tPNWw225buC1i1V/kI7BljLXa2CcKNJ4yAn68iTmqf7IH
+Ji45CiHG2k7Sz1NFn8Kc0MaGNyBgnH0UOi8cXFA2XdMVLpTxBLgiS8mFauxZ7OIB
+48nhAlZAwY8BYWgmconeuikvFY/VAgMBAAGjggGAMIIBfDAJBgNVHRMEAjAAMBEG
+CWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJh
+dGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUP8D6lUPGiKMuGI5DPLoc
+ly9wx1kwgdEGA1UdIwSByTCBxoAU6meVlB1GjkS/l6QJvUA9ANnT7kChgaKkgZ8w
+gZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8w
+DQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQTiBBSzEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGWCCQDrAlOHTA1zXzATBgNVHSUEDDAKBggrBgEFBQcDATAL
+BgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IC
+AQAUOqb4hoh825vOsVlX3j7gNH3Oo5UV+IlU49QCDrhRNRRN6TEhJTx3VdSym/DV
+sYBt7+eG9OfpA1oSwltC5ZCKjuX5gxNtYEOqEx/ymT1mhOwhH2imtWStw+LQb5af
+6zeUEqeJlN5caUyP+HW4dseBx4iBNG3P6iPrBYeh/dfoiKA0gfQVpsv/U0cQ5gSG
+SQl+D+0MR1rfvKMj7YBN4IiBvjIcDxbGwG4M1yRjHojigucA8qYMAbGmfk1pTp+K
+43gSy/rSuaa3rAeYnjiqqFaBmwbCEezxT+VaIUXtj7GgSCHnuntfW6l6UcpthBu5
+eDgYkZzgyg6X4Oe9NhDtyYAKc8GuDNax3b78e6eDTw22fC8VS7bhsF+Bu8VNPv2E
+gmVlik71ZhnkTZ8xndIhRHye/1Uf8xe81NPixFH9+fa4uFNCEZTwqt9uDwcKHS8x
+em4oMmMdp/rak503JT5T9/Ty6Jcj2TndHTnBHAO2sbkhb+2mybjkqvVv1jOU1HDm
+x+I4bDM82RlOr5AME/Wz2Px6IYo+Q+UUP09y3ipxE9t+ttmqHNH57fbMwa7JwU5O
++N2F7E+3enqQJkSLp41nJg6CApIU1K04KP826Fk+3Bp2u7bMsTLZRIX1xEXbklVU
+eAWI2wr7Qhfgt3YPwshpZ+37tOhy5+5qA9mLTSLV7QBobQ==
+-----END CERTIFICATE-----
diff --git a/AK/openvpn/ak/keys/server.csr b/AK/openvpn/ak/keys/server.csr
new file mode 100644
index 0000000..545b409
--- /dev/null
+++ b/AK/openvpn/ak/keys/server.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6TCCAtECAQAwgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tQUstc2VydmVyMQ8wDQYDVQQpEwZWUE4g
+QUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAw+XG6kiLrAoDeXU4W/BKQuswrzH+zYElKX3rfPst
+/nPzOr38+gnHNjrcUiLTfwHTPcOGAcDsdmqJDEnpEkFyjkGwNSPQNV8hAD++gAOs
+4vgFOrwZCkgTilZNZeqajQBRUk+MH4r6vTlB4n6m2VxCpkAqiFlUkVttaewhhKr6
+QXV7jQgfevlxYHNgmzFzMidcNC5///i+JuvdqsG2wnDRkLVH48ku07w9EWlYqjaT
+GhG1lMriRBqbTTsEY83YKFeM9jVwvf6774yVgpGowSqN1HdXZKXMV/Oxii9S2NiN
+4uE8IUm/sEJxOnHPT1oYmXlE0XIGSn0wKf6nQyySI5tpL9KIPGzJ0Y7N010kPsnz
+tYtgmUj/kL+t8/c7xn0nj9K4iAIKA5GKPTwlU20HWWyxDfjlkwJYVGALKQg5knEB
+3A2NspSHSwg5IM+n5TtmkcUBFTws32qdS0i1Xvo/bUkRK5K8ekZwsM/Neb6Q4c5B
++kMxzbu3NF/HcYB1g272RaDup7TeQ/H83xnYbQC1rlkX930Zzci3SpLaba081bDb
+blu4LWLVX+QjsGWMtdrYJwo0njICfryJOap/sgcmLjkKIcbaTtLPU0WfwpzQxoY3
+IGCcfRQ6LxxcUDZd0xUulPEEuCJLyYVq7Fns4gHjyeECVkDBjwFhaCZyid66KS8V
+j9UCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQC5aW3rFx5zyYIB//RCPRps8/Mk
+6kVL28rh6PWtHgiftPEc06Zk5eKK9E/4yefavu+vqQXC2ZbhjG/YNUyMeyEOGnmn
+LXXnMSdx/xHvv3LlB6AJC5knkNjtKllXez+t49Q4siB9TFIPUI/6dLZnGNNoWhZk
++HNvcGkXeMKgUxje6B9t7p80PdFJkwSLGinydCWwMU3a9yXKE3Bc/NA6JL2P1flJ
+Pfql2037CgUeOTCuej7mJ0Qfs0kheVjAdJg94A8Yg+Szl3ycmU12UFl3us23Aw30
+R9fF+KFeQsb0OV/IvWwvSgnpKfHUMM+M1SNQezd3fA4d8YC8ayBTXS3VFFzefd12
+x8e58j1fUVpvCDG4+uVfnL3jh4Wndp/t3RQKu8i+VPeuAD80FaH7wsFtPVGtI7UZ
+0NOrC69914a/sMC5MQNTBj4ed9+Lux4Q8afk1UOfBf7vL9CoLpkJINu5MXFz3tGA
+oqtDRLHbcanDoEvveFx8DcYNy6UFpiyqSbxKLBjSlvIfzJJzBmLfinS6JGxOwLv5
+JpqxtEtrG+f18GxThQT8I/57HU6VH1VQ3rUKjN6b3syQVFCdFuNhy6LzgIzHd3wa
+hVlJwrbidnTVxv/69vsAicdwAdPDOmxvZXN4hOj+tMCI8Ez3iiPl8UlJrecC4efh
+sepxiWMN9PHGwj58wA==
+-----END CERTIFICATE REQUEST-----
diff --git a/AK/openvpn/ak/keys/server.key b/AK/openvpn/ak/keys/server.key
new file mode 100644
index 0000000..95c4d52
--- /dev/null
+++ b/AK/openvpn/ak/keys/server.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDD5cbqSIusCgN5
+dThb8EpC6zCvMf7NgSUpfet8+y3+c/M6vfz6Ccc2OtxSItN/AdM9w4YBwOx2aokM
+SekSQXKOQbA1I9A1XyEAP76AA6zi+AU6vBkKSBOKVk1l6pqNAFFST4wfivq9OUHi
+fqbZXEKmQCqIWVSRW21p7CGEqvpBdXuNCB96+XFgc2CbMXMyJ1w0Ln//+L4m692q
+wbbCcNGQtUfjyS7TvD0RaViqNpMaEbWUyuJEGptNOwRjzdgoV4z2NXC9/rvvjJWC
+kajBKo3Ud1dkpcxX87GKL1LY2I3i4TwhSb+wQnE6cc9PWhiZeUTRcgZKfTAp/qdD
+LJIjm2kv0og8bMnRjs3TXSQ+yfO1i2CZSP+Qv63z9zvGfSeP0riIAgoDkYo9PCVT
+bQdZbLEN+OWTAlhUYAspCDmScQHcDY2ylIdLCDkgz6flO2aRxQEVPCzfap1LSLVe
++j9tSRErkrx6RnCwz815vpDhzkH6QzHNu7c0X8dxgHWDbvZFoO6ntN5D8fzfGdht
+ALWuWRf3fRnNyLdKktptrTzVsNtuW7gtYtVf5COwZYy12tgnCjSeMgJ+vIk5qn+y
+ByYuOQohxtpO0s9TRZ/CnNDGhjcgYJx9FDovHFxQNl3TFS6U8QS4IkvJhWrsWezi
+AePJ4QJWQMGPAWFoJnKJ3ropLxWP1QIDAQABAoICAGSW9FEQ90dbzPTtEAeFl1xN
+UC5lyaTUj7SCiA0hHTjvaRHcxK3Pn49lIgS7BUbONR4d7A2ydrlHcx/wQ9Gv8ZbC
+fCyNOzhspJFwKe2p9XiGSokiVOlGoWIDdrLCiKGmbBuL5TO9NYs8f2xCBILQMRkV
+EcH5vMb233PoYD2zXdWG8e41IZUPyPvxwsVt2u0B8QKKbgeOPnXV33jzB1lIfROF
+QmjgwT7QBbuPEIw2gcp9FXRVyWGXF+/MQjDNXhU4/5TdVAr7Zp1W3t6w1Kp7o2BZ
+93IjAI6Y/60pJ61ZZWH+rdWZ/OgQ9ftAvWbNqJwF/SRfHIPbTIQD0vdXR6MpBhU2
+PeqFBVA1+FEuZMqEwCoRqG7+HK0XyT2dpxqwnEn5+JGGC2bn1VvWZJY4iXwNQpMf
+lJj3ybj4WVN4sSiIBsTrNasMomzacwHALxfNkjo945I5U4VMxuBP1ZofBf0gunDT
+Qb9kBXmNN0sveZSRYLq2innU79Tl7cfMvCD8n0in4mhE4dKBifZYOIElYDVKghSj
+No6dzkRXzgesOxH7iiNyCXEe8UD9Flq8/LLb78GEcFR2CmA4l9CgC2w9XvDi3dsM
+BCUZok1eKcOLoD9R5KLDOQPxSgjIl1wKmHqysJEcBBrBiCaN49ebDAyztUAsvZLh
+MU80aau8N2sF+pHZl5/xAoIBAQDmepHNcx+VeNub6HDtW2RYwyuTPM/5seWH6RUq
+414cNmQeY0NSZXun6Zr5tSWka5WNJ2gVjF8EPFMM1HrIEBF6JxtsteMKiy37rKdA
+vgaB2EEO6bn4ZwpHHVhE45eH+qve+cttWoWQ2TjuHEry8XDpKSnkeI24ZJs2TfNZ
+Gv9sbyYMX1SF+Hgs9dZ6NEQj8j1zA3GF/POLNjyBwgbttY5mhkhJOp8AD0gTnrvT
+TJMLuwHag62Y647BgfgeHyhAvEisw9DJZDVmSXLxfoP1UzE95gRNMpcXJju3iH8Q
+s6K0ba1jJTAK8jXoYOitzFeJTpWkI/nwvnS5+KdLtufPqlMfAoIBAQDZlu0mBOR2
+FlIbzlf/gdbMSxUcjYIV/tCUtwPJUBKBgw6RqxhYPt3pEP5OoDfO+el6n/KJdKbO
+LGgeHBVt+m0NV0R2UFhX/n4rRq0KUFyk4ksWPp9vIyLcXVBH/udCv+LEM/sXANN/
+lD8PCtFCEFSX20w9abmBqf9hV5EdP6430myyrHY6SuBxSnZojZD0IAsAWy1WEvas
+8dIXlrG+VtfNLIPv3j7pEzjbDCIRv9/pxOp3NhrJDwG5tDUUymv8JdG5TI5srsSm
+l+8L2BCVyi+ld+KvAY2X+D5KRz6xahcNLBfRmWCfDzvp/N4oOniv5x6d3JkRivDx
+0qcLWQGANdKLAoIBAAeho1ZEK5WNbOgaqDKTxhzSSY0UhGZmJ416gELtSF5yxpni
++4Ws6o1CxOjjwJ1TGp6T4XRlM3g2byGLn40kSw/aX6QX2a6tsRYWP2t7X0fJW04d
+GxVIhCSaqiONzaSo/ivh5YR3bNjA+IuZ0Dl/GRf/Tu3LuBWU7za7GgWnSTHT9FSQ
+i4HsGj6S3Ukqld8C1FoMkSO4nm/LmfFJ9WTFkDOA2r/h+wXLe716kgmLDYtj48nS
+dlsL4awym36T1YdfNKDT0wP4F3SNlgq8/62N1aGRDi9oL2yKzYtkL6Dj8c07nHQd
+9RtHrdVF8C5hB7z6JyZKMqpwA/lsbE2rfr13jE0CggEAXs42+AjLrnQdRIZMq0Rc
+XdkdErrJgmHradCwMqfT2GBNGcUtr019DQ7db0654lHbnBVS7PdJsq2AlBXydF/X
+4icy6kYpp/V37c02mjbXlvQOeVvBxf/OMavqzePPybKn0ItBjQ1MGdty+k/hS2Ko
+KR5hAqUtMcTrQ/OOg+r6MtJZkCQ6wz1au6IRI48DKItJn9caUtWia0pWGvcK7P8T
+ug76UapJSO6aKD8KHSe4HTgyXMzTMOV7//j3494q3MtxrMYhjFM91cR/YG69Ezbs
+ObGZsF0B38RHB8AxHcY20wNyQV4NzmAp39LQzUBk02flXC0A+LbMMuFw7S3TzJQm
+7wKCAQALfyxJuegfxtmOViXFMp5jedBH+KnKegSJVpA70zIF3aNZmZJxoEt6ycq5
+DdsyyGBXeyO8+ezMnarjH78mjYjkBzQ7rjT9UDsVurHe/G7iRiZOqprHLG8doDq0
+EKQY3Tv7Me/gxNtMfK4bbFSMNHmnAGdN694eWMdK+vHmWTsIV8nmnKLnuvtEqjJL
+mOQVKpjYHwuI1UvT5fx8nrSXjAAZgzbhJ4PRyeLcauD+2HexvYlVdJCw6is4F3p3
+hmWdl5ymlriQCeklYGHOB4GTi7vYtqUCluBgAXAG+IqxZyNcHl9bnr+/AZiEza1T
+eLSf7Xmij6hlGsHXShHU2/Rq5iar
+-----END PRIVATE KEY-----
diff --git a/AK/openvpn/ak/keys/ta.key b/AK/openvpn/ak/keys/ta.key
new file mode 100644
index 0000000..77b16bf
--- /dev/null
+++ b/AK/openvpn/ak/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+6ba2290fe261ac9beea46806d40e5667
+f5f0149c4b65bbad8c2c5ee859b29c49
+ea7edf2232bd81b43f1e9409d4c39d92
+de7d1d585330fdf6a617531896bff6af
+7cb96947de1e4153efc626fa93641f60
+7f3ce648d309155f2724318b119e6212
+d8f736d8997ee84ed55050d526c2849e
+685c531da93df302ee6ec2cf6c32c2c7
+0a08aee8d9efc3ef0a2a3611b92dcc88
+13aba6c2a566f297bbb63470b4cc098a
+e8631344b68825a1299101e3d0995274
+f0b404ed4a34579ceb3235a7f7597158
+ed052b0d74f3fca57344151330858dd4
+741deb038c30416db61b6ebd984957f2
+f5483a7dc8ac95c5d5a0ca9fa8f26901
+f85d64bac4b39ed010e52c07f0d30b68
+-----END OpenVPN Static key V1-----
diff --git a/AK/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-AK-gw-ckubu b/AK/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-AK-gw-ckubu
new file mode 100644
index 0000000..0c9ad7b
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-AK-gw-ckubu
@@ -0,0 +1,3 @@
+ifconfig-push 10.1.0.2 255.255.255.0
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0
diff --git a/AK/openvpn/gw-ckubu/crl.pem b/AK/openvpn/gw-ckubu/crl.pem
new file mode 100644
index 0000000..f891b16
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/crl.pem
@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC5TCBzjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEPMA0GA1UEKRMG
+VlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZRcNMTgwMjA2MTMz
+MDQ3WhgPMjA1MDAyMDYxMzMwNDdaMA0GCSqGSIb3DQEBCwUAA4ICAQCg8eMriESd
+fkBH1MRBGj3H7adLmuaI2h3eOMvzFo2wr6jR6JKBwBSzcA/ySEr+bHZkJ0fPgOCJ
+wmyajWh7gQhtdzJYCxVPca3l7g/sd9i62+mRKCvEj3LSHXIMt3oQYAXzWQsSRxX6
+/oggV5fthr6t7Eu8a9FwBbzJDf6UGMYpqlLolO1N1CsyEVKQT3WogvlOSn5qjXDq
+fKMBqKdN4Ni8/1RT7UGRlGHaRx3J84xhn68njNAxWjcAA21KqNXH3JLMC0G62HSb
+4jWNH9yKpSw8GQ0O3qpXeZwLblCyWVmMSlh/o2QgOqBskEjR0qPD7mqfBXVj4YJl
+pGoiEsSgmeMHeqs24VuIU051+yAmJeI9E9F85C2ExUqkCR6NdfE0SI5SfgC7KN65
+RlCC/mIFB5vLXJRRriEjEIhP7iaj43GlL+f86ZIUhKEn3zjFDvj0cba1D5CFMq2v
+jhkbd6cGVUcS0ebqdca2FdVMUumXC+AmXQswfbBVAR4lYNDkenacxm2F7Uljlmdp
+FQmAfLUBOXkSnU7Yy9Sz+9CANc+xQn854+WTATkjx8B2UckEsYB1ZI7qwWODs8M0
+5gupokTLmOta7sDk1ghS/iL+1rx8dadrLaniQczgtN5Izicu6zXdfqv/w0a8lbGr
+JhhqczL4Gu3WW4FTmkwAmq7wArJil1zLaA==
+-----END X509 CRL-----
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/build-ca b/AK/openvpn/gw-ckubu/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/build-dh b/AK/openvpn/gw-ckubu/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/build-inter b/AK/openvpn/gw-ckubu/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/build-key b/AK/openvpn/gw-ckubu/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/build-key-pass b/AK/openvpn/gw-ckubu/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12 b/AK/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/build-key-server b/AK/openvpn/gw-ckubu/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/build-req b/AK/openvpn/gw-ckubu/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/build-req-pass b/AK/openvpn/gw-ckubu/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/clean-all b/AK/openvpn/gw-ckubu/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/inherit-inter b/AK/openvpn/gw-ckubu/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/list-crl b/AK/openvpn/gw-ckubu/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf b/AK/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf b/AK/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf b/AK/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..30689ad
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG b/AK/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
new file mode 100644
index 0000000..c301e44
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/openssl.cnf b/AK/openvpn/gw-ckubu/easy-rsa/openssl.cnf
new file mode 120000
index 0000000..929baa7
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/openssl.cnf
@@ -0,0 +1 @@
+/etc/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/pkitool b/AK/openvpn/gw-ckubu/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/revoke-full b/AK/openvpn/gw-ckubu/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/sign-req b/AK/openvpn/gw-ckubu/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/vars b/AK/openvpn/gw-ckubu/easy-rsa/vars
new file mode 100644
index 0000000..ddfb752
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/vars
@@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/gw-ckubu"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="o.open"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="argus@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN AK"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-AK"
+
+export KEY_ALTNAMES="VPN AK"
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/vars.2018-02-06-1337 b/AK/openvpn/gw-ckubu/easy-rsa/vars.2018-02-06-1337
new file mode 100644
index 0000000..e60420c
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/vars.2018-02-06-1337
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/AK/openvpn/gw-ckubu/easy-rsa/whichopensslcnf b/AK/openvpn/gw-ckubu/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/gw-ckubu.conf b/AK/openvpn/gw-ckubu/gw-ckubu.conf
new file mode 100644
index 0000000..e36a6e4
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/gw-ckubu.conf
@@ -0,0 +1,257 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-ak.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGxjCCBK6gAwIBAgIJALRp90TzgA00MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLUFLMQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMCAXDTE4MDIwNjEyNDAwN1oYDzIwNTAwMjA2MTI0MDA3WjCBnDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
+BlZQTi1BSzEPMA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOMNalpNk0cB
+wPdZemz4r4TIhtRSxZEEg9yhTRo9LdMa6oNo1gpg3/60n9nBtA0cDnllx7Z37PvC
+Pg4RJksrB2ZYOB3oSo8LoMzlA0lZl4AMKnxau1ZJI8OB9Ia+6uJxBnpwVULsL4sx
+ds9pHsnXU74UWgdZPAHsfWhogMtk8TsikLFv7P6oxg3fXeVriWP/SUETTWHgSD3x
+gPsnrcGqlCPcfb/mH5SU+v+ge+iue0BXe/1OZkJDHdj5vLZ4MiUCiVVslX36uqti
+sI3Jt2OyF9XQwu5wms3ioW3XydpPmbisRuI7qrTdnmT1iVhbk29eQK/yHrXvuuXQ
+i6PQAirBtMYD8tx5FbMJ6ueDcm0jTVedfHtdkWkBY84bBnecF7ys000fDzJs1YH2
+SP3cb0KbREG2RE5BE1OgUgg8odbJ7/K+Tp0VKEbJAZCwpaw+qAU9xfH3pDoSX+iD
+N+SXxnjSpamwGYmx+PGpwIe3RnlEx8XUcMbEBq5grq7aR7tYd5qh1NKTUKleGucD
+1izZeGLLkh81Gpx+KFXNm7lk3WDx3dqUXc3tJgpZsZJc3VI3UjO5WaYlrdTc6IQs
+3rD0rOGrETI/utLQI9PNFSis00h2LmcPVnEL0N/W71kHeOuytr1Tg1FyFGY7Wbth
+bei4c14kNkVUk1Ncfl07pMR+/i9yee3DAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
+EHXXKayMfThSNCInVWJK275Iub8wgdEGA1UdIwSByTCBxoAUEHXXKayMfThSNCIn
+VWJK275Iub+hgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQTiBBSzEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC0afdE84ANNDAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBIgCBt6v6t2HSqwkLKjgR1c2cDViPe
+WmX8E8maqaDIUopyvNzsZCXjqZ1RNnIHgFKZyZqXSzXRGHbUiohJ4WkkOy+QV64L
+/LUizsZkMJasjYQgcDcXu5sN9mIzGW6C5myjwtSYBWITPxLsedOQLIhYulLrCBa0
+A/gs/gfODm0opsCOuvQn33psUyLda/k9BE/9EHmOg37IRh/rQi3dyQaW2DGfCgZc
+GSIMsxobp4QbdUTJyyIoJW/ZK20Mam+IWNhptqCX/SXlx0pzakkdAulwMtUCPwyD
+8IJEy5ST+qBoctg1mSLts14ZYM63NRYKPfnSUN1JfQE5Sl624c8koVJcKjFnPdII
+cFwo9R+SQFDfTva/xRC8Ydwp1C8V+wnXtM9B1aigule5MXe8CQE4PZjG1Bh7992x
+GcKGBCWR/8JmfipvH4EJ9brS4ZsQ5snfJImBtmmVxSjXn1aE77UYNEp8GF2vW8CV
+7j+neVQtQdA16tXYH4bWy4MCpVCuoBj2ffTkN/5cp9xWHt9D1w73LxXHMEWoQojF
+cOeUda1VSwR17SiEy/lo3mRnWoT6AzLVwYzVQg0W8dc9wPcJ2EiVzQu6ccs2gIJV
+RtdV9iX+oAkwK3/lPB68LvfMEw3Qcy3OY9DmjZNajlv8HCTirBuGNaUwR6pZGqiG
+JN2zjAizahwZgQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
+MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODAyMDYxMzM2NTRaFw0zODAyMDYxMzM2NTRaMIGlMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLUFLLWd3
+LWNrdWJ1MQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1iJXRCsnhrkw
+vrvWg11+tAy89uYWXSt5lDxBVwuqoTEacmhnhfOT9yEDQys1jSm8u4FET2UUzI9g
+SNYFigYnKoVjjKKxGtlK2Bt9qgu36WlfzlnqNiKvUO2aHnxNwRNvI7b4YI2/uk3V
+gZAAQdH4DiR0rFSDNmBKyvMQKP6ix1dy4+riACIP22n/bltEp9KmYkoU5XomS+DM
+Fqd5wvCt/A18n3x5Ijw1Z8EGz7YCzMqGrt2HA+zRL8r0d//DS3KfHrZH+5qrrrbl
+j8aHydvklLxDqqn+ZgbxKIRjOJ+DXG3MbGvk4gaUj/+fR5nfoBDxIxlA2wn+hXAX
+v6r/eVSPPs6kGqYLNJsw8qjtuG89PggyhkuNsCoOLY/JvtXMRzadcz3RIS5nnwQe
+EoLDtn+E9NbQlrj9XyKYbzCW2EMJANoNmHsCW/IZ0aKhd7C7lMNxaYGARAssNo+r
+gUXj1bUbJQBpHZOJj4AZV9um1YM4ef9v9hb0slYolHw6YS1ys3Ur38+/005gVFtR
+daFQLsUXvLavCALJRuWfFv6k6Vp/HyDlRiwL3kDCsy+ul+ll9DC42rMb6y7WxAnK
+7lN6I5mWLkL7aWY4Qj9Fa+OeavGweSSYOaEzGHhNulQ9pIsw9f3XEKGh1XhSojpK
+hHM40wuTmGMwb53GhX5jB3UPijMdbgECAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
+LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUBYLo1mtxM1jb3ogF+1KEvfNNZDowgdEGA1UdIwSByTCBxoAUEHXX
+KayMfThSNCInVWJK275Iub+hgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkT
+BlZQTiBBSzEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC0afdE84AN
+NDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
+Z3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAHe1NvTTAE32RzjFyUZz72suEVrk
+OChnbtlokfhencfOZ+241jMswpg5aQDA2jY+lmEQW5tK4N+2hglTFHM4gW4b362b
+rJFEe0fCMl3r/cqdmZbDNXSm9xR7pSoIWt/2vo4ucZQzQEqN6CXA0/rOx84yPDj+
+UFHqvoOAAUbdBZOWqZ4Q+Qni5Y4QmUsGWaoK3LApKSEdfNxiKZkNZ6joWkjJiE45
+pdYd5qeUR1plixNhl5dITH0VfeM+85IXS6y9Tm4kb6tbLPO7KPu9vF/7UD0+Z+zM
+hA8nDu4CjQtN3aSq6Hazi17lDbjpYEWid2LQ0Epvh0c8PHcdNzpf3343/+fun+qH
+xKcEM/7BzyHtVaqPMRqLIMVx4+jAN2k9Lj7oswzTZa526G85kStfwZ5EzuHZ+53s
+2cH6ado+SZDbV2agrcjPri3Bmve36Ed0jLcAA0KcNVOKGfUuY/UR08j/0NbG12ZZ
+IZACPxtIiRcd97cvPXJIxn60LqvBkiRX9rRWA0se//hkCEbUC/w9YekDzDtKU5vw
+JdHjdPVX1NZgXOWom9lUFmWTzeTWC81iAG/YNw271yZ5be8RysAhx+u8ql5AuHL3
+tRsHj1TUbdBINePBvWexL2XdddojjwC3h42N7AvnMNW7ukSxzCog9eGxXmhKkTt9
+En3pD1oBbG67z5tL
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI62QkbYGv0EYCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM5hsq05gmbkBIIJSJV6xZtsAe56
+teLN4Bl1fR+qUAfmKm3q94RgI1f9Rc4MpBf64b61IgkVWnQ4ec4CAPnhe2FeUExh
+HGRoeBWR88WaTgNBo6+VUhTCYPAelLvGjhG9TUjn4sigSU3/nQos9NTEMiZjv4+j
+zQxhAxcdjWHOtUkScKz9EDAmU5EAais87VSg4a0AORgHNp88SOdTf56EqzZ5nh06
+NQwiUN4zlrTs2X3mnL9Xx9OPqkha4Ij2efr7eKN9Oex/IpQndH/5AUpNcjfn1sQw
+pokSOQK85AulhRVD9BMD+PTVsOy7xIrQkusv80NsZyqdCAGZLaRzw1aQv5tTLsD+
+pukAzv8rdaFX+k3+Pa3IZbjDGibPTw6Jy+2RY1XEOn7KD/PaULhWnNqioWG93Prh
+ShsAYUeAJaAmiY61D5ORiHVw0D3lUwBjuENd8AQ+y6ofIpdMnsJGzyfomswxSpz9
+CjwXUgdd99A+eeS/IDzDVECeAM0X/ugJ/gILa3ntK/DVVjap5UfCch6wpYnCYoIc
+p3aRYc5TeMR1U1DDrWt9c/4hB22dn5On0mSyC0K/eYdFYqZq+jDCNkMbvGRqFfCl
+qUP+SO+h6miAjakBymIZ/X4i82PucHqC+HXvcYbY4LttKEsztl+WcK8qXWxhgljv
+8dJLEqD6l4FmcdP1CCIpnMnYmjJLVmOVxhusWnSsbj9se55nL+mjtOCdWCMlAMr1
+06sz34Ujq1lfsB7nn+z7O+1ZuMU3qcgPigHXQYJRwpD+eCCUsKbKAPvCHqZxjtOR
+k9eDTQvJMsHFA0TCQ1sMPFhuMAkH+ZhW5Fn1Qguc52aG5oT+ABjhvtN1qKQhhu88
+AwfAPME60+1rmUwu75OZ22lDBVCmqu1MHQEtI7QoJqIXP9fY8bZk9XjgrqzYeQqV
+ls5DVJ48uY9BoMHYNFCwnSVmMFHIVPySSjZNN7LoEICevbr1iL3la8BtGaEFPo6V
+0u+xZMDB8uRoX4sc/yBavu85FWUEKP3P/IZ0Q7qhVd27Y+gZqGqm4HZ6SWMNx3qv
+zNfnfx8ChYWhMbZOAuurEJ/ge0lN5pHJQYPaHJ7J5UIXHclAXPKUJXiSam6XiIyo
+NAlxHvHItk5xnvgqq0m5jRkyhU+LcPplee7AIFptpk1Snrxv7weofqrUrRP0XPMr
+YUxQHbqq+P1XDJQzS/fk/CE3hvwoIPTcnsazvaymaMCN4f+yAIkIur26FoN1Egz0
+ed9zMuE/Q+Uy2wctVDf7ckcAvUJVmQO8ZeM81JO8qak424so9K+VK/1c5+nmwPx+
+HbzSzGCLvT/AsAsgAWuSnqSpfNkK78YHsZ0166CZgsuUxbr2QncU88m4u+nxvPhV
+88MTibkCopYa0fLgrdmM0KbgY0wCGBmMIgrSd77kKuKZuqtKKPvPClK8XeI5I1Kg
+vaeZslPTCFJQAmABLcbtZi5GejUlh3zxPXWwr0xHWt9QMxqXIbKz9w98ZVxB6JgG
+dc2eXN6Y53GWS2rPMCj57JnJzSOY7cH3mUcEAn8sZj3tfnhvjyjrLoVW6DS9DxH6
++hrYeEH2SB4VFo9LAkQf8nXGmf6Drc2CuHBggdL6E7eiqJwpFxJyWZF9cAyUIKNY
+3QGe01nD7/FJ2OdQ3TewwJdO6VM9MCacCg5Tu3CCaBn/ROMDeJ6waxCAaWC0a3ye
+/qF72uUPBnGmepCL8UNty5EHGJEQdLsFUqcz6esBd5QsJQFd4a6Dj+6dygHA5pFS
+imsM3CvEucQLinv14T2MlSfEHGKG838XcNz45z55C6LRWmDo8YhGJpyWLTRanOPO
+YgzRW64jjoowmCOYN+dHMu2N8TuHJaGtNywwzJS/hAmGywn8nQjm2hBBgmzbP4Z9
+mv/j3sym/S43HLgoxFXdyy+A4mWhC6DYyqctC5stUb7LWhDDH1q3/vIpbGzNOlIU
+64RU7tnb73tfNAvP27wok1Y5QulkrcgmGhT1mEXC2Dmd6UNU53cPKC2L9mSYwpLY
+oI0S5LrNfvcJbv1T+Q+6tl4JOviv9c1pxHrGU5QiUC9iWHQAqABewDQcvZHCgkv3
+n1GU2n/Cw3FJN5VKZvsEsL3uLt0iPNsq+gXt1O1+72vnsU9WGb3cLpei+69NaWC2
+Y1eYROJUwvISYh5Fj3AbQHkeaoMBnlD65MtCC27e4wQ08f1WK9yqD9RuF0/AyoMq
+eKuacUkDdRsGtv/EPw+2Y4TVZU8NCx/bklwzfti9d5Gvl13dVKH2rNxNzfU2uwN9
+VMylBtSPKy0M7mIneZmpAFRDUzcVAV/+1u8khfWG0L6AX9jD3m/9/kKZIsVRuxLP
+RW8OcSkZ38Y8LachhEToEyr1s0iPWOa2Uo6/nPpBswk8yI5CGETSvsL0+imcnykU
+GJJGLNRg8QZRAXzB/CadLZ2YLSp+VbwY1RI9MUnOIQy4nDJYmqtrlFtFlbkgYign
+eI6NycS8iTSQkGJHJCxftPW5HU/rOFoVmDkdpZ8lMBJsjqsrWxuMhZdYhd12SYRz
+c8MUarMyTCNYOA/U3avP3wcMWlIBGXnDhCSJWuP4TgekL8YeXIZlpqfLNSbjjzjK
+Qjr1QWrFcheKFtcN+RwxjmEH9VIx/Gl+j39GKjuVE6qFv8ydf5pO6hNlpUhdPwbw
+AfnY26813nPRQszCSKXgT6ZzLExlOdGEtcsLdVgNhqTG/YLSOWOzLogqbbIGBXrP
+iDenjXgL+KWWVx68rLIkX6uXp7ECyJuIzHdA4rz4BJ2E8N07RWIB4UIJqDkb+SmB
+uBjHA/lnnF1NgTaF1YfGTBYJBh9A5De0lWs7f/4FBuQ6cudLHw1TWFzXNYrBUvIi
+JVi3wm1MZYiLz5uWvf4hqS6kuxtHlkxmZeOjawxyNAaESesM3LiuGNa4wlAdLqrb
+Re9jzz6n7OyL+7NEjpDgxS7kx2UjgZfrH3+FhGAGJaaqfeC1Gz21jXNc4S+zHxP2
+Qt3/qm027TN1TARpTxDK4eGRFgOLyDbb+8aeaywjcqUWRN5tWutFNavSn/Amgugh
+mSxJJvyf0WKnh6cbX5mGQFzKiaAqz22IgtcSovZt0K13KR6IExQZW1N2QbpchjWM
+NFwD7jxGsOPeukul9fpANrZk+qXZqjSX58bEbMax+th1WNpnEqG470FvcJv8z72e
+6YP6NW+YmJhshYOCv/q6Ng==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+9b6729c5c91b466a2bf7a494c2773f66
+6f580c49cf669c267b408d4e69b47554
+eb9a77dc00111f2ffb3be09c38a34c29
+441ed188e45a20a0bc31e28f0740ee28
+10a36049da14f04a4efdfbfc15e492c4
+e8c6cc0e07b5ad43f8a7f9685edf07cc
+3764e44b091a1277195ff52cad66574b
+b9396a38e10445255a387a4c510ad5c9
+9376d6cfe2aee6b4970faadbe8b4b581
+cd01a751bd07d53d984cdbd82c357820
+0251066db57e5863fc96e6ccc4ac9ebf
+b06231f21e93d1934a9ed0352ff0d3cc
+e1fc4269821572b858b3461c4eacacd0
+0eb309b692e49ea3cd9683ff4ae85161
+790f3ff5bc0d7dba51015e182d88a09c
+9389557003a462a4c57467320c9913a8
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/AK/openvpn/gw-ckubu/ipp.txt b/AK/openvpn/gw-ckubu/ipp.txt
new file mode 100644
index 0000000..fb96486
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/ipp.txt
@@ -0,0 +1 @@
+VPN-AK-gw-ckubu,10.1.0.2
diff --git a/AK/openvpn/gw-ckubu/keys-created.txt b/AK/openvpn/gw-ckubu/keys-created.txt
new file mode 100644
index 0000000..ec19779
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys-created.txt
@@ -0,0 +1,4 @@
+
+key...............: gw-ckubu.key
+common name.......: VPN-AK-gw-ckubu
+password..........: oot4yoociepaPuumahlieyie
diff --git a/AK/openvpn/gw-ckubu/keys/01.pem b/AK/openvpn/gw-ckubu/keys/01.pem
new file mode 100644
index 0000000..7533be3
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/01.pem
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  6 13:30:43 2018 GMT
+            Not After : Feb  6 13:30:43 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK-server/name=VPN AK/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d6:54:ff:ed:31:40:93:d3:2e:da:0a:e2:7a:f6:
+                    51:83:c6:15:03:62:aa:59:e9:71:20:a3:af:4d:94:
+                    30:3e:23:30:18:f2:02:91:03:7a:6c:fe:ea:d2:8f:
+                    22:c7:19:10:5c:d2:ea:93:7e:5e:88:7b:9b:db:23:
+                    8c:b2:85:d7:d1:b1:ac:8d:3c:59:30:ec:2a:63:b5:
+                    56:32:e7:7d:af:bd:0c:05:74:30:a2:7f:42:8c:2b:
+                    b3:cc:e2:f2:5f:73:52:d4:27:44:87:1e:fb:c9:a4:
+                    0e:0d:1c:f9:b0:b9:dd:49:62:af:c8:1c:9e:7b:70:
+                    7c:21:ea:f1:fc:45:45:c6:f0:c8:36:c1:b6:b8:c4:
+                    b4:e6:78:45:8e:cb:e9:1e:33:41:f2:20:30:5f:3a:
+                    ba:b5:37:67:a1:b7:85:90:1f:19:3f:8b:42:a2:40:
+                    02:ba:67:25:92:58:57:dd:cc:af:92:c5:f4:99:a1:
+                    7a:f9:1c:cb:4b:4d:66:0c:9f:45:b0:5d:85:df:3d:
+                    cc:a9:77:73:d9:a1:ee:bc:d8:ee:8c:cd:91:96:2c:
+                    70:fb:4f:f1:cb:3d:90:aa:73:d6:ab:4b:b0:a5:f1:
+                    41:a3:f1:ea:8a:f3:20:5f:c1:88:cf:68:66:c3:65:
+                    eb:ef:b9:ed:ec:2c:8c:96:b7:eb:70:e5:c3:7b:52:
+                    c5:89:40:39:53:a1:ca:fc:84:05:2f:63:d3:5d:67:
+                    8d:94:26:1f:a8:fd:ae:9b:4e:64:87:8f:38:76:fc:
+                    06:30:49:ff:23:19:d6:a3:06:9d:3f:2b:1e:4f:42:
+                    44:6b:66:1f:55:88:19:23:40:9b:01:32:96:22:87:
+                    fa:9c:8e:0a:41:6b:e1:cf:a3:68:db:80:e1:5d:86:
+                    72:e0:33:0b:cd:30:5e:aa:c7:8a:20:19:0a:6e:2c:
+                    c9:01:36:57:bc:2d:c7:95:aa:3f:9c:40:47:e1:34:
+                    03:90:d0:9f:11:4e:f3:d4:3c:a9:fe:63:81:db:f0:
+                    bd:27:4c:4a:6d:89:a4:95:1a:f1:ed:b8:b8:a2:71:
+                    52:91:ff:e0:8b:b6:9e:31:fc:b7:c4:0e:07:84:29:
+                    20:79:57:99:5b:7e:5f:be:eb:a2:bb:73:9d:ef:f2:
+                    1e:8b:24:c6:86:91:68:cd:71:bd:35:05:d5:9f:cf:
+                    e7:5f:b4:9a:2f:12:9c:b5:3f:8a:7f:c7:b0:cf:d7:
+                    70:ea:28:63:65:6d:7c:64:ad:06:4d:1d:17:30:ca:
+                    0f:54:76:21:90:16:a0:49:0a:87:ae:b3:ff:dd:e0:
+                    71:17:0d:71:ee:96:8a:2d:86:14:fb:99:5f:ec:9f:
+                    5f:25:79:cf:42:7a:13:0c:66:cc:7a:60:83:43:77:
+                    f4:b6:f1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                C6:1E:B3:D8:34:53:70:7C:82:D3:64:78:9C:4C:33:01:71:8A:67:66
+            X509v3 Authority Key Identifier: 
+                keyid:10:75:D7:29:AC:8C:7D:38:52:34:22:27:55:62:4A:DB:BE:48:B9:BF
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+                serial:B4:69:F7:44:F3:80:0D:34
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         91:4a:bc:3a:35:78:e5:e5:66:b6:36:5a:66:0d:da:e3:01:7c:
+         07:be:0e:0e:2e:61:1a:c0:74:90:83:f7:39:8b:2d:0a:06:92:
+         ca:75:d3:ac:a6:94:66:10:41:30:2c:dd:77:c3:12:e0:5c:97:
+         e6:5d:c3:ef:2f:63:65:d0:f7:c3:9f:72:6f:54:07:e8:80:af:
+         35:53:74:6f:4d:ea:33:0a:86:8c:1d:79:f1:22:76:97:f4:43:
+         34:01:0e:8c:79:8e:23:60:67:89:ad:eb:48:4a:d4:50:a7:09:
+         bf:00:ce:d6:d6:6c:e8:f1:06:b0:f9:1c:de:1d:d9:32:2c:8a:
+         02:dd:0f:31:a7:0f:f7:92:e5:f6:7d:37:7f:a8:5f:bc:87:93:
+         4d:58:1a:6b:e0:84:a0:7b:6d:f7:6e:84:e6:94:87:70:59:3a:
+         9d:07:c4:1a:21:96:8c:04:51:e4:f1:01:49:0d:3f:7d:d4:65:
+         5b:ae:dc:40:4b:63:71:0d:ef:bc:e3:f6:ab:11:2c:b8:2f:df:
+         5a:bd:70:21:03:d0:54:b0:3f:ce:70:d4:4e:f2:ec:1d:54:b6:
+         1a:53:ea:e7:2c:82:83:74:98:52:41:0e:4b:cd:03:02:9e:4f:
+         7c:85:45:13:6c:ec:a2:ba:18:ca:62:39:3c:45:f4:83:86:74:
+         77:0c:b4:fb:f7:50:f6:77:a2:91:db:5a:3c:d9:3b:75:2e:3c:
+         8a:68:dd:f3:fe:9a:4c:1a:d6:a6:46:d6:3f:9d:c2:f7:06:0f:
+         4a:5b:9a:de:27:39:a1:e9:19:8a:82:86:de:5f:86:82:f0:cc:
+         5c:47:64:fd:bf:8b:6a:f9:a2:ce:a8:75:12:1a:97:20:01:fa:
+         a3:22:7d:1f:5d:66:09:f0:51:97:ff:e0:b0:89:e4:2b:33:de:
+         c2:7e:86:24:34:28:6f:6a:5b:e7:f4:f8:4f:29:f5:06:9d:26:
+         a5:f4:e6:69:cb:dc:22:e6:3d:ae:65:da:41:f0:23:aa:58:93:
+         38:1e:14:fd:df:6e:af:9b:56:a4:d3:91:b7:33:a2:2d:5e:38:
+         6c:e3:16:de:91:f1:4e:f3:5a:37:1f:a7:6b:d4:97:7f:1e:a9:
+         34:a9:e3:db:38:7c:59:38:aa:c7:08:0b:89:46:42:c5:57:65:
+         a1:26:f2:57:0d:33:d1:25:24:da:b3:f6:2c:ac:b7:71:18:df:
+         20:06:90:89:78:f1:c4:7f:b6:48:78:f4:29:82:01:09:29:9c:
+         21:34:b3:e8:06:71:61:9c:da:34:38:4c:c3:ad:73:15:da:0a:
+         92:51:71:aa:67:87:44:3e:9b:b8:10:aa:06:d2:f6:a0:85:b0:
+         8b:64:1d:68:35:c6:44:00
+-----BEGIN CERTIFICATE-----
+MIIHPjCCBSagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
+MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODAyMDYxMzMwNDNaFw0zODAyMDYxMzMwNDNaMIGjMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEWMBQGA1UEAxMNVlBOLUFLLXNl
+cnZlcjEPMA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANZU/+0xQJPTLtoK
+4nr2UYPGFQNiqlnpcSCjr02UMD4jMBjyApEDemz+6tKPIscZEFzS6pN+Xoh7m9sj
+jLKF19GxrI08WTDsKmO1VjLnfa+9DAV0MKJ/Qowrs8zi8l9zUtQnRIce+8mkDg0c
++bC53Ulir8gcnntwfCHq8fxFRcbwyDbBtrjEtOZ4RY7L6R4zQfIgMF86urU3Z6G3
+hZAfGT+LQqJAArpnJZJYV93Mr5LF9Jmhevkcy0tNZgyfRbBdhd89zKl3c9mh7rzY
+7ozNkZYscPtP8cs9kKpz1qtLsKXxQaPx6orzIF/BiM9oZsNl6++57ewsjJa363Dl
+w3tSxYlAOVOhyvyEBS9j011njZQmH6j9rptOZIePOHb8BjBJ/yMZ1qMGnT8rHk9C
+RGtmH1WIGSNAmwEyliKH+pyOCkFr4c+jaNuA4V2GcuAzC80wXqrHiiAZCm4syQE2
+V7wtx5WqP5xAR+E0A5DQnxFO89Q8qf5jgdvwvSdMSm2JpJUa8e24uKJxUpH/4Iu2
+njH8t8QOB4QpIHlXmVt+X77rortzne/yHoskxoaRaM1xvTUF1Z/P51+0mi8SnLU/
+in/HsM/XcOooY2VtfGStBk0dFzDKD1R2IZAWoEkKh66z/93gcRcNce6Wii2GFPuZ
+X+yfXyV5z0J6EwxmzHpgg0N39LbxAgMBAAGjggGAMIIBfDAJBgNVHRMEAjAAMBEG
+CWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJh
+dGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUxh6z2DRTcHyC02R4nEwz
+AXGKZ2YwgdEGA1UdIwSByTCBxoAUEHXXKayMfThSNCInVWJK275Iub+hgaKkgZ8w
+gZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8w
+DQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQTiBBSzEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGWCCQC0afdE84ANNDATBgNVHSUEDDAKBggrBgEFBQcDATAL
+BgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IC
+AQCRSrw6NXjl5Wa2NlpmDdrjAXwHvg4OLmEawHSQg/c5iy0KBpLKddOsppRmEEEw
+LN13wxLgXJfmXcPvL2Nl0PfDn3JvVAfogK81U3RvTeozCoaMHXnxInaX9EM0AQ6M
+eY4jYGeJretIStRQpwm/AM7W1mzo8Qaw+RzeHdkyLIoC3Q8xpw/3kuX2fTd/qF+8
+h5NNWBpr4ISge233boTmlIdwWTqdB8QaIZaMBFHk8QFJDT991GVbrtxAS2NxDe+8
+4/arESy4L99avXAhA9BUsD/OcNRO8uwdVLYaU+rnLIKDdJhSQQ5LzQMCnk98hUUT
+bOyiuhjKYjk8RfSDhnR3DLT791D2d6KR21o82Tt1LjyKaN3z/ppMGtamRtY/ncL3
+Bg9KW5reJzmh6RmKgobeX4aC8MxcR2T9v4tq+aLOqHUSGpcgAfqjIn0fXWYJ8FGX
+/+CwieQrM97CfoYkNChvalvn9PhPKfUGnSal9OZpy9wi5j2uZdpB8COqWJM4HhT9
+326vm1ak05G3M6ItXjhs4xbekfFO81o3H6dr1Jd/Hqk0qePbOHxZOKrHCAuJRkLF
+V2WhJvJXDTPRJSTas/YsrLdxGN8gBpCJePHEf7ZIePQpggEJKZwhNLPoBnFhnNo0
+OEzDrXMV2gqSUXGqZ4dEPpu4EKoG0vaghbCLZB1oNcZEAA==
+-----END CERTIFICATE-----
diff --git a/AK/openvpn/gw-ckubu/keys/02.pem b/AK/openvpn/gw-ckubu/keys/02.pem
new file mode 100644
index 0000000..704ad15
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/02.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  6 13:36:54 2018 GMT
+            Not After : Feb  6 13:36:54 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK-gw-ckubu/name=VPN AK/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d6:22:57:44:2b:27:86:b9:30:be:bb:d6:83:5d:
+                    7e:b4:0c:bc:f6:e6:16:5d:2b:79:94:3c:41:57:0b:
+                    aa:a1:31:1a:72:68:67:85:f3:93:f7:21:03:43:2b:
+                    35:8d:29:bc:bb:81:44:4f:65:14:cc:8f:60:48:d6:
+                    05:8a:06:27:2a:85:63:8c:a2:b1:1a:d9:4a:d8:1b:
+                    7d:aa:0b:b7:e9:69:5f:ce:59:ea:36:22:af:50:ed:
+                    9a:1e:7c:4d:c1:13:6f:23:b6:f8:60:8d:bf:ba:4d:
+                    d5:81:90:00:41:d1:f8:0e:24:74:ac:54:83:36:60:
+                    4a:ca:f3:10:28:fe:a2:c7:57:72:e3:ea:e2:00:22:
+                    0f:db:69:ff:6e:5b:44:a7:d2:a6:62:4a:14:e5:7a:
+                    26:4b:e0:cc:16:a7:79:c2:f0:ad:fc:0d:7c:9f:7c:
+                    79:22:3c:35:67:c1:06:cf:b6:02:cc:ca:86:ae:dd:
+                    87:03:ec:d1:2f:ca:f4:77:ff:c3:4b:72:9f:1e:b6:
+                    47:fb:9a:ab:ae:b6:e5:8f:c6:87:c9:db:e4:94:bc:
+                    43:aa:a9:fe:66:06:f1:28:84:63:38:9f:83:5c:6d:
+                    cc:6c:6b:e4:e2:06:94:8f:ff:9f:47:99:df:a0:10:
+                    f1:23:19:40:db:09:fe:85:70:17:bf:aa:ff:79:54:
+                    8f:3e:ce:a4:1a:a6:0b:34:9b:30:f2:a8:ed:b8:6f:
+                    3d:3e:08:32:86:4b:8d:b0:2a:0e:2d:8f:c9:be:d5:
+                    cc:47:36:9d:73:3d:d1:21:2e:67:9f:04:1e:12:82:
+                    c3:b6:7f:84:f4:d6:d0:96:b8:fd:5f:22:98:6f:30:
+                    96:d8:43:09:00:da:0d:98:7b:02:5b:f2:19:d1:a2:
+                    a1:77:b0:bb:94:c3:71:69:81:80:44:0b:2c:36:8f:
+                    ab:81:45:e3:d5:b5:1b:25:00:69:1d:93:89:8f:80:
+                    19:57:db:a6:d5:83:38:79:ff:6f:f6:16:f4:b2:56:
+                    28:94:7c:3a:61:2d:72:b3:75:2b:df:cf:bf:d3:4e:
+                    60:54:5b:51:75:a1:50:2e:c5:17:bc:b6:af:08:02:
+                    c9:46:e5:9f:16:fe:a4:e9:5a:7f:1f:20:e5:46:2c:
+                    0b:de:40:c2:b3:2f:ae:97:e9:65:f4:30:b8:da:b3:
+                    1b:eb:2e:d6:c4:09:ca:ee:53:7a:23:99:96:2e:42:
+                    fb:69:66:38:42:3f:45:6b:e3:9e:6a:f1:b0:79:24:
+                    98:39:a1:33:18:78:4d:ba:54:3d:a4:8b:30:f5:fd:
+                    d7:10:a1:a1:d5:78:52:a2:3a:4a:84:73:38:d3:0b:
+                    93:98:63:30:6f:9d:c6:85:7e:63:07:75:0f:8a:33:
+                    1d:6e:01
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                05:82:E8:D6:6B:71:33:58:DB:DE:88:05:FB:52:84:BD:F3:4D:64:3A
+            X509v3 Authority Key Identifier: 
+                keyid:10:75:D7:29:AC:8C:7D:38:52:34:22:27:55:62:4A:DB:BE:48:B9:BF
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+                serial:B4:69:F7:44:F3:80:0D:34
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         77:b5:36:f4:d3:00:4d:f6:47:38:c5:c9:46:73:ef:6b:2e:11:
+         5a:e4:38:28:67:6e:d9:68:91:f8:5e:9d:c7:ce:67:ed:b8:d6:
+         33:2c:c2:98:39:69:00:c0:da:36:3e:96:61:10:5b:9b:4a:e0:
+         df:b6:86:09:53:14:73:38:81:6e:1b:df:ad:9b:ac:91:44:7b:
+         47:c2:32:5d:eb:fd:ca:9d:99:96:c3:35:74:a6:f7:14:7b:a5:
+         2a:08:5a:df:f6:be:8e:2e:71:94:33:40:4a:8d:e8:25:c0:d3:
+         fa:ce:c7:ce:32:3c:38:fe:50:51:ea:be:83:80:01:46:dd:05:
+         93:96:a9:9e:10:f9:09:e2:e5:8e:10:99:4b:06:59:aa:0a:dc:
+         b0:29:29:21:1d:7c:dc:62:29:99:0d:67:a8:e8:5a:48:c9:88:
+         4e:39:a5:d6:1d:e6:a7:94:47:5a:65:8b:13:61:97:97:48:4c:
+         7d:15:7d:e3:3e:f3:92:17:4b:ac:bd:4e:6e:24:6f:ab:5b:2c:
+         f3:bb:28:fb:bd:bc:5f:fb:50:3d:3e:67:ec:cc:84:0f:27:0e:
+         ee:02:8d:0b:4d:dd:a4:aa:e8:76:b3:8b:5e:e5:0d:b8:e9:60:
+         45:a2:77:62:d0:d0:4a:6f:87:47:3c:3c:77:1d:37:3a:5f:df:
+         7e:37:ff:e7:ee:9f:ea:87:c4:a7:04:33:fe:c1:cf:21:ed:55:
+         aa:8f:31:1a:8b:20:c5:71:e3:e8:c0:37:69:3d:2e:3e:e8:b3:
+         0c:d3:65:ae:76:e8:6f:39:91:2b:5f:c1:9e:44:ce:e1:d9:fb:
+         9d:ec:d9:c1:fa:69:da:3e:49:90:db:57:66:a0:ad:c8:cf:ae:
+         2d:c1:9a:f7:b7:e8:47:74:8c:b7:00:03:42:9c:35:53:8a:19:
+         f5:2e:63:f5:11:d3:c8:ff:d0:d6:c6:d7:66:59:21:90:02:3f:
+         1b:48:89:17:1d:f7:b7:2f:3d:72:48:c6:7e:b4:2e:ab:c1:92:
+         24:57:f6:b4:56:03:4b:1e:ff:f8:64:08:46:d4:0b:fc:3d:61:
+         e9:03:cc:3b:4a:53:9b:f0:25:d1:e3:74:f5:57:d4:d6:60:5c:
+         e5:a8:9b:d9:54:16:65:93:cd:e4:d6:0b:cd:62:00:6f:d8:37:
+         0d:bb:d7:26:79:6d:ef:11:ca:c0:21:c7:eb:bc:aa:5e:40:b8:
+         72:f7:b5:1b:07:8f:54:d4:6d:d0:48:35:e3:c1:bd:67:b1:2f:
+         65:dd:75:da:23:8f:00:b7:87:8d:8d:ec:0b:e7:30:d5:bb:ba:
+         44:b1:cc:2a:20:f5:e1:b1:5e:68:4a:91:3b:7d:12:7d:e9:0f:
+         5a:01:6c:6e:bb:cf:9b:4b
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
+MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODAyMDYxMzM2NTRaFw0zODAyMDYxMzM2NTRaMIGlMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLUFLLWd3
+LWNrdWJ1MQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1iJXRCsnhrkw
+vrvWg11+tAy89uYWXSt5lDxBVwuqoTEacmhnhfOT9yEDQys1jSm8u4FET2UUzI9g
+SNYFigYnKoVjjKKxGtlK2Bt9qgu36WlfzlnqNiKvUO2aHnxNwRNvI7b4YI2/uk3V
+gZAAQdH4DiR0rFSDNmBKyvMQKP6ix1dy4+riACIP22n/bltEp9KmYkoU5XomS+DM
+Fqd5wvCt/A18n3x5Ijw1Z8EGz7YCzMqGrt2HA+zRL8r0d//DS3KfHrZH+5qrrrbl
+j8aHydvklLxDqqn+ZgbxKIRjOJ+DXG3MbGvk4gaUj/+fR5nfoBDxIxlA2wn+hXAX
+v6r/eVSPPs6kGqYLNJsw8qjtuG89PggyhkuNsCoOLY/JvtXMRzadcz3RIS5nnwQe
+EoLDtn+E9NbQlrj9XyKYbzCW2EMJANoNmHsCW/IZ0aKhd7C7lMNxaYGARAssNo+r
+gUXj1bUbJQBpHZOJj4AZV9um1YM4ef9v9hb0slYolHw6YS1ys3Ur38+/005gVFtR
+daFQLsUXvLavCALJRuWfFv6k6Vp/HyDlRiwL3kDCsy+ul+ll9DC42rMb6y7WxAnK
+7lN6I5mWLkL7aWY4Qj9Fa+OeavGweSSYOaEzGHhNulQ9pIsw9f3XEKGh1XhSojpK
+hHM40wuTmGMwb53GhX5jB3UPijMdbgECAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
+LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUBYLo1mtxM1jb3ogF+1KEvfNNZDowgdEGA1UdIwSByTCBxoAUEHXX
+KayMfThSNCInVWJK275Iub+hgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkT
+BlZQTiBBSzEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC0afdE84AN
+NDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
+Z3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAHe1NvTTAE32RzjFyUZz72suEVrk
+OChnbtlokfhencfOZ+241jMswpg5aQDA2jY+lmEQW5tK4N+2hglTFHM4gW4b362b
+rJFEe0fCMl3r/cqdmZbDNXSm9xR7pSoIWt/2vo4ucZQzQEqN6CXA0/rOx84yPDj+
+UFHqvoOAAUbdBZOWqZ4Q+Qni5Y4QmUsGWaoK3LApKSEdfNxiKZkNZ6joWkjJiE45
+pdYd5qeUR1plixNhl5dITH0VfeM+85IXS6y9Tm4kb6tbLPO7KPu9vF/7UD0+Z+zM
+hA8nDu4CjQtN3aSq6Hazi17lDbjpYEWid2LQ0Epvh0c8PHcdNzpf3343/+fun+qH
+xKcEM/7BzyHtVaqPMRqLIMVx4+jAN2k9Lj7oswzTZa526G85kStfwZ5EzuHZ+53s
+2cH6ado+SZDbV2agrcjPri3Bmve36Ed0jLcAA0KcNVOKGfUuY/UR08j/0NbG12ZZ
+IZACPxtIiRcd97cvPXJIxn60LqvBkiRX9rRWA0se//hkCEbUC/w9YekDzDtKU5vw
+JdHjdPVX1NZgXOWom9lUFmWTzeTWC81iAG/YNw271yZ5be8RysAhx+u8ql5AuHL3
+tRsHj1TUbdBINePBvWexL2XdddojjwC3h42N7AvnMNW7ukSxzCog9eGxXmhKkTt9
+En3pD1oBbG67z5tL
+-----END CERTIFICATE-----
diff --git a/AK/openvpn/gw-ckubu/keys/ca.crt b/AK/openvpn/gw-ckubu/keys/ca.crt
new file mode 100644
index 0000000..57f8849
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/ca.crt
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIGxjCCBK6gAwIBAgIJALRp90TzgA00MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLUFLMQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMCAXDTE4MDIwNjEyNDAwN1oYDzIwNTAwMjA2MTI0MDA3WjCBnDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
+BlZQTi1BSzEPMA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOMNalpNk0cB
+wPdZemz4r4TIhtRSxZEEg9yhTRo9LdMa6oNo1gpg3/60n9nBtA0cDnllx7Z37PvC
+Pg4RJksrB2ZYOB3oSo8LoMzlA0lZl4AMKnxau1ZJI8OB9Ia+6uJxBnpwVULsL4sx
+ds9pHsnXU74UWgdZPAHsfWhogMtk8TsikLFv7P6oxg3fXeVriWP/SUETTWHgSD3x
+gPsnrcGqlCPcfb/mH5SU+v+ge+iue0BXe/1OZkJDHdj5vLZ4MiUCiVVslX36uqti
+sI3Jt2OyF9XQwu5wms3ioW3XydpPmbisRuI7qrTdnmT1iVhbk29eQK/yHrXvuuXQ
+i6PQAirBtMYD8tx5FbMJ6ueDcm0jTVedfHtdkWkBY84bBnecF7ys000fDzJs1YH2
+SP3cb0KbREG2RE5BE1OgUgg8odbJ7/K+Tp0VKEbJAZCwpaw+qAU9xfH3pDoSX+iD
+N+SXxnjSpamwGYmx+PGpwIe3RnlEx8XUcMbEBq5grq7aR7tYd5qh1NKTUKleGucD
+1izZeGLLkh81Gpx+KFXNm7lk3WDx3dqUXc3tJgpZsZJc3VI3UjO5WaYlrdTc6IQs
+3rD0rOGrETI/utLQI9PNFSis00h2LmcPVnEL0N/W71kHeOuytr1Tg1FyFGY7Wbth
+bei4c14kNkVUk1Ncfl07pMR+/i9yee3DAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
+EHXXKayMfThSNCInVWJK275Iub8wgdEGA1UdIwSByTCBxoAUEHXXKayMfThSNCIn
+VWJK275Iub+hgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQTiBBSzEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC0afdE84ANNDAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBIgCBt6v6t2HSqwkLKjgR1c2cDViPe
+WmX8E8maqaDIUopyvNzsZCXjqZ1RNnIHgFKZyZqXSzXRGHbUiohJ4WkkOy+QV64L
+/LUizsZkMJasjYQgcDcXu5sN9mIzGW6C5myjwtSYBWITPxLsedOQLIhYulLrCBa0
+A/gs/gfODm0opsCOuvQn33psUyLda/k9BE/9EHmOg37IRh/rQi3dyQaW2DGfCgZc
+GSIMsxobp4QbdUTJyyIoJW/ZK20Mam+IWNhptqCX/SXlx0pzakkdAulwMtUCPwyD
+8IJEy5ST+qBoctg1mSLts14ZYM63NRYKPfnSUN1JfQE5Sl624c8koVJcKjFnPdII
+cFwo9R+SQFDfTva/xRC8Ydwp1C8V+wnXtM9B1aigule5MXe8CQE4PZjG1Bh7992x
+GcKGBCWR/8JmfipvH4EJ9brS4ZsQ5snfJImBtmmVxSjXn1aE77UYNEp8GF2vW8CV
+7j+neVQtQdA16tXYH4bWy4MCpVCuoBj2ffTkN/5cp9xWHt9D1w73LxXHMEWoQojF
+cOeUda1VSwR17SiEy/lo3mRnWoT6AzLVwYzVQg0W8dc9wPcJ2EiVzQu6ccs2gIJV
+RtdV9iX+oAkwK3/lPB68LvfMEw3Qcy3OY9DmjZNajlv8HCTirBuGNaUwR6pZGqiG
+JN2zjAizahwZgQ==
+-----END CERTIFICATE-----
diff --git a/AK/openvpn/gw-ckubu/keys/ca.key b/AK/openvpn/gw-ckubu/keys/ca.key
new file mode 100644
index 0000000..a638f62
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDjDWpaTZNHAcD3
+WXps+K+EyIbUUsWRBIPcoU0aPS3TGuqDaNYKYN/+tJ/ZwbQNHA55Zce2d+z7wj4O
+ESZLKwdmWDgd6EqPC6DM5QNJWZeADCp8WrtWSSPDgfSGvuricQZ6cFVC7C+LMXbP
+aR7J11O+FFoHWTwB7H1oaIDLZPE7IpCxb+z+qMYN313la4lj/0lBE01h4Eg98YD7
+J63BqpQj3H2/5h+UlPr/oHvorntAV3v9TmZCQx3Y+by2eDIlAolVbJV9+rqrYrCN
+ybdjshfV0MLucJrN4qFt18naT5m4rEbiO6q03Z5k9YlYW5NvXkCv8h6177rl0Iuj
+0AIqwbTGA/LceRWzCerng3JtI01XnXx7XZFpAWPOGwZ3nBe8rNNNHw8ybNWB9kj9
+3G9Cm0RBtkROQRNToFIIPKHWye/yvk6dFShGyQGQsKWsPqgFPcXx96Q6El/ogzfk
+l8Z40qWpsBmJsfjxqcCHt0Z5RMfF1HDGxAauYK6u2ke7WHeaodTSk1CpXhrnA9Ys
+2Xhiy5IfNRqcfihVzZu5ZN1g8d3alF3N7SYKWbGSXN1SN1IzuVmmJa3U3OiELN6w
+9KzhqxEyP7rS0CPTzRUorNNIdi5nD1ZxC9Df1u9ZB3jrsra9U4NRchRmO1m7YW3o
+uHNeJDZFVJNTXH5dO6TEfv4vcnntwwIDAQABAoICAQCAYVWBOdvMinFRaoaOlw6n
+Rbr20tZi6OqmFY5DB9ShSNbQ9rYPqDb/DaJUvfHQd8y3V5VU1vpoX6w2x/ufBPVq
+KPeR8YY225xQPi1djArdnANpzOOgJjrSkOhySAEHiGDhWiLbdDBtw8op/IYsGlR/
+ZYKCJTKI4+8E2hH471p21VR6/45Bb6yMq3+r+OH2aKJC6WcXsHkojSUg3Y6hspGQ
+tVtk5fl1SceiQlvNdNq7xruUvn+Td9+oj4zkn5G623RLmNnuIZbq0SKDCUtoU4qm
+myOdLo5ZW4trUFgR2HBSuxZZVONw4N5ut2axTxZOIjzxPzWeKa7Dwucx+KtBAcX0
+IBykYOrlwTQfaOI+yNCB+u6RqC3prURtx73eEvVUOKMbhSc/lSFvex6vgQ5xW4iF
+5gdeiR+Fwu3NQqGBR1auXNjBLtTiKBaYZ0jCNliw4AEnu92Mb0tZbH5xFyC+NmKt
+qV75/fpolDN9Yx6d8onhWSWnAeTn+3oDupd/vQ5HbnYLP0rhfyIciAYfOW70Fv1E
+2H9FhDDnvmiZqGQKw/7s/ngdQTEs56y2lIbplzVSCjGKX4lrYYKV9yLM9qJ/UoAb
+j74ww1olFW40lA1rNTSA7zCL7+pwuK2iN5nHOMjHXkzyfxOM+vwLk52ZS27kBFfb
+FQ0KVo8NHZvl61yDr/HcAQKCAQEA9HBG7FJT4w16tC2ghfYVYPs/sWvpbDY8bSus
+rgQvuiktRsnc6GgGQtboJDaPfl9fhmd3DDg4RC2dppbAApS6hYMB8qNppElt40nx
+Tf39nZIOEKfUB6HMzzjomWBYXrxhai2U7o1wqR1Xs2w0+KjlxeWGzN9wNGdXAbDe
+rqXrcxPp/YmheLggiQXd1Xe95Ien1zFx91CEBeKBulRhNrtfFOPNZTlJ03gRImjV
+s/46TPqlJflr8FiUdbyx03++10fQkFRE3pvh/zI7ZfWUKa4+191Wm1Dv9yC3+QAu
+3A8zniWg7/eK1jJpjp5NbVGaF0QQwBi/moPwLpqX+9ISaLkdqwKCAQEA7cqfSzh+
+PTxCmxWogPAqSBt0HALjUadpzWMnOKoM2fbq86ocEFvEA9FK/9zT+8aWQldIR+Gi
+3AHRRUAedIKkMMmhRbzmAdcVHEXHU4SeclEEpC+hM0FdMkieHFdjf58yFTLlh8+a
+i7fYwcewgOcHKlm6m4w0ON2tQhKzZvV3fsxym19X2r/gRmbOzDHZee7cd4bNpy+A
+iphVLBk50SzBX9QB51PlDOadhE9cB1CYJ9B+AcdYtdx8XBoCfbK7cTFopmE+yhrl
++toDz3lX34PDKWzByW/LYEK6AFnLvjniwEd3Y5AsNOXWW5ck9UzElLZMlmmPFyLb
+Rx587piOI+loSQKCAQEA3JNQvMJR5orsVhjySNBWXGx8/lp1ieurPYxyx5kJhIDR
+1ZYlHSd5tuj9FGiTtiLULZHCEKnOxF8xavmQDQQvCHm+0Th7BQAqBDdeY9W1/XGl
+9YusvrJYAgrFglo5hEuT0F+PjHDf4AuVb1hOuLCYn6rOqKNcOj2ieukjGRCqVe77
+cIm4xxnIaj17/7yNA+MSJxL8V4M1j6XlEMJB80TDuTMTzqsSnpwzQgy+Ay1/aKWp
+T4oyx/D3DwOWqFcXXGb2orcYapTaLBIlHY2tBKuzE9Is6/zufd/tg+mRX4zsNGKa
+RtDnXQCi1kqtbd98IFCQmPf8Nq+mljd0vI3FhPC+/wKCAQEAkyBMIPlqOi8fst7a
+rDRspMK/u1kaFvpzXw3bRZcJbo703iBBTunIROho9BhI3L4JWDCy2y7DWkaRmbxL
+W6E9P6ZxbzmqQjc2q5CM/KLQekCgk4mYvqLRq/v8P+LeACeakD02gSo1H/93UKZi
+Ec9fwpdT+0vrP8gAnCH/+FMmRUDwJCwAqqsPc9/GUdcCDQx6QkYY1jlw2c/Y2vkc
+qcx8NPNy3hMtZCcIDMYhVbFLA09ft3AE9jjehQnewrEkgqukaVU/yUKNSwE7XFJi
+yTu4M9hDqoPOHNgMR41Hn4InRvqw5txcTbprP64rws5lzvFgP6w+SX1amQ1HFUU0
+pQmUaQKCAQBYUJ2kMy3bR7RjLl0oAnpXmcPWXk+SlVPj31sxapOAenz307I1oM9v
+LQCgIybzrD89N3h/O0bX72Y4FOJcPoh0uOGANLqX4WWY2wR+LOeP5NxOErf+/3WP
+YQE9e7iNwZk7Ry38yw46tG51Dljx8iQhmob43RZvjZvm6QZrXYQbNNsEIw/zq2fl
+Gs1tMMQf2Y01WRXtFYQ7TeAPc5T1jYcDz2eLt4WCL3Lb9lUWoC0mCy7FhKy7Dt+2
+WXe5GaTy/o49Cg2MwTkome3Cy4HyDFVBetAvjD7d8/b+XZkwKVo68Rmd8YtcEEXg
+Jp649vsetKoo2N2qc9eBZi5ZLagTDqqw
+-----END PRIVATE KEY-----
diff --git a/AK/openvpn/gw-ckubu/keys/crl.pem b/AK/openvpn/gw-ckubu/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/AK/openvpn/gw-ckubu/keys/dh4096.pem b/AK/openvpn/gw-ckubu/keys/dh4096.pem
new file mode 100644
index 0000000..2614247
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/dh4096.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAyDMZgIXRmjastcz0cYwyb1JhrpcrE0RCzHtlq+J4L53bBukEzfKD
+/BJVRJ4PdKpWQJMbz+D/5WVSU8Br82G8tyys9Ba0eZ+58dhxBLyNo6NGXQ7DluQ4
+TZZvtm/fUTyU2fZfzwGQLAN3NBgP9jIMdOYwa8BA4WvTXzAf1bcuhiy3wXAfxQAV
+WJMhp8yY3hSq9KnemqS/AuZgueoVhP6StOX/tujmhIsoC0qn1BoHIwt7UH+llUnL
+6J+Evbffp+buMDNzmaqL+jbbgSdwYBFKmFeuF8V4hjJ7FZ9p0tOsom8Sg2+sBwfK
+0c+ZaBoC29PYBvXuMlECKCOiqarmCjhXKnVu32QnOTOLb51LqpCdBkdZupYvN1fF
+Mm8SkdPRwXYzp6r9NhGgroi1mcs6p6GoT1CzgMrTn0aa28C5bzbfOgHKCHbpPjvc
+yQFfG1iynp3uBpGa5MUPIL5ydpNl+HKi/iOonXu1zynd4fiszvw7DF8AJirx1O0l
+YGIpYfXAoledPfMFQq6yTQea+rNhP19V/9ToVdwIdqj1CUN0LvGZbZiZWddfuJrK
+FxJGyF5ntt7TXkmUpQsVibgVJR7EVxzc/7byywjx265v/f0GdKgpYH03NkhhDJxd
+kfypAH8jTiKCTEkZpyMPT1RwVYyjp/Z1UjmohFRTvvdGVLXRLP6T9HMCAQI=
+-----END DH PARAMETERS-----
diff --git a/AK/openvpn/gw-ckubu/keys/gw-ckubu.crt b/AK/openvpn/gw-ckubu/keys/gw-ckubu.crt
new file mode 100644
index 0000000..704ad15
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/gw-ckubu.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  6 13:36:54 2018 GMT
+            Not After : Feb  6 13:36:54 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK-gw-ckubu/name=VPN AK/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d6:22:57:44:2b:27:86:b9:30:be:bb:d6:83:5d:
+                    7e:b4:0c:bc:f6:e6:16:5d:2b:79:94:3c:41:57:0b:
+                    aa:a1:31:1a:72:68:67:85:f3:93:f7:21:03:43:2b:
+                    35:8d:29:bc:bb:81:44:4f:65:14:cc:8f:60:48:d6:
+                    05:8a:06:27:2a:85:63:8c:a2:b1:1a:d9:4a:d8:1b:
+                    7d:aa:0b:b7:e9:69:5f:ce:59:ea:36:22:af:50:ed:
+                    9a:1e:7c:4d:c1:13:6f:23:b6:f8:60:8d:bf:ba:4d:
+                    d5:81:90:00:41:d1:f8:0e:24:74:ac:54:83:36:60:
+                    4a:ca:f3:10:28:fe:a2:c7:57:72:e3:ea:e2:00:22:
+                    0f:db:69:ff:6e:5b:44:a7:d2:a6:62:4a:14:e5:7a:
+                    26:4b:e0:cc:16:a7:79:c2:f0:ad:fc:0d:7c:9f:7c:
+                    79:22:3c:35:67:c1:06:cf:b6:02:cc:ca:86:ae:dd:
+                    87:03:ec:d1:2f:ca:f4:77:ff:c3:4b:72:9f:1e:b6:
+                    47:fb:9a:ab:ae:b6:e5:8f:c6:87:c9:db:e4:94:bc:
+                    43:aa:a9:fe:66:06:f1:28:84:63:38:9f:83:5c:6d:
+                    cc:6c:6b:e4:e2:06:94:8f:ff:9f:47:99:df:a0:10:
+                    f1:23:19:40:db:09:fe:85:70:17:bf:aa:ff:79:54:
+                    8f:3e:ce:a4:1a:a6:0b:34:9b:30:f2:a8:ed:b8:6f:
+                    3d:3e:08:32:86:4b:8d:b0:2a:0e:2d:8f:c9:be:d5:
+                    cc:47:36:9d:73:3d:d1:21:2e:67:9f:04:1e:12:82:
+                    c3:b6:7f:84:f4:d6:d0:96:b8:fd:5f:22:98:6f:30:
+                    96:d8:43:09:00:da:0d:98:7b:02:5b:f2:19:d1:a2:
+                    a1:77:b0:bb:94:c3:71:69:81:80:44:0b:2c:36:8f:
+                    ab:81:45:e3:d5:b5:1b:25:00:69:1d:93:89:8f:80:
+                    19:57:db:a6:d5:83:38:79:ff:6f:f6:16:f4:b2:56:
+                    28:94:7c:3a:61:2d:72:b3:75:2b:df:cf:bf:d3:4e:
+                    60:54:5b:51:75:a1:50:2e:c5:17:bc:b6:af:08:02:
+                    c9:46:e5:9f:16:fe:a4:e9:5a:7f:1f:20:e5:46:2c:
+                    0b:de:40:c2:b3:2f:ae:97:e9:65:f4:30:b8:da:b3:
+                    1b:eb:2e:d6:c4:09:ca:ee:53:7a:23:99:96:2e:42:
+                    fb:69:66:38:42:3f:45:6b:e3:9e:6a:f1:b0:79:24:
+                    98:39:a1:33:18:78:4d:ba:54:3d:a4:8b:30:f5:fd:
+                    d7:10:a1:a1:d5:78:52:a2:3a:4a:84:73:38:d3:0b:
+                    93:98:63:30:6f:9d:c6:85:7e:63:07:75:0f:8a:33:
+                    1d:6e:01
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                05:82:E8:D6:6B:71:33:58:DB:DE:88:05:FB:52:84:BD:F3:4D:64:3A
+            X509v3 Authority Key Identifier: 
+                keyid:10:75:D7:29:AC:8C:7D:38:52:34:22:27:55:62:4A:DB:BE:48:B9:BF
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+                serial:B4:69:F7:44:F3:80:0D:34
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         77:b5:36:f4:d3:00:4d:f6:47:38:c5:c9:46:73:ef:6b:2e:11:
+         5a:e4:38:28:67:6e:d9:68:91:f8:5e:9d:c7:ce:67:ed:b8:d6:
+         33:2c:c2:98:39:69:00:c0:da:36:3e:96:61:10:5b:9b:4a:e0:
+         df:b6:86:09:53:14:73:38:81:6e:1b:df:ad:9b:ac:91:44:7b:
+         47:c2:32:5d:eb:fd:ca:9d:99:96:c3:35:74:a6:f7:14:7b:a5:
+         2a:08:5a:df:f6:be:8e:2e:71:94:33:40:4a:8d:e8:25:c0:d3:
+         fa:ce:c7:ce:32:3c:38:fe:50:51:ea:be:83:80:01:46:dd:05:
+         93:96:a9:9e:10:f9:09:e2:e5:8e:10:99:4b:06:59:aa:0a:dc:
+         b0:29:29:21:1d:7c:dc:62:29:99:0d:67:a8:e8:5a:48:c9:88:
+         4e:39:a5:d6:1d:e6:a7:94:47:5a:65:8b:13:61:97:97:48:4c:
+         7d:15:7d:e3:3e:f3:92:17:4b:ac:bd:4e:6e:24:6f:ab:5b:2c:
+         f3:bb:28:fb:bd:bc:5f:fb:50:3d:3e:67:ec:cc:84:0f:27:0e:
+         ee:02:8d:0b:4d:dd:a4:aa:e8:76:b3:8b:5e:e5:0d:b8:e9:60:
+         45:a2:77:62:d0:d0:4a:6f:87:47:3c:3c:77:1d:37:3a:5f:df:
+         7e:37:ff:e7:ee:9f:ea:87:c4:a7:04:33:fe:c1:cf:21:ed:55:
+         aa:8f:31:1a:8b:20:c5:71:e3:e8:c0:37:69:3d:2e:3e:e8:b3:
+         0c:d3:65:ae:76:e8:6f:39:91:2b:5f:c1:9e:44:ce:e1:d9:fb:
+         9d:ec:d9:c1:fa:69:da:3e:49:90:db:57:66:a0:ad:c8:cf:ae:
+         2d:c1:9a:f7:b7:e8:47:74:8c:b7:00:03:42:9c:35:53:8a:19:
+         f5:2e:63:f5:11:d3:c8:ff:d0:d6:c6:d7:66:59:21:90:02:3f:
+         1b:48:89:17:1d:f7:b7:2f:3d:72:48:c6:7e:b4:2e:ab:c1:92:
+         24:57:f6:b4:56:03:4b:1e:ff:f8:64:08:46:d4:0b:fc:3d:61:
+         e9:03:cc:3b:4a:53:9b:f0:25:d1:e3:74:f5:57:d4:d6:60:5c:
+         e5:a8:9b:d9:54:16:65:93:cd:e4:d6:0b:cd:62:00:6f:d8:37:
+         0d:bb:d7:26:79:6d:ef:11:ca:c0:21:c7:eb:bc:aa:5e:40:b8:
+         72:f7:b5:1b:07:8f:54:d4:6d:d0:48:35:e3:c1:bd:67:b1:2f:
+         65:dd:75:da:23:8f:00:b7:87:8d:8d:ec:0b:e7:30:d5:bb:ba:
+         44:b1:cc:2a:20:f5:e1:b1:5e:68:4a:91:3b:7d:12:7d:e9:0f:
+         5a:01:6c:6e:bb:cf:9b:4b
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
+MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODAyMDYxMzM2NTRaFw0zODAyMDYxMzM2NTRaMIGlMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLUFLLWd3
+LWNrdWJ1MQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1iJXRCsnhrkw
+vrvWg11+tAy89uYWXSt5lDxBVwuqoTEacmhnhfOT9yEDQys1jSm8u4FET2UUzI9g
+SNYFigYnKoVjjKKxGtlK2Bt9qgu36WlfzlnqNiKvUO2aHnxNwRNvI7b4YI2/uk3V
+gZAAQdH4DiR0rFSDNmBKyvMQKP6ix1dy4+riACIP22n/bltEp9KmYkoU5XomS+DM
+Fqd5wvCt/A18n3x5Ijw1Z8EGz7YCzMqGrt2HA+zRL8r0d//DS3KfHrZH+5qrrrbl
+j8aHydvklLxDqqn+ZgbxKIRjOJ+DXG3MbGvk4gaUj/+fR5nfoBDxIxlA2wn+hXAX
+v6r/eVSPPs6kGqYLNJsw8qjtuG89PggyhkuNsCoOLY/JvtXMRzadcz3RIS5nnwQe
+EoLDtn+E9NbQlrj9XyKYbzCW2EMJANoNmHsCW/IZ0aKhd7C7lMNxaYGARAssNo+r
+gUXj1bUbJQBpHZOJj4AZV9um1YM4ef9v9hb0slYolHw6YS1ys3Ur38+/005gVFtR
+daFQLsUXvLavCALJRuWfFv6k6Vp/HyDlRiwL3kDCsy+ul+ll9DC42rMb6y7WxAnK
+7lN6I5mWLkL7aWY4Qj9Fa+OeavGweSSYOaEzGHhNulQ9pIsw9f3XEKGh1XhSojpK
+hHM40wuTmGMwb53GhX5jB3UPijMdbgECAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
+LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUBYLo1mtxM1jb3ogF+1KEvfNNZDowgdEGA1UdIwSByTCBxoAUEHXX
+KayMfThSNCInVWJK275Iub+hgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkT
+BlZQTiBBSzEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC0afdE84AN
+NDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
+Z3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAHe1NvTTAE32RzjFyUZz72suEVrk
+OChnbtlokfhencfOZ+241jMswpg5aQDA2jY+lmEQW5tK4N+2hglTFHM4gW4b362b
+rJFEe0fCMl3r/cqdmZbDNXSm9xR7pSoIWt/2vo4ucZQzQEqN6CXA0/rOx84yPDj+
+UFHqvoOAAUbdBZOWqZ4Q+Qni5Y4QmUsGWaoK3LApKSEdfNxiKZkNZ6joWkjJiE45
+pdYd5qeUR1plixNhl5dITH0VfeM+85IXS6y9Tm4kb6tbLPO7KPu9vF/7UD0+Z+zM
+hA8nDu4CjQtN3aSq6Hazi17lDbjpYEWid2LQ0Epvh0c8PHcdNzpf3343/+fun+qH
+xKcEM/7BzyHtVaqPMRqLIMVx4+jAN2k9Lj7oswzTZa526G85kStfwZ5EzuHZ+53s
+2cH6ado+SZDbV2agrcjPri3Bmve36Ed0jLcAA0KcNVOKGfUuY/UR08j/0NbG12ZZ
+IZACPxtIiRcd97cvPXJIxn60LqvBkiRX9rRWA0se//hkCEbUC/w9YekDzDtKU5vw
+JdHjdPVX1NZgXOWom9lUFmWTzeTWC81iAG/YNw271yZ5be8RysAhx+u8ql5AuHL3
+tRsHj1TUbdBINePBvWexL2XdddojjwC3h42N7AvnMNW7ukSxzCog9eGxXmhKkTt9
+En3pD1oBbG67z5tL
+-----END CERTIFICATE-----
diff --git a/AK/openvpn/gw-ckubu/keys/gw-ckubu.csr b/AK/openvpn/gw-ckubu/keys/gw-ckubu.csr
new file mode 100644
index 0000000..fde1f49
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/gw-ckubu.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6zCCAtMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRgwFgYDVQQDEw9WUE4tQUstZ3ctY2t1YnUxDzANBgNVBCkTBlZQ
+TiBBSzEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQDWIldEKyeGuTC+u9aDXX60DLz25hZdK3mUPEFX
+C6qhMRpyaGeF85P3IQNDKzWNKby7gURPZRTMj2BI1gWKBicqhWOMorEa2UrYG32q
+C7fpaV/OWeo2Iq9Q7ZoefE3BE28jtvhgjb+6TdWBkABB0fgOJHSsVIM2YErK8xAo
+/qLHV3Lj6uIAIg/baf9uW0Sn0qZiShTleiZL4MwWp3nC8K38DXyffHkiPDVnwQbP
+tgLMyoau3YcD7NEvyvR3/8NLcp8etkf7mquutuWPxofJ2+SUvEOqqf5mBvEohGM4
+n4Ncbcxsa+TiBpSP/59Hmd+gEPEjGUDbCf6FcBe/qv95VI8+zqQapgs0mzDyqO24
+bz0+CDKGS42wKg4tj8m+1cxHNp1zPdEhLmefBB4SgsO2f4T01tCWuP1fIphvMJbY
+QwkA2g2YewJb8hnRoqF3sLuUw3FpgYBECyw2j6uBRePVtRslAGkdk4mPgBlX26bV
+gzh5/2/2FvSyViiUfDphLXKzdSvfz7/TTmBUW1F1oVAuxRe8tq8IAslG5Z8W/qTp
+Wn8fIOVGLAveQMKzL66X6WX0MLjasxvrLtbECcruU3ojmZYuQvtpZjhCP0Vr455q
+8bB5JJg5oTMYeE26VD2kizD1/dcQoaHVeFKiOkqEczjTC5OYYzBvncaFfmMHdQ+K
+Mx1uAQIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBABfDR6XX9PyMssjRv+hUUEUZ
+ixinvBHgziFQ4ZyFqz+hNfAmvX0qUT6VwJasIY6ajCH05lKTY+lrBoNEFfqL0yyV
+azYHhhDqe0HDMW+F0uzs4gC4eIEk7TDzctPtgr3HdpVICeWCv1gGZHkO6dYLiYV2
+YrIbSN2axQzzpFxRLEPrdUtxKEuECwPV3+xxdSIZsXXvLJpJamW5/Jd1A5yFzvCm
+esAucNcblF76Rz15MXQ7lnSEPKu+OlabezsjjUoSV9n1UHBQrxYyuaOP6WBRjwd3
+bUED7fQsRbd9SzADfcUEXrSzkrDUyDSxLPCcSzuPC/juT/FfM/DtRN437/lpNwm6
+vPzOwyPqDvgNUL6St84y695Ivl/kVwMAq8Rmbldj1fmEfz9vzlbjjjeS+4tyNHfr
+8SpzUtG+SBAzzLPizAo8WiMJqh565YdVwgthmpg8u0ZrBVoDCgcP7dkJ5xDHI3M2
+MwddoncLd2qwF6fJ0wWs5sv9ydjRkF4oSjcI1xtobJnBnIlDweALdqvspwPmKPMe
+yfZrW8DbU/MRgfAK85e1ChUTL+mBB/nX2/1xQUb9ltZn7Q9divdAAUFE5ogRngX0
+fkN6SZ2vp7rm7CA3X5Z+ynbolZOFfRaj0h42PvE4ja6Zbcg0PNgx1R6BH9ggDjlR
+V40gst/0d+nEcC9u2Wx6
+-----END CERTIFICATE REQUEST-----
diff --git a/AK/openvpn/gw-ckubu/keys/gw-ckubu.key b/AK/openvpn/gw-ckubu/keys/gw-ckubu.key
new file mode 100644
index 0000000..8bd6171
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/gw-ckubu.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI62QkbYGv0EYCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM5hsq05gmbkBIIJSJV6xZtsAe56
+teLN4Bl1fR+qUAfmKm3q94RgI1f9Rc4MpBf64b61IgkVWnQ4ec4CAPnhe2FeUExh
+HGRoeBWR88WaTgNBo6+VUhTCYPAelLvGjhG9TUjn4sigSU3/nQos9NTEMiZjv4+j
+zQxhAxcdjWHOtUkScKz9EDAmU5EAais87VSg4a0AORgHNp88SOdTf56EqzZ5nh06
+NQwiUN4zlrTs2X3mnL9Xx9OPqkha4Ij2efr7eKN9Oex/IpQndH/5AUpNcjfn1sQw
+pokSOQK85AulhRVD9BMD+PTVsOy7xIrQkusv80NsZyqdCAGZLaRzw1aQv5tTLsD+
+pukAzv8rdaFX+k3+Pa3IZbjDGibPTw6Jy+2RY1XEOn7KD/PaULhWnNqioWG93Prh
+ShsAYUeAJaAmiY61D5ORiHVw0D3lUwBjuENd8AQ+y6ofIpdMnsJGzyfomswxSpz9
+CjwXUgdd99A+eeS/IDzDVECeAM0X/ugJ/gILa3ntK/DVVjap5UfCch6wpYnCYoIc
+p3aRYc5TeMR1U1DDrWt9c/4hB22dn5On0mSyC0K/eYdFYqZq+jDCNkMbvGRqFfCl
+qUP+SO+h6miAjakBymIZ/X4i82PucHqC+HXvcYbY4LttKEsztl+WcK8qXWxhgljv
+8dJLEqD6l4FmcdP1CCIpnMnYmjJLVmOVxhusWnSsbj9se55nL+mjtOCdWCMlAMr1
+06sz34Ujq1lfsB7nn+z7O+1ZuMU3qcgPigHXQYJRwpD+eCCUsKbKAPvCHqZxjtOR
+k9eDTQvJMsHFA0TCQ1sMPFhuMAkH+ZhW5Fn1Qguc52aG5oT+ABjhvtN1qKQhhu88
+AwfAPME60+1rmUwu75OZ22lDBVCmqu1MHQEtI7QoJqIXP9fY8bZk9XjgrqzYeQqV
+ls5DVJ48uY9BoMHYNFCwnSVmMFHIVPySSjZNN7LoEICevbr1iL3la8BtGaEFPo6V
+0u+xZMDB8uRoX4sc/yBavu85FWUEKP3P/IZ0Q7qhVd27Y+gZqGqm4HZ6SWMNx3qv
+zNfnfx8ChYWhMbZOAuurEJ/ge0lN5pHJQYPaHJ7J5UIXHclAXPKUJXiSam6XiIyo
+NAlxHvHItk5xnvgqq0m5jRkyhU+LcPplee7AIFptpk1Snrxv7weofqrUrRP0XPMr
+YUxQHbqq+P1XDJQzS/fk/CE3hvwoIPTcnsazvaymaMCN4f+yAIkIur26FoN1Egz0
+ed9zMuE/Q+Uy2wctVDf7ckcAvUJVmQO8ZeM81JO8qak424so9K+VK/1c5+nmwPx+
+HbzSzGCLvT/AsAsgAWuSnqSpfNkK78YHsZ0166CZgsuUxbr2QncU88m4u+nxvPhV
+88MTibkCopYa0fLgrdmM0KbgY0wCGBmMIgrSd77kKuKZuqtKKPvPClK8XeI5I1Kg
+vaeZslPTCFJQAmABLcbtZi5GejUlh3zxPXWwr0xHWt9QMxqXIbKz9w98ZVxB6JgG
+dc2eXN6Y53GWS2rPMCj57JnJzSOY7cH3mUcEAn8sZj3tfnhvjyjrLoVW6DS9DxH6
++hrYeEH2SB4VFo9LAkQf8nXGmf6Drc2CuHBggdL6E7eiqJwpFxJyWZF9cAyUIKNY
+3QGe01nD7/FJ2OdQ3TewwJdO6VM9MCacCg5Tu3CCaBn/ROMDeJ6waxCAaWC0a3ye
+/qF72uUPBnGmepCL8UNty5EHGJEQdLsFUqcz6esBd5QsJQFd4a6Dj+6dygHA5pFS
+imsM3CvEucQLinv14T2MlSfEHGKG838XcNz45z55C6LRWmDo8YhGJpyWLTRanOPO
+YgzRW64jjoowmCOYN+dHMu2N8TuHJaGtNywwzJS/hAmGywn8nQjm2hBBgmzbP4Z9
+mv/j3sym/S43HLgoxFXdyy+A4mWhC6DYyqctC5stUb7LWhDDH1q3/vIpbGzNOlIU
+64RU7tnb73tfNAvP27wok1Y5QulkrcgmGhT1mEXC2Dmd6UNU53cPKC2L9mSYwpLY
+oI0S5LrNfvcJbv1T+Q+6tl4JOviv9c1pxHrGU5QiUC9iWHQAqABewDQcvZHCgkv3
+n1GU2n/Cw3FJN5VKZvsEsL3uLt0iPNsq+gXt1O1+72vnsU9WGb3cLpei+69NaWC2
+Y1eYROJUwvISYh5Fj3AbQHkeaoMBnlD65MtCC27e4wQ08f1WK9yqD9RuF0/AyoMq
+eKuacUkDdRsGtv/EPw+2Y4TVZU8NCx/bklwzfti9d5Gvl13dVKH2rNxNzfU2uwN9
+VMylBtSPKy0M7mIneZmpAFRDUzcVAV/+1u8khfWG0L6AX9jD3m/9/kKZIsVRuxLP
+RW8OcSkZ38Y8LachhEToEyr1s0iPWOa2Uo6/nPpBswk8yI5CGETSvsL0+imcnykU
+GJJGLNRg8QZRAXzB/CadLZ2YLSp+VbwY1RI9MUnOIQy4nDJYmqtrlFtFlbkgYign
+eI6NycS8iTSQkGJHJCxftPW5HU/rOFoVmDkdpZ8lMBJsjqsrWxuMhZdYhd12SYRz
+c8MUarMyTCNYOA/U3avP3wcMWlIBGXnDhCSJWuP4TgekL8YeXIZlpqfLNSbjjzjK
+Qjr1QWrFcheKFtcN+RwxjmEH9VIx/Gl+j39GKjuVE6qFv8ydf5pO6hNlpUhdPwbw
+AfnY26813nPRQszCSKXgT6ZzLExlOdGEtcsLdVgNhqTG/YLSOWOzLogqbbIGBXrP
+iDenjXgL+KWWVx68rLIkX6uXp7ECyJuIzHdA4rz4BJ2E8N07RWIB4UIJqDkb+SmB
+uBjHA/lnnF1NgTaF1YfGTBYJBh9A5De0lWs7f/4FBuQ6cudLHw1TWFzXNYrBUvIi
+JVi3wm1MZYiLz5uWvf4hqS6kuxtHlkxmZeOjawxyNAaESesM3LiuGNa4wlAdLqrb
+Re9jzz6n7OyL+7NEjpDgxS7kx2UjgZfrH3+FhGAGJaaqfeC1Gz21jXNc4S+zHxP2
+Qt3/qm027TN1TARpTxDK4eGRFgOLyDbb+8aeaywjcqUWRN5tWutFNavSn/Amgugh
+mSxJJvyf0WKnh6cbX5mGQFzKiaAqz22IgtcSovZt0K13KR6IExQZW1N2QbpchjWM
+NFwD7jxGsOPeukul9fpANrZk+qXZqjSX58bEbMax+th1WNpnEqG470FvcJv8z72e
+6YP6NW+YmJhshYOCv/q6Ng==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/AK/openvpn/gw-ckubu/keys/index.txt b/AK/openvpn/gw-ckubu/keys/index.txt
new file mode 100644
index 0000000..745e42a
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/index.txt
@@ -0,0 +1,2 @@
+V	380206133043Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK-server/name=VPN AK/emailAddress=argus@oopen.de
+V	380206133654Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK-gw-ckubu/name=VPN AK/emailAddress=argus@oopen.de
diff --git a/AK/openvpn/gw-ckubu/keys/index.txt.attr b/AK/openvpn/gw-ckubu/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/AK/openvpn/gw-ckubu/keys/index.txt.attr.old b/AK/openvpn/gw-ckubu/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/AK/openvpn/gw-ckubu/keys/index.txt.old b/AK/openvpn/gw-ckubu/keys/index.txt.old
new file mode 100644
index 0000000..7628189
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/index.txt.old
@@ -0,0 +1 @@
+V	380206133043Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK-server/name=VPN AK/emailAddress=argus@oopen.de
diff --git a/AK/openvpn/gw-ckubu/keys/serial b/AK/openvpn/gw-ckubu/keys/serial
new file mode 100644
index 0000000..75016ea
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/serial
@@ -0,0 +1 @@
+03
diff --git a/AK/openvpn/gw-ckubu/keys/serial.old b/AK/openvpn/gw-ckubu/keys/serial.old
new file mode 100644
index 0000000..9e22bcb
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/serial.old
@@ -0,0 +1 @@
+02
diff --git a/AK/openvpn/gw-ckubu/keys/server.crt b/AK/openvpn/gw-ckubu/keys/server.crt
new file mode 100644
index 0000000..7533be3
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/server.crt
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  6 13:30:43 2018 GMT
+            Not After : Feb  6 13:30:43 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AK-server/name=VPN AK/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d6:54:ff:ed:31:40:93:d3:2e:da:0a:e2:7a:f6:
+                    51:83:c6:15:03:62:aa:59:e9:71:20:a3:af:4d:94:
+                    30:3e:23:30:18:f2:02:91:03:7a:6c:fe:ea:d2:8f:
+                    22:c7:19:10:5c:d2:ea:93:7e:5e:88:7b:9b:db:23:
+                    8c:b2:85:d7:d1:b1:ac:8d:3c:59:30:ec:2a:63:b5:
+                    56:32:e7:7d:af:bd:0c:05:74:30:a2:7f:42:8c:2b:
+                    b3:cc:e2:f2:5f:73:52:d4:27:44:87:1e:fb:c9:a4:
+                    0e:0d:1c:f9:b0:b9:dd:49:62:af:c8:1c:9e:7b:70:
+                    7c:21:ea:f1:fc:45:45:c6:f0:c8:36:c1:b6:b8:c4:
+                    b4:e6:78:45:8e:cb:e9:1e:33:41:f2:20:30:5f:3a:
+                    ba:b5:37:67:a1:b7:85:90:1f:19:3f:8b:42:a2:40:
+                    02:ba:67:25:92:58:57:dd:cc:af:92:c5:f4:99:a1:
+                    7a:f9:1c:cb:4b:4d:66:0c:9f:45:b0:5d:85:df:3d:
+                    cc:a9:77:73:d9:a1:ee:bc:d8:ee:8c:cd:91:96:2c:
+                    70:fb:4f:f1:cb:3d:90:aa:73:d6:ab:4b:b0:a5:f1:
+                    41:a3:f1:ea:8a:f3:20:5f:c1:88:cf:68:66:c3:65:
+                    eb:ef:b9:ed:ec:2c:8c:96:b7:eb:70:e5:c3:7b:52:
+                    c5:89:40:39:53:a1:ca:fc:84:05:2f:63:d3:5d:67:
+                    8d:94:26:1f:a8:fd:ae:9b:4e:64:87:8f:38:76:fc:
+                    06:30:49:ff:23:19:d6:a3:06:9d:3f:2b:1e:4f:42:
+                    44:6b:66:1f:55:88:19:23:40:9b:01:32:96:22:87:
+                    fa:9c:8e:0a:41:6b:e1:cf:a3:68:db:80:e1:5d:86:
+                    72:e0:33:0b:cd:30:5e:aa:c7:8a:20:19:0a:6e:2c:
+                    c9:01:36:57:bc:2d:c7:95:aa:3f:9c:40:47:e1:34:
+                    03:90:d0:9f:11:4e:f3:d4:3c:a9:fe:63:81:db:f0:
+                    bd:27:4c:4a:6d:89:a4:95:1a:f1:ed:b8:b8:a2:71:
+                    52:91:ff:e0:8b:b6:9e:31:fc:b7:c4:0e:07:84:29:
+                    20:79:57:99:5b:7e:5f:be:eb:a2:bb:73:9d:ef:f2:
+                    1e:8b:24:c6:86:91:68:cd:71:bd:35:05:d5:9f:cf:
+                    e7:5f:b4:9a:2f:12:9c:b5:3f:8a:7f:c7:b0:cf:d7:
+                    70:ea:28:63:65:6d:7c:64:ad:06:4d:1d:17:30:ca:
+                    0f:54:76:21:90:16:a0:49:0a:87:ae:b3:ff:dd:e0:
+                    71:17:0d:71:ee:96:8a:2d:86:14:fb:99:5f:ec:9f:
+                    5f:25:79:cf:42:7a:13:0c:66:cc:7a:60:83:43:77:
+                    f4:b6:f1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                C6:1E:B3:D8:34:53:70:7C:82:D3:64:78:9C:4C:33:01:71:8A:67:66
+            X509v3 Authority Key Identifier: 
+                keyid:10:75:D7:29:AC:8C:7D:38:52:34:22:27:55:62:4A:DB:BE:48:B9:BF
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AK/name=VPN AK/emailAddress=argus@oopen.de
+                serial:B4:69:F7:44:F3:80:0D:34
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         91:4a:bc:3a:35:78:e5:e5:66:b6:36:5a:66:0d:da:e3:01:7c:
+         07:be:0e:0e:2e:61:1a:c0:74:90:83:f7:39:8b:2d:0a:06:92:
+         ca:75:d3:ac:a6:94:66:10:41:30:2c:dd:77:c3:12:e0:5c:97:
+         e6:5d:c3:ef:2f:63:65:d0:f7:c3:9f:72:6f:54:07:e8:80:af:
+         35:53:74:6f:4d:ea:33:0a:86:8c:1d:79:f1:22:76:97:f4:43:
+         34:01:0e:8c:79:8e:23:60:67:89:ad:eb:48:4a:d4:50:a7:09:
+         bf:00:ce:d6:d6:6c:e8:f1:06:b0:f9:1c:de:1d:d9:32:2c:8a:
+         02:dd:0f:31:a7:0f:f7:92:e5:f6:7d:37:7f:a8:5f:bc:87:93:
+         4d:58:1a:6b:e0:84:a0:7b:6d:f7:6e:84:e6:94:87:70:59:3a:
+         9d:07:c4:1a:21:96:8c:04:51:e4:f1:01:49:0d:3f:7d:d4:65:
+         5b:ae:dc:40:4b:63:71:0d:ef:bc:e3:f6:ab:11:2c:b8:2f:df:
+         5a:bd:70:21:03:d0:54:b0:3f:ce:70:d4:4e:f2:ec:1d:54:b6:
+         1a:53:ea:e7:2c:82:83:74:98:52:41:0e:4b:cd:03:02:9e:4f:
+         7c:85:45:13:6c:ec:a2:ba:18:ca:62:39:3c:45:f4:83:86:74:
+         77:0c:b4:fb:f7:50:f6:77:a2:91:db:5a:3c:d9:3b:75:2e:3c:
+         8a:68:dd:f3:fe:9a:4c:1a:d6:a6:46:d6:3f:9d:c2:f7:06:0f:
+         4a:5b:9a:de:27:39:a1:e9:19:8a:82:86:de:5f:86:82:f0:cc:
+         5c:47:64:fd:bf:8b:6a:f9:a2:ce:a8:75:12:1a:97:20:01:fa:
+         a3:22:7d:1f:5d:66:09:f0:51:97:ff:e0:b0:89:e4:2b:33:de:
+         c2:7e:86:24:34:28:6f:6a:5b:e7:f4:f8:4f:29:f5:06:9d:26:
+         a5:f4:e6:69:cb:dc:22:e6:3d:ae:65:da:41:f0:23:aa:58:93:
+         38:1e:14:fd:df:6e:af:9b:56:a4:d3:91:b7:33:a2:2d:5e:38:
+         6c:e3:16:de:91:f1:4e:f3:5a:37:1f:a7:6b:d4:97:7f:1e:a9:
+         34:a9:e3:db:38:7c:59:38:aa:c7:08:0b:89:46:42:c5:57:65:
+         a1:26:f2:57:0d:33:d1:25:24:da:b3:f6:2c:ac:b7:71:18:df:
+         20:06:90:89:78:f1:c4:7f:b6:48:78:f4:29:82:01:09:29:9c:
+         21:34:b3:e8:06:71:61:9c:da:34:38:4c:c3:ad:73:15:da:0a:
+         92:51:71:aa:67:87:44:3e:9b:b8:10:aa:06:d2:f6:a0:85:b0:
+         8b:64:1d:68:35:c6:44:00
+-----BEGIN CERTIFICATE-----
+MIIHPjCCBSagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
+MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODAyMDYxMzMwNDNaFw0zODAyMDYxMzMwNDNaMIGjMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEWMBQGA1UEAxMNVlBOLUFLLXNl
+cnZlcjEPMA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANZU/+0xQJPTLtoK
+4nr2UYPGFQNiqlnpcSCjr02UMD4jMBjyApEDemz+6tKPIscZEFzS6pN+Xoh7m9sj
+jLKF19GxrI08WTDsKmO1VjLnfa+9DAV0MKJ/Qowrs8zi8l9zUtQnRIce+8mkDg0c
++bC53Ulir8gcnntwfCHq8fxFRcbwyDbBtrjEtOZ4RY7L6R4zQfIgMF86urU3Z6G3
+hZAfGT+LQqJAArpnJZJYV93Mr5LF9Jmhevkcy0tNZgyfRbBdhd89zKl3c9mh7rzY
+7ozNkZYscPtP8cs9kKpz1qtLsKXxQaPx6orzIF/BiM9oZsNl6++57ewsjJa363Dl
+w3tSxYlAOVOhyvyEBS9j011njZQmH6j9rptOZIePOHb8BjBJ/yMZ1qMGnT8rHk9C
+RGtmH1WIGSNAmwEyliKH+pyOCkFr4c+jaNuA4V2GcuAzC80wXqrHiiAZCm4syQE2
+V7wtx5WqP5xAR+E0A5DQnxFO89Q8qf5jgdvwvSdMSm2JpJUa8e24uKJxUpH/4Iu2
+njH8t8QOB4QpIHlXmVt+X77rortzne/yHoskxoaRaM1xvTUF1Z/P51+0mi8SnLU/
+in/HsM/XcOooY2VtfGStBk0dFzDKD1R2IZAWoEkKh66z/93gcRcNce6Wii2GFPuZ
+X+yfXyV5z0J6EwxmzHpgg0N39LbxAgMBAAGjggGAMIIBfDAJBgNVHRMEAjAAMBEG
+CWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJh
+dGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUxh6z2DRTcHyC02R4nEwz
+AXGKZ2YwgdEGA1UdIwSByTCBxoAUEHXXKayMfThSNCInVWJK275Iub+hgaKkgZ8w
+gZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8w
+DQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQTiBBSzEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGWCCQC0afdE84ANNDATBgNVHSUEDDAKBggrBgEFBQcDATAL
+BgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IC
+AQCRSrw6NXjl5Wa2NlpmDdrjAXwHvg4OLmEawHSQg/c5iy0KBpLKddOsppRmEEEw
+LN13wxLgXJfmXcPvL2Nl0PfDn3JvVAfogK81U3RvTeozCoaMHXnxInaX9EM0AQ6M
+eY4jYGeJretIStRQpwm/AM7W1mzo8Qaw+RzeHdkyLIoC3Q8xpw/3kuX2fTd/qF+8
+h5NNWBpr4ISge233boTmlIdwWTqdB8QaIZaMBFHk8QFJDT991GVbrtxAS2NxDe+8
+4/arESy4L99avXAhA9BUsD/OcNRO8uwdVLYaU+rnLIKDdJhSQQ5LzQMCnk98hUUT
+bOyiuhjKYjk8RfSDhnR3DLT791D2d6KR21o82Tt1LjyKaN3z/ppMGtamRtY/ncL3
+Bg9KW5reJzmh6RmKgobeX4aC8MxcR2T9v4tq+aLOqHUSGpcgAfqjIn0fXWYJ8FGX
+/+CwieQrM97CfoYkNChvalvn9PhPKfUGnSal9OZpy9wi5j2uZdpB8COqWJM4HhT9
+326vm1ak05G3M6ItXjhs4xbekfFO81o3H6dr1Jd/Hqk0qePbOHxZOKrHCAuJRkLF
+V2WhJvJXDTPRJSTas/YsrLdxGN8gBpCJePHEf7ZIePQpggEJKZwhNLPoBnFhnNo0
+OEzDrXMV2gqSUXGqZ4dEPpu4EKoG0vaghbCLZB1oNcZEAA==
+-----END CERTIFICATE-----
diff --git a/AK/openvpn/gw-ckubu/keys/server.csr b/AK/openvpn/gw-ckubu/keys/server.csr
new file mode 100644
index 0000000..3583af1
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/server.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6TCCAtECAQAwgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tQUstc2VydmVyMQ8wDQYDVQQpEwZWUE4g
+QUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEA1lT/7TFAk9Mu2grievZRg8YVA2KqWelxIKOvTZQw
+PiMwGPICkQN6bP7q0o8ixxkQXNLqk35eiHub2yOMsoXX0bGsjTxZMOwqY7VWMud9
+r70MBXQwon9CjCuzzOLyX3NS1CdEhx77yaQODRz5sLndSWKvyByee3B8Ierx/EVF
+xvDINsG2uMS05nhFjsvpHjNB8iAwXzq6tTdnobeFkB8ZP4tCokACumclklhX3cyv
+ksX0maF6+RzLS01mDJ9FsF2F3z3MqXdz2aHuvNjujM2Rlixw+0/xyz2QqnPWq0uw
+pfFBo/HqivMgX8GIz2hmw2Xr77nt7CyMlrfrcOXDe1LFiUA5U6HK/IQFL2PTXWeN
+lCYfqP2um05kh484dvwGMEn/IxnWowadPyseT0JEa2YfVYgZI0CbATKWIof6nI4K
+QWvhz6No24DhXYZy4DMLzTBeqseKIBkKbizJATZXvC3Hlao/nEBH4TQDkNCfEU7z
+1Dyp/mOB2/C9J0xKbYmklRrx7bi4onFSkf/gi7aeMfy3xA4HhCkgeVeZW35fvuui
+u3Od7/IeiyTGhpFozXG9NQXVn8/nX7SaLxKctT+Kf8ewz9dw6ihjZW18ZK0GTR0X
+MMoPVHYhkBagSQqHrrP/3eBxFw1x7paKLYYU+5lf7J9fJXnPQnoTDGbMemCDQ3f0
+tvECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQAgB9FbRhYOdXMtQn8TfT3rN1Ya
+VghURxqmzxc1HQIvICXiOyP4XQVkefMWrEkFDP1a/jj6/6xkA7riIC2xMLNGrnPE
+j5OCQJAQKk07eaOUkI4ouNveNKyxpMdHJHloydlo/mwtJMOYc57PSCSggDkUgvr+
+NtNx0So8FDxsCl9CsU6cXMO6hehtPUZxvfHdHVAilvcz0JE4bLtX/xAlZrr1mpMZ
+zNRXFqwteyRaomPDLUkXe1I9zrUzEFHRko80YuuWZ61MbthKaS1rCNLuK6Fin44p
+Q98TPewicXfbGucCSqyXsAVwdWpu2/nmLEvO62LZe8nMVKw88tDn7crMg9dfWNtP
+tTvEaRJXlMIce7pUBERP7WEiTSR6X5Zc0RmvqbXUbvG5Agbzc+zrIk8GLmCw6xHn
+hynJLukDZae3UZxPUFuweJgPhCK/ohgpL+IORVoMpISfzHRWGU9C4/UTKo0OKAz3
+DLXBXyzHNDF463Vtt7niDTkNUPgjauNIWxxI59Y+CKnF/Q3CjxX+h46QJq5PFPF+
+sBx6MR7wDHQHoZPBFdL9F+f5AJIOkTYq0cvb3GAzN6+DgMPwQXpEk1UlV9w/Ki3c
+wQBtBKzXFB5X2IncMIGSfc670r2oASpZDo//2fvEG7vNtbPWeE1Uy4WgAaQtannk
+Drqr1RqgYNStmF1sUg==
+-----END CERTIFICATE REQUEST-----
diff --git a/AK/openvpn/gw-ckubu/keys/server.key b/AK/openvpn/gw-ckubu/keys/server.key
new file mode 100644
index 0000000..13991ab
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/server.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDWVP/tMUCT0y7a
+CuJ69lGDxhUDYqpZ6XEgo69NlDA+IzAY8gKRA3ps/urSjyLHGRBc0uqTfl6Ie5vb
+I4yyhdfRsayNPFkw7CpjtVYy532vvQwFdDCif0KMK7PM4vJfc1LUJ0SHHvvJpA4N
+HPmwud1JYq/IHJ57cHwh6vH8RUXG8Mg2wba4xLTmeEWOy+keM0HyIDBfOrq1N2eh
+t4WQHxk/i0KiQAK6ZyWSWFfdzK+SxfSZoXr5HMtLTWYMn0WwXYXfPcypd3PZoe68
+2O6MzZGWLHD7T/HLPZCqc9arS7Cl8UGj8eqK8yBfwYjPaGbDZevvue3sLIyWt+tw
+5cN7UsWJQDlTocr8hAUvY9NdZ42UJh+o/a6bTmSHjzh2/AYwSf8jGdajBp0/Kx5P
+QkRrZh9ViBkjQJsBMpYih/qcjgpBa+HPo2jbgOFdhnLgMwvNMF6qx4ogGQpuLMkB
+Nle8LceVqj+cQEfhNAOQ0J8RTvPUPKn+Y4Hb8L0nTEptiaSVGvHtuLiicVKR/+CL
+tp4x/LfEDgeEKSB5V5lbfl++66K7c53v8h6LJMaGkWjNcb01BdWfz+dftJovEpy1
+P4p/x7DP13DqKGNlbXxkrQZNHRcwyg9UdiGQFqBJCoeus//d4HEXDXHuloothhT7
+mV/sn18lec9CehMMZsx6YINDd/S28QIDAQABAoICAQC1UT8Y17u70sIl72Ndhpe7
+FI2eSY+3dIchh5e714tgZcBAuit1pi2hm53n9vMC368596w+jn9Gktts7YwPUq8b
+VGWXLeB+RKwvoa6EbdWkIBfVXU/viB0yG56Fy9Ai85q0o2uTq6ByGvlQGp0Y5oPP
+m079yUhBQQ2iW/HO6oN3IycdO49qi+5FsqWVged6hv5Y6OZDCZn9yBtBcdHp9IUV
+fqgmPmSQcMYWIepjVs+JKTId7b/sknFhCN81+l+oLdYc31kOXGGDUTx4QkS8lQN+
+uaXy1NTGjRSfPlPyoZuVJp3TJcq3NarDlyQ34ihdURHhwbcHP0DIGFtzLMzMvV8h
+ir4O3lY/bhXUrPMpg5D2pPaD2L/uyqluzfePK0r8Y2a0bv+cGPHu83MZCgoHvyF9
+Bd+r1rz3vWYDrAqJi2xjADsUDtwFvtBaBuTu1Q/dvwY7DF+cDKpThSC0+4P8bAqf
+rC95Z8NSIAQra+BKElQCHK1fB0yCf/rVPDt1wcrbDzxnDjG8ZRiKpuOtYz86oOuB
+jLSe9SP2cEx9Oc9mTFaojjfkwGqkmKH45fuHPwpQy1cdAFWzhaLTkFpQjBWpBDQL
+njrhrg8iaKoai6dfn5fK7UMDFPM3F8SiqJ+SfSsSeqfeMKgwlduzsIgqWafopLm+
+RYQYkH8EUkaHS+uUw6rX4QKCAQEA8vkqaLzCaqSdbs4Sxsy28lwShuaZDZwM8659
+zWGRLGVeWtQMJfMNXgE3+yo2Bdc5vhiHR4+GlKGsJxjqY0iPfFFr7AOmLEBgjkUF
+uw7eNrIVxD15SG7MRAcw1Cs1frwaot4I/jIhWqrYwmALq8C+UsSLZipXaBKCUYyE
+Ej7rqXyIoaao+V+7jU45jTNbfbtozZkfVGWDYQbopfZyabTmon2p0uvz3Q8BbvMk
+E58hEAGJFilZKyHscxsRw2lHmOQisyMC1pmM4aN4ZTBA16WhFKtNmCzcwfTJDZQQ
+hYxItYRFX63OqzG7M6+yWxTo8rX3fI9HAeJ2Pahheh14N2Ef7QKCAQEA4dK6w0AW
+TZ9RTzMyKVEHXBi6xQnkfH6qwtAuTnc5cBc7/Pwz+DH0+VR6vci4j7cs+mYvXAxY
+R7FuRRyDyiahWzlNpTPHzRQy1wfcxKl3B1LKgfr8VBxgAJ50AYkkmZsaSi5S1Haw
+PGOle+4dkkpFuC2X6FWr8i/2doz1PC4lqT1dlFQTM8p2xuAPEO7OCUSndPe30RGt
+oAvVgmdu01ba/bEGr6JF2bCfr2HBN/0cN8QS7F+13Tp96i4fm+fwjsgrqIlECuN4
+cvdbBGKM+SgwGFMBX1gmk9QYMQaqEDWU08YhWHrzdmAO5eoK6KNrHuBC1faL04sJ
+1K8juKAjAWlqlQKCAQEAlDcegamzxy4Hw1H97jtu1kUIIDaG4uBwni2xHBoKXtSv
+TCTSDExJuTBxH8vODJ4P4UBBNYv+AqjkxSzTviDDNojMlrpbId9bhy3fow4cy6yy
+znTZiS/ddxoT1TlOdrL0ZKmhPr8BzbcuZtQECo+XChJPHtFxZFD2Ihzfa+nqBAet
+qT5rEUQuurIfNV1A0GAEPHbNv8P08rkuLh86B/WMQ074y2uX5R+ENlQni7ikiIkH
+QPeUJ1WYUVcP7O5J+KAh8rjGwHYGlJYNmVxoEaQ9sMgWm1+ygrZ59sh9k5nRuLip
+QQZbbd72XT8uQ5VrzLLn95nHLQUiL9aJL97OOKoMuQKCAQACHn8gK+7JpbAWpS1Y
+U+lUxOqjxLb/MBUcJOX6WIYSdjVa52b5ckaRPGi2dTa+KoLiiqjxHTCK47BcN6tI
+71neSEhhP34lf4YGnI1GzyxNxkoeNCPAClAgUVxXU1kjk+AISC0Az2hR+MFpy089
+uzKySsM9K+ikKi0O6b23Zdt2nhvNs4hGmSTKMvoRN5x5W8qSf2ybKqZNdS74vU29
+7/e4H7wnU8eCBnVJKQquItLr9wwSaceEHvNlii9DwEZyoJBAUaFw1LehpI6XGPGn
+uOfSopzFr0cVZg0gEKbx5f7Sie5wLR8xwi8Bm1Ok4Tu1G3elGF4xiwF5nHciWWZa
+sgmNAoIBAQDZHa2roknLsDJFH8W7DsnfjSa1glAQGY6lB5rh6f1BseHvERSNog+s
+199Y624za5wVWA43jDy+UFfAetna1CwX+plCk2w4FNncmuBP8nR1EX7fWRh7lXpy
+TKyrOuxFzPZARRLQheBzmGrF2ktDhtlEhH4xRuMUVv0ARluJI0w9Uc9DFIMekHws
+oKMPlj3wd+SJgpCQL90ePUKGM/t7GqqwBd/yvtYhv1ns/4ZqZ9xAzoHcl9yTmNZW
+TsB3gdCQqtRFm6J4EN1Rx3pEa2wp7bcg4Lq9YPWfxoTzH0eWqGQY9xUbX0f8PUt3
+hNt/I4LbfLl15/FCDKH27AG04sr+m6N2
+-----END PRIVATE KEY-----
diff --git a/AK/openvpn/gw-ckubu/keys/ta.key b/AK/openvpn/gw-ckubu/keys/ta.key
new file mode 100644
index 0000000..52287cd
--- /dev/null
+++ b/AK/openvpn/gw-ckubu/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+9b6729c5c91b466a2bf7a494c2773f66
+6f580c49cf669c267b408d4e69b47554
+eb9a77dc00111f2ffb3be09c38a34c29
+441ed188e45a20a0bc31e28f0740ee28
+10a36049da14f04a4efdfbfc15e492c4
+e8c6cc0e07b5ad43f8a7f9685edf07cc
+3764e44b091a1277195ff52cad66574b
+b9396a38e10445255a387a4c510ad5c9
+9376d6cfe2aee6b4970faadbe8b4b581
+cd01a751bd07d53d984cdbd82c357820
+0251066db57e5863fc96e6ccc4ac9ebf
+b06231f21e93d1934a9ed0352ff0d3cc
+e1fc4269821572b858b3461c4eacacd0
+0eb309b692e49ea3cd9683ff4ae85161
+790f3ff5bc0d7dba51015e182d88a09c
+9389557003a462a4c57467320c9913a8
+-----END OpenVPN Static key V1-----
diff --git a/AK/openvpn/server-ak.conf b/AK/openvpn/server-ak.conf
new file mode 100644
index 0000000..253f41d
--- /dev/null
+++ b/AK/openvpn/server-ak.conf
@@ -0,0 +1,316 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Enable TUN IPv6 module
+;tun-ipv6
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca /etc/openvpn/ak/keys/ca.crt
+cert /etc/openvpn/ak/keys/server.crt
+key /etc/openvpn/ak/keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh /etc/openvpn/ak/keys/dh4096.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+;server 10.8.0.0 255.255.255.0
+;server-ipv6 2a01:30:1fff:fd00::/64
+server 10.0.0.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ak/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.0.0 255.255.255.0"
+push "route 192.168.123.0 255.255.255.0"
+push "route 172.16.0.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir /etc/openvpn/ak/ccd/server-ak
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.0.254"
+push "dhcp-option DOMAIN ak.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth /etc/openvpn/ak/keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-ak.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-ak.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 1
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/ak/crl.pem
diff --git a/AK/openvpn/server-gw-ckubu.conf b/AK/openvpn/server-gw-ckubu.conf
new file mode 100644
index 0000000..2b6c67e
--- /dev/null
+++ b/AK/openvpn/server-gw-ckubu.conf
@@ -0,0 +1,318 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1195
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+route 192.168.63.0 255.255.255.0 10.1.0.1
+route 192.168.64.0 255.255.255.0 10.1.0.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Enable TUN IPv6 module
+;tun-ipv6
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca /etc/openvpn/gw-ckubu/keys/ca.crt
+cert /etc/openvpn/gw-ckubu/keys/server.crt
+key /etc/openvpn/gw-ckubu/keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh /etc/openvpn/gw-ckubu/keys/dh4096.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+;server 10.8.0.0 255.255.255.0
+;server-ipv6 2a01:30:1fff:fd00::/64
+server 10.1.0.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/gw-ckubu/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.0.0 255.255.255.0"
+push "route 192.168.123.0 255.255.255.0"
+push "route 172.16.0.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir /etc/openvpn/gw-ckubu/ccd/server-gw-ckubu
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.0.254"
+push "dhcp-option DOMAIN ak.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth /etc/openvpn/gw-ckubu/keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-gw-ckubu.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-gw-ckubu.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 1
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/gw-ckubu/crl.pem
diff --git a/AK/openvpn/update-resolv-conf b/AK/openvpn/update-resolv-conf
new file mode 100755
index 0000000..fc2f031
--- /dev/null
+++ b/AK/openvpn/update-resolv-conf
@@ -0,0 +1,58 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+# 
+# Example envs set from openvpn:
+#
+#     foreign_option_1='dhcp-option DNS 193.43.27.132'
+#     foreign_option_2='dhcp-option DNS 193.43.27.133'
+#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+[ -x /sbin/resolvconf ] || exit 0
+[ "$script_type" ] || exit 0
+[ "$dev" ] || exit 0
+
+split_into_parts()
+{
+	part1="$1"
+	part2="$2"
+	part3="$3"
+}
+
+case "$script_type" in
+  up)
+	NMSRVRS=""
+	SRCHS=""
+	for optionvarname in ${!foreign_option_*} ; do
+		option="${!optionvarname}"
+		echo "$option"
+		split_into_parts $option
+		if [ "$part1" = "dhcp-option" ] ; then
+			if [ "$part2" = "DNS" ] ; then
+				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
+			elif [ "$part2" = "DOMAIN" ] ; then
+				SRCHS="${SRCHS:+$SRCHS }$part3"
+			fi
+		fi
+	done
+	R=""
+	[ "$SRCHS" ] && R="search $SRCHS
+"
+	for NS in $NMSRVRS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
+	;;
+  down)
+	/sbin/resolvconf -d "${dev}.openvpn"
+	;;
+esac
+
diff --git a/AK/rc.local.AK b/AK/rc.local.AK
new file mode 100755
index 0000000..d1ab9db
--- /dev/null
+++ b/AK/rc.local.AK
@@ -0,0 +1,16 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+# By default this script does nothing.
+
+#/etc/init.d/ntp start || /bin/true
+
+exit 0
diff --git a/AK/resolv.conf.AK b/AK/resolv.conf.AK
new file mode 100644
index 0000000..f153a7c
--- /dev/null
+++ b/AK/resolv.conf.AK
@@ -0,0 +1,6 @@
+domain ak.netz
+search ak.netz
+nameserver 127.0.0.1
+nameserver 217.0.43.193
+nameserver 217.0.43.1
+
diff --git a/AK/sasl_passwd.AK b/AK/sasl_passwd.AK
new file mode 100644
index 0000000..12956b6
--- /dev/null
+++ b/AK/sasl_passwd.AK
@@ -0,0 +1 @@
+[b.mx.oopen.de] akweb@b.mx.oopen.de:g9B2TBj6RZm8
diff --git a/AK/sasl_passwd.db.AK b/AK/sasl_passwd.db.AK
new file mode 100644
index 0000000..fe45bee
Binary files /dev/null and b/AK/sasl_passwd.db.AK differ
diff --git a/AK/sbin/ip6t-firewall-gateway b/AK/sbin/ip6t-firewall-gateway
new file mode 100755
index 0000000..3df216f
--- /dev/null
+++ b/AK/sbin/ip6t-firewall-gateway
@@ -0,0 +1,3414 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ip6t-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv6 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv6.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv6.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv6.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv6.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ip6t=$(which ip6tables)
+
+if [[ -z "$ip6t" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IPv6)..\033[m"
+else
+   echo "Starting firewall iptables (IPv4).."
+fi
+echo
+
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+# ---
+# - Enable/Disable ip forwarding between interfaces
+# ---
+if $kernel_forward_between_interfaces ; then
+   echononl "\tActivate Forwarding.."
+   echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+else
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
+fi
+
+echo_done
+
+
+# -------------
+# --- Adjust Kernel Parameters
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+
+   # ---
+   # - Deactivate Source Routed Packets
+   # ---
+   for asr in /proc/sys/net/ipv6/conf/*/accept_source_route; do
+      if $kernel_deactivate_source_route ; then
+         echo 0 > $asr
+      fi
+   done
+
+
+   # ---
+   # -  Deactivate sending ICMP redirects
+   # ---
+   if $kernel_dont_accept_redirects ; then
+      echo "0" > /proc/sys/net/ipv6/conf/all/accept_redirects
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+
+fi 
+
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv6).."
+
+# - default policies
+# -
+$ip6t -P INPUT ACCEPT
+$ip6t -P OUTPUT ACCEPT
+$ip6t -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ip6t -F
+$ip6t -F INPUT
+$ip6t -F OUTPUT
+$ip6t -F FORWARD
+$ip6t -F -t mangle
+$ip6t -F -t nat
+$ip6t -F -t raw
+$ip6t -X
+$ip6t -Z
+
+#$ip6t -t nat -A POSTROUTING -o $ext_if_static_1 -j MASQUERADE
+$ip6t -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+echo_done # Flushing firewall iptable (IPv6)..
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ip6t -A INPUT -s $_ip -j LOG --log-prefix "$_ip IN: " --log-level $log_level
+      $ip6t -A OUTPUT -d $_ip -j LOG --log-prefix "$_ip OUT: " --log-level $log_level
+      $ip6t -A FORWARD -s $_ip -j LOG --log-prefix "$_ip FORWARD FROM: " --log-level $log_level
+      $ip6t -A FORWARD -d $_ip -j LOG --log-prefix "$_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP IPv6 traffic.."
+if $permit_all_icmp_traffic ; then
+   $ip6t -A INPUT -p ipv6-icmp -j ACCEPT
+   $ip6t -A OUTPUT -p ipv6-icmp -j ACCEPT
+   $ip6t -A FORWARD -p ipv6-icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ip6t -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ip6t -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ip6t -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -j ACCEPT
+         $ip6t -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ip6t -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ip6t -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ip6t -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ip6t -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -i $_if -j DROP
+      $ip6t -A FORWARD -o $_if -j DROP
+   fi
+   $ip6t -A INPUT -i $_if -j DROP
+   $ip6t -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -d $_ip -j ACCEPT
+         $ip6t -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ip6t -N syn-flood
+   $ip6t -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ip6t -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ip6t -A syn-flood -j DROP
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   if $log_new_not_sync || $log_all  ; then
+      $ip6t -A INPUT -p tcp ! --syn -m state --state NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      $ip6t -A OUTPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      fi
+   fi
+   $ip6t -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
+   $ip6t -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP
+   fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   if $log_invalid_state || $log_all  ; then
+      $ip6t -A INPUT -m state --state INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -m state --state INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+      fi
+   fi
+   $ip6t -A INPUT -m state --state INVALID -j DROP
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -m state --state INVALID -j DROP
+   fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # - Refuse spoofed packets pretending to be from your IP address.
+   if $log_spoofed || $log_all ; then
+      for _ip in ${ext_ip_arr[@]} ; do
+         $ip6t -A INPUT -s $_ip -d $_ip -j LOG --log-prefix "$log_prefix Spoofed (own ip): " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -s $_ip -d $_ip -j LOG --log-prefix "$log_prefix Spoofed (own ip): " --log-level $log_level
+         fi
+      done
+   fi
+   for _ip in ${ext_ip_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -s $_ip -d $_ip -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ipi6t -A FORWARD -s $_ip -d $_ip -j DROP
+      fi
+   done
+
+
+   # - private Adressen auf externen interface verwerfen
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ip6t -A INPUT -i $_dev -s $ula_block -j LOG --log-prefix "$log_prefix Private (ula_block): " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix (loopback): " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -s $ula_block -j LOG --log-prefix "$log_prefix Private (ula_block): " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix (loopback): " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -s $ula_block -j DROP
+      $ip6t -A INPUT -i $_dev -s $loopback -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -s $ula_block -j DROP
+         $ip6t -A FORWARD -i $_dev -s $loopback -j DROP
+      fi
+
+      # Don't allow spoofing from that server
+      $ip6t -A OUTPUT -o $_dev -s $ula_block -j DROP
+      $ip6t -A OUTPUT -o $_dev -s $loopback -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -s $ula_block -j DROP
+         $ip6t -A FORWARD -o $_dev -s $loopback -j DROP
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ip6t -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ip6t -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ip6t -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ip6t -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ip6t -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ip6t -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ip6t -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ip6t -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ip6t -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ip6t -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_forward_between_interfaces ; then
+         if $block_ident ; then
+            $ip6t -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ip6t -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ip6t -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ip6t -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_forward_between_interfaces ; then
+      if $block_ident ; then
+         $ip6t -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ip6t -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ip6t -A INPUT -i lo -j ACCEPT
+$ip6t -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ip6t -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ip6t -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_forward_between_interfaces ; then
+   $ip6t -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ip6t -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ip6t -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv6_address_arr[@]}" ; then
+            $ip6t -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         $ip6t -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ip6t -A FORWARD -p ${_val_arr[3]} -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+echononl "\tSeparate local networks.."
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+echononl "\tSeparate local interfaces.."
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            [[ "$_dev_1" = "$_dev_2" ]] && continue
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+            $ip6t -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+         done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_forward_between_interfaces ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+
+
+# ---
+# - IPv4 over IPv6
+# ---
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 546 -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp --dport 547 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP Service (local network only)"
+
+if $local_dhcp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type echo-request -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
+
+      $ip6t -A INPUT -p udp -i $_dev --sport 546 --dport 547 -j ACCEPT
+      $ip6t -A OUTPUT -p udp -o $_dev --sport 547 --dport 546 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ip6t -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ip6t -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ip6t -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_forward_between_interfaces=true)
+   if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ip6t -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ip6t -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ip6t -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ip6t -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ip6t -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_forward_between_interfaces ; then
+
+            $ip6t -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_forward_between_interfaces ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ip6t -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ip6t -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -t filter -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ip6t -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $standard_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $standard_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ip6t -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_forward_between_interfaces ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then 
+         $ip6t -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+      $ip6t -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ip6t -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_forward_between_interfaces && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_forward_between_interfaces && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ip6t -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tDruck Port 9100 only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ip6t -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces $$ ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ip6t -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ip6t -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv6_address_arr[@]}" ; then
+         $ip6t -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ip6t -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_forward_between_interfaces \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_forward_between_interfaces ; then
+
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces ; then
+
+         # - From extern
+         $ip6t -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ip6t -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ip6t -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv6_address_arr[@]}" ; then
+         $ip6t -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_forward_between_interfaces ; then
+         $ip6t -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ip6t -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=',' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      if [[ "${_val_arr[1]}" = "${_val_arr[3]}" ]] ; then
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination ${_val_arr[2]}
+      else
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination [${_val_arr[2]}]:${_val_arr[3]}
+      fi
+
+      # - Allow Packets
+      # -
+      $ip6t -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=',' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      if [[ "${_val_arr[1]}" = "${_val_arr[3]}" ]] ; then
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination ${_val_arr[2]}
+      else
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination [${_val_arr[2]}]:${_val_arr[3]}
+      fi
+
+      # - Allow Packets
+      # -
+      $ip6t -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ip6t -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ip6t -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ip6t -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+# ---
+# - ICMP is configured above..
+# ---
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_forward_between_interfaces ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ip6t -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ip6t -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ip6t -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ip6t -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ip6t -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ip6t -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ip6t -A INPUT -j DROP
+$ip6t -A OUTPUT -j DROP
+$ip6t -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/AK/sbin/ipt-firewall-gateway b/AK/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..5be1a57
--- /dev/null
+++ b/AK/sbin/ipt-firewall-gateway
@@ -0,0 +1,3947 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/AK/src/ipt-gateway b/AK/src/ipt-gateway
new file mode 160000
index 0000000..de0ebb6
--- /dev/null
+++ b/AK/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
diff --git a/AK/src/openvpn b/AK/src/openvpn
new file mode 160000
index 0000000..ebff5a5
--- /dev/null
+++ b/AK/src/openvpn
@@ -0,0 +1 @@
+Subproject commit ebff5a557b537bcb8192d94f733c4df86594258d
diff --git a/AKB/README.txt b/AKB/README.txt
new file mode 100644
index 0000000..4632bd0
--- /dev/null
+++ b/AKB/README.txt
@@ -0,0 +1,25 @@
+
+Notice:
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.AKB: ppp0 comes over eth2
+      interfaces.AKB: see above
+      default_isc-dhcp-server.AKB
+      ipt-firewall.AKB: LAN device (mostly ) = eth1
+                                second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/DCMICap.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/DCMICap.dat
new file mode 100755
index 0000000..368e2d4
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/DCMICap.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/GenEvt.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/GenEvt.dat
new file mode 100755
index 0000000..92b4c92
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/GenEvt.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/IPMICFG.exe b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/IPMICFG.exe
new file mode 100755
index 0000000..af97ffe
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/IPMICFG.exe differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/MBType.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/MBType.dat
new file mode 100755
index 0000000..10aa814
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/MBType.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode.dat
new file mode 100755
index 0000000..518dbbe
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode2.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode2.dat
new file mode 100755
index 0000000..6cadcfc
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode2.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/Menu.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/Menu.dat
new file mode 100755
index 0000000..da10666
--- /dev/null
+++ b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/Menu.dat
@@ -0,0 +1,96 @@
+  -m                    Show IP and MAC.
+  -m IP                 Set IP (format: ###.###.###.###).
+  -a MAC                Set MAC (format: ##:##:##:##:##:##).
+  -k                    Show Subnet Mask.
+  -k Mask               Set Subnet Mask (format: ###.###.###.###).
+  -dhcp                 Get the DHCP status.
+  -dhcp on              Enable the DHCP.
+  -dhcp off             Disable the DHCP.
+  -g                    Show Gateway IP.
+  -g IP                 Set Gateway IP (format: ###.###.###.###).
+  -r                    BMC cold reset.
+                        option: -d | Detected IPMI device for BMC reset.
+  -garp on              Enable the Gratuitous ARP.
+  -garp off             Disable the Gratuitous ARP.
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -ver                  Get Firmware revision.
+  -vlan                 Get VLAN status.
+  -vlan on <vlan tag>   Enable the VLAN and set the VLAN tag.
+                        If VLANtag is not given it uses previously saved value.
+  -vlan off             Disable the VLAN.
+  -selftest             Checking and reporting on the basic health of BMC.
+  -raw                  Send a RAW IPMI request and print response.
+                        Format: NetFn Cmd [Data1 ... DataN]
+  -fru info             Show FRU inventory area Info.
+  -fru list             Show all FRU values.
+  -fru cthelp           Show chassis type code.
+  -fru help             Show help of FRU Write.
+  -fru <field>          Show FRU field value.
+  -fru <field> <value>  Write FRU.
+  -fru 1m               Update Product-Manufacturer from DMITable to IPMI FRU.
+  -fru 1p               Update Product-Product Name from DMITable to IPMI FRU.
+  -fru 1s               Update Product-S/N from DMITable to IPMI FRU.
+  -fru 2m               Update Board-Manufacturer from DMITable to IPMI FRU.
+  -fru 2p               Update Board-Product Name from DMITable to IPMI FRU.
+  -fru 2s               Update Board-S/N from DMITable to IPMI FRU.
+  -fru 3s               Update Chassis-S/N from DMITable to IPMI FRU.
+  -fru backup <file>    Backup FRU to file <Binary format>.
+  -fru restore <file>   Restore FRU from file <Binary format>.
+  -fru tbackup <file>   Backup FRU to file <Text format>.
+  -fru trestore <file>  Restore FRU from file <Text format>.
+  -fru ver <v1> <v2>    Get/Set FRU version. (v1 v2 are BCD format)
+  -sel info             Show SEL info.
+  -sel list             Show SEL records.
+  -sel del              Delete all SEL records.
+  -sel raw              Show SEL raw data.
+  -sdr [full]           Show SDR records and reading.
+  -sdr del <sdr id>     Delete SDR record.
+  -sdr ver <v1> <v2>    Get/Set SDR version. (v1 v2 are BCD format)
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>           Set Fan Mode.
+  -pminfo [full]        Power supply PMBus health.
+  -psfruinfo            Power supply FRU health.
+  -psbbpinfo            Battery backup power status.
+  -autodischarge        Set auto discharge by days.
+   <module> <day>.      
+  -discharge <module>   Manually discharge battery.
+  -user list            List user privilege information.
+  -user help            Show user privilege code.
+  -user add <user id>   Add user.
+   <name> <password>    
+   <privilege>          
+  -user del <user id>   Delete user.
+  -user level <user id> Update user privilege.
+   <privilege>          
+  -user setpwd          Update user password.
+   <user id> <password> 
+  -conf upload <file>   Upload IPMI configuration form binary file.
+   <option>             option: -p | Bypass warning message.
+  -conf download <file> Download IPMI configuration to binary file.
+  -conf tupload <file>  Upload IPMI configuration from text file.
+   <option>             option: -p | Bypass warning message.
+  -conf tdownload       Download IPMI configuration to text file.
+   <file>               
+  -clrint               Clear chassis intrusion.
+  -reset <index>        Reset System and force to boot from device.
+  -soft <index>         Initiate a soft-shutdown for OS and force to boot from
+                        device.
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/PMBusStatus.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/PMBusStatus.dat
new file mode 100755
index 0000000..d5b8630
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/PMBusStatus.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt1.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt1.dat
new file mode 100755
index 0000000..8b10a40
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt1.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt2.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt2.dat
new file mode 100755
index 0000000..6cfe076
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt2.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt3.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt3.dat
new file mode 100755
index 0000000..aef67c7
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt3.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt4.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt4.dat
new file mode 100755
index 0000000..505e391
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt4.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt5.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt5.dat
new file mode 100755
index 0000000..fed4cfc
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt5.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/sdc.exe b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/sdc.exe
new file mode 100755
index 0000000..8ce02a8
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/DOS/sdc.exe differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/IPMICFG_UserGuide.pdf b/AKB/bin/IPMICFG_1.27.0_build.170620/IPMICFG_UserGuide.pdf
new file mode 100755
index 0000000..fe6b137
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/IPMICFG_UserGuide.pdf differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/DCMICap.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/DCMICap.dat
new file mode 100755
index 0000000..368e2d4
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/DCMICap.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/GenEvt.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/GenEvt.dat
new file mode 100755
index 0000000..92b4c92
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/GenEvt.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/IPMICFG-Linux.x86 b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/IPMICFG-Linux.x86
new file mode 100755
index 0000000..d971ad9
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/IPMICFG-Linux.x86 differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MBType.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MBType.dat
new file mode 100755
index 0000000..10aa814
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MBType.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode.dat
new file mode 100755
index 0000000..518dbbe
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode2.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode2.dat
new file mode 100755
index 0000000..6cadcfc
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode2.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/Menu.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/Menu.dat
new file mode 100755
index 0000000..84a1273
--- /dev/null
+++ b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/Menu.dat
@@ -0,0 +1,96 @@
+  -m                    Show IP and MAC.
+  -m IP                 Set IP (format: ###.###.###.###).
+  -a MAC                Set MAC (format: ##:##:##:##:##:##).
+  -k                    Show Subnet Mask.
+  -k Mask               Set Subnet Mask (format: ###.###.###.###).
+  -dhcp                 Get the DHCP status.
+  -dhcp on              Enable the DHCP.
+  -dhcp off             Disable the DHCP.
+  -g                    Show Gateway IP.
+  -g IP                 Set Gateway IP (format: ###.###.###.###).
+  -r                    BMC cold reset.
+                        option: -d | Detected IPMI device for BMC reset.
+  -garp on              Enable the Gratuitous ARP.
+  -garp off             Disable the Gratuitous ARP.
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -ver                  Get Firmware revision.
+  -vlan                 Get VLAN status.
+  -vlan on <vlan tag>   Enable the VLAN and set the VLAN tag.
+                        If VLANtag is not given it uses previously saved value.
+  -vlan off             Disable the VLAN.
+  -selftest             Checking and reporting on the basic health of BMC.
+  -raw                  Send a RAW IPMI request and print response.
+                        Format: NetFn Cmd [Data1 ... DataN]
+  -fru info             Show FRU inventory area Info.
+  -fru list             Show all FRU values.
+  -fru cthelp           Show chassis type code.
+  -fru help             Show help of FRU Write.
+  -fru <field>          Show FRU field value.
+  -fru <field> <value>  Write FRU.
+  -fru 1m               Update Product-Manufacturer from DMITable to IPMI FRU.
+  -fru 1p               Update Product-Product Name from DMITable to IPMI FRU.
+  -fru 1s               Update Product-S/N from DMITable to IPMI FRU.
+  -fru 2m               Update Board-Manufacturer from DMITable to IPMI FRU.
+  -fru 2p               Update Board-Product Name from DMITable to IPMI FRU.
+  -fru 2s               Update Board-S/N from DMITable to IPMI FRU.
+  -fru 3s               Update Chassis-S/N from DMITable to IPMI FRU.
+  -fru backup <file>    Backup FRU to file <Binary format>.
+  -fru restore <file>   Restore FRU from file <Binary format>.
+  -fru tbackup <file>   Backup FRU to file <Text format>.
+  -fru trestore <file>  Restore FRU from file <Text format>.
+  -fru ver <v1> <v2>    Get/Set FRU version. (v1 v2 are BCD format)
+  -sel info             Show SEL info.
+  -sel list             Show SEL records.
+  -sel del              Delete all SEL records.
+  -sel raw              Show SEL raw data.
+  -sdr [full]           Show SDR records and reading.
+  -sdr del <sdr id>     Delete SDR record.
+  -sdr ver <v1> <v2>    Get/Set SDR version. (v1 v2 are BCD format)
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>           Set Fan Mode.
+  -pminfo [full]        Power supply PMBus health.
+  -psfruinfo            Power supply FRU health.
+  -psbbpinfo            Battery backup power status.
+  -autodischarge        Set auto discharge by days.
+   <module> <day>.      
+  -discharge <module>   Manually discharge battery.
+  -user list            List user privilege information.
+  -user help            Show user privilege code.
+  -user add <user id>   Add user.
+   <name> <password>    
+   <privilege>          
+  -user del <user id>   Delete user.
+  -user level <user id> Update user privilege.
+   <privilege>          
+  -user setpwd          Update user password.
+   <user id> <password> 
+  -conf upload <file>   Upload IPMI configuration form binary file.
+   <option>             option: -p | Bypass warning message.
+  -conf download <file> Download IPMI configuration to binary file.
+  -conf tupload <file>  Upload IPMI configuration from text file.
+   <option>             option: -p | Bypass warning message.
+  -conf tdownload       Download IPMI configuration to text file.
+   <file>               
+  -clrint               Clear chassis intrusion.
+  -reset <index>        Reset System and force to boot from device.
+  -soft <index>         Initiate a soft-shutdown for OS and force to boot from
+                        device.
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/PMBusStatus.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/PMBusStatus.dat
new file mode 100755
index 0000000..d5b8630
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/PMBusStatus.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt1.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt1.dat
new file mode 100755
index 0000000..8b10a40
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt1.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt2.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt2.dat
new file mode 100755
index 0000000..6cfe076
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt2.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt3.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt3.dat
new file mode 100755
index 0000000..aef67c7
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt3.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt4.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt4.dat
new file mode 100755
index 0000000..505e391
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt4.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt5.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt5.dat
new file mode 100755
index 0000000..fed4cfc
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt5.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/DCMICap.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/DCMICap.dat
new file mode 100755
index 0000000..368e2d4
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/DCMICap.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/GenEvt.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/GenEvt.dat
new file mode 100755
index 0000000..92b4c92
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/GenEvt.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/IPMICFG-Linux.x86_64 b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/IPMICFG-Linux.x86_64
new file mode 100755
index 0000000..1051cd8
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/IPMICFG-Linux.x86_64 differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MBType.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MBType.dat
new file mode 100755
index 0000000..10aa814
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MBType.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode.dat
new file mode 100755
index 0000000..518dbbe
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode2.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode2.dat
new file mode 100755
index 0000000..6cadcfc
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode2.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/Menu.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/Menu.dat
new file mode 100755
index 0000000..84a1273
--- /dev/null
+++ b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/Menu.dat
@@ -0,0 +1,96 @@
+  -m                    Show IP and MAC.
+  -m IP                 Set IP (format: ###.###.###.###).
+  -a MAC                Set MAC (format: ##:##:##:##:##:##).
+  -k                    Show Subnet Mask.
+  -k Mask               Set Subnet Mask (format: ###.###.###.###).
+  -dhcp                 Get the DHCP status.
+  -dhcp on              Enable the DHCP.
+  -dhcp off             Disable the DHCP.
+  -g                    Show Gateway IP.
+  -g IP                 Set Gateway IP (format: ###.###.###.###).
+  -r                    BMC cold reset.
+                        option: -d | Detected IPMI device for BMC reset.
+  -garp on              Enable the Gratuitous ARP.
+  -garp off             Disable the Gratuitous ARP.
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -ver                  Get Firmware revision.
+  -vlan                 Get VLAN status.
+  -vlan on <vlan tag>   Enable the VLAN and set the VLAN tag.
+                        If VLANtag is not given it uses previously saved value.
+  -vlan off             Disable the VLAN.
+  -selftest             Checking and reporting on the basic health of BMC.
+  -raw                  Send a RAW IPMI request and print response.
+                        Format: NetFn Cmd [Data1 ... DataN]
+  -fru info             Show FRU inventory area Info.
+  -fru list             Show all FRU values.
+  -fru cthelp           Show chassis type code.
+  -fru help             Show help of FRU Write.
+  -fru <field>          Show FRU field value.
+  -fru <field> <value>  Write FRU.
+  -fru 1m               Update Product-Manufacturer from DMITable to IPMI FRU.
+  -fru 1p               Update Product-Product Name from DMITable to IPMI FRU.
+  -fru 1s               Update Product-S/N from DMITable to IPMI FRU.
+  -fru 2m               Update Board-Manufacturer from DMITable to IPMI FRU.
+  -fru 2p               Update Board-Product Name from DMITable to IPMI FRU.
+  -fru 2s               Update Board-S/N from DMITable to IPMI FRU.
+  -fru 3s               Update Chassis-S/N from DMITable to IPMI FRU.
+  -fru backup <file>    Backup FRU to file <Binary format>.
+  -fru restore <file>   Restore FRU from file <Binary format>.
+  -fru tbackup <file>   Backup FRU to file <Text format>.
+  -fru trestore <file>  Restore FRU from file <Text format>.
+  -fru ver <v1> <v2>    Get/Set FRU version. (v1 v2 are BCD format)
+  -sel info             Show SEL info.
+  -sel list             Show SEL records.
+  -sel del              Delete all SEL records.
+  -sel raw              Show SEL raw data.
+  -sdr [full]           Show SDR records and reading.
+  -sdr del <sdr id>     Delete SDR record.
+  -sdr ver <v1> <v2>    Get/Set SDR version. (v1 v2 are BCD format)
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>           Set Fan Mode.
+  -pminfo [full]        Power supply PMBus health.
+  -psfruinfo            Power supply FRU health.
+  -psbbpinfo            Battery backup power status.
+  -autodischarge        Set auto discharge by days.
+   <module> <day>.      
+  -discharge <module>   Manually discharge battery.
+  -user list            List user privilege information.
+  -user help            Show user privilege code.
+  -user add <user id>   Add user.
+   <name> <password>    
+   <privilege>          
+  -user del <user id>   Delete user.
+  -user level <user id> Update user privilege.
+   <privilege>          
+  -user setpwd          Update user password.
+   <user id> <password> 
+  -conf upload <file>   Upload IPMI configuration form binary file.
+   <option>             option: -p | Bypass warning message.
+  -conf download <file> Download IPMI configuration to binary file.
+  -conf tupload <file>  Upload IPMI configuration from text file.
+   <option>             option: -p | Bypass warning message.
+  -conf tdownload       Download IPMI configuration to text file.
+   <file>               
+  -clrint               Clear chassis intrusion.
+  -reset <index>        Reset System and force to boot from device.
+  -soft <index>         Initiate a soft-shutdown for OS and force to boot from
+                        device.
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/PMBusStatus.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/PMBusStatus.dat
new file mode 100755
index 0000000..d5b8630
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/PMBusStatus.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt1.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt1.dat
new file mode 100755
index 0000000..8b10a40
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt1.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt2.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt2.dat
new file mode 100755
index 0000000..6cfe076
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt2.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt3.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt3.dat
new file mode 100755
index 0000000..aef67c7
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt3.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt4.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt4.dat
new file mode 100755
index 0000000..505e391
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt4.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt5.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt5.dat
new file mode 100755
index 0000000..fed4cfc
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt5.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/ReleaseNotes.txt b/AKB/bin/IPMICFG_1.27.0_build.170620/ReleaseNotes.txt
new file mode 100755
index 0000000..dda7966
--- /dev/null
+++ b/AKB/bin/IPMICFG_1.27.0_build.170620/ReleaseNotes.txt
@@ -0,0 +1,246 @@
+-------------------------------------------------------------------------------
+Supermicro IPMICFG Release Notes
+Copyright(c) 2017 by Super Micro Computer, Inc.          http://supermicro.com/
+-------------------------------------------------------------------------------
+
+-------------------------------------------------------------------------------
+Introduction
+-------------------------------------------------------------------------------
+IPMICFG is a command line tool that let user set IPMI command through keyboard
+controller style (KCS) to the device that support Intelligent Platform
+Management Interface (IPMI) version 2.0 specifications.
+
+-------------------------------------------------------------------------------
+Requirements
+-------------------------------------------------------------------------------
+ - Operating system:
+    * Microsoft DOS 5.0 or later version
+    * Windows Server 2003, 2008, 2012 (32/64bit), 2016
+         - Operating system must be pre-installed Microsoft Visual C++ 2008 SP1
+           Redistributable Package
+           Download Link:
+               http://www.microsoft.com/en-us/download/details.aspx?id=29
+         - Windows 2008 R2 x64 must be pre-installed KB3033929 patch
+           Download Link:
+               https://www.microsoft.com/en-us/download/details.aspx?id=46083
+      Windows 7/8/8.1/10:
+         - Need disabled UAC(User Account Control) or open a command prompt
+           with a run as administrator.
+         - Windows 7 x64 must be pre-installed KB3033929 patch
+           Download Link:
+               https://www.microsoft.com/en-us/download/details.aspx?id=46148
+    * Linux Kernel version 2.6.x or higher.
+      ex: Red Hat Enterprise Linux (RHEL) 6.8 and 7.2,
+          SUSE Linux Enterprise Server (SLES) 11 SP4 and 12 SP1
+          Ubuntu Server 14.04 LTS and 16.04 LTS
+    * Free Disk Space: 200 MB (Linux, Windows)
+    * Available RAM: 64 MB
+ - Hardware:
+    * Baseboard Management Controller (BMC) must support Intelligent Platform
+      Management Interface (IPMI) version 2.0 specifications.
+ - Software:
+    * -tas, -nvme commands must be installed Thin-Agent Service. The TAS
+      minimum required version is 1.4.0.
+
+-------------------------------------------------------------------------------
+Installation and Upgrade Instructions
+-------------------------------------------------------------------------------
+ - DOS
+   Execute IPMICFG.exe
+ - Windows
+   Execute IMPICFG-Win.exe
+ - Linux
+   If your system has installed OpenIPMI driver, you can enabled Linux IPMI
+   driver:
+        # /etc/init.d/ipmi start
+        or
+        # modprobe ipmi_msghandler
+        # modprobe ipmi_devintf
+        # modprobe ipmi_si
+   Then execute IPMICFG-Linux.x86 or IPMICFG-Linux.x86_64
+   
+-------------------------------------------------------------------------------
+Third Party Software
+-------------------------------------------------------------------------------
+ - Phymem
+   Please refer to
+   http://www.codeproject.com/Articles/35378/Access-Physical-Memory-Port-and-PC
+   I-Configuration for more information.
+ - IPMITool
+   Please refer to
+   http://sourceforge.net/projects/ipmitool for more information.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.27.0 build 170620
+-------------------------------------------------------------------------------
+1.  Add DCMI commands.
+2.  Add MCU ID support for 0xA5, 0xA6, 0xA7 and 0xA8 on IPMICFG with the "tp"
+    command.
+3.  Disabled Microblade "VBAT" sensor all the upper threshold value.
+4.  Fix getting PMBus's detail status has duplicate information.
+5.  Update NM commands to Node Manager 4.0.
+6.  Support ATEN 8U Superblade firmware.
+7.  Update board ID.
+8.  Update KCS driver.
+9.  Modify PMBus Revision info.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.26.0 build 161123
+-------------------------------------------------------------------------------
+1.  Support MultiNode config ID = 6 and 12.
+2.  Support MultiNode MCU ID = 0xA7.
+3.  Support TAS 1.4.0.
+4.  Update event log description in SEL command.
+5.  Presenting power module full status information in -pminfo command.
+6.  Improve NVME firmware information in "-nvme info" command.
+7.  Support the watchdog sensor in "-sdr" command.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.25.0 build 160823
+-------------------------------------------------------------------------------
+1.  Support discrete sensor.
+2.  Support NVME 48 nodes.
+3.  Update FRU chassis type.
+4.  Update board id.
+5.  Modify parameter list format.
+6.  Fix FRU fields too many characters lead to FRU wrong issue.
+7.  Add Get/Set host name command.
+8.  Update Windows KCS driver.
+9.  Fix can't boot from UEFI device issue.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.24.2 build 160517
+-------------------------------------------------------------------------------
+1.  Fix power reading is incorrect with command nm oem power.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.24.1 build 160222
+-------------------------------------------------------------------------------
+1.  Update Windows KCS driver.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.24.0 build 160105
+-------------------------------------------------------------------------------
+1.  Add TAS commands. (Not supported DOS)
+2.  Update NVME commands. (Not supported DOS)
+3.  Add summary command.
+4.  Update board id.
+5.  Update MRC Code for SEL.
+6.  Update SEL description.
+7.  Fix MCU Version value wrong issue.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.23.0 build 151106
+-------------------------------------------------------------------------------
+1.  Support MicroCloud device in tp commands.
+2.  Fix temperature sensor reading can't display negative issue.
+3.  Fix TJmax value wrong issue.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.22.0 build 150814
+-------------------------------------------------------------------------------
+1.  Update board id.
+2.  Update GUID.
+3.  When impicfg failed, error message will store to stderr variable.
+4.  When input wrong parameter, ipmicfg will print all the parameters
+    explaination and cancel pause screen mechanism. (Not supported DOS)
+5.  When use not root permission account to launch ipmicfg, ipmicfg will show
+    tip message.
+6.  Fix -sdr hang issue at SuperBlade.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.21.0 build 150615
+-------------------------------------------------------------------------------
+1.  Add BIOS MRC Code for SEL.
+2.  Add support power consumption sensor(SDR record type = 0x0b).
+3.  Add SDR Type 2 to support PS Status Compact SDR.
+4.  Update Fan mode.
+5.  Udpate SEL description and board id.
+6.  Modify FatTwin Right side node ID.
+7.  Modify TwinPro commands.
+8.  Replace KCS driver.
+9.  Update length of PWS Module Number from 12 bytes to 13 bytes.
+10. Fix memory ECC error description.
+
+-------------------------------------------------------------------------------
+Known Issues, Limitations & Restrictions
+-------------------------------------------------------------------------------
+1. 'Destination IP address' in the first entry under alerts subsection is
+   volatile as per the IPMI spec. So, this field will not be saved if restored
+   to factory defaults.
+
+2. Some parameters need IPMI OEM commands support. If not, the execute result
+   will response error message or information. The parameters include:
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>                       Set Fan Mode.
+  -pminfo                           Power supply PMBus health.
+  -psfruinfo                        Power supply FRU health.
+  -psbbpinfo                        Battery backup power status.
+  -autodischarge <module> <day>     Set auto discharge by days.
+  -discharge <module>               Manually discharge battery.
+  -conf upload <file> <option>      Upload IPMI configuration form binary file.
+                                    option: -p | Bypass warning message.
+  -conf download <file>             Download IPMI configuration to binary file.
+  -conf tupload <file> <option>     Upload IPMI configuration from text file.
+                                    option: -p | Bypass warning message.
+  -conf tdownload <file>            Download IPMI configuration to text file.
+  -clrint                           Clear chassis intrusion.
+  -reset <index>                    Reset System and force to boot from device.
+  -soft <index>                     Initiate a soft-shutdown for OS and force
+                                    to boot from device.
+  -recoverbiosinfo                  Get recovery BIOS information.
+  -reset <index>                    Reset System and force to boot from device.
+  -soft <index>                     Initiate a soft-shutdown for OS and force
+                                    to boot from device.
+  -recoverbiosinfo                  Get recovery BIOS information.
+  -nvme list                        Display the existing NVME SSD list.
+  -nvme info                        NVME SSD information.
+  -nvme rescan                      Rescan all devices by in band.
+  -nvme insert <aoc> <group> <slot> Insert SSD by out of band.
+  -nvme locate <HDD Name>           Locate SSD. (in band)
+  -nvme locate <aoc> <group> <slot> Locate SSD. (out of band)
+  -nvme stoplocate <HDD Name>           Stop Locate SSD. (in band)
+  -nvme stoplocate <aoc> <group> <slot> Stop Locate SSD. (out of band)
+  -nvme remove <HDD Name> [option]  Remove NVME device. (in band)
+        Usage: option 0: Do eject after remove (Default).
+               option 1: Do not eject after remove.
+  -nvme remove <aoc> <group> <slot> Remove NVME device. (out of band)
+  -nvme smartdata [HDD Name]        NVME SMART data.
+  -tp info                          Get MCU Info.
+  -tp info <type>                   Get MCU Type Info. (type: 1 - 3)
+  -tp nodeid                        Get Node ID.
+  -tas info                         Get TAS Information.
+  -tas pause                        Pause TAS Service.
+  -tas resume                       Resume TAS Service.
+  -tas refresh                      Trigger TAS to recollect data.
+  -tas clear                        Clear TAS collected data in BMC.
+  -tas period <sec>                 Set TAS update period <limit 5 to 60 sec>.
+  -tas exec <cmd>                   Execute a user's specified command.
+
+-------------------------------------------------------------------------------
+Technical Support
+-------------------------------------------------------------------------------
+Web Site:        www.supermicro.com
+Headquarters:    support@supermicro.com
+European Branch: support@supermicro.nl
+Asian Branch:    support@supermicro.com.tw
\ No newline at end of file
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/DCMICap.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/DCMICap.dat
new file mode 100755
index 0000000..368e2d4
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/DCMICap.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/GenEvt.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/GenEvt.dat
new file mode 100755
index 0000000..92b4c92
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/GenEvt.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/IPMICFG-Win.exe b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/IPMICFG-Win.exe
new file mode 100755
index 0000000..3bd611f
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/IPMICFG-Win.exe differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MBType.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MBType.dat
new file mode 100755
index 0000000..10aa814
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MBType.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode.dat
new file mode 100755
index 0000000..518dbbe
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode2.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode2.dat
new file mode 100755
index 0000000..6cadcfc
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode2.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/Menu.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/Menu.dat
new file mode 100755
index 0000000..da10666
--- /dev/null
+++ b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/Menu.dat
@@ -0,0 +1,96 @@
+  -m                    Show IP and MAC.
+  -m IP                 Set IP (format: ###.###.###.###).
+  -a MAC                Set MAC (format: ##:##:##:##:##:##).
+  -k                    Show Subnet Mask.
+  -k Mask               Set Subnet Mask (format: ###.###.###.###).
+  -dhcp                 Get the DHCP status.
+  -dhcp on              Enable the DHCP.
+  -dhcp off             Disable the DHCP.
+  -g                    Show Gateway IP.
+  -g IP                 Set Gateway IP (format: ###.###.###.###).
+  -r                    BMC cold reset.
+                        option: -d | Detected IPMI device for BMC reset.
+  -garp on              Enable the Gratuitous ARP.
+  -garp off             Disable the Gratuitous ARP.
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -ver                  Get Firmware revision.
+  -vlan                 Get VLAN status.
+  -vlan on <vlan tag>   Enable the VLAN and set the VLAN tag.
+                        If VLANtag is not given it uses previously saved value.
+  -vlan off             Disable the VLAN.
+  -selftest             Checking and reporting on the basic health of BMC.
+  -raw                  Send a RAW IPMI request and print response.
+                        Format: NetFn Cmd [Data1 ... DataN]
+  -fru info             Show FRU inventory area Info.
+  -fru list             Show all FRU values.
+  -fru cthelp           Show chassis type code.
+  -fru help             Show help of FRU Write.
+  -fru <field>          Show FRU field value.
+  -fru <field> <value>  Write FRU.
+  -fru 1m               Update Product-Manufacturer from DMITable to IPMI FRU.
+  -fru 1p               Update Product-Product Name from DMITable to IPMI FRU.
+  -fru 1s               Update Product-S/N from DMITable to IPMI FRU.
+  -fru 2m               Update Board-Manufacturer from DMITable to IPMI FRU.
+  -fru 2p               Update Board-Product Name from DMITable to IPMI FRU.
+  -fru 2s               Update Board-S/N from DMITable to IPMI FRU.
+  -fru 3s               Update Chassis-S/N from DMITable to IPMI FRU.
+  -fru backup <file>    Backup FRU to file <Binary format>.
+  -fru restore <file>   Restore FRU from file <Binary format>.
+  -fru tbackup <file>   Backup FRU to file <Text format>.
+  -fru trestore <file>  Restore FRU from file <Text format>.
+  -fru ver <v1> <v2>    Get/Set FRU version. (v1 v2 are BCD format)
+  -sel info             Show SEL info.
+  -sel list             Show SEL records.
+  -sel del              Delete all SEL records.
+  -sel raw              Show SEL raw data.
+  -sdr [full]           Show SDR records and reading.
+  -sdr del <sdr id>     Delete SDR record.
+  -sdr ver <v1> <v2>    Get/Set SDR version. (v1 v2 are BCD format)
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>           Set Fan Mode.
+  -pminfo [full]        Power supply PMBus health.
+  -psfruinfo            Power supply FRU health.
+  -psbbpinfo            Battery backup power status.
+  -autodischarge        Set auto discharge by days.
+   <module> <day>.      
+  -discharge <module>   Manually discharge battery.
+  -user list            List user privilege information.
+  -user help            Show user privilege code.
+  -user add <user id>   Add user.
+   <name> <password>    
+   <privilege>          
+  -user del <user id>   Delete user.
+  -user level <user id> Update user privilege.
+   <privilege>          
+  -user setpwd          Update user password.
+   <user id> <password> 
+  -conf upload <file>   Upload IPMI configuration form binary file.
+   <option>             option: -p | Bypass warning message.
+  -conf download <file> Download IPMI configuration to binary file.
+  -conf tupload <file>  Upload IPMI configuration from text file.
+   <option>             option: -p | Bypass warning message.
+  -conf tdownload       Download IPMI configuration to text file.
+   <file>               
+  -clrint               Clear chassis intrusion.
+  -reset <index>        Reset System and force to boot from device.
+  -soft <index>         Initiate a soft-shutdown for OS and force to boot from
+                        device.
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/PMBusStatus.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/PMBusStatus.dat
new file mode 100755
index 0000000..d5b8630
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/PMBusStatus.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt1.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt1.dat
new file mode 100755
index 0000000..8b10a40
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt1.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt2.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt2.dat
new file mode 100755
index 0000000..6cfe076
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt2.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt3.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt3.dat
new file mode 100755
index 0000000..aef67c7
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt3.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt4.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt4.dat
new file mode 100755
index 0000000..505e391
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt4.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt5.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt5.dat
new file mode 100755
index 0000000..fed4cfc
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt5.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/phymem32.sys b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/phymem32.sys
new file mode 100755
index 0000000..d14bac3
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/phymem32.sys differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/pmdll.dll b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/pmdll.dll
new file mode 100755
index 0000000..58e5bcb
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/pmdll.dll differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/DCMICap.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/DCMICap.dat
new file mode 100755
index 0000000..368e2d4
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/DCMICap.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/GenEvt.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/GenEvt.dat
new file mode 100755
index 0000000..92b4c92
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/GenEvt.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/IPMICFG-Win.exe b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/IPMICFG-Win.exe
new file mode 100755
index 0000000..91fb973
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/IPMICFG-Win.exe differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MBType.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MBType.dat
new file mode 100755
index 0000000..10aa814
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MBType.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode.dat
new file mode 100755
index 0000000..518dbbe
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode2.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode2.dat
new file mode 100755
index 0000000..6cadcfc
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode2.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/Menu.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/Menu.dat
new file mode 100755
index 0000000..da10666
--- /dev/null
+++ b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/Menu.dat
@@ -0,0 +1,96 @@
+  -m                    Show IP and MAC.
+  -m IP                 Set IP (format: ###.###.###.###).
+  -a MAC                Set MAC (format: ##:##:##:##:##:##).
+  -k                    Show Subnet Mask.
+  -k Mask               Set Subnet Mask (format: ###.###.###.###).
+  -dhcp                 Get the DHCP status.
+  -dhcp on              Enable the DHCP.
+  -dhcp off             Disable the DHCP.
+  -g                    Show Gateway IP.
+  -g IP                 Set Gateway IP (format: ###.###.###.###).
+  -r                    BMC cold reset.
+                        option: -d | Detected IPMI device for BMC reset.
+  -garp on              Enable the Gratuitous ARP.
+  -garp off             Disable the Gratuitous ARP.
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -ver                  Get Firmware revision.
+  -vlan                 Get VLAN status.
+  -vlan on <vlan tag>   Enable the VLAN and set the VLAN tag.
+                        If VLANtag is not given it uses previously saved value.
+  -vlan off             Disable the VLAN.
+  -selftest             Checking and reporting on the basic health of BMC.
+  -raw                  Send a RAW IPMI request and print response.
+                        Format: NetFn Cmd [Data1 ... DataN]
+  -fru info             Show FRU inventory area Info.
+  -fru list             Show all FRU values.
+  -fru cthelp           Show chassis type code.
+  -fru help             Show help of FRU Write.
+  -fru <field>          Show FRU field value.
+  -fru <field> <value>  Write FRU.
+  -fru 1m               Update Product-Manufacturer from DMITable to IPMI FRU.
+  -fru 1p               Update Product-Product Name from DMITable to IPMI FRU.
+  -fru 1s               Update Product-S/N from DMITable to IPMI FRU.
+  -fru 2m               Update Board-Manufacturer from DMITable to IPMI FRU.
+  -fru 2p               Update Board-Product Name from DMITable to IPMI FRU.
+  -fru 2s               Update Board-S/N from DMITable to IPMI FRU.
+  -fru 3s               Update Chassis-S/N from DMITable to IPMI FRU.
+  -fru backup <file>    Backup FRU to file <Binary format>.
+  -fru restore <file>   Restore FRU from file <Binary format>.
+  -fru tbackup <file>   Backup FRU to file <Text format>.
+  -fru trestore <file>  Restore FRU from file <Text format>.
+  -fru ver <v1> <v2>    Get/Set FRU version. (v1 v2 are BCD format)
+  -sel info             Show SEL info.
+  -sel list             Show SEL records.
+  -sel del              Delete all SEL records.
+  -sel raw              Show SEL raw data.
+  -sdr [full]           Show SDR records and reading.
+  -sdr del <sdr id>     Delete SDR record.
+  -sdr ver <v1> <v2>    Get/Set SDR version. (v1 v2 are BCD format)
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>           Set Fan Mode.
+  -pminfo [full]        Power supply PMBus health.
+  -psfruinfo            Power supply FRU health.
+  -psbbpinfo            Battery backup power status.
+  -autodischarge        Set auto discharge by days.
+   <module> <day>.      
+  -discharge <module>   Manually discharge battery.
+  -user list            List user privilege information.
+  -user help            Show user privilege code.
+  -user add <user id>   Add user.
+   <name> <password>    
+   <privilege>          
+  -user del <user id>   Delete user.
+  -user level <user id> Update user privilege.
+   <privilege>          
+  -user setpwd          Update user password.
+   <user id> <password> 
+  -conf upload <file>   Upload IPMI configuration form binary file.
+   <option>             option: -p | Bypass warning message.
+  -conf download <file> Download IPMI configuration to binary file.
+  -conf tupload <file>  Upload IPMI configuration from text file.
+   <option>             option: -p | Bypass warning message.
+  -conf tdownload       Download IPMI configuration to text file.
+   <file>               
+  -clrint               Clear chassis intrusion.
+  -reset <index>        Reset System and force to boot from device.
+  -soft <index>         Initiate a soft-shutdown for OS and force to boot from
+                        device.
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/PMBusStatus.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/PMBusStatus.dat
new file mode 100755
index 0000000..d5b8630
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/PMBusStatus.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt1.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt1.dat
new file mode 100755
index 0000000..8b10a40
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt1.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt2.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt2.dat
new file mode 100755
index 0000000..6cfe076
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt2.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt3.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt3.dat
new file mode 100755
index 0000000..aef67c7
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt3.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt4.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt4.dat
new file mode 100755
index 0000000..505e391
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt4.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt5.dat b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt5.dat
new file mode 100755
index 0000000..fed4cfc
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt5.dat differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/phymem64.sys b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/phymem64.sys
new file mode 100755
index 0000000..0b8798d
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/phymem64.sys differ
diff --git a/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/pmdll.dll b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/pmdll.dll
new file mode 100755
index 0000000..c3d2f58
Binary files /dev/null and b/AKB/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/pmdll.dll differ
diff --git a/AKB/bin/admin-stuff b/AKB/bin/admin-stuff
new file mode 160000
index 0000000..6c91fc0
--- /dev/null
+++ b/AKB/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
diff --git a/AKB/bin/manage-gw-config b/AKB/bin/manage-gw-config
new file mode 160000
index 0000000..b5fb1f7
--- /dev/null
+++ b/AKB/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit b5fb1f7b3a421a24388ba6b25a3e5d58591ae7fe
diff --git a/AKB/bin/monitoring b/AKB/bin/monitoring
new file mode 160000
index 0000000..0611d0a
--- /dev/null
+++ b/AKB/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
diff --git a/AKB/bin/os-upgrade.sh b/AKB/bin/os-upgrade.sh
new file mode 120000
index 0000000..02ddc66
--- /dev/null
+++ b/AKB/bin/os-upgrade.sh
@@ -0,0 +1 @@
+admin-stuff/os-upgrade.sh
\ No newline at end of file
diff --git a/AKB/bin/test_email.sh b/AKB/bin/test_email.sh
new file mode 120000
index 0000000..86f3e17
--- /dev/null
+++ b/AKB/bin/test_email.sh
@@ -0,0 +1 @@
+admin-stuff/test_email.sh
\ No newline at end of file
diff --git a/AKB/bind/bind.keys b/AKB/bind/bind.keys
new file mode 100644
index 0000000..db22d4b
--- /dev/null
+++ b/AKB/bind/bind.keys
@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};
diff --git a/AKB/bind/db.0 b/AKB/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/AKB/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/AKB/bind/db.127 b/AKB/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/AKB/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/AKB/bind/db.192.168.82.0 b/AKB/bind/db.192.168.82.0
new file mode 100644
index 0000000..88705bd
--- /dev/null
+++ b/AKB/bind/db.192.168.82.0
@@ -0,0 +1,66 @@
+;
+; BIND reverse data file for local akb.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.akb.netz. ckubu.oopen.de. (
+      2012011501     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns.akb.netz.
+
+; Gateway/Firewall
+254         IN PTR    gw-akb.akb.netz.
+
+; (Caching ) Nameserver
+1           IN PTR    ns.akb.netz.
+
+
+; File Server
+10          IN PTR    file-akb.akb.netz.
+
+
+; IPMI - File Server
+11          IN PTR    file-ipmi.akb.netz.
+
+; USV 
+15          IN PTR    usv-akb.akb.netz.
+
+; Windows 7 Server
+20          IN PTR    file-win7.akb.netz.
+
+; Laserdrucker Lexmark X466de
+30          IN PTR    lexmark-cx410de.akb.netz.
+
+; Ueberwachungs Kameras
+40          IN PTR    kamera0.akb.netz.
+41          IN PTR    kamera1.akb.netz.
+
+; Buero PC's
+100         IN PTR    ab0.akb.netz.
+101         IN PTR    ab1.akb.netz.
+102         IN PTR    ab2.akb.netz.
+103         IN PTR    ab3.akb.netz.
+104         IN PTR    ab4.akb.netz.
+105         IN PTR    ab5.akb.netz.
+106         IN PTR    ab6.akb.netz.
+107         IN PTR    ab7.akb.netz.
+108         IN PTR    ab8.akb.netz.
+
+; Netbooks LAN Schnittstelle
+121         IN PTR    netbook1.akb.netz.
+122         IN PTR    netbook2.akb.netz.
+123         IN PTR    netbook3.akb.netz.
+
+
+; Accesspoint (WAN - Schnittstelle)
+253         IN PTR    accesspoint.akb.netz.
+
+
+; ## --- ckubu --- ##
+
+;  Laptop (devil) LAN (eth0)
+90          IN PTR    devil.akb.netz.
diff --git a/AKB/bind/db.192.168.83.0 b/AKB/bind/db.192.168.83.0
new file mode 100644
index 0000000..08ccd3d
--- /dev/null
+++ b/AKB/bind/db.192.168.83.0
@@ -0,0 +1,30 @@
+;
+; BIND reverse data file for local akb.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.akb.netz. ckubu.oopen.de. (
+      2012120401     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns.akb.netz.
+
+
+; Accesspoint (LAN/WLAN - Schnittstelle)
+253         IN PTR    accesspoint-wlan.akb.netz.
+
+
+
+; Netbooks LAN Schnittstelle
+121         IN PTR    netbook1-wlan.akb.netz.
+122         IN PTR    netbook2-wlan.akb.netz.
+123         IN PTR    netbook3-wlan.akb.netz.
+
+
+; ## --- ckubu --- ##
+
+;  Laptop (devil) WLAN (wlan0)
+90          IN PTR    devil-wlan.akb.netz.
diff --git a/AKB/bind/db.255 b/AKB/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/AKB/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/AKB/bind/db.akb.netz b/AKB/bind/db.akb.netz
new file mode 100644
index 0000000..2947194
--- /dev/null
+++ b/AKB/bind/db.akb.netz
@@ -0,0 +1,92 @@
+;
+; BIND data file for local akb.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.akb.netz. ckubu.oopen.de. (
+      2015122301     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+                 IN NS     ns.akb.netz.
+
+; Gateway/Firewall
+gw-akb           IN A      192.168.82.254
+gate             IN CNAME  gw-akb
+gw               IN CNAME  gw-akb
+gw-ipmi          IN A      172.16.82.15
+
+; (Caching ) Nameserver
+ns               IN A      192.168.82.1
+nscache          IN CNAME  ns
+
+; File Server
+file-akb         IN A      192.168.82.10
+file             IN CNAME  file-akb
+
+ftp              IN A      192.168.82.10
+
+; IPMI - File Server
+file-ipmi        IN A      192.168.82.11
+
+; USV - APC Management Card
+usv-akb          IN A      192.168.82.15
+usv              IN CNAME  usv-akb
+
+; Windows 7 Server
+;file-win7       IN A      192.168.82.20
+
+; Laserdrucker Lexmark X466de
+;lexmark-X466de   IN A      192.168.82.30
+
+; Laserdrucker Lexmark CX410de
+lexmark-cx410de  IN A      192.168.82.30
+lexmark          IN CNAME  lexmark-cx410de
+
+; Ueberwachungs Kameras
+kamera0          IN A      192.168.82.40
+camera0          IN A      192.168.82.40
+kamera1          IN A      192.168.82.41
+camera1          IN A      192.168.82.41
+ 
+; Buero PC's
+ab0              IN A      192.168.82.100
+ab1              IN A      192.168.82.101
+ab2              IN A      192.168.82.102
+ab3              IN A      192.168.82.103
+ab4              IN A      192.168.82.104
+ab5              IN A      192.168.82.105
+ab6              IN A      192.168.82.106
+ab7              IN A      192.168.82.107
+ab8              IN A      192.168.82.108
+
+; Netbooks LAN Schnittstelle
+netbook1-lan     IN A      192.168.82.121
+netbook1         IN CNAME  netbook1-lan
+
+netbook2-lan     IN A      192.168.82.122
+netbook2         IN CNAME  netbook2-lan
+
+netbook3-lan     IN A      192.168.82.123
+netbook3         IN CNAME  netbook3-lan
+
+; Accesspoint (WAN - Schnittstelle)
+accesspoint      IN A      192.168.82.253
+; Accesspoint (LAN/WLAN - Schnittstelle)
+accesspoint-wlan IN A      192.168.83.253
+
+
+; Netbooks WLAN Schnittstelle
+netbook1-wlan    IN A      192.168.83.121
+netbook2-wlan    IN A      192.168.83.122
+netbook3-wlan    IN A      192.168.83.123
+
+; ## --- ckubu --- ##
+
+;  Laptop (devil) LAN (eth0)
+devil       IN A      192.168.82.90
+;  Laptop (devil) WLAN (wlan0)
+devil-wlan  IN A      192.168.83.90
diff --git a/AKB/bind/db.empty b/AKB/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/AKB/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/AKB/bind/db.local b/AKB/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/AKB/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/AKB/bind/db.root b/AKB/bind/db.root
new file mode 100644
index 0000000..f0b79d2
--- /dev/null
+++ b/AKB/bind/db.root
@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file
diff --git a/AKB/bind/named.conf b/AKB/bind/named.conf
new file mode 100644
index 0000000..880786a
--- /dev/null
+++ b/AKB/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/AKB/bind/named.conf.default-zones b/AKB/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/AKB/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/AKB/bind/named.conf.local b/AKB/bind/named.conf.local
new file mode 100644
index 0000000..85bced4
--- /dev/null
+++ b/AKB/bind/named.conf.local
@@ -0,0 +1,23 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+
+zone "akb.netz" {
+   type master;
+   file "/etc/bind/db.akb.netz";
+};
+
+zone "82.168.192.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.192.168.82.0";
+};
+
+zone "83.168.192.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.192.168.83.0";
+};
diff --git a/AKB/bind/named.conf.local.ORIG b/AKB/bind/named.conf.local.ORIG
new file mode 100644
index 0000000..7a57b10
--- /dev/null
+++ b/AKB/bind/named.conf.local.ORIG
@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
diff --git a/AKB/bind/named.conf.options b/AKB/bind/named.conf.options
new file mode 100644
index 0000000..5412920
--- /dev/null
+++ b/AKB/bind/named.conf.options
@@ -0,0 +1,48 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	forwarders {
+      // OpenDNS servers
+      208.67.222.222;
+      208.67.220.220;
+      // DNS-Cache des CCC
+      213.73.91.35;
+      // ISP DNS Servers
+    	217.237.150.51;
+      217.237.148.22;
+	};
+
+
+   // Security options
+   listen-on port 53 { 
+      127.0.0.1; 
+      192.168.82.1; 
+   };
+   allow-query { 
+      127.0.0.1; 
+      192.168.82.0/24; 
+      192.168.83.0/24;
+      10.0.82.0/24;
+   };
+   allow-recursion { 
+      127.0.0.1; 
+      192.168.82.0/24; 
+      192.168.83.0/24; 
+      10.0.82.0/24;
+   };
+   allow-transfer { none; };
+
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/AKB/bind/named.conf.options.ORIG b/AKB/bind/named.conf.options.ORIG
new file mode 100644
index 0000000..b1bef51
--- /dev/null
+++ b/AKB/bind/named.conf.options.ORIG
@@ -0,0 +1,26 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/AKB/bind/rndc.key b/AKB/bind/rndc.key
new file mode 100644
index 0000000..0547518
--- /dev/null
+++ b/AKB/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "0KSg9Ns8stg0iS1dzsFwJw==";
+};
diff --git a/AKB/bind/zones.rfc1918 b/AKB/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/AKB/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/AKB/chap-secrets.AKB b/AKB/chap-secrets.AKB
new file mode 100644
index 0000000..84a6f36
--- /dev/null
+++ b/AKB/chap-secrets.AKB
@@ -0,0 +1,3 @@
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+
diff --git a/AKB/check_net-logrotate.AKB b/AKB/check_net-logrotate.AKB
new file mode 100644
index 0000000..f0a557b
--- /dev/null
+++ b/AKB/check_net-logrotate.AKB
@@ -0,0 +1,10 @@
+/var/log/check_net.log
+{
+   rotate 7
+   daily
+   missingok
+   notifempty
+   copytruncate
+   delaycompress
+   compress
+}
diff --git a/AKB/check_net.service.AKB b/AKB/check_net.service.AKB
new file mode 100644
index 0000000..0eff326
--- /dev/null
+++ b/AKB/check_net.service.AKB
@@ -0,0 +1,16 @@
+[Unit]
+Description=Configure Routing for Internet Connections;
+After=network.target
+After=rc-local.service
+
+[Service]
+ExecStart=/usr/local/sbin/check_net.sh
+ExecStartPre=rm -rf /tmp/check_net.sh.LOCK
+ExecStopPost=rm -rf /tmp/check_net.sh.LOCK
+KillMode=control-group
+SendSIGKILL=yes
+TimeoutStopSec=2
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/AKB/check_net/check_net.conf b/AKB/check_net/check_net.conf
new file mode 100644
index 0000000..f569f7b
--- /dev/null
+++ b/AKB/check_net/check_net.conf
@@ -0,0 +1,133 @@
+# - Configuration file for scrupts check_net.sh and netconfig.sh
+# -
+
+LOGGING_CONSOLE=false
+DEBUG=false
+
+# - Where are your scripts located?
+# -
+check_script=/usr/local/sbin/check_net.sh
+netconfig_script=/usr/local/sbin/netconfig.sh
+
+log_file=/var/log/check_net.log
+
+
+# - Put in your DSL devices (refers to your network configuration)
+# - youe wish be congigured by that script
+# -
+# - Notice:
+# -    If not using multiple default gatways, declare the list in the order of your 
+# -    preferred default gatway devices
+# -
+# -    Example:
+# -       _INITIAL_DEVICE_LIST="eth0:192.168.63.254 ppp-light"
+# -
+_INITIAL_DEVICE_LIST="ppp-akb"
+
+# - Set to "false" uses "0.0.0.0" as remote gateway instead of the real address
+# -
+USE_REMOTE_GATEWAY_ADDRESS=true
+#USE_REMOTE_GATEWAY_ADDRESS=false
+
+# - Set default gw (roundrobin)
+# -
+# - !! SET_MULTIPLE_DEFAULT_GW=true does not work for now..
+# -
+SET_MULTIPLE_DEFAULT_GW=false
+#SET_MULTIPLE_DEFAULT_GW=true
+
+
+# - Set to false uses "0.0.0.0" as default gateway adress instaed of real remote address
+# -
+USE_DEFAULT_GW_ADDRESS=true
+#USE_DEFAULT_GW_ADDRESS=false
+
+
+# - Hostnames for ping test
+# -
+# - Note: The first two reachable hosts will be used for ping test. 
+# -
+# - Space separated list
+# -
+PING_TEST_HOSTS="oopen.de google.com heise.de debian.org ubuntu.com"
+
+
+admin_email=root
+from_address="check-inet-devices@`hostname -f`"
+company="Aktionsbündnis"
+content_type='Content-Type: text/plain;\n charset="utf-8"'
+
+
+# - rule_local_ips
+# -
+# - Add rule(s) for routing local ip-address(es) through a given extern interface
+# -
+# - Space separated list of entries '<ext-interface>:<local-ip>'
+# -    rule_local_ips="<ext-interface>:<local-ip> [<ext-interface>:<local-ip>] [.."
+# -
+# - Example:
+# - ========
+# - local ip 192.168.10.1 through extern interface ppp-st and 
+# - local ip 192.168.10.13 through extern interface ppp-surf1
+# -     rule_local_ips="ppp-st:192.168.10.1 ppp-surf1:192.168.10.13"
+# -
+rule_local_ips=""
+
+# - rule_remote_ips
+# -
+# - Add rule(s) for routing remote ip-address(es) through a given extern interface
+# -
+# - Space separated list of entries '<ext-interface>:<remote-ip>'
+# -    rule_remote_ips="<ext-interface>:<remote-ip> [<ext-interface>:<remote-ip>] [.."
+# -
+# - Example:
+# - ========
+# - route remote ip-address  141.1.1.1 through extern interface ppp-ckubu and 
+# - also route ip-address 8.8.8.8 through through extern interface ppp-ckubu
+# -     rule_remote_ips="ppp-ckubu:141.1.1.1 ppp-ckubu:8.8.8.8"
+# - 
+rule_remote_ips=""
+
+# - rule_local_nets
+# -
+# - Add rule(s) for routing local networks through a given extern interface out
+# -
+# - Space separated list of entries '<extern-interface>:<local-net>'
+# -    rule_local_nets="<extern-interface>:<local-net> [<extern-interface>:<local-net>] [.."
+# -
+# -
+# - Example:
+# - ========
+# -     rule_local_nets="ppp-st:192.168.11.0/25 ppp-surf1:192.168.11.128/25"
+# -
+rule_local_nets=""
+
+
+
+## ====================================
+## - Don't make changes after this Line
+## ====================================
+
+# ---
+# - Add rule(s) for routing local ip-address(es)
+# ---
+declare -a rule_local_ip_arr
+for _str in $rule_local_ips ; do
+   rule_local_ip_arr+=("$_str")
+done
+
+# ---
+# - Add rule(s) for routing remote ip-address(es)
+# ---
+declare -a rule_remote_ip_arr
+for _str in $rule_remote_ips ; do
+   rule_remote_ip_arr+=("$_str")
+done
+
+# ---
+# - Add rule(s) for routing local networks
+# ---
+declare -a rule_local_net_arr
+for _str in $rule_local_nets ; do
+   rule_local_net_arr+=("$_str")
+done
diff --git a/AKB/check_net/check_net.conf.sample b/AKB/check_net/check_net.conf.sample
new file mode 100644
index 0000000..545583c
--- /dev/null
+++ b/AKB/check_net/check_net.conf.sample
@@ -0,0 +1,133 @@
+# - Configuration file for scrupts check_net.sh and netconfig.sh
+# -
+
+LOGGING_CONSOLE=false
+DEBUG=false
+
+# - Where are your scripts located?
+# -
+check_script=/usr/local/sbin/check_net.sh
+netconfig_script=/usr/local/sbin/netconfig.sh
+
+log_file=/var/log/check_net.log
+
+
+# - Put in your DSL devices (refers to your network configuration)
+# - youe wish be congigured by that script
+# -
+# - Notice:
+# -    If not using multiple default gatways, declare the list in the order of your 
+# -    preferred default gatway devices
+# -
+# -    Example:
+# -       _INITIAL_DEVICE_LIST="eth0:192.168.63.254 ppp-light"
+# -
+_INITIAL_DEVICE_LIST="ppp-ckubu"
+
+# - Set to "false" uses "0.0.0.0" as remote gateway instead of the real address
+# -
+USE_REMOTE_GATEWAY_ADDRESS=true
+#USE_REMOTE_GATEWAY_ADDRESS=false
+
+# - Set default gw (roundrobin)
+# -
+# - !! SET_MULTIPLE_DEFAULT_GW=true does not work for now..
+# -
+SET_MULTIPLE_DEFAULT_GW=false
+#SET_MULTIPLE_DEFAULT_GW=true
+
+
+# - Set to false uses "0.0.0.0" as default gateway adress instaed of real remote address
+# -
+USE_DEFAULT_GW_ADDRESS=true
+#USE_DEFAULT_GW_ADDRESS=false
+
+
+# - Hostnames for ping test
+# -
+# - Note: The first two reachable hosts will be used for ping test. 
+# -
+# - Space separated list
+# -
+PING_TEST_HOSTS="oopen.de google.com heise.de debian.org ubuntu.com"
+
+
+admin_email=root
+from_address="check-inet-devices@`hostname -f`"
+company="CKUBU"
+content_type='Content-Type: text/plain;\n charset="utf-8"'
+
+
+# - rule_local_ips
+# -
+# - Add rule(s) for routing local ip-address(es) through a given extern interface
+# -
+# - Space separated list of entries '<ext-interface>:<local-ip>'
+# -    rule_local_ips="<ext-interface>:<local-ip> [<ext-interface>:<local-ip>] [.."
+# -
+# - Example:
+# - ========
+# - local ip 192.168.10.1 through extern interface ppp-st and 
+# - local ip 192.168.10.13 through extern interface ppp-surf1
+# -     rule_local_ips="ppp-st:192.168.10.1 ppp-surf1:192.168.10.13"
+# -
+rule_local_ips=""
+
+# - rule_remote_ips
+# -
+# - Add rule(s) for routing remote ip-address(es) through a given extern interface
+# -
+# - Space separated list of entries '<ext-interface>:<remote-ip>'
+# -    rule_remote_ips="<ext-interface>:<remote-ip> [<ext-interface>:<remote-ip>] [.."
+# -
+# - Example:
+# - ========
+# - route remote ip-address  141.1.1.1 through extern interface ppp-ckubu and 
+# - also route ip-address 8.8.8.8 through through extern interface ppp-ckubu
+# -     rule_remote_ips="ppp-ckubu:141.1.1.1 ppp-ckubu:8.8.8.8"
+# - 
+rule_remote_ips=""
+
+# - rule_local_nets
+# -
+# - Add rule(s) for routing local networks through a given extern interface out
+# -
+# - Space separated list of entries '<extern-interface>:<local-net>'
+# -    rule_local_nets="<extern-interface>:<local-net> [<extern-interface>:<local-net>] [.."
+# -
+# -
+# - Example:
+# - ========
+# -     rule_local_nets="ppp-st:192.168.11.0/25 ppp-surf1:192.168.11.128/25"
+# -
+rule_local_nets=""
+
+
+
+## ====================================
+## - Don't make changes after this Line
+## ====================================
+
+# ---
+# - Add rule(s) for routing local ip-address(es)
+# ---
+declare -a rule_local_ip_arr
+for _str in $rule_local_ips ; do
+   rule_local_ip_arr+=("$_str")
+done
+
+# ---
+# - Add rule(s) for routing remote ip-address(es)
+# ---
+declare -a rule_remote_ip_arr
+for _str in $rule_remote_ips ; do
+   rule_remote_ip_arr+=("$_str")
+done
+
+# ---
+# - Add rule(s) for routing local networks
+# ---
+declare -a rule_local_net_arr
+for _str in $rule_local_nets ; do
+   rule_local_net_arr+=("$_str")
+done
diff --git a/AKB/cron_root.AKB b/AKB/cron_root.AKB
new file mode 100644
index 0000000..def2c99
--- /dev/null
+++ b/AKB/cron_root.AKB
@@ -0,0 +1,50 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.3mvCGS/crontab installed on Sun Feb 26 12:55:14 2017)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+PATH=/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+## check forwarding ( /proc/sys/net/ipv4/ip_forward contains "1" )
+## if not set this entry to "1"
+##
+0-59/2 * * * * /root/bin/monitoring/check_forwarding.sh
+
+## check if openvpn is running if not restart the service
+##
+0-59/30 * * * * /root/bin/monitoring/check_vpn.sh
+
+## check ig ntp service is running. If not restart the service
+##
+03 * * * * /root/bin/monitoring/check_ntpd.sh
+
+## - reconnect to internet
+## -
+9 6 * * * /root/bin/admin-stuff/reconnect_inet.sh ppp-akb dsl-akb
+
+## - copy gateway configuration
+## -
+13 4 * * * /root/bin/manage-gw-config/copy_gateway-config.sh AKB
+
+#10 17 * * * /etc/init.d/iptables stop
+
diff --git a/AKB/ddclient.conf.AKB b/AKB/ddclient.conf.AKB
new file mode 100644
index 0000000..118d6df
--- /dev/null
+++ b/AKB/ddclient.conf.AKB
@@ -0,0 +1,14 @@
+# Configuration file for ddclient generated by debconf
+#
+# /etc/ddclient.conf
+
+protocol=dyndns2
+use=web, web=checkip.dyndns.com, web-skip='IP Address'
+server=members.dyndns.org
+login=ckubu
+password=7213b4e6178a11e6ab1362f831f6741e
+akb-br.homelinux.org
+
+ssl=yes
+mail=argus@oopen.de
+mail-failure=root
diff --git a/AKB/default_isc-dhcp-server.AKB b/AKB/default_isc-dhcp-server.AKB
new file mode 100644
index 0000000..df30daa
--- /dev/null
+++ b/AKB/default_isc-dhcp-server.AKB
@@ -0,0 +1,21 @@
+# Defaults for isc-dhcp-server initscript
+# sourced by /etc/init.d/isc-dhcp-server
+# installed at /etc/default/isc-dhcp-server by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPD_CONF=/etc/dhcp/dhcpd.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPD_PID=/var/run/dhcpd.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACES=""
diff --git a/AKB/dhcpd.conf.AKB b/AKB/dhcpd.conf.AKB
new file mode 100644
index 0000000..27829c3
--- /dev/null
+++ b/AKB/dhcpd.conf.AKB
@@ -0,0 +1,284 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.82.255;
+
+option domain-name "akb.netz";
+option domain-name-servers 192.168.82.1;
+
+default-lease-time 86400;
+max-lease-time 259200;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+
+subnet 192.168.82.0 netmask 255.255.255.0 {
+
+   # --- 192.168.82.128/26 ---
+   # network address....: 192.168.82.128
+   # Broadcast address..: 192.168.82.191
+   # netmask............: 255.255.255.192
+   # network range......: 192.168.82.128 - 192.168.82.191
+   # Usable range.......: 192.168.82.129 - 192.168.82.190
+
+   range 192.168.82.129 192.168.82.190;
+   option domain-name "akb.netz";
+   option subnet-mask 255.255.255.0;
+   option broadcast-address 192.168.82.255;
+   option domain-name-servers 192.168.82.1;
+   option routers 192.168.82.254;
+   default-lease-time 86400;
+   max-lease-time 259200;
+
+}
+
+subnet 192.168.83.0 netmask 255.255.255.0 {
+
+   # --- 192.168.83.128/26 ---
+   # network address....: 192.168.83.128
+   # Broadcast address..: 192.168.83.191
+   # netmask............: 255.255.255.192
+   # network range......: 192.168.83.129 - 192.168.83.190
+   # Usable range.......: 192.168.83.128 - 192.168.83.191
+
+   range 192.168.83.129 192.168.83.190;
+   option domain-name "akb.netz";
+   option subnet-mask 255.255.255.0;
+   option broadcast-address 192.168.83.255;
+   option domain-name-servers 192.168.82.1;
+   option routers 192.168.83.254;
+   default-lease-time 86400;
+   max-lease-time 259200;
+
+   # - ckubu laptop (devil) WLAN (wlan0)
+   host devil-wlan {
+      hardware ethernet 00:24:d7:24:dc:6c;
+      fixed-address devil-wlan.akb.netz;
+   }
+
+}
+
+# - File Server
+host file-akb {
+   hardware ethernet 00:25:90:52:C6:FE;
+   fixed-address file-akb.akb.netz;
+}
+
+# - APC Management Card
+## -
+host usv-akb {
+   hardware ethernet 00:c0:b7:5c:b2:12;
+   fixed-address usv-akb.akb.netz;
+}
+
+# - Windoes 7 Profeesion (Server)
+host file-win7 {
+   hardware ethernet 52:54:00:f4:14:37;
+   fixed-address file-win7.akb.netz;
+}
+
+# - IPMI Fileserver
+host file-ipmi {
+   hardware ethernet 00:25:90:52:c6:37;
+   fixed-address file-ipmi.akb.netz;
+}
+
+# - Laserdrucker Lexmark X466de
+#host lexmark-X466de {
+#   hardware ethernet 00:21:b7:02:5b:7e;
+#   fixed-address lexmark-X466de.akb.netz;
+#}
+
+# - Laserdrucker Lexmark X466de
+host lexmark-cx410de {
+   hardware ethernet 00:21:b7:d3:60:24;
+   fixed-address lexmark-cx410de.akb.netz;
+}
+
+# - Ueberwachungskameras
+host kamera0 {
+   hardware ethernet 8c:11:cb:02:01:78;
+   fixed-address kamera0.akb.netz;
+}
+host kamera1 {
+   hardware ethernet 8c:11:cb:02:01:74;
+   fixed-address kamera1.akb.netz;
+}
+
+# - Accesspoint (D-LINK DIR-635)
+host accesspoint  {
+   hardware ethernet 14:D6:4D:2F:06:85 ;
+   fixed-address accesspoint.akb.netz;
+}
+
+# - Buero PC's
+host ab0 {
+   hardware ethernet 38:60:77:39:9e:d0;
+   fixed-address ab0.akb.netz;
+}
+host ab1 {
+   hardware ethernet 38:60:77:39:9e:9f;
+   fixed-address ab1.akb.netz;
+}
+host ab2 {
+   hardware ethernet 38:60:77:39:9a:a3;
+   fixed-address ab2.akb.netz;
+}
+## - jonas - ALT
+host ab3 {
+   hardware ethernet 00:22:15:aa:88:b9;
+   fixed-address ab3.akb.netz;
+}
+host ab4 {
+   hardware ethernet 00:22:4d:b0:f3:d6;
+   fixed-address ab4.akb.netz;
+}
+host ab5 {
+   hardware ethernet 80:ee:73:b9:8b:d3;
+   fixed-address ab5.akb.netz;
+}
+host ab6 {
+   hardware ethernet 80:ee:73:c0:80:22;
+   fixed-address ab6.akb.netz;
+}
+host ab7 {
+   hardware ethernet 80:ee:73:c5:2e:fb;
+   fixed-address ab7.akb.netz;
+}
+host ab8 {
+   hardware ethernet 80:ee:73:d0:a5:72;
+   fixed-address ab8.akb.netz;
+}
+
+# - Netbooks
+host netbook1-lan {
+   hardware ethernet e8:9a:8f:c2:97:62;
+   fixed-address netbook1-lan.akb.netz;
+}
+host netbook1-wlan {
+   hardware ethernet 78:92:9c:5e:de:ba;
+   fixed-address netbook1-wlan.akb.netz;
+}
+host netbook2-lan {
+   hardware ethernet 08:9e:01:2b:64:7d;
+   fixed-address netbook2-lan.akb.netz;
+}
+host netbook2-wlan {
+   hardware ethernet e0:06:e6:ca:fd:d9;
+   fixed-address netbook2-wlan.akb.netz;
+}
+host netbook3-lan {
+   hardware ethernet 08:9e:01:2b:1a:c3;
+   fixed-address netbook3-lan.akb.netz;
+}
+host netbook3-wlan {
+   hardware ethernet e0:06:e6:cb:81:5b;
+   fixed-address netbook3-wlan.akb.netz;
+}
+
+
+# - ckubu laptop (devil) LAN (eth0)
+host devil {
+   hardware ethernet 5c:ff:35:01:e9:03;
+   fixed-address devil.akb.netz;
+}
+
+
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/AKB/dhcpd6.conf.AKB b/AKB/dhcpd6.conf.AKB
new file mode 100644
index 0000000..87786b4
--- /dev/null
+++ b/AKB/dhcpd6.conf.AKB
@@ -0,0 +1,102 @@
+# Server configuration file example for DHCPv6
+# From the file used for TAHI tests - addresses chosen
+# to match TAHI rather than example block.
+
+# IPv6 address valid lifetime
+#  (at the end the address is no longer usable by the client)
+#  (set to 30 days, the usual IPv6 default)
+default-lease-time 2592000;
+
+# IPv6 address preferred lifetime
+#  (at the end the address is deprecated, i.e., the client should use
+#   other addresses for new connections)
+#  (set to 7 days, the	usual IPv6 default)
+preferred-lifetime 604800;
+
+# T1, the delay before Renew
+#  (default is 1/2 preferred lifetime)
+#  (set to 1 hour)
+option dhcp-renewal-time 3600;
+
+# T2, the delay before Rebind (if Renews failed)
+#  (default is 3/4 preferred lifetime)
+#  (set to 2 hours)
+option dhcp-rebinding-time 7200;
+
+# Enable RFC 5007 support (same than for DHCPv4)
+allow leasequery;
+
+# Global definitions for name server address(es) and domain search list
+option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
+option dhcp6.domain-search "test.example.com","example.com";
+
+# Set preference to 255 (maximum) in order to avoid waiting for
+# additional servers when there is only one
+##option dhcp6.preference 255;
+
+# Server side command to enable rapid-commit (2 packet exchange)
+##option dhcp6.rapid-commit;
+
+# The delay before information-request refresh
+#  (minimum is 10 minutes, maximum one day, default is to not refresh)
+#  (set to 6 hours)
+option dhcp6.info-refresh-time 21600;
+
+# Static definition (must be global)
+#host myclient {
+#	# The entry is looked up by this
+#	host-identifier option
+#		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
+#
+#	# A fixed address
+#	fixed-address6 3ffe:501:ffff:100::1234;
+#
+#	# A fixed prefix
+#	fixed-prefix6 3ffe:501:ffff:101::/64;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
+#
+#	# For debug (to see when the entry statements are executed)
+#	#  (log "sol" when a matching Solicitation is received)
+#	##if packet(0,1) = 1 { log(debug,"sol"); }
+#}
+#
+#host otherclient {
+#        # This host entry is hopefully matched if the client supplies a DUID-LL
+#        # or DUID-LLT containing this MAC address.
+#        hardware ethernet 01:00:80:a2:55:67;
+#
+#        fixed-address6 3ffe:501:ffff:100::4321;
+#}
+
+# The subnet where the server is attached
+#  (i.e., the server has an address in this subnet)
+#subnet6 3ffe:501:ffff:100::/64 {
+#	# Two addresses available to clients
+#	#  (the third client should get NoAddrsAvail)
+#	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
+#
+#	# Use the whole /64 prefix for temporary addresses
+#	#  (i.e., direct application of RFC 4941)
+#	range6 3ffe:501:ffff:100:: temporary;
+#
+#	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
+#	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
+#}
+
+# A second subnet behind a relay agent
+#subnet6 3ffe:501:ffff:101::/64 {
+#	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
+#
+#}
+
+# A third subnet behind a relay agent chain
+#subnet6 3ffe:501:ffff:102::/64 {
+#	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
+#}
diff --git a/AKB/email_notice.AKB b/AKB/email_notice.AKB
new file mode 100755
index 0000000..40320bc
--- /dev/null
+++ b/AKB/email_notice.AKB
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
+
+
+file=/tmp/mail_ip-up$$
+admin_email=argus@oopen.de
+
+from_address=ip-up_gw-akb@oopen.de
+from_name="ip-up - AKB"
+host=`hostname -f`
+
+echo "" > $file
+echo " *************************************************************" >> $file
+echo " *** This is an autogenerated mail from $host ***" >> $file
+echo "" >> $file
+echo " I brought up the ppp-daemon with the following" >> $file
+echo -e " parameters:\n" >> $file
+echo -e "\tInterface name...............: $PPP_IFACE" >> $file
+echo -e "\tThe tty......................: $PPP_TTY" >> $file
+echo -e "\tThe link speed...............: $PPP_SPEED" >> $file
+echo -e "\tLocal IP number..............: $PPP_LOCAL" >> $file
+echo -e "\tPeer  IP number..............: $PPP_REMOTE" >> $file
+if [ "$USEPEERDNS" ] && [ "$DNS1" ] ; then
+   echo -e "\tNameserver 1.................: $DNS1" >> $file
+   if [ "$DNS2" ] ; then
+      echo -e "\tNameserver 2.................: $DNS2" >> $file
+   fi
+fi
+
+
+echo -e "\tOptional \"ipparam\" value.....: $PPP_IPPARAM" >> $file
+echo "" >> $file
+echo -e "\tDate.........................: `date +\"%d.%m.%Y\"`" >> $file
+echo -e "\tTime.........................: `date +\"%H:%M:%S\"`" >> $file
+echo "" >> $file
+echo " **************************************************************" >> $file
+
+echo -e "To:${admin_email}\nSubject:$PPP_LOCAL\n`cat $file`" | /usr/sbin/sendmail -F "$from_name" -f $from_address $admin_email
+
+rm -f $file
diff --git a/AKB/hostname.AKB b/AKB/hostname.AKB
new file mode 100644
index 0000000..cde471c
--- /dev/null
+++ b/AKB/hostname.AKB
@@ -0,0 +1 @@
+gw-akb
diff --git a/AKB/hosts.AKB b/AKB/hosts.AKB
new file mode 100644
index 0000000..73f9a5e
--- /dev/null
+++ b/AKB/hosts.AKB
@@ -0,0 +1,10 @@
+127.0.0.1	localhost
+#127.0.1.1	gw-akb.akb.netz	gw-akb
+192.168.82.254	gw-akb.akb.netz	gw-akb
+
+# The following lines are desirable for IPv6 capable hosts
+::1     ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/AKB/igmpproxy.conf.AKB b/AKB/igmpproxy.conf.AKB
new file mode 100644
index 0000000..197ca30
--- /dev/null
+++ b/AKB/igmpproxy.conf.AKB
@@ -0,0 +1,46 @@
+########################################################
+#
+#   Example configuration file for the IgmpProxy
+#   --------------------------------------------
+#
+#   The configuration file must define one upstream
+#   interface, and one or more downstream interfaces.
+#
+#   If multicast traffic originates outside the
+#   upstream subnet, the "altnet" option can be
+#   used in order to define legal multicast sources.
+#   (Se example...)
+#
+#   The "quickleave" should be used to avoid saturation
+#   of the upstream link. The option should only
+#   be used if it's absolutely nessecary to
+#   accurately imitate just one Client.
+#
+########################################################
+
+##------------------------------------------------------
+## Enable Quickleave mode (Sends Leave instantly)
+##------------------------------------------------------
+quickleave
+
+
+##------------------------------------------------------
+## Configuration for eth0 (Upstream Interface)
+##------------------------------------------------------
+phyint eth0 upstream  ratelimit 0  threshold 1
+        altnet 10.0.0.0/8 
+        altnet 192.168.0.0/24
+
+
+##------------------------------------------------------
+## Configuration for eth1 (Downstream Interface)
+##------------------------------------------------------
+phyint eth1 downstream  ratelimit 0  threshold 1
+
+
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+phyint eth2 disabled
+
+
diff --git a/AKB/interfaces.AKB b/AKB/interfaces.AKB
new file mode 100644
index 0000000..af62d08
--- /dev/null
+++ b/AKB/interfaces.AKB
@@ -0,0 +1,76 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+
+
+#-----------------------------
+# eth0 - NOT IN USE
+#-----------------------------
+
+auto eth0
+iface eth0 inet static
+   address 192.168.83.254
+   network 192.168.83.0
+   netmask 255.255.255.0
+   broadcast 192.168.83.255
+
+
+
+#-----------------------------
+# eth1 - LAN
+#-----------------------------
+
+auto eth1 eth1:0
+iface eth1 inet static
+   address 192.168.82.254
+   network 192.168.82.0
+   netmask 255.255.255.0
+   broadcast 192.168.82.255
+iface eth1:0 inet static
+   address 192.168.82.1
+   network 192.168.82.0
+   netmask 255.255.255.0
+   broadcast 192.168.82.255
+
+auto eth1:rescue
+iface eth1:rescue inet static
+   address 172.16.1.1
+   network 172.16.1.0
+   netmask 255.255.255.0
+   broadcast 172.16.1.255
+
+
+#-----------------------------
+# eth2 - WAN
+#-----------------------------
+
+auto eth2
+iface eth2 inet static
+   address 172.16.82.1
+   network 172.16.82.0
+   netmask 255.255.255.0
+   broadcast 172.16.82.255
+   gateway 172.16.82.254
+   post-up vconfig add eth2 7
+   post-down vconfig rem eth2.7
+
+
+auto dsl-akb
+iface dsl-akb inet ppp
+   pre-up /sbin/ifconfig eth2 up # line maintained by pppoeconf
+   pre-up /sbin/ifconfig eth2.7 up # line maintained by pppoeconf
+   provider dsl-akb
+
+
+#auto dsl-provider
+#iface dsl-provider inet ppp
+#   pre-up /sbin/ifconfig eth2 up # line maintained by pppoeconf
+#   pre-up /sbin/ifconfig eth2.7 up # line maintained by pppoeconf
+#   provider dsl-provider
+
diff --git a/AKB/ipt-firewall.service.AKB b/AKB/ipt-firewall.service.AKB
new file mode 100644
index 0000000..9842090
--- /dev/null
+++ b/AKB/ipt-firewall.service.AKB
@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+SyslogIdentifier="ipt-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/AKB/ipt-firewall/default_ports.conf b/AKB/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..a6ee932
--- /dev/null
+++ b/AKB/ipt-firewall/default_ports.conf
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/AKB/ipt-firewall/include_functions.conf b/AKB/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/AKB/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/AKB/ipt-firewall/interfaces_ipv4.conf b/AKB/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..8f8685d
--- /dev/null
+++ b/AKB/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1="ppp-akb"
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="eth0"
+local_if_2="eth1"
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/AKB/ipt-firewall/load_modules_ipv4.conf b/AKB/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/AKB/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/AKB/ipt-firewall/load_modules_ipv6.conf b/AKB/ipt-firewall/load_modules_ipv6.conf
new file mode 100644
index 0000000..2c55689
--- /dev/null
+++ b/AKB/ipt-firewall/load_modules_ipv6.conf
@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle
diff --git a/AKB/ipt-firewall/logging_ipv4.conf b/AKB/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..e653972
--- /dev/null
+++ b/AKB/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/AKB/ipt-firewall/logging_ipv6.conf b/AKB/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..a024215
--- /dev/null
+++ b/AKB/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/AKB/ipt-firewall/main_ipv4.conf b/AKB/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..4810c9b
--- /dev/null
+++ b/AKB/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1349 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+read -a gateway_ipv4_address_arr <<<$(ifconfig | grep "inet Ad" | awk '{print$2}' | cut -d':' -f2)
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# - =====
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                    86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip=""
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks=""
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - 192.168.82.40   Kamera 0 (kamera0.akb.netz)
+# -
+# - Blank separated list
+# -
+http_server_only_local_ips="192.168.82.40"
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - SMTP server (i.e. mail relay service) Gateway
+# -
+local_smtp_service=false
+
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+samba_server_local_ips="192.168.82.10"
+
+# - Samba Service DMZ
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips="192.168.82.254"
+
+# - local USV
+# -
+usv_ip="192.168.82.15"
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips="192.168.82.0/24"
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=false
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - 192.168.82.11   IPMI Fileserver
+# - 172.16.82.15    IPMI Gateway
+# -
+# - Blank seoarated list
+# -
+ipmi_server_ips="172.16.82.15 192.168.82.11"
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_ports="623 5900"
+ipmi_tcp_ports="80 443 623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - Blank separated list
+# -
+printer_ips=""
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips=""
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade (NAT) networks
+# -
+# -    nat_networks="<src-network>:<output-device> [<src-network>:<output-device>] [.."
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -    nat_network="172.16.1.0/24:${local_if_2}
+# -                 172.16.63.0/24:${ext_if_static_1}"
+# -
+# - 172.16.1.0/24    Rescue network (routers)
+# -
+nat_networks=""
+
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+# -    172.16.82.254:80     Zyxel Router
+# -
+# - Blank separated list
+# -
+masquerade_tcp_cons="192.168.0.0/16:172.16.82.254:80:${ext_if_static_1}
+                     10.0.0.0/8:172.16.82.254:80:${ext_if_static_1}
+                     192.168.0.0/16:192.168.82.15:80:${ext_if_dsl_1}
+                     10.0.0.0/8:192.168.82.15:80:${ext_if_dsl_1}"
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# -    192.168.82.40:8080   Kamera 0 (kamera0.akb.netz=
+# -
+# - Blank separated list
+# -
+portforward_tcp="$ext_if_dsl_1:8080:192.168.82.40:80"
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+allow_cisco_vpn_out=false
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=false
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=false
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=false
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips=""
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/AKB/ipt-firewall/post_decalrations.conf b/AKB/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..7d0e9bf
--- /dev/null
+++ b/AKB/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/AKB/mailname.AKB b/AKB/mailname.AKB
new file mode 100644
index 0000000..7fc31e9
--- /dev/null
+++ b/AKB/mailname.AKB
@@ -0,0 +1 @@
+gw-akb.akb.netz
diff --git a/AKB/main.cf.AKB b/AKB/main.cf.AKB
new file mode 100644
index 0000000..fc50550
--- /dev/null
+++ b/AKB/main.cf.AKB
@@ -0,0 +1,268 @@
+# ============ Basic settings ============
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+
+## - The Internet protocols Postfix will attempt to use when making 
+## - or accepting connections.
+## - DEFAULT: ipv4
+inet_protocols = ipv4
+
+#inet_interfaces = all
+inet_interfaces =
+   127.0.0.1
+   #192.168.82.254
+
+myhostname = gw-akb.akb.netz
+
+mydestination =
+   gw-akb.akb.netz
+   localhost
+
+## - The list of "trusted" SMTP clients that have more 
+## - privileges than "strangers"
+## -
+mynetworks =
+   127.0.0.0/8
+   192.168.82.254/32
+
+#smtp_bind_address = 192.168.82.254
+#smtp_bind_address6 = 
+
+
+## - The method to generate the default value for the mynetworks parameter.
+## -
+## -   mynetworks_style = host" when Postfix should "trust" only the local machine
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -                       clients in the same IP subnetworks as the local machine.
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -                      IP class A/B/C networks as the local machine.
+## -
+#mynetworks_style = host
+
+
+## - The maximal size of any local(8) individual mailbox or maildir file, 
+## - or zero (no limit). In fact, this limits the size of any file that is 
+## - written to upon local delivery, including files written by external 
+## - commands that are executed by the local(8) delivery agent. 
+## -
+mailbox_size_limit = 0
+
+## - The maximal size in bytes of a message, including envelope information.
+## -
+## - we user 50MB
+## -
+message_size_limit = 52480000
+
+## - The system-wide recipient address extension delimiter
+## -
+recipient_delimiter = +
+
+## - The alias databases that are used for local(8) delivery.
+## -
+alias_maps =
+   hash:/etc/aliases
+
+## - The alias databases for local(8) delivery that are updated 
+## - with "newaliases" or with "sendmail -bi". 
+## -
+alias_database =
+   hash:/etc/aliases
+
+
+## - The maximal time a message is queued before it is sent back as 
+## - undeliverable. Defaults to 5d (5 days)
+## - Specify 0 when mail delivery should be tried only once.
+## - 
+maximal_queue_lifetime = 3d
+bounce_queue_lifetime = $maximal_queue_lifetime
+
+## - delay_warning_time (default: 0h)
+## -
+## - The time after which the sender receives a copy of the message 
+## - headers of mail that is still queued. To enable this feature, 
+## - specify a non-zero time value (an integral value plus an optional 
+## - one-letter suffix that specifies the time unit). 
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
+## - The default time unit is h (hours). 
+delay_warning_time = 1d
+
+
+
+# ============ Relay parameters ============
+
+#relayhost =
+
+
+# ============ SASL authentication ============
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+
+
+
+# ============ TLS parameters ============
+
+## - Aktiviert TLS für den Mailempfang
+## -
+## - may:
+## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - SMTP server, otherwise use plaintext
+## -
+## - This overrides the obsolete parameters smtpd_use_tls and 
+## - smtpd_enforce_tls. This parameter is ignored with 
+## - "smtpd_tls_wrappermode = yes".
+#smtpd_use_tls=yes
+smtp_tls_security_level=encrypt
+
+## - Aktiviert TLS für den Mailversand
+## -
+## - may:
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - but do not require that clients use TLS encryption.
+# smtp_use_tls=yes
+smtpd_tls_security_level=may
+
+## -    0 Disable logging of TLS activity. 
+## -    1 Log TLS handshake and certificate information. 
+## -    2 Log levels during TLS negotiation. 
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
+
+smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
+smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
+## -
+smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
+## - also possible to use 2048 key with that parameter
+## -
+#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
+## -
+smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
+
+
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
+## - server certificates or intermediate CA certificates. These are loaded into 
+## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
+## - 
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - necessary "hash" links with, for example, "
+## - /bin/c_rehash /etc/postfix/certs". 
+## -
+## - !! Note !!
+## - To use this option in chroot mode, this directory (or a copy) must be inside 
+## - the chroot jail. 
+## -
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - queue directory (/var/spool/postfix)
+## -
+#smtpd_tls_CApath = /etc/postfix/certs
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP server 
+# 
+# List of TLS protocols that the Postfix SMTP server will exclude or  
+# include with opportunistic TLS encryption.  
+smtpd_tls_protocols = !SSLv2, !SSLv3
+# 
+# The SSL/TLS protocols accepted by the Postfix SMTP server  
+# with mandatory TLS encryption. 
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP client 
+#  
+# List of TLS protocols that the Postfix SMTP client will exclude or  
+# include with opportunistic TLS encryption.  
+smtp_tls_protocols = !SSLv2, !SSLv3
+# 
+# List of SSL/TLS protocols that the Postfix SMTP client will use  
+# with mandatory TLS encryption 
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
+## -    openssl > 1.0
+## -
+smtpd_tls_eecdh_grade = strong
+
+# standard list cryptographic algorithm
+tls_preempt_cipherlist = yes
+
+# Disable ciphers which are less than 256-bit:
+#
+#smtpd_tls_mandatory_ciphers = high
+#
+# opportunistic
+smtpd_tls_ciphers = high
+
+
+# Exclude ciphers
+#smtpd_tls_exclude_ciphers =
+#   RC4
+#   aNULL
+#   SEED-SHA
+#   EXP
+#   MD5
+smtpd_tls_exclude_ciphers =
+   aNULL
+   eNULL
+   EXPORT
+   DES
+   RC4
+   MD5
+   PSK
+   aECDH
+   EDH-DSS-DES-CBC3-SHA
+   EDH-RSA-DES-CDC3-SHA
+   KRB5-DE5, CBC3-SHA
+
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
diff --git a/AKB/openvpn/akb/chris.conf b/AKB/openvpn/akb/chris.conf
new file mode 100644
index 0000000..b4f2627
--- /dev/null
+++ b/AKB/openvpn/akb/chris.conf
@@ -0,0 +1,257 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-akb.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIG0jCCBLqgAwIBAgIJANRzErbB5rnUMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEfMB0GCSqGSIb3DQEJARYQc3VwcG9y
+dEBvb3Blbi5kZTAgFw0xODAyMDUyMDExMjJaGA8yMDUwMDIwNTIwMTEyMlowgaAx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYD
+VQQDEwdWUE4tQUtCMRAwDgYDVQQpEwdWUE4gQUtCMR8wHQYJKoZIhvcNAQkBFhBz
+dXBwb3J0QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
+4LBz66a5R/hS5Cygl8cPy63TMx10yjy8vJyToEUZCjGS8O5MgwKFWpf6CBKf8jrp
+kcY9JvvlDD11N+LU5kivRsZRf8Pbj2SuqUg2Rq1fCkVFDl9MshyWBnX1BntyLEQi
+A1X9bqKew/upZ09bSf8RB/9tsWBDi6m4xlnnojgGXbZnOXKzL442Qu0f+w1M9HoL
+mp8DXCevpbWSp6WLevQVe2VzDC+lGp1pw7Ea0raOD84u0mVKbBSCAaw0OG0+lkHR
+Ya3WVezkXVH2PQieqrSlWLmHqNQ5U77DYKYBZ7yhMDO+8Hkj6aN2JB8DglJVG79H
+GfWTrtFr3Bt80TZJi+GGdCg5u182V9s9Fhm//bKs5thJmS5dROBk1W4p/ZBQ2nQA
++wA59vILAF49u1+wY1dryw3JIXTSP4VY8enkhjeKCxpGJd13xF8M5Ci2w8pOyttw
+NVppDPZItbxPeswzK95VgrEOQaIEANeTMje95Qf3/gPhkMzwPRh9VfZNQMn1AKfn
+Irc2fb2iGhVzQAVhtBIKm2d24rHK6NCDe89uyfRZV4ZukcUgRt+nn6bnC67VW2Az
+NhonvzsAjtwwt5KUakKHmq7uMW2bFPy0OoktsP60yWB/Weg/wWliHpudvTq48pLS
+oQpd/lsJ1K8SXLFqRlWHlJDcelfnj3r58VQpp/82LbECAwEAAaOCAQkwggEFMB0G
+A1UdDgQWBBQkj/5LsKY1ei5CVupk8fugP/xKLjCB1QYDVR0jBIHNMIHKgBQkj/5L
+sKY1ei5CVupk8fugP/xKLqGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0IxEDAOBgNVBCkT
+B1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4uZGWCCQDUcxK2
+wea51DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBGKBoiGLJHTXMW
+9JZIWPQBlyJXvnGp2y1O58GhMEdE+Ahy6bRepLRpcULlCDEXYPJhc8pYMOTa0VAM
+Ps6lwQH5WQRv6fkdYSMCos0NKpp/0fvrxYTWnFrvU26Pveg+Z3COkVHMI6bJ70IP
+QpBtBmj3CRqD66vnN1sc0q52hEAkubFI0mD+eqY5rTRE5Eea31KipY5/n93cmlb0
+E2ORT/PwawgD2To5qd0THSPYJUiXQntbs4axBrU1S9RO44QZb4Ov71kqATc9u6ri
+0bPfeQtTCkCi+mCLA1WbzJTGg6rd0ce3rdSI0uNmMT+cWhh52tMhEKcdDxMahGTx
+SWdTogb7QqJxMj5GTVDzZsjzsAc6lXgSOL/Ffp/HjKQL1aPxGMlHLju++B/fo7kp
+meD5g8x4FaVN2dE0oBQ/uaAo2JS5/mSQIYlM2fnyx9ZwXcVgRYeavSIDfA9ASYJA
+w5is0PUOLr91dS++fBs8NWg7dtcBvZuvtGWO4tk9iWY7Gw4MC7ez4+E7nJrhBkMg
+1ySbg3/aJ4/E41K0k3zfkyOHhNVR37YN63e7xDdvGwm3fk8QFOAn+gVyfjnNhGJr
+JDh4YYK+cbK8E9PLV7eb1DvUNjUo19KToQBhaNNMt/n0niE6iU4ph997tlrG7MHu
+mj3n4HOYonYqpUwVlkIlCk11Sz/qnw==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHLDCCBRSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4u
+ZGUwHhcNMTgwMjA1MjMyMzQ2WhcNMzgwMjA1MjMyMzQ2WjCBpDELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFjAUBgNVBAMTDVZQTi1B
+S0ItY2hyaXMxEDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3Vz
+QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3i1v5H3X
+rcqZmIg2JStpWXgk6u8gsvxxuRxcZU3/v6q+WPfjDeoZ6aj+DJPhSV35JNbmkJCf
+yL0jOf5dbYCCf60q3KRcko2bCZjp2G4ejUcK9p/w59ijnaN1GpyaZu7LwEfVcaNq
+I+Lkwb+sp1K0HJD3ugrGwDDUyFo/Qh2o6S3VbGOE/+uZcMMpNBRKiGWgDXuZJG2S
+VgCI2beT+W9RKNMqvfq5yJZemCHUMjAdw8JirLkvl73XVjNMUgdFoxXEzmGOI3IP
+vo3RZK6qR2OpA+t1cqn93aSqkUWSD9A74aicbZLWpAJhJfy7NbbdK1+DLp8YHSHe
+oTSe8Mmz9Vane1jweXw6nc2ZqGeQE4dZHkhLBlr9bpXb2hqEiMEt7cB8FLmvp+d7
+PcJizE66PYOGmmsyNTwSzERA6aZHha8PmKOerCiCbcUkvE8j/Mq/Nv2jdHozwwQC
+3VJWVJoqpnrIHyHoCArZVfuvyMqHVlSCXzxNc1FClJPpNYrFiSpj0UJ2XHerqPpR
+KOtkJFbG+TryQa6XTud8AhbcwOAlK8JOBSkD2ccGvz51xL9oC96TCmwi6tfNq+mh
+sN9FtXKE0htYSoPyzLxIVDd5tjxVf54PLEyi3neQuv0NpKa0Eq7XyXLVs5QO/aO8
+IrReK6rXU2MX/atBn4F52sH0AAfLfE764OUCAwEAAaOCAWkwggFlMAkGA1UdEwQC
+MAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQUY9pBfcu/CFWQS2xSIGBXqhiUCm4wgdUGA1UdIwSBzTCByoAU
+JI/+S7CmNXouQlbqZPH7oD/8Si6hgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkw
+FwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tQUtCMRAwDgYD
+VQQpEwdWUE4gQUtCMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QG9vcGVuLmRlggkA
+1HMStsHmudQwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBAGA1Ud
+EQQJMAeCBWNocmlzMA0GCSqGSIb3DQEBCwUAA4ICAQDKUngUwKc+1AKhcav1btya
+c+iVQPqoW66m/Se1au3ZDYYmUDsLsKltryU5Co81+7fbUUSL9nPHuEGhlqKGo9ya
+E/Wi4K1ldnOcQmdoKp08WWq5GTVXHXJyBObOFXoPV8SIwYls7iN+jrPxkN7rUfvB
+Om27sL9rQP0X/WQM5B0rr8DE+uWF141+Gy3kp3HQ1pmU+iE2cNAYMRupJFNuCJY9
+YesJI2oy8QI3ZpOmv928mZ7VVA8fKiHOHrQiDr6y/h14JGLawVBFegXyypqm5N3L
+34T3YscW30ubgE16Zk/GwqTEu6Kh1Tf7OBXWbAjNKQCWje0smTl5DXd70jUjbV/4
+faGzLVdifahVwr4lTY1t3mfsgilF0DTHBw9jJduJKEsAO+pP2K4oy+9/SRVxVsm5
+mrcSd7lgwN5JGCBG85aFxGdVbh61gELCi7xCz+ajx6jv3sK5bwt/1HFMnQJM0xrb
+b42p7RF0o+30adTYvkyRHvSXFVfv0YbMq028cCokNqgd0IADNpXeyO9JLgJffXeA
++FtfIptyBIPmhVh7tvB7jiJUzWwTOoBzogHd1aH7b6JVqbaAHd0jjpm6aVrUp5Ey
+KfB/rIQNQc4QhX3f4RIlW4g0xCzRdDcpbaCaEeCkf73L17B4Bm2/3rGZ5tOQimJD
+RiAD9KANMw83idgjjcCcLg==
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIv1QmF1WWGZUCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBjEdQTZjORVBIIJUPtA3jx4uwYc
+CO2uYGxSRVoMMywlQkniF5fzmxvd5Ghz24hXa+xHpBjCiliengMoETdJT4fkodPa
+xT4LiWeRgok0K6d0vdZM3XQBoozhHkKMDclQDQRfgRA3/buIONOKJQiymG3v9zRg
+oj8f/GCOEeGxz5mc0F1b3VSOeDeI+v+kiqs3e94uLxk1PoQxcJWLzRUsh6i7tMYK
+MlYgLbmB/zqBW37fE8MI3+EQ7hvajiHawWeuZ8/SCzHP1rugn/l+jVNWVjMH8S+j
+8CXVy4k7xyEKtB8vV9kWyhXrLvSMbB6Q23o4Pv5qrLLR2aOe/5DHVSKysmmHR9BC
+S1IFvX4cej8aOhOqYpWtKsaDXqvyVF3yEhl2avTZmeKW6kUWnrb5V4vke6oV7BMe
+y4Vno5uZu3Na4Csdx4c7C4UhNCzRt3xKFyK/q/B/hmsaRuLfL2mflBvHLMpqGXuq
+Iphox2OBMjCQFInje192yKVtjaYXfJAD02wS1aN8fo+9j1aWw7KGqcD4eTjW8Ddw
+HlT2ZdhV3F0A/Ltm/glGUkIQmOF4LxWIQXmGGNvjxXXUHIBVgN1GbhFHhcBLnL4b
+Xw8Y40HTQAguyi9AdOW7CBy0KAeGsLt4EfxS7CFU1Ou+zbdgqP7so6tuT58XxRdD
+2AHtDG81OY90/47SIn9kJ715VeMyscGSVz+dsy7DDaaA7LExww8jnBIR1vpYYkuj
+unXPv7NXgcb6oqzvJRSL56DCICNK7C5tPu22UmOj6Z1PaLNM1ttJ7yEqpqqYjJJ6
+z2lz+ngpJ9HnpXBNjQJkQUF7ov1VpG7pW44kf8xuLakM7/rupAgsxBXpTMvtN2lH
+kyZceWPBohHQX1vcUJCHjetS+fTSxELMpinA4OhioiceAJhax0XPkNUFEzWxDQwr
+7kyXJ0d2LyKiJ3Um2QlsPsybQkrkkV9U2807SqYqFPVh1CwO6mBlLUb8jOKzyhui
+4n1d0lPfh+3jvtXDnogNsbCuLWvHHTP4iGB3pZAa971t6ZXgLr03EJkI9aGWdSto
+HBnhEdw0ZTau9menKeZXiYdGjE0LiX1+lmzpULPo3BHdqJ9Wt/SlTyfDL8++Rc8l
+QY017OtBRr5rnbFuVnMSiXtNpC/vU4+NIUWJGN8OvwSI4IX17R2ND4Z/J1lM6XVp
+wqsFYkCAJlHJc2DbmOx4xtnj3pst4zQ0bU0nzLE0xAXSgqTP19/ikOX/Yj1+NOch
+iDrNNvge9NUFa6zT315+W/cr7LBjXnm9zbgSx1h14ceBK3o0xSxhevKui9WfhJ1I
+RCqIMLSU0Yk7aEAVJz4RJJCsJ/SwWAflSSV6lyDK7IuuB0qQ/F4nhpZc9kVGS4zu
+0UcayScHb5YtD85xvREMH5r2jHXxtTjQbA45mRU7UQyUsTyTt103ygEt2w2fTl2w
+VCuhNJrIws7y14rgccD8wZ3Lp7UW8n5sxhjHhYZxwVhAbx5LvfVKj2z0qNGNgCvN
+SVG9mnOBbFiswLVCmJxbbOxo9RmzHKa8RD+KZvM/Na6SCoSivYU4BjZqodh72bTT
+J6bd7IknwmV8AcGdnueVUgiVWH/t1wXOxySOcvKQu19AQU1Hc45gnCLxXJvrSNdh
+pcCVkcwO+NlDm0DM7yDajv139mVAf7qTuwGXIhC0h+PtrmutaSargz/c06xAStFy
+o+LtRVMcyiNLcZxpf3IUxwRSP6pS75Vgi+u0v6Uqx6dofnIgkjKh19/yPjU0rlFv
+NW5FED4K9mWrYRWHjgrSQL33gOZ2QZTYcywAkZ+ZjELl2BBNkAEhMzKy6kcac8Ni
+QdOKifldPodD9SQwY576fHiHGKFb9t1NKmQmXPTYH+pC7Yq/NZgAuwXStdoK6RQr
+A4PrxAyXVkCG2Fvk3FTI0AZ0ycMQdA0EEUnTPgokawke2nCjv6pgM6N2Ks+N4Tcn
+me8cVUfyrd+dYIECT+PADT1vpw8nZuJjvJS3u2xipoiUpLzJmBZGKiRGLesiZV9/
+SGTUPriphVoz/RO+cCt5kD+fYF458dDKkuxXDGRaGROlDZ2zCbr/DqYbtrjaPTZw
++JLQOMNKNUm+xmeu7FMlTt/Fkm9ffwEuOpfHbixcP9M5DY90HMAR48chJhc7Zxc+
+FntPqpG2BtAe1kfUJqta/kyN+nNGWujst2++WT5kVUok9XoKh75knoLcZkGXIcfV
+l52tLLtKW7IlYOkHzu/0xGK4ZSK/AdLj1gw8H8B2RmM1KWjrVND4E3uv4+ickDKD
+zDDxT62VEaFG+Hlw0w8TPZhNBcwqeXBsfZO9ioPE0vUF8nXsr4jEK+7uWIXI5lsq
+6zShok8+j3918hLPycGKlCQ2Ht5bNjuOJpQ79AmCWK6iOSnYk4j6hA/XEpSvdsXF
+4tkId5sW6SJO0iVbUs9XO2/EpZq2x6PspO8CMckEoV/AJxFkXvHOzOES7XZByVyh
+HNN5PGAHR8qeg0QFktAVGmzAutCNtsDFXlA34C0UgBimMFYQSUJcS6TxxQvzRoiL
+Fh7DopwuiuuOW3Fbh+CspWCShgCKabYB6kKQaJxSEuQd4HOUq0hmoCVhg2R10Ycd
+v+iKyr4ovYhjT7JGd+B7evVw7s1glFzMMLJOL0X4cwVPNM2dksu480oejoR5y9g8
+KNZLlbzEeFXUJGzPSZIjlujmAv4sYegUGL9so5X+TD+/NsoqrkmJVcU0mSZE0cFB
+3IUudXZJYphF9eyl2pk3qCtNjLqbd+4DYK1vtKNBJLk7gROTi830yXZmGYQB9P6s
+IbenqPJDNy8yPhoEe52PKAX8AgU4mDHPPiFGkezdkx8uUkvBG3S/NiAyRT1fgK2h
+pZqHOZXhcqprGxSPAUA1FrVM7uw8RVh9SR0R8s9rCtMvNlVvxTcsvo2XM4SguAOt
+lh/D+P22FeQNmWPNhA4yEfA+8bGvDSrFLvjR2jd0KH9QNktDI3mDqrsRl3gaXviR
+6DBPSF909U6bQit6JVIij1Otz4HiRO9ytj4KecqE0NlaG6SrF3hYY8EFW0FN01C4
+AhA2RQllHZge9PWJbJ1gFUJM/otjGjcj8l7yqarKorhpUUnuJqOQzGw/qq9Wn/oK
+ZD5gO5pp3Al4ArK8tgP0X4ArbSqSTZ7ZNOataM/DtRbc6QFcs6wcwTzv4KQysszV
+EHcAQ0atQTI97raPRX8RYkS3DSVEIy+y
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+5b91b2a91925f7503bb408768cb5053b
+80a9d011f37c13df8297549c485d787b
+6450a5341cd9b5079bf4993cd7724c91
+8ae6953503cf30565dc75025061990c7
+44348470db2143ff80b8ed281d822a69
+a2d67538439c1f04f73df867848f618f
+cc096eb98252e5c7e01a7921803ca4fe
+18a0df2a99aaf15839f598fc5a3f24b9
+17afcfd477d49792ffe450a18b8ad0f2
+a9b1e5bc658e066e461472b2439ad423
+1be921f71ac59a050bc751f681fcd553
+60c4274c640dc56b0e140d5e9e062349
+12bfaa7450b615bbc898f822dd5eb6bc
+f3023bbcd87fb2a18c651dbae4bfbbcb
+5797d4b6c01f0bd700681b308e19b239
+53cfefa995eb4bf57ee985194e814548
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/AKB/openvpn/akb/crl.pem b/AKB/openvpn/akb/crl.pem
new file mode 100644
index 0000000..8da485e
--- /dev/null
+++ b/AKB/openvpn/akb/crl.pem
@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC6TCB0jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0IxEDAOBgNVBCkT
+B1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4uZGUXDTE4MDIw
+NTIwMjUwMFoYDzIwNTAwMjA1MjAyNTAwWjANBgkqhkiG9w0BAQsFAAOCAgEA3Jyn
+V5jVuAKkeJ81iTxXbdiPVVtVxEBFROaTN1BdtxBm+FenrAxFQADmvQpKGK07RAMF
+tv2MxOCf8Umw+8fPZyGU4hc26IsuT3UQt+4f1+jArQDwJF0ezpqjmkkngHKMBNGe
+t//IWDgiMmWsaANC+xcQAeDzr+DursQq4oDnLwaaM0t6rDpNPuzJnooy+bv7oZms
+MY4Y8U5oABL+wtmGPQl5VYGqLaIz64WfcJKQHhycrM1hchvd2CZdQQ8qQ7oBh8NM
+xl5qNEYd5mSBWMWVMjwScFUd+tQIshNlUPxeyMiBR6W1FMbWjZbAtN/S6ztOLfym
+KQprJcDMrk/e9Vly268V4Dd9CX+HMKs9x4F3rJm/vHAkj+05L6oVdGadOWuCmBtt
+W28jJFjKjnn+vHc13RDnXv/PJ0fJKHMbppFOPiE5COe6HLlQdEXCrDJFA//oNV8u
+MNMlUKdlhgxuPiQUpc0L5e4AV2VNB1eBwtHU+AvMu5J5P7Idj9YVwsDMQyz+pKlP
+I9AZn1Mrjx1cN8BdsJo+Uy+5W9gZGG8eViNk1AxUD41YWkhIHWK5PUzDnBS2PZdD
+apIaaYbL7e3IIExdFjHG4y/Y+vxvHLfbO8t4pIvqi9kaLwf6u3ZoVP8xL2LBbz5b
+0R32hY13SblE0PqXhJBa8n0jOucqNlBl25E+yBY=
+-----END X509 CRL-----
diff --git a/AKB/openvpn/akb/easy-rsa/build-ca b/AKB/openvpn/akb/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/build-dh b/AKB/openvpn/akb/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/build-inter b/AKB/openvpn/akb/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/build-key b/AKB/openvpn/akb/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/build-key-pass b/AKB/openvpn/akb/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/build-key-pkcs12 b/AKB/openvpn/akb/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/build-key-server b/AKB/openvpn/akb/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/build-req b/AKB/openvpn/akb/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/build-req-pass b/AKB/openvpn/akb/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/clean-all b/AKB/openvpn/akb/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/inherit-inter b/AKB/openvpn/akb/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/list-crl b/AKB/openvpn/akb/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/openssl-0.9.6.cnf b/AKB/openvpn/akb/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/AKB/openvpn/akb/easy-rsa/openssl-0.9.8.cnf b/AKB/openvpn/akb/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/AKB/openvpn/akb/easy-rsa/openssl-1.0.0.cnf b/AKB/openvpn/akb/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..30689ad
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/AKB/openvpn/akb/easy-rsa/openssl-1.0.0.cnf.ORIG b/AKB/openvpn/akb/easy-rsa/openssl-1.0.0.cnf.ORIG
new file mode 100644
index 0000000..c301e44
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/openssl-1.0.0.cnf.ORIG
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/AKB/openvpn/akb/easy-rsa/openssl.cnf b/AKB/openvpn/akb/easy-rsa/openssl.cnf
new file mode 120000
index 0000000..86145e1
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/openssl.cnf
@@ -0,0 +1 @@
+/etc/openvpn/akb/easy-rsa/openssl-1.0.0.cnf
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/pkitool b/AKB/openvpn/akb/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/revoke-full b/AKB/openvpn/akb/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/sign-req b/AKB/openvpn/akb/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/AKB/openvpn/akb/easy-rsa/vars b/AKB/openvpn/akb/easy-rsa/vars
new file mode 100644
index 0000000..e49a677
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/vars
@@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/akb"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="o.open"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="argus@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN AKB"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-AKB"
+
+export KEY_ALTNAMES="VPN AKB"
diff --git a/AKB/openvpn/akb/easy-rsa/vars.2018-02-05-2108 b/AKB/openvpn/akb/easy-rsa/vars.2018-02-05-2108
new file mode 100644
index 0000000..e60420c
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/vars.2018-02-05-2108
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/AKB/openvpn/akb/easy-rsa/whichopensslcnf b/AKB/openvpn/akb/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/AKB/openvpn/akb/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/AKB/openvpn/akb/ipp.txt b/AKB/openvpn/akb/ipp.txt
new file mode 100644
index 0000000..08f3466
--- /dev/null
+++ b/AKB/openvpn/akb/ipp.txt
@@ -0,0 +1 @@
+VPN-AKB-chris,10.0.82.2
diff --git a/AKB/openvpn/akb/jonas.conf b/AKB/openvpn/akb/jonas.conf
new file mode 100644
index 0000000..ed1bf47
--- /dev/null
+++ b/AKB/openvpn/akb/jonas.conf
@@ -0,0 +1,257 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-akb.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIG0jCCBLqgAwIBAgIJANRzErbB5rnUMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEfMB0GCSqGSIb3DQEJARYQc3VwcG9y
+dEBvb3Blbi5kZTAgFw0xODAyMDUyMDExMjJaGA8yMDUwMDIwNTIwMTEyMlowgaAx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYD
+VQQDEwdWUE4tQUtCMRAwDgYDVQQpEwdWUE4gQUtCMR8wHQYJKoZIhvcNAQkBFhBz
+dXBwb3J0QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
+4LBz66a5R/hS5Cygl8cPy63TMx10yjy8vJyToEUZCjGS8O5MgwKFWpf6CBKf8jrp
+kcY9JvvlDD11N+LU5kivRsZRf8Pbj2SuqUg2Rq1fCkVFDl9MshyWBnX1BntyLEQi
+A1X9bqKew/upZ09bSf8RB/9tsWBDi6m4xlnnojgGXbZnOXKzL442Qu0f+w1M9HoL
+mp8DXCevpbWSp6WLevQVe2VzDC+lGp1pw7Ea0raOD84u0mVKbBSCAaw0OG0+lkHR
+Ya3WVezkXVH2PQieqrSlWLmHqNQ5U77DYKYBZ7yhMDO+8Hkj6aN2JB8DglJVG79H
+GfWTrtFr3Bt80TZJi+GGdCg5u182V9s9Fhm//bKs5thJmS5dROBk1W4p/ZBQ2nQA
++wA59vILAF49u1+wY1dryw3JIXTSP4VY8enkhjeKCxpGJd13xF8M5Ci2w8pOyttw
+NVppDPZItbxPeswzK95VgrEOQaIEANeTMje95Qf3/gPhkMzwPRh9VfZNQMn1AKfn
+Irc2fb2iGhVzQAVhtBIKm2d24rHK6NCDe89uyfRZV4ZukcUgRt+nn6bnC67VW2Az
+NhonvzsAjtwwt5KUakKHmq7uMW2bFPy0OoktsP60yWB/Weg/wWliHpudvTq48pLS
+oQpd/lsJ1K8SXLFqRlWHlJDcelfnj3r58VQpp/82LbECAwEAAaOCAQkwggEFMB0G
+A1UdDgQWBBQkj/5LsKY1ei5CVupk8fugP/xKLjCB1QYDVR0jBIHNMIHKgBQkj/5L
+sKY1ei5CVupk8fugP/xKLqGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0IxEDAOBgNVBCkT
+B1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4uZGWCCQDUcxK2
+wea51DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBGKBoiGLJHTXMW
+9JZIWPQBlyJXvnGp2y1O58GhMEdE+Ahy6bRepLRpcULlCDEXYPJhc8pYMOTa0VAM
+Ps6lwQH5WQRv6fkdYSMCos0NKpp/0fvrxYTWnFrvU26Pveg+Z3COkVHMI6bJ70IP
+QpBtBmj3CRqD66vnN1sc0q52hEAkubFI0mD+eqY5rTRE5Eea31KipY5/n93cmlb0
+E2ORT/PwawgD2To5qd0THSPYJUiXQntbs4axBrU1S9RO44QZb4Ov71kqATc9u6ri
+0bPfeQtTCkCi+mCLA1WbzJTGg6rd0ce3rdSI0uNmMT+cWhh52tMhEKcdDxMahGTx
+SWdTogb7QqJxMj5GTVDzZsjzsAc6lXgSOL/Ffp/HjKQL1aPxGMlHLju++B/fo7kp
+meD5g8x4FaVN2dE0oBQ/uaAo2JS5/mSQIYlM2fnyx9ZwXcVgRYeavSIDfA9ASYJA
+w5is0PUOLr91dS++fBs8NWg7dtcBvZuvtGWO4tk9iWY7Gw4MC7ez4+E7nJrhBkMg
+1ySbg3/aJ4/E41K0k3zfkyOHhNVR37YN63e7xDdvGwm3fk8QFOAn+gVyfjnNhGJr
+JDh4YYK+cbK8E9PLV7eb1DvUNjUo19KToQBhaNNMt/n0niE6iU4ph997tlrG7MHu
+mj3n4HOYonYqpUwVlkIlCk11Sz/qnw==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHLDCCBRSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4u
+ZGUwHhcNMTgwMjA1MjMzMTQwWhcNMzgwMjA1MjMzMTQwWjCBpDELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFjAUBgNVBAMTDVZQTi1B
+S0Itam9uYXMxEDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3Vz
+QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqovMLNan
+xEAfA8t1G1koWpwj2ChPyycBJtpBEfxS10v3q6m+9rb79QygN9md4sx+/hTm2WOl
+T0ycGts2MkqcCsjcQlCbBZpwtmV7mXpkIVfXGxBbpo4KZbyHHjYwigWI6ozxXnZa
+Jl8VY16+3udpdmH/Z4EgcgPbnPa+EIp2SeytA+hIkIHrhf2h/EV9reP37kGoVjsa
+1N8Rew6oaJP9WUjsc3Ew/8e4d/WJ8DLo61TjP+0gysA1bJOFUA3mvcFKFwOEpNjo
+4ZyMHJUwYiMgS1h+UYV0Y4tBKHjw7o/5XcWYrmaSXD/b+fHT+eJSYEke4wSlo9Py
+mz+fPMcZ0cStCirQ8bR1nU5N09XyWgtfz7k/g1+C2m/yEzztocsNpZdYyI9l0iO5
+EfuEO31P1Y7O6DDKFnCj7nPCBjTZNLXRLKraer+XNZne6mzez5uOX2RX4kTbp8UF
+ZIBKvqsxdlu76dw2SBzJpCAWlAeZLlpXq0Z0aMAn7Yvoi+HupOX39UzfBCBHanAR
+fDcFTaXu7DyRPb5FZjWtvqfh9TFWjZZeVt8dw77E5T45/phKdAbhjdC0KnXhwNLq
+XtzlBXJj6WrM7bx26F8ZxpBxpRD9/7h9vHq7DIh+HvwpMV2sdtX4pEIlQ4OVS2Wk
+AVYx/8lWf9eOQq1tPJ/ma+M5FsiHRLWlNU0CAwEAAaOCAWkwggFlMAkGA1UdEwQC
+MAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQUURuGhZkh2Nl9GdRhNQgoTLfOQHUwgdUGA1UdIwSBzTCByoAU
+JI/+S7CmNXouQlbqZPH7oD/8Si6hgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkw
+FwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tQUtCMRAwDgYD
+VQQpEwdWUE4gQUtCMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QG9vcGVuLmRlggkA
+1HMStsHmudQwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBAGA1Ud
+EQQJMAeCBWpvbmFzMA0GCSqGSIb3DQEBCwUAA4ICAQBvmYiaKfP9VijApcK3XChU
+0xXt5SmhLphtKdqNUJiO6JTxLDxdDWPR4eMMDxCTcdyoWHR+l2zgfz//Qbw6T/On
+Kj5+4MFDszJsAlU8LSdR/PsU2eG5gw00QTiV7cNM/fLuHoRp09pWYde5wtz7OrqD
++1DEGX0sq+Gx33HzI1vHfZl1ISwRQssuX1D7FT8SchEEDgjWNx1kWS3p4Jal1OWl
+0vFOjN3MOsbeon1U5jEKgqPqYpMJpkxyxwyXY5Syi8EBRbwbhIL94TrqxrCu7Bf8
+FVOrEflhzuGMYCtyEJpyq1P/2L6Nx1xh+T+cvWw4EH/uqgwHwHLtPmjg5PtVGl/s
+pdmDkbaU21nT4pgszY/jyUrkSALiAd2KM0LPadPlxHvjKhqUfN07nYywBc2xvYLp
+LkoL0MJpNAMTws9tPrGTyVu73zCLTnzY3f2E5DYnbSo+rFeqN1pHauDLeWCYamDu
+yupSPS1F83NYAMv5l6McKR7KmlTLPVJuKntJa/lhE0Z/lQeRfV4YIcj2/Ojy7ShN
+pOOm9av03cEtHce0Mhpg1mCujbI9/DdLF725nX++sIQ/FxuRiuHGyPwdkffBrn/1
+f0uSZXHytyl/5wpSxsSm1Dkz3hTDuZLLkr1dRole1Nr4InGnunx30Ol2ez916FE+
+89j0tYGjeV9QVWdArXoN0A==
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI5DzkYCHFmAUCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECINkrl34iQJyBIIJSLilZMus46hB
+7wvxU4iFc4h0ryFlby57DPTiRzmqX9srRvInCUvZhKm3YmqLYXGxtVRBeRfeTsWI
+pYVFHOm1Yri6aCkqApCAa7PzoI4/vLwHzKVLl53x4iRhiwZzCmvPQngoeg2j2ahq
+oANqL77WmJh8oYNY++qqrRwRNhUzyaWpKRooRDgJpCmIH51bW161FO7zvbZ7JbNa
+FGnMig9SQPiefaPxjEjZNOOer3Ez+uaxwsrtsA51J3ny//AJqrYs9lLJQtUPW3df
+tjCx/GuWTW3DPkkGM6/5IX08RrJzIM+mMWGy7kn9Vuu3Pn1LAqCH2IOR6ao3UdtD
+fVX48K+PuEup8cz2l/LckuMQvj9ZJDX3x0ML37Ib5g7g0D/AcJVoIBWNIwrkqnnM
+zXb7hMuxV8SJkZOzuadzD9s2QW7ogCNiXM3JoRHaXpqLYuyREk/qKSMVDfhMt61V
+1vSeAli0wx9FqNBuMc9+rTtD6H2FLNRiG0ssQHVIkhz7pHGluyHmBy7CCesqr2Ec
+C56tWv9IpUwmsTco+s5gEXZu1viHYQ0SsY3a/J2RlMqnVprRY9/1ZlaViopwkpd3
+UeI2YBoJoLrPBBnPU6QnMtZdtb3N4HyMuXzRY/t8x8wFfCXpRXiJ4Qy5G1KKMCzQ
+k4OnjQrTM70PZVpQJPu0gHyF+WKR9F1Cz3FVY7bcyp4NRlJhuLcyj3EfRP3ICyQr
+Xe9xojzwauKW4yaR9QoBVptdcE0ixw5u+SG0sMoJdJ0L8o7vdaR8er54ysvqbeTn
+7MGNEmiupkU9oXTGy/wlTjPpKoVkyOiz0pkraze4LkHA3jfU3iMSh1HeFSdqKDY7
+cRxcc/vL0G7AOUkgII1R1TrAIbuJklmImi8A12Ev63f/6jfYwbIG24OPnL2tNeEx
+8XLJbP0PVUfN0CDaQGqb+31pKoPdjUm7bTzj8RsxcxJVqWTqP4CsvfDehdeC+yvm
+bbnfuTLL6U+tgRgScXSZvv5DKWqN8Zm4bX0QCPQ70WoGLD5dlr1C4FV6DovwCE4i
+ZFJ7kcIFbMur/fS15l6P2nVAA2jcNZwXrJeDLx969WS80z0iRLaIJffVvZkTI5lW
+F1dkpELTNWW4sYtRdWdEEyzu0tgEVlSvDsvTlFh7Tvs1GFDnJ7IfSDBclbNuH1CX
+Db77O4mZHn2w/SL01h39lU3ms8pp5TGuHX9t0ZUIJX76sTEfkac45ZyOqRvJsUZ+
+7Vv7VxsW/Bza6AEDj7tPlSNLlWYm60B3wGt9eSg8B6ysL3eEt4zevC+gUgH9ve0B
+gAj/JG7Qrl29LfZm6daZDslD0KyyhAfWuuC8/lbS6k5ITdgRPKJKo7vNL0ivBUwL
+zykSzlluG30MKhZiwunZX1HBqZIV2XP7JNbD5HrDanA30sGrvai+Mohlb3BUtOPT
+Vw79GYtyCbRc4vcD51xDDxZ1ElhXmpWP7zdtlZyVI3fo875hnv5juBswfbBmQCN3
+CT4398WnJWmfwuJqcIGsB9tHkbny4q1forhtiWVgtsLmIOSk0a8mJQENRYZY3wo5
+vU9BOehrmyTspH+kP47IRepjaM+IeqFbWsTJJkRxdynlV3Rvt0+gA7VvcmKLjzdP
+IgEykEtBxPusqv9C9wp6jC+1kvkgZDnm8CJBfu/4ISi8Quk4a3UUwIZYfIQcNMmH
+NCxkBW6Y9H+ZJGLXiR7n3oiKDC5TaDj3IxOUvplPRQqRK+RZzzg3kFNWjk44n3V2
+WGlxBH5SKhqdMA4S4YzwjqSxeWT7kvD12x66mjhsQfjFtEFLHxZqzOr5Hpz/U4r4
+lS1fwaHTheSFkj8P5NfXlfkRLgi5dBblXNv5B4dQRZn3F7hv2yPGKjFz8mXZBdxr
+QalPBF6sqYEmSHZmTMTS2JskMH+ANugk20ueOx06+PkLe1tv/agyPRoeMn2hLJck
+bzM46I7n1d5Pmm+l4cWGNeM6MbTuuL3k4x891VbS9TS/6wyKMl5gcxG0gnCsWaR8
+57bURf5zw5I4VkrXy8vKPMas4L6e+YH9BqLQRBf5wLfxW9P/bumkXNyqzRluhE90
+8tI9qLUwgoh7t6w1BIgKVsS3kBNoCsdK5ukM/OdTrN7N1GDU2TB4sPycF5cuqwUp
+UH6BUzi/fkbhnGTbV+oYNyK7crL5p57+eavTITg4P3IpYsZWV4v3GOaG3TYTO8mC
+CBeSZtSfK3j1mcUbDmWEIbpjj90otUv7saldY9d+/iFbG5C0TOVkkXf/foLN5hlt
+3WAcM3rqS61lwF2y78EZSLYTcB+a+mPdkBqLxZRq80d6Kvj5ABz4pwA8gX2F6lr+
+wiu3KfgNdHQPa/G2vIMqXo7JInDfXDbgeIbu8PPXqN9xIQRBW2LhDttmJMrnvYYc
+0pRRXErZsQQ1WLVFeYAT8kauHtr4dY8yvAYGV2xwi+9fnWymjo0pyWNpZLr0MaU8
+WD2XA9Zj+R/lhbjUKN3M6qUHXg3ItlJOEjK32LTRMr3ZYSzWFj69Csm8sE/C7ufF
+3iGme+x5i2apRCwmP/2wq2JczKE4FrdzWGsi9jdqx5k0NH1vKQT7qBrf75YTanHv
+zRYd6KoKh45R1HKkNRUXBYJb+IrcOCwfraNlx2aJ26kim6NFVVQa5wje1hlySHXu
+SE+WdDPpfYPE2CXzKgPIC2GWv3koReyABQdnol7gHOjY9fU5nbEy/KDrnq/E/Ywr
+5ykpm5RLwwkdguWT5FmnijVAETWjmHJEXa1YGZRXznAbgLXFc89yAUa+AdxURyNS
+9mLzBrT3nWtYsaY1y2t7M6D+L74CuaAU+qBDvpOX3fSjMa7xWIDlvYT/OzklOFiC
+eJ8Wu431B0R/BFf4d9gO/52llHp/eHY1fwQP882EzM0rxw4C7Me4Tmegv70ClrU1
++4oRcQzH+Al9faBpOiNq/waR9YfiaPiJA5/4kOMdegQbl0ZGw/xzz4waoYBGrNfC
+FyBQ0wKkN/GyRe0Xi6rxzPZGHFZkDWinf+u7v+WwjBz4/S55/KeH3Og+D75BRQ3a
+IZuAho2dw0knQ3q15xbH797L112WJ4m8AcNjrSAZoJyBCDgiVXBRx6S2IvfYavWz
+nTBODOqL6GWV24Ugd26nvBFPhApbvyHY+yG7hwSsQCDv8jSd79rgTN8kGClh2UTD
+Yd8Fnyy2xnQHB2lphmBgig==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+5b91b2a91925f7503bb408768cb5053b
+80a9d011f37c13df8297549c485d787b
+6450a5341cd9b5079bf4993cd7724c91
+8ae6953503cf30565dc75025061990c7
+44348470db2143ff80b8ed281d822a69
+a2d67538439c1f04f73df867848f618f
+cc096eb98252e5c7e01a7921803ca4fe
+18a0df2a99aaf15839f598fc5a3f24b9
+17afcfd477d49792ffe450a18b8ad0f2
+a9b1e5bc658e066e461472b2439ad423
+1be921f71ac59a050bc751f681fcd553
+60c4274c640dc56b0e140d5e9e062349
+12bfaa7450b615bbc898f822dd5eb6bc
+f3023bbcd87fb2a18c651dbae4bfbbcb
+5797d4b6c01f0bd700681b308e19b239
+53cfefa995eb4bf57ee985194e814548
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/AKB/openvpn/akb/keys-created.txt b/AKB/openvpn/akb/keys-created.txt
new file mode 100644
index 0000000..5dc3e93
--- /dev/null
+++ b/AKB/openvpn/akb/keys-created.txt
@@ -0,0 +1,12 @@
+
+key...............: chris.key
+common name.......: VPN-AKB-chris
+password..........: dbddhkpuka.&EadGl15E.
+
+key...............: jonas.key
+common name.......: VPN-AKB-jonas
+password..........: DGD9Xn5V9Z
+
+key...............: maica.key
+common name.......: VPN-AKB-maica
+password..........: LrnZ4_NTz3
diff --git a/AKB/openvpn/akb/keys/01.pem b/AKB/openvpn/akb/keys/01.pem
new file mode 100644
index 0000000..acd4251
--- /dev/null
+++ b/AKB/openvpn/akb/keys/01.pem
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+        Validity
+            Not Before: Feb  5 20:24:02 2018 GMT
+            Not After : Feb  5 20:24:02 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-server/name=VPN AKB/emailAddress=support@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:ce:a6:fe:62:1a:c1:eb:a0:ae:49:9a:9d:e5:28:
+                    eb:91:f1:2c:5a:d7:24:ba:eb:55:86:9a:0b:bc:92:
+                    51:70:e5:c7:19:64:83:e9:9d:c8:6b:f1:67:02:d8:
+                    b2:33:65:e1:11:46:d5:81:4d:ae:cd:df:4e:0d:1c:
+                    67:95:59:39:e2:d8:5b:5e:24:fe:1d:c4:dc:ea:6e:
+                    e4:b5:d4:5b:f4:5b:2b:a5:82:b4:69:36:25:a1:47:
+                    3d:18:1f:b2:1b:03:a3:ab:1d:d6:58:1f:28:fd:25:
+                    c7:a3:92:8c:b6:cf:12:f1:23:18:1a:32:03:e6:36:
+                    e4:bc:f8:61:b8:fc:70:03:87:35:a0:f6:25:26:e3:
+                    2e:9a:e5:5c:a6:89:3e:03:1b:c4:23:e1:75:65:ed:
+                    ac:1a:3f:ee:78:5f:6f:d6:90:28:b5:78:e2:71:0b:
+                    f4:cb:56:99:bd:29:c6:1a:bd:fa:34:e2:94:a9:88:
+                    39:1c:9e:75:c8:58:0e:e9:31:59:0e:e2:d0:df:93:
+                    0d:bf:93:85:25:05:3a:32:8a:19:11:f0:7f:8b:a7:
+                    b1:bb:74:77:bd:69:d6:03:fe:6a:94:31:93:22:b2:
+                    c3:02:be:61:62:e3:73:4b:73:32:48:c1:3d:01:41:
+                    a1:2b:df:dc:00:86:ca:af:d7:20:54:87:7c:b3:ad:
+                    63:fc:9d:f1:b8:14:23:de:6b:8c:63:2e:4b:45:52:
+                    5c:b7:6a:86:68:59:ea:ba:fc:0b:3e:37:51:63:f2:
+                    30:86:eb:2a:43:92:e4:7c:80:44:5c:6b:dc:ab:f0:
+                    c0:13:4d:c1:e1:c8:e8:9e:c0:6c:57:3a:31:be:c5:
+                    83:a0:86:5c:e1:f7:27:f4:b9:0d:fb:29:24:9e:dd:
+                    cb:31:2a:6f:5c:63:f7:57:ae:96:be:66:54:6a:13:
+                    be:c5:70:cd:0c:8d:99:a5:f3:90:46:f5:cd:ff:c7:
+                    cc:39:c5:34:4f:53:c7:31:bd:7a:be:eb:3c:50:21:
+                    7d:46:ae:00:e2:e1:26:51:ab:06:e3:17:82:c8:81:
+                    f4:0d:6d:81:6c:72:4b:03:e5:31:aa:3e:ea:e3:99:
+                    f0:18:98:a6:10:b9:95:97:fa:b0:66:12:68:fc:29:
+                    60:c2:80:83:41:71:1d:b7:a8:05:2b:85:a8:b4:27:
+                    bb:26:24:71:85:e8:1a:c5:9f:24:2f:7e:98:09:25:
+                    4d:c2:88:66:92:f0:a9:19:35:6a:bd:6e:45:de:2a:
+                    7f:5b:4e:f1:4d:f6:e7:12:66:87:42:f2:74:a0:78:
+                    1f:27:10:58:43:2f:75:e4:17:91:d9:42:5c:37:79:
+                    4a:77:43:5d:3e:7a:d5:f1:e1:92:a9:20:1e:55:6d:
+                    37:e5:fb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                35:5A:98:2E:5D:84:EF:EA:D7:DD:16:4F:4C:E0:18:39:DB:65:2F:18
+            X509v3 Authority Key Identifier: 
+                keyid:24:8F:FE:4B:B0:A6:35:7A:2E:42:56:EA:64:F1:FB:A0:3F:FC:4A:2E
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+                serial:D4:73:12:B6:C1:E6:B9:D4
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         51:b9:6d:4d:8c:8c:00:56:8e:b7:81:d7:c4:59:bb:bc:b9:89:
+         77:e9:de:7f:c0:88:b2:4c:12:c0:e1:4c:5c:7c:6b:aa:94:95:
+         3e:16:ac:fb:e8:de:f2:a1:93:08:6c:8a:17:d1:d1:a1:3b:d0:
+         98:05:35:00:7e:34:98:1e:b9:da:cd:ce:67:11:a9:d4:43:ca:
+         fc:f0:23:09:ec:19:03:99:de:40:d2:61:42:b6:91:c7:29:26:
+         ee:f5:91:a2:e5:75:4c:50:2f:22:95:37:53:ce:46:21:cf:04:
+         d1:93:9c:ad:0e:5c:00:f8:00:f2:b1:f8:02:3f:fe:b3:15:3e:
+         9b:a4:fb:19:d6:81:b7:f4:06:89:cb:16:9c:e0:2f:60:00:69:
+         dd:ac:41:e8:23:29:19:5e:48:62:26:97:84:7e:5e:f2:50:3d:
+         e1:51:68:18:17:4d:0b:d5:0b:98:8e:d6:99:df:bb:79:ad:2d:
+         14:4f:48:6a:21:a4:42:2d:b8:a3:70:cd:24:df:1a:23:be:f0:
+         d1:f8:c2:a8:02:e1:03:88:d5:ea:7c:71:e6:96:95:02:34:8f:
+         c6:81:15:79:a9:a4:dc:11:5d:d6:97:f1:9c:d5:1f:4f:85:d9:
+         30:3b:bd:31:ac:48:d7:b2:08:63:1b:87:80:4b:1e:4f:e5:29:
+         85:f1:28:55:c1:7f:ca:d8:c3:51:eb:2c:98:2b:31:4e:27:e4:
+         90:a4:4e:bb:87:5f:43:d8:76:57:6e:d7:0b:5c:11:61:99:7b:
+         b7:49:29:1f:6f:b0:9f:46:1c:e8:3d:0f:b7:40:c8:77:69:5f:
+         48:03:a3:db:8c:46:b1:e3:cc:39:7e:87:f2:48:f2:f9:90:7d:
+         98:01:3c:cb:53:ca:42:ef:c0:20:e4:f9:cd:a9:b2:44:13:66:
+         4a:d6:6d:e4:2e:4c:29:7f:7f:c4:23:06:93:56:e1:c8:01:30:
+         3f:79:22:87:38:88:a9:1a:ae:b7:c9:b6:bf:37:3b:eb:d8:d5:
+         fc:ad:ae:a1:2b:bb:20:c9:28:67:cf:8f:73:00:7a:4b:4b:91:
+         82:2d:c3:bb:9c:86:28:17:30:55:23:62:c2:87:00:e2:c9:b4:
+         d6:e2:dc:83:37:22:09:47:f8:e2:51:18:51:fb:97:a1:7c:2b:
+         54:7f:ab:0d:ca:cd:8a:87:dd:8c:a5:af:2d:7f:a1:ea:e6:db:
+         8f:84:ef:ff:83:60:80:78:5a:21:a1:01:7c:1a:a7:ef:b7:2b:
+         20:5d:d3:bf:b9:82:2f:75:ec:2e:49:7b:61:90:85:62:1a:c5:
+         ff:de:32:57:b5:3c:b7:a9:52:dd:ce:e6:94:ab:2a:1f:3f:a5:
+         e7:64:ce:9b:a7:ad:fc:c0
+-----BEGIN CERTIFICATE-----
+MIIHSjCCBTKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4u
+ZGUwHhcNMTgwMjA1MjAyNDAyWhcNMzgwMjA1MjAyNDAyWjCBpzELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFzAVBgNVBAMTDlZQTi1B
+S0Itc2VydmVyMRAwDgYDVQQpEwdWUE4gQUtCMR8wHQYJKoZIhvcNAQkBFhBzdXBw
+b3J0QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzqb+
+YhrB66CuSZqd5SjrkfEsWtckuutVhpoLvJJRcOXHGWSD6Z3Ia/FnAtiyM2XhEUbV
+gU2uzd9ODRxnlVk54thbXiT+HcTc6m7ktdRb9FsrpYK0aTYloUc9GB+yGwOjqx3W
+WB8o/SXHo5KMts8S8SMYGjID5jbkvPhhuPxwA4c1oPYlJuMumuVcpok+AxvEI+F1
+Ze2sGj/ueF9v1pAotXjicQv0y1aZvSnGGr36NOKUqYg5HJ51yFgO6TFZDuLQ35MN
+v5OFJQU6MooZEfB/i6exu3R3vWnWA/5qlDGTIrLDAr5hYuNzS3MySME9AUGhK9/c
+AIbKr9cgVId8s61j/J3xuBQj3muMYy5LRVJct2qGaFnquvwLPjdRY/IwhusqQ5Lk
+fIBEXGvcq/DAE03B4cjonsBsVzoxvsWDoIZc4fcn9LkN+ykknt3LMSpvXGP3V66W
+vmZUahO+xXDNDI2ZpfOQRvXN/8fMOcU0T1PHMb16vus8UCF9Rq4A4uEmUasG4xeC
+yIH0DW2BbHJLA+Uxqj7q45nwGJimELmVl/qwZhJo/ClgwoCDQXEdt6gFK4WotCe7
+JiRxhegaxZ8kL36YCSVNwohmkvCpGTVqvW5F3ip/W07xTfbnEmaHQvJ0oHgfJxBY
+Qy915BeR2UJcN3lKd0NdPnrV8eGSqSAeVW035fsCAwEAAaOCAYQwggGAMAkGA1Ud
+EwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIBDQQnFiVFYXN5LVJT
+QSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBQ1WpguXYTv
+6tfdFk9M4Bg522UvGDCB1QYDVR0jBIHNMIHKgBQkj/5LsKY1ei5CVupk8fugP/xK
+LqGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
+BxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
+dmljZXMxEDAOBgNVBAMTB1ZQTi1BS0IxEDAOBgNVBCkTB1ZQTiBBS0IxHzAdBgkq
+hkiG9w0BCQEWEHN1cHBvcnRAb29wZW4uZGWCCQDUcxK2wea51DATBgNVHSUEDDAK
+BggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqG
+SIb3DQEBCwUAA4ICAQBRuW1NjIwAVo63gdfEWbu8uYl36d5/wIiyTBLA4UxcfGuq
+lJU+Fqz76N7yoZMIbIoX0dGhO9CYBTUAfjSYHrnazc5nEanUQ8r88CMJ7BkDmd5A
+0mFCtpHHKSbu9ZGi5XVMUC8ilTdTzkYhzwTRk5ytDlwA+ADysfgCP/6zFT6bpPsZ
+1oG39AaJyxac4C9gAGndrEHoIykZXkhiJpeEfl7yUD3hUWgYF00L1QuYjtaZ37t5
+rS0UT0hqIaRCLbijcM0k3xojvvDR+MKoAuEDiNXqfHHmlpUCNI/GgRV5qaTcEV3W
+l/Gc1R9PhdkwO70xrEjXsghjG4eASx5P5SmF8ShVwX/K2MNR6yyYKzFOJ+SQpE67
+h19D2HZXbtcLXBFhmXu3SSkfb7CfRhzoPQ+3QMh3aV9IA6PbjEax48w5fofySPL5
+kH2YATzLU8pC78Ag5PnNqbJEE2ZK1m3kLkwpf3/EIwaTVuHIATA/eSKHOIipGq63
+yba/Nzvr2NX8ra6hK7sgyShnz49zAHpLS5GCLcO7nIYoFzBVI2LChwDiybTW4tyD
+NyIJR/jiURhR+5ehfCtUf6sNys2Kh92Mpa8tf6Hq5tuPhO//g2CAeFohoQF8Gqfv
+tysgXdO/uYIvdewuSXthkIViGsX/3jJXtTy3qVLdzuaUqyofP6XnZM6bp638wA==
+-----END CERTIFICATE-----
diff --git a/AKB/openvpn/akb/keys/02.pem b/AKB/openvpn/akb/keys/02.pem
new file mode 100644
index 0000000..a4ce31f
--- /dev/null
+++ b/AKB/openvpn/akb/keys/02.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+        Validity
+            Not Before: Feb  5 23:23:46 2018 GMT
+            Not After : Feb  5 23:23:46 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-chris/name=VPN AKB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:de:2d:6f:e4:7d:d7:ad:ca:99:98:88:36:25:2b:
+                    69:59:78:24:ea:ef:20:b2:fc:71:b9:1c:5c:65:4d:
+                    ff:bf:aa:be:58:f7:e3:0d:ea:19:e9:a8:fe:0c:93:
+                    e1:49:5d:f9:24:d6:e6:90:90:9f:c8:bd:23:39:fe:
+                    5d:6d:80:82:7f:ad:2a:dc:a4:5c:92:8d:9b:09:98:
+                    e9:d8:6e:1e:8d:47:0a:f6:9f:f0:e7:d8:a3:9d:a3:
+                    75:1a:9c:9a:66:ee:cb:c0:47:d5:71:a3:6a:23:e2:
+                    e4:c1:bf:ac:a7:52:b4:1c:90:f7:ba:0a:c6:c0:30:
+                    d4:c8:5a:3f:42:1d:a8:e9:2d:d5:6c:63:84:ff:eb:
+                    99:70:c3:29:34:14:4a:88:65:a0:0d:7b:99:24:6d:
+                    92:56:00:88:d9:b7:93:f9:6f:51:28:d3:2a:bd:fa:
+                    b9:c8:96:5e:98:21:d4:32:30:1d:c3:c2:62:ac:b9:
+                    2f:97:bd:d7:56:33:4c:52:07:45:a3:15:c4:ce:61:
+                    8e:23:72:0f:be:8d:d1:64:ae:aa:47:63:a9:03:eb:
+                    75:72:a9:fd:dd:a4:aa:91:45:92:0f:d0:3b:e1:a8:
+                    9c:6d:92:d6:a4:02:61:25:fc:bb:35:b6:dd:2b:5f:
+                    83:2e:9f:18:1d:21:de:a1:34:9e:f0:c9:b3:f5:56:
+                    a7:7b:58:f0:79:7c:3a:9d:cd:99:a8:67:90:13:87:
+                    59:1e:48:4b:06:5a:fd:6e:95:db:da:1a:84:88:c1:
+                    2d:ed:c0:7c:14:b9:af:a7:e7:7b:3d:c2:62:cc:4e:
+                    ba:3d:83:86:9a:6b:32:35:3c:12:cc:44:40:e9:a6:
+                    47:85:af:0f:98:a3:9e:ac:28:82:6d:c5:24:bc:4f:
+                    23:fc:ca:bf:36:fd:a3:74:7a:33:c3:04:02:dd:52:
+                    56:54:9a:2a:a6:7a:c8:1f:21:e8:08:0a:d9:55:fb:
+                    af:c8:ca:87:56:54:82:5f:3c:4d:73:51:42:94:93:
+                    e9:35:8a:c5:89:2a:63:d1:42:76:5c:77:ab:a8:fa:
+                    51:28:eb:64:24:56:c6:f9:3a:f2:41:ae:97:4e:e7:
+                    7c:02:16:dc:c0:e0:25:2b:c2:4e:05:29:03:d9:c7:
+                    06:bf:3e:75:c4:bf:68:0b:de:93:0a:6c:22:ea:d7:
+                    cd:ab:e9:a1:b0:df:45:b5:72:84:d2:1b:58:4a:83:
+                    f2:cc:bc:48:54:37:79:b6:3c:55:7f:9e:0f:2c:4c:
+                    a2:de:77:90:ba:fd:0d:a4:a6:b4:12:ae:d7:c9:72:
+                    d5:b3:94:0e:fd:a3:bc:22:b4:5e:2b:aa:d7:53:63:
+                    17:fd:ab:41:9f:81:79:da:c1:f4:00:07:cb:7c:4e:
+                    fa:e0:e5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                63:DA:41:7D:CB:BF:08:55:90:4B:6C:52:20:60:57:AA:18:94:0A:6E
+            X509v3 Authority Key Identifier: 
+                keyid:24:8F:FE:4B:B0:A6:35:7A:2E:42:56:EA:64:F1:FB:A0:3F:FC:4A:2E
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+                serial:D4:73:12:B6:C1:E6:B9:D4
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         ca:52:78:14:c0:a7:3e:d4:02:a1:71:ab:f5:6e:dc:9a:73:e8:
+         95:40:fa:a8:5b:ae:a6:fd:27:b5:6a:ed:d9:0d:86:26:50:3b:
+         0b:b0:a9:6d:af:25:39:0a:8f:35:fb:b7:db:51:44:8b:f6:73:
+         c7:b8:41:a1:96:a2:86:a3:dc:9a:13:f5:a2:e0:ad:65:76:73:
+         9c:42:67:68:2a:9d:3c:59:6a:b9:19:35:57:1d:72:72:04:e6:
+         ce:15:7a:0f:57:c4:88:c1:89:6c:ee:23:7e:8e:b3:f1:90:de:
+         eb:51:fb:c1:3a:6d:bb:b0:bf:6b:40:fd:17:fd:64:0c:e4:1d:
+         2b:af:c0:c4:fa:e5:85:d7:8d:7e:1b:2d:e4:a7:71:d0:d6:99:
+         94:fa:21:36:70:d0:18:31:1b:a9:24:53:6e:08:96:3d:61:eb:
+         09:23:6a:32:f1:02:37:66:93:a6:bf:dd:bc:99:9e:d5:54:0f:
+         1f:2a:21:ce:1e:b4:22:0e:be:b2:fe:1d:78:24:62:da:c1:50:
+         45:7a:05:f2:ca:9a:a6:e4:dd:cb:df:84:f7:62:c7:16:df:4b:
+         9b:80:4d:7a:66:4f:c6:c2:a4:c4:bb:a2:a1:d5:37:fb:38:15:
+         d6:6c:08:cd:29:00:96:8d:ed:2c:99:39:79:0d:77:7b:d2:35:
+         23:6d:5f:f8:7d:a1:b3:2d:57:62:7d:a8:55:c2:be:25:4d:8d:
+         6d:de:67:ec:82:29:45:d0:34:c7:07:0f:63:25:db:89:28:4b:
+         00:3b:ea:4f:d8:ae:28:cb:ef:7f:49:15:71:56:c9:b9:9a:b7:
+         12:77:b9:60:c0:de:49:18:20:46:f3:96:85:c4:67:55:6e:1e:
+         b5:80:42:c2:8b:bc:42:cf:e6:a3:c7:a8:ef:de:c2:b9:6f:0b:
+         7f:d4:71:4c:9d:02:4c:d3:1a:db:6f:8d:a9:ed:11:74:a3:ed:
+         f4:69:d4:d8:be:4c:91:1e:f4:97:15:57:ef:d1:86:cc:ab:4d:
+         bc:70:2a:24:36:a8:1d:d0:80:03:36:95:de:c8:ef:49:2e:02:
+         5f:7d:77:80:f8:5b:5f:22:9b:72:04:83:e6:85:58:7b:b6:f0:
+         7b:8e:22:54:cd:6c:13:3a:80:73:a2:01:dd:d5:a1:fb:6f:a2:
+         55:a9:b6:80:1d:dd:23:8e:99:ba:69:5a:d4:a7:91:32:29:f0:
+         7f:ac:84:0d:41:ce:10:85:7d:df:e1:12:25:5b:88:34:c4:2c:
+         d1:74:37:29:6d:a0:9a:11:e0:a4:7f:bd:cb:d7:b0:78:06:6d:
+         bf:de:b1:99:e6:d3:90:8a:62:43:46:20:03:f4:a0:0d:33:0f:
+         37:89:d8:23:8d:c0:9c:2e
+-----BEGIN CERTIFICATE-----
+MIIHLDCCBRSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4u
+ZGUwHhcNMTgwMjA1MjMyMzQ2WhcNMzgwMjA1MjMyMzQ2WjCBpDELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFjAUBgNVBAMTDVZQTi1B
+S0ItY2hyaXMxEDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3Vz
+QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3i1v5H3X
+rcqZmIg2JStpWXgk6u8gsvxxuRxcZU3/v6q+WPfjDeoZ6aj+DJPhSV35JNbmkJCf
+yL0jOf5dbYCCf60q3KRcko2bCZjp2G4ejUcK9p/w59ijnaN1GpyaZu7LwEfVcaNq
+I+Lkwb+sp1K0HJD3ugrGwDDUyFo/Qh2o6S3VbGOE/+uZcMMpNBRKiGWgDXuZJG2S
+VgCI2beT+W9RKNMqvfq5yJZemCHUMjAdw8JirLkvl73XVjNMUgdFoxXEzmGOI3IP
+vo3RZK6qR2OpA+t1cqn93aSqkUWSD9A74aicbZLWpAJhJfy7NbbdK1+DLp8YHSHe
+oTSe8Mmz9Vane1jweXw6nc2ZqGeQE4dZHkhLBlr9bpXb2hqEiMEt7cB8FLmvp+d7
+PcJizE66PYOGmmsyNTwSzERA6aZHha8PmKOerCiCbcUkvE8j/Mq/Nv2jdHozwwQC
+3VJWVJoqpnrIHyHoCArZVfuvyMqHVlSCXzxNc1FClJPpNYrFiSpj0UJ2XHerqPpR
+KOtkJFbG+TryQa6XTud8AhbcwOAlK8JOBSkD2ccGvz51xL9oC96TCmwi6tfNq+mh
+sN9FtXKE0htYSoPyzLxIVDd5tjxVf54PLEyi3neQuv0NpKa0Eq7XyXLVs5QO/aO8
+IrReK6rXU2MX/atBn4F52sH0AAfLfE764OUCAwEAAaOCAWkwggFlMAkGA1UdEwQC
+MAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQUY9pBfcu/CFWQS2xSIGBXqhiUCm4wgdUGA1UdIwSBzTCByoAU
+JI/+S7CmNXouQlbqZPH7oD/8Si6hgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkw
+FwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tQUtCMRAwDgYD
+VQQpEwdWUE4gQUtCMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QG9vcGVuLmRlggkA
+1HMStsHmudQwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBAGA1Ud
+EQQJMAeCBWNocmlzMA0GCSqGSIb3DQEBCwUAA4ICAQDKUngUwKc+1AKhcav1btya
+c+iVQPqoW66m/Se1au3ZDYYmUDsLsKltryU5Co81+7fbUUSL9nPHuEGhlqKGo9ya
+E/Wi4K1ldnOcQmdoKp08WWq5GTVXHXJyBObOFXoPV8SIwYls7iN+jrPxkN7rUfvB
+Om27sL9rQP0X/WQM5B0rr8DE+uWF141+Gy3kp3HQ1pmU+iE2cNAYMRupJFNuCJY9
+YesJI2oy8QI3ZpOmv928mZ7VVA8fKiHOHrQiDr6y/h14JGLawVBFegXyypqm5N3L
+34T3YscW30ubgE16Zk/GwqTEu6Kh1Tf7OBXWbAjNKQCWje0smTl5DXd70jUjbV/4
+faGzLVdifahVwr4lTY1t3mfsgilF0DTHBw9jJduJKEsAO+pP2K4oy+9/SRVxVsm5
+mrcSd7lgwN5JGCBG85aFxGdVbh61gELCi7xCz+ajx6jv3sK5bwt/1HFMnQJM0xrb
+b42p7RF0o+30adTYvkyRHvSXFVfv0YbMq028cCokNqgd0IADNpXeyO9JLgJffXeA
++FtfIptyBIPmhVh7tvB7jiJUzWwTOoBzogHd1aH7b6JVqbaAHd0jjpm6aVrUp5Ey
+KfB/rIQNQc4QhX3f4RIlW4g0xCzRdDcpbaCaEeCkf73L17B4Bm2/3rGZ5tOQimJD
+RiAD9KANMw83idgjjcCcLg==
+-----END CERTIFICATE-----
diff --git a/AKB/openvpn/akb/keys/03.pem b/AKB/openvpn/akb/keys/03.pem
new file mode 100644
index 0000000..cd1731c
--- /dev/null
+++ b/AKB/openvpn/akb/keys/03.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+        Validity
+            Not Before: Feb  5 23:31:40 2018 GMT
+            Not After : Feb  5 23:31:40 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-jonas/name=VPN AKB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:aa:8b:cc:2c:d6:a7:c4:40:1f:03:cb:75:1b:59:
+                    28:5a:9c:23:d8:28:4f:cb:27:01:26:da:41:11:fc:
+                    52:d7:4b:f7:ab:a9:be:f6:b6:fb:f5:0c:a0:37:d9:
+                    9d:e2:cc:7e:fe:14:e6:d9:63:a5:4f:4c:9c:1a:db:
+                    36:32:4a:9c:0a:c8:dc:42:50:9b:05:9a:70:b6:65:
+                    7b:99:7a:64:21:57:d7:1b:10:5b:a6:8e:0a:65:bc:
+                    87:1e:36:30:8a:05:88:ea:8c:f1:5e:76:5a:26:5f:
+                    15:63:5e:be:de:e7:69:76:61:ff:67:81:20:72:03:
+                    db:9c:f6:be:10:8a:76:49:ec:ad:03:e8:48:90:81:
+                    eb:85:fd:a1:fc:45:7d:ad:e3:f7:ee:41:a8:56:3b:
+                    1a:d4:df:11:7b:0e:a8:68:93:fd:59:48:ec:73:71:
+                    30:ff:c7:b8:77:f5:89:f0:32:e8:eb:54:e3:3f:ed:
+                    20:ca:c0:35:6c:93:85:50:0d:e6:bd:c1:4a:17:03:
+                    84:a4:d8:e8:e1:9c:8c:1c:95:30:62:23:20:4b:58:
+                    7e:51:85:74:63:8b:41:28:78:f0:ee:8f:f9:5d:c5:
+                    98:ae:66:92:5c:3f:db:f9:f1:d3:f9:e2:52:60:49:
+                    1e:e3:04:a5:a3:d3:f2:9b:3f:9f:3c:c7:19:d1:c4:
+                    ad:0a:2a:d0:f1:b4:75:9d:4e:4d:d3:d5:f2:5a:0b:
+                    5f:cf:b9:3f:83:5f:82:da:6f:f2:13:3c:ed:a1:cb:
+                    0d:a5:97:58:c8:8f:65:d2:23:b9:11:fb:84:3b:7d:
+                    4f:d5:8e:ce:e8:30:ca:16:70:a3:ee:73:c2:06:34:
+                    d9:34:b5:d1:2c:aa:da:7a:bf:97:35:99:de:ea:6c:
+                    de:cf:9b:8e:5f:64:57:e2:44:db:a7:c5:05:64:80:
+                    4a:be:ab:31:76:5b:bb:e9:dc:36:48:1c:c9:a4:20:
+                    16:94:07:99:2e:5a:57:ab:46:74:68:c0:27:ed:8b:
+                    e8:8b:e1:ee:a4:e5:f7:f5:4c:df:04:20:47:6a:70:
+                    11:7c:37:05:4d:a5:ee:ec:3c:91:3d:be:45:66:35:
+                    ad:be:a7:e1:f5:31:56:8d:96:5e:56:df:1d:c3:be:
+                    c4:e5:3e:39:fe:98:4a:74:06:e1:8d:d0:b4:2a:75:
+                    e1:c0:d2:ea:5e:dc:e5:05:72:63:e9:6a:cc:ed:bc:
+                    76:e8:5f:19:c6:90:71:a5:10:fd:ff:b8:7d:bc:7a:
+                    bb:0c:88:7e:1e:fc:29:31:5d:ac:76:d5:f8:a4:42:
+                    25:43:83:95:4b:65:a4:01:56:31:ff:c9:56:7f:d7:
+                    8e:42:ad:6d:3c:9f:e6:6b:e3:39:16:c8:87:44:b5:
+                    a5:35:4d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                51:1B:86:85:99:21:D8:D9:7D:19:D4:61:35:08:28:4C:B7:CE:40:75
+            X509v3 Authority Key Identifier: 
+                keyid:24:8F:FE:4B:B0:A6:35:7A:2E:42:56:EA:64:F1:FB:A0:3F:FC:4A:2E
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+                serial:D4:73:12:B6:C1:E6:B9:D4
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:jonas
+    Signature Algorithm: sha256WithRSAEncryption
+         6f:99:88:9a:29:f3:fd:56:28:c0:a5:c2:b7:5c:28:54:d3:15:
+         ed:e5:29:a1:2e:98:6d:29:da:8d:50:98:8e:e8:94:f1:2c:3c:
+         5d:0d:63:d1:e1:e3:0c:0f:10:93:71:dc:a8:58:74:7e:97:6c:
+         e0:7f:3f:ff:41:bc:3a:4f:f3:a7:2a:3e:7e:e0:c1:43:b3:32:
+         6c:02:55:3c:2d:27:51:fc:fb:14:d9:e1:b9:83:0d:34:41:38:
+         95:ed:c3:4c:fd:f2:ee:1e:84:69:d3:da:56:61:d7:b9:c2:dc:
+         fb:3a:ba:83:fb:50:c4:19:7d:2c:ab:e1:b1:df:71:f3:23:5b:
+         c7:7d:99:75:21:2c:11:42:cb:2e:5f:50:fb:15:3f:12:72:11:
+         04:0e:08:d6:37:1d:64:59:2d:e9:e0:96:a5:d4:e5:a5:d2:f1:
+         4e:8c:dd:cc:3a:c6:de:a2:7d:54:e6:31:0a:82:a3:ea:62:93:
+         09:a6:4c:72:c7:0c:97:63:94:b2:8b:c1:01:45:bc:1b:84:82:
+         fd:e1:3a:ea:c6:b0:ae:ec:17:fc:15:53:ab:11:f9:61:ce:e1:
+         8c:60:2b:72:10:9a:72:ab:53:ff:d8:be:8d:c7:5c:61:f9:3f:
+         9c:bd:6c:38:10:7f:ee:aa:0c:07:c0:72:ed:3e:68:e0:e4:fb:
+         55:1a:5f:ec:a5:d9:83:91:b6:94:db:59:d3:e2:98:2c:cd:8f:
+         e3:c9:4a:e4:48:02:e2:01:dd:8a:33:42:cf:69:d3:e5:c4:7b:
+         e3:2a:1a:94:7c:dd:3b:9d:8c:b0:05:cd:b1:bd:82:e9:2e:4a:
+         0b:d0:c2:69:34:03:13:c2:cf:6d:3e:b1:93:c9:5b:bb:df:30:
+         8b:4e:7c:d8:dd:fd:84:e4:36:27:6d:2a:3e:ac:57:aa:37:5a:
+         47:6a:e0:cb:79:60:98:6a:60:ee:ca:ea:52:3d:2d:45:f3:73:
+         58:00:cb:f9:97:a3:1c:29:1e:ca:9a:54:cb:3d:52:6e:2a:7b:
+         49:6b:f9:61:13:46:7f:95:07:91:7d:5e:18:21:c8:f6:fc:e8:
+         f2:ed:28:4d:a4:e3:a6:f5:ab:f4:dd:c1:2d:1d:c7:b4:32:1a:
+         60:d6:60:ae:8d:b2:3d:fc:37:4b:17:bd:b9:9d:7f:be:b0:84:
+         3f:17:1b:91:8a:e1:c6:c8:fc:1d:91:f7:c1:ae:7f:f5:7f:4b:
+         92:65:71:f2:b7:29:7f:e7:0a:52:c6:c4:a6:d4:39:33:de:14:
+         c3:b9:92:cb:92:bd:5d:46:89:5e:d4:da:f8:22:71:a7:ba:7c:
+         77:d0:e9:76:7b:3f:75:e8:51:3e:f3:d8:f4:b5:81:a3:79:5f:
+         50:55:67:40:ad:7a:0d:d0
+-----BEGIN CERTIFICATE-----
+MIIHLDCCBRSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4u
+ZGUwHhcNMTgwMjA1MjMzMTQwWhcNMzgwMjA1MjMzMTQwWjCBpDELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFjAUBgNVBAMTDVZQTi1B
+S0Itam9uYXMxEDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3Vz
+QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqovMLNan
+xEAfA8t1G1koWpwj2ChPyycBJtpBEfxS10v3q6m+9rb79QygN9md4sx+/hTm2WOl
+T0ycGts2MkqcCsjcQlCbBZpwtmV7mXpkIVfXGxBbpo4KZbyHHjYwigWI6ozxXnZa
+Jl8VY16+3udpdmH/Z4EgcgPbnPa+EIp2SeytA+hIkIHrhf2h/EV9reP37kGoVjsa
+1N8Rew6oaJP9WUjsc3Ew/8e4d/WJ8DLo61TjP+0gysA1bJOFUA3mvcFKFwOEpNjo
+4ZyMHJUwYiMgS1h+UYV0Y4tBKHjw7o/5XcWYrmaSXD/b+fHT+eJSYEke4wSlo9Py
+mz+fPMcZ0cStCirQ8bR1nU5N09XyWgtfz7k/g1+C2m/yEzztocsNpZdYyI9l0iO5
+EfuEO31P1Y7O6DDKFnCj7nPCBjTZNLXRLKraer+XNZne6mzez5uOX2RX4kTbp8UF
+ZIBKvqsxdlu76dw2SBzJpCAWlAeZLlpXq0Z0aMAn7Yvoi+HupOX39UzfBCBHanAR
+fDcFTaXu7DyRPb5FZjWtvqfh9TFWjZZeVt8dw77E5T45/phKdAbhjdC0KnXhwNLq
+XtzlBXJj6WrM7bx26F8ZxpBxpRD9/7h9vHq7DIh+HvwpMV2sdtX4pEIlQ4OVS2Wk
+AVYx/8lWf9eOQq1tPJ/ma+M5FsiHRLWlNU0CAwEAAaOCAWkwggFlMAkGA1UdEwQC
+MAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQUURuGhZkh2Nl9GdRhNQgoTLfOQHUwgdUGA1UdIwSBzTCByoAU
+JI/+S7CmNXouQlbqZPH7oD/8Si6hgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkw
+FwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tQUtCMRAwDgYD
+VQQpEwdWUE4gQUtCMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QG9vcGVuLmRlggkA
+1HMStsHmudQwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBAGA1Ud
+EQQJMAeCBWpvbmFzMA0GCSqGSIb3DQEBCwUAA4ICAQBvmYiaKfP9VijApcK3XChU
+0xXt5SmhLphtKdqNUJiO6JTxLDxdDWPR4eMMDxCTcdyoWHR+l2zgfz//Qbw6T/On
+Kj5+4MFDszJsAlU8LSdR/PsU2eG5gw00QTiV7cNM/fLuHoRp09pWYde5wtz7OrqD
++1DEGX0sq+Gx33HzI1vHfZl1ISwRQssuX1D7FT8SchEEDgjWNx1kWS3p4Jal1OWl
+0vFOjN3MOsbeon1U5jEKgqPqYpMJpkxyxwyXY5Syi8EBRbwbhIL94TrqxrCu7Bf8
+FVOrEflhzuGMYCtyEJpyq1P/2L6Nx1xh+T+cvWw4EH/uqgwHwHLtPmjg5PtVGl/s
+pdmDkbaU21nT4pgszY/jyUrkSALiAd2KM0LPadPlxHvjKhqUfN07nYywBc2xvYLp
+LkoL0MJpNAMTws9tPrGTyVu73zCLTnzY3f2E5DYnbSo+rFeqN1pHauDLeWCYamDu
+yupSPS1F83NYAMv5l6McKR7KmlTLPVJuKntJa/lhE0Z/lQeRfV4YIcj2/Ojy7ShN
+pOOm9av03cEtHce0Mhpg1mCujbI9/DdLF725nX++sIQ/FxuRiuHGyPwdkffBrn/1
+f0uSZXHytyl/5wpSxsSm1Dkz3hTDuZLLkr1dRole1Nr4InGnunx30Ol2ez916FE+
+89j0tYGjeV9QVWdArXoN0A==
+-----END CERTIFICATE-----
diff --git a/AKB/openvpn/akb/keys/04.pem b/AKB/openvpn/akb/keys/04.pem
new file mode 100644
index 0000000..cccbe37
--- /dev/null
+++ b/AKB/openvpn/akb/keys/04.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+        Validity
+            Not Before: Feb  5 23:35:19 2018 GMT
+            Not After : Feb  5 23:35:19 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-maica/name=VPN AKB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:9d:6a:fd:00:74:30:e3:36:ce:0b:5a:3c:2d:e8:
+                    52:f8:6b:81:51:65:cd:75:1f:65:d9:50:4b:b7:12:
+                    a5:39:0d:58:3a:3e:4d:e0:47:c6:7b:bb:db:ee:1b:
+                    da:b1:63:e0:86:83:56:b1:40:d0:95:5c:45:45:3d:
+                    21:3d:5a:b1:41:02:6c:67:f1:ac:78:0e:87:09:db:
+                    57:c6:ac:c9:20:5b:97:45:c1:f7:e7:33:38:1f:23:
+                    32:f8:c1:7e:2f:b6:be:ec:32:ec:99:ab:94:fe:32:
+                    92:69:8c:4a:0b:4d:7f:b3:46:87:ae:fd:89:bc:96:
+                    25:fc:a9:c3:60:33:94:6e:50:89:71:1a:b0:10:e2:
+                    a4:cb:c6:c9:28:27:54:e3:61:5c:9c:ec:a7:7d:03:
+                    5a:3e:22:62:eb:52:37:bb:16:52:8b:b5:f3:c0:92:
+                    42:d5:c8:5a:a1:ca:68:03:e6:c5:5d:1d:89:bd:7b:
+                    f5:0c:ff:c4:97:2f:0c:bf:95:2d:4c:96:85:a0:1a:
+                    8f:44:63:0f:d4:98:f8:3f:a0:84:5c:b9:ec:85:55:
+                    aa:a0:a2:2a:f9:25:b6:95:db:36:ce:b8:0f:54:b5:
+                    b1:12:cf:21:8f:3d:da:31:f0:50:cc:77:d6:28:49:
+                    27:f3:81:44:03:65:37:da:09:37:21:dd:b6:87:ff:
+                    55:76:e9:c7:b8:d2:4a:fc:18:6c:6c:53:02:7e:2f:
+                    e8:84:6d:ca:1b:a8:85:c0:5b:3d:a8:95:76:a4:3a:
+                    5f:85:d7:58:92:3f:92:8d:67:75:60:52:a3:62:60:
+                    e8:9f:20:98:37:c7:f0:31:97:5a:f2:08:64:a0:c0:
+                    89:cd:a6:69:b5:23:d6:25:b8:ec:42:49:c7:1d:bc:
+                    22:bf:aa:0b:da:f5:76:68:c2:b5:8d:20:a8:25:f1:
+                    62:e2:e5:fb:34:46:bd:e7:bb:a4:30:cb:32:26:81:
+                    39:6f:68:f1:35:c3:f6:38:65:32:4b:7e:9c:31:e7:
+                    10:9a:61:a6:65:0d:42:a0:6d:41:0f:97:70:61:f2:
+                    5b:6d:10:4e:c3:fb:53:9e:71:0b:20:4d:3e:96:66:
+                    76:dd:20:8d:50:5d:2b:e0:c0:d4:bd:bb:02:72:af:
+                    bb:25:1d:e8:49:f1:08:1d:a8:52:fb:18:c9:14:91:
+                    c2:2e:d9:e7:2f:2a:c9:ac:eb:d5:bd:f1:82:e4:e1:
+                    3b:67:c9:b7:3f:f5:38:8f:65:bc:6d:4a:ee:f2:00:
+                    75:5f:a0:33:c8:02:9d:f4:36:4f:f9:aa:11:91:64:
+                    11:b0:02:67:44:15:f6:4e:94:3c:3c:10:a3:28:dc:
+                    b1:94:56:ee:7b:04:0f:78:9d:43:d6:f3:0f:3c:6c:
+                    e6:70:bd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                03:92:4E:3C:2E:76:22:8B:F3:9C:EC:9F:B2:24:1F:9C:6B:E6:FC:62
+            X509v3 Authority Key Identifier: 
+                keyid:24:8F:FE:4B:B0:A6:35:7A:2E:42:56:EA:64:F1:FB:A0:3F:FC:4A:2E
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+                serial:D4:73:12:B6:C1:E6:B9:D4
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:maica
+    Signature Algorithm: sha256WithRSAEncryption
+         3a:db:1b:c8:93:e4:01:0a:d5:e8:6c:49:a4:1b:87:2f:8c:21:
+         98:25:71:fd:25:16:92:e6:c5:34:67:54:c2:81:16:0e:23:7b:
+         bc:7d:86:e3:a4:8c:af:02:80:2a:69:af:96:98:cf:c5:21:5c:
+         5d:4c:ad:64:e9:bd:fa:ff:60:19:9f:a6:53:47:99:52:f9:76:
+         0b:3d:fb:07:fe:56:7a:70:b9:45:30:5f:5e:9d:2c:e0:0c:d2:
+         7a:1a:2a:2b:5b:30:e3:88:09:c7:69:23:2c:41:bb:c2:6c:85:
+         70:d1:b9:28:5c:fc:4e:67:d8:a7:3b:f7:f9:d6:46:c9:2d:5b:
+         3f:3e:7b:82:59:bc:0d:b0:f3:c6:c3:8e:6d:27:27:6c:d5:ed:
+         dd:47:0f:9b:3b:11:aa:2d:99:e4:71:de:eb:f0:6e:82:55:4d:
+         17:c1:8d:55:c9:fd:05:36:f8:e7:03:ad:46:62:1e:bf:c2:b2:
+         f5:7b:4a:e5:ca:19:c6:04:55:a2:28:df:59:a9:a4:77:6a:72:
+         46:25:97:68:93:46:3c:ee:ae:12:f7:5a:94:2d:e5:45:f6:7b:
+         c9:66:b4:e8:70:11:a4:12:7d:8d:f1:c0:b1:06:00:3e:be:f9:
+         1a:c6:0a:35:99:df:5e:c3:ae:c1:ad:f9:f8:ed:bd:e2:9e:2d:
+         8a:68:15:ee:9a:61:b2:99:7c:96:6c:c7:75:3b:d3:28:d6:e4:
+         51:f1:2a:0e:ba:3a:be:d2:eb:15:a4:57:53:ad:50:9e:6d:02:
+         5e:b1:8f:24:3d:60:90:12:d0:40:7c:34:50:48:1d:13:52:41:
+         26:28:7e:f2:d9:57:00:98:f5:7d:69:bd:ed:d2:30:ce:74:bf:
+         0b:fd:b9:d8:15:88:d4:59:77:c6:b4:7f:90:bd:d8:ed:00:3a:
+         8c:c0:6d:c1:05:db:50:17:9f:53:49:dc:cc:7c:95:e6:ef:81:
+         98:e9:b0:e6:39:a3:64:41:77:cd:dd:18:41:79:00:c8:fa:77:
+         85:9c:dd:85:65:dd:a7:9f:a7:77:a8:8e:a7:6c:7c:2f:0e:92:
+         c4:b5:a6:28:dc:f4:98:b2:1b:22:53:2c:7e:78:05:a3:21:25:
+         1b:d2:68:9f:36:c8:06:12:7c:69:2d:f9:09:24:45:9c:74:a6:
+         45:f5:f9:20:1e:72:ad:cf:0b:52:43:7f:2a:92:2a:20:13:aa:
+         fc:63:8c:9c:02:85:78:bd:57:4b:c9:0a:01:1d:77:72:7b:4f:
+         1f:b5:7f:89:8f:63:9a:7c:c1:7a:38:dd:6a:11:76:d4:8a:86:
+         93:0b:ed:3b:be:a1:39:38:b7:63:44:9b:b9:f4:52:8f:f5:40:
+         2b:db:d1:41:38:60:db:33
+-----BEGIN CERTIFICATE-----
+MIIHLDCCBRSgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4u
+ZGUwHhcNMTgwMjA1MjMzNTE5WhcNMzgwMjA1MjMzNTE5WjCBpDELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFjAUBgNVBAMTDVZQTi1B
+S0ItbWFpY2ExEDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3Vz
+QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnWr9AHQw
+4zbOC1o8LehS+GuBUWXNdR9l2VBLtxKlOQ1YOj5N4EfGe7vb7hvasWPghoNWsUDQ
+lVxFRT0hPVqxQQJsZ/GseA6HCdtXxqzJIFuXRcH35zM4HyMy+MF+L7a+7DLsmauU
+/jKSaYxKC01/s0aHrv2JvJYl/KnDYDOUblCJcRqwEOKky8bJKCdU42FcnOynfQNa
+PiJi61I3uxZSi7XzwJJC1chaocpoA+bFXR2JvXv1DP/Ely8Mv5UtTJaFoBqPRGMP
+1Jj4P6CEXLnshVWqoKIq+SW2lds2zrgPVLWxEs8hjz3aMfBQzHfWKEkn84FEA2U3
+2gk3Id22h/9VdunHuNJK/BhsbFMCfi/ohG3KG6iFwFs9qJV2pDpfhddYkj+SjWd1
+YFKjYmDonyCYN8fwMZda8ghkoMCJzaZptSPWJbjsQknHHbwiv6oL2vV2aMK1jSCo
+JfFi4uX7NEa957ukMMsyJoE5b2jxNcP2OGUyS36cMecQmmGmZQ1CoG1BD5dwYfJb
+bRBOw/tTnnELIE0+lmZ23SCNUF0r4MDUvbsCcq+7JR3oSfEIHahS+xjJFJHCLtnn
+LyrJrOvVvfGC5OE7Z8m3P/U4j2W8bUru8gB1X6AzyAKd9DZP+aoRkWQRsAJnRBX2
+TpQ8PBCjKNyxlFbuewQPeJ1D1vMPPGzmcL0CAwEAAaOCAWkwggFlMAkGA1UdEwQC
+MAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQUA5JOPC52IovznOyfsiQfnGvm/GIwgdUGA1UdIwSBzTCByoAU
+JI/+S7CmNXouQlbqZPH7oD/8Si6hgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkw
+FwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tQUtCMRAwDgYD
+VQQpEwdWUE4gQUtCMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QG9vcGVuLmRlggkA
+1HMStsHmudQwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBAGA1Ud
+EQQJMAeCBW1haWNhMA0GCSqGSIb3DQEBCwUAA4ICAQA62xvIk+QBCtXobEmkG4cv
+jCGYJXH9JRaS5sU0Z1TCgRYOI3u8fYbjpIyvAoAqaa+WmM/FIVxdTK1k6b36/2AZ
+n6ZTR5lS+XYLPfsH/lZ6cLlFMF9enSzgDNJ6GiorWzDjiAnHaSMsQbvCbIVw0bko
+XPxOZ9inO/f51kbJLVs/PnuCWbwNsPPGw45tJyds1e3dRw+bOxGqLZnkcd7r8G6C
+VU0XwY1Vyf0FNvjnA61GYh6/wrL1e0rlyhnGBFWiKN9ZqaR3anJGJZdok0Y87q4S
+91qULeVF9nvJZrTocBGkEn2N8cCxBgA+vvkaxgo1md9ew67Brfn47b3ini2KaBXu
+mmGymXyWbMd1O9Mo1uRR8SoOujq+0usVpFdTrVCebQJesY8kPWCQEtBAfDRQSB0T
+UkEmKH7y2VcAmPV9ab3t0jDOdL8L/bnYFYjUWXfGtH+QvdjtADqMwG3BBdtQF59T
+SdzMfJXm74GY6bDmOaNkQXfN3RhBeQDI+neFnN2FZd2nn6d3qI6nbHwvDpLEtaYo
+3PSYshsiUyx+eAWjISUb0mifNsgGEnxpLfkJJEWcdKZF9fkgHnKtzwtSQ38qkiog
+E6r8Y4ycAoV4vVdLyQoBHXdye08ftX+Jj2OafMF6ON1qEXbUioaTC+07vqE5OLdj
+RJu59FKP9UAr29FBOGDbMw==
+-----END CERTIFICATE-----
diff --git a/AKB/openvpn/akb/keys/ca.crt b/AKB/openvpn/akb/keys/ca.crt
new file mode 100644
index 0000000..2e9dacc
--- /dev/null
+++ b/AKB/openvpn/akb/keys/ca.crt
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIG0jCCBLqgAwIBAgIJANRzErbB5rnUMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEfMB0GCSqGSIb3DQEJARYQc3VwcG9y
+dEBvb3Blbi5kZTAgFw0xODAyMDUyMDExMjJaGA8yMDUwMDIwNTIwMTEyMlowgaAx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYD
+VQQDEwdWUE4tQUtCMRAwDgYDVQQpEwdWUE4gQUtCMR8wHQYJKoZIhvcNAQkBFhBz
+dXBwb3J0QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
+4LBz66a5R/hS5Cygl8cPy63TMx10yjy8vJyToEUZCjGS8O5MgwKFWpf6CBKf8jrp
+kcY9JvvlDD11N+LU5kivRsZRf8Pbj2SuqUg2Rq1fCkVFDl9MshyWBnX1BntyLEQi
+A1X9bqKew/upZ09bSf8RB/9tsWBDi6m4xlnnojgGXbZnOXKzL442Qu0f+w1M9HoL
+mp8DXCevpbWSp6WLevQVe2VzDC+lGp1pw7Ea0raOD84u0mVKbBSCAaw0OG0+lkHR
+Ya3WVezkXVH2PQieqrSlWLmHqNQ5U77DYKYBZ7yhMDO+8Hkj6aN2JB8DglJVG79H
+GfWTrtFr3Bt80TZJi+GGdCg5u182V9s9Fhm//bKs5thJmS5dROBk1W4p/ZBQ2nQA
++wA59vILAF49u1+wY1dryw3JIXTSP4VY8enkhjeKCxpGJd13xF8M5Ci2w8pOyttw
+NVppDPZItbxPeswzK95VgrEOQaIEANeTMje95Qf3/gPhkMzwPRh9VfZNQMn1AKfn
+Irc2fb2iGhVzQAVhtBIKm2d24rHK6NCDe89uyfRZV4ZukcUgRt+nn6bnC67VW2Az
+NhonvzsAjtwwt5KUakKHmq7uMW2bFPy0OoktsP60yWB/Weg/wWliHpudvTq48pLS
+oQpd/lsJ1K8SXLFqRlWHlJDcelfnj3r58VQpp/82LbECAwEAAaOCAQkwggEFMB0G
+A1UdDgQWBBQkj/5LsKY1ei5CVupk8fugP/xKLjCB1QYDVR0jBIHNMIHKgBQkj/5L
+sKY1ei5CVupk8fugP/xKLqGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0IxEDAOBgNVBCkT
+B1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4uZGWCCQDUcxK2
+wea51DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBGKBoiGLJHTXMW
+9JZIWPQBlyJXvnGp2y1O58GhMEdE+Ahy6bRepLRpcULlCDEXYPJhc8pYMOTa0VAM
+Ps6lwQH5WQRv6fkdYSMCos0NKpp/0fvrxYTWnFrvU26Pveg+Z3COkVHMI6bJ70IP
+QpBtBmj3CRqD66vnN1sc0q52hEAkubFI0mD+eqY5rTRE5Eea31KipY5/n93cmlb0
+E2ORT/PwawgD2To5qd0THSPYJUiXQntbs4axBrU1S9RO44QZb4Ov71kqATc9u6ri
+0bPfeQtTCkCi+mCLA1WbzJTGg6rd0ce3rdSI0uNmMT+cWhh52tMhEKcdDxMahGTx
+SWdTogb7QqJxMj5GTVDzZsjzsAc6lXgSOL/Ffp/HjKQL1aPxGMlHLju++B/fo7kp
+meD5g8x4FaVN2dE0oBQ/uaAo2JS5/mSQIYlM2fnyx9ZwXcVgRYeavSIDfA9ASYJA
+w5is0PUOLr91dS++fBs8NWg7dtcBvZuvtGWO4tk9iWY7Gw4MC7ez4+E7nJrhBkMg
+1ySbg3/aJ4/E41K0k3zfkyOHhNVR37YN63e7xDdvGwm3fk8QFOAn+gVyfjnNhGJr
+JDh4YYK+cbK8E9PLV7eb1DvUNjUo19KToQBhaNNMt/n0niE6iU4ph997tlrG7MHu
+mj3n4HOYonYqpUwVlkIlCk11Sz/qnw==
+-----END CERTIFICATE-----
diff --git a/AKB/openvpn/akb/keys/ca.key b/AKB/openvpn/akb/keys/ca.key
new file mode 100644
index 0000000..507391b
--- /dev/null
+++ b/AKB/openvpn/akb/keys/ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDgsHPrprlH+FLk
+LKCXxw/LrdMzHXTKPLy8nJOgRRkKMZLw7kyDAoVal/oIEp/yOumRxj0m++UMPXU3
+4tTmSK9GxlF/w9uPZK6pSDZGrV8KRUUOX0yyHJYGdfUGe3IsRCIDVf1uop7D+6ln
+T1tJ/xEH/22xYEOLqbjGWeeiOAZdtmc5crMvjjZC7R/7DUz0eguanwNcJ6+ltZKn
+pYt69BV7ZXMML6UanWnDsRrSto4Pzi7SZUpsFIIBrDQ4bT6WQdFhrdZV7ORdUfY9
+CJ6qtKVYuYeo1DlTvsNgpgFnvKEwM77weSPpo3YkHwOCUlUbv0cZ9ZOu0WvcG3zR
+NkmL4YZ0KDm7XzZX2z0WGb/9sqzm2EmZLl1E4GTVbin9kFDadAD7ADn28gsAXj27
+X7BjV2vLDckhdNI/hVjx6eSGN4oLGkYl3XfEXwzkKLbDyk7K23A1WmkM9ki1vE96
+zDMr3lWCsQ5BogQA15MyN73lB/f+A+GQzPA9GH1V9k1AyfUAp+citzZ9vaIaFXNA
+BWG0EgqbZ3biscro0IN7z27J9FlXhm6RxSBG36efpucLrtVbYDM2Gie/OwCO3DC3
+kpRqQoearu4xbZsU/LQ6iS2w/rTJYH9Z6D/BaWIem529OrjyktKhCl3+WwnUrxJc
+sWpGVYeUkNx6V+ePevnxVCmn/zYtsQIDAQABAoICAQCYokWdB51F7sMgjdBqSqfI
+TUTzrEbyO2BbIGKItWfVLOgNE1SWitfcOvF3Gm/dNXgFtw1DtkpajkVauZS2+xlW
+ktI6YOp99n9QL+XvDUdKytOmd8a6GAEyUl8pECL3PzF74qZOydngeM0TiS0Sj1sa
+e8IghKxd6+XBmMFpyXVJo+drdyeSXqEtxbe768UjLuVDHFJEABGqGDaP/D1MQRN2
+x+vnk1YtRlHaxizah3jp876K3pQ355aJXFn9GvkxSXTbTiQUKuDXJB6KR5jBjgXk
+x+QIJGLtKOHAfgTmW5WEESLcaO6kgI546ziPBy8Zsk6yq8ivMUR8OZAI7z/27jVO
+3Udr2YcEDeFnFY6fAqHLyX4hzNTI9sBE7EH7b7EYBx7Y2TA4jBaf6t25SHaOT9HN
+MJ08C98rE/Og4d63PpZxfNTFid7717YKZSZ26Z66YHfUm/5EiDpUpj9N/vhQDraS
+jKLIj4lUpUO0SzjLv4gqQUy5sFq2tQlReOD7wmkwBpZ91obEcnE/EvEDxF3GuDpN
+HRNcOmbFNxggHKaroPtx/cUIb8aiEFjNXctiuBu7JPN7Rwm5rZYzD4YEZN65J5Mq
+vSeEN8+DkAZCpYcdTfFvyumRS/ZY/SPGqtnWLFRyHQu0DEOrK/MH8W9wU8G2ymaP
+tx7KillsXlUMbvbbsXkxIQKCAQEA8iXHCD96b20mOecp8e/XZBqaB+mlusla295s
+VD5X+21lnGtjv2yhIxwcPnZm+Tp3x16Xx96TDjP2Aew+fdfndz87D2L1Dyw6uD+G
+M9gETKebzk/dbdRcgJkNAq+4/qNKakRJ646zmj+WCBgPMaFbJeqwytUj2QQfoPAf
+wKE7MJFIIG6r1Xpjn6rLMPF8xog6fjsdieriaTfcNSBSIgMa7Ml5ZRI+qEzGiOZN
+1HxLOdaX4RRn16rASsJ1cYgXBpl/rgUKYo3uVShC2yFY5BDEFCbqLgsOsiLhT4Sx
+ioYn/xDtALhtg9mOjEGjcrslZVBgn9jow1jBqOg09iYzTVrkMwKCAQEA7YsAKB41
+2ry5yELhi9Txw4aQrs8hxYxqQsOuBawQtRNI44B0NreyKeTr3wflmzyFW2zPo1Gp
+UcCgVLhsW7o8LtYkROC/uZQx3L/DFaBiXtZHdUPTib/DcrVBIRxRe2uNxoFYzyZ6
+AePopbSEC09bjkuMEl18D61uz59YT6KySOHP13qFE6+jqtKVjVtQPUnzG72gLuVo
+0ElrgFKPg7mhJzKy9ahzFZK1Gxm3tu94YtDoxwIh8Bn0cM8pXRAEQkDlOcGJfaqY
+gvb/kgXjOvy5pXFv7PKoNRSesOKHE1z74e0fZ/O54Fpva4Bwukd40vlFtiPl/K7f
+5pPzdE4xh7yiiwKCAQEAu6Q8nI6cMPZy9dHFNj72ORNIIzOSgrD/4Ht2lL2O7j3y
+zIiHTlI+d/eTh2+3EhCVuv/5PB+k8w+e5hSMxHXnXwe3m4/CeNR8WESZmVke08va
+N8C5xR8X42s2ostK3r/orXpnkcsOMExv1avXMk1oVXSNNVB/K+8/FzacVGhcdqFO
+NBuuuonR42u1cyLe3vW35hOnKzXB52krElwOaV7goXbqxECkH0UHYBSfYTZEEPjS
+zs9CPOSLiCMyYRzlQu71+wLa7k4vzvuY+zfXKzw2xar2M2HMLIxM7pLUBZU6LzSN
+g85mxxJynQtMPl75do4XoiazEJWZ1GrEh65IePwi8wKCAQA9tyZ0Rd0SFoRiLlYx
+IUMq3JRMho4sqB2XeQWGfbzdfsQqL16CNNm6HrrVeFTEL0Yqiausr/PAxL4jJMMq
+Vcl7FbHYn1fQnFsUElJaFRBZuWxZYCTeng7mh4cDVjspSLlOAJ8VOtbqFM+F9c90
+rMqJvsEGqHkqDZJDqQ+lqQyO+PQp9LAMfE6WfB3U2wuO0N6zr2GlrX681sZyUYDt
+5VWkPHzYbEpyKWqaPuVHRxJNAh/oTHqKygODJ5+EiTvCBuBHUCwrlR4IsKmXw6XU
+1oJZJI7Czgy7tb7BECmt8zOR8Cx/sofxbS2TjYw8KYOPtKnS96KyMrEDVB8lcYdW
+z8CfAoIBAGiaHv8mkI5c2146Y6TmnW2Yy5dl3SShb+44mrpW1y2iggxaQud19C24
+x0l4hBwzBW/blaPrrrMIR1rNmO2Oj0WefJ+3m5i7DTuy1vtkkt8i9v4zhjqaRvrI
+ALsjftpnTQr6tg7MCHf2heD0y6zvX/61uFAvJP5b3yDcBBXV9CHeJI69nW/KNb49
+lB7DtogrzPxVj2LG46En8tdg0mBrVMumsm+y7mmqFtRaagdfdzS63UILyuoD99KY
+lobyjzI4hAMTxl88peEptZ4622d3RXcwsIqLi+CFsK+akbH+0/TPUx4k4yrmBo2F
+Qzs3bm/NURbiwkADW9Uvsbz++FWIPNw=
+-----END PRIVATE KEY-----
diff --git a/AKB/openvpn/akb/keys/chris.crt b/AKB/openvpn/akb/keys/chris.crt
new file mode 100644
index 0000000..a4ce31f
--- /dev/null
+++ b/AKB/openvpn/akb/keys/chris.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+        Validity
+            Not Before: Feb  5 23:23:46 2018 GMT
+            Not After : Feb  5 23:23:46 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-chris/name=VPN AKB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:de:2d:6f:e4:7d:d7:ad:ca:99:98:88:36:25:2b:
+                    69:59:78:24:ea:ef:20:b2:fc:71:b9:1c:5c:65:4d:
+                    ff:bf:aa:be:58:f7:e3:0d:ea:19:e9:a8:fe:0c:93:
+                    e1:49:5d:f9:24:d6:e6:90:90:9f:c8:bd:23:39:fe:
+                    5d:6d:80:82:7f:ad:2a:dc:a4:5c:92:8d:9b:09:98:
+                    e9:d8:6e:1e:8d:47:0a:f6:9f:f0:e7:d8:a3:9d:a3:
+                    75:1a:9c:9a:66:ee:cb:c0:47:d5:71:a3:6a:23:e2:
+                    e4:c1:bf:ac:a7:52:b4:1c:90:f7:ba:0a:c6:c0:30:
+                    d4:c8:5a:3f:42:1d:a8:e9:2d:d5:6c:63:84:ff:eb:
+                    99:70:c3:29:34:14:4a:88:65:a0:0d:7b:99:24:6d:
+                    92:56:00:88:d9:b7:93:f9:6f:51:28:d3:2a:bd:fa:
+                    b9:c8:96:5e:98:21:d4:32:30:1d:c3:c2:62:ac:b9:
+                    2f:97:bd:d7:56:33:4c:52:07:45:a3:15:c4:ce:61:
+                    8e:23:72:0f:be:8d:d1:64:ae:aa:47:63:a9:03:eb:
+                    75:72:a9:fd:dd:a4:aa:91:45:92:0f:d0:3b:e1:a8:
+                    9c:6d:92:d6:a4:02:61:25:fc:bb:35:b6:dd:2b:5f:
+                    83:2e:9f:18:1d:21:de:a1:34:9e:f0:c9:b3:f5:56:
+                    a7:7b:58:f0:79:7c:3a:9d:cd:99:a8:67:90:13:87:
+                    59:1e:48:4b:06:5a:fd:6e:95:db:da:1a:84:88:c1:
+                    2d:ed:c0:7c:14:b9:af:a7:e7:7b:3d:c2:62:cc:4e:
+                    ba:3d:83:86:9a:6b:32:35:3c:12:cc:44:40:e9:a6:
+                    47:85:af:0f:98:a3:9e:ac:28:82:6d:c5:24:bc:4f:
+                    23:fc:ca:bf:36:fd:a3:74:7a:33:c3:04:02:dd:52:
+                    56:54:9a:2a:a6:7a:c8:1f:21:e8:08:0a:d9:55:fb:
+                    af:c8:ca:87:56:54:82:5f:3c:4d:73:51:42:94:93:
+                    e9:35:8a:c5:89:2a:63:d1:42:76:5c:77:ab:a8:fa:
+                    51:28:eb:64:24:56:c6:f9:3a:f2:41:ae:97:4e:e7:
+                    7c:02:16:dc:c0:e0:25:2b:c2:4e:05:29:03:d9:c7:
+                    06:bf:3e:75:c4:bf:68:0b:de:93:0a:6c:22:ea:d7:
+                    cd:ab:e9:a1:b0:df:45:b5:72:84:d2:1b:58:4a:83:
+                    f2:cc:bc:48:54:37:79:b6:3c:55:7f:9e:0f:2c:4c:
+                    a2:de:77:90:ba:fd:0d:a4:a6:b4:12:ae:d7:c9:72:
+                    d5:b3:94:0e:fd:a3:bc:22:b4:5e:2b:aa:d7:53:63:
+                    17:fd:ab:41:9f:81:79:da:c1:f4:00:07:cb:7c:4e:
+                    fa:e0:e5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                63:DA:41:7D:CB:BF:08:55:90:4B:6C:52:20:60:57:AA:18:94:0A:6E
+            X509v3 Authority Key Identifier: 
+                keyid:24:8F:FE:4B:B0:A6:35:7A:2E:42:56:EA:64:F1:FB:A0:3F:FC:4A:2E
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+                serial:D4:73:12:B6:C1:E6:B9:D4
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         ca:52:78:14:c0:a7:3e:d4:02:a1:71:ab:f5:6e:dc:9a:73:e8:
+         95:40:fa:a8:5b:ae:a6:fd:27:b5:6a:ed:d9:0d:86:26:50:3b:
+         0b:b0:a9:6d:af:25:39:0a:8f:35:fb:b7:db:51:44:8b:f6:73:
+         c7:b8:41:a1:96:a2:86:a3:dc:9a:13:f5:a2:e0:ad:65:76:73:
+         9c:42:67:68:2a:9d:3c:59:6a:b9:19:35:57:1d:72:72:04:e6:
+         ce:15:7a:0f:57:c4:88:c1:89:6c:ee:23:7e:8e:b3:f1:90:de:
+         eb:51:fb:c1:3a:6d:bb:b0:bf:6b:40:fd:17:fd:64:0c:e4:1d:
+         2b:af:c0:c4:fa:e5:85:d7:8d:7e:1b:2d:e4:a7:71:d0:d6:99:
+         94:fa:21:36:70:d0:18:31:1b:a9:24:53:6e:08:96:3d:61:eb:
+         09:23:6a:32:f1:02:37:66:93:a6:bf:dd:bc:99:9e:d5:54:0f:
+         1f:2a:21:ce:1e:b4:22:0e:be:b2:fe:1d:78:24:62:da:c1:50:
+         45:7a:05:f2:ca:9a:a6:e4:dd:cb:df:84:f7:62:c7:16:df:4b:
+         9b:80:4d:7a:66:4f:c6:c2:a4:c4:bb:a2:a1:d5:37:fb:38:15:
+         d6:6c:08:cd:29:00:96:8d:ed:2c:99:39:79:0d:77:7b:d2:35:
+         23:6d:5f:f8:7d:a1:b3:2d:57:62:7d:a8:55:c2:be:25:4d:8d:
+         6d:de:67:ec:82:29:45:d0:34:c7:07:0f:63:25:db:89:28:4b:
+         00:3b:ea:4f:d8:ae:28:cb:ef:7f:49:15:71:56:c9:b9:9a:b7:
+         12:77:b9:60:c0:de:49:18:20:46:f3:96:85:c4:67:55:6e:1e:
+         b5:80:42:c2:8b:bc:42:cf:e6:a3:c7:a8:ef:de:c2:b9:6f:0b:
+         7f:d4:71:4c:9d:02:4c:d3:1a:db:6f:8d:a9:ed:11:74:a3:ed:
+         f4:69:d4:d8:be:4c:91:1e:f4:97:15:57:ef:d1:86:cc:ab:4d:
+         bc:70:2a:24:36:a8:1d:d0:80:03:36:95:de:c8:ef:49:2e:02:
+         5f:7d:77:80:f8:5b:5f:22:9b:72:04:83:e6:85:58:7b:b6:f0:
+         7b:8e:22:54:cd:6c:13:3a:80:73:a2:01:dd:d5:a1:fb:6f:a2:
+         55:a9:b6:80:1d:dd:23:8e:99:ba:69:5a:d4:a7:91:32:29:f0:
+         7f:ac:84:0d:41:ce:10:85:7d:df:e1:12:25:5b:88:34:c4:2c:
+         d1:74:37:29:6d:a0:9a:11:e0:a4:7f:bd:cb:d7:b0:78:06:6d:
+         bf:de:b1:99:e6:d3:90:8a:62:43:46:20:03:f4:a0:0d:33:0f:
+         37:89:d8:23:8d:c0:9c:2e
+-----BEGIN CERTIFICATE-----
+MIIHLDCCBRSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4u
+ZGUwHhcNMTgwMjA1MjMyMzQ2WhcNMzgwMjA1MjMyMzQ2WjCBpDELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFjAUBgNVBAMTDVZQTi1B
+S0ItY2hyaXMxEDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3Vz
+QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3i1v5H3X
+rcqZmIg2JStpWXgk6u8gsvxxuRxcZU3/v6q+WPfjDeoZ6aj+DJPhSV35JNbmkJCf
+yL0jOf5dbYCCf60q3KRcko2bCZjp2G4ejUcK9p/w59ijnaN1GpyaZu7LwEfVcaNq
+I+Lkwb+sp1K0HJD3ugrGwDDUyFo/Qh2o6S3VbGOE/+uZcMMpNBRKiGWgDXuZJG2S
+VgCI2beT+W9RKNMqvfq5yJZemCHUMjAdw8JirLkvl73XVjNMUgdFoxXEzmGOI3IP
+vo3RZK6qR2OpA+t1cqn93aSqkUWSD9A74aicbZLWpAJhJfy7NbbdK1+DLp8YHSHe
+oTSe8Mmz9Vane1jweXw6nc2ZqGeQE4dZHkhLBlr9bpXb2hqEiMEt7cB8FLmvp+d7
+PcJizE66PYOGmmsyNTwSzERA6aZHha8PmKOerCiCbcUkvE8j/Mq/Nv2jdHozwwQC
+3VJWVJoqpnrIHyHoCArZVfuvyMqHVlSCXzxNc1FClJPpNYrFiSpj0UJ2XHerqPpR
+KOtkJFbG+TryQa6XTud8AhbcwOAlK8JOBSkD2ccGvz51xL9oC96TCmwi6tfNq+mh
+sN9FtXKE0htYSoPyzLxIVDd5tjxVf54PLEyi3neQuv0NpKa0Eq7XyXLVs5QO/aO8
+IrReK6rXU2MX/atBn4F52sH0AAfLfE764OUCAwEAAaOCAWkwggFlMAkGA1UdEwQC
+MAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQUY9pBfcu/CFWQS2xSIGBXqhiUCm4wgdUGA1UdIwSBzTCByoAU
+JI/+S7CmNXouQlbqZPH7oD/8Si6hgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkw
+FwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tQUtCMRAwDgYD
+VQQpEwdWUE4gQUtCMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QG9vcGVuLmRlggkA
+1HMStsHmudQwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBAGA1Ud
+EQQJMAeCBWNocmlzMA0GCSqGSIb3DQEBCwUAA4ICAQDKUngUwKc+1AKhcav1btya
+c+iVQPqoW66m/Se1au3ZDYYmUDsLsKltryU5Co81+7fbUUSL9nPHuEGhlqKGo9ya
+E/Wi4K1ldnOcQmdoKp08WWq5GTVXHXJyBObOFXoPV8SIwYls7iN+jrPxkN7rUfvB
+Om27sL9rQP0X/WQM5B0rr8DE+uWF141+Gy3kp3HQ1pmU+iE2cNAYMRupJFNuCJY9
+YesJI2oy8QI3ZpOmv928mZ7VVA8fKiHOHrQiDr6y/h14JGLawVBFegXyypqm5N3L
+34T3YscW30ubgE16Zk/GwqTEu6Kh1Tf7OBXWbAjNKQCWje0smTl5DXd70jUjbV/4
+faGzLVdifahVwr4lTY1t3mfsgilF0DTHBw9jJduJKEsAO+pP2K4oy+9/SRVxVsm5
+mrcSd7lgwN5JGCBG85aFxGdVbh61gELCi7xCz+ajx6jv3sK5bwt/1HFMnQJM0xrb
+b42p7RF0o+30adTYvkyRHvSXFVfv0YbMq028cCokNqgd0IADNpXeyO9JLgJffXeA
++FtfIptyBIPmhVh7tvB7jiJUzWwTOoBzogHd1aH7b6JVqbaAHd0jjpm6aVrUp5Ey
+KfB/rIQNQc4QhX3f4RIlW4g0xCzRdDcpbaCaEeCkf73L17B4Bm2/3rGZ5tOQimJD
+RiAD9KANMw83idgjjcCcLg==
+-----END CERTIFICATE-----
diff --git a/AKB/openvpn/akb/keys/chris.csr b/AKB/openvpn/akb/keys/chris.csr
new file mode 100644
index 0000000..ada9205
--- /dev/null
+++ b/AKB/openvpn/akb/keys/chris.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6jCCAtICAQAwgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tQUtCLWNocmlzMRAwDgYDVQQpEwdWUE4g
+QUtCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAN4tb+R9163KmZiINiUraVl4JOrvILL8cbkcXGVN
+/7+qvlj34w3qGemo/gyT4Uld+STW5pCQn8i9Izn+XW2Agn+tKtykXJKNmwmY6dhu
+Ho1HCvaf8OfYo52jdRqcmmbuy8BH1XGjaiPi5MG/rKdStByQ97oKxsAw1MhaP0Id
+qOkt1WxjhP/rmXDDKTQUSohloA17mSRtklYAiNm3k/lvUSjTKr36uciWXpgh1DIw
+HcPCYqy5L5e911YzTFIHRaMVxM5hjiNyD76N0WSuqkdjqQPrdXKp/d2kqpFFkg/Q
+O+GonG2S1qQCYSX8uzW23Stfgy6fGB0h3qE0nvDJs/VWp3tY8Hl8Op3NmahnkBOH
+WR5ISwZa/W6V29oahIjBLe3AfBS5r6fnez3CYsxOuj2DhpprMjU8EsxEQOmmR4Wv
+D5ijnqwogm3FJLxPI/zKvzb9o3R6M8MEAt1SVlSaKqZ6yB8h6AgK2VX7r8jKh1ZU
+gl88TXNRQpST6TWKxYkqY9FCdlx3q6j6USjrZCRWxvk68kGul07nfAIW3MDgJSvC
+TgUpA9nHBr8+dcS/aAvekwpsIurXzavpobDfRbVyhNIbWEqD8sy8SFQ3ebY8VX+e
+DyxMot53kLr9DaSmtBKu18ly1bOUDv2jvCK0Xiuq11NjF/2rQZ+BedrB9AAHy3xO
++uDlAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAlNDQFzw62oe1Sy17o4XmNXh+
+BjHp3MV6yfsK30/mlmZ9PGy5WtKlmyGzTuflsUr5Lyd9U7h6jLeLyMxRRv2jX6Gh
+yMgIWhiETV8wazaGEMFuRdklVjPvxP+hlIql+n1iecKxpjfTidPMDD9oIu3ICmzP
+swDYMGwXuWR3NjsJGxClDtq2yZYVGV2qgeyDDkhd7ECQJkRdo39TzhEbh5UsrUbY
+kuuqh4oL0J0jAAL1r44RmsXnQDy0lNwMUGQfHHpIwELuZTLISUkzZHb5oLHUbnV1
+SHOPBMY/2U7gJ2U1eaf47yO5eBYiE8DjlebWW+EYZSt4YiKO5M5z1Tk24wqPiOm5
+jrWyHvowiDH8aSR+32Mkxhy9jxyWcLFNS+S8mqrAii+wLTP1kbnhZ0IesA8a4b4A
+JTfoZZWHO4zTfY6Mzp92no6iJGnozs3rCbA0/ITsAP3ii794CNvfN4wOXyzHgEsM
+KZRGeS7qXkmaxdfbV5kuu/F+enmdaZqDQ/NcqwNLfEAG4/L7dS0YSZfqAIxBIkMj
+CX/ae3Y0L8xU0wD8mgoFX8clJQtmYsWlQaxgNzasEsebyKw3m0MZHsHmTTH5vAsT
+y5cet4Wpf4op4jHQ+QBbgHBgDO7Khuu726NDOPd5sYPPgI3mN180iRu2iTkCFVjy
+pGFkd7TEq9rbmArGYW4=
+-----END CERTIFICATE REQUEST-----
diff --git a/AKB/openvpn/akb/keys/chris.key b/AKB/openvpn/akb/keys/chris.key
new file mode 100644
index 0000000..6ea3a3a
--- /dev/null
+++ b/AKB/openvpn/akb/keys/chris.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIv1QmF1WWGZUCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBjEdQTZjORVBIIJUPtA3jx4uwYc
+CO2uYGxSRVoMMywlQkniF5fzmxvd5Ghz24hXa+xHpBjCiliengMoETdJT4fkodPa
+xT4LiWeRgok0K6d0vdZM3XQBoozhHkKMDclQDQRfgRA3/buIONOKJQiymG3v9zRg
+oj8f/GCOEeGxz5mc0F1b3VSOeDeI+v+kiqs3e94uLxk1PoQxcJWLzRUsh6i7tMYK
+MlYgLbmB/zqBW37fE8MI3+EQ7hvajiHawWeuZ8/SCzHP1rugn/l+jVNWVjMH8S+j
+8CXVy4k7xyEKtB8vV9kWyhXrLvSMbB6Q23o4Pv5qrLLR2aOe/5DHVSKysmmHR9BC
+S1IFvX4cej8aOhOqYpWtKsaDXqvyVF3yEhl2avTZmeKW6kUWnrb5V4vke6oV7BMe
+y4Vno5uZu3Na4Csdx4c7C4UhNCzRt3xKFyK/q/B/hmsaRuLfL2mflBvHLMpqGXuq
+Iphox2OBMjCQFInje192yKVtjaYXfJAD02wS1aN8fo+9j1aWw7KGqcD4eTjW8Ddw
+HlT2ZdhV3F0A/Ltm/glGUkIQmOF4LxWIQXmGGNvjxXXUHIBVgN1GbhFHhcBLnL4b
+Xw8Y40HTQAguyi9AdOW7CBy0KAeGsLt4EfxS7CFU1Ou+zbdgqP7so6tuT58XxRdD
+2AHtDG81OY90/47SIn9kJ715VeMyscGSVz+dsy7DDaaA7LExww8jnBIR1vpYYkuj
+unXPv7NXgcb6oqzvJRSL56DCICNK7C5tPu22UmOj6Z1PaLNM1ttJ7yEqpqqYjJJ6
+z2lz+ngpJ9HnpXBNjQJkQUF7ov1VpG7pW44kf8xuLakM7/rupAgsxBXpTMvtN2lH
+kyZceWPBohHQX1vcUJCHjetS+fTSxELMpinA4OhioiceAJhax0XPkNUFEzWxDQwr
+7kyXJ0d2LyKiJ3Um2QlsPsybQkrkkV9U2807SqYqFPVh1CwO6mBlLUb8jOKzyhui
+4n1d0lPfh+3jvtXDnogNsbCuLWvHHTP4iGB3pZAa971t6ZXgLr03EJkI9aGWdSto
+HBnhEdw0ZTau9menKeZXiYdGjE0LiX1+lmzpULPo3BHdqJ9Wt/SlTyfDL8++Rc8l
+QY017OtBRr5rnbFuVnMSiXtNpC/vU4+NIUWJGN8OvwSI4IX17R2ND4Z/J1lM6XVp
+wqsFYkCAJlHJc2DbmOx4xtnj3pst4zQ0bU0nzLE0xAXSgqTP19/ikOX/Yj1+NOch
+iDrNNvge9NUFa6zT315+W/cr7LBjXnm9zbgSx1h14ceBK3o0xSxhevKui9WfhJ1I
+RCqIMLSU0Yk7aEAVJz4RJJCsJ/SwWAflSSV6lyDK7IuuB0qQ/F4nhpZc9kVGS4zu
+0UcayScHb5YtD85xvREMH5r2jHXxtTjQbA45mRU7UQyUsTyTt103ygEt2w2fTl2w
+VCuhNJrIws7y14rgccD8wZ3Lp7UW8n5sxhjHhYZxwVhAbx5LvfVKj2z0qNGNgCvN
+SVG9mnOBbFiswLVCmJxbbOxo9RmzHKa8RD+KZvM/Na6SCoSivYU4BjZqodh72bTT
+J6bd7IknwmV8AcGdnueVUgiVWH/t1wXOxySOcvKQu19AQU1Hc45gnCLxXJvrSNdh
+pcCVkcwO+NlDm0DM7yDajv139mVAf7qTuwGXIhC0h+PtrmutaSargz/c06xAStFy
+o+LtRVMcyiNLcZxpf3IUxwRSP6pS75Vgi+u0v6Uqx6dofnIgkjKh19/yPjU0rlFv
+NW5FED4K9mWrYRWHjgrSQL33gOZ2QZTYcywAkZ+ZjELl2BBNkAEhMzKy6kcac8Ni
+QdOKifldPodD9SQwY576fHiHGKFb9t1NKmQmXPTYH+pC7Yq/NZgAuwXStdoK6RQr
+A4PrxAyXVkCG2Fvk3FTI0AZ0ycMQdA0EEUnTPgokawke2nCjv6pgM6N2Ks+N4Tcn
+me8cVUfyrd+dYIECT+PADT1vpw8nZuJjvJS3u2xipoiUpLzJmBZGKiRGLesiZV9/
+SGTUPriphVoz/RO+cCt5kD+fYF458dDKkuxXDGRaGROlDZ2zCbr/DqYbtrjaPTZw
++JLQOMNKNUm+xmeu7FMlTt/Fkm9ffwEuOpfHbixcP9M5DY90HMAR48chJhc7Zxc+
+FntPqpG2BtAe1kfUJqta/kyN+nNGWujst2++WT5kVUok9XoKh75knoLcZkGXIcfV
+l52tLLtKW7IlYOkHzu/0xGK4ZSK/AdLj1gw8H8B2RmM1KWjrVND4E3uv4+ickDKD
+zDDxT62VEaFG+Hlw0w8TPZhNBcwqeXBsfZO9ioPE0vUF8nXsr4jEK+7uWIXI5lsq
+6zShok8+j3918hLPycGKlCQ2Ht5bNjuOJpQ79AmCWK6iOSnYk4j6hA/XEpSvdsXF
+4tkId5sW6SJO0iVbUs9XO2/EpZq2x6PspO8CMckEoV/AJxFkXvHOzOES7XZByVyh
+HNN5PGAHR8qeg0QFktAVGmzAutCNtsDFXlA34C0UgBimMFYQSUJcS6TxxQvzRoiL
+Fh7DopwuiuuOW3Fbh+CspWCShgCKabYB6kKQaJxSEuQd4HOUq0hmoCVhg2R10Ycd
+v+iKyr4ovYhjT7JGd+B7evVw7s1glFzMMLJOL0X4cwVPNM2dksu480oejoR5y9g8
+KNZLlbzEeFXUJGzPSZIjlujmAv4sYegUGL9so5X+TD+/NsoqrkmJVcU0mSZE0cFB
+3IUudXZJYphF9eyl2pk3qCtNjLqbd+4DYK1vtKNBJLk7gROTi830yXZmGYQB9P6s
+IbenqPJDNy8yPhoEe52PKAX8AgU4mDHPPiFGkezdkx8uUkvBG3S/NiAyRT1fgK2h
+pZqHOZXhcqprGxSPAUA1FrVM7uw8RVh9SR0R8s9rCtMvNlVvxTcsvo2XM4SguAOt
+lh/D+P22FeQNmWPNhA4yEfA+8bGvDSrFLvjR2jd0KH9QNktDI3mDqrsRl3gaXviR
+6DBPSF909U6bQit6JVIij1Otz4HiRO9ytj4KecqE0NlaG6SrF3hYY8EFW0FN01C4
+AhA2RQllHZge9PWJbJ1gFUJM/otjGjcj8l7yqarKorhpUUnuJqOQzGw/qq9Wn/oK
+ZD5gO5pp3Al4ArK8tgP0X4ArbSqSTZ7ZNOataM/DtRbc6QFcs6wcwTzv4KQysszV
+EHcAQ0atQTI97raPRX8RYkS3DSVEIy+y
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/AKB/openvpn/akb/keys/crl.pem b/AKB/openvpn/akb/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/AKB/openvpn/akb/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/AKB/openvpn/akb/keys/dh4096.pem b/AKB/openvpn/akb/keys/dh4096.pem
new file mode 100644
index 0000000..137f308
--- /dev/null
+++ b/AKB/openvpn/akb/keys/dh4096.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA6Z7/uKt9tb3/bW+5ZEexIbPB4z22+hf8c1gtN4PXV65PqUSmNWTk
+BYfl3b4+zom6BLZ+Usfku1OlrmVvOItgIiy/PZ/duRh0a5jP4WH/NqDnTQSm2YQ5
+YN7jajkrjWyZiV4EBYd3Lzwls5TbrEwozt35nsjJhVKkojJXvrAtD/p3Sw1yFaR/
+MkrwQeF6eDtV8uUosgJ3aJX0BH0AgNjkttDtNwaaICDNnraYV4E/2b/68rVugFEb
+GryzxCuL6ZkuuYSrs0XV58Nr9AlPDf9H+HBHL49+JjyfeF2vTkZBe0WsRqwudq54
+ZaoHixkTpl3F4p3TGwzfCvBP1diAU6jGOHt/ErmessX7W2cHM3C/1khFLamrQ5EI
+p0CQSzwqtRwmxULQdv2Q7sAttdlzaKARSEW3eNqLHljqX02F7Gcz5miHTJjM8fUy
+aX10AQY/w15YNUiqyBL37t9Ys/B4SeaVsHayAghISjX7gZYA8kFDAMpdAsrpAZZ7
+0+2DBMu4OH4PEycwuRJhnyxGjIdBQIMvxQD/8uD42DZs1xt3g4G8JoDRvklDhvm2
+AL73nDN5ES+xzSTvGsihvejJIHqM3vgj3AazdhHdqTASIYJ3wGT4zxykiaXr8Ok0
+LW9XEQJLNxtN+aNRGM41KtNc+M3tMtMPL4/aYVRPv1k71+OydF7qArsCAQI=
+-----END DH PARAMETERS-----
diff --git a/AKB/openvpn/akb/keys/index.txt b/AKB/openvpn/akb/keys/index.txt
new file mode 100644
index 0000000..816f921
--- /dev/null
+++ b/AKB/openvpn/akb/keys/index.txt
@@ -0,0 +1,4 @@
+V	380205202402Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB-server/name=VPN AKB/emailAddress=support@oopen.de
+V	380205232346Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB-chris/name=VPN AKB/emailAddress=argus@oopen.de
+V	380205233140Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB-jonas/name=VPN AKB/emailAddress=argus@oopen.de
+V	380205233519Z		04	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB-maica/name=VPN AKB/emailAddress=argus@oopen.de
diff --git a/AKB/openvpn/akb/keys/index.txt.attr b/AKB/openvpn/akb/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/AKB/openvpn/akb/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/AKB/openvpn/akb/keys/index.txt.attr.old b/AKB/openvpn/akb/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/AKB/openvpn/akb/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/AKB/openvpn/akb/keys/index.txt.old b/AKB/openvpn/akb/keys/index.txt.old
new file mode 100644
index 0000000..735f2bc
--- /dev/null
+++ b/AKB/openvpn/akb/keys/index.txt.old
@@ -0,0 +1,3 @@
+V	380205202402Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB-server/name=VPN AKB/emailAddress=support@oopen.de
+V	380205232346Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB-chris/name=VPN AKB/emailAddress=argus@oopen.de
+V	380205233140Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB-jonas/name=VPN AKB/emailAddress=argus@oopen.de
diff --git a/AKB/openvpn/akb/keys/jonas.crt b/AKB/openvpn/akb/keys/jonas.crt
new file mode 100644
index 0000000..cd1731c
--- /dev/null
+++ b/AKB/openvpn/akb/keys/jonas.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+        Validity
+            Not Before: Feb  5 23:31:40 2018 GMT
+            Not After : Feb  5 23:31:40 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-jonas/name=VPN AKB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:aa:8b:cc:2c:d6:a7:c4:40:1f:03:cb:75:1b:59:
+                    28:5a:9c:23:d8:28:4f:cb:27:01:26:da:41:11:fc:
+                    52:d7:4b:f7:ab:a9:be:f6:b6:fb:f5:0c:a0:37:d9:
+                    9d:e2:cc:7e:fe:14:e6:d9:63:a5:4f:4c:9c:1a:db:
+                    36:32:4a:9c:0a:c8:dc:42:50:9b:05:9a:70:b6:65:
+                    7b:99:7a:64:21:57:d7:1b:10:5b:a6:8e:0a:65:bc:
+                    87:1e:36:30:8a:05:88:ea:8c:f1:5e:76:5a:26:5f:
+                    15:63:5e:be:de:e7:69:76:61:ff:67:81:20:72:03:
+                    db:9c:f6:be:10:8a:76:49:ec:ad:03:e8:48:90:81:
+                    eb:85:fd:a1:fc:45:7d:ad:e3:f7:ee:41:a8:56:3b:
+                    1a:d4:df:11:7b:0e:a8:68:93:fd:59:48:ec:73:71:
+                    30:ff:c7:b8:77:f5:89:f0:32:e8:eb:54:e3:3f:ed:
+                    20:ca:c0:35:6c:93:85:50:0d:e6:bd:c1:4a:17:03:
+                    84:a4:d8:e8:e1:9c:8c:1c:95:30:62:23:20:4b:58:
+                    7e:51:85:74:63:8b:41:28:78:f0:ee:8f:f9:5d:c5:
+                    98:ae:66:92:5c:3f:db:f9:f1:d3:f9:e2:52:60:49:
+                    1e:e3:04:a5:a3:d3:f2:9b:3f:9f:3c:c7:19:d1:c4:
+                    ad:0a:2a:d0:f1:b4:75:9d:4e:4d:d3:d5:f2:5a:0b:
+                    5f:cf:b9:3f:83:5f:82:da:6f:f2:13:3c:ed:a1:cb:
+                    0d:a5:97:58:c8:8f:65:d2:23:b9:11:fb:84:3b:7d:
+                    4f:d5:8e:ce:e8:30:ca:16:70:a3:ee:73:c2:06:34:
+                    d9:34:b5:d1:2c:aa:da:7a:bf:97:35:99:de:ea:6c:
+                    de:cf:9b:8e:5f:64:57:e2:44:db:a7:c5:05:64:80:
+                    4a:be:ab:31:76:5b:bb:e9:dc:36:48:1c:c9:a4:20:
+                    16:94:07:99:2e:5a:57:ab:46:74:68:c0:27:ed:8b:
+                    e8:8b:e1:ee:a4:e5:f7:f5:4c:df:04:20:47:6a:70:
+                    11:7c:37:05:4d:a5:ee:ec:3c:91:3d:be:45:66:35:
+                    ad:be:a7:e1:f5:31:56:8d:96:5e:56:df:1d:c3:be:
+                    c4:e5:3e:39:fe:98:4a:74:06:e1:8d:d0:b4:2a:75:
+                    e1:c0:d2:ea:5e:dc:e5:05:72:63:e9:6a:cc:ed:bc:
+                    76:e8:5f:19:c6:90:71:a5:10:fd:ff:b8:7d:bc:7a:
+                    bb:0c:88:7e:1e:fc:29:31:5d:ac:76:d5:f8:a4:42:
+                    25:43:83:95:4b:65:a4:01:56:31:ff:c9:56:7f:d7:
+                    8e:42:ad:6d:3c:9f:e6:6b:e3:39:16:c8:87:44:b5:
+                    a5:35:4d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                51:1B:86:85:99:21:D8:D9:7D:19:D4:61:35:08:28:4C:B7:CE:40:75
+            X509v3 Authority Key Identifier: 
+                keyid:24:8F:FE:4B:B0:A6:35:7A:2E:42:56:EA:64:F1:FB:A0:3F:FC:4A:2E
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+                serial:D4:73:12:B6:C1:E6:B9:D4
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:jonas
+    Signature Algorithm: sha256WithRSAEncryption
+         6f:99:88:9a:29:f3:fd:56:28:c0:a5:c2:b7:5c:28:54:d3:15:
+         ed:e5:29:a1:2e:98:6d:29:da:8d:50:98:8e:e8:94:f1:2c:3c:
+         5d:0d:63:d1:e1:e3:0c:0f:10:93:71:dc:a8:58:74:7e:97:6c:
+         e0:7f:3f:ff:41:bc:3a:4f:f3:a7:2a:3e:7e:e0:c1:43:b3:32:
+         6c:02:55:3c:2d:27:51:fc:fb:14:d9:e1:b9:83:0d:34:41:38:
+         95:ed:c3:4c:fd:f2:ee:1e:84:69:d3:da:56:61:d7:b9:c2:dc:
+         fb:3a:ba:83:fb:50:c4:19:7d:2c:ab:e1:b1:df:71:f3:23:5b:
+         c7:7d:99:75:21:2c:11:42:cb:2e:5f:50:fb:15:3f:12:72:11:
+         04:0e:08:d6:37:1d:64:59:2d:e9:e0:96:a5:d4:e5:a5:d2:f1:
+         4e:8c:dd:cc:3a:c6:de:a2:7d:54:e6:31:0a:82:a3:ea:62:93:
+         09:a6:4c:72:c7:0c:97:63:94:b2:8b:c1:01:45:bc:1b:84:82:
+         fd:e1:3a:ea:c6:b0:ae:ec:17:fc:15:53:ab:11:f9:61:ce:e1:
+         8c:60:2b:72:10:9a:72:ab:53:ff:d8:be:8d:c7:5c:61:f9:3f:
+         9c:bd:6c:38:10:7f:ee:aa:0c:07:c0:72:ed:3e:68:e0:e4:fb:
+         55:1a:5f:ec:a5:d9:83:91:b6:94:db:59:d3:e2:98:2c:cd:8f:
+         e3:c9:4a:e4:48:02:e2:01:dd:8a:33:42:cf:69:d3:e5:c4:7b:
+         e3:2a:1a:94:7c:dd:3b:9d:8c:b0:05:cd:b1:bd:82:e9:2e:4a:
+         0b:d0:c2:69:34:03:13:c2:cf:6d:3e:b1:93:c9:5b:bb:df:30:
+         8b:4e:7c:d8:dd:fd:84:e4:36:27:6d:2a:3e:ac:57:aa:37:5a:
+         47:6a:e0:cb:79:60:98:6a:60:ee:ca:ea:52:3d:2d:45:f3:73:
+         58:00:cb:f9:97:a3:1c:29:1e:ca:9a:54:cb:3d:52:6e:2a:7b:
+         49:6b:f9:61:13:46:7f:95:07:91:7d:5e:18:21:c8:f6:fc:e8:
+         f2:ed:28:4d:a4:e3:a6:f5:ab:f4:dd:c1:2d:1d:c7:b4:32:1a:
+         60:d6:60:ae:8d:b2:3d:fc:37:4b:17:bd:b9:9d:7f:be:b0:84:
+         3f:17:1b:91:8a:e1:c6:c8:fc:1d:91:f7:c1:ae:7f:f5:7f:4b:
+         92:65:71:f2:b7:29:7f:e7:0a:52:c6:c4:a6:d4:39:33:de:14:
+         c3:b9:92:cb:92:bd:5d:46:89:5e:d4:da:f8:22:71:a7:ba:7c:
+         77:d0:e9:76:7b:3f:75:e8:51:3e:f3:d8:f4:b5:81:a3:79:5f:
+         50:55:67:40:ad:7a:0d:d0
+-----BEGIN CERTIFICATE-----
+MIIHLDCCBRSgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4u
+ZGUwHhcNMTgwMjA1MjMzMTQwWhcNMzgwMjA1MjMzMTQwWjCBpDELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFjAUBgNVBAMTDVZQTi1B
+S0Itam9uYXMxEDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3Vz
+QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqovMLNan
+xEAfA8t1G1koWpwj2ChPyycBJtpBEfxS10v3q6m+9rb79QygN9md4sx+/hTm2WOl
+T0ycGts2MkqcCsjcQlCbBZpwtmV7mXpkIVfXGxBbpo4KZbyHHjYwigWI6ozxXnZa
+Jl8VY16+3udpdmH/Z4EgcgPbnPa+EIp2SeytA+hIkIHrhf2h/EV9reP37kGoVjsa
+1N8Rew6oaJP9WUjsc3Ew/8e4d/WJ8DLo61TjP+0gysA1bJOFUA3mvcFKFwOEpNjo
+4ZyMHJUwYiMgS1h+UYV0Y4tBKHjw7o/5XcWYrmaSXD/b+fHT+eJSYEke4wSlo9Py
+mz+fPMcZ0cStCirQ8bR1nU5N09XyWgtfz7k/g1+C2m/yEzztocsNpZdYyI9l0iO5
+EfuEO31P1Y7O6DDKFnCj7nPCBjTZNLXRLKraer+XNZne6mzez5uOX2RX4kTbp8UF
+ZIBKvqsxdlu76dw2SBzJpCAWlAeZLlpXq0Z0aMAn7Yvoi+HupOX39UzfBCBHanAR
+fDcFTaXu7DyRPb5FZjWtvqfh9TFWjZZeVt8dw77E5T45/phKdAbhjdC0KnXhwNLq
+XtzlBXJj6WrM7bx26F8ZxpBxpRD9/7h9vHq7DIh+HvwpMV2sdtX4pEIlQ4OVS2Wk
+AVYx/8lWf9eOQq1tPJ/ma+M5FsiHRLWlNU0CAwEAAaOCAWkwggFlMAkGA1UdEwQC
+MAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQUURuGhZkh2Nl9GdRhNQgoTLfOQHUwgdUGA1UdIwSBzTCByoAU
+JI/+S7CmNXouQlbqZPH7oD/8Si6hgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkw
+FwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tQUtCMRAwDgYD
+VQQpEwdWUE4gQUtCMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QG9vcGVuLmRlggkA
+1HMStsHmudQwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBAGA1Ud
+EQQJMAeCBWpvbmFzMA0GCSqGSIb3DQEBCwUAA4ICAQBvmYiaKfP9VijApcK3XChU
+0xXt5SmhLphtKdqNUJiO6JTxLDxdDWPR4eMMDxCTcdyoWHR+l2zgfz//Qbw6T/On
+Kj5+4MFDszJsAlU8LSdR/PsU2eG5gw00QTiV7cNM/fLuHoRp09pWYde5wtz7OrqD
++1DEGX0sq+Gx33HzI1vHfZl1ISwRQssuX1D7FT8SchEEDgjWNx1kWS3p4Jal1OWl
+0vFOjN3MOsbeon1U5jEKgqPqYpMJpkxyxwyXY5Syi8EBRbwbhIL94TrqxrCu7Bf8
+FVOrEflhzuGMYCtyEJpyq1P/2L6Nx1xh+T+cvWw4EH/uqgwHwHLtPmjg5PtVGl/s
+pdmDkbaU21nT4pgszY/jyUrkSALiAd2KM0LPadPlxHvjKhqUfN07nYywBc2xvYLp
+LkoL0MJpNAMTws9tPrGTyVu73zCLTnzY3f2E5DYnbSo+rFeqN1pHauDLeWCYamDu
+yupSPS1F83NYAMv5l6McKR7KmlTLPVJuKntJa/lhE0Z/lQeRfV4YIcj2/Ojy7ShN
+pOOm9av03cEtHce0Mhpg1mCujbI9/DdLF725nX++sIQ/FxuRiuHGyPwdkffBrn/1
+f0uSZXHytyl/5wpSxsSm1Dkz3hTDuZLLkr1dRole1Nr4InGnunx30Ol2ez916FE+
+89j0tYGjeV9QVWdArXoN0A==
+-----END CERTIFICATE-----
diff --git a/AKB/openvpn/akb/keys/jonas.csr b/AKB/openvpn/akb/keys/jonas.csr
new file mode 100644
index 0000000..3190283
--- /dev/null
+++ b/AKB/openvpn/akb/keys/jonas.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6jCCAtICAQAwgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tQUtCLWpvbmFzMRAwDgYDVQQpEwdWUE4g
+QUtCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAKqLzCzWp8RAHwPLdRtZKFqcI9goT8snASbaQRH8
+UtdL96upvva2+/UMoDfZneLMfv4U5tljpU9MnBrbNjJKnArI3EJQmwWacLZle5l6
+ZCFX1xsQW6aOCmW8hx42MIoFiOqM8V52WiZfFWNevt7naXZh/2eBIHID25z2vhCK
+dknsrQPoSJCB64X9ofxFfa3j9+5BqFY7GtTfEXsOqGiT/VlI7HNxMP/HuHf1ifAy
+6OtU4z/tIMrANWyThVAN5r3BShcDhKTY6OGcjByVMGIjIEtYflGFdGOLQSh48O6P
++V3FmK5mklw/2/nx0/niUmBJHuMEpaPT8ps/nzzHGdHErQoq0PG0dZ1OTdPV8loL
+X8+5P4Nfgtpv8hM87aHLDaWXWMiPZdIjuRH7hDt9T9WOzugwyhZwo+5zwgY02TS1
+0Syq2nq/lzWZ3ups3s+bjl9kV+JE26fFBWSASr6rMXZbu+ncNkgcyaQgFpQHmS5a
+V6tGdGjAJ+2L6Ivh7qTl9/VM3wQgR2pwEXw3BU2l7uw8kT2+RWY1rb6n4fUxVo2W
+XlbfHcO+xOU+Of6YSnQG4Y3QtCp14cDS6l7c5QVyY+lqzO28duhfGcaQcaUQ/f+4
+fbx6uwyIfh78KTFdrHbV+KRCJUODlUtlpAFWMf/JVn/XjkKtbTyf5mvjORbIh0S1
+pTVNAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAlfVXFhOc7KJDqfCa8ULKA3SE
+zt45qOTWRSDzjtWZtebyQhFGYYISGuX0QTxBckyITKg11eQ+KLgmIbuo4RZEae/V
+aFMwvurWEw6hInChaRbd8oWzcOv0hZpFvrXcUlEpmFVliwcae5a/kC4JwRP0Y3eI
+Up2jmjCzuve/wrXiW2B1HAoYx5hYrjjg1WWCTsVFF/tIaGDL5xnQ/8G22ZiRwsEH
+AEqKK0jnnFrR8fR/P7pY6azISvZMOfTMBOxV8HNYjQqMSA2pbnvctcz9umof2GJP
+DPp5FWjYSuJucBshl/QN8hKvgArY31q+CvQolbHbPywevlAPEl6FhON7BqL8Xa2N
+UiYBZ+OSVvpuujkDnfI44snlCJ6REgo8D67QHo2CCdtZL2wae4Cpjlsg/WKbZrZ0
+58J4oKw1ozhJ4LzeV/HoTHhEoLQ+dlbom47ZZXg3r20r6GGpXPao27jlo7k61CaJ
+Nz771mCB/NuzZezSDHnoo/NtLjSuvvBv+kJgXqh+VwrOtWoS3FT5DKYQ6d8ZEUE7
+fOMcPu/VGOBvTkzAO8FSCOmGVQghiFnI4F96VpTLVlkfij5R7loiVCSU8fYstCnF
+2srV0hlV8MCvV3kNECra+ZX+A3evERazLUvE+RU7Bi37hRJCUIT0WE5bIKkIks7d
+7qBGEu4I2dW3JNpi+jY=
+-----END CERTIFICATE REQUEST-----
diff --git a/AKB/openvpn/akb/keys/jonas.key b/AKB/openvpn/akb/keys/jonas.key
new file mode 100644
index 0000000..66ddd4a
--- /dev/null
+++ b/AKB/openvpn/akb/keys/jonas.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI5DzkYCHFmAUCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECINkrl34iQJyBIIJSLilZMus46hB
+7wvxU4iFc4h0ryFlby57DPTiRzmqX9srRvInCUvZhKm3YmqLYXGxtVRBeRfeTsWI
+pYVFHOm1Yri6aCkqApCAa7PzoI4/vLwHzKVLl53x4iRhiwZzCmvPQngoeg2j2ahq
+oANqL77WmJh8oYNY++qqrRwRNhUzyaWpKRooRDgJpCmIH51bW161FO7zvbZ7JbNa
+FGnMig9SQPiefaPxjEjZNOOer3Ez+uaxwsrtsA51J3ny//AJqrYs9lLJQtUPW3df
+tjCx/GuWTW3DPkkGM6/5IX08RrJzIM+mMWGy7kn9Vuu3Pn1LAqCH2IOR6ao3UdtD
+fVX48K+PuEup8cz2l/LckuMQvj9ZJDX3x0ML37Ib5g7g0D/AcJVoIBWNIwrkqnnM
+zXb7hMuxV8SJkZOzuadzD9s2QW7ogCNiXM3JoRHaXpqLYuyREk/qKSMVDfhMt61V
+1vSeAli0wx9FqNBuMc9+rTtD6H2FLNRiG0ssQHVIkhz7pHGluyHmBy7CCesqr2Ec
+C56tWv9IpUwmsTco+s5gEXZu1viHYQ0SsY3a/J2RlMqnVprRY9/1ZlaViopwkpd3
+UeI2YBoJoLrPBBnPU6QnMtZdtb3N4HyMuXzRY/t8x8wFfCXpRXiJ4Qy5G1KKMCzQ
+k4OnjQrTM70PZVpQJPu0gHyF+WKR9F1Cz3FVY7bcyp4NRlJhuLcyj3EfRP3ICyQr
+Xe9xojzwauKW4yaR9QoBVptdcE0ixw5u+SG0sMoJdJ0L8o7vdaR8er54ysvqbeTn
+7MGNEmiupkU9oXTGy/wlTjPpKoVkyOiz0pkraze4LkHA3jfU3iMSh1HeFSdqKDY7
+cRxcc/vL0G7AOUkgII1R1TrAIbuJklmImi8A12Ev63f/6jfYwbIG24OPnL2tNeEx
+8XLJbP0PVUfN0CDaQGqb+31pKoPdjUm7bTzj8RsxcxJVqWTqP4CsvfDehdeC+yvm
+bbnfuTLL6U+tgRgScXSZvv5DKWqN8Zm4bX0QCPQ70WoGLD5dlr1C4FV6DovwCE4i
+ZFJ7kcIFbMur/fS15l6P2nVAA2jcNZwXrJeDLx969WS80z0iRLaIJffVvZkTI5lW
+F1dkpELTNWW4sYtRdWdEEyzu0tgEVlSvDsvTlFh7Tvs1GFDnJ7IfSDBclbNuH1CX
+Db77O4mZHn2w/SL01h39lU3ms8pp5TGuHX9t0ZUIJX76sTEfkac45ZyOqRvJsUZ+
+7Vv7VxsW/Bza6AEDj7tPlSNLlWYm60B3wGt9eSg8B6ysL3eEt4zevC+gUgH9ve0B
+gAj/JG7Qrl29LfZm6daZDslD0KyyhAfWuuC8/lbS6k5ITdgRPKJKo7vNL0ivBUwL
+zykSzlluG30MKhZiwunZX1HBqZIV2XP7JNbD5HrDanA30sGrvai+Mohlb3BUtOPT
+Vw79GYtyCbRc4vcD51xDDxZ1ElhXmpWP7zdtlZyVI3fo875hnv5juBswfbBmQCN3
+CT4398WnJWmfwuJqcIGsB9tHkbny4q1forhtiWVgtsLmIOSk0a8mJQENRYZY3wo5
+vU9BOehrmyTspH+kP47IRepjaM+IeqFbWsTJJkRxdynlV3Rvt0+gA7VvcmKLjzdP
+IgEykEtBxPusqv9C9wp6jC+1kvkgZDnm8CJBfu/4ISi8Quk4a3UUwIZYfIQcNMmH
+NCxkBW6Y9H+ZJGLXiR7n3oiKDC5TaDj3IxOUvplPRQqRK+RZzzg3kFNWjk44n3V2
+WGlxBH5SKhqdMA4S4YzwjqSxeWT7kvD12x66mjhsQfjFtEFLHxZqzOr5Hpz/U4r4
+lS1fwaHTheSFkj8P5NfXlfkRLgi5dBblXNv5B4dQRZn3F7hv2yPGKjFz8mXZBdxr
+QalPBF6sqYEmSHZmTMTS2JskMH+ANugk20ueOx06+PkLe1tv/agyPRoeMn2hLJck
+bzM46I7n1d5Pmm+l4cWGNeM6MbTuuL3k4x891VbS9TS/6wyKMl5gcxG0gnCsWaR8
+57bURf5zw5I4VkrXy8vKPMas4L6e+YH9BqLQRBf5wLfxW9P/bumkXNyqzRluhE90
+8tI9qLUwgoh7t6w1BIgKVsS3kBNoCsdK5ukM/OdTrN7N1GDU2TB4sPycF5cuqwUp
+UH6BUzi/fkbhnGTbV+oYNyK7crL5p57+eavTITg4P3IpYsZWV4v3GOaG3TYTO8mC
+CBeSZtSfK3j1mcUbDmWEIbpjj90otUv7saldY9d+/iFbG5C0TOVkkXf/foLN5hlt
+3WAcM3rqS61lwF2y78EZSLYTcB+a+mPdkBqLxZRq80d6Kvj5ABz4pwA8gX2F6lr+
+wiu3KfgNdHQPa/G2vIMqXo7JInDfXDbgeIbu8PPXqN9xIQRBW2LhDttmJMrnvYYc
+0pRRXErZsQQ1WLVFeYAT8kauHtr4dY8yvAYGV2xwi+9fnWymjo0pyWNpZLr0MaU8
+WD2XA9Zj+R/lhbjUKN3M6qUHXg3ItlJOEjK32LTRMr3ZYSzWFj69Csm8sE/C7ufF
+3iGme+x5i2apRCwmP/2wq2JczKE4FrdzWGsi9jdqx5k0NH1vKQT7qBrf75YTanHv
+zRYd6KoKh45R1HKkNRUXBYJb+IrcOCwfraNlx2aJ26kim6NFVVQa5wje1hlySHXu
+SE+WdDPpfYPE2CXzKgPIC2GWv3koReyABQdnol7gHOjY9fU5nbEy/KDrnq/E/Ywr
+5ykpm5RLwwkdguWT5FmnijVAETWjmHJEXa1YGZRXznAbgLXFc89yAUa+AdxURyNS
+9mLzBrT3nWtYsaY1y2t7M6D+L74CuaAU+qBDvpOX3fSjMa7xWIDlvYT/OzklOFiC
+eJ8Wu431B0R/BFf4d9gO/52llHp/eHY1fwQP882EzM0rxw4C7Me4Tmegv70ClrU1
++4oRcQzH+Al9faBpOiNq/waR9YfiaPiJA5/4kOMdegQbl0ZGw/xzz4waoYBGrNfC
+FyBQ0wKkN/GyRe0Xi6rxzPZGHFZkDWinf+u7v+WwjBz4/S55/KeH3Og+D75BRQ3a
+IZuAho2dw0knQ3q15xbH797L112WJ4m8AcNjrSAZoJyBCDgiVXBRx6S2IvfYavWz
+nTBODOqL6GWV24Ugd26nvBFPhApbvyHY+yG7hwSsQCDv8jSd79rgTN8kGClh2UTD
+Yd8Fnyy2xnQHB2lphmBgig==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/AKB/openvpn/akb/keys/maica.crt b/AKB/openvpn/akb/keys/maica.crt
new file mode 100644
index 0000000..cccbe37
--- /dev/null
+++ b/AKB/openvpn/akb/keys/maica.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+        Validity
+            Not Before: Feb  5 23:35:19 2018 GMT
+            Not After : Feb  5 23:35:19 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-maica/name=VPN AKB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:9d:6a:fd:00:74:30:e3:36:ce:0b:5a:3c:2d:e8:
+                    52:f8:6b:81:51:65:cd:75:1f:65:d9:50:4b:b7:12:
+                    a5:39:0d:58:3a:3e:4d:e0:47:c6:7b:bb:db:ee:1b:
+                    da:b1:63:e0:86:83:56:b1:40:d0:95:5c:45:45:3d:
+                    21:3d:5a:b1:41:02:6c:67:f1:ac:78:0e:87:09:db:
+                    57:c6:ac:c9:20:5b:97:45:c1:f7:e7:33:38:1f:23:
+                    32:f8:c1:7e:2f:b6:be:ec:32:ec:99:ab:94:fe:32:
+                    92:69:8c:4a:0b:4d:7f:b3:46:87:ae:fd:89:bc:96:
+                    25:fc:a9:c3:60:33:94:6e:50:89:71:1a:b0:10:e2:
+                    a4:cb:c6:c9:28:27:54:e3:61:5c:9c:ec:a7:7d:03:
+                    5a:3e:22:62:eb:52:37:bb:16:52:8b:b5:f3:c0:92:
+                    42:d5:c8:5a:a1:ca:68:03:e6:c5:5d:1d:89:bd:7b:
+                    f5:0c:ff:c4:97:2f:0c:bf:95:2d:4c:96:85:a0:1a:
+                    8f:44:63:0f:d4:98:f8:3f:a0:84:5c:b9:ec:85:55:
+                    aa:a0:a2:2a:f9:25:b6:95:db:36:ce:b8:0f:54:b5:
+                    b1:12:cf:21:8f:3d:da:31:f0:50:cc:77:d6:28:49:
+                    27:f3:81:44:03:65:37:da:09:37:21:dd:b6:87:ff:
+                    55:76:e9:c7:b8:d2:4a:fc:18:6c:6c:53:02:7e:2f:
+                    e8:84:6d:ca:1b:a8:85:c0:5b:3d:a8:95:76:a4:3a:
+                    5f:85:d7:58:92:3f:92:8d:67:75:60:52:a3:62:60:
+                    e8:9f:20:98:37:c7:f0:31:97:5a:f2:08:64:a0:c0:
+                    89:cd:a6:69:b5:23:d6:25:b8:ec:42:49:c7:1d:bc:
+                    22:bf:aa:0b:da:f5:76:68:c2:b5:8d:20:a8:25:f1:
+                    62:e2:e5:fb:34:46:bd:e7:bb:a4:30:cb:32:26:81:
+                    39:6f:68:f1:35:c3:f6:38:65:32:4b:7e:9c:31:e7:
+                    10:9a:61:a6:65:0d:42:a0:6d:41:0f:97:70:61:f2:
+                    5b:6d:10:4e:c3:fb:53:9e:71:0b:20:4d:3e:96:66:
+                    76:dd:20:8d:50:5d:2b:e0:c0:d4:bd:bb:02:72:af:
+                    bb:25:1d:e8:49:f1:08:1d:a8:52:fb:18:c9:14:91:
+                    c2:2e:d9:e7:2f:2a:c9:ac:eb:d5:bd:f1:82:e4:e1:
+                    3b:67:c9:b7:3f:f5:38:8f:65:bc:6d:4a:ee:f2:00:
+                    75:5f:a0:33:c8:02:9d:f4:36:4f:f9:aa:11:91:64:
+                    11:b0:02:67:44:15:f6:4e:94:3c:3c:10:a3:28:dc:
+                    b1:94:56:ee:7b:04:0f:78:9d:43:d6:f3:0f:3c:6c:
+                    e6:70:bd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                03:92:4E:3C:2E:76:22:8B:F3:9C:EC:9F:B2:24:1F:9C:6B:E6:FC:62
+            X509v3 Authority Key Identifier: 
+                keyid:24:8F:FE:4B:B0:A6:35:7A:2E:42:56:EA:64:F1:FB:A0:3F:FC:4A:2E
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+                serial:D4:73:12:B6:C1:E6:B9:D4
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:maica
+    Signature Algorithm: sha256WithRSAEncryption
+         3a:db:1b:c8:93:e4:01:0a:d5:e8:6c:49:a4:1b:87:2f:8c:21:
+         98:25:71:fd:25:16:92:e6:c5:34:67:54:c2:81:16:0e:23:7b:
+         bc:7d:86:e3:a4:8c:af:02:80:2a:69:af:96:98:cf:c5:21:5c:
+         5d:4c:ad:64:e9:bd:fa:ff:60:19:9f:a6:53:47:99:52:f9:76:
+         0b:3d:fb:07:fe:56:7a:70:b9:45:30:5f:5e:9d:2c:e0:0c:d2:
+         7a:1a:2a:2b:5b:30:e3:88:09:c7:69:23:2c:41:bb:c2:6c:85:
+         70:d1:b9:28:5c:fc:4e:67:d8:a7:3b:f7:f9:d6:46:c9:2d:5b:
+         3f:3e:7b:82:59:bc:0d:b0:f3:c6:c3:8e:6d:27:27:6c:d5:ed:
+         dd:47:0f:9b:3b:11:aa:2d:99:e4:71:de:eb:f0:6e:82:55:4d:
+         17:c1:8d:55:c9:fd:05:36:f8:e7:03:ad:46:62:1e:bf:c2:b2:
+         f5:7b:4a:e5:ca:19:c6:04:55:a2:28:df:59:a9:a4:77:6a:72:
+         46:25:97:68:93:46:3c:ee:ae:12:f7:5a:94:2d:e5:45:f6:7b:
+         c9:66:b4:e8:70:11:a4:12:7d:8d:f1:c0:b1:06:00:3e:be:f9:
+         1a:c6:0a:35:99:df:5e:c3:ae:c1:ad:f9:f8:ed:bd:e2:9e:2d:
+         8a:68:15:ee:9a:61:b2:99:7c:96:6c:c7:75:3b:d3:28:d6:e4:
+         51:f1:2a:0e:ba:3a:be:d2:eb:15:a4:57:53:ad:50:9e:6d:02:
+         5e:b1:8f:24:3d:60:90:12:d0:40:7c:34:50:48:1d:13:52:41:
+         26:28:7e:f2:d9:57:00:98:f5:7d:69:bd:ed:d2:30:ce:74:bf:
+         0b:fd:b9:d8:15:88:d4:59:77:c6:b4:7f:90:bd:d8:ed:00:3a:
+         8c:c0:6d:c1:05:db:50:17:9f:53:49:dc:cc:7c:95:e6:ef:81:
+         98:e9:b0:e6:39:a3:64:41:77:cd:dd:18:41:79:00:c8:fa:77:
+         85:9c:dd:85:65:dd:a7:9f:a7:77:a8:8e:a7:6c:7c:2f:0e:92:
+         c4:b5:a6:28:dc:f4:98:b2:1b:22:53:2c:7e:78:05:a3:21:25:
+         1b:d2:68:9f:36:c8:06:12:7c:69:2d:f9:09:24:45:9c:74:a6:
+         45:f5:f9:20:1e:72:ad:cf:0b:52:43:7f:2a:92:2a:20:13:aa:
+         fc:63:8c:9c:02:85:78:bd:57:4b:c9:0a:01:1d:77:72:7b:4f:
+         1f:b5:7f:89:8f:63:9a:7c:c1:7a:38:dd:6a:11:76:d4:8a:86:
+         93:0b:ed:3b:be:a1:39:38:b7:63:44:9b:b9:f4:52:8f:f5:40:
+         2b:db:d1:41:38:60:db:33
+-----BEGIN CERTIFICATE-----
+MIIHLDCCBRSgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4u
+ZGUwHhcNMTgwMjA1MjMzNTE5WhcNMzgwMjA1MjMzNTE5WjCBpDELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFjAUBgNVBAMTDVZQTi1B
+S0ItbWFpY2ExEDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3Vz
+QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnWr9AHQw
+4zbOC1o8LehS+GuBUWXNdR9l2VBLtxKlOQ1YOj5N4EfGe7vb7hvasWPghoNWsUDQ
+lVxFRT0hPVqxQQJsZ/GseA6HCdtXxqzJIFuXRcH35zM4HyMy+MF+L7a+7DLsmauU
+/jKSaYxKC01/s0aHrv2JvJYl/KnDYDOUblCJcRqwEOKky8bJKCdU42FcnOynfQNa
+PiJi61I3uxZSi7XzwJJC1chaocpoA+bFXR2JvXv1DP/Ely8Mv5UtTJaFoBqPRGMP
+1Jj4P6CEXLnshVWqoKIq+SW2lds2zrgPVLWxEs8hjz3aMfBQzHfWKEkn84FEA2U3
+2gk3Id22h/9VdunHuNJK/BhsbFMCfi/ohG3KG6iFwFs9qJV2pDpfhddYkj+SjWd1
+YFKjYmDonyCYN8fwMZda8ghkoMCJzaZptSPWJbjsQknHHbwiv6oL2vV2aMK1jSCo
+JfFi4uX7NEa957ukMMsyJoE5b2jxNcP2OGUyS36cMecQmmGmZQ1CoG1BD5dwYfJb
+bRBOw/tTnnELIE0+lmZ23SCNUF0r4MDUvbsCcq+7JR3oSfEIHahS+xjJFJHCLtnn
+LyrJrOvVvfGC5OE7Z8m3P/U4j2W8bUru8gB1X6AzyAKd9DZP+aoRkWQRsAJnRBX2
+TpQ8PBCjKNyxlFbuewQPeJ1D1vMPPGzmcL0CAwEAAaOCAWkwggFlMAkGA1UdEwQC
+MAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQUA5JOPC52IovznOyfsiQfnGvm/GIwgdUGA1UdIwSBzTCByoAU
+JI/+S7CmNXouQlbqZPH7oD/8Si6hgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkw
+FwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tQUtCMRAwDgYD
+VQQpEwdWUE4gQUtCMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QG9vcGVuLmRlggkA
+1HMStsHmudQwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBAGA1Ud
+EQQJMAeCBW1haWNhMA0GCSqGSIb3DQEBCwUAA4ICAQA62xvIk+QBCtXobEmkG4cv
+jCGYJXH9JRaS5sU0Z1TCgRYOI3u8fYbjpIyvAoAqaa+WmM/FIVxdTK1k6b36/2AZ
+n6ZTR5lS+XYLPfsH/lZ6cLlFMF9enSzgDNJ6GiorWzDjiAnHaSMsQbvCbIVw0bko
+XPxOZ9inO/f51kbJLVs/PnuCWbwNsPPGw45tJyds1e3dRw+bOxGqLZnkcd7r8G6C
+VU0XwY1Vyf0FNvjnA61GYh6/wrL1e0rlyhnGBFWiKN9ZqaR3anJGJZdok0Y87q4S
+91qULeVF9nvJZrTocBGkEn2N8cCxBgA+vvkaxgo1md9ew67Brfn47b3ini2KaBXu
+mmGymXyWbMd1O9Mo1uRR8SoOujq+0usVpFdTrVCebQJesY8kPWCQEtBAfDRQSB0T
+UkEmKH7y2VcAmPV9ab3t0jDOdL8L/bnYFYjUWXfGtH+QvdjtADqMwG3BBdtQF59T
+SdzMfJXm74GY6bDmOaNkQXfN3RhBeQDI+neFnN2FZd2nn6d3qI6nbHwvDpLEtaYo
+3PSYshsiUyx+eAWjISUb0mifNsgGEnxpLfkJJEWcdKZF9fkgHnKtzwtSQ38qkiog
+E6r8Y4ycAoV4vVdLyQoBHXdye08ftX+Jj2OafMF6ON1qEXbUioaTC+07vqE5OLdj
+RJu59FKP9UAr29FBOGDbMw==
+-----END CERTIFICATE-----
diff --git a/AKB/openvpn/akb/keys/maica.csr b/AKB/openvpn/akb/keys/maica.csr
new file mode 100644
index 0000000..5056c43
--- /dev/null
+++ b/AKB/openvpn/akb/keys/maica.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6jCCAtICAQAwgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tQUtCLW1haWNhMRAwDgYDVQQpEwdWUE4g
+QUtCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAJ1q/QB0MOM2zgtaPC3oUvhrgVFlzXUfZdlQS7cS
+pTkNWDo+TeBHxnu72+4b2rFj4IaDVrFA0JVcRUU9IT1asUECbGfxrHgOhwnbV8as
+ySBbl0XB9+czOB8jMvjBfi+2vuwy7JmrlP4ykmmMSgtNf7NGh679ibyWJfypw2Az
+lG5QiXEasBDipMvGySgnVONhXJzsp30DWj4iYutSN7sWUou188CSQtXIWqHKaAPm
+xV0dib179Qz/xJcvDL+VLUyWhaAaj0RjD9SY+D+ghFy57IVVqqCiKvkltpXbNs64
+D1S1sRLPIY892jHwUMx31ihJJ/OBRANlN9oJNyHdtof/VXbpx7jSSvwYbGxTAn4v
+6IRtyhuohcBbPaiVdqQ6X4XXWJI/ko1ndWBSo2Jg6J8gmDfH8DGXWvIIZKDAic2m
+abUj1iW47EJJxx28Ir+qC9r1dmjCtY0gqCXxYuLl+zRGvee7pDDLMiaBOW9o8TXD
+9jhlMkt+nDHnEJphpmUNQqBtQQ+XcGHyW20QTsP7U55xCyBNPpZmdt0gjVBdK+DA
+1L27AnKvuyUd6EnxCB2oUvsYyRSRwi7Z5y8qyazr1b3xguThO2fJtz/1OI9lvG1K
+7vIAdV+gM8gCnfQ2T/mqEZFkEbACZ0QV9k6UPDwQoyjcsZRW7nsED3idQ9bzDzxs
+5nC9AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAcZNuRXWb7OGyEM7N4NDW3a9p
+NM5dFSaWwzVefHWhW1PtYeRFVc39yTLJY4RKHIoWD/gdHG+sPB1btLdWLSHesLDT
+/4UhuHR+Br+d+LanDTdc/YMyMvxzAGE5LD/hubCE1jYEs9Yf8/O/hAsaA6HFyrYW
+GCf4+atqVe9dRV2pZGJH61pzWq3v2w/ls6KW+Skfj7OEQV8shiUmGowxX6GKcjxe
+6ETqDBAgT9S/QO5rTJiiAM+B5CM5p2dRXm2NaIvIiZ1XeOym84/EnIAICAreotOj
+p0GHvCrGJOhg703Qko+BZyII1lhhp+9aNg8JdHd1IoNZny8CtuHymlFmBINhWlr5
+7yvQUnX7ohFyYq3p0OqkluYqZOTVV+xGBKPc26JKkgEiHXr/pNFdF3+xPDYVuvPJ
+uazkVUzPtGIdsIvZnxUTqQQwEzX4MeRmXuBwcunmz7tWkmpRzO8Zvu+poEvGqF7V
+KZE1U3573XE67KTmSamuEizYuUg8teSOVt4GT9FWjiQcEm7FE6Lpzfj+rg1U9N1s
+lOWtccNPzTAykjcShtjttTfb4zN2WL/az6P9vPhri/5xD1pOJjJOg/GShzeAOswG
+XZVsxW+7wRgtLNKDA0HO1sHesLNNp/Pv2SEbjM/lJU7Yv0T8iYqpJr08LHaAuyZO
+vp7UtDzPq+l4RdnfI3M=
+-----END CERTIFICATE REQUEST-----
diff --git a/AKB/openvpn/akb/keys/maica.key b/AKB/openvpn/akb/keys/maica.key
new file mode 100644
index 0000000..4f7760b
--- /dev/null
+++ b/AKB/openvpn/akb/keys/maica.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIFeT4JOL9pXsCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECITrZqSnxTbhBIIJUOJXOGNmXjBJ
+V4IOyYpGU0sEtp4A9P/3/cJg7s0AT5R7ULE91IxBBTCDfY7KZNgwgHjAVzL1xpD7
+SsA3JW7D5NT0XX3eWMyCtuLpriyH5qSXUehyn8+AXrdCcafIdhDnM1+FfTUWe7KW
+RGlhznt4J0AYR0v0jSxCXF6fbKV9f5ZYKRsGOUCbWKBco6eu15Jp+LLXbrjpIcyb
+ufWl1X7KllSlPw03FdHP4puTcGHu+VgB3PXF6154ltkR3Lc+fDwCyroKh19Y4ww4
+M6EpqPZ6g9A2GeKkyCe0wxuda9twUFmgr1EolwYF0jjnpW8itLeUvcDztpXklrLY
+JVt9l87xUALaRHC5tZ65c0Urv6NFa9R2pe1RFku+ObzHKRwWEcVnecLQhzr35/D5
+uPEsC6Qk5aVVLDiPSXi42C1ekiN+5MqDLql12aDYapMkSl5gbrDZhTnV3vBIwwuj
+57yd92N9mP07rlgTCkOPJWiqFdsc7wId4zNLX/8pg8mDxnTg0J5XGtEHQwm3ytPT
+oF3ity+wm650hRXlvsMzKnCHpJhYX6z6PXFrin0pZQkUEXPicX4WKMfr8DADoCAH
+nbxXTTsiKLAAtC1u+vrqw7XDerHN7ceF/SglzgyShjc5PF2mIPBDVG9bSUqc2cXT
+xTtlhYAVRaHXowOBahMyzKZFIxogp1mEcVCYmTjxtrQGBuiwL1gArBZeAt36iTmI
+JOvsnibHg4zZHKC+Cbh5pbSXdXQ1zAtRlAVWSFrLyVxTRu0dkqbd85TmtnoQZDUz
+7T8Qy9TxMkXnKrp+6S/7ia0LyMdV6VWEkRXks1NnxHNxNqpG2KNoaAqX6vK7vStU
+qOxaSbGuYoL+sqrppSdHDABtgoV+olZ4cDi/7UFYwwT4+DaU2jTj1y9ZtXrc88m/
+hdRE5HYBXa9vCy2pQGMq0QimQ8zx6FtD+z4rBVNFh4boh8+XKSKPru2T0/DLgVtV
+oS5U6JwzJrir0U8RWz1NkNztvxVHz5D1gHwNvYpUegkTt4j9ohoboPcspW/4ICJY
+mOvx9THXUcxCPZN7DBS8GaRa1EpyaI2cdEra3uh3G6siQB1At3KSHKf5+tsUuVsb
+/TFjnogKy8L5YeFCHxzOJPfnbYXdy7ESQe4AEodO+YAAQUAbafoyk5Pq4I3CVpzd
+aAhPpPA1SjDCCHXZkJ/AgbwDBLtN1iazN1r5WdDvafVEBbaoPXtZFi8/0i69W8qG
+cdG5p/pPkG9OeoB17jtwWxJaA87F96lhTxFZk5e5CvM4xrpF9EPz981d05/xvD6c
+Q7mbjvjyx66yVnoFSPrXda/d+phL0wx9228UXZ4IiGx5zxDr+b6ly3bO33wiXRCV
+owZ9lFkQBrxDcO9JNe8koAIOtTP+4Z+gtbGxR5meV6JpdcImGahNMSsUiwguYnjt
+dyFgUQcoxR5+m9bQPpyhkDEqmF1X1nujR8h9PkM6p8uQvCZNrq0clBudJdKDOp+o
+mXn2o7KawVEna6GvGJONZie4VeMROlse2yNAsxrKzMGWDKGtXbM3P51AFkvnV/fa
+Ap83yrjj9Xmpm0mRUZw3EN2j4Aw5ZRfI19AgMrfjSUBRSRldXSirT6O/NQhMfAV+
++g0uzwzo8xtkmzopUii//aWng1OJL9j8/CFFlqf2m+lg3bk80jj+QJthgR7OOsQB
+fH6S8G/t7r8f0NC629RRZ6KM/2KepQZ+WFzRyEeYQRDW1ca0+BwIXQNilZtAbhsr
+sCLXlZKcNqczfWmLHND+Gg/3W6FN1DXGHPp+3MyawEcAo7VduLb3bBfbmMZcv9y1
+JRbXWsTM5XekIOesqz1WsUcR6MYmiWm+m74GoNuGMWiDMy4UIILSx9V3uEABeQio
+yCOsR0RGFS1MfjX6YAzA4ZrgA88UCHW4tru+K7pRw7L6CVPb4IMPuHWvcmpp+vSq
+hMBh0LSgHOmvjlSk7c5zKsRipR7Y4cPbL/wpNTfJwOBYHxb4xVPhkOWCsQg/ywz2
+JkG5VbmsLxunYFONuV1h5r75+akQwuESnkyOBPLn2mnNThmWEgtEoQEfz6n74Vwc
+mr7LW/9dt7WIc/Ra1iworbv+n9LqhnOJZmkl3hP7KJLb71NDjTk10PRvkNJ0vDqw
+zYklUm4q8ptr6nUrZd9yVf/bXwWrrf/NSEYFQnLiTht1+aJvlUvc1314YALtYG1d
+e6rUXBr+a4blG5WVkaglC5gvPTw3ZdDeZgQ/ipUWxENnGgG24PK75/dJLZPECLRL
+UK0mmNb09jr3XV4yIanfkEYqtqwEWPRm4eLJWVWnwptdHVvdRPBHbwiD25PPMUWk
+8ObIpvaTA1m73xDJea/YkQNO0hKw2i9+wDMeTtSoK6VF077rt03rZrGoHlDYMrO8
+0iLYdf87fU11GQ367w+n9j6qNLbT5LHRIZP5FE9YY81qYl2DoDzBHf78IH5Uut7x
+Y+FbajrBVUwOhmawhVD0Pu8CaRw8rNKmhHabtFSXJCprtEXqinEmTE4L0EOuIi5C
+5IjAuJGAKBVzyt2NrwWazeoHHrYKktE3tUVkvi+sse/wp3PLGxbYvEIQgb8k3HGW
+z18BMj4YfqOsjoR9PQUkG+Wm1yh4YNo5AZLVfXkfTGJcNQhgKqmj2YBdLpxZonlH
+s/rbae2GWz0ePb1gCNvWX6cIl+g02jThGkRNyhn7HFbj/Rex8rdDk8g7NMroytur
+P3o7l3i7KUSpW1utpDrE+PudJg/+mqe2vkKqlatUbMOUmtQM7AMPGRjOTESH4T8o
+j5P0YDrsqDnwfTZ/pWAla6x1SuLceneAqBBoeK3S90D26OXLImMBdgjcX1oBHz/Z
++CfJAz3yKfkD3EWQi7OHAyjdD5KDFhD3YNmFQpxfZX+Zi09Losd+UA7EGalK4ERW
+lmtCvSpcSnQmw5bq+w0bAmvF9P3EIH0OYig8r61/nEqGmvFjB2Yp1vosvjRF/dna
+pxLZVz0fLXkQPgAIsQOMW/iGPX47Fqb05zTLu/PtZYQR3QXsdvtbO3vJHhalY32v
+H45dwbPP5olUeoj6NnxlVOmXn3/zqj935dNxmDJIBLAbtu/uGcXuNNkebAElDHek
+p740XqNjn7Bu/55jtTKsryUdMb8os+IO3iysxHyBvX7Stc7A/HcOJHz956dhZ99h
+lMAktW8kgbpVqVrwhB64ibcp2PU2GV/2
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/AKB/openvpn/akb/keys/serial b/AKB/openvpn/akb/keys/serial
new file mode 100644
index 0000000..eeee65e
--- /dev/null
+++ b/AKB/openvpn/akb/keys/serial
@@ -0,0 +1 @@
+05
diff --git a/AKB/openvpn/akb/keys/serial.old b/AKB/openvpn/akb/keys/serial.old
new file mode 100644
index 0000000..6496923
--- /dev/null
+++ b/AKB/openvpn/akb/keys/serial.old
@@ -0,0 +1 @@
+04
diff --git a/AKB/openvpn/akb/keys/server.crt b/AKB/openvpn/akb/keys/server.crt
new file mode 100644
index 0000000..acd4251
--- /dev/null
+++ b/AKB/openvpn/akb/keys/server.crt
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+        Validity
+            Not Before: Feb  5 20:24:02 2018 GMT
+            Not After : Feb  5 20:24:02 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-server/name=VPN AKB/emailAddress=support@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:ce:a6:fe:62:1a:c1:eb:a0:ae:49:9a:9d:e5:28:
+                    eb:91:f1:2c:5a:d7:24:ba:eb:55:86:9a:0b:bc:92:
+                    51:70:e5:c7:19:64:83:e9:9d:c8:6b:f1:67:02:d8:
+                    b2:33:65:e1:11:46:d5:81:4d:ae:cd:df:4e:0d:1c:
+                    67:95:59:39:e2:d8:5b:5e:24:fe:1d:c4:dc:ea:6e:
+                    e4:b5:d4:5b:f4:5b:2b:a5:82:b4:69:36:25:a1:47:
+                    3d:18:1f:b2:1b:03:a3:ab:1d:d6:58:1f:28:fd:25:
+                    c7:a3:92:8c:b6:cf:12:f1:23:18:1a:32:03:e6:36:
+                    e4:bc:f8:61:b8:fc:70:03:87:35:a0:f6:25:26:e3:
+                    2e:9a:e5:5c:a6:89:3e:03:1b:c4:23:e1:75:65:ed:
+                    ac:1a:3f:ee:78:5f:6f:d6:90:28:b5:78:e2:71:0b:
+                    f4:cb:56:99:bd:29:c6:1a:bd:fa:34:e2:94:a9:88:
+                    39:1c:9e:75:c8:58:0e:e9:31:59:0e:e2:d0:df:93:
+                    0d:bf:93:85:25:05:3a:32:8a:19:11:f0:7f:8b:a7:
+                    b1:bb:74:77:bd:69:d6:03:fe:6a:94:31:93:22:b2:
+                    c3:02:be:61:62:e3:73:4b:73:32:48:c1:3d:01:41:
+                    a1:2b:df:dc:00:86:ca:af:d7:20:54:87:7c:b3:ad:
+                    63:fc:9d:f1:b8:14:23:de:6b:8c:63:2e:4b:45:52:
+                    5c:b7:6a:86:68:59:ea:ba:fc:0b:3e:37:51:63:f2:
+                    30:86:eb:2a:43:92:e4:7c:80:44:5c:6b:dc:ab:f0:
+                    c0:13:4d:c1:e1:c8:e8:9e:c0:6c:57:3a:31:be:c5:
+                    83:a0:86:5c:e1:f7:27:f4:b9:0d:fb:29:24:9e:dd:
+                    cb:31:2a:6f:5c:63:f7:57:ae:96:be:66:54:6a:13:
+                    be:c5:70:cd:0c:8d:99:a5:f3:90:46:f5:cd:ff:c7:
+                    cc:39:c5:34:4f:53:c7:31:bd:7a:be:eb:3c:50:21:
+                    7d:46:ae:00:e2:e1:26:51:ab:06:e3:17:82:c8:81:
+                    f4:0d:6d:81:6c:72:4b:03:e5:31:aa:3e:ea:e3:99:
+                    f0:18:98:a6:10:b9:95:97:fa:b0:66:12:68:fc:29:
+                    60:c2:80:83:41:71:1d:b7:a8:05:2b:85:a8:b4:27:
+                    bb:26:24:71:85:e8:1a:c5:9f:24:2f:7e:98:09:25:
+                    4d:c2:88:66:92:f0:a9:19:35:6a:bd:6e:45:de:2a:
+                    7f:5b:4e:f1:4d:f6:e7:12:66:87:42:f2:74:a0:78:
+                    1f:27:10:58:43:2f:75:e4:17:91:d9:42:5c:37:79:
+                    4a:77:43:5d:3e:7a:d5:f1:e1:92:a9:20:1e:55:6d:
+                    37:e5:fb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                35:5A:98:2E:5D:84:EF:EA:D7:DD:16:4F:4C:E0:18:39:DB:65:2F:18
+            X509v3 Authority Key Identifier: 
+                keyid:24:8F:FE:4B:B0:A6:35:7A:2E:42:56:EA:64:F1:FB:A0:3F:FC:4A:2E
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=support@oopen.de
+                serial:D4:73:12:B6:C1:E6:B9:D4
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         51:b9:6d:4d:8c:8c:00:56:8e:b7:81:d7:c4:59:bb:bc:b9:89:
+         77:e9:de:7f:c0:88:b2:4c:12:c0:e1:4c:5c:7c:6b:aa:94:95:
+         3e:16:ac:fb:e8:de:f2:a1:93:08:6c:8a:17:d1:d1:a1:3b:d0:
+         98:05:35:00:7e:34:98:1e:b9:da:cd:ce:67:11:a9:d4:43:ca:
+         fc:f0:23:09:ec:19:03:99:de:40:d2:61:42:b6:91:c7:29:26:
+         ee:f5:91:a2:e5:75:4c:50:2f:22:95:37:53:ce:46:21:cf:04:
+         d1:93:9c:ad:0e:5c:00:f8:00:f2:b1:f8:02:3f:fe:b3:15:3e:
+         9b:a4:fb:19:d6:81:b7:f4:06:89:cb:16:9c:e0:2f:60:00:69:
+         dd:ac:41:e8:23:29:19:5e:48:62:26:97:84:7e:5e:f2:50:3d:
+         e1:51:68:18:17:4d:0b:d5:0b:98:8e:d6:99:df:bb:79:ad:2d:
+         14:4f:48:6a:21:a4:42:2d:b8:a3:70:cd:24:df:1a:23:be:f0:
+         d1:f8:c2:a8:02:e1:03:88:d5:ea:7c:71:e6:96:95:02:34:8f:
+         c6:81:15:79:a9:a4:dc:11:5d:d6:97:f1:9c:d5:1f:4f:85:d9:
+         30:3b:bd:31:ac:48:d7:b2:08:63:1b:87:80:4b:1e:4f:e5:29:
+         85:f1:28:55:c1:7f:ca:d8:c3:51:eb:2c:98:2b:31:4e:27:e4:
+         90:a4:4e:bb:87:5f:43:d8:76:57:6e:d7:0b:5c:11:61:99:7b:
+         b7:49:29:1f:6f:b0:9f:46:1c:e8:3d:0f:b7:40:c8:77:69:5f:
+         48:03:a3:db:8c:46:b1:e3:cc:39:7e:87:f2:48:f2:f9:90:7d:
+         98:01:3c:cb:53:ca:42:ef:c0:20:e4:f9:cd:a9:b2:44:13:66:
+         4a:d6:6d:e4:2e:4c:29:7f:7f:c4:23:06:93:56:e1:c8:01:30:
+         3f:79:22:87:38:88:a9:1a:ae:b7:c9:b6:bf:37:3b:eb:d8:d5:
+         fc:ad:ae:a1:2b:bb:20:c9:28:67:cf:8f:73:00:7a:4b:4b:91:
+         82:2d:c3:bb:9c:86:28:17:30:55:23:62:c2:87:00:e2:c9:b4:
+         d6:e2:dc:83:37:22:09:47:f8:e2:51:18:51:fb:97:a1:7c:2b:
+         54:7f:ab:0d:ca:cd:8a:87:dd:8c:a5:af:2d:7f:a1:ea:e6:db:
+         8f:84:ef:ff:83:60:80:78:5a:21:a1:01:7c:1a:a7:ef:b7:2b:
+         20:5d:d3:bf:b9:82:2f:75:ec:2e:49:7b:61:90:85:62:1a:c5:
+         ff:de:32:57:b5:3c:b7:a9:52:dd:ce:e6:94:ab:2a:1f:3f:a5:
+         e7:64:ce:9b:a7:ad:fc:c0
+-----BEGIN CERTIFICATE-----
+MIIHSjCCBTKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4u
+ZGUwHhcNMTgwMjA1MjAyNDAyWhcNMzgwMjA1MjAyNDAyWjCBpzELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFzAVBgNVBAMTDlZQTi1B
+S0Itc2VydmVyMRAwDgYDVQQpEwdWUE4gQUtCMR8wHQYJKoZIhvcNAQkBFhBzdXBw
+b3J0QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzqb+
+YhrB66CuSZqd5SjrkfEsWtckuutVhpoLvJJRcOXHGWSD6Z3Ia/FnAtiyM2XhEUbV
+gU2uzd9ODRxnlVk54thbXiT+HcTc6m7ktdRb9FsrpYK0aTYloUc9GB+yGwOjqx3W
+WB8o/SXHo5KMts8S8SMYGjID5jbkvPhhuPxwA4c1oPYlJuMumuVcpok+AxvEI+F1
+Ze2sGj/ueF9v1pAotXjicQv0y1aZvSnGGr36NOKUqYg5HJ51yFgO6TFZDuLQ35MN
+v5OFJQU6MooZEfB/i6exu3R3vWnWA/5qlDGTIrLDAr5hYuNzS3MySME9AUGhK9/c
+AIbKr9cgVId8s61j/J3xuBQj3muMYy5LRVJct2qGaFnquvwLPjdRY/IwhusqQ5Lk
+fIBEXGvcq/DAE03B4cjonsBsVzoxvsWDoIZc4fcn9LkN+ykknt3LMSpvXGP3V66W
+vmZUahO+xXDNDI2ZpfOQRvXN/8fMOcU0T1PHMb16vus8UCF9Rq4A4uEmUasG4xeC
+yIH0DW2BbHJLA+Uxqj7q45nwGJimELmVl/qwZhJo/ClgwoCDQXEdt6gFK4WotCe7
+JiRxhegaxZ8kL36YCSVNwohmkvCpGTVqvW5F3ip/W07xTfbnEmaHQvJ0oHgfJxBY
+Qy915BeR2UJcN3lKd0NdPnrV8eGSqSAeVW035fsCAwEAAaOCAYQwggGAMAkGA1Ud
+EwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIBDQQnFiVFYXN5LVJT
+QSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBQ1WpguXYTv
+6tfdFk9M4Bg522UvGDCB1QYDVR0jBIHNMIHKgBQkj/5LsKY1ei5CVupk8fugP/xK
+LqGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
+BxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
+dmljZXMxEDAOBgNVBAMTB1ZQTi1BS0IxEDAOBgNVBCkTB1ZQTiBBS0IxHzAdBgkq
+hkiG9w0BCQEWEHN1cHBvcnRAb29wZW4uZGWCCQDUcxK2wea51DATBgNVHSUEDDAK
+BggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqG
+SIb3DQEBCwUAA4ICAQBRuW1NjIwAVo63gdfEWbu8uYl36d5/wIiyTBLA4UxcfGuq
+lJU+Fqz76N7yoZMIbIoX0dGhO9CYBTUAfjSYHrnazc5nEanUQ8r88CMJ7BkDmd5A
+0mFCtpHHKSbu9ZGi5XVMUC8ilTdTzkYhzwTRk5ytDlwA+ADysfgCP/6zFT6bpPsZ
+1oG39AaJyxac4C9gAGndrEHoIykZXkhiJpeEfl7yUD3hUWgYF00L1QuYjtaZ37t5
+rS0UT0hqIaRCLbijcM0k3xojvvDR+MKoAuEDiNXqfHHmlpUCNI/GgRV5qaTcEV3W
+l/Gc1R9PhdkwO70xrEjXsghjG4eASx5P5SmF8ShVwX/K2MNR6yyYKzFOJ+SQpE67
+h19D2HZXbtcLXBFhmXu3SSkfb7CfRhzoPQ+3QMh3aV9IA6PbjEax48w5fofySPL5
+kH2YATzLU8pC78Ag5PnNqbJEE2ZK1m3kLkwpf3/EIwaTVuHIATA/eSKHOIipGq63
+yba/Nzvr2NX8ra6hK7sgyShnz49zAHpLS5GCLcO7nIYoFzBVI2LChwDiybTW4tyD
+NyIJR/jiURhR+5ehfCtUf6sNys2Kh92Mpa8tf6Hq5tuPhO//g2CAeFohoQF8Gqfv
+tysgXdO/uYIvdewuSXthkIViGsX/3jJXtTy3qVLdzuaUqyofP6XnZM6bp638wA==
+-----END CERTIFICATE-----
diff --git a/AKB/openvpn/akb/keys/server.csr b/AKB/openvpn/akb/keys/server.csr
new file mode 100644
index 0000000..d97d3ea
--- /dev/null
+++ b/AKB/openvpn/akb/keys/server.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE7TCCAtUCAQAwgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tQUtCLXNlcnZlcjEQMA4GA1UEKRMHVlBO
+IEFLQjEfMB0GCSqGSIb3DQEJARYQc3VwcG9ydEBvb3Blbi5kZTCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBAM6m/mIaweugrkmaneUo65HxLFrXJLrrVYaa
+C7ySUXDlxxlkg+mdyGvxZwLYsjNl4RFG1YFNrs3fTg0cZ5VZOeLYW14k/h3E3Opu
+5LXUW/RbK6WCtGk2JaFHPRgfshsDo6sd1lgfKP0lx6OSjLbPEvEjGBoyA+Y25Lz4
+Ybj8cAOHNaD2JSbjLprlXKaJPgMbxCPhdWXtrBo/7nhfb9aQKLV44nEL9MtWmb0p
+xhq9+jTilKmIORyedchYDukxWQ7i0N+TDb+ThSUFOjKKGRHwf4unsbt0d71p1gP+
+apQxkyKywwK+YWLjc0tzMkjBPQFBoSvf3ACGyq/XIFSHfLOtY/yd8bgUI95rjGMu
+S0VSXLdqhmhZ6rr8Cz43UWPyMIbrKkOS5HyARFxr3KvwwBNNweHI6J7AbFc6Mb7F
+g6CGXOH3J/S5DfspJJ7dyzEqb1xj91eulr5mVGoTvsVwzQyNmaXzkEb1zf/HzDnF
+NE9TxzG9er7rPFAhfUauAOLhJlGrBuMXgsiB9A1tgWxySwPlMao+6uOZ8BiYphC5
+lZf6sGYSaPwpYMKAg0FxHbeoBSuFqLQnuyYkcYXoGsWfJC9+mAklTcKIZpLwqRk1
+ar1uRd4qf1tO8U325xJmh0LydKB4HycQWEMvdeQXkdlCXDd5SndDXT561fHhkqkg
+HlVtN+X7AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAUlZikNwKFM1QolnS2iJd
+/dkQC7Q9y8BhuObGgMCVQCdV8txiRRl8XqYYsiAv09H2oJy+f0GFOYHsXBzCq/yg
+tdmuknmF+GnaHoOwdrboZR/4Y9tRRLVUMurcs2vTxyOUSQtQPSqzxw/sGulwrDZ0
+LoU8Pb1dgDEhL6TzMmKFdy7C7zwBcfI2XweQN2JrZR7vHhNiTZIpQlMCdOpPovor
+y6p5Nwi6HeQ+3QAZ86iBWQ9u6ZKYVw24hROrOWnogpdWwlsO45mJ/Lkv4cncuyGa
+g3doByWXvY+LttxRVpQOhxNo4lgSOQtnJYiyDjVeuOClxilBsqfDv9sHutAHHmdt
+L1EQPcPcnlxuJ4ATB5WRlUB30cjTSh0ghvgq2oP1if3ZwrVPJXSQCpcISeUB7G2T
++2FXAeRz2gCLp/odLJEuZUqpUTrhsmzs91/kva9mjJXgiH3rhO7RmVuz7LwWfkoV
+oSSkhW9m/yQiEkCVZk50jiuivlR/pd72vJxlgmWmGHSR4dGBtUFB7s7/DnhsgMqz
+IhvUvnOQsHX9QXoC9QMtP1zyMeTgczeJipKqSYyAM50H2/gxJutRrknU+ULoroXA
+mraCqy0+pTui95JrPO+9be9tHnzRRHgEDJgEHic2hm0nGStSl4f0OU/zgCD3WyJp
+36a+sSd4UQYAPQuOF38rHvs=
+-----END CERTIFICATE REQUEST-----
diff --git a/AKB/openvpn/akb/keys/server.key b/AKB/openvpn/akb/keys/server.key
new file mode 100644
index 0000000..dcd5c51
--- /dev/null
+++ b/AKB/openvpn/akb/keys/server.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDOpv5iGsHroK5J
+mp3lKOuR8Sxa1yS661WGmgu8klFw5ccZZIPpnchr8WcC2LIzZeERRtWBTa7N304N
+HGeVWTni2FteJP4dxNzqbuS11Fv0WyulgrRpNiWhRz0YH7IbA6OrHdZYHyj9Jcej
+koy2zxLxIxgaMgPmNuS8+GG4/HADhzWg9iUm4y6a5VymiT4DG8Qj4XVl7awaP+54
+X2/WkCi1eOJxC/TLVpm9KcYavfo04pSpiDkcnnXIWA7pMVkO4tDfkw2/k4UlBToy
+ihkR8H+Lp7G7dHe9adYD/mqUMZMissMCvmFi43NLczJIwT0BQaEr39wAhsqv1yBU
+h3yzrWP8nfG4FCPea4xjLktFUly3aoZoWeq6/As+N1Fj8jCG6ypDkuR8gERca9yr
+8MATTcHhyOiewGxXOjG+xYOghlzh9yf0uQ37KSSe3csxKm9cY/dXrpa+ZlRqE77F
+cM0MjZml85BG9c3/x8w5xTRPU8cxvXq+6zxQIX1GrgDi4SZRqwbjF4LIgfQNbYFs
+cksD5TGqPurjmfAYmKYQuZWX+rBmEmj8KWDCgINBcR23qAUrhai0J7smJHGF6BrF
+nyQvfpgJJU3CiGaS8KkZNWq9bkXeKn9bTvFN9ucSZodC8nSgeB8nEFhDL3XkF5HZ
+Qlw3eUp3Q10+etXx4ZKpIB5VbTfl+wIDAQABAoICAAntI5L6zg3Pbg/DCYqUaJxe
+BU9nvi/sVfNdOusX7CmMIAAsP9nc5l+o/NW6KvUlE6aMzHylipwA+fLPRnp6CrnG
+wrzG8h3j8uif4wSI6tHV/0a3/IqBO1V/4oNiImAB0L7LdBxPgtyGEAzfYTr2v2Yt
+1V6MwHsyb9JT6/3Cwm6o8/6DVE2F5Bs0oTqupPfpQYanscfvnrC0GXRWwTyBODNf
+VyEu/dc2lbPsacOnFHmt2I48KOIjCm1RLYYuBKUeaAIVQjfNkjuxAJak44dlEftX
+VsY2VfoXN1yBwATWTMcB5zQeiPcDDeq14dh0z8Vbra451ot/7gR8ROVKjMbksUS+
+/E3KipzuBbeRiueiYs82IpCnx0BT+5+CeQp5PXgY/UKlC46tyZeWmdrHDew0UU3c
+6a1Q4El/1P5g/yYTDcT1gy4Iff2C33BT4uMV4JenUgxjG8kIC9lgBVCbWma6pMSv
+oukQ/T6eMV8voossFoX6PNHrRhtd9I6yxdbked3TrPyFmOY80ENJdyRgSXG+1fPO
+G59jep2tnHfv0o2nBzW9u6dSffXKRgjxWV4rNlCDvL+PVOl0wSybH4mMATDq6GmT
+8IvQrZoqoX13klHqRKEBm5eEdjCfzoe8PrT1egxEZviHtb/W6LmpZAArGoOPTaLL
+MQoXe385QLZqSPy/gDDhAoIBAQD1x6BvhNYNRmnRrTO62aIYFLFuGFtph50BFeda
+vRCfAuKvwa292o7fiSNnJuA7YQ4jszbajVICg2zo91pcZUZG3Gn4yS0c39RElPHe
+eXny3CgbzgAJvvfZc+80P59nUzJlFgBsmGwbmBlKFn265hu7egmE73vADQclXBUV
+NA6LtJA32E/paN+W48NXjBbEWZ2A3RPBYlaoxn6YdYwA6kwnZPLDlFBtuKksmel1
+Ogvma8taF5PlgivlnYWCvZ4/4OSeu0s8IHA7UPE+HULjnjSG7TwwnrxdKe7KJy0z
+1dfaUCBKqp+dK7wgSesnzje7kM9Xj72EH4oS9VfywsQbI4edAoIBAQDXPtj07xiU
+tMRmgAv0/uMmth95AOFsda8HWK952stSjJJ38BXjPsDYprHGXrVUSeEgh4Wd2kXw
+kN0/T4VqYvOTAhB4YPEbziCHYpHbcBFKQj5xRAP8jYYUqmt9Ciq0ypJtAYmNk0qH
+cng56yvQCjq0CC1sJzT8R9wM/cv7YFjKhLoawJqcka01uiLOzl/ucv8TU00nb2lw
+1lZAzPqbXuxNI4DtqfE9vkwzaX8bVWRqcFyZOsPhCeoWUe7To6Vnl+Av35QmGapV
+abauIXG2CU6zyVQivNlTi7uedCee0rAFT8OLl45f0w4YpnYlZXJrVKWTqfF4X1WH
+tRcIUt0Skox3AoIBABUpojPYAUJVXMk0G68sDBv8tCZhrIVSqv8r7qbOfr7iVbiC
+eb5OMl0nBshb/ZS/T6NdTAzXfEdBH8CTg9FO2xVA51MHp33D/BgHpyfb19dEg6OZ
+QkGUkuzDYcZi8AvKix1PHqw7F5vspcjOVPch1yN2Z5ltsX8g4AukeSBBQjtfSce1
+NXRIlm/8npZMNq2jdb9hydCt8f5IUSA5htuRUQtXUtvqSl6YNuDjQ8nXPK0TfQf9
+3bs2USdNP/C4+QZRC/5q7Bh6Ro+k8ZDCnj7RIX64sKUTFe8DrE71vpum/xYKLi2f
+sWysFl/FXZ0o0X2yA1hrxQq6WH43Z+I8SPx5O7UCggEBALI+gi163fEvLMDw4nX0
+qSiCgteSahqF7fZ4c3/GNr9aV2Ro9cckTVBb4jWychilwX9NmtGYUnifjggCkyoB
+XVFs0TTOmnt7G6bhcoW0bS0AZHMpbt+yVslAQxjd1XW3lsAcGMuboIk/ut3DqJl0
+Dx7M8shwQ0lzPH+poES/iWfTt8W1n5Nuc3BdfruhXQG6Sw622dqBQWDGrdClrhYB
+6k8KypaFN5f4wWOFxlNdSHV4LMZbSqBNtILdQJgUGUILHASo8icG8+4dR8E1QtQL
+Kxho7XqCxrmPqkPSTokQUeFkJzuuuqERxseU+ZuIQdMt2pvIjIUw9UQXK0aiUB40
+K4sCggEBAL39mdNXd5tg6J1LmfRekkT5ksL8z3ZsGCbrDR5hxkTvEzARV2fKUgpu
+h66HFu8YBoPJFZ8ijTrADt5nT8etxP72nMiCSX54Lk4Yq67lznFpcg4cgykSgnCP
+E6spJ69GUAlKd/l1YDRHO1w6cQmrtNvb6GBXgNUqJ1ktyR0gZ+WOFaB8HawMMyJf
+P/ir2/lCohpLbaZkmAT4iQyPvlsQadPmdmFu1U+2GJ4iZSpKgrobosZlSMKGQoVJ
+QUqfjrzwqjL1gv9dJjTHFgGi1u8BW/jM4LkS8ttsn/FvyTbTa9SJiS0Ky3wDZh09
+zTx+FNOUWWzWgKS6+oPYWx3kzvbIxFc=
+-----END PRIVATE KEY-----
diff --git a/AKB/openvpn/akb/keys/ta.key b/AKB/openvpn/akb/keys/ta.key
new file mode 100644
index 0000000..658748a
--- /dev/null
+++ b/AKB/openvpn/akb/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+5b91b2a91925f7503bb408768cb5053b
+80a9d011f37c13df8297549c485d787b
+6450a5341cd9b5079bf4993cd7724c91
+8ae6953503cf30565dc75025061990c7
+44348470db2143ff80b8ed281d822a69
+a2d67538439c1f04f73df867848f618f
+cc096eb98252e5c7e01a7921803ca4fe
+18a0df2a99aaf15839f598fc5a3f24b9
+17afcfd477d49792ffe450a18b8ad0f2
+a9b1e5bc658e066e461472b2439ad423
+1be921f71ac59a050bc751f681fcd553
+60c4274c640dc56b0e140d5e9e062349
+12bfaa7450b615bbc898f822dd5eb6bc
+f3023bbcd87fb2a18c651dbae4bfbbcb
+5797d4b6c01f0bd700681b308e19b239
+53cfefa995eb4bf57ee985194e814548
+-----END OpenVPN Static key V1-----
diff --git a/AKB/openvpn/akb/maica.conf b/AKB/openvpn/akb/maica.conf
new file mode 100644
index 0000000..a0971b6
--- /dev/null
+++ b/AKB/openvpn/akb/maica.conf
@@ -0,0 +1,257 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-akb.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIG0jCCBLqgAwIBAgIJANRzErbB5rnUMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEfMB0GCSqGSIb3DQEJARYQc3VwcG9y
+dEBvb3Blbi5kZTAgFw0xODAyMDUyMDExMjJaGA8yMDUwMDIwNTIwMTEyMlowgaAx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYD
+VQQDEwdWUE4tQUtCMRAwDgYDVQQpEwdWUE4gQUtCMR8wHQYJKoZIhvcNAQkBFhBz
+dXBwb3J0QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
+4LBz66a5R/hS5Cygl8cPy63TMx10yjy8vJyToEUZCjGS8O5MgwKFWpf6CBKf8jrp
+kcY9JvvlDD11N+LU5kivRsZRf8Pbj2SuqUg2Rq1fCkVFDl9MshyWBnX1BntyLEQi
+A1X9bqKew/upZ09bSf8RB/9tsWBDi6m4xlnnojgGXbZnOXKzL442Qu0f+w1M9HoL
+mp8DXCevpbWSp6WLevQVe2VzDC+lGp1pw7Ea0raOD84u0mVKbBSCAaw0OG0+lkHR
+Ya3WVezkXVH2PQieqrSlWLmHqNQ5U77DYKYBZ7yhMDO+8Hkj6aN2JB8DglJVG79H
+GfWTrtFr3Bt80TZJi+GGdCg5u182V9s9Fhm//bKs5thJmS5dROBk1W4p/ZBQ2nQA
++wA59vILAF49u1+wY1dryw3JIXTSP4VY8enkhjeKCxpGJd13xF8M5Ci2w8pOyttw
+NVppDPZItbxPeswzK95VgrEOQaIEANeTMje95Qf3/gPhkMzwPRh9VfZNQMn1AKfn
+Irc2fb2iGhVzQAVhtBIKm2d24rHK6NCDe89uyfRZV4ZukcUgRt+nn6bnC67VW2Az
+NhonvzsAjtwwt5KUakKHmq7uMW2bFPy0OoktsP60yWB/Weg/wWliHpudvTq48pLS
+oQpd/lsJ1K8SXLFqRlWHlJDcelfnj3r58VQpp/82LbECAwEAAaOCAQkwggEFMB0G
+A1UdDgQWBBQkj/5LsKY1ei5CVupk8fugP/xKLjCB1QYDVR0jBIHNMIHKgBQkj/5L
+sKY1ei5CVupk8fugP/xKLqGBpqSBozCBoDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0IxEDAOBgNVBCkT
+B1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4uZGWCCQDUcxK2
+wea51DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBGKBoiGLJHTXMW
+9JZIWPQBlyJXvnGp2y1O58GhMEdE+Ahy6bRepLRpcULlCDEXYPJhc8pYMOTa0VAM
+Ps6lwQH5WQRv6fkdYSMCos0NKpp/0fvrxYTWnFrvU26Pveg+Z3COkVHMI6bJ70IP
+QpBtBmj3CRqD66vnN1sc0q52hEAkubFI0mD+eqY5rTRE5Eea31KipY5/n93cmlb0
+E2ORT/PwawgD2To5qd0THSPYJUiXQntbs4axBrU1S9RO44QZb4Ov71kqATc9u6ri
+0bPfeQtTCkCi+mCLA1WbzJTGg6rd0ce3rdSI0uNmMT+cWhh52tMhEKcdDxMahGTx
+SWdTogb7QqJxMj5GTVDzZsjzsAc6lXgSOL/Ffp/HjKQL1aPxGMlHLju++B/fo7kp
+meD5g8x4FaVN2dE0oBQ/uaAo2JS5/mSQIYlM2fnyx9ZwXcVgRYeavSIDfA9ASYJA
+w5is0PUOLr91dS++fBs8NWg7dtcBvZuvtGWO4tk9iWY7Gw4MC7ez4+E7nJrhBkMg
+1ySbg3/aJ4/E41K0k3zfkyOHhNVR37YN63e7xDdvGwm3fk8QFOAn+gVyfjnNhGJr
+JDh4YYK+cbK8E9PLV7eb1DvUNjUo19KToQBhaNNMt/n0niE6iU4ph997tlrG7MHu
+mj3n4HOYonYqpUwVlkIlCk11Sz/qnw==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHLDCCBRSgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4u
+ZGUwHhcNMTgwMjA1MjMzNTE5WhcNMzgwMjA1MjMzNTE5WjCBpDELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFjAUBgNVBAMTDVZQTi1B
+S0ItbWFpY2ExEDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3Vz
+QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnWr9AHQw
+4zbOC1o8LehS+GuBUWXNdR9l2VBLtxKlOQ1YOj5N4EfGe7vb7hvasWPghoNWsUDQ
+lVxFRT0hPVqxQQJsZ/GseA6HCdtXxqzJIFuXRcH35zM4HyMy+MF+L7a+7DLsmauU
+/jKSaYxKC01/s0aHrv2JvJYl/KnDYDOUblCJcRqwEOKky8bJKCdU42FcnOynfQNa
+PiJi61I3uxZSi7XzwJJC1chaocpoA+bFXR2JvXv1DP/Ely8Mv5UtTJaFoBqPRGMP
+1Jj4P6CEXLnshVWqoKIq+SW2lds2zrgPVLWxEs8hjz3aMfBQzHfWKEkn84FEA2U3
+2gk3Id22h/9VdunHuNJK/BhsbFMCfi/ohG3KG6iFwFs9qJV2pDpfhddYkj+SjWd1
+YFKjYmDonyCYN8fwMZda8ghkoMCJzaZptSPWJbjsQknHHbwiv6oL2vV2aMK1jSCo
+JfFi4uX7NEa957ukMMsyJoE5b2jxNcP2OGUyS36cMecQmmGmZQ1CoG1BD5dwYfJb
+bRBOw/tTnnELIE0+lmZ23SCNUF0r4MDUvbsCcq+7JR3oSfEIHahS+xjJFJHCLtnn
+LyrJrOvVvfGC5OE7Z8m3P/U4j2W8bUru8gB1X6AzyAKd9DZP+aoRkWQRsAJnRBX2
+TpQ8PBCjKNyxlFbuewQPeJ1D1vMPPGzmcL0CAwEAAaOCAWkwggFlMAkGA1UdEwQC
+MAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQUA5JOPC52IovznOyfsiQfnGvm/GIwgdUGA1UdIwSBzTCByoAU
+JI/+S7CmNXouQlbqZPH7oD/8Si6hgaakgaMwgaAxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkw
+FwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tQUtCMRAwDgYD
+VQQpEwdWUE4gQUtCMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QG9vcGVuLmRlggkA
+1HMStsHmudQwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBAGA1Ud
+EQQJMAeCBW1haWNhMA0GCSqGSIb3DQEBCwUAA4ICAQA62xvIk+QBCtXobEmkG4cv
+jCGYJXH9JRaS5sU0Z1TCgRYOI3u8fYbjpIyvAoAqaa+WmM/FIVxdTK1k6b36/2AZ
+n6ZTR5lS+XYLPfsH/lZ6cLlFMF9enSzgDNJ6GiorWzDjiAnHaSMsQbvCbIVw0bko
+XPxOZ9inO/f51kbJLVs/PnuCWbwNsPPGw45tJyds1e3dRw+bOxGqLZnkcd7r8G6C
+VU0XwY1Vyf0FNvjnA61GYh6/wrL1e0rlyhnGBFWiKN9ZqaR3anJGJZdok0Y87q4S
+91qULeVF9nvJZrTocBGkEn2N8cCxBgA+vvkaxgo1md9ew67Brfn47b3ini2KaBXu
+mmGymXyWbMd1O9Mo1uRR8SoOujq+0usVpFdTrVCebQJesY8kPWCQEtBAfDRQSB0T
+UkEmKH7y2VcAmPV9ab3t0jDOdL8L/bnYFYjUWXfGtH+QvdjtADqMwG3BBdtQF59T
+SdzMfJXm74GY6bDmOaNkQXfN3RhBeQDI+neFnN2FZd2nn6d3qI6nbHwvDpLEtaYo
+3PSYshsiUyx+eAWjISUb0mifNsgGEnxpLfkJJEWcdKZF9fkgHnKtzwtSQ38qkiog
+E6r8Y4ycAoV4vVdLyQoBHXdye08ftX+Jj2OafMF6ON1qEXbUioaTC+07vqE5OLdj
+RJu59FKP9UAr29FBOGDbMw==
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIFeT4JOL9pXsCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECITrZqSnxTbhBIIJUOJXOGNmXjBJ
+V4IOyYpGU0sEtp4A9P/3/cJg7s0AT5R7ULE91IxBBTCDfY7KZNgwgHjAVzL1xpD7
+SsA3JW7D5NT0XX3eWMyCtuLpriyH5qSXUehyn8+AXrdCcafIdhDnM1+FfTUWe7KW
+RGlhznt4J0AYR0v0jSxCXF6fbKV9f5ZYKRsGOUCbWKBco6eu15Jp+LLXbrjpIcyb
+ufWl1X7KllSlPw03FdHP4puTcGHu+VgB3PXF6154ltkR3Lc+fDwCyroKh19Y4ww4
+M6EpqPZ6g9A2GeKkyCe0wxuda9twUFmgr1EolwYF0jjnpW8itLeUvcDztpXklrLY
+JVt9l87xUALaRHC5tZ65c0Urv6NFa9R2pe1RFku+ObzHKRwWEcVnecLQhzr35/D5
+uPEsC6Qk5aVVLDiPSXi42C1ekiN+5MqDLql12aDYapMkSl5gbrDZhTnV3vBIwwuj
+57yd92N9mP07rlgTCkOPJWiqFdsc7wId4zNLX/8pg8mDxnTg0J5XGtEHQwm3ytPT
+oF3ity+wm650hRXlvsMzKnCHpJhYX6z6PXFrin0pZQkUEXPicX4WKMfr8DADoCAH
+nbxXTTsiKLAAtC1u+vrqw7XDerHN7ceF/SglzgyShjc5PF2mIPBDVG9bSUqc2cXT
+xTtlhYAVRaHXowOBahMyzKZFIxogp1mEcVCYmTjxtrQGBuiwL1gArBZeAt36iTmI
+JOvsnibHg4zZHKC+Cbh5pbSXdXQ1zAtRlAVWSFrLyVxTRu0dkqbd85TmtnoQZDUz
+7T8Qy9TxMkXnKrp+6S/7ia0LyMdV6VWEkRXks1NnxHNxNqpG2KNoaAqX6vK7vStU
+qOxaSbGuYoL+sqrppSdHDABtgoV+olZ4cDi/7UFYwwT4+DaU2jTj1y9ZtXrc88m/
+hdRE5HYBXa9vCy2pQGMq0QimQ8zx6FtD+z4rBVNFh4boh8+XKSKPru2T0/DLgVtV
+oS5U6JwzJrir0U8RWz1NkNztvxVHz5D1gHwNvYpUegkTt4j9ohoboPcspW/4ICJY
+mOvx9THXUcxCPZN7DBS8GaRa1EpyaI2cdEra3uh3G6siQB1At3KSHKf5+tsUuVsb
+/TFjnogKy8L5YeFCHxzOJPfnbYXdy7ESQe4AEodO+YAAQUAbafoyk5Pq4I3CVpzd
+aAhPpPA1SjDCCHXZkJ/AgbwDBLtN1iazN1r5WdDvafVEBbaoPXtZFi8/0i69W8qG
+cdG5p/pPkG9OeoB17jtwWxJaA87F96lhTxFZk5e5CvM4xrpF9EPz981d05/xvD6c
+Q7mbjvjyx66yVnoFSPrXda/d+phL0wx9228UXZ4IiGx5zxDr+b6ly3bO33wiXRCV
+owZ9lFkQBrxDcO9JNe8koAIOtTP+4Z+gtbGxR5meV6JpdcImGahNMSsUiwguYnjt
+dyFgUQcoxR5+m9bQPpyhkDEqmF1X1nujR8h9PkM6p8uQvCZNrq0clBudJdKDOp+o
+mXn2o7KawVEna6GvGJONZie4VeMROlse2yNAsxrKzMGWDKGtXbM3P51AFkvnV/fa
+Ap83yrjj9Xmpm0mRUZw3EN2j4Aw5ZRfI19AgMrfjSUBRSRldXSirT6O/NQhMfAV+
++g0uzwzo8xtkmzopUii//aWng1OJL9j8/CFFlqf2m+lg3bk80jj+QJthgR7OOsQB
+fH6S8G/t7r8f0NC629RRZ6KM/2KepQZ+WFzRyEeYQRDW1ca0+BwIXQNilZtAbhsr
+sCLXlZKcNqczfWmLHND+Gg/3W6FN1DXGHPp+3MyawEcAo7VduLb3bBfbmMZcv9y1
+JRbXWsTM5XekIOesqz1WsUcR6MYmiWm+m74GoNuGMWiDMy4UIILSx9V3uEABeQio
+yCOsR0RGFS1MfjX6YAzA4ZrgA88UCHW4tru+K7pRw7L6CVPb4IMPuHWvcmpp+vSq
+hMBh0LSgHOmvjlSk7c5zKsRipR7Y4cPbL/wpNTfJwOBYHxb4xVPhkOWCsQg/ywz2
+JkG5VbmsLxunYFONuV1h5r75+akQwuESnkyOBPLn2mnNThmWEgtEoQEfz6n74Vwc
+mr7LW/9dt7WIc/Ra1iworbv+n9LqhnOJZmkl3hP7KJLb71NDjTk10PRvkNJ0vDqw
+zYklUm4q8ptr6nUrZd9yVf/bXwWrrf/NSEYFQnLiTht1+aJvlUvc1314YALtYG1d
+e6rUXBr+a4blG5WVkaglC5gvPTw3ZdDeZgQ/ipUWxENnGgG24PK75/dJLZPECLRL
+UK0mmNb09jr3XV4yIanfkEYqtqwEWPRm4eLJWVWnwptdHVvdRPBHbwiD25PPMUWk
+8ObIpvaTA1m73xDJea/YkQNO0hKw2i9+wDMeTtSoK6VF077rt03rZrGoHlDYMrO8
+0iLYdf87fU11GQ367w+n9j6qNLbT5LHRIZP5FE9YY81qYl2DoDzBHf78IH5Uut7x
+Y+FbajrBVUwOhmawhVD0Pu8CaRw8rNKmhHabtFSXJCprtEXqinEmTE4L0EOuIi5C
+5IjAuJGAKBVzyt2NrwWazeoHHrYKktE3tUVkvi+sse/wp3PLGxbYvEIQgb8k3HGW
+z18BMj4YfqOsjoR9PQUkG+Wm1yh4YNo5AZLVfXkfTGJcNQhgKqmj2YBdLpxZonlH
+s/rbae2GWz0ePb1gCNvWX6cIl+g02jThGkRNyhn7HFbj/Rex8rdDk8g7NMroytur
+P3o7l3i7KUSpW1utpDrE+PudJg/+mqe2vkKqlatUbMOUmtQM7AMPGRjOTESH4T8o
+j5P0YDrsqDnwfTZ/pWAla6x1SuLceneAqBBoeK3S90D26OXLImMBdgjcX1oBHz/Z
++CfJAz3yKfkD3EWQi7OHAyjdD5KDFhD3YNmFQpxfZX+Zi09Losd+UA7EGalK4ERW
+lmtCvSpcSnQmw5bq+w0bAmvF9P3EIH0OYig8r61/nEqGmvFjB2Yp1vosvjRF/dna
+pxLZVz0fLXkQPgAIsQOMW/iGPX47Fqb05zTLu/PtZYQR3QXsdvtbO3vJHhalY32v
+H45dwbPP5olUeoj6NnxlVOmXn3/zqj935dNxmDJIBLAbtu/uGcXuNNkebAElDHek
+p740XqNjn7Bu/55jtTKsryUdMb8os+IO3iysxHyBvX7Stc7A/HcOJHz956dhZ99h
+lMAktW8kgbpVqVrwhB64ibcp2PU2GV/2
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+5b91b2a91925f7503bb408768cb5053b
+80a9d011f37c13df8297549c485d787b
+6450a5341cd9b5079bf4993cd7724c91
+8ae6953503cf30565dc75025061990c7
+44348470db2143ff80b8ed281d822a69
+a2d67538439c1f04f73df867848f618f
+cc096eb98252e5c7e01a7921803ca4fe
+18a0df2a99aaf15839f598fc5a3f24b9
+17afcfd477d49792ffe450a18b8ad0f2
+a9b1e5bc658e066e461472b2439ad423
+1be921f71ac59a050bc751f681fcd553
+60c4274c640dc56b0e140d5e9e062349
+12bfaa7450b615bbc898f822dd5eb6bc
+f3023bbcd87fb2a18c651dbae4bfbbcb
+5797d4b6c01f0bd700681b308e19b239
+53cfefa995eb4bf57ee985194e814548
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/AKB/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-AKB-gw-ckubu b/AKB/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-AKB-gw-ckubu
new file mode 100644
index 0000000..67c3af7
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-AKB-gw-ckubu
@@ -0,0 +1,3 @@
+ifconfig-push 10.1.82.2 255.255.255.0
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0
diff --git a/AKB/openvpn/gw-ckubu/crl.pem b/AKB/openvpn/gw-ckubu/crl.pem
new file mode 100644
index 0000000..c4cf00a
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/crl.pem
@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC5zCB0DANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0IxEDAOBgNVBCkT
+B1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlFw0xODAyMDUy
+MDQ1MDNaGA8yMDUwMDIwNTIwNDUwM1owDQYJKoZIhvcNAQELBQADggIBAEHFf5Wz
+7q/gyccEWkUQrTlBuDnLUN8U/yDo/esulxKw2u+hE9x/57UIzk6X8HeCdlorP0WW
+YXCHfm0KrSZHeoUDMQF/NdspB8+wKHKcIuAvv3Ji09rvGADGUBCtBDp+hzpbFRvv
+UwrNId3atCyMttFNU6ZkjjfnMxTJeYB0H/KXbGfOrisXKHq7cesjo4H/JFu61m+4
+nig9yjLD7zfSIFPql1G0a8pssN3NPtAfyfpkDaqHE/LU1EAVUH2RQowEZAm/Mrqz
+MyKbxoo0mzC+ymeP5YzdMJBdDK0bcCjSN54jhDhoZH36+D88UVgWGWHwogOXOah7
+R5Xc8L9LDd1vbggErxbfBFxMoP4Rk8wg2Ou4s1jWCJkzDQuCKCaG7npmbA4rRkfv
+jHJEKWPN0v2awNLPcr/xxx3Y09mYew2TEnBSoolUzPDe03xU3jmVqsiM9jfwdz+W
+NX8WA+IzIUrZGfr7k8uPYRak1LNOq1Xkxr3NMbOgJXth/2pvSoT3HFBy4+aLfNxi
+fj2Aplr6QNXSr9/L0XtZdU9qz7aox66feaG3q/OtXUtT8249WXJ9JHnz0vnQdWzU
+GRA9fH+fR0lP+MajiFy+Y7HNgzJPTHk6gOySjTRdaCyP0NTn0G5q/XTmpSq9E2wt
+bcvE+k05ahe4l04R7OIm9zSC8hHqlWHdJYEo
+-----END X509 CRL-----
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/build-ca b/AKB/openvpn/gw-ckubu/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/build-dh b/AKB/openvpn/gw-ckubu/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/build-inter b/AKB/openvpn/gw-ckubu/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/build-key b/AKB/openvpn/gw-ckubu/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/build-key-pass b/AKB/openvpn/gw-ckubu/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12 b/AKB/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/build-key-server b/AKB/openvpn/gw-ckubu/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/build-req b/AKB/openvpn/gw-ckubu/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/build-req-pass b/AKB/openvpn/gw-ckubu/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/clean-all b/AKB/openvpn/gw-ckubu/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/inherit-inter b/AKB/openvpn/gw-ckubu/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/list-crl b/AKB/openvpn/gw-ckubu/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf b/AKB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf b/AKB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf b/AKB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..30689ad
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG b/AKB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
new file mode 100644
index 0000000..c301e44
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/openssl.cnf b/AKB/openvpn/gw-ckubu/easy-rsa/openssl.cnf
new file mode 120000
index 0000000..929baa7
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/openssl.cnf
@@ -0,0 +1 @@
+/etc/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/pkitool b/AKB/openvpn/gw-ckubu/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/revoke-full b/AKB/openvpn/gw-ckubu/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/sign-req b/AKB/openvpn/gw-ckubu/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/vars b/AKB/openvpn/gw-ckubu/easy-rsa/vars
new file mode 100644
index 0000000..9b70f40
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/vars
@@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/gw-ckubu"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="o.open"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="argus@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN AKB"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-AKB"
+
+export KEY_ALTNAMES="VPN AKB"
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/vars.2018-02-05-2126 b/AKB/openvpn/gw-ckubu/easy-rsa/vars.2018-02-05-2126
new file mode 100644
index 0000000..e60420c
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/vars.2018-02-05-2126
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/AKB/openvpn/gw-ckubu/easy-rsa/whichopensslcnf b/AKB/openvpn/gw-ckubu/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/gw-ckubu.conf b/AKB/openvpn/gw-ckubu/gw-ckubu.conf
new file mode 100644
index 0000000..65f28ba
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/gw-ckubu.conf
@@ -0,0 +1,257 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-akb.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGzDCCBLSgAwIBAgIJAJ2nraWZ6Z+uMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwIBcNMTgwMjA1MjAzMDM3WhgPMjA1MDAyMDUyMDMwMzdaMIGeMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
+AxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3ELr
+25xiRgZY6TlrEyKW4z26lI0B/f3q4NcgbZee+6XMU4mLyfbxMDowyfxs1QdhmVZX
+H4aFhfpge25w4V4XEgslYHV4Tx6fN9jlA5EAwusByayiq2YZ/ZrAqsaSK25atH/E
+US3tS/bthj4Tt1DGSmXJzVP2d89vDbfdk82lKTBdtlfbnL+zLG8NmL1NHeAGel+B
+kjHRMXo8m+04Zcq6xykBQZ2/lfS1jhqCUygCyub3moHTCTVmkfbKm9qWrqBMVTbn
+c5ld3G2TTjuRYVsYGzgnFHPrHtqMFgJOYgS5CIZ2mTsYgAaREt4IPDu5oIC+oe4X
+iErcIJoCO1NEsuHkuchvWhqRoSaqVOT1bRdVc+v/pfVkRVBb+VOeVQUG78LHRpDx
+LMx48QtN2P0HY2mdQK1FWZetFo0ncJvmjnFWqV3ZdWwWJmeXGCU+pNmokcP2wn6b
+zJ9lhtntS5IWqlAWUIUfJEXL+FbRbCCFG5reKcdSoNHFBewvcRfg5wPz6cMQDHXd
+B03168HJSVb8mB76bmBmc+zsLIFoCm7kepm+uzpY0//Uz0WXXXg6OI/zhBSECng6
+hamvri9k6uAeoyVjKJVpG2tALMmYcC2ygxYuFi5mbYg41eAMfBwAtK6sWdLy99qz
+sLWze8fwl8wHJhfHlLTQrLpMz0lpnjDtVOyP1wIDAQABo4IBBzCCAQMwHQYDVR0O
+BBYEFHxCgucD6wWX5p49FMX/rCWhuAzoMIHTBgNVHSMEgcswgciAFHxCgucD6wWX
+5p49FMX/rCWhuAzooYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBO
+IEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCdp62lmemfrjAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBwmgxFIhkxilpGef3bjiAH
+yyP78nFOtrQb0lb640pySl07F/2xHTYOPb/TECNzQR8no9aNGZHQlvwEdgLdIrDE
+I96AwMfhvVqducsXtR7xjX5YV1Dpa7Yqvt10teuhuPtnXV/ClNaNnFMAlJtnw6bs
++6cGDATRmizu/lZiHnuzG/ANr9AtMOp5R1yw3vPn/Fx6lQ/M4sKxJg0FrJDMvhDh
+sFbHA2T+u1Ke7z4BjSFAWb2tTDWfcffBuQhLRYdG0R3RgsZIVP9dtrdrKRAsdIHC
+FxL9IHr4mlS3VHqtcyXxFlVhOZsQ5KVt4hFUPgMzIEnFq+T+Q9YXnYM72g1An9d1
++Y5YBkhPZONrmUE2zDjdk4bSy58h9xdSCAyziRvKomtrqx0CDOTJyTqPYjWsLCFu
+xer7bvoWGw1bfC2+5TgcLlCqRtGbgeCj3NJ9xHcv5ZP4PVC5VhmewYJFsDiDEfw7
+GOc8y5liXX/+YoJjEHrPwMS/QN7mDH60JdXngm7BafQa29mw3GQXwWlLvfFekMXe
+DtkRyz0a0FsplnwOScDCsuA0RrJD8T/iUNW6ecdXwwFY5vl8/NhZx2wBnchsBO+z
+/Aw8kwc9X87NVqIrJVh2i4UWBo/bAlKSTHY2/i+IeMZf2oXhc6yyleXk6jbZ4b2t
+KIajjnXU5P26nFWLP8IiIA==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDIwNTIwNTQ1NVoXDTM4MDIwNTIwNTQ1NVowgacxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tQUtC
+LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gQUtCMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKpSg7Om
+QQO8vMdmYcgOqYwpz3BSRDDjQJSnKwlNXanVLR8t5ZJQtJKLqUsKo8CC2jyBZQrN
+kusVwz5ecKbuyDPnDhl4ra6mCWTQnxKhUX2e9DtK7W0gc8HZ8TAa9tJt2tcKpX7S
+MNeEwYETPhQk9rUUxxkynIfr38n8nodyVdtFo/nhhlsqyZO4UHLPhC5Op/lPPvzh
+Ioz/I66GquHcwX+bfszWlOw3DJeAXw+qPMyjpOzQbsAzqEXHgDY84/4G+safqD2Z
+l4UsoAIbEpdSmHF+blkiuXllT9cZ7l3RIxP4pC4c+NoWZFe5Uve6dv11TdREAzhi
+PFI1og3c5wGIRbt757687oJ48Ou7w+MKfoGB/ErjrSrItX8CEMO3u17hgQzzGZ/u
+iK/zSR0jTUuTnf2hFByXnR89YqXrEWg5Uch755cZPXzx2phniffQndNzTJcPJOr+
+LpxpndzInEqC31Q8ZDUgQ/1Xv0or6ePzpTuxt9VKiA16Zn83RzO8ZIR60lO1+VQP
+Uxc+oeZLp+AfbHBHO/yqNws0V4vYOo1XtUN/Uj3jFkYnfcaH0iQTXIR/aGUz6rMO
+tuA5e3Y9i8qBpwnDQrG7RlBtOr1Nrrue15yTaEhPHKzBpBYWhbsIyJuBwBdxh96X
+QkBgEyKRTYUAge0VS3DD9dkdLgsbst1Ed1ppAgMBAAGjggFqMIIBZjAJBgNVHRME
+AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
+dGUwHQYDVR0OBBYEFOK0KTR2vda8ZJ/b0eqc0wAVmCA3MIHTBgNVHSMEgcswgciA
+FHxCgucD6wWX5p49FMX/rCWhuAzooYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
+MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLUFLQjEQMA4G
+A1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCd
+p62lmemfrjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
+BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBABfYhzlm8VjYvuZwySkA
+9mR1xblTWn/E/d8r0BR8E1ra9bi5jGqYrIzyoCNNFdL0yjvXGNHZIwN0sn22LlC1
+1ikhaWV3WcQhtAT91NJfcXr2tk8xOhmIeGlmHBPW8VwwLjl/6WnUEK0PB7skYjq9
+iS+ftC5lFNXFCvaJpReC0HGEoo8nf17PKoktzKFWNb0m6UtS8i8QmHcm+SpqHW7b
+kbgGioVYbPrkjpySFigQVu3E4Siu2MO2Z9O8y7kutXzwhCom5zBPAkUrvYchl+IX
+AXF3MY/dFaxMezt+SubuTWpvH2cbxdfEusNFbG/bC5NywR+0wAKiM/gySb+TfeB+
+0NPEQSDYm6stuTCrC8bu20CevLnQhzI5QsBDi3xc+I0g0aER7uJCQ5ajUtjpM8qy
+0Toph7IEzQP1JQnsroNlbdI4QI1anACziCYgToYTvLaDaUulMpzGOKMiP6lXDUfy
+nggOubzmWcei6syfxWizdkEJeAeHGrlcsJYMyza5PCExNodjuiUUOVrZGKZYLqsR
+2kMysKxFO8x81EBhK7fSJ4wIvM/koKKKSDozTWDTbOA7cWjRYWPIAoA+c7sB7VKd
+bdGCHVQVH5/YUXHIEbjM24ZYVP7UX8hQWtfxDOYHL8gSRSncI6T9HXs0p1Mlh0eQ
+kJdQyX6Vs+d2zTzAbPqICNGM
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIrroJRG8KWNgCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECADohDo0yZ+5BIIJSJ+akpQD4kl1
+0K+EMwYmNiqrlC1VpdMMFVEKYL34uhieaWkmhPdmlo5RXggBkdzsKb9V6veIiWBo
+i7kF8ywMBzR8xP9hqE/1V64vlsz2YOi0jS55CgAL/g/vtWV/lXHecgCjLgytlkrP
+Zsj/cb65XhpnEWP2fFilUAU14K2/5ecJce3kAWMbSBnms9fMXN6uIsdr+J39KaYn
+thsTaH7zOfOOeqhvc5g9hcTl248RgQhpDPzCsGqOvKvzdSiKbPPxFSveNE5L8Siv
+Zu0g7PvGincOw4AiNwizy1VgR2UTEagmQvqAiI1aBxP6jvePnn0CoG+DAnPlhyMk
+Ei2uQ76USFtC3DBFpzfg2NU5pubq90dq0Zgdc4LUz9czwE5XUFXShQ70BGqLHvYG
+clSMu3D0lodbQ0Cdg10hCKesNz4i+T7Z7xkvEERB1v7p564qGrn7NAb5tb6JmxlR
+wHwS6zsaLzAymNSdxh87hlpupXn688HUSn51KKwjVYnJxyYSAIzkNRQ1LVwzS4TJ
+R81J6GpPawKzFGZYnvdbLw72ohyLu8D6d7NMLR/Fc/pYT/QgoH801DeseSpaDd/h
+RFr0ax3EA7MDnFQfmv6m+I9OmhTX+qdhFHtRolW+NUGAdXHFun34+cuIy5hPP3OT
+FyW7vAE0gQN2zgllJcIUjz2Xd9PzoX/tsuh0/RTaj1sEAQhlENfhDfz5GFHSHYbS
+fTCLLHR7YISlqUwSH0TdzP2/vsh283iqaQJL+OLfwquTDONDekNtoiIG7HlB6dQr
+9ni9wg9lO8fGRbFsN9DrJ1vJcJN5CmY+fE77BNJV2K6J/9EX1wOKp3PaTFTFOjqy
+tp2K/M4BTT+JVG6sC2gcDgHYg/2pGTc+YxaKyFVziP7rFQ0plzB1GqrFOGeaSDkH
+7VfuUbwlTtohiToL+Fc7sbKV95bcjtug9o9bxdzTPikd5E0gAqOLwJ2bqgFBYZFl
+t/Ohm8BBwnKuJqKMJXSHvEDFTM9e6VaTVKD4r+7lI9Ng8h89ergjBUdRxB0I/4PE
+g7HvzcXm8Vru8U7LmfCR3KKBtfwNN3n0v9pFk4D24pMRX4o+SD+INDVaoZ/Dswqp
+sI75SngxgOXdvP5x9F6LiTklZ+jxciYsVzb5f3CqkjQ57990Dxyt/+EveQBO4yLb
+Hnzw9wYcunqsiRmhzKfkkHwHAYmGggtWWaZN7qhLPFgvmtt+Tkf6Ord6FWlEpr6y
+5dzHds5tqH/v3Tv4NsTp8bLWqSACVoZ4tKbiv/AijVGar7hiHS4sJ+ty8q7TriNM
+46TxQ/iyxQ+4ycfE0yv6MIYv3g135X8lZJfP0gK5wv5sdtgppUcHpySngJv1Se2+
+KGS0WjQ9ZqlBFl2V2eJcSRzHRh4351BnoGYsogBrMxUUuFvHho9BkP+fPPkCna6V
+S8f7AKb1YuyfeNrq9dLW/5FjaSI/or6VGSv62LBUXXGflFQgu18IZ6eNkzgir0Bi
+bdPBiUjnYxTVbfEaxP2CGCuPyG4AQhkbjciyHj5fuQkXIq4e6x91u3FVRHu/LOwN
+zjWYs+JhgVzWlH1S2qTaO1LplMt1mG6TXFEouC+qkZ6Os+Tk8jPfUj71/ffh/p73
+We9RMPEdvBnOQXRlIJQXa14QYQ218POC2LSD23aWqPdDsssIwpxOKBJHuRqBZWd2
+0VK6YpFubZtJW4Z6DKoc98exR+JU3y9ah2V2G7poE4m9V7Np/PjGJ5zLPtx4GhFO
+Xr2D6FK26IGUQlO9G+iErvIOeo6j1GJw85HfDY8+wGFNrPmYXXDbkbgwKhcg86Oq
+hBh9Zd6P4J7cvtps8A0+F/ROWalmb06TOSZ62lHrJZpnMuI4enSLh7fq3gfPLKgc
+MWbxw9Td9LxGt4So4sg8QT2uKlVDDpsP81Jaz1wK9H71GZ+cKhYs4nEQChSPGh2f
+XcpV0/CM855FsRTXOpbNHi9rj4jUWOYRkpF7nCdEiGxBDQ5mMdzQ2j+wWUpCl4XH
+oD39DVsEmDvRM4fIoYfiurZB+ByWfNwQ5uWcLqexapu+MzVgzEZd+UcejmmlLc0E
+BV3U/DgoRoI4zkpRMzKeRMdKFZ93HjHETrSISfqvulOqgA/FsWCoSt3OSxlYQ+vm
+bS8gFuF7FuadfQpZ+9wnsrVceNL4bgaZ8jB2wYLPJ+YGz16DtRkfp24gYPSfKfeU
+LuhWbKrRE3MLlMSsjtdrLMUW5nxttdDyxbOj9lBezA+LEiiQGP5Wv10wWyjaAFTg
+UCAfWr2oP1WH/lXmIqDYD6zgZEgb2rRmnpeZGbzB5xKYTp97YeKxg/kuPIl9Tf5t
+GKYUPp5wO6PEkiHDCyCC8cyzs54pAwMBZZkuNcMZ0vse1FcBFZ8YjEwuxRnVMHdJ
+3ZEi1b/kHTWDgH1zvj9pHbT+p1DZmZakV6P+gPxkvcLyzb9Zkt4pWQ6PbmZa6q/c
+dYDQExeB/tEiGBn+nb5mYbjhGm8kkokK3lbRRuoqCG/cNBDeGYGNU8q6EabbrSGQ
+BU1s4Uda/kHzXXmHxphV8P6luvh/aI56RHPVzj3tDBhNBZXjsIm8vyLi1jd5Y/AD
+vzg1Vkhf0AAZpSA6w4uTj+/JCVR8ksitXuDNit2iEWcFHmz6vtuKw78lB8VkpI1s
+Y5WmXsZbdWsp66GNWcA5MmBRBb7vd1idSfbw9yRLuiZAhVAmlGpVbSUplfTe4wOi
+lDfAZLGVbfvdjWIR1fY5QzJBckfSe3QuuHPmsa+qTLlYbZxWeO01JfoWBADwIa28
+otFSYOi9gLAIHOHuRTB4uGZZ1R2B1HjDOx+VFfkpuzUvevG3sA7VZGP7KlvtJ4TJ
++f1KvxBkQoVK0e1dKOFJfqsUDUt+hADQt3fpSpw/x+AROybuynbtJV5oC9/VJG76
+7n3dkmZ/07ALJ1vATwMK3/XUW/JNVKjmS87/HkqvpPYlgHK1avwWvEf+Y/0LM6VM
+mfEi3ZGo6yGye9O1f5ISRdNpXkFRTYTpOpxGL7vGy7JnGE8ZEpkqHREbqptw34I9
+I0DuWszHoohU/MNfXUYIIssmWi54iwN8DHDWoh3bNMmEtLEOzPFGk4016yGpXLea
+zrMG2XcHwgwX0S/qORDLR4N826diQqrd49V0yjBnqCyAtIlOrW0l7oAqaJK5eaeO
+k5E/xOQ9MK94fdI8ahT+Bw==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+ea4b0c3c2469d8119fba1b968f7a3ac1
+97af13fc4b4fd1d7e6e3aa6b6513ca98
+0acee9fba071da555f9ce14d6642e20a
+452192aada6a80e73dc62c3103c780fe
+8b5df3a054ba1e86d01bb880defbac93
+f061ebe4cf87f5c123ec49ba82f50e1a
+e83290dfd4debeba063e3ca1c5f37bac
+457184dea9a1a97a053ada58f63b7c1f
+1de01ca49f3789716e8df654727e4ee4
+77d9b182ba174ef871d72ea2bf82d25b
+8d02b7a783324263e03229c0852e712f
+950c0528985bc1050145f6e1a2379466
+11058027d0373a920718c5a5b2f9177c
+94365214e24022b2c34d51f25b008f02
+8a198e2ae5910e83120b533853bc47a6
+2a579fc8df42a997fa4e4854fcf1608a
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/AKB/openvpn/gw-ckubu/ipp.txt b/AKB/openvpn/gw-ckubu/ipp.txt
new file mode 100644
index 0000000..a42f54b
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/ipp.txt
@@ -0,0 +1 @@
+VPN-AKB-gw-ckubu,10.1.82.2
diff --git a/AKB/openvpn/gw-ckubu/keys-created.txt b/AKB/openvpn/gw-ckubu/keys-created.txt
new file mode 100644
index 0000000..a59c9e2
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys-created.txt
@@ -0,0 +1,4 @@
+
+key...............: gw-ckubu.key
+common name.......: VPN-AKB-gw-ckubu
+password..........: Boox9caegaijie4pihu7bu8gei0quo0h
diff --git a/AKB/openvpn/gw-ckubu/keys/01.pem b/AKB/openvpn/gw-ckubu/keys/01.pem
new file mode 100644
index 0000000..458dfcf
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/01.pem
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  5 20:44:53 2018 GMT
+            Not After : Feb  5 20:44:53 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-server/name=VPN AKB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:9c:18:9b:81:a2:15:07:04:d9:1d:c7:a9:5a:03:
+                    d4:a1:90:97:43:f2:6c:65:5f:da:44:77:df:a0:f9:
+                    6d:be:85:c0:3b:6c:08:b4:37:16:55:fb:47:0e:6e:
+                    93:de:5d:c2:f3:a5:09:d8:e9:a8:86:f7:ba:68:e6:
+                    94:7c:1a:7d:32:e7:44:e4:86:cb:8c:5e:5c:2e:7b:
+                    ed:f4:31:12:34:95:31:44:56:de:8e:df:3a:a1:09:
+                    b3:59:c5:b1:c9:a2:ca:7d:bf:b2:1f:a9:36:7c:70:
+                    6f:76:6e:75:9a:72:bc:80:19:50:88:ae:a6:fe:05:
+                    7d:31:df:ba:23:d3:fd:7a:3a:ce:56:a2:0f:72:33:
+                    0c:7d:3d:33:c5:a6:14:99:43:77:2e:e6:17:be:36:
+                    c2:57:b9:ff:fe:19:92:db:74:a0:e3:17:01:e4:0d:
+                    48:50:d7:a8:0b:be:46:fd:65:ba:aa:de:56:5d:9d:
+                    6a:c9:77:d1:f4:4f:69:f5:7a:7e:b6:77:79:6f:66:
+                    b9:e4:ce:e5:d4:25:52:d7:6b:f1:b2:23:e0:c2:08:
+                    be:32:a8:3c:b1:31:fa:cb:31:cc:de:8c:4b:0f:07:
+                    e4:40:95:c6:d0:73:8d:47:e0:43:2e:c3:a1:59:cc:
+                    d3:06:8a:80:cf:81:dc:78:04:67:66:bf:a7:d3:ac:
+                    4a:0e:ab:de:32:fb:98:fb:80:41:af:4d:66:39:ea:
+                    e0:3c:bd:bb:82:76:82:92:7a:f6:1e:78:64:f5:a0:
+                    24:be:ba:44:60:0f:be:b6:34:4b:6a:e9:3e:0a:87:
+                    63:c2:fa:87:14:cc:85:59:e7:33:c6:95:47:87:e3:
+                    d9:07:af:39:b7:89:68:5e:90:bc:ec:12:d1:f2:11:
+                    50:ce:90:bc:90:3a:9e:80:a9:55:66:51:e3:da:e3:
+                    18:1c:a1:5b:1f:ae:ed:95:96:01:eb:25:5a:9f:08:
+                    93:19:b7:92:0d:3d:f5:b4:db:f8:4b:3a:f7:24:fc:
+                    74:14:ce:1d:fd:2a:d8:37:fc:92:8a:c2:b8:38:f8:
+                    f8:86:6d:29:5f:41:3a:43:18:7d:dd:67:23:18:64:
+                    e6:68:21:a0:f2:0c:dc:03:eb:b1:52:dc:51:b5:c0:
+                    fa:8a:51:f6:52:21:b3:c8:91:53:31:b4:af:f2:dc:
+                    bb:5b:9d:c9:e5:20:be:fd:f0:08:c8:f7:f6:82:22:
+                    07:30:10:3c:74:3d:cc:d6:2d:0e:92:c3:c9:bb:78:
+                    d7:5e:61:14:42:04:59:c4:2c:94:d3:d4:3c:5c:54:
+                    36:03:0a:e9:fe:3d:51:1e:7f:40:9d:59:89:75:5f:
+                    df:a5:8e:63:18:d2:ff:2c:5f:a2:41:21:7f:31:84:
+                    8c:9d:5f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                99:27:8E:30:AC:A5:B3:56:72:5C:80:3B:9A:53:D3:54:9B:B8:F7:0A
+            X509v3 Authority Key Identifier: 
+                keyid:7C:42:82:E7:03:EB:05:97:E6:9E:3D:14:C5:FF:AC:25:A1:B8:0C:E8
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
+                serial:9D:A7:AD:A5:99:E9:9F:AE
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         9e:b0:7a:60:42:08:29:e8:49:ae:5b:f1:72:c6:c0:64:4c:0e:
+         a0:d2:31:8d:7e:7b:b6:00:9a:6f:b7:07:43:23:54:ea:0a:63:
+         a0:68:30:54:c9:64:8b:e7:bf:58:08:fb:62:ee:fa:6f:8c:f1:
+         25:3c:6e:bb:32:2e:eb:59:19:36:94:df:a2:4d:37:71:51:db:
+         b7:02:1a:b1:b2:86:44:15:68:39:95:d1:67:81:da:ae:64:d4:
+         f8:05:d9:81:47:d0:f1:87:e6:c0:2d:fa:aa:19:ee:70:d4:29:
+         68:5e:67:d6:4d:b6:f8:cc:38:56:34:50:59:b4:4e:e5:4b:79:
+         81:f7:0e:62:83:3a:c1:b0:03:50:d5:27:f5:99:4d:01:92:b1:
+         70:9c:cd:95:62:6b:2c:b2:34:f0:b6:ad:d7:1e:f5:22:cb:eb:
+         eb:b6:2b:33:5e:8c:56:85:fe:38:c4:94:14:30:77:ee:cb:d8:
+         03:f9:3d:50:b6:92:9a:9e:59:0b:99:95:e6:83:de:5e:03:08:
+         e6:75:12:0c:89:d1:59:29:0d:db:6e:cf:9b:1a:b5:88:ba:d6:
+         d7:c3:ca:0e:31:33:3f:7a:64:ee:c7:80:09:c2:52:15:aa:1a:
+         d0:df:96:1f:c2:11:ea:6f:39:46:15:58:23:f0:d3:b8:a8:26:
+         41:ae:cb:1a:f8:43:6f:5f:2a:84:b6:d2:71:f3:b5:94:f4:6a:
+         c2:61:8f:9a:64:e2:71:43:06:c5:a4:b9:48:95:29:41:37:c1:
+         3e:9f:56:97:ca:81:dd:4d:0c:35:5e:fd:bd:4c:7c:30:3e:fa:
+         f1:24:70:8b:a9:f3:d0:d7:0d:04:b7:67:0f:b4:4f:e4:a9:96:
+         02:9a:6e:7a:9d:76:90:fb:9a:5b:f8:0d:7d:03:b4:94:39:9e:
+         a8:c6:65:b9:60:86:c5:99:4d:c3:74:08:1f:24:31:04:df:3e:
+         f3:e8:f3:1e:3b:bf:ac:bf:2a:43:f3:41:5d:27:5b:d3:9f:7a:
+         60:a1:60:a1:5e:01:a5:1d:42:38:38:1b:00:66:d1:6d:da:21:
+         a0:e3:27:da:8e:4d:1a:b3:33:ed:28:9a:62:b7:21:3b:fd:3d:
+         66:1e:50:b8:77:24:99:ca:0f:c9:0c:cb:22:17:60:63:e5:29:
+         cd:5b:c3:86:85:73:72:08:b3:6f:90:cd:9f:13:8f:8b:33:97:
+         f2:fe:e9:fd:fd:1d:33:6e:06:dd:dd:1a:36:6e:6a:63:3e:84:
+         20:5c:08:89:f8:bc:b1:84:b9:6c:70:ea:bb:6d:58:1a:db:a9:
+         cb:6c:2b:61:1b:ee:11:94:d8:6a:56:7f:23:ec:57:fd:38:df:
+         2c:7b:dd:b0:58:3b:7a:9d
+-----BEGIN CERTIFICATE-----
+MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDIwNTIwNDQ1M1oXDTM4MDIwNTIwNDQ1M1owgaUxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tQUtC
+LXNlcnZlcjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCcGJuBohUH
+BNkdx6laA9ShkJdD8mxlX9pEd9+g+W2+hcA7bAi0NxZV+0cObpPeXcLzpQnY6aiG
+97po5pR8Gn0y50TkhsuMXlwue+30MRI0lTFEVt6O3zqhCbNZxbHJosp9v7IfqTZ8
+cG92bnWacryAGVCIrqb+BX0x37oj0/16Os5Wog9yMwx9PTPFphSZQ3cu5he+NsJX
+uf/+GZLbdKDjFwHkDUhQ16gLvkb9Zbqq3lZdnWrJd9H0T2n1en62d3lvZrnkzuXU
+JVLXa/GyI+DCCL4yqDyxMfrLMczejEsPB+RAlcbQc41H4EMuw6FZzNMGioDPgdx4
+BGdmv6fTrEoOq94y+5j7gEGvTWY56uA8vbuCdoKSevYeeGT1oCS+ukRgD762NEtq
+6T4Kh2PC+ocUzIVZ5zPGlUeH49kHrzm3iWhekLzsEtHyEVDOkLyQOp6AqVVmUePa
+4xgcoVsfru2VlgHrJVqfCJMZt5INPfW02/hLOvck/HQUzh39Ktg3/JKKwrg4+PiG
+bSlfQTpDGH3dZyMYZOZoIaDyDNwD67FS3FG1wPqKUfZSIbPIkVMxtK/y3Ltbncnl
+IL798AjI9/aCIgcwEDx0PczWLQ6Sw8m7eNdeYRRCBFnELJTT1DxcVDYDCun+PVEe
+f0CdWYl1X9+ljmMY0v8sX6JBIX8xhIydXwIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
+ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
+bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJknjjCspbNWclyA
+O5pT01SbuPcKMIHTBgNVHSMEgcswgciAFHxCgucD6wWX5p49FMX/rCWhuAzooYGk
+pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEQMA4GA1UEAxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQCdp62lmemfrjATBgNVHSUEDDAKBggrBgEF
+BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
+CwUAA4ICAQCesHpgQggp6EmuW/FyxsBkTA6g0jGNfnu2AJpvtwdDI1TqCmOgaDBU
+yWSL579YCPti7vpvjPElPG67Mi7rWRk2lN+iTTdxUdu3AhqxsoZEFWg5ldFngdqu
+ZNT4BdmBR9Dxh+bALfqqGe5w1CloXmfWTbb4zDhWNFBZtE7lS3mB9w5igzrBsANQ
+1Sf1mU0BkrFwnM2VYmsssjTwtq3XHvUiy+vrtiszXoxWhf44xJQUMHfuy9gD+T1Q
+tpKanlkLmZXmg95eAwjmdRIMidFZKQ3bbs+bGrWIutbXw8oOMTM/emTux4AJwlIV
+qhrQ35YfwhHqbzlGFVgj8NO4qCZBrssa+ENvXyqEttJx87WU9GrCYY+aZOJxQwbF
+pLlIlSlBN8E+n1aXyoHdTQw1Xv29THwwPvrxJHCLqfPQ1w0Et2cPtE/kqZYCmm56
+nXaQ+5pb+A19A7SUOZ6oxmW5YIbFmU3DdAgfJDEE3z7z6PMeO7+svypD80FdJ1vT
+n3pgoWChXgGlHUI4OBsAZtFt2iGg4yfajk0aszPtKJpityE7/T1mHlC4dySZyg/J
+DMsiF2Bj5SnNW8OGhXNyCLNvkM2fE4+LM5fy/un9/R0zbgbd3Ro2bmpjPoQgXAiJ
++LyxhLlscOq7bVga26nLbCthG+4RlNhqVn8j7Ff9ON8se92wWDt6nQ==
+-----END CERTIFICATE-----
diff --git a/AKB/openvpn/gw-ckubu/keys/02.pem b/AKB/openvpn/gw-ckubu/keys/02.pem
new file mode 100644
index 0000000..4c2f939
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/02.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  5 20:54:55 2018 GMT
+            Not After : Feb  5 20:54:55 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-gw-ckubu/name=VPN AKB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:aa:52:83:b3:a6:41:03:bc:bc:c7:66:61:c8:0e:
+                    a9:8c:29:cf:70:52:44:30:e3:40:94:a7:2b:09:4d:
+                    5d:a9:d5:2d:1f:2d:e5:92:50:b4:92:8b:a9:4b:0a:
+                    a3:c0:82:da:3c:81:65:0a:cd:92:eb:15:c3:3e:5e:
+                    70:a6:ee:c8:33:e7:0e:19:78:ad:ae:a6:09:64:d0:
+                    9f:12:a1:51:7d:9e:f4:3b:4a:ed:6d:20:73:c1:d9:
+                    f1:30:1a:f6:d2:6d:da:d7:0a:a5:7e:d2:30:d7:84:
+                    c1:81:13:3e:14:24:f6:b5:14:c7:19:32:9c:87:eb:
+                    df:c9:fc:9e:87:72:55:db:45:a3:f9:e1:86:5b:2a:
+                    c9:93:b8:50:72:cf:84:2e:4e:a7:f9:4f:3e:fc:e1:
+                    22:8c:ff:23:ae:86:aa:e1:dc:c1:7f:9b:7e:cc:d6:
+                    94:ec:37:0c:97:80:5f:0f:aa:3c:cc:a3:a4:ec:d0:
+                    6e:c0:33:a8:45:c7:80:36:3c:e3:fe:06:fa:c6:9f:
+                    a8:3d:99:97:85:2c:a0:02:1b:12:97:52:98:71:7e:
+                    6e:59:22:b9:79:65:4f:d7:19:ee:5d:d1:23:13:f8:
+                    a4:2e:1c:f8:da:16:64:57:b9:52:f7:ba:76:fd:75:
+                    4d:d4:44:03:38:62:3c:52:35:a2:0d:dc:e7:01:88:
+                    45:bb:7b:e7:be:bc:ee:82:78:f0:eb:bb:c3:e3:0a:
+                    7e:81:81:fc:4a:e3:ad:2a:c8:b5:7f:02:10:c3:b7:
+                    bb:5e:e1:81:0c:f3:19:9f:ee:88:af:f3:49:1d:23:
+                    4d:4b:93:9d:fd:a1:14:1c:97:9d:1f:3d:62:a5:eb:
+                    11:68:39:51:c8:7b:e7:97:19:3d:7c:f1:da:98:67:
+                    89:f7:d0:9d:d3:73:4c:97:0f:24:ea:fe:2e:9c:69:
+                    9d:dc:c8:9c:4a:82:df:54:3c:64:35:20:43:fd:57:
+                    bf:4a:2b:e9:e3:f3:a5:3b:b1:b7:d5:4a:88:0d:7a:
+                    66:7f:37:47:33:bc:64:84:7a:d2:53:b5:f9:54:0f:
+                    53:17:3e:a1:e6:4b:a7:e0:1f:6c:70:47:3b:fc:aa:
+                    37:0b:34:57:8b:d8:3a:8d:57:b5:43:7f:52:3d:e3:
+                    16:46:27:7d:c6:87:d2:24:13:5c:84:7f:68:65:33:
+                    ea:b3:0e:b6:e0:39:7b:76:3d:8b:ca:81:a7:09:c3:
+                    42:b1:bb:46:50:6d:3a:bd:4d:ae:bb:9e:d7:9c:93:
+                    68:48:4f:1c:ac:c1:a4:16:16:85:bb:08:c8:9b:81:
+                    c0:17:71:87:de:97:42:40:60:13:22:91:4d:85:00:
+                    81:ed:15:4b:70:c3:f5:d9:1d:2e:0b:1b:b2:dd:44:
+                    77:5a:69
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E2:B4:29:34:76:BD:D6:BC:64:9F:DB:D1:EA:9C:D3:00:15:98:20:37
+            X509v3 Authority Key Identifier: 
+                keyid:7C:42:82:E7:03:EB:05:97:E6:9E:3D:14:C5:FF:AC:25:A1:B8:0C:E8
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
+                serial:9D:A7:AD:A5:99:E9:9F:AE
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         17:d8:87:39:66:f1:58:d8:be:e6:70:c9:29:00:f6:64:75:c5:
+         b9:53:5a:7f:c4:fd:df:2b:d0:14:7c:13:5a:da:f5:b8:b9:8c:
+         6a:98:ac:8c:f2:a0:23:4d:15:d2:f4:ca:3b:d7:18:d1:d9:23:
+         03:74:b2:7d:b6:2e:50:b5:d6:29:21:69:65:77:59:c4:21:b4:
+         04:fd:d4:d2:5f:71:7a:f6:b6:4f:31:3a:19:88:78:69:66:1c:
+         13:d6:f1:5c:30:2e:39:7f:e9:69:d4:10:ad:0f:07:bb:24:62:
+         3a:bd:89:2f:9f:b4:2e:65:14:d5:c5:0a:f6:89:a5:17:82:d0:
+         71:84:a2:8f:27:7f:5e:cf:2a:89:2d:cc:a1:56:35:bd:26:e9:
+         4b:52:f2:2f:10:98:77:26:f9:2a:6a:1d:6e:db:91:b8:06:8a:
+         85:58:6c:fa:e4:8e:9c:92:16:28:10:56:ed:c4:e1:28:ae:d8:
+         c3:b6:67:d3:bc:cb:b9:2e:b5:7c:f0:84:2a:26:e7:30:4f:02:
+         45:2b:bd:87:21:97:e2:17:01:71:77:31:8f:dd:15:ac:4c:7b:
+         3b:7e:4a:e6:ee:4d:6a:6f:1f:67:1b:c5:d7:c4:ba:c3:45:6c:
+         6f:db:0b:93:72:c1:1f:b4:c0:02:a2:33:f8:32:49:bf:93:7d:
+         e0:7e:d0:d3:c4:41:20:d8:9b:ab:2d:b9:30:ab:0b:c6:ee:db:
+         40:9e:bc:b9:d0:87:32:39:42:c0:43:8b:7c:5c:f8:8d:20:d1:
+         a1:11:ee:e2:42:43:96:a3:52:d8:e9:33:ca:b2:d1:3a:29:87:
+         b2:04:cd:03:f5:25:09:ec:ae:83:65:6d:d2:38:40:8d:5a:9c:
+         00:b3:88:26:20:4e:86:13:bc:b6:83:69:4b:a5:32:9c:c6:38:
+         a3:22:3f:a9:57:0d:47:f2:9e:08:0e:b9:bc:e6:59:c7:a2:ea:
+         cc:9f:c5:68:b3:76:41:09:78:07:87:1a:b9:5c:b0:96:0c:cb:
+         36:b9:3c:21:31:36:87:63:ba:25:14:39:5a:d9:18:a6:58:2e:
+         ab:11:da:43:32:b0:ac:45:3b:cc:7c:d4:40:61:2b:b7:d2:27:
+         8c:08:bc:cf:e4:a0:a2:8a:48:3a:33:4d:60:d3:6c:e0:3b:71:
+         68:d1:61:63:c8:02:80:3e:73:bb:01:ed:52:9d:6d:d1:82:1d:
+         54:15:1f:9f:d8:51:71:c8:11:b8:cc:db:86:58:54:fe:d4:5f:
+         c8:50:5a:d7:f1:0c:e6:07:2f:c8:12:45:29:dc:23:a4:fd:1d:
+         7b:34:a7:53:25:87:47:90:90:97:50:c9:7e:95:b3:e7:76:cd:
+         3c:c0:6c:fa:88:08:d1:8c
+-----BEGIN CERTIFICATE-----
+MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDIwNTIwNTQ1NVoXDTM4MDIwNTIwNTQ1NVowgacxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tQUtC
+LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gQUtCMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKpSg7Om
+QQO8vMdmYcgOqYwpz3BSRDDjQJSnKwlNXanVLR8t5ZJQtJKLqUsKo8CC2jyBZQrN
+kusVwz5ecKbuyDPnDhl4ra6mCWTQnxKhUX2e9DtK7W0gc8HZ8TAa9tJt2tcKpX7S
+MNeEwYETPhQk9rUUxxkynIfr38n8nodyVdtFo/nhhlsqyZO4UHLPhC5Op/lPPvzh
+Ioz/I66GquHcwX+bfszWlOw3DJeAXw+qPMyjpOzQbsAzqEXHgDY84/4G+safqD2Z
+l4UsoAIbEpdSmHF+blkiuXllT9cZ7l3RIxP4pC4c+NoWZFe5Uve6dv11TdREAzhi
+PFI1og3c5wGIRbt757687oJ48Ou7w+MKfoGB/ErjrSrItX8CEMO3u17hgQzzGZ/u
+iK/zSR0jTUuTnf2hFByXnR89YqXrEWg5Uch755cZPXzx2phniffQndNzTJcPJOr+
+LpxpndzInEqC31Q8ZDUgQ/1Xv0or6ePzpTuxt9VKiA16Zn83RzO8ZIR60lO1+VQP
+Uxc+oeZLp+AfbHBHO/yqNws0V4vYOo1XtUN/Uj3jFkYnfcaH0iQTXIR/aGUz6rMO
+tuA5e3Y9i8qBpwnDQrG7RlBtOr1Nrrue15yTaEhPHKzBpBYWhbsIyJuBwBdxh96X
+QkBgEyKRTYUAge0VS3DD9dkdLgsbst1Ed1ppAgMBAAGjggFqMIIBZjAJBgNVHRME
+AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
+dGUwHQYDVR0OBBYEFOK0KTR2vda8ZJ/b0eqc0wAVmCA3MIHTBgNVHSMEgcswgciA
+FHxCgucD6wWX5p49FMX/rCWhuAzooYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
+MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLUFLQjEQMA4G
+A1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCd
+p62lmemfrjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
+BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBABfYhzlm8VjYvuZwySkA
+9mR1xblTWn/E/d8r0BR8E1ra9bi5jGqYrIzyoCNNFdL0yjvXGNHZIwN0sn22LlC1
+1ikhaWV3WcQhtAT91NJfcXr2tk8xOhmIeGlmHBPW8VwwLjl/6WnUEK0PB7skYjq9
+iS+ftC5lFNXFCvaJpReC0HGEoo8nf17PKoktzKFWNb0m6UtS8i8QmHcm+SpqHW7b
+kbgGioVYbPrkjpySFigQVu3E4Siu2MO2Z9O8y7kutXzwhCom5zBPAkUrvYchl+IX
+AXF3MY/dFaxMezt+SubuTWpvH2cbxdfEusNFbG/bC5NywR+0wAKiM/gySb+TfeB+
+0NPEQSDYm6stuTCrC8bu20CevLnQhzI5QsBDi3xc+I0g0aER7uJCQ5ajUtjpM8qy
+0Toph7IEzQP1JQnsroNlbdI4QI1anACziCYgToYTvLaDaUulMpzGOKMiP6lXDUfy
+nggOubzmWcei6syfxWizdkEJeAeHGrlcsJYMyza5PCExNodjuiUUOVrZGKZYLqsR
+2kMysKxFO8x81EBhK7fSJ4wIvM/koKKKSDozTWDTbOA7cWjRYWPIAoA+c7sB7VKd
+bdGCHVQVH5/YUXHIEbjM24ZYVP7UX8hQWtfxDOYHL8gSRSncI6T9HXs0p1Mlh0eQ
+kJdQyX6Vs+d2zTzAbPqICNGM
+-----END CERTIFICATE-----
diff --git a/AKB/openvpn/gw-ckubu/keys/ca.crt b/AKB/openvpn/gw-ckubu/keys/ca.crt
new file mode 100644
index 0000000..9b12985
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/ca.crt
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIGzDCCBLSgAwIBAgIJAJ2nraWZ6Z+uMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwIBcNMTgwMjA1MjAzMDM3WhgPMjA1MDAyMDUyMDMwMzdaMIGeMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
+AxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3ELr
+25xiRgZY6TlrEyKW4z26lI0B/f3q4NcgbZee+6XMU4mLyfbxMDowyfxs1QdhmVZX
+H4aFhfpge25w4V4XEgslYHV4Tx6fN9jlA5EAwusByayiq2YZ/ZrAqsaSK25atH/E
+US3tS/bthj4Tt1DGSmXJzVP2d89vDbfdk82lKTBdtlfbnL+zLG8NmL1NHeAGel+B
+kjHRMXo8m+04Zcq6xykBQZ2/lfS1jhqCUygCyub3moHTCTVmkfbKm9qWrqBMVTbn
+c5ld3G2TTjuRYVsYGzgnFHPrHtqMFgJOYgS5CIZ2mTsYgAaREt4IPDu5oIC+oe4X
+iErcIJoCO1NEsuHkuchvWhqRoSaqVOT1bRdVc+v/pfVkRVBb+VOeVQUG78LHRpDx
+LMx48QtN2P0HY2mdQK1FWZetFo0ncJvmjnFWqV3ZdWwWJmeXGCU+pNmokcP2wn6b
+zJ9lhtntS5IWqlAWUIUfJEXL+FbRbCCFG5reKcdSoNHFBewvcRfg5wPz6cMQDHXd
+B03168HJSVb8mB76bmBmc+zsLIFoCm7kepm+uzpY0//Uz0WXXXg6OI/zhBSECng6
+hamvri9k6uAeoyVjKJVpG2tALMmYcC2ygxYuFi5mbYg41eAMfBwAtK6sWdLy99qz
+sLWze8fwl8wHJhfHlLTQrLpMz0lpnjDtVOyP1wIDAQABo4IBBzCCAQMwHQYDVR0O
+BBYEFHxCgucD6wWX5p49FMX/rCWhuAzoMIHTBgNVHSMEgcswgciAFHxCgucD6wWX
+5p49FMX/rCWhuAzooYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBO
+IEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCdp62lmemfrjAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBwmgxFIhkxilpGef3bjiAH
+yyP78nFOtrQb0lb640pySl07F/2xHTYOPb/TECNzQR8no9aNGZHQlvwEdgLdIrDE
+I96AwMfhvVqducsXtR7xjX5YV1Dpa7Yqvt10teuhuPtnXV/ClNaNnFMAlJtnw6bs
++6cGDATRmizu/lZiHnuzG/ANr9AtMOp5R1yw3vPn/Fx6lQ/M4sKxJg0FrJDMvhDh
+sFbHA2T+u1Ke7z4BjSFAWb2tTDWfcffBuQhLRYdG0R3RgsZIVP9dtrdrKRAsdIHC
+FxL9IHr4mlS3VHqtcyXxFlVhOZsQ5KVt4hFUPgMzIEnFq+T+Q9YXnYM72g1An9d1
++Y5YBkhPZONrmUE2zDjdk4bSy58h9xdSCAyziRvKomtrqx0CDOTJyTqPYjWsLCFu
+xer7bvoWGw1bfC2+5TgcLlCqRtGbgeCj3NJ9xHcv5ZP4PVC5VhmewYJFsDiDEfw7
+GOc8y5liXX/+YoJjEHrPwMS/QN7mDH60JdXngm7BafQa29mw3GQXwWlLvfFekMXe
+DtkRyz0a0FsplnwOScDCsuA0RrJD8T/iUNW6ecdXwwFY5vl8/NhZx2wBnchsBO+z
+/Aw8kwc9X87NVqIrJVh2i4UWBo/bAlKSTHY2/i+IeMZf2oXhc6yyleXk6jbZ4b2t
+KIajjnXU5P26nFWLP8IiIA==
+-----END CERTIFICATE-----
diff --git a/AKB/openvpn/gw-ckubu/keys/ca.key b/AKB/openvpn/gw-ckubu/keys/ca.key
new file mode 100644
index 0000000..46957cc
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDU3ELr25xiRgZY
+6TlrEyKW4z26lI0B/f3q4NcgbZee+6XMU4mLyfbxMDowyfxs1QdhmVZXH4aFhfpg
+e25w4V4XEgslYHV4Tx6fN9jlA5EAwusByayiq2YZ/ZrAqsaSK25atH/EUS3tS/bt
+hj4Tt1DGSmXJzVP2d89vDbfdk82lKTBdtlfbnL+zLG8NmL1NHeAGel+BkjHRMXo8
+m+04Zcq6xykBQZ2/lfS1jhqCUygCyub3moHTCTVmkfbKm9qWrqBMVTbnc5ld3G2T
+TjuRYVsYGzgnFHPrHtqMFgJOYgS5CIZ2mTsYgAaREt4IPDu5oIC+oe4XiErcIJoC
+O1NEsuHkuchvWhqRoSaqVOT1bRdVc+v/pfVkRVBb+VOeVQUG78LHRpDxLMx48QtN
+2P0HY2mdQK1FWZetFo0ncJvmjnFWqV3ZdWwWJmeXGCU+pNmokcP2wn6bzJ9lhtnt
+S5IWqlAWUIUfJEXL+FbRbCCFG5reKcdSoNHFBewvcRfg5wPz6cMQDHXdB03168HJ
+SVb8mB76bmBmc+zsLIFoCm7kepm+uzpY0//Uz0WXXXg6OI/zhBSECng6hamvri9k
+6uAeoyVjKJVpG2tALMmYcC2ygxYuFi5mbYg41eAMfBwAtK6sWdLy99qzsLWze8fw
+l8wHJhfHlLTQrLpMz0lpnjDtVOyP1wIDAQABAoICAFzgzwKDDLWEwHhDK56g9tLH
+zMOA1hYscYLvIG8x4pqoSyvgt3+bXHjZBksLl20VducLNTVGuDfCwgEfWo0+iQOg
+B+UDNb6NJ1tpzuX+rGKcqlZZXU6NYzusAL5YxdQ5xykk4SsUEOod31y82pFXx5L+
+G3P2d9Bvbr+SSMwSFgUe98+sJKHav3q6xKo2H0Nq6blp5Apxc/NHl4KittuI7vCY
+vjeiHebe06v0mXSMPEUbq7QWYtdmiTp8Licx4islfyRPeml7c0wVRmqkFDHXPRxD
+pDjJH9tT1yCQ6eixtEXYhnNxYOvL0RG0HdWSEq1ob0S++1ihS6jJQOoAYND1DMMo
+j6O8rrlF7I7giSJsHh+N/dkwveXrSI2Vf96J5hHiR1CcYob9ITtGVJH5dFN/WVfq
+Iw5UBx2ZKqW4eo2EDPcUkEiEFQBI532nsPnLJ2yVLfz9Jul8hWOant4BAsNRSbri
+ayGRFj/YrgrL90Q7Uzw2tFjTbNLWbZZdsfbrnGsVa/FrbtTa0t2umXDEVZ2WXo2c
+WvbJ8vLb/9gu4UbJxzgZHXY6ISMWaX+jQLbh7kY/PpLj0r3F6VbxEztfqM3PBRv2
+snKfyWl3/IC78AcumywJ+EPBBgNtkt0W7Fc9K5xWJNfxajmBEDZQMFo0uLSMV02a
+ev3Z0Be3YmVsdD1XZ3EhAoIBAQD3SsirCpVwQW3fka8eX/638wAI5lnEq+8Z6Ac3
+uxlUXTkSZEB3eEu8p6EWNufrTr/xBTgrFBEbJZxTqV2DvMY94X496FhxY2xLKgg8
+Vs78YqXi9kvTXQcoyqJd3kHvfSeo/GMfVeYzXEMQxYyXt2ZBvbpjO5SO/wXWVzdA
+syZQbqmyShiN7qfNqHtBa7navMDJFvTCbppyrBAI/15cP/ljyTEv/8D9jZ6HoaAz
+7v4j9ps4kYKIZ9AsZT2Et1PukhdSXCkpmczHrAl7R6EoLED7q7XAAYKt9yt+emWu
+Og9Oo7/x5XYOGGoXxzRVGZDS2L+cirBcrXw4k/3juaSagtZLAoIBAQDcWxex3o0I
+jtJGM0VB/795pDWph0zh15bASgA8AfQfBUZEC7cxXrNr5R9VCK8H+pI5UhrwzUpD
+TqFSlk8LHOJWb4bmm6iG3DeOXP6CSGljS71GfB0YB4hxcjpZlrcUTUFD0sCQqpAE
+F+yf4C3iLc/6y+ZOgnlXze4GP7VPMqCtf71ESg86meuX5NBuol8sI+rW4KNjae/C
+55rWRcFkKSALFTPkGr6PwLoXQjBtyj6y+NPr9KuFl0U4JX/JPef2i62P1kLlkjNR
+3kbwvO5PZd+8i2BYpIAx85kIuCVg4lHBzP3l46sJ6JlZV/shwyx6LBIWYdemC968
+7xoqUasZaGUlAoIBAGDuznPFJUioTQI6n9MfO8AtH1FdwchGwOV9vv6Id2hLVmiw
+JVjvLXjYmFsV0Ji6+J/oNNkl94KVno5osABIiciN0CdCIRDpMPTRmALW4DGsFWw+
+sQA70eeabkSvL1dJzrb9n3kT+bUeMCet1+tMd2fDkAD/xL68ljQrYbwZvSYACsKZ
+KsDP0LTbmtzM9kAYhtUMC4r/Qck7StnMB9fPN9l2brJq5OI+leqCX0KcJsBAFR36
+Y5lGYCJW2ONh3SOB3mRpPbVR1SRbeif5ruEJX7uG1ipaLTg1z7W3Eo5VsdRYeY+/
+KyRhS4zgh9HnwI31aj5ZWsIpOq0OzZFrHmt2Z7sCggEBALBzZSryWh7zNuAt6BSs
+dagzXSEujdr+5uF9oGhs7A33DEgq1Xv8KFKKu6c89+O8u2CZJaeTzBbPnRDj+dGd
+RIUQc4awOKgdKYOfZdHvqCxyFtOdSTLXvWOSo7TfoiTopA1qcvalDgOpILr5KeTG
+6JcctYRCqGYuKZ7pXwdXNCEae/V2FHHJlUUhXeJptSpEbKW6ZjuSNgLtsShJ3U2W
+POmDBfVvkQ7NtnYvc1ZHMCPiati0KLEl67DFHmmIX/ol6UqXuSPaCaxSAJ5/u5jq
+q9lwBiuVNm5JcU7xHkVRlURKITn4MBsUHc/USu3DOxdtuOIhYSy+rpK+KEag9RC4
+bt0CggEARAVJZMFc4F74aeHDeQtQYh8PHwuYPF33j5KTeyT59I5pmGKVZDsqc1ZY
+GxsLZmr8jR4AJomMgymrJIuFqdXfhj1lWu0fHh8mVG9Ja+Mh4WsO2SzMSysIoonR
+v1Ej+UfefyehzfmUT2tggbs/s7wqNy61C6LmH+HPqGGM4qihIVus8muAxP+9z/W/
+KJ3jOsPOj8hx2LBw0RdkbD9WHCjk063Xdw4zXtnt1B3sQ5DJ+INilAXDmOKHyWW8
+NM+cGCF5YV63mWBp9jkqICllJCTtPdCr7KhelzOpVHRvDDJDND/EKo+9QbtQkN/9
++p0YwaKXlRKVAXvf7Rqr/9IQ182VBA==
+-----END PRIVATE KEY-----
diff --git a/AKB/openvpn/gw-ckubu/keys/crl.pem b/AKB/openvpn/gw-ckubu/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/AKB/openvpn/gw-ckubu/keys/dh4096.pem b/AKB/openvpn/gw-ckubu/keys/dh4096.pem
new file mode 100644
index 0000000..60a807c
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/dh4096.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAgPDupjU4lg6zKwNObGKofektBBGNJE3270fvwK/EhRu63ZbQLsLn
+KL1oHP+CO0g+eD9VDNRpAlOxY6ug+RZm1gbrX7ffGlvC5W2ttOpc6ZugKmS/AYyl
+c1VJTyjDcOrCnkIlYBUjv4QYVMzek/Uc9doYEcl9WSVzsQ9IHrbOettMeoACkpSt
+B6cQonmYZyU8YQBD2Bk92vOCdkyFRoQHQlyhd0hUBj7iwUxKtqoSpomZ+cRETVQO
+HlCw9MsXMeeibD84pCVf2k91IeHt/n62qdP43jNAoFTCNUhO37gghnUSxYKOE83u
+NZf//i2iwAsc+sEIKbzau4JvZe4dLTHfKVzhyBT7hfiuFH0ZQect4oQp7jBMH2os
+QN2f//lJ1Hq5OSQSPFGtJi/zTKHE6+x3HtuxKkx2+KZedmt9ban0fggNR2dCUl8V
+qnHkvE0KTLhvDZJq76pM0Vvt/q9DqEpYlLywW1diV6nH8TdTG+9d57Ofv1pVsm/+
+Nqmsq00J5bNLgJvcEo/64Rx84tzsQvdzwUD7UwGTnb6I1epBzPt/Fc4pX3aBUsnO
+0vSmDbMN3a67RauEQqqhJ79kR1a+7XSO3s5vf2JVEvqttNx74ufw2t2I5O//Ji7m
+0eFYTnDNOPe0TKjKhSTzqcxaQpfuUb3/WdE8o1VKdxz0G+PP2ymnS9sCAQI=
+-----END DH PARAMETERS-----
diff --git a/AKB/openvpn/gw-ckubu/keys/gw-ckubu.crt b/AKB/openvpn/gw-ckubu/keys/gw-ckubu.crt
new file mode 100644
index 0000000..4c2f939
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/gw-ckubu.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  5 20:54:55 2018 GMT
+            Not After : Feb  5 20:54:55 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-gw-ckubu/name=VPN AKB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:aa:52:83:b3:a6:41:03:bc:bc:c7:66:61:c8:0e:
+                    a9:8c:29:cf:70:52:44:30:e3:40:94:a7:2b:09:4d:
+                    5d:a9:d5:2d:1f:2d:e5:92:50:b4:92:8b:a9:4b:0a:
+                    a3:c0:82:da:3c:81:65:0a:cd:92:eb:15:c3:3e:5e:
+                    70:a6:ee:c8:33:e7:0e:19:78:ad:ae:a6:09:64:d0:
+                    9f:12:a1:51:7d:9e:f4:3b:4a:ed:6d:20:73:c1:d9:
+                    f1:30:1a:f6:d2:6d:da:d7:0a:a5:7e:d2:30:d7:84:
+                    c1:81:13:3e:14:24:f6:b5:14:c7:19:32:9c:87:eb:
+                    df:c9:fc:9e:87:72:55:db:45:a3:f9:e1:86:5b:2a:
+                    c9:93:b8:50:72:cf:84:2e:4e:a7:f9:4f:3e:fc:e1:
+                    22:8c:ff:23:ae:86:aa:e1:dc:c1:7f:9b:7e:cc:d6:
+                    94:ec:37:0c:97:80:5f:0f:aa:3c:cc:a3:a4:ec:d0:
+                    6e:c0:33:a8:45:c7:80:36:3c:e3:fe:06:fa:c6:9f:
+                    a8:3d:99:97:85:2c:a0:02:1b:12:97:52:98:71:7e:
+                    6e:59:22:b9:79:65:4f:d7:19:ee:5d:d1:23:13:f8:
+                    a4:2e:1c:f8:da:16:64:57:b9:52:f7:ba:76:fd:75:
+                    4d:d4:44:03:38:62:3c:52:35:a2:0d:dc:e7:01:88:
+                    45:bb:7b:e7:be:bc:ee:82:78:f0:eb:bb:c3:e3:0a:
+                    7e:81:81:fc:4a:e3:ad:2a:c8:b5:7f:02:10:c3:b7:
+                    bb:5e:e1:81:0c:f3:19:9f:ee:88:af:f3:49:1d:23:
+                    4d:4b:93:9d:fd:a1:14:1c:97:9d:1f:3d:62:a5:eb:
+                    11:68:39:51:c8:7b:e7:97:19:3d:7c:f1:da:98:67:
+                    89:f7:d0:9d:d3:73:4c:97:0f:24:ea:fe:2e:9c:69:
+                    9d:dc:c8:9c:4a:82:df:54:3c:64:35:20:43:fd:57:
+                    bf:4a:2b:e9:e3:f3:a5:3b:b1:b7:d5:4a:88:0d:7a:
+                    66:7f:37:47:33:bc:64:84:7a:d2:53:b5:f9:54:0f:
+                    53:17:3e:a1:e6:4b:a7:e0:1f:6c:70:47:3b:fc:aa:
+                    37:0b:34:57:8b:d8:3a:8d:57:b5:43:7f:52:3d:e3:
+                    16:46:27:7d:c6:87:d2:24:13:5c:84:7f:68:65:33:
+                    ea:b3:0e:b6:e0:39:7b:76:3d:8b:ca:81:a7:09:c3:
+                    42:b1:bb:46:50:6d:3a:bd:4d:ae:bb:9e:d7:9c:93:
+                    68:48:4f:1c:ac:c1:a4:16:16:85:bb:08:c8:9b:81:
+                    c0:17:71:87:de:97:42:40:60:13:22:91:4d:85:00:
+                    81:ed:15:4b:70:c3:f5:d9:1d:2e:0b:1b:b2:dd:44:
+                    77:5a:69
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E2:B4:29:34:76:BD:D6:BC:64:9F:DB:D1:EA:9C:D3:00:15:98:20:37
+            X509v3 Authority Key Identifier: 
+                keyid:7C:42:82:E7:03:EB:05:97:E6:9E:3D:14:C5:FF:AC:25:A1:B8:0C:E8
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
+                serial:9D:A7:AD:A5:99:E9:9F:AE
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         17:d8:87:39:66:f1:58:d8:be:e6:70:c9:29:00:f6:64:75:c5:
+         b9:53:5a:7f:c4:fd:df:2b:d0:14:7c:13:5a:da:f5:b8:b9:8c:
+         6a:98:ac:8c:f2:a0:23:4d:15:d2:f4:ca:3b:d7:18:d1:d9:23:
+         03:74:b2:7d:b6:2e:50:b5:d6:29:21:69:65:77:59:c4:21:b4:
+         04:fd:d4:d2:5f:71:7a:f6:b6:4f:31:3a:19:88:78:69:66:1c:
+         13:d6:f1:5c:30:2e:39:7f:e9:69:d4:10:ad:0f:07:bb:24:62:
+         3a:bd:89:2f:9f:b4:2e:65:14:d5:c5:0a:f6:89:a5:17:82:d0:
+         71:84:a2:8f:27:7f:5e:cf:2a:89:2d:cc:a1:56:35:bd:26:e9:
+         4b:52:f2:2f:10:98:77:26:f9:2a:6a:1d:6e:db:91:b8:06:8a:
+         85:58:6c:fa:e4:8e:9c:92:16:28:10:56:ed:c4:e1:28:ae:d8:
+         c3:b6:67:d3:bc:cb:b9:2e:b5:7c:f0:84:2a:26:e7:30:4f:02:
+         45:2b:bd:87:21:97:e2:17:01:71:77:31:8f:dd:15:ac:4c:7b:
+         3b:7e:4a:e6:ee:4d:6a:6f:1f:67:1b:c5:d7:c4:ba:c3:45:6c:
+         6f:db:0b:93:72:c1:1f:b4:c0:02:a2:33:f8:32:49:bf:93:7d:
+         e0:7e:d0:d3:c4:41:20:d8:9b:ab:2d:b9:30:ab:0b:c6:ee:db:
+         40:9e:bc:b9:d0:87:32:39:42:c0:43:8b:7c:5c:f8:8d:20:d1:
+         a1:11:ee:e2:42:43:96:a3:52:d8:e9:33:ca:b2:d1:3a:29:87:
+         b2:04:cd:03:f5:25:09:ec:ae:83:65:6d:d2:38:40:8d:5a:9c:
+         00:b3:88:26:20:4e:86:13:bc:b6:83:69:4b:a5:32:9c:c6:38:
+         a3:22:3f:a9:57:0d:47:f2:9e:08:0e:b9:bc:e6:59:c7:a2:ea:
+         cc:9f:c5:68:b3:76:41:09:78:07:87:1a:b9:5c:b0:96:0c:cb:
+         36:b9:3c:21:31:36:87:63:ba:25:14:39:5a:d9:18:a6:58:2e:
+         ab:11:da:43:32:b0:ac:45:3b:cc:7c:d4:40:61:2b:b7:d2:27:
+         8c:08:bc:cf:e4:a0:a2:8a:48:3a:33:4d:60:d3:6c:e0:3b:71:
+         68:d1:61:63:c8:02:80:3e:73:bb:01:ed:52:9d:6d:d1:82:1d:
+         54:15:1f:9f:d8:51:71:c8:11:b8:cc:db:86:58:54:fe:d4:5f:
+         c8:50:5a:d7:f1:0c:e6:07:2f:c8:12:45:29:dc:23:a4:fd:1d:
+         7b:34:a7:53:25:87:47:90:90:97:50:c9:7e:95:b3:e7:76:cd:
+         3c:c0:6c:fa:88:08:d1:8c
+-----BEGIN CERTIFICATE-----
+MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDIwNTIwNTQ1NVoXDTM4MDIwNTIwNTQ1NVowgacxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tQUtC
+LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gQUtCMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKpSg7Om
+QQO8vMdmYcgOqYwpz3BSRDDjQJSnKwlNXanVLR8t5ZJQtJKLqUsKo8CC2jyBZQrN
+kusVwz5ecKbuyDPnDhl4ra6mCWTQnxKhUX2e9DtK7W0gc8HZ8TAa9tJt2tcKpX7S
+MNeEwYETPhQk9rUUxxkynIfr38n8nodyVdtFo/nhhlsqyZO4UHLPhC5Op/lPPvzh
+Ioz/I66GquHcwX+bfszWlOw3DJeAXw+qPMyjpOzQbsAzqEXHgDY84/4G+safqD2Z
+l4UsoAIbEpdSmHF+blkiuXllT9cZ7l3RIxP4pC4c+NoWZFe5Uve6dv11TdREAzhi
+PFI1og3c5wGIRbt757687oJ48Ou7w+MKfoGB/ErjrSrItX8CEMO3u17hgQzzGZ/u
+iK/zSR0jTUuTnf2hFByXnR89YqXrEWg5Uch755cZPXzx2phniffQndNzTJcPJOr+
+LpxpndzInEqC31Q8ZDUgQ/1Xv0or6ePzpTuxt9VKiA16Zn83RzO8ZIR60lO1+VQP
+Uxc+oeZLp+AfbHBHO/yqNws0V4vYOo1XtUN/Uj3jFkYnfcaH0iQTXIR/aGUz6rMO
+tuA5e3Y9i8qBpwnDQrG7RlBtOr1Nrrue15yTaEhPHKzBpBYWhbsIyJuBwBdxh96X
+QkBgEyKRTYUAge0VS3DD9dkdLgsbst1Ed1ppAgMBAAGjggFqMIIBZjAJBgNVHRME
+AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
+dGUwHQYDVR0OBBYEFOK0KTR2vda8ZJ/b0eqc0wAVmCA3MIHTBgNVHSMEgcswgciA
+FHxCgucD6wWX5p49FMX/rCWhuAzooYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
+MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLUFLQjEQMA4G
+A1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCd
+p62lmemfrjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
+BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBABfYhzlm8VjYvuZwySkA
+9mR1xblTWn/E/d8r0BR8E1ra9bi5jGqYrIzyoCNNFdL0yjvXGNHZIwN0sn22LlC1
+1ikhaWV3WcQhtAT91NJfcXr2tk8xOhmIeGlmHBPW8VwwLjl/6WnUEK0PB7skYjq9
+iS+ftC5lFNXFCvaJpReC0HGEoo8nf17PKoktzKFWNb0m6UtS8i8QmHcm+SpqHW7b
+kbgGioVYbPrkjpySFigQVu3E4Siu2MO2Z9O8y7kutXzwhCom5zBPAkUrvYchl+IX
+AXF3MY/dFaxMezt+SubuTWpvH2cbxdfEusNFbG/bC5NywR+0wAKiM/gySb+TfeB+
+0NPEQSDYm6stuTCrC8bu20CevLnQhzI5QsBDi3xc+I0g0aER7uJCQ5ajUtjpM8qy
+0Toph7IEzQP1JQnsroNlbdI4QI1anACziCYgToYTvLaDaUulMpzGOKMiP6lXDUfy
+nggOubzmWcei6syfxWizdkEJeAeHGrlcsJYMyza5PCExNodjuiUUOVrZGKZYLqsR
+2kMysKxFO8x81EBhK7fSJ4wIvM/koKKKSDozTWDTbOA7cWjRYWPIAoA+c7sB7VKd
+bdGCHVQVH5/YUXHIEbjM24ZYVP7UX8hQWtfxDOYHL8gSRSncI6T9HXs0p1Mlh0eQ
+kJdQyX6Vs+d2zTzAbPqICNGM
+-----END CERTIFICATE-----
diff --git a/AKB/openvpn/gw-ckubu/keys/gw-ckubu.csr b/AKB/openvpn/gw-ckubu/keys/gw-ckubu.csr
new file mode 100644
index 0000000..c97718c
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/gw-ckubu.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE7TCCAtUCAQAwgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tQUtCLWd3LWNrdWJ1MRAwDgYDVQQpEwdW
+UE4gQUtCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBAKpSg7OmQQO8vMdmYcgOqYwpz3BSRDDjQJSn
+KwlNXanVLR8t5ZJQtJKLqUsKo8CC2jyBZQrNkusVwz5ecKbuyDPnDhl4ra6mCWTQ
+nxKhUX2e9DtK7W0gc8HZ8TAa9tJt2tcKpX7SMNeEwYETPhQk9rUUxxkynIfr38n8
+nodyVdtFo/nhhlsqyZO4UHLPhC5Op/lPPvzhIoz/I66GquHcwX+bfszWlOw3DJeA
+Xw+qPMyjpOzQbsAzqEXHgDY84/4G+safqD2Zl4UsoAIbEpdSmHF+blkiuXllT9cZ
+7l3RIxP4pC4c+NoWZFe5Uve6dv11TdREAzhiPFI1og3c5wGIRbt757687oJ48Ou7
+w+MKfoGB/ErjrSrItX8CEMO3u17hgQzzGZ/uiK/zSR0jTUuTnf2hFByXnR89YqXr
+EWg5Uch755cZPXzx2phniffQndNzTJcPJOr+LpxpndzInEqC31Q8ZDUgQ/1Xv0or
+6ePzpTuxt9VKiA16Zn83RzO8ZIR60lO1+VQPUxc+oeZLp+AfbHBHO/yqNws0V4vY
+Oo1XtUN/Uj3jFkYnfcaH0iQTXIR/aGUz6rMOtuA5e3Y9i8qBpwnDQrG7RlBtOr1N
+rrue15yTaEhPHKzBpBYWhbsIyJuBwBdxh96XQkBgEyKRTYUAge0VS3DD9dkdLgsb
+st1Ed1ppAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAAI+KsNCawI8jrFXfA8bU
+AxK3YQI9hvQ5Lg5+vmRWr2JXLiMmjYixyqnmsp8nGPCSXksdSSR8yHb7wgNAh5hI
+DVzmgnwJZ7G00OhmLJqeY/WjGbdzoFUd+tk5E0pTcK6eFtezSC8qpD6kDin4JFbh
+to63gV471877bW/wwi0GbgTxJE3BQKewF5OOOF/5WMLVzGt7ZwLcLCH9qXw+P87D
+FOllXcImVxIVeG4o2LADWvHsQ71sCI7jQd+U55yOd0GNF+ON9bCR8dTpUnbF3X0C
+WwF6g4NXnZy2hv8Q5DmHMkN2f/N5TtB9XQ+/iPTHdPM1UB/iNFS5ZwO+ycIWjJzy
+p5+7Ukhil1fMLTrbaVZ7XO5HzPy0vDxfs7oZi9cUrea8f/BUrqYapelzatoQ2Dce
+N1Opz6I84VVdQORzukRcISGssvdH9AJcBeReS/ndn8cJrbOdDS9LnaQ9dO66kpcH
+pXEKXOVh8qIiZA+FqCLQjPyhixdtnzCAO4B5qARh+BrmYgUsCPA3CNGl/YFN+5im
+fcIBJk9rMpY2tFfxMtIq7WRtE4UPFThRH28Jd/ITSl7efFG1Vtm2YfIBq1zGfwNH
+qPqkijoyUN7Emq+Hk5swTuHDtqYhzjTi4G6G+FRAWB3ZLqXE4Ni+cajcsQs8V5Ip
+um9yfA1CadmrIw6jcHcfpB4=
+-----END CERTIFICATE REQUEST-----
diff --git a/AKB/openvpn/gw-ckubu/keys/gw-ckubu.key b/AKB/openvpn/gw-ckubu/keys/gw-ckubu.key
new file mode 100644
index 0000000..d4a3984
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/gw-ckubu.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIrroJRG8KWNgCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECADohDo0yZ+5BIIJSJ+akpQD4kl1
+0K+EMwYmNiqrlC1VpdMMFVEKYL34uhieaWkmhPdmlo5RXggBkdzsKb9V6veIiWBo
+i7kF8ywMBzR8xP9hqE/1V64vlsz2YOi0jS55CgAL/g/vtWV/lXHecgCjLgytlkrP
+Zsj/cb65XhpnEWP2fFilUAU14K2/5ecJce3kAWMbSBnms9fMXN6uIsdr+J39KaYn
+thsTaH7zOfOOeqhvc5g9hcTl248RgQhpDPzCsGqOvKvzdSiKbPPxFSveNE5L8Siv
+Zu0g7PvGincOw4AiNwizy1VgR2UTEagmQvqAiI1aBxP6jvePnn0CoG+DAnPlhyMk
+Ei2uQ76USFtC3DBFpzfg2NU5pubq90dq0Zgdc4LUz9czwE5XUFXShQ70BGqLHvYG
+clSMu3D0lodbQ0Cdg10hCKesNz4i+T7Z7xkvEERB1v7p564qGrn7NAb5tb6JmxlR
+wHwS6zsaLzAymNSdxh87hlpupXn688HUSn51KKwjVYnJxyYSAIzkNRQ1LVwzS4TJ
+R81J6GpPawKzFGZYnvdbLw72ohyLu8D6d7NMLR/Fc/pYT/QgoH801DeseSpaDd/h
+RFr0ax3EA7MDnFQfmv6m+I9OmhTX+qdhFHtRolW+NUGAdXHFun34+cuIy5hPP3OT
+FyW7vAE0gQN2zgllJcIUjz2Xd9PzoX/tsuh0/RTaj1sEAQhlENfhDfz5GFHSHYbS
+fTCLLHR7YISlqUwSH0TdzP2/vsh283iqaQJL+OLfwquTDONDekNtoiIG7HlB6dQr
+9ni9wg9lO8fGRbFsN9DrJ1vJcJN5CmY+fE77BNJV2K6J/9EX1wOKp3PaTFTFOjqy
+tp2K/M4BTT+JVG6sC2gcDgHYg/2pGTc+YxaKyFVziP7rFQ0plzB1GqrFOGeaSDkH
+7VfuUbwlTtohiToL+Fc7sbKV95bcjtug9o9bxdzTPikd5E0gAqOLwJ2bqgFBYZFl
+t/Ohm8BBwnKuJqKMJXSHvEDFTM9e6VaTVKD4r+7lI9Ng8h89ergjBUdRxB0I/4PE
+g7HvzcXm8Vru8U7LmfCR3KKBtfwNN3n0v9pFk4D24pMRX4o+SD+INDVaoZ/Dswqp
+sI75SngxgOXdvP5x9F6LiTklZ+jxciYsVzb5f3CqkjQ57990Dxyt/+EveQBO4yLb
+Hnzw9wYcunqsiRmhzKfkkHwHAYmGggtWWaZN7qhLPFgvmtt+Tkf6Ord6FWlEpr6y
+5dzHds5tqH/v3Tv4NsTp8bLWqSACVoZ4tKbiv/AijVGar7hiHS4sJ+ty8q7TriNM
+46TxQ/iyxQ+4ycfE0yv6MIYv3g135X8lZJfP0gK5wv5sdtgppUcHpySngJv1Se2+
+KGS0WjQ9ZqlBFl2V2eJcSRzHRh4351BnoGYsogBrMxUUuFvHho9BkP+fPPkCna6V
+S8f7AKb1YuyfeNrq9dLW/5FjaSI/or6VGSv62LBUXXGflFQgu18IZ6eNkzgir0Bi
+bdPBiUjnYxTVbfEaxP2CGCuPyG4AQhkbjciyHj5fuQkXIq4e6x91u3FVRHu/LOwN
+zjWYs+JhgVzWlH1S2qTaO1LplMt1mG6TXFEouC+qkZ6Os+Tk8jPfUj71/ffh/p73
+We9RMPEdvBnOQXRlIJQXa14QYQ218POC2LSD23aWqPdDsssIwpxOKBJHuRqBZWd2
+0VK6YpFubZtJW4Z6DKoc98exR+JU3y9ah2V2G7poE4m9V7Np/PjGJ5zLPtx4GhFO
+Xr2D6FK26IGUQlO9G+iErvIOeo6j1GJw85HfDY8+wGFNrPmYXXDbkbgwKhcg86Oq
+hBh9Zd6P4J7cvtps8A0+F/ROWalmb06TOSZ62lHrJZpnMuI4enSLh7fq3gfPLKgc
+MWbxw9Td9LxGt4So4sg8QT2uKlVDDpsP81Jaz1wK9H71GZ+cKhYs4nEQChSPGh2f
+XcpV0/CM855FsRTXOpbNHi9rj4jUWOYRkpF7nCdEiGxBDQ5mMdzQ2j+wWUpCl4XH
+oD39DVsEmDvRM4fIoYfiurZB+ByWfNwQ5uWcLqexapu+MzVgzEZd+UcejmmlLc0E
+BV3U/DgoRoI4zkpRMzKeRMdKFZ93HjHETrSISfqvulOqgA/FsWCoSt3OSxlYQ+vm
+bS8gFuF7FuadfQpZ+9wnsrVceNL4bgaZ8jB2wYLPJ+YGz16DtRkfp24gYPSfKfeU
+LuhWbKrRE3MLlMSsjtdrLMUW5nxttdDyxbOj9lBezA+LEiiQGP5Wv10wWyjaAFTg
+UCAfWr2oP1WH/lXmIqDYD6zgZEgb2rRmnpeZGbzB5xKYTp97YeKxg/kuPIl9Tf5t
+GKYUPp5wO6PEkiHDCyCC8cyzs54pAwMBZZkuNcMZ0vse1FcBFZ8YjEwuxRnVMHdJ
+3ZEi1b/kHTWDgH1zvj9pHbT+p1DZmZakV6P+gPxkvcLyzb9Zkt4pWQ6PbmZa6q/c
+dYDQExeB/tEiGBn+nb5mYbjhGm8kkokK3lbRRuoqCG/cNBDeGYGNU8q6EabbrSGQ
+BU1s4Uda/kHzXXmHxphV8P6luvh/aI56RHPVzj3tDBhNBZXjsIm8vyLi1jd5Y/AD
+vzg1Vkhf0AAZpSA6w4uTj+/JCVR8ksitXuDNit2iEWcFHmz6vtuKw78lB8VkpI1s
+Y5WmXsZbdWsp66GNWcA5MmBRBb7vd1idSfbw9yRLuiZAhVAmlGpVbSUplfTe4wOi
+lDfAZLGVbfvdjWIR1fY5QzJBckfSe3QuuHPmsa+qTLlYbZxWeO01JfoWBADwIa28
+otFSYOi9gLAIHOHuRTB4uGZZ1R2B1HjDOx+VFfkpuzUvevG3sA7VZGP7KlvtJ4TJ
++f1KvxBkQoVK0e1dKOFJfqsUDUt+hADQt3fpSpw/x+AROybuynbtJV5oC9/VJG76
+7n3dkmZ/07ALJ1vATwMK3/XUW/JNVKjmS87/HkqvpPYlgHK1avwWvEf+Y/0LM6VM
+mfEi3ZGo6yGye9O1f5ISRdNpXkFRTYTpOpxGL7vGy7JnGE8ZEpkqHREbqptw34I9
+I0DuWszHoohU/MNfXUYIIssmWi54iwN8DHDWoh3bNMmEtLEOzPFGk4016yGpXLea
+zrMG2XcHwgwX0S/qORDLR4N826diQqrd49V0yjBnqCyAtIlOrW0l7oAqaJK5eaeO
+k5E/xOQ9MK94fdI8ahT+Bw==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/AKB/openvpn/gw-ckubu/keys/index.txt b/AKB/openvpn/gw-ckubu/keys/index.txt
new file mode 100644
index 0000000..d05020d
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/index.txt
@@ -0,0 +1,2 @@
+V	380205204453Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB-server/name=VPN AKB/emailAddress=argus@oopen.de
+V	380205205455Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB-gw-ckubu/name=VPN AKB/emailAddress=argus@oopen.de
diff --git a/AKB/openvpn/gw-ckubu/keys/index.txt.attr b/AKB/openvpn/gw-ckubu/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/AKB/openvpn/gw-ckubu/keys/index.txt.attr.old b/AKB/openvpn/gw-ckubu/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/AKB/openvpn/gw-ckubu/keys/index.txt.old b/AKB/openvpn/gw-ckubu/keys/index.txt.old
new file mode 100644
index 0000000..bc8d0e4
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/index.txt.old
@@ -0,0 +1 @@
+V	380205204453Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB-server/name=VPN AKB/emailAddress=argus@oopen.de
diff --git a/AKB/openvpn/gw-ckubu/keys/serial b/AKB/openvpn/gw-ckubu/keys/serial
new file mode 100644
index 0000000..75016ea
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/serial
@@ -0,0 +1 @@
+03
diff --git a/AKB/openvpn/gw-ckubu/keys/serial.old b/AKB/openvpn/gw-ckubu/keys/serial.old
new file mode 100644
index 0000000..9e22bcb
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/serial.old
@@ -0,0 +1 @@
+02
diff --git a/AKB/openvpn/gw-ckubu/keys/server.crt b/AKB/openvpn/gw-ckubu/keys/server.crt
new file mode 100644
index 0000000..458dfcf
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/server.crt
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  5 20:44:53 2018 GMT
+            Not After : Feb  5 20:44:53 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-AKB-server/name=VPN AKB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:9c:18:9b:81:a2:15:07:04:d9:1d:c7:a9:5a:03:
+                    d4:a1:90:97:43:f2:6c:65:5f:da:44:77:df:a0:f9:
+                    6d:be:85:c0:3b:6c:08:b4:37:16:55:fb:47:0e:6e:
+                    93:de:5d:c2:f3:a5:09:d8:e9:a8:86:f7:ba:68:e6:
+                    94:7c:1a:7d:32:e7:44:e4:86:cb:8c:5e:5c:2e:7b:
+                    ed:f4:31:12:34:95:31:44:56:de:8e:df:3a:a1:09:
+                    b3:59:c5:b1:c9:a2:ca:7d:bf:b2:1f:a9:36:7c:70:
+                    6f:76:6e:75:9a:72:bc:80:19:50:88:ae:a6:fe:05:
+                    7d:31:df:ba:23:d3:fd:7a:3a:ce:56:a2:0f:72:33:
+                    0c:7d:3d:33:c5:a6:14:99:43:77:2e:e6:17:be:36:
+                    c2:57:b9:ff:fe:19:92:db:74:a0:e3:17:01:e4:0d:
+                    48:50:d7:a8:0b:be:46:fd:65:ba:aa:de:56:5d:9d:
+                    6a:c9:77:d1:f4:4f:69:f5:7a:7e:b6:77:79:6f:66:
+                    b9:e4:ce:e5:d4:25:52:d7:6b:f1:b2:23:e0:c2:08:
+                    be:32:a8:3c:b1:31:fa:cb:31:cc:de:8c:4b:0f:07:
+                    e4:40:95:c6:d0:73:8d:47:e0:43:2e:c3:a1:59:cc:
+                    d3:06:8a:80:cf:81:dc:78:04:67:66:bf:a7:d3:ac:
+                    4a:0e:ab:de:32:fb:98:fb:80:41:af:4d:66:39:ea:
+                    e0:3c:bd:bb:82:76:82:92:7a:f6:1e:78:64:f5:a0:
+                    24:be:ba:44:60:0f:be:b6:34:4b:6a:e9:3e:0a:87:
+                    63:c2:fa:87:14:cc:85:59:e7:33:c6:95:47:87:e3:
+                    d9:07:af:39:b7:89:68:5e:90:bc:ec:12:d1:f2:11:
+                    50:ce:90:bc:90:3a:9e:80:a9:55:66:51:e3:da:e3:
+                    18:1c:a1:5b:1f:ae:ed:95:96:01:eb:25:5a:9f:08:
+                    93:19:b7:92:0d:3d:f5:b4:db:f8:4b:3a:f7:24:fc:
+                    74:14:ce:1d:fd:2a:d8:37:fc:92:8a:c2:b8:38:f8:
+                    f8:86:6d:29:5f:41:3a:43:18:7d:dd:67:23:18:64:
+                    e6:68:21:a0:f2:0c:dc:03:eb:b1:52:dc:51:b5:c0:
+                    fa:8a:51:f6:52:21:b3:c8:91:53:31:b4:af:f2:dc:
+                    bb:5b:9d:c9:e5:20:be:fd:f0:08:c8:f7:f6:82:22:
+                    07:30:10:3c:74:3d:cc:d6:2d:0e:92:c3:c9:bb:78:
+                    d7:5e:61:14:42:04:59:c4:2c:94:d3:d4:3c:5c:54:
+                    36:03:0a:e9:fe:3d:51:1e:7f:40:9d:59:89:75:5f:
+                    df:a5:8e:63:18:d2:ff:2c:5f:a2:41:21:7f:31:84:
+                    8c:9d:5f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                99:27:8E:30:AC:A5:B3:56:72:5C:80:3B:9A:53:D3:54:9B:B8:F7:0A
+            X509v3 Authority Key Identifier: 
+                keyid:7C:42:82:E7:03:EB:05:97:E6:9E:3D:14:C5:FF:AC:25:A1:B8:0C:E8
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-AKB/name=VPN AKB/emailAddress=argus@oopen.de
+                serial:9D:A7:AD:A5:99:E9:9F:AE
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         9e:b0:7a:60:42:08:29:e8:49:ae:5b:f1:72:c6:c0:64:4c:0e:
+         a0:d2:31:8d:7e:7b:b6:00:9a:6f:b7:07:43:23:54:ea:0a:63:
+         a0:68:30:54:c9:64:8b:e7:bf:58:08:fb:62:ee:fa:6f:8c:f1:
+         25:3c:6e:bb:32:2e:eb:59:19:36:94:df:a2:4d:37:71:51:db:
+         b7:02:1a:b1:b2:86:44:15:68:39:95:d1:67:81:da:ae:64:d4:
+         f8:05:d9:81:47:d0:f1:87:e6:c0:2d:fa:aa:19:ee:70:d4:29:
+         68:5e:67:d6:4d:b6:f8:cc:38:56:34:50:59:b4:4e:e5:4b:79:
+         81:f7:0e:62:83:3a:c1:b0:03:50:d5:27:f5:99:4d:01:92:b1:
+         70:9c:cd:95:62:6b:2c:b2:34:f0:b6:ad:d7:1e:f5:22:cb:eb:
+         eb:b6:2b:33:5e:8c:56:85:fe:38:c4:94:14:30:77:ee:cb:d8:
+         03:f9:3d:50:b6:92:9a:9e:59:0b:99:95:e6:83:de:5e:03:08:
+         e6:75:12:0c:89:d1:59:29:0d:db:6e:cf:9b:1a:b5:88:ba:d6:
+         d7:c3:ca:0e:31:33:3f:7a:64:ee:c7:80:09:c2:52:15:aa:1a:
+         d0:df:96:1f:c2:11:ea:6f:39:46:15:58:23:f0:d3:b8:a8:26:
+         41:ae:cb:1a:f8:43:6f:5f:2a:84:b6:d2:71:f3:b5:94:f4:6a:
+         c2:61:8f:9a:64:e2:71:43:06:c5:a4:b9:48:95:29:41:37:c1:
+         3e:9f:56:97:ca:81:dd:4d:0c:35:5e:fd:bd:4c:7c:30:3e:fa:
+         f1:24:70:8b:a9:f3:d0:d7:0d:04:b7:67:0f:b4:4f:e4:a9:96:
+         02:9a:6e:7a:9d:76:90:fb:9a:5b:f8:0d:7d:03:b4:94:39:9e:
+         a8:c6:65:b9:60:86:c5:99:4d:c3:74:08:1f:24:31:04:df:3e:
+         f3:e8:f3:1e:3b:bf:ac:bf:2a:43:f3:41:5d:27:5b:d3:9f:7a:
+         60:a1:60:a1:5e:01:a5:1d:42:38:38:1b:00:66:d1:6d:da:21:
+         a0:e3:27:da:8e:4d:1a:b3:33:ed:28:9a:62:b7:21:3b:fd:3d:
+         66:1e:50:b8:77:24:99:ca:0f:c9:0c:cb:22:17:60:63:e5:29:
+         cd:5b:c3:86:85:73:72:08:b3:6f:90:cd:9f:13:8f:8b:33:97:
+         f2:fe:e9:fd:fd:1d:33:6e:06:dd:dd:1a:36:6e:6a:63:3e:84:
+         20:5c:08:89:f8:bc:b1:84:b9:6c:70:ea:bb:6d:58:1a:db:a9:
+         cb:6c:2b:61:1b:ee:11:94:d8:6a:56:7f:23:ec:57:fd:38:df:
+         2c:7b:dd:b0:58:3b:7a:9d
+-----BEGIN CERTIFICATE-----
+MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDIwNTIwNDQ1M1oXDTM4MDIwNTIwNDQ1M1owgaUxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tQUtC
+LXNlcnZlcjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCcGJuBohUH
+BNkdx6laA9ShkJdD8mxlX9pEd9+g+W2+hcA7bAi0NxZV+0cObpPeXcLzpQnY6aiG
+97po5pR8Gn0y50TkhsuMXlwue+30MRI0lTFEVt6O3zqhCbNZxbHJosp9v7IfqTZ8
+cG92bnWacryAGVCIrqb+BX0x37oj0/16Os5Wog9yMwx9PTPFphSZQ3cu5he+NsJX
+uf/+GZLbdKDjFwHkDUhQ16gLvkb9Zbqq3lZdnWrJd9H0T2n1en62d3lvZrnkzuXU
+JVLXa/GyI+DCCL4yqDyxMfrLMczejEsPB+RAlcbQc41H4EMuw6FZzNMGioDPgdx4
+BGdmv6fTrEoOq94y+5j7gEGvTWY56uA8vbuCdoKSevYeeGT1oCS+ukRgD762NEtq
+6T4Kh2PC+ocUzIVZ5zPGlUeH49kHrzm3iWhekLzsEtHyEVDOkLyQOp6AqVVmUePa
+4xgcoVsfru2VlgHrJVqfCJMZt5INPfW02/hLOvck/HQUzh39Ktg3/JKKwrg4+PiG
+bSlfQTpDGH3dZyMYZOZoIaDyDNwD67FS3FG1wPqKUfZSIbPIkVMxtK/y3Ltbncnl
+IL798AjI9/aCIgcwEDx0PczWLQ6Sw8m7eNdeYRRCBFnELJTT1DxcVDYDCun+PVEe
+f0CdWYl1X9+ljmMY0v8sX6JBIX8xhIydXwIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
+ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
+bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJknjjCspbNWclyA
+O5pT01SbuPcKMIHTBgNVHSMEgcswgciAFHxCgucD6wWX5p49FMX/rCWhuAzooYGk
+pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEQMA4GA1UEAxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQCdp62lmemfrjATBgNVHSUEDDAKBggrBgEF
+BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
+CwUAA4ICAQCesHpgQggp6EmuW/FyxsBkTA6g0jGNfnu2AJpvtwdDI1TqCmOgaDBU
+yWSL579YCPti7vpvjPElPG67Mi7rWRk2lN+iTTdxUdu3AhqxsoZEFWg5ldFngdqu
+ZNT4BdmBR9Dxh+bALfqqGe5w1CloXmfWTbb4zDhWNFBZtE7lS3mB9w5igzrBsANQ
+1Sf1mU0BkrFwnM2VYmsssjTwtq3XHvUiy+vrtiszXoxWhf44xJQUMHfuy9gD+T1Q
+tpKanlkLmZXmg95eAwjmdRIMidFZKQ3bbs+bGrWIutbXw8oOMTM/emTux4AJwlIV
+qhrQ35YfwhHqbzlGFVgj8NO4qCZBrssa+ENvXyqEttJx87WU9GrCYY+aZOJxQwbF
+pLlIlSlBN8E+n1aXyoHdTQw1Xv29THwwPvrxJHCLqfPQ1w0Et2cPtE/kqZYCmm56
+nXaQ+5pb+A19A7SUOZ6oxmW5YIbFmU3DdAgfJDEE3z7z6PMeO7+svypD80FdJ1vT
+n3pgoWChXgGlHUI4OBsAZtFt2iGg4yfajk0aszPtKJpityE7/T1mHlC4dySZyg/J
+DMsiF2Bj5SnNW8OGhXNyCLNvkM2fE4+LM5fy/un9/R0zbgbd3Ro2bmpjPoQgXAiJ
++LyxhLlscOq7bVga26nLbCthG+4RlNhqVn8j7Ff9ON8se92wWDt6nQ==
+-----END CERTIFICATE-----
diff --git a/AKB/openvpn/gw-ckubu/keys/server.csr b/AKB/openvpn/gw-ckubu/keys/server.csr
new file mode 100644
index 0000000..9429ae4
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/server.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6zCCAtMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tQUtCLXNlcnZlcjEQMA4GA1UEKRMHVlBO
+IEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQCcGJuBohUHBNkdx6laA9ShkJdD8mxlX9pEd9+g
++W2+hcA7bAi0NxZV+0cObpPeXcLzpQnY6aiG97po5pR8Gn0y50TkhsuMXlwue+30
+MRI0lTFEVt6O3zqhCbNZxbHJosp9v7IfqTZ8cG92bnWacryAGVCIrqb+BX0x37oj
+0/16Os5Wog9yMwx9PTPFphSZQ3cu5he+NsJXuf/+GZLbdKDjFwHkDUhQ16gLvkb9
+Zbqq3lZdnWrJd9H0T2n1en62d3lvZrnkzuXUJVLXa/GyI+DCCL4yqDyxMfrLMcze
+jEsPB+RAlcbQc41H4EMuw6FZzNMGioDPgdx4BGdmv6fTrEoOq94y+5j7gEGvTWY5
+6uA8vbuCdoKSevYeeGT1oCS+ukRgD762NEtq6T4Kh2PC+ocUzIVZ5zPGlUeH49kH
+rzm3iWhekLzsEtHyEVDOkLyQOp6AqVVmUePa4xgcoVsfru2VlgHrJVqfCJMZt5IN
+PfW02/hLOvck/HQUzh39Ktg3/JKKwrg4+PiGbSlfQTpDGH3dZyMYZOZoIaDyDNwD
+67FS3FG1wPqKUfZSIbPIkVMxtK/y3LtbncnlIL798AjI9/aCIgcwEDx0PczWLQ6S
+w8m7eNdeYRRCBFnELJTT1DxcVDYDCun+PVEef0CdWYl1X9+ljmMY0v8sX6JBIX8x
+hIydXwIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBACMc1JUuWsLOlrru5FqpNDz3
+CeU0hDzv24axKVmHvyfUJO5PT2mGAsogEaH2+x2UJrowiuTUwV+nKjOY7XKkNHHA
+eLISihwKa/vjVcftGA6PsXV6bDEIFvyE1y/3TTDpAtoiaBp5BsCePeAlPjVTS9dn
+kxTGdEHfHovv8/NAu1xLcyeqN12oAZkNzupQn/at2F0ylOAd0+RUbayIUMYpOJGe
+Wcj8CkQUBjJgUdr4JfOBr+7m4zhxBwdkB7IhCXLPEoPsSIE7pHE33jFMMXop2tCr
+XJZD/mqlvgUG3AaIclypxGPNiLgSyFDeoULzDOhgX6obdrnd2yG/eFb6lGdyFKtH
+3TngupjW5o8+R9cW0IfR8wEL3rMGig0CrV3JB56PWUSj7xgbe5M31NvgLgoo5Cnd
+gjaGxJfk4jS7XeGiLsM1QSPp/hb1oj43m42QdWtwIXGv4xjROQ4ay5fcns8yrZt9
+5ZLfHoCiUU0P0Lpz58EsS2y4zqckjxE43ZQk01xgYBbZ/1hoygZBHgrLlGKKHGF0
+UicoDLj6XNAo8nDrAmE6cX6THDXmgZiXZx40JapP/egHsEkCdvJkvycGLF8grvx7
+InRIMujTeM+s/o/4s07iWNBD0b7qJ6QoSE6EPKVU/QDTukMp/hqiF0Uuj6EVFT1Y
+1agUHxFN19HxccZtz7kE
+-----END CERTIFICATE REQUEST-----
diff --git a/AKB/openvpn/gw-ckubu/keys/server.key b/AKB/openvpn/gw-ckubu/keys/server.key
new file mode 100644
index 0000000..af9a1aa
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/server.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCcGJuBohUHBNkd
+x6laA9ShkJdD8mxlX9pEd9+g+W2+hcA7bAi0NxZV+0cObpPeXcLzpQnY6aiG97po
+5pR8Gn0y50TkhsuMXlwue+30MRI0lTFEVt6O3zqhCbNZxbHJosp9v7IfqTZ8cG92
+bnWacryAGVCIrqb+BX0x37oj0/16Os5Wog9yMwx9PTPFphSZQ3cu5he+NsJXuf/+
+GZLbdKDjFwHkDUhQ16gLvkb9Zbqq3lZdnWrJd9H0T2n1en62d3lvZrnkzuXUJVLX
+a/GyI+DCCL4yqDyxMfrLMczejEsPB+RAlcbQc41H4EMuw6FZzNMGioDPgdx4BGdm
+v6fTrEoOq94y+5j7gEGvTWY56uA8vbuCdoKSevYeeGT1oCS+ukRgD762NEtq6T4K
+h2PC+ocUzIVZ5zPGlUeH49kHrzm3iWhekLzsEtHyEVDOkLyQOp6AqVVmUePa4xgc
+oVsfru2VlgHrJVqfCJMZt5INPfW02/hLOvck/HQUzh39Ktg3/JKKwrg4+PiGbSlf
+QTpDGH3dZyMYZOZoIaDyDNwD67FS3FG1wPqKUfZSIbPIkVMxtK/y3LtbncnlIL79
+8AjI9/aCIgcwEDx0PczWLQ6Sw8m7eNdeYRRCBFnELJTT1DxcVDYDCun+PVEef0Cd
+WYl1X9+ljmMY0v8sX6JBIX8xhIydXwIDAQABAoICAQCWFGa3bcHv3K5vnn9qJ5Kx
+wFZfot6rXUx7VhHyML9eVjSsLUP1GZ3lD1KTQqfzPYzqOvzLzGQXWGmm4ENVSxai
+8Y7gdeWQ0Uyp+MehZ+jMG8GhpjAXh/NT0ALbxmMYreconj3BiSz02hmg8bUqyTQJ
+qc0vjVTLmTV01VmfhvwIIDAxRWG6d/CDHWwAlZzqet5Ffj7HyNh0BkZl5eq4C1uA
+26cav9aOu7o7iDey/LNMA7dgDLEWgZig4BXNSng4MYjVHhyPLIn2vef3bTaWAz7e
+8A8Gn5CzAY3S/c+vDY5BJmJD4n2j/+WPfMS7WqZws6kVeec9G+uAjSNpu829i8Iq
+9pfRsnYWIIim+ydLDbg63ZwhkthwI2PVrd62NsRNv5y1WcE8r+6UeI2hNykWVRiv
+giGvEyO+Ldb2h7QKZxh4M4XEx+c+nOQ0SWeDKCDhFjje271QiVzffoftErmu7Ht3
+502FDzrzS85yRrmuJZhF5z1GcROtBb2SNfUtORooi6wQh79eZuJT0gcGX1B9dtZB
+2tALxwrjkyA7paYnyYU8LD6efm1sMoHZKW7eLk0AKhyi3g6RP4cas9Ospfd58CLQ
+9dtxkNII0VkAfO8LSwVumIcxGCnHiv0NPb2QbVdNxgAttjsQH//Bk3iisU9UJejK
+fGmgf5tdY6SyGXvOUsBq0QKCAQEAyBRN0kM8/V35Q/ZAPxB5YjdMx4MxwJuGbi4z
+rZ6eAPhR0FSKrjhkdLo4uIkMm7svGVVnGle9aejWimh5RcqnENVePf8XstaPVeWJ
+g8EHt22LBVnVg0G79aeFG4I4YqQcNQey8FHQxNMvCKNiVra0381nzR8yuwKHiYLv
+7anmLaL+EtYUkTN1mckUMAOykGL8w6x1xvlAPmUTU4d1Ksm5hiTCvXiMJ8GGVaI2
+0hTDuOh7rUAqHpDy8zMiUOCCbvbn0qy+t0g2PavZWW/YHoA8FmA/PuS33g1MbxdP
+dtvGVbXqyQzYVb3pfKLSal9C0L+Ek/VrfzFRoRJCib7a7Hb4RwKCAQEAx7lNNEGv
+D+Om8LsCjWV8iSQ5yHR1jOdVHWixY7s0u720Oxbr+yqsTCFlQWD/XqAyDXUd0VRO
+Gav9YbN4SyNgp3NjNF0umLpERFLMHHtfNKuGdcSQBTHd4GvDSd6RhhtgUQJLfoSV
+mh0AvEQ69diVUp1c1wAEYtp9WQ1VPyIymUat3lmODpa3/MjfJ3+BLl8Wu/RLcQBh
+6H3sdOXIugjQP0t6Y7X0Cms482Z6nvn8cMJ5/4fOmrjUS+K59HNs2lL8p69GqKOY
+8LYZu81FepJ2cU66Fi03iKsfG3zVdVIDIrARuxT7P8psCR66gCD/W+LMrLcOKrnT
+MQ85xDgHU7FWKQKCAQEAtxVtSNRiQO73I2t4yryGdotn5MF2i2tFjhkVDPCyYOzZ
+4Ksb4+SSeAXX1XUDZpXYuXPezsou93UqrKiBII4aZlr4y/5bbzjLHKzYMwo1x3Gj
+3xefO2axWk8ajFuSwSCu9w++fA5B3Xnp9hub5wF1bb4GGDtOLrZX1EtOxcnMaUJX
+AGGJnHzcRgcsQ+t+QIV0CpILjDGUygOvtaWkX60L6WZGFR70EYUTKdUwGPkLSG7k
+jVrDsAivaEAITL3EXUnuRGfydMDNcY2JbD/eIbryQP99oE2muriskpNgEcF2MgQv
+fh4U8BDCUVyk8tWMzHwUE1hmL5OvwJZ28JkGt47+DQKCAQAKVL13nIYvrjjubt38
+7mj4txT+F3gVJ8oxUT8Lx508sN1nyRG/1j8/WOLh9OCAxoyQQaSfNVss3MaojR4F
+1Pik8MUK6l8Eq23oktfYCVGtacn0wYwpmKC/gROC+K5SX4wl5JZ/HuCWLjXhhy39
+lYxzz4wD2w5fBqpBNv1X3K79WriXrc45VvaBbuqMIn5OJcEJS+OzHq/x1MGsck5l
+wRr0izTzf2/2MgGqJXzmSEwUkRq6aw321uS0YC/6QxY4XN6Q1fIzuvKoUOMX4dBc
+PMM/rTDXANPEkAV16IkqHmnnG3BvWvB8Jj5cYmiHRC2xVRP9QyLKdv5DpWP5kGRg
+oeWxAoIBAQDFn5mGMpU6a2ltfMOix7yQrhTOweAuM8ArTiCx8/JZCgljzDMjLXk5
+gaXuQPupiEtaluwsJUYmeSoIVou70u4vbp5iamSRYjmTNAcPG1LcY1IXW7jurlzl
+ADg9bP2BdRff4s1MrmFxSePIEIHekAkeit1CrU57QrqHDrUoLczIjWFka7vaP8wG
+bvc6MYpC+8Hz22N9UhJfycNQzmjm61EYCn3pUcgKNNQzBu0bU/yRNpT8I4+BoHmw
+Gixw+enBljA3vG9ZNSAB+OV+V1RDnkOHGuaOQot+SAxUiVdHRBU07UkcWnapve8w
+fHQesE/RjABrmDIPh120VQRmoENL/NnW
+-----END PRIVATE KEY-----
diff --git a/AKB/openvpn/gw-ckubu/keys/ta.key b/AKB/openvpn/gw-ckubu/keys/ta.key
new file mode 100644
index 0000000..c32893c
--- /dev/null
+++ b/AKB/openvpn/gw-ckubu/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+ea4b0c3c2469d8119fba1b968f7a3ac1
+97af13fc4b4fd1d7e6e3aa6b6513ca98
+0acee9fba071da555f9ce14d6642e20a
+452192aada6a80e73dc62c3103c780fe
+8b5df3a054ba1e86d01bb880defbac93
+f061ebe4cf87f5c123ec49ba82f50e1a
+e83290dfd4debeba063e3ca1c5f37bac
+457184dea9a1a97a053ada58f63b7c1f
+1de01ca49f3789716e8df654727e4ee4
+77d9b182ba174ef871d72ea2bf82d25b
+8d02b7a783324263e03229c0852e712f
+950c0528985bc1050145f6e1a2379466
+11058027d0373a920718c5a5b2f9177c
+94365214e24022b2c34d51f25b008f02
+8a198e2ae5910e83120b533853bc47a6
+2a579fc8df42a997fa4e4854fcf1608a
+-----END OpenVPN Static key V1-----
diff --git a/AKB/openvpn/server-akb.conf b/AKB/openvpn/server-akb.conf
new file mode 100644
index 0000000..88b2bd1
--- /dev/null
+++ b/AKB/openvpn/server-akb.conf
@@ -0,0 +1,314 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Enable TUN IPv6 module
+;tun-ipv6
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca /etc/openvpn/akb/keys/ca.crt
+cert /etc/openvpn/akb/keys/server.crt
+key /etc/openvpn/akb/keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh /etc/openvpn/akb/keys/dh4096.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+;server 10.8.0.0 255.255.255.0
+;server-ipv6 2a01:30:1fff:fd00::/64
+server 10.0.82.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/akb/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.82.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir /etc/openvpn/akb/ccd/server-akb
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.82.1"
+push "dhcp-option DOMAIN akb.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth /etc/openvpn/akb/keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-akb.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-akb.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 1
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/akb/crl.pem
diff --git a/AKB/openvpn/server-gw-ckubu.conf b/AKB/openvpn/server-gw-ckubu.conf
new file mode 100644
index 0000000..ca3e58c
--- /dev/null
+++ b/AKB/openvpn/server-gw-ckubu.conf
@@ -0,0 +1,317 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1195
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+route 192.168.63.0 255.255.255.0 10.1.82.1
+route 192.168.64.0 255.255.255.0 10.1.82.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Enable TUN IPv6 module
+;tun-ipv6
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca /etc/openvpn/gw-ckubu/keys/ca.crt
+cert /etc/openvpn/gw-ckubu/keys/server.crt
+key /etc/openvpn/gw-ckubu/keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh /etc/openvpn/gw-ckubu/keys/dh4096.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+;server 10.8.0.0 255.255.255.0
+;server-ipv6 2a01:30:1fff:fd00::/64
+server 10.1.82.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/gw-ckubu/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.82.0 255.255.255.0"
+push "route 192.168.83.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir /etc/openvpn/gw-ckubu/ccd/server-gw-ckubu
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.82.1"
+push "dhcp-option DOMAIN akb.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth /etc/openvpn/gw-ckubu/keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-gw-ckubu.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-gw-ckubu.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 1
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/gw-ckubu/crl.pem
diff --git a/AKB/openvpn/update-resolv-conf b/AKB/openvpn/update-resolv-conf
new file mode 100755
index 0000000..fc2f031
--- /dev/null
+++ b/AKB/openvpn/update-resolv-conf
@@ -0,0 +1,58 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+# 
+# Example envs set from openvpn:
+#
+#     foreign_option_1='dhcp-option DNS 193.43.27.132'
+#     foreign_option_2='dhcp-option DNS 193.43.27.133'
+#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+[ -x /sbin/resolvconf ] || exit 0
+[ "$script_type" ] || exit 0
+[ "$dev" ] || exit 0
+
+split_into_parts()
+{
+	part1="$1"
+	part2="$2"
+	part3="$3"
+}
+
+case "$script_type" in
+  up)
+	NMSRVRS=""
+	SRCHS=""
+	for optionvarname in ${!foreign_option_*} ; do
+		option="${!optionvarname}"
+		echo "$option"
+		split_into_parts $option
+		if [ "$part1" = "dhcp-option" ] ; then
+			if [ "$part2" = "DNS" ] ; then
+				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
+			elif [ "$part2" = "DOMAIN" ] ; then
+				SRCHS="${SRCHS:+$SRCHS }$part3"
+			fi
+		fi
+	done
+	R=""
+	[ "$SRCHS" ] && R="search $SRCHS
+"
+	for NS in $NMSRVRS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
+	;;
+  down)
+	/sbin/resolvconf -d "${dev}.openvpn"
+	;;
+esac
+
diff --git a/AKB/pap-secrets.AKB b/AKB/pap-secrets.AKB
new file mode 100644
index 0000000..0e3a399
--- /dev/null
+++ b/AKB/pap-secrets.AKB
@@ -0,0 +1,44 @@
+#
+# /etc/ppp/pap-secrets
+#
+# This is a pap-secrets file to be used with the AUTO_PPP function of
+# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
+# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
+# after a user has passed this file. Don't be disturbed therefore by the fact
+# that this file defines logins with any password for users. /etc/passwd
+# (again, /etc/shadow, too) will catch passwd mismatches.
+#
+# This file should block ALL users that should not be able to do AUTO_PPP.
+# AUTO_PPP bypasses the usual login program so it's necessary to list all
+# system userids with regular passwords here.
+#
+# ATTENTION: The definitions here can allow users to login without a
+# password if you don't use the login option of pppd! The mgetty Debian
+# package already provides this option; make sure you don't change that.
+
+# INBOUND connections
+
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+*	hostname	""	*
+
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd!
+guest	hostname	"*"	-
+master	hostname	"*"	-
+root	hostname	"*"	-
+support	hostname	"*"	-
+stats	hostname	"*"	-
+
+# OUTBOUND connections
+
+# Here you should add your userid password to connect to your providers via
+# PAP. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+
+#	*	password
+
+## - Aktionsbuendnis
+"feste-ip9/1TBGC27CYX92@t-online-com.de" * "7FbmJz7L"
diff --git a/AKB/peers/dsl-akb b/AKB/peers/dsl-akb
new file mode 100644
index 0000000..e58746e
--- /dev/null
+++ b/AKB/peers/dsl-akb
@@ -0,0 +1,18 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+
+ifname ppp-akb
+plugin rp-pppoe.so eth2
+user "feste-ip9/1TBGC27CYX92@t-online-com.de"
diff --git a/AKB/peers/dsl-provider b/AKB/peers/dsl-provider
new file mode 100644
index 0000000..3ba674f
--- /dev/null
+++ b/AKB/peers/dsl-provider
@@ -0,0 +1,17 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+
+plugin rp-pppoe.so eth2
+user "feste-ip9/1TBGC27CYX92@t-online-com.de"
diff --git a/AKB/peers/dsl-provider.ALT b/AKB/peers/dsl-provider.ALT
new file mode 100644
index 0000000..8ac7bae
--- /dev/null
+++ b/AKB/peers/dsl-provider.ALT
@@ -0,0 +1,45 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+# Assumes that your IP address is allocated dynamically
+# by your DSL provider...
+noipdefault
+
+# Try to get the name server addresses from the ISP.
+#usepeerdns
+
+# Comment out if you already have the correct default route installed.
+defaultroute
+#replacedefaultroute
+
+
+hide-password
+lcp-echo-interval 30
+lcp-echo-failure 4
+
+# Override any connect script that may have been set in /etc/ppp/options.
+connect /bin/true
+noauth
+persist
+
+## mtu 1492
+## - notwendig bei vergabe einer festen ip
+## - von t-online: 
+## -    mtu 1456
+## -
+#mtu 1492
+mtu 1456
+
+# RFC 2516, paragraph 7 mandates that the following options MUST NOT be
+# requested and MUST be rejected if requested by the peer:
+# Address-and-Control-Field-Compression (ACFC)
+noaccomp
+# Asynchronous-Control-Character-Map (ACCM)
+default-asyncmap
+
+
+#maxfail 0
+#holdoff 20
+
+plugin rp-pppoe.so eth2
+user "feste-ip9/1TBGC27CYX92@t-online-com.de"
+#user "t-online-com/1TBGC27CYX92@t-online-com.de"
diff --git a/AKB/peers/provider b/AKB/peers/provider
new file mode 100644
index 0000000..e74d71a
--- /dev/null
+++ b/AKB/peers/provider
@@ -0,0 +1,35 @@
+# example configuration for a dialup connection authenticated with PAP or CHAP
+#
+# This is the default configuration used by pon(1) and poff(1).
+# See the manual page pppd(8) for information on all the options.
+
+# MUST CHANGE: replace myusername@realm with the PPP login name given to
+# your by your provider.
+# There should be a matching entry with the password in /etc/ppp/pap-secrets
+# and/or /etc/ppp/chap-secrets.
+user "myusername@realm"
+
+# MUST CHANGE: replace ******** with the phone number of your provider.
+# The /etc/chatscripts/pap chat script may be modified to change the
+# modem initialization string.
+connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
+
+# Serial device to which the modem is connected.
+/dev/modem
+
+# Speed of the serial line.
+115200
+
+# Assumes that your IP address is allocated dynamically by the ISP.
+noipdefault
+# Try to get the name server addresses from the ISP.
+usepeerdns
+# Use this connection as the default route.
+defaultroute
+
+# Makes pppd "dial again" when the connection is lost.
+persist
+
+# Do not ask the remote to authenticate.
+noauth
+
diff --git a/AKB/rc.local.AKB b/AKB/rc.local.AKB
new file mode 100755
index 0000000..738bf98
--- /dev/null
+++ b/AKB/rc.local.AKB
@@ -0,0 +1,19 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+# By default this script does nothing.
+
+#/etc/init.d/PowerChute start || true
+
+#/bin/systemctl stop openvpn || /bin/true
+
+
+exit 0
diff --git a/AKB/resolv.conf.AKB b/AKB/resolv.conf.AKB
new file mode 100644
index 0000000..46f88c0
--- /dev/null
+++ b/AKB/resolv.conf.AKB
@@ -0,0 +1,3 @@
+domain akb.netz.
+search akb.netz.
+nameserver 127.0.0.1
diff --git a/AKB/sasl_passwd.AKB b/AKB/sasl_passwd.AKB
new file mode 100644
index 0000000..dc48128
--- /dev/null
+++ b/AKB/sasl_passwd.AKB
@@ -0,0 +1 @@
+[b.mx.oopen.de] anw-akb@b.mx.oopen.de:OoKunae9ifam
diff --git a/AKB/sasl_passwd.db.AKB b/AKB/sasl_passwd.db.AKB
new file mode 100644
index 0000000..ef0ebe0
Binary files /dev/null and b/AKB/sasl_passwd.db.AKB differ
diff --git a/AKB/sbin/check_net.sh b/AKB/sbin/check_net.sh
new file mode 100755
index 0000000..0ee4573
--- /dev/null
+++ b/AKB/sbin/check_net.sh
@@ -0,0 +1,623 @@
+#!/usr/bin/env bash
+
+## -------------------------------------------------------------------
+## --- All Configurations ill be done in /etc/check_net/check_net.conf
+## -------------------------------------------------------------------
+
+## - Load Configuration
+## -
+source /etc/check_net/check_net.conf
+
+
+## ------------------
+## --- Some functions
+## ------------------
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+fatal(){
+   echo ""
+   echo -e "[ \033[31m\033[1mError\033[m ]: $*"
+   echo ""
+   echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m"
+   echo ""
+
+   echo "" >> $log_file
+   echo "[ Error ]: $*" >> $log_file
+   echo "" >> $log_file
+   echo "           Script is canceled." >> $log_file
+   echo "" >> $log_file
+
+   exit 1
+}
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+set_ping_addresses () {
+
+   if $DEBUG ; then
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Try to set IP-Address(es) for ping test. This may take some time.." >> $log_file
+   fi
+
+   ping_test_ip=""
+   unset ping_ip_arr 
+   declare -i i=0
+   for _host in $PING_TEST_HOSTS ; do
+      while [ $i -lt 2 ]; do
+         if dig +short $_host > /dev/null 2>&1 ; then
+            ping_test_ip=`dig +short $_host | head -1`
+            if ping -q -c2 $ping_test_ip >/dev/null 2>&1 ; then
+               ping_ip_arr+=("$ping_test_ip")
+               let i++
+               break
+            fi
+         fi
+         break
+      done
+   done
+
+   if [ ${#ping_ip_arr[@]} -lt 1 ]; then
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Setting IP-Address(es) for ping test FAILED!" >> $log_file
+   else
+      if $DEBUG ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] IP-Addresses for ping tests set to ${ping_ip_arr[@]}" >> $log_file 
+      fi
+   fi
+}
+usage() { 
+   echo  
+   [ -n  "$1" ] && echo -e "[ \033[1;31mError\033[m ] : $1\n" 
+ 
+echo -e "   Usage:" 
+echo -e "          \033[1m`basename $0` [OPTIONS] <device1> <device2> ..\033[m" 
+echo "" 
+echo -e "   This script checks the status (online/offline) of the given devices. Afterward another"
+echo "      script called \033[1m`basename $netconfig_script`\033[m will be triggered to configure"
+echo "      the routing depending on the status of the devices."
+echo ""
+echo -e "   It is strongly recommend to put \033[1mall devices, which should have a connection to"
+echo -e "   the internet\033[m, on the command line."
+echo ""
+echo -e "   \033[1mNotice\033[m"
+echo -e "      On static line devices \033[1mappend \":<gateway>\"\033[m. This is very important,"
+echo -e "      otherwise this script will \033[1mNOT work as expected\033[m."
+echo -e "      Example:"
+echo -e "            \033[1m`basename $0` -l \"eth0 ppp-light\" eth0:172.16.0.1 ppp-light\033[m"
+echo ""
+echo -e "   The declaration of the device(s) is mandatory."
+echo ""
+echo -e "   Options:"
+echo ""
+echo -e "      \033[1m-h\033[m"
+echo -e "         Prints this help\033[m"
+echo ""   
+echo -e "      \033[1m-l <list of online devices>\033[m"
+echo -e "         List of all (internet) devices known as online."
+echo ""
+
+exit 1
+}
+
+
+if [[ $EUID -ne 0 ]]; then
+   fatal "This script must be run as root" 1>&2
+fi
+
+if [[ ! -f "$netconfig_script" ]]; then
+   fatal "Netconfig script \"$netconfig_script\" not found!"
+fi
+
+
+## -------------------------------------------------
+## --- If script is  already running, stop execution
+## -------------------------------------------------
+
+LOCK_DIR=/tmp/`basename $0`.LOCK
+if mkdir "$LOCK_DIR" 2> /dev/null ; then
+
+   ## - Remove lockdir when the script finishes, or when it receives a signal
+   trap 'rm -rf "$LOCK_DIR"' 0 2 15
+
+else
+
+   datum=`date +"%d.%m.%Y"`
+   msg="[ Error ]: A previos instance of script \"`basename $0`\" seems already be running.\n\n           Exiting now.."
+   echo -e "To:${admin_email}\n${content_type}\nSubject:DSL Script Error $company -- $datum\n\n${msg}\n" | /usr/sbin/sendmail -F "DSL Monitoring $company" -f $from_address $admin_email 2> /dev/null
+
+   if $LOGGING_CONSOLE ; then
+      echo ""
+      echo "[ Error ]: A previos instance script \"`basename $0`\" seems already be running."
+      echo ""
+      echo "           Exiting now.."
+      echo ""
+   fi
+   exit 1
+
+fi
+
+
+## -------------
+## --- Configure
+## -------------
+
+while getopts l:h opt ; do
+   case $opt in
+      h) usage ;;
+      l) ONLINE_DEVICE_LIST=$OPTARG
+         ;;
+   esac
+done
+
+shift `expr $OPTIND - 1`
+
+INITIAL_DEVICE_LIST="$@"
+if [[ -z "$INITIAL_DEVICE_LIST" ]]; then
+   INITIAL_DEVICE_LIST=$_INITIAL_DEVICE_LIST
+fi
+
+[[ -z "$INITIAL_DEVICE_LIST" ]] && usage "No device list given"
+      
+
+## - Define (non associative) array
+## -
+declare -a inet_devices_arr
+declare -a dsl_devices_arr
+declare -a static_devices_arr
+declare -a online_devices_arr
+declare -A static_gw_arr
+declare -A dsl_gw_available_arr
+
+for _device in $INITIAL_DEVICE_LIST ; do
+   if [[ "$_device" =~ : ]]; then
+      static_gateway="${_device##*:}"
+      _device="${_device%:*}"
+      static_gw_arr[$_device]="$static_gateway"
+
+      static_devices_arr+=("$_device")
+
+   else
+      dsl_devices_arr+=("$_device")
+   fi
+   inet_devices_arr+=("$_device")
+done
+
+for _online_device in $ONLINE_DEVICE_LIST ; do
+   online_devices_arr+=("$_online_device")
+done
+
+## - Define associative array
+## -
+declare -A remote_gw_arr
+declare -A filetime_PID_arr
+for inet_device in "${online_devices_arr[@]}" ; do
+
+   if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+      remote_gw_address="$(ip addr show $inet_device 2> /dev/null | grep peer | awk '{print$4}' | cut -d "/" -f1)"
+   else
+      remote_gw_address=${static_gw_arr[$inet_device]}
+   fi
+
+   remote_gw_arr[$inet_device]=$remote_gw_address
+   _pid_file=/var/run/${inet_device}.pid
+   if [ -f $_pid_file ]; then
+      filetime_PID_arr[$inet_device]=`stat -c %Y /var/run/${inet_device}.pid`
+   else
+      filetime_PID_arr[$inet_device]="NOT FOUND"
+   fi
+done
+
+declare -a ping_ip_arr;
+
+
+#echo "--"
+#for _key in "${!filetime_PID_arr[@]}" ; do
+#   echo "filetime_PID_arr[$_key]: ${filetime_PID_arr[$_key]}"
+#done
+#
+#for _key in "${!remote_gw_arr[@]}" ; do
+#   echo "remote_gw_arr[$_key]: ${remote_gw_arr[$_key]}"
+#done
+#
+#for _device in ${online_devices_arr[@]} ; do
+#   echo "$_device is online"
+#done
+#echo "--"
+#exit
+
+echo "" >> $log_file
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## ---" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## --- Starting script `basename $0`" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## ---" >> $log_file
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Devices configured..: ${inet_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Devices Online......: ${online_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] DSL Devices.........: ${dsl_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Static Devices......: ${static_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Remote Gateways.....: ${remote_gw_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## ---" >> $log_file
+
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## --- Initial Setup:" >> $log_file
+
+## - Initial: get ping addresses
+## -
+set_ping_addresses
+echo "" >> $log_file
+
+while true ; do
+
+   changed=false
+
+   for inet_device in "${inet_devices_arr[@]}" ; do
+
+      if $DEBUG ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] ## --- Device $inet_device" >> $log_file
+      fi
+
+      ## - Set interface name, routing tables name and, if available, remote gateway.
+      ## -
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+
+         ## - Is remote a remote gateway for this device knpn?
+         ## -
+         remote_gw_address="$(ip addr show $inet_device 2> /dev/null | grep peer | awk '{print$4}' | cut -d "/" -f1)"
+         iface_name="dsl-`echo $inet_device | cut -d '-' -f2`"
+         rt_name="dsl_`echo $inet_device | cut -d '-' -f2`"
+         if [[ -n "$remote_gw_address" ]]; then
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Add $remote_gw_address to array dsl_gw_available_arr for DSL line $inet_device" >> $log_file
+            fi
+            dsl_gw_available_arr[$inet_device]=$remote_gw_address
+         else
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] No remote gateway found for DSL line $inet_device" >> $log_file
+            fi
+            if [[ ${dsl_gw_available_arr[$inet_device]+_} ]]; then
+               if $DEBUG; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Unset dsl_gw_available_arr for DSL line $inet_device" >> $log_file
+               fi
+               unset ${dsl_gw_available_arr[$inet_device]}
+            fi
+         fi
+      else
+         remote_gw_address=${static_gw_arr[$inet_device]}
+         iface_name=$inet_device
+         rt_name="static_`echo $inet_device | cut -d '-' -f1`"
+      fi
+
+      
+      ## ---
+      ## ---  Check if routing through this connection works
+      ## ---
+
+      ## - Notice:
+      ## -    if no remote gateway is known (remote_gw_address is empty), then we don't
+      ## -    need to test here. 
+      ## -
+      device_is_online=false
+      if [[ -n "$remote_gw_address" ]]; then
+
+
+         ## - Check if routing through this dsl connection realy works
+         ## -
+         if [ ${#ping_ip_arr[@]} -lt 1 ]; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] No ip-address for ping-test is set. Skipping test.." >> $log_file
+         else
+            failed=true
+            for _key in ${!ping_ip_arr[@]} ; do
+               /sbin/ip rule add to ${ping_ip_arr[$_key]} table $rt_name
+               if ping -q -c2 ${ping_ip_arr[$_key]} >/dev/null 2>&1 ; then
+                  if $DEBUG ; then
+                     _local_gw=`curl -4 https://meine-ip.oopen.de 2> /dev/null` 
+                     if [ -n "$_local_gw" ]; then
+                        echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Using local gateway \"$_local_gw\" for ping test" >> $log_file
+                     fi
+                     echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Ping test (to ${ping_ip_arr[$_key]}) for device \"${inet_device}\" was successful." >> $log_file
+                  fi
+                  /sbin/ip rule del to ${ping_ip_arr[$_key]} table $rt_name
+                  failed=false
+                  device_is_online=true
+                  break
+               fi
+               /sbin/ip rule del to ${ping_ip_arr[$_key]} table $rt_name
+            done
+            if $failed ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Ping test for device \"${inet_device}\" failed" >> $log_file
+               #echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Status Devices \"$inet_device\" changed" >> $log_file
+               #echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Devices \"$inet_device\" is now OFFLINE" >> $log_file
+
+               ## - Remote gateway is not reachable. So empty variable "remote_gw_address"
+               #remote_gw_address=
+
+            fi # End: if $failed
+            
+         fi # End: if [ ${#ping_ip_arr[@]} -lt 1 ]; then
+
+      fi # End: if [[ -n "$remote_gw_address" ]]
+
+
+      ## ---
+      ## --- Now check, if something has changed
+      ## ---
+
+      if $device_is_online; then
+
+         if containsElement "$inet_device" ${online_devices_arr[@]} ; then
+
+            ## - <before>  <now>
+            ## -
+            ## -  online    online
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $inet_device is still online" >> $log_file
+            fi
+
+            ## - Check if remote gateway has changed
+            ## -
+            if [ "$remote_gw_address" != "${remote_gw_arr[$inet_device]}" ]; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ WARN  ] Remote Gateway on device \"$inet_device\" has changed: ${remote_gw_arr[$inet_device]} --> $remote_gw_address" >> $log_file
+               remote_gw_arr[$inet_device]=$remote_gw_address
+
+               _pid_file=/var/run/${inet_device}.pid
+               if [ -f $_pid_file ]; then
+                  filetime_PID_arr[$inet_device]=`stat -c %Y $_pid_file`
+               fi
+               changed=true
+            else
+               if $DEBUG ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Remote Gateway on device \"$inet_device\": still ${remote_gw_arr[$inet_device]}" >> $log_file
+               fi
+
+               ## - Test if pid-file's modify time hs changed
+               ## -
+               ## - Notice: that happens if your provider forces a reconnect (mostly one time a day
+               ## -         or in other words after 1440 minutes)
+               ## -
+               _pid_file=/var/run/${inet_device}.pid
+               if [ -f $_pid_file ]; then
+                  if [ "`stat -c %Y $_pid_file`" != "${filetime_PID_arr[$inet_device]}" ]; then
+                     echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Modify time for pid-file \"${inet_device}.pid\" has changed" >> $log_file
+                     filetime_PID_arr[$inet_device]=`stat -c %Y $_pid_file`
+                     changed=true
+                  fi
+               fi
+
+            fi
+
+         else
+            ## - <before>  <now>
+            ## -
+            ## -  offline   online
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Status Devices \"$inet_device\" changed" >> $log_file
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Devices \"$inet_device\" is now online" >> $log_file
+
+            ## - Add device to array online_devices_arr
+            ## -            
+            online_devices_arr+=("$inet_device")
+            ## - Add device to array remote_gw_arr
+            ## -
+            remote_gw_arr[$inet_device]=$remote_gw_address
+
+            _pid=/var/run/${inet_device}.pid
+            if [ -f "$_pid" ]; then
+               filetime_PID_arr[$inet_device]=`stat -c %Y /var/run/${inet_device}.pid`
+            fi
+            changed=true
+         fi # END: if containsElement "$inet_device" ${online_devices_arr[@]}
+
+      else # ELSE: if $device_is_online; then
+
+         if containsElement "$inet_device" ${online_devices_arr[@]} ; then
+
+            ## - <before>  <now>
+            ## -
+            ## -  online    offline
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Status Devices \"$inet_device\" changed" >> $log_file
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Devices \"$inet_device\" is now OFFLINE" >> $log_file
+
+            ## - In case of DSL Device, have a look at the ppp deamon
+            ## -
+            if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+               if ps -x | grep -E "/usr/sbin/pppd\s+call\s+$iface_name" > /dev/null 2>&1 ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] pppd for \"$iface_name\" is running: Waiting another period"  >> $log_file
+               else
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Trying to start pppd for \"$inet_device\".." >> $log_file
+                  /usr/sbin/pppd call $iface_name > /dev/null 2>&1
+               fi
+            fi
+
+            ## - Remove device from array online_devices_arr
+            ## - 
+            for _index in ${!online_devices_arr[@]} ; do
+               if [ "${online_devices_arr[$_index]}" = "$inet_device" ]; then
+                  unset online_devices_arr[$_index]
+                  break
+               fi
+            done
+            ## - Also remove device from remote_gw_arr
+            ## -
+            unset remote_gw_arr[$inet_device]
+
+            ## - In case of DSL Device, kill the concerning the ppp deamon
+            ## -
+            if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+               _pid=`ps -ax | grep -e "pppd call $iface_name" | grep -v grep | awk '{print$1}'`
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Kill ppp-daemon for $iface_name (pid $_pid)" >> $log_file
+
+               kill -9 $_pid
+            fi
+
+            changed=true
+         else
+            ## - <before>  <now>
+            ## -
+            ## -  offline   offline
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $inet_device is still offline" >> $log_file
+            fi
+
+            ## - In case of DSL Device, have a look at the ppp deamon
+            ## -
+            if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+               if ps -x | grep -E "/usr/sbin/pppd\s+call\s+$iface_name" > /dev/null 2>&1 ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] pppd for \"$iface_name\" is running: Waiting another period"  >> $log_file
+               else
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Trying to start pppd for \"$inet_device\".." >> $log_file
+                  /usr/sbin/pppd call $iface_name > /dev/null 2>&1
+               fi
+            fi
+
+         fi # END: if containsElement "$inet_device" ${online_devices_arr[@]}
+
+      fi # END: if $device_is_online; then
+
+   done # End: for inet_device in "${inet_devices_arr[@]}"
+
+
+   if $changed ; then
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Status Online Devices changed" >> $log_file
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Online Devices: ${online_devices_arr[@]}" >> $log_file
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Reconfigure Routing: invoking script \"$netconfig_script\".." >> $log_file
+      if [[ -z "${online_devices_arr[@]}" ]]; then
+         if $DEBUG ; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $netconfig_script $INITIAL_DEVICE_LIST" >> $log_file 
+         fi
+
+         $netconfig_script $INITIAL_DEVICE_LIST > /dev/null 2>&1
+      else
+         
+         _LIST=
+         for _device in ${online_devices_arr[@]} ; do
+            _LIST="$_LIST $_device"
+         done
+         _LIST=`echo "${_LIST}" | sed -e 's/^[ \t]*//'`
+         if $DEBUG ; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $netconfig_script -l \"$_LIST\" $INITIAL_DEVICE_LIST" >> $log_file 
+         fi
+         $netconfig_script -l "$_LIST" $INITIAL_DEVICE_LIST > /dev/null 2>&1
+      fi
+
+      datum=`date +"%d.%m.%Y"`
+      msg="[ `date +\"%H:%M:%S\"` ]: Status Online Devices changed..\n              Online Devices: ${online_devices_arr[@]}\n\n              Script \"$netconfig_script\" was invoked to reconfigure routing."
+      echo -e "To:${admin_email}\n${content_type}\nSubject:DSL Status changed $company -- $datum\n\n${msg}\n" | /usr/sbin/sendmail -F "DSL Monitoring $company" -f $from_address $admin_email 2> /dev/null
+   fi # END if $changed
+
+
+   ## - Set IP-adresses for Ping-Test at next run
+   ## -
+   if [[ ${#online_devices_arr[@]} -gt 0 ]]; then
+
+      ## - Try to set IP-Addresses for ping test
+      ## -
+      set_ping_addresses
+
+   elif [[ ${#dsl_gw_available_arr[@]} -gt 0 ]]; then
+
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Try to set default gateway to an existing DSL line .." >> $log_file
+
+      __set_default_gatway=false
+      default_gw_deleted=false
+
+      for _device in "${dsl_devices_arr[@]}" ; do
+
+         if $DEBUG ; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Device: $_device - Gateway: ${dsl_gw_available_arr[$_device]}" >> $log_file
+         fi
+
+         if [[ -n "${dsl_gw_available_arr[$_device]}" ]]; then
+
+            ## - Delete old default route
+            ## -
+            if ! $default_gw_deleted ; then
+               if $DEBUG ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route delete default" >> $log_file
+                  /sbin/ip route delete default >> $log_file 2>&1
+               else
+                  /sbin/ip route delete default > /dev/null 2>&1
+               fi
+               default_gw_deleted=true
+            fi
+            
+            ## - Try to set default gateway to this DSL connection
+            ## -
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route add default via ${dsl_gw_available_arr[$_device]} dev $_device" >> $log_file
+               /sbin/ip route add default via ${dsl_gw_available_arr[$_device]} dev $_device >> $log_file 2>&1
+            else
+               /sbin/ip route add default via ${dsl_gw_available_arr[$_device]} dev $_device > /dev/null 2>&1
+            fi
+            if [[ "$?" == "0" ]]; then
+               __set_default_gatway=true
+               break
+            fi
+         fi
+
+      done # END: for _device in "${inet_devices_arr[@]}"
+
+      if ! $__set_default_gatway ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] No default gateway (for DSL Device ${_device}) is set!"  >> $log_file
+      else
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Default gateway on DSL Device $_device is set to ${inet_devices_arr[$_device]}"  >> $log_file 
+
+
+         ## - Try to set IP-Addresses for ping test
+         ## -
+         set_ping_addresses
+      fi
+
+   elif [[  ${#static_devices_arr[@]} -gt 0 ]]; then
+
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Try to set default gateway to an existing static line .." >> $log_file
+
+      __set_default_gatway=false
+      default_gw_deleted=false
+
+      for _device in "${static_devices_arr[@]}" ; do
+
+            ## - Delete old default route
+            ## -
+            if ! $default_gw_deleted ; then
+               if $DEBUG ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route delete default" >> $log_file
+                  /sbin/ip route delete default >> $log_file 2>&1
+               else
+                  /sbin/ip route delete default > /dev/null 2>&1
+               fi
+               default_gw_deleted=true
+            fi
+
+            ## - Set new default route
+            ## -
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device" >> $log_file
+               /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device >> $log_file 2>&1
+            else
+               /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device > /dev/null 2>&1
+            fi
+
+            if [[ "$?" == 0 ]] ; then
+               __set_default_gatway=true
+               break
+            fi
+      done
+
+      if ! $__set_default_gatway ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] No default gateway is set!"  >> $log_file
+      else
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Default gateway is set to ${static_gw_arr[$_device]}"  >> $log_file
+
+         ## - Try to set IP-Addresses for ping test
+         ## -
+         set_ping_addresses
+
+      fi
+
+   fi # if [[ ${#online_devices_arr[@]} -gt 0 ]]
+
+   sleep 30
+
+done
+
+exit 0
diff --git a/AKB/sbin/ipt-firewall-gateway b/AKB/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..5be1a57
--- /dev/null
+++ b/AKB/sbin/ipt-firewall-gateway
@@ -0,0 +1,3947 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/AKB/sbin/netconfig.sh b/AKB/sbin/netconfig.sh
new file mode 100755
index 0000000..70e378d
--- /dev/null
+++ b/AKB/sbin/netconfig.sh
@@ -0,0 +1,993 @@
+#!/usr/bin/env bash
+
+## -------------------------------------------------------------------
+## --- All Configurations ill be done in /etc/check_net/check_net.conf
+## -------------------------------------------------------------------
+
+## - Load Configuration
+## -
+source /etc/check_net/check_net.conf
+
+
+## ------------------
+## --- Some functions
+## ------------------
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+fatal(){
+   echo ""
+   echo -e "[ \033[31m\033[1mError\033[m ]: $*"
+   echo ""
+   echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m"
+   echo ""
+
+   echo "" >> $log_file
+   echo "[ Error ]: $*" >> $log_file
+   echo "" >> $log_file
+   echo "           Script is canceled." >> $log_file
+   echo "" >> $log_file
+
+   exit 1
+}
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
+usage() {
+   echo 
+   [ -n  "$1" ] && echo -e "[ \033[1;31mError\033[m ] : $1\n"
+
+echo -e "   Usage:"
+echo -e "          \033[1m`basename $0` [OPTIONS] <device1> <device2> ..\033[m"
+echo ""
+echo -e "   This script configures the default route, especially if more than one"
+echo -e "   route to the internet exists. Also the routing tables are managed by this"
+echo -e "   script."
+echo ""
+echo -e "   The Parameter \033[1mdevice list\033[m contains all network devices, which should have"
+echo -e "   a connection to the Internet. Tha can be DSL lines as well as static lines."
+echo -e "   The declaration of the device list is mandatory."
+echo ""
+echo -e "   \033[1mNotice\033[m"
+echo -e "      Declare the device list in the order of your preferred default gatway devices."
+echo ""
+echo -e "   \033[1mNotice\033[m"
+echo -e "      On static line devices \033[1mappend \":<gateway>\033[m. This is very important,"
+echo -e "      otherwise this script will \033[1mNOT work as expected\033[m."
+echo ""
+echo -e "   If this script is invoked with option \033[1m-m\033[m, another script called \033[1m`basename $check_script`\033[m"
+echo -e "   will be triigered to monitor the devices and informs about changes (online/offline"
+echo -e "   status) of the given devices. If the status of a line has changed, this script"
+echo -e "   is reinvoked by the monitoring script \033[1m`basename $check_script`\033[m to reconfigure"
+echo -e "   the routing."
+echo ""
+echo -e "   Options:"
+echo ""
+echo -e "      \033[1m-h\033[m"
+echo -e "         Prints this help\033[m"
+echo ""   
+echo -e "      \033[1m-l <list of online devices>\033[m"
+echo -e "         List of all (internet) devices known as online. Usually, this option will"
+echo -e "         be used by triggering this script from check script \033[1m`basename $check_script`\033[m."
+echo ""   
+echo -e "      \033[1m-m\033[m"
+echo -e "          Activates monitoring of the given network devices."
+echo ""
+echo -e "   Example:"
+echo -e "      - Simply configure routing for devices \"$_INITIAL_DEVICE_LIST\""
+echo -e "            \033[1m`basename $0` $_INITIAL_DEVICE_LIST\033[m"
+echo ""
+echo -e "      - Configure routing for devices \"$_INITIAL_DEVICE_LIST\" and activate monitoring"
+echo -e "            \033[1m`basename $0` -m $_INITIAL_DEVICE_LIST\033[m"
+echo ""
+
+exit 1
+}
+
+if [[ ! -f "$check_script" ]] ; then 
+   fatal "Check script \033[1m$check_script\033[m not found!" 
+fi
+ 
+if [[ "`which sipcalc`" == "" ]]; then
+   fatal "\033[1msipcalc\033[m must be installed to run this script"
+fi
+
+if [[ $EUID -ne 0 ]]; then
+   fatal "This script must be run as root" 1>&2
+fi
+
+## ---
+## --- Configure
+## ---
+
+_monitoring=false
+ONLINE_DEVICE_LIST=
+while getopts hl:m opt ; do
+   case $opt in
+      h) usage
+         ;;
+      l) ONLINE_DEVICE_LIST=$OPTARG
+         ;;
+      m) _monitoring=true
+         ;;
+   esac
+done
+
+shift `expr $OPTIND - 1`
+
+INITIAL_DEVICE_LIST="$@"
+if [[ -z "$INITIAL_DEVICE_LIST" ]]; then
+   INITIAL_DEVICE_LIST=$_INITIAL_DEVICE_LIST
+fi
+
+[[ -z "$INITIAL_DEVICE_LIST" ]] && usage "No device list given"
+
+## - Define (non associative) array
+## -
+declare -a inet_devices_arr
+declare -a dsl_devices_arr
+declare -a static_devices_arr
+declare -a online_devices_arr
+declare -A static_gw_arr
+
+for _device in $INITIAL_DEVICE_LIST ; do
+   if [[ "$_device" =~ : ]]; then
+      static_gateway="${_device##*:}"
+      _device="${_device%:*}"
+      static_gw_arr[$_device]="$static_gateway"
+
+      static_devices_arr+=("$_device")
+
+   else
+      dsl_devices_arr+=("$_device")
+   fi
+   inet_devices_arr+=("$_device")
+done
+
+for _online_device in $ONLINE_DEVICE_LIST ; do
+   online_devices_arr+=("$_online_device")
+done
+
+
+#echo "All Devices:"
+#for _device in "${inet_devices_arr[@]}" ; do
+#   echo -e "\t$_device"
+#done
+#echo "Online Devices:"
+#for _device in "${online_devices_arr[@]}" ; do
+#   echo -e "\t$_device"
+#done
+#
+#for inet_device in "${inet_devices_arr[@]}" ; do
+#   if [ -n "$ONLINE_DEVICE_LIST" ]; then
+#      if ! containsElement "$inet_device" "${online_devices_arr[@]}" ; then
+#         echo "$inet_device is offline"
+#         continue
+#      fi
+#   fi
+#done
+#
+#echo ""
+#exit
+
+
+## - Define associative arrays
+## -
+declare -A default_gw_arr 
+declare -A gw_connection_arr
+
+declare -i number_rt_table=0
+
+
+## ---
+## --- Start
+## ---
+
+#echo "" >> $log_file
+#echo "" >> $log_file
+#echo "#############################" >> $log_file
+#echo "### ---" >> $log_file
+#echo "### --- [ `date +'%Y-%m-%d %H:%M'` ]: Starting Script `basename $0`.." >> $log_file
+#echo "### ---                       Devices all:    $INITIAL_DEVICE_LIST" >> $log_file
+#echo "### ---                       Devices online: $ONLINE_DEVICE_LIST" >> $log_file
+#echo "### ---" >> $log_file
+#echo "### ---" >> $log_file
+#echo "#############################" >> $log_file
+
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Starting Script `basename $0`.." >> $log_file
+echo "                              Devices all:    $INITIAL_DEVICE_LIST" >> $log_file
+echo "                              Devices online: $ONLINE_DEVICE_LIST" >> $log_file
+
+configured=false
+if $_monitoring ; then
+   max_attempts=20
+else
+   max_attempts=1
+fi
+declare -i _try_number=0
+declare -i prio=0
+
+while  ! $configured && [ $_try_number -lt $max_attempts ]  ; do
+
+   let _try_number++
+
+   if [ $_try_number -gt 1 ]; then
+      echo "" >> $log_file
+      echo "# --- sleeping 2 seconds before attempt number $_try_number" >> $log_file
+      sleep 2
+   fi
+
+   number_rt_table=0
+
+   #for inet_device in "${dsl_devices_arr[@]}" ; do
+   for inet_device in "${inet_devices_arr[@]}" ; do
+
+      ## - Create routing table name
+      ## - 
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then      
+         __name=`echo $inet_device | cut -d '-' -f2`
+         rt_name="dsl_$__name"
+      else
+         __name=`echo $inet_device | cut -d '-' -f1`
+         rt_name="static_$__name"
+      fi
+
+      if ! $_monitoring ; then
+
+         ## - Check if device was reported (from check script) as offline
+         ## -
+         _offline=false
+         if [ -n "$ONLINE_DEVICE_LIST" ]; then
+            if ! containsElement "$inet_device" "${online_devices_arr[@]}" ; then
+               _offline=true
+            fi
+         else
+            _offline=true
+         fi
+
+         ## - Cleanup routing tables
+         ## -
+         if $_offline ; then
+
+            if $LOGGING_CONSOLE ; then
+               echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" was reported to be down !"
+               echo -e "\t           So device \"$inet_device\" will be excluded from routing."
+            fi
+
+            echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" was reported to be down !" >> $log_file
+            echo -e "\t           So device \"$inet_device\" will be excluded from routing." >> $log_file
+
+            ## - Delete all existing entries of this routing table
+            ## -
+            echo "" >> $log_file
+            echo "## - Delete all existing entries of routing table \"$rt_name\"" >> $log_file
+            echo "## -" >> $log_file
+            echo "/sbin/ip route flush table $rt_name" >> $log_file
+            /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+            if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 ; then
+               ## - Delete all rules concerning table $rt_name
+               ## -
+               echo "" >> $log_file
+               echo "## - Delete all rules concerning routing table $rt_name" >> $log_file
+               echo "## -" >> $log_file
+               while read line ; do
+                  direction=`echo $line | awk '{print$2}'`
+                  ip=`echo $line | awk '{print$3}'`
+                  echo "/sbin/ip rule delete $direction $ip table $rt_name"  >> $log_file
+                  /sbin/ip rule delete $direction $ip table $rt_name
+               done < <(/sbin/ip rule | grep $rt_name)
+               echo "" >> $log_file
+            fi # End: if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 
+
+            continue
+
+         fi # End: if $_offline
+      fi # End: if ! $_monitoring ; then
+
+      let number_rt_table="$number_rt_table+100"
+      prio=0
+
+
+      ## - Add new routing table to /etc/iproute2/rt_tables
+      ## - if not yet exists
+      ## -
+      if ! grep $rt_name /etc/iproute2/rt_tables > /dev/null 2>&1 ; then
+
+         echo "" >> $log_file
+         echo "## - Add new routing table to /etc/iproute2/rt_tables" >> $log_file
+         echo "## -" >> $log_file
+         echo "echo \"$number_rt_table $rt_name\" >> /etc/iproute2/rt_tables" >> $log_file
+
+         echo -e "$number_rt_table\t$rt_name" >> /etc/iproute2/rt_tables
+      fi
+
+      ## - Is the device present and has local Address ?
+      ## -
+      local_gw_address="$(ip addr show $inet_device 2> /dev/null | grep inet | awk '{print$2}')"
+      if [ -z $local_gw_address ]; then
+         if $LOGGING_CONSOLE ; then
+            echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !"
+            echo -e "\t           No local address was found."
+         fi
+
+         echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !" >> $log_file
+         echo -e "\t           No local address was found." >> $log_file
+
+
+         ## - Cleanup routing tables
+         ## -
+         ## - Delete all existing entries of this routing table
+         ## -
+         echo "" >> $log_file
+         echo "## - Delete all existing entries of this routing table" >> $log_file
+         echo "## -" >> $log_file
+         echo "/sbin/ip route flush table $rt_name" >> $log_file
+         /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+         if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 ; then
+            ## - Delete all rules concerning table $rt_name
+            ## -
+            echo "" >> $log_file
+            echo "## - Delete all rules concerning routing table $rt_name" >> $log_file
+            echo "## -" >> $log_file
+            while read line ; do
+               direction=`echo $line | awk '{print$2}'`
+               ip=`echo $line | awk '{print$3}'`
+               echo "/sbin/ip rule delete $direction $ip table $rt_name"  >> $log_file
+               /sbin/ip rule delete $direction $ip table $rt_name
+            done < <(/sbin/ip rule | grep $rt_name)
+            echo "" >> $log_file
+         fi
+
+         continue
+      fi # End: if [ -z $local_gw_address ]
+
+      ## - Is the DSL-device known and has remote Address ?
+      ## -
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+         remote_gw_address="$(ip addr show $inet_device 2> /dev/null | grep peer | awk '{print$4}' | cut -d "/" -f1)"
+         remote_gw_net="$remote_gw_address/32"
+      else
+         net_address=`sipcalc $inet_device 2> /dev/null | grep -i -e "^network\s*address\s*-" | awk '{print$4}'`
+         remote_gw_address=${static_gw_arr[$inet_device]}
+         _netmask_bits=`sipcalc $inet_device 2> /dev/null | grep -i -e "Network\s*mask\s*(bits)" | awk '{print$5}'`
+         remote_gw_net="${net_address}/$_netmask_bits"
+      fi
+      if [ -z $remote_gw_address ]; then
+         if $LOGGING_CONSOLE ; then
+            echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !"
+            echo -e "\t           No remote gateway was found."
+         fi
+
+
+         echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !" >> $log_file
+         echo -e "\t           No remote gateway was found." >> $log_file
+
+         ## - Cleanup routing tables
+         ## -
+         ## - Delete all existing entries of this routing table
+         ## -
+         echo "" >> $log_file
+         echo "## - Delete all existing entries of this routing table" >> $log_file
+         echo "## -" >> $log_file
+         echo "/sbin/ip route flush table $rt_name" >> $log_file
+         /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+         if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 ; then
+            ## - Delete all rules concerning table $rt_name
+            ## -
+            echo "" >> $log_file
+            echo "## - Delete all rules concerning routing table $rt_name" >> $log_file
+            echo "## -" >> $log_file
+            while read line ; do
+               direction=`echo $line | awk '{print$2}'`
+               ip=`echo $line | awk '{print$3}'`
+               echo "/sbin/ip rule delete $direction $ip table $rt_name"  >> $log_file
+               /sbin/ip rule delete $direction $ip table $rt_name
+            done < <(/sbin/ip rule | grep $rt_name)
+            echo "" >> $log_file
+         fi
+
+         continue
+      fi
+
+      ## - Device already configured by that script?
+      ## -
+      if [ ${default_gw_arr[$inet_device]+_} ] ; then
+         continue
+      fi
+ 
+
+      # -
+      # - Ready to start configuration for that device
+      # - 
+      echo "" >> $log_file
+      echo "# ---" >> $log_file
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+         echo "# --- Routing Table for (DSL) network device \"$inet_device\" was created" >> $log_file
+      else
+         echo "# --- Routing Table for (static line) network device \"$inet_device\"" >> $log_file
+      fi
+      echo "# ---" >> $log_file
+
+      if $LOGGING_CONSOLE ; then
+         echo
+         echo
+         if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+            echo -e "\t--- DSL Connection at interface $inet_device"
+         else
+            echo -e "\t--- Static Connection at interface $inet_device"
+         fi
+         echo -e "\t---"
+         echo -e "\tRouting Table Name..: $rt_name"
+         echo
+         echo -e "\tInterface...........: $inet_device"
+         echo
+         echo -e "\tLocal GW address....: $local_gw_address"
+         echo -e "\tRemote GW address...: $remote_gw_address"
+         echo -e "\tRemote network......: $remote_gw_net"
+         echo
+      fi
+      echo "# --- Routing Table Name..: $rt_name" >> $log_file
+      echo "# --- " >> $log_file
+      echo "# --- Interface...........: $inet_device" >> $log_file
+      echo "# --- " >> $log_file
+      echo "# --- Local GW address....: $local_gw_address" >> $log_file
+      echo "# --- Remote GW address...: $remote_gw_address" >> $log_file
+      echo "# --- Remote network......: $remote_gw_net" >> $log_file
+      echo "# --- " >> $log_file
+
+      ## - Read routing table from output of "netstat -rn"
+      ## -
+      routing_table_main_arr=()
+      while read  _destination _gateway _genmask _flags _mss _window _irtt _iface; do 
+         if [ "$_destination" = "Destination" -o "$_destination" = "Kernel" \
+            -o "$_destination" = "Ziel" -o "$_destination" = "Kernel-IP-Routentabelle" ]; then 
+               continue 
+         fi  
+         routing_table_main_arr+=("$_destination $_gateway $_genmask $_iface")
+      done < <(netstat -rn)
+
+      ## - First delete all existing entries of this routing table
+      ## -
+      echo "" >> $log_file
+      echo "## - First delete all existing entries of this routing table" >> $log_file
+      echo "## -" >> $log_file
+      echo "/sbin/ip route flush table $rt_name" >> $log_file
+      /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+
+      ## - Add loopback device to routing table $rt_name
+      ## -
+      echo "" >> $log_file
+      echo "## - Add loopback device to routing table $rt_name " >> $log_file
+      echo "## -" >> $log_file
+      echo "/sbin/ip route add 127.0.0.0/8 dev lo table table $rt_name" >> $log_file
+      /sbin/ip route add 127.0.0.0/8 dev lo table $rt_name >> $log_file 2>&1
+
+
+      ## - Add routing tables of all (local) network interfaces
+      ## -
+      echo "" >> $log_file
+      echo "## - Add routing tables of all (local) network interfaces" >> $log_file
+      echo "## -" >> $log_file
+      for _entry in "${routing_table_main_arr[@]}" ; do
+         dest=`echo $_entry | cut -d " " -f1`
+         gateway=`echo $_entry | cut -d " " -f2`
+         genmask=`echo $_entry | cut -d " " -f3`
+         iface=`echo $_entry | cut -d " " -f4`
+
+         ## - We will set default route later..
+         ## -
+         if  [ "$dest" = "0.0.0.0" ]; then
+            continue
+         fi
+
+         ## - Is this a "ppp"-device ?
+         ## -
+         if [[ "$iface" =~ "ppp" ]]; then
+            continue
+         fi
+
+         if [ "$dest" = "$remote_gw_address" ]; then
+            continue
+         fi
+
+         if [ "$gateway" = "0.0.0.0" ]; then
+            echo "/sbin/ip route add ${dest}/$genmask dev $iface table $rt_name" >> $log_file
+            /sbin/ip route add ${dest}/$genmask dev $iface table $rt_name >> $log_file 2>&1
+         else
+            echo "/sbin/ip route add ${dest}/$genmask via $gateway table $rt_name" >> $log_file
+            /sbin/ip route add ${dest}/$genmask via $gateway table $rt_name >> $log_file 2>&1
+         fi
+      done
+
+      ## - Add this connection to the routing table
+      ## -
+      echo "" >> $log_file
+      echo "## - Add this connection to the routing table $rt_name" >> $log_file
+      echo "## -" >> $log_file
+
+      if $USE_REMOTE_GATEWAY_ADDRESS ; then
+         ## - Remote Network: $remote_gw_net
+         ## -
+         echo "/sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address table $rt_name" >> $log_file
+         /sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address table $rt_name >> $log_file 2>&1
+      else
+         ## - Remote Network: 0.0.0.0
+         ## -
+         echo "/sbin/ip route add 0.0.0.0 dev $inet_device src $local_gw_address table $rt_name" >> $log_file
+         /sbin/ip route add 0.0.0.0 dev $inet_device src $local_gw_address table $rt_name >> $log_file 2>&1
+      fi
+
+      if $SET_MULTIPLE_DEFAULT_GW ; then
+         if /sbin/ip route show table main | grep -e "^$remote_gw_address" | grep $inet_device  > /dev/null 2>&1 ; then
+            echo "" >> $log_file
+            echo "## - Delete route via (dsl remote) host $remote_gw_address" >> $log_file
+            echo "## -"
+            echo "/sbin/ip route delete $remote_gw_address dev $inet_device" >> $log_file
+            /sbin/ip route delete $remote_gw_address dev $inet_device >> $log_file 2>&1
+         fi
+
+         echo "" >> $log_file
+         echo "## - Add this connection also to the main routing table" >> $log_file
+         echo "## -" >> $log_file
+         echo "/sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address" >> $log_file
+         /sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address >> $log_file 2>&1
+      fi
+
+      ## - Remeber that route in order to add it to the routing table
+      ## - of other connections
+      ## -
+      gw_connection_arr[$inet_device]="$remote_gw_net $local_gw_address" 
+      
+
+      ## - Add the connections associated gateway as default gateway for this
+      ## - routing table
+      ## -
+      echo "" >> $log_file
+      echo "## - Add the connections associated gateway as default gateway for this" >> $log_file
+      echo "## - routing table" >> $log_file
+      echo "## -" >> $log_file
+
+      if $USE_REMOTE_GATEWAY_ADDRESS ; then
+         ## - Default Gatway: $remote_gw_address
+         ## -
+         #echo "/sbin/ip route add default via $remote_gw_address dev $inet_device table $rt_name" >> $log_file
+         #/sbin/ip route add default via $remote_gw_address dev $inet_device table $rt_name >> $log_file 2>&1
+         echo "/sbin/ip route add default via $remote_gw_address table $rt_name" >> $log_file
+         /sbin/ip route add default via $remote_gw_address table $rt_name >> $log_file 2>&1
+      else
+         ## - Default Gatway: 0.0.0.0
+         ## -
+         echo "/sbin/ip route add default via 0.0.0.0 dev $inet_device table $rt_name" >> $log_file
+         /sbin/ip route add default via 0.0.0.0 dev $inet_device table $rt_name >> $log_file 2>&1
+      fi
+
+
+      ## - Make sure that a reply goes out over the same connection as came in
+      ## - 
+      echo "" >> $log_file
+      echo "## - Make sure that a reply goes out over the same connection as came in" >> $log_file
+      echo "## -" >> $log_file
+
+      if ! /sbin/ip rule | grep "from $local_gw_address" > /dev/null 2>&1 ; then
+         let prio="$number_rt_table"
+         echo "/sbin/ip rule add from $local_gw_address table $rt_name prio $prio" >> $log_file
+         /sbin/ip rule add from $local_gw_address table $rt_name prio $prio >> $log_file 2>&1
+         #let prio="10+$prio"
+         #echo "/sbin/ip rule add to $local_gw_address table $rt_name prio $prio" >> $log_file
+         #/sbin/ip rule add to $local_gw_address table $rt_name prio $prio >> $log_file 2>&1
+      else
+         let prio="1010+$number_rt_table"
+         echo -e "#\t[ info ]: Rule already exists.." >> $log_file
+      fi
+
+
+      ## ---
+      ## --- Special Routing (local) IP-Address OUT
+      ## ---
+
+      if [[ ${#rule_local_ip_arr[@]} -gt 0 ]] ; then
+
+         let prio="1000+${number_rt_table}+10"
+
+         for _val in "${rule_local_ip_arr[@]}" ; do
+
+            IFS=':' read -a _val_arr <<< "${_val}"
+
+            if [[ "${_val_arr[0]}" = "$inet_device" ]]; then
+
+               echo "" >> $log_file
+               echo "## - Rule ${prio}: from ${_val_arr[1]} through ${_val_arr[0]}" >> $log_file
+               echo "## -" >> $log_file
+               if ! /sbin/ip rule | grep "from ${_val_arr[1]} " > /dev/null 2>&1 ; then
+                  echo "/sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio" >> $log_file
+                  /sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio >> $log_file 2>&1
+               else
+                  echo "# Rule already exists" >> $log_file
+               fi
+               prio="10+$prio"
+            fi
+         done
+      fi
+
+
+
+      ## ---
+      ## --- Special Routing (remote) Services
+      ## ---
+
+      if [[ ${#rule_remote_ip_arr[@]} -gt 0 ]] ; then
+
+         let prio="5000+${number_rt_table}+10"
+
+         for _val in "${rule_remote_ip_arr[@]}" ; do
+
+            IFS=':' read -a _val_arr <<< "${_val}"
+
+            if [[ "${_val_arr[0]}" = "$inet_device" ]]; then
+
+               echo "" >> $log_file
+               echo "## - Rule ${prio}: to ${_val_arr[1]} through ${_val_arr[0]}" >> $log_file
+               echo "## -" >> $log_file
+               if ! /sbin/ip rule | grep "to ${_val_arr[1]} " > /dev/null 2>&1 ; then
+                  echo "/sbin/ip rule add to ${_val_arr[1]} table $rt_name prio $prio" >> $log_file
+                  /sbin/ip rule add to ${_val_arr[1]} table $rt_name prio $prio >> $log_file 2>&1
+               else
+                  echo "# Rule already exists" >> $log_file
+               fi
+               prio="10+$prio"
+            fi
+         done
+      fi
+
+
+      ## ---
+      ## --- Special Routing Networks
+      ## ---
+
+      if [[ ${#rule_local_net_arr[@]} -gt 0 ]] ; then
+
+         let prio="10000+${number_rt_table}+10"
+
+         for _val in "${rule_local_net_arr[@]}" ; do
+
+            IFS=':' read -a _val_arr <<< "${_val}"
+
+            if [[ "${_val_arr[0]}" = "$inet_device" ]]; then
+
+               echo "" >> $log_file
+               echo "## - Rule ${prio}: from ${_val_arr[1]} through ${_val_arr[0]}" >> $log_file
+               echo "## -" >> $log_file
+               if ! /sbin/ip rule | grep "from ${_val_arr[1]} " > /dev/null 2>&1 ; then
+                  echo "/sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio" >> $log_file
+                  /sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio >> $log_file 2>&1
+               else
+                  echo "# Rule already exists" >> $log_file
+               fi
+               prio="10+$prio"
+            fi
+         done
+      fi
+
+
+      ## - Add this connection to the routing tables of other already configured dsl-connections
+      ## -
+      ## - Note:
+      ## -    Connections which will be configured later at this loop will
+      ## -    not have that connection in their routing tables. So you have 
+      ## -    to add missing routes at the end (after that loop has finisched).
+      ## -
+      ## -    _key is eqal to the ppp-device
+      ## -
+      for _key in "${!gw_connection_arr[@]}"; do
+
+         if containsElement "$_key" "${dsl_devices_arr[@]}" ; then      
+            __name=`echo $_key | cut -d '-' -f2`
+            _rt_name="dsl_$__name"
+         else
+            __name=`echo $_key | cut -d '-' -f1`
+            _rt_name="static_$__name"
+         fi
+         if [[ "$_rt_name" == "$rt_name" ]]; then
+            continue
+         fi
+
+         _local_gw_address=`echo ${gw_connection_arr[$_key]} | cut -d " " -f2`
+         _remote_gw_net=`echo ${gw_connection_arr[$_key]} | cut -d " " -f1`
+         echo "" >> $log_file
+         echo "## - Add this connection to the routing table \"$_rt_name\"" >> $log_file
+         echo "## -" >> $log_file
+
+         if $USE_REMOTE_GATEWAY_ADDRESS ; then
+            ## - Remote Network: $_remote_gw_net
+            ## -
+            if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw_net\s+dev\s+$_key" >/dev/null 2>&1 ; then
+               _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+               if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw\s+dev\s+$_key" >/dev/null 2>&1 ; then
+                  echo "/sbin/ip route add $_remote_gw_net dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+                  /sbin/ip route add $_remote_gw_net dev $_key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               else
+                  echo -e "#\t[ info ]: Connection through $_key is already part of table $_rt_name" >> $log_file
+               fi
+            fi
+         else
+            ## - Remote Network: 0.0.0.0
+            ## -
+            if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$_key" >/dev/null 2>&1 ; then
+               _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+               if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$_key" >/dev/null 2>&1 ; then
+                  echo "/sbin/ip route add 0.0.0.0 dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+                  /sbin/ip route add 0.0.0.0 dev $_key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               else
+                  echo -e "#\t[ info ]: Connection through $_key is already part of table $_rt_name" >> $log_file
+               fi
+            fi
+         fi
+      done 
+
+
+      ## - Add this gateway data to the array concerning all outgoing gatways 
+      ## -
+      #default_gw_arr[$inet_device]="$local_gw_address"
+      default_gw_arr[$inet_device]="$remote_gw_address"
+
+
+      if $SET_MULTIPLE_DEFAULT_GW ; then
+
+         default_gw_arg=""
+         for _key in "${!default_gw_arr[@]}"; do
+
+            if $USE_DEFAULT_GW_ADDRESS ; then
+               ## - Default Gateway: $remote_gw_address
+               ## -
+               default_gw_arg="$default_gw_arg nexthop via ${default_gw_arr[$_key]} dev $_key weight 1"
+            else
+               ## - Default Gateway: 0.0.0.0
+               ## -
+               default_gw_arg="$default_gw_arg nexthop via 0.0.0.0 dev $_key weight 1"
+            fi
+
+         done 
+         if [ -n "$default_gw_arg" ] ; then
+            echo "" >> $log_file
+            echo "## - Add multiple default gateways" >> $log_file
+            echo "## -" >> $log_file
+            echo "/sbin/ip route delete default" >> $log_file
+            /sbin/ip route delete default >> $log_file 2>&1
+            echo "/sbin/ip route add default scope global $default_gw_arg" >> $log_file
+            /sbin/ip route add default scope global $default_gw_arg >> $log_file 2>&1
+         else
+            echo "" >> $log_file
+            echo "## -" >> $log_file
+            echo "## - [ Warning]: No default gateway found!" >> $log_file
+            echo "## -" >> $log_file
+         fi
+
+      fi
+
+
+
+      ## - Notice:
+      ## - It is possible to first make a number of changes and then flush 
+      ## - the cache so that all of the changes will be implemented simultaneously. 
+      ## - This is actually convenient when working on an active router. 
+      ## -
+      echo "" >> $log_file
+      echo "## - Flush table cache" >> $log_file
+      echo "## -" >> $log_file
+      echo "/sbin/ip route flush table cache" >> $log_file
+      /sbin/ip route flush table cache >> $log_file 2>&1
+
+      echo "" >> $log_file
+
+      if [ ${#default_gw_arr[@]} -eq ${#inet_devices_arr[@]} ]; then
+         configured=true
+      fi
+
+   done
+
+done
+
+
+## - Some dsl-connections maybe not known to all routing tables. So add
+## - the missing routes to the appropriate tables..
+## -
+echo "" >> $log_file
+echo "" >> $log_file
+echo "## - Some dsl-connections maybe not known to all routing tables. So add" >> $log_file
+echo "## - the missing routes to the appropriate tables.." >> $log_file
+echo "## -" >> $log_file
+_changed=false
+
+if $USE_REMOTE_GATEWAY_ADDRESS ; then
+   ## - Remote Network: $_remote_gw_net
+   ## -
+   for _key in "${!gw_connection_arr[@]}"; do
+
+      if containsElement "$_key" "${dsl_devices_arr[@]}" ; then      
+         __name=`echo $_key | cut -d '-' -f2`
+         _rt_name="dsl_$__name"
+      else
+         __name=`echo $_key | cut -d '-' -f1`
+         _rt_name="static_$__name"
+      fi
+
+      echo "# Routing Table \"$_rt_name\"" >> $log_file
+      for __key in "${!gw_connection_arr[@]}"; do
+         _local_gw_address=`echo ${gw_connection_arr[$__key]} | cut -d " " -f2`
+         _remote_gw_net=`echo ${gw_connection_arr[$__key]} | cut -d " " -f1`
+         if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw_net\s+dev\s+$__key" >/dev/null 2>&1 ; then
+            _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+            if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw\s+dev\s+$__key" >/dev/null 2>&1 ; then
+               #echo "/sbin/ip route add $_remote_gw_net dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+               #/sbin/ip route add $_remote_gw_net dev $__key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               echo "/sbin/ip route add $_remote_gw dev $__key table $_rt_name" >> $log_file
+               /sbin/ip route add $_remote_gw dev $__key table $_rt_name >> $log_file 2>&1
+               _changed=true
+            else
+               echo -e "#\t[ info ]: Connection through $__key is already part of table $_rt_name" >> $log_file
+            fi
+         fi
+      done
+   done
+else
+   ## - Remote Network: 0.0.0.0
+   ## -
+   for _key in "${!gw_connection_arr[@]}"; do
+
+
+      if containsElement "$_key" "${dsl_devices_arr[@]}" ; then      
+         __name=`echo $_key | cut -d '-' -f2`
+         _rt_name="dsl_$__name"
+      else
+         __name=`echo $_key | cut -d '-' -f1`
+         _rt_name="static_$__name"
+      fi
+
+      echo "# Routing Table \"$_rt_name\"" >> $log_file
+      for __key in "${!gw_connection_arr[@]}"; do
+         _local_gw_address=`echo ${gw_connection_arr[$__key]} | cut -d " " -f2`
+         _remote_gw_net=`echo ${gw_connection_arr[$__key]} | cut -d " " -f1`
+         if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$__key" >/dev/null 2>&1 ; then
+            _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+            if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$__key" >/dev/null 2>&1 ; then
+               echo "/sbin/ip route add 0.0.0.0 dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+               /sbin/ip route add 0.0.0.0 dev $__key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               _changed=true
+            else
+               echo -e "#\t[ info ]: Connection through $__key is already part of table $_rt_name" >> $log_file
+            fi
+         fi
+      done
+   done
+fi
+
+
+## - If not using multiple default gatways, set the default gateway here
+## -
+if ! $SET_MULTIPLE_DEFAULT_GW ; then
+
+   __set_default_gatway=false
+
+   echo "" >> $log_file
+   echo "" >> $log_file
+   echo "## ---" >> $log_file
+   echo "## --- Add default gateway" >> $log_file
+   echo "## ---" >> $log_file
+
+   ## - Note: the first online device will become default route
+   ## -
+   for _device in "${inet_devices_arr[@]}" ; do
+      ## - Device online ?
+      if [ -n "${default_gw_arr[$_device]}" ]; then
+         echo "/sbin/ip route delete default" >> $log_file
+         /sbin/ip route delete default >> $log_file 2>&1
+         if $USE_REMOTE_GATEWAY_ADDRESS ; then
+            echo "/sbin/ip route add default via ${default_gw_arr[$_device]} dev $_device" >> $log_file
+            /sbin/ip route add default via ${default_gw_arr[$_device]} dev $_device >> $log_file 2>&1
+         else
+            echo "/sbin/ip route add default via 0.0.0.0 dev $_device" >> $log_file
+            /sbin/ip route add default via 0.0.0.0 dev $_device >> $log_file 2>&1
+         fi
+         __set_default_gatway=true
+         _changed=true
+         break
+      else
+         echo "" >> $log_file
+         echo -e "\t[ Warning ]: $_device is OFFLINE ! Trying next.."  >> $log_file
+      fi
+   done
+   if ! $__set_default_gatway ; then
+
+      echo "" >> $log_file
+      echo -e "\t[ Error ]: No connection is online!"  >> $log_file
+      echo -e "\t           Try to set default gateway from an existing static line .."  >> $log_file
+
+      ## - Notice:
+      ## -
+      ## - If no connection is available (the machine is fully offline), the check script will not 
+      ## - recognize, if the static line becomes online. A way to handle this is to let the
+      ## - default gateway active.
+      ## -
+      default_gw_deleted=false
+      for _device in "${inet_devices_arr[@]}" ; do
+         if containsElement "$_device" "${static_devices_arr[@]}" ; then
+
+            ## - Delete old default route
+            ## -
+            if ! $default_gw_deleted ; then
+               echo "" >> $log_file
+               echo "## - Delete existing default gatewy" >> $log_file
+               echo "## - " >> $log_file
+               echo "/sbin/ip route delete default" >> $log_file
+               /sbin/ip route delete default >> $log_file 2>&1
+               default_gw_deleted=true
+            fi
+
+            ## - Set new default route
+            ## -
+
+            echo "" >> $log_file
+            echo "## - Try to set default gateway to ${static_gw_arr[$_device]}.." >> $log_file
+            echo "## - " >> $log_file
+            echo "/sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device" >> $log_file
+            /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device >> $log_file 2>&1
+
+            if [[ "$?" == 0 ]] ; then
+               __set_default_gatway=true
+               break
+            fi
+         fi
+      done
+
+      if ! $__set_default_gatway ; then
+         echo "" >> $log_file
+         echo -e "\t[ Error ]: No default gateway is set!"  >> $log_file
+      fi
+   fi
+fi
+
+## - Flush the routing tables cache if somethimg has changed
+## -
+if $_changed ; then
+   echo "" >> $log_file
+   echo "" >> $log_file
+   echo "## - Some Routing tables has changed, so flush table cache" >> $log_file
+   echo "## -" >> $log_file
+   echo "/sbin/ip route flush table cache" >> $log_file
+   /sbin/ip route flush table cache >> $log_file 2>&1
+fi
+
+if $_monitoring ; then
+   echo "" >> $log_file
+   echo "" >> $log_file
+   echo "## - Starting monitoring script to check dsl connections.." >> $log_file
+   echo "## -" >> $log_file
+
+   if [[ -z "${!default_gw_arr[@]}" ]] ; then
+      echo "$check_script $INITIAL_DEVICE_LIST &"  >> $log_file 2>&1
+      $check_script $INITIAL_DEVICE_LIST &
+   else
+
+      _LIST=
+      for _device in ${!default_gw_arr[@]} ; do
+         _LIST="$_LIST $_device"
+      done
+      _LIST=`echo "${_LIST}" | sed -e 's/^[ \t]*//'`
+
+      echo "$check_script -l \"$_LIST\" $INITIAL_DEVICE_LIST &"  >> $log_file 2>&1
+      $check_script -l "$_LIST" $INITIAL_DEVICE_LIST &
+   fi
+fi
+
+echo "" >> $log_file
+echo "### -------------------------" >> $log_file
+
+exit 0
diff --git a/AKB/sbin/rebind b/AKB/sbin/rebind
new file mode 100755
index 0000000..c60e07b
--- /dev/null
+++ b/AKB/sbin/rebind
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+case "$1" in
+   on)
+      set -x
+      mount --bind /proc    /ro/proc
+      mount --bind /sys     /ro/sys
+      mount --bind /dev     /ro/dev
+      mount --bind /dev/pts /ro/dev/pts
+   ;;
+   off)
+      set -x
+      umount /ro/dev/pts
+      umount /ro/dev
+      umount /ro/sys
+      umount /ro/proc
+   ;;
+   *)
+      echo "Use: $0 (on|off)"
+esac
diff --git a/AKB/src/APC-PowerChute-NetworkShutdown/Linux_x64/install.sh b/AKB/src/APC-PowerChute-NetworkShutdown/Linux_x64/install.sh
new file mode 100755
index 0000000..a6e95aa
--- /dev/null
+++ b/AKB/src/APC-PowerChute-NetworkShutdown/Linux_x64/install.sh
@@ -0,0 +1,1691 @@
+#!/bin/sh
+######################################################################
+# 
+# PowerChute Network Shutdown v.4.1.0
+# Copyright (c) 1999-2015 Schneider Electric, All Rights Reserved. 
+#
+######################################################################
+
+
+######################################################################
+# Global Constants
+######################################################################
+PCNS_TAR="pcns410.tar"
+PCNS_ZIP="$PCNS_TAR.gz"
+JRE_VERSION="jre1.8.0_45"
+JRE_TGZ_FILE="jre-8u45"
+JRE_REQUIRED_MAJOR=1
+JRE_REQUIRED_MINOR=7
+JRE_REQUIRED_MINI=0
+JRE_REQUIRED_MICRO=0
+LINUX="Linux"
+SOLARIS="Solaris"
+HPUX="HP-UX"
+AIX="AIX"
+VIMA="VIMA"
+UNKNOWN="UNKNOWN"
+XENSERVER="XenServer"
+x86_64="x86_64"
+GROUP1="group1"
+GROUP2="group2"
+GROUP3="group3"
+ARCH="x64"
+
+TRUE=0
+FALSE=1
+STR_YES="YES"
+YES=0
+NO=1
+QUIT=2
+INVALID=99
+PATH=/sbin:$PATH
+
+######################################################################
+# Exit Codes
+######################################################################
+EXIT_SUCCESS=0
+EXIT_USAGE=1
+EXIT_NOT_ROOT_USER=4
+EXIT_UNSUPPORTED_OS=5
+EXIT_UPGRADE_NOT_SUPPORTED=6
+EXIT_USER_ABORT=7
+EXIT_CONFLICT_PCPLUS=8
+EXIT_CONFLICT_PCBE=9
+EXIT_CONFLICT_PCS=10
+EXIT_CONFLICT_VMWARE=11
+EXIT_INVALID_INSTALL_DIR=12
+EXIT_INVALID_JAVA_VERSION=13
+EXIT_INVALID_LOCALE=14
+EXIT_ZIPFILE_MISSING=15
+EXIT_SILENT_CONFIG_MISSING=16
+EXIT_EULA_NOT_ACCEPTED=17
+EXIT_SILENT_INSTALL_JAVA_DIR=20
+
+######################################################################
+# Global Variables
+######################################################################
+UPDATE_INSTALL=$FALSE
+OS=$UNKNOWN
+SILENT_MODE=$FALSE
+
+SRC_DIR=""
+INSTALL_DIR=""
+APP_DIR=""
+JAVA_DIR=""
+ACCEPT_EULA="NO"
+REGISTER_NMC="NO"
+STARTUP=""
+PCBE_STARTUP=""
+PCS_STARTUP=""
+OLD_INSTALL_DIR=""
+JRE_FILE=""
+SPARC=$FALSE
+TR="tr"
+
+######################################################################
+#  Functions
+######################################################################
+
+# trap keyboard interrupt on the following:
+# 1 SIGHUP
+# 2 SIGINT
+# 3 SIGQUIT
+# 6 SIGABRT
+trap control_c 1 2 3 6
+
+control_c()
+# run if user hits control-c
+{
+  echo -en "\n*** User Abort Detected! Exiting ***\n"
+  Echo "Aborting with error code-$EXIT_USER_ABORT"
+  CancelAll $EXIT_USER_ABORT
+}
+
+# Waits for user key press.
+Pause() {
+    OLDCONFIG=`stty -g`
+    stty -icanon -echo min 1 time 0
+    dd count=1 2>/dev/null
+    stty $OLDCONFIG
+}
+
+Echo() {
+    string="$1"
+    echo "$string"
+}
+
+PrintUsage() {
+    Echo "Usage:"
+    Echo "  $0 [-f <config file>] : Silent install with configuration file."
+    Echo "  $0 [-h|-H] : Print help."
+    exit $EXIT_USAGE
+}
+
+IsYN() {
+    rval=$INVALID
+    query_string="$1"
+    loop=$TRUE
+    while [ $loop -eq $TRUE ]
+    do
+        Echo ""
+        Echo "$query_string "
+        read ynq
+        case "$ynq" in
+        [Yy]*)
+            rval=$YES
+            loop=$FALSE
+            ;;
+        [Nn]*)
+            rval=$NO
+            loop=$FALSE
+            ;;
+        *)
+            Echo "Invalid response."
+            ;;
+        esac
+    done
+    return $rval
+}
+
+SetSilentConfig() {
+    # Check parameter
+    cnt=`grep '^INSTALL_DIR=' $SILENT_CONFIG | wc -l`
+    if [ $cnt -gt 1 ]; then
+	    Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+        Echo "Error: Too many INSTALL_DIR in $SILENT_CONFIG"
+        exit $EXIT_INVALID_INSTALL_DIR
+    fi
+    cnt=`grep '^JAVA_DIR=' $SILENT_CONFIG | wc -l`
+    if [ $cnt -gt 1 ]; then
+	    Echo "Aborting with error code-$EXIT_SILENT_INSTALL_JAVA_DIR"
+        Echo "Error: Too many JAVA_DIR in $SILENT_CONFIG"
+        exit $EXIT_SILENT_INSTALL_JAVA_DIR
+    fi
+
+    # Get values from config file
+    INSTALL_DIR=`grep '^INSTALL_DIR=' $SILENT_CONFIG | sed s/INSTALL_DIR=//`
+    JAVA_DIR=`grep '^JAVA_DIR=' $SILENT_CONFIG | sed s/JAVA_DIR=//`
+    ACCEPT_EULA=`grep '^ACCEPT_EULA=' $SILENT_CONFIG | sed s/ACCEPT_EULA=// | sed 's/[^a-zA-Z]*//g' | $TR "[:lower:]" "[:upper:]" `
+    REGISTER_NMC=`grep '^REGISTER_WITH_NMC=' $SILENT_CONFIG | sed s/REGISTER_WITH_NMC=// | $TR "[:lower:]" "[:upper:]" `
+
+    # Verify INSTALL_DIR
+    if [ -n "$INSTALL_DIR" ]; then
+        # Collapse multiple slashes on the path
+        INSTALL_DIR=`echo $INSTALL_DIR | tr -s /`
+    
+        # Remove trailing slash (if any)
+        buf=`echo $INSTALL_DIR | grep '/$' `
+        if [ -n "$buf" ]; then
+            INSTALL_DIR=`echo $INSTALL_DIR | sed 's/\/*$//'`
+        fi
+        
+        # Ensure leading slash
+        buf=`echo $INSTALL_DIR | grep '^/' ` 
+        if [ -z "$buf" ]; then
+		    Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+            Echo "Error: INSTALL_DIR must start with '/'"
+            exit $EXIT_INVALID_INSTALL_DIR
+        fi
+        
+        # Ensure no white space on path
+        buf=`echo $INSTALL_DIR | grep ' ' ` 
+        if [ -n "$buf" ]; then
+		    Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+            Echo "Error: INSTALL_DIR must not contain white space."
+            exit $EXIT_INVALID_INSTALL_DIR
+        fi
+        
+        # Ensure no backslashes on path
+        buf=`echo $INSTALL_DIR | grep '\\\' ` 
+        if [ -n "$buf" ]; then
+		    Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+            Echo "Error: INSTALL_DIR must not contain back slash '\\'"
+            exit $EXIT_INVALID_INSTALL_DIR
+        fi
+        
+        Echo "INSTALL_DIR=$INSTALL_DIR"
+    else
+        buf=`grep '^INSTALL_DIR=' $SILENT_CONFIG`
+        buf2=`grep '^#INSTALL_DIR=' $SILENT_CONFIG`
+        if [ -n "$buf" -o -n "$buf2" ]; then
+            Echo "INSTALL_DIR is not specified."
+            Echo "PCNS will be installed to the default directory \"/opt/APC/PowerChute\""
+            Echo ""
+        else
+		    Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+            Echo "Error: INSTALL_DIR is not configured"
+            exit $EXIT_INVALID_INSTALL_DIR
+        fi
+    fi
+    # Verify JAVA_DIR
+    if [ -n "$JAVA_DIR" ]; then
+
+        #must have / at the end, so add it    
+        buf=`echo $JAVA_DIR | grep '/$' ` 
+        if [ -z "$buf" ]; then
+           JAVA_DIR="$JAVA_DIR/bin/"
+        fi
+
+        # Add "/bin" at the end of JAVA_DIR if needed for backwards compatibility
+        
+        buf=`echo $JAVA_DIR | grep '/bin/$' ` 
+        if [ -z "$buf" ]; then
+               JAVA_DIR="$JAVA_DIR/bin/"
+        fi
+        buf=`echo $JAVA_DIR | grep '^/' ` 
+        if [ -z "$buf" ]; then
+            Echo "Error: JAVA_DIR must start with /"
+			Echo "Aborting with error code-$EXIT_SILENT_INSTALL_JAVA_DIR"
+            exit $EXIT_SILENT_INSTALL_JAVA_DIR
+        fi
+        
+        buf=`echo $JAVA_DIR | grep ' ' ` 
+        if [ -n "$buf" ]; then
+            Echo "Error: JAVA_DIR must not contain white space \" \""
+			Echo "Aborting with error code-$EXIT_SILENT_INSTALL_JAVA_DIR"
+            exit $EXIT_SILENT_INSTALL_JAVA_DIR
+        fi
+        
+        buf=`echo $JAVA_DIR | grep '\\\' ` 
+        if [ -n "$buf" ]; then
+            Echo "Error: JAVA_DIR must not contain back slash \"\\\""
+			Echo "Aborting with error code-$EXIT_SILENT_INSTALL_JAVA_DIR"
+            exit $EXIT_SILENT_INSTALL_JAVA_DIR
+        fi
+        if [ ! -d "$JAVA_DIR" ]; then
+            Echo "Error: Invalid JAVA_DIR. $JAVA_DIR does not exist."
+			Echo "Aborting with error code-$EXIT_SILENT_INSTALL_JAVA_DIR"
+            exit $EXIT_SILENT_INSTALL_JAVA_DIR
+        fi
+        Echo "JAVA_DIR=$JAVA_DIR"
+    fi
+}
+
+IsSilentMode() {
+    Echo "IsSilentMode"
+}
+
+IsRootUser() {
+    ROOT="root"
+    case "$OS" in    
+    $SOLARIS)
+        id | grep root > /dev/null 2>&1
+        if [ $? -eq 0 ]; then
+            USER=$ROOT
+        fi
+        ;;
+    *)
+        USER=`id -nu`
+        ;;
+    esac
+    
+    if [ $USER != $ROOT ]; then
+        Echo "Error: $0 must be run with root privileges!"
+		Echo "Aborting with error code-$EXIT_NOT_ROOT_USER"
+        exit $EXIT_NOT_ROOT_USER
+    fi
+}
+
+CheckOS() {
+    OS=`uname | grep -i Linux`
+    if [ ! -z "$OS" ]; then
+        # We're a Linux derivative, decide which one.
+        if [ -f /etc/vima-release ] || [ -f /etc/vma-release ]; then
+            OS=$VIMA
+        else 
+            grep XenServer /etc/redhat-release > /dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                OS=$XENSERVER
+            else
+                OS=$LINUX
+            fi
+        fi
+    else
+        OS=`uname | grep -i HP-UX`
+        if [ ! -z "$OS" ] 
+        then
+            OS=$HPUX
+        else
+            OS=`uname | grep -i AIX`
+            if [ ! -z "$OS" ] 
+            then
+                OS=$AIX
+            else
+                OS=`uname | grep -i SOLARIS`
+                if [ ! -z "$OS" ]
+                then
+                    OS=$SOLARIS
+                    isSparc
+                    SPARC=$?
+                else 
+                    OS=`uname | grep -i SUNOS`
+                    if [ ! -z "$OS" ]
+                    then
+                        OS=$SOLARIS
+                        isSparc
+                        SPARC=$?                        
+                    else
+					    Echo "Aborting with error code-$EXIT_UNSUPPORTED_OS"
+                        Echo "Error: Unknown OS."
+                        exit $EXIT_UNSUPPORTED_OS
+                    fi
+                fi
+            fi
+        fi
+    fi
+    Echo "OS=$OS"
+    Echo ""
+}
+
+isSparc() {
+    rval=$FALSE
+    tmp=`uname -a | grep -i SPARC`
+    if [ ! -z "$tmp" ] 
+    then
+        rval=$TRUE
+    fi
+    return $rval
+}                        
+
+Initialize() {
+    Echo "Initializing ..."
+    case "$OS" in
+    $VIMA)
+	Echo "This version of PowerChute Network Shutdown does not support VMWare ESX or ESXi."
+	Echo "Please consult www.apc.com for the required version of PowerChute Network Shutdown."
+	    Echo "Aborting with error code-$EXIT_UNSUPPORTED_OS"
+        CancelAll $EXIT_UNSUPPORTED_OS
+        ;;
+    $XENSERVER)
+        STARTUP=/etc/rc.d/init.d/PowerChute
+        PCBE_STARTUP=/etc/rc.d/init.d/PBEAgent
+        PCS_STARTUP=/etc/rc.d/init.d/pcs
+        ;;
+    $LINUX)
+        if [ -f /etc/SuSE-release ]; then
+            STARTUP=/etc/init.d/PowerChute
+        elif [ -f /etc/vmware-release ] ; then
+	    Echo "This version of PowerChute Network Shutdown does not support VMWare ESX or ESXi."
+	    Echo "Please consult www.apc.com for the required version of PowerChute Network Shutdown."
+		Echo "Aborting with error code-$EXIT_UNSUPPORTED_OS"
+            CancelAll $EXIT_UNSUPPORTED_OS
+        elif [ -d /etc/rc.d/init.d ]; then
+            STARTUP=/etc/rc.d/init.d/PowerChute
+	    else
+            STARTUP=/etc/init.d/PowerChute
+        fi
+        PCBE_STARTUP=/etc/rc.d/init.d/PBEAgent
+        PCS_STARTUP=/etc/rc.d/init.d/pcs
+        ;;
+    $SOLARIS)
+        STARTUP=/etc/rc2.d/S99PowerChute
+        PCBE_STARTUP=/etc/rc2.d/S99PBEAgent
+        TR=/usr/xpg4/bin/tr
+        ;;
+    $HPUX)
+        STARTUP=/sbin/init.d/pcns
+        ;;
+    $AIX)
+        STARTUP=/etc/rc.APCpcns
+        ;;
+    esac
+}
+
+IsPCNSInstalled() {
+    upgrade=$FALSE    
+    version="Unknown"
+    if [ -f "$STARTUP" ]; then
+        grep 'PowerChute Network Shutdown, v2.2.4' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v2.2.4."
+            version="2.2.4"
+            upgrade=$FALSE
+        fi
+        
+        grep 'PowerChute Network Shutdown, v2.2.5' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v2.2.5."
+            version="2.2.5"
+            upgrade=$FALSE
+        fi
+        
+        grep 'PowerChute Network Shutdown, v2.2.6' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v2.2.6."
+            version="2.2.6"
+            upgrade=$FALSE
+        fi
+        
+        grep 'PowerChute Network Shutdown, v2.2.7' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v2.2.7."
+            version="2.2.7"
+            upgrade=$FALSE
+        fi
+        
+		grep 'PowerChute Network Shutdown, v3.0.0' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v3.0.0"
+            version="3.0.0"
+            upgrade=$FALSE
+        fi
+		
+        grep 'PowerChute Network Shutdown, v3.0.1' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v3.0.1"
+            version="3.0.1"
+            upgrade=$FALSE
+        fi
+        
+        grep 'PowerChute Network Shutdown, v3.1.0' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v3.1.0"
+            version="3.1.0"
+            upgrade=$TRUE
+        fi
+        
+        grep 'PowerChute Network Shutdown, v3.2.0' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v3.2.0"
+            version="3.2.0"
+            upgrade=$TRUE
+        fi
+
+        grep 'PowerChute Network Shutdown, v4.0.0' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v4.0.0"
+            version="4.0.0"
+            upgrade=$TRUE
+        fi
+		
+		grep 'PowerChute Network Shutdown, v4.1.0' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v4.1.0"
+            version="4.1.0"
+            upgrade=$TRUE
+        fi
+
+        if [ $upgrade = $FALSE ]; then
+            Echo "PowerChute Network Shutdown is already installed. Upgrade is not supported for this version."
+            Echo "Please uninstall existing PCNS to continue with installation of PCNS v.4.1.0"
+            Echo "Installation cancelled."
+			Echo "Aborting with error code-$EXIT_UPGRADE_NOT_SUPPORTED"
+            Echo ""
+            exit $EXIT_UPGRADE_NOT_SUPPORTED
+        fi
+        
+        result=$FALSE
+        while [ $result = $FALSE ]
+        do
+            prev_install_dir=`grep '^INSTALL_PATH='  $STARTUP | sed s/INSTALL_PATH=\"// | sed s/\"//`
+            if [ -d "$prev_install_dir/$GROUP2" ]; then
+                Echo "Previous version of PowerChute Network Shutdown is installed."
+                Echo "Update install does not support multiple instances."
+                Echo "Please uninstall PCNS and run this install program again."
+				Echo "Aborting with error code-$EXIT_UPGRADE_NOT_SUPPORTED"
+                Echo "Installation cancelled."
+                Echo ""
+                exit $EXIT_UPGRADE_NOT_SUPPORTED
+            fi
+            if [ $SILENT_MODE = $TRUE ]; then
+                if [ $version = "4.1.0" ]; then
+					Echo "Current version of PowerChute Network Shutdown is installed."
+				else
+					Echo "Previous version of PowerChute Network Shutdown is installed."
+				fi
+                Echo "Start update installation."
+                val=$YES
+            else
+                if [ $version = "4.1.0" ]; then
+					Echo "Current version of PowerChute Network Shutdown is installed."
+				else
+					Echo "Previous version of PowerChute Network Shutdown is installed."
+				fi
+                IsYN "Do you want to update it [Yes|No]?"
+                val=$?
+            fi
+            case $val in
+            $YES)
+                Echo "Update selected for existing version of PowerChute Network Shutdown."
+                UPDATE_INSTALL=$TRUE
+                result=$TRUE
+                ;;
+            $NO)
+                Echo "Installation cancelled."
+				Echo "Aborting with error code-$EXIT_USER_ABORT"
+                Echo ""
+                exit $EXIT_USER_ABORT
+                ;;
+            *)
+                Echo "Invalid response."
+                ;;
+            esac
+        done
+    fi
+}
+
+IsPCPlusInstalled() {
+    if [ -d "/etc/apc_repository" ]; then
+        Echo "PowerChute Plus is installed. Please uninstall PowerChute Plus."
+		Echo "Aborting with error code-$EXIT_CONFLICT_PCPLUS."
+        exit $EXIT_CONFLICT_PCPLUS
+    fi
+}
+
+IsPCBEInstalled() {
+    if [ -n "$PCBE_STARTUP" -a -f "$PCBE_STARTUP" ]
+    then
+	    Echo "Aborting with error code-$EXIT_CONFLICT_PCBE."
+        Echo "PowerChute Business Edition Agent is installed. Please uninstall PCBE Agent."
+        exit $EXIT_CONFLICT_PCBE
+    fi
+}
+
+IsPCSInstalled() {
+    if [ -n "$PCS_STARTUP" -a -f "$PCS_STARTUP" ]
+    then
+        Echo "PowerChute Server is installed. Please uninstall PowerChute Server."
+		Echo "Aborting with error code-$EXIT_CONFLICT_PCS."
+        exit $EXIT_CONFLICT_PCS
+    fi
+}
+
+checkForVMWare() {
+    lang='ja_'
+    if env | grep ^LANG=$lang &>/dev/null;
+    then
+       if [ -e /usr/bin/vmware ]
+       then
+           # VMware detected!
+           
+           # Check for VMware Server
+           if /usr/bin/vmware -v | grep Server &> /dev/null
+           then
+                Echo "VMware Server has been detected on your system. This version of PowerChute Network Shutdown does not support VMware. Please uninstall VMware Server, or consult www.apc.com for the required version of PowerChute Network Shutdown."
+				Echo "Aborting with error code-$EXIT_CONFLICT_VMWARE."
+                exit $EXIT_CONFLICT_VMWARE
+           fi
+           
+           # Check for VMware Workstation
+           if /usr/bin/vmware -v | grep Workstation &> /dev/null
+           then
+                Echo "VMware Workstation has been detected on your system. This version of PowerChute Network Shutdown does not support VMware. Please uninstall VMware Workstation, or consult www.apc.com for the required version of PowerChute Network Shutdown."
+				Echo "Aborting with error code-$EXIT_CONFLICT_VMWARE."
+                exit $EXIT_CONFLICT_VMWARE
+           fi
+       fi
+       
+       # Check for VMware-Player
+       if [ -e /usr/bin/vmplayer ]
+       then
+           # VMware Player detected.
+            Echo "VMware Player has been detected on your system. This version of PowerChute Network Shutdown does not support VMware. Please uninstall VMware Player, or consult www.apc.com for the required version of PowerChute Network Shutdown."
+			Echo "Aborting with error code-$EXIT_CONFLICT_VMWARE."
+            exit $EXIT_CONFLICT_VMWARE
+       fi
+
+     fi
+}
+
+checkForXenServer() {
+    grep XenServer /etc/redhat-release > /dev/null 2>&1
+    if [ $? -eq 0 ]; then
+        Echo "Xen Server has been detected on your system."
+        Echo "This version of PowerChute Network Shutdown does not support Xen Server."
+        Echo "Please consult www.apc.com for the required version of PowerChute Network Shutdown."
+		Echo "Aborting with error code-$EXIT_CONFLICT_VMWARE."
+        exit $EXIT_CONFLICT_VMWARE
+    fi
+}
+
+InitUpdate() {
+    if [ $UPDATE_INSTALL = $TRUE ]; then
+        # Get PCNS Path
+        OLD_INSTALL_DIR=`grep '^INSTALL_PATH='  $STARTUP | sed s/INSTALL_PATH=\"// | sed s/\"//`
+        Echo "PowerChute Network Shutdown previously installed at:$OLD_INSTALL_DIR" 
+        # Stop daemon
+        case "$OS" in
+        $VIMA)
+            /etc/rc.d/init.d/PowerChute stop
+            ;;
+        $XENSERVER)
+            /etc/rc.d/init.d/PowerChute stop
+            ;;
+        $LINUX)
+            if [ -f /etc/SuSE-release ]; then
+            	if [ -f /etc/init.d/PowerChute ]; then
+                	/etc/init.d/PowerChute stop
+                fi
+            else
+            	if [ -f /etc/rc.d/init.d/PowerChute ]; then
+                	/etc/rc.d/init.d/PowerChute stop
+           		fi
+               	if [ -f /etc/init.d/PowerChute ]; then
+                	/etc/init.d/PowerChute stop
+                fi
+            fi
+            ;;
+        $SOLARIS)
+            /etc/rc2.d/S99PowerChute stop
+            ;;
+        $HPUX)
+            /sbin/init.d/pcns stop
+            ;;
+        $AIX)
+            /etc/rc.APCpcns stop
+            ;;
+        esac
+    fi
+}
+
+BackupOldPCNS() {
+    if [ $UPDATE_INSTALL = $TRUE ]; then
+        # Install dir is same as old PCNS
+        if [ "$INSTALL_DIR/PowerChute" = "$OLD_INSTALL_DIR" ]; then
+            backup_dir="$INSTALL_DIR/PowerChute_update_backup"
+            rm -rf $backup_dir
+            mv $OLD_INSTALL_DIR $backup_dir
+            mkdir -p $OLD_INSTALL_DIR
+            OLD_INSTALL_DIR=$backup_dir
+            Echo "Backup old PCNS directory to $OLD_INSTALL_DIR"
+        fi
+    fi
+}
+
+UninstallOldPCNS() {
+    if [ $UPDATE_INSTALL = $TRUE ]; then
+        # remove all files
+        rm -rf $OLD_INSTALL_DIR
+    fi
+}
+
+CopyUpdateFiles() {
+    if [ $UPDATE_INSTALL = $TRUE ]; then
+        Echo "Copying update files ..."
+        if [ -d "$OLD_INSTALL_DIR/$GROUP1" ]; then
+            # PCNS 222
+            backup_dir="$OLD_INSTALL_DIR/$GROUP1"
+        else
+            backup_dir="$OLD_INSTALL_DIR"
+        fi
+        cp "$backup_dir/m11.cfg" "$APP_DIR/$GROUP1/" 1>/dev/null 2>/dev/null
+        cp "$backup_dir/EventLog.txt" "$APP_DIR/$GROUP1/" 1>/dev/null 2>/dev/null
+        
+        # Convert m11.cfg to INI
+        oldDir=$PWD
+        cd $APP_DIR/$GROUP1
+        m11Path="$backup_dir/m11.cfg"
+        #merge pcnsconfig.ini files.
+        oldIniPath="$backup_dir/pcnsconfig.ini"
+        
+        javaParams="-Xms32m -Xmx64m -cp .:comp/pcns.jar:lib/m11.jar:lib/commons-codec-1.4.jar:lib/commons-collections-3.2.1.jar:lib/commons-configuration-1.6.jar:lib/commons-lang-2.5.jar:lib/commons-logging-1.1.1.jar:lib/log4j-core-2.2.jar:lib/log4j-api-2.2.jar:lib/bcprov-jdk15on-151.jar:./lib/bcpkix-jdk15on-151.jar:lib/json_simple-1.1.jar:lib/jasypt-1.9.0.jar -Dm11Path=$m11Path -DoldIniPath=$oldIniPath -DapplicationDirectory=$APP_DIR -Dgroup=1 com.apcc.pcns.m11converter.M11Converter"
+        #Echo ${JAVA_DIR}java  $javaParams
+        ${JAVA_DIR}java  $javaParams 1>/dev/null 2>/dev/null
+
+		# Convert config files
+		javaParams="-Xms32m -Xmx64m -cp .:comp/pcns.jar:lib/m11.jar:lib/commons-codec-1.4.jar:lib/commons-collections-3.2.1.jar:lib/commons-configuration-1.6.jar:lib/commons-lang-2.5.jar:lib/commons-logging-1.1.1.jar:lib/log4j-core-2.2.jar:lib/log4j-api-2.2.jar:lib/bcprov-jdk15on-151.jar:./lib/bcpkix-jdk15on-151.jar:lib/json_simple-1.1.jar:lib/jasypt-1.9.0.jar:lib/vijava5120121125.jar:lib/dom4j-1.6.1.jar -DapplicationDirectory=$APP_DIR com.apcc.pcns.configservice.UpgradeIniConverter"
+        #Echo ${JAVA_DIR}java  $javaParams
+        ${JAVA_DIR}java  $javaParams 1>/dev/null 2>/dev/null
+        
+        cd $oldDir
+    fi
+}
+
+SetInstallDir() {
+    if [ $SILENT_MODE = $TRUE ]; then
+        if [ -z "$INSTALL_DIR" ]; then
+            INSTALL_DIR="/opt/APC"
+        fi
+    elif [ $UPDATE_INSTALL = $TRUE ]; then
+        # Use the old location
+        INSTALL_DIR=`dirname $OLD_INSTALL_DIR`
+    else
+        res=$FALSE
+        while [ $res = $FALSE ]
+        do
+            Echo ""
+            Echo "Please enter the installation directory or press enter to install to the default directory (/opt/APC/PowerChute):"
+            read val
+            if [ -z "$val" ]; then
+                INSTALL_DIR="/opt/APC"    
+            else
+                INSTALL_DIR=$val    
+                # Verify install path
+                if [ -n "$INSTALL_DIR" ]; then
+                    buf=`echo $INSTALL_DIR | grep '^/' ` 
+                    if [ -z "$buf" ]; then
+                        Echo "Installation directory must start with \"/\""
+						Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+                        exit $EXIT_INVALID_INSTALL_DIR
+                    fi
+                    buf=`echo $INSTALL_DIR | grep ' ' ` 
+                    if [ -n "$buf" ]; then
+                        Echo "Installation directory must not contain white space \" \""
+						Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+                        exit $EXIT_INVALID_INSTALL_DIR
+                    fi
+                    buf=`echo $INSTALL_DIR | grep '\\\' ` 
+                    if [ -n "$buf" ]; then
+                        Echo "Installation directory must not contain back slash \"\\\""
+						Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+                        exit $EXIT_INVALID_INSTALL_DIR
+                    fi
+                fi
+            fi
+
+            IsYN "Are you sure you want to install PCNS to $INSTALL_DIR/PowerChute [Yes|No]?"
+            val=$?
+            case $val in
+            $YES)
+                if [ -d "$INSTALL_DIR/PowerChute" ]; then
+                    IsYN "$INSTALL_DIR/PowerChute already exists. Do you want to use it [Yes|No]?"
+                    val=$?
+                    case $val in
+                    $YES)
+                        BackupOldPCNS
+                        res=$TRUE
+                        ;;
+                    $NO)
+                        ;;
+                    *)
+                        Echo "Invalid response."
+                        ;;
+                    esac
+                else
+                    res=$TRUE
+                fi
+                ;;
+            $NO)
+                ;;
+            *)
+                Echo "Invalid response."
+                ;;
+            esac
+        done
+    fi
+
+    if [ ! -d "$INSTALL_DIR" ]; then
+        Echo "Creating $INSTALL_DIR directory ..."
+        mkdir -p "$INSTALL_DIR"
+        if [ ! $? = 0 ]; then
+            Echo "Failed to create directory $INSTALL_DIR."
+				Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+            exit $EXIT_INVALID_INSTALL_DIR
+        fi
+    fi
+    Echo "PCNS will be installed to $INSTALL_DIR/PowerChute"
+}
+
+CheckBundledJava() {
+    rval=$FALSE
+    case "$OS" in
+    $VIMA)
+        JRE_FILE=$JRE_TGZ_FILE"-linux-x64.tar.gz"
+        ;;
+    $LINUX)
+		if [ "$ARCH" = "x64" ]; then
+			JRE_FILE=$JRE_TGZ_FILE"-linux-x64.tar.gz"
+		else
+			JRE_FILE=$JRE_TGZ_FILE"-linux-i586.tar.gz"
+		fi
+        ;;
+    $SOLARIS)
+        if [ $SPARC = $TRUE ]; then
+            JRE_FILE=$JRE_TGZ_FILE"-solaris-sparc.tar.gz"            
+        else
+            JRE_FILE=$JRE_TGZ_FILE"-solaris-i586.tar.gz"
+        fi
+        ;;
+    $XENSERVER)
+        JRE_FILE=$JRE_TGZ_FILE"-linux-i586.tar.gz"
+        ;;
+    $HPUX)
+        ;;
+    $AIX)
+        ;;
+    esac
+    if [ -f "$SRC_DIR/$JRE_FILE" ]; then
+        rval=$TRUE
+    fi
+    return $rval
+}
+
+AskJavaPath() {
+    CheckBundledJava
+    bundled=$?
+    res=$FALSE
+    while [ $res = $FALSE ]
+    do
+        Echo ""
+        if [ $bundled = $TRUE ];then
+            Echo "Please enter java directory if you want to use your system java (example:/usr/local/bin/jre/$JRE_VERSION) or press enter to install the bundled Java:"
+        else
+            Echo "JRE is not bundled. Please enter your java directory (example:/usr/local/bin/jre/$JRE_VERSION):"
+        fi
+        
+        read str
+                
+        if [ $bundled = $TRUE -a -z "$str" ]; then
+            #the empty string is ok, means use the path JRE
+            JAVA_DIR=""
+            res=$TRUE
+        else
+            JAVA_DIR=$str
+            res=$FALSE
+        fi
+        
+        if [ $res = $FALSE -a -n "$JAVA_DIR" ]; then
+            #must have / at the end, so add it    
+            buf=`echo $JAVA_DIR | grep '/$' ` 
+            if [ -z "$buf" ]; then
+                  JAVA_DIR="${JAVA_DIR}/"
+            fi
+        
+            # Add/bin at the end of JAVA_DIR if needed
+            # This allows it to be backward compatible
+            # with previous versions, which did not have 
+            # the bin
+            buf=`echo $JAVA_DIR | grep '/bin/$' ` 
+            if [ -z "$buf" ]; then
+                   JAVA_DIR="$JAVA_DIR/bin/"
+            fi
+            
+            buf=`echo $JAVA_DIR | grep ' ' ` 
+            if [ -n "$buf" ]; then
+                Echo "Java directory must not contain white space \" \""
+            else
+                buf=`echo $JAVA_DIR | grep '^/' ` 
+                if [ -z "$buf" ]; then
+                    Echo "Java directory must start with /"
+                else
+                    buf=`echo $JAVA_DIR | grep '\\\' ` 
+                    if [ -n "$buf" ]; then
+                        Echo "Java directory must not contain back slash \"\\\""
+                    elif [ ! -d $JAVA_DIR ]; then
+                        Echo "Invalid path: $JAVA_DIR"
+                    else                                      
+                        #Check the java version before confirming, no point in 
+                        #asking them if they want it is we can't accept it anyway.
+                         CheckJavaVersion
+                         res=$?                        
+                    fi
+                fi
+            fi            
+         fi 
+    done
+}
+
+InstallBundledJava() {
+    CheckBundledJava
+    if [ $? = $FALSE ]; then
+        Echo "No private JRE is bundled for this OS.  Please install and specify a JRE"
+		Echo "Aborting with error code-$EXIT_INVALID_JAVA_VERSION."
+        CancelAll $EXIT_INVALID_JAVA_VERSION
+    fi 
+    
+    # Copy jre file
+	APP_JRE_DIR=$APP_DIR/$JRE_VERSION
+	JAVA_DIR="$APP_DIR/$JRE_VERSION/bin/"
+
+    Echo "Copying jre to $APP_DIR ..."
+    mkdir -p $APP_DIR
+    cp "$SRC_DIR/$JRE_FILE" "$APP_DIR/jre.tar.gz"
+    if [ ! $? -eq 0 ]; then
+        Echo "Failed to copy jre file."
+        CancelAll
+    fi
+    cd $APP_DIR
+    chmod 700 jre.tar.gz
+
+    # Extract Java
+    Echo "Extracting jre to $APP_DIR/jre ..."
+    gunzip jre.tar.gz
+    tar -xf jre.tar
+    if [ ! $? -eq 0 ]; then
+        Echo "Failed to extract jre file."
+        CancelAll
+    fi
+    rm -rf jre.tar
+	chmod -R 0755 $APP_JRE_DIR
+    
+    # Regenerating the Shared Archive
+    if [ ! $OS = "$VIMA" ]; then
+        $JAVA_DIR/java -Xshare:dump 1>/dev/null 2>/dev/null
+    fi
+    cd $APP_DIR
+}
+
+CheckJavaVersion() {
+    Echo "Checking version of Java ..."
+    rval=$FALSE
+
+    # Show JRE Version
+    ${JAVA_DIR}java -version >/dev/null 2>&1
+    if [ ! $? -eq 0 ]; then 
+        Echo 
+        Echo "Java not found at ${JAVA_DIR}."
+    else
+        VERSION=`${JAVA_DIR}java -version 2>&1 | head -n 1 | cut -d\" -f 2 | sed s/_/\./g`
+        Echo "Detected Java Version: $VERSION"
+
+        MAJOR=`echo $VERSION | cut -d\. -f 1`
+        MINOR=`echo $VERSION | cut -d\. -f 2`
+        MINI=`echo $VERSION | cut -d\. -f 3`
+        MICRO=`echo $VERSION | cut -d\. -f 4`
+
+        if [ -z "$MICRO" ]; then
+            MICRO=0
+        fi
+        
+        case "$OS" in
+        $HPUX)
+            JRE_REQUIRED_MICRO=08
+            ;;
+        *) 
+            JRE_REQUIRED_MICRO=0
+            ;;
+        esac
+        
+        if [ $VERSION ]; then
+            if [ \( $MAJOR -gt $JRE_REQUIRED_MAJOR \) -o \( $MAJOR -eq $JRE_REQUIRED_MAJOR -a $MINOR -gt $JRE_REQUIRED_MINOR \) -o \( $MAJOR -eq $JRE_REQUIRED_MAJOR -a $MINOR -eq $JRE_REQUIRED_MINOR -a $MINI -gt $JRE_REQUIRED_MINI \) -o \( $MAJOR -eq $JRE_REQUIRED_MAJOR -a $MINOR -eq $JRE_REQUIRED_MINOR -a $MINI -eq $JRE_REQUIRED_MINI -a $MICRO -ge $JRE_REQUIRED_MICRO \) ]; then
+                Echo "Acceptable version"
+                rval=$TRUE
+            else
+                Echo "Wrong version of Java.  Minimum Java version required is $JRE_REQUIRED_MAJOR.$JRE_REQUIRED_MINOR.$JRE_REQUIRED_MINI.$JRE_REQUIRED_MICRO "
+                Echo "Java can be downloaded from www.java.com"
+            fi
+        else
+            Echo 
+            Echo "Java not found at $JAVA_DIR"
+        fi
+    fi
+    return $rval
+}
+CheckOSArch(){
+tmp=`uname -a | grep -i x86_64`
+if [ ! -z "$tmp" ]; then
+#it is a 64 bit OS
+   if [ "$ARCH" = "x32" ]; then
+     echo "64 bit OS detected.  This installer is for 32 bit OS. Please download the 64 bit installer for this OS"
+	 CancelAll
+   fi  
+else
+#It is a 32 bit OS
+   if [ "$ARCH" = "x64" ]; then
+     echo "32 bit OS detected.  This installer is for 64 bit OS. Please download the 32 bit installer for this OS"
+	 CancelAll
+   fi  
+fi
+}
+
+SetupJava() {
+    if [ $SILENT_MODE = $TRUE ]; then
+        if [ -z "$JAVA_DIR" ]; then
+            InstallBundledJava
+            res=$TRUE
+        else
+            CheckJavaVersion
+            res=$?
+            
+            if [ $res -eq $FALSE ]; then
+                # invalid java path
+				Echo "Aborting with error code-$EXIT_INVALID_JAVA_VERSION."
+                CancelAll $EXIT_INVALID_JAVA_VERSION
+            fi
+        fi        
+    else
+        AskJavaPath
+        if [ -z "$JAVA_DIR" ]; then
+            InstallBundledJava
+        fi
+    fi
+
+    # Show JRE Version
+    Echo ""
+    $JAVA_DIR/java -version
+    if [ ! $? -eq 0 ]; then 
+        Echo "" 
+		CheckOSArch
+        Echo "Invalid jre path."
+		CancelAll
+    fi
+    Echo ""
+    # Create java path config file
+    Echo "JAVA_DIR=$JAVA_DIR"
+    Echo ""
+    cd "$SRC_DIR"
+}
+
+SetupM11Cfg() {
+   Echo "Setup the m11.cfg file"
+   filename="$GROUP_DIR/m11.cfg"
+   setting1="host.ApplicationDirectory=$GROUP_DIR"
+   setting2="host.ComponentDirectory=$GROUP_DIR/comp"
+   setting3="Notifier.NotifierExe=$GROUP_DIR/bin/notifier"
+
+    #echo "DEBUG: $setting1"
+    #echo "DEBUG: $setting2"
+    #echo "DEBUG: $setting3"
+    
+    PARAMS=" -cp .:$GROUP_DIR/comp/pcns.jar:$GROUP_DIR/lib/m11.jar com.apcc.pcns.m11cfgInit.M11cfgInit $filename $setting1 $setting2 $setting3"
+    #echo "DEBUG: ${JAVA_DIR}java $PARAMS"
+   #Note:JAVA_DIR has the \ on the end
+   ${JAVA_DIR}java $PARAMS 1>/dev/null 2>/dev/null
+   
+}
+
+
+SetupCommandFiles() {
+    case "$OS" in
+    $VIMA)
+        cp VIMA/notifier.sh notifier
+        cp VIMA/shutdown.sh shutdown
+        cp VIMA/shutdownhost.pl shutdownhost.pl
+        chmod 744 shutdownhost.pl
+        ;;
+    $XENSERVER)
+        cp Linux/notifier.sh notifier
+        cp Linux/shutdown.sh shutdown
+        ;;        
+    $LINUX)
+        cp Linux/notifier.sh notifier
+        cp Linux/shutdown.sh shutdown
+        ;;
+    $SOLARIS)
+        cp Solaris/notifier.sh notifier
+        cp Solaris/shutdown.sh shutdown
+        ;;
+    $HPUX)
+        cp Hpux/notifier.sh notifier
+        cp Hpux/shutdown.sh shutdown
+        ;;
+    $AIX)
+        cp Aix/notifier.sh notifier
+        cp Aix/shutdown.sh shutdown
+        ;;
+    esac    
+    chmod 744 notifier
+    chmod 744 shutdown
+    rm -rf Linux Solaris Hpux Aix VIMA ESX XenServer
+    cd "$APP_DIR"
+}
+
+SetupAllCommandFiles() {
+    cd "$APP_DIR"
+    if [ -d $GROUP1 ]; then
+        cd ./$GROUP1/bin
+        SetupCommandFiles
+    else
+        cd ./bin
+        SetupCommandFiles
+    fi
+    cd "$APP_DIR"
+}
+
+ConfigureStartup() {
+    APP_DIR_QUOTED=\"$APP_DIR\"
+    group_dir_quoted=\"$GROUP_DIR\"
+
+    # Update scripts
+    if [ $OS = "$HPUX" ]; then
+        sed -e "s:nohup:/bin/nohup:g" powerchute.sh > powerchute.sh.tmp$$
+        mv -f powerchute.sh.tmp$$ powerchute.sh
+    fi
+    sed -e "s:GSUB_INSTALL_PATH:$APP_DIR_QUOTED:g" startup.sh > startup.sh.tmp$$
+    sed -e "s:GSUB_INSTALL_PATH:$group_dir_quoted:g" powerchute.sh > powerchute.sh.tmp$$
+    mv -f startup.sh.tmp$$ startup.sh
+    cp powerchute.sh.tmp$$ $GROUP_DIR/powerchute.sh
+    chmod 744 $GROUP_DIR/powerchute.sh
+    rm -f *.tmp$$
+
+    echo $JAVA_DIR > ${GROUP_DIR}/java.cfg
+}
+
+ConfigureAllStartup() {
+    Echo "Configuring startup files ..."
+    cd "$APP_DIR"
+    
+    if [ -d $GROUP1 ]; then
+        GROUP_DIR="$APP_DIR/$GROUP1"
+        ConfigureStartup
+        rm -f powerchute.sh*
+    else
+        GROUP_DIR=$APP_DIR
+        ConfigureStartup
+    fi
+    Echo "Startup script=$STARTUP"
+
+    cp startup.sh $STARTUP
+    chmod 0544 $STARTUP
+    rm -f startup.sh
+}
+
+UninstallOldStartupLink() {
+    if [ $UPDATE_INSTALL = $TRUE ]; then
+        if [ $OS = "$LINUX" -o $OS = "$VIMA" -o $OS = "$XENSERVER" ]; then
+            Echo "Deleting Linux symbolic link ..."
+       	 if [ -d /etc/rc0.d ]; then
+            rm -f /etc/rc0.d/K99PowerChute
+            rm -f /etc/rc1.d/K99PowerChute
+            rm -f /etc/rc2.d/K99PowerChute
+            rm -f /etc/rc3.d/K99PowerChute
+            rm -f /etc/rc4.d/K99PowerChute
+            rm -f /etc/rc5.d/K99PowerChute
+            rm -f /etc/rc6.d/K99PowerChute
+         else
+            rm -f /etc/rc.d/rc0.d/*99PowerChute
+            rm -f /etc/rc.d/rc1.d/*99PowerChute
+            rm -f /etc/rc.d/rc2.d/*99PowerChute
+            rm -f /etc/rc.d/rc3.d/*99PowerChute
+            rm -f /etc/rc.d/rc4.d/*99PowerChute
+            rm -f /etc/rc.d/rc5.d/*99PowerChute
+            rm -f /etc/rc.d/rc6.d/*99PowerChute
+         fi
+ 	fi
+    fi
+}
+
+ConfigureStartupLink() {
+     if [ $OS = "$LINUX" -o $OS = "$VIMA" -o $OS = "$XENSERVER" ]; then
+        Echo "Updating Linux symbolic link ..."
+        if [ -f /etc/SuSE-release ]; then
+	    insserv PowerChute 1>/dev/null 2>/dev/null
+        elif [ -f /sbin/chkconfig ]; then
+            chkconfig --add PowerChute
+            chkconfig PowerChute on
+        elif [ -d /etc/rc0.d ]; then
+			if [ ! -L /etc/rc0.d/K99PowerChute ]; then
+            	ln -s /etc/init.d/PowerChute /etc/rc0.d/K99PowerChute
+            fi
+            if [ ! -L /etc/rc1.d/K99PowerChute ]; then
+            	ln -s /etc/init.d/PowerChute /etc/rc1.d/K99PowerChute
+            fi
+            if [ ! -L /etc/rc2.d/S99PowerChute ]; then
+            	ln -s /etc/init.d/PowerChute /etc/rc2.d/S99PowerChute
+            fi
+            if [ ! -L /etc/rc3.d/S99PowerChute ]; then
+            	ln -s /etc/init.d/PowerChute /etc/rc3.d/S99PowerChute
+            fi
+            if [ ! -L /etc/rc4.d/S99PowerChute ]; then
+            	ln -s /etc/init.d/PowerChute /etc/rc4.d/S99PowerChute
+			fi
+			if [ ! -L /etc/rc5.d/S99PowerChute ]; then            	
+            	ln -s /etc/init.d/PowerChute /etc/rc5.d/S99PowerChute
+            fi
+            if [ ! -L /etc/rc6.d/K99PowerChute ]; then
+            	ln -s /etc/init.d/PowerChute /etc/rc6.d/K99PowerChute
+            fi
+        else
+        	if [ ! -L /etc/rc.d/rc0.d/K99PowerChute ]; then
+            	ln -s /etc/rc.d/init.d/PowerChute /etc/rc.d/rc0.d/K99PowerChute
+			fi
+			if [ ! -L /etc/rc.d/rc1.d/K99PowerChute ]; then
+            	ln -s /etc/rc.d/init.d/PowerChute /etc/rc.d/rc1.d/K99PowerChute
+            fi
+            if [ ! -L /etc/rc.d/rc2.d/S99PowerChute ]; then
+            	ln -s /etc/rc.d/init.d/PowerChute /etc/rc.d/rc2.d/S99PowerChute
+            fi
+            if [ ! -L /etc/rc.d/rc3.d/S99PowerChute ]; then
+            	ln -s /etc/rc.d/init.d/PowerChute /etc/rc.d/rc3.d/S99PowerChute
+            fi
+            if [ ! -L /etc/rc.d/rc4.d/S99PowerChute ]; then
+            	ln -s /etc/rc.d/init.d/PowerChute /etc/rc.d/rc4.d/S99PowerChute
+            fi
+            if [ ! -L /etc/rc.d/rc5.d/S99PowerChute ]; then
+            	ln -s /etc/rc.d/init.d/PowerChute /etc/rc.d/rc5.d/S99PowerChute
+            fi
+            if [ ! -L /etc/rc.d/rc6.d/K99PowerChute ]; then
+            	ln -s /etc/rc.d/init.d/PowerChute /etc/rc.d/rc6.d/K99PowerChute
+            fi
+        fi
+    else
+        case "$OS" in
+        $SOLARIS)
+            cp $STARTUP /etc/rc0.d/K99PowerChute
+            ;;
+        $HPUX)
+            Echo "Updating HP-UX symbolic link ..."
+            ln -s $STARTUP /sbin/rc1.d/K990pcns
+            ln -s $STARTUP /sbin/rc2.d/S990pcns
+            ;;
+        $AIX)
+            Echo "Updating AIX inittab ..."
+            mkitab "PCNS:2:wait:$STARTUP start #PowerChute Network Shutdown" >/dev/null 2>&1
+            ;;
+        esac
+    fi
+}
+
+ConfigureUninstall() {
+    Echo "Configuring uninstall script ..."
+    cd "$APP_DIR"
+    APP_DIR_QUOTED=\"$APP_DIR\"
+    sed -e "s:GSUB_INSTALL_PATH:$APP_DIR_QUOTED:g" uninstall > uninstall.tmp$$
+    mv -f uninstall.tmp$$ uninstall
+    chmod 0544 uninstall 
+}
+
+ConfigureOwner() {
+    chown -R root "$APP_DIR"
+    if [ $OS = "$AIX" ]; then
+        chgrp -R system $APP_DIR
+    else
+        chgrp -R root $APP_DIR
+    fi
+}
+
+RemoveStartup() {
+  if [ $OS = "$LINUX" -o $OS = "$VIMA" -o $OS = "$XENSERVER" ]; then
+    if [ -f $STARTUP ]; then
+        if [ -f /sbin/chkconfig ]; then
+            chkconfig PowerChute off
+            chkconfig --del PowerChute
+        else
+            rm -f /etc/rc.d/rc1.d/K99PowerChute
+            rm -f /etc/rc.d/rc2.d/S99PowerChute
+            rm -f /etc/rc.d/rc3.d/S99PowerChute
+            rm -f /etc/rc.d/rc4.d/S99PowerChute
+            rm -f /etc/rc.d/rc5.d/S99PowerChute
+            rm -f /etc/rc.d/rc6.d/K99PowerChute
+        fi
+        rm -f $STARTUP
+    fi
+  else
+    case "$OS" in
+    $SOLARIS)
+        rm -f /etc/rc2.d/S99PowerChute
+        rm -f /etc/rc0.d/K99PowerChute
+        ;;
+    $HPUX)
+        if [ -f /sbin/init.d/pcns ]; then
+            rm -f /sbin/rc1.d/K990pcns
+            rm -f /sbin/rc2.d/S990pcns
+            rm -f /sbin/init.d/pcns
+        fi
+        ;;
+    $AIX)
+        if [ -f /etc/rc.APCpcns ]; then
+            rmitab PCNS
+            rm -f /etc/rc.APCpcns
+        fi
+        ;;
+    esac
+  fi
+}
+
+CancelAll() {
+    cd "$SRC_DIR"
+    if [ -n "$INSTALL_DIR" ]; then
+        if [ -d "$INSTALL_DIR/PowerChute" ]; then
+             # Perform install rollback if update installation aborts due to some error and rollback to previous configuration 
+        	RollBackInstall
+        else
+            rm -f "$INSTALL_DIR/$PCNS_TAR*"
+        fi
+    fi
+    Echo ""
+    Echo "Installation cancelled."
+    Echo ""
+    exit $1
+}
+
+RollBackInstall() {
+	if [ $UPDATE_INSTALL = $TRUE ]; then
+    	if [ -d "$INSTALL_DIR/PowerChute_update_backup" ]; then
+    		echo "Performing Install Rollback"
+            rm -rf "$INSTALL_DIR/PowerChute"
+            mv "$INSTALL_DIR/PowerChute_update_backup/" "$INSTALL_DIR/PowerChute"
+            Echo "Startup script=$STARTUP"
+            $STARTUP start
+      	else
+            rm -rf "$INSTALL_DIR/PowerChute"
+            RemoveStartup
+      	fi
+ 	else
+    	rm -rf "$INSTALL_DIR/PowerChute"
+    	RemoveStartup
+ 	fi 
+}
+
+ConfigureFirewall(){
+    if [ -f /usr/sbin/esxcfg-firewall ]; then
+        esxcfg-firewall -o 80,tcp,out,"APC PowerChute Port 80"
+        esxcfg-firewall -o 3052,tcp,out,"APC PowerChute Port 3052"
+        esxcfg-firewall -o 3052,tcp,in,"APC PowerChute Port 3052"
+        esxcfg-firewall -o 3052,udp,out,"APC PowerChute Port 3052"
+        esxcfg-firewall -o 3052,udp,in,"APC PowerChute Port 3052"
+        esxcfg-firewall -o 6547,tcp,in,"APC PowerChute Port 6547"
+    else
+        if [ -f /sbin/iptables ] || [ -f /usr/sbin/iptables ]; then
+            iptables -I OUTPUT -p tcp --sport 80 -j ACCEPT
+            iptables -I OUTPUT -p tcp --sport 3052 -j ACCEPT
+            iptables -I INPUT -p tcp --dport 3052 -j ACCEPT
+            iptables -I OUTPUT -p udp --sport 3052 -j ACCEPT
+            iptables -I INPUT -p udp --dport 3052 -j ACCEPT
+            iptables -I INPUT -p tcp --dport 6547 -j ACCEPT
+            
+            service iptables save
+        fi
+		if [ -f /sbin/ip6tables ] || [ -f /usr/sbin/ip6tables ]; then
+            ip6tables -I OUTPUT -p tcp --sport 80 -j ACCEPT
+            ip6tables -I OUTPUT -p tcp --sport 3052 -j ACCEPT
+            ip6tables -I INPUT -p tcp --dport 3052 -j ACCEPT
+            ip6tables -I OUTPUT -p udp --sport 3052 -j ACCEPT
+            ip6tables -I INPUT -p udp --dport 3052 -j ACCEPT
+            ip6tables -I INPUT -p tcp --dport 6547 -j ACCEPT
+            
+            service ip6tables save
+        fi
+   fi
+}
+
+DisplayEULA(){
+    
+    # Default to english license
+    EULA="apclicense.txt"
+
+    Echo "$LANG" | grep -i 'ja_JP.utf-*8'
+    if [ $? -eq 0 ]; then
+       EULA="apclicense.txt.ja_UTF8"
+    fi
+
+    Echo "$LANG" | grep -i 'ja_JP.IBM-*943'
+    if [ $? -eq 0 ]; then
+       EULA="apclicense.txt.ja_ANSI"
+    fi
+
+    Echo "$LANG" | grep -i 'eucJP'
+    if [ $? -eq 0 ]; then
+        EULA="apclicense.txt.ja_EUC"
+    fi 
+    
+    # Extract EULA
+    cp $PCNS_ZIP backup.tar.gz
+    gunzip $PCNS_ZIP
+    tar -xof $PCNS_TAR > /dev/null 2>&1
+        
+    # Display EULA
+    printf "\nPress any key to display End User License Agreement\n"
+    Pause
+    more "PowerChute/group1/$EULA"
+    
+    # Remove file, now that we've read it.
+    rm -rf PowerChute > /dev/null 2>&1
+    rm -rf $PCNS_TAR > /dev/null 2>&1
+    mv backup.tar.gz $PCNS_ZIP > /dev/null 2>&1
+    
+    agreed=
+    while [ -z "$agreed" ]
+    do
+        printf "\nDo you agree to the above license terms? [yes or no]\n"
+        read reply leftover
+        case $reply in
+            [yY] | [yY][eE][sS])
+                agreed=1
+                ;;
+            [nN] | [nN][oO])
+                printf "If you don't agree to the license you can't install this software\n"
+				printf "Aborting with error code-$EXIT_USER_ABORT\n"
+                exit $EXIT_USER_ABORT
+                ;;
+            *)
+                printf "Please enter \"yes\" or \"no\"."
+                ;;
+        esac
+     done
+}
+
+AddESXiTargetServer() {
+
+    if [ -f /etc/vima-release ] || [ -f /etc/vma-release ]; then
+        echo " "
+        echo "In order for PCNS to shutdown the ESXi host, it must be added as a target server."
+        
+        # validIP:
+        # 0 - IP is valid
+        # 1 - IP is invalid
+        # 2 - User is skipping this
+        
+        validIP=1
+                
+        while [ $validIP -eq 1 ]
+        do
+            echo "Please enter ESXi host IP (XXX.XXX.XXX.XXX) or (q) to skip:"
+            read esxihostip
+        
+            case $esxihostip in
+                [qQ])
+                    validIP=2
+                    printf "\nSkipping configuration of ESXi Host Shutdown.\n"
+                    ;;
+            esac
+            
+            
+            if [ $validIP -ne 2 ]; then
+                # Validate IP
+                valid_ip $esxihostip
+                if [ $? -ne 0 ]; then
+                    # invalid ip
+                    printf "\nInvalid IP entered.\n"
+                    validIP=1
+                else
+                    validIP=0
+                fi                
+            fi            
+        done
+        
+        if [ $validIP -eq 0 ]; then
+            echo "Please enter ESXi host username:"
+            read esxihostuser
+        
+            echo "Please enter ESXi host password:"
+            OLDCONFIG=`stty -g`
+            stty -icanon -echo min 1 time 0
+            read esxihostpwd
+            stty $OLDCONFIG
+        
+            echo "Adding target server..."
+            
+            vifp addserver $esxihostip --username $esxihostuser --password $esxihostpwd
+            vifp listservers | grep $esxihostip
+            if [ $? -eq 0 ]; then
+                    echo "Successfully added ESXi host to target server list."                    
+                    echo ""
+            else
+                    echo "Failed to add ESXi host."
+                    echo "To add the host manually please run - sudo vifp addserver <ipaddress>"
+                    echo ""
+            fi        
+        fi        
+    fi
+}
+
+valid_ip()
+{
+    ERROR=0
+    oldIFS=$IFS
+    IFS=.
+    set -f
+    set -- $1
+    if [ $# -eq 4 ]; then
+        for seg
+        do
+            case $seg in
+                ""|*[!0-9]*) ERROR=1;break ;; ## Segment empty or non-numeric char
+                *) [ $seg -gt 255 ] && ERROR=2 ;;
+            esac
+        done
+    else
+        ERROR=3 ## Not 4 segments
+    fi
+    IFS=$oldIFS
+    set +f
+    return $ERROR
+}
+
+CheckLocale(){
+    Echo "$LANG" | grep -i 'ja*'
+    if [ $? -eq 0 ]; then   
+        # Abort, can't install english on Japanese OS.
+        printf "\nThis version of PowerChute Network Shutdown does not support the Japanese language. Please consult www.apc.com for the required version of PowerChute Network Shutdown.\n"
+		Echo "Aborting with error code-$EXIT_INVALID_LOCALE"
+        exit $EXIT_INVALID_LOCALE
+    fi    
+}
+
+ApplySilentConfig(){
+    if [ "$SILENT_MODE" = "$TRUE" ]; then
+        Echo "Applying Configuration ..."
+        
+        # Register with NMC
+        oldDir=$PWD
+        cd $APP_DIR/$GROUP1
+
+        upgrade="false"
+        if [ "$UPDATE_INSTALL" = "$TRUE" ]; then
+            upgrade="true"
+        fi                
+        
+        javaParams="-Xms32m -Xmx64m -cp .:comp/pcns.jar:lib/m11.jar:lib/commons-codec-1.4.jar:lib/commons-collections-3.2.1.jar:lib/commons-configuration-1.6.jar:lib/commons-lang-2.5.jar:lib/commons-logging-1.1.1.jar:lib/log4j-core-2.2.jar:lib/log4j-api-2.2.jar:lib/bcprov-jdk15on-151.jar:./lib/bcpkix-jdk15on-151.jar:lib/json_simple-1.1.jar:lib/jasypt-1.9.0.jar -DsilentConfig=$SILENT_CONFIG -DsourceDir=\"$SRC_DIR\" -DapplicationDirectory=\"$APP_DIR\" -Dgroup=1 -Dupgrade=$upgrade com.apcc.pcns.silentconfig.SilentConfig"
+        echo ${JAVA_DIR}java  $javaParams 2>/dev/null > $APP_DIR/$GROUP1/run.sh
+		chmod +x $APP_DIR/$GROUP1/run.sh
+		$APP_DIR/$GROUP1/run.sh
+
+        code=$?
+		rm -f $APP_DIR/$GROUP1/run.sh
+        if [ $code -ne 0 ]; then
+            Echo "Error applying configuration.  Error code is: $code"
+            CancelAll $code
+        fi
+        
+        Echo "Configuration complete."
+        cd $oldDir    
+    fi
+}
+
+InstallHelp() {
+    # Copy Standard Help files    # Copy VMWare Help files
+    HELP_DIR="$INSTALL_DIR/PowerChute/group1/comp/http/html/Help"
+    mv $HELP_DIR/Standard/* $HELP_DIR/. 1>/dev/null 2>/dev/null
+    rmdir $HELP_DIR/Standard 1>/dev/null 2>/dev/null
+}
+
+InstallComplete(){
+    NODE_NAME=`uname -n`
+    Echo ""
+    Echo "Installation has completed."
+    Echo "PowerChute Network Shutdown can be accessed through your browser at https://<your_server_ip_address>:6547"
+
+    if [ $UPDATE_INSTALL = $FALSE ]; then    
+        Echo "Please complete the configuration wizard so that PowerChute Network Shutdown can protect your server."
+    fi
+    
+    Echo ""
+}
+
+######################################################################
+# Main routine
+######################################################################
+SRC_DIR=`pwd`
+
+# Check zipped install file
+if [ ! -f $PCNS_ZIP ]; then
+    Echo "Cannot find $PCNS_ZIP"
+	Echo "Aborting with error code-$EXIT_ZIPFILE_MISSING"
+    exit $EXIT_ZIPFILE_MISSING
+fi
+
+# Print Banner
+Echo "------------------------------------------------------------------"
+Echo "     PowerChute Network Shutdown 4.1.0 for Linux"
+Echo "     Copyright (c) 1999-2015 Schneider Electric."
+Echo "     All Rights Reserved."
+Echo "------------------------------------------------------------------"
+Echo ""
+
+# Check OS type
+CheckOS
+
+# Check root account
+IsRootUser
+
+# Check Locale Compatibility
+CheckLocale
+
+checkForVMWare
+checkForXenServer
+
+# Check the OS architecture
+CheckOSArch
+
+# Initialize
+Initialize
+
+# Check silent install
+if [ -z "$1" ]; then
+    SILENT_MODE=$FALSE
+elif [ "$1" = "-f" ]; then 
+    if [ -r "$2" ]; then
+        SILENT_MODE=$TRUE
+        SILENT_CONFIG=$2
+        Echo "Silent mode input from $SILENT_CONFIG"
+        Echo ""
+        SetSilentConfig
+    else
+	    Echo "Aborting with error code-$EXIT_SILENT_CONFIG_MISSING"
+        Echo "Error: Invalid file $2"
+        exit $EXIT_SILENT_CONFIG_MISSING
+    fi
+else
+    PrintUsage
+fi
+
+# Show EULA
+if [ $SILENT_MODE = $TRUE ]; then
+   if [ "$ACCEPT_EULA" = "$STR_YES" ];  then
+        Echo "EULA has been accepted"
+   else
+        Echo "Aborting with error code-$EXIT_EULA_NOT_ACCEPTED"
+        Echo "Error: EULA must be accepted by setting ACCEPT_EULA=$STR_YES in config file"
+        exit $EXIT_EULA_NOT_ACCEPTED
+   fi
+else
+   DisplayEULA
+fi
+
+# Check installed applications
+IsPCPlusInstalled
+IsPCBEInstalled
+IsPCSInstalled
+IsPCNSInstalled
+
+InitUpdate
+
+# Set Install dir
+SetInstallDir
+BackupOldPCNS
+
+APP_DIR="$INSTALL_DIR/PowerChute"
+
+# Setup java
+SetupJava
+
+# Copy tar file to install dir
+Echo "Copying the installation files ..."
+cp "$PCNS_ZIP" "$INSTALL_DIR"
+cd "$INSTALL_DIR"
+
+# Extract PCNS files
+Echo "Extracting PCNS files ..."
+gunzip $PCNS_ZIP
+tar -xf $PCNS_TAR > /dev/null 2>&1
+if [ ! $? = 0 ]
+then
+    Echo "Failed to extract files"
+fi
+rm -rf $PCNS_TAR
+
+
+cd "$APP_DIR"
+Echo "PCNS is extracted to $APP_DIR"
+
+# Setup script files
+SetupAllCommandFiles
+
+# Configure startup script
+ConfigureAllStartup 
+UninstallOldStartupLink
+ConfigureStartupLink
+
+# Multiple entries in 'iptables' on installing PCNS over existing install
+if [ $OS = $VIMA ] || [ $OS = $LINUX ]; then
+service iptables status 1>/dev/null 2>/dev/null
+OUT=$?
+if [ $OUT -eq 0 ] && [ $UPDATE_INSTALL = $FALSE ]; then
+   ConfigureFirewall
+fi
+else
+ConfigureFirewall
+fi
+
+# Configure uninstall script
+ConfigureUninstall
+ConfigureOwner
+
+# For Update install
+CopyUpdateFiles
+
+#Install Help
+InstallHelp
+
+# Start the Service
+SetupM11Cfg
+ApplySilentConfig
+# Delete the back up PowerChute folder once the update is done successfully.
+UninstallOldPCNS
+$STARTUP start
+
+InstallComplete
+
+cd "$SRC_DIR"
+exit $EXIT_SUCCESS
diff --git a/AKB/src/APC-PowerChute-NetworkShutdown/Linux_x64/jre-8u45-linux-x64.tar.gz b/AKB/src/APC-PowerChute-NetworkShutdown/Linux_x64/jre-8u45-linux-x64.tar.gz
new file mode 100755
index 0000000..b6f19e2
Binary files /dev/null and b/AKB/src/APC-PowerChute-NetworkShutdown/Linux_x64/jre-8u45-linux-x64.tar.gz differ
diff --git a/AKB/src/APC-PowerChute-NetworkShutdown/Linux_x64/pcns410.tar.gz b/AKB/src/APC-PowerChute-NetworkShutdown/Linux_x64/pcns410.tar.gz
new file mode 100755
index 0000000..a984c77
Binary files /dev/null and b/AKB/src/APC-PowerChute-NetworkShutdown/Linux_x64/pcns410.tar.gz differ
diff --git a/AKB/src/APC-PowerChute-NetworkShutdown/Linux_x64/silentInstall.sample b/AKB/src/APC-PowerChute-NetworkShutdown/Linux_x64/silentInstall.sample
new file mode 100755
index 0000000..cd97ec4
--- /dev/null
+++ b/AKB/src/APC-PowerChute-NetworkShutdown/Linux_x64/silentInstall.sample
@@ -0,0 +1,181 @@
+# APC PowerChute Network Shutdown (PCNS) Silent Installer
+# 
+# This file contains parameters used by the PCNS silent
+# install option to support mass installation.
+#
+# Do not enclose values in quotes
+#
+# -------------------------------------------------------------------
+# Accept the EULA.
+#
+# This must be changed to YES to accept the EULA.  This is not case
+# sensitive.
+
+ACCEPT_EULA=NO
+#ACCEPT_EULA=YES
+
+# -------------------------------------------------------------------
+# The directory in which to install PCNS:
+# The default value /opt/APC is used if commented out or specified 
+# null value as "INSTALL_DIR="
+#
+# Values specified here are case sensitive.
+# -------------------------------------------------------------------
+
+INSTALL_DIR=/opt/APC
+
+# -------------------------------------------------------------------
+# The directory in which java is installed:
+# A PowerChute only private Java Runtime is used if commented out or
+# specified null value as "JAVA_DIR="
+#
+# PowerChute only private Java Runtime is NOT available on some 
+# Operating Systems.  See PowerChute Documentation for more details.
+#
+# This directory must specify a Java Runtime version 1.7.0 or later.
+#
+# Values specified here are case sensitive. 
+# -------------------------------------------------------------------
+
+JAVA_DIR=/usr/java/latest
+
+# -------------------------------------------------------------------
+# The silent install can register this host's IP address with the 
+# management card. If you are installing PCNS on more than 50 hosts
+# for one management card, consult the PCNS Installation Guide. Valid
+# values for this parameter are "no" or "yes".
+#
+# Values specified here are not case sensitive.
+# -------------------------------------------------------------------
+
+REGISTER_WITH_NMC=YES
+
+# -------------------------------------------------------------------
+# Uncomment and edit the following to specify the installation 
+# configuration.  The installation mode can have one of the 
+# following values:
+#
+# 'single': Register with a single NMC card.
+# 'redundant': Register with several NMC cards in a redundant  
+#	configuration.
+# 'parallel': Register with several NMC cards in a parallel 
+#	configuration.
+#
+# Values specified here are not case sensitive.
+# -------------------------------------------------------------------
+
+# MODE=single
+
+# -------------------------------------------------------------------
+# Fill in the below fields with the correct network configuration. Ensure
+# all the NMCs and servers are in the same network configuration.
+#
+# Valid values for NETWORKCONFIG are 'IPv4' and 'IPv6'
+#
+# Valid values for IPV6NETWORKCONFIG are 'Unicast' and 'Multicast'. This
+# parameter need not specified if the network configuration is IPv4
+# -------------------------------------------------------------------
+
+NETWORKCONFIG=IPv4
+#IPV6NETWORKCONFIG= 
+
+# -------------------------------------------------------------------
+# Uncomment and edit the following to specify the UPS Network 
+# Management cards to register with.
+# -------------------------------------------------------------------
+
+# IP_1=000.000.000.000
+# IP_2=000.000.000.000
+# IP_3=000.000.000.000
+# IP_4=000.000.000.000
+# IP_5=000.000.000.000
+# IP_6=000.000.000.000
+# IP_7=000.000.000.000
+# IP_8=000.000.000.000
+# IP_9=000.000.000.000
+
+# -------------------------------------------------------------------
+# Uncomment and edit the following to specify the UPS Outlet Group 
+# for each UPS NMC.  The value given is the outlet number.
+# -------------------------------------------------------------------
+
+# IP_1_Outlet=0
+# IP_2_Outlet=0
+# IP_3_Outlet=0
+# IP_4_Outlet=0
+# IP_5_Outlet=0
+# IP_6_Outlet=0
+# IP_7_Outlet=0
+# IP_8_Outlet=0
+# IP_9_Outlet=0
+
+# -------------------------------------------------------------------
+# This value specifies the UPS Network Management Port to use for
+# registration.  Valid values are 80, 443, and 5000 to 32768.
+# -------------------------------------------------------------------
+
+PORT=80
+
+# -------------------------------------------------------------------
+# This value specifies the protocol to use when registering with the
+# UPS Network Management Card.  Valid values are 'http' or 'https'.
+#
+# Values specified here are not case sensitive.
+# -------------------------------------------------------------------
+
+PROTOCOL=http
+
+# -------------------------------------------------------------------
+# When using the https protocol, SSL certificates are used to secure the 
+# connection.  By default the NMC uses a self signed certificate, 
+# which needs to be accepted.
+#
+# ACCEPTCERTS=YES 
+# Certificates which are self signed, or have some other issue, will
+# be automatically accepted (Recommended)
+#
+# ACCEPTCERTS=NO
+# Connection will only be established if the NMC has been configured
+# with a valid certificate.
+#
+# Values specified here are not case sensitive.
+# -------------------------------------------------------------------
+
+#ACCEPTCERTS=YES
+
+# -------------------------------------------------------------------
+# Fill in the below fields with the correct security information.
+# The Administrator User Name and Authentication Phrase must match
+# the settings of the Management Card in your UPS.
+#
+# Values specified here are case sensitive.
+# -------------------------------------------------------------------
+
+USERNAME=
+PASSWORD=
+AUTHENTICATION_PHRASE=
+
+# -------------------------------------------------------------------
+# Uncomment and edit the following only if you have more than one
+# network card installed locally. The below fields should specify
+# which local IP address to register with the UPS Network Management
+# Card. 
+# 
+# This field will be read if the network configuration is IPv4
+# -------------------------------------------------------------------
+
+#LOCAL_IP_ADDRESS=000.000.000.000
+
+# -------------------------------------------------------------------
+# The below fields should specify unicast/multicast address to register 
+# with the UPS Network Management Card. 
+# 
+# This field will be read if the network configuration is IPv6.
+#
+# Both Unicast and Multicast address are required if the IPV6NETWORKCONFIG
+# is 'Multicast'. If IPV6NETWORKCONFIG is 'Unicast' only Unicast address
+# is required.
+# -------------------------------------------------------------------
+
+#UNICAST_ADDRESS=
+#MULTICAST_ADDRESS=
\ No newline at end of file
diff --git a/AKB/src/APC-PowerChute-NetworkShutdown/pcns410Linux-x86-64.tar.gz b/AKB/src/APC-PowerChute-NetworkShutdown/pcns410Linux-x86-64.tar.gz
new file mode 100644
index 0000000..d7583f8
Binary files /dev/null and b/AKB/src/APC-PowerChute-NetworkShutdown/pcns410Linux-x86-64.tar.gz differ
diff --git a/AKB/src/check_net b/AKB/src/check_net
new file mode 160000
index 0000000..6bde0e7
--- /dev/null
+++ b/AKB/src/check_net
@@ -0,0 +1 @@
+Subproject commit 6bde0e7c07c4d0ee8cc6f6aa37c49608fe924a5b
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1.tar.gz b/AKB/src/igmpproxy/igmpproxy-0.1.tar.gz
new file mode 100644
index 0000000..c429f21
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1.tar.gz differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/AUTHORS b/AKB/src/igmpproxy/igmpproxy-0.1/AUTHORS
new file mode 100644
index 0000000..7023323
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/AUTHORS
@@ -0,0 +1,9 @@
+Authors and contributors, in alphabetical order: 
+
+Alexey Charkov <alchark@gmail.com>
+Christian Ruppert <idl0r@gentoo.org>
+Conrad Kostecki <ConiKost@gmx.de>
+Constantin Baranov <const@mimas.ru>
+Damjan Cvetko <zobo@users.sourceforge.net>
+Johnny Egeland <johnnyege@users.sourceforge.net>
+Martin Djernaes <djernaes@users.sourceforge.net>
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/COPYING b/AKB/src/igmpproxy/igmpproxy-0.1/COPYING
new file mode 100644
index 0000000..3d11e36
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/COPYING
@@ -0,0 +1,28 @@
+igmpproxy - IGMP proxy based multicast router 
+Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+This software is derived work from the following software. The original
+source code has been modified from it's original state by the author
+of igmpproxy.
+
+smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+- Licensed under the GNU General Public License, version 2
+
+mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+Leland Stanford Junior University.
+- Original license can be found in the Stanford.txt file.
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/ChangeLog b/AKB/src/igmpproxy/igmpproxy-0.1/ChangeLog
new file mode 100644
index 0000000..e8461bb
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/ChangeLog
@@ -0,0 +1,317 @@
+commit 0e8e7fde2d68f9ea9b5095c24231024be281393c
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Oct 5 21:31:42 2009 +0500
+
+    Release 0.1
+
+commit 68ba90446e02825073b779bd0628c4f34833665d
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu Oct 1 00:09:38 2009 +0500
+
+    Fix building on FreeBSD 8.0 (wrt #2870461)
+    
+    Several IGMP_* macroses was deprecated in r189347/v800069 and
+    removed in r193938/v800098. Redefine them if needed.
+
+commit 74c2e1aa414f33585562d6783a3290ac63ee6c69
+Author: Martin Djernaes <djernaes@users.sourceforge.net>
+Date:   Sun Sep 6 16:41:22 2009 +0500
+
+    Fix netmask detection on interfaces with multiple addresses
+    
+    When having multiple IP addresses on an interface the netmask retrieved for
+    each IP address is not correct. The reason is that ioctrl for
+    SIOCGIFNETMASK will just provide the first netmask when no IP address is
+    provided in the call.
+
+commit 64144607195b779396a49179518aade24707cbbc
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Sep 4 01:38:27 2009 +0500
+
+    Generate ChangeLog and AUTHORS by Git
+
+commit 94dd711318384e7b121924db0177a65b2fc38471
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Aug 16 19:45:04 2009 +0500
+
+    Release 0.1 beta5
+
+commit 3ac424f82ab9f281dd3a0bfccbc92352bd5512c0
+Author: Damjan Cvetko <zobo@users.sourceforge.net>
+Date:   Sun Aug 16 19:28:30 2009 +0500
+
+    Improve getIfByAddress() function (wrt #2835052)
+    
+    getIfByAddress does not find the best iterface in case of overlaping
+    networks. This patchs scans through all interfaces (and networks) and picks
+    the one with the longest subnet.
+
+commit 8ca5a29b56390020f27d4106643cd623cdb12bb2
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Aug 16 18:37:58 2009 +0500
+
+    Fix nextConfigToken() function (wrt #2838154)
+    
+    The nextConfigToken() returns NULL when EOF reached even if token
+    was read already. This results in loss of last token in file usually.
+    Let it return unterminated token if it is non-empty already.
+
+commit 954674bc4ec6a689b1de2f2a2766e993df1e2705
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:14:56 2009 +0500
+
+    Release 0.1 beta4
+
+commit a7908b855ecb6959ea08ef3b374ff2aca9939cf0
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:10:35 2009 +0500
+
+    Update README etc.
+
+commit 62fa19975ff4daa8e31a9b07bf33ddc8cd0129f8
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:06:44 2009 +0500
+
+    State licenses in the COPYING
+
+commit 3ac3ae462ca35ec7f1f22d968bf4fab0807d636f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 10 05:01:21 2009 +0500
+
+    Remove pointless backslashes in configure.ac
+
+commit 3c4118949b6a19b384b08e171a5294b0ea307e08
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 10 02:19:30 2009 +0500
+
+    Replace bzero() with memset()
+
+commit ee07cb5bfd2514503d0564d2aee0656203d9a91e
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 02:09:28 2009 +0500
+
+    Remove redundant #include
+
+commit 56e37ad6ba0c6aade86c1407ea55abb8b445d119
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 02:00:03 2009 +0500
+
+    Add DragonFly BSD support
+
+commit eccefd205c3fb326b6ae1b79676238fc349f8be8
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 01:57:07 2009 +0500
+
+    Add missed format argument in acceptLeaveMessage()
+
+commit 16c55bd5ab6a9608099252fa320ddbc0a05fca0a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Wed May 6 01:29:04 2009 +0500
+
+    Avoid inclusion if linux/in.h (wrt #2787118)
+    
+    The linux/in.h header conflicts with the netinet/in.h header in
+    certain Linux distributions. So let's ensure that linux/in.h will
+    never be included neither directly nor from linux/mroute.h.
+
+commit e01624e123c5a24310a4fb7f70ab6178278c3b7a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 22:00:33 2009 +0500
+
+    Release 0.1 beta3
+
+commit a3c84e48a1ff32812aac92ca0dba923ca7dd4ca0
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:53:56 2009 +0500
+
+    Show version in help message
+    
+    Also remove unused Version constant.
+
+commit f880a472f6b835d8139adc27908206a11a50846f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:43:01 2009 +0500
+
+    Remove IF_DEBUG macros
+    
+    IF_DEBUG macros hides my_log(LOG_DEBUG...) calls. Thus it is redundant.
+
+commit 6b1a4beb839f41ecc7468e2680f5d0eedbd49b35
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:29:16 2009 +0500
+
+    Break long lines in build scripts
+
+commit 55dcd57b8cfac25a4eeafae5a18ab85a07484418
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:19:19 2009 +0500
+
+    Remove hardcoded version strings from man pages
+
+commit e7880c542e38bae8efa16b148a431488456f5594
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:52:58 2009 +0500
+
+    Move mrouted-LICENSE out of doc directory
+
+commit 9fee127b13336776d2e6019db8c22ee7de9bf36f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:32:31 2009 +0500
+
+    Use strdup() instead of malloc() and strcpy()
+
+commit d34dee7ea0b03ba98806558a1eebf78061ce8878
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:30:44 2009 +0500
+
+    Eliminate message about IGMP_MEMBERSHIP_QUERY ignored
+
+commit 32de2bfbad537f6e60edddaefa6c240b2811c567
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:25:30 2009 +0500
+
+    Add OpenBSD support
+
+commit a85c620eccea244c80a34c3403b2ea7055616703
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 04:16:53 2009 +0500
+
+    Add NetBSD support
+
+commit d61d57c50b8b2399ff90e32da687686cf068680a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 05:07:12 2009 +0500
+
+    Remove outdated bug report email address
+
+commit 14edc6d6dab34e5e51bc12a61f45bae753235e98
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 04:49:38 2009 +0500
+
+    Improve OS checking mechanism
+    
+    Hide all OS-specific things in os-*.h headers and let autoconf select
+    proper header. Also add check for struct sockaddr_in.sin_len member.
+
+commit b23a4c9f9edd43a22759930ae969ee420c270456
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 04:48:23 2009 +0500
+
+    Do not close std* streams in non-debug mode
+
+commit 7256cb378db4b839f0138cc9422971f5fb353de1
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 21:16:47 2009 +0500
+
+    Clean up configure.ac and add check for sockaddr.sa_len member
+
+commit eb6f3eababbca43c517a1407e5af66ed384bf07d
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 20:04:32 2009 +0500
+
+    Install igmpproxy to sbin directory
+
+commit e22427f33150970f6bef3106ac018d7138dfbadb
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 20:03:46 2009 +0500
+
+    Add missing igmpproxy.h to list of sources
+
+commit 68fb7638f36c85c44b2a8a33e28af58c65de8a06
+Author: Christian Ruppert <idl0r@gentoo.org>
+Date:   Thu Apr 9 21:28:04 2009 +0500
+
+    Add missing 'h' to the getopt() optstring
+
+commit bae0b7b42ec948442945648878dbc8ef3ee1d2c5
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat Apr 4 00:38:37 2009 +0500
+
+    Rework logging
+    
+    Allow to control verbosity with -v option.
+    Don't write to syslog in debug mode.
+    Don't fork in background. Let start-stop-deamon do this.
+    
+    Also update man-pages and help messages.
+
+commit df0ffb7998cbbd3ab09c100f48dead6adb93aa2c
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat Apr 4 00:38:06 2009 +0500
+
+    Move igmpproxy.conf out of src directory
+
+commit 4c36c1ea8f9822f96031cff8f40ca3fc7cb93db3
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Mar 9 22:03:46 2009 +0400
+
+    Initial FreeBSD support
+    
+    Based on IGMPproxy port to FreeBSD made by
+    Pavel Korshunov and gygenot.
+
+commit fdc5cc59655a59f7f73af78d6606b5c45b9c1071
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 20:37:17 2009 +0400
+
+    Move to C99 and clean up the code
+    
+    Listen to compiler's warnings.
+    Use standard integer and boolean types.
+    Remove redundant version.h.
+
+commit b535f70ec3dfc73a767592739c8aa44583e7e833
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 17:53:24 2009 +0400
+
+    Rename defs.h to igmpproxy.h
+
+commit 2df90756d378de822d6ece6aa0a340cab6a489e4
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 16:17:20 2009 +0400
+
+    Add bootstrap script
+
+commit 3393d1cd7c0f13cc91fa3ec974eb2cd1409bb720
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Feb 27 22:28:03 2009 +0400
+
+    Remove stuff generated by autotools
+
+commit 576b42c7fc71757a33dbac0ebc388f8eebd81fe3
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Feb 23 00:36:39 2009 +0400
+
+    Fix logging to syslog
+    
+    Do not write textual representation of message severity
+    because syslog can do this itself. Also write only one
+    string at a time.
+
+commit 1223d5975a1da679d15120417365582a0054abc4
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Feb 23 00:22:20 2009 +0400
+
+    chmod -x on appropriate files
+
+commit 66145eee1d74c9edd23f3d72700911865b7a09bb
+Author: Conrad Kostecki <ConiKost@gmx.de>
+Date:   Mon Feb 23 00:18:48 2009 +0400
+
+    Remove banner
+
+commit 710d688641ca68d89a7b8958c7d84144d5fb1d9b
+Author: Alexey Charkov <alchark@gmail.com>
+Date:   Mon Feb 23 00:13:03 2009 +0400
+
+    Enable autotools
+    
+    I've packaged igmpproxy with GNU autotools, which will allow for a better
+    experience on Gentoo (CFLAGS, directory structure etc). Also, compile-time
+    warnings are fixed. As the project is dead, this is not even a fork :)
+
+commit f4c36aa73287b794e2c842564e82d2d4f3c1027f
+Author: Johnny Egeland <johnnyege@users.sourceforge.net>
+Date:   Mon Feb 23 00:10:48 2009 +0400
+
+    Initial import
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/GPL.txt b/AKB/src/igmpproxy/igmpproxy-0.1/GPL.txt
new file mode 100644
index 0000000..97d8bc8
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/GPL.txt
@@ -0,0 +1,286 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+
+
+
+
+
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/INSTALL b/AKB/src/igmpproxy/igmpproxy-0.1/INSTALL
new file mode 100644
index 0000000..2550dab
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/INSTALL
@@ -0,0 +1,302 @@
+Installation Instructions
+*************************
+
+Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
+2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+
+   This file is free documentation; the Free Software Foundation gives
+unlimited permission to copy, distribute and modify it.
+
+Basic Installation
+==================
+
+   Briefly, the shell commands `./configure; make; make install' should
+configure, build, and install this package.  The following
+more-detailed instructions are generic; see the `README' file for
+instructions specific to this package.
+
+   The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation.  It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions.  Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+   It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring.  Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.
+
+   If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release.  If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+   The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'.  You need `configure.ac' if
+you want to change it or regenerate `configure' using a newer version
+of `autoconf'.
+
+The simplest way to compile this package is:
+
+  1. `cd' to the directory containing the package's source code and type
+     `./configure' to configure the package for your system.
+
+     Running `configure' might take a while.  While running, it prints
+     some messages telling which features it is checking for.
+
+  2. Type `make' to compile the package.
+
+  3. Optionally, type `make check' to run any self-tests that come with
+     the package.
+
+  4. Type `make install' to install the programs and any data files and
+     documentation.
+
+  5. You can remove the program binaries and object files from the
+     source code directory by typing `make clean'.  To also remove the
+     files that `configure' created (so you can compile the package for
+     a different kind of computer), type `make distclean'.  There is
+     also a `make maintainer-clean' target, but that is intended mainly
+     for the package's developers.  If you use it, you may have to get
+     all sorts of other programs in order to regenerate files that came
+     with the distribution.
+
+  6. Often, you can also type `make uninstall' to remove the installed
+     files again.
+
+Compilers and Options
+=====================
+
+   Some systems require unusual options for compilation or linking that
+the `configure' script does not know about.  Run `./configure --help'
+for details on some of the pertinent environment variables.
+
+   You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment.  Here
+is an example:
+
+     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
+
+   *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+   You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory.  To do this, you can use GNU `make'.  `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script.  `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+   With a non-GNU `make', it is safer to compile the package for one
+architecture at a time in the source code directory.  After you have
+installed the package for one architecture, use `make distclean' before
+reconfiguring for another architecture.
+
+   On MacOS X 10.5 and later systems, you can create libraries and
+executables that work on multiple system types--known as "fat" or
+"universal" binaries--by specifying multiple `-arch' options to the
+compiler but only a single `-arch' option to the preprocessor.  Like
+this:
+
+     ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CPP="gcc -E" CXXCPP="g++ -E"
+
+   This is not guaranteed to produce working output in all cases, you
+may have to build one architecture at a time and combine the results
+using the `lipo' tool if you have problems.
+
+Installation Names
+==================
+
+   By default, `make install' installs the package's commands under
+`/usr/local/bin', include files under `/usr/local/include', etc.  You
+can specify an installation prefix other than `/usr/local' by giving
+`configure' the option `--prefix=PREFIX'.
+
+   You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files.  If you
+pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
+
+   In addition, if you use an unusual directory layout you can give
+options like `--bindir=DIR' to specify different values for particular
+kinds of files.  Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+   If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+   Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System).  The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+   For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Particular systems
+==================
+
+   On HP-UX, the default C compiler is not ANSI C compatible.  If GNU
+CC is not installed, it is recommended to use the following options in
+order to use an ANSI C compiler:
+
+     ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+
+and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+
+   On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+parse its `<wchar.h>' header file.  The option `-nodtk' can be used as
+a workaround.  If GNU CC is not installed, it is therefore recommended
+to try
+
+     ./configure CC="cc"
+
+and if that doesn't work, try
+
+     ./configure CC="cc -nodtk"
+
+   On Solaris, don't put `/usr/ucb' early in your `PATH'.  This
+directory contains several dysfunctional programs; working variants of
+these programs are available in `/usr/bin'.  So, if you need `/usr/ucb'
+in your `PATH', put it _after_ `/usr/bin'.
+
+   On Haiku, software installed for all users goes in `/boot/common',
+not `/usr/local'.  It is recommended to use the following options:
+
+     ./configure --prefix=/boot/common
+
+Specifying the System Type
+==========================
+
+   There may be some features `configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on.  Usually, assuming the package is built to be run on the
+_same_ architectures, `configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+`--build=TYPE' option.  TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
+     CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+     OS
+     KERNEL-OS
+
+   See the file `config.sub' for the possible values of each field.  If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+   If you are _building_ compiler tools for cross-compiling, you should
+use the option `--target=TYPE' to select the type of system they will
+produce code for.
+
+   If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
+
+Sharing Defaults
+================
+
+   If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists.  Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+   Variables not defined in a site shell script can be set in the
+environment passed to `configure'.  However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost.  In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'.  For example:
+
+     ./configure CC=/usr/local2/bin/gcc
+
+causes the specified `gcc' to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+an Autoconf bug.  Until the bug is fixed you can use this workaround:
+
+     CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
+
+`configure' Invocation
+======================
+
+   `configure' recognizes the following options to control how it
+operates.
+
+`--help'
+`-h'
+     Print a summary of all of the options to `configure', and exit.
+
+`--help=short'
+`--help=recursive'
+     Print a summary of the options unique to this package's
+     `configure', and exit.  The `short' variant lists options used
+     only in the top level, while the `recursive' variant lists options
+     also present in any nested packages.
+
+`--version'
+`-V'
+     Print the version of Autoconf used to generate the `configure'
+     script, and exit.
+
+`--cache-file=FILE'
+     Enable the cache: use and save the results of the tests in FILE,
+     traditionally `config.cache'.  FILE defaults to `/dev/null' to
+     disable caching.
+
+`--config-cache'
+`-C'
+     Alias for `--cache-file=config.cache'.
+
+`--quiet'
+`--silent'
+`-q'
+     Do not print messages saying which checks are being made.  To
+     suppress all normal output, redirect it to `/dev/null' (any error
+     messages will still be shown).
+
+`--srcdir=DIR'
+     Look for the package's source code in directory DIR.  Usually
+     `configure' can determine that directory automatically.
+
+`--prefix=DIR'
+     Use DIR as the installation prefix.  *Note Installation Names::
+     for more details, including other options available for fine-tuning
+     the installation locations.
+
+`--no-create'
+`-n'
+     Run the configure checks, but stop before creating any output
+     files.
+
+`configure' also accepts some other, not widely useful, options.  Run
+`configure --help' for more details.
+
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/Makefile b/AKB/src/igmpproxy/igmpproxy-0.1/Makefile
new file mode 100644
index 0000000..1ea5f09
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/Makefile
@@ -0,0 +1,739 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = x86_64-unknown-linux-gnu
+host_triplet = x86_64-unknown-linux-gnu
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(dist_sysconf_DATA) \
+	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/config.h.in $(top_srcdir)/configure AUTHORS COPYING \
+	ChangeLog INSTALL NEWS config.guess config.sub depcomp \
+	install-sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(sysconfdir)"
+DATA = $(dist_sysconf_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+	$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+	distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d "$(distdir)" \
+    || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr "$(distdir)"; }; }
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1
+abs_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1
+abs_top_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = x86_64-unknown-linux-gnu
+build_alias = 
+build_cpu = x86_64
+build_os = linux-gnu
+build_vendor = unknown
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = x86_64-unknown-linux-gnu
+host_alias = 
+host_cpu = x86_64
+host_os = linux-gnu
+host_vendor = unknown
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = 
+top_builddir = .
+top_srcdir = .
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh:
+	@:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
+	      $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	$(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in:  $(am__configure_deps) 
+	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-dist_sysconfDATA: $(dist_sysconf_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(sysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sysconfdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \
+	done
+
+uninstall-dist_sysconfDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sysconfdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sysconfdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	test -d "$(distdir)" || mkdir "$(distdir)"
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+		am__skip_mode_fix=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+	-test -n "$(am__skip_mode_fix)" \
+	|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-lzma: distdir
+	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+	$(am__remove_distdir)
+
+dist-xz: distdir
+	tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lzma*) \
+	  unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+	*.tar.xz*) \
+	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	test -d $(distdir)/_build || exit 0; \
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && am__cwd=`pwd` \
+	  && $(am__cd) $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+	  && cd "$$am__cwd" \
+	  || exit 1
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+	@$(am__cd) '$(distuninstallcheck_dir)' \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(DATA) config.h
+installdirs: installdirs-recursive
+installdirs-am:
+	for dir in "$(DESTDIR)$(sysconfdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-dist_sysconfDATA
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-dist_sysconfDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+	ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am am--refresh check check-am clean clean-generic \
+	ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
+	dist-lzma dist-shar dist-tarZ dist-xz dist-zip distcheck \
+	distclean distclean-generic distclean-hdr distclean-tags \
+	distcleancheck distdir distuninstallcheck dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_sysconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	installdirs-am maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \
+	tags-recursive uninstall uninstall-am \
+	uninstall-dist_sysconfDATA
+
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/Makefile.am b/AKB/src/igmpproxy/igmpproxy-0.1/Makefile.am
new file mode 100644
index 0000000..b569f48
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/Makefile.am
@@ -0,0 +1,10 @@
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/Makefile.in b/AKB/src/igmpproxy/igmpproxy-0.1/Makefile.in
new file mode 100644
index 0000000..508f703
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/Makefile.in
@@ -0,0 +1,739 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(dist_sysconf_DATA) \
+	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/config.h.in $(top_srcdir)/configure AUTHORS COPYING \
+	ChangeLog INSTALL NEWS config.guess config.sub depcomp \
+	install-sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(sysconfdir)"
+DATA = $(dist_sysconf_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+	$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+	distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d "$(distdir)" \
+    || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr "$(distdir)"; }; }
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh:
+	@:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
+	      $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	$(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in:  $(am__configure_deps) 
+	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-dist_sysconfDATA: $(dist_sysconf_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(sysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sysconfdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \
+	done
+
+uninstall-dist_sysconfDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sysconfdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sysconfdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	test -d "$(distdir)" || mkdir "$(distdir)"
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+		am__skip_mode_fix=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+	-test -n "$(am__skip_mode_fix)" \
+	|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-lzma: distdir
+	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+	$(am__remove_distdir)
+
+dist-xz: distdir
+	tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lzma*) \
+	  unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+	*.tar.xz*) \
+	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	test -d $(distdir)/_build || exit 0; \
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && am__cwd=`pwd` \
+	  && $(am__cd) $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+	  && cd "$$am__cwd" \
+	  || exit 1
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+	@$(am__cd) '$(distuninstallcheck_dir)' \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(DATA) config.h
+installdirs: installdirs-recursive
+installdirs-am:
+	for dir in "$(DESTDIR)$(sysconfdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-dist_sysconfDATA
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-dist_sysconfDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+	ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am am--refresh check check-am clean clean-generic \
+	ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
+	dist-lzma dist-shar dist-tarZ dist-xz dist-zip distcheck \
+	distclean distclean-generic distclean-hdr distclean-tags \
+	distcleancheck distdir distuninstallcheck dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_sysconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	installdirs-am maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \
+	tags-recursive uninstall uninstall-am \
+	uninstall-dist_sysconfDATA
+
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/NEWS b/AKB/src/igmpproxy/igmpproxy-0.1/NEWS
new file mode 100644
index 0000000..fa39cb9
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/NEWS
@@ -0,0 +1,4 @@
+New releases, the Git repository and the bug tracker are accessible
+at project homepage:
+
+	http://sourceforge.net/projects/igmpproxy/
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/README b/AKB/src/igmpproxy/igmpproxy-0.1/README
new file mode 100644
index 0000000..01add8d
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/README
@@ -0,0 +1,10 @@
+IGMPproxy is a simple mulitcast router that only uses the IGMP protocol.
+
+Supported operating systems:
+ - Linux
+ - FreeBSD
+ - NetBSD
+ - OpenBSD
+ - DragonFly BSD
+
+This software is released under the GNU GPL license v2. See details in COPYING.
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/Stanford.txt b/AKB/src/igmpproxy/igmpproxy-0.1/Stanford.txt
new file mode 100644
index 0000000..ef7da47
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/Stanford.txt
@@ -0,0 +1,48 @@
+
+The mrouted program is covered by the following license.  Use of the
+mrouted program represents acceptance of these terms and conditions.
+
+1. STANFORD grants to LICENSEE a nonexclusive and nontransferable license
+to use, copy and modify the computer software ``mrouted'' (hereinafter
+called the ``Program''), upon the terms and conditions hereinafter set
+out and until Licensee discontinues use of the Licensed Program.
+
+2. LICENSEE acknowledges that the Program is a research tool still in
+the development state, that it is being supplied ``as is,'' without any
+accompanying services from STANFORD, and that this license is entered
+into in order to encourage scientific collaboration aimed at further
+development and application of the Program.
+
+3. LICENSEE may copy the Program and may sublicense others to use object
+code copies of the Program or any derivative version of the Program.
+All copies must contain all copyright and other proprietary notices found
+in the Program as provided by STANFORD.  Title to copyright to the
+Program remains with STANFORD.
+
+4. LICENSEE may create derivative versions of the Program.  LICENSEE
+hereby grants STANFORD a royalty-free license to use, copy, modify,
+distribute and sublicense any such derivative works.  At the time
+LICENSEE provides a copy of a derivative version of the Program to a
+third party, LICENSEE shall provide STANFORD with one copy of the source
+code of the derivative version at no charge to STANFORD.
+
+5. STANFORD MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED.
+By way of example, but not limitation, STANFORD MAKES NO REPRESENTATION
+OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR
+THAT THE USE OF THE LICENSED PROGRAM WILL NOT INFRINGE ANY PATENTS,
+COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. STANFORD shall not be held liable
+for any liability nor for any direct, indirect or consequential damages
+with respect to any claim by LICENSEE or any third party on account of or
+arising from this Agreement or use of the Program.
+
+6. This agreement shall be construed, interpreted and applied in
+accordance with the State of California and any legal action arising
+out of this Agreement or use of the Program shall be filed in a court
+in the State of California.
+
+7. Nothing in this Agreement shall be construed as conferring rights to
+use in advertising, publicity or otherwise any trademark or the name
+of ``Stanford''.
+
+The mrouted program is COPYRIGHT 1989 by The Board of Trustees of
+Leland Stanford Junior University.
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/aclocal.m4 b/AKB/src/igmpproxy/igmpproxy-0.1/aclocal.m4
new file mode 100644
index 0000000..9304f88
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/aclocal.m4
@@ -0,0 +1,951 @@
+# generated automatically by aclocal 1.11 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2007, 2008, 2009  Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.63],,
+[m4_warning([this file was generated for autoconf 2.63.
+You have another version of autoconf.  It may work, but is not guaranteed to.
+If you have problems, you may need to regenerate the build system entirely.
+To do so, use the procedure documented by the package, typically `autoreconf'.])])
+
+# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+# (This private macro should not be called outside this file.)
+AC_DEFUN([AM_AUTOMAKE_VERSION],
+[am__api_version='1.11'
+dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+dnl require some minimum version.  Point them to the right macro.
+m4_if([$1], [1.11], [],
+      [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+])
+
+# _AM_AUTOCONF_VERSION(VERSION)
+# -----------------------------
+# aclocal traces this macro to find the Autoconf version.
+# This is a private macro too.  Using m4_define simplifies
+# the logic in aclocal, which can simply ignore this definition.
+m4_define([_AM_AUTOCONF_VERSION], [])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+[AM_AUTOMAKE_VERSION([1.11])dnl
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+
+# AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'.  In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory.  The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run.  This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+#    fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+#    fails if $ac_aux_dir is absolute,
+#    fails when called from a subdirectory in a VPATH build with
+#          a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir.  In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir.  That would be:
+#   am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+#   MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH.  The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL                                            -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 9
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
+	[$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
+if $2; then
+  $1_TRUE=
+  $1_FALSE='#'
+else
+  $1_TRUE='#'
+  $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+  AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 10
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery.  Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC,   [depcc="$CC"   am_compiler_list=],
+       [$1], CXX,  [depcc="$CXX"  am_compiler_list=],
+       [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+       [$1], UPC,  [depcc="$UPC"  am_compiler_list=],
+       [$1], GCJ,  [depcc="$GCJ"  am_compiler_list='gcc3 gcc'],
+                   [depcc="$$1"   am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+               [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_$1_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+  fi
+  am__universal=false
+  m4_case([$1], [CC],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac],
+    [CXX],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac])
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_$1_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
+])
+
+# Generate code to set up dependency tracking.              -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 5
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[{
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`AS_DIRNAME("$mf")`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`AS_DIRNAME(["$file"])`
+      AS_MKDIR_P([$dirpart/$fdir])
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled.  FIXME.  This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+     [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+     [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Do all the work for Automake.                             -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2008, 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 16
+
+# This macro actually does too much.  Some checks are only needed if
+# your package does certain things.  But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out.  PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition.  After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.62])dnl
+dnl Autoconf wants to disallow AM_ names.  We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
+m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
+  [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+	      [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+			     [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+		  [_AM_DEPENDENCIES(CC)],
+		  [define([AC_PROG_CC],
+			  defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+		  [_AM_DEPENDENCIES(CXX)],
+		  [define([AC_PROG_CXX],
+			  defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_OBJC],
+		  [_AM_DEPENDENCIES(OBJC)],
+		  [define([AC_PROG_OBJC],
+			  defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
+])
+_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl
+dnl The `parallel-tests' driver may need to know about EXEEXT, so add the
+dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen.  This macro
+dnl is hooked onto _AC_COMPILER_EXEEXT early, see below.
+AC_CONFIG_COMMANDS_PRE(dnl
+[m4_provide_if([_AM_COMPILER_EXEEXT],
+  [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
+])
+
+dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion.  Do not
+dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
+dnl mangled by Autoconf and run in a shell conditional statement.
+m4_define([_AC_COMPILER_EXEEXT],
+m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated.  The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_arg=$1
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+if test x"${install_sh}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot.  For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Check to see how 'make' treats includes.	            -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2009  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 6
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([missing])dnl
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check for `mkdir -p'.
+AC_DEFUN([AM_PROG_MKDIR_P],
+[AC_PREREQ([2.60])dnl
+AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+dnl Automake 1.8 to 1.9.6 used to define mkdir_p.  We now use MKDIR_P,
+dnl while keeping a definition of mkdir_p for backward compatibility.
+dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
+dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
+dnl Makefile.ins that do not define MKDIR_P, so we do our own
+dnl adjustment using top_builddir (which is defined more often than
+dnl MKDIR_P).
+AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
+case $mkdir_p in
+  [[\\/$]]* | ?:[[\\/]]*) ;;
+  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+])
+
+# Helper functions for option handling.                     -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME.  Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Check to make sure that the build environment is sane.    -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[[\\\"\#\$\&\'\`$am_lf]]*)
+    AC_MSG_ERROR([unsafe absolute working directory name]);;
+esac
+case $srcdir in
+  *[[\\\"\#\$\&\'\`$am_lf\ \	]]*)
+    AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+   if test "$[*]" = "X"; then
+      # -L didn't work.
+      set X `ls -t "$srcdir/configure" conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$[*]" != "X $srcdir/configure conftest.file" \
+      && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      AC_MSG_ERROR([ls -t appears to fail.  Make sure there is not a broken
+alias in your environment])
+   fi
+
+   test "$[2]" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries.  This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+  AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Copyright (C) 2006, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
+# This macro is traced by Automake.
+AC_DEFUN([_AM_SUBST_NOTMAKE])
+
+# AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Public sister of _AM_SUBST_NOTMAKE.
+AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+
+# Check how to create a tarball.                            -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+#     tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+#     $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+     [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+     [m4_case([$1], [ustar],, [pax],,
+              [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+  case $_am_tool in
+  gnutar)
+    for _am_tar in tar gnutar gtar;
+    do
+      AM_RUN_LOG([$_am_tar --version]) && break
+    done
+    am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+    am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+    am__untar="$_am_tar -xf -"
+    ;;
+  plaintar)
+    # Must skip GNU tar: if it does not support --format= it doesn't create
+    # ustar tarball either.
+    (tar --version) >/dev/null 2>&1 && continue
+    am__tar='tar chf - "$$tardir"'
+    am__tar_='tar chf - "$tardir"'
+    am__untar='tar xf -'
+    ;;
+  pax)
+    am__tar='pax -L -x $1 -w "$$tardir"'
+    am__tar_='pax -L -x $1 -w "$tardir"'
+    am__untar='pax -r'
+    ;;
+  cpio)
+    am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+    am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+    am__untar='cpio -i -H $1 -d'
+    ;;
+  none)
+    am__tar=false
+    am__tar_=false
+    am__untar=false
+    ;;
+  esac
+
+  # If the value was cached, stop now.  We just wanted to have am__tar
+  # and am__untar set.
+  test -n "${am_cv_prog_tar_$1}" && break
+
+  # tar/untar a dummy directory, and stop if the command works
+  rm -rf conftest.dir
+  mkdir conftest.dir
+  echo GrepMe > conftest.dir/file
+  AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+  rm -rf conftest.dir
+  if test -s conftest.tar; then
+    AM_RUN_LOG([$am__untar <conftest.tar])
+    grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+  fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/config.guess b/AKB/src/igmpproxy/igmpproxy-0.1/config.guess
new file mode 100755
index 0000000..12734a7
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/config.guess
@@ -0,0 +1,1554 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-08-19'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner.  Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+case "${UNAME_SYSTEM}" in
+Linux|GNU/*)
+	eval $set_cc_for_build
+	cat << EOF > $dummy.c
+	#include <features.h>
+	#ifdef __UCLIBC__
+	# ifdef __UCLIBC_CONFIG_VERSION__
+	LIBC=uclibc __UCLIBC_CONFIG_VERSION__
+	# else
+	LIBC=uclibc
+	# endif
+	#else
+	LIBC=gnu
+	#endif
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep LIBC= | sed -e 's: ::g'`
+	;;
+esac
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep -q __ELF__
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    s390x:SunOS:*:*)
+	echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+	eval $set_cc_for_build
+	SUN_ARCH="i386"
+	# If there is a compiler, see if it is configured for 64-bit objects.
+	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+	# This test works for both compilers.
+	if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+		(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+		grep IS_64BIT_ARCH >/dev/null
+	    then
+		SUN_ARCH="x86_64"
+	    fi
+	fi
+	echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[456])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep -q __LP64__
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86)
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd | genuineintel)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	    IA64)
+		echo ia64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    8664:Windows_NT:*)
+	echo x86_64-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	eval $set_cc_for_build
+	if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+	    | grep -q __ARM_EABI__
+	then
+	    echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	else
+	    echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
+	fi
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-${LIBC}
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-${LIBC}
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-${LIBC}
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    mips:Linux:*:* | mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef ${UNAME_MACHINE}
+	#undef ${UNAME_MACHINE}el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=${UNAME_MACHINE}el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=${UNAME_MACHINE}
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-${LIBC}
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-${LIBC}
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-${LIBC}
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep -q ld.so.1
+	if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    padre:Linux:*:*)
+	echo sparc-unknown-linux-${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
+	  PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
+	  *)    echo hppa-unknown-linux-${LIBC} ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-${LIBC}
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-${LIBC}
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-${LIBC}
+	exit ;;
+    xtensa*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-${LIBC}"
+		;;
+	esac
+	# This should get integrated into the C code below, but now we hack
+	if [ "$LIBC" != "gnu" ] ; then echo "$TENTATIVE" && exit 0 ; fi
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i586.
+	# Note: whatever this is, it MUST be the same as what config.sub
+	# prints for the "djgpp" host, or else GDB configury will decide that
+	# this is a cross-build.
+	echo i586-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+	OS_REL='.3'
+	test -r /etc/.relid \
+	    && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	    && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <Richard.M.Bartel@ccMail.Census.GOV>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    BePC:Haiku:*:*)	# Haiku running on Intel PC compatible.
+	echo i586-pc-haiku
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+    i*86:AROS:*:*)
+	echo ${UNAME_MACHINE}-pc-aros
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/config.h b/AKB/src/igmpproxy/igmpproxy-0.1/config.h
new file mode 100644
index 0000000..f438e80
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/config.h
@@ -0,0 +1,29 @@
+/* config.h.  Generated from config.h.in by configure.  */
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if `sin_len' is member of `struct sockaddr_in'. */
+/* #undef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
+
+/* Define to 1 if `sa_len' is member of `struct sockaddr'. */
+/* #undef HAVE_STRUCT_SOCKADDR_SA_LEN */
+
+/* Name of package */
+#define PACKAGE "igmpproxy"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT ""
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "igmpproxy"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "igmpproxy 0.1"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "igmpproxy"
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "0.1"
+
+/* Version number of package */
+#define VERSION "0.1"
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/config.h.in b/AKB/src/igmpproxy/igmpproxy-0.1/config.h.in
new file mode 100644
index 0000000..bb6a90d
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/config.h.in
@@ -0,0 +1,28 @@
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if `sin_len' is member of `struct sockaddr_in'. */
+#undef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
+
+/* Define to 1 if `sa_len' is member of `struct sockaddr'. */
+#undef HAVE_STRUCT_SOCKADDR_SA_LEN
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Version number of package */
+#undef VERSION
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/config.log b/AKB/src/igmpproxy/igmpproxy-0.1/config.log
new file mode 100644
index 0000000..1d6bb4b
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/config.log
@@ -0,0 +1,572 @@
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by igmpproxy configure 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  $ ./configure --prefix=/usr/local/igmpproxy-0.1
+
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = gw-akb
+uname -m = x86_64
+uname -r = 3.16.0-4-amd64
+uname -s = Linux
+uname -v = #1 SMP Debian 3.16.7-ckt20-1+deb8u1 (2015-12-14)
+
+/usr/bin/uname -p = unknown
+/bin/uname -X     = unknown
+
+/bin/arch              = unknown
+/usr/bin/arch -k       = unknown
+/usr/convex/getsysinfo = unknown
+/usr/bin/hostinfo      = unknown
+/bin/machine           = unknown
+/usr/bin/oslevel       = unknown
+/bin/universe          = unknown
+
+PATH: /usr/local/sbin
+PATH: /usr/local/bin
+PATH: /usr/sbin
+PATH: /usr/bin
+PATH: /sbin
+PATH: /bin
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+configure:1839: checking for a BSD-compatible install
+configure:1907: result: /usr/bin/install -c
+configure:1918: checking whether build environment is sane
+configure:1978: result: yes
+configure:2119: checking for a thread-safe mkdir -p
+configure:2158: result: /bin/mkdir -p
+configure:2171: checking for gawk
+configure:2187: found /usr/bin/gawk
+configure:2198: result: gawk
+configure:2209: checking whether make sets $(MAKE)
+configure:2231: result: yes
+configure:2328: checking for style of include used by make
+configure:2356: result: GNU
+configure:2426: checking for gcc
+configure:2442: found /usr/bin/gcc
+configure:2453: result: gcc
+configure:2685: checking for C compiler version
+configure:2693: gcc --version >&5
+gcc (Debian 4.9.2-10) 4.9.2
+Copyright (C) 2014 Free Software Foundation, Inc.
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+configure:2697: $? = 0
+configure:2704: gcc -v >&5
+Using built-in specs.
+COLLECT_GCC=gcc
+COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.9/lto-wrapper
+Target: x86_64-linux-gnu
+Configured with: ../src/configure -v --with-pkgversion='Debian 4.9.2-10' --with-bugurl=file:///usr/share/doc/gcc-4.9/README.Bugs --enable-languages=c,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.9 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.9 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-4.9-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc --enable-multiarch --with-arch-32=i586 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
+Thread model: posix
+gcc version 4.9.2 (Debian 4.9.2-10) 
+configure:2708: $? = 0
+configure:2715: gcc -V >&5
+gcc: error: unrecognized command line option '-V'
+gcc: fatal error: no input files
+compilation terminated.
+configure:2719: $? = 4
+configure:2742: checking for C compiler default output file name
+configure:2764: gcc    conftest.c  >&5
+configure:2768: $? = 0
+configure:2806: result: a.out
+configure:2825: checking whether the C compiler works
+configure:2835: ./a.out
+configure:2839: $? = 0
+configure:2858: result: yes
+configure:2865: checking whether we are cross compiling
+configure:2867: result: no
+configure:2870: checking for suffix of executables
+configure:2877: gcc -o conftest    conftest.c  >&5
+configure:2881: $? = 0
+configure:2907: result: 
+configure:2913: checking for suffix of object files
+configure:2939: gcc -c   conftest.c >&5
+configure:2943: $? = 0
+configure:2968: result: o
+configure:2972: checking whether we are using the GNU C compiler
+configure:3001: gcc -c   conftest.c >&5
+configure:3008: $? = 0
+configure:3025: result: yes
+configure:3034: checking whether gcc accepts -g
+configure:3064: gcc -c -g  conftest.c >&5
+configure:3071: $? = 0
+configure:3172: result: yes
+configure:3189: checking for gcc option to accept ISO C89
+configure:3263: gcc  -c -g -O2  conftest.c >&5
+configure:3270: $? = 0
+configure:3293: result: none needed
+configure:3313: checking dependency style of gcc
+configure:3423: result: gcc3
+configure:3438: checking for gcc option to accept ISO C99
+configure:3597: gcc  -c -g -O2  conftest.c >&5
+conftest.c:60:29: error: expected ';', ',' or ')' before 'text'
+ test_restrict (ccp restrict text)
+                             ^
+conftest.c: In function 'main':
+conftest.c:114:18: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'newvar'
+   char *restrict newvar = "Another string";
+                  ^
+conftest.c:114:18: error: 'newvar' undeclared (first use in this function)
+conftest.c:114:18: note: each undeclared identifier is reported only once for each function it appears in
+conftest.c:124:3: error: 'for' loop initial declarations are only allowed in C99 or C11 mode
+   for (int i = 0; i < ia->datasize; ++i)
+   ^
+conftest.c:124:3: note: use option -std=c99, -std=gnu99, -std=c11 or -std=gnu11 to compile your code
+configure:3604: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| #include <stdarg.h>
+| #include <stdbool.h>
+| #include <stdlib.h>
+| #include <wchar.h>
+| #include <stdio.h>
+| 
+| // Check varargs macros.  These examples are taken from C99 6.10.3.5.
+| #define debug(...) fprintf (stderr, __VA_ARGS__)
+| #define showlist(...) puts (#__VA_ARGS__)
+| #define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+| static void
+| test_varargs_macros (void)
+| {
+|   int x = 1234;
+|   int y = 5678;
+|   debug ("Flag");
+|   debug ("X = %d\n", x);
+|   showlist (The first, second, and third items.);
+|   report (x>y, "x is %d but y is %d", x, y);
+| }
+| 
+| // Check long long types.
+| #define BIG64 18446744073709551615ull
+| #define BIG32 4294967295ul
+| #define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+| #if !BIG_OK
+|   your preprocessor is broken;
+| #endif
+| #if BIG_OK
+| #else
+|   your preprocessor is broken;
+| #endif
+| static long long int bignum = -9223372036854775807LL;
+| static unsigned long long int ubignum = BIG64;
+| 
+| struct incomplete_array
+| {
+|   int datasize;
+|   double data[];
+| };
+| 
+| struct named_init {
+|   int number;
+|   const wchar_t *name;
+|   double average;
+| };
+| 
+| typedef const char *ccp;
+| 
+| static inline int
+| test_restrict (ccp restrict text)
+| {
+|   // See if C++-style comments work.
+|   // Iterate through items via the restricted pointer.
+|   // Also check for declarations in for loops.
+|   for (unsigned int i = 0; *(text+i) != '\0'; ++i)
+|     continue;
+|   return 0;
+| }
+| 
+| // Check varargs and va_copy.
+| static void
+| test_varargs (const char *format, ...)
+| {
+|   va_list args;
+|   va_start (args, format);
+|   va_list args_copy;
+|   va_copy (args_copy, args);
+| 
+|   const char *str;
+|   int number;
+|   float fnumber;
+| 
+|   while (*format)
+|     {
+|       switch (*format++)
+| 	{
+| 	case 's': // string
+| 	  str = va_arg (args_copy, const char *);
+| 	  break;
+| 	case 'd': // int
+| 	  number = va_arg (args_copy, int);
+| 	  break;
+| 	case 'f': // float
+| 	  fnumber = va_arg (args_copy, double);
+| 	  break;
+| 	default:
+| 	  break;
+| 	}
+|     }
+|   va_end (args_copy);
+|   va_end (args);
+| }
+| 
+| int
+| main ()
+| {
+| 
+|   // Check bool.
+|   _Bool success = false;
+| 
+|   // Check restrict.
+|   if (test_restrict ("String literal") == 0)
+|     success = true;
+|   char *restrict newvar = "Another string";
+| 
+|   // Check varargs.
+|   test_varargs ("s, d' f .", "string", 65, 34.234);
+|   test_varargs_macros ();
+| 
+|   // Check flexible array members.
+|   struct incomplete_array *ia =
+|     malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+|   ia->datasize = 10;
+|   for (int i = 0; i < ia->datasize; ++i)
+|     ia->data[i] = i * 1.234;
+| 
+|   // Check named initializers.
+|   struct named_init ni = {
+|     .number = 34,
+|     .name = L"Test wide string",
+|     .average = 543.34343,
+|   };
+| 
+|   ni.number = 58;
+| 
+|   int dynamic_array[ni.number];
+|   dynamic_array[ni.number - 1] = 543;
+| 
+|   // work around unused variable warnings
+|   return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
+| 	  || dynamic_array[ni.number - 1] != 543);
+| 
+|   ;
+|   return 0;
+| }
+configure:3597: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+configure:3604: $? = 0
+configure:3634: result: -std=gnu99
+configure:3647: checking build system type
+configure:3665: result: x86_64-unknown-linux-gnu
+configure:3687: checking host system type
+configure:3702: result: x86_64-unknown-linux-gnu
+configure:3738: checking for struct sockaddr.sa_len
+configure:3770: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:12: error: 'struct sockaddr' has no member named 'sa_len'
+ if (ac_aggr.sa_len)
+            ^
+configure:3777: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <sys/socket.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr ac_aggr;
+| if (ac_aggr.sa_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3814: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:19: error: 'struct sockaddr' has no member named 'sa_len'
+ if (sizeof ac_aggr.sa_len)
+                   ^
+configure:3821: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <sys/socket.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr ac_aggr;
+| if (sizeof ac_aggr.sa_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3839: result: no
+configure:3850: checking for struct sockaddr_in.sin_len
+configure:3882: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:12: error: 'struct sockaddr_in' has no member named 'sin_len'
+ if (ac_aggr.sin_len)
+            ^
+configure:3889: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <netinet/in.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr_in ac_aggr;
+| if (ac_aggr.sin_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3926: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:19: error: 'struct sockaddr_in' has no member named 'sin_len'
+ if (sizeof ac_aggr.sin_len)
+                   ^
+configure:3933: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <netinet/in.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr_in ac_aggr;
+| if (sizeof ac_aggr.sin_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3951: result: no
+configure:4089: creating ./config.status
+
+## ---------------------- ##
+## Running config.status. ##
+## ---------------------- ##
+
+This file was extended by igmpproxy config.status 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = 
+  CONFIG_HEADERS  = 
+  CONFIG_LINKS    = 
+  CONFIG_COMMANDS = 
+  $ ./config.status 
+
+on gw-akb
+
+config.status:776: creating Makefile
+config.status:776: creating doc/Makefile
+config.status:776: creating src/Makefile
+config.status:776: creating doc/igmpproxy.8
+config.status:776: creating doc/igmpproxy.conf.5
+config.status:776: creating config.h
+config.status:1062: linking src/os-linux.h to src/os.h
+config.status:1085: executing depfiles commands
+
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+
+ac_cv_build=x86_64-unknown-linux-gnu
+ac_cv_c_compiler_gnu=yes
+ac_cv_env_CC_set=
+ac_cv_env_CC_value=
+ac_cv_env_CFLAGS_set=
+ac_cv_env_CFLAGS_value=
+ac_cv_env_CPPFLAGS_set=
+ac_cv_env_CPPFLAGS_value=
+ac_cv_env_LDFLAGS_set=
+ac_cv_env_LDFLAGS_value=
+ac_cv_env_LIBS_set=
+ac_cv_env_LIBS_value=
+ac_cv_env_build_alias_set=
+ac_cv_env_build_alias_value=
+ac_cv_env_host_alias_set=
+ac_cv_env_host_alias_value=
+ac_cv_env_target_alias_set=
+ac_cv_env_target_alias_value=
+ac_cv_host=x86_64-unknown-linux-gnu
+ac_cv_member_struct_sockaddr_in_sin_len=no
+ac_cv_member_struct_sockaddr_sa_len=no
+ac_cv_objext=o
+ac_cv_path_install='/usr/bin/install -c'
+ac_cv_path_mkdir=/bin/mkdir
+ac_cv_prog_AWK=gawk
+ac_cv_prog_ac_ct_CC=gcc
+ac_cv_prog_cc_c89=
+ac_cv_prog_cc_c99=-std=gnu99
+ac_cv_prog_cc_g=yes
+ac_cv_prog_make_make_set=yes
+am_cv_CC_dependencies_compiler_type=gcc3
+
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+
+ACLOCAL='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run aclocal-1.11'
+AMDEPBACKSLASH='\'
+AMDEP_FALSE='#'
+AMDEP_TRUE=''
+AMTAR='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run tar'
+AUTOCONF='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoconf'
+AUTOHEADER='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoheader'
+AUTOMAKE='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run automake-1.11'
+AWK='gawk'
+CC='gcc -std=gnu99'
+CCDEPMODE='depmode=gcc3'
+CFLAGS='-g -O2'
+CPPFLAGS=''
+CYGPATH_W='echo'
+DEFS='-DHAVE_CONFIG_H'
+DEPDIR='.deps'
+ECHO_C=''
+ECHO_N='-n'
+ECHO_T=''
+EXEEXT=''
+INSTALL_DATA='${INSTALL} -m 644'
+INSTALL_PROGRAM='${INSTALL}'
+INSTALL_SCRIPT='${INSTALL}'
+INSTALL_STRIP_PROGRAM='$(install_sh) -c -s'
+LDFLAGS=''
+LIBOBJS=''
+LIBS=''
+LTLIBOBJS=''
+MAKEINFO='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run makeinfo'
+MKDIR_P='/bin/mkdir -p'
+OBJEXT='o'
+PACKAGE='igmpproxy'
+PACKAGE_BUGREPORT=''
+PACKAGE_NAME='igmpproxy'
+PACKAGE_STRING='igmpproxy 0.1'
+PACKAGE_TARNAME='igmpproxy'
+PACKAGE_VERSION='0.1'
+PATH_SEPARATOR=':'
+SET_MAKE=''
+SHELL='/bin/sh'
+STRIP=''
+VERSION='0.1'
+ac_ct_CC='gcc'
+am__EXEEXT_FALSE=''
+am__EXEEXT_TRUE='#'
+am__fastdepCC_FALSE='#'
+am__fastdepCC_TRUE=''
+am__include='include'
+am__isrc=''
+am__leading_dot='.'
+am__quote=''
+am__tar='${AMTAR} chof - "$$tardir"'
+am__untar='${AMTAR} xf -'
+bindir='${exec_prefix}/bin'
+build='x86_64-unknown-linux-gnu'
+build_alias=''
+build_cpu='x86_64'
+build_os='linux-gnu'
+build_vendor='unknown'
+datadir='${datarootdir}'
+datarootdir='${prefix}/share'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+dvidir='${docdir}'
+exec_prefix='${prefix}'
+host='x86_64-unknown-linux-gnu'
+host_alias=''
+host_cpu='x86_64'
+host_os='linux-gnu'
+host_vendor='unknown'
+htmldir='${docdir}'
+includedir='${prefix}/include'
+infodir='${datarootdir}/info'
+install_sh='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/install-sh'
+libdir='${exec_prefix}/lib'
+libexecdir='${exec_prefix}/libexec'
+localedir='${datarootdir}/locale'
+localstatedir='${prefix}/var'
+mandir='${datarootdir}/man'
+mkdir_p='/bin/mkdir -p'
+oldincludedir='/usr/include'
+pdfdir='${docdir}'
+prefix='/usr/local/igmpproxy-0.1'
+program_transform_name='s,x,x,'
+psdir='${docdir}'
+sbindir='${exec_prefix}/sbin'
+sharedstatedir='${prefix}/com'
+sysconfdir='${prefix}/etc'
+target_alias=''
+
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+
+#define PACKAGE_NAME "igmpproxy"
+#define PACKAGE_TARNAME "igmpproxy"
+#define PACKAGE_VERSION "0.1"
+#define PACKAGE_STRING "igmpproxy 0.1"
+#define PACKAGE_BUGREPORT ""
+#define PACKAGE "igmpproxy"
+#define VERSION "0.1"
+
+configure: exit 0
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/config.status b/AKB/src/igmpproxy/igmpproxy-0.1/config.status
new file mode 100755
index 0000000..c7108d9
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/config.status
@@ -0,0 +1,1232 @@
+#! /bin/sh
+# Generated by configure.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=${CONFIG_SHELL-/bin/sh}
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+
+# Save the log message, to keep $[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+# Files that config.status was made for.
+config_files=" Makefile doc/Makefile src/Makefile doc/igmpproxy.8 doc/igmpproxy.conf.5"
+config_headers=" config.h"
+config_links=" src/os.h:src/os-linux.h"
+config_commands=" depfiles"
+
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTION]... [FILE]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration links:
+$config_links
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-autoconf@gnu.org>."
+
+ac_cs_version="\
+igmpproxy config.status 0.1
+configured by ./configure, generated by GNU Autoconf 2.63,
+  with options \"'--prefix=/usr/local/igmpproxy-0.1'\"
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='/usr/local/src/igmpproxy/igmpproxy-0.1'
+srcdir='.'
+INSTALL='/usr/bin/install -c'
+MKDIR_P='/bin/mkdir -p'
+AWK='gawk'
+test -n "$AWK" || AWK=awk
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_FILES="$CONFIG_FILES '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_HEADERS="$CONFIG_HEADERS '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    { $as_echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; };;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) { $as_echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; } ;;
+
+  *) ac_config_targets="$ac_config_targets $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+if $ac_cs_recheck; then
+  set X '/bin/sh' './configure'  '--prefix=/usr/local/igmpproxy-0.1' $ac_configure_extra_args --no-create --no-recursion
+  shift
+  $as_echo "running CONFIG_SHELL=/bin/sh $*" >&6
+  CONFIG_SHELL='/bin/sh'
+  export CONFIG_SHELL
+  exec "$@"
+fi
+
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="" ac_aux_dir="."
+
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+    "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+    "src/os.h") CONFIG_LINKS="$CONFIG_LINKS src/os.h:src/os-${os}.h" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+    "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+    "doc/igmpproxy.8") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.8" ;;
+    "doc/igmpproxy.conf.5") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.conf.5" ;;
+
+  *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_LINKS+set}" = set || CONFIG_LINKS=$config_links
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp=
+  trap 'exit_status=$?
+  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+  trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} ||
+{
+   $as_echo "$as_me: cannot create a temporary directory in ." >&2
+   { (exit 1); exit 1; }
+}
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr='
'
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+cat >>"$tmp/subs1.awk" <<\_ACAWK &&
+S["am__EXEEXT_FALSE"]=""
+S["am__EXEEXT_TRUE"]="#"
+S["LTLIBOBJS"]=""
+S["LIBOBJS"]=""
+S["host_os"]="linux-gnu"
+S["host_vendor"]="unknown"
+S["host_cpu"]="x86_64"
+S["host"]="x86_64-unknown-linux-gnu"
+S["build_os"]="linux-gnu"
+S["build_vendor"]="unknown"
+S["build_cpu"]="x86_64"
+S["build"]="x86_64-unknown-linux-gnu"
+S["am__fastdepCC_FALSE"]="#"
+S["am__fastdepCC_TRUE"]=""
+S["CCDEPMODE"]="depmode=gcc3"
+S["AMDEPBACKSLASH"]="\\"
+S["AMDEP_FALSE"]="#"
+S["AMDEP_TRUE"]=""
+S["am__quote"]=""
+S["am__include"]="include"
+S["DEPDIR"]=".deps"
+S["OBJEXT"]="o"
+S["EXEEXT"]=""
+S["ac_ct_CC"]="gcc"
+S["CPPFLAGS"]=""
+S["LDFLAGS"]=""
+S["CFLAGS"]="-g -O2"
+S["CC"]="gcc -std=gnu99"
+S["am__untar"]="${AMTAR} xf -"
+S["am__tar"]="${AMTAR} chof - \"$$tardir\""
+S["AMTAR"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run tar"
+S["am__leading_dot"]="."
+S["SET_MAKE"]=""
+S["AWK"]="gawk"
+S["mkdir_p"]="/bin/mkdir -p"
+S["MKDIR_P"]="/bin/mkdir -p"
+S["INSTALL_STRIP_PROGRAM"]="$(install_sh) -c -s"
+S["STRIP"]=""
+S["install_sh"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/install-sh"
+S["MAKEINFO"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run makeinfo"
+S["AUTOHEADER"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoheader"
+S["AUTOMAKE"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run automake-1.11"
+S["AUTOCONF"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoconf"
+S["ACLOCAL"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run aclocal-1.11"
+S["VERSION"]="0.1"
+S["PACKAGE"]="igmpproxy"
+S["CYGPATH_W"]="echo"
+S["am__isrc"]=""
+S["INSTALL_DATA"]="${INSTALL} -m 644"
+S["INSTALL_SCRIPT"]="${INSTALL}"
+S["INSTALL_PROGRAM"]="${INSTALL}"
+S["target_alias"]=""
+S["host_alias"]=""
+S["build_alias"]=""
+S["LIBS"]=""
+S["ECHO_T"]=""
+S["ECHO_N"]="-n"
+S["ECHO_C"]=""
+S["DEFS"]="-DHAVE_CONFIG_H"
+S["mandir"]="${datarootdir}/man"
+S["localedir"]="${datarootdir}/locale"
+S["libdir"]="${exec_prefix}/lib"
+S["psdir"]="${docdir}"
+S["pdfdir"]="${docdir}"
+S["dvidir"]="${docdir}"
+S["htmldir"]="${docdir}"
+S["infodir"]="${datarootdir}/info"
+S["docdir"]="${datarootdir}/doc/${PACKAGE_TARNAME}"
+S["oldincludedir"]="/usr/include"
+S["includedir"]="${prefix}/include"
+S["localstatedir"]="${prefix}/var"
+S["sharedstatedir"]="${prefix}/com"
+S["sysconfdir"]="${prefix}/etc"
+S["datadir"]="${datarootdir}"
+S["datarootdir"]="${prefix}/share"
+S["libexecdir"]="${exec_prefix}/libexec"
+S["sbindir"]="${exec_prefix}/sbin"
+S["bindir"]="${exec_prefix}/bin"
+S["program_transform_name"]="s,x,x,"
+S["prefix"]="/usr/local/igmpproxy-0.1"
+S["exec_prefix"]="${prefix}"
+S["PACKAGE_BUGREPORT"]=""
+S["PACKAGE_STRING"]="igmpproxy 0.1"
+S["PACKAGE_VERSION"]="0.1"
+S["PACKAGE_TARNAME"]="igmpproxy"
+S["PACKAGE_NAME"]="igmpproxy"
+S["PATH_SEPARATOR"]=":"
+S["SHELL"]="/bin/sh"
+_ACAWK
+cat >>"$tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+  || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5
+$as_echo "$as_me: error: could not setup config files machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+D["PACKAGE_NAME"]=" \"igmpproxy\""
+D["PACKAGE_TARNAME"]=" \"igmpproxy\""
+D["PACKAGE_VERSION"]=" \"0.1\""
+D["PACKAGE_STRING"]=" \"igmpproxy 0.1\""
+D["PACKAGE_BUGREPORT"]=" \"\""
+D["PACKAGE"]=" \"igmpproxy\""
+D["VERSION"]=" \"0.1\""
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+[_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ][_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]*([\t (]|$)/ {
+  line = $ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+  { { $as_echo "$as_me:$LINENO: error: could not setup config headers machinery" >&5
+$as_echo "$as_me: error: could not setup config headers machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS  :L $CONFIG_LINKS  :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: invalid tag $ac_tag" >&5
+$as_echo "$as_me: error: invalid tag $ac_tag" >&2;}
+   { (exit 1); exit 1; }; };;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
+$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;}
+   { (exit 1); exit 1; }; };;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      ac_file_inputs="$ac_file_inputs '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:$LINENO: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$tmp/stdin" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; } ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  { as_dir="$ac_dir"
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+  ac_MKDIR_P=$MKDIR_P
+  case $MKDIR_P in
+  [\\/$]* | ?:[\\/]* ) ;;
+  */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+  esac
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p
+'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+  ac_datarootdir_hack='
+  s&@datadir@&${datarootdir}&g
+  s&@docdir@&${datarootdir}/doc/${PACKAGE_TARNAME}&g
+  s&@infodir@&${datarootdir}/info&g
+  s&@localedir@&${datarootdir}/locale&g
+  s&@mandir@&${datarootdir}/man&g
+    s&\${datarootdir}&${prefix}/share&g' ;;
+esac
+ac_sed_extra="/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[	 ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[	 ]*$//
+}
+
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&2;}
+
+  rm -f "$tmp/stdin"
+  case $ac_file in
+  -) cat "$tmp/out" && rm -f "$tmp/out";;
+  *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+  esac \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+    } >"$tmp/config.h" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$tmp/config.h" "$ac_file" \
+	|| { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create -" >&5
+$as_echo "$as_me: error: could not create -" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$_am_arg" : 'X\(//\)[^/]' \| \
+	 X"$_am_arg" : 'X\(//\)$' \| \
+	 X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+  :L)
+  #
+  # CONFIG_LINK
+  #
+
+  if test "$ac_source" = "$ac_file" && test "$srcdir" = '.'; then
+    :
+  else
+    # Prefer the file from the source tree if names are identical.
+    if test "$ac_source" = "$ac_file" || test ! -r "$ac_source"; then
+      ac_source=$srcdir/$ac_source
+    fi
+
+    { $as_echo "$as_me:$LINENO: linking $ac_source to $ac_file" >&5
+$as_echo "$as_me: linking $ac_source to $ac_file" >&6;}
+
+    if test ! -r "$ac_source"; then
+      { { $as_echo "$as_me:$LINENO: error: $ac_source: file not found" >&5
+$as_echo "$as_me: error: $ac_source: file not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    rm -f "$ac_file"
+
+    # Try a relative symlink, then a hard link, then a copy.
+    case $srcdir in
+    [\\/$]* | ?:[\\/]* ) ac_rel_source=$ac_source ;;
+	*) ac_rel_source=$ac_top_build_prefix$ac_source ;;
+    esac
+    ln -s "$ac_rel_source" "$ac_file" 2>/dev/null ||
+      ln "$ac_source" "$ac_file" 2>/dev/null ||
+      cp -p "$ac_source" "$ac_file" ||
+      { { $as_echo "$as_me:$LINENO: error: cannot link or copy $ac_source to $ac_file" >&5
+$as_echo "$as_me: error: cannot link or copy $ac_source to $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+ ;;
+  :C)  { $as_echo "$as_me:$LINENO: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
+
+
+  case $ac_file$ac_mode in
+    "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$mf" : 'X\(//\)[^/]' \| \
+	 X"$mf" : 'X\(//\)$' \| \
+	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$file" : 'X\(//\)[^/]' \| \
+	 X"$file" : 'X\(//\)$' \| \
+	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      { as_dir=$dirpart/$fdir
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+ ;;
+
+  esac
+done # for ac_tag
+
+
+{ (exit 0); exit 0; }
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/config.sub b/AKB/src/igmpproxy/igmpproxy-0.1/config.sub
new file mode 100755
index 0000000..3243784
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/config.sub
@@ -0,0 +1,1717 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-08-19'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>.  Submit a context
+# diff and a properly formatted GNU ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  kopensolaris*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray | -microblaze)
+		os=
+		basic_machine=$1
+		;;
+        -bluegene*)
+	        os=-cnk
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx | dvp \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| lm32 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep | metag \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64octeon | mips64octeonel \
+	| mips64orion | mips64orionel \
+	| mips64r5900 | mips64r5900el \
+	| mips64vr | mips64vrel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| moxie \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k | z80)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| lm32-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64octeon-* | mips64octeonel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64r5900-* | mips64r5900el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa*-* \
+	| ymp-* \
+	| z8k-* | z80-*)
+		;;
+	# Recognize the basic CPU types without company name, with glob match.
+	xtensa*)
+		basic_machine=$basic_machine-unknown
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aros)
+		basic_machine=i386-pc
+		os=-aros
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	blackfin)
+		basic_machine=bfin-unknown
+		os=-linux
+		;;
+	blackfin-*)
+		basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	bluegene*)
+		basic_machine=powerpc-ibm
+		os=-cnk
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+        cegcc)
+		basic_machine=arm-unknown
+		os=-cegcc
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16)
+		basic_machine=cr16-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	dicos)
+		basic_machine=i686-pc
+		os=-dicos
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m68knommu)
+		basic_machine=m68k-unknown
+		os=-linux
+		;;
+	m68knommu-*)
+		basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+        microblaze)
+		basic_machine=microblaze-xilinx
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mipsEE* | ee | ps2)
+		basic_machine=mips64r5900el-scei
+		case $os in
+		    -linux*)
+			;;
+		    *)
+			os=-elf
+			;;
+		esac
+		;;
+	iop)
+		basic_machine=mipsel-scei
+		os=-irx
+		;;
+	dvp)
+		basic_machine=dvp-scei
+		os=-elf
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	parisc)
+		basic_machine=hppa-unknown
+		os=-linux
+		;;
+	parisc-*)
+		basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tile*)
+		basic_machine=tile-unknown
+		os=-linux-gnu
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	z80-*-coff)
+		basic_machine=z80-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -kopensolaris* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* | -aros* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* | -cegcc* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -irx*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-dicos*)
+		os=-dicos
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-cnk*|-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/configure b/AKB/src/igmpproxy/igmpproxy-0.1/configure
new file mode 100755
index 0000000..1314ebf
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/configure
@@ -0,0 +1,5469 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.63 for igmpproxy 0.1.
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+if test "x$CONFIG_SHELL" = x; then
+  if (eval ":") 2>/dev/null; then
+  as_have_required=yes
+else
+  as_have_required=no
+fi
+
+  if test $as_have_required = yes &&	 (eval ":
+(as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0) || { (exit 1); exit 1; }
+
+(
+  as_lineno_1=\$LINENO
+  as_lineno_2=\$LINENO
+  test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" &&
+  test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; }
+") 2> /dev/null; then
+  :
+else
+  as_candidate_shells=
+    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  case $as_dir in
+	 /*)
+	   for as_base in sh bash ksh sh5; do
+	     as_candidate_shells="$as_candidate_shells $as_dir/$as_base"
+	   done;;
+       esac
+done
+IFS=$as_save_IFS
+
+
+      for as_shell in $as_candidate_shells $SHELL; do
+	 # Try only shells that exist, to save several forks.
+	 if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		{ ("$as_shell") 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+_ASEOF
+}; then
+  CONFIG_SHELL=$as_shell
+	       as_have_required=yes
+	       if { "$as_shell" 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+(as_func_return () {
+  (exit $1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = "$1" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test $exitcode = 0) || { (exit 1); exit 1; }
+
+(
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; }
+
+_ASEOF
+}; then
+  break
+fi
+
+fi
+
+      done
+
+      if test "x$CONFIG_SHELL" != x; then
+  for as_var in BASH_ENV ENV
+	do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+	done
+	export CONFIG_SHELL
+	exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+fi
+
+
+    if test $as_have_required = no; then
+  echo This script requires a shell more modern than all the
+      echo shells that I found on your system.  Please install a
+      echo modern shell, or manually run the script under such a
+      echo shell if you do have one.
+      { (exit 1); exit 1; }
+fi
+
+
+fi
+
+fi
+
+
+
+(eval "as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0") || {
+  echo No shell found that supports shell functions.
+  echo Please tell bug-autoconf@gnu.org about your system,
+  echo including any error possibly output before this message.
+  echo This can help us improve future autoconf versions.
+  echo Configuration will now proceed without shell functions.
+}
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+
+exec 7<&0 </dev/null 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+# Identity of this package.
+PACKAGE_NAME='igmpproxy'
+PACKAGE_TARNAME='igmpproxy'
+PACKAGE_VERSION='0.1'
+PACKAGE_STRING='igmpproxy 0.1'
+PACKAGE_BUGREPORT=''
+
+ac_unique_file="src/igmpproxy.c"
+ac_subst_vars='am__EXEEXT_FALSE
+am__EXEEXT_TRUE
+LTLIBOBJS
+LIBOBJS
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+am__fastdepCC_FALSE
+am__fastdepCC_TRUE
+CCDEPMODE
+AMDEPBACKSLASH
+AMDEP_FALSE
+AMDEP_TRUE
+am__quote
+am__include
+DEPDIR
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+am__untar
+am__tar
+AMTAR
+am__leading_dot
+SET_MAKE
+AWK
+mkdir_p
+MKDIR_P
+INSTALL_STRIP_PROGRAM
+STRIP
+install_sh
+MAKEINFO
+AUTOHEADER
+AUTOMAKE
+AUTOCONF
+ACLOCAL
+VERSION
+PACKAGE
+CYGPATH_W
+am__isrc
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_dependency_tracking
+'
+      ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval $ac_prev=\$ac_option
+    ac_prev=
+    continue
+  fi
+
+  case $ac_option in
+  *=*)	ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *)	ac_optarg=yes ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
+    datadir=$ac_optarg ;;
+
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=no ;;
+
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
+  -enable-* | --enable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=\$ac_optarg ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst | --locals)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=\$ac_optarg ;;
+
+  -without-* | --without-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=no ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) { $as_echo "$as_me: error: unrecognized option: $ac_option
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; }
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid variable name: $ac_envvar" >&2
+   { (exit 1); exit 1; }; }
+    eval $ac_envvar=\$ac_optarg
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  { $as_echo "$as_me: error: missing argument to $ac_option" >&2
+   { (exit 1); exit 1; }; }
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+  case $enable_option_checking in
+    no) ;;
+    fatal) { $as_echo "$as_me: error: unrecognized options: $ac_unrecognized_opts" >&2
+   { (exit 1); exit 1; }; } ;;
+    *)     $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+  esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir
+do
+  eval ac_val=\$$ac_var
+  # Remove trailing slashes.
+  case $ac_val in
+    */ )
+      ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+      eval $ac_var=\$ac_val;;
+  esac
+  # Be sure to have absolute directory names.
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+  esac
+  { $as_echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+   { (exit 1); exit 1; }; }
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+    $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
+    If a cross compiler is detected then cross compile mode will be used." >&2
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  { $as_echo "$as_me: error: working directory cannot be determined" >&2
+   { (exit 1); exit 1; }; }
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  { $as_echo "$as_me: error: pwd does not report name of working directory" >&2
+   { (exit 1); exit 1; }; }
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_myself" : 'X\(//\)[^/]' \| \
+	 X"$as_myself" : 'X\(//\)$' \| \
+	 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r "$srcdir/$ac_unique_file"; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  { $as_echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
+   { (exit 1); exit 1; }; }
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || { $as_echo "$as_me: error: $ac_msg" >&2
+   { (exit 1); exit 1; }; }
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures igmpproxy 0.1 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR            user executables [EPREFIX/bin]
+  --sbindir=DIR           system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR        program executables [EPREFIX/libexec]
+  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --libdir=DIR            object code libraries [EPREFIX/lib]
+  --includedir=DIR        C header files [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR           info documentation [DATAROOTDIR/info]
+  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR            man documentation [DATAROOTDIR/man]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/igmpproxy]
+  --htmldir=DIR           html documentation [DOCDIR]
+  --dvidir=DIR            dvi documentation [DOCDIR]
+  --pdfdir=DIR            pdf documentation [DOCDIR]
+  --psdir=DIR             ps documentation [DOCDIR]
+_ACEOF
+
+  cat <<\_ACEOF
+
+Program names:
+  --program-prefix=PREFIX            prepend PREFIX to installed program names
+  --program-suffix=SUFFIX            append SUFFIX to installed program names
+  --program-transform-name=PROGRAM   run sed PROGRAM on installed program names
+
+System types:
+  --build=BUILD     configure for building on BUILD [guessed]
+  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of igmpproxy 0.1:";;
+   esac
+  cat <<\_ACEOF
+
+Optional Features:
+  --disable-option-checking  ignore unrecognized --enable/--with options
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors
+
+Some influential environment variables:
+  CC          C compiler command
+  CFLAGS      C compiler flags
+  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
+              nonstandard directory <lib dir>
+  LIBS        libraries to pass to the linker, e.g. -l<library>
+  CPPFLAGS    C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
+              you have headers in a nonstandard directory <include dir>
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" ||
+      { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+      continue
+    ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+  cat <<\_ACEOF
+igmpproxy configure 0.1
+generated by GNU Autoconf 2.63
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+  exit
+fi
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  $as_echo "PATH: $as_dir"
+done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *\'*)
+      ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
+    2)
+      ac_configure_args1="$ac_configure_args1 '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      ac_configure_args="$ac_configure_args '$ac_arg'"
+      ;;
+    esac
+  done
+done
+$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
+$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    cat <<\_ASBOX
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+_ASBOX
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) $as_unset $ac_var ;;
+      esac ;;
+    esac
+  done
+  (set) 2>&1 |
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      sed -n \
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
+    *)
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+)
+    echo
+
+    cat <<\_ASBOX
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+_ASBOX
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      $as_echo "$ac_var='\''$ac_val'\''"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      cat <<\_ASBOX
+## ------------------- ##
+## File substitutions. ##
+## ------------------- ##
+_ASBOX
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	$as_echo "$ac_var='\''$ac_val'\''"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      cat <<\_ASBOX
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+_ASBOX
+      echo
+      cat confdefs.h
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      $as_echo "$as_me: caught signal $ac_signal"
+    $as_echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+  ac_site_file1=$CONFIG_SITE
+elif test "x$prefix" != xNONE; then
+  ac_site_file1=$prefix/share/config.site
+  ac_site_file2=$prefix/etc/config.site
+else
+  ac_site_file1=$ac_default_prefix/share/config.site
+  ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+  test "x$ac_site_file" = xNONE && continue
+  if test -r "$ac_site_file"; then
+    { $as_echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file"
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special
+  # files actually), so we avoid doing that.
+  if test -f "$cache_file"; then
+    { $as_echo "$as_me:$LINENO: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . "$cache_file";;
+      *)                      . "./$cache_file";;
+    esac
+  fi
+else
+  { $as_echo "$as_me:$LINENO: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { $as_echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { $as_echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	# differences in whitespace do not lead to failure.
+	ac_old_val_w=`echo x $ac_old_val`
+	ac_new_val_w=`echo x $ac_new_val`
+	if test "$ac_old_val_w" != "$ac_new_val_w"; then
+	  { $as_echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	  ac_cache_corrupted=:
+	else
+	  { $as_echo "$as_me:$LINENO: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+	  eval $ac_var=\$ac_old_val
+	fi
+	{ $as_echo "$as_me:$LINENO:   former value:  \`$ac_old_val'" >&5
+$as_echo "$as_me:   former value:  \`$ac_old_val'" >&2;}
+	{ $as_echo "$as_me:$LINENO:   current value: \`$ac_new_val'" >&5
+$as_echo "$as_me:   current value: \`$ac_new_val'" >&2;}
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+  { $as_echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  { { $as_echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
+$as_echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+am__api_version='1.11'
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+  if test -f "$ac_dir/install-sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install-sh -c"
+    break
+  elif test -f "$ac_dir/install.sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install.sh -c"
+    break
+  elif test -f "$ac_dir/shtool"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/shtool install -c"
+    break
+  fi
+done
+if test -z "$ac_aux_dir"; then
+  { { $as_echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5
+$as_echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"  # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"  # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
+
+
+# Find a good install program.  We prefer a C program (faster),
+# so one script is as good as another.  But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if test "${ac_cv_path_install+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in
+  ./ | .// | /cC/* | \
+  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+  ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
+  /usr/ucb/* ) ;;
+  *)
+    # OSF1 and SCO ODT 3.0 have their own names for install.
+    # Don't use installbsd from OSF since it installs stuff as root
+    # by default.
+    for ac_prog in ginstall scoinst install; do
+      for ac_exec_ext in '' $ac_executable_extensions; do
+	if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+	  if test $ac_prog = install &&
+	    grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # AIX install.  It has an incompatible calling convention.
+	    :
+	  elif test $ac_prog = install &&
+	    grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # program-specific install script used by HP pwplus--don't use.
+	    :
+	  else
+	    rm -rf conftest.one conftest.two conftest.dir
+	    echo one > conftest.one
+	    echo two > conftest.two
+	    mkdir conftest.dir
+	    if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+	      test -s conftest.one && test -s conftest.two &&
+	      test -s conftest.dir/conftest.one &&
+	      test -s conftest.dir/conftest.two
+	    then
+	      ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+	      break 3
+	    fi
+	  fi
+	fi
+      done
+    done
+    ;;
+esac
+
+done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+  if test "${ac_cv_path_install+set}" = set; then
+    INSTALL=$ac_cv_path_install
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for INSTALL within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    INSTALL=$ac_install_sh
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ $as_echo "$as_me:$LINENO: checking whether build environment is sane" >&5
+$as_echo_n "checking whether build environment is sane... " >&6; }
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[\\\"\#\$\&\'\`$am_lf]*)
+    { { $as_echo "$as_me:$LINENO: error: unsafe absolute working directory name" >&5
+$as_echo "$as_me: error: unsafe absolute working directory name" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+case $srcdir in
+  *[\\\"\#\$\&\'\`$am_lf\ \	]*)
+    { { $as_echo "$as_me:$LINENO: error: unsafe srcdir value: \`$srcdir'" >&5
+$as_echo "$as_me: error: unsafe srcdir value: \`$srcdir'" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+   if test "$*" = "X"; then
+      # -L didn't work.
+      set X `ls -t "$srcdir/configure" conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$*" != "X $srcdir/configure conftest.file" \
+      && test "$*" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      { { $as_echo "$as_me:$LINENO: error: ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" >&5
+$as_echo "$as_me: error: ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" >&2;}
+   { (exit 1); exit 1; }; }
+   fi
+
+   test "$2" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   { { $as_echo "$as_me:$LINENO: error: newly created file is older than distributed files!
+Check your system clock" >&5
+$as_echo "$as_me: error: newly created file is older than distributed files!
+Check your system clock" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+{ $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+test "$program_prefix" != NONE &&
+  program_transform_name="s&^&$program_prefix&;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+  program_transform_name="s&\$&$program_suffix&;$program_transform_name"
+# Double any \ or $.
+# By default was `s,x,x', remove it if useless.
+ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  { $as_echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5
+$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+if test x"${install_sh}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+  if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$STRIP"; then
+  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+  { $as_echo "$as_me:$LINENO: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+  ac_ct_STRIP=$STRIP
+  # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_STRIP"; then
+  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_STRIP="strip"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_STRIP" = x; then
+    STRIP=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    STRIP=$ac_ct_STRIP
+  fi
+else
+  STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+
+{ $as_echo "$as_me:$LINENO: checking for a thread-safe mkdir -p" >&5
+$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+if test -z "$MKDIR_P"; then
+  if test "${ac_cv_path_mkdir+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_prog in mkdir gmkdir; do
+	 for ac_exec_ext in '' $ac_executable_extensions; do
+	   { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
+	   case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
+	     'mkdir (GNU coreutils) '* | \
+	     'mkdir (coreutils) '* | \
+	     'mkdir (fileutils) '4.1*)
+	       ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+	       break 3;;
+	   esac
+	 done
+       done
+done
+IFS=$as_save_IFS
+
+fi
+
+  if test "${ac_cv_path_mkdir+set}" = set; then
+    MKDIR_P="$ac_cv_path_mkdir -p"
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for MKDIR_P within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    test -d ./--version && rmdir ./--version
+    MKDIR_P="$ac_install_sh -d"
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: $MKDIR_P" >&5
+$as_echo "$MKDIR_P" >&6; }
+
+mkdir_p="$MKDIR_P"
+case $mkdir_p in
+  [\\/$]* | ?:[\\/]*) ;;
+  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+
+for ac_prog in gawk mawk nawk awk
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AWK+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$AWK"; then
+  ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_AWK="$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+  { $as_echo "$as_me:$LINENO: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$AWK" && break
+done
+
+{ $as_echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+	@echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+  *@@@%%%=?*=@@@%%%*)
+    eval ac_cv_prog_make_${ac_make}_set=yes;;
+  *)
+    eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+  { $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+  SET_MAKE=
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+  SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  am__isrc=' -I$(srcdir)'
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    { { $as_echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5
+$as_echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE='igmpproxy'
+ VERSION='0.1'
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+# Always define AMTAR for backward compatibility.
+
+AMTAR=${AMTAR-"${am_missing_run}tar"}
+
+am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+
+
+
+
+
+
+ac_config_headers="$ac_config_headers config.h"
+
+DEPDIR="${am__leading_dot}deps"
+
+ac_config_commands="$ac_config_commands depfiles"
+
+
+am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+{ $as_echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5
+$as_echo_n "checking for style of include used by $am_make... " >&6; }
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+
+
+{ $as_echo "$as_me:$LINENO: result: $_am_result" >&5
+$as_echo "$_am_result" >&6; }
+rm -f confinc confmf
+
+# Check whether --enable-dependency-tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then
+  enableval=$enable_dependency_tracking;
+fi
+
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+ if test "x$enable_dependency_tracking" != xno; then
+  AMDEP_TRUE=
+  AMDEP_FALSE='#'
+else
+  AMDEP_TRUE='#'
+  AMDEP_FALSE=
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}gcc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="gcc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+          if test -n "$ac_tool_prefix"; then
+    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}cc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  fi
+fi
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+       ac_prog_rejected=yes
+       continue
+     fi
+    ac_cv_prog_CC="cc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# != 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+  fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in cl.exe
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$CC" && break
+  done
+fi
+if test -z "$CC"; then
+  ac_ct_CC=$CC
+  for ac_prog in cl.exe
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CC" && break
+done
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:$LINENO: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+{ (ac_try="$ac_compiler --version >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler --version >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (ac_try="$ac_compiler -v >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler -v >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (ac_try="$ac_compiler -V >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler -V >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+  esac
+done
+rm -f $ac_rmfiles
+
+if { (ac_try="$ac_link_default"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link_default") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile.  We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+	;;
+    [ab].out )
+	# We found the default executable, but exeext='' is most
+	# certainly right.
+	break;;
+    *.* )
+        if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+	then :; else
+	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	fi
+	# We set ac_cv_exeext here because the later test for it is not
+	# safe: cross compilers may not add the suffix if given an `-o'
+	# argument, so we may need to know it at that point already.
+	# Even if this section looks crufty: it has the advantage of
+	# actually working.
+	break;;
+    * )
+	break;;
+  esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+  ac_file=''
+fi
+
+{ $as_echo "$as_me:$LINENO: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+if test -z "$ac_file"; then
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: C compiler cannot create executables
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: C compiler cannot create executables
+See \`config.log' for more details." >&2;}
+   { (exit 77); exit 77; }; }; }
+fi
+
+ac_exeext=$ac_cv_exeext
+
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:$LINENO: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
+# If not cross compiling, check that we can run a simple program.
+if test "$cross_compiling" != yes; then
+  if { ac_try='./$ac_file'
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+    cross_compiling=no
+  else
+    if test "$cross_compiling" = maybe; then
+	cross_compiling=yes
+    else
+	{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+    fi
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+{ $as_echo "$as_me:$LINENO: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+{ $as_echo "$as_me:$LINENO: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	  break;;
+    * ) break;;
+  esac
+done
+else
+  { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+fi
+
+rm -f conftest$ac_cv_exeext
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+{ $as_echo "$as_me:$LINENO: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if test "${ac_cv_objext+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  for ac_file in conftest.o conftest.obj conftest.*; do
+  test -f "$ac_file" || continue;
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+       break;;
+  esac
+done
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+fi
+
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if test "${ac_cv_c_compiler_gnu+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_compiler_gnu=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_compiler_gnu=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+  GCC=yes
+else
+  GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if test "${ac_cv_prog_cc_g+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_save_c_werror_flag=$ac_c_werror_flag
+   ac_c_werror_flag=yes
+   ac_cv_prog_cc_g=no
+   CFLAGS="-g"
+   cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	CFLAGS=""
+      cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  :
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_c_werror_flag=$ac_save_c_werror_flag
+	 CFLAGS="-g"
+	 cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+     char **p;
+     int i;
+{
+  return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+  char *s;
+  va_list v;
+  va_start (v,p);
+  s = g (p, va_arg (v,int));
+  va_end (v);
+  return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
+   function prototypes and stuff, but not '\xHH' hex character constants.
+   These don't provoke an error unfortunately, instead are silently treated
+   as 'x'.  The following induces an error, until -std is added to get
+   proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
+   array size at least.  It's necessary to write '\x00'==0 to get something
+   that's true only with -std.  */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+   inside strings and character constants.  */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+	-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+  CC="$ac_save_CC $ac_arg"
+  rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_c89=$ac_arg
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+  x)
+    { $as_echo "$as_me:$LINENO: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:$LINENO: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c89"
+    { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CC"   am_compiler_list=
+
+{ $as_echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_CC_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+  fi
+  am__universal=false
+  case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_CC_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+ if
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+  am__fastdepCC_TRUE=
+  am__fastdepCC_FALSE='#'
+else
+  am__fastdepCC_TRUE='#'
+  am__fastdepCC_FALSE=
+fi
+
+
+   { $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C99" >&5
+$as_echo_n "checking for $CC option to accept ISO C99... " >&6; }
+if test "${ac_cv_prog_cc_c99+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c99=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <wchar.h>
+#include <stdio.h>
+
+// Check varargs macros.  These examples are taken from C99 6.10.3.5.
+#define debug(...) fprintf (stderr, __VA_ARGS__)
+#define showlist(...) puts (#__VA_ARGS__)
+#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+static void
+test_varargs_macros (void)
+{
+  int x = 1234;
+  int y = 5678;
+  debug ("Flag");
+  debug ("X = %d\n", x);
+  showlist (The first, second, and third items.);
+  report (x>y, "x is %d but y is %d", x, y);
+}
+
+// Check long long types.
+#define BIG64 18446744073709551615ull
+#define BIG32 4294967295ul
+#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+#if !BIG_OK
+  your preprocessor is broken;
+#endif
+#if BIG_OK
+#else
+  your preprocessor is broken;
+#endif
+static long long int bignum = -9223372036854775807LL;
+static unsigned long long int ubignum = BIG64;
+
+struct incomplete_array
+{
+  int datasize;
+  double data[];
+};
+
+struct named_init {
+  int number;
+  const wchar_t *name;
+  double average;
+};
+
+typedef const char *ccp;
+
+static inline int
+test_restrict (ccp restrict text)
+{
+  // See if C++-style comments work.
+  // Iterate through items via the restricted pointer.
+  // Also check for declarations in for loops.
+  for (unsigned int i = 0; *(text+i) != '\0'; ++i)
+    continue;
+  return 0;
+}
+
+// Check varargs and va_copy.
+static void
+test_varargs (const char *format, ...)
+{
+  va_list args;
+  va_start (args, format);
+  va_list args_copy;
+  va_copy (args_copy, args);
+
+  const char *str;
+  int number;
+  float fnumber;
+
+  while (*format)
+    {
+      switch (*format++)
+	{
+	case 's': // string
+	  str = va_arg (args_copy, const char *);
+	  break;
+	case 'd': // int
+	  number = va_arg (args_copy, int);
+	  break;
+	case 'f': // float
+	  fnumber = va_arg (args_copy, double);
+	  break;
+	default:
+	  break;
+	}
+    }
+  va_end (args_copy);
+  va_end (args);
+}
+
+int
+main ()
+{
+
+  // Check bool.
+  _Bool success = false;
+
+  // Check restrict.
+  if (test_restrict ("String literal") == 0)
+    success = true;
+  char *restrict newvar = "Another string";
+
+  // Check varargs.
+  test_varargs ("s, d' f .", "string", 65, 34.234);
+  test_varargs_macros ();
+
+  // Check flexible array members.
+  struct incomplete_array *ia =
+    malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+  ia->datasize = 10;
+  for (int i = 0; i < ia->datasize; ++i)
+    ia->data[i] = i * 1.234;
+
+  // Check named initializers.
+  struct named_init ni = {
+    .number = 34,
+    .name = L"Test wide string",
+    .average = 543.34343,
+  };
+
+  ni.number = 58;
+
+  int dynamic_array[ni.number];
+  dynamic_array[ni.number - 1] = 543;
+
+  // work around unused variable warnings
+  return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
+	  || dynamic_array[ni.number - 1] != 543);
+
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -xc99=all -qlanglvl=extc99
+do
+  CC="$ac_save_CC $ac_arg"
+  rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_c99=$ac_arg
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c99" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c99" in
+  x)
+    { $as_echo "$as_me:$LINENO: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:$LINENO: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c99"
+    { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c99" >&5
+$as_echo "$ac_cv_prog_cc_c99" >&6; } ;;
+esac
+
+
+
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+  { { $as_echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5
+$as_echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;}
+   { (exit 1); exit 1; }; }
+
+{ $as_echo "$as_me:$LINENO: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if test "${ac_cv_build+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+  ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+  { { $as_echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
+$as_echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
+   { (exit 1); exit 1; }; }
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+  { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5
+$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical build" >&5
+$as_echo "$as_me: error: invalid value of canonical build" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:$LINENO: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if test "${ac_cv_host+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test "x$host_alias" = x; then
+  ac_cv_host=$ac_cv_build
+else
+  ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+    { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5
+$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical host" >&5
+$as_echo "$as_me: error: invalid value of canonical host" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+case $host_os in
+	linux*) os=linux;;
+	freebsd*) os=freebsd;;
+	netbsd*) os=netbsd;;
+	openbsd*) os=openbsd;;
+	dragonfly*) os=dragonfly;;
+	*) { { $as_echo "$as_me:$LINENO: error: OS $host_os is not supported" >&5
+$as_echo "$as_me: error: OS $host_os is not supported" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+ac_config_links="$ac_config_links src/os.h:src/os-${os}.h"
+
+
+
+{ $as_echo "$as_me:$LINENO: checking for struct sockaddr.sa_len" >&5
+$as_echo_n "checking for struct sockaddr.sa_len... " >&6; }
+if test "${ac_cv_member_struct_sockaddr_sa_len+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+
+int
+main ()
+{
+static struct sockaddr ac_aggr;
+if (ac_aggr.sa_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_sa_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+
+int
+main ()
+{
+static struct sockaddr ac_aggr;
+if (sizeof ac_aggr.sa_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_sa_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_member_struct_sockaddr_sa_len=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_sa_len" >&5
+$as_echo "$ac_cv_member_struct_sockaddr_sa_len" >&6; }
+if test "x$ac_cv_member_struct_sockaddr_sa_len" = x""yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_SA_LEN 1
+_ACEOF
+
+
+fi
+
+{ $as_echo "$as_me:$LINENO: checking for struct sockaddr_in.sin_len" >&5
+$as_echo_n "checking for struct sockaddr_in.sin_len... " >&6; }
+if test "${ac_cv_member_struct_sockaddr_in_sin_len+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+
+int
+main ()
+{
+static struct sockaddr_in ac_aggr;
+if (ac_aggr.sin_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_in_sin_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+
+int
+main ()
+{
+static struct sockaddr_in ac_aggr;
+if (sizeof ac_aggr.sin_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_in_sin_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_member_struct_sockaddr_in_sin_len=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_in_sin_len" >&5
+$as_echo "$ac_cv_member_struct_sockaddr_in_sin_len" >&6; }
+if test "x$ac_cv_member_struct_sockaddr_in_sin_len" = x""yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_IN_SIN_LEN 1
+_ACEOF
+
+
+fi
+
+
+ac_config_files="$ac_config_files Makefile doc/Makefile src/Makefile doc/igmpproxy.8 doc/igmpproxy.conf.5"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+  for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) $as_unset $ac_var ;;
+      esac ;;
+    esac
+  done
+
+  (set) 2>&1 |
+    case $as_nl`(ac_space=' '; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      # `set' does not quote correctly, so add quotes (double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \).
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;; #(
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+) |
+  sed '
+     /^ac_cv_env_/b end
+     t clear
+     :clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+     t end
+     s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+  if test -w "$cache_file"; then
+    test "x$cache_file" != "x/dev/null" &&
+      { $as_echo "$as_me:$LINENO: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+    cat confcache >$cache_file
+  else
+    { $as_echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+  ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
+  #    will be set to the directory where LIBOBJS objects are built.
+  ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+  ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+ if test -n "$EXEEXT"; then
+  am__EXEEXT_TRUE=
+  am__EXEEXT_FALSE='#'
+else
+  am__EXEEXT_TRUE='#'
+  am__EXEEXT_FALSE=
+fi
+
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+  { { $as_echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+$as_echo "$as_me: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+  { { $as_echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+$as_echo "$as_me: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+: ${CONFIG_STATUS=./config.status}
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+cat >$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=\${CONFIG_SHELL-$SHELL}
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+
+# Save the log message, to keep $[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+config_links="$ac_config_links"
+config_commands="$ac_config_commands"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTION]... [FILE]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration links:
+$config_links
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-autoconf@gnu.org>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_version="\\
+igmpproxy config.status 0.1
+configured by $0, generated by GNU Autoconf 2.63,
+  with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+MKDIR_P='$MKDIR_P'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_FILES="$CONFIG_FILES '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_HEADERS="$CONFIG_HEADERS '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    { $as_echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; };;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) { $as_echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; } ;;
+
+  *) ac_config_targets="$ac_config_targets $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+  set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+  shift
+  \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+  CONFIG_SHELL='$SHELL'
+  export CONFIG_SHELL
+  exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+    "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+    "src/os.h") CONFIG_LINKS="$CONFIG_LINKS src/os.h:src/os-${os}.h" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+    "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+    "doc/igmpproxy.8") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.8" ;;
+    "doc/igmpproxy.conf.5") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.conf.5" ;;
+
+  *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_LINKS+set}" = set || CONFIG_LINKS=$config_links
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp=
+  trap 'exit_status=$?
+  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+  trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} ||
+{
+   $as_echo "$as_me: cannot create a temporary directory in ." >&2
+   { (exit 1); exit 1; }
+}
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr='
'
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+  echo "cat >conf$$subs.awk <<_ACEOF" &&
+  echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+  echo "_ACEOF"
+} >conf$$subs.sh ||
+  { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  . ./conf$$subs.sh ||
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+
+  ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+  if test $ac_delim_n = $ac_delim_num; then
+    break
+  elif $ac_last_try; then
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\).*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\).*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+  N
+  s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+  || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5
+$as_echo "$as_me: error: could not setup config files machinery" >&2;}
+   { (exit 1); exit 1; }; }
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove $(srcdir),
+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[	 ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[	 ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+  ac_t=`sed -n "/$ac_delim/p" confdefs.h`
+  if test -z "$ac_t"; then
+    break
+  elif $ac_last_try; then
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_HEADERS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_HEADERS" >&2;}
+   { (exit 1); exit 1; }; }
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any.  Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[	 ]*#[	 ]*define[	 ][	 ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+  line = \$ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+  { { $as_echo "$as_me:$LINENO: error: could not setup config headers machinery" >&5
+$as_echo "$as_me: error: could not setup config headers machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS  :L $CONFIG_LINKS  :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: invalid tag $ac_tag" >&5
+$as_echo "$as_me: error: invalid tag $ac_tag" >&2;}
+   { (exit 1); exit 1; }; };;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
+$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;}
+   { (exit 1); exit 1; }; };;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      ac_file_inputs="$ac_file_inputs '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:$LINENO: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$tmp/stdin" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; } ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  { as_dir="$ac_dir"
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+  ac_MKDIR_P=$MKDIR_P
+  case $MKDIR_P in
+  [\\/$]* | ?:[\\/]* ) ;;
+  */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+  esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p
+'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  ac_datarootdir_hack='
+  s&@datadir@&$datadir&g
+  s&@docdir@&$docdir&g
+  s&@infodir@&$infodir&g
+  s&@localedir@&$localedir&g
+  s&@mandir@&$mandir&g
+    s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&2;}
+
+  rm -f "$tmp/stdin"
+  case $ac_file in
+  -) cat "$tmp/out" && rm -f "$tmp/out";;
+  *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+  esac \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+    } >"$tmp/config.h" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$tmp/config.h" "$ac_file" \
+	|| { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create -" >&5
+$as_echo "$as_me: error: could not create -" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$_am_arg" : 'X\(//\)[^/]' \| \
+	 X"$_am_arg" : 'X\(//\)$' \| \
+	 X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+  :L)
+  #
+  # CONFIG_LINK
+  #
+
+  if test "$ac_source" = "$ac_file" && test "$srcdir" = '.'; then
+    :
+  else
+    # Prefer the file from the source tree if names are identical.
+    if test "$ac_source" = "$ac_file" || test ! -r "$ac_source"; then
+      ac_source=$srcdir/$ac_source
+    fi
+
+    { $as_echo "$as_me:$LINENO: linking $ac_source to $ac_file" >&5
+$as_echo "$as_me: linking $ac_source to $ac_file" >&6;}
+
+    if test ! -r "$ac_source"; then
+      { { $as_echo "$as_me:$LINENO: error: $ac_source: file not found" >&5
+$as_echo "$as_me: error: $ac_source: file not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    rm -f "$ac_file"
+
+    # Try a relative symlink, then a hard link, then a copy.
+    case $srcdir in
+    [\\/$]* | ?:[\\/]* ) ac_rel_source=$ac_source ;;
+	*) ac_rel_source=$ac_top_build_prefix$ac_source ;;
+    esac
+    ln -s "$ac_rel_source" "$ac_file" 2>/dev/null ||
+      ln "$ac_source" "$ac_file" 2>/dev/null ||
+      cp -p "$ac_source" "$ac_file" ||
+      { { $as_echo "$as_me:$LINENO: error: cannot link or copy $ac_source to $ac_file" >&5
+$as_echo "$as_me: error: cannot link or copy $ac_source to $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+ ;;
+  :C)  { $as_echo "$as_me:$LINENO: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
+
+
+  case $ac_file$ac_mode in
+    "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$mf" : 'X\(//\)[^/]' \| \
+	 X"$mf" : 'X\(//\)$' \| \
+	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$file" : 'X\(//\)[^/]' \| \
+	 X"$file" : 'X\(//\)$' \| \
+	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      { as_dir=$dirpart/$fdir
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+ ;;
+
+  esac
+done # for ac_tag
+
+
+{ (exit 0); exit 0; }
+_ACEOF
+chmod +x $CONFIG_STATUS
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+  { { $as_echo "$as_me:$LINENO: error: write failure creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: write failure creating $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || { (exit 1); exit 1; }
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+  { $as_echo "$as_me:$LINENO: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/configure.ac b/AKB/src/igmpproxy/igmpproxy-0.1/configure.ac
new file mode 100644
index 0000000..85beb08
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/configure.ac
@@ -0,0 +1,35 @@
+AC_PREREQ([2.63])
+AC_INIT([igmpproxy], [0.1])
+AM_INIT_AUTOMAKE
+AC_CONFIG_SRCDIR([src/igmpproxy.c])
+AC_CONFIG_HEADERS([config.h])
+AC_PROG_CC_C99
+
+AC_CANONICAL_HOST
+case $host_os in
+	linux*) os=linux;;
+	freebsd*) os=freebsd;;
+	netbsd*) os=netbsd;;
+	openbsd*) os=openbsd;;
+	dragonfly*) os=dragonfly;;
+	*) AC_MSG_ERROR([OS $host_os is not supported]);;
+esac
+AC_CONFIG_LINKS([src/os.h:src/os-${os}.h])
+
+AC_CHECK_MEMBERS([struct sockaddr.sa_len], [], [], [[
+#include <sys/types.h>
+#include <sys/socket.h>
+]])
+AC_CHECK_MEMBERS([struct sockaddr_in.sin_len], [], [], [[
+#include <sys/types.h>
+#include <netinet/in.h>
+]])
+
+AC_CONFIG_FILES([
+	Makefile
+	doc/Makefile
+	src/Makefile
+	doc/igmpproxy.8
+	doc/igmpproxy.conf.5
+])
+AC_OUTPUT
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/depcomp b/AKB/src/igmpproxy/igmpproxy-0.1/depcomp
new file mode 100755
index 0000000..df8eea7
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/depcomp
@@ -0,0 +1,630 @@
+#! /bin/sh
+# depcomp - compile a program generating dependencies as side-effects
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free
+# Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
+
+case $1 in
+  '')
+     echo "$0: No command.  Try \`$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: depcomp [--help] [--version] PROGRAM [ARGS]
+
+Run PROGRAMS ARGS to compile a file, generating dependencies
+as side-effects.
+
+Environment variables:
+  depmode     Dependency tracking mode.
+  source      Source file read by `PROGRAMS ARGS'.
+  object      Object file output by `PROGRAMS ARGS'.
+  DEPDIR      directory where to store dependencies.
+  depfile     Dependency file to output.
+  tmpdepfile  Temporary file to use when outputing dependencies.
+  libtool     Whether libtool is used (yes/no).
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "depcomp $scriptversion"
+    exit $?
+    ;;
+esac
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+  echo "depcomp: Variables source, object and depmode must be set" 1>&2
+  exit 1
+fi
+
+# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
+depfile=${depfile-`echo "$object" |
+  sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Some modes work just like other modes, but use different flags.  We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write.  Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+  # HP compiler uses -M and no extra arg.
+  gccflag=-M
+  depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+   # This is just like dashmstdout with a different argument.
+   dashmflag=-xM
+   depmode=dashmstdout
+fi
+
+cygpath_u="cygpath -u -f -"
+if test "$depmode" = msvcmsys; then
+   # This is just like msvisualcpp but w/o cygpath translation.
+   # Just convert the backslash-escaped backslashes to single forward
+   # slashes to satisfy depend.m4
+   cygpath_u="sed s,\\\\\\\\,/,g"
+   depmode=msvisualcpp
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want.  Yay!  Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff.  Hmm.
+## Unfortunately, FreeBSD c89 acceptance of flags depends upon
+## the command line argument order; so add the flags where they
+## appear in depend2.am.  Note that the slowdown incurred here
+## affects only configure: in makefiles, %FASTDEP% shortcuts this.
+  for arg
+  do
+    case $arg in
+    -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
+    *)  set fnord "$@" "$arg" ;;
+    esac
+    shift # fnord
+    shift # $arg
+  done
+  "$@"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  mv "$tmpdepfile" "$depfile"
+  ;;
+
+gcc)
+## There are various ways to get dependency output from gcc.  Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+##   up in a subdir.  Having to rename by hand is ugly.
+##   (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+##   -MM, not -M (despite what the docs say).
+## - Using -M directly means running the compiler twice (even worse
+##   than renaming).
+  if test -z "$gccflag"; then
+    gccflag=-MD,
+  fi
+  "$@" -Wp,"$gccflag$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+## The second -e expression handles DOS-style file names with drive letters.
+  sed -e 's/^[^:]*: / /' \
+      -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the `deleted header file' problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header).  We avoid this by adding
+## dummy dependencies for each header file.  Too bad gcc doesn't do
+## this for us directly.
+  tr ' ' '
+' < "$tmpdepfile" |
+## Some versions of gcc put a space before the `:'.  On the theory
+## that the space means something, we add a space to the output as
+## well.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+sgi)
+  if test "$libtool" = yes; then
+    "$@" "-Wp,-MDupdate,$tmpdepfile"
+  else
+    "$@" -MDupdate "$tmpdepfile"
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+
+  if test -f "$tmpdepfile"; then  # yes, the sourcefile depend on other files
+    echo "$object : \\" > "$depfile"
+
+    # Clip off the initial element (the dependent).  Don't try to be
+    # clever and replace this with sed code, as IRIX sed won't handle
+    # lines with more than a fixed number of characters (4096 in
+    # IRIX 6.2 sed, 8192 in IRIX 6.5).  We also remove comment lines;
+    # the IRIX cc adds comments like `#:fec' to the end of the
+    # dependency line.
+    tr ' ' '
+' < "$tmpdepfile" \
+    | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
+    tr '
+' ' ' >> "$depfile"
+    echo >> "$depfile"
+
+    # The second pass generates a dummy entry for each header file.
+    tr ' ' '
+' < "$tmpdepfile" \
+   | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+   >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+aix)
+  # The C for AIX Compiler uses -M and outputs the dependencies
+  # in a .u file.  In older versions, this file always lives in the
+  # current directory.  Also, the AIX compiler puts `$object:' at the
+  # start of each line; $object doesn't have directory information.
+  # Version 6 uses the directory in both cases.
+  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+  test "x$dir" = "x$object" && dir=
+  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$base.u
+    tmpdepfile3=$dir.libs/$base.u
+    "$@" -Wc,-M
+  else
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$dir$base.u
+    tmpdepfile3=$dir$base.u
+    "$@" -M
+  fi
+  stat=$?
+
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+    exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  if test -f "$tmpdepfile"; then
+    # Each line is of the form `foo.o: dependent.h'.
+    # Do two passes, one to just change these to
+    # `$object: dependent.h' and one to simply `dependent.h:'.
+    sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+    # That's a tab and a space in the [].
+    sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+icc)
+  # Intel's C compiler understands `-MD -MF file'.  However on
+  #    icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+  # ICC 7.0 will fill foo.d with something like
+  #    foo.o: sub/foo.c
+  #    foo.o: sub/foo.h
+  # which is wrong.  We want:
+  #    sub/foo.o: sub/foo.c
+  #    sub/foo.o: sub/foo.h
+  #    sub/foo.c:
+  #    sub/foo.h:
+  # ICC 7.1 will output
+  #    foo.o: sub/foo.c sub/foo.h
+  # and will wrap long lines using \ :
+  #    foo.o: sub/foo.c ... \
+  #     sub/foo.h ... \
+  #     ...
+
+  "$@" -MD -MF "$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  # Each line is of the form `foo.o: dependent.h',
+  # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+  # Do two passes, one to just change these to
+  # `$object: dependent.h' and one to simply `dependent.h:'.
+  sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process this invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
+    sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp2)
+  # The "hp" stanza above does not work with aCC (C++) and HP's ia64
+  # compilers, which have integrated preprocessors.  The correct option
+  # to use with these is +Maked; it writes dependencies to a file named
+  # 'foo.d', which lands next to the object file, wherever that
+  # happens to be.
+  # Much of this is similar to the tru64 case; see comments there.
+  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+  test "x$dir" = "x$object" && dir=
+  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir.libs/$base.d
+    "$@" -Wc,+Maked
+  else
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir$base.d
+    "$@" +Maked
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+     rm -f "$tmpdepfile1" "$tmpdepfile2"
+     exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  if test -f "$tmpdepfile"; then
+    sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
+    # Add `dependent.h:' lines.
+    sed -ne '2,${
+	       s/^ *//
+	       s/ \\*$//
+	       s/$/:/
+	       p
+	     }' "$tmpdepfile" >> "$depfile"
+  else
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile" "$tmpdepfile2"
+  ;;
+
+tru64)
+   # The Tru64 compiler uses -MD to generate dependencies as a side
+   # effect.  `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+   # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+   # dependencies in `foo.d' instead, so we check for that too.
+   # Subdirectories are respected.
+   dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+   test "x$dir" = "x$object" && dir=
+   base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+
+   if test "$libtool" = yes; then
+      # With Tru64 cc, shared objects can also be used to make a
+      # static library.  This mechanism is used in libtool 1.4 series to
+      # handle both shared and static libraries in a single compilation.
+      # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
+      #
+      # With libtool 1.5 this exception was removed, and libtool now
+      # generates 2 separate objects for the 2 libraries.  These two
+      # compilations output dependencies in $dir.libs/$base.o.d and
+      # in $dir$base.o.d.  We have to check for both files, because
+      # one of the two compilations can be disabled.  We should prefer
+      # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
+      # automatically cleaned when .libs/ is deleted, while ignoring
+      # the former would cause a distcleancheck panic.
+      tmpdepfile1=$dir.libs/$base.lo.d   # libtool 1.4
+      tmpdepfile2=$dir$base.o.d          # libtool 1.5
+      tmpdepfile3=$dir.libs/$base.o.d    # libtool 1.5
+      tmpdepfile4=$dir.libs/$base.d      # Compaq CCC V6.2-504
+      "$@" -Wc,-MD
+   else
+      tmpdepfile1=$dir$base.o.d
+      tmpdepfile2=$dir$base.d
+      tmpdepfile3=$dir$base.d
+      tmpdepfile4=$dir$base.d
+      "$@" -MD
+   fi
+
+   stat=$?
+   if test $stat -eq 0; then :
+   else
+      rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+      exit $stat
+   fi
+
+   for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+   do
+     test -f "$tmpdepfile" && break
+   done
+   if test -f "$tmpdepfile"; then
+      sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+      # That's a tab and a space in the [].
+      sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+   else
+      echo "#dummy" > "$depfile"
+   fi
+   rm -f "$tmpdepfile"
+   ;;
+
+#nosideeffect)
+  # This comment above is used by automake to tell side-effect
+  # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout, regardless of -o.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  test -z "$dashmflag" && dashmflag=-M
+  # Require at least two characters before searching for `:'
+  # in the target name.  This is to cope with DOS-style filenames:
+  # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+  "$@" $dashmflag |
+    sed 's:^[  ]*[^: ][^:][^:]*\:[    ]*:'"$object"'\: :' > "$tmpdepfile"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  tr ' ' '
+' < "$tmpdepfile" | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+dashXmstdout)
+  # This case only exists to satisfy depend.m4.  It is never actually
+  # run, as this mode is specially recognized in the preamble.
+  exit 1
+  ;;
+
+makedepend)
+  "$@" || exit $?
+  # Remove any Libtool call
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+  # X makedepend
+  shift
+  cleared=no eat=no
+  for arg
+  do
+    case $cleared in
+    no)
+      set ""; shift
+      cleared=yes ;;
+    esac
+    if test $eat = yes; then
+      eat=no
+      continue
+    fi
+    case "$arg" in
+    -D*|-I*)
+      set fnord "$@" "$arg"; shift ;;
+    # Strip any option that makedepend may not understand.  Remove
+    # the object too, otherwise makedepend will parse it as a source file.
+    -arch)
+      eat=yes ;;
+    -*|$object)
+      ;;
+    *)
+      set fnord "$@" "$arg"; shift ;;
+    esac
+  done
+  obj_suffix=`echo "$object" | sed 's/^.*\././'`
+  touch "$tmpdepfile"
+  ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  sed '1,2d' "$tmpdepfile" | tr ' ' '
+' | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile" "$tmpdepfile".bak
+  ;;
+
+cpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  "$@" -E |
+    sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+       -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
+    sed '$ s: \\$::' > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  cat < "$tmpdepfile" >> "$depfile"
+  sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvisualcpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  IFS=" "
+  for arg
+  do
+    case "$arg" in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+	set fnord "$@"
+	shift
+	shift
+	;;
+    *)
+	set fnord "$@" "$arg"
+	shift
+	shift
+	;;
+    esac
+  done
+  "$@" -E 2>/dev/null |
+  sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::	\1 \\:p' >> "$depfile"
+  echo "	" >> "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvcmsys)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+none)
+  exec "$@"
+  ;;
+
+*)
+  echo "Unknown depmode $depmode" 1>&2
+  exit 1
+  ;;
+esac
+
+exit 0
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/doc/Makefile b/AKB/src/igmpproxy/igmpproxy-0.1/doc/Makefile
new file mode 100644
index 0000000..1dc1972
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/doc/Makefile
@@ -0,0 +1,447 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# doc/Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = x86_64-unknown-linux-gnu
+host_triplet = x86_64-unknown-linux-gnu
+subdir = doc
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/igmpproxy.8.in $(srcdir)/igmpproxy.conf.5.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = igmpproxy.8 igmpproxy.conf.5
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+man5dir = $(mandir)/man5
+am__installdirs = "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1/doc
+abs_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1/doc
+abs_top_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = x86_64-unknown-linux-gnu
+build_alias = 
+build_cpu = x86_64
+build_os = linux-gnu
+build_vendor = unknown
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = x86_64-unknown-linux-gnu
+host_alias = 
+host_cpu = x86_64
+host_os = linux-gnu
+host_vendor = unknown
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = ../
+top_builddir = ..
+top_srcdir = ..
+man_MANS = igmpproxy.8 igmpproxy.conf.5
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu doc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+igmpproxy.8: $(top_builddir)/config.status $(srcdir)/igmpproxy.8.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+igmpproxy.conf.5: $(top_builddir)/config.status $(srcdir)/igmpproxy.conf.5.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-man5: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man5:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
+install-man8: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+	@list='$(MANS)'; if test -n "$$list"; then \
+	  list=`for p in $$list; do \
+	    if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	    if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+	  if test -n "$$list" && \
+	    grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+	    echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+	    grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/         /' >&2; \
+	    echo "       to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+	    echo "       typically \`make maintainer-clean' will remove them" >&2; \
+	    exit 1; \
+	  else :; fi; \
+	else :; fi
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(MANS)
+installdirs:
+	for dir in "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic distclean \
+	distclean-generic distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
+	pdf-am ps ps-am uninstall uninstall-am uninstall-man \
+	uninstall-man5 uninstall-man8
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am b/AKB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am
new file mode 100644
index 0000000..1d4eb13
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am
@@ -0,0 +1 @@
+man_MANS = igmpproxy.8 igmpproxy.conf.5
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in b/AKB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in
new file mode 100644
index 0000000..8a0c300
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in
@@ -0,0 +1,447 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = doc
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/igmpproxy.8.in $(srcdir)/igmpproxy.conf.5.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = igmpproxy.8 igmpproxy.conf.5
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+man5dir = $(mandir)/man5
+am__installdirs = "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+man_MANS = igmpproxy.8 igmpproxy.conf.5
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu doc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+igmpproxy.8: $(top_builddir)/config.status $(srcdir)/igmpproxy.8.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+igmpproxy.conf.5: $(top_builddir)/config.status $(srcdir)/igmpproxy.conf.5.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-man5: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man5:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
+install-man8: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+	@list='$(MANS)'; if test -n "$$list"; then \
+	  list=`for p in $$list; do \
+	    if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	    if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+	  if test -n "$$list" && \
+	    grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+	    echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+	    grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/         /' >&2; \
+	    echo "       to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+	    echo "       typically \`make maintainer-clean' will remove them" >&2; \
+	    exit 1; \
+	  else :; fi; \
+	else :; fi
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(MANS)
+installdirs:
+	for dir in "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic distclean \
+	distclean-generic distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
+	pdf-am ps ps-am uninstall uninstall-am uninstall-man \
+	uninstall-man5 uninstall-man8
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8 b/AKB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8
new file mode 100644
index 0000000..10faec5
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8
@@ -0,0 +1,81 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy 8 "" "igmpproxy 0.1"
+.SH NAME
+igmpproxy \- Multicast router utilizing IGMP forwarding
+
+.SH SYNOPSIS
+.B igmpproxy [-h] [-d] [-v [-v]]
+.I config-file
+
+
+.SH DESCRIPTION
+.B igmpproxy
+is a simple multicast routing daemon which uses IGMP forwarding to
+dynamically route multicast traffic. Routing is done by defining an
+"upstream" interface on which the daemon act as a normal Multicast
+client, and one or more "downstream" interfaces that serves clients
+on the destination networks. This is useful in situations where other
+dynamic multicast routers (like 'mrouted' or 'pimd') cannot be used.
+
+Since 
+.B igmpproxy
+only uses IGMP signalling, the daemon is only suited for situations
+where multicast traffic comes from only one neighbouring network.
+In more advanced cases, 'mrouted' or 'pimd' is probably more suited.
+The daemon is not designed for cascading, and probably won't scale
+very well.
+
+Currently only IGMPv1 and v2 is supported on downstream interfaces.
+On the upstream interface the kernel IGMP client implementation is used,
+and supported IGMP versions is therefore limited to that supported by the
+kernel.
+
+
+.SH OPTIONS
+.IP -h
+Display help.
+.IP -v
+Verbose logging. Set logging level to INFO instead of WARNING used by default. 
+.IP -vv
+More verbose logging. Set logging level to DEBUG.
+.IP -d
+Output log messages to STDERR instead of to
+.BR syslog (3).
+
+
+.SH LIMITS
+The current version compiles and runs fine with the Linux kernel version 2.4. The known limits are:
+
+.B Multicast routes:
+more then 200
+
+.B Multicast group membership:
+max. 20
+.SH FILES
+.TP
+.B /proc/net/ip_mr_cache 
+- contains the active multicast routes
+.TP
+.B /proc/net/ip_mr_vif 
+- contains the 'virtual' interfaces used by the active multicast routing daemon
+.TP
+.B /proc/sys/net/ipv4/conf/<ifname>/force_igmp_version 
+- can be set to control what IGMP version the kernel should use on the upstream interface.
+Ex.: 'echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version' will force the kernel to
+use IGMPv2 on eth0 (provided this is the upstream interface).
+
+
+.SH SEE ALSO
+.BR igmpproxy.conf (5),
+.BR mrouted,
+.BR pimd,
+.BR smcroute
+
+.SH BUGS
+Currently none (but there probably will be :-/ )
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>.
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in b/AKB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in
new file mode 100644
index 0000000..9d18e42
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in
@@ -0,0 +1,81 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy 8 "" "@PACKAGE_STRING@"
+.SH NAME
+igmpproxy \- Multicast router utilizing IGMP forwarding
+
+.SH SYNOPSIS
+.B igmpproxy [-h] [-d] [-v [-v]]
+.I config-file
+
+
+.SH DESCRIPTION
+.B igmpproxy
+is a simple multicast routing daemon which uses IGMP forwarding to
+dynamically route multicast traffic. Routing is done by defining an
+"upstream" interface on which the daemon act as a normal Multicast
+client, and one or more "downstream" interfaces that serves clients
+on the destination networks. This is useful in situations where other
+dynamic multicast routers (like 'mrouted' or 'pimd') cannot be used.
+
+Since 
+.B igmpproxy
+only uses IGMP signalling, the daemon is only suited for situations
+where multicast traffic comes from only one neighbouring network.
+In more advanced cases, 'mrouted' or 'pimd' is probably more suited.
+The daemon is not designed for cascading, and probably won't scale
+very well.
+
+Currently only IGMPv1 and v2 is supported on downstream interfaces.
+On the upstream interface the kernel IGMP client implementation is used,
+and supported IGMP versions is therefore limited to that supported by the
+kernel.
+
+
+.SH OPTIONS
+.IP -h
+Display help.
+.IP -v
+Verbose logging. Set logging level to INFO instead of WARNING used by default. 
+.IP -vv
+More verbose logging. Set logging level to DEBUG.
+.IP -d
+Output log messages to STDERR instead of to
+.BR syslog (3).
+
+
+.SH LIMITS
+The current version compiles and runs fine with the Linux kernel version 2.4. The known limits are:
+
+.B Multicast routes:
+more then 200
+
+.B Multicast group membership:
+max. 20
+.SH FILES
+.TP
+.B /proc/net/ip_mr_cache 
+- contains the active multicast routes
+.TP
+.B /proc/net/ip_mr_vif 
+- contains the 'virtual' interfaces used by the active multicast routing daemon
+.TP
+.B /proc/sys/net/ipv4/conf/<ifname>/force_igmp_version 
+- can be set to control what IGMP version the kernel should use on the upstream interface.
+Ex.: 'echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version' will force the kernel to
+use IGMPv2 on eth0 (provided this is the upstream interface).
+
+
+.SH SEE ALSO
+.BR igmpproxy.conf (5),
+.BR mrouted,
+.BR pimd,
+.BR smcroute
+
+.SH BUGS
+Currently none (but there probably will be :-/ )
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>.
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5 b/AKB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5
new file mode 100644
index 0000000..176de46
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5
@@ -0,0 +1,146 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy.conf 5 "" "igmpproxy 0.1"
+.SH NAME
+igmpproxy.conf \- Configuration file for
+.BR igmpproxy (8)
+multicast daemon
+
+.SH DESCRIPTION
+.B igmpproxy.conf
+contains the configuration for the 
+.B igmpproxy
+multicast daemon. It defines which network interfaces should be
+used by the routing daemon. Each interface must be give one of the following roles:
+.B upstream
+,
+.B downstream
+or
+.B disabled
+.
+
+The
+.B upstream
+network interface is the outgoing interface which is responsible for communicating
+to availible multicast data sources. There can only be one upstream interface.
+
+.B Downstream
+network interfaces are the distribution interfaces to the destination networks, 
+where multicast clients can join groups and receive multicast data. One or more
+downstream interfaces must be configured.
+
+On
+.B disabled
+network interfaces all IGMP or multicast traffic is ignored altogether. If multiple
+IP addresses is used on one single interface (ae. eth0:1 ...), all interface
+aliases not in use should be configured as disabled.
+
+Any line in the configuration file starting with
+.B #
+is treated as a comment. Keywords and parameters can be distributed over many lines.
+The configuration file has two main keywords:
+
+.B quickleave
+.RS 
+Enables quickleave mode. In this mode the daemon will send a Leave IGMP message
+upstream as soon as it recieves a Leave message for any downstream interface.
+The daemon will then ask for Membership reports on the downstream interfaces, 
+and if a report is recieved the group is joined again upstream. Normally this
+is not noticed at all by clients on the downstream networks. If it's vital
+that the daemon should act exactly as a real multicast client on the upstream
+interface, this function should not be used. Disabling this function increases
+the risk of bandwidth saturation.
+.RE
+
+
+.B phyint 
+.I interface
+.I role 
+[ ratelimit 
+.I limit
+] [ threshold 
+.I ttl
+] [ altnet 
+.I networkaddr ... 
+]
+.RS
+Defines the state and settings of a network interface.
+.RE
+
+.SH PHYINT OPTIONS
+
+.B interface
+.RS
+The name of the interface the settings are for. This option is required for
+phyint settings.
+.RE
+
+.B role
+.RS
+The role of the interface. This should be either
+.B upstream
+(only one interface),
+.B downstream
+(one or more interfaces) or
+.B disabled
+. This option is required.
+.RE
+
+.B ratelimit
+.I limit
+.RS
+Defines a ratelimit for the network interface. If ratelimit is set to 0 (default),
+no ratelimit will be applied. This setting is optional.
+.RE
+
+.B threshold
+.I ttl
+.RS
+Defines the TTL threshold for the network interface. Packets with a lower TTL than the 
+threshols value will be ignored. This setting is optional, and by default the threshold is 1.
+.RE
+
+.B altnet
+.I networkaddr
+...
+.RS
+Defines alternate sources for multicasting and IGMP data. The network address must be on the 
+following format 'a.b.c.d/n'. By default the router will accept data from sources on the same
+network as configured on an interface. If the multicast source lies on a remote network, one
+must define from where traffic should be accepted. 
+
+This is especially useful for the upstream interface, since the source for multicast
+traffic is often from a remote location. Any number of altnet parameters can be specified.
+.RE
+
+
+.SH EXAMPLE
+## Enable quickleave
+quickleave
+.br
+## Define settings for eth0 (upstream)
+.br
+phyint eth0 upstream 
+       altnet 10.0.0.0/8
+       
+## Disable alternate IP on eth0 (eth0:0)
+.br
+phyint eth0:0 disabled
+
+## Define settings for eth1 (downstream)
+.br
+phyint eth1 downstream ratelimit 0 threshold 1
+
+## Define settings for eth2 (also downstream)
+.br
+phyint eth2 downstream
+
+
+.SH SEE ALSO
+.BR igmpproxy (8)
+
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in b/AKB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in
new file mode 100644
index 0000000..a4ea7d0
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in
@@ -0,0 +1,146 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy.conf 5 "" "@PACKAGE_STRING@"
+.SH NAME
+igmpproxy.conf \- Configuration file for
+.BR igmpproxy (8)
+multicast daemon
+
+.SH DESCRIPTION
+.B igmpproxy.conf
+contains the configuration for the 
+.B igmpproxy
+multicast daemon. It defines which network interfaces should be
+used by the routing daemon. Each interface must be give one of the following roles:
+.B upstream
+,
+.B downstream
+or
+.B disabled
+.
+
+The
+.B upstream
+network interface is the outgoing interface which is responsible for communicating
+to availible multicast data sources. There can only be one upstream interface.
+
+.B Downstream
+network interfaces are the distribution interfaces to the destination networks, 
+where multicast clients can join groups and receive multicast data. One or more
+downstream interfaces must be configured.
+
+On
+.B disabled
+network interfaces all IGMP or multicast traffic is ignored altogether. If multiple
+IP addresses is used on one single interface (ae. eth0:1 ...), all interface
+aliases not in use should be configured as disabled.
+
+Any line in the configuration file starting with
+.B #
+is treated as a comment. Keywords and parameters can be distributed over many lines.
+The configuration file has two main keywords:
+
+.B quickleave
+.RS 
+Enables quickleave mode. In this mode the daemon will send a Leave IGMP message
+upstream as soon as it recieves a Leave message for any downstream interface.
+The daemon will then ask for Membership reports on the downstream interfaces, 
+and if a report is recieved the group is joined again upstream. Normally this
+is not noticed at all by clients on the downstream networks. If it's vital
+that the daemon should act exactly as a real multicast client on the upstream
+interface, this function should not be used. Disabling this function increases
+the risk of bandwidth saturation.
+.RE
+
+
+.B phyint 
+.I interface
+.I role 
+[ ratelimit 
+.I limit
+] [ threshold 
+.I ttl
+] [ altnet 
+.I networkaddr ... 
+]
+.RS
+Defines the state and settings of a network interface.
+.RE
+
+.SH PHYINT OPTIONS
+
+.B interface
+.RS
+The name of the interface the settings are for. This option is required for
+phyint settings.
+.RE
+
+.B role
+.RS
+The role of the interface. This should be either
+.B upstream
+(only one interface),
+.B downstream
+(one or more interfaces) or
+.B disabled
+. This option is required.
+.RE
+
+.B ratelimit
+.I limit
+.RS
+Defines a ratelimit for the network interface. If ratelimit is set to 0 (default),
+no ratelimit will be applied. This setting is optional.
+.RE
+
+.B threshold
+.I ttl
+.RS
+Defines the TTL threshold for the network interface. Packets with a lower TTL than the 
+threshols value will be ignored. This setting is optional, and by default the threshold is 1.
+.RE
+
+.B altnet
+.I networkaddr
+...
+.RS
+Defines alternate sources for multicasting and IGMP data. The network address must be on the 
+following format 'a.b.c.d/n'. By default the router will accept data from sources on the same
+network as configured on an interface. If the multicast source lies on a remote network, one
+must define from where traffic should be accepted. 
+
+This is especially useful for the upstream interface, since the source for multicast
+traffic is often from a remote location. Any number of altnet parameters can be specified.
+.RE
+
+
+.SH EXAMPLE
+## Enable quickleave
+quickleave
+.br
+## Define settings for eth0 (upstream)
+.br
+phyint eth0 upstream 
+       altnet 10.0.0.0/8
+       
+## Disable alternate IP on eth0 (eth0:0)
+.br
+phyint eth0:0 disabled
+
+## Define settings for eth1 (downstream)
+.br
+phyint eth1 downstream ratelimit 0 threshold 1
+
+## Define settings for eth2 (also downstream)
+.br
+phyint eth2 downstream
+
+
+.SH SEE ALSO
+.BR igmpproxy (8)
+
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf b/AKB/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf
new file mode 100644
index 0000000..197ca30
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf
@@ -0,0 +1,46 @@
+########################################################
+#
+#   Example configuration file for the IgmpProxy
+#   --------------------------------------------
+#
+#   The configuration file must define one upstream
+#   interface, and one or more downstream interfaces.
+#
+#   If multicast traffic originates outside the
+#   upstream subnet, the "altnet" option can be
+#   used in order to define legal multicast sources.
+#   (Se example...)
+#
+#   The "quickleave" should be used to avoid saturation
+#   of the upstream link. The option should only
+#   be used if it's absolutely nessecary to
+#   accurately imitate just one Client.
+#
+########################################################
+
+##------------------------------------------------------
+## Enable Quickleave mode (Sends Leave instantly)
+##------------------------------------------------------
+quickleave
+
+
+##------------------------------------------------------
+## Configuration for eth0 (Upstream Interface)
+##------------------------------------------------------
+phyint eth0 upstream  ratelimit 0  threshold 1
+        altnet 10.0.0.0/8 
+        altnet 192.168.0.0/24
+
+
+##------------------------------------------------------
+## Configuration for eth1 (Downstream Interface)
+##------------------------------------------------------
+phyint eth1 downstream  ratelimit 0  threshold 1
+
+
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+phyint eth2 disabled
+
+
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/install-sh b/AKB/src/igmpproxy/igmpproxy-0.1/install-sh
new file mode 100755
index 0000000..6781b98
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/install-sh
@@ -0,0 +1,520 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2009-04-28.21; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/missing b/AKB/src/igmpproxy/igmpproxy-0.1/missing
new file mode 100755
index 0000000..28055d2
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/missing
@@ -0,0 +1,376 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
+# 2008, 2009 Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+  echo 1>&2 "Try \`$0 --help' for more information"
+  exit 1
+fi
+
+run=:
+sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
+sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+  configure_ac=configure.ac
+else
+  configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case $1 in
+--run)
+  # Try to run requested program, and just exit if it succeeds.
+  run=
+  shift
+  "$@" && exit 0
+  # Exit code 63 means version mismatch.  This often happens
+  # when the user try to use an ancient version of a tool on
+  # a file that requires a minimum version.  In this case we
+  # we should proceed has if the program had been absent, or
+  # if --run hadn't been passed.
+  if test $? = 63; then
+    run=:
+    msg="probably too old"
+  fi
+  ;;
+
+  -h|--h|--he|--hel|--help)
+    echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+  -h, --help      display this help and exit
+  -v, --version   output version information and exit
+  --run           try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+  aclocal      touch file \`aclocal.m4'
+  autoconf     touch file \`configure'
+  autoheader   touch file \`config.h.in'
+  autom4te     touch the output file, or create a stub one
+  automake     touch all \`Makefile.in' files
+  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
+  flex         create \`lex.yy.c', if possible, from existing .c
+  help2man     touch the output file
+  lex          create \`lex.yy.c', if possible, from existing .c
+  makeinfo     touch the output file
+  tar          try tar, gnutar, gtar, then tar without non-portable flags
+  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
+\`g' are ignored when checking the name.
+
+Send bug reports to <bug-automake@gnu.org>."
+    exit $?
+    ;;
+
+  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+    echo "missing $scriptversion (GNU Automake)"
+    exit $?
+    ;;
+
+  -*)
+    echo 1>&2 "$0: Unknown \`$1' option"
+    echo 1>&2 "Try \`$0 --help' for more information"
+    exit 1
+    ;;
+
+esac
+
+# normalize program name to check for.
+program=`echo "$1" | sed '
+  s/^gnu-//; t
+  s/^gnu//; t
+  s/^g//; t'`
+
+# Now exit if we have it, but it failed.  Also exit now if we
+# don't have it and --version was passed (most likely to detect
+# the program).  This is about non-GNU programs, so use $1 not
+# $program.
+case $1 in
+  lex*|yacc*)
+    # Not GNU programs, they don't have --version.
+    ;;
+
+  tar*)
+    if test -n "$run"; then
+       echo 1>&2 "ERROR: \`tar' requires --run"
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       exit 1
+    fi
+    ;;
+
+  *)
+    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+       # We have it, but it failed.
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       # Could not run --version or --help.  This is probably someone
+       # running `$TOOL --version' or `$TOOL --help' to check whether
+       # $TOOL exists and not knowing $TOOL uses missing.
+       exit 1
+    fi
+    ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case $program in
+  aclocal*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acinclude.m4' or \`${configure_ac}'.  You might want
+         to install the \`Automake' and \`Perl' packages.  Grab them from
+         any GNU archive site."
+    touch aclocal.m4
+    ;;
+
+  autoconf*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`${configure_ac}'.  You might want to install the
+         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
+         archive site."
+    touch configure
+    ;;
+
+  autoheader*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acconfig.h' or \`${configure_ac}'.  You might want
+         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
+         from any GNU archive site."
+    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+    test -z "$files" && files="config.h"
+    touch_files=
+    for f in $files; do
+      case $f in
+      *:*) touch_files="$touch_files "`echo "$f" |
+				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+      *) touch_files="$touch_files $f.in";;
+      esac
+    done
+    touch $touch_files
+    ;;
+
+  automake*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+         You might want to install the \`Automake' and \`Perl' packages.
+         Grab them from any GNU archive site."
+    find . -type f -name Makefile.am -print |
+	   sed 's/\.am$/.in/' |
+	   while read f; do touch "$f"; done
+    ;;
+
+  autom4te*)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.
+         You can get \`$1' as part of \`Autoconf' from any GNU
+         archive site."
+
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo "#! /bin/sh"
+	echo "# Created by GNU Automake missing as a replacement of"
+	echo "#  $ $@"
+	echo "exit 0"
+	chmod +x $file
+	exit 1
+    fi
+    ;;
+
+  bison*|yacc*)
+    echo 1>&2 "\
+WARNING: \`$1' $msg.  You should only need it if
+         you modified a \`.y' file.  You may need the \`Bison' package
+         in order for those modifications to take effect.  You can get
+         \`Bison' from any GNU archive site."
+    rm -f y.tab.c y.tab.h
+    if test $# -ne 1; then
+        eval LASTARG="\${$#}"
+	case $LASTARG in
+	*.y)
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" y.tab.c
+	    fi
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" y.tab.h
+	    fi
+	  ;;
+	esac
+    fi
+    if test ! -f y.tab.h; then
+	echo >y.tab.h
+    fi
+    if test ! -f y.tab.c; then
+	echo 'main() { return 0; }' >y.tab.c
+    fi
+    ;;
+
+  lex*|flex*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.l' file.  You may need the \`Flex' package
+         in order for those modifications to take effect.  You can get
+         \`Flex' from any GNU archive site."
+    rm -f lex.yy.c
+    if test $# -ne 1; then
+        eval LASTARG="\${$#}"
+	case $LASTARG in
+	*.l)
+	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" lex.yy.c
+	    fi
+	  ;;
+	esac
+    fi
+    if test ! -f lex.yy.c; then
+	echo 'main() { return 0; }' >lex.yy.c
+    fi
+    ;;
+
+  help2man*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+	 you modified a dependency of a manual page.  You may need the
+	 \`Help2man' package in order for those modifications to take
+	 effect.  You can get \`Help2man' from any GNU archive site."
+
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo ".ab help2man is required to generate this page"
+	exit $?
+    fi
+    ;;
+
+  makeinfo*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.texi' or \`.texinfo' file, or any other file
+         indirectly affecting the aspect of the manual.  The spurious
+         call might also be the consequence of using a buggy \`make' (AIX,
+         DU, IRIX).  You might want to install the \`Texinfo' package or
+         the \`GNU make' package.  Grab either from any GNU archive site."
+    # The file to touch is that specified with -o ...
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -z "$file"; then
+      # ... or it is the one specified with @setfilename ...
+      infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+      file=`sed -n '
+	/^@setfilename/{
+	  s/.* \([^ ]*\) *$/\1/
+	  p
+	  q
+	}' $infile`
+      # ... or it is derived from the source name (dir/f.texi becomes f.info)
+      test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
+    fi
+    # If the file does not exist, the user really needs makeinfo;
+    # let's fail without touching anything.
+    test -f $file || exit 1
+    touch $file
+    ;;
+
+  tar*)
+    shift
+
+    # We have already tried tar in the generic part.
+    # Look for gnutar/gtar before invocation to avoid ugly error
+    # messages.
+    if (gnutar --version > /dev/null 2>&1); then
+       gnutar "$@" && exit 0
+    fi
+    if (gtar --version > /dev/null 2>&1); then
+       gtar "$@" && exit 0
+    fi
+    firstarg="$1"
+    if shift; then
+	case $firstarg in
+	*o*)
+	    firstarg=`echo "$firstarg" | sed s/o//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+	case $firstarg in
+	*h*)
+	    firstarg=`echo "$firstarg" | sed s/h//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+    fi
+
+    echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+         You may want to install GNU tar or Free paxutils, or check the
+         command line arguments."
+    exit 1
+    ;;
+
+  *)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.  Check the \`README' file,
+         it often tells you about the needed prerequisites for installing
+         this package.  You may also peek at any GNU archive site, in case
+         some other package would contain this missing \`$1' program."
+    exit 1
+    ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po
new file mode 100644
index 0000000..f25b465
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po
@@ -0,0 +1,342 @@
+callout.o: callout.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po
new file mode 100644
index 0000000..14eebbf
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po
@@ -0,0 +1,342 @@
+config.o: config.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po
new file mode 100644
index 0000000..bec4868
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po
@@ -0,0 +1,342 @@
+confread.o: confread.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po
new file mode 100644
index 0000000..2805060
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po
@@ -0,0 +1,342 @@
+ifvc.o: ifvc.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po
new file mode 100644
index 0000000..605a16f
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po
@@ -0,0 +1,342 @@
+igmp.o: igmp.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po
new file mode 100644
index 0000000..dee8930
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po
@@ -0,0 +1,342 @@
+igmpproxy.o: igmpproxy.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po
new file mode 100644
index 0000000..8e46880
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po
@@ -0,0 +1,342 @@
+kern.o: kern.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po
new file mode 100644
index 0000000..d2e5a5d
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po
@@ -0,0 +1,341 @@
+lib.o: lib.c /usr/include/stdc-predef.h igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po
new file mode 100644
index 0000000..ca312cc
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po
@@ -0,0 +1,342 @@
+mcgroup.o: mcgroup.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po
new file mode 100644
index 0000000..8c785bf
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po
@@ -0,0 +1,342 @@
+mroute-api.o: mroute-api.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po
new file mode 100644
index 0000000..56ed8c4
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po
@@ -0,0 +1,342 @@
+request.o: request.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po
new file mode 100644
index 0000000..52e1d35
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po
@@ -0,0 +1,342 @@
+rttable.o: rttable.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po
new file mode 100644
index 0000000..9dc9e92
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po
@@ -0,0 +1,342 @@
+syslog.o: syslog.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po
new file mode 100644
index 0000000..2f83ab9
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po
@@ -0,0 +1,342 @@
+udpsock.o: udpsock.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/Makefile b/AKB/src/igmpproxy/igmpproxy-0.1/src/Makefile
new file mode 100644
index 0000000..3cce137
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/Makefile
@@ -0,0 +1,493 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# src/Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = x86_64-unknown-linux-gnu
+host_triplet = x86_64-unknown-linux-gnu
+sbin_PROGRAMS = igmpproxy$(EXEEXT)
+subdir = src
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = os.h
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am_igmpproxy_OBJECTS = callout.$(OBJEXT) config.$(OBJEXT) \
+	confread.$(OBJEXT) ifvc.$(OBJEXT) igmp.$(OBJEXT) \
+	igmpproxy.$(OBJEXT) kern.$(OBJEXT) lib.$(OBJEXT) \
+	mcgroup.$(OBJEXT) mroute-api.$(OBJEXT) request.$(OBJEXT) \
+	rttable.$(OBJEXT) syslog.$(OBJEXT) udpsock.$(OBJEXT)
+igmpproxy_OBJECTS = $(am_igmpproxy_OBJECTS)
+igmpproxy_LDADD = $(LDADD)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(igmpproxy_SOURCES)
+DIST_SOURCES = $(igmpproxy_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1/src
+abs_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1/src
+abs_top_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = x86_64-unknown-linux-gnu
+build_alias = 
+build_cpu = x86_64
+build_os = linux-gnu
+build_vendor = unknown
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = x86_64-unknown-linux-gnu
+host_alias = 
+host_cpu = x86_64
+host_os = linux-gnu
+host_vendor = unknown
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = ../
+top_builddir = ..
+top_srcdir = ..
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p; \
+	  then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' `; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
+igmpproxy$(EXEEXT): $(igmpproxy_OBJECTS) $(igmpproxy_DEPENDENCIES) 
+	@rm -f igmpproxy$(EXEEXT)
+	$(LINK) $(igmpproxy_OBJECTS) $(igmpproxy_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+include ./$(DEPDIR)/callout.Po
+include ./$(DEPDIR)/config.Po
+include ./$(DEPDIR)/confread.Po
+include ./$(DEPDIR)/ifvc.Po
+include ./$(DEPDIR)/igmp.Po
+include ./$(DEPDIR)/igmpproxy.Po
+include ./$(DEPDIR)/kern.Po
+include ./$(DEPDIR)/lib.Po
+include ./$(DEPDIR)/mcgroup.Po
+include ./$(DEPDIR)/mroute-api.Po
+include ./$(DEPDIR)/request.Po
+include ./$(DEPDIR)/rttable.Po
+include ./$(DEPDIR)/syslog.Po
+include ./$(DEPDIR)/udpsock.Po
+
+.c.o:
+	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+#	source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(COMPILE) -c $<
+
+.c.obj:
+	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+#	source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+	for dir in "$(DESTDIR)$(sbindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-sbinPROGRAMS ctags distclean distclean-compile \
+	distclean-generic distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-sbinPROGRAMS install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-sbinPROGRAMS
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/Makefile.am b/AKB/src/igmpproxy/igmpproxy-0.1/src/Makefile.am
new file mode 100644
index 0000000..fb63ff3
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/Makefile.am
@@ -0,0 +1,22 @@
+sbin_PROGRAMS = igmpproxy
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/Makefile.in b/AKB/src/igmpproxy/igmpproxy-0.1/src/Makefile.in
new file mode 100644
index 0000000..ab670af
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/Makefile.in
@@ -0,0 +1,493 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+sbin_PROGRAMS = igmpproxy$(EXEEXT)
+subdir = src
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = os.h
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am_igmpproxy_OBJECTS = callout.$(OBJEXT) config.$(OBJEXT) \
+	confread.$(OBJEXT) ifvc.$(OBJEXT) igmp.$(OBJEXT) \
+	igmpproxy.$(OBJEXT) kern.$(OBJEXT) lib.$(OBJEXT) \
+	mcgroup.$(OBJEXT) mroute-api.$(OBJEXT) request.$(OBJEXT) \
+	rttable.$(OBJEXT) syslog.$(OBJEXT) udpsock.$(OBJEXT)
+igmpproxy_OBJECTS = $(am_igmpproxy_OBJECTS)
+igmpproxy_LDADD = $(LDADD)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(igmpproxy_SOURCES)
+DIST_SOURCES = $(igmpproxy_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p; \
+	  then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' `; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
+igmpproxy$(EXEEXT): $(igmpproxy_OBJECTS) $(igmpproxy_DEPENDENCIES) 
+	@rm -f igmpproxy$(EXEEXT)
+	$(LINK) $(igmpproxy_OBJECTS) $(igmpproxy_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callout.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/config.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/confread.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ifvc.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/igmp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/igmpproxy.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kern.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mcgroup.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mroute-api.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/request.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rttable.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/syslog.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/udpsock.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+	for dir in "$(DESTDIR)$(sbindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-sbinPROGRAMS ctags distclean distclean-compile \
+	distclean-generic distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-sbinPROGRAMS install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-sbinPROGRAMS
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/callout.c b/AKB/src/igmpproxy/igmpproxy-0.1/src/callout.c
new file mode 100644
index 0000000..4edfe5e
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/callout.c
@@ -0,0 +1,255 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+
+#include "igmpproxy.h"
+
+/* the code below implements a callout queue */
+static int id = 0;
+static struct timeOutQueue  *queue = 0; /* pointer to the beginning of timeout queue */
+
+struct timeOutQueue {
+    struct timeOutQueue    *next;   // Next event in queue
+    int                     id;  
+    timer_f                 func;   // function to call
+    void                    *data;  // Data for function
+    int                     time;   // Time offset for next event
+};
+
+// Method for dumping the Queue to the log.
+static void debugQueue(void);
+
+/**
+*   Initializes the callout queue
+*/
+void callout_init() {
+    queue = NULL;
+}
+
+/**
+*   Clears all scheduled timeouts...
+*/
+void free_all_callouts() {
+    struct timeOutQueue *p;
+
+    while (queue) {
+        p = queue;
+        queue = queue->next;
+        free(p);
+    }
+}
+
+
+/**
+ * elapsed_time seconds have passed; perform all the events that should
+ * happen.
+ */
+void age_callout_queue(int elapsed_time) {
+    struct timeOutQueue *ptr;
+    int i = 0;
+
+    for (ptr = queue; ptr; ptr = queue, i++) {
+        if (ptr->time > elapsed_time) {
+            ptr->time -= elapsed_time;
+            return;
+        } else {
+            elapsed_time -= ptr->time;
+            queue = queue->next;
+            my_log(LOG_DEBUG, 0, "About to call timeout %d (#%d)", ptr->id, i);
+
+            if (ptr->func)
+                ptr->func(ptr->data);
+            free(ptr);
+        }
+    }
+}
+
+/**
+ * Return in how many seconds age_callout_queue() would like to be called.
+ * Return -1 if there are no events pending.
+ */
+int timer_nextTimer() {
+    if (queue) {
+        if (queue->time < 0) {
+            my_log(LOG_WARNING, 0, "timer_nextTimer top of queue says %d", 
+                queue->time);
+            return 0;
+        }
+        return queue->time;
+    }
+    return -1;
+}
+
+/**
+ *  Inserts a timer in queue.
+ *  @param delay - Number of seconds the timeout should happen in.
+ *  @param action - The function to call on timeout.
+ *  @param data - Pointer to the function data to supply...
+ */
+int timer_setTimer(int delay, timer_f action, void *data) {
+    struct     timeOutQueue  *ptr, *node, *prev;
+    int i = 0;
+
+    /* create a node */ 
+    node = (struct timeOutQueue *)malloc(sizeof(struct timeOutQueue));
+    if (node == 0) {
+        my_log(LOG_WARNING, 0, "Malloc Failed in timer_settimer\n");
+        return -1;
+    }
+    node->func = action; 
+    node->data = data;
+    node->time = delay; 
+    node->next = 0; 
+    node->id   = ++id;
+
+    prev = ptr = queue;
+
+    /* insert node in the queue */
+
+    /* if the queue is empty, insert the node and return */
+    if (!queue) {
+        queue = node;
+    }
+    else {
+        /* chase the pointer looking for the right place */
+        while (ptr) {
+            if (delay < ptr->time) {
+                // We found the correct node
+                node->next = ptr;
+                if (ptr == queue) {
+                    queue = node;
+                }
+                else {
+                    prev->next = node;
+                }
+                ptr->time -= node->time;
+		my_log(LOG_DEBUG, 0,
+			"Created timeout %d (#%d) - delay %d secs",
+			node->id, i, node->time);
+		debugQueue();
+                return node->id;
+            } else {
+                // Continur to check nodes.
+                delay -= ptr->time; node->time = delay;
+                prev = ptr;
+                ptr = ptr->next;
+            }
+            i++;
+        }
+        prev->next = node;
+    }
+    my_log(LOG_DEBUG, 0, "Created timeout %d (#%d) - delay %d secs", 
+            node->id, i, node->time);
+    debugQueue();
+
+    return node->id;
+}
+
+/**
+*   returns the time until the timer is scheduled 
+*/
+int timer_leftTimer(int timer_id) {
+    struct timeOutQueue *ptr;
+    int left = 0;
+
+    if (!timer_id)
+        return -1;
+
+    for (ptr = queue; ptr; ptr = ptr->next) {
+        left += ptr->time;
+        if (ptr->id == timer_id) {
+            return left;
+        }
+    }
+    return -1;
+}
+
+/**
+*   clears the associated timer.  Returns 1 if succeeded. 
+*/
+int timer_clearTimer(int  timer_id) {
+    struct timeOutQueue  *ptr, *prev;
+    int i = 0;
+
+    if (!timer_id)
+        return 0;
+
+    prev = ptr = queue;
+
+    /*
+     * find the right node, delete it. the subsequent node's time
+     * gets bumped up
+     */
+
+    debugQueue();
+    while (ptr) {
+        if (ptr->id == timer_id) {
+            /* got the right node */
+
+            /* unlink it from the queue */
+            if (ptr == queue)
+                queue = queue->next;
+            else
+                prev->next = ptr->next;
+
+            /* increment next node if any */
+            if (ptr->next != 0)
+                (ptr->next)->time += ptr->time;
+
+            if (ptr->data)
+                free(ptr->data);
+            my_log(LOG_DEBUG, 0, "deleted timer %d (#%d)", ptr->id, i);
+            free(ptr);
+            debugQueue();
+            return 1;
+        }
+        prev = ptr;
+        ptr = ptr->next;
+        i++;
+    }
+    // If we get here, the timer was not deleted.
+    my_log(LOG_DEBUG, 0, "failed to delete timer %d (#%d)", timer_id, i);
+    debugQueue();
+    return 0;
+}
+
+/**
+ * debugging utility
+ */
+static void debugQueue() {
+    struct timeOutQueue  *ptr;
+
+    for (ptr = queue; ptr; ptr = ptr->next) {
+            my_log(LOG_DEBUG, 0, "(Id:%d, Time:%d) ", ptr->id, ptr->time);
+    }
+}
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/callout.o b/AKB/src/igmpproxy/igmpproxy-0.1/src/callout.o
new file mode 100644
index 0000000..f7ee6ef
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1/src/callout.o differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/config.c b/AKB/src/igmpproxy/igmpproxy-0.1/src/config.c
new file mode 100644
index 0000000..5a96ce0
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/config.c
@@ -0,0 +1,361 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   config.c - Contains functions to load and parse config
+*              file, and functions to configure the daemon.              
+*/
+
+#include "igmpproxy.h"
+                                      
+// Structure to keep configuration for VIFs...    
+struct vifconfig {
+    char*               name;
+    short               state;
+    int                 ratelimit;
+    int                 threshold;
+
+    // Keep allowed nets for VIF.
+    struct SubnetList*  allowednets;
+    
+    // Next config in list...
+    struct vifconfig*   next;
+};
+                 
+// Structure to keep vif configuration
+struct vifconfig*   vifconf;
+
+// Keeps common settings...
+static struct Config commonConfig;
+
+// Prototypes...
+struct vifconfig *parsePhyintToken();
+struct SubnetList *parseSubnetAddress(char *addrstr);
+
+
+/**
+*   Initializes common config..
+*/
+void initCommonConfig() {
+    commonConfig.robustnessValue = DEFAULT_ROBUSTNESS;
+    commonConfig.queryInterval = INTERVAL_QUERY;
+    commonConfig.queryResponseInterval = INTERVAL_QUERY_RESPONSE;
+
+    // The defaults are calculated from other settings.
+    commonConfig.startupQueryInterval = (unsigned int)(INTERVAL_QUERY / 4);
+    commonConfig.startupQueryCount = DEFAULT_ROBUSTNESS;
+
+    // Default values for leave intervals...
+    commonConfig.lastMemberQueryInterval = INTERVAL_QUERY_RESPONSE;
+    commonConfig.lastMemberQueryCount    = DEFAULT_ROBUSTNESS;
+
+    // If 1, a leave message is sent upstream on leave messages from downstream.
+    commonConfig.fastUpstreamLeave = 0;
+
+}
+
+/**
+*   Returns a pointer to the common config...
+*/
+struct Config *getCommonConfig() {
+    return &commonConfig;
+}
+
+/**
+*   Loads the configuration from file, and stores the config in 
+*   respective holders...
+*/                 
+int loadConfig(char *configFile) {
+    struct vifconfig  *tmpPtr;
+    struct vifconfig  **currPtr = &vifconf;
+    char *token;
+    
+    // Initialize common config
+    initCommonConfig();
+
+    // Test config file reader...
+    if(!openConfigFile(configFile)) {
+        my_log(LOG_ERR, 0, "Unable to open configfile from %s", configFile);
+    }
+
+    // Get first token...
+    token = nextConfigToken();
+    if(token == NULL) {
+        my_log(LOG_ERR, 0, "Config file was empty.");
+    }
+
+    // Loop until all configuration is read.
+    while ( token != NULL ) {
+        // Check token...
+        if(strcmp("phyint", token)==0) {
+            // Got a phyint token... Call phyint parser
+            my_log(LOG_DEBUG, 0, "Config: Got a phyint token.");
+            tmpPtr = parsePhyintToken();
+            if(tmpPtr == NULL) {
+                // Unparsable token... Exit...
+                closeConfigFile();
+                my_log(LOG_WARNING, 0, "Unknown token '%s' in configfile", token);
+                return 0;
+            } else {
+
+                my_log(LOG_DEBUG, 0, "IF name : %s", tmpPtr->name);
+                my_log(LOG_DEBUG, 0, "Next ptr : %x", tmpPtr->next);
+                my_log(LOG_DEBUG, 0, "Ratelimit : %d", tmpPtr->ratelimit);
+                my_log(LOG_DEBUG, 0, "Threshold : %d", tmpPtr->threshold);
+                my_log(LOG_DEBUG, 0, "State : %d", tmpPtr->state);
+                my_log(LOG_DEBUG, 0, "Allowednet ptr : %x", tmpPtr->allowednets);
+
+                // Insert config, and move temppointer to next location...
+                *currPtr = tmpPtr;
+                currPtr = &tmpPtr->next;
+            }
+        } 
+        else if(strcmp("quickleave", token)==0) {
+            // Got a quickleave token....
+            my_log(LOG_DEBUG, 0, "Config: Quick leave mode enabled.");
+            commonConfig.fastUpstreamLeave = 1;
+            
+            // Read next token...
+            token = nextConfigToken();
+            continue;
+        } else {
+            // Unparsable token... Exit...
+            closeConfigFile();
+            my_log(LOG_WARNING, 0, "Unknown token '%s' in configfile", token);
+            return 0;
+        }
+        // Get token that was not recognized by phyint parser.
+        token = getCurrentConfigToken();
+    }
+
+    // Close the configfile...
+    closeConfigFile();
+
+    return 1;
+}
+
+/**
+*   Appends extra VIF configuration from config file.
+*/
+void configureVifs() {
+    unsigned Ix;
+    struct IfDesc *Dp;
+    struct vifconfig *confPtr;
+
+    // If no config is availible, just return...
+    if(vifconf == NULL) {
+        return;
+    }
+
+    // Loop through all VIFs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+
+            // Now try to find a matching config...
+            for( confPtr = vifconf; confPtr; confPtr = confPtr->next) {
+
+                // I the VIF names match...
+                if(strcmp(Dp->Name, confPtr->name)==0) {
+                    struct SubnetList *vifLast;
+
+                    my_log(LOG_DEBUG, 0, "Found config for %s", Dp->Name);
+
+
+                    // Set the VIF state 
+                    Dp->state = confPtr->state;
+                    
+                    Dp->threshold = confPtr->threshold;
+                    Dp->ratelimit = confPtr->ratelimit;
+
+                    // Go to last allowed net on VIF...
+                    for(vifLast = Dp->allowednets; vifLast->next; vifLast = vifLast->next);
+                        
+                    // Insert the configured nets...
+                    vifLast->next = confPtr->allowednets;
+
+                    break;
+                }
+            }
+        }
+    }
+}
+
+
+/**
+*   Internal function to parse phyint config
+*/
+struct vifconfig *parsePhyintToken() {
+    struct vifconfig  *tmpPtr;
+    struct SubnetList **anetPtr;
+    char *token;
+    short parseError = 0;
+
+    // First token should be the interface name....
+    token = nextConfigToken();
+
+    // Sanitycheck the name...
+    if(token == NULL) return NULL;
+    if(strlen(token) >= IF_NAMESIZE) return NULL;
+    my_log(LOG_DEBUG, 0, "Config: IF: Config for interface %s.", token);
+
+    // Allocate memory for configuration...
+    tmpPtr = (struct vifconfig*)malloc(sizeof(struct vifconfig));
+    if(tmpPtr == NULL) {
+        my_log(LOG_ERR, 0, "Out of memory.");
+    }
+
+    // Set default values...
+    tmpPtr->next = NULL;    // Important to avoid seg fault...
+    tmpPtr->ratelimit = 0;
+    tmpPtr->threshold = 1;
+    tmpPtr->state = IF_STATE_DOWNSTREAM;
+    tmpPtr->allowednets = NULL;
+
+    // Make a copy of the token to store the IF name
+    tmpPtr->name = strdup( token );
+    if(tmpPtr->name == NULL) {
+        my_log(LOG_ERR, 0, "Out of memory.");
+    }
+
+    // Set the altnet pointer to the allowednets pointer.
+    anetPtr = &tmpPtr->allowednets;
+
+    // Parse the rest of the config..
+    token = nextConfigToken();
+    while(token != NULL) {
+        if(strcmp("altnet", token)==0) {
+            // Altnet...
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got altnet token %s.",token);
+
+            *anetPtr = parseSubnetAddress(token);
+            if(*anetPtr == NULL) {
+                parseError = 1;
+                my_log(LOG_WARNING, 0, "Unable to parse subnet address.");
+                break;
+            } else {
+                anetPtr = &(*anetPtr)->next;
+            }
+        }
+        else if(strcmp("upstream", token)==0) {
+            // Upstream
+            my_log(LOG_DEBUG, 0, "Config: IF: Got upstream token.");
+            tmpPtr->state = IF_STATE_UPSTREAM;
+        }
+        else if(strcmp("downstream", token)==0) {
+            // Downstream
+            my_log(LOG_DEBUG, 0, "Config: IF: Got downstream token.");
+            tmpPtr->state = IF_STATE_DOWNSTREAM;
+        }
+        else if(strcmp("disabled", token)==0) {
+            // Disabled
+            my_log(LOG_DEBUG, 0, "Config: IF: Got disabled token.");
+            tmpPtr->state = IF_STATE_DISABLED;
+        }
+        else if(strcmp("ratelimit", token)==0) {
+            // Ratelimit
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got ratelimit token '%s'.", token);
+            tmpPtr->ratelimit = atoi( token );
+            if(tmpPtr->ratelimit < 0) {
+                my_log(LOG_WARNING, 0, "Ratelimit must be 0 or more.");
+                parseError = 1;
+                break;
+            }
+        }
+        else if(strcmp("threshold", token)==0) {
+            // Threshold
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got threshold token '%s'.", token);
+            tmpPtr->threshold = atoi( token );
+            if(tmpPtr->threshold <= 0 || tmpPtr->threshold > 255) {
+                my_log(LOG_WARNING, 0, "Threshold must be between 1 and 255.");
+                parseError = 1;
+                break;
+            }
+        }
+        else {
+            // Unknown token. Break...
+            break;
+        }
+        token = nextConfigToken();
+    }
+
+    // Clean up after a parseerror...
+    if(parseError) {
+        free(tmpPtr);
+        tmpPtr = NULL;
+    }
+
+    return tmpPtr;
+}
+
+/**
+*   Parses a subnet address string on the format
+*   a.b.c.d/n into a SubnetList entry.
+*/
+struct SubnetList *parseSubnetAddress(char *addrstr) {
+    struct SubnetList *tmpSubnet;
+    char        *tmpStr;
+    uint32_t      addr = 0x00000000;
+    uint32_t      mask = 0xFFFFFFFF;
+
+    // First get the network part of the address...
+    tmpStr = strtok(addrstr, "/");
+    addr = inet_addr(tmpStr);
+
+    tmpStr = strtok(NULL, "/");
+    if(tmpStr != NULL) {
+        int bitcnt = atoi(tmpStr);
+        if(bitcnt <= 0 || bitcnt > 32) {
+            my_log(LOG_WARNING, 0, "The bits part of the address is invalid : %d.",tmpStr);
+            return NULL;
+        }
+
+        mask <<= (32 - bitcnt);
+    }
+
+    if(addr == -1 || addr == 0) {
+        my_log(LOG_WARNING, 0, "Unable to parse address token '%s'.", addrstr);
+        return NULL;
+    }
+
+    tmpSubnet = (struct SubnetList*) malloc(sizeof(struct SubnetList));
+    tmpSubnet->subnet_addr = addr;
+    tmpSubnet->subnet_mask = ntohl(mask);
+    tmpSubnet->next = NULL;
+
+    my_log(LOG_DEBUG, 0, "Config: IF: Altnet: Parsed altnet to %s.",
+	    inetFmts(tmpSubnet->subnet_addr, tmpSubnet->subnet_mask,s1));
+
+    return tmpSubnet;
+}
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/config.o b/AKB/src/igmpproxy/igmpproxy-0.1/src/config.o
new file mode 100644
index 0000000..95ddb6d
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1/src/config.o differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/confread.c b/AKB/src/igmpproxy/igmpproxy-0.1/src/confread.c
new file mode 100644
index 0000000..6e267dc
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/confread.c
@@ -0,0 +1,213 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   confread.c
+*
+*   Generic config file reader. Used to open a config file,
+*   and read the tokens from it. The parser is really simple,
+*   and does no backlogging. This means that no form of
+*   text escaping and qouting is currently supported.
+*   '#' chars are read as comments, and the comment lasts until 
+*   a newline or EOF
+*
+*/
+
+#include "igmpproxy.h"
+
+#define     READ_BUFFER_SIZE    512   // Inputbuffer size...
+        
+#ifndef MAX_TOKEN_LENGTH
+  #define MAX_TOKEN_LENGTH  30     // Default max token length
+#endif
+                                     
+FILE            *confFilePtr;       // File handle pointer
+char            *iBuffer;           // Inputbuffer for reading...
+unsigned int    bufPtr;             // Buffer position pointer.
+unsigned int    readSize;           // Number of bytes in buffer after last read...
+char    cToken[MAX_TOKEN_LENGTH];   // Token buffer...
+short   validToken;
+
+/**
+*   Opens config file specified by filename.
+*/    
+int openConfigFile(char *filename) {
+
+    // Set the buffer to null initially...
+    iBuffer = NULL;
+
+    // Open the file for reading...
+    confFilePtr = fopen(filename, "r");
+    
+    // On error, return false
+    if(confFilePtr == NULL) {
+        return 0;
+    }
+    
+    // Allocate memory for inputbuffer...
+    iBuffer = (char*) malloc( sizeof(char) * READ_BUFFER_SIZE );
+    
+    if(iBuffer == NULL) {
+        closeConfigFile();
+        return 0;
+    }
+    
+    // Reset bufferpointer and readsize
+    bufPtr = 0;
+    readSize = 0;
+
+    return 1;
+}
+
+/**
+*   Closes the currently open config file.
+*/
+void closeConfigFile() {
+    // Close the file.
+    if(confFilePtr!=NULL) {
+        fclose(confFilePtr);
+    }
+    // Free input buffer memory...
+    if(iBuffer != NULL) {
+        free(iBuffer);
+    }
+}
+
+/**
+*   Returns the next token from the configfile. The function
+*   return NULL if there are no more tokens in the file.    
+*/
+char *nextConfigToken() {
+
+    validToken = 0;
+
+    // If no file or buffer, return NULL
+    if(confFilePtr == NULL || iBuffer == NULL) {
+        return NULL;
+    }
+
+    {
+        unsigned int tokenPtr       = 0;
+        unsigned short finished     = 0;
+        unsigned short commentFound = 0;
+
+        // Outer buffer fill loop...
+        while ( !finished ) {
+            // If readpointer is at the end of the buffer, we should read next chunk...
+            if(bufPtr == readSize) {
+                // Fill up the buffer...
+                readSize = fread (iBuffer, sizeof(char), READ_BUFFER_SIZE, confFilePtr);
+                bufPtr = 0;
+
+                // If the readsize is 0, we should just return...
+                if(readSize == 0) {
+                    return NULL;
+                }
+            }
+
+            // Inner char loop...
+            while ( bufPtr < readSize && !finished ) {
+
+                //printf("Char %s", iBuffer[bufPtr]);
+
+                // Break loop on \0
+                if(iBuffer[bufPtr] == '\0') {
+                    break;
+                }
+
+                if( commentFound ) {
+                    if( iBuffer[bufPtr] == '\n' ) {
+                        commentFound = 0;
+                    }
+                } else {
+
+                    // Check current char...
+                    switch(iBuffer[bufPtr]) {
+                    case '#':
+                        // Found a comment start...
+                        commentFound = 1;
+                        break;
+
+                    case '\n':
+                    case '\r':
+                    case '\t':
+                    case ' ':
+                        // Newline, CR, Tab and space are end of token, or ignored.
+                        if(tokenPtr > 0) {
+                            cToken[tokenPtr] = '\0';    // EOL
+                            finished = 1;
+                        }
+                        break;
+
+                    default:
+                        // Append char to token...
+                        cToken[tokenPtr++] = iBuffer[bufPtr];
+                        break;
+                    }
+                
+                }
+
+                // Check end of token buffer !!!
+                if(tokenPtr == MAX_TOKEN_LENGTH - 1) {
+                    // Prevent buffer overrun...
+                    cToken[tokenPtr] = '\0';
+                    finished = 1;
+                }
+
+                // Next char...
+                bufPtr++;
+            }
+            // If the readsize is less than buffersize, we assume EOF.
+            if(readSize < READ_BUFFER_SIZE && bufPtr == readSize) {
+                if (tokenPtr > 0)
+                    finished = 1;
+                else
+                    return NULL;
+            }
+        }
+        if(tokenPtr>0) {
+            validToken = 1;
+            return cToken;
+        }
+    }
+    return NULL;
+}
+
+
+/**
+*   Returns the currently active token, or null
+*   if no tokens are availible.
+*/
+char *getCurrentConfigToken() {
+    return validToken ? cToken : NULL;
+}
+
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/confread.o b/AKB/src/igmpproxy/igmpproxy-0.1/src/confread.o
new file mode 100644
index 0000000..9c1e7bc
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1/src/confread.o differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/ifvc.c b/AKB/src/igmpproxy/igmpproxy-0.1/src/ifvc.c
new file mode 100644
index 0000000..545b3b4
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/ifvc.c
@@ -0,0 +1,255 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+struct IfDesc IfDescVc[ MAX_IF ], *IfDescEp = IfDescVc;
+
+/*
+** Builds up a vector with the interface of the machine. Calls to the other functions of 
+** the module will fail if they are called before the vector is build.
+**          
+*/
+void buildIfVc() {
+    struct ifreq IfVc[ sizeof( IfDescVc ) / sizeof( IfDescVc[ 0 ] )  ];
+    struct ifreq *IfEp;
+
+    int Sock;
+
+    if ( (Sock = socket( AF_INET, SOCK_DGRAM, 0 )) < 0 )
+        my_log( LOG_ERR, errno, "RAW socket open" );
+
+    /* get If vector
+     */
+    {
+        struct ifconf IoCtlReq;
+
+        IoCtlReq.ifc_buf = (void *)IfVc;
+        IoCtlReq.ifc_len = sizeof( IfVc );
+
+        if ( ioctl( Sock, SIOCGIFCONF, &IoCtlReq ) < 0 )
+            my_log( LOG_ERR, errno, "ioctl SIOCGIFCONF" );
+
+        IfEp = (void *)((char *)IfVc + IoCtlReq.ifc_len);
+    }
+
+    /* loop over interfaces and copy interface info to IfDescVc
+     */
+    {
+        struct ifreq  *IfPt, *IfNext;
+
+        // Temp keepers of interface params...
+        uint32_t addr, subnet, mask;
+
+        for ( IfPt = IfVc; IfPt < IfEp; IfPt = IfNext ) {
+            struct ifreq IfReq;
+            char FmtBu[ 32 ];
+
+	    IfNext = (struct ifreq *)((char *)&IfPt->ifr_addr +
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+				    IfPt->ifr_addr.sa_len
+#else
+				    sizeof(struct sockaddr_in)
+#endif
+		    );
+	    if (IfNext < IfPt + 1)
+		    IfNext = IfPt + 1;
+
+            strncpy( IfDescEp->Name, IfPt->ifr_name, sizeof( IfDescEp->Name ) );
+
+            // Currently don't set any allowed nets...
+            //IfDescEp->allowednets = NULL;
+
+            // Set the index to -1 by default.
+            IfDescEp->index = -1;
+
+            /* don't retrieve more info for non-IP interfaces
+             */
+            if ( IfPt->ifr_addr.sa_family != AF_INET ) {
+                IfDescEp->InAdr.s_addr = 0;  /* mark as non-IP interface */
+                IfDescEp++;
+                continue;
+            }
+
+            // Get the interface adress...
+            IfDescEp->InAdr = ((struct sockaddr_in *)&IfPt->ifr_addr)->sin_addr;
+            addr = IfDescEp->InAdr.s_addr;
+
+            memcpy( IfReq.ifr_name, IfDescEp->Name, sizeof( IfReq.ifr_name ) );
+            IfReq.ifr_addr.sa_family = AF_INET;
+            ((struct sockaddr_in *)&IfReq.ifr_addr)->sin_addr.s_addr = addr;
+
+            // Get the subnet mask...
+            if (ioctl(Sock, SIOCGIFNETMASK, &IfReq ) < 0)
+                my_log(LOG_ERR, errno, "ioctl SIOCGIFNETMASK for %s", IfReq.ifr_name);
+            mask = ((struct sockaddr_in *)&IfReq.ifr_addr)->sin_addr.s_addr;
+            subnet = addr & mask;
+
+            /* get if flags
+            **
+            ** typical flags:
+            ** lo    0x0049 -> Running, Loopback, Up
+            ** ethx  0x1043 -> Multicast, Running, Broadcast, Up
+            ** ipppx 0x0091 -> NoArp, PointToPoint, Up 
+            ** grex  0x00C1 -> NoArp, Running, Up
+            ** ipipx 0x00C1 -> NoArp, Running, Up
+            */
+            if ( ioctl( Sock, SIOCGIFFLAGS, &IfReq ) < 0 )
+                my_log( LOG_ERR, errno, "ioctl SIOCGIFFLAGS" );
+
+            IfDescEp->Flags = IfReq.ifr_flags;
+
+            // Insert the verified subnet as an allowed net...
+            IfDescEp->allowednets = (struct SubnetList *)malloc(sizeof(struct SubnetList));
+            if(IfDescEp->allowednets == NULL) my_log(LOG_ERR, 0, "Out of memory !");
+            
+            // Create the network address for the IF..
+            IfDescEp->allowednets->next = NULL;
+            IfDescEp->allowednets->subnet_mask = mask;
+            IfDescEp->allowednets->subnet_addr = subnet;
+
+            // Set the default params for the IF...
+            IfDescEp->state         = IF_STATE_DOWNSTREAM;
+            IfDescEp->robustness    = DEFAULT_ROBUSTNESS;
+            IfDescEp->threshold     = DEFAULT_THRESHOLD;   /* ttl limit */
+            IfDescEp->ratelimit     = DEFAULT_RATELIMIT; 
+            
+
+            // Debug log the result...
+            my_log( LOG_DEBUG, 0, "buildIfVc: Interface %s Addr: %s, Flags: 0x%04x, Network: %s",
+                 IfDescEp->Name,
+                 fmtInAdr( FmtBu, IfDescEp->InAdr ),
+                 IfDescEp->Flags,
+                 inetFmts(subnet,mask, s1));
+
+            IfDescEp++;
+        } 
+    }
+
+    close( Sock );
+}
+
+/*
+** Returns a pointer to the IfDesc of the interface 'IfName'
+**
+** returns: - pointer to the IfDesc of the requested interface
+**          - NULL if no interface 'IfName' exists
+**          
+*/
+struct IfDesc *getIfByName( const char *IfName ) {
+    struct IfDesc *Dp;
+
+    for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ )
+        if ( ! strcmp( IfName, Dp->Name ) )
+            return Dp;
+
+    return NULL;
+}
+
+/*
+** Returns a pointer to the IfDesc of the interface 'Ix'
+**
+** returns: - pointer to the IfDesc of the requested interface
+**          - NULL if no interface 'Ix' exists
+**          
+*/
+struct IfDesc *getIfByIx( unsigned Ix ) {
+    struct IfDesc *Dp = &IfDescVc[ Ix ];
+    return Dp < IfDescEp ? Dp : NULL;
+}
+
+/**
+*   Returns a pointer to the IfDesc whose subnet matches
+*   the supplied IP adress. The IP must match a interfaces
+*   subnet, or any configured allowed subnet on a interface.
+*/
+struct IfDesc *getIfByAddress( uint32_t ipaddr ) {
+
+    struct IfDesc       *Dp;
+    struct SubnetList   *currsubnet;
+    struct IfDesc       *res = NULL;
+    uint32_t            last_subnet_mask = 0;
+
+    for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ ) {
+        // Loop through all registered allowed nets of the VIF...
+        for(currsubnet = Dp->allowednets; currsubnet != NULL; currsubnet = currsubnet->next) {
+            // Check if the ip falls in under the subnet....
+            if(currsubnet->subnet_mask > last_subnet_mask && (ipaddr & currsubnet->subnet_mask) == currsubnet->subnet_addr) {
+                res = Dp;
+                last_subnet_mask = currsubnet->subnet_mask;
+            }
+        }
+    }
+    return res;
+}
+
+
+/**
+*   Returns a pointer to the IfDesc whose subnet matches
+*   the supplied IP adress. The IP must match a interfaces
+*   subnet, or any configured allowed subnet on a interface.
+*/
+struct IfDesc *getIfByVifIndex( unsigned vifindex ) {
+    struct IfDesc       *Dp;
+    if(vifindex>0) {
+        for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ ) {
+            if(Dp->index == vifindex) {
+                return Dp;
+            }
+        }
+    }
+    return NULL;
+}
+
+
+/**
+*   Function that checks if a given ipaddress is a valid
+*   address for the supplied VIF.
+*/
+int isAdressValidForIf( struct IfDesc* intrface, uint32_t ipaddr ) {
+    struct SubnetList   *currsubnet;
+    
+    if(intrface == NULL) {
+        return 0;
+    }
+    // Loop through all registered allowed nets of the VIF...
+    for(currsubnet = intrface->allowednets; currsubnet != NULL; currsubnet = currsubnet->next) {
+        // Check if the ip falls in under the subnet....
+        if((ipaddr & currsubnet->subnet_mask) == currsubnet->subnet_addr) {
+            return 1;
+        }
+    }
+    return 0;
+}
+
+
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/ifvc.o b/AKB/src/igmpproxy/igmpproxy-0.1/src/ifvc.o
new file mode 100644
index 0000000..94969db
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1/src/ifvc.o differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/igmp.c b/AKB/src/igmpproxy/igmpproxy-0.1/src/igmp.c
new file mode 100644
index 0000000..a0cd27d
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/igmp.c
@@ -0,0 +1,281 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmp.h - Recieves IGMP requests, and handle them 
+*            appropriately...
+*/
+
+#include "igmpproxy.h"
+ 
+// Globals                  
+uint32_t     allhosts_group;          /* All hosts addr in net order */
+uint32_t     allrouters_group;          /* All hosts addr in net order */
+              
+extern int MRouterFD;
+
+/*
+ * Open and initialize the igmp socket, and fill in the non-changing
+ * IP header fields in the output packet buffer.
+ */
+void initIgmp() {
+    struct ip *ip;
+
+    recv_buf = malloc(RECV_BUF_SIZE);
+    send_buf = malloc(RECV_BUF_SIZE);
+
+    k_hdr_include(true);    /* include IP header when sending */
+    k_set_rcvbuf(256*1024,48*1024); /* lots of input buffering        */
+    k_set_ttl(1);       /* restrict multicasts to one hop */
+    k_set_loop(false);      /* disable multicast loopback     */
+
+    ip         = (struct ip *)send_buf;
+    memset(ip, 0, sizeof(struct ip));
+    /*
+     * Fields zeroed that aren't filled in later:
+     * - IP ID (let the kernel fill it in)
+     * - Offset (we don't send fragments)
+     * - Checksum (let the kernel fill it in)
+     */
+    ip->ip_v   = IPVERSION;
+    ip->ip_hl  = sizeof(struct ip) >> 2;
+    ip->ip_tos = 0xc0;      /* Internet Control */
+    ip->ip_ttl = MAXTTL;    /* applies to unicasts only */
+    ip->ip_p   = IPPROTO_IGMP;
+
+    allhosts_group   = htonl(INADDR_ALLHOSTS_GROUP);
+    allrouters_group = htonl(INADDR_ALLRTRS_GROUP);
+}
+
+/**
+*   Finds the textual name of the supplied IGMP request.
+*/
+char *igmpPacketKind(u_int type, u_int code) {
+    static char unknown[20];
+
+    switch (type) {
+    case IGMP_MEMBERSHIP_QUERY:     return  "Membership query  ";
+    case IGMP_V1_MEMBERSHIP_REPORT:  return "V1 member report  ";
+    case IGMP_V2_MEMBERSHIP_REPORT:  return "V2 member report  ";
+    case IGMP_V2_LEAVE_GROUP:        return "Leave message     ";
+    
+    default:
+        sprintf(unknown, "unk: 0x%02x/0x%02x    ", type, code);
+        return unknown;
+    }
+}
+
+
+/**
+ * Process a newly received IGMP packet that is sitting in the input
+ * packet buffer.
+ */
+void acceptIgmp(int recvlen) {
+    register uint32_t src, dst, group;
+    struct ip *ip;
+    struct igmp *igmp;
+    int ipdatalen, iphdrlen, igmpdatalen;
+
+    if (recvlen < sizeof(struct ip)) {
+        my_log(LOG_WARNING, 0,
+            "received packet too short (%u bytes) for IP header", recvlen);
+        return;
+    }
+
+    ip        = (struct ip *)recv_buf;
+    src       = ip->ip_src.s_addr;
+    dst       = ip->ip_dst.s_addr;
+
+    /* 
+     * this is most likely a message from the kernel indicating that
+     * a new src grp pair message has arrived and so, it would be 
+     * necessary to install a route into the kernel for this.
+     */
+    if (ip->ip_p == 0) {
+        if (src == 0 || dst == 0) {
+            my_log(LOG_WARNING, 0, "kernel request not accurate");
+        }
+        else {
+            struct IfDesc *checkVIF;
+            
+            // Check if the source address matches a valid address on upstream vif.
+            checkVIF = getIfByIx( upStreamVif );
+            if(checkVIF == 0) {
+                my_log(LOG_ERR, 0, "Upstream VIF was null.");
+                return;
+            } 
+            else if(src == checkVIF->InAdr.s_addr) {
+                my_log(LOG_NOTICE, 0, "Route activation request from %s for %s is from myself. Ignoring.",
+                    inetFmt(src, s1), inetFmt(dst, s2));
+                return;
+            }
+            else if(!isAdressValidForIf(checkVIF, src)) {
+                my_log(LOG_WARNING, 0, "The source address %s for group %s, is not in any valid net for upstream VIF.",
+                    inetFmt(src, s1), inetFmt(dst, s2));
+                return;
+            }
+            
+            // Activate the route.
+            my_log(LOG_DEBUG, 0, "Route activate request from %s to %s",
+		    inetFmt(src,s1), inetFmt(dst,s2));
+            activateRoute(dst, src);
+            
+
+        }
+        return;
+    }
+
+    iphdrlen  = ip->ip_hl << 2;
+    ipdatalen = ip_data_len(ip);
+
+    if (iphdrlen + ipdatalen != recvlen) {
+        my_log(LOG_WARNING, 0,
+            "received packet from %s shorter (%u bytes) than hdr+data length (%u+%u)",
+            inetFmt(src, s1), recvlen, iphdrlen, ipdatalen);
+        return;
+    }
+
+    igmp        = (struct igmp *)(recv_buf + iphdrlen);
+    group       = igmp->igmp_group.s_addr;
+    igmpdatalen = ipdatalen - IGMP_MINLEN;
+    if (igmpdatalen < 0) {
+        my_log(LOG_WARNING, 0,
+            "received IP data field too short (%u bytes) for IGMP, from %s",
+            ipdatalen, inetFmt(src, s1));
+        return;
+    }
+
+    my_log(LOG_NOTICE, 0, "RECV %s from %-15s to %s",
+        igmpPacketKind(igmp->igmp_type, igmp->igmp_code),
+        inetFmt(src, s1), inetFmt(dst, s2) );
+
+    switch (igmp->igmp_type) {
+    case IGMP_V1_MEMBERSHIP_REPORT:
+    case IGMP_V2_MEMBERSHIP_REPORT:
+        acceptGroupReport(src, group, igmp->igmp_type);
+        return;
+    
+    case IGMP_V2_LEAVE_GROUP:
+        acceptLeaveMessage(src, group);
+        return;
+    
+    case IGMP_MEMBERSHIP_QUERY:
+        return;
+
+    default:
+        my_log(LOG_INFO, 0,
+            "ignoring unknown IGMP message type %x from %s to %s",
+            igmp->igmp_type, inetFmt(src, s1),
+            inetFmt(dst, s2));
+        return;
+    }
+}
+
+
+/*
+ * Construct an IGMP message in the output packet buffer.  The caller may
+ * have already placed data in that buffer, of length 'datalen'.
+ */
+void buildIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, int datalen) {
+    struct ip *ip;
+    struct igmp *igmp;
+    extern int curttl;
+
+    ip                      = (struct ip *)send_buf;
+    ip->ip_src.s_addr       = src;
+    ip->ip_dst.s_addr       = dst;
+    ip_set_len(ip, MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen);
+
+    if (IN_MULTICAST(ntohl(dst))) {
+        ip->ip_ttl = curttl;
+    } else {
+        ip->ip_ttl = MAXTTL;
+    }
+
+    igmp                    = (struct igmp *)(send_buf + MIN_IP_HEADER_LEN);
+    igmp->igmp_type         = type;
+    igmp->igmp_code         = code;
+    igmp->igmp_group.s_addr = group;
+    igmp->igmp_cksum        = 0;
+    igmp->igmp_cksum        = inetChksum((u_short *)igmp,
+                                         IGMP_MINLEN + datalen);
+}
+
+/* 
+ * Call build_igmp() to build an IGMP message in the output packet buffer.
+ * Then send the message from the interface with IP address 'src' to
+ * destination 'dst'.
+ */
+void sendIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, int datalen) {
+    struct sockaddr_in sdst;
+    int setloop = 0, setigmpsource = 0;
+
+    buildIgmp(src, dst, type, code, group, datalen);
+
+    if (IN_MULTICAST(ntohl(dst))) {
+        k_set_if(src);
+        setigmpsource = 1;
+        if (type != IGMP_DVMRP || dst == allhosts_group) {
+            setloop = 1;
+            k_set_loop(true);
+        }
+    }
+
+    memset(&sdst, 0, sizeof(sdst));
+    sdst.sin_family = AF_INET;
+#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
+    sdst.sin_len = sizeof(sdst);
+#endif
+    sdst.sin_addr.s_addr = dst;
+    if (sendto(MRouterFD, send_buf,
+               MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen, 0,
+               (struct sockaddr *)&sdst, sizeof(sdst)) < 0) {
+        if (errno == ENETDOWN)
+            my_log(LOG_ERR, errno, "Sender VIF was down.");
+        else
+            my_log(LOG_INFO, errno,
+                "sendto to %s on %s",
+                inetFmt(dst, s1), inetFmt(src, s2));
+    }
+
+    if(setigmpsource) {
+        if (setloop) {
+            k_set_loop(false);
+        }
+        // Restore original...
+        k_set_if(INADDR_ANY);
+    }
+
+    my_log(LOG_DEBUG, 0, "SENT %s from %-15s to %s",
+	    igmpPacketKind(type, code), src == INADDR_ANY ? "INADDR_ANY" :
+	    inetFmt(src, s1), inetFmt(dst, s2));
+}
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/igmp.o b/AKB/src/igmpproxy/igmpproxy-0.1/src/igmp.o
new file mode 100644
index 0000000..f5ab4d9
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1/src/igmp.o differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy b/AKB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy
new file mode 100755
index 0000000..33d002d
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c b/AKB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c
new file mode 100644
index 0000000..1ece15a
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c
@@ -0,0 +1,357 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmpproxy.c - The main file for the IGMP proxy application.
+*
+*   February 2005 - Johnny Egeland
+*/
+
+#include "igmpproxy.h"
+
+static const char Usage[] = 
+"Usage: igmpproxy [-h] [-d] [-v [-v]] <configfile>\n"
+"\n" 
+"   -h   Display this help screen\n"
+"   -d   Run in debug mode. Output all messages on stderr\n"
+"   -v   Be verbose. Give twice to see even debug messages.\n"
+"\n"
+PACKAGE_STRING "\n"
+;
+
+// Local function Prototypes
+static void signalHandler(int);
+int     igmpProxyInit();
+void    igmpProxyCleanUp();
+void    igmpProxyRun();
+
+// Global vars...
+static int sighandled = 0;
+#define	GOT_SIGINT	0x01
+#define	GOT_SIGHUP	0x02
+#define	GOT_SIGUSR1	0x04
+#define	GOT_SIGUSR2	0x08
+
+// The upstream VIF index
+int         upStreamVif;   
+
+/**
+*   Program main method. Is invoked when the program is started
+*   on commandline. The number of commandline arguments, and a
+*   pointer to the arguments are recieved on the line...
+*/    
+int main( int ArgCn, char *ArgVc[] ) {
+
+    // Parse the commandline options and setup basic settings..
+    for (int c; (c = getopt(ArgCn, ArgVc, "vdh")) != -1;) {
+        switch (c) {
+        case 'd':
+            Log2Stderr = true;
+            break;
+        case 'v':
+            if (LogLevel == LOG_INFO)
+                LogLevel = LOG_DEBUG;
+            else
+                LogLevel = LOG_INFO;
+            break;
+        case 'h':
+            fputs(Usage, stderr);
+            exit(0);
+            break;
+        default:
+            exit(1);
+            break;
+        }
+    }
+
+    if (optind != ArgCn - 1) {
+	fputs("You must specify the configuration file.\n", stderr);
+	exit(1);
+    }
+    char *configFilePath = ArgVc[optind];
+
+    // Chech that we are root
+    if (geteuid() != 0) {
+       fprintf(stderr, "igmpproxy: must be root\n");
+       exit(1);
+    }
+
+    openlog("igmpproxy", LOG_PID, LOG_USER);
+
+    // Write debug notice with file path...
+    my_log(LOG_DEBUG, 0, "Searching for config file at '%s'" , configFilePath);
+
+    do {
+
+        // Loads the config file...
+        if( ! loadConfig( configFilePath ) ) {
+            my_log(LOG_ERR, 0, "Unable to load config file...");
+            break;
+        }
+    
+        // Initializes the deamon.
+        if ( !igmpProxyInit() ) {
+            my_log(LOG_ERR, 0, "Unable to initialize IGMPproxy.");
+            break;
+        }
+
+        // Go to the main loop.
+        igmpProxyRun();
+    
+        // Clean up
+        igmpProxyCleanUp();
+
+    } while ( false );
+
+    // Inform that we are exiting.
+    my_log(LOG_INFO, 0, "Shutdown complete....");
+
+    exit(0);
+}
+
+
+
+/**
+*   Handles the initial startup of the daemon.
+*/
+int igmpProxyInit() {
+    struct sigaction sa;
+    int Err;
+
+
+    sa.sa_handler = signalHandler;
+    sa.sa_flags = 0;    /* Interrupt system calls */
+    sigemptyset(&sa.sa_mask);
+    sigaction(SIGTERM, &sa, NULL);
+    sigaction(SIGINT, &sa, NULL);
+
+    // Loads configuration for Physical interfaces...
+    buildIfVc();    
+    
+    // Configures IF states and settings
+    configureVifs();
+
+    switch ( Err = enableMRouter() ) {
+    case 0: break;
+    case EADDRINUSE: my_log( LOG_ERR, EADDRINUSE, "MC-Router API already in use" ); break;
+    default: my_log( LOG_ERR, Err, "MRT_INIT failed" );
+    }
+
+    /* create VIFs for all IP, non-loop interfaces
+     */
+    {
+        unsigned Ix;
+        struct IfDesc *Dp;
+        int     vifcount = 0;
+        upStreamVif = -1;
+
+        for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+
+            if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+                if(Dp->state == IF_STATE_UPSTREAM) {
+                    if(upStreamVif == -1) {
+                        upStreamVif = Ix;
+                    } else {
+                        my_log(LOG_ERR, 0, "Vif #%d was already upstream. Cannot set VIF #%d as upstream as well.",
+                            upStreamVif, Ix);
+                    }
+                }
+
+                addVIF( Dp );
+                vifcount++;
+            }
+        }
+
+        // If there is only one VIF, or no defined upstream VIF, we send an error.
+        if(vifcount < 2 || upStreamVif < 0) {
+            my_log(LOG_ERR, 0, "There must be at least 2 Vif's where one is upstream.");
+        }
+    }  
+    
+    // Initialize IGMP
+    initIgmp();
+    // Initialize Routing table
+    initRouteTable();
+    // Initialize timer
+    callout_init();
+
+
+    return 1;
+}
+
+/**
+*   Clean up all on exit...
+*/
+void igmpProxyCleanUp() {
+
+    my_log( LOG_DEBUG, 0, "clean handler called" );
+    
+    free_all_callouts();    // No more timeouts.
+    clearAllRoutes();       // Remove all routes.
+    disableMRouter();       // Disable the multirout API
+
+}
+
+/**
+*   Main daemon loop.
+*/
+void igmpProxyRun() {
+    // Get the config.
+    //struct Config *config = getCommonConfig();
+    // Set some needed values.
+    register int recvlen;
+    int     MaxFD, Rt, secs;
+    fd_set  ReadFDS;
+    socklen_t dummy = 0;
+    struct  timeval  curtime, lasttime, difftime, tv; 
+    // The timeout is a pointer in order to set it to NULL if nessecary.
+    struct  timeval  *timeout = &tv;
+
+    // Initialize timer vars
+    difftime.tv_usec = 0;
+    gettimeofday(&curtime, NULL);
+    lasttime = curtime;
+
+    // First thing we send a membership query in downstream VIF's...
+    sendGeneralMembershipQuery();
+
+    // Loop until the end...
+    for (;;) {
+
+        // Process signaling...
+        if (sighandled) {
+            if (sighandled & GOT_SIGINT) {
+                sighandled &= ~GOT_SIGINT;
+                my_log(LOG_NOTICE, 0, "Got a interupt signal. Exiting.");
+                break;
+            }
+        }
+
+        // Prepare timeout...
+        secs = timer_nextTimer();
+        if(secs == -1) {
+            timeout = NULL;
+        } else {
+            timeout->tv_usec = 0;
+            timeout->tv_sec = secs;
+        }
+
+        // Prepare for select.
+        MaxFD = MRouterFD;
+
+        FD_ZERO( &ReadFDS );
+        FD_SET( MRouterFD, &ReadFDS );
+
+        // wait for input
+        Rt = select( MaxFD +1, &ReadFDS, NULL, NULL, timeout );
+
+        // log and ignore failures
+        if( Rt < 0 ) {
+            my_log( LOG_WARNING, errno, "select() failure" );
+            continue;
+        }
+        else if( Rt > 0 ) {
+
+            // Read IGMP request, and handle it...
+            if( FD_ISSET( MRouterFD, &ReadFDS ) ) {
+    
+                recvlen = recvfrom(MRouterFD, recv_buf, RECV_BUF_SIZE,
+                                   0, NULL, &dummy);
+                if (recvlen < 0) {
+                    if (errno != EINTR) my_log(LOG_ERR, errno, "recvfrom");
+                    continue;
+                }
+                
+
+                acceptIgmp(recvlen);
+            }
+        }
+
+        // At this point, we can handle timeouts...
+        do {
+            /*
+             * If the select timed out, then there's no other
+             * activity to account for and we don't need to
+             * call gettimeofday.
+             */
+            if (Rt == 0) {
+                curtime.tv_sec = lasttime.tv_sec + secs;
+                curtime.tv_usec = lasttime.tv_usec;
+                Rt = -1; /* don't do this next time through the loop */
+            } else {
+                gettimeofday(&curtime, NULL);
+            }
+            difftime.tv_sec = curtime.tv_sec - lasttime.tv_sec;
+            difftime.tv_usec += curtime.tv_usec - lasttime.tv_usec;
+            while (difftime.tv_usec > 1000000) {
+                difftime.tv_sec++;
+                difftime.tv_usec -= 1000000;
+            }
+            if (difftime.tv_usec < 0) {
+                difftime.tv_sec--;
+                difftime.tv_usec += 1000000;
+            }
+            lasttime = curtime;
+            if (secs == 0 || difftime.tv_sec > 0)
+                age_callout_queue(difftime.tv_sec);
+            secs = -1;
+        } while (difftime.tv_sec > 0);
+
+    }
+
+}
+
+/*
+ * Signal handler.  Take note of the fact that the signal arrived
+ * so that the main loop can take care of it.
+ */
+static void signalHandler(int sig) {
+    switch (sig) {
+    case SIGINT:
+    case SIGTERM:
+        sighandled |= GOT_SIGINT;
+        break;
+        /* XXX: Not in use.
+        case SIGHUP:
+            sighandled |= GOT_SIGHUP;
+            break;
+    
+        case SIGUSR1:
+            sighandled |= GOT_SIGUSR1;
+            break;
+    
+        case SIGUSR2:
+            sighandled |= GOT_SIGUSR2;
+            break;
+        */
+    }
+}
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h b/AKB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h
new file mode 100644
index 0000000..4dabd1c
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h
@@ -0,0 +1,279 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmpproxy.h - Header file for common includes.
+*/
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <signal.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <stdbool.h>
+
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/time.h>
+#include <sys/ioctl.h>
+#include <sys/param.h>
+
+#include <net/if.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include "os.h"
+#include "config.h"
+
+/*
+ * Limit on length of route data
+ */
+#define MAX_IP_PACKET_LEN	576
+#define MIN_IP_HEADER_LEN	20
+#define MAX_IP_HEADER_LEN	60
+
+#define MAX_MC_VIFS    32     // !!! check this const in the specific includes
+
+// Useful macros..          
+#define VCMC( Vc )  (sizeof( Vc ) / sizeof( (Vc)[ 0 ] ))
+#define VCEP( Vc )  (&(Vc)[ VCMC( Vc ) ])
+
+// Bit manipulation macros...
+#define BIT_ZERO(X)      ((X) = 0)
+#define BIT_SET(X,n)     ((X) |= 1 << (n))
+#define BIT_CLR(X,n)     ((X) &= ~(1 << (n)))
+#define BIT_TST(X,n)     ((X) & 1 << (n))
+
+
+//#################################################################################
+//  Globals
+//#################################################################################
+
+/*
+ * External declarations for global variables and functions.
+ */
+#define RECV_BUF_SIZE 8192
+extern char     *recv_buf;
+extern char     *send_buf;
+
+extern char     s1[];
+extern char     s2[];
+extern char		s3[];
+extern char		s4[];
+
+
+
+//#################################################################################
+//  Lib function prototypes.
+//#################################################################################
+
+/* syslog.c
+ */
+extern bool Log2Stderr;           // Log to stderr instead of to syslog
+extern int  LogLevel;             // Log threshold, LOG_WARNING .... LOG_DEBUG 
+
+void my_log( int Serverity, int Errno, const char *FmtSt, ... );
+
+/* ifvc.c
+ */
+#define MAX_IF         40     // max. number of interfaces recognized 
+
+// Interface states
+#define IF_STATE_DISABLED      0   // Interface should be ignored.
+#define IF_STATE_UPSTREAM      1   // Interface is the upstream interface
+#define IF_STATE_DOWNSTREAM    2   // Interface is a downstream interface
+
+// Multicast default values...
+#define DEFAULT_ROBUSTNESS     2
+#define DEFAULT_THRESHOLD      1
+#define DEFAULT_RATELIMIT      0
+
+// Define timer constants (in seconds...)
+#define INTERVAL_QUERY          125
+#define INTERVAL_QUERY_RESPONSE  10
+//#define INTERVAL_QUERY_RESPONSE  10
+
+#define ROUTESTATE_NOTJOINED            0   // The group corresponding to route is not joined
+#define ROUTESTATE_JOINED               1   // The group corresponding to route is joined
+#define ROUTESTATE_CHECK_LAST_MEMBER    2   // The router is checking for hosts
+
+
+
+// Linked list of networks... 
+struct SubnetList {
+    uint32_t              subnet_addr;
+    uint32_t              subnet_mask;
+    struct SubnetList*  next;
+};
+
+struct IfDesc {
+    char                Name[IF_NAMESIZE];
+    struct in_addr      InAdr;          /* == 0 for non IP interfaces */            
+    short               Flags;
+    short               state;
+    struct SubnetList*  allowednets;
+    unsigned int        robustness;
+    unsigned char       threshold;   /* ttl limit */
+    unsigned int        ratelimit; 
+    unsigned int        index;
+};
+
+// Keeps common configuration settings 
+struct Config {
+    unsigned int        robustnessValue;
+    unsigned int        queryInterval;
+    unsigned int        queryResponseInterval;
+    // Used on startup..
+    unsigned int        startupQueryInterval;
+    unsigned int        startupQueryCount;
+    // Last member probe...
+    unsigned int        lastMemberQueryInterval;
+    unsigned int        lastMemberQueryCount;
+    // Set if upstream leave messages should be sent instantly..
+    unsigned short      fastUpstreamLeave;
+};
+
+// Defines the Index of the upstream VIF...
+extern int upStreamVif;
+
+/* ifvc.c
+ */
+void buildIfVc( void );
+struct IfDesc *getIfByName( const char *IfName );
+struct IfDesc *getIfByIx( unsigned Ix );
+struct IfDesc *getIfByAddress( uint32_t Ix );
+int isAdressValidForIf(struct IfDesc* intrface, uint32_t ipaddr);
+
+/* mroute-api.c
+ */
+struct MRouteDesc {
+    struct in_addr  OriginAdr, McAdr;
+    short           InVif;
+    uint8_t           TtlVc[ MAX_MC_VIFS ];
+};
+
+// IGMP socket as interface for the mrouted API
+// - receives the IGMP messages
+extern int MRouterFD;
+
+int enableMRouter( void );
+void disableMRouter( void );
+void addVIF( struct IfDesc *Dp );
+int addMRoute( struct MRouteDesc * Dp );
+int delMRoute( struct MRouteDesc * Dp );
+int getVifIx( struct IfDesc *IfDp );
+
+/* config.c
+ */
+int loadConfig(char *configFile);
+void configureVifs();
+struct Config *getCommonConfig();
+
+/* igmp.c
+*/
+extern uint32_t allhosts_group;
+extern uint32_t allrouters_group;
+void initIgmp(void);
+void acceptIgmp(int);
+void sendIgmp (uint32_t, uint32_t, int, int, uint32_t,int);
+
+/* lib.c
+ */
+char   *fmtInAdr( char *St, struct in_addr InAdr );
+char   *inetFmt(uint32_t addr, char *s);
+char   *inetFmts(uint32_t addr, uint32_t mask, char *s);
+uint16_t inetChksum(uint16_t *addr, int len);
+
+/* kern.c
+ */
+void k_set_rcvbuf(int bufsize, int minsize);
+void k_hdr_include(int hdrincl);
+void k_set_ttl(int t);
+void k_set_loop(int l);
+void k_set_if(uint32_t ifa);
+/*
+void k_join(uint32_t grp, uint32_t ifa);
+void k_leave(uint32_t grp, uint32_t ifa);
+*/
+
+/* udpsock.c
+ */
+int openUdpSocket( uint32_t PeerInAdr, uint16_t PeerPort );
+
+/* mcgroup.c
+ */
+int joinMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr );
+int leaveMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr );
+
+
+/* rttable.c
+ */
+void initRouteTable();
+void clearAllRoutes();
+int insertRoute(uint32_t group, int ifx);
+int activateRoute(uint32_t group, uint32_t originAddr);
+void ageActiveRoutes();
+void setRouteLastMemberMode(uint32_t group);
+int lastMemberGroupAge(uint32_t group);
+
+/* request.c
+ */
+void acceptGroupReport(uint32_t src, uint32_t group, uint8_t type);
+void acceptLeaveMessage(uint32_t src, uint32_t group);
+void sendGeneralMembershipQuery();
+
+/* callout.c 
+*/
+typedef void (*timer_f)(void *);
+
+void callout_init();
+void free_all_callouts();
+void age_callout_queue(int);
+int timer_nextTimer();
+int timer_setTimer(int, timer_f, void *);
+int timer_clearTimer(int);
+int timer_leftTimer(int);
+
+/* confread.c
+ */
+#define MAX_TOKEN_LENGTH    30
+
+int openConfigFile(char *filename);
+void closeConfigFile();
+char* nextConfigToken();
+char* getCurrentConfigToken();
+
+
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o b/AKB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o
new file mode 100644
index 0000000..d232582
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/kern.c b/AKB/src/igmpproxy/igmpproxy-0.1/src/kern.c
new file mode 100644
index 0000000..2055636
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/kern.c
@@ -0,0 +1,140 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+
+#include "igmpproxy.h"
+
+int curttl = 0;
+
+void k_set_rcvbuf(int bufsize, int minsize) {
+    int delta = bufsize / 2;
+    int iter = 0;
+
+    /*
+     * Set the socket buffer.  If we can't set it as large as we
+     * want, search around to try to find the highest acceptable
+     * value.  The highest acceptable value being smaller than
+     * minsize is a fatal error.
+     */
+    if (setsockopt(MRouterFD, SOL_SOCKET, SO_RCVBUF,
+                   (char *)&bufsize, sizeof(bufsize)) < 0) {
+        bufsize -= delta;
+        while (1) {
+            iter++;
+            if (delta > 1)
+                delta /= 2;
+
+            if (setsockopt(MRouterFD, SOL_SOCKET, SO_RCVBUF,
+                           (char *)&bufsize, sizeof(bufsize)) < 0) {
+                bufsize -= delta;
+            } else {
+                if (delta < 1024)
+                    break;
+                bufsize += delta;
+            }
+        }
+        if (bufsize < minsize) {
+            my_log(LOG_ERR, 0, "OS-allowed buffer size %u < app min %u",
+                bufsize, minsize);
+            /*NOTREACHED*/
+        }
+    }
+    my_log(LOG_DEBUG, 0, "Got %d byte buffer size in %d iterations", bufsize, iter);
+}
+
+
+void k_hdr_include(int hdrincl) {
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_HDRINCL,
+                   (char *)&hdrincl, sizeof(hdrincl)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_HDRINCL %u", hdrincl);
+}
+
+
+void k_set_ttl(int t) {
+#ifndef RAW_OUTPUT_IS_RAW
+    u_char ttl;
+
+    ttl = t;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_TTL,
+                   (char *)&ttl, sizeof(ttl)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_TTL %u", ttl);
+#endif
+    curttl = t;
+}
+
+
+void k_set_loop(int l) {
+    u_char loop;
+
+    loop = l;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_LOOP,
+                   (char *)&loop, sizeof(loop)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_LOOP %u", loop);
+}
+
+void k_set_if(uint32_t ifa) {
+    struct in_addr adr;
+
+    adr.s_addr = ifa;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_IF,
+                   (char *)&adr, sizeof(adr)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_IF %s",
+            inetFmt(ifa, s1));
+}
+
+/*
+void k_join(uint32_t grp, uint32_t ifa) {
+    struct ip_mreq mreq;
+
+    mreq.imr_multiaddr.s_addr = grp;
+    mreq.imr_interface.s_addr = ifa;
+
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_ADD_MEMBERSHIP,
+                   (char *)&mreq, sizeof(mreq)) < 0)
+        my_log(LOG_WARNING, errno, "can't join group %s on interface %s",
+            inetFmt(grp, s1), inetFmt(ifa, s2));
+}
+
+
+void k_leave(uint32_t grp, uint32_t ifa) {
+    struct ip_mreq mreq;
+
+    mreq.imr_multiaddr.s_addr = grp;
+    mreq.imr_interface.s_addr = ifa;
+
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_DROP_MEMBERSHIP,
+                   (char *)&mreq, sizeof(mreq)) < 0)
+        my_log(LOG_WARNING, errno, "can't leave group %s on interface %s",
+            inetFmt(grp, s1), inetFmt(ifa, s2));
+}
+*/
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/kern.o b/AKB/src/igmpproxy/igmpproxy-0.1/src/kern.o
new file mode 100644
index 0000000..4f69834
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1/src/kern.o differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/lib.c b/AKB/src/igmpproxy/igmpproxy-0.1/src/lib.c
new file mode 100644
index 0000000..70a730a
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/lib.c
@@ -0,0 +1,148 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+/*
+ * Exported variables.
+ */
+char s1[19];        /* buffers to hold the string representations  */
+char s2[19];        /* of IP addresses, to be passed to inet_fmt() */
+char s3[19];        /* or inet_fmts().                             */
+char s4[19];
+            
+/*
+** Formats 'InAdr' into a dotted decimal string. 
+**
+** returns: - pointer to 'St'
+**          
+*/
+char *fmtInAdr( char *St, struct in_addr InAdr ) {
+    sprintf( St, "%u.%u.%u.%u", 
+             ((uint8_t *)&InAdr.s_addr)[ 0 ],
+             ((uint8_t *)&InAdr.s_addr)[ 1 ],
+             ((uint8_t *)&InAdr.s_addr)[ 2 ],
+             ((uint8_t *)&InAdr.s_addr)[ 3 ] );
+
+    return St;
+}
+
+/*
+ * Convert an IP address in u_long (network) format into a printable string.
+ */
+char *inetFmt(uint32_t addr, char *s) {
+    register u_char *a;
+
+    a = (u_char *)&addr;
+    sprintf(s, "%u.%u.%u.%u", a[0], a[1], a[2], a[3]);
+    return(s);
+}
+
+
+/*
+ * Convert an IP subnet number in u_long (network) format into a printable
+ * string including the netmask as a number of bits.
+ */
+char *inetFmts(uint32_t addr, uint32_t mask, char *s) {
+    register u_char *a, *m;
+    int bits;
+
+    if ((addr == 0) && (mask == 0)) {
+        sprintf(s, "default");
+        return(s);
+    }
+    a = (u_char *)&addr;
+    m = (u_char *)&mask;
+    bits = 33 - ffs(ntohl(mask));
+
+    if (m[3] != 0) sprintf(s, "%u.%u.%u.%u/%d", a[0], a[1], a[2], a[3],
+                           bits);
+    else if (m[2] != 0) sprintf(s, "%u.%u.%u/%d",    a[0], a[1], a[2], bits);
+    else if (m[1] != 0) sprintf(s, "%u.%u/%d",       a[0], a[1], bits);
+    else                sprintf(s, "%u/%d",          a[0], bits);
+
+    return(s);
+}
+
+/*
+ * inet_cksum extracted from:
+ *			P I N G . C
+ *
+ * Author -
+ *	Mike Muuss
+ *	U. S. Army Ballistic Research Laboratory
+ *	December, 1983
+ * Modified at Uc Berkeley
+ *
+ * (ping.c) Status -
+ *	Public Domain.  Distribution Unlimited.
+ *
+ *			I N _ C K S U M
+ *
+ * Checksum routine for Internet Protocol family headers (C Version)
+ *
+ */
+uint16_t inetChksum(uint16_t *addr, int len) {
+    register int nleft = len;
+    register uint16_t *w = addr;
+    uint16_t answer = 0;
+    register int32_t sum = 0;
+
+    /*
+     *  Our algorithm is simple, using a 32 bit accumulator (sum),
+     *  we add sequential 16 bit words to it, and at the end, fold
+     *  back all the carry bits from the top 16 bits into the lower
+     *  16 bits.
+     */
+    while (nleft > 1) {
+        sum += *w++;
+        nleft -= 2;
+    }
+
+    /* mop up an odd byte, if necessary */
+    if (nleft == 1) {
+        *(uint8_t *) (&answer) = *(uint8_t *)w ;
+        sum += answer;
+    }
+
+    /*
+     * add back carry outs from top 16 bits to low 16 bits
+     */
+    sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
+    sum += (sum >> 16);         /* add carry */
+    answer = ~sum;              /* truncate to 16 bits */
+    return(answer);
+}
+
+
+
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/lib.o b/AKB/src/igmpproxy/igmpproxy-0.1/src/lib.o
new file mode 100644
index 0000000..786e63b
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1/src/lib.o differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c b/AKB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c
new file mode 100644
index 0000000..e657c22
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c
@@ -0,0 +1,86 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   mcgroup contains functions for joining and leaving multicast groups.
+*
+*/
+
+#include "igmpproxy.h"
+       
+
+/**
+*   Common function for joining or leaving a MCast group.
+*/
+static int joinleave( int Cmd, int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    struct ip_mreq CtlReq;
+    const char *CmdSt = Cmd == 'j' ? "join" : "leave";
+    
+    memset(&CtlReq, 0, sizeof(CtlReq));
+    CtlReq.imr_multiaddr.s_addr = mcastaddr;
+    CtlReq.imr_interface.s_addr = IfDp->InAdr.s_addr;
+    
+    {
+        my_log( LOG_NOTICE, 0, "%sMcGroup: %s on %s", CmdSt, 
+            inetFmt( mcastaddr, s1 ), IfDp ? IfDp->Name : "<any>" );
+    }
+    
+    if( setsockopt( UdpSock, IPPROTO_IP, 
+          Cmd == 'j' ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP, 
+          (void *)&CtlReq, sizeof( CtlReq ) ) ) 
+    {
+        my_log( LOG_WARNING, errno, "MRT_%s_MEMBERSHIP failed", Cmd == 'j' ? "ADD" : "DROP" );
+        return 1;
+    }
+    
+    return 0;
+}
+
+/**
+*   Joins the MC group with the address 'McAdr' on the interface 'IfName'. 
+*   The join is bound to the UDP socket 'UdpSock', so if this socket is 
+*   closed the membership is dropped.
+*          
+*   @return 0 if the function succeeds, 1 if parameters are wrong or the join fails
+*/
+int joinMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    return joinleave( 'j', UdpSock, IfDp, mcastaddr );
+}
+
+/**
+*   Leaves the MC group with the address 'McAdr' on the interface 'IfName'. 
+*          
+*   @return 0 if the function succeeds, 1 if parameters are wrong or the join fails
+*/
+int leaveMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    return joinleave( 'l', UdpSock, IfDp, mcastaddr );
+}
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o b/AKB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o
new file mode 100644
index 0000000..8b00338
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c b/AKB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c
new file mode 100644
index 0000000..7c2be3e
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c
@@ -0,0 +1,242 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   mroute-api.c
+*
+*   This module contains the interface routines to the Linux mrouted API
+*/
+
+
+#include "igmpproxy.h"
+
+// MAX_MC_VIFS from mclab.h must have same value as MAXVIFS from mroute.h
+#if MAX_MC_VIFS != MAXVIFS
+# error "constants don't match, correct mclab.h"
+#endif
+     
+// need an IGMP socket as interface for the mrouted API
+// - receives the IGMP messages
+int         MRouterFD;        /* socket for all network I/O  */
+char        *recv_buf;           /* input packet buffer         */
+char        *send_buf;           /* output packet buffer        */
+
+
+// my internal virtual interfaces descriptor vector  
+static struct VifDesc {
+    struct IfDesc *IfDp;
+} VifDescVc[ MAXVIFS ];
+
+
+
+/*
+** Initialises the mrouted API and locks it by this exclusively.
+**     
+** returns: - 0 if the functions succeeds     
+**          - the errno value for non-fatal failure condition
+*/
+int enableMRouter()
+{
+    int Va = 1;
+
+    if ( (MRouterFD  = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP)) < 0 )
+        my_log( LOG_ERR, errno, "IGMP socket open" );
+
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_INIT, 
+                     (void *)&Va, sizeof( Va ) ) )
+        return errno;
+
+    return 0;
+}
+
+/*
+** Diables the mrouted API and relases by this the lock.
+**          
+*/
+void disableMRouter()
+{
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_DONE, NULL, 0 ) 
+         || close( MRouterFD )
+       ) {
+        MRouterFD = 0;
+        my_log( LOG_ERR, errno, "MRT_DONE/close" );
+    }
+
+    MRouterFD = 0;
+}
+
+/*
+** Adds the interface '*IfDp' as virtual interface to the mrouted API
+** 
+*/
+void addVIF( struct IfDesc *IfDp )
+{
+    struct vifctl VifCtl;
+    struct VifDesc *VifDp;
+
+    /* search free VifDesc
+     */
+    for ( VifDp = VifDescVc; VifDp < VCEP( VifDescVc ); VifDp++ ) {
+        if ( ! VifDp->IfDp )
+            break;
+    }
+
+    /* no more space
+     */
+    if ( VifDp >= VCEP( VifDescVc ) )
+        my_log( LOG_ERR, ENOMEM, "addVIF, out of VIF space" );
+
+    VifDp->IfDp = IfDp;
+
+    VifCtl.vifc_vifi  = VifDp - VifDescVc; 
+    VifCtl.vifc_flags = 0;        /* no tunnel, no source routing, register ? */
+    VifCtl.vifc_threshold  = VifDp->IfDp->threshold;    // Packet TTL must be at least 1 to pass them
+    VifCtl.vifc_rate_limit = VifDp->IfDp->ratelimit;    // Ratelimit
+
+    VifCtl.vifc_lcl_addr.s_addr = VifDp->IfDp->InAdr.s_addr;
+    VifCtl.vifc_rmt_addr.s_addr = INADDR_ANY;
+
+    // Set the index...
+    VifDp->IfDp->index = VifCtl.vifc_vifi;
+
+    my_log( LOG_NOTICE, 0, "adding VIF, Ix %d Fl 0x%x IP 0x%08x %s, Threshold: %d, Ratelimit: %d", 
+         VifCtl.vifc_vifi, VifCtl.vifc_flags,  VifCtl.vifc_lcl_addr.s_addr, VifDp->IfDp->Name,
+         VifCtl.vifc_threshold, VifCtl.vifc_rate_limit);
+
+    struct SubnetList *currSubnet;
+    for(currSubnet = IfDp->allowednets; currSubnet; currSubnet = currSubnet->next) {
+	my_log(LOG_DEBUG, 0, "        Network for [%s] : %s",
+	    IfDp->Name,
+	    inetFmts(currSubnet->subnet_addr, currSubnet->subnet_mask, s1));
+    }
+
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_ADD_VIF, 
+                     (char *)&VifCtl, sizeof( VifCtl ) ) )
+        my_log( LOG_ERR, errno, "MRT_ADD_VIF" );
+
+}
+
+/*
+** Adds the multicast routed '*Dp' to the kernel routes
+**
+** returns: - 0 if the function succeeds
+**          - the errno value for non-fatal failure condition
+*/
+int addMRoute( struct MRouteDesc *Dp )
+{
+    struct mfcctl CtlReq;
+    int rc;
+
+    CtlReq.mfcc_origin    = Dp->OriginAdr;
+    CtlReq.mfcc_mcastgrp  = Dp->McAdr;
+    CtlReq.mfcc_parent    = Dp->InVif;
+
+    /* copy the TTL vector
+     */
+
+    memcpy( CtlReq.mfcc_ttls, Dp->TtlVc, sizeof( CtlReq.mfcc_ttls ) );
+
+    {
+        char FmtBuO[ 32 ], FmtBuM[ 32 ];
+
+        my_log( LOG_NOTICE, 0, "Adding MFC: %s -> %s, InpVIf: %d", 
+             fmtInAdr( FmtBuO, CtlReq.mfcc_origin ), 
+             fmtInAdr( FmtBuM, CtlReq.mfcc_mcastgrp ),
+             (int)CtlReq.mfcc_parent
+           );
+    }
+
+    rc = setsockopt( MRouterFD, IPPROTO_IP, MRT_ADD_MFC,
+		    (void *)&CtlReq, sizeof( CtlReq ) );
+    if (rc)
+        my_log( LOG_WARNING, errno, "MRT_ADD_MFC" );
+
+    return rc;
+}
+
+/*
+** Removes the multicast routed '*Dp' from the kernel routes
+**
+** returns: - 0 if the function succeeds
+**          - the errno value for non-fatal failure condition
+*/
+int delMRoute( struct MRouteDesc *Dp )
+{
+    struct mfcctl CtlReq;
+    int rc;
+
+    CtlReq.mfcc_origin    = Dp->OriginAdr;
+    CtlReq.mfcc_mcastgrp  = Dp->McAdr;
+    CtlReq.mfcc_parent    = Dp->InVif;
+
+    /* clear the TTL vector
+     */
+    memset( CtlReq.mfcc_ttls, 0, sizeof( CtlReq.mfcc_ttls ) );
+
+    {
+        char FmtBuO[ 32 ], FmtBuM[ 32 ];
+
+        my_log( LOG_NOTICE, 0, "Removing MFC: %s -> %s, InpVIf: %d", 
+             fmtInAdr( FmtBuO, CtlReq.mfcc_origin ), 
+             fmtInAdr( FmtBuM, CtlReq.mfcc_mcastgrp ),
+             (int)CtlReq.mfcc_parent
+           );
+    }
+
+    rc = setsockopt( MRouterFD, IPPROTO_IP, MRT_DEL_MFC,
+		    (void *)&CtlReq, sizeof( CtlReq ) );
+    if (rc)
+        my_log( LOG_WARNING, errno, "MRT_DEL_MFC" );
+
+    return rc;
+}
+
+/*
+** Returns for the virtual interface index for '*IfDp'
+**
+** returns: - the vitrual interface index if the interface is registered
+**          - -1 if no virtual interface exists for the interface 
+**          
+*/
+int getVifIx( struct IfDesc *IfDp )
+{
+    struct VifDesc *Dp;
+
+    for ( Dp = VifDescVc; Dp < VCEP( VifDescVc ); Dp++ )
+        if ( Dp->IfDp == IfDp )
+            return Dp - VifDescVc;
+
+    return -1;
+}
+
+
+
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o b/AKB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o
new file mode 100644
index 0000000..8ea168c
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h b/AKB/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h
new file mode 100644
index 0000000..735401c
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h
@@ -0,0 +1,14 @@
+#include <net/route.h>
+#include <net/ip_mroute/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h b/AKB/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h
new file mode 100644
index 0000000..ca01cc5
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h
@@ -0,0 +1,23 @@
+#include <net/route.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#if __FreeBSD_version >= 800069 && defined BURN_BRIDGES \
+	|| __FreeBSD_version >= 800098
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+#endif
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/os-linux.h b/AKB/src/igmpproxy/igmpproxy-0.1/src/os-linux.h
new file mode 100644
index 0000000..7504b1f
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/os-linux.h
@@ -0,0 +1,15 @@
+#define _LINUX_IN_H
+#include <linux/types.h>
+#include <linux/mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ntohs(ip->ip_len) - (ip->ip_hl << 2);
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = htons(len);
+}
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h b/AKB/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h
new file mode 100644
index 0000000..17bd5fa
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h
@@ -0,0 +1,19 @@
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h b/AKB/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h
new file mode 100644
index 0000000..873e5fb
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h
@@ -0,0 +1,21 @@
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+
+#define INADDR_ALLRTRS_GROUP INADDR_ALLROUTERS_GROUP
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ntohs(ip->ip_len) - (ip->ip_hl << 2);
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = htons(len);
+}
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/os.h b/AKB/src/igmpproxy/igmpproxy-0.1/src/os.h
new file mode 120000
index 0000000..142e404
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/os.h
@@ -0,0 +1 @@
+../src/os-linux.h
\ No newline at end of file
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/request.c b/AKB/src/igmpproxy/igmpproxy-0.1/src/request.c
new file mode 100644
index 0000000..e3589f6
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/request.c
@@ -0,0 +1,222 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   request.c 
+*
+*   Functions for recieveing and processing IGMP requests.
+*
+*/
+
+#include "igmpproxy.h"
+
+// Prototypes...
+void sendGroupSpecificMemberQuery(void *argument);  
+    
+typedef struct {
+    uint32_t      group;
+    uint32_t      vifAddr;
+    short       started;
+} GroupVifDesc;
+
+
+/**
+*   Handles incoming membership reports, and
+*   appends them to the routing table.
+*/
+void acceptGroupReport(uint32_t src, uint32_t group, uint8_t type) {
+    struct IfDesc  *sourceVif;
+
+    // Sanitycheck the group adress...
+    if(!IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group.",
+            inetFmt(group, s1));
+        return;
+    }
+
+    // Find the interface on which the report was recieved.
+    sourceVif = getIfByAddress( src );
+    if(sourceVif == NULL) {
+        my_log(LOG_WARNING, 0, "No interfaces found for source %s",
+            inetFmt(src,s1));
+        return;
+    }
+
+    if(sourceVif->InAdr.s_addr == src) {
+        my_log(LOG_NOTICE, 0, "The IGMP message was from myself. Ignoring.");
+        return;
+    }
+
+    // We have a IF so check that it's an downstream IF.
+    if(sourceVif->state == IF_STATE_DOWNSTREAM) {
+
+        my_log(LOG_DEBUG, 0, "Should insert group %s (from: %s) to route table. Vif Ix : %d",
+            inetFmt(group,s1), inetFmt(src,s2), sourceVif->index);
+
+        // The membership report was OK... Insert it into the route table..
+        insertRoute(group, sourceVif->index);
+
+
+    } else {
+        // Log the state of the interface the report was recieved on.
+        my_log(LOG_INFO, 0, "Mebership report was recieved on %s. Ignoring.",
+            sourceVif->state==IF_STATE_UPSTREAM?"the upstream interface":"a disabled interface");
+    }
+
+}
+
+/**
+*   Recieves and handles a group leave message.
+*/
+void acceptLeaveMessage(uint32_t src, uint32_t group) {
+    struct IfDesc   *sourceVif;
+    
+    my_log(LOG_DEBUG, 0,
+	    "Got leave message from %s to %s. Starting last member detection.",
+	    inetFmt(src, s1), inetFmt(group, s2));
+
+    // Sanitycheck the group adress...
+    if(!IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group.",
+            inetFmt(group, s1));
+        return;
+    }
+
+    // Find the interface on which the report was recieved.
+    sourceVif = getIfByAddress( src );
+    if(sourceVif == NULL) {
+        my_log(LOG_WARNING, 0, "No interfaces found for source %s",
+            inetFmt(src,s1));
+        return;
+    }
+
+    // We have a IF so check that it's an downstream IF.
+    if(sourceVif->state == IF_STATE_DOWNSTREAM) {
+
+        GroupVifDesc   *gvDesc;
+        gvDesc = (GroupVifDesc*) malloc(sizeof(GroupVifDesc));
+
+        // Tell the route table that we are checking for remaining members...
+        setRouteLastMemberMode(group);
+
+        // Call the group spesific membership querier...
+        gvDesc->group = group;
+        gvDesc->vifAddr = sourceVif->InAdr.s_addr;
+        gvDesc->started = 0;
+
+        sendGroupSpecificMemberQuery(gvDesc);
+
+    } else {
+        // just ignore the leave request...
+        my_log(LOG_DEBUG, 0, "The found if for %s was not downstream. Ignoring leave request.", inetFmt(src, s1));
+    }
+}
+
+/**
+*   Sends a group specific member report query until the 
+*   group times out...
+*/
+void sendGroupSpecificMemberQuery(void *argument) {
+    struct  Config  *conf = getCommonConfig();
+
+    // Cast argument to correct type...
+    GroupVifDesc   *gvDesc = (GroupVifDesc*) argument;
+
+    if(gvDesc->started) {
+        // If aging returns false, we don't do any further action...
+        if(!lastMemberGroupAge(gvDesc->group)) {
+            return;
+        }
+    } else {
+        gvDesc->started = 1;
+    }
+
+    // Send a group specific membership query...
+    sendIgmp(gvDesc->vifAddr, gvDesc->group, 
+             IGMP_MEMBERSHIP_QUERY,
+             conf->lastMemberQueryInterval * IGMP_TIMER_SCALE, 
+             gvDesc->group, 0);
+
+    my_log(LOG_DEBUG, 0, "Sent membership query from %s to %s. Delay: %d",
+        inetFmt(gvDesc->vifAddr,s1), inetFmt(gvDesc->group,s2),
+        conf->lastMemberQueryInterval);
+
+    // Set timeout for next round...
+    timer_setTimer(conf->lastMemberQueryInterval, sendGroupSpecificMemberQuery, gvDesc);
+
+}
+
+
+/**
+*   Sends a general membership query on downstream VIFs
+*/
+void sendGeneralMembershipQuery() {
+    struct  Config  *conf = getCommonConfig();
+    struct  IfDesc  *Dp;
+    int             Ix;
+
+    // Loop through all downstream vifs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+            if(Dp->state == IF_STATE_DOWNSTREAM) {
+                // Send the membership query...
+                sendIgmp(Dp->InAdr.s_addr, allhosts_group, 
+                         IGMP_MEMBERSHIP_QUERY,
+                         conf->queryResponseInterval * IGMP_TIMER_SCALE, 0, 0);
+                
+                my_log(LOG_DEBUG, 0,
+			"Sent membership query from %s to %s. Delay: %d",
+			inetFmt(Dp->InAdr.s_addr,s1),
+			inetFmt(allhosts_group,s2),
+			conf->queryResponseInterval);
+            }
+        }
+    }
+
+    // Install timer for aging active routes.
+    timer_setTimer(conf->queryResponseInterval, ageActiveRoutes, NULL);
+
+    // Install timer for next general query...
+    if(conf->startupQueryCount>0) {
+        // Use quick timer...
+        timer_setTimer(conf->startupQueryInterval, sendGeneralMembershipQuery, NULL);
+        // Decrease startup counter...
+        conf->startupQueryCount--;
+    } 
+    else {
+        // Use slow timer...
+        timer_setTimer(conf->queryInterval, sendGeneralMembershipQuery, NULL);
+    }
+
+
+}
+ 
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/request.o b/AKB/src/igmpproxy/igmpproxy-0.1/src/request.o
new file mode 100644
index 0000000..bff7c33
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1/src/request.o differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/rttable.c b/AKB/src/igmpproxy/igmpproxy-0.1/src/rttable.c
new file mode 100644
index 0000000..f0701a8
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/rttable.c
@@ -0,0 +1,662 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   rttable.c 
+*
+*   Updates the routingtable according to 
+*     recieved request.
+*/
+
+#include "igmpproxy.h"
+    
+/**
+*   Routing table structure definition. Double linked list...
+*/
+struct RouteTable {
+    struct RouteTable   *nextroute;     // Pointer to the next group in line.
+    struct RouteTable   *prevroute;     // Pointer to the previous group in line.
+    uint32_t              group;          // The group to route
+    uint32_t              originAddr;     // The origin adress (only set on activated routes)
+    uint32_t              vifBits;        // Bits representing recieving VIFs.
+
+    // Keeps the upstream membership state...
+    short               upstrState;     // Upstream membership state.
+
+    // These parameters contain aging details.
+    uint32_t              ageVifBits;     // Bits representing aging VIFs.
+    int                 ageValue;       // Downcounter for death.          
+    int                 ageActivity;    // Records any acitivity that notes there are still listeners.
+};
+
+                 
+// Keeper for the routing table...
+static struct RouteTable   *routing_table;
+
+// Prototypes
+void logRouteTable(char *header);
+int  internAgeRoute(struct RouteTable*  croute);
+int internUpdateKernelRoute(struct RouteTable *route, int activate);
+
+// Socket for sending join or leave requests.
+int mcGroupSock = 0;
+
+
+/**
+*   Function for retrieving the Multicast Group socket.
+*/
+int getMcGroupSock() {
+    if( ! mcGroupSock ) {
+        mcGroupSock = openUdpSocket( INADDR_ANY, 0 );;
+    }
+    return mcGroupSock;
+}
+ 
+/**
+*   Initializes the routing table.
+*/
+void initRouteTable() {
+    unsigned Ix;
+    struct IfDesc *Dp;
+
+    // Clear routing table...
+    routing_table = NULL;
+
+    // Join the all routers group on downstream vifs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        // If this is a downstream vif, we should join the All routers group...
+        if( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) && Dp->state == IF_STATE_DOWNSTREAM) {
+            my_log(LOG_DEBUG, 0, "Joining all-routers group %s on vif %s",
+                         inetFmt(allrouters_group,s1),inetFmt(Dp->InAdr.s_addr,s2));
+            
+            //k_join(allrouters_group, Dp->InAdr.s_addr);
+            joinMcGroup( getMcGroupSock(), Dp, allrouters_group );
+        }
+    }
+}
+
+/**
+*   Internal function to send join or leave requests for
+*   a specified route upstream...
+*/
+void sendJoinLeaveUpstream(struct RouteTable* route, int join) {
+    struct IfDesc*      upstrIf;
+    
+    // Get the upstream VIF...
+    upstrIf = getIfByIx( upStreamVif );
+    if(upstrIf == NULL) {
+        my_log(LOG_ERR, 0 ,"FATAL: Unable to get Upstream IF.");
+    }
+
+    // Send join or leave request...
+    if(join) {
+
+        // Only join a group if there are listeners downstream...
+        if(route->vifBits > 0) {
+            my_log(LOG_DEBUG, 0, "Joining group %s upstream on IF address %s",
+                         inetFmt(route->group, s1), 
+                         inetFmt(upstrIf->InAdr.s_addr, s2));
+
+            //k_join(route->group, upstrIf->InAdr.s_addr);
+            joinMcGroup( getMcGroupSock(), upstrIf, route->group );
+
+            route->upstrState = ROUTESTATE_JOINED;
+        } else {
+            my_log(LOG_DEBUG, 0, "No downstream listeners for group %s. No join sent.",
+                inetFmt(route->group, s1));
+        }
+
+    } else {
+        // Only leave if group is not left already...
+        if(route->upstrState != ROUTESTATE_NOTJOINED) {
+            my_log(LOG_DEBUG, 0, "Leaving group %s upstream on IF address %s",
+                         inetFmt(route->group, s1), 
+                         inetFmt(upstrIf->InAdr.s_addr, s2));
+            
+            //k_leave(route->group, upstrIf->InAdr.s_addr);
+            leaveMcGroup( getMcGroupSock(), upstrIf, route->group );
+
+            route->upstrState = ROUTESTATE_NOTJOINED;
+        }
+    }
+}
+
+/**
+*   Clear all routes from routing table, and alerts Leaves upstream.
+*/
+void clearAllRoutes() {
+    struct RouteTable   *croute, *remainroute;
+
+    // Loop through all routes...
+    for(croute = routing_table; croute; croute = remainroute) {
+
+        remainroute = croute->nextroute;
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_DEBUG, 0, "Removing route entry for %s",
+                     inetFmt(croute->group, s1));
+
+        // Uninstall current route
+        if(!internUpdateKernelRoute(croute, 0)) {
+            my_log(LOG_WARNING, 0, "The removal from Kernel failed.");
+        }
+
+        // Send Leave message upstream.
+        sendJoinLeaveUpstream(croute, 0);
+
+        // Clear memory, and set pointer to next route...
+        free(croute);
+    }
+    routing_table = NULL;
+
+    // Send a notice that the routing table is empty...
+    my_log(LOG_NOTICE, 0, "All routes removed. Routing table is empty.");
+}
+                 
+/**
+*   Private access function to find a route from a given 
+*   Route Descriptor.
+*/
+struct RouteTable *findRoute(uint32_t group) {
+    struct RouteTable*  croute;
+
+    for(croute = routing_table; croute; croute = croute->nextroute) {
+        if(croute->group == group) {
+            return croute;
+        }
+    }
+
+    return NULL;
+}
+
+/**
+*   Adds a specified route to the routingtable.
+*   If the route already exists, the existing route 
+*   is updated...
+*/
+int insertRoute(uint32_t group, int ifx) {
+    
+    struct Config *conf = getCommonConfig();
+    struct RouteTable*  croute;
+
+    // Sanitycheck the group adress...
+    if( ! IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group. Table insert failed.",
+            inetFmt(group, s1));
+        return 0;
+    }
+
+    // Santiycheck the VIF index...
+    //if(ifx < 0 || ifx >= MAX_MC_VIFS) {
+    if(ifx >= MAX_MC_VIFS) {
+        my_log(LOG_WARNING, 0, "The VIF Ix %d is out of range (0-%d). Table insert failed.",ifx,MAX_MC_VIFS);
+        return 0;
+    }
+
+    // Try to find an existing route for this group...
+    croute = findRoute(group);
+    if(croute==NULL) {
+        struct RouteTable*  newroute;
+
+        my_log(LOG_DEBUG, 0, "No existing route for %s. Create new.",
+                     inetFmt(group, s1));
+
+
+        // Create and initialize the new route table entry..
+        newroute = (struct RouteTable*)malloc(sizeof(struct RouteTable));
+        // Insert the route desc and clear all pointers...
+        newroute->group      = group;
+        newroute->originAddr = 0;
+        newroute->nextroute  = NULL;
+        newroute->prevroute  = NULL;
+
+        // The group is not joined initially.
+        newroute->upstrState = ROUTESTATE_NOTJOINED;
+
+        // The route is not active yet, so the age is unimportant.
+        newroute->ageValue    = conf->robustnessValue;
+        newroute->ageActivity = 0;
+        
+        BIT_ZERO(newroute->ageVifBits);     // Initially we assume no listeners.
+
+        // Set the listener flag...
+        BIT_ZERO(newroute->vifBits);    // Initially no listeners...
+        if(ifx >= 0) {
+            BIT_SET(newroute->vifBits, ifx);
+        }
+
+        // Check if there is a table already....
+        if(routing_table == NULL) {
+            // No location set, so insert in on the table top.
+            routing_table = newroute;
+            my_log(LOG_DEBUG, 0, "No routes in table. Insert at beginning.");
+        } else {
+
+            my_log(LOG_DEBUG, 0, "Found existing routes. Find insert location.");
+
+            // Check if the route could be inserted at the beginning...
+            if(routing_table->group > group) {
+                my_log(LOG_DEBUG, 0, "Inserting at beginning, before route %s",inetFmt(routing_table->group,s1));
+
+                // Insert at beginning...
+                newroute->nextroute = routing_table;
+                newroute->prevroute = NULL;
+                routing_table = newroute;
+
+                // If the route has a next node, the previous pointer must be updated.
+                if(newroute->nextroute != NULL) {
+                    newroute->nextroute->prevroute = newroute;
+                }
+
+            } else {
+
+                // Find the location which is closest to the route.
+                for( croute = routing_table; croute->nextroute != NULL; croute = croute->nextroute ) {
+                    // Find insert position.
+                    if(croute->nextroute->group > group) {
+                        break;
+                    }
+                }
+
+                my_log(LOG_DEBUG, 0, "Inserting after route %s",inetFmt(croute->group,s1));
+                
+                // Insert after current...
+                newroute->nextroute = croute->nextroute;
+                newroute->prevroute = croute;
+                if(croute->nextroute != NULL) {
+                    croute->nextroute->prevroute = newroute; 
+                }
+                croute->nextroute = newroute;
+            }
+        }
+
+        // Set the new route as the current...
+        croute = newroute;
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_INFO, 0, "Inserted route table entry for %s on VIF #%d",
+            inetFmt(croute->group, s1),ifx);
+
+    } else if(ifx >= 0) {
+
+        // The route exists already, so just update it.
+        BIT_SET(croute->vifBits, ifx);
+        
+        // Register the VIF activity for the aging routine
+        BIT_SET(croute->ageVifBits, ifx);
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_INFO, 0, "Updated route entry for %s on VIF #%d",
+            inetFmt(croute->group, s1), ifx);
+
+        // If the route is active, it must be reloaded into the Kernel..
+        if(croute->originAddr != 0) {
+
+            // Update route in kernel...
+            if(!internUpdateKernelRoute(croute, 1)) {
+                my_log(LOG_WARNING, 0, "The insertion into Kernel failed.");
+                return 0;
+            }
+        }
+    }
+
+    // Send join message upstream, if the route has no joined flag...
+    if(croute->upstrState != ROUTESTATE_JOINED) {
+        // Send Join request upstream
+        sendJoinLeaveUpstream(croute, 1);
+    }
+
+    logRouteTable("Insert Route");
+
+    return 1;
+}
+
+/**
+*   Activates a passive group. If the group is already
+*   activated, it's reinstalled in the kernel. If
+*   the route is activated, no originAddr is needed.
+*/
+int activateRoute(uint32_t group, uint32_t originAddr) {
+    struct RouteTable*  croute;
+    int result = 0;
+
+    // Find the requested route.
+    croute = findRoute(group);
+    if(croute == NULL) {
+        my_log(LOG_DEBUG, 0,
+		"No table entry for %s [From: %s]. Inserting route.",
+		inetFmt(group, s1),inetFmt(originAddr, s2));
+
+        // Insert route, but no interfaces have yet requested it downstream.
+        insertRoute(group, -1);
+
+        // Retrieve the route from table...
+        croute = findRoute(group);
+    }
+
+    if(croute != NULL) {
+        // If the origin address is set, update the route data.
+        if(originAddr > 0) {
+            if(croute->originAddr > 0 && croute->originAddr!=originAddr) {
+                my_log(LOG_WARNING, 0, "The origin for route %s changed from %s to %s",
+                    inetFmt(croute->group, s1),
+                    inetFmt(croute->originAddr, s2),
+                    inetFmt(originAddr, s3));
+            }
+            croute->originAddr = originAddr;
+        }
+
+        // Only update kernel table if there are listeners !
+        if(croute->vifBits > 0) {
+            result = internUpdateKernelRoute(croute, 1);
+        }
+    }
+    logRouteTable("Activate Route");
+
+    return result;
+}
+
+
+/**
+*   This function loops through all routes, and updates the age 
+*   of any active routes.
+*/
+void ageActiveRoutes() {
+    struct RouteTable   *croute, *nroute;
+    
+    my_log(LOG_DEBUG, 0, "Aging routes in table.");
+
+    // Scan all routes...
+    for( croute = routing_table; croute != NULL; croute = nroute ) {
+        
+        // Keep the next route (since current route may be removed)...
+        nroute = croute->nextroute;
+
+        // Run the aging round algorithm.
+        if(croute->upstrState != ROUTESTATE_CHECK_LAST_MEMBER) {
+            // Only age routes if Last member probe is not active...
+            internAgeRoute(croute);
+        }
+    }
+    logRouteTable("Age active routes");
+}
+
+/**
+*   Should be called when a leave message is recieved, to
+*   mark a route for the last member probe state.
+*/
+void setRouteLastMemberMode(uint32_t group) {
+    struct Config       *conf = getCommonConfig();
+    struct RouteTable   *croute;
+
+    croute = findRoute(group);
+    if(croute!=NULL) {
+        // Check for fast leave mode...
+        if(croute->upstrState == ROUTESTATE_JOINED && conf->fastUpstreamLeave) {
+            // Send a leave message right away..
+            sendJoinLeaveUpstream(croute, 0);
+        }
+        // Set the routingstate to Last member check...
+        croute->upstrState = ROUTESTATE_CHECK_LAST_MEMBER;
+        // Set the count value for expiring... (-1 since first aging)
+        croute->ageValue = conf->lastMemberQueryCount;
+    }
+}
+
+
+/**
+*   Ages groups in the last member check state. If the
+*   route is not found, or not in this state, 0 is returned.
+*/
+int lastMemberGroupAge(uint32_t group) {
+    struct RouteTable   *croute;
+
+    croute = findRoute(group);
+    if(croute!=NULL) {
+        if(croute->upstrState == ROUTESTATE_CHECK_LAST_MEMBER) {
+            return !internAgeRoute(croute);
+        } else {
+            return 0;
+        }
+    }
+    return 0;
+}
+
+/**
+*   Remove a specified route. Returns 1 on success,
+*   and 0 if route was not found.
+*/
+int removeRoute(struct RouteTable*  croute) {
+    struct Config       *conf = getCommonConfig();
+    int result = 1;
+    
+    // If croute is null, no routes was found.
+    if(croute==NULL) {
+        return 0;
+    }
+
+    // Log the cleanup in debugmode...
+    my_log(LOG_DEBUG, 0, "Removed route entry for %s from table.",
+                 inetFmt(croute->group, s1));
+
+    //BIT_ZERO(croute->vifBits);
+
+    // Uninstall current route from kernel
+    if(!internUpdateKernelRoute(croute, 0)) {
+        my_log(LOG_WARNING, 0, "The removal from Kernel failed.");
+        result = 0;
+    }
+
+    // Send Leave request upstream if group is joined
+    if(croute->upstrState == ROUTESTATE_JOINED || 
+       (croute->upstrState == ROUTESTATE_CHECK_LAST_MEMBER && !conf->fastUpstreamLeave)) 
+    {
+        sendJoinLeaveUpstream(croute, 0);
+    }
+
+    // Update pointers...
+    if(croute->prevroute == NULL) {
+        // Topmost node...
+        if(croute->nextroute != NULL) {
+            croute->nextroute->prevroute = NULL;
+        }
+        routing_table = croute->nextroute;
+
+    } else {
+        croute->prevroute->nextroute = croute->nextroute;
+        if(croute->nextroute != NULL) {
+            croute->nextroute->prevroute = croute->prevroute;
+        }
+    }
+    // Free the memory, and set the route to NULL...
+    free(croute);
+    croute = NULL;
+
+    logRouteTable("Remove route");
+
+    return result;
+}
+
+
+/**
+*   Ages a specific route
+*/
+int internAgeRoute(struct RouteTable*  croute) {
+    struct Config *conf = getCommonConfig();
+    int result = 0;
+
+    // Drop age by 1.
+    croute->ageValue--;
+
+    // Check if there has been any activity...
+    if( croute->ageVifBits > 0 && croute->ageActivity == 0 ) {
+        // There was some activity, check if all registered vifs responded.
+        if(croute->vifBits == croute->ageVifBits) {
+            // Everything is in perfect order, so we just update the route age.
+            croute->ageValue = conf->robustnessValue;
+            //croute->ageActivity = 0;
+        } else {
+            // One or more VIF has not gotten any response.
+            croute->ageActivity++;
+
+            // Update the actual bits for the route...
+            croute->vifBits = croute->ageVifBits;
+        }
+    } 
+    // Check if there have been activity in aging process...
+    else if( croute->ageActivity > 0 ) {
+
+        // If the bits are different in this round, we must
+        if(croute->vifBits != croute->ageVifBits) {
+            // Or the bits together to insure we don't lose any listeners.
+            croute->vifBits |= croute->ageVifBits;
+
+            // Register changes in this round as well..
+            croute->ageActivity++;
+        }
+    }
+
+    // If the aging counter has reached zero, its time for updating...
+    if(croute->ageValue == 0) {
+        // Check for activity in the aging process,
+        if(croute->ageActivity>0) {
+            
+            my_log(LOG_DEBUG, 0, "Updating route after aging : %s",
+                         inetFmt(croute->group,s1));
+            
+            // Just update the routing settings in kernel...
+            internUpdateKernelRoute(croute, 1);
+    
+            // We append the activity counter to the age, and continue...
+            croute->ageValue = croute->ageActivity;
+            croute->ageActivity = 0;
+        } else {
+
+            my_log(LOG_DEBUG, 0, "Removing group %s. Died of old age.",
+                         inetFmt(croute->group,s1));
+
+            // No activity was registered within the timelimit, so remove the route.
+            removeRoute(croute);
+        }
+        // Tell that the route was updated...
+        result = 1;
+    }
+
+    // The aging vif bits must be reset for each round...
+    BIT_ZERO(croute->ageVifBits);
+
+    return result;
+}
+
+/**
+*   Updates the Kernel routing table. If activate is 1, the route
+*   is (re-)activated. If activate is false, the route is removed.
+*/
+int internUpdateKernelRoute(struct RouteTable *route, int activate) {
+    struct   MRouteDesc     mrDesc;
+    struct   IfDesc         *Dp;
+    unsigned                Ix;
+    
+    if(route->originAddr>0) {
+
+        // Build route descriptor from table entry...
+        // Set the source address and group address...
+        mrDesc.McAdr.s_addr     = route->group;
+        mrDesc.OriginAdr.s_addr = route->originAddr;
+    
+        // clear output interfaces 
+        memset( mrDesc.TtlVc, 0, sizeof( mrDesc.TtlVc ) );
+    
+        my_log(LOG_DEBUG, 0, "Vif bits : 0x%08x", route->vifBits);
+
+        // Set the TTL's for the route descriptor...
+        for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+            if(Dp->state == IF_STATE_UPSTREAM) {
+                mrDesc.InVif = Dp->index;
+            }
+            else if(BIT_TST(route->vifBits, Dp->index)) {
+                my_log(LOG_DEBUG, 0, "Setting TTL for Vif %d to %d", Dp->index, Dp->threshold);
+                mrDesc.TtlVc[ Dp->index ] = Dp->threshold;
+            }
+        }
+    
+        // Do the actual Kernel route update...
+        if(activate) {
+            // Add route in kernel...
+            addMRoute( &mrDesc );
+    
+        } else {
+            // Delete the route from Kernel...
+            delMRoute( &mrDesc );
+        }
+
+    } else {
+        my_log(LOG_NOTICE, 0, "Route is not active. No kernel updates done.");
+    }
+
+    return 1;
+}
+
+/**
+*   Debug function that writes the routing table entries
+*   to the log.
+*/
+void logRouteTable(char *header) {
+        struct RouteTable*  croute = routing_table;
+        unsigned            rcount = 0;
+    
+        my_log(LOG_DEBUG, 0, "");
+        my_log(LOG_DEBUG, 0, "Current routing table (%s):", header);
+        my_log(LOG_DEBUG, 0, "-----------------------------------------------------");
+        if(croute==NULL) {
+            my_log(LOG_DEBUG, 0, "No routes in table...");
+        } else {
+            do {
+                /*
+                my_log(LOG_DEBUG, 0, "#%d: Src: %s, Dst: %s, Age:%d, St: %s, Prev: 0x%08x, T: 0x%08x, Next: 0x%08x",
+                    rcount, inetFmt(croute->originAddr, s1), inetFmt(croute->group, s2),
+                    croute->ageValue,(croute->originAddr>0?"A":"I"),
+                    croute->prevroute, croute, croute->nextroute);
+                */
+                my_log(LOG_DEBUG, 0, "#%d: Src: %s, Dst: %s, Age:%d, St: %s, OutVifs: 0x%08x",
+                    rcount, inetFmt(croute->originAddr, s1), inetFmt(croute->group, s2),
+                    croute->ageValue,(croute->originAddr>0?"A":"I"),
+                    croute->vifBits);
+                  
+                croute = croute->nextroute; 
+        
+                rcount++;
+            } while ( croute != NULL );
+        }
+    
+        my_log(LOG_DEBUG, 0, "-----------------------------------------------------");
+}
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/rttable.o b/AKB/src/igmpproxy/igmpproxy-0.1/src/rttable.o
new file mode 100644
index 0000000..df1f0b5
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1/src/rttable.o differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/syslog.c b/AKB/src/igmpproxy/igmpproxy-0.1/src/syslog.c
new file mode 100644
index 0000000..7c7166f
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/syslog.c
@@ -0,0 +1,62 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+int LogLevel = LOG_WARNING;
+bool Log2Stderr = false;
+
+void my_log( int Severity, int Errno, const char *FmtSt, ... )
+{
+    char LogMsg[ 128 ];
+
+    va_list ArgPt;
+    unsigned Ln;
+    va_start( ArgPt, FmtSt );
+    Ln = vsnprintf( LogMsg, sizeof( LogMsg ), FmtSt, ArgPt );
+    if( Errno > 0 )
+        snprintf( LogMsg + Ln, sizeof( LogMsg ) - Ln,
+                "; Errno(%d): %s", Errno, strerror(Errno) );
+    va_end( ArgPt );
+
+    if (Severity <= LogLevel) {
+        if (Log2Stderr)
+            fprintf(stderr, "%s\n", LogMsg);
+        else {
+            syslog(Severity, "%s", LogMsg);
+	}
+    }
+
+    if( Severity <= LOG_ERR )
+        exit( -1 );
+}
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/syslog.o b/AKB/src/igmpproxy/igmpproxy-0.1/src/syslog.o
new file mode 100644
index 0000000..445b866
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1/src/syslog.o differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/udpsock.c b/AKB/src/igmpproxy/igmpproxy-0.1/src/udpsock.c
new file mode 100644
index 0000000..150130e
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/src/udpsock.c
@@ -0,0 +1,65 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   udpsock.c contains function for creating a UDP socket.
+*
+*/
+
+#include "igmpproxy.h"
+
+/**
+*  Creates and connects a simple UDP socket to the target 
+*  'PeerInAdr':'PeerPort'
+*
+*   @param PeerInAdr - The address to connect to
+*   @param PeerPort  - The port to connect to
+*           
+*/
+int openUdpSocket( uint32_t PeerInAdr, uint16_t PeerPort ) {
+    int Sock;
+    struct sockaddr_in SockAdr;
+    
+    if( (Sock = socket( AF_INET, SOCK_RAW, IPPROTO_IGMP )) < 0 )
+        my_log( LOG_ERR, errno, "UDP socket open" );
+    
+    memset( &SockAdr, 0, sizeof( SockAdr ) );
+    SockAdr.sin_family      = AF_INET;
+    SockAdr.sin_port        = htons(PeerPort);
+    SockAdr.sin_addr.s_addr = htonl(PeerInAdr);
+    
+    if( bind( Sock, (struct sockaddr *)&SockAdr, sizeof( SockAdr ) ) )
+        my_log( LOG_ERR, errno, "UDP socket bind" );
+    
+    return Sock;
+}
+
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/src/udpsock.o b/AKB/src/igmpproxy/igmpproxy-0.1/src/udpsock.o
new file mode 100644
index 0000000..8f19c02
Binary files /dev/null and b/AKB/src/igmpproxy/igmpproxy-0.1/src/udpsock.o differ
diff --git a/AKB/src/igmpproxy/igmpproxy-0.1/stamp-h1 b/AKB/src/igmpproxy/igmpproxy-0.1/stamp-h1
new file mode 100644
index 0000000..4547fe1
--- /dev/null
+++ b/AKB/src/igmpproxy/igmpproxy-0.1/stamp-h1
@@ -0,0 +1 @@
+timestamp for config.h
diff --git a/AKB/src/ipt-gateway b/AKB/src/ipt-gateway
new file mode 160000
index 0000000..de0ebb6
--- /dev/null
+++ b/AKB/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
diff --git a/AKB/src/openvpn b/AKB/src/openvpn
new file mode 160000
index 0000000..ebff5a5
--- /dev/null
+++ b/AKB/src/openvpn
@@ -0,0 +1 @@
+Subproject commit ebff5a557b537bcb8192d94f733c4df86594258d
diff --git a/ANW-KM/README.txt b/ANW-KM/README.txt
new file mode 100644
index 0000000..9b34211
--- /dev/null
+++ b/ANW-KM/README.txt
@@ -0,0 +1,25 @@
+
+Notice:
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.ANW-KM: ppp0 comes over eth2
+      interfaces.ANW-KM: see above
+      default_isc-dhcp-server.ANW-KM
+      ipt-firewall.ANW-KM: LAN device (mostly ) = eth1
+                                second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/ANW-KM/bin/admin-stuff b/ANW-KM/bin/admin-stuff
new file mode 160000
index 0000000..8d81bd8
--- /dev/null
+++ b/ANW-KM/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 8d81bd8667f74cf7f7cc1c521b52eab0e7c4b034
diff --git a/ANW-KM/bin/manage-gw-config b/ANW-KM/bin/manage-gw-config
new file mode 160000
index 0000000..b5fb1f7
--- /dev/null
+++ b/ANW-KM/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit b5fb1f7b3a421a24388ba6b25a3e5d58591ae7fe
diff --git a/ANW-KM/bin/monitoring b/ANW-KM/bin/monitoring
new file mode 160000
index 0000000..f66029f
--- /dev/null
+++ b/ANW-KM/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit f66029fe95ffc2010b0d3e435dbebf9ef7b7f849
diff --git a/ANW-KM/bin/os-upgrade.sh b/ANW-KM/bin/os-upgrade.sh
new file mode 120000
index 0000000..02ddc66
--- /dev/null
+++ b/ANW-KM/bin/os-upgrade.sh
@@ -0,0 +1 @@
+admin-stuff/os-upgrade.sh
\ No newline at end of file
diff --git a/ANW-KM/bin/test_email.sh b/ANW-KM/bin/test_email.sh
new file mode 120000
index 0000000..86f3e17
--- /dev/null
+++ b/ANW-KM/bin/test_email.sh
@@ -0,0 +1 @@
+admin-stuff/test_email.sh
\ No newline at end of file
diff --git a/ANW-KM/bind/bind.keys b/ANW-KM/bind/bind.keys
new file mode 100644
index 0000000..db22d4b
--- /dev/null
+++ b/ANW-KM/bind/bind.keys
@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};
diff --git a/ANW-KM/bind/db.0 b/ANW-KM/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/ANW-KM/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/ANW-KM/bind/db.127 b/ANW-KM/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/ANW-KM/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/ANW-KM/bind/db.192.168.122.0 b/ANW-KM/bind/db.192.168.122.0
new file mode 100644
index 0000000..696e6e8
--- /dev/null
+++ b/ANW-KM/bind/db.192.168.122.0
@@ -0,0 +1,53 @@
+;
+; BIND reverse data file for local km.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.anw-km.netz. ckubu.oopen.de. (
+      2012082701     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-km.anw-km.netz.
+
+; - Gateway/Firewall
+254         IN PTR    gw-km.anw-km.netz.
+
+
+; - (Caching ) Nameserver
+53          IN PTR    ns-km.anw-km.netz.
+
+
+; - Fileserver
+10           IN PTR    file-km.anw-km.netz.
+
+; - KVM Windows 7
+20           IN PTR    file-win7.anw-km.netz.
+
+
+; - IPMI
+201         IN PTR    ipmi-gw-km.anw-km.netz.
+202         IN PTR    ipmi-file-km.anw-km.netz.
+
+
+; - Drucker
+5            IN PTR    hl-5380dn.anw-km.netz.
+#177          IN PTR    utax-lp-3235.anw-km.netz.
+
+
+; - Accesspoint
+50           IN PTR    wlan-km.anw-km.netz.
+
+
+; - LAN
+110          IN PTR    berenice.anw-km.netz.
+111          IN PTR    buero.anw-km.netz.
+112          IN PTR    buero2.anw-km.netz.
+113          IN PTR    buero3.anw-km.netz.
+
+120          IN PTR    berenice-alt.anw-km.netz.
+
+; - WLAN
+211          IN PTR    berenice-laptop.anw-km.netz.
diff --git a/ANW-KM/bind/db.255 b/ANW-KM/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/ANW-KM/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/ANW-KM/bind/db.anw-km.netz b/ANW-KM/bind/db.anw-km.netz
new file mode 100644
index 0000000..dfd3819
--- /dev/null
+++ b/ANW-KM/bind/db.anw-km.netz
@@ -0,0 +1,79 @@
+;
+; BIND data file for local km.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.anw-km.netz. ckubu.oopen.de. (
+      2012082701     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+                IN NS     ns-km.anw-km.netz.
+
+; Gateway/Firewall
+gw-km           IN A      192.168.122.254
+gate            IN CNAME  gw-km
+gw              IN CNAME  gw-km
+
+; (Caching ) Nameserver
+ns-km           IN A      192.168.122.53
+ns              IN CNAME  ns-km
+nscache         IN CNAME  ns-km
+resolver        IN CNAME  ns-km
+
+
+; - Fileserver
+file-km         IN A      192.168.122.10
+file            IN CNAME  file-km
+
+; - KVM Windows 7
+file-win7       IN A      192.168.122.20
+winserver       IN CNAME  file-win7
+
+
+; - IPMI
+ipmi-file-km    IN A      192.168.122.201
+file-ipmi       IN CNAME  ipmi-file-km
+
+ipmi-gw-km      IN A      192.168.122.202
+gw-ipmi         IN CNAME  ipmi-gw-km
+
+
+; - Drucker
+hl-5380dn        IN A     192.168.122.5
+brother          IN CNAME hl-5380dn 
+
+utax-lp-3235     IN A     192.168.122.177
+
+
+
+; - Accesspoint
+wlan-km         IN A      192.168.122.50
+ap              IN CNAME  wlan-km
+accesspoint     IN CNAME  wlan-km
+
+
+; - LAN
+berenice         IN A      192.168.122.110
+berenice-desktop IN CNAME  berenice
+
+buero2          IN A      192.168.122.112
+buero2-desktop  IN CNAME  buero2
+
+buero           IN A      192.168.122.111
+buero-desktop   IN CNAME  buero
+
+buero3          IN A      192.168.122.113
+buero3-desktop  IN CNAME  buero3
+
+berenice-alt    IN A      192.168.122.120
+
+
+; - WLAN
+berenice-laptop IN A      192.168.122.211
+
+
+; - Services
diff --git a/ANW-KM/bind/db.empty b/ANW-KM/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/ANW-KM/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/ANW-KM/bind/db.local b/ANW-KM/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/ANW-KM/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/ANW-KM/bind/db.root b/ANW-KM/bind/db.root
new file mode 100644
index 0000000..6c19741
--- /dev/null
+++ b/ANW-KM/bind/db.root
@@ -0,0 +1,88 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    Jan 3, 2013
+;       related version of root zone:   2013010300
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.	 3600000      AAAA  2001:500:2D::D
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FE::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35
+; End of File
diff --git a/ANW-KM/bind/named.conf b/ANW-KM/bind/named.conf
new file mode 100644
index 0000000..880786a
--- /dev/null
+++ b/ANW-KM/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/ANW-KM/bind/named.conf.default-zones b/ANW-KM/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/ANW-KM/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/ANW-KM/bind/named.conf.local b/ANW-KM/bind/named.conf.local
new file mode 100644
index 0000000..ced808c
--- /dev/null
+++ b/ANW-KM/bind/named.conf.local
@@ -0,0 +1,19 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+
+zone "anw-km.netz" {
+   type master;
+   file "/etc/bind/db.anw-km.netz";
+};
+
+zone "122.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.122.0";
+};
+
diff --git a/ANW-KM/bind/named.conf.local.INSTALL b/ANW-KM/bind/named.conf.local.INSTALL
new file mode 100644
index 0000000..7a57b10
--- /dev/null
+++ b/ANW-KM/bind/named.conf.local.INSTALL
@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
diff --git a/ANW-KM/bind/named.conf.options b/ANW-KM/bind/named.conf.options
new file mode 100644
index 0000000..87e6a6f
--- /dev/null
+++ b/ANW-KM/bind/named.conf.options
@@ -0,0 +1,49 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+   forwarders {
+      // OpenDNS servers
+      208.67.222.222;
+      208.67.220.220;
+      // DNS-Cache des CCC
+      213.73.91.35;
+      // ISP DNS Servers
+      217.237.150.51;
+      217.237.148.22;
+   };
+
+
+   // Security options
+   listen-on port 53 {
+      127.0.0.1;
+      192.168.122.53;
+   };
+   allow-query {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/8;
+   };
+   allow-recursion {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/16;
+   };
+   allow-transfer { none; };
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/ANW-KM/bind/named.conf.options.INSTALL b/ANW-KM/bind/named.conf.options.INSTALL
new file mode 100644
index 0000000..af79758
--- /dev/null
+++ b/ANW-KM/bind/named.conf.options.INSTALL
@@ -0,0 +1,20 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/ANW-KM/bind/rndc.key b/ANW-KM/bind/rndc.key
new file mode 100644
index 0000000..48256d5
--- /dev/null
+++ b/ANW-KM/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "p8uEoosC6vrcRj73ribYKg==";
+};
diff --git a/ANW-KM/bind/zones.rfc1918 b/ANW-KM/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/ANW-KM/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/ANW-KM/chap-secrets.ANW-KM b/ANW-KM/chap-secrets.ANW-KM
new file mode 100644
index 0000000..47888a1
--- /dev/null
+++ b/ANW-KM/chap-secrets.ANW-KM
@@ -0,0 +1,7 @@
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+
+
+
+
+"0017005041965502052728690001@t-online.de" * "62812971"
diff --git a/ANW-KM/cron_root.ANW-KM b/ANW-KM/cron_root.ANW-KM
new file mode 100644
index 0000000..ddda4dc
--- /dev/null
+++ b/ANW-KM/cron_root.ANW-KM
@@ -0,0 +1,52 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.kbCNiX/crontab installed on Mon Apr 10 18:45:46 2017)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+## adjust system time
+##
+#23 0-23/4 * * * /usr/sbin/ntpdate ptbtime2.ptb.de  > /dev/null
+
+## check forwarding ( /proc/sys/net/ipv4/ip_forward contains "1" )
+## if not set this entry to "1"
+##
+0-59/2 * * * * /root/bin/monitoring/check_forwarding.sh
+
+## check if pppd is running and internet access works. if
+## not restart it
+##
+#1-59/10 * * * * /root/bin/check_inet.sh
+
+
+1-59/10 * * * * /root/bin/monitoring/check_dns.sh
+
+## check if openvpn is running if not restart the service
+##
+0-59/30 * * * * /root/bin/monitoring/check_vpn.sh
+
+
+## - copy gateway configuration
+## -
+13 4 * * * /root/bin/manage-gw-config/copy_gateway-config.sh ANW-KM
diff --git a/ANW-KM/ddclient.conf.ANW-KM b/ANW-KM/ddclient.conf.ANW-KM
new file mode 100644
index 0000000..ede1a87
--- /dev/null
+++ b/ANW-KM/ddclient.conf.ANW-KM
@@ -0,0 +1,14 @@
+# Configuration file for ddclient generated by debconf
+#
+# /etc/ddclient.conf
+
+protocol=dyndns2
+use=web, web=checkip.dyndns.com/, web-skip='IP Address'
+server=members.dyndns.org
+login=ckubu
+password=7213b4e6178a11e6ab1362f831f6741e
+anw-km.homelinux.org
+
+ssl=yes
+mail=root
+mail-failure=root
diff --git a/ANW-KM/dhcpd.conf.ANW-KM b/ANW-KM/dhcpd.conf.ANW-KM
new file mode 100644
index 0000000..458ac3a
--- /dev/null
+++ b/ANW-KM/dhcpd.conf.ANW-KM
@@ -0,0 +1,212 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.122.255;
+
+option domain-name "anw-km.netz";
+option domain-name-servers 192.168.122.1;
+
+option routers 192.168.122.254;
+
+default-lease-time 43200;
+max-lease-time 86400;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+subnet 192.168.122.0 netmask 255.255.255.0 {
+   # --- 192.168.22.160/27 ---
+   # network address....: 192.168.22.160
+   # Broadcast address..: 192.168.22.191
+   # netmask............: 255.255.255.224
+   # network range......: 192.168.22.160 - 192.168.22.191
+   # Usable range.......: 192.168.22.161 - 192.168.22.190
+   range 192.168.122.161 192.168.122.190;
+   option domain-name "anw-km.netz";
+   option subnet-mask 255.255.255.0;
+   option broadcast-address 192.168.122.255;
+   option domain-name-servers 192.168.122.53;
+   option routers 192.168.122.254;
+   default-lease-time 43200;
+   max-lease-time 86400;
+}
+
+host hl-5380dn {
+   hardware ethernet 30:05:5c:7a:09:15;
+   fixed-address hl-5380dn.anw-km.netz ;
+}
+
+host utax_lp_3235 {
+   hardware ethernet 00:C0:EE:62:9F:32;
+   fixed-address utax_lp_3235.anw-km.netz;
+}
+
+host file-km {
+   hardware ethernet 00:30:48:8C:DE:C0;
+   fixed-address file-km.anw-km.netz ;
+}
+
+host file-win7 {
+   hardware ethernet 52:54:00:59:ff:08;
+   fixed-address file-win7.anw-km.netz ;
+}
+
+host accesspoint {
+   hardware ethernet C4:3D:C7:BC:40:31;
+   fixed-address accesspoint.anw-km.netz ;
+}
+
+## - Desktop PC's
+## -
+host berenice-alt {
+   #fixed-address karsten.anw-km.netz ;
+   hardware ethernet e8:40:f2:ec:c6:af ;
+   fixed-address berenice-alt.anw-km.netz ;
+}
+
+host berenice {
+   hardware ethernet 80:ee:73:b9:89:78 ;
+   fixed-address berenice.anw-km.netz ;
+}
+
+host buero {
+   hardware ethernet 00:11:6B:97:C8:B9 ;
+   fixed-address buero.anw-km.netz ;
+}
+
+host buero2 {
+   hardware ethernet 00:27:0E:11:C9:D0 ;
+   fixed-address buero2.anw-km.netz ;
+}
+
+host buero3 {
+   #- interne karte - defekt
+   #hardware ethernet 00:27:0E:1C:DF:4D ;
+   hardware ethernet 00:1b:21:4d:c2:25 ;
+   fixed-address buero3.anw-km.netz ;
+}
+
+## - eth0 laptop berenice
+## -
+host berenice-laptop1 {
+   hardware ethernet 00:1D:72:8A:EE:BB ;
+   fixed-address berenice-laptop.anw-km.netz ;
+}
+
+
+## - wireless device laptop berenice
+## -
+host berenice-laptop {
+   hardware ethernet 00:1F:3B:4F:CF:0D ;
+   fixed-address berenice-laptop.anw-km.netz ;
+}
+
+host panic {
+   hardware ethernet 00:11:25:31:64:50 ;
+   fixed-address panic.anw-km.netz ;
+}
+
+host crash {
+   hardware ethernet 00:14:85:28:94:B1 ;
+   fixed-address crash.anw-km.netz ;
+}
+
+## host siemens_gigaset_515 {
+##    hardware ethernet 00:01:E3:08:4A:75 ;
+##    fixed-address siemens_gigaset_515.opp.local ;
+## }
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/ANW-KM/email_notice.ANW-KM b/ANW-KM/email_notice.ANW-KM
new file mode 100755
index 0000000..2a91b39
--- /dev/null
+++ b/ANW-KM/email_notice.ANW-KM
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+file=/tmp/mail_ip-up$$
+admin_email=argus@oopen.de
+
+from_address=ip-up_anw-km@oopen.de
+from_name="ip-up - ANW-KM"
+
+
+echo "" > $file
+echo " ********************************************************" >> $file
+echo " *** This is an autogenerated mail from `hostname -f` ***" >> $file
+echo "" >> $file
+echo " I brought up the ppp-daemon with the following" >> $file
+echo -e " parameters:\n" >> $file
+echo -e "\tInterface name...............: $PPP_IFACE" >> $file
+echo -e "\tThe tty......................: $PPP_TTY" >> $file
+echo -e "\tThe link speed...............: $PPP_SPEED" >> $file
+echo -e "\tLocal IP number..............: $PPP_LOCAL" >> $file
+echo -e "\tPeer  IP number..............: $PPP_REMOTE" >> $file
+if [ "$USEPEERDNS" ] && [ "$DNS1" ] ; then
+   echo -e "\tNameserver 1.................: $DNS1" >> $file
+   if [ "$DNS2" ] ; then
+      echo -e "\tNameserver 2.................: $DNS2" >> $file
+   fi
+fi
+
+
+echo -e "\tOptional \"ipparam\" value.....: $PPP_IPPARAM" >> $file
+echo "" >> $file
+echo -e "\tDate.........................: `date +\"%d.%m.%Y\"`" >> $file
+echo -e "\tTime.........................: `date +\"%H:%M:%S\"`" >> $file
+echo "" >> $file
+echo " ********************************************************" >> $file
+
+/bin/echo -e "From:${from_name} <${from_address}>\nTo:${admin_email}\nSubject: $PPP_LOCAL\n`cat $file`" | /usr/sbin/sendmail $admin_email
+
+rm -f $file
diff --git a/ANW-KM/generic.ANW-KM b/ANW-KM/generic.ANW-KM
new file mode 100644
index 0000000..9af778c
--- /dev/null
+++ b/ANW-KM/generic.ANW-KM
@@ -0,0 +1,3 @@
+root@gw-km.anw-km.netz      root_anw-km@oopen.de
+cron@gw-km.anw-km.netz      cron_anw-km@oopen.de
+@gw-km.anw-km.netz          other_anw-km@oopen.de
diff --git a/ANW-KM/generic.db.ANW-KM b/ANW-KM/generic.db.ANW-KM
new file mode 100644
index 0000000..6e9d1dc
Binary files /dev/null and b/ANW-KM/generic.db.ANW-KM differ
diff --git a/ANW-KM/hostname.ANW-KM b/ANW-KM/hostname.ANW-KM
new file mode 100644
index 0000000..e07877d
--- /dev/null
+++ b/ANW-KM/hostname.ANW-KM
@@ -0,0 +1 @@
+gw-km
diff --git a/ANW-KM/hosts.ANW-KM b/ANW-KM/hosts.ANW-KM
new file mode 100644
index 0000000..7319495
--- /dev/null
+++ b/ANW-KM/hosts.ANW-KM
@@ -0,0 +1,9 @@
+127.0.0.1	localhost
+127.0.1.1	gw-km.anw-km.netz	gw-km
+
+# The following lines are desirable for IPv6 capable hosts
+::1     ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/ANW-KM/interfaces.ANW-KM b/ANW-KM/interfaces.ANW-KM
new file mode 100644
index 0000000..4425942
--- /dev/null
+++ b/ANW-KM/interfaces.ANW-KM
@@ -0,0 +1,49 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+
+#-----------------------------
+# lo - loopback interface
+#-----------------------------
+auto lo
+iface lo inet loopback
+
+
+
+#-----------------------------
+# eth2 - WAN
+#-----------------------------
+
+auto eth2
+iface eth2 inet static
+   address 192.168.2.254
+   network 192.168.2.0
+   netmask 255.255.255.0
+   broadcast 192.168.2.255
+   gateway 192.168.2.1
+   dns-nameservers 127.0.0.1
+   dns-search anw-km.netz
+
+#auto dsl-provider
+#iface dsl-provider inet ppp
+#   pre-up /sbin/ifconfig eth2 up # line maintained by pppoeconf
+#   provider dsl-provider
+
+
+#-----------------------------
+# eth1 - LAN
+#-----------------------------
+
+auto eth1
+iface eth1 inet static
+   address 192.168.122.254
+   network 192.168.122.0
+   netmask 255.255.255.0
+   broadcast 192.168.122.255
+
+auto eth1:0
+iface eth1:0 inet static
+   address 192.168.122.53
+   network 192.168.122.0
+   netmask 255.255.255.0
+   broadcast 192.168.122.255
diff --git a/ANW-KM/ipt-firewall.ANW-KM b/ANW-KM/ipt-firewall.ANW-KM
new file mode 100755
index 0000000..7796f1e
--- /dev/null
+++ b/ANW-KM/ipt-firewall.ANW-KM
@@ -0,0 +1,841 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+## -Load modules for FTP Connection tracking and NAT
+## -
+/sbin/modprobe ip_tables > /dev/null 2>&1
+modprobe ip_conntrack > /dev/null 2>&1
+modprobe ip_nat_ftp > /dev/null 2>&1
+modprobe ip_conntrack_ftp > /dev/null 2>&1
+modprobe iptable_nat > /dev/null 2>&1
+
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_to_lo=false
+log_blocked=false
+log_rejected=false
+
+
+# IP's / IP-Ranges to block
+#
+#    222.184.0.0 CHINANET-JS
+#    61.160.0.0/16 - CHINANET-JS
+#    116.8.0.0/14 CHINANET-GX
+#    70.42.149.69 - ssh attack 30.06.2014
+#
+#blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14 70.42.149.69"
+blocked_ips=""
+
+
+
+ipt="/sbin/iptables"
+
+
+local_ip="192.168.122.254"
+local_net="192.168.122.254/24"
+local_if="eth1"
+
+#ext_if="ppp+"
+ext_if="eth0"
+
+vpn_if="tun+"
+
+# unpriviligierte Ports
+unprivports="1024:65535"
+
+loopback="127.0.0.0/8"
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+class_d_multicast="224.0.0.0/4"
+class_e_reserved="240.0.0.0/5"
+
+broadcast_addr="83.223.85.255"
+
+
+## - IP Forwarding aktivieren
+## -
+echo 1 > /proc/sys/net/ipv4/ip_forward
+echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+
+
+## - Reduce DoS'ing ability by reducing timeouts
+## -
+echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+echo 0 > /proc/sys/net/ipv4/tcp_sack
+echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+
+## - SYN COOKIES
+## -
+echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+
+
+## - Schutz gegen gefälschte Fehlermeldungen einschalten.
+## -
+echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+
+
+## - Ignorieren von broadcast Pings
+## -
+echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+
+
+## - NO SOURCE ROUTE
+## -
+## - Sperren von quellbasierendem Paket-Routing
+## -
+for asr in /proc/sys/net/ipv4/conf/*/accept_source_route; do
+   echo 0 > $asr
+done
+
+
+## - Keine ICMP Umleitungspakete akzeptieren.
+## -
+## - Diese können zur Veränderung der Routing Tables verwendet 
+## - werden, möglicherweise mit einem böswilligen Ziel. 
+## - 
+echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
+
+## - ANTISPOOFING
+## -
+## - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+## - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+## - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+## - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+## - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+## - nicht voll funktionsfähig ist. 
+## -
+for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter; do
+   echo 1 > $rp_filter
+done
+
+## - NUMBER OF CONNECTIONS TO TRACK
+## -
+echo "65535" > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
+
+
+## - Protokollieren von Paketen die gespoofed sind, quellbasierendes 
+## - Routing verwenden oder Umleitungen sind.
+## -
+#echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
+
+
+while read p; do
+   case $p in
+   -*) $ipt $p;;
+   esac
+done << EOR
+## - default policies
+## -
+-P INPUT ACCEPT
+-P OUTPUT ACCEPT
+-P FORWARD ACCEPT
+
+-t nat -P PREROUTING ACCEPT
+-t nat -P POSTROUTING ACCEPT
+-t nat -P OUTPUT ACCEPT
+
+## - flush chains
+## -
+-F
+-F INPUT
+-F OUTPUT
+-F FORWARD
+-F -t mangle
+-F -t nat
+-X
+-Z
+
+-t nat -A POSTROUTING -o $ext_if -j MASQUERADE
+-I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+EOR
+
+
+
+## - Protection against syn-flooding
+## -
+## - chains to DROP too many SYNs
+## -
+$ipt -N syn-flood
+$ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+if $log_syn_flood || $log_all ; then
+   $ipt -A syn-flood -j LOG --log-prefix "IPv4: SYN flood: " --log-level debug
+fi
+$ipt -A syn-flood -j DROP
+
+
+## FRAGMENTS
+# I have to say that fragments scare me more than anything.
+# Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+# Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+# fragments is very OS-dependent (see this paper for details).
+# I am not going to trust any fragments.
+# Log fragments just to see if we get any, and deny them too.
+if $log_fragments || $log_all ; then
+   $ipt -A INPUT -i $ext_if -f -j LOG --log-prefix "IPv4: IPTABLES FRAGMENTS: " --log-level debug
+fi
+$ipt -A INPUT -i $ext_if -f -j DROP
+
+
+# - drop new packages without syn flag
+## -
+if $log_new_not_sync || $log_all  ; then
+   $ipt -A INPUT -p tcp ! --syn -m state --state NEW -j  LOG --log-prefix "IPv4: New but not SYN: " --log-level debug
+   $ipt -A OUTPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "IPv4: New but not SYN: " --log-level debug
+fi
+$ipt -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
+$ipt -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP
+
+
+## - drop invalid packages
+## -
+if $log_invalid_state || $log_all  ; then
+   $ipt -A INPUT -m state --state INVALID -j LOG --log-prefix "IPv4: Invalid state: " --log-level debug
+fi
+$ipt -A INPUT -m state --state INVALID -j DROP
+
+
+## - ungewöhnliche Flags verwerfen
+## -
+if $log_invalid_flags || $log_all ; then
+   $ipt -A INPUT -i eth0 -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "IPv4: Invalid flags: " --log-level debug
+   $ipt -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "IPv4: Invalid flags: " --log-level debug
+   $ipt -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "IPv4: Invalid flags: " --log-level debug
+fi
+$ipt -A INPUT -i $ext_if -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+$ipt -A INPUT -i $ext_if -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+$ipt -A INPUT -i $ext_if -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+
+
+## - private Adressen auf externen interface verwerfen
+## -
+if $log_spoofed || $log_all ; then
+   $ipt -A INPUT -i $ext_if -s $local_ip -j LOG --log-prefix "IPv4: Spoofed (own ip): " --log-level debug
+fi
+$ipt -A INPUT -i $ext_if -s $local_ip -j DROP
+
+
+# Refuse packets claiming to be from a 
+#   Class A private network
+#   Class B private network
+#   Class C private network
+#   loopback interface
+#   Class D multicast address
+#   Class E reserved IP address
+#   broadcast address
+if $log_spoofed || $log_all ; then
+   $ipt -A INPUT -i $ext_if -s $priv_class_a -j LOG --log-prefix "IPv4: Class A private net: " --log-level debug
+   $ipt -A INPUT -i $ext_if -s $priv_class_b -j LOG --log-prefix "IPv4: Class B private net: " --log-level debug
+   #$ipt -A INPUT -i $ext_if -s $priv_class_c -j LOG --log-prefix "IPv4: Class C private net: " --log-level debug
+   $ipt -A INPUT -i $ext_if -s $loopback -j LOG --log-prefix "IPv4: From Loopback: " --log-level debug
+   $ipt -A INPUT -i $ext_if -s $class_d_multicast -j LOG --log-prefix "IPv4: Class D Multicast: " --log-level debug
+   $ipt -A INPUT -i $ext_if -s $class_e_reserved -j LOG --log-prefix "IPv4: Class E reserved: " --log-level debug
+   $ipt -A INPUT -i $ext_if -d $broadcast_addr -j LOG --log-prefix "IPv4: Broadcast Address: " --log-level debug
+fi
+# Refuse packets claiming to be from a Class A private network.
+$ipt -A INPUT -i $ext_if -s $priv_class_a -j DROP
+# Refuse packets claiming to be from a Class B private network.
+$ipt -A INPUT -i $ext_if -s $priv_class_b -j DROP
+# Refuse packets claiming to be from a Class C private network.
+#$ipt -A INPUT -i $ext_if -s $priv_class_c -j DROP
+# Refuse packets claiming to be from loopback interface.
+$ipt -A INPUT -i $ext_if -s $loopback -j DROP
+# Refuse Class D multicast addresses. Multicast is illegal as a source address.
+$ipt -A INPUT -i $ext_if -s $class_d_multicast -j DROP
+# Refuse Class E reserved IP addresses.
+$ipt -A INPUT -i $ext_if -s $class_e_reserved -j DROP
+# Refuse broadcast address packets.
+$ipt -A INPUT -i $ext_if -d $broadcast_addr -j DROP
+
+
+# Refuse packets claiming to be to the loopback interface.
+# Refusing packets claiming to be to the loopback interface protects against
+# source quench, whereby a machine can be told to slow itself down by an icmp source
+# quench to the loopback.
+if $log_to_lo || $log_all ; then
+   $ipt -A INPUT -i $ext_if -d $loopback -j LOG --log-prefix "IPv4: To Loopback: " --log-level debug
+fi
+$ipt -A INPUT -i $ext_if -d $loopback -j DROP
+
+
+# Don't allow spoofing from that server
+$ipt -A OUTPUT -o $ext_if -s $priv_class_a -j DROP
+$ipt -A OUTPUT -o $ext_if -s $priv_class_b -j DROP
+#$ipt -A OUTPUT -o $ext_if -s $priv_class_c -j DROP
+$ipt -A OUTPUT -o $ext_if -s $loopback -j DROP
+
+
+# ------------- CHINANET-JS  222.184.0.0 - 222.191.255.255 -------------
+#
+for _ip in $blocked_ips ; do
+   if $log_blocked || $log_all ; then
+      $ipt -A INPUT -i $ext_if -s $_ip -j LOG --log-prefix "IPv4: Blocked ${_ip}: " --log-level debug
+   fi
+   $ipt -A INPUT -p ALL -s $_ip -j DROP
+done
+#
+# ------------- Ende: CHINANET-JS  222.184.0.0 - 222.191.255.255 -------------
+
+
+case $1 in
+   sto*) exit 0;;
+esac
+
+while read r; do
+   case $r in
+      -*) $ipt $r;;
+   esac
+done << EOR
+
+
+-A FORWARD -s 192.168.63.40 -p ALL -j ACCEPT
+-A FORWARD -d 192.168.63.40 -p ALL -j ACCEPT
+
+
+
+# ------------- das loopbackdevice -------------
+# alles erlaubt
+#
+-A INPUT -i lo -j ACCEPT
+-A OUTPUT -o lo -j ACCEPT
+#
+# ---------- Ende: das loopbackdevice ----------
+
+
+# ---------- initialen Verkehr ----------
+# von drinnen nach drausssen 
+#
+#-A FORWARD -i $local_if -o $ext_if -p ALL -m state --state NEW -j ACCEPT
+-A FORWARD -o $ext_if -p ALL -m state --state NEW -j ACCEPT
+#
+# ------- Ende: initialen Verkehr -------
+
+
+# ------------- betsehende Verbindungen -------------
+# bereits bestehende Verbindungen durchlassen
+#
+# -- rein --
+#
+-A INPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
+#
+# -- raus --
+#
+-A OUTPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
+#
+# foreward
+#
+-A FORWARD -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT
+#
+# ---------- Ende betsehende Verbindungen -----------
+
+
+
+# ------------- OpenVPN -------------
+#
+# -- initial via internet
+#
+#-A INPUT -p udp  -i $ext_if --dport 1194 -m state --state NEW -j ACCEPT
+-A INPUT -p udp  -i $ext_if --dport 1195 -m state --state NEW -j ACCEPT
+-A INPUT -p udp  -i $ext_if --dport 1196 -m state --state NEW -j ACCEPT
+#
+# -- initial via lan
+-A INPUT -p udp  -i $local_if --dport 1194 -m state --state NEW -j ACCEPT
+#
+# -- ausgehende Anfragen
+#
+#-A OUTPUT -o $ext_if -p udp --dport 1194 -m state --state NEW -j ACCEPT
+#
+# -- forward
+#
+-A FORWARD -o $ext_if -p udp --dport 1194 -m state --state NEW -j ACCEPT
+#
+# -- alles via vpn device zulassen/durchrouten
+#
+-A INPUT -i $vpn_if -j ACCEPT
+-A OUTPUT -o $vpn_if -j ACCEPT
+-A FORWARD -i $vpn_if -j ACCEPT
+-A FORWARD -o $vpn_if -j ACCEPT
+#
+# ---------- Ende: OpenVPN ----------
+
+
+# ------------- smbclient / smbmount -------------
+#
+-A OUTPUT -o $local_if -p tcp --dport 445 -j ACCEPT
+-A OUTPUT -o $local_if -p tcp --dport 137:139 -j ACCEPT
+#
+# ---------- Ende smbclient / smbmount -----------
+
+
+# ------------- grundsaetzlich ablehnen -------------
+#
+# reinlaufenden windows kram
+#
+-A INPUT -p udp -i $ext_if --dport 137:139 -j DROP
+-A INPUT -p udp -i $local_if --dport 137:139 -j DROP
+-A INPUT -p tcp -i $ext_if --dport 137:139 -j DROP
+-A INPUT -p tcp -i $local_if --dport 137:139 -j DROP
+-A INPUT -p tcp -i $ext_if --dport 445 -j DROP
+-A INPUT -p tcp -i $local_if --dport 445 -j DROP
+#
+# .. und forwards
+#
+-A FORWARD -i $local_if -o $ext_if -p tcp  --dport 137:139 -j DROP
+-A FORWARD -i $local_if -o $ext_if -p tcp  --dport 445 -j DROP
+#
+#
+# authentication tap ident
+#
+-A INPUT -p tcp -i $ext_if --dport 113 -j REJECT --reject-with tcp-reset
+#
+#
+# Location Service
+#
+-A INPUT -p tcp -i $ext_if --dport 135 -j DROP
+-A INPUT -p udp -i $ext_if --dport 135 -j DROP
+#
+# ---------- Ende: grundsaetzlich ablehnen -------------
+
+
+# ------------- Wake on Lan  -------------
+#
+-A OUTPUT -p udp -o $local_if --dport 9 -j ACCEPT
+#
+# ---------- Ende: Wake on Lan  ----------
+
+
+# ------------- SSH -------------
+# reingehende Anfragen
+#
+-A INPUT -p tcp --syn -i $local_if --dport 22 -m state --state NEW -j ACCEPT
+-A INPUT -p tcp --syn -i $ext_if --dport 22 -m state --state NEW -j ACCEPT
+#
+# ausgehende Anfragen
+#
+-A OUTPUT -p tcp --syn -o $local_if --dport 22 -m state --state NEW -j ACCEPT
+-A OUTPUT -p tcp --syn -o $ext_if --dport 22 -m state --state NEW -j ACCEPT
+#
+# forward
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 22 -m state --state NEW -j ACCEPT
+-A FORWARD -p tcp --syn -i $ext_if --dport 22 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende SSH ------------
+
+
+
+# ------------- DHCP -------------
+# reingehende Anfragen
+#
+-A INPUT -p udp  -i $local_if -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+#
+# ausgehende Anfragen
+#
+-A OUTPUT -p udp  -o $local_if --sport 67 -d 0/0 --dport 68 -j ACCEPT
+#
+# ---------- Ende DHCP ------------
+
+
+# ------------- DNS  -------------
+#
+# nameserver
+#
+# -- rein --
+#
+-A INPUT -i $local_if -p udp --dport 53 -m state --state NEW -j ACCEPT
+#
+# -- raus --
+#
+-A OUTPUT -o $ext_if -p udp --dport 53 -m state --state NEW -j ACCEPT
+#
+# forward
+#
+-A FORWARD -o $ext_if -p udp --dport 53 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende DNS  -----------
+   
+
+# ------------- MAIL  -------------
+# rausgehende SMTP-Verbindungen akzeptieren
+#
+-A OUTPUT -p tcp --syn -o $ext_if --dport 25 -m state --state NEW -j ACCEPT
+#
+# ansonsten nur forward
+#
+# smtp
+-A FORWARD -p tcp --syn -o $ext_if --dport 25 -m state --state NEW -j ACCEPT
+#
+# submission
+-A FORWARD -p tcp --syn -o $ext_if --dport 587 -m state --state NEW -j ACCEPT
+#
+# smtps
+-A FORWARD -p tcp --syn -o $ext_if --dport 465 -m state --state NEW -j ACCEPT
+#
+# pop
+-A FORWARD -p tcp --syn -o $ext_if --dport 110 -m state --state NEW -j ACCEPT
+#
+# pop/ssl
+-A FORWARD -p tcp --syn -o $ext_if --dport 995 -m state --state NEW -j ACCEPT
+#
+# imap
+-A FORWARD -p tcp --syn -o $ext_if --dport 143 -m state --state NEW -j ACCEPT
+#
+# imap/ssl
+-A FORWARD -p tcp --syn -o $ext_if --dport 993 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende MAIL  -----------
+
+
+# ------------- HTTP  -------------
+#
+# rausgehende Verbindungen vom Gateway akzeptieren 
+# ( update clamav/freshclam, dyndns, apt-get )
+#
+-A OUTPUT -p tcp --syn -o $local_if --dport 80 -m state --state NEW -j ACCEPT
+-A OUTPUT -p tcp --syn -o $local_if --dport 443 -m state --state NEW -j ACCEPT
+-A OUTPUT -p tcp --syn -o $ext_if --dport 80 -m state --state NEW -j ACCEPT
+-A OUTPUT -p tcp --syn -o $ext_if --dport 443 -m state --state NEW -j ACCEPT
+#
+# ansonsten nur forward
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 80 -m state --state NEW -j ACCEPT
+-A FORWARD -p tcp --syn -o $ext_if --dport 443 -m state --state NEW -j ACCEPT
+#
+#-A FORWARD -p tcp --syn -o $ext_if --dport 8443 -m state --state NEW -j ACCEPT
+#-A FORWARD -p tcp --syn -o $ext_if --dport 8000:8180 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende HTTP  -----------
+
+
+# ------------- FTP  -------------
+#
+# ausgehende Anfragen
+#
+# (Datenkanal aktiv)
+-A INPUT -i $local_if -p tcp  --sport 20 -j ACCEPT
+# (Datenkanal passiv)
+-A OUTPUT -o $local_if -p tcp --sport $unprivports --dport $unprivports  -j ACCEPT
+-A OUTPUT -o $ext_if -p tcp --sport $unprivports --dport $unprivports  -j ACCEPT
+# (Kontrollverbindung)
+-A OUTPUT -o $local_if -p tcp --dport 21 -j ACCEPT
+-A OUTPUT -o $ext_if -p tcp --dport 21 -j ACCEPT
+#
+# forward - nur Verbindungen nach draussen
+#
+-A FORWARD -p tcp  -o $ext_if --dport 20 -j ACCEPT
+-A FORWARD -p tcp  -o $ext_if --dport 21 -j ACCEPT
+-A FORWARD -p tcp  -o $ext_if --sport $unprivports --dport $unprivports -j ACCEPT
+#
+# ---------- Ende FTP  -----------
+
+
+# ------------- NTP  -------------
+# (network time protokoll)
+#
+# rein
+#
+-A INPUT -i $local_if -p udp --sport 123 -m state --state NEW -j ACCEPT
+-A INPUT -i $local_if -p tcp --sport 123 -m state --state NEW -j ACCEPT
+#
+# raus
+#
+-A OUTPUT -o $ext_if -p tcp --dport 123 -m state --state NEW -j ACCEPT
+-A OUTPUT -o $ext_if -p udp --dport 123 -m state --state NEW -j ACCEPT
+#
+# forward
+#
+-A FORWARD -o $ext_if -p udp --dport 123 -j ACCEPT
+-A FORWARD -o $ext_if -p tcp --dport 123 -j ACCEPT
+#
+# ---------- Ende NTP  -----------
+
+
+# ------------- pgpkeyserver -------------
+#
+# Forward -- nur Anfragen nach draussen 
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 11370:11371 -m state --state NEW -j ACCEPT
+-A OUTPUT -p tcp --syn -o $ext_if --dport 11370:11371 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende pgpkeyserver ------------
+
+# ------------- ldap / (z.Bsp. einige pgpkeyserver) -------------
+#
+# Forward -- nur Anfragen nach draussen 
+#
+-A FORWARD -p tcp -o $ext_if --dport 389 -m state --state NEW -j ACCEPT
+-A FORWARD -p udp  -o $ext_if --dport 389 -m state --state NEW -j ACCEPT
+-A OUTPUT -p tcp -o $ext_if --dport 389 -m state --state NEW -j ACCEPT
+-A OUTPUT -p udp  -o $ext_if --dport 389 -m state --state NEW -j ACCEPT
+#
+# ldaps LDAP over SSL
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 636 -j ACCEPT
+-A FORWARD -p udp  -o $ext_if --dport 636 -j ACCEPT
+-A OUTPUT -p tcp --syn -o $ext_if --dport 636 -j ACCEPT
+-A OUTPUT -p udp  -o $ext_if --dport 636 -j ACCEPT
+#
+# ---------- Ende ldap ------------
+
+
+# ------------- Newsserver nntp -------------
+#
+# Forward -- nur Anfragen nach draussen 
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 119 -m state --state NEW -j ACCEPT
+-A OUTPUT -p tcp --syn -o $ext_if --dport 119 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende Newsserver nntp ------------
+
+
+# ------------- Whois  -------------
+# nur ausgehende Anfragen und forward
+#
+#
+-A OUTPUT -o $ext_if -p tcp --dport 43 -j ACCEPT
+-A FORWARD -o $ext_if -p tcp --dport 43 -j ACCEPT
+#
+# ---------- Ende Whois  ----------
+
+
+# ------------- Chat -------------
+# --- silc ---
+#
+# Forward und  Anfragen nach draussen 
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 706 -m state --state NEW -j ACCEPT
+-A OUTPUT -p tcp --syn -o $ext_if --dport 706 -m state --state NEW -j ACCEPT
+#
+# --- irc ---
+#
+# forward und Anfragen nach draussen 
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 194 -m state --state NEW -j ACCEPT
+-A FORWARD -p udp -o $ext_if --dport 194 -m state --state NEW -j ACCEPT
+-A OUTPUT -p tcp --syn -o $ext_if --dport 194 -m state --state NEW -j ACCEPT
+-A OUTPUT -p udp -o $ext_if --dport 194 -m state --state NEW -j ACCEPT
+#
+# ---jabber ---
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 5222:5223 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende chat ------------
+
+
+# ------------- HBCI -------------
+# hbci - port  3000/tcp 
+#
+-A FORWARD -o $ext_if -p tcp --syn --dport 3000 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende HBCI  -----------
+
+
+# ------------- Hylafax (Port 4559)  -------------
+# reingehende Verbindungen zum Hylafax-Server
+#
+-A INPUT -i $local_if -p tcp --dport 4559 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende Hylafax  -----------
+
+
+# ------------- CUPS  -------------
+# (cupssys printer system)
+#
+-A FORWARD -i $local_if -p tcp --dport 631 -m state --state NEW -j ACCEPT
+-A FORWARD -i $local_if -p tcp --dport 631 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende CUPS -----------
+
+
+# ------------- Drucken Port 9100  -------------
+#
+-A FORWARD -i $local_if -p tcp --dport 9100 -m state --state NEW -j ACCEPT
+#
+# ---------- Ende Drucken Port 9100 -----------
+
+
+# ---------- SNMP ----------
+#
+#-A FORWARD -i $local_if -p tcp --dport 161 -m state --state NEW -j ACCEPT
+#
+# ---------- SNMP ----------
+
+
+# ------------- VOIP -------------
+#
+# SIP
+#
+# Standard:
+# Port: 5060 / UDP (SIP-Signalisierung)
+# Port: 5004 / UDP (RTP, Sprache)
+# Port: 10000 UDP (STUN)
+#
+# X-Lite:
+# Port 5060 / UDP
+# Port 8000 - 8019 / UDP
+# Port 10000 /UDP
+
+# reingehende Anfragen
+#
+-A INPUT -p tcp --syn -i $ext_if --dport 5060 -j ACCEPT
+-A INPUT -p udp  -i $ext_if --dport 5060 -j ACCEPT
+#
+# ausgehende Anfragen
+#
+-A OUTPUT -p tcp --syn -o $ext_if --dport 5060 -j ACCEPT
+-A OUTPUT -p udp -o $ext_if --dport 5060 -j ACCEPT
+#
+# Forward -- nur Anfragen nach draussen 
+#
+-A FORWARD -p tcp --syn -o $ext_if --dport 5060 -j ACCEPT
+-A FORWARD -p udp -o $ext_if --dport 5060 -j ACCEPT
+-A FORWARD -p udp -i $ext_if --dport 5060 -j ACCEPT
+-A FORWARD -p udp -o $ext_if --dport 5004 -j ACCEPT
+-A FORWARD -p udp -i $ext_if --dport 5004 -j ACCEPT
+-A FORWARD -p tcp --syn -o $ext_if --dport 10000 -j ACCEPT
+-A FORWARD -p udp -o $ext_if --dport 10000 -j ACCEPT
+-A FORWARD -p udp -i $ext_if --dport 10000 -j ACCEPT
+-A FORWARD -p udp -o $ext_if --sport 8000:8019 -j ACCEPT
+-A FORWARD -p udp -i $ext_if --sport 8000:8019 -j ACCEPT
+-A FORWARD -p udp -o $ext_if --sport 32700:32799 -j ACCEPT
+#
+# SKIPE
+#
+# reingehende Anfragen
+#
+# -A INPUT -p tcp --syn -i $ext_if --dport 54196 -j  ACCEPT
+# -A INPUT -p udp  -i $ext_if --dport 54196 -j ACCEPT
+#
+# ausgehende Anfragen
+#
+#
+# Forward -- Anfragen von draussen 
+#
+# -- Linux
+-A FORWARD -p tcp --syn -i $ext_if --dport 34957 -j ACCEPT
+-A FORWARD -p tcp --syn -o $ext_if --sport 34957 -j ACCEPT
+-A FORWARD -p udp -i $ext_if --dport 34957 -j ACCEPT
+-A FORWARD -p udp  -o $ext_if --sport 34957 -j ACCEPT
+#
+# ---------- Ende VOIP ------------
+
+
+# ------------- Traceroute  -------------
+#
+-A OUTPUT -p udp --dport 33434:33530 -o $local_if -j ACCEPT
+-A INPUT -p udp --dport 33434:33530 -i $local_if -j ACCEPT
+-A FORWARD -p udp --dport 33434:33530 -o $ext_if -j ACCEPT
+#
+# -------- Ende Traceroute  -------------
+
+
+# ------------ Ping ------------
+#
+# -- rein
+-A INPUT -p icmp -j ACCEPT
+#
+# -- raus
+-A OUTPUT -p icmp -j ACCEPT
+#
+# -- forward
+-A FORWARD -p icmp -j ACCEPT
+#
+# ------- Ende Ping ------------
+
+
+# ------------ Portforwarding ------------- #
+# -
+# -- VNC berenice ---
+#
+#-t nat -A PREROUTING -i $ext_if -p tcp --syn \
+#   --dport 5901 -j DNAT --to 192.168.122.111:5900
+#-t filter -A FORWARD -p tcp --dport 5900 -d 192.168.122.111 \
+#   -i $ext_if -o $local_if -j ACCEPT
+#
+# -- VNC buero ---
+#
+#-t nat -A PREROUTING -i $ext_if -p tcp --syn \
+#   --dport 5902 -j DNAT --to 192.168.122.112:5900
+#-t filter -A FORWARD -p tcp --dport 5900 -d 192.168.122.112 \
+#   -i $ext_if -o $local_if -j ACCEPT
+#
+# -- VNC buero3 ---
+#
+#-t nat -A PREROUTING -i $ext_if -p tcp --syn \
+#   --dport 5913 -j DNAT --to 192.168.122.113:5900
+#-t filter -A FORWARD -p tcp --dport 5900 -d 192.168.122.113 \
+#   -i $ext_if -o $local_if -j ACCEPT
+#
+# -- VNC Karsten ---
+#
+#-t nat -A PREROUTING -i $ext_if -p tcp --syn \
+#   --dport 5904 -j DNAT --to 192.168.122.110:5900
+#-t filter -A FORWARD -p tcp --dport 5900 -d 192.168.122.110 \
+#   -i $ext_if -o $local_if -j ACCEPT
+#
+# -- VNC file-km (windows7) ---
+#
+#-t nat -A PREROUTING -i $ext_if -p tcp --syn \
+#   --dport 5905 -j DNAT --to 192.168.122.10:5900
+#-t filter -A FORWARD -p tcp --dport 5900 -d 192.168.122.10 \
+#   -i $ext_if -o $local_if -j ACCEPT
+#
+# -
+# -- SSH file-anw ---
+#
+#-t nat -A PREROUTING -i $ext_if -p tcp --syn \
+#   --dport 9999 -j DNAT --to 192.168.122.10:22
+#-t filter -A FORWARD -p tcp --dport 22 -d 192.168.122.10 \
+#   -i $ext_if -o $local_if -j ACCEPT
+#
+# ---------- Ende Portforwarding ---------- #
+
+
+EOR
+
+
+# ------------- Loggen -------------
+#
+if $log_rejected || $log_all ; then
+   #$ipt -A OUTPUT -j LOG --log-prefix "IPv4: Rejected: " --log-level debug
+   #$ipt -A INPUT -j LOG --log-prefix "IPv4: Rejected: " --log-level debug
+   #$ipt -A FORWARD -j LOG --log-prefix "IPv4: Rejected: " --log-level debug
+   $ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "IPv4: Rejected: "  --log-level debug
+   $ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "IPv4: Rejected: " --log-level debug
+   $ipt -A FORWARD -m limit --limit-burst 2 -j LOG "IPv4: Rejected: " --log-level debug
+fi
+#
+# ---------- Ende: Loggen ----------
+
+
+# -------------  DROP -------------
+# drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+
+
+exit 0
diff --git a/ANW-KM/ipt-firewall.service.ANW-KM b/ANW-KM/ipt-firewall.service.ANW-KM
new file mode 100644
index 0000000..9842090
--- /dev/null
+++ b/ANW-KM/ipt-firewall.service.ANW-KM
@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+SyslogIdentifier="ipt-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ANW-KM/ipt-firewall/default_ports.conf b/ANW-KM/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..0191f18
--- /dev/null
+++ b/ANW-KM/ipt-firewall/default_ports.conf
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/ANW-KM/ipt-firewall/include_functions.conf b/ANW-KM/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/ANW-KM/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/ANW-KM/ipt-firewall/interfaces_ipv4.conf b/ANW-KM/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..3db2522
--- /dev/null
+++ b/ANW-KM/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="eth1"
+local_if_2=""
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices="eth0"
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/ANW-KM/ipt-firewall/load_modules_ipv4.conf b/ANW-KM/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/ANW-KM/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/ANW-KM/ipt-firewall/load_modules_ipv6.conf b/ANW-KM/ipt-firewall/load_modules_ipv6.conf
new file mode 100644
index 0000000..2c55689
--- /dev/null
+++ b/ANW-KM/ipt-firewall/load_modules_ipv6.conf
@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle
diff --git a/ANW-KM/ipt-firewall/logging_ipv4.conf b/ANW-KM/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..90f9606
--- /dev/null
+++ b/ANW-KM/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=true
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/ANW-KM/ipt-firewall/logging_ipv6.conf b/ANW-KM/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..a024215
--- /dev/null
+++ b/ANW-KM/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/ANW-KM/ipt-firewall/main_ipv4.conf b/ANW-KM/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..887f116
--- /dev/null
+++ b/ANW-KM/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1202 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+read -a gateway_ipv4_address_arr <<<$(ifconfig | grep "inet Ad" | awk '{print$2}' | cut -d':' -f2)
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip=""
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks=""
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067  
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195 1196"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - Blank separated list
+# -
+http_server_only_local_ips=""
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+# - 192.168.122.10      Samba Fileserver
+# - 192.168.122.20      KVM Windows 7 Freigaben
+# -
+samba_server_local_ips="192.168.122.10 192.168.122.20"
+
+# - Samba Service DMZ
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips="192.168.122.0/24"
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - Notice:
+# -    The Accesspoint IP is not needed (i think so), because the 
+# -    AP uses port 8080 for cummunication with the controller, and
+# -    this port will be configured with the rules concerning the 
+# -    controllers.
+# -
+# - again: setting unifi_ap_local_ips is not needed
+#unifi_ap_local_ips="192.168.64.50"
+
+unifi_controller_gateway_ips=""
+unify_controller_local_net_ips=""
+unify_controller_ports="8080,8443"
+
+provide_hotspot=true
+hotspot_ports="8880,8843"
+
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - 192.168.122.201     IPMI Fileserver
+# - 192.168.122.202     IPMI Gateway
+# -
+# - Blank seoarated list
+# -
+ipmi_server_ips="192.168.122.201 192.168.2.15"
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_ports="623 5900"
+ipmi_tcp_ports="80 443 623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - 192.168.122.5       Brother HL-5380DN
+# -
+# - Blank separated list
+# -
+printer_ips=""
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips=""
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+# -    192.168.64.55: Repeater TP-Link TL-WA850RE
+# -
+# - Blank separated list
+# -
+masquerade_tcp_cons=""
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# - Blank separated list
+# -
+portforward_tcp=""
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=false
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=true
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=false
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14"
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/ANW-KM/ipt-firewall/post_decalrations.conf b/ANW-KM/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..a90ea98
--- /dev/null
+++ b/ANW-KM/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,454 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/ANW-KM/mailname.ANW-KM b/ANW-KM/mailname.ANW-KM
new file mode 100644
index 0000000..0fb617e
--- /dev/null
+++ b/ANW-KM/mailname.ANW-KM
@@ -0,0 +1 @@
+gw-km.anw-km.netz
diff --git a/ANW-KM/main.cf.ANW-KM b/ANW-KM/main.cf.ANW-KM
new file mode 100644
index 0000000..ec7725b
--- /dev/null
+++ b/ANW-KM/main.cf.ANW-KM
@@ -0,0 +1,268 @@
+# ============ Basic settings ============
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+
+## - The Internet protocols Postfix will attempt to use when making 
+## - or accepting connections.
+## - DEFAULT: ipv4
+inet_protocols = ipv4
+
+#inet_interfaces = all
+inet_interfaces =
+   127.0.0.1
+   192.168.122.254
+
+myhostname = gw-km.anw-km.netz
+
+mydestination = 
+   gw-km.anw-km.netz
+   localhost
+
+## - The list of "trusted" SMTP clients that have more 
+## - privileges than "strangers"
+## -
+mynetworks = 
+   127.0.0.0/8
+   192.168.122.254/32
+
+#smtp_bind_address = 192.168.100.254
+#smtp_bind_address6 = 
+
+
+## - The method to generate the default value for the mynetworks parameter.
+## -
+## -   mynetworks_style = host" when Postfix should "trust" only the local machine
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -                       clients in the same IP subnetworks as the local machine.
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -                      IP class A/B/C networks as the local machine.
+## -
+#mynetworks_style = host
+
+
+## - The maximal size of any local(8) individual mailbox or maildir file, 
+## - or zero (no limit). In fact, this limits the size of any file that is 
+## - written to upon local delivery, including files written by external 
+## - commands that are executed by the local(8) delivery agent. 
+## -
+mailbox_size_limit = 0
+
+## - The maximal size in bytes of a message, including envelope information.
+## -
+## - we user 50MB
+## -
+message_size_limit = 52480000
+
+## - The system-wide recipient address extension delimiter
+## -
+recipient_delimiter = +
+
+## - The alias databases that are used for local(8) delivery.
+## -
+alias_maps =
+   hash:/etc/aliases
+
+## - The alias databases for local(8) delivery that are updated 
+## - with "newaliases" or with "sendmail -bi". 
+## -
+alias_database =
+   hash:/etc/aliases
+
+
+## - The maximal time a message is queued before it is sent back as 
+## - undeliverable. Defaults to 5d (5 days)
+## - Specify 0 when mail delivery should be tried only once.
+## - 
+maximal_queue_lifetime = 3d
+bounce_queue_lifetime = $maximal_queue_lifetime
+
+## - delay_warning_time (default: 0h)
+## -
+## - The time after which the sender receives a copy of the message 
+## - headers of mail that is still queued. To enable this feature, 
+## - specify a non-zero time value (an integral value plus an optional 
+## - one-letter suffix that specifies the time unit). 
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
+## - The default time unit is h (hours). 
+delay_warning_time = 1d
+
+
+
+# ============ Relay parameters ============
+
+#relayhost =
+
+
+# ============ SASL authentication ============
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+
+
+
+# ============ TLS parameters ============
+
+## - Aktiviert TLS für den Mailempfang
+## -
+## - may:
+## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - SMTP server, otherwise use plaintext
+## -
+## - This overrides the obsolete parameters smtpd_use_tls and 
+## - smtpd_enforce_tls. This parameter is ignored with 
+## - "smtpd_tls_wrappermode = yes".
+#smtpd_use_tls=yes
+smtp_tls_security_level=encrypt
+
+## - Aktiviert TLS für den Mailversand
+## -
+## - may:
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - but do not require that clients use TLS encryption.
+# smtp_use_tls=yes
+smtpd_tls_security_level=may
+
+## -    0 Disable logging of TLS activity. 
+## -    1 Log TLS handshake and certificate information. 
+## -    2 Log levels during TLS negotiation. 
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
+
+smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
+smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
+## -
+smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
+## - also possible to use 2048 key with that parameter
+## -
+#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
+## -
+smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
+
+
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
+## - server certificates or intermediate CA certificates. These are loaded into 
+## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
+## - 
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - necessary "hash" links with, for example, "
+## - /bin/c_rehash /etc/postfix/certs". 
+## -
+## - !! Note !!
+## - To use this option in chroot mode, this directory (or a copy) must be inside 
+## - the chroot jail. 
+## -
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - queue directory (/var/spool/postfix)
+## -
+#smtpd_tls_CApath = /etc/postfix/certs
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP server 
+# 
+# List of TLS protocols that the Postfix SMTP server will exclude or  
+# include with opportunistic TLS encryption.  
+smtpd_tls_protocols = !SSLv2, !SSLv3
+# 
+# The SSL/TLS protocols accepted by the Postfix SMTP server  
+# with mandatory TLS encryption. 
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP client 
+#  
+# List of TLS protocols that the Postfix SMTP client will exclude or  
+# include with opportunistic TLS encryption.  
+smtp_tls_protocols = !SSLv2, !SSLv3
+# 
+# List of SSL/TLS protocols that the Postfix SMTP client will use  
+# with mandatory TLS encryption 
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
+## -    openssl > 1.0
+## -
+smtpd_tls_eecdh_grade = strong
+
+# standard list cryptographic algorithm
+tls_preempt_cipherlist = yes
+
+# Disable ciphers which are less than 256-bit:
+#
+#smtpd_tls_mandatory_ciphers = high
+#
+# opportunistic
+smtpd_tls_ciphers = high
+
+
+# Exclude ciphers
+#smtpd_tls_exclude_ciphers =
+#   RC4
+#   aNULL
+#   SEED-SHA
+#   EXP
+#   MD5
+smtpd_tls_exclude_ciphers =
+   aNULL
+   eNULL
+   EXPORT
+   DES
+   RC4
+   MD5
+   PSK
+   aECDH
+   EDH-DSS-DES-CBC3-SHA
+   EDH-RSA-DES-CDC3-SHA
+   KRB5-DE5, CBC3-SHA
+
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
diff --git a/ANW-KM/openvpn/ccd/server-gw-ckubu/ANW-KM-Vpn-gw-ckubu b/ANW-KM/openvpn/ccd/server-gw-ckubu/ANW-KM-Vpn-gw-ckubu
new file mode 100644
index 0000000..0cc8611
--- /dev/null
+++ b/ANW-KM/openvpn/ccd/server-gw-ckubu/ANW-KM-Vpn-gw-ckubu
@@ -0,0 +1,6 @@
+ifconfig-push 10.1.122.2 255.255.255.0
+push "route 192.168.122.0 255.255.255.0 10.1.122.1"
+push "route 192.168.2.0 255.255.255.0 10.1.122.1"
+#push "route 192.168.123.0 255.255.255.0 10.1.122.1"
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0
diff --git a/ANW-KM/openvpn/ccd/server-home/ANW-KM-Vpn-chris b/ANW-KM/openvpn/ccd/server-home/ANW-KM-Vpn-chris
new file mode 100644
index 0000000..e8590ef
--- /dev/null
+++ b/ANW-KM/openvpn/ccd/server-home/ANW-KM-Vpn-chris
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.122.2 10.0.122.1
+#push "route 192.168.122.0 255.255.255.0"
diff --git a/ANW-KM/openvpn/ccd/server-home/ANW-KM-Vpn-rp b/ANW-KM/openvpn/ccd/server-home/ANW-KM-Vpn-rp
new file mode 100644
index 0000000..3b14ad3
--- /dev/null
+++ b/ANW-KM/openvpn/ccd/server-home/ANW-KM-Vpn-rp
@@ -0,0 +1,2 @@
+push "route 192.168.122.0 255.255.255.0"
+ifconfig-push 10.0.122.5 10.0.122.1
diff --git a/ANW-KM/openvpn/easy-rsa/.externals b/ANW-KM/openvpn/easy-rsa/.externals
new file mode 100644
index 0000000..3712eb8
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/.externals
@@ -0,0 +1 @@
+./2.0	http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn/easy-rsa/2.0
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/Makefile b/ANW-KM/openvpn/easy-rsa/2.0/Makefile
new file mode 100644
index 0000000..902d78f
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/Makefile
@@ -0,0 +1,13 @@
+
+DESTDIR=
+PREFIX=
+
+all:
+	echo "All done."
+	echo "Run make install DESTDIR=/usr/share/somewhere"
+
+install:
+	install -c --directory "${DESTDIR}/${PREFIX}"
+	install -c --mode=0755 build-* "${DESTDIR}/${PREFIX}"
+	install -c --mode=0755 clean-all list-crl inherit-inter pkitool revoke-full sign-req whichopensslcnf "${DESTDIR}/${PREFIX}"
+	install -c --mode=0644 openssl-0.9.6.cnf openssl.cnf README vars "${DESTDIR}/${PREFIX}"
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/README.gz b/ANW-KM/openvpn/easy-rsa/2.0/README.gz
new file mode 100644
index 0000000..116d85b
Binary files /dev/null and b/ANW-KM/openvpn/easy-rsa/2.0/README.gz differ
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/build-ca b/ANW-KM/openvpn/easy-rsa/2.0/build-ca
new file mode 100755
index 0000000..fb1e2ca
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/build-ca
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+#
+# Build a root certificate
+#
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --initca $*
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/build-dh b/ANW-KM/openvpn/easy-rsa/2.0/build-dh
new file mode 100755
index 0000000..f019222
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/build-dh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Build Diffie-Hellman parameters for the server side
+# of an SSL/TLS connection.
+
+if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
+    $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/build-inter b/ANW-KM/openvpn/easy-rsa/2.0/build-inter
new file mode 100755
index 0000000..f831d6f
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/build-inter
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Make an intermediate CA certificate/private key pair using a locally generated
+# root certificate.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --inter $*
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/build-key b/ANW-KM/openvpn/easy-rsa/2.0/build-key
new file mode 100755
index 0000000..6196308
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/build-key
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Make a certificate/private key pair using a locally generated
+# root certificate.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact $*
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/build-key-pass b/ANW-KM/openvpn/easy-rsa/2.0/build-key-pass
new file mode 100755
index 0000000..35543e0
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/build-key-pass
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Similar to build-key, but protect the private key
+# with a password.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --pass $*
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/build-key-pkcs12 b/ANW-KM/openvpn/easy-rsa/2.0/build-key-pkcs12
new file mode 100755
index 0000000..5ef064f
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/build-key-pkcs12
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# Make a certificate/private key pair using a locally generated
+# root certificate and convert it to a PKCS #12 file including the
+# the CA certificate as well.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --pkcs12 $*
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/build-key-server b/ANW-KM/openvpn/easy-rsa/2.0/build-key-server
new file mode 100755
index 0000000..5502675
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/build-key-server
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Make a certificate/private key pair using a locally generated
+# root certificate.
+#
+# Explicitly set nsCertType to server using the "server"
+# extension in the openssl.cnf file.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --server $*
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/build-req b/ANW-KM/openvpn/easy-rsa/2.0/build-req
new file mode 100755
index 0000000..26587d1
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/build-req
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Build a certificate signing request and private key.  Use this
+# when your root certificate and key is not available locally.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --csr $*
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/build-req-pass b/ANW-KM/openvpn/easy-rsa/2.0/build-req-pass
new file mode 100755
index 0000000..6e6c863
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/build-req-pass
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Like build-req, but protect your private key
+# with a password.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --csr --pass $*
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/clean-all b/ANW-KM/openvpn/easy-rsa/2.0/clean-all
new file mode 100755
index 0000000..0576db5
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/clean-all
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Initialize the $KEY_DIR directory.
+# Note that this script does a
+# rm -rf on $KEY_DIR so be careful!
+
+if [ "$KEY_DIR" ]; then
+    rm -rf "$KEY_DIR"
+    mkdir "$KEY_DIR" && \
+	chmod go-rwx "$KEY_DIR" && \
+	touch "$KEY_DIR/index.txt" && \
+	echo 01 >"$KEY_DIR/serial"
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/inherit-inter b/ANW-KM/openvpn/easy-rsa/2.0/inherit-inter
new file mode 100755
index 0000000..2101951
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/inherit-inter
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# Build a new PKI which is rooted on an intermediate certificate generated
+# by ./build-inter or ./pkitool --inter from a parent PKI.  The new PKI should
+# have independent vars settings, and must use a different KEY_DIR directory
+# from the parent.  This tool can be used to generate arbitrary depth
+# certificate chains.
+#
+# To build an intermediate CA, follow the same steps for a regular PKI but
+# replace ./build-key or ./pkitool --initca with this script.
+
+# The EXPORT_CA file will contain the CA certificate chain and should be
+# referenced by the OpenVPN "ca" directive in config files.  The ca.crt file
+# will only contain the local intermediate CA -- it's needed by the easy-rsa
+# scripts but not by OpenVPN directly.
+EXPORT_CA="export-ca.crt"
+
+if [ $# -ne 2 ]; then
+    echo "usage: $0 <parent-key-dir> <common-name>"
+    echo "parent-key-dir: the KEY_DIR directory of the parent PKI"
+    echo "common-name: the common name of the intermediate certificate in the parent PKI"
+    exit 1;
+fi
+
+if [ "$KEY_DIR" ]; then
+    cp "$1/$2.crt" "$KEY_DIR/ca.crt"
+    cp "$1/$2.key" "$KEY_DIR/ca.key"
+
+    if [ -e "$1/$EXPORT_CA" ]; then
+	PARENT_CA="$1/$EXPORT_CA"
+    else
+	PARENT_CA="$1/ca.crt"
+    fi
+    cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA"
+    cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA"
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/list-crl b/ANW-KM/openvpn/easy-rsa/2.0/list-crl
new file mode 100755
index 0000000..afc0cd6
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/list-crl
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# list revoked certificates
+
+CRL="${1:-crl.pem}"
+
+if [ "$KEY_DIR" ]; then
+    cd "$KEY_DIR" && \
+	$OPENSSL crl -text -noout -in "$CRL"
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/openssl-0.9.6.cnf.gz b/ANW-KM/openvpn/easy-rsa/2.0/openssl-0.9.6.cnf.gz
new file mode 100644
index 0000000..d2afde0
Binary files /dev/null and b/ANW-KM/openvpn/easy-rsa/2.0/openssl-0.9.6.cnf.gz differ
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/openssl.cnf b/ANW-KM/openvpn/easy-rsa/2.0/openssl.cnf
new file mode 100755
index 0000000..a781dda
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/openssl.cnf
@@ -0,0 +1,285 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
+
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/pkitool b/ANW-KM/openvpn/easy-rsa/2.0/pkitool
new file mode 100755
index 0000000..5f95162
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/pkitool
@@ -0,0 +1,353 @@
+#!/bin/sh
+
+#  OpenVPN -- An application to securely tunnel IP networks
+#             over a single TCP/UDP port, with support for SSL/TLS-based
+#             session authentication and key exchange,
+#             packet encryption, packet authentication, and
+#             packet compression.
+#
+#  Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License version 2
+#  as published by the Free Software Foundation.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program (see the file COPYING included with this
+#  distribution); if not, write to the Free Software Foundation, Inc.,
+#  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# pkitool is a front-end for the openssl tool.
+
+# Calling scripts can set the certificate organizational 
+# unit with the KEY_OU environmental variable. 
+
+PROGNAME=pkitool
+VERSION=2.0
+DEBUG=0
+
+die()
+{
+    local m="$1"
+
+    echo "$m" >&2
+    exit 1
+}
+
+need_vars()
+{
+    echo '  Please edit the vars script to reflect your configuration,'
+    echo '  then source it with "source ./vars".'
+    echo '  Next, to start with a fresh PKI configuration and to delete any'
+    echo '  previous certificates and keys, run "./clean-all".'
+    echo "  Finally, you can run this tool ($PROGNAME) to build certificates/keys."
+}
+
+usage()
+{
+    echo "$PROGNAME $VERSION"
+    echo "Usage: $PROGNAME [options...] [common-name]"
+    echo "Options:"
+    echo "  --batch    : batch mode (default)"
+    echo "  --keysize  : Set keysize"
+    echo "      size   : size (default=1024)"
+    echo "  --interact : interactive mode"
+    echo "  --server   : build server cert"
+    echo "  --initca   : build root CA"
+    echo "  --inter    : build intermediate CA"
+    echo "  --pass     : encrypt private key with password"
+    echo "  --csr      : only generate a CSR, do not sign"
+    echo "  --sign     : sign an existing CSR"
+    echo "  --pkcs12   : generate a combined PKCS#12 file"
+    echo "  --pkcs11   : generate certificate on PKCS#11 token"
+    echo "      lib    : PKCS#11 library"
+    echo "      slot   : PKCS#11 slot"
+    echo "      id     : PKCS#11 object id (hex string)"
+    echo "      label  : PKCS#11 object label"
+    echo "Standalone options:"
+    echo "  --pkcs11-slots   : list PKCS#11 slots"
+    echo "      lib    : PKCS#11 library"
+    echo "  --pkcs11-objects : list PKCS#11 token objects"
+    echo "      lib    : PKCS#11 library"
+    echo "      slot   : PKCS#11 slot"
+    echo "  --pkcs11-init    : initialize PKCS#11 token DANGEROUS!!!"
+    echo "      lib    : PKCS#11 library"
+    echo "      slot   : PKCS#11 slot"
+    echo "      label  : PKCS#11 token label"
+    echo "Notes:"
+    need_vars
+    echo "  In order to use PKCS#11 interface you must have opensc-0.10.0 or higher."
+    echo "Generated files and corresponding OpenVPN directives:"
+    echo '(Files will be placed in the $KEY_DIR directory, defined in ./vars)'
+    echo "  ca.crt     -> root certificate (--ca)"
+    echo "  ca.key     -> root key, keep secure (not directly used by OpenVPN)"
+    echo "  .crt files -> client/server certificates (--cert)"
+    echo "  .key files -> private keys, keep secure (--key)"
+    echo "  .csr files -> certificate signing request (not directly used by OpenVPN)"
+    echo "  dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)"
+    echo "Examples:"
+    echo "  $PROGNAME --initca          -> Build root certificate"
+    echo "  $PROGNAME --initca --pass   -> Build root certificate with password-protected key"
+    echo "  $PROGNAME --server server1  -> Build \"server1\" certificate/key"
+    echo "  $PROGNAME client1           -> Build \"client1\" certificate/key"
+    echo "  $PROGNAME --pass client2    -> Build password-protected \"client2\" certificate/key"
+    echo "  $PROGNAME --pkcs12 client3  -> Build \"client3\" certificate/key in PKCS#12 format"
+    echo "  $PROGNAME --csr client4     -> Build \"client4\" CSR to be signed by another CA"
+    echo "  $PROGNAME --sign client4    -> Sign \"client4\" CSR"
+    echo "  $PROGNAME --inter interca   -> Build an intermediate key-signing certificate/key"
+    echo "                               Also see ./inherit-inter script."
+    echo "  $PROGNAME --pkcs11 /usr/lib/pkcs11/lib1 0 010203 \"client5 id\" client5"
+    echo "                              -> Build \"client5\" certificate/key in PKCS#11 token"
+    echo "Typical usage for initial PKI setup.  Build myserver, client1, and client2 cert/keys."
+    echo "Protect client2 key with a password.  Build DH parms.  Generated files in ./keys :"
+    echo "  [edit vars with your site-specific info]"
+    echo "  source ./vars"
+    echo "  ./clean-all"
+    echo "  ./build-dh     -> takes a long time, consider backgrounding"
+    echo "  ./$PROGNAME --initca"
+    echo "  ./$PROGNAME --server myserver"
+    echo "  ./$PROGNAME client1"
+    echo "  ./$PROGNAME --pass client2"
+    echo "Typical usage for adding client cert to existing PKI:"
+    echo "  source ./vars"
+    echo "  ./$PROGNAME client-new"
+}
+
+# Set defaults
+DO_REQ="1"
+REQ_EXT=""
+DO_CA="1"
+CA_EXT=""
+DO_P12="0"
+DO_P11="0"
+DO_ROOT="0"
+NODES_REQ="-nodes"
+NODES_P12=""
+BATCH="-batch"
+CA="ca"
+# must be set or errors of openssl.cnf
+PKCS11_MODULE_PATH="dummy"
+PKCS11_PIN="dummy"
+
+# Process options
+while [ $# -gt 0 ]; do
+    case "$1" in
+        --keysize  ) KEY_SIZE=$2
+		     shift;;
+	--server   ) REQ_EXT="$REQ_EXT -extensions server"
+	             CA_EXT="$CA_EXT -extensions server" ;;
+	--batch    ) BATCH="-batch" ;;
+	--interact ) BATCH="" ;;
+        --inter    ) CA_EXT="$CA_EXT -extensions v3_ca" ;;
+        --initca   ) DO_ROOT="1" ;;
+	--pass     ) NODES_REQ="" ;;
+        --csr      ) DO_CA="0" ;;
+        --sign     ) DO_REQ="0" ;;
+        --pkcs12   ) DO_P12="1" ;;
+	--pkcs11   ) DO_P11="1"
+	             PKCS11_MODULE_PATH="$2"
+		     PKCS11_SLOT="$3"
+		     PKCS11_ID="$4"
+		     PKCS11_LABEL="$5"
+		     shift 4;;
+
+	# standalone
+	--pkcs11-init)
+	             PKCS11_MODULE_PATH="$2"
+	             PKCS11_SLOT="$3"
+	             PKCS11_LABEL="$4"
+		     if [ -z "$PKCS11_LABEL" ]; then
+		       die "Please specify library name, slot and label"
+		     fi
+		     $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \
+		     	--label "$PKCS11_LABEL" &&
+			$PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT"
+		     exit $?;;
+	--pkcs11-slots)
+	             PKCS11_MODULE_PATH="$2"
+		     if [ -z "$PKCS11_MODULE_PATH" ]; then
+		       die "Please specify library name"
+		     fi
+		     $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots
+		     exit 0;;
+	--pkcs11-objects)
+	             PKCS11_MODULE_PATH="$2"
+	             PKCS11_SLOT="$3"
+		     if [ -z "$PKCS11_SLOT" ]; then
+		       die "Please specify library name and slot"
+		     fi
+		     $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT"
+		     exit 0;;
+
+	# errors
+	--*        ) die "$PROGNAME: unknown option: $1" ;;
+	*          ) break ;;
+    esac
+    shift   
+done
+
+if ! [ -z "$BATCH" ]; then
+	if $OPENSSL version | grep 0.9.6 > /dev/null; then
+		die "Batch mode is unsupported in openssl<0.9.7"
+	fi
+fi
+
+if [ $DO_P12 -eq 1 -a $DO_P11 -eq 1 ]; then
+	die "PKCS#11 and PKCS#12 cannot be specified together"
+fi
+
+if [ $DO_P11 -eq 1 ]; then
+	if ! grep "^pkcs11.*=" "$KEY_CONFIG" > /dev/null; then
+		die "Please edit $KEY_CONFIG and setup PKCS#11 engine"
+	fi
+fi
+
+# If we are generating pkcs12, only encrypt the final step
+if [ $DO_P12 -eq 1 ]; then
+    NODES_P12="$NODES_REQ"
+    NODES_REQ="-nodes"
+fi
+
+if [ $DO_P11 -eq 1 ]; then
+	if [ -z "$PKCS11_LABEL" ]; then
+		die "PKCS#11 arguments incomplete"
+	fi
+fi
+
+# If undefined, set default key expiration intervals
+if [ -z "$KEY_EXPIRE" ]; then
+    KEY_EXPIRE=3650
+fi
+if [ -z "$CA_EXPIRE" ]; then
+    CA_EXPIRE=3650
+fi
+
+# Set organizational unit to empty string if undefined
+if [ -z "$KEY_OU" ]; then
+    KEY_OU=""
+fi
+
+# Set KEY_CN
+if [ $DO_ROOT -eq 1 ]; then
+    if [ -z "$KEY_CN" ]; then
+	if [ "$1" ]; then
+	    KEY_CN="$1"
+	elif [ "$KEY_ORG" ]; then
+	    KEY_CN="$KEY_ORG CA"
+	fi
+    fi
+    if [ $BATCH ] && [ "$KEY_CN" ]; then
+	echo "Using CA Common Name:" $KEY_CN
+    fi
+elif [ $BATCH ] && [ "$KEY_CN" ] && [ $# -eq 0 ]; then
+    echo "Using Common Name:" $KEY_CN
+else
+    if [ $# -ne 1 ]; then
+	usage
+	exit 1
+    else
+	KEY_CN="$1"
+    fi
+fi
+
+export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_CN PKCS11_MODULE_PATH PKCS11_PIN
+
+# Show parameters (debugging)
+if [ $DEBUG -eq 1 ]; then
+    echo DO_REQ $DO_REQ
+    echo REQ_EXT $REQ_EXT
+    echo DO_CA $DO_CA
+    echo CA_EXT $CA_EXT
+    echo NODES_REQ $NODES_REQ
+    echo NODES_P12 $NODES_P12
+    echo DO_P12 $DO_P12
+    echo KEY_CN $KEY_CN
+    echo BATCH $BATCH
+    echo DO_ROOT $DO_ROOT
+    echo KEY_EXPIRE $KEY_EXPIRE
+    echo CA_EXPIRE $CA_EXPIRE
+    echo KEY_OU $KEY_OU
+    echo DO_P11 $DO_P11
+    echo PKCS11_MODULE_PATH $PKCS11_MODULE_PATH
+    echo PKCS11_SLOT $PKCS11_SLOT
+    echo PKCS11_ID $PKCS11_ID
+    echo PKCS11_LABEL $PKCS11_LABEL
+fi
+
+# Make sure ./vars was sourced beforehand
+if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" ]; then
+    cd "$KEY_DIR"
+
+    # Make sure $KEY_CONFIG points to the correct version
+    # of openssl.cnf
+    if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then
+	:
+    else
+	echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong"
+        echo "version of openssl.cnf: $KEY_CONFIG"
+	echo "The correct version should have a comment that says: easy-rsa version 2.x";
+	exit 1;
+    fi
+
+    # Build root CA
+    if [ $DO_ROOT -eq 1 ]; then
+	$OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE -sha1 \
+	    -x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \
+	    chmod 0600 "$CA.key"
+    else        
+        # Make sure CA key/cert is available
+	if [ $DO_CA -eq 1 ] || [ $DO_P12 -eq 1 ]; then
+	    if [ ! -r "$CA.crt" ] || [ ! -r "$CA.key" ]; then
+		echo "$PROGNAME: Need a readable $CA.crt and $CA.key in $KEY_DIR"
+		echo "Try $PROGNAME --initca to build a root certificate/key."
+		exit 1
+	    fi
+	fi
+
+	# Generate key for PKCS#11 token
+	PKCS11_ARGS=
+	if [ $DO_P11 -eq 1 ]; then
+	        stty -echo
+	        echo -n "User PIN: "
+	        read -r PKCS11_PIN
+	        stty echo
+		export PKCS11_PIN
+
+		echo "Generating key pair on PKCS#11 token..."
+		$PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \
+			--login --pin "$PKCS11_PIN" \
+			--key-type rsa:1024 \
+			--slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1
+		PKCS11_ARGS="-engine pkcs11 -keyform engine -key $PKCS11_SLOT:$PKCS11_ID"
+	fi
+
+        # Build cert/key
+	( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH -days $KEY_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \
+	        -keyout "$KEY_CN.key" -out "$KEY_CN.csr" $REQ_EXT -config "$KEY_CONFIG" $PKCS11_ARGS ) && \
+	    ( [ $DO_CA -eq 0 ]  || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$KEY_CN.crt" \
+	        -in "$KEY_CN.csr" $CA_EXT -md sha1 -config "$KEY_CONFIG" ) && \
+	    ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$KEY_CN.key" \
+	        -in "$KEY_CN.crt" -certfile "$CA.crt" -out "$KEY_CN.p12" $NODES_P12 ) && \
+	    ( [ $DO_CA -eq 0 -o $DO_P11 -eq 1 ]  || chmod 0600 "$KEY_CN.key" ) && \
+	    ( [ $DO_P12 -eq 0 ] || chmod 0600 "$KEY_CN.p12" )
+
+	# Load certificate into PKCS#11 token
+	if [ $DO_P11 -eq 1 ]; then
+		$OPENSSL x509 -in "$KEY_CN.crt" -inform PEM -out "$KEY_CN.crt.der" -outform DER && \
+		  $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$KEY_CN.crt.der" --type cert \
+			--login --pin "$PKCS11_PIN" \
+			--slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" 
+		[ -e "$KEY_CN.crt.der" ]; rm "$KEY_CN.crt.der"
+	fi
+
+    fi
+
+# Need definitions
+else
+    need_vars
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/revoke-full b/ANW-KM/openvpn/easy-rsa/2.0/revoke-full
new file mode 100755
index 0000000..bf3e5fb
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/revoke-full
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# revoke a certificate, regenerate CRL,
+# and verify revocation
+
+CRL="crl.pem"
+RT="revoke-test.pem"
+
+if [ $# -ne 1 ]; then
+    echo "usage: revoke-full <common-name>";
+    exit 1
+fi
+
+if [ "$KEY_DIR" ]; then
+    cd "$KEY_DIR"
+    rm -f "$RT"
+
+    # set defaults
+    export KEY_CN=""
+    export KEY_OU=""
+
+    # revoke key and generate a new CRL
+    $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
+
+    # generate a new CRL -- try to be compatible with
+    # intermediate PKIs
+    $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
+    if [ -e export-ca.crt ]; then
+	cat export-ca.crt "$CRL" >"$RT"
+    else
+	cat ca.crt "$CRL" >"$RT"
+    fi
+    
+    # verify the revocation
+    $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/sign-req b/ANW-KM/openvpn/easy-rsa/2.0/sign-req
new file mode 100755
index 0000000..38655d3
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/sign-req
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Sign a certificate signing request (a .csr file)
+# with a local root certificate and key.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --sign $*
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/vars b/ANW-KM/openvpn/easy-rsa/2.0/vars
new file mode 100755
index 0000000..53b1f77
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/vars
@@ -0,0 +1,74 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+#export EASY_RSA="`pwd`"
+BASE_DIR=/etc/openvpn
+export EASY_RSA="${BASE_DIR}/easy-rsa/2.0"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+#export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="${BASE_DIR}/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=1024
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=10950
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=10950
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+#export KEY_COUNTRY="US"
+#export KEY_PROVINCE="CA"
+#export KEY_CITY="SanFrancisco"
+#export KEY_ORG="Fort-Funston"
+#export KEY_EMAIL="me@myhost.mydomain"
+
+export KEY_COUNTRY=DE
+export KEY_PROVINCE=Berlin
+export KEY_CITY=Berlin
+export KEY_ORG="o.open"
+export KEY_ORG_UN="network services"
+export KEY_EMAIL="argus@oopen.de"
diff --git a/ANW-KM/openvpn/easy-rsa/2.0/whichopensslcnf b/ANW-KM/openvpn/easy-rsa/2.0/whichopensslcnf
new file mode 100755
index 0000000..2260aa8
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/2.0/whichopensslcnf
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+if [ "$OPENSSL" ]; then
+	if $OPENSSL version | grep 0.9.6 > /dev/null; then
+		echo "$1/openssl-0.9.6.cnf"
+	else
+		echo "$1/openssl.cnf"
+	fi
+else
+	echo "$1/openssl.cnf"
+fi
+
+exit 0
diff --git a/ANW-KM/openvpn/easy-rsa/README.gz b/ANW-KM/openvpn/easy-rsa/README.gz
new file mode 100644
index 0000000..70ce70f
Binary files /dev/null and b/ANW-KM/openvpn/easy-rsa/README.gz differ
diff --git a/ANW-KM/openvpn/easy-rsa/build-ca b/ANW-KM/openvpn/easy-rsa/build-ca
new file mode 100755
index 0000000..5ad59cc
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/build-ca
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+#
+# Build a root certificate
+#
+
+if test $KEY_DIR; then
+	cd $KEY_DIR && \
+	openssl req -days 3650 -nodes -new -x509 -keyout ca.key -out ca.crt -config $KEY_CONFIG && \
+        chmod 0600 ca.key
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/build-dh b/ANW-KM/openvpn/easy-rsa/build-dh
new file mode 100755
index 0000000..6de4baf
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/build-dh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+#
+# Build Diffie-Hellman parameters for the server side
+# of an SSL/TLS connection.
+#
+
+if test $KEY_DIR; then
+    openssl dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
+else
+    echo you must define KEY_DIR
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/build-inter b/ANW-KM/openvpn/easy-rsa/build-inter
new file mode 100755
index 0000000..8b3a6b2
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/build-inter
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+#
+# Make an intermediate CA certificate/private key pair using a locally generated
+# root certificate.
+#
+
+if test $# -ne 1; then
+        echo "usage: build-inter <name>";
+        exit 1
+fi                                                                             
+
+if test $KEY_DIR; then
+	cd $KEY_DIR && \
+	openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
+	openssl ca -extensions v3_ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/build-key b/ANW-KM/openvpn/easy-rsa/build-key
new file mode 100755
index 0000000..3159d2b
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/build-key
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+#
+# Make a certificate/private key pair using a locally generated
+# root certificate.
+#
+
+if test $# -ne 1; then
+        echo "usage: build-key <name>";
+        exit 1
+fi                                                                             
+
+if test $KEY_DIR; then
+	cd $KEY_DIR && \
+	openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
+	openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
+	chmod 0600 $1.key
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/build-key-pass b/ANW-KM/openvpn/easy-rsa/build-key-pass
new file mode 100755
index 0000000..03ab304
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/build-key-pass
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+#
+# Similar to build-key, but protect the private key
+# with a password.
+#
+
+if test $# -ne 1; then
+        echo "usage: build-key-pass <name>";
+        exit 1
+fi
+
+if test $KEY_DIR; then
+	cd $KEY_DIR && \
+	openssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
+	openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
+	chmod 0600 $1.key
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/build-key-pkcs12 b/ANW-KM/openvpn/easy-rsa/build-key-pkcs12
new file mode 100755
index 0000000..f8a057b
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/build-key-pkcs12
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+#
+# Make a certificate/private key pair using a locally generated
+# root certificate and convert it to a PKCS #12 file including the
+# the CA certificate as well.
+
+if test $# -ne 1; then
+        echo "usage: build-key-pkcs12 <name>";
+        exit 1
+fi                                                                             
+
+if test $KEY_DIR; then
+	cd $KEY_DIR && \
+	openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
+	openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
+        openssl pkcs12 -export -inkey $1.key -in $1.crt -certfile ca.crt -out $1.p12 && \
+	chmod 0600 $1.key $1.p12
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/build-key-server b/ANW-KM/openvpn/easy-rsa/build-key-server
new file mode 100755
index 0000000..30dc41e
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/build-key-server
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+#
+# Make a certificate/private key pair using a locally generated
+# root certificate.
+#
+# Explicitly set nsCertType to server using the "server"
+# extension in the openssl.cnf file.
+
+if test $# -ne 1; then
+        echo "usage: build-key-server <name>";
+        exit 1
+fi                                                                             
+
+if test $KEY_DIR; then
+	cd $KEY_DIR && \
+	openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -extensions server -config $KEY_CONFIG && \
+	openssl ca -days 3650 -out $1.crt -in $1.csr -extensions server -config $KEY_CONFIG && \
+        chmod 0600 $1.key
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/build-req b/ANW-KM/openvpn/easy-rsa/build-req
new file mode 100755
index 0000000..30f62f5
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/build-req
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+#
+# Build a certificate signing request and private key.  Use this
+# when your root certificate and key is not available locally.
+#
+
+if test $# -ne 1; then
+    echo "usage: build-req <name>";
+    exit 1
+fi                                                                             
+
+if test $KEY_DIR; then
+    cd $KEY_DIR && \
+    openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
+else
+    echo you must define KEY_DIR
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/build-req-pass b/ANW-KM/openvpn/easy-rsa/build-req-pass
new file mode 100755
index 0000000..829b286
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/build-req-pass
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+#
+# Like build-req, but protect your private key
+# with a password.
+#
+
+if test $# -ne 1; then
+    echo "usage: build-req-pass <name>";
+    exit 1
+fi                                                                             
+
+if test $KEY_DIR; then
+    cd $KEY_DIR && \
+    openssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
+else
+    echo you must define KEY_DIR
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/clean-all b/ANW-KM/openvpn/easy-rsa/clean-all
new file mode 100755
index 0000000..d10aef5
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/clean-all
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+#
+# Initialize the $KEY_DIR directory.
+# Note that this script does a
+# rm -rf on $KEY_DIR so be careful!
+#
+
+d=$KEY_DIR
+
+if test $d; then
+	rm -rf $d
+	mkdir $d && \
+	chmod go-rwx $d && \
+	touch $d/index.txt && \
+	echo 01 >$d/serial
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/list-crl b/ANW-KM/openvpn/easy-rsa/list-crl
new file mode 100644
index 0000000..b214dbd
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/list-crl
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+#
+# list revoked certificates
+#
+#
+
+if test $# -ne 1; then
+        echo "usage: list-crl <crlfile.pem>";
+        exit 1
+fi
+
+if test $KEY_DIR; then
+       cd $KEY_DIR && \
+       openssl crl -text -noout -in $1
+else
+       echo you must define KEY_DIR
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/make-crl b/ANW-KM/openvpn/easy-rsa/make-crl
new file mode 100644
index 0000000..62fe6c1
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/make-crl
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+#
+# generate a CRL
+#
+#
+
+if test $# -ne 1; then
+        echo "usage: make-crl <crlfile.pem>";
+        exit 1
+fi
+
+if test $KEY_DIR; then
+       cd $KEY_DIR && \
+       openssl ca -gencrl -out $1 -config $KEY_CONFIG
+else
+       echo you must define KEY_DIR
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/openssl.cnf b/ANW-KM/openvpn/easy-rsa/openssl.cnf
new file mode 100644
index 0000000..4345c6a
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/openssl.cnf
@@ -0,0 +1,255 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= $ENV::KEY_ORG_UN
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/ANW-KM/openvpn/easy-rsa/revoke-crt b/ANW-KM/openvpn/easy-rsa/revoke-crt
new file mode 100644
index 0000000..35b071a
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/revoke-crt
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+#
+# revoke a certificate
+#
+#
+
+if test $# -ne 1; then
+        echo "usage: revoke-crt <file.crt>";
+        exit 1
+fi
+
+if test $KEY_DIR; then
+       cd $KEY_DIR && \
+       openssl ca -revoke $1 -config $KEY_CONFIG
+else
+       echo you must define KEY_DIR
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/revoke-full b/ANW-KM/openvpn/easy-rsa/revoke-full
new file mode 100755
index 0000000..66ea03f
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/revoke-full
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+# revoke a certificate, regenerate CRL,
+# and verify revocation
+
+CRL=crl.pem
+RT=revoke-test.pem
+
+if test $# -ne 1; then
+        echo "usage: revoke-full <name>";
+        exit 1
+fi
+
+if test $KEY_DIR; then
+       cd $KEY_DIR
+       rm -f $RT
+
+       # revoke key and generate a new CRL
+       openssl ca -revoke $1.crt -config $KEY_CONFIG
+
+       # generate a new CRL
+       openssl ca -gencrl -out $CRL -config $KEY_CONFIG
+       cat ca.crt $CRL >$RT
+    
+       # verify the revocation
+       openssl verify -CAfile $RT -crl_check $1.crt
+else
+       echo you must define KEY_DIR
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/sign-req b/ANW-KM/openvpn/easy-rsa/sign-req
new file mode 100755
index 0000000..59edc42
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/sign-req
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+#
+# Sign a certificate signing request (a .csr file)
+# with a local root certificate and key.
+#
+
+if test $# -ne 1; then
+        echo "usage: sign-req <name>";
+        exit 1
+fi                                                                             
+
+if test $KEY_DIR; then
+	cd $KEY_DIR && \
+	openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-KM/openvpn/easy-rsa/vars b/ANW-KM/openvpn/easy-rsa/vars
new file mode 100644
index 0000000..91d01a9
--- /dev/null
+++ b/ANW-KM/openvpn/easy-rsa/vars
@@ -0,0 +1,59 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+## export D=`pwd`
+BASE_DIR=/etc/openvpn
+export D=${BASE_DIR}/easy-rsa
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=$D/openssl.cnf
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+## export KEY_DIR=$D/keys
+export KEY_DIR=${BASE_DIR}/keys
+
+# Issue rm -rf warning
+echo NOTE: when you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=1024
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY=KG
+export KEY_PROVINCE=NA
+export KEY_CITY=BISHKEK
+export KEY_ORG="OpenVPN-TEST"
+export KEY_EMAIL="me@myhost.mydomain"
+
+export KEY_COUNTRY=DE
+export KEY_PROVINCE=Berlin
+export KEY_CITY=Berlin
+export KEY_ORG="o.open"
+export KEY_ORG_UN="network services"
+export KEY_EMAIL="argus@oopen.de"
diff --git a/ANW-KM/openvpn/ipaddresses.txt b/ANW-KM/openvpn/ipaddresses.txt
new file mode 100644
index 0000000..0fe0b04
--- /dev/null
+++ b/ANW-KM/openvpn/ipaddresses.txt
@@ -0,0 +1,5 @@
+10.0.72.1   openvpn server
+10.0.72.2   -- frei --
+10.0.72.3   chris
+10.0.72.4   -- frei --
+10.0.72.5   rene
diff --git a/ANW-KM/openvpn/ipp.txt b/ANW-KM/openvpn/ipp.txt
new file mode 100644
index 0000000..e69de29
diff --git a/ANW-KM/openvpn/keys/01.pem b/ANW-KM/openvpn/keys/01.pem
new file mode 100644
index 0000000..5e06745
--- /dev/null
+++ b/ANW-KM/openvpn/keys/01.pem
@@ -0,0 +1,70 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 20 00:02:32 2008 GMT
+            Not After : May 18 00:02:32 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-server/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e8:50:de:da:67:fb:8b:e8:71:1f:3c:da:c8:63:
+                    33:9f:29:41:b1:a5:8f:27:99:91:16:a8:51:3b:a1:
+                    5b:52:c3:6a:26:a2:e7:f3:07:ea:c0:65:a6:60:30:
+                    d8:fb:39:e6:05:19:73:28:fa:0a:2e:4e:82:a0:72:
+                    c1:1b:ca:27:fb:ad:8d:3c:c8:15:36:4c:f6:22:70:
+                    1f:4d:6c:10:88:84:c6:f1:c3:9f:f2:55:58:3d:f2:
+                    10:cb:d5:a7:18:3d:b9:d6:fd:25:e9:9d:ec:6c:0e:
+                    55:f9:2d:64:54:a0:32:58:34:b0:2c:c9:10:55:33:
+                    6c:75:9e:97:29:61:db:c1:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                OpenSSL Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                41:12:64:24:C4:4E:59:A4:C9:B3:A4:8E:A2:E6:5A:9C:27:CF:C6:21
+            X509v3 Authority Key Identifier: 
+                keyid:68:44:87:6B:F0:FC:89:71:99:CF:32:C8:1C:10:38:EB:52:D8:34:98
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+                serial:E3:CC:3A:97:1C:90:24:FD
+
+    Signature Algorithm: md5WithRSAEncryption
+        81:b5:d0:b9:ba:8e:87:ad:48:a7:ce:11:e6:30:b5:e2:6a:20:
+        19:b4:4d:e2:17:8e:7d:4c:ae:1d:45:a8:38:c2:b9:7d:71:08:
+        db:b4:a9:96:75:bf:ca:26:5a:d1:0d:80:cf:d8:b3:ce:3d:3a:
+        76:81:43:90:91:b8:de:45:33:63:cd:56:ed:1a:6b:33:36:e3:
+        8f:97:3a:15:e4:11:64:e5:bf:ee:98:53:cc:51:d9:fa:ac:76:
+        2e:2b:c3:dc:a9:7f:e1:8d:44:34:8d:f3:fd:32:26:7b:4d:cf:
+        9b:b4:43:9a:d2:0d:65:56:2f:4d:78:87:9a:ca:5a:22:5d:08:
+        68:01
+-----BEGIN CERTIFICATE-----
+MIID0TCCAzqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1LTS1W
+cG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUyMDAw
+MDIzMloXDTE4MDUxODAwMDIzMlowgYUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNl
+czEaMBgGA1UEAxMRQU5XLUtNLVZwbi1zZXJ2ZXIxHTAbBgkqhkiG9w0BCQEWDmFy
+Z3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoUN7aZ/uL
+6HEfPNrIYzOfKUGxpY8nmZEWqFE7oVtSw2omoufzB+rAZaZgMNj7OeYFGXMo+gou
+ToKgcsEbyif7rY08yBU2TPYicB9NbBCIhMbxw5/yVVg98hDL1acYPbnW/SXpnexs
+DlX5LWRUoDJYNLAsyRBVM2x1npcpYdvB0wIDAQABo4IBQDCCATwwCQYDVR0TBAIw
+ADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2Vu
+ZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUQRJkJMROWaTJs6SO
+ouZanCfPxiEwgccGA1UdIwSBvzCBvIAUaESHa/D8iXGZzzLIHBA461LYNJihgZik
+gZUwgZIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
+cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2Vz
+MRYwFAYDVQQDEw1BTlctS00tVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZYIJAOPMOpcckCT9MA0GCSqGSIb3DQEBBAUAA4GBAIG10Lm6joetSKfO
+EeYwteJqIBm0TeIXjn1Mrh1FqDjCuX1xCNu0qZZ1v8omWtENgM/Ys849OnaBQ5CR
+uN5FM2PNVu0aazM244+XOhXkEWTlv+6YU8xR2fqsdi4rw9ypf+GNRDSN8/0yJntN
+z5u0Q5rSDWVWL014h5rKWiJdCGgB
+-----END CERTIFICATE-----
diff --git a/ANW-KM/openvpn/keys/02.pem b/ANW-KM/openvpn/keys/02.pem
new file mode 100644
index 0000000..d1dc03f
--- /dev/null
+++ b/ANW-KM/openvpn/keys/02.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 20 00:05:06 2008 GMT
+            Not After : May 18 00:05:06 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-chris/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c0:17:80:be:42:58:ea:c2:1d:e7:54:4a:98:6d:
+                    31:24:95:d3:ea:aa:84:aa:20:0e:df:18:df:07:64:
+                    2b:53:a5:41:df:55:32:91:d3:38:b4:41:cd:ca:3b:
+                    8d:0f:41:60:01:ed:22:2b:9d:2f:57:7e:6b:f0:a9:
+                    f2:a0:25:f1:a7:67:b8:46:15:c5:75:da:f6:4e:54:
+                    c4:f4:70:c2:74:c1:7f:d3:85:77:28:c6:a5:b2:91:
+                    99:32:1e:d9:bb:4c:76:c9:4e:58:63:dd:49:f3:9b:
+                    4b:5d:91:06:2c:30:b1:ae:5d:ec:d7:13:a4:e4:d6:
+                    9d:c9:db:66:a5:0b:0f:5d:91
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                54:9F:21:B1:38:CD:F5:A8:DF:DB:3C:23:96:D9:FF:B1:C1:43:B2:63
+            X509v3 Authority Key Identifier: 
+                keyid:68:44:87:6B:F0:FC:89:71:99:CF:32:C8:1C:10:38:EB:52:D8:34:98
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+                serial:E3:CC:3A:97:1C:90:24:FD
+
+    Signature Algorithm: md5WithRSAEncryption
+        91:38:89:c3:46:db:82:87:ad:48:ef:dc:63:fe:a4:08:a0:f7:
+        e6:1c:1d:b0:0b:ca:fc:d0:29:3b:38:a1:a6:66:47:6e:98:26:
+        45:b9:78:0d:2b:cf:cb:00:f4:5c:4a:51:ab:ca:d7:3a:8f:21:
+        ef:d7:8b:9e:7f:04:c2:93:71:31:a8:29:bc:d9:70:4b:43:2c:
+        3e:80:fa:6a:0c:87:d2:08:20:80:06:26:5b:60:07:17:73:5b:
+        b8:b4:7c:42:1c:18:ce:e1:fc:5a:50:b2:d7:c1:e9:8b:22:b9:
+        c1:da:34:02:c8:ed:16:cf:99:ed:5c:07:d8:40:46:e7:ca:b4:
+        f6:f2
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAx+gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1LTS1W
+cG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUyMDAw
+MDUwNloXDTE4MDUxODAwMDUwNlowgYQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNl
+czEZMBcGA1UEAxMQQU5XLUtNLVZwbi1jaHJpczEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMAXgL5CWOrC
+HedUSphtMSSV0+qqhKogDt8Y3wdkK1OlQd9VMpHTOLRBzco7jQ9BYAHtIiudL1d+
+a/Cp8qAl8adnuEYVxXXa9k5UxPRwwnTBf9OFdyjGpbKRmTIe2btMdslOWGPdSfOb
+S12RBiwwsa5d7NcTpOTWncnbZqULD12RAgMBAAGjggEmMIIBIjAJBgNVHRMEAjAA
+MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUVJ8hsTjN9ajf2zwjltn/scFDsmMwgccGA1UdIwSBvzCBvIAUaESH
+a/D8iXGZzzLIHBA461LYNJihgZikgZUwgZIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1BTlctS00tVnBuLWNhMR0w
+GwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJAOPMOpcckCT9MA0GCSqGSIb3
+DQEBBAUAA4GBAJE4icNG24KHrUjv3GP+pAig9+YcHbALyvzQKTs4oaZmR26YJkW5
+eA0rz8sA9FxKUavK1zqPIe/Xi55/BMKTcTGoKbzZcEtDLD6A+moMh9IIIIAGJltg
+BxdzW7i0fEIcGM7h/FpQstfB6YsiucHaNALI7RbPme1cB9hARufKtPby
+-----END CERTIFICATE-----
diff --git a/ANW-KM/openvpn/keys/03.pem b/ANW-KM/openvpn/keys/03.pem
new file mode 100644
index 0000000..4c9d112
--- /dev/null
+++ b/ANW-KM/openvpn/keys/03.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 20 01:00:02 2008 GMT
+            Not After : May 18 01:00:02 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-rp/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d3:7d:de:5d:20:0d:20:9e:db:2a:93:5d:99:6c:
+                    43:da:5d:f1:09:d8:68:d0:b5:8b:41:7d:79:19:77:
+                    c1:9e:53:22:15:78:83:80:d4:03:10:e6:4b:c4:e9:
+                    15:26:10:cd:28:97:a2:48:82:49:46:c0:0b:6d:c0:
+                    21:ea:87:ad:2d:1f:c3:29:ef:80:49:91:7f:3f:ff:
+                    d0:6d:2c:80:f9:94:2f:e4:88:82:88:74:27:51:26:
+                    68:d8:cd:11:cb:b3:46:6b:e8:b6:c8:81:d1:7c:de:
+                    0b:e5:90:40:c4:50:20:e5:59:4c:fc:30:f3:fa:ee:
+                    72:b2:a2:77:e3:6c:30:6a:fd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                0D:C2:77:E9:BD:42:92:03:32:41:6D:10:EE:97:78:54:04:65:0F:3D
+            X509v3 Authority Key Identifier: 
+                keyid:68:44:87:6B:F0:FC:89:71:99:CF:32:C8:1C:10:38:EB:52:D8:34:98
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+                serial:E3:CC:3A:97:1C:90:24:FD
+
+    Signature Algorithm: md5WithRSAEncryption
+        61:cd:a7:35:6b:a7:cb:94:75:2c:5c:d4:7b:cd:be:1a:43:43:
+        f3:73:ff:22:72:c0:06:c6:ae:40:19:eb:3b:53:56:01:4a:e8:
+        eb:a6:e2:61:e0:d3:2a:9d:fc:63:ac:38:4f:cd:34:7b:e5:22:
+        9f:ac:6e:0f:61:f7:b2:7c:f2:50:0c:a6:cc:76:ec:24:60:67:
+        41:51:54:5f:dc:06:f8:7a:af:ce:80:1f:06:6a:1c:9a:27:13:
+        05:e7:80:e7:45:34:f5:e9:d0:96:67:7f:2f:15:88:94:63:d5:
+        fc:e9:cb:ef:93:c2:38:5a:73:28:fa:f3:04:c9:91:01:d9:ab:
+        a6:96
+-----BEGIN CERTIFICATE-----
+MIIDszCCAxygAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1LTS1W
+cG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUyMDAx
+MDAwMloXDTE4MDUxODAxMDAwMlowgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNl
+czEWMBQGA1UEAxMNQU5XLUtNLVZwbi1ycDEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANN93l0gDSCe2yqT
+XZlsQ9pd8QnYaNC1i0F9eRl3wZ5TIhV4g4DUAxDmS8TpFSYQzSiXokiCSUbAC23A
+IeqHrS0fwynvgEmRfz//0G0sgPmUL+SIgoh0J1EmaNjNEcuzRmvotsiB0XzeC+WQ
+QMRQIOVZTPww8/rucrKid+NsMGr9AgMBAAGjggEmMIIBIjAJBgNVHRMEAjAAMCwG
+CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQUDcJ36b1CkgMyQW0Q7pd4VARlDz0wgccGA1UdIwSBvzCBvIAUaESHa/D8
+iXGZzzLIHBA461LYNJihgZikgZUwgZIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1BTlctS00tVnBuLWNhMR0wGwYJ
+KoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJAOPMOpcckCT9MA0GCSqGSIb3DQEB
+BAUAA4GBAGHNpzVrp8uUdSxc1HvNvhpDQ/Nz/yJywAbGrkAZ6ztTVgFK6Oum4mHg
+0yqd/GOsOE/NNHvlIp+sbg9h97J88lAMpsx27CRgZ0FRVF/cBvh6r86AHwZqHJon
+EwXngOdFNPXp0JZnfy8ViJRj1fzpy++Twjhacyj68wTJkQHZq6aW
+-----END CERTIFICATE-----
diff --git a/ANW-KM/openvpn/keys/04.pem b/ANW-KM/openvpn/keys/04.pem
new file mode 100644
index 0000000..931398f
--- /dev/null
+++ b/ANW-KM/openvpn/keys/04.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jun 17 13:39:04 2008 GMT
+            Not After : Jun 15 13:39:04 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-berenice/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d3:0e:32:eb:f3:cd:4e:ad:75:fe:2f:03:b0:f8:
+                    4a:44:cd:85:fa:e0:a5:dc:a2:c0:1d:d2:a9:04:e7:
+                    39:8a:dc:cd:47:b3:26:e4:c8:aa:7b:0b:51:20:a0:
+                    bd:db:90:c2:b8:8c:27:59:81:5e:31:33:b1:d7:bf:
+                    e2:d0:15:7c:11:25:98:67:1f:03:e0:a7:11:37:4a:
+                    a0:85:c6:f5:2c:44:f1:4d:45:59:11:bc:e9:d5:77:
+                    98:ca:60:5e:de:b4:3e:13:ac:9a:23:d5:57:78:ff:
+                    10:a6:94:52:c7:98:3b:27:2e:16:ed:42:9d:4c:4e:
+                    df:60:a1:ab:8c:58:5b:60:61
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                DA:12:07:04:E1:24:43:1B:40:85:A1:A5:47:2E:83:7B:FA:69:FE:EC
+            X509v3 Authority Key Identifier: 
+                keyid:68:44:87:6B:F0:FC:89:71:99:CF:32:C8:1C:10:38:EB:52:D8:34:98
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+                serial:E3:CC:3A:97:1C:90:24:FD
+
+    Signature Algorithm: md5WithRSAEncryption
+        2a:4a:7e:39:ea:12:a1:36:23:64:92:74:b0:05:a1:98:01:ff:
+        ea:2d:bf:9a:4d:01:3b:fe:d8:99:dd:77:23:fc:77:f0:8b:f4:
+        22:a8:eb:e3:de:e4:fd:04:df:17:4c:68:57:aa:79:3a:d3:3a:
+        02:38:dd:3b:d3:95:f7:f6:3b:87:c9:87:dc:d7:cb:a0:f1:d3:
+        04:62:48:4c:92:67:5d:70:8b:c5:b1:f8:2e:03:c7:84:a5:57:
+        e4:c1:14:07:06:0e:12:a6:e5:df:25:f9:e4:81:95:6c:f9:fc:
+        10:a0:cf:e6:5e:b3:09:83:2a:40:31:e1:e7:83:91:d1:fc:c5:
+        2c:24
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAyKgAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1LTS1W
+cG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDYxNzEz
+MzkwNFoXDTE4MDYxNTEzMzkwNFowgYcxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNl
+czEcMBoGA1UEAxMTQU5XLUtNLVZwbi1iZXJlbmljZTEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANMOMuvz
+zU6tdf4vA7D4SkTNhfrgpdyiwB3SqQTnOYrczUezJuTIqnsLUSCgvduQwriMJ1mB
+XjEzsde/4tAVfBElmGcfA+CnETdKoIXG9SxE8U1FWRG86dV3mMpgXt60PhOsmiPV
+V3j/EKaUUseYOycuFu1CnUxO32Chq4xYW2BhAgMBAAGjggEmMIIBIjAJBgNVHRME
+AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQU2hIHBOEkQxtAhaGlRy6De/pp/uwwgccGA1UdIwSBvzCBvIAU
+aESHa/D8iXGZzzLIHBA461LYNJihgZikgZUwgZIxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkw
+FwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1BTlctS00tVnBuLWNh
+MR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJAOPMOpcckCT9MA0GCSqG
+SIb3DQEBBAUAA4GBACpKfjnqEqE2I2SSdLAFoZgB/+otv5pNATv+2JnddyP8d/CL
+9CKo6+Pe5P0E3xdMaFeqeTrTOgI43TvTlff2O4fJh9zXy6Dx0wRiSEySZ11wi8Wx
++C4Dx4SlV+TBFAcGDhKm5d8l+eSBlWz5/BCgz+ZeswmDKkAx4eeDkdH8xSwk
+-----END CERTIFICATE-----
diff --git a/ANW-KM/openvpn/keys/05.pem b/ANW-KM/openvpn/keys/05.pem
new file mode 100644
index 0000000..0d79629
--- /dev/null
+++ b/ANW-KM/openvpn/keys/05.pem
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jan  2 03:39:56 2015 GMT
+            Not After : Dec 25 03:39:56 2044 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-gw-ckubu/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:9d:32:39:db:a9:6d:78:47:e2:78:2a:0e:2d:60:
+                    b9:ee:27:e9:a3:59:cf:5b:90:6c:3a:5a:c9:e8:9c:
+                    72:a9:6a:e7:c2:b2:99:78:94:e2:34:69:af:33:42:
+                    64:51:34:0c:ff:84:59:b5:1a:d8:f7:3b:4a:94:f9:
+                    75:cf:5d:66:23:a3:38:b6:dd:b8:59:e5:1b:be:d5:
+                    5e:91:c8:28:83:90:bd:26:a3:2d:1d:32:1c:bc:98:
+                    aa:4e:99:fc:34:7a:9a:4e:13:9b:aa:f3:e4:c6:e0:
+                    93:1f:5a:ca:f5:56:51:4d:ff:1c:ce:b1:9b:ae:2a:
+                    4c:3d:fd:8e:5f:68:26:b0:13
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                EC:14:0E:00:D3:F8:F9:BB:B3:E1:63:47:96:45:00:C4:7F:00:FC:2E
+            X509v3 Authority Key Identifier: 
+                keyid:68:44:87:6B:F0:FC:89:71:99:CF:32:C8:1C:10:38:EB:52:D8:34:98
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+                serial:E3:CC:3A:97:1C:90:24:FD
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        18:00:f8:c3:1d:2a:78:32:56:b8:d8:5d:93:2f:bd:78:8a:71:
+        c1:ca:48:40:60:f4:e8:cf:52:ef:9f:44:e9:12:20:b6:08:54:
+        ef:83:9d:00:b3:ab:c3:68:dc:92:ff:71:11:23:40:d1:31:12:
+        00:8c:65:10:81:96:a8:d3:5a:85:cb:6e:ac:69:4a:86:c7:65:
+        52:72:f9:50:e6:d8:61:47:27:6e:13:77:59:2f:07:fd:4f:26:
+        98:7c:bc:b2:b2:14:79:af:78:f8:6e:6b:35:79:59:38:21:87:
+        b2:30:b9:df:5a:7a:ac:fb:1a:e8:4e:0a:4b:b9:7d:0a:fc:57:
+        bb:05
+-----BEGIN CERTIFICATE-----
+MIID7TCCA1agAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1LTS1W
+cG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE1MDEwMjAz
+Mzk1NloXDTQ0MTIyNTAzMzk1NlowgZgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBuZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNBTlctS00tVnBuLWd3LWNrdWJ1
+MR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAnTI526lteEfieCoOLWC57ifpo1nPW5BsOlrJ6JxyqWrnwrKZ
+eJTiNGmvM0JkUTQM/4RZtRrY9ztKlPl1z11mI6M4tt24WeUbvtVekcgog5C9JqMt
+HTIcvJiqTpn8NHqaThObqvPkxuCTH1rK9VZRTf8czrGbripMPf2OX2gmsBMCAwEA
+AaOCAUkwggFFMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdl
+bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU7BQOANP4+buz4WNHlkUAxH8A
+/C4wgccGA1UdIwSBvzCBvIAUaESHa/D8iXGZzzLIHBA461LYNJihgZikgZUwgZIx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYD
+VQQDEw1BTlctS00tVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
+ZYIJAOPMOpcckCT9MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAN
+BgkqhkiG9w0BAQUFAAOBgQAYAPjDHSp4Mla42F2TL714inHBykhAYPToz1Lvn0Tp
+EiC2CFTvg50As6vDaNyS/3ERI0DRMRIAjGUQgZao01qFy26saUqGx2VScvlQ5thh
+RyduE3dZLwf9TyaYfLyyshR5r3j4bms1eVk4IYeyMLnfWnqs+xroTgpLuX0K/Fe7
+BQ==
+-----END CERTIFICATE-----
diff --git a/ANW-KM/openvpn/keys/berenice.crt b/ANW-KM/openvpn/keys/berenice.crt
new file mode 100644
index 0000000..931398f
--- /dev/null
+++ b/ANW-KM/openvpn/keys/berenice.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jun 17 13:39:04 2008 GMT
+            Not After : Jun 15 13:39:04 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-berenice/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d3:0e:32:eb:f3:cd:4e:ad:75:fe:2f:03:b0:f8:
+                    4a:44:cd:85:fa:e0:a5:dc:a2:c0:1d:d2:a9:04:e7:
+                    39:8a:dc:cd:47:b3:26:e4:c8:aa:7b:0b:51:20:a0:
+                    bd:db:90:c2:b8:8c:27:59:81:5e:31:33:b1:d7:bf:
+                    e2:d0:15:7c:11:25:98:67:1f:03:e0:a7:11:37:4a:
+                    a0:85:c6:f5:2c:44:f1:4d:45:59:11:bc:e9:d5:77:
+                    98:ca:60:5e:de:b4:3e:13:ac:9a:23:d5:57:78:ff:
+                    10:a6:94:52:c7:98:3b:27:2e:16:ed:42:9d:4c:4e:
+                    df:60:a1:ab:8c:58:5b:60:61
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                DA:12:07:04:E1:24:43:1B:40:85:A1:A5:47:2E:83:7B:FA:69:FE:EC
+            X509v3 Authority Key Identifier: 
+                keyid:68:44:87:6B:F0:FC:89:71:99:CF:32:C8:1C:10:38:EB:52:D8:34:98
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+                serial:E3:CC:3A:97:1C:90:24:FD
+
+    Signature Algorithm: md5WithRSAEncryption
+        2a:4a:7e:39:ea:12:a1:36:23:64:92:74:b0:05:a1:98:01:ff:
+        ea:2d:bf:9a:4d:01:3b:fe:d8:99:dd:77:23:fc:77:f0:8b:f4:
+        22:a8:eb:e3:de:e4:fd:04:df:17:4c:68:57:aa:79:3a:d3:3a:
+        02:38:dd:3b:d3:95:f7:f6:3b:87:c9:87:dc:d7:cb:a0:f1:d3:
+        04:62:48:4c:92:67:5d:70:8b:c5:b1:f8:2e:03:c7:84:a5:57:
+        e4:c1:14:07:06:0e:12:a6:e5:df:25:f9:e4:81:95:6c:f9:fc:
+        10:a0:cf:e6:5e:b3:09:83:2a:40:31:e1:e7:83:91:d1:fc:c5:
+        2c:24
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAyKgAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1LTS1W
+cG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDYxNzEz
+MzkwNFoXDTE4MDYxNTEzMzkwNFowgYcxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNl
+czEcMBoGA1UEAxMTQU5XLUtNLVZwbi1iZXJlbmljZTEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANMOMuvz
+zU6tdf4vA7D4SkTNhfrgpdyiwB3SqQTnOYrczUezJuTIqnsLUSCgvduQwriMJ1mB
+XjEzsde/4tAVfBElmGcfA+CnETdKoIXG9SxE8U1FWRG86dV3mMpgXt60PhOsmiPV
+V3j/EKaUUseYOycuFu1CnUxO32Chq4xYW2BhAgMBAAGjggEmMIIBIjAJBgNVHRME
+AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQU2hIHBOEkQxtAhaGlRy6De/pp/uwwgccGA1UdIwSBvzCBvIAU
+aESHa/D8iXGZzzLIHBA461LYNJihgZikgZUwgZIxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkw
+FwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1BTlctS00tVnBuLWNh
+MR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJAOPMOpcckCT9MA0GCSqG
+SIb3DQEBBAUAA4GBACpKfjnqEqE2I2SSdLAFoZgB/+otv5pNATv+2JnddyP8d/CL
+9CKo6+Pe5P0E3xdMaFeqeTrTOgI43TvTlff2O4fJh9zXy6Dx0wRiSEySZ11wi8Wx
++C4Dx4SlV+TBFAcGDhKm5d8l+eSBlWz5/BCgz+ZeswmDKkAx4eeDkdH8xSwk
+-----END CERTIFICATE-----
diff --git a/ANW-KM/openvpn/keys/berenice.csr b/ANW-KM/openvpn/keys/berenice.csr
new file mode 100644
index 0000000..e805c66
--- /dev/null
+++ b/ANW-KM/openvpn/keys/berenice.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB2TCCAUICAQAwgZgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRwwGgYDVQQDExNBTlctS00tVnBuLWJlcmVuaWNlMR0wGwYJKoZI
+hvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEA0w4y6/PNTq11/i8DsPhKRM2F+uCl3KLAHdKpBOc5itzNR7Mm5MiqewtRIKC9
+25DCuIwnWYFeMTOx17/i0BV8ESWYZx8D4KcRN0qghcb1LETxTUVZEbzp1XeYymBe
+3rQ+E6yaI9VXeP8QppRSx5g7Jy4W7UKdTE7fYKGrjFhbYGECAwEAAaAAMA0GCSqG
+SIb3DQEBBQUAA4GBAK7tMCQeEbkzjeoCQzKrBm3adXXHkam70RUs9mC+f8VhFkzd
+3mwhdvxK1pUnqEBMHHph3EVRA9Szlx/u15Qu5k4VTeCvSFxy6S2f1yPEMHICwpdB
+w729DJiY4PMnfl+wmx7HuuOVZ9M5KZaTg1DZHH910qdV6T+hSt07Jaq9x08E
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-KM/openvpn/keys/berenice.key b/ANW-KM/openvpn/keys/berenice.key
new file mode 100644
index 0000000..aaa15e3
--- /dev/null
+++ b/ANW-KM/openvpn/keys/berenice.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A6843353293493DD
+
+pv0oTV5HPsQDluEZLtsiYks5/36BxIXnwxWbIzPh8n1gL7c+rF2GxKorNwEdpvrO
+/BdyNIQ3Se5w89NUkN6IobGVvfmL7w0PSw9aITrUQq2h3O6jusJSp6Yi2EvfkDVe
+V5nmehb+YG2m3xOxPwceYLSBR/evNwFLMho4vcAE3g9lp+8Le0PpSjbggou8TFrj
+Xw3V71sDdJqNn38j2ILcEgWu4FzL+93Sll+ok70TL7XRbczP1V1YLKuY0TwN40Jx
+a/FoP+a4rAix5s9D1ml9VUxwLuGWBNzX47pHcoHk/9OpsR1xX92jhXUl3NmNNlUN
+MvYFPkMfy8U5aMiL8EXBve7AXLPCv1FcbpeiY+qKXcbA2ljVD04YBfGHDBdcqtA1
+H0ULRdqZZPu3PFieneqEXX3n953noLIM0pOCmboYik7gZo8ebu9NPY4Pdgra3qtc
+Lsp9UVctGZDFyCHuj/HvymNbn+EJ5QaPF7MhTejBz0aPIKwp/dCqqDMfVVSGq0Ka
+NbIdTCZdvqQXOBgOf64ixHWGqKm3bgjm98ECp2X6joRTCl5KeXADe8mv+aQS8UID
+4j1jVu/w8IFiqgQYOYYrBGHhPgjSw0rvhT0ujDF4ttwvKWdwItZgb3oVuv0LZGoi
+d2F+60LH7dSyfd84Sx/SLg71pUJ4R3TTCHsySYhOImEC14CaZDg8ihdO6pY9JFbT
+xPcOQLil1UuOmQWF/qE82Y4BuXFv70iqucq/Y+i0poCXqRY4djs3XtjBgeZ+IWmQ
+rhtwNCPf4rjYHevhmaFZWkgM7Ei8NNW4R7SQaKZQSZ6mCLpA/QNtng==
+-----END RSA PRIVATE KEY-----
diff --git a/ANW-KM/openvpn/keys/ca.crt b/ANW-KM/openvpn/keys/ca.crt
new file mode 100644
index 0000000..9a0a4b0
--- /dev/null
+++ b/ANW-KM/openvpn/keys/ca.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAwigAwIBAgIJAOPMOpcckCT9MA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEWMBQGA1UEAxMN
+QU5XLUtNLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcN
+MDgwNTIwMDAwMTI4WhcNMTgwNTE4MDAwMTI4WjCBkjELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1LTS1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCz6U29hsY9zm7uv7aG2lnlRKyeVCwQYUw5/BPT9DaSqROz
+Kuidjnu/mmwqmwiPQi8ikkEb2sgH+EdxMXig9DSgoVNrXCYCDLlhruyf2Gr6XPXY
+q0IzhskqilP3QkjTnrJabBZSdXF6JWVXSVZXiP0tpJZZpCIQAUzkN2aBOk2PrwID
+AQABo4H6MIH3MB0GA1UdDgQWBBRoRIdr8PyJcZnPMsgcEDjrUtg0mDCBxwYDVR0j
+BIG/MIG8gBRoRIdr8PyJcZnPMsgcEDjrUtg0mKGBmKSBlTCBkjELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1L
+TS1WcG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA48w6lxyQ
+JP0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB/ETqWltrGX7r72NED
+4vpdN2ZVYxEMz0A4UI6dCRrqEMmhbN7WbvTN/pYaIEl5C41ANGG8ZZKiSrjFwrXC
+wevYMUKtHMFeV9Bn116w3odXdD+/Z6ykGvrX3jk5BNYbekVLxG3XgQt1lurvTWle
+La/k2uEdxP0RwOLDm75rVYw8ag==
+-----END CERTIFICATE-----
diff --git a/ANW-KM/openvpn/keys/ca.key b/ANW-KM/openvpn/keys/ca.key
new file mode 100644
index 0000000..bbc83fc
--- /dev/null
+++ b/ANW-KM/openvpn/keys/ca.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCz6U29hsY9zm7uv7aG2lnlRKyeVCwQYUw5/BPT9DaSqROzKuid
+jnu/mmwqmwiPQi8ikkEb2sgH+EdxMXig9DSgoVNrXCYCDLlhruyf2Gr6XPXYq0Iz
+hskqilP3QkjTnrJabBZSdXF6JWVXSVZXiP0tpJZZpCIQAUzkN2aBOk2PrwIDAQAB
+AoGAQxTWe7ho6lqyWir5b8ayhh3ZDx/rXiApP+WRrxH71ytbwQ5atYSO954ofqpX
+wrK2yHkn9a7Zrr8QRFBh3gGwLSRu9MwVPg74z/t/b2lXULeNCiiMvTs/WIVA5veK
+Y+S3Pl7rcHY+jZ9rsJHPtzhM7V6IVCLPFeM1nF0YUEkXOaECQQDXzqWM7hBl6XRL
+0aywCS3h9ZYxvfGxOhHP77vg2iKK9bvlkfMy1/wGHKMB13+fhml0AniFECSWpAZk
+5POpGfijAkEA1WsykGGIl7I6MkqmS43R2zKHOYnlTqjUNN22nqRWJtrM+dJdUJs2
+UU4m6qwMa1PCBC6bprnTwgmhaIUvLnpBhQJAVzMPn7dd9t/y9uPdJDBBUuk57BV1
+AIiXQ+75emyJwp5yctubajLticaucwMRdXMJTy/kZNfWAOx8DO6aKfztgwJABkZz
+oykrAgLckTP+tcQCwqY2satrUafHLZLDVuDQI65VTpcv5TnbHALnRAkxCErbLpJM
+Q1e9cTwlQdSAsaYonQJBAMhORq1D6rJnLOCiYFtzLlotEh+lsquMZfPLFLZZq0W0
+iPpI3JmJMfNBj+3P/fKRFjdPw4Q4APiCfjntbvCsKOA=
+-----END RSA PRIVATE KEY-----
diff --git a/ANW-KM/openvpn/keys/chris.crt b/ANW-KM/openvpn/keys/chris.crt
new file mode 100644
index 0000000..d1dc03f
--- /dev/null
+++ b/ANW-KM/openvpn/keys/chris.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 20 00:05:06 2008 GMT
+            Not After : May 18 00:05:06 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-chris/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c0:17:80:be:42:58:ea:c2:1d:e7:54:4a:98:6d:
+                    31:24:95:d3:ea:aa:84:aa:20:0e:df:18:df:07:64:
+                    2b:53:a5:41:df:55:32:91:d3:38:b4:41:cd:ca:3b:
+                    8d:0f:41:60:01:ed:22:2b:9d:2f:57:7e:6b:f0:a9:
+                    f2:a0:25:f1:a7:67:b8:46:15:c5:75:da:f6:4e:54:
+                    c4:f4:70:c2:74:c1:7f:d3:85:77:28:c6:a5:b2:91:
+                    99:32:1e:d9:bb:4c:76:c9:4e:58:63:dd:49:f3:9b:
+                    4b:5d:91:06:2c:30:b1:ae:5d:ec:d7:13:a4:e4:d6:
+                    9d:c9:db:66:a5:0b:0f:5d:91
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                54:9F:21:B1:38:CD:F5:A8:DF:DB:3C:23:96:D9:FF:B1:C1:43:B2:63
+            X509v3 Authority Key Identifier: 
+                keyid:68:44:87:6B:F0:FC:89:71:99:CF:32:C8:1C:10:38:EB:52:D8:34:98
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+                serial:E3:CC:3A:97:1C:90:24:FD
+
+    Signature Algorithm: md5WithRSAEncryption
+        91:38:89:c3:46:db:82:87:ad:48:ef:dc:63:fe:a4:08:a0:f7:
+        e6:1c:1d:b0:0b:ca:fc:d0:29:3b:38:a1:a6:66:47:6e:98:26:
+        45:b9:78:0d:2b:cf:cb:00:f4:5c:4a:51:ab:ca:d7:3a:8f:21:
+        ef:d7:8b:9e:7f:04:c2:93:71:31:a8:29:bc:d9:70:4b:43:2c:
+        3e:80:fa:6a:0c:87:d2:08:20:80:06:26:5b:60:07:17:73:5b:
+        b8:b4:7c:42:1c:18:ce:e1:fc:5a:50:b2:d7:c1:e9:8b:22:b9:
+        c1:da:34:02:c8:ed:16:cf:99:ed:5c:07:d8:40:46:e7:ca:b4:
+        f6:f2
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAx+gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1LTS1W
+cG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUyMDAw
+MDUwNloXDTE4MDUxODAwMDUwNlowgYQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNl
+czEZMBcGA1UEAxMQQU5XLUtNLVZwbi1jaHJpczEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMAXgL5CWOrC
+HedUSphtMSSV0+qqhKogDt8Y3wdkK1OlQd9VMpHTOLRBzco7jQ9BYAHtIiudL1d+
+a/Cp8qAl8adnuEYVxXXa9k5UxPRwwnTBf9OFdyjGpbKRmTIe2btMdslOWGPdSfOb
+S12RBiwwsa5d7NcTpOTWncnbZqULD12RAgMBAAGjggEmMIIBIjAJBgNVHRMEAjAA
+MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUVJ8hsTjN9ajf2zwjltn/scFDsmMwgccGA1UdIwSBvzCBvIAUaESH
+a/D8iXGZzzLIHBA461LYNJihgZikgZUwgZIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1BTlctS00tVnBuLWNhMR0w
+GwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJAOPMOpcckCT9MA0GCSqGSIb3
+DQEBBAUAA4GBAJE4icNG24KHrUjv3GP+pAig9+YcHbALyvzQKTs4oaZmR26YJkW5
+eA0rz8sA9FxKUavK1zqPIe/Xi55/BMKTcTGoKbzZcEtDLD6A+moMh9IIIIAGJltg
+BxdzW7i0fEIcGM7h/FpQstfB6YsiucHaNALI7RbPme1cB9hARufKtPby
+-----END CERTIFICATE-----
diff --git a/ANW-KM/openvpn/keys/chris.csr b/ANW-KM/openvpn/keys/chris.csr
new file mode 100644
index 0000000..f261659
--- /dev/null
+++ b/ANW-KM/openvpn/keys/chris.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB1jCCAT8CAQAwgZUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRkwFwYDVQQDExBBTlctS00tVnBuLWNocmlzMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+wBeAvkJY6sId51RKmG0xJJXT6qqEqiAO3xjfB2QrU6VB31UykdM4tEHNyjuND0Fg
+Ae0iK50vV35r8KnyoCXxp2e4RhXFddr2TlTE9HDCdMF/04V3KMalspGZMh7Zu0x2
+yU5YY91J85tLXZEGLDCxrl3s1xOk5NadydtmpQsPXZECAwEAAaAAMA0GCSqGSIb3
+DQEBBQUAA4GBABOowQSdCtUQufkD1kjDyo6wrGDQ1DjF+FoyO9cVK4txtM8iMd2w
+p83DSKP1pLj7gF3ludXIO0XSmL+bUxfXTdBqBQZtR97hSYqA1oqglIf+o3sXFd6H
+6bFtUBezs+pqlNlXjW9L98pRDHmmI+1uY9QdN7QTGPvRKr89BPyZxopy
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-KM/openvpn/keys/chris.key b/ANW-KM/openvpn/keys/chris.key
new file mode 100644
index 0000000..a794d0d
--- /dev/null
+++ b/ANW-KM/openvpn/keys/chris.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDAF4C+Qljqwh3nVEqYbTEkldPqqoSqIA7fGN8HZCtTpUHfVTKR
+0zi0Qc3KO40PQWAB7SIrnS9XfmvwqfKgJfGnZ7hGFcV12vZOVMT0cMJ0wX/ThXco
+xqWykZkyHtm7THbJTlhj3Unzm0tdkQYsMLGuXezXE6Tk1p3J22alCw9dkQIDAQAB
+AoGBAKeEl5jUgXiROsTfZIJTTzUJmJqghDtc47s5lF58w7AZgT3DreswGdZRQKcp
+kdWI/LIRW+hPFtclf/qMKvPwwzDoAB86heyvm1LUKx69Jm0jYJ2/P0WH6VcJTH+f
+RagkWmHWMKhJzN+lyE3sITtXI58akxOYtJIQ3UHSKAADgm5BAkEA7UMjIeyS5ktc
+K7/HZloMqAaXAL4F3J16dnAcpFNgU5qh3zzhtJgjXLq1ItjBMyLevLYdX5ifVRxL
+lZSdSFlLqQJBAM9DITGcO5Hn3ZuBI2sJd/YUewkLFZ1W+QgToP0sS2uWhiF8L3mr
+PrQARsy4JCsH6grwq3y/Nlinbvu9WoHT86kCQEnu79W0aJpGxXQEkNg+G0+IrilX
+DXCPygd6LBKwwIWM3AA6coLaHbrZm3Q+YwXSSeI4RbLyVkQpSwxTgSd4W/ECQQC1
+CeELsXkDKHIU68chLsMfKqKRsqHtrlOWb3bWzgMO9gsxYoUhlKgPmJI/LbVB9QbF
+CZXxQCBbbdzufWZ6MsYJAkARnDvFpfFI2Bcwryaqs6IUxhxYKhy/4gJXFAdhhmLp
+dzHGQxBI95Qnap4KqdDqqrtVF7wEHpS/5UObkfLge1SI
+-----END RSA PRIVATE KEY-----
diff --git a/ANW-KM/openvpn/keys/dh1024.pem b/ANW-KM/openvpn/keys/dh1024.pem
new file mode 100644
index 0000000..a319f2e
--- /dev/null
+++ b/ANW-KM/openvpn/keys/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAIa7uguEoirICBLDIkBbmDAgIL8gBeNeKu5br43dV9L+np7J5uOdJ+/2
+lXhmOdeOXRCNCWQv8PsFWzcYkkOIgyo999U7tqg6kmXQdq+zO9nBm/GHW+GmySvq
+YFgxGtzCv7VvaIWqfa8WWUBOpmXQBe8lX1iHEmQl2OxWpivUsP57AgEC
+-----END DH PARAMETERS-----
diff --git a/ANW-KM/openvpn/keys/gw-ckubu.crt b/ANW-KM/openvpn/keys/gw-ckubu.crt
new file mode 100644
index 0000000..0d79629
--- /dev/null
+++ b/ANW-KM/openvpn/keys/gw-ckubu.crt
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jan  2 03:39:56 2015 GMT
+            Not After : Dec 25 03:39:56 2044 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-gw-ckubu/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:9d:32:39:db:a9:6d:78:47:e2:78:2a:0e:2d:60:
+                    b9:ee:27:e9:a3:59:cf:5b:90:6c:3a:5a:c9:e8:9c:
+                    72:a9:6a:e7:c2:b2:99:78:94:e2:34:69:af:33:42:
+                    64:51:34:0c:ff:84:59:b5:1a:d8:f7:3b:4a:94:f9:
+                    75:cf:5d:66:23:a3:38:b6:dd:b8:59:e5:1b:be:d5:
+                    5e:91:c8:28:83:90:bd:26:a3:2d:1d:32:1c:bc:98:
+                    aa:4e:99:fc:34:7a:9a:4e:13:9b:aa:f3:e4:c6:e0:
+                    93:1f:5a:ca:f5:56:51:4d:ff:1c:ce:b1:9b:ae:2a:
+                    4c:3d:fd:8e:5f:68:26:b0:13
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                EC:14:0E:00:D3:F8:F9:BB:B3:E1:63:47:96:45:00:C4:7F:00:FC:2E
+            X509v3 Authority Key Identifier: 
+                keyid:68:44:87:6B:F0:FC:89:71:99:CF:32:C8:1C:10:38:EB:52:D8:34:98
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+                serial:E3:CC:3A:97:1C:90:24:FD
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        18:00:f8:c3:1d:2a:78:32:56:b8:d8:5d:93:2f:bd:78:8a:71:
+        c1:ca:48:40:60:f4:e8:cf:52:ef:9f:44:e9:12:20:b6:08:54:
+        ef:83:9d:00:b3:ab:c3:68:dc:92:ff:71:11:23:40:d1:31:12:
+        00:8c:65:10:81:96:a8:d3:5a:85:cb:6e:ac:69:4a:86:c7:65:
+        52:72:f9:50:e6:d8:61:47:27:6e:13:77:59:2f:07:fd:4f:26:
+        98:7c:bc:b2:b2:14:79:af:78:f8:6e:6b:35:79:59:38:21:87:
+        b2:30:b9:df:5a:7a:ac:fb:1a:e8:4e:0a:4b:b9:7d:0a:fc:57:
+        bb:05
+-----BEGIN CERTIFICATE-----
+MIID7TCCA1agAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1LTS1W
+cG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE1MDEwMjAz
+Mzk1NloXDTQ0MTIyNTAzMzk1NlowgZgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBuZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNBTlctS00tVnBuLWd3LWNrdWJ1
+MR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAnTI526lteEfieCoOLWC57ifpo1nPW5BsOlrJ6JxyqWrnwrKZ
+eJTiNGmvM0JkUTQM/4RZtRrY9ztKlPl1z11mI6M4tt24WeUbvtVekcgog5C9JqMt
+HTIcvJiqTpn8NHqaThObqvPkxuCTH1rK9VZRTf8czrGbripMPf2OX2gmsBMCAwEA
+AaOCAUkwggFFMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdl
+bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU7BQOANP4+buz4WNHlkUAxH8A
+/C4wgccGA1UdIwSBvzCBvIAUaESHa/D8iXGZzzLIHBA461LYNJihgZikgZUwgZIx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYD
+VQQDEw1BTlctS00tVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
+ZYIJAOPMOpcckCT9MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAN
+BgkqhkiG9w0BAQUFAAOBgQAYAPjDHSp4Mla42F2TL714inHBykhAYPToz1Lvn0Tp
+EiC2CFTvg50As6vDaNyS/3ERI0DRMRIAjGUQgZao01qFy26saUqGx2VScvlQ5thh
+RyduE3dZLwf9TyaYfLyyshR5r3j4bms1eVk4IYeyMLnfWnqs+xroTgpLuX0K/Fe7
+BQ==
+-----END CERTIFICATE-----
diff --git a/ANW-KM/openvpn/keys/gw-ckubu.csr b/ANW-KM/openvpn/keys/gw-ckubu.csr
new file mode 100644
index 0000000..79b6e42
--- /dev/null
+++ b/ANW-KM/openvpn/keys/gw-ckubu.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB2TCCAUICAQAwgZgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRwwGgYDVQQDExNBTlctS00tVnBuLWd3LWNrdWJ1MR0wGwYJKoZI
+hvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAnTI526lteEfieCoOLWC57ifpo1nPW5BsOlrJ6JxyqWrnwrKZeJTiNGmvM0Jk
+UTQM/4RZtRrY9ztKlPl1z11mI6M4tt24WeUbvtVekcgog5C9JqMtHTIcvJiqTpn8
+NHqaThObqvPkxuCTH1rK9VZRTf8czrGbripMPf2OX2gmsBMCAwEAAaAAMA0GCSqG
+SIb3DQEBBQUAA4GBAF+Jx1AX4dLnFPMvVUd7YdumKuTkfdkPkYRbrFtzyZRRo24k
+Vpij8KMAYfU1v1YsY1WOXGVVQ9FbAFI+YhUGcOTQelkgWDumDfRq1f8zqsizv1iH
+JYOBSd/BbhIJ4HCaPK3LAriCdkHLH4xIG+dz1ZDei9pv74mHTRdR9qgJZzBw
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-KM/openvpn/keys/gw-ckubu.key b/ANW-KM/openvpn/keys/gw-ckubu.key
new file mode 100644
index 0000000..40803b0
--- /dev/null
+++ b/ANW-KM/openvpn/keys/gw-ckubu.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,17FCFC43E5265156
+
+V8gYTlFBeMXEIZUYq1fLtRIYjVnYNBRGmGNHtraHXZycO/RUnnEyoawl6pTPRWlM
+z1fVM7sK93uyEX6yftVG9DfFbMSkzkW8P3CLIMGNvVE5kF2KzpNPDJ1Lvfi7Vafu
+KPvUngUAEjQQ968NIAGvN+fOeICoihNZYro6lNaN1iOPTHO1ySiSEGslbW2Q7WrQ
+RyUJPS1onvAMkEOp+E15g+BNVLVap0iISlIW+urCnJ0dhVUAS/bZNaQVh6MsKUnp
+rYh/t3DZmXTBOG5gu/VSY4PU7zGMuHKNyA0hMUEapvzAeyyVfppjvKN31OhqXZAS
+X65uD8x0nMH8NgBuh7ZJBmMIYjjAvHi4/0hsfRjp5ZbADkeay+cyzjo1t8q0xctJ
+qZdLFcTj+XVN9DfPeAkg6RQa1sUKJE+n0enmsBL+99fopWH+GrxEDqux+JHhRrlc
+15fzFh8AZBe3Fl8aheDE9n2f4sk63ap+u7hgPMRa0wYJVU5meYLsfaU4XRJnq73f
+LO6ZwLV0MDEm1sc4k1P9KkPbZc/XxIXDtsev3psy/M39zWodhtfXMrzYVfH3ChRn
+uIFV8EhkEMPj6hPFFubhHRFjW09Pa2knWOZK6x8Wad6YEJxMw/pB6NAa1m2bkGan
+EXTL3Ehb6iAQvQ6BBb5+kqjnWFuCqjsz9h2Rb5r/l0KvO+VScF10mkDLoNqCHhBK
+BNLKYngRCZw+8N4vnhsc3s8GPf5ssSpFEW1sypaSbW2Hgux55jBu9NtNzo4vQLGM
+UoxiJoq54w9a3EjgVspMQ1qy6WzJaNCZpqvdl2fT43c=
+-----END RSA PRIVATE KEY-----
diff --git a/ANW-KM/openvpn/keys/index.txt b/ANW-KM/openvpn/keys/index.txt
new file mode 100644
index 0000000..09a55f9
--- /dev/null
+++ b/ANW-KM/openvpn/keys/index.txt
@@ -0,0 +1,5 @@
+V	180518000232Z		01	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-server/emailAddress=argus@oopen.de
+V	180518000506Z		02	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-chris/emailAddress=argus@oopen.de
+V	180518010002Z		03	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-rp/emailAddress=argus@oopen.de
+V	180615133904Z		04	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-berenice/emailAddress=argus@oopen.de
+V	441225033956Z		05	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-gw-ckubu/emailAddress=argus@oopen.de
diff --git a/ANW-KM/openvpn/keys/index.txt.attr b/ANW-KM/openvpn/keys/index.txt.attr
new file mode 100644
index 0000000..3a7e39e
--- /dev/null
+++ b/ANW-KM/openvpn/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/ANW-KM/openvpn/keys/index.txt.attr.old b/ANW-KM/openvpn/keys/index.txt.attr.old
new file mode 100644
index 0000000..3a7e39e
--- /dev/null
+++ b/ANW-KM/openvpn/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/ANW-KM/openvpn/keys/index.txt.old b/ANW-KM/openvpn/keys/index.txt.old
new file mode 100644
index 0000000..43af962
--- /dev/null
+++ b/ANW-KM/openvpn/keys/index.txt.old
@@ -0,0 +1,4 @@
+V	180518000232Z		01	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-server/emailAddress=argus@oopen.de
+V	180518000506Z		02	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-chris/emailAddress=argus@oopen.de
+V	180518010002Z		03	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-rp/emailAddress=argus@oopen.de
+V	180615133904Z		04	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-berenice/emailAddress=argus@oopen.de
diff --git a/ANW-KM/openvpn/keys/rp.crt b/ANW-KM/openvpn/keys/rp.crt
new file mode 100644
index 0000000..4c9d112
--- /dev/null
+++ b/ANW-KM/openvpn/keys/rp.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 20 01:00:02 2008 GMT
+            Not After : May 18 01:00:02 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-rp/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d3:7d:de:5d:20:0d:20:9e:db:2a:93:5d:99:6c:
+                    43:da:5d:f1:09:d8:68:d0:b5:8b:41:7d:79:19:77:
+                    c1:9e:53:22:15:78:83:80:d4:03:10:e6:4b:c4:e9:
+                    15:26:10:cd:28:97:a2:48:82:49:46:c0:0b:6d:c0:
+                    21:ea:87:ad:2d:1f:c3:29:ef:80:49:91:7f:3f:ff:
+                    d0:6d:2c:80:f9:94:2f:e4:88:82:88:74:27:51:26:
+                    68:d8:cd:11:cb:b3:46:6b:e8:b6:c8:81:d1:7c:de:
+                    0b:e5:90:40:c4:50:20:e5:59:4c:fc:30:f3:fa:ee:
+                    72:b2:a2:77:e3:6c:30:6a:fd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                0D:C2:77:E9:BD:42:92:03:32:41:6D:10:EE:97:78:54:04:65:0F:3D
+            X509v3 Authority Key Identifier: 
+                keyid:68:44:87:6B:F0:FC:89:71:99:CF:32:C8:1C:10:38:EB:52:D8:34:98
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+                serial:E3:CC:3A:97:1C:90:24:FD
+
+    Signature Algorithm: md5WithRSAEncryption
+        61:cd:a7:35:6b:a7:cb:94:75:2c:5c:d4:7b:cd:be:1a:43:43:
+        f3:73:ff:22:72:c0:06:c6:ae:40:19:eb:3b:53:56:01:4a:e8:
+        eb:a6:e2:61:e0:d3:2a:9d:fc:63:ac:38:4f:cd:34:7b:e5:22:
+        9f:ac:6e:0f:61:f7:b2:7c:f2:50:0c:a6:cc:76:ec:24:60:67:
+        41:51:54:5f:dc:06:f8:7a:af:ce:80:1f:06:6a:1c:9a:27:13:
+        05:e7:80:e7:45:34:f5:e9:d0:96:67:7f:2f:15:88:94:63:d5:
+        fc:e9:cb:ef:93:c2:38:5a:73:28:fa:f3:04:c9:91:01:d9:ab:
+        a6:96
+-----BEGIN CERTIFICATE-----
+MIIDszCCAxygAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1LTS1W
+cG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUyMDAx
+MDAwMloXDTE4MDUxODAxMDAwMlowgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNl
+czEWMBQGA1UEAxMNQU5XLUtNLVZwbi1ycDEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANN93l0gDSCe2yqT
+XZlsQ9pd8QnYaNC1i0F9eRl3wZ5TIhV4g4DUAxDmS8TpFSYQzSiXokiCSUbAC23A
+IeqHrS0fwynvgEmRfz//0G0sgPmUL+SIgoh0J1EmaNjNEcuzRmvotsiB0XzeC+WQ
+QMRQIOVZTPww8/rucrKid+NsMGr9AgMBAAGjggEmMIIBIjAJBgNVHRMEAjAAMCwG
+CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQUDcJ36b1CkgMyQW0Q7pd4VARlDz0wgccGA1UdIwSBvzCBvIAUaESHa/D8
+iXGZzzLIHBA461LYNJihgZikgZUwgZIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1BTlctS00tVnBuLWNhMR0wGwYJ
+KoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJAOPMOpcckCT9MA0GCSqGSIb3DQEB
+BAUAA4GBAGHNpzVrp8uUdSxc1HvNvhpDQ/Nz/yJywAbGrkAZ6ztTVgFK6Oum4mHg
+0yqd/GOsOE/NNHvlIp+sbg9h97J88lAMpsx27CRgZ0FRVF/cBvh6r86AHwZqHJon
+EwXngOdFNPXp0JZnfy8ViJRj1fzpy++Twjhacyj68wTJkQHZq6aW
+-----END CERTIFICATE-----
diff --git a/ANW-KM/openvpn/keys/rp.csr b/ANW-KM/openvpn/keys/rp.csr
new file mode 100644
index 0000000..51ad776
--- /dev/null
+++ b/ANW-KM/openvpn/keys/rp.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0zCCATwCAQAwgZIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRYwFAYDVQQDEw1BTlctS00tVnBuLXJwMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA033e
+XSANIJ7bKpNdmWxD2l3xCdho0LWLQX15GXfBnlMiFXiDgNQDEOZLxOkVJhDNKJei
+SIJJRsALbcAh6oetLR/DKe+ASZF/P//QbSyA+ZQv5IiCiHQnUSZo2M0Ry7NGa+i2
+yIHRfN4L5ZBAxFAg5VlM/DDz+u5ysqJ342wwav0CAwEAAaAAMA0GCSqGSIb3DQEB
+BQUAA4GBAEvdTAvawGhkv3a2t82sQFonSaPygbTWfBnU+ajhh2ZiInp+ceSTn27M
+gTV34cndsl5TKmfrMFtH/ol97nxo126DCoO7YWkoVKPvJrocvWUI9NaaQ41K5f3m
+qhI2TBjDggbflGQ2Y4CsekTT9/nHd63HHXt0HEhnzlysWxPyyNXS
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-KM/openvpn/keys/rp.key b/ANW-KM/openvpn/keys/rp.key
new file mode 100644
index 0000000..33ca765
--- /dev/null
+++ b/ANW-KM/openvpn/keys/rp.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,CB98AB5AB57879EF
+
+2h2/FQ1ZF8QjJKd2LpyQtngyJoHOh4tV0EhtONlepF7qiVPjbc4JMv9NjiI0fJm1
+uidVS22scXuklaB+/SOjAdTJiJt5zbOeH0ARnPpkVl4gV5dXXdBYaH3y3LeNwuKG
+ZiQl6AQJlJYPG9nsmjByAV84y7vQRhkY10yM125qZiyrg0WJdtZYUVcCbCmXjy1j
+hscTqjdSqfokroS2nAEQXMBFKCo8A4hKoQCw7VPKFmzF3OWtD/i8m2LuTA2GHldI
+JoJnsGR7QrTk+M5nJnHQ4UANbDwVowFVc63i+InnWQ7RdB0SgH4j25Qs06qZkBW6
+u4v6wiwhNtgcJiXWOTlwJdOa8jG4CWL1WcAVjFJRbWuegOlrC8zMEc44NO98aVMk
+89FHKzroN2eQ7aR1LAXZn99tvTbbwGbj5crMWsfxzmgPnswg497t/hIYVVRypQbH
+NOFxXagthpTvSNoHk1DHfM84oLs43ceujCVKDdD24UG6pPOZYwtdBfYZ4eTcSO5U
+iO/THxeZGyAXIEfq5p/EyC1LN3ac7cgDEyoTU7u4DXho5UkxvCoEvHaOpOatSBX9
+WoXRGf1oQ04UfkD836nnVD556mshT1cniBUwOr5VIF/bPhoK27lOF0IpO22y3Nt3
+XFKkJsDeojMLYsacJwVNRpLKwn/oev1El25NwwmsDlDEmlHEjZZfjjWSF/kHydLT
+yhxYrBleFS8HlqMw1X1H/mUi7SylXzMst7tKh/sWPXz9PtZoZH+1fbpPC9VaxaGQ
+KEzs6Re7jjpK1CMmiKDNqMqzhDRSwLj2YEOxkRi8ByOtz0xDIjaHHg==
+-----END RSA PRIVATE KEY-----
diff --git a/ANW-KM/openvpn/keys/serial b/ANW-KM/openvpn/keys/serial
new file mode 100644
index 0000000..cd672a5
--- /dev/null
+++ b/ANW-KM/openvpn/keys/serial
@@ -0,0 +1 @@
+06
diff --git a/ANW-KM/openvpn/keys/serial.old b/ANW-KM/openvpn/keys/serial.old
new file mode 100644
index 0000000..eeee65e
--- /dev/null
+++ b/ANW-KM/openvpn/keys/serial.old
@@ -0,0 +1 @@
+05
diff --git a/ANW-KM/openvpn/keys/server.crt b/ANW-KM/openvpn/keys/server.crt
new file mode 100644
index 0000000..5e06745
--- /dev/null
+++ b/ANW-KM/openvpn/keys/server.crt
@@ -0,0 +1,70 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 20 00:02:32 2008 GMT
+            Not After : May 18 00:02:32 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-server/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e8:50:de:da:67:fb:8b:e8:71:1f:3c:da:c8:63:
+                    33:9f:29:41:b1:a5:8f:27:99:91:16:a8:51:3b:a1:
+                    5b:52:c3:6a:26:a2:e7:f3:07:ea:c0:65:a6:60:30:
+                    d8:fb:39:e6:05:19:73:28:fa:0a:2e:4e:82:a0:72:
+                    c1:1b:ca:27:fb:ad:8d:3c:c8:15:36:4c:f6:22:70:
+                    1f:4d:6c:10:88:84:c6:f1:c3:9f:f2:55:58:3d:f2:
+                    10:cb:d5:a7:18:3d:b9:d6:fd:25:e9:9d:ec:6c:0e:
+                    55:f9:2d:64:54:a0:32:58:34:b0:2c:c9:10:55:33:
+                    6c:75:9e:97:29:61:db:c1:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                OpenSSL Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                41:12:64:24:C4:4E:59:A4:C9:B3:A4:8E:A2:E6:5A:9C:27:CF:C6:21
+            X509v3 Authority Key Identifier: 
+                keyid:68:44:87:6B:F0:FC:89:71:99:CF:32:C8:1C:10:38:EB:52:D8:34:98
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+                serial:E3:CC:3A:97:1C:90:24:FD
+
+    Signature Algorithm: md5WithRSAEncryption
+        81:b5:d0:b9:ba:8e:87:ad:48:a7:ce:11:e6:30:b5:e2:6a:20:
+        19:b4:4d:e2:17:8e:7d:4c:ae:1d:45:a8:38:c2:b9:7d:71:08:
+        db:b4:a9:96:75:bf:ca:26:5a:d1:0d:80:cf:d8:b3:ce:3d:3a:
+        76:81:43:90:91:b8:de:45:33:63:cd:56:ed:1a:6b:33:36:e3:
+        8f:97:3a:15:e4:11:64:e5:bf:ee:98:53:cc:51:d9:fa:ac:76:
+        2e:2b:c3:dc:a9:7f:e1:8d:44:34:8d:f3:fd:32:26:7b:4d:cf:
+        9b:b4:43:9a:d2:0d:65:56:2f:4d:78:87:9a:ca:5a:22:5d:08:
+        68:01
+-----BEGIN CERTIFICATE-----
+MIID0TCCAzqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1LTS1W
+cG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUyMDAw
+MDIzMloXDTE4MDUxODAwMDIzMlowgYUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNl
+czEaMBgGA1UEAxMRQU5XLUtNLVZwbi1zZXJ2ZXIxHTAbBgkqhkiG9w0BCQEWDmFy
+Z3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoUN7aZ/uL
+6HEfPNrIYzOfKUGxpY8nmZEWqFE7oVtSw2omoufzB+rAZaZgMNj7OeYFGXMo+gou
+ToKgcsEbyif7rY08yBU2TPYicB9NbBCIhMbxw5/yVVg98hDL1acYPbnW/SXpnexs
+DlX5LWRUoDJYNLAsyRBVM2x1npcpYdvB0wIDAQABo4IBQDCCATwwCQYDVR0TBAIw
+ADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2Vu
+ZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUQRJkJMROWaTJs6SO
+ouZanCfPxiEwgccGA1UdIwSBvzCBvIAUaESHa/D8iXGZzzLIHBA461LYNJihgZik
+gZUwgZIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJl
+cmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2Vz
+MRYwFAYDVQQDEw1BTlctS00tVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZYIJAOPMOpcckCT9MA0GCSqGSIb3DQEBBAUAA4GBAIG10Lm6joetSKfO
+EeYwteJqIBm0TeIXjn1Mrh1FqDjCuX1xCNu0qZZ1v8omWtENgM/Ys849OnaBQ5CR
+uN5FM2PNVu0aazM244+XOhXkEWTlv+6YU8xR2fqsdi4rw9ypf+GNRDSN8/0yJntN
+z5u0Q5rSDWVWL014h5rKWiJdCGgB
+-----END CERTIFICATE-----
diff --git a/ANW-KM/openvpn/keys/server.csr b/ANW-KM/openvpn/keys/server.csr
new file mode 100644
index 0000000..ee8f315
--- /dev/null
+++ b/ANW-KM/openvpn/keys/server.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB1zCCAUACAQAwgZYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRowGAYDVQQDExFBTlctS00tVnBuLXNlcnZlcjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AOhQ3tpn+4vocR882shjM58pQbGljyeZkRaoUTuhW1LDaiai5/MH6sBlpmAw2Ps5
+5gUZcyj6Ci5OgqBywRvKJ/utjTzIFTZM9iJwH01sEIiExvHDn/JVWD3yEMvVpxg9
+udb9Jemd7GwOVfktZFSgMlg0sCzJEFUzbHWelylh28HTAgMBAAGgADANBgkqhkiG
+9w0BAQUFAAOBgQDn1T22greiThuxtpEb1ydzssh99XEQhdV2f2G++rjb+N63blfy
+i263sHPCqqaHbt0Lf7NA3iIE0vrUq2dhdqDzUnfo1Opr0njm4VwaFR2Ngm7eYNTP
+yKVZWKElM0sVwDCgJ00nfDw+zIrTza1TRUZn0L/alE3rGqvV2poawo8xeA==
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-KM/openvpn/keys/server.key b/ANW-KM/openvpn/keys/server.key
new file mode 100644
index 0000000..b49c695
--- /dev/null
+++ b/ANW-KM/openvpn/keys/server.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDoUN7aZ/uL6HEfPNrIYzOfKUGxpY8nmZEWqFE7oVtSw2omoufz
+B+rAZaZgMNj7OeYFGXMo+gouToKgcsEbyif7rY08yBU2TPYicB9NbBCIhMbxw5/y
+VVg98hDL1acYPbnW/SXpnexsDlX5LWRUoDJYNLAsyRBVM2x1npcpYdvB0wIDAQAB
+AoGBAN8ihdobU9WercCGL9GWzsdJ1iptzWEIs/2iL1vp8JA+159Ciyy35vdi6vmr
+EU3D37X4Ks8p0kuF5xt6/RXXBqx1mWojTPFAWCIbGhCkneoWxruf31w7RBiK/ezS
+BkDX+jplb/dNzq1yN+3hPyk6quJYs01NUVmG/z3505DYCaLJAkEA/5a2fGu6THLe
+XcfXNm4+NsCJf7UU8Ul30LZoohdDV65KoP5b8hVQ9FnS+mZXUq+ZYM799XOMPn+q
+7UseiJc8VwJBAOiwkhhGuavoPdDW2L51e3FHGy7A10m1/nb+Ayx05qyVWZ1I3uBQ
+0tACpdKBJDQYm2gSPO6liaEhl7WfPZXGeOUCQETsVo+c2WNOQqrVfjK+beaD61BV
++6zJnBbbacH0NgPKC3P4w8C3gNoz8tH1kSzKD7lseE2deD9OXECbVkONTQcCQQCO
+pS/qkfDg4c6DaDIXEA5MszqGvtE77sXATJfFeSSwSB5XvYRkHygdPIJLOb/n7+3V
+LtkLs49bqCxIuwYV+0XBAkEAm3USgjdnjeP6he49gKY9tDug2EtxksQ1PCTpy/lR
+qoPBM0xQ8DdFoD4ljgJ+AOs5JVm5FKHR4WaMdd3bmaXtFQ==
+-----END RSA PRIVATE KEY-----
diff --git a/ANW-KM/openvpn/keys/ta.key b/ANW-KM/openvpn/keys/ta.key
new file mode 100644
index 0000000..3fbb66d
--- /dev/null
+++ b/ANW-KM/openvpn/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+82b1f1533640a6436ed2eb2993ef9e7c
+f867d5f61ffe5691be2bc8304714b41a
+9f49a741e0c9f22417ee9ee6893434fb
+1e5611b7d64d31532a450e41871c4885
+c3ac11d33ed5c878500206416cb88c9b
+c0487fd5098dc3a5982694feb2d4d3fe
+1ba4f32fc7574fa4b09d47aa1986c096
+e022fcd44b87ad8c08c979b8ac7ade3d
+130f838ffaedf278360eba2f6f9b94db
+e1d0e0f6f4a44210f4acb38835797444
+fa2b5e067ec14e5f2013a36827c85722
+386cf69b2c5e9c3bced20e4aac287edc
+da8b1eb743cf527750999e01274f2e47
+e79c9cbede772362b103a6ddebff76da
+ed23277286cf8da544d86f6e5f6046b7
+a0d2f4b8bf57d734ef4ec3763979ced2
+-----END OpenVPN Static key V1-----
diff --git a/ANW-KM/openvpn/openvpn-status.log b/ANW-KM/openvpn/openvpn-status.log
new file mode 100644
index 0000000..de16828
--- /dev/null
+++ b/ANW-KM/openvpn/openvpn-status.log
@@ -0,0 +1,8 @@
+OpenVPN CLIENT LIST
+Updated,Thu Jan  1 22:16:41 2015
+Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
+ROUTING TABLE
+Virtual Address,Common Name,Real Address,Last Ref
+GLOBAL STATS
+Max bcast/mcast queue length,0
+END
diff --git a/ANW-KM/openvpn/password.txt b/ANW-KM/openvpn/password.txt
new file mode 100644
index 0000000..cbc9da0
--- /dev/null
+++ b/ANW-KM/openvpn/password.txt
@@ -0,0 +1,9 @@
+
+key...............: rp.key
+common name.......: ANW-KM-Vpn-rp
+password..........: Zuse54My
+
+key...............: berenice.key
+common name.......: ANW-KM-Vpn-berenice
+password..........: Gi8aHozo
+
diff --git a/ANW-KM/openvpn/server-gw-ckubu.conf b/ANW-KM/openvpn/server-gw-ckubu.conf
new file mode 100644
index 0000000..4597056
--- /dev/null
+++ b/ANW-KM/openvpn/server-gw-ckubu.conf
@@ -0,0 +1,300 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1195
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+
+topology subnet
+route 192.168.63.0 255.255.255.0 10.1.122.1
+route 192.168.64.0 255.255.255.0 10.1.122.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca keys/ca.crt
+cert keys/server.crt
+key keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys. 
+dh keys/dh1024.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.1.122.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 192.168.23.0 255.255.255.0"
+;push "route 192.168.122.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+client-config-dir /etc/openvpn/ccd/server-gw-ckubu
+;route 192.168.40.128 255.255.255.248
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option DNS 10.8.0.1"
+;push "dhcp-option WINS 10.8.0.1"
+;push "dhcp-option DNS 192.168.122.53"
+;push "dhcp-option DOMAIN anw-km.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+status /var/log/openvpn/status-server-gw-ckubu.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+log         /var/log/openvpn/server-gw-ckubu.log
+;log-append  openvpn.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+#crl-verify /etc/openvpn/keys/crl.pem
diff --git a/ANW-KM/openvpn/server-home.conf b/ANW-KM/openvpn/server-home.conf
new file mode 100644
index 0000000..1c13e03
--- /dev/null
+++ b/ANW-KM/openvpn/server-home.conf
@@ -0,0 +1,298 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1196
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+
+topology subnet
+#route 192.168.63.0 255.255.255.0 10.1.122.1
+#route 192.168.64.0 255.255.255.0 10.1.122.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca keys/ca.crt
+cert keys/server.crt
+key keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys. 
+dh keys/dh1024.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.0.122.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 192.168.23.0 255.255.255.0"
+;push "route 192.168.122.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+client-config-dir /etc/openvpn/ccd/server-home
+;route 192.168.40.128 255.255.255.248
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option DNS 10.8.0.1"
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.122.53"
+push "dhcp-option DOMAIN anw-km.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+status /var/log/openvpn/status-server-home.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+log         /var/log/openvpn/server-home.log
+;log-append  openvpn.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
diff --git a/ANW-KM/openvpn/update-resolv-conf b/ANW-KM/openvpn/update-resolv-conf
new file mode 100755
index 0000000..fc2f031
--- /dev/null
+++ b/ANW-KM/openvpn/update-resolv-conf
@@ -0,0 +1,58 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+# 
+# Example envs set from openvpn:
+#
+#     foreign_option_1='dhcp-option DNS 193.43.27.132'
+#     foreign_option_2='dhcp-option DNS 193.43.27.133'
+#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+[ -x /sbin/resolvconf ] || exit 0
+[ "$script_type" ] || exit 0
+[ "$dev" ] || exit 0
+
+split_into_parts()
+{
+	part1="$1"
+	part2="$2"
+	part3="$3"
+}
+
+case "$script_type" in
+  up)
+	NMSRVRS=""
+	SRCHS=""
+	for optionvarname in ${!foreign_option_*} ; do
+		option="${!optionvarname}"
+		echo "$option"
+		split_into_parts $option
+		if [ "$part1" = "dhcp-option" ] ; then
+			if [ "$part2" = "DNS" ] ; then
+				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
+			elif [ "$part2" = "DOMAIN" ] ; then
+				SRCHS="${SRCHS:+$SRCHS }$part3"
+			fi
+		fi
+	done
+	R=""
+	[ "$SRCHS" ] && R="search $SRCHS
+"
+	for NS in $NMSRVRS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
+	;;
+  down)
+	/sbin/resolvconf -d "${dev}.openvpn"
+	;;
+esac
+
diff --git a/ANW-KM/pap-secrets.ANW-KM b/ANW-KM/pap-secrets.ANW-KM
new file mode 100644
index 0000000..022c813
--- /dev/null
+++ b/ANW-KM/pap-secrets.ANW-KM
@@ -0,0 +1,46 @@
+#
+# /etc/ppp/pap-secrets
+#
+# This is a pap-secrets file to be used with the AUTO_PPP function of
+# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
+# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
+# after a user has passed this file. Don't be disturbed therefore by the fact
+# that this file defines logins with any password for users. /etc/passwd
+# (again, /etc/shadow, too) will catch passwd mismatches.
+#
+# This file should block ALL users that should not be able to do AUTO_PPP.
+# AUTO_PPP bypasses the usual login program so it's necessary to list all
+# system userids with regular passwords here.
+#
+# ATTENTION: The definitions here can allow users to login without a
+# password if you don't use the login option of pppd! The mgetty Debian
+# package already provides this option; make sure you don't change that.
+
+# INBOUND connections
+
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+*	hostname	""	*
+
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd!
+guest	hostname	"*"	-
+master	hostname	"*"	-
+root	hostname	"*"	-
+support	hostname	"*"	-
+stats	hostname	"*"	-
+
+# OUTBOUND connections
+
+# Here you should add your userid password to connect to your providers via
+# PAP. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+
+#	*	password
+
+
+
+
+"0017005041965502052728690001@t-online.de" * "62812971"
diff --git a/ANW-KM/peers/dsl-provider b/ANW-KM/peers/dsl-provider
new file mode 100644
index 0000000..dd247e2
--- /dev/null
+++ b/ANW-KM/peers/dsl-provider
@@ -0,0 +1,16 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+plugin rp-pppoe.so eth0
+user "0017005041965502052728690001@t-online.de"
diff --git a/ANW-KM/peers/provider b/ANW-KM/peers/provider
new file mode 100644
index 0000000..e74d71a
--- /dev/null
+++ b/ANW-KM/peers/provider
@@ -0,0 +1,35 @@
+# example configuration for a dialup connection authenticated with PAP or CHAP
+#
+# This is the default configuration used by pon(1) and poff(1).
+# See the manual page pppd(8) for information on all the options.
+
+# MUST CHANGE: replace myusername@realm with the PPP login name given to
+# your by your provider.
+# There should be a matching entry with the password in /etc/ppp/pap-secrets
+# and/or /etc/ppp/chap-secrets.
+user "myusername@realm"
+
+# MUST CHANGE: replace ******** with the phone number of your provider.
+# The /etc/chatscripts/pap chat script may be modified to change the
+# modem initialization string.
+connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
+
+# Serial device to which the modem is connected.
+/dev/modem
+
+# Speed of the serial line.
+115200
+
+# Assumes that your IP address is allocated dynamically by the ISP.
+noipdefault
+# Try to get the name server addresses from the ISP.
+usepeerdns
+# Use this connection as the default route.
+defaultroute
+
+# Makes pppd "dial again" when the connection is lost.
+persist
+
+# Do not ask the remote to authenticate.
+noauth
+
diff --git a/ANW-KM/rc.local.ANW-KM b/ANW-KM/rc.local.ANW-KM
new file mode 100755
index 0000000..513bcc2
--- /dev/null
+++ b/ANW-KM/rc.local.ANW-KM
@@ -0,0 +1,18 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+# By default this script does nothing.
+
+sleep 2
+/etc/init.d/ntp start || /bin/true
+
+
+exit 0
diff --git a/ANW-KM/resolv.conf.ANW-KM b/ANW-KM/resolv.conf.ANW-KM
new file mode 100644
index 0000000..f170934
--- /dev/null
+++ b/ANW-KM/resolv.conf.ANW-KM
@@ -0,0 +1,4 @@
+# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
+#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
+nameserver 127.0.0.1
+search anw-km.netz
diff --git a/ANW-KM/sasl_passwd.ANW-KM b/ANW-KM/sasl_passwd.ANW-KM
new file mode 100644
index 0000000..e39c2dd
--- /dev/null
+++ b/ANW-KM/sasl_passwd.ANW-KM
@@ -0,0 +1 @@
+[b.mx.oopen.de] anw-km@b.mx.oopen.de:psNwjTF9kgxX3RLV
diff --git a/ANW-KM/sasl_passwd.db.ANW-KM b/ANW-KM/sasl_passwd.db.ANW-KM
new file mode 100644
index 0000000..b70ff1c
Binary files /dev/null and b/ANW-KM/sasl_passwd.db.ANW-KM differ
diff --git a/ANW-KM/sbin/ipt-firewall-gateway b/ANW-KM/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..77e105f
--- /dev/null
+++ b/ANW-KM/sbin/ipt-firewall-gateway
@@ -0,0 +1,3695 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+done
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   #$ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      #$ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Accesspoints
+# ---
+
+echononl "\t\tUbiquiti Unifi Accesspoints"
+if [[ ${#unifi_controller_gateway_ip_arr[@]} -gt 0 ]] || [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] ; then
+      if [[ ${#unifi_controller_gateway_ip_arr[@]} -gt 0 ]] ; then
+
+         for _ip_ctl in ${unifi_controller_gateway_ip_arr[@]} ; do
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A INPUT -i $_dev -p tcp -d $_ip_ctl -m multiport --dports $unify_controller_ports -m conntrack --ctstate NEW -j ACCEPT
+               if $provide_hotspot ; then
+                  $ipt -A INPUT -i $_dev -p tcp -d $_ip_ctl -m multiport --dports $hotspot_ports -m conntrack --ctstate NEW -j ACCEPT
+               fi
+            done
+
+         done
+      fi
+
+      if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] ; then
+         for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_controller_ports -m conntrack --ctstate NEW -j ACCEPT
+               if $provide_hotspot ; then
+                  $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl -m multiport --dports $hotspot_ports -m conntrack --ctstate NEW -j ACCEPT
+               fi
+            done
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if $kernel_activate_forwarding && $local_alias_interfaces ; then
+               $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_controller_ports --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_controller_ports --tcp-flag ACK ACK -j ACCEPT
+               if $provide_hotspot ; then
+                  $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $hotspot_ports --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $hotspot_ports --tcp-flag ACK ACK -j ACCEPT
+               fi
+            fi
+
+         done
+      fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/ANW-KM/src/ipt-gateway b/ANW-KM/src/ipt-gateway
new file mode 160000
index 0000000..aa6a6aa
--- /dev/null
+++ b/ANW-KM/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit aa6a6aa992674fd0d21c32505550e49e7cb4afca
diff --git a/ANW-URB/README.txt b/ANW-URB/README.txt
new file mode 100644
index 0000000..28651e4
--- /dev/null
+++ b/ANW-URB/README.txt
@@ -0,0 +1,25 @@
+
+Notice:
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.ANW-URB: ppp0 comes over eth2
+      interfaces.ANW-URB: see above
+      default_isc-dhcp-server.ANW-URB
+      ipt-firewall.ANW-URB: LAN device (mostly ) = eth1
+                                second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/ANW-URB/bin/admin-stuff b/ANW-URB/bin/admin-stuff
new file mode 160000
index 0000000..6c91fc0
--- /dev/null
+++ b/ANW-URB/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
diff --git a/ANW-URB/bin/clean_log_files.sh b/ANW-URB/bin/clean_log_files.sh
new file mode 120000
index 0000000..4a65412
--- /dev/null
+++ b/ANW-URB/bin/clean_log_files.sh
@@ -0,0 +1 @@
+admin-stuff/clean_log_files.sh
\ No newline at end of file
diff --git a/ANW-URB/bin/manage-gw-config b/ANW-URB/bin/manage-gw-config
new file mode 160000
index 0000000..2a96dfd
--- /dev/null
+++ b/ANW-URB/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit 2a96dfdc8f50605a84059b07e64b8ae6b41b5688
diff --git a/ANW-URB/bin/monitoring b/ANW-URB/bin/monitoring
new file mode 160000
index 0000000..0611d0a
--- /dev/null
+++ b/ANW-URB/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
diff --git a/ANW-URB/bin/os-upgrade.sh b/ANW-URB/bin/os-upgrade.sh
new file mode 120000
index 0000000..02ddc66
--- /dev/null
+++ b/ANW-URB/bin/os-upgrade.sh
@@ -0,0 +1 @@
+admin-stuff/os-upgrade.sh
\ No newline at end of file
diff --git a/ANW-URB/bin/postfix b/ANW-URB/bin/postfix
new file mode 160000
index 0000000..c1934d5
--- /dev/null
+++ b/ANW-URB/bin/postfix
@@ -0,0 +1 @@
+Subproject commit c1934d5bdeee88e6f5b868c7d0bdb955539d34d4
diff --git a/ANW-URB/bin/test_email.sh b/ANW-URB/bin/test_email.sh
new file mode 120000
index 0000000..86f3e17
--- /dev/null
+++ b/ANW-URB/bin/test_email.sh
@@ -0,0 +1 @@
+admin-stuff/test_email.sh
\ No newline at end of file
diff --git a/ANW-URB/bin/wakeup_fileserver.sh b/ANW-URB/bin/wakeup_fileserver.sh
new file mode 100755
index 0000000..4581a28
--- /dev/null
+++ b/ANW-URB/bin/wakeup_fileserver.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env sh
+
+_NETW=192.168.102.0
+_MAC_FILESERVER="00:30:48:8c:de:c0"
+
+/usr/bin/wakeonlan -i $_NETW $_MAC_FILESERVER
+
+exit 0
diff --git a/ANW-URB/bind/bind.keys b/ANW-URB/bind/bind.keys
new file mode 100644
index 0000000..b003c53
--- /dev/null
+++ b/ANW-URB/bind/bind.keys
@@ -0,0 +1,49 @@
+/* $Id: bind.keys,v 1.5.42.2 2011-01-04 19:14:48 each Exp $ */
+# The bind.keys file is used to override built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release (BIND
+# 9.7), the only trust anchor it sets is the one for the ISC DNSSEC
+# Lookaside Validation zone ("dlv.isc.org").  Trust anchors for any other
+# zones MUST be configured elsewhere; if they are configured here, they
+# will not be recognized or used by named.
+#
+# This file also contains a copy of the trust anchor for the DNS root zone
+# (".").  However, named does not use it; it is provided here for
+# informational purposes only.  To switch on DNSSEC validation at the
+# root, the root key below can be copied into named.conf.
+#
+# The built-in DLV trust anchor in this file is used directly by named.
+# However, it is not activated unless specifically switched on.  To use
+# the DLV key, set "dnssec-lookaside auto;" in the named.conf options.
+# Without this option being set, the key in this file is ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of January 2011.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+	# ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        # NOTE: This key is activated by setting "dnssec-lookaside auto;"
+        # in named.conf.
+	dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+		brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+		1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+		ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+		Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+		QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+		TDN0YUuWrBNh";
+
+	# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
+	# for current trust anchor information.
+        # NOTE: This key is activated by setting "dnssec-validation auto;"
+        # in named.conf.
+	. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+		FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+		bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+		X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+		W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+		Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+		QxA+Uk1ihz0=";
+};
diff --git a/ANW-URB/bind/db.0 b/ANW-URB/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/ANW-URB/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/ANW-URB/bind/db.127 b/ANW-URB/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/ANW-URB/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/ANW-URB/bind/db.192.168.132.0 b/ANW-URB/bind/db.192.168.132.0
new file mode 100644
index 0000000..0ac903a
--- /dev/null
+++ b/ANW-URB/bind/db.192.168.132.0
@@ -0,0 +1,47 @@
+;
+; BIND reverse data file for local anwaeltinnen.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.anwaeltinnen.netz. ckubu.oopen.de. (
+      2012082601     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-urban.anwaeltinnen.netz.
+
+; - Gateway/Firewall
+254         IN PTR    gw-urban.anwaeltinnen.netz.
+
+
+; - (Caching ) Nameserver
+1           IN PTR    ns-urban.anwaeltinnen.netz.
+
+
+; - Fileserver
+10          IN PTR    file-urban.anwaeltinnen.netz.
+
+
+; - Drucker
+6            IN PTR    canon0b7d6f.anwaeltinnen.netz.
+
+
+; - IPMI
+15          IN PTR    ipmi-urban.anwaeltinnen.netz.
+
+
+; file-win7 - Windows7 File Server
+;
+20          IN PTR    ipmi-urban.anwaeltinnen.netz.
+
+
+; - Buero PC's
+211          IN PTR    pcbuero1.anwaeltinnen.netz.
+212          IN PTR    pcbuero.anwaeltinnen.netz.
+213          IN PTR    pcbuero2.anwaeltinnen.netz.
+214          IN PTR    pcreg.anwaeltinnen.netz.
+215          IN PTR    pcson.anwaeltinnen.netz.
+216          IN PTR    pcund.anwaeltinnen.netz.
+
diff --git a/ANW-URB/bind/db.255 b/ANW-URB/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/ANW-URB/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/ANW-URB/bind/db.anwaeltinnen.netz b/ANW-URB/bind/db.anwaeltinnen.netz
new file mode 100644
index 0000000..5e16c56
--- /dev/null
+++ b/ANW-URB/bind/db.anwaeltinnen.netz
@@ -0,0 +1,57 @@
+;
+; BIND data file for local anwaeltinnen.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.anwaeltinnen.netz. ckubu.oopen.de. (
+      2012082601     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+                IN NS     ns-urban.anwaeltinnen.netz.
+
+; Gateway/Firewall
+gw-urban        IN A      192.168.132.254
+gate            IN CNAME  gw-urban
+gw              IN CNAME  gw-urban
+
+; (Caching ) Nameserver
+ns-urban        IN A      192.168.132.1
+ns              IN CNAME  ns-urban
+nscache         IN CNAME  ns-urban
+
+
+; - Fileserver
+file-urban      IN A      192.168.132.10
+file            IN CNAME  file-urban
+marvin          IN CNAME  file-urban
+
+
+; - IPMI
+ipmi-urban      IN A      192.168.132.15
+file-ipmi       IN CNAME  ipmi-urban
+ipmi            IN CNAME  ipmi-urban
+
+
+; file-win7 - Windows 7 Server
+;
+file-win7       IN A      192.168.132.20
+
+
+; - Drucker
+canon0b7d6f     IN A      192.168.132.6
+canon           IN CNAME  canon0b7d6f
+
+
+
+; PC's
+pcbuero1        IN A      192.168.132.211
+pcbuero         IN A      192.168.132.212
+pcbuero2        IN A      192.168.132.213
+pcreg           IN A      192.168.132.214
+pcson           IN A      192.168.132.215
+pcund           IN A      192.168.132.216
+
diff --git a/ANW-URB/bind/db.empty b/ANW-URB/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/ANW-URB/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/ANW-URB/bind/db.local b/ANW-URB/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/ANW-URB/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/ANW-URB/bind/db.root b/ANW-URB/bind/db.root
new file mode 100644
index 0000000..d081faa
--- /dev/null
+++ b/ANW-URB/bind/db.root
@@ -0,0 +1,87 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    Jun 17, 2010
+;       related version of root zone:   2010061700
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FE::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35
+; End of File
diff --git a/ANW-URB/bind/named.conf b/ANW-URB/bind/named.conf
new file mode 100644
index 0000000..880786a
--- /dev/null
+++ b/ANW-URB/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/ANW-URB/bind/named.conf.default-zones b/ANW-URB/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/ANW-URB/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/ANW-URB/bind/named.conf.local b/ANW-URB/bind/named.conf.local
new file mode 100644
index 0000000..6e0373f
--- /dev/null
+++ b/ANW-URB/bind/named.conf.local
@@ -0,0 +1,24 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+
+zone "anwaeltinnen.netz" {
+   type master;
+   file "/etc/bind/db.anwaeltinnen.netz";
+};
+
+zone "1.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.1.0";
+};
+
+zone "132.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.132.0";
+};
+
diff --git a/ANW-URB/bind/named.conf.local.INSTALL b/ANW-URB/bind/named.conf.local.INSTALL
new file mode 100644
index 0000000..7a57b10
--- /dev/null
+++ b/ANW-URB/bind/named.conf.local.INSTALL
@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
diff --git a/ANW-URB/bind/named.conf.options b/ANW-URB/bind/named.conf.options
new file mode 100644
index 0000000..e81334c
--- /dev/null
+++ b/ANW-URB/bind/named.conf.options
@@ -0,0 +1,51 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+   /*
+   forwarders {
+      // OpenDNS servers
+      208.67.222.222;
+      208.67.220.220;
+      // DNS-Cache des CCC
+      213.73.91.35;
+      // ISP DNS Servers
+      217.237.150.51;
+      217.237.148.22;
+   };
+   */
+
+
+   // Security options
+   listen-on port 53 {
+      127.0.0.1;
+      192.168.132.1;
+   };
+   allow-query {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/8;
+   };
+   allow-recursion {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/8;
+   };
+   allow-transfer { none; };
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/ANW-URB/bind/named.conf.options.INSTALL b/ANW-URB/bind/named.conf.options.INSTALL
new file mode 100644
index 0000000..af79758
--- /dev/null
+++ b/ANW-URB/bind/named.conf.options.INSTALL
@@ -0,0 +1,20 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/ANW-URB/bind/rndc.key b/ANW-URB/bind/rndc.key
new file mode 100644
index 0000000..48256d5
--- /dev/null
+++ b/ANW-URB/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "p8uEoosC6vrcRj73ribYKg==";
+};
diff --git a/ANW-URB/bind/zones.rfc1918 b/ANW-URB/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/ANW-URB/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/ANW-URB/chap-secrets.ANW-URB b/ANW-URB/chap-secrets.ANW-URB
new file mode 100644
index 0000000..057fafe
--- /dev/null
+++ b/ANW-URB/chap-secrets.ANW-URB
@@ -0,0 +1,6 @@
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+
+
+## - Anwaltskanzlei - Urbanstrasse (anw-urb)
+"0019673090265502751343110001@t-online.de" * "85593499"
diff --git a/ANW-URB/cron_root.ANW-URB b/ANW-URB/cron_root.ANW-URB
new file mode 100644
index 0000000..c9cfc81
--- /dev/null
+++ b/ANW-URB/cron_root.ANW-URB
@@ -0,0 +1,66 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.KkdUPg/crontab installed on Wed Oct 11 10:57:34 2017)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+
+## - ORIG
+#*/5 * * * * /usr/local/sbin/synctime
+#*/1 * * * * env LANG=C /usr/bin/mrtg --logging /var/log/mrtg/mrtg.log --lock-file /var/run/mrtg.lck --log-only
+
+PATH=/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+
+# - check forwarding ( /proc/sys/net/ipv4/ip_forward contains "1" )
+# - if not set this entry to "1"
+# -
+0-59/2 * * * * /root/bin/monitoring/check_forwarding.sh
+
+# - Check if postfix mailservice is running. Restart service if needed.
+# -
+41 * * * * /root/bin/monitoring/check_postfix.sh
+
+# - check if openvpn is running if not restart the service
+# -
+*/10 * * * * /root/bin/monitoring/check_dns.sh
+
+# - Check if postfix mail service ist running. Restart service if necessary
+# -
+01,31 * * * * /root/bin/monitoring/check_postfix.sh
+
+# - check if openvpn is running if not restart the service
+# -
+*/30 * * * * /root/bin/monitoring/check_vpn.sh
+
+# - check if DynDNS ip is correct, adjust if needed
+# -
+27 * * * * /root/bin/monitoring/check_dyndns.sh anw-urb.homelinux.org
+
+# - reconnect to internet
+# -
+#7 6 * * * /root/bin/reconnect_inet.sh
+
+
+# - copy gateway configuration
+# -
+10 3 * * * /root/bin/manage-gw-config/copy_gateway-config.sh ANW-URB
diff --git a/ANW-URB/ddclient.conf.ANW-URB b/ANW-URB/ddclient.conf.ANW-URB
new file mode 100644
index 0000000..575b673
--- /dev/null
+++ b/ANW-URB/ddclient.conf.ANW-URB
@@ -0,0 +1,14 @@
+# Configuration file for ddclient generated by debconf
+#
+# /etc/ddclient.conf
+
+protocol=dyndns2
+use=web, web=checkip.dyndns.com, web-skip='IP Address'
+server=members.dyndns.org
+login=ckubu
+password=7213b4e6178a11e6ab1362f831f6741e
+anw-urb.homelinux.org
+
+ssl=yes
+mail=argus@oopen.de
+mail-failure=root
diff --git a/ANW-URB/default_isc-dhcp-server.ANW-URB b/ANW-URB/default_isc-dhcp-server.ANW-URB
new file mode 100644
index 0000000..a6c85bd
--- /dev/null
+++ b/ANW-URB/default_isc-dhcp-server.ANW-URB
@@ -0,0 +1,11 @@
+# Defaults for dhcp initscript
+# sourced by /etc/init.d/dhcp
+# installed at /etc/default/isc-dhcp-server by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACES=""
diff --git a/ANW-URB/dhcpd.conf.ANW-URB b/ANW-URB/dhcpd.conf.ANW-URB
new file mode 100644
index 0000000..b86522f
--- /dev/null
+++ b/ANW-URB/dhcpd.conf.ANW-URB
@@ -0,0 +1,221 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+option domain-name "anwaeltinnen.netz";
+option domain-name-servers 192.168.132.1;
+
+option subnet-mask 255.255.255.0;
+
+option broadcast-address 192.168.132.255;
+
+option routers 192.168.132.254;
+
+
+default-lease-time 3600;
+max-lease-time 14400;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+subnet 192.168.132.0 netmask 255.255.255.0 {
+   range 192.168.132.130 192.168.132.180;
+   option domain-name "anwaeltinnen.netz";
+   option subnet-mask 255.255.255.0;
+   option broadcast-address 192.168.132.255;
+   option domain-name-servers 192.168.132.1;
+   option routers 192.168.132.254;
+   default-lease-time 43200;
+   max-lease-time 86400;
+}
+
+## - wireless LAN
+subnet 192.168.133.0 netmask 255.255.255.0 {
+  range 192.168.133.150 192.168.133.199;
+  #local-address 192.168.103.254 ;
+  option domain-name "anwaeltinnen.netz";
+  option subnet-mask 255.255.255.0;
+  option broadcast-address 192.168.133.255;
+  option domain-name-servers 192.168.132.1;
+  option routers 192.168.133.254;
+  default-lease-time 86400;
+  max-lease-time 259200;
+}
+
+## - No dhcp on WAN-Interface
+## -
+subnet 172.16.132.0 netmask 255.255.255.0 {
+}
+
+host panic {
+   hardware ethernet 00:11:25:31:64:50;
+   fixed-address panic.anwaeltinnen.netz;
+}
+
+host pcreg {
+   ## - alter PC
+   #hardware ethernet 00:30:05:45:27:21;
+   ## - neuer PC
+   hardware ethernet 70:71:BC:72:27:5C;
+   fixed-address pcreg.anwaeltinnen.netz;
+}
+host pcson {
+   #hardware ethernet 00:24:21:0b:3e:a2;
+   hardware ethernet E8:40:F2:EC:C5:42;
+   fixed-address pcson.anwaeltinnen.netz;
+}
+host pcund {
+   #hardware ethernet 00:27:0E:18:B3:14;
+   hardware ethernet 74:d4:35:b6:81:4c;
+   fixed-address pcund.anwaeltinnen.netz;
+}
+host pcund-alt {
+   hardware ethernet 00:30:05:2F:6A:CF;
+   fixed-address pcund-alt.anwaeltinnen.netz;
+}
+
+## buero rechner
+host pcbuero {
+   hardware ethernet 00:27:0E:05:A0:69;
+   fixed-address pcbuero.anwaeltinnen.netz;
+}
+host pcbuero-alt {
+   hardware ethernet 00:05:5D:DD:40:EB;
+   fixed-address pcbuero-alt.anwaeltinnen.netz;
+}
+host pcbuero1 {
+   hardware ethernet 00:22:4d:af:f5:f3;
+   fixed-address pcbuero1.anwaeltinnen.netz;
+}
+host pcbuero2 {
+   #hardware ethernet 00:0D:87:D4:4C:2B;
+   hardware ethernet E8:40:F2:ED:14:56;
+   fixed-address pcbuero2.anwaeltinnen.netz;
+}
+
+## laptop
+host undine-laptop {
+   hardware ethernet 00:16:41:A7:A1:93 ;
+   fixed-address undine-laptop.anwaeltinnen.netz ;
+}
+
+
+## - fileserver
+host marvin {
+   hardware ethernet 0c:c4:7a:0b:75:36;
+   fixed-address marvin.anwaeltinnen.netz;
+}
+host marvin-alt {
+   hardware ethernet 00:25:90:09:1D:F2;
+   fixed-address marvin-alt.anwaeltinnen.netz;
+}
+
+## printer
+host canon {
+   #hardware ethernet 00:00:85:0b:7d:6f;
+   #fixed-address canon0b7d6f.anwaeltinnen.netz;
+   hardware ethernet 00:1e:8f:d3:35:d2;
+   fixed-address canond335d2.anwaeltinnen.netz;
+}
+
+
+## host gw-doberan {
+##    hardware ethernet 00:C0:26:A1:8A:CD;
+##    fixed-address gw-doberan.rav.local ;
+## }
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/ANW-URB/email_notice.ANW-URB b/ANW-URB/email_notice.ANW-URB
new file mode 100755
index 0000000..72092a5
--- /dev/null
+++ b/ANW-URB/email_notice.ANW-URB
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+file=/tmp/mail_ip-up$$
+
+admin_email=argus@oopen.de
+from_address=ip-up_anw-urban@oopen.de
+from_name="ip-up - ANW-URBAN"
+
+echo "" > $file
+echo " ********************************************************" >> $file
+echo " *** This is an autogenerated mail from `hostname -f` ***" >> $file
+echo "" >> $file
+echo " I brought up the ppp-daemon with the following" >> $file
+echo -e " parameters:\n" >> $file
+echo -e "\tInterface name...............: $PPP_IFACE" >> $file
+echo -e "\tThe tty......................: $PPP_TTY" >> $file
+echo -e "\tThe link speed...............: $PPP_SPEED" >> $file
+echo -e "\tLocal IP number..............: $PPP_LOCAL" >> $file
+echo -e "\tPeer  IP number..............: $PPP_REMOTE" >> $file
+if [ "$USEPEERDNS" ] && [ "$DNS1" ] ; then
+   echo -e "\tNameserver 1.................: $DNS1" >> $file
+   if [ "$DNS2" ] ; then
+      echo -e "\tNameserver 2.................: $DNS2" >> $file
+   fi
+fi
+
+
+echo -e "\tOptional \"ipparam\" value.....: $PPP_IPPARAM" >> $file
+echo "" >> $file
+echo -e "\tDate.........................: `date +\"%d.%m.%Y\"`" >> $file
+echo -e "\tTime.........................: `date +\"%H:%M:%S\"`" >> $file
+echo "" >> $file
+echo " ********************************************************" >> $file
+
+#/bin/echo -e "From:ip-up@`hostname -f`\nTo:${admin_email}\nSubject: $PPP_LOCAL\n`cat $file`" | /usr/sbin/sendmail $admin_email
+## /bin/echo -e "From:ip-up@inferno.local\nSubject: $PPP_LOCAL\n`cat $file`" | /usr/sbin/sendmail ckubu@so36.net
+
+/bin/echo -e "From:${from_name} <${from_address}>\nTo:${admin_email}\nSubject: $PPP_LOCAL\n`cat $file`" | /usr/sbin/sendmail $admin_email
+
+rm -f $file
+
diff --git a/ANW-URB/generic.ANW-URB b/ANW-URB/generic.ANW-URB
new file mode 100644
index 0000000..4f804ed
--- /dev/null
+++ b/ANW-URB/generic.ANW-URB
@@ -0,0 +1,3 @@
+root@gw-urban.anwaeltinnen.netz      root_anw-urban@oopen.de
+cron@gw-urban.anwaeltinnen.netz      cron_anw-urban@oopen.de
+@gw-urban.anwaeltinnen.netz          other_anw-urban@oopen.de
diff --git a/ANW-URB/generic.db.ANW-URB b/ANW-URB/generic.db.ANW-URB
new file mode 100644
index 0000000..9312732
Binary files /dev/null and b/ANW-URB/generic.db.ANW-URB differ
diff --git a/ANW-URB/hostapd.conf.ANW-URB b/ANW-URB/hostapd.conf.ANW-URB
new file mode 100644
index 0000000..1b73306
--- /dev/null
+++ b/ANW-URB/hostapd.conf.ANW-URB
@@ -0,0 +1,30 @@
+interface=wlan0
+bridge=br0
+ssid=Alix-WLAN-OOPEN
+driver=nl80211
+
+## - D-LINK DWA-552
+## - MicroTIK RouterBOARD R52n-M
+## -
+#wme_enabled=1
+#ieee80211n=1
+#ht_capab=[HT40+][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
+
+## - Linksys WMP600N
+## -
+#wme_enabled=1
+#ieee80211n=1
+#ht_capab=[HT40+][SHORT-GI-40][TX-STBC][RX-STBC12]
+
+channel=4
+hw_mode=g
+ignore_broadcast_ssid=0
+auth_algs=1
+macaddr_acl=0
+wpa=2
+wpa_key_mgmt=WPA-PSK
+wpa_passphrase=WoAuchImmer
+wpa_pairwise=TKIP
+rsn_pairwise=CCMP
+wpa_group_rekey=600
+ctrl_interface=/var/run/hostapd
diff --git a/ANW-URB/hostname.ANW-URB b/ANW-URB/hostname.ANW-URB
new file mode 100644
index 0000000..d99c972
--- /dev/null
+++ b/ANW-URB/hostname.ANW-URB
@@ -0,0 +1 @@
+gw-urban
diff --git a/ANW-URB/hosts.ANW-URB b/ANW-URB/hosts.ANW-URB
new file mode 100644
index 0000000..b8f0991
--- /dev/null
+++ b/ANW-URB/hosts.ANW-URB
@@ -0,0 +1,10 @@
+127.0.0.1	localhost
+127.0.1.1	gw-urban.anwaeltinnen.netz	gw-urban
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+ff02::3 ip6-allhosts
diff --git a/ANW-URB/igmpproxy.conf.ANW-URB b/ANW-URB/igmpproxy.conf.ANW-URB
new file mode 100644
index 0000000..9f6e290
--- /dev/null
+++ b/ANW-URB/igmpproxy.conf.ANW-URB
@@ -0,0 +1,75 @@
+########################################################
+#
+#   Example configuration file for the IgmpProxy
+#   --------------------------------------------
+#
+#   The configuration file must define one upstream
+#   interface, and one or more downstream interfaces.
+#
+#   If multicast traffic originates outside the
+#   upstream subnet, the "altnet" option can be
+#   used in order to define legal multicast sources.
+#   (Se example...)
+#
+#   The "quickleave" should be used to avoid saturation
+#   of the upstream link. The option should only
+#   be used if it's absolutely nessecary to
+#   accurately imitate just one Client.
+#
+########################################################
+
+##------------------------------------------------------
+## Enable Quickleave mode (Sends Leave instantly)
+##------------------------------------------------------
+quickleave
+
+
+##------------------------------------------------------
+## Configuration for eth0 (Upstream Interface)
+##------------------------------------------------------
+#phyint eth0 upstream  ratelimit 0  threshold 1
+#        altnet 10.0.0.0/8 
+#        altnet 192.168.0.0/24
+##------------------------------------------------------
+## Configuration for ppp0 (Upstream Interface)
+##------------------------------------------------------
+#phyint ppp0 upstream  ratelimit 0  threshold 1
+phyint eth2.8 upstream  ratelimit 0  threshold 1
+        altnet 217.0.119.194/24
+        altnet 193.158.35.0/24;
+        altnet 239.35.100.6/24;
+        altnet 93.230.64.0/19;
+        altnet 192.168.63.0/24;
+        #
+        #altnet 192.168.63.5/32;
+        #altnet 192.168.63.40/32;
+
+
+##------------------------------------------------------
+## Configuration for eth1 (Downstream Interface)
+##------------------------------------------------------
+#phyint br0 downstream  ratelimit 0  threshold 1
+phyint eth1 downstream  ratelimit 0  threshold 1
+        # IP der TV-Box
+        altnet 192.168.63.0/24;
+        #altnet 192.168.63.5/32;
+        #altnet 192.168.63.40/32;
+
+
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+#phyint eth2 disabled
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+phyint eth0 disabled
+phyint eth2 disabled
+phyint eth2.7 disabled
+phyint eth1:0 disabled
+phyint eth1:wf disabled
+phyint ppp0 disabled
+phyint tun0 disabled
+phyint lo disabled
+
+
diff --git a/ANW-URB/interfaces.ANW-URB b/ANW-URB/interfaces.ANW-URB
new file mode 100644
index 0000000..0cd303e
--- /dev/null
+++ b/ANW-URB/interfaces.ANW-URB
@@ -0,0 +1,56 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+
+#-----------------------------
+# eth1 - LAN
+#-----------------------------
+
+auto eth1 eth1:0
+iface eth1 inet static
+   address 192.168.132.254
+   network 192.168.132.0
+   netmask 255.255.255.0
+   broadcast 192.168.132.255
+
+iface eth1:0 inet static
+   address 192.168.132.1
+   network 192.168.132.0
+   netmask 255.255.255.0
+   broadcast 192.168.132.255
+
+
+#-----------------------------
+# eth2 - WAN
+#-----------------------------
+
+auto eth2
+iface eth2 inet static
+   address 172.16.132.1
+   network 172.16.132.0
+   netmask 255.255.255.0
+   broadcast 172.16.132.255
+   gateway 172.16.132.254
+
+
+#-----------------------------
+# br0 (bind eth0 + wlan0) - WAN
+#-----------------------------
+
+auto br0
+iface br0 inet static
+   address 192.168.133.254
+   network 192.168.133.0
+   netmask 255.255.255.0
+   broadcast 192.168.133.255
+   bridge_ports eth0 wlan0
+   bridge_stp off
+   bridge_maxwait 1
+
+iface eth0 inet manual
+iface wlan0 inet manual
+
diff --git a/ANW-URB/ipt-firewall.ANW-URB b/ANW-URB/ipt-firewall.ANW-URB
new file mode 100755
index 0000000..5be1a57
--- /dev/null
+++ b/ANW-URB/ipt-firewall.ANW-URB
@@ -0,0 +1,3947 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/ANW-URB/ipt-firewall/default_ports.conf b/ANW-URB/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..a6ee932
--- /dev/null
+++ b/ANW-URB/ipt-firewall/default_ports.conf
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/ANW-URB/ipt-firewall/include_functions.conf b/ANW-URB/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/ANW-URB/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/ANW-URB/ipt-firewall/interfaces_ipv4.conf b/ANW-URB/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..942b829
--- /dev/null
+++ b/ANW-URB/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="eth1"
+local_if_2="br0"
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/ANW-URB/ipt-firewall/load_modules_ipv4.conf b/ANW-URB/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/ANW-URB/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/ANW-URB/ipt-firewall/load_modules_ipv6.conf b/ANW-URB/ipt-firewall/load_modules_ipv6.conf
new file mode 100644
index 0000000..2c55689
--- /dev/null
+++ b/ANW-URB/ipt-firewall/load_modules_ipv6.conf
@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle
diff --git a/ANW-URB/ipt-firewall/logging_ipv4.conf b/ANW-URB/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..e653972
--- /dev/null
+++ b/ANW-URB/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/ANW-URB/ipt-firewall/logging_ipv6.conf b/ANW-URB/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..a024215
--- /dev/null
+++ b/ANW-URB/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/ANW-URB/ipt-firewall/main_ipv4.conf b/ANW-URB/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..9171696
--- /dev/null
+++ b/ANW-URB/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1351 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+read -a gateway_ipv4_address_arr <<<$(ifconfig | grep "inet Ad" | awk '{print$2}' | cut -d':' -f2)
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# - =====
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                    86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip=""
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks=""
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195 1196"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - 192.168.132.6    Canon iR3245
+# -
+# - Blank separated list
+# -
+http_server_only_local_ips="192.168.132.6"
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - SMTP server (i.e. mail relay service) Gateway
+# -
+local_smtp_service=false
+
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+
+# - 192.168.132.10   Fileserver (marvin)
+# -
+samba_server_local_ips=""
+
+# - Samba Service DMZ
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips="192.168.132.0/24"
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=false
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - 192.168.132.15   IPMI Fileserver (marvin)
+# -
+# - Blank seoarated list
+# -
+ipmi_server_ips="192.168.132.15"
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_ports="623 5900"
+ipmi_tcp_ports="80 443 623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - 192.168.132.6    Canon iR3245
+# -
+# - Blank separated list
+# -
+printer_ips="192.168.132.6"
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips=""
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade (NAT) networks
+# -
+# -    nat_networks="<src-network>:<output-device> [<src-network>:<output-device>] [.."
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -    nat_network="172.16.1.0/24:${local_if_2}
+# -                 172.16.63.0/24:${ext_if_static_1}"
+# -
+# - 172.16.1.0/24    Rescue network (routers)
+# -
+nat_networks=""
+
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+# -    172.16.132.254   Fritz!BOX 7490 
+# -
+# - Blank separated list
+# -
+masquerade_tcp_cons="
+   192.168.63.0/24:172.16.132.254:80:${ext_if_static_1}
+   192.168.63.0/24:172.16.132.254:443:${ext_if_static_1}
+   10.1.132.0/24:172.16.132.254:80:${ext_if_static_1}
+   10.1.132.0/24:172.16.132.254:80:${ext_if_static_1}"
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# - Blank separated list
+# -
+portforward_tcp=""
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+allow_cisco_vpn_out=false
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=true
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=false
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=false
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14"
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/ANW-URB/ipt-firewall/post_decalrations.conf b/ANW-URB/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..7d0e9bf
--- /dev/null
+++ b/ANW-URB/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/ANW-URB/mailname.ANW-URB b/ANW-URB/mailname.ANW-URB
new file mode 100644
index 0000000..8b88356
--- /dev/null
+++ b/ANW-URB/mailname.ANW-URB
@@ -0,0 +1 @@
+gw-urban.anwaeltinnen.netz
diff --git a/ANW-URB/main.cf.ANW-URB b/ANW-URB/main.cf.ANW-URB
new file mode 100644
index 0000000..ba9869b
--- /dev/null
+++ b/ANW-URB/main.cf.ANW-URB
@@ -0,0 +1,268 @@
+# ============ Basic settings ============
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+
+## - The Internet protocols Postfix will attempt to use when making 
+## - or accepting connections.
+## - DEFAULT: ipv4
+inet_protocols = ipv4
+
+#inet_interfaces = all
+inet_interfaces =
+   127.0.0.1
+   192.168.132.254
+
+myhostname = gw-urban.anwaeltinnen.netz
+
+mydestination = 
+   gw-urban.anwaeltinnen.netz
+   localhost
+
+## - The list of "trusted" SMTP clients that have more 
+## - privileges than "strangers"
+## -
+mynetworks = 
+   127.0.0.0/8
+   192.168.132.254/32
+
+#smtp_bind_address = 172.16.132.1
+#smtp_bind_address6 = 
+
+
+## - The method to generate the default value for the mynetworks parameter.
+## -
+## -   mynetworks_style = host" when Postfix should "trust" only the local machine
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -                       clients in the same IP subnetworks as the local machine.
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -                      IP class A/B/C networks as the local machine.
+## -
+#mynetworks_style = host
+
+
+## - The maximal size of any local(8) individual mailbox or maildir file, 
+## - or zero (no limit). In fact, this limits the size of any file that is 
+## - written to upon local delivery, including files written by external 
+## - commands that are executed by the local(8) delivery agent. 
+## -
+mailbox_size_limit = 0
+
+## - The maximal size in bytes of a message, including envelope information.
+## -
+## - we user 50MB
+## -
+message_size_limit = 52480000
+
+## - The system-wide recipient address extension delimiter
+## -
+recipient_delimiter = +
+
+## - The alias databases that are used for local(8) delivery.
+## -
+alias_maps =
+   hash:/etc/aliases
+
+## - The alias databases for local(8) delivery that are updated 
+## - with "newaliases" or with "sendmail -bi". 
+## -
+alias_database =
+   hash:/etc/aliases
+
+
+## - The maximal time a message is queued before it is sent back as 
+## - undeliverable. Defaults to 5d (5 days)
+## - Specify 0 when mail delivery should be tried only once.
+## - 
+maximal_queue_lifetime = 3d
+bounce_queue_lifetime = $maximal_queue_lifetime
+
+## - delay_warning_time (default: 0h)
+## -
+## - The time after which the sender receives a copy of the message 
+## - headers of mail that is still queued. To enable this feature, 
+## - specify a non-zero time value (an integral value plus an optional 
+## - one-letter suffix that specifies the time unit). 
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
+## - The default time unit is h (hours). 
+delay_warning_time = 1d
+
+
+
+# ============ Relay parameters ============
+
+#relayhost =
+
+
+# ============ SASL authentication ============
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+
+
+
+# ============ TLS parameters ============
+
+## - Aktiviert TLS für den Mailempfang
+## -
+## - may:
+## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - SMTP server, otherwise use plaintext
+## -
+## - This overrides the obsolete parameters smtpd_use_tls and 
+## - smtpd_enforce_tls. This parameter is ignored with 
+## - "smtpd_tls_wrappermode = yes".
+#smtpd_use_tls=yes
+smtp_tls_security_level=encrypt
+
+## - Aktiviert TLS für den Mailversand
+## -
+## - may:
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - but do not require that clients use TLS encryption.
+# smtp_use_tls=yes
+smtpd_tls_security_level=may
+
+## -    0 Disable logging of TLS activity. 
+## -    1 Log TLS handshake and certificate information. 
+## -    2 Log levels during TLS negotiation. 
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
+
+smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
+smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
+## -
+smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
+## - also possible to use 2048 key with that parameter
+## -
+#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
+## -
+smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
+
+
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
+## - server certificates or intermediate CA certificates. These are loaded into 
+## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
+## - 
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - necessary "hash" links with, for example, "
+## - /bin/c_rehash /etc/postfix/certs". 
+## -
+## - !! Note !!
+## - To use this option in chroot mode, this directory (or a copy) must be inside 
+## - the chroot jail. 
+## -
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - queue directory (/var/spool/postfix)
+## -
+#smtpd_tls_CApath = /etc/postfix/certs
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP server 
+# 
+# List of TLS protocols that the Postfix SMTP server will exclude or  
+# include with opportunistic TLS encryption.  
+smtpd_tls_protocols = !SSLv2, !SSLv3
+# 
+# The SSL/TLS protocols accepted by the Postfix SMTP server  
+# with mandatory TLS encryption. 
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP client 
+#  
+# List of TLS protocols that the Postfix SMTP client will exclude or  
+# include with opportunistic TLS encryption.  
+smtp_tls_protocols = !SSLv2, !SSLv3
+# 
+# List of SSL/TLS protocols that the Postfix SMTP client will use  
+# with mandatory TLS encryption 
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
+## -    openssl > 1.0
+## -
+smtpd_tls_eecdh_grade = strong
+
+# standard list cryptographic algorithm
+tls_preempt_cipherlist = yes
+
+# Disable ciphers which are less than 256-bit:
+#
+#smtpd_tls_mandatory_ciphers = high
+#
+# opportunistic
+smtpd_tls_ciphers = high
+
+
+# Exclude ciphers
+#smtpd_tls_exclude_ciphers =
+#   RC4
+#   aNULL
+#   SEED-SHA
+#   EXP
+#   MD5
+smtpd_tls_exclude_ciphers =
+   aNULL
+   eNULL
+   EXPORT
+   DES
+   RC4
+   MD5
+   PSK
+   aECDH
+   EDH-DSS-DES-CBC3-SHA
+   EDH-RSA-DES-CDC3-SHA
+   KRB5-DE5, CBC3-SHA
+
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
diff --git a/ANW-URB/openvpn/ccd/server-gw-ckubu/ANW-URB-VPN-gw-ckubu b/ANW-URB/openvpn/ccd/server-gw-ckubu/ANW-URB-VPN-gw-ckubu
new file mode 100644
index 0000000..d5bf6f6
--- /dev/null
+++ b/ANW-URB/openvpn/ccd/server-gw-ckubu/ANW-URB-VPN-gw-ckubu
@@ -0,0 +1,6 @@
+ifconfig-push 10.1.132.2 255.255.255.0
+push "route 192.168.132.0 255.255.255.0 10.1.132.1"
+push "route 192.168.133.0 255.255.255.0 10.1.132.1"
+push "route 172.16.132.0 255.255.255.0 10.1.132.1"
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0
diff --git a/ANW-URB/openvpn/ccd/server-home/ANW-Urban-VPN-chris b/ANW-URB/openvpn/ccd/server-home/ANW-Urban-VPN-chris
new file mode 100644
index 0000000..a4db4ae
--- /dev/null
+++ b/ANW-URB/openvpn/ccd/server-home/ANW-Urban-VPN-chris
@@ -0,0 +1,4 @@
+ifconfig-push 10.0.132.3 255.255.255.0
+push "route 172.16.132.0 255.255.255.0"
+#push "route 192.168.1.0 255.255.255.0"
+
diff --git a/ANW-URB/openvpn/ccd/server-home/ANW-Urban-VPN-undine b/ANW-URB/openvpn/ccd/server-home/ANW-Urban-VPN-undine
new file mode 100644
index 0000000..d0aacae
--- /dev/null
+++ b/ANW-URB/openvpn/ccd/server-home/ANW-Urban-VPN-undine
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.132.4 255.255.255.0
+#push "route 192.168.1.0 255.255.255.0"
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/README.gz b/ANW-URB/openvpn/easy-rsa/1.0/README.gz
new file mode 100644
index 0000000..471cc04
Binary files /dev/null and b/ANW-URB/openvpn/easy-rsa/1.0/README.gz differ
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/build-ca b/ANW-URB/openvpn/easy-rsa/1.0/build-ca
new file mode 100755
index 0000000..5ad59cc
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/build-ca
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+#
+# Build a root certificate
+#
+
+if test $KEY_DIR; then
+	cd $KEY_DIR && \
+	openssl req -days 3650 -nodes -new -x509 -keyout ca.key -out ca.crt -config $KEY_CONFIG && \
+        chmod 0600 ca.key
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/build-dh b/ANW-URB/openvpn/easy-rsa/1.0/build-dh
new file mode 100755
index 0000000..6de4baf
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/build-dh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+#
+# Build Diffie-Hellman parameters for the server side
+# of an SSL/TLS connection.
+#
+
+if test $KEY_DIR; then
+    openssl dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
+else
+    echo you must define KEY_DIR
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/build-inter b/ANW-URB/openvpn/easy-rsa/1.0/build-inter
new file mode 100755
index 0000000..8b3a6b2
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/build-inter
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+#
+# Make an intermediate CA certificate/private key pair using a locally generated
+# root certificate.
+#
+
+if test $# -ne 1; then
+        echo "usage: build-inter <name>";
+        exit 1
+fi                                                                             
+
+if test $KEY_DIR; then
+	cd $KEY_DIR && \
+	openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
+	openssl ca -extensions v3_ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/build-key b/ANW-URB/openvpn/easy-rsa/1.0/build-key
new file mode 100755
index 0000000..3159d2b
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/build-key
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+#
+# Make a certificate/private key pair using a locally generated
+# root certificate.
+#
+
+if test $# -ne 1; then
+        echo "usage: build-key <name>";
+        exit 1
+fi                                                                             
+
+if test $KEY_DIR; then
+	cd $KEY_DIR && \
+	openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
+	openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
+	chmod 0600 $1.key
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/build-key-pass b/ANW-URB/openvpn/easy-rsa/1.0/build-key-pass
new file mode 100755
index 0000000..03ab304
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/build-key-pass
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+#
+# Similar to build-key, but protect the private key
+# with a password.
+#
+
+if test $# -ne 1; then
+        echo "usage: build-key-pass <name>";
+        exit 1
+fi
+
+if test $KEY_DIR; then
+	cd $KEY_DIR && \
+	openssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
+	openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
+	chmod 0600 $1.key
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/build-key-pkcs12 b/ANW-URB/openvpn/easy-rsa/1.0/build-key-pkcs12
new file mode 100755
index 0000000..f8a057b
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/build-key-pkcs12
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+#
+# Make a certificate/private key pair using a locally generated
+# root certificate and convert it to a PKCS #12 file including the
+# the CA certificate as well.
+
+if test $# -ne 1; then
+        echo "usage: build-key-pkcs12 <name>";
+        exit 1
+fi                                                                             
+
+if test $KEY_DIR; then
+	cd $KEY_DIR && \
+	openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \
+	openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \
+        openssl pkcs12 -export -inkey $1.key -in $1.crt -certfile ca.crt -out $1.p12 && \
+	chmod 0600 $1.key $1.p12
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/build-key-server b/ANW-URB/openvpn/easy-rsa/1.0/build-key-server
new file mode 100755
index 0000000..30dc41e
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/build-key-server
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+#
+# Make a certificate/private key pair using a locally generated
+# root certificate.
+#
+# Explicitly set nsCertType to server using the "server"
+# extension in the openssl.cnf file.
+
+if test $# -ne 1; then
+        echo "usage: build-key-server <name>";
+        exit 1
+fi                                                                             
+
+if test $KEY_DIR; then
+	cd $KEY_DIR && \
+	openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -extensions server -config $KEY_CONFIG && \
+	openssl ca -days 3650 -out $1.crt -in $1.csr -extensions server -config $KEY_CONFIG && \
+        chmod 0600 $1.key
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/build-req b/ANW-URB/openvpn/easy-rsa/1.0/build-req
new file mode 100755
index 0000000..30f62f5
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/build-req
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+#
+# Build a certificate signing request and private key.  Use this
+# when your root certificate and key is not available locally.
+#
+
+if test $# -ne 1; then
+    echo "usage: build-req <name>";
+    exit 1
+fi                                                                             
+
+if test $KEY_DIR; then
+    cd $KEY_DIR && \
+    openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
+else
+    echo you must define KEY_DIR
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/build-req-pass b/ANW-URB/openvpn/easy-rsa/1.0/build-req-pass
new file mode 100755
index 0000000..829b286
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/build-req-pass
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+#
+# Like build-req, but protect your private key
+# with a password.
+#
+
+if test $# -ne 1; then
+    echo "usage: build-req-pass <name>";
+    exit 1
+fi                                                                             
+
+if test $KEY_DIR; then
+    cd $KEY_DIR && \
+    openssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG
+else
+    echo you must define KEY_DIR
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/clean-all b/ANW-URB/openvpn/easy-rsa/1.0/clean-all
new file mode 100755
index 0000000..d10aef5
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/clean-all
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+#
+# Initialize the $KEY_DIR directory.
+# Note that this script does a
+# rm -rf on $KEY_DIR so be careful!
+#
+
+d=$KEY_DIR
+
+if test $d; then
+	rm -rf $d
+	mkdir $d && \
+	chmod go-rwx $d && \
+	touch $d/index.txt && \
+	echo 01 >$d/serial
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/list-crl b/ANW-URB/openvpn/easy-rsa/1.0/list-crl
new file mode 100644
index 0000000..b214dbd
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/list-crl
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+#
+# list revoked certificates
+#
+#
+
+if test $# -ne 1; then
+        echo "usage: list-crl <crlfile.pem>";
+        exit 1
+fi
+
+if test $KEY_DIR; then
+       cd $KEY_DIR && \
+       openssl crl -text -noout -in $1
+else
+       echo you must define KEY_DIR
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/make-crl b/ANW-URB/openvpn/easy-rsa/1.0/make-crl
new file mode 100644
index 0000000..62fe6c1
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/make-crl
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+#
+# generate a CRL
+#
+#
+
+if test $# -ne 1; then
+        echo "usage: make-crl <crlfile.pem>";
+        exit 1
+fi
+
+if test $KEY_DIR; then
+       cd $KEY_DIR && \
+       openssl ca -gencrl -out $1 -config $KEY_CONFIG
+else
+       echo you must define KEY_DIR
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/openssl.cnf b/ANW-URB/openvpn/easy-rsa/1.0/openssl.cnf
new file mode 100644
index 0000000..270b069
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/openssl.cnf
@@ -0,0 +1,255 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/revoke-crt b/ANW-URB/openvpn/easy-rsa/1.0/revoke-crt
new file mode 100644
index 0000000..35b071a
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/revoke-crt
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+#
+# revoke a certificate
+#
+#
+
+if test $# -ne 1; then
+        echo "usage: revoke-crt <file.crt>";
+        exit 1
+fi
+
+if test $KEY_DIR; then
+       cd $KEY_DIR && \
+       openssl ca -revoke $1 -config $KEY_CONFIG
+else
+       echo you must define KEY_DIR
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/revoke-full b/ANW-URB/openvpn/easy-rsa/1.0/revoke-full
new file mode 100755
index 0000000..66ea03f
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/revoke-full
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+# revoke a certificate, regenerate CRL,
+# and verify revocation
+
+CRL=crl.pem
+RT=revoke-test.pem
+
+if test $# -ne 1; then
+        echo "usage: revoke-full <name>";
+        exit 1
+fi
+
+if test $KEY_DIR; then
+       cd $KEY_DIR
+       rm -f $RT
+
+       # revoke key and generate a new CRL
+       openssl ca -revoke $1.crt -config $KEY_CONFIG
+
+       # generate a new CRL
+       openssl ca -gencrl -out $CRL -config $KEY_CONFIG
+       cat ca.crt $CRL >$RT
+    
+       # verify the revocation
+       openssl verify -CAfile $RT -crl_check $1.crt
+else
+       echo you must define KEY_DIR
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/sign-req b/ANW-URB/openvpn/easy-rsa/1.0/sign-req
new file mode 100755
index 0000000..59edc42
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/sign-req
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+#
+# Sign a certificate signing request (a .csr file)
+# with a local root certificate and key.
+#
+
+if test $# -ne 1; then
+        echo "usage: sign-req <name>";
+        exit 1
+fi                                                                             
+
+if test $KEY_DIR; then
+	cd $KEY_DIR && \
+	openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG
+else
+	echo you must define KEY_DIR
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/1.0/vars b/ANW-URB/openvpn/easy-rsa/1.0/vars
new file mode 100644
index 0000000..da89cd2
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/1.0/vars
@@ -0,0 +1,49 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export D=`pwd`
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=$D/openssl.cnf
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR=$D/keys
+
+# Issue rm -rf warning
+echo NOTE: when you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=1024
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY=KG
+export KEY_PROVINCE=NA
+export KEY_CITY=BISHKEK
+export KEY_ORG="OpenVPN-TEST"
+export KEY_EMAIL="me@myhost.mydomain"
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/Makefile b/ANW-URB/openvpn/easy-rsa/2.0/Makefile
new file mode 100644
index 0000000..8000cc5
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/Makefile
@@ -0,0 +1,13 @@
+
+DESTDIR=
+PREFIX=
+
+all:
+	echo "All done."
+	echo "Run make install DESTDIR=/usr/share/somewhere"
+
+install:
+	install -d "${DESTDIR}/${PREFIX}"
+	install -m 0755 build-* "${DESTDIR}/${PREFIX}"
+	install -m 0755 clean-all list-crl inherit-inter pkitool revoke-full sign-req whichopensslcnf "${DESTDIR}/${PREFIX}"
+	install -m 0644 openssl-0.9.6.cnf openssl-0.9.8.cnf openssl-1.0.0.cnf README vars "${DESTDIR}/${PREFIX}"
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/README.gz b/ANW-URB/openvpn/easy-rsa/2.0/README.gz
new file mode 100644
index 0000000..ad3896f
Binary files /dev/null and b/ANW-URB/openvpn/easy-rsa/2.0/README.gz differ
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/build-ca b/ANW-URB/openvpn/easy-rsa/2.0/build-ca
new file mode 100755
index 0000000..bce29a6
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/build-ca
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+#
+# Build a root certificate
+#
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --initca $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/build-dh b/ANW-URB/openvpn/easy-rsa/2.0/build-dh
new file mode 100755
index 0000000..4beb127
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/build-dh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# Build Diffie-Hellman parameters for the server side
+# of an SSL/TLS connection.
+
+if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
+    $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/build-inter b/ANW-URB/openvpn/easy-rsa/2.0/build-inter
new file mode 100755
index 0000000..87bf98d
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/build-inter
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Make an intermediate CA certificate/private key pair using a locally generated
+# root certificate.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --inter $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/build-key b/ANW-URB/openvpn/easy-rsa/2.0/build-key
new file mode 100755
index 0000000..6c0fed8
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/build-key
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Make a certificate/private key pair using a locally generated
+# root certificate.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/build-key-pass b/ANW-URB/openvpn/easy-rsa/2.0/build-key-pass
new file mode 100755
index 0000000..8ef8307
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/build-key-pass
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Similar to build-key, but protect the private key
+# with a password.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --pass $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/build-key-pkcs12 b/ANW-URB/openvpn/easy-rsa/2.0/build-key-pkcs12
new file mode 100755
index 0000000..ba90e6a
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/build-key-pkcs12
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# Make a certificate/private key pair using a locally generated
+# root certificate and convert it to a PKCS #12 file including the
+# the CA certificate as well.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --pkcs12 $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/build-key-server b/ANW-URB/openvpn/easy-rsa/2.0/build-key-server
new file mode 100755
index 0000000..fee0194
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/build-key-server
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# Make a certificate/private key pair using a locally generated
+# root certificate.
+#
+# Explicitly set nsCertType to server using the "server"
+# extension in the openssl.cnf file.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --server $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/build-req b/ANW-URB/openvpn/easy-rsa/2.0/build-req
new file mode 100755
index 0000000..559d512
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/build-req
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Build a certificate signing request and private key.  Use this
+# when your root certificate and key is not available locally.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --csr $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/build-req-pass b/ANW-URB/openvpn/easy-rsa/2.0/build-req-pass
new file mode 100755
index 0000000..b73ee1b
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/build-req-pass
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Like build-req, but protect your private key
+# with a password.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --csr --pass $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/clean-all b/ANW-URB/openvpn/easy-rsa/2.0/clean-all
new file mode 100755
index 0000000..cc6e3b2
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/clean-all
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# Initialize the $KEY_DIR directory.
+# Note that this script does a
+# rm -rf on $KEY_DIR so be careful!
+
+if [ "$KEY_DIR" ]; then
+    rm -rf "$KEY_DIR"
+    mkdir "$KEY_DIR" && \
+	chmod go-rwx "$KEY_DIR" && \
+	touch "$KEY_DIR/index.txt" && \
+	echo 01 >"$KEY_DIR/serial"
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/inherit-inter b/ANW-URB/openvpn/easy-rsa/2.0/inherit-inter
new file mode 100755
index 0000000..aaa5168
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/inherit-inter
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# Build a new PKI which is rooted on an intermediate certificate generated
+# by ./build-inter or ./pkitool --inter from a parent PKI.  The new PKI should
+# have independent vars settings, and must use a different KEY_DIR directory
+# from the parent.  This tool can be used to generate arbitrary depth
+# certificate chains.
+#
+# To build an intermediate CA, follow the same steps for a regular PKI but
+# replace ./build-key or ./pkitool --initca with this script.
+
+# The EXPORT_CA file will contain the CA certificate chain and should be
+# referenced by the OpenVPN "ca" directive in config files.  The ca.crt file
+# will only contain the local intermediate CA -- it's needed by the easy-rsa
+# scripts but not by OpenVPN directly.
+EXPORT_CA="export-ca.crt"
+
+if [ $# -ne 2 ]; then
+    echo "usage: $0 <parent-key-dir> <common-name>"
+    echo "parent-key-dir: the KEY_DIR directory of the parent PKI"
+    echo "common-name: the common name of the intermediate certificate in the parent PKI"
+    exit 1;
+fi
+
+if [ "$KEY_DIR" ]; then
+    cp "$1/$2.crt" "$KEY_DIR/ca.crt"
+    cp "$1/$2.key" "$KEY_DIR/ca.key"
+
+    if [ -e "$1/$EXPORT_CA" ]; then
+	PARENT_CA="$1/$EXPORT_CA"
+    else
+	PARENT_CA="$1/ca.crt"
+    fi
+    cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA"
+    cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA"
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/01.pem b/ANW-URB/openvpn/easy-rsa/2.0/keys/01.pem
new file mode 100644
index 0000000..1a046ed
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/01.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=BR, ST=SP, L=Sao Paulo, O=Debian For Alix - DUMMY CHANGE IT, OU=Linux Projects, CN=Debian For Alix CA/emailAddress=no-mail@site
+        Validity
+            Not Before: May 12 03:02:28 2012 GMT
+            Not After : May 10 03:02:28 2022 GMT
+        Subject: C=BR, ST=SP, L=Sao Paulo, O=Debian For Alix, CN=crl-test.site/emailAddress=no-mail@site
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c5:ea:a1:09:d0:00:af:07:54:12:6c:96:83:dc:
+                    2a:6e:10:db:57:0c:a9:70:8e:cd:3a:d4:c7:cf:bc:
+                    f8:8e:88:85:9c:59:26:fe:94:93:78:a6:7e:48:41:
+                    ce:78:12:55:1c:18:60:93:66:ab:35:9b:10:60:67:
+                    48:6e:e5:ef:01:d6:2b:33:24:73:66:ba:50:5f:90:
+                    bc:05:95:1c:fd:9a:82:e4:41:81:bb:a8:45:c3:9a:
+                    09:a3:8b:7a:00:fe:00:9f:bd:cf:15:42:5b:53:38:
+                    0d:8d:b4:90:c9:26:f3:2b:aa:de:a4:e9:eb:1c:e4:
+                    ab:e7:a9:0a:85:e4:72:53:8d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                2E:44:CD:9A:53:C1:1D:BC:4C:4D:58:7F:52:62:AF:7B:AC:C9:FF:3A
+            X509v3 Authority Key Identifier: 
+                keyid:8C:A5:DB:53:21:BD:5F:61:E1:56:ED:7A:9B:A5:02:BD:2E:23:AA:A6
+                DirName:/C=BR/ST=SP/L=Sao Paulo/O=Debian For Alix - DUMMY CHANGE IT/OU=Linux Projects/CN=Debian For Alix CA/emailAddress=no-mail@site
+                serial:8E:68:E2:9B:06:CB:D1:65
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: sha1WithRSAEncryption
+        27:8b:a6:82:17:72:9d:e5:31:b5:14:58:a1:40:93:15:50:47:
+        d6:73:ff:55:79:cb:bc:d6:e3:e5:d7:1b:5d:77:c8:ad:a4:1f:
+        f0:2a:a3:de:81:4f:58:87:b9:38:49:42:69:53:51:87:79:ba:
+        23:48:51:5d:b1:19:88:a0:6c:a2:1c:79:c3:7f:02:62:61:56:
+        3e:1f:73:ec:e6:d1:33:22:ed:3d:60:3a:35:a4:8c:07:88:cc:
+        25:b2:d8:2c:ac:db:47:a4:a6:72:30:e3:09:0c:0f:6d:bd:e7:
+        bf:b7:77:af:89:8e:89:cb:7e:23:6b:9d:42:7e:b3:22:d9:aa:
+        e0:67
+-----BEGIN CERTIFICATE-----
+MIIEITCCA4qgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrTELMAkGA1UEBhMCQlIx
+CzAJBgNVBAgTAlNQMRIwEAYDVQQHEwlTYW8gUGF1bG8xKjAoBgNVBAoTIURlYmlh
+biBGb3IgQWxpeCAtIERVTU1ZIENIQU5HRSBJVDEXMBUGA1UECxMOTGludXggUHJv
+amVjdHMxGzAZBgNVBAMTEkRlYmlhbiBGb3IgQWxpeCBDQTEbMBkGCSqGSIb3DQEJ
+ARYMbm8tbWFpbEBzaXRlMB4XDTEyMDUxMjAzMDIyOFoXDTIyMDUxMDAzMDIyOFow
+fTELMAkGA1UEBhMCQlIxCzAJBgNVBAgTAlNQMRIwEAYDVQQHEwlTYW8gUGF1bG8x
+GDAWBgNVBAoTD0RlYmlhbiBGb3IgQWxpeDEWMBQGA1UEAxMNY3JsLXRlc3Quc2l0
+ZTEbMBkGCSqGSIb3DQEJARYMbm8tbWFpbEBzaXRlMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDF6qEJ0ACvB1QSbJaD3CpuENtXDKlwjs061MfPvPiOiIWcWSb+
+lJN4pn5IQc54ElUcGGCTZqs1mxBgZ0hu5e8B1iszJHNmulBfkLwFlRz9moLkQYG7
+qEXDmgmji3oA/gCfvc8VQltTOA2NtJDJJvMrqt6k6esc5KvnqQqF5HJTjQIDAQAB
+o4IBfjCCAXowCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4
+QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFC5EzZpTwR28TE1Yf1Jir3usyf86MIHiBgNVHSMEgdowgdeAFIyl21Mh
+vV9h4VbtepulAr0uI6qmoYGzpIGwMIGtMQswCQYDVQQGEwJCUjELMAkGA1UECBMC
+U1AxEjAQBgNVBAcTCVNhbyBQYXVsbzEqMCgGA1UEChMhRGViaWFuIEZvciBBbGl4
+IC0gRFVNTVkgQ0hBTkdFIElUMRcwFQYDVQQLEw5MaW51eCBQcm9qZWN0czEbMBkG
+A1UEAxMSRGViaWFuIEZvciBBbGl4IENBMRswGQYJKoZIhvcNAQkBFgxuby1tYWls
+QHNpdGWCCQCOaOKbBsvRZTATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMC
+BaAwDQYJKoZIhvcNAQEFBQADgYEAJ4umghdyneUxtRRYoUCTFVBH1nP/VXnLvNbj
+5dcbXXfIraQf8Cqj3oFPWIe5OElCaVNRh3m6I0hRXbEZiKBsohx5w38CYmFWPh9z
+7ObRMyLtPWA6NaSMB4jMJbLYLKzbR6SmcjDjCQwPbb3nv7d3r4mOict+I2udQn6z
+Itmq4Gc=
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/02.pem b/ANW-URB/openvpn/easy-rsa/2.0/keys/02.pem
new file mode 100644
index 0000000..2f04709
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/02.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=BR, ST=SP, L=Sao Paulo, O=Debian For Alix - DUMMY CHANGE IT, OU=Linux Projects, CN=Debian For Alix CA/emailAddress=no-mail@site
+        Validity
+            Not Before: May 12 03:03:25 2012 GMT
+            Not After : May 10 03:03:25 2022 GMT
+        Subject: C=BR, ST=SP, L=Sao Paulo, O=Debian For Alix - DUMMY CHANGE IT, OU=Linux Projects, CN=alix.site/emailAddress=no-mail@site
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:cb:96:17:e9:b2:ad:89:cb:26:60:63:28:d2:77:
+                    6c:95:31:bd:79:96:b9:08:63:ec:44:07:c9:e5:b3:
+                    ba:31:8c:1e:4d:a1:ff:81:8d:fd:7e:e2:68:63:18:
+                    93:be:99:15:70:b1:5b:20:fe:0f:ab:19:21:2e:57:
+                    16:55:21:3e:f5:2c:98:3d:ac:d6:0b:3f:34:ee:8f:
+                    59:a2:f2:4a:94:ed:96:c2:41:93:e3:9d:ed:d0:fa:
+                    64:f4:d7:24:3c:03:98:bc:95:be:2c:3f:42:89:3f:
+                    b9:e5:1a:95:3c:2d:67:0a:84:60:17:7d:21:5f:a8:
+                    43:99:65:3f:b3:d8:06:1d:43
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                E0:51:7A:02:09:11:E6:2F:5F:47:D9:2E:36:9D:9D:AF:7F:16:5F:74
+            X509v3 Authority Key Identifier: 
+                keyid:8C:A5:DB:53:21:BD:5F:61:E1:56:ED:7A:9B:A5:02:BD:2E:23:AA:A6
+                DirName:/C=BR/ST=SP/L=Sao Paulo/O=Debian For Alix - DUMMY CHANGE IT/OU=Linux Projects/CN=Debian For Alix CA/emailAddress=no-mail@site
+                serial:8E:68:E2:9B:06:CB:D1:65
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: sha1WithRSAEncryption
+        6b:b8:50:42:30:27:87:e9:1e:0c:8d:c5:c0:fc:71:f4:70:41:
+        ee:45:09:ac:d2:2c:54:c7:d6:10:66:09:43:cd:8f:8e:75:9a:
+        61:b7:7b:45:10:fa:f4:15:73:6a:ca:01:0b:33:fc:a1:06:30:
+        c0:ff:10:5b:9d:5d:c1:2c:8d:a5:5f:f0:c2:ef:1c:49:e2:1f:
+        02:f3:fa:3b:cd:19:c3:a6:37:0b:0c:cb:af:b0:f8:24:8e:f9:
+        4d:36:82:89:2c:b8:84:a8:5d:5c:fb:f0:64:bd:04:f2:67:a2:
+        3c:d9:59:a0:81:f4:ad:f5:9d:ad:d5:14:48:e2:48:99:ed:41:
+        5e:31
+-----BEGIN CERTIFICATE-----
+MIIESTCCA7KgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBrTELMAkGA1UEBhMCQlIx
+CzAJBgNVBAgTAlNQMRIwEAYDVQQHEwlTYW8gUGF1bG8xKjAoBgNVBAoTIURlYmlh
+biBGb3IgQWxpeCAtIERVTU1ZIENIQU5HRSBJVDEXMBUGA1UECxMOTGludXggUHJv
+amVjdHMxGzAZBgNVBAMTEkRlYmlhbiBGb3IgQWxpeCBDQTEbMBkGCSqGSIb3DQEJ
+ARYMbm8tbWFpbEBzaXRlMB4XDTEyMDUxMjAzMDMyNVoXDTIyMDUxMDAzMDMyNVow
+gaQxCzAJBgNVBAYTAkJSMQswCQYDVQQIEwJTUDESMBAGA1UEBxMJU2FvIFBhdWxv
+MSowKAYDVQQKEyFEZWJpYW4gRm9yIEFsaXggLSBEVU1NWSBDSEFOR0UgSVQxFzAV
+BgNVBAsTDkxpbnV4IFByb2plY3RzMRIwEAYDVQQDEwlhbGl4LnNpdGUxGzAZBgkq
+hkiG9w0BCQEWDG5vLW1haWxAc2l0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAy5YX6bKticsmYGMo0ndslTG9eZa5CGPsRAfJ5bO6MYweTaH/gY39fuJoYxiT
+vpkVcLFbIP4PqxkhLlcWVSE+9SyYPazWCz807o9ZovJKlO2WwkGT453t0Ppk9Nck
+PAOYvJW+LD9CiT+55RqVPC1nCoRgF30hX6hDmWU/s9gGHUMCAwEAAaOCAX4wggF6
+MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIBDQQnFiVF
+YXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBTg
+UXoCCRHmL19H2S42nZ2vfxZfdDCB4gYDVR0jBIHaMIHXgBSMpdtTIb1fYeFW7Xqb
+pQK9LiOqpqGBs6SBsDCBrTELMAkGA1UEBhMCQlIxCzAJBgNVBAgTAlNQMRIwEAYD
+VQQHEwlTYW8gUGF1bG8xKjAoBgNVBAoTIURlYmlhbiBGb3IgQWxpeCAtIERVTU1Z
+IENIQU5HRSBJVDEXMBUGA1UECxMOTGludXggUHJvamVjdHMxGzAZBgNVBAMTEkRl
+YmlhbiBGb3IgQWxpeCBDQTEbMBkGCSqGSIb3DQEJARYMbm8tbWFpbEBzaXRlggkA
+jmjimwbL0WUwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMA0GCSqG
+SIb3DQEBBQUAA4GBAGu4UEIwJ4fpHgyNxcD8cfRwQe5FCazSLFTH1hBmCUPNj451
+mmG3e0UQ+vQVc2rKAQsz/KEGMMD/EFudXcEsjaVf8MLvHEniHwLz+jvNGcOmNwsM
+y6+w+CSO+U02goksuISoXVz78GS9BPJnojzZWaCB9K31na3VFEjiSJntQV4x
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/03.pem b/ANW-URB/openvpn/easy-rsa/2.0/keys/03.pem
new file mode 100644
index 0000000..aa30da2
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/03.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=BR, ST=SP, L=Sao Paulo, O=Debian For Alix - DUMMY CHANGE IT, OU=Linux Projects, CN=Debian For Alix CA/emailAddress=no-mail@site
+        Validity
+            Not Before: May 12 03:06:31 2012 GMT
+            Not After : May 10 03:06:31 2022 GMT
+        Subject: C=BR, ST=SP, L=Sao Paulo, O=Debian For Alix - DUMMY CHANGE IT, OU=Linux Projects, CN=vpn01.site/emailAddress=no-mail@site
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:a0:47:e1:23:fa:32:a3:cc:ee:e4:03:96:4c:84:
+                    c2:1e:05:2a:a8:b1:02:0c:b4:26:c5:54:ec:a0:85:
+                    3b:a2:a2:51:b8:85:9a:af:8e:50:fc:99:0a:5a:87:
+                    bf:02:f6:89:bd:04:44:fc:39:db:97:94:62:e8:e1:
+                    2f:c5:f9:dc:ce:2a:c0:63:b7:be:6c:41:7d:87:01:
+                    dd:f2:8b:b2:99:f6:a8:af:4e:11:0d:7b:e2:6e:82:
+                    ec:10:78:21:3c:09:85:c3:ab:b1:6d:14:74:c8:0a:
+                    8f:ec:80:80:b8:f6:a1:ef:dc:ba:7a:08:2b:c2:f5:
+                    77:af:93:d5:8d:1d:98:f2:85
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                91:38:28:A9:09:46:53:9E:E7:BC:29:77:F7:3B:25:92:08:6A:49:56
+            X509v3 Authority Key Identifier: 
+                keyid:8C:A5:DB:53:21:BD:5F:61:E1:56:ED:7A:9B:A5:02:BD:2E:23:AA:A6
+                DirName:/C=BR/ST=SP/L=Sao Paulo/O=Debian For Alix - DUMMY CHANGE IT/OU=Linux Projects/CN=Debian For Alix CA/emailAddress=no-mail@site
+                serial:8E:68:E2:9B:06:CB:D1:65
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        72:65:d4:0d:49:25:77:e2:c1:6d:10:eb:21:6a:d8:33:e7:01:
+        b6:e5:25:dd:46:73:3f:65:91:16:46:dd:db:88:ed:97:2b:02:
+        6f:0e:f3:be:23:e0:38:80:93:5b:6c:85:e8:32:cc:2a:fc:d3:
+        23:c6:c1:66:52:d9:cf:d1:ab:7d:85:19:7a:a9:02:3a:f8:af:
+        74:97:bf:8d:73:92:b8:d4:18:48:b8:2a:a6:c1:5e:e2:6e:cc:
+        ea:91:ba:91:7c:39:21:4e:46:76:c8:4e:3f:98:a7:fc:f2:31:
+        e4:27:fa:c2:34:d5:7c:8a:94:63:c1:bb:b4:eb:7c:ce:21:00:
+        d5:72
+-----BEGIN CERTIFICATE-----
+MIIEMDCCA5mgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBrTELMAkGA1UEBhMCQlIx
+CzAJBgNVBAgTAlNQMRIwEAYDVQQHEwlTYW8gUGF1bG8xKjAoBgNVBAoTIURlYmlh
+biBGb3IgQWxpeCAtIERVTU1ZIENIQU5HRSBJVDEXMBUGA1UECxMOTGludXggUHJv
+amVjdHMxGzAZBgNVBAMTEkRlYmlhbiBGb3IgQWxpeCBDQTEbMBkGCSqGSIb3DQEJ
+ARYMbm8tbWFpbEBzaXRlMB4XDTEyMDUxMjAzMDYzMVoXDTIyMDUxMDAzMDYzMVow
+gaUxCzAJBgNVBAYTAkJSMQswCQYDVQQIEwJTUDESMBAGA1UEBxMJU2FvIFBhdWxv
+MSowKAYDVQQKEyFEZWJpYW4gRm9yIEFsaXggLSBEVU1NWSBDSEFOR0UgSVQxFzAV
+BgNVBAsTDkxpbnV4IFByb2plY3RzMRMwEQYDVQQDEwp2cG4wMS5zaXRlMRswGQYJ
+KoZIhvcNAQkBFgxuby1tYWlsQHNpdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAKBH4SP6MqPM7uQDlkyEwh4FKqixAgy0JsVU7KCFO6KiUbiFmq+OUPyZClqH
+vwL2ib0ERPw525eUYujhL8X53M4qwGO3vmxBfYcB3fKLspn2qK9OEQ174m6C7BB4
+ITwJhcOrsW0UdMgKj+yAgLj2oe/cunoIK8L1d6+T1Y0dmPKFAgMBAAGjggFkMIIB
+YDAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFJE4KKkJRlOe57wpd/c7JZIIaklWMIHiBgNV
+HSMEgdowgdeAFIyl21MhvV9h4VbtepulAr0uI6qmoYGzpIGwMIGtMQswCQYDVQQG
+EwJCUjELMAkGA1UECBMCU1AxEjAQBgNVBAcTCVNhbyBQYXVsbzEqMCgGA1UEChMh
+RGViaWFuIEZvciBBbGl4IC0gRFVNTVkgQ0hBTkdFIElUMRcwFQYDVQQLEw5MaW51
+eCBQcm9qZWN0czEbMBkGA1UEAxMSRGViaWFuIEZvciBBbGl4IENBMRswGQYJKoZI
+hvcNAQkBFgxuby1tYWlsQHNpdGWCCQCOaOKbBsvRZTATBgNVHSUEDDAKBggrBgEF
+BQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEFBQADgYEAcmXUDUkld+LBbRDr
+IWrYM+cBtuUl3UZzP2WRFkbd24jtlysCbw7zviPgOICTW2yF6DLMKvzTI8bBZlLZ
+z9GrfYUZeqkCOvivdJe/jXOSuNQYSLgqpsFe4m7M6pG6kXw5IU5GdshOP5in/PIx
+5Cf6wjTVfIqUY8G7tOt8ziEA1XI=
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/alix.site.crt b/ANW-URB/openvpn/easy-rsa/2.0/keys/alix.site.crt
new file mode 100644
index 0000000..2f04709
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/alix.site.crt
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=BR, ST=SP, L=Sao Paulo, O=Debian For Alix - DUMMY CHANGE IT, OU=Linux Projects, CN=Debian For Alix CA/emailAddress=no-mail@site
+        Validity
+            Not Before: May 12 03:03:25 2012 GMT
+            Not After : May 10 03:03:25 2022 GMT
+        Subject: C=BR, ST=SP, L=Sao Paulo, O=Debian For Alix - DUMMY CHANGE IT, OU=Linux Projects, CN=alix.site/emailAddress=no-mail@site
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:cb:96:17:e9:b2:ad:89:cb:26:60:63:28:d2:77:
+                    6c:95:31:bd:79:96:b9:08:63:ec:44:07:c9:e5:b3:
+                    ba:31:8c:1e:4d:a1:ff:81:8d:fd:7e:e2:68:63:18:
+                    93:be:99:15:70:b1:5b:20:fe:0f:ab:19:21:2e:57:
+                    16:55:21:3e:f5:2c:98:3d:ac:d6:0b:3f:34:ee:8f:
+                    59:a2:f2:4a:94:ed:96:c2:41:93:e3:9d:ed:d0:fa:
+                    64:f4:d7:24:3c:03:98:bc:95:be:2c:3f:42:89:3f:
+                    b9:e5:1a:95:3c:2d:67:0a:84:60:17:7d:21:5f:a8:
+                    43:99:65:3f:b3:d8:06:1d:43
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                E0:51:7A:02:09:11:E6:2F:5F:47:D9:2E:36:9D:9D:AF:7F:16:5F:74
+            X509v3 Authority Key Identifier: 
+                keyid:8C:A5:DB:53:21:BD:5F:61:E1:56:ED:7A:9B:A5:02:BD:2E:23:AA:A6
+                DirName:/C=BR/ST=SP/L=Sao Paulo/O=Debian For Alix - DUMMY CHANGE IT/OU=Linux Projects/CN=Debian For Alix CA/emailAddress=no-mail@site
+                serial:8E:68:E2:9B:06:CB:D1:65
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: sha1WithRSAEncryption
+        6b:b8:50:42:30:27:87:e9:1e:0c:8d:c5:c0:fc:71:f4:70:41:
+        ee:45:09:ac:d2:2c:54:c7:d6:10:66:09:43:cd:8f:8e:75:9a:
+        61:b7:7b:45:10:fa:f4:15:73:6a:ca:01:0b:33:fc:a1:06:30:
+        c0:ff:10:5b:9d:5d:c1:2c:8d:a5:5f:f0:c2:ef:1c:49:e2:1f:
+        02:f3:fa:3b:cd:19:c3:a6:37:0b:0c:cb:af:b0:f8:24:8e:f9:
+        4d:36:82:89:2c:b8:84:a8:5d:5c:fb:f0:64:bd:04:f2:67:a2:
+        3c:d9:59:a0:81:f4:ad:f5:9d:ad:d5:14:48:e2:48:99:ed:41:
+        5e:31
+-----BEGIN CERTIFICATE-----
+MIIESTCCA7KgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBrTELMAkGA1UEBhMCQlIx
+CzAJBgNVBAgTAlNQMRIwEAYDVQQHEwlTYW8gUGF1bG8xKjAoBgNVBAoTIURlYmlh
+biBGb3IgQWxpeCAtIERVTU1ZIENIQU5HRSBJVDEXMBUGA1UECxMOTGludXggUHJv
+amVjdHMxGzAZBgNVBAMTEkRlYmlhbiBGb3IgQWxpeCBDQTEbMBkGCSqGSIb3DQEJ
+ARYMbm8tbWFpbEBzaXRlMB4XDTEyMDUxMjAzMDMyNVoXDTIyMDUxMDAzMDMyNVow
+gaQxCzAJBgNVBAYTAkJSMQswCQYDVQQIEwJTUDESMBAGA1UEBxMJU2FvIFBhdWxv
+MSowKAYDVQQKEyFEZWJpYW4gRm9yIEFsaXggLSBEVU1NWSBDSEFOR0UgSVQxFzAV
+BgNVBAsTDkxpbnV4IFByb2plY3RzMRIwEAYDVQQDEwlhbGl4LnNpdGUxGzAZBgkq
+hkiG9w0BCQEWDG5vLW1haWxAc2l0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAy5YX6bKticsmYGMo0ndslTG9eZa5CGPsRAfJ5bO6MYweTaH/gY39fuJoYxiT
+vpkVcLFbIP4PqxkhLlcWVSE+9SyYPazWCz807o9ZovJKlO2WwkGT453t0Ppk9Nck
+PAOYvJW+LD9CiT+55RqVPC1nCoRgF30hX6hDmWU/s9gGHUMCAwEAAaOCAX4wggF6
+MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIBDQQnFiVF
+YXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBTg
+UXoCCRHmL19H2S42nZ2vfxZfdDCB4gYDVR0jBIHaMIHXgBSMpdtTIb1fYeFW7Xqb
+pQK9LiOqpqGBs6SBsDCBrTELMAkGA1UEBhMCQlIxCzAJBgNVBAgTAlNQMRIwEAYD
+VQQHEwlTYW8gUGF1bG8xKjAoBgNVBAoTIURlYmlhbiBGb3IgQWxpeCAtIERVTU1Z
+IENIQU5HRSBJVDEXMBUGA1UECxMOTGludXggUHJvamVjdHMxGzAZBgNVBAMTEkRl
+YmlhbiBGb3IgQWxpeCBDQTEbMBkGCSqGSIb3DQEJARYMbm8tbWFpbEBzaXRlggkA
+jmjimwbL0WUwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMA0GCSqG
+SIb3DQEBBQUAA4GBAGu4UEIwJ4fpHgyNxcD8cfRwQe5FCazSLFTH1hBmCUPNj451
+mmG3e0UQ+vQVc2rKAQsz/KEGMMD/EFudXcEsjaVf8MLvHEniHwLz+jvNGcOmNwsM
+y6+w+CSO+U02goksuISoXVz78GS9BPJnojzZWaCB9K31na3VFEjiSJntQV4x
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/alix.site.csr b/ANW-URB/openvpn/easy-rsa/2.0/keys/alix.site.csr
new file mode 100644
index 0000000..92c205a
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/alix.site.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB5TCCAU4CAQAwgaQxCzAJBgNVBAYTAkJSMQswCQYDVQQIEwJTUDESMBAGA1UE
+BxMJU2FvIFBhdWxvMSowKAYDVQQKEyFEZWJpYW4gRm9yIEFsaXggLSBEVU1NWSBD
+SEFOR0UgSVQxFzAVBgNVBAsTDkxpbnV4IFByb2plY3RzMRIwEAYDVQQDEwlhbGl4
+LnNpdGUxGzAZBgkqhkiG9w0BCQEWDG5vLW1haWxAc2l0ZTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAy5YX6bKticsmYGMo0ndslTG9eZa5CGPsRAfJ5bO6MYwe
+TaH/gY39fuJoYxiTvpkVcLFbIP4PqxkhLlcWVSE+9SyYPazWCz807o9ZovJKlO2W
+wkGT453t0Ppk9NckPAOYvJW+LD9CiT+55RqVPC1nCoRgF30hX6hDmWU/s9gGHUMC
+AwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBACEP5T3w6bdqyF0aHZD3Tye0b02bL1S/
+x6phHacFHYA0SwDPU/Wd6jXmqWvgG0Iz6mtoKTcfYdPaWvqagykRB0PHIkKlf1he
+Y+hHJfnOzvUroUglF6a3tc6LDLU9GwBZ8u/H1Ox9U+vhstTkVB72735Q8L0FWAVa
+iE3D7xZX5Rjf
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/alix.site.key b/ANW-URB/openvpn/easy-rsa/2.0/keys/alix.site.key
new file mode 100644
index 0000000..d65ec70
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/alix.site.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDLlhfpsq2JyyZgYyjSd2yVMb15lrkIY+xEB8nls7oxjB5Nof+B
+jf1+4mhjGJO+mRVwsVsg/g+rGSEuVxZVIT71LJg9rNYLPzTuj1mi8kqU7ZbCQZPj
+ne3Q+mT01yQ8A5i8lb4sP0KJP7nlGpU8LWcKhGAXfSFfqEOZZT+z2AYdQwIDAQAB
+AoGAFZ4fdepKMRqIPa3p1MdnmUQJ2ZJenXx2xxaIosJ93+sAAMBV8DzSkRmbegJP
+FesNcsTyZ0NzCHkHo/MNZQa9t3xSb3I5ZTg6CMe/QiXu09U56dIACNT9GhrfPpIZ
+ovllZtTPQwR4rcQnwTXxWTn6NCjiDFs/VvwaGAkU0rO3VlkCQQD5pGsMwKj9HPI7
+SM4tN6saNvLyPzE1rooF03zIpD4SwtwAsuHWT8LNiI4Th4f61q0uhn2G3bpjiriX
+f4wB4TxNAkEA0MVn/h3dghfy2GxvMbTbn7wbPcCGhQRXU5NwbdgOmqFDfpBa7+TS
+/xqqb0APFgBgKi0iuYpN/mH7gSpeCmFHzwJAXufd9qwr0oY1pMop79DREJdBR000
+1Ra0zEA5mUGvg4xm/TEEYGhUQ7UdZllJHdiNYDmq8SHMYVl0kcvgmzpYpQJAQqxo
+080x6tQ/KEMpF9TMtyzZ/lS4IU8LnJNfupTfxR5vccIkaKzJfdNETxdEOiCQlaeo
+iVzUH8OnEM85DVOYHQJBAOBvhg5bY9IjhZWEcdq/uY1XDTbaxNydeDLUO7imoQVd
+/rbaY+krV26ewmE6LUS2n6tIrGQG4FRlQtEp7I36htQ=
+-----END RSA PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/ca.crt b/ANW-URB/openvpn/easy-rsa/2.0/keys/ca.crt
new file mode 100644
index 0000000..edc0274
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/ca.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8jCCA1ugAwIBAgIJAI5o4psGy9FlMA0GCSqGSIb3DQEBBQUAMIGtMQswCQYD
+VQQGEwJCUjELMAkGA1UECBMCU1AxEjAQBgNVBAcTCVNhbyBQYXVsbzEqMCgGA1UE
+ChMhRGViaWFuIEZvciBBbGl4IC0gRFVNTVkgQ0hBTkdFIElUMRcwFQYDVQQLEw5M
+aW51eCBQcm9qZWN0czEbMBkGA1UEAxMSRGViaWFuIEZvciBBbGl4IENBMRswGQYJ
+KoZIhvcNAQkBFgxuby1tYWlsQHNpdGUwHhcNMTIwNTEyMDMwMTUzWhcNMjIwNTEw
+MDMwMTUzWjCBrTELMAkGA1UEBhMCQlIxCzAJBgNVBAgTAlNQMRIwEAYDVQQHEwlT
+YW8gUGF1bG8xKjAoBgNVBAoTIURlYmlhbiBGb3IgQWxpeCAtIERVTU1ZIENIQU5H
+RSBJVDEXMBUGA1UECxMOTGludXggUHJvamVjdHMxGzAZBgNVBAMTEkRlYmlhbiBG
+b3IgQWxpeCBDQTEbMBkGCSqGSIb3DQEJARYMbm8tbWFpbEBzaXRlMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQCvPgsgF+v7xSfdH/EJVoRdvGHfj+xwHarRNHfy
+rCmhOwZYqNTFrGV+PgZqLu1KVFUxEiV4/qjDosmQnKMfSOo07QY07JpQkyPmezyA
+4kjZcSlQZ7YrdNI/jtSWZwehm1pkGftWQUx1SOFUhYVOm6DM76SoaSJRXkbqlfAt
+YRmN0wIDAQABo4IBFjCCARIwHQYDVR0OBBYEFIyl21MhvV9h4VbtepulAr0uI6qm
+MIHiBgNVHSMEgdowgdeAFIyl21MhvV9h4VbtepulAr0uI6qmoYGzpIGwMIGtMQsw
+CQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEjAQBgNVBAcTCVNhbyBQYXVsbzEqMCgG
+A1UEChMhRGViaWFuIEZvciBBbGl4IC0gRFVNTVkgQ0hBTkdFIElUMRcwFQYDVQQL
+Ew5MaW51eCBQcm9qZWN0czEbMBkGA1UEAxMSRGViaWFuIEZvciBBbGl4IENBMRsw
+GQYJKoZIhvcNAQkBFgxuby1tYWlsQHNpdGWCCQCOaOKbBsvRZTAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBBQUAA4GBABVmoMWdupXUB2J5p3LI18icmItRPyPH5uBc
+8C2/7AuvOvsRjjjAOtiThBLshCa2YQ2kxlT/uQKVAHrJojzDjozF/NB4rjr74aqj
+GGrWIL8ATWUjNKQFJv32h16t+eUrmWJJUlS4L0oq+v/C96l2QMG8M5Z3nxuctWwO
+ObQ1wsVu
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/ca.key b/ANW-URB/openvpn/easy-rsa/2.0/keys/ca.key
new file mode 100644
index 0000000..d567950
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/ca.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCvPgsgF+v7xSfdH/EJVoRdvGHfj+xwHarRNHfyrCmhOwZYqNTF
+rGV+PgZqLu1KVFUxEiV4/qjDosmQnKMfSOo07QY07JpQkyPmezyA4kjZcSlQZ7Yr
+dNI/jtSWZwehm1pkGftWQUx1SOFUhYVOm6DM76SoaSJRXkbqlfAtYRmN0wIDAQAB
+AoGBAIUrpfK2mxtSAPA2VMqe16oP/WSSD8BHm0auE7TzhhNDMphvfHnXf61G30MT
+9Dk3CyJmQtnG1GMPMxPVJNUiaO+aUVfOV1o38S9y9eSd34IX86MvzCsdwAkK120M
+/Mndf6G2TSLLTh351SBAKx1F3bAB5gohIIKMRUiWNd7edJxBAkEA5sfMVSt3isyK
+X3pToki/H+d0Ht3HZAQzjpCzy4lFymfMiywMlU/ujsTR0KpXXEtJAvC1S22hBGmX
+s/YPMGmLswJBAMJkic85d/Eld2xIsGZMvn/2hjQiJMd+akdvSO6p6Fq4IX8zFdXS
+yob1zyaaI8r9YZcBIBJjipeEgY29yVAKZWECQGhNnPhRcPH2iAOnEe2i217cCQt6
+SQfXLkYc+GXhYP2d9EBiZD2HptY39mxM0LcR/6moiQfSQJfx8XKQn0TOLykCQQCF
+3xEc2bnlI2U7+E8rFFz46QCBNKZZkJCGg3gZjH9MwpOm8rpt183L5cp0DiDqMVcc
+1BSPNWgDcqh5waK68X3hAkEAnnYmuNkKLTs25Zc2gRR/7OXgGc3sRdBnHiTT/dPr
+nGQ7npSSA01XZKJFSRFSgEFoBBiP3k5GcuS9Srr9gfHSJQ==
+-----END RSA PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/crl-test.site.crt b/ANW-URB/openvpn/easy-rsa/2.0/keys/crl-test.site.crt
new file mode 100644
index 0000000..1a046ed
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/crl-test.site.crt
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=BR, ST=SP, L=Sao Paulo, O=Debian For Alix - DUMMY CHANGE IT, OU=Linux Projects, CN=Debian For Alix CA/emailAddress=no-mail@site
+        Validity
+            Not Before: May 12 03:02:28 2012 GMT
+            Not After : May 10 03:02:28 2022 GMT
+        Subject: C=BR, ST=SP, L=Sao Paulo, O=Debian For Alix, CN=crl-test.site/emailAddress=no-mail@site
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c5:ea:a1:09:d0:00:af:07:54:12:6c:96:83:dc:
+                    2a:6e:10:db:57:0c:a9:70:8e:cd:3a:d4:c7:cf:bc:
+                    f8:8e:88:85:9c:59:26:fe:94:93:78:a6:7e:48:41:
+                    ce:78:12:55:1c:18:60:93:66:ab:35:9b:10:60:67:
+                    48:6e:e5:ef:01:d6:2b:33:24:73:66:ba:50:5f:90:
+                    bc:05:95:1c:fd:9a:82:e4:41:81:bb:a8:45:c3:9a:
+                    09:a3:8b:7a:00:fe:00:9f:bd:cf:15:42:5b:53:38:
+                    0d:8d:b4:90:c9:26:f3:2b:aa:de:a4:e9:eb:1c:e4:
+                    ab:e7:a9:0a:85:e4:72:53:8d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                2E:44:CD:9A:53:C1:1D:BC:4C:4D:58:7F:52:62:AF:7B:AC:C9:FF:3A
+            X509v3 Authority Key Identifier: 
+                keyid:8C:A5:DB:53:21:BD:5F:61:E1:56:ED:7A:9B:A5:02:BD:2E:23:AA:A6
+                DirName:/C=BR/ST=SP/L=Sao Paulo/O=Debian For Alix - DUMMY CHANGE IT/OU=Linux Projects/CN=Debian For Alix CA/emailAddress=no-mail@site
+                serial:8E:68:E2:9B:06:CB:D1:65
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: sha1WithRSAEncryption
+        27:8b:a6:82:17:72:9d:e5:31:b5:14:58:a1:40:93:15:50:47:
+        d6:73:ff:55:79:cb:bc:d6:e3:e5:d7:1b:5d:77:c8:ad:a4:1f:
+        f0:2a:a3:de:81:4f:58:87:b9:38:49:42:69:53:51:87:79:ba:
+        23:48:51:5d:b1:19:88:a0:6c:a2:1c:79:c3:7f:02:62:61:56:
+        3e:1f:73:ec:e6:d1:33:22:ed:3d:60:3a:35:a4:8c:07:88:cc:
+        25:b2:d8:2c:ac:db:47:a4:a6:72:30:e3:09:0c:0f:6d:bd:e7:
+        bf:b7:77:af:89:8e:89:cb:7e:23:6b:9d:42:7e:b3:22:d9:aa:
+        e0:67
+-----BEGIN CERTIFICATE-----
+MIIEITCCA4qgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrTELMAkGA1UEBhMCQlIx
+CzAJBgNVBAgTAlNQMRIwEAYDVQQHEwlTYW8gUGF1bG8xKjAoBgNVBAoTIURlYmlh
+biBGb3IgQWxpeCAtIERVTU1ZIENIQU5HRSBJVDEXMBUGA1UECxMOTGludXggUHJv
+amVjdHMxGzAZBgNVBAMTEkRlYmlhbiBGb3IgQWxpeCBDQTEbMBkGCSqGSIb3DQEJ
+ARYMbm8tbWFpbEBzaXRlMB4XDTEyMDUxMjAzMDIyOFoXDTIyMDUxMDAzMDIyOFow
+fTELMAkGA1UEBhMCQlIxCzAJBgNVBAgTAlNQMRIwEAYDVQQHEwlTYW8gUGF1bG8x
+GDAWBgNVBAoTD0RlYmlhbiBGb3IgQWxpeDEWMBQGA1UEAxMNY3JsLXRlc3Quc2l0
+ZTEbMBkGCSqGSIb3DQEJARYMbm8tbWFpbEBzaXRlMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDF6qEJ0ACvB1QSbJaD3CpuENtXDKlwjs061MfPvPiOiIWcWSb+
+lJN4pn5IQc54ElUcGGCTZqs1mxBgZ0hu5e8B1iszJHNmulBfkLwFlRz9moLkQYG7
+qEXDmgmji3oA/gCfvc8VQltTOA2NtJDJJvMrqt6k6esc5KvnqQqF5HJTjQIDAQAB
+o4IBfjCCAXowCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4
+QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFC5EzZpTwR28TE1Yf1Jir3usyf86MIHiBgNVHSMEgdowgdeAFIyl21Mh
+vV9h4VbtepulAr0uI6qmoYGzpIGwMIGtMQswCQYDVQQGEwJCUjELMAkGA1UECBMC
+U1AxEjAQBgNVBAcTCVNhbyBQYXVsbzEqMCgGA1UEChMhRGViaWFuIEZvciBBbGl4
+IC0gRFVNTVkgQ0hBTkdFIElUMRcwFQYDVQQLEw5MaW51eCBQcm9qZWN0czEbMBkG
+A1UEAxMSRGViaWFuIEZvciBBbGl4IENBMRswGQYJKoZIhvcNAQkBFgxuby1tYWls
+QHNpdGWCCQCOaOKbBsvRZTATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMC
+BaAwDQYJKoZIhvcNAQEFBQADgYEAJ4umghdyneUxtRRYoUCTFVBH1nP/VXnLvNbj
+5dcbXXfIraQf8Cqj3oFPWIe5OElCaVNRh3m6I0hRXbEZiKBsohx5w38CYmFWPh9z
+7ObRMyLtPWA6NaSMB4jMJbLYLKzbR6SmcjDjCQwPbb3nv7d3r4mOict+I2udQn6z
+Itmq4Gc=
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/crl-test.site.csr b/ANW-URB/openvpn/easy-rsa/2.0/keys/crl-test.site.csr
new file mode 100644
index 0000000..d01550b
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/crl-test.site.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBvTCCASYCAQAwfTELMAkGA1UEBhMCQlIxCzAJBgNVBAgTAlNQMRIwEAYDVQQH
+EwlTYW8gUGF1bG8xGDAWBgNVBAoTD0RlYmlhbiBGb3IgQWxpeDEWMBQGA1UEAxMN
+Y3JsLXRlc3Quc2l0ZTEbMBkGCSqGSIb3DQEJARYMbm8tbWFpbEBzaXRlMIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF6qEJ0ACvB1QSbJaD3CpuENtXDKlwjs06
+1MfPvPiOiIWcWSb+lJN4pn5IQc54ElUcGGCTZqs1mxBgZ0hu5e8B1iszJHNmulBf
+kLwFlRz9moLkQYG7qEXDmgmji3oA/gCfvc8VQltTOA2NtJDJJvMrqt6k6esc5Kvn
+qQqF5HJTjQIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAsuPOQdbzTcvMTrZPpn9r
+Aqpi+vcLt1g1B5NF4qlw1MhJ2bavIimsQYhT/PM+i8722QJL+K7VJr0Y9VgRI2Rg
+qPUquHVsXkZQN3d0+q/YRK6W0WFJEJaF85gDzIlyNBNKuBJq9ADafRugDrz2xcM7
+cy0OZCunFhH3MdCqXdRqLrw=
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/crl-test.site.key b/ANW-URB/openvpn/easy-rsa/2.0/keys/crl-test.site.key
new file mode 100644
index 0000000..4815f5e
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/crl-test.site.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDF6qEJ0ACvB1QSbJaD3CpuENtXDKlwjs061MfPvPiOiIWcWSb+
+lJN4pn5IQc54ElUcGGCTZqs1mxBgZ0hu5e8B1iszJHNmulBfkLwFlRz9moLkQYG7
+qEXDmgmji3oA/gCfvc8VQltTOA2NtJDJJvMrqt6k6esc5KvnqQqF5HJTjQIDAQAB
+AoGAZo88XiJciFbK2TVOFgx8LEct8oEMONi3PxpOZLcvMmVKn4ePbnM9rFLSs8zu
+GkidtA5p1VhptkChjuNWpKkgXbDBTRYbrUOnXrUgToW10C4E5ftztbcRQ847OE1G
+eMjznSd9SiLElV3REyY6BzTYciRo987MoBrtqi02EPDYbv0CQQDraopLMDQml1Kl
+1cluGuTJ8ZNxDKWkDfr5BvEMpn5v1W82k1dWLkJDMYIuKu76OfevxAibLpNL3Q06
+wLb8c4nTAkEA1zi2PaBAiPgDXPUl3LnDNrr4kjXc8KJZpmCf/kgKVc+pYppDsUiG
+wC4mWcVuerrankeLFbkOPW0GBjsrDVfxHwJAJDkMdm1AWP/Hs8Slbc+tjHUjXq23
+fvq3t0GeLXgg1ExfBGK/eX88quIfScNJai8pMV5UhKwx9eZZdsTYYxfUCQJAMvog
+2Fnzzz2HdmYukKiDX5xLsj4F1g1uVKVAYDdqE0c7pLpLXFuEZ1LHDK5h67oEfEcP
+35ZUlCIVsjYjjWaOGwJBAJC0swnzK5wdMDzzF+oqOnGs2EzptfuUQ9JlabffbL4Y
+9mbuCu12IDMLDmY73Dnk1BWzi8TyfTD2fEDU8seNl28=
+-----END RSA PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/crl.pem b/ANW-URB/openvpn/easy-rsa/2.0/keys/crl.pem
new file mode 100644
index 0000000..070f2b6
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/crl.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBiTCB8zANBgkqhkiG9w0BAQQFADCBrTELMAkGA1UEBhMCQlIxCzAJBgNVBAgT
+AlNQMRIwEAYDVQQHEwlTYW8gUGF1bG8xKjAoBgNVBAoTIURlYmlhbiBGb3IgQWxp
+eCAtIERVTU1ZIENIQU5HRSBJVDEXMBUGA1UECxMOTGludXggUHJvamVjdHMxGzAZ
+BgNVBAMTEkRlYmlhbiBGb3IgQWxpeCBDQTEbMBkGCSqGSIb3DQEJARYMbm8tbWFp
+bEBzaXRlFw0xMjA1MTIwMzAyMzhaFw0xMjA2MTEwMzAyMzhaMBQwEgIBARcNMTIw
+NTEyMDMwMjM4WjANBgkqhkiG9w0BAQQFAAOBgQAJRVAq3T2gjUsKSjg5dLuy3pGl
+jVguEybZuOJn80LX1a9Jha367CZVuuww6GX2EUBiFKxXS4BHsV56q2XJaUlWaCXb
+4pjHWNm5i/JW7VwtG1fConY2BRaJrVCXu8wazx6vzbxYNuyMwtaoUvvPaGlQxen5
+TMe+Qpp6nw8ppaHAPg==
+-----END X509 CRL-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/dh1024.pem b/ANW-URB/openvpn/easy-rsa/2.0/keys/dh1024.pem
new file mode 100644
index 0000000..94479fc
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAKPTQ3STxQjGe+kIuQrOhyIXruP3ttLox+Zlieb9wRoblR8PNGyyUv7t
+4X/7Bk+vzrwkqUYwUX91Hm5GMBDqhuchk0iY9r+y7XucD69yct3ivF6oKqqNjQyN
+I2mpbMWKZTbSrfKKcd5NTOVDQUxpIIVRJhp2nfNW24jvHI4hIgjjAgEC
+-----END DH PARAMETERS-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/index.txt b/ANW-URB/openvpn/easy-rsa/2.0/keys/index.txt
new file mode 100644
index 0000000..222af0b
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/index.txt
@@ -0,0 +1,3 @@
+R	220510030228Z	120512030238Z	01	unknown	/C=BR/ST=SP/L=Sao Paulo/O=Debian For Alix/CN=crl-test.site/emailAddress=no-mail@site
+V	220510030325Z		02	unknown	/C=BR/ST=SP/L=Sao Paulo/O=Debian For Alix - DUMMY CHANGE IT/OU=Linux Projects/CN=alix.site/emailAddress=no-mail@site
+V	220510030631Z		03	unknown	/C=BR/ST=SP/L=Sao Paulo/O=Debian For Alix - DUMMY CHANGE IT/OU=Linux Projects/CN=vpn01.site/emailAddress=no-mail@site
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/index.txt.attr b/ANW-URB/openvpn/easy-rsa/2.0/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/index.txt.attr.old b/ANW-URB/openvpn/easy-rsa/2.0/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/index.txt.old b/ANW-URB/openvpn/easy-rsa/2.0/keys/index.txt.old
new file mode 100644
index 0000000..bb80906
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/index.txt.old
@@ -0,0 +1,2 @@
+R	220510030228Z	120512030238Z	01	unknown	/C=BR/ST=SP/L=Sao Paulo/O=Debian For Alix/CN=crl-test.site/emailAddress=no-mail@site
+V	220510030325Z		02	unknown	/C=BR/ST=SP/L=Sao Paulo/O=Debian For Alix - DUMMY CHANGE IT/OU=Linux Projects/CN=alix.site/emailAddress=no-mail@site
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/revoke-test.pem b/ANW-URB/openvpn/easy-rsa/2.0/keys/revoke-test.pem
new file mode 100644
index 0000000..6b06f7a
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/revoke-test.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIID8jCCA1ugAwIBAgIJAI5o4psGy9FlMA0GCSqGSIb3DQEBBQUAMIGtMQswCQYD
+VQQGEwJCUjELMAkGA1UECBMCU1AxEjAQBgNVBAcTCVNhbyBQYXVsbzEqMCgGA1UE
+ChMhRGViaWFuIEZvciBBbGl4IC0gRFVNTVkgQ0hBTkdFIElUMRcwFQYDVQQLEw5M
+aW51eCBQcm9qZWN0czEbMBkGA1UEAxMSRGViaWFuIEZvciBBbGl4IENBMRswGQYJ
+KoZIhvcNAQkBFgxuby1tYWlsQHNpdGUwHhcNMTIwNTEyMDMwMTUzWhcNMjIwNTEw
+MDMwMTUzWjCBrTELMAkGA1UEBhMCQlIxCzAJBgNVBAgTAlNQMRIwEAYDVQQHEwlT
+YW8gUGF1bG8xKjAoBgNVBAoTIURlYmlhbiBGb3IgQWxpeCAtIERVTU1ZIENIQU5H
+RSBJVDEXMBUGA1UECxMOTGludXggUHJvamVjdHMxGzAZBgNVBAMTEkRlYmlhbiBG
+b3IgQWxpeCBDQTEbMBkGCSqGSIb3DQEJARYMbm8tbWFpbEBzaXRlMIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQCvPgsgF+v7xSfdH/EJVoRdvGHfj+xwHarRNHfy
+rCmhOwZYqNTFrGV+PgZqLu1KVFUxEiV4/qjDosmQnKMfSOo07QY07JpQkyPmezyA
+4kjZcSlQZ7YrdNI/jtSWZwehm1pkGftWQUx1SOFUhYVOm6DM76SoaSJRXkbqlfAt
+YRmN0wIDAQABo4IBFjCCARIwHQYDVR0OBBYEFIyl21MhvV9h4VbtepulAr0uI6qm
+MIHiBgNVHSMEgdowgdeAFIyl21MhvV9h4VbtepulAr0uI6qmoYGzpIGwMIGtMQsw
+CQYDVQQGEwJCUjELMAkGA1UECBMCU1AxEjAQBgNVBAcTCVNhbyBQYXVsbzEqMCgG
+A1UEChMhRGViaWFuIEZvciBBbGl4IC0gRFVNTVkgQ0hBTkdFIElUMRcwFQYDVQQL
+Ew5MaW51eCBQcm9qZWN0czEbMBkGA1UEAxMSRGViaWFuIEZvciBBbGl4IENBMRsw
+GQYJKoZIhvcNAQkBFgxuby1tYWlsQHNpdGWCCQCOaOKbBsvRZTAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBBQUAA4GBABVmoMWdupXUB2J5p3LI18icmItRPyPH5uBc
+8C2/7AuvOvsRjjjAOtiThBLshCa2YQ2kxlT/uQKVAHrJojzDjozF/NB4rjr74aqj
+GGrWIL8ATWUjNKQFJv32h16t+eUrmWJJUlS4L0oq+v/C96l2QMG8M5Z3nxuctWwO
+ObQ1wsVu
+-----END CERTIFICATE-----
+-----BEGIN X509 CRL-----
+MIIBiTCB8zANBgkqhkiG9w0BAQQFADCBrTELMAkGA1UEBhMCQlIxCzAJBgNVBAgT
+AlNQMRIwEAYDVQQHEwlTYW8gUGF1bG8xKjAoBgNVBAoTIURlYmlhbiBGb3IgQWxp
+eCAtIERVTU1ZIENIQU5HRSBJVDEXMBUGA1UECxMOTGludXggUHJvamVjdHMxGzAZ
+BgNVBAMTEkRlYmlhbiBGb3IgQWxpeCBDQTEbMBkGCSqGSIb3DQEJARYMbm8tbWFp
+bEBzaXRlFw0xMjA1MTIwMzAyMzhaFw0xMjA2MTEwMzAyMzhaMBQwEgIBARcNMTIw
+NTEyMDMwMjM4WjANBgkqhkiG9w0BAQQFAAOBgQAJRVAq3T2gjUsKSjg5dLuy3pGl
+jVguEybZuOJn80LX1a9Jha367CZVuuww6GX2EUBiFKxXS4BHsV56q2XJaUlWaCXb
+4pjHWNm5i/JW7VwtG1fConY2BRaJrVCXu8wazx6vzbxYNuyMwtaoUvvPaGlQxen5
+TMe+Qpp6nw8ppaHAPg==
+-----END X509 CRL-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/serial b/ANW-URB/openvpn/easy-rsa/2.0/keys/serial
new file mode 100644
index 0000000..6496923
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/serial
@@ -0,0 +1 @@
+04
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/serial.old b/ANW-URB/openvpn/easy-rsa/2.0/keys/serial.old
new file mode 100644
index 0000000..75016ea
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/serial.old
@@ -0,0 +1 @@
+03
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/vpn01.site.crt b/ANW-URB/openvpn/easy-rsa/2.0/keys/vpn01.site.crt
new file mode 100644
index 0000000..aa30da2
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/vpn01.site.crt
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=BR, ST=SP, L=Sao Paulo, O=Debian For Alix - DUMMY CHANGE IT, OU=Linux Projects, CN=Debian For Alix CA/emailAddress=no-mail@site
+        Validity
+            Not Before: May 12 03:06:31 2012 GMT
+            Not After : May 10 03:06:31 2022 GMT
+        Subject: C=BR, ST=SP, L=Sao Paulo, O=Debian For Alix - DUMMY CHANGE IT, OU=Linux Projects, CN=vpn01.site/emailAddress=no-mail@site
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:a0:47:e1:23:fa:32:a3:cc:ee:e4:03:96:4c:84:
+                    c2:1e:05:2a:a8:b1:02:0c:b4:26:c5:54:ec:a0:85:
+                    3b:a2:a2:51:b8:85:9a:af:8e:50:fc:99:0a:5a:87:
+                    bf:02:f6:89:bd:04:44:fc:39:db:97:94:62:e8:e1:
+                    2f:c5:f9:dc:ce:2a:c0:63:b7:be:6c:41:7d:87:01:
+                    dd:f2:8b:b2:99:f6:a8:af:4e:11:0d:7b:e2:6e:82:
+                    ec:10:78:21:3c:09:85:c3:ab:b1:6d:14:74:c8:0a:
+                    8f:ec:80:80:b8:f6:a1:ef:dc:ba:7a:08:2b:c2:f5:
+                    77:af:93:d5:8d:1d:98:f2:85
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                91:38:28:A9:09:46:53:9E:E7:BC:29:77:F7:3B:25:92:08:6A:49:56
+            X509v3 Authority Key Identifier: 
+                keyid:8C:A5:DB:53:21:BD:5F:61:E1:56:ED:7A:9B:A5:02:BD:2E:23:AA:A6
+                DirName:/C=BR/ST=SP/L=Sao Paulo/O=Debian For Alix - DUMMY CHANGE IT/OU=Linux Projects/CN=Debian For Alix CA/emailAddress=no-mail@site
+                serial:8E:68:E2:9B:06:CB:D1:65
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        72:65:d4:0d:49:25:77:e2:c1:6d:10:eb:21:6a:d8:33:e7:01:
+        b6:e5:25:dd:46:73:3f:65:91:16:46:dd:db:88:ed:97:2b:02:
+        6f:0e:f3:be:23:e0:38:80:93:5b:6c:85:e8:32:cc:2a:fc:d3:
+        23:c6:c1:66:52:d9:cf:d1:ab:7d:85:19:7a:a9:02:3a:f8:af:
+        74:97:bf:8d:73:92:b8:d4:18:48:b8:2a:a6:c1:5e:e2:6e:cc:
+        ea:91:ba:91:7c:39:21:4e:46:76:c8:4e:3f:98:a7:fc:f2:31:
+        e4:27:fa:c2:34:d5:7c:8a:94:63:c1:bb:b4:eb:7c:ce:21:00:
+        d5:72
+-----BEGIN CERTIFICATE-----
+MIIEMDCCA5mgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBrTELMAkGA1UEBhMCQlIx
+CzAJBgNVBAgTAlNQMRIwEAYDVQQHEwlTYW8gUGF1bG8xKjAoBgNVBAoTIURlYmlh
+biBGb3IgQWxpeCAtIERVTU1ZIENIQU5HRSBJVDEXMBUGA1UECxMOTGludXggUHJv
+amVjdHMxGzAZBgNVBAMTEkRlYmlhbiBGb3IgQWxpeCBDQTEbMBkGCSqGSIb3DQEJ
+ARYMbm8tbWFpbEBzaXRlMB4XDTEyMDUxMjAzMDYzMVoXDTIyMDUxMDAzMDYzMVow
+gaUxCzAJBgNVBAYTAkJSMQswCQYDVQQIEwJTUDESMBAGA1UEBxMJU2FvIFBhdWxv
+MSowKAYDVQQKEyFEZWJpYW4gRm9yIEFsaXggLSBEVU1NWSBDSEFOR0UgSVQxFzAV
+BgNVBAsTDkxpbnV4IFByb2plY3RzMRMwEQYDVQQDEwp2cG4wMS5zaXRlMRswGQYJ
+KoZIhvcNAQkBFgxuby1tYWlsQHNpdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAKBH4SP6MqPM7uQDlkyEwh4FKqixAgy0JsVU7KCFO6KiUbiFmq+OUPyZClqH
+vwL2ib0ERPw525eUYujhL8X53M4qwGO3vmxBfYcB3fKLspn2qK9OEQ174m6C7BB4
+ITwJhcOrsW0UdMgKj+yAgLj2oe/cunoIK8L1d6+T1Y0dmPKFAgMBAAGjggFkMIIB
+YDAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFJE4KKkJRlOe57wpd/c7JZIIaklWMIHiBgNV
+HSMEgdowgdeAFIyl21MhvV9h4VbtepulAr0uI6qmoYGzpIGwMIGtMQswCQYDVQQG
+EwJCUjELMAkGA1UECBMCU1AxEjAQBgNVBAcTCVNhbyBQYXVsbzEqMCgGA1UEChMh
+RGViaWFuIEZvciBBbGl4IC0gRFVNTVkgQ0hBTkdFIElUMRcwFQYDVQQLEw5MaW51
+eCBQcm9qZWN0czEbMBkGA1UEAxMSRGViaWFuIEZvciBBbGl4IENBMRswGQYJKoZI
+hvcNAQkBFgxuby1tYWlsQHNpdGWCCQCOaOKbBsvRZTATBgNVHSUEDDAKBggrBgEF
+BQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEFBQADgYEAcmXUDUkld+LBbRDr
+IWrYM+cBtuUl3UZzP2WRFkbd24jtlysCbw7zviPgOICTW2yF6DLMKvzTI8bBZlLZ
+z9GrfYUZeqkCOvivdJe/jXOSuNQYSLgqpsFe4m7M6pG6kXw5IU5GdshOP5in/PIx
+5Cf6wjTVfIqUY8G7tOt8ziEA1XI=
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/vpn01.site.csr b/ANW-URB/openvpn/easy-rsa/2.0/keys/vpn01.site.csr
new file mode 100644
index 0000000..f559b67
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/vpn01.site.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB5jCCAU8CAQAwgaUxCzAJBgNVBAYTAkJSMQswCQYDVQQIEwJTUDESMBAGA1UE
+BxMJU2FvIFBhdWxvMSowKAYDVQQKEyFEZWJpYW4gRm9yIEFsaXggLSBEVU1NWSBD
+SEFOR0UgSVQxFzAVBgNVBAsTDkxpbnV4IFByb2plY3RzMRMwEQYDVQQDEwp2cG4w
+MS5zaXRlMRswGQYJKoZIhvcNAQkBFgxuby1tYWlsQHNpdGUwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAKBH4SP6MqPM7uQDlkyEwh4FKqixAgy0JsVU7KCFO6Ki
+UbiFmq+OUPyZClqHvwL2ib0ERPw525eUYujhL8X53M4qwGO3vmxBfYcB3fKLspn2
+qK9OEQ174m6C7BB4ITwJhcOrsW0UdMgKj+yAgLj2oe/cunoIK8L1d6+T1Y0dmPKF
+AgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQAYmNnggH95U2iVGt8Ef123jYY5I79b
+T4I9PxUOvqhLaHy7C55XR612TKop48D4SuyXif7LescwEvvOlawYXLnGnbIIpQe5
+BnlJ6BBd9WJ72DWrKSXev7zwj+eWG7tjXXLLXsWQGyF9zUJmp2X14PaaGKrY8m7J
+lsFjBJb1btOzoQ==
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/keys/vpn01.site.key b/ANW-URB/openvpn/easy-rsa/2.0/keys/vpn01.site.key
new file mode 100644
index 0000000..68db2d8
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/keys/vpn01.site.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCgR+Ej+jKjzO7kA5ZMhMIeBSqosQIMtCbFVOyghTuiolG4hZqv
+jlD8mQpah78C9om9BET8OduXlGLo4S/F+dzOKsBjt75sQX2HAd3yi7KZ9qivThEN
+e+JuguwQeCE8CYXDq7FtFHTICo/sgIC49qHv3Lp6CCvC9Xevk9WNHZjyhQIDAQAB
+AoGASf2ks2UW54L9bQky4xQOQKmF7eX42kB3/XSc3+VhiEyCiTo0FIMQY+uKWgx8
+YzPIlhdYeU+ETc9UcckysqQMB+2x8+wyB9SFe0AIsHqXUVlW1lPgaDRqIwHWzJjY
+Z51qRT+EehH4c65Lec+jTAiVj5HMQCFHIfANR5tN1MkuMakCQQDLs5PlS48cOgve
+2DHWoIHr6Lgh4dQ9Puq2Gy29tFUpVV2FfZ+dCkx8GX4CX07Yoz1YSkHDb3etHQrD
+dVb2RMArAkEAyW5yLwlyqLJHwvLt+8Lo8EwLDTEIoj8yq2ks7F/vRXFPvpUzPWpD
+/Z9eTfULUDoY28O4apUbLSXc16QF1C0QDwJAXy9qzJqiJO563YbowwH9s97rK+n6
+4yOjSbUpipvZr5bUPKyXCSrm0paW60Td8x1UbQ1F7a0InzwS64LJQAqgQQJAW9v5
+SIgXeOUsorPkYb7GOeeD1rU4ybzmX5MsQHOTi2icRD6ISoaukPffqs+IJEMKWRZN
+gJWU+ibdKp4LZnJScwJAfpHZTB2GLuPBd/zU+R0pJF3JE2Ktv7+PKl44dl49+P4R
+L6KsiC6E5kaVdF8LCZaKY/4UIRCKFZw876rnzEjGTw==
+-----END RSA PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/list-crl b/ANW-URB/openvpn/easy-rsa/2.0/list-crl
new file mode 100755
index 0000000..d1d8a69
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/list-crl
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# list revoked certificates
+
+CRL="${1:-crl.pem}"
+
+if [ "$KEY_DIR" ]; then
+    cd "$KEY_DIR" && \
+	$OPENSSL crl -text -noout -in "$CRL"
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/openssl-0.9.6.cnf b/ANW-URB/openvpn/easy-rsa/2.0/openssl-0.9.6.cnf
new file mode 100644
index 0000000..d28341d
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/openssl-0.9.6.cnf
@@ -0,0 +1,265 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/openssl-0.9.8.cnf b/ANW-URB/openvpn/easy-rsa/2.0/openssl-0.9.8.cnf
new file mode 100644
index 0000000..340b8af
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/openssl-0.9.8.cnf
@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf b/ANW-URB/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
new file mode 100644
index 0000000..fa258a5
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
@@ -0,0 +1,285 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf-old-copy b/ANW-URB/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf-old-copy
new file mode 100644
index 0000000..da425aa
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf-old-copy
@@ -0,0 +1,285 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/openssl.cnf b/ANW-URB/openvpn/easy-rsa/2.0/openssl.cnf
new file mode 100644
index 0000000..fa258a5
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/openssl.cnf
@@ -0,0 +1,285 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/pkitool b/ANW-URB/openvpn/easy-rsa/2.0/pkitool
new file mode 100755
index 0000000..49588f5
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/pkitool
@@ -0,0 +1,379 @@
+#!/bin/sh
+
+#  OpenVPN -- An application to securely tunnel IP networks
+#             over a single TCP/UDP port, with support for SSL/TLS-based
+#             session authentication and key exchange,
+#             packet encryption, packet authentication, and
+#             packet compression.
+#
+#  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License version 2
+#  as published by the Free Software Foundation.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program (see the file COPYING included with this
+#  distribution); if not, write to the Free Software Foundation, Inc.,
+#  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# pkitool is a front-end for the openssl tool.
+
+# Calling scripts can set the certificate organizational 
+# unit with the KEY_OU environmental variable. 
+
+# Calling scripts can also set the KEY_NAME environmental
+# variable to set the "name" X509 subject field.
+
+PROGNAME=pkitool
+VERSION=2.0
+DEBUG=0
+
+die()
+{
+    local m="$1"
+
+    echo "$m" >&2
+    exit 1
+}
+
+need_vars()
+{
+    echo '  Please edit the vars script to reflect your configuration,'
+    echo '  then source it with "source ./vars".'
+    echo '  Next, to start with a fresh PKI configuration and to delete any'
+    echo '  previous certificates and keys, run "./clean-all".'
+    echo "  Finally, you can run this tool ($PROGNAME) to build certificates/keys."
+}
+
+usage()
+{
+    echo "$PROGNAME $VERSION"
+    echo "Usage: $PROGNAME [options...] [common-name]"
+    echo "Options:"
+    echo "  --batch    : batch mode (default)"
+    echo "  --keysize  : Set keysize"
+    echo "      size   : size (default=1024)"
+    echo "  --interact : interactive mode"
+    echo "  --server   : build server cert"
+    echo "  --initca   : build root CA"
+    echo "  --inter    : build intermediate CA"
+    echo "  --pass     : encrypt private key with password"
+    echo "  --csr      : only generate a CSR, do not sign"
+    echo "  --sign     : sign an existing CSR"
+    echo "  --pkcs12   : generate a combined PKCS#12 file"
+    echo "  --pkcs11   : generate certificate on PKCS#11 token"
+    echo "      lib    : PKCS#11 library"
+    echo "      slot   : PKCS#11 slot"
+    echo "      id     : PKCS#11 object id (hex string)"
+    echo "      label  : PKCS#11 object label"
+    echo "Standalone options:"
+    echo "  --pkcs11-slots   : list PKCS#11 slots"
+    echo "      lib    : PKCS#11 library"
+    echo "  --pkcs11-objects : list PKCS#11 token objects"
+    echo "      lib    : PKCS#11 library"
+    echo "      slot   : PKCS#11 slot"
+    echo "  --pkcs11-init    : initialize PKCS#11 token DANGEROUS!!!"
+    echo "      lib    : PKCS#11 library"
+    echo "      slot   : PKCS#11 slot"
+    echo "      label  : PKCS#11 token label"
+    echo "Notes:"
+    need_vars
+    echo "  In order to use PKCS#11 interface you must have opensc-0.10.0 or higher."
+    echo "Generated files and corresponding OpenVPN directives:"
+    echo '(Files will be placed in the $KEY_DIR directory, defined in ./vars)'
+    echo "  ca.crt     -> root certificate (--ca)"
+    echo "  ca.key     -> root key, keep secure (not directly used by OpenVPN)"
+    echo "  .crt files -> client/server certificates (--cert)"
+    echo "  .key files -> private keys, keep secure (--key)"
+    echo "  .csr files -> certificate signing request (not directly used by OpenVPN)"
+    echo "  dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)"
+    echo "Examples:"
+    echo "  $PROGNAME --initca          -> Build root certificate"
+    echo "  $PROGNAME --initca --pass   -> Build root certificate with password-protected key"
+    echo "  $PROGNAME --server server1  -> Build \"server1\" certificate/key"
+    echo "  $PROGNAME client1           -> Build \"client1\" certificate/key"
+    echo "  $PROGNAME --pass client2    -> Build password-protected \"client2\" certificate/key"
+    echo "  $PROGNAME --pkcs12 client3  -> Build \"client3\" certificate/key in PKCS#12 format"
+    echo "  $PROGNAME --csr client4     -> Build \"client4\" CSR to be signed by another CA"
+    echo "  $PROGNAME --sign client4    -> Sign \"client4\" CSR"
+    echo "  $PROGNAME --inter interca   -> Build an intermediate key-signing certificate/key"
+    echo "                               Also see ./inherit-inter script."
+    echo "  $PROGNAME --pkcs11 /usr/lib/pkcs11/lib1 0 010203 \"client5 id\" client5"
+    echo "                              -> Build \"client5\" certificate/key in PKCS#11 token"
+    echo "Typical usage for initial PKI setup.  Build myserver, client1, and client2 cert/keys."
+    echo "Protect client2 key with a password.  Build DH parms.  Generated files in ./keys :"
+    echo "  [edit vars with your site-specific info]"
+    echo "  source ./vars"
+    echo "  ./clean-all"
+    echo "  ./build-dh     -> takes a long time, consider backgrounding"
+    echo "  ./$PROGNAME --initca"
+    echo "  ./$PROGNAME --server myserver"
+    echo "  ./$PROGNAME client1"
+    echo "  ./$PROGNAME --pass client2"
+    echo "Typical usage for adding client cert to existing PKI:"
+    echo "  source ./vars"
+    echo "  ./$PROGNAME client-new"
+}
+
+# Set tool defaults
+[ -n "$OPENSSL" ] || export OPENSSL="openssl"
+[ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool"
+[ -n "$GREP" ] || export GREP="grep"
+
+# Set defaults
+DO_REQ="1"
+REQ_EXT=""
+DO_CA="1"
+CA_EXT=""
+DO_P12="0"
+DO_P11="0"
+DO_ROOT="0"
+NODES_REQ="-nodes"
+NODES_P12=""
+BATCH="-batch"
+CA="ca"
+# must be set or errors of openssl.cnf
+PKCS11_MODULE_PATH="dummy"
+PKCS11_PIN="dummy"
+
+# Process options
+while [ $# -gt 0 ]; do
+    case "$1" in
+        --keysize  ) KEY_SIZE=$2
+		     shift;;
+	--server   ) REQ_EXT="$REQ_EXT -extensions server"
+	             CA_EXT="$CA_EXT -extensions server" ;;
+	--batch    ) BATCH="-batch" ;;
+	--interact ) BATCH="" ;;
+        --inter    ) CA_EXT="$CA_EXT -extensions v3_ca" ;;
+        --initca   ) DO_ROOT="1" ;;
+	--pass     ) NODES_REQ="" ;;
+        --csr      ) DO_CA="0" ;;
+        --sign     ) DO_REQ="0" ;;
+        --pkcs12   ) DO_P12="1" ;;
+	--pkcs11   ) DO_P11="1"
+	             PKCS11_MODULE_PATH="$2"
+		     PKCS11_SLOT="$3"
+		     PKCS11_ID="$4"
+		     PKCS11_LABEL="$5"
+		     shift 4;;
+
+	# standalone
+	--pkcs11-init)
+	             PKCS11_MODULE_PATH="$2"
+	             PKCS11_SLOT="$3"
+	             PKCS11_LABEL="$4"
+		     if [ -z "$PKCS11_LABEL" ]; then
+		       die "Please specify library name, slot and label"
+		     fi
+		     $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \
+		     	--label "$PKCS11_LABEL" &&
+			$PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT"
+		     exit $?;;
+	--pkcs11-slots)
+	             PKCS11_MODULE_PATH="$2"
+		     if [ -z "$PKCS11_MODULE_PATH" ]; then
+		       die "Please specify library name"
+		     fi
+		     $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots
+		     exit 0;;
+	--pkcs11-objects)
+	             PKCS11_MODULE_PATH="$2"
+	             PKCS11_SLOT="$3"
+		     if [ -z "$PKCS11_SLOT" ]; then
+		       die "Please specify library name and slot"
+		     fi
+		     $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT"
+		     exit 0;;
+
+        --help|--usage)
+                    usage
+                    exit ;;
+        --version)
+                    echo "$PROGNAME $VERSION"
+                    exit ;;
+	# errors
+	--*        ) die "$PROGNAME: unknown option: $1" ;;
+	*          ) break ;;
+    esac
+    shift   
+done
+
+if ! [ -z "$BATCH" ]; then
+	if $OPENSSL version | grep 0.9.6 > /dev/null; then
+		die "Batch mode is unsupported in openssl<0.9.7"
+	fi
+fi
+
+if [ $DO_P12 -eq 1 -a $DO_P11 -eq 1 ]; then
+	die "PKCS#11 and PKCS#12 cannot be specified together"
+fi
+
+if [ $DO_P11 -eq 1 ]; then
+	if ! grep "^pkcs11.*=" "$KEY_CONFIG" > /dev/null; then
+		die "Please edit $KEY_CONFIG and setup PKCS#11 engine"
+	fi
+fi
+
+# If we are generating pkcs12, only encrypt the final step
+if [ $DO_P12 -eq 1 ]; then
+    NODES_P12="$NODES_REQ"
+    NODES_REQ="-nodes"
+fi
+
+if [ $DO_P11 -eq 1 ]; then
+	if [ -z "$PKCS11_LABEL" ]; then
+		die "PKCS#11 arguments incomplete"
+	fi
+fi
+
+# If undefined, set default key expiration intervals
+if [ -z "$KEY_EXPIRE" ]; then
+    KEY_EXPIRE=3650
+fi
+if [ -z "$CA_EXPIRE" ]; then
+    CA_EXPIRE=3650
+fi
+
+# Set organizational unit to empty string if undefined
+if [ -z "$KEY_OU" ]; then
+    KEY_OU=""
+fi
+
+# Set X509 Name string to empty string if undefined
+if [ -z "$KEY_NAME" ]; then
+    KEY_NAME=""
+fi
+
+# Set KEY_CN, FN
+if [ $DO_ROOT -eq 1 ]; then
+    if [ -z "$KEY_CN" ]; then
+	if [ "$1" ]; then
+	    KEY_CN="$1"
+	elif [ "$KEY_ORG" ]; then
+	    KEY_CN="$KEY_ORG CA"
+	fi
+    fi
+    if [ $BATCH ] && [ "$KEY_CN" ]; then
+	echo "Using CA Common Name:" "$KEY_CN"
+    fi
+    FN="$KEY_CN"
+elif [ $BATCH ] && [ "$KEY_CN" ]; then
+    echo "Using Common Name:" "$KEY_CN"
+    FN="$KEY_CN"
+    if [ "$1" ]; then
+	FN="$1"
+    fi
+else
+    if [ $# -ne 1 ]; then
+	usage
+	exit 1
+    else
+	KEY_CN="$1"
+    fi
+    FN="$KEY_CN"
+fi
+
+export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_NAME KEY_CN PKCS11_MODULE_PATH PKCS11_PIN
+
+# Show parameters (debugging)
+if [ $DEBUG -eq 1 ]; then
+    echo DO_REQ $DO_REQ
+    echo REQ_EXT $REQ_EXT
+    echo DO_CA $DO_CA
+    echo CA_EXT $CA_EXT
+    echo NODES_REQ $NODES_REQ
+    echo NODES_P12 $NODES_P12
+    echo DO_P12 $DO_P12
+    echo KEY_CN $KEY_CN
+    echo BATCH $BATCH
+    echo DO_ROOT $DO_ROOT
+    echo KEY_EXPIRE $KEY_EXPIRE
+    echo CA_EXPIRE $CA_EXPIRE
+    echo KEY_OU $KEY_OU
+    echo KEY_NAME $KEY_NAME
+    echo DO_P11 $DO_P11
+    echo PKCS11_MODULE_PATH $PKCS11_MODULE_PATH
+    echo PKCS11_SLOT $PKCS11_SLOT
+    echo PKCS11_ID $PKCS11_ID
+    echo PKCS11_LABEL $PKCS11_LABEL
+fi
+
+# Make sure ./vars was sourced beforehand
+if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" ]; then
+    cd "$KEY_DIR"
+
+    # Make sure $KEY_CONFIG points to the correct version
+    # of openssl.cnf
+    if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then
+	:
+    else
+	echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong"
+        echo "version of openssl.cnf: $KEY_CONFIG"
+	echo "The correct version should have a comment that says: easy-rsa version 2.x";
+	exit 1;
+    fi
+
+    # Build root CA
+    if [ $DO_ROOT -eq 1 ]; then
+	$OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE -sha1 \
+	    -x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \
+	    chmod 0600 "$CA.key"
+    else        
+        # Make sure CA key/cert is available
+	if [ $DO_CA -eq 1 ] || [ $DO_P12 -eq 1 ]; then
+	    if [ ! -r "$CA.crt" ] || [ ! -r "$CA.key" ]; then
+		echo "$PROGNAME: Need a readable $CA.crt and $CA.key in $KEY_DIR"
+		echo "Try $PROGNAME --initca to build a root certificate/key."
+		exit 1
+	    fi
+	fi
+
+	# Generate key for PKCS#11 token
+	PKCS11_ARGS=
+	if [ $DO_P11 -eq 1 ]; then
+	        stty -echo
+	        echo -n "User PIN: "
+	        read -r PKCS11_PIN
+	        stty echo
+		export PKCS11_PIN
+
+		echo "Generating key pair on PKCS#11 token..."
+		$PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \
+			--login --pin "$PKCS11_PIN" \
+			--key-type rsa:1024 \
+			--slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1
+		PKCS11_ARGS="-engine pkcs11 -keyform engine -key $PKCS11_SLOT:$PKCS11_ID"
+	fi
+
+        # Build cert/key
+	( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH -days $KEY_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \
+	        -keyout "$FN.key" -out "$FN.csr" $REQ_EXT -config "$KEY_CONFIG" $PKCS11_ARGS ) && \
+	    ( [ $DO_CA -eq 0 ]  || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$FN.crt" \
+	        -in "$FN.csr" $CA_EXT -md sha1 -config "$KEY_CONFIG" ) && \
+	    ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$FN.key" \
+	        -in "$FN.crt" -certfile "$CA.crt" -out "$FN.p12" $NODES_P12 ) && \
+	    ( [ $DO_CA -eq 0 -o $DO_P11 -eq 1 ]  || chmod 0600 "$FN.key" ) && \
+	    ( [ $DO_P12 -eq 0 ] || chmod 0600 "$FN.p12" )
+
+	# Load certificate into PKCS#11 token
+	if [ $DO_P11 -eq 1 ]; then
+		$OPENSSL x509 -in "$FN.crt" -inform PEM -out "$FN.crt.der" -outform DER && \
+		  $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$FN.crt.der" --type cert \
+			--login --pin "$PKCS11_PIN" \
+			--slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" 
+		[ -e "$FN.crt.der" ]; rm "$FN.crt.der"
+	fi
+
+    fi
+
+# Need definitions
+else
+    need_vars
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/revoke-full b/ANW-URB/openvpn/easy-rsa/2.0/revoke-full
new file mode 100755
index 0000000..4169c4c
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/revoke-full
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+# revoke a certificate, regenerate CRL,
+# and verify revocation
+
+CRL="crl.pem"
+RT="revoke-test.pem"
+
+if [ $# -ne 1 ]; then
+    echo "usage: revoke-full <cert-name-base>";
+    exit 1
+fi
+
+if [ "$KEY_DIR" ]; then
+    cd "$KEY_DIR"
+    rm -f "$RT"
+
+    # set defaults
+    export KEY_CN=""
+    export KEY_OU=""
+    export KEY_NAME=""
+
+    # revoke key and generate a new CRL
+    $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
+
+    # generate a new CRL -- try to be compatible with
+    # intermediate PKIs
+    $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
+    if [ -e export-ca.crt ]; then
+	cat export-ca.crt "$CRL" >"$RT"
+    else
+	cat ca.crt "$CRL" >"$RT"
+    fi
+    
+    # verify the revocation
+    $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/sign-req b/ANW-URB/openvpn/easy-rsa/2.0/sign-req
new file mode 100755
index 0000000..6cae7b4
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/sign-req
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Sign a certificate signing request (a .csr file)
+# with a local root certificate and key.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --sign $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/README.gz b/ANW-URB/openvpn/easy-rsa/2.0/tmp/README.gz
new file mode 100644
index 0000000..ad3896f
Binary files /dev/null and b/ANW-URB/openvpn/easy-rsa/2.0/tmp/README.gz differ
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-ca b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-ca
new file mode 100755
index 0000000..bce29a6
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-ca
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+#
+# Build a root certificate
+#
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --initca $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-dh b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-dh
new file mode 100755
index 0000000..4beb127
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-dh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+# Build Diffie-Hellman parameters for the server side
+# of an SSL/TLS connection.
+
+if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
+    $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-inter b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-inter
new file mode 100755
index 0000000..87bf98d
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-inter
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Make an intermediate CA certificate/private key pair using a locally generated
+# root certificate.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --inter $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-key b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-key
new file mode 100755
index 0000000..6c0fed8
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-key
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Make a certificate/private key pair using a locally generated
+# root certificate.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-key-pass b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-key-pass
new file mode 100755
index 0000000..8ef8307
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-key-pass
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Similar to build-key, but protect the private key
+# with a password.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --pass $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-key-pkcs12 b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-key-pkcs12
new file mode 100755
index 0000000..ba90e6a
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-key-pkcs12
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# Make a certificate/private key pair using a locally generated
+# root certificate and convert it to a PKCS #12 file including the
+# the CA certificate as well.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --pkcs12 $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-key-server b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-key-server
new file mode 100755
index 0000000..fee0194
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-key-server
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# Make a certificate/private key pair using a locally generated
+# root certificate.
+#
+# Explicitly set nsCertType to server using the "server"
+# extension in the openssl.cnf file.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --server $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-req b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-req
new file mode 100755
index 0000000..559d512
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-req
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Build a certificate signing request and private key.  Use this
+# when your root certificate and key is not available locally.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --csr $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-req-pass b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-req-pass
new file mode 100755
index 0000000..b73ee1b
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/build-req-pass
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Like build-req, but protect your private key
+# with a password.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --csr --pass $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/clean-all b/ANW-URB/openvpn/easy-rsa/2.0/tmp/clean-all
new file mode 100755
index 0000000..cc6e3b2
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/clean-all
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# Initialize the $KEY_DIR directory.
+# Note that this script does a
+# rm -rf on $KEY_DIR so be careful!
+
+if [ "$KEY_DIR" ]; then
+    rm -rf "$KEY_DIR"
+    mkdir "$KEY_DIR" && \
+	chmod go-rwx "$KEY_DIR" && \
+	touch "$KEY_DIR/index.txt" && \
+	echo 01 >"$KEY_DIR/serial"
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/file b/ANW-URB/openvpn/easy-rsa/2.0/tmp/file
new file mode 100644
index 0000000..1987bd7
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/file
@@ -0,0 +1 @@
+./openssl-1.0.0.cnf
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/inherit-inter b/ANW-URB/openvpn/easy-rsa/2.0/tmp/inherit-inter
new file mode 100755
index 0000000..aaa5168
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/inherit-inter
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# Build a new PKI which is rooted on an intermediate certificate generated
+# by ./build-inter or ./pkitool --inter from a parent PKI.  The new PKI should
+# have independent vars settings, and must use a different KEY_DIR directory
+# from the parent.  This tool can be used to generate arbitrary depth
+# certificate chains.
+#
+# To build an intermediate CA, follow the same steps for a regular PKI but
+# replace ./build-key or ./pkitool --initca with this script.
+
+# The EXPORT_CA file will contain the CA certificate chain and should be
+# referenced by the OpenVPN "ca" directive in config files.  The ca.crt file
+# will only contain the local intermediate CA -- it's needed by the easy-rsa
+# scripts but not by OpenVPN directly.
+EXPORT_CA="export-ca.crt"
+
+if [ $# -ne 2 ]; then
+    echo "usage: $0 <parent-key-dir> <common-name>"
+    echo "parent-key-dir: the KEY_DIR directory of the parent PKI"
+    echo "common-name: the common name of the intermediate certificate in the parent PKI"
+    exit 1;
+fi
+
+if [ "$KEY_DIR" ]; then
+    cp "$1/$2.crt" "$KEY_DIR/ca.crt"
+    cp "$1/$2.key" "$KEY_DIR/ca.key"
+
+    if [ -e "$1/$EXPORT_CA" ]; then
+	PARENT_CA="$1/$EXPORT_CA"
+    else
+	PARENT_CA="$1/ca.crt"
+    fi
+    cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA"
+    cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA"
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/list-crl b/ANW-URB/openvpn/easy-rsa/2.0/tmp/list-crl
new file mode 100755
index 0000000..d1d8a69
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/list-crl
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# list revoked certificates
+
+CRL="${1:-crl.pem}"
+
+if [ "$KEY_DIR" ]; then
+    cd "$KEY_DIR" && \
+	$OPENSSL crl -text -noout -in "$CRL"
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/openssl-0.9.6.cnf b/ANW-URB/openvpn/easy-rsa/2.0/tmp/openssl-0.9.6.cnf
new file mode 100644
index 0000000..d28341d
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/openssl-0.9.6.cnf
@@ -0,0 +1,265 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/openssl-1.0.0.cnf b/ANW-URB/openvpn/easy-rsa/2.0/tmp/openssl-1.0.0.cnf
new file mode 100644
index 0000000..da425aa
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/openssl-1.0.0.cnf
@@ -0,0 +1,285 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/pkitool b/ANW-URB/openvpn/easy-rsa/2.0/tmp/pkitool
new file mode 100755
index 0000000..49588f5
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/pkitool
@@ -0,0 +1,379 @@
+#!/bin/sh
+
+#  OpenVPN -- An application to securely tunnel IP networks
+#             over a single TCP/UDP port, with support for SSL/TLS-based
+#             session authentication and key exchange,
+#             packet encryption, packet authentication, and
+#             packet compression.
+#
+#  Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License version 2
+#  as published by the Free Software Foundation.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program (see the file COPYING included with this
+#  distribution); if not, write to the Free Software Foundation, Inc.,
+#  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# pkitool is a front-end for the openssl tool.
+
+# Calling scripts can set the certificate organizational 
+# unit with the KEY_OU environmental variable. 
+
+# Calling scripts can also set the KEY_NAME environmental
+# variable to set the "name" X509 subject field.
+
+PROGNAME=pkitool
+VERSION=2.0
+DEBUG=0
+
+die()
+{
+    local m="$1"
+
+    echo "$m" >&2
+    exit 1
+}
+
+need_vars()
+{
+    echo '  Please edit the vars script to reflect your configuration,'
+    echo '  then source it with "source ./vars".'
+    echo '  Next, to start with a fresh PKI configuration and to delete any'
+    echo '  previous certificates and keys, run "./clean-all".'
+    echo "  Finally, you can run this tool ($PROGNAME) to build certificates/keys."
+}
+
+usage()
+{
+    echo "$PROGNAME $VERSION"
+    echo "Usage: $PROGNAME [options...] [common-name]"
+    echo "Options:"
+    echo "  --batch    : batch mode (default)"
+    echo "  --keysize  : Set keysize"
+    echo "      size   : size (default=1024)"
+    echo "  --interact : interactive mode"
+    echo "  --server   : build server cert"
+    echo "  --initca   : build root CA"
+    echo "  --inter    : build intermediate CA"
+    echo "  --pass     : encrypt private key with password"
+    echo "  --csr      : only generate a CSR, do not sign"
+    echo "  --sign     : sign an existing CSR"
+    echo "  --pkcs12   : generate a combined PKCS#12 file"
+    echo "  --pkcs11   : generate certificate on PKCS#11 token"
+    echo "      lib    : PKCS#11 library"
+    echo "      slot   : PKCS#11 slot"
+    echo "      id     : PKCS#11 object id (hex string)"
+    echo "      label  : PKCS#11 object label"
+    echo "Standalone options:"
+    echo "  --pkcs11-slots   : list PKCS#11 slots"
+    echo "      lib    : PKCS#11 library"
+    echo "  --pkcs11-objects : list PKCS#11 token objects"
+    echo "      lib    : PKCS#11 library"
+    echo "      slot   : PKCS#11 slot"
+    echo "  --pkcs11-init    : initialize PKCS#11 token DANGEROUS!!!"
+    echo "      lib    : PKCS#11 library"
+    echo "      slot   : PKCS#11 slot"
+    echo "      label  : PKCS#11 token label"
+    echo "Notes:"
+    need_vars
+    echo "  In order to use PKCS#11 interface you must have opensc-0.10.0 or higher."
+    echo "Generated files and corresponding OpenVPN directives:"
+    echo '(Files will be placed in the $KEY_DIR directory, defined in ./vars)'
+    echo "  ca.crt     -> root certificate (--ca)"
+    echo "  ca.key     -> root key, keep secure (not directly used by OpenVPN)"
+    echo "  .crt files -> client/server certificates (--cert)"
+    echo "  .key files -> private keys, keep secure (--key)"
+    echo "  .csr files -> certificate signing request (not directly used by OpenVPN)"
+    echo "  dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)"
+    echo "Examples:"
+    echo "  $PROGNAME --initca          -> Build root certificate"
+    echo "  $PROGNAME --initca --pass   -> Build root certificate with password-protected key"
+    echo "  $PROGNAME --server server1  -> Build \"server1\" certificate/key"
+    echo "  $PROGNAME client1           -> Build \"client1\" certificate/key"
+    echo "  $PROGNAME --pass client2    -> Build password-protected \"client2\" certificate/key"
+    echo "  $PROGNAME --pkcs12 client3  -> Build \"client3\" certificate/key in PKCS#12 format"
+    echo "  $PROGNAME --csr client4     -> Build \"client4\" CSR to be signed by another CA"
+    echo "  $PROGNAME --sign client4    -> Sign \"client4\" CSR"
+    echo "  $PROGNAME --inter interca   -> Build an intermediate key-signing certificate/key"
+    echo "                               Also see ./inherit-inter script."
+    echo "  $PROGNAME --pkcs11 /usr/lib/pkcs11/lib1 0 010203 \"client5 id\" client5"
+    echo "                              -> Build \"client5\" certificate/key in PKCS#11 token"
+    echo "Typical usage for initial PKI setup.  Build myserver, client1, and client2 cert/keys."
+    echo "Protect client2 key with a password.  Build DH parms.  Generated files in ./keys :"
+    echo "  [edit vars with your site-specific info]"
+    echo "  source ./vars"
+    echo "  ./clean-all"
+    echo "  ./build-dh     -> takes a long time, consider backgrounding"
+    echo "  ./$PROGNAME --initca"
+    echo "  ./$PROGNAME --server myserver"
+    echo "  ./$PROGNAME client1"
+    echo "  ./$PROGNAME --pass client2"
+    echo "Typical usage for adding client cert to existing PKI:"
+    echo "  source ./vars"
+    echo "  ./$PROGNAME client-new"
+}
+
+# Set tool defaults
+[ -n "$OPENSSL" ] || export OPENSSL="openssl"
+[ -n "$PKCS11TOOL" ] || export PKCS11TOOL="pkcs11-tool"
+[ -n "$GREP" ] || export GREP="grep"
+
+# Set defaults
+DO_REQ="1"
+REQ_EXT=""
+DO_CA="1"
+CA_EXT=""
+DO_P12="0"
+DO_P11="0"
+DO_ROOT="0"
+NODES_REQ="-nodes"
+NODES_P12=""
+BATCH="-batch"
+CA="ca"
+# must be set or errors of openssl.cnf
+PKCS11_MODULE_PATH="dummy"
+PKCS11_PIN="dummy"
+
+# Process options
+while [ $# -gt 0 ]; do
+    case "$1" in
+        --keysize  ) KEY_SIZE=$2
+		     shift;;
+	--server   ) REQ_EXT="$REQ_EXT -extensions server"
+	             CA_EXT="$CA_EXT -extensions server" ;;
+	--batch    ) BATCH="-batch" ;;
+	--interact ) BATCH="" ;;
+        --inter    ) CA_EXT="$CA_EXT -extensions v3_ca" ;;
+        --initca   ) DO_ROOT="1" ;;
+	--pass     ) NODES_REQ="" ;;
+        --csr      ) DO_CA="0" ;;
+        --sign     ) DO_REQ="0" ;;
+        --pkcs12   ) DO_P12="1" ;;
+	--pkcs11   ) DO_P11="1"
+	             PKCS11_MODULE_PATH="$2"
+		     PKCS11_SLOT="$3"
+		     PKCS11_ID="$4"
+		     PKCS11_LABEL="$5"
+		     shift 4;;
+
+	# standalone
+	--pkcs11-init)
+	             PKCS11_MODULE_PATH="$2"
+	             PKCS11_SLOT="$3"
+	             PKCS11_LABEL="$4"
+		     if [ -z "$PKCS11_LABEL" ]; then
+		       die "Please specify library name, slot and label"
+		     fi
+		     $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-token --slot "$PKCS11_SLOT" \
+		     	--label "$PKCS11_LABEL" &&
+			$PKCS11TOOL --module "$PKCS11_MODULE_PATH" --init-pin --slot "$PKCS11_SLOT"
+		     exit $?;;
+	--pkcs11-slots)
+	             PKCS11_MODULE_PATH="$2"
+		     if [ -z "$PKCS11_MODULE_PATH" ]; then
+		       die "Please specify library name"
+		     fi
+		     $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-slots
+		     exit 0;;
+	--pkcs11-objects)
+	             PKCS11_MODULE_PATH="$2"
+	             PKCS11_SLOT="$3"
+		     if [ -z "$PKCS11_SLOT" ]; then
+		       die "Please specify library name and slot"
+		     fi
+		     $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --list-objects --login --slot "$PKCS11_SLOT"
+		     exit 0;;
+
+        --help|--usage)
+                    usage
+                    exit ;;
+        --version)
+                    echo "$PROGNAME $VERSION"
+                    exit ;;
+	# errors
+	--*        ) die "$PROGNAME: unknown option: $1" ;;
+	*          ) break ;;
+    esac
+    shift   
+done
+
+if ! [ -z "$BATCH" ]; then
+	if $OPENSSL version | grep 0.9.6 > /dev/null; then
+		die "Batch mode is unsupported in openssl<0.9.7"
+	fi
+fi
+
+if [ $DO_P12 -eq 1 -a $DO_P11 -eq 1 ]; then
+	die "PKCS#11 and PKCS#12 cannot be specified together"
+fi
+
+if [ $DO_P11 -eq 1 ]; then
+	if ! grep "^pkcs11.*=" "$KEY_CONFIG" > /dev/null; then
+		die "Please edit $KEY_CONFIG and setup PKCS#11 engine"
+	fi
+fi
+
+# If we are generating pkcs12, only encrypt the final step
+if [ $DO_P12 -eq 1 ]; then
+    NODES_P12="$NODES_REQ"
+    NODES_REQ="-nodes"
+fi
+
+if [ $DO_P11 -eq 1 ]; then
+	if [ -z "$PKCS11_LABEL" ]; then
+		die "PKCS#11 arguments incomplete"
+	fi
+fi
+
+# If undefined, set default key expiration intervals
+if [ -z "$KEY_EXPIRE" ]; then
+    KEY_EXPIRE=3650
+fi
+if [ -z "$CA_EXPIRE" ]; then
+    CA_EXPIRE=3650
+fi
+
+# Set organizational unit to empty string if undefined
+if [ -z "$KEY_OU" ]; then
+    KEY_OU=""
+fi
+
+# Set X509 Name string to empty string if undefined
+if [ -z "$KEY_NAME" ]; then
+    KEY_NAME=""
+fi
+
+# Set KEY_CN, FN
+if [ $DO_ROOT -eq 1 ]; then
+    if [ -z "$KEY_CN" ]; then
+	if [ "$1" ]; then
+	    KEY_CN="$1"
+	elif [ "$KEY_ORG" ]; then
+	    KEY_CN="$KEY_ORG CA"
+	fi
+    fi
+    if [ $BATCH ] && [ "$KEY_CN" ]; then
+	echo "Using CA Common Name:" "$KEY_CN"
+    fi
+    FN="$KEY_CN"
+elif [ $BATCH ] && [ "$KEY_CN" ]; then
+    echo "Using Common Name:" "$KEY_CN"
+    FN="$KEY_CN"
+    if [ "$1" ]; then
+	FN="$1"
+    fi
+else
+    if [ $# -ne 1 ]; then
+	usage
+	exit 1
+    else
+	KEY_CN="$1"
+    fi
+    FN="$KEY_CN"
+fi
+
+export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_NAME KEY_CN PKCS11_MODULE_PATH PKCS11_PIN
+
+# Show parameters (debugging)
+if [ $DEBUG -eq 1 ]; then
+    echo DO_REQ $DO_REQ
+    echo REQ_EXT $REQ_EXT
+    echo DO_CA $DO_CA
+    echo CA_EXT $CA_EXT
+    echo NODES_REQ $NODES_REQ
+    echo NODES_P12 $NODES_P12
+    echo DO_P12 $DO_P12
+    echo KEY_CN $KEY_CN
+    echo BATCH $BATCH
+    echo DO_ROOT $DO_ROOT
+    echo KEY_EXPIRE $KEY_EXPIRE
+    echo CA_EXPIRE $CA_EXPIRE
+    echo KEY_OU $KEY_OU
+    echo KEY_NAME $KEY_NAME
+    echo DO_P11 $DO_P11
+    echo PKCS11_MODULE_PATH $PKCS11_MODULE_PATH
+    echo PKCS11_SLOT $PKCS11_SLOT
+    echo PKCS11_ID $PKCS11_ID
+    echo PKCS11_LABEL $PKCS11_LABEL
+fi
+
+# Make sure ./vars was sourced beforehand
+if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" ]; then
+    cd "$KEY_DIR"
+
+    # Make sure $KEY_CONFIG points to the correct version
+    # of openssl.cnf
+    if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then
+	:
+    else
+	echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong"
+        echo "version of openssl.cnf: $KEY_CONFIG"
+	echo "The correct version should have a comment that says: easy-rsa version 2.x";
+	exit 1;
+    fi
+
+    # Build root CA
+    if [ $DO_ROOT -eq 1 ]; then
+	$OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE -sha1 \
+	    -x509 -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \
+	    chmod 0600 "$CA.key"
+    else        
+        # Make sure CA key/cert is available
+	if [ $DO_CA -eq 1 ] || [ $DO_P12 -eq 1 ]; then
+	    if [ ! -r "$CA.crt" ] || [ ! -r "$CA.key" ]; then
+		echo "$PROGNAME: Need a readable $CA.crt and $CA.key in $KEY_DIR"
+		echo "Try $PROGNAME --initca to build a root certificate/key."
+		exit 1
+	    fi
+	fi
+
+	# Generate key for PKCS#11 token
+	PKCS11_ARGS=
+	if [ $DO_P11 -eq 1 ]; then
+	        stty -echo
+	        echo -n "User PIN: "
+	        read -r PKCS11_PIN
+	        stty echo
+		export PKCS11_PIN
+
+		echo "Generating key pair on PKCS#11 token..."
+		$PKCS11TOOL --module "$PKCS11_MODULE_PATH" --keypairgen \
+			--login --pin "$PKCS11_PIN" \
+			--key-type rsa:1024 \
+			--slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" || exit 1
+		PKCS11_ARGS="-engine pkcs11 -keyform engine -key $PKCS11_SLOT:$PKCS11_ID"
+	fi
+
+        # Build cert/key
+	( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH -days $KEY_EXPIRE $NODES_REQ -new -newkey rsa:$KEY_SIZE \
+	        -keyout "$FN.key" -out "$FN.csr" $REQ_EXT -config "$KEY_CONFIG" $PKCS11_ARGS ) && \
+	    ( [ $DO_CA -eq 0 ]  || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$FN.crt" \
+	        -in "$FN.csr" $CA_EXT -md sha1 -config "$KEY_CONFIG" ) && \
+	    ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$FN.key" \
+	        -in "$FN.crt" -certfile "$CA.crt" -out "$FN.p12" $NODES_P12 ) && \
+	    ( [ $DO_CA -eq 0 -o $DO_P11 -eq 1 ]  || chmod 0600 "$FN.key" ) && \
+	    ( [ $DO_P12 -eq 0 ] || chmod 0600 "$FN.p12" )
+
+	# Load certificate into PKCS#11 token
+	if [ $DO_P11 -eq 1 ]; then
+		$OPENSSL x509 -in "$FN.crt" -inform PEM -out "$FN.crt.der" -outform DER && \
+		  $PKCS11TOOL --module "$PKCS11_MODULE_PATH" --write-object "$FN.crt.der" --type cert \
+			--login --pin "$PKCS11_PIN" \
+			--slot "$PKCS11_SLOT" --id "$PKCS11_ID" --label "$PKCS11_LABEL" 
+		[ -e "$FN.crt.der" ]; rm "$FN.crt.der"
+	fi
+
+    fi
+
+# Need definitions
+else
+    need_vars
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/revoke-full b/ANW-URB/openvpn/easy-rsa/2.0/tmp/revoke-full
new file mode 100755
index 0000000..4169c4c
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/revoke-full
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+# revoke a certificate, regenerate CRL,
+# and verify revocation
+
+CRL="crl.pem"
+RT="revoke-test.pem"
+
+if [ $# -ne 1 ]; then
+    echo "usage: revoke-full <cert-name-base>";
+    exit 1
+fi
+
+if [ "$KEY_DIR" ]; then
+    cd "$KEY_DIR"
+    rm -f "$RT"
+
+    # set defaults
+    export KEY_CN=""
+    export KEY_OU=""
+    export KEY_NAME=""
+
+    # revoke key and generate a new CRL
+    $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG"
+
+    # generate a new CRL -- try to be compatible with
+    # intermediate PKIs
+    $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG"
+    if [ -e export-ca.crt ]; then
+	cat export-ca.crt "$CRL" >"$RT"
+    else
+	cat ca.crt "$CRL" >"$RT"
+    fi
+    
+    # verify the revocation
+    $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt"
+else
+    echo 'Please source the vars script first (i.e. "source ./vars")'
+    echo 'Make sure you have edited it to reflect your configuration.'
+fi
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/sign-req b/ANW-URB/openvpn/easy-rsa/2.0/tmp/sign-req
new file mode 100755
index 0000000..6cae7b4
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/sign-req
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# Sign a certificate signing request (a .csr file)
+# with a local root certificate and key.
+
+export EASY_RSA="${EASY_RSA:-.}"
+"$EASY_RSA/pkitool" --interact --sign $*
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/vars b/ANW-URB/openvpn/easy-rsa/2.0/tmp/vars
new file mode 100644
index 0000000..2ea1ced
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/vars
@@ -0,0 +1,74 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=1024
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL=mail@host.domain
+export KEY_CN=changeme
+export KEY_NAME=changeme
+export KEY_OU=changeme
+export PKCS11_MODULE_PATH=changeme
+export PKCS11_PIN=1234
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/tmp/whichopensslcnf b/ANW-URB/openvpn/easy-rsa/2.0/tmp/whichopensslcnf
new file mode 100755
index 0000000..94225cb
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/tmp/whichopensslcnf
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+cnf="$1/openssl.cnf"
+if [ "$OPENSSL" ]; then
+	if $OPENSSL version | grep 0.9.6 > /dev/null; then
+		cnf="$1/openssl-0.9.6.cnf"
+	elif $OPENSSL version | grep -E "1\.0\.([[:digit:]][[:alnum:]])" > /dev/null; then
+                cnf="$1/openssl-1.0.0.cnf"
+	else
+		cnf="$1/openssl.cnf"
+	fi
+fi
+
+echo $cnf
+
+if [ ! -r $cnf ]; then
+    echo "**************************************************************" >&2
+    echo "  No $cnf file could be found" >&2
+    echo "  Further invocations will fail" >&2
+    echo "**************************************************************" >&2
+fi 
+
+exit 0
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/vars b/ANW-URB/openvpn/easy-rsa/2.0/vars
new file mode 100644
index 0000000..68b5f30
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/vars
@@ -0,0 +1,86 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+BASE_DIR=/etc/openvpn
+export EASY_RSA="${BASE_DIR}/easy-rsa/2.0"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="${BASE_DIR}/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=1024
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+##export KEY_PROVINCE="CA"
+##export KEY_CITY="SanFrancisco"
+##export KEY_ORG="Fort-Funston"
+##export KEY_EMAIL="me@myhost.mydomain"
+##export KEY_EMAIL=mail@host.domain
+export KEY_CN=changeme
+export KEY_NAME=changeme
+##export KEY_OU=changeme
+export PKCS11_MODULE_PATH=changeme
+export PKCS11_PIN=1234
+
+export KEY_COUNTRY=DE
+export KEY_PROVINCE=Berlin
+export KEY_CITY=Berlin
+export KEY_ORG="o.open"
+export KEY_OU="Netzwerk Services"
+export KEY_EMAIL="argus@oopen.de"
+
+
diff --git a/ANW-URB/openvpn/easy-rsa/2.0/whichopensslcnf b/ANW-URB/openvpn/easy-rsa/2.0/whichopensslcnf
new file mode 100755
index 0000000..2226a8e
--- /dev/null
+++ b/ANW-URB/openvpn/easy-rsa/2.0/whichopensslcnf
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+cnf="$1/openssl.cnf"
+
+if [ "$OPENSSL" ]; then
+	if $OPENSSL version | grep -E "0\.9\.6[[:alnum:]]" > /dev/null; then
+		cnf="$1/openssl-0.9.6.cnf"
+	elif $OPENSSL version | grep -E "0\.9\.8[[:alnum:]]" > /dev/null; then
+		cnf="$1/openssl-0.9.8.cnf"
+	elif $OPENSSL version | grep -E "1\.0\.([[:digit:]][[:alnum:]])" > /dev/null; then
+                cnf="$1/openssl-1.0.0.cnf"
+	else
+		cnf="$1/openssl.cnf"
+	fi
+fi
+
+echo $cnf
+
+if [ ! -r $cnf ]; then
+    echo "**************************************************************" >&2
+    echo "  No $cnf file could be found" >&2
+    echo "  Further invocations will fail" >&2
+    echo "**************************************************************" >&2
+fi
+
+exit 0
diff --git a/ANW-URB/openvpn/ipaddresses.txt b/ANW-URB/openvpn/ipaddresses.txt
new file mode 100644
index 0000000..ba916f0
--- /dev/null
+++ b/ANW-URB/openvpn/ipaddresses.txt
@@ -0,0 +1,7 @@
+10.0.63.1   openvpn server
+10.0.63.2   -- chris --
+10.0.63.3   -- frei --
+10.0.63.4   -- frei --
+10.0.63.5   undine
+10.0.63.6   -- frei --
+
diff --git a/ANW-URB/openvpn/ipp.txt b/ANW-URB/openvpn/ipp.txt
new file mode 100644
index 0000000..e69de29
diff --git a/ANW-URB/openvpn/keys/01.pem b/ANW-URB/openvpn/keys/01.pem
new file mode 100644
index 0000000..b8a81df
--- /dev/null
+++ b/ANW-URB/openvpn/keys/01.pem
@@ -0,0 +1,70 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 23:13:53 2008 GMT
+            Not After : Jun 29 23:13:53 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN-server/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d0:5b:9b:21:03:ec:db:17:cf:35:f5:5b:de:6b:
+                    a9:1a:69:cc:09:c8:6e:a2:4a:36:66:10:9b:00:2c:
+                    1a:bd:59:6f:0f:b8:35:22:8e:8e:b0:e4:07:94:6c:
+                    cd:7b:35:6a:3e:36:ff:28:eb:2a:78:3a:06:69:82:
+                    90:3f:8d:c9:7b:5b:b7:1d:f6:df:c0:65:ea:da:50:
+                    f9:6b:94:b2:94:89:5f:3c:75:a2:13:9c:37:6c:11:
+                    7f:c8:88:e6:73:3d:67:6e:27:98:33:82:ee:76:35:
+                    a6:f2:b5:f7:5f:a2:f2:b9:c7:90:e2:b1:d2:20:c6:
+                    ee:45:a0:34:27:a3:a8:d3:f1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                OpenSSL Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                38:93:19:84:8B:74:C0:F1:0C:C9:19:EF:68:80:99:CE:07:FD:97:07
+            X509v3 Authority Key Identifier: 
+                keyid:D8:DF:4E:1D:32:12:1B:71:A6:34:C3:F0:FE:25:1A:62:FE:57:11:67
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+                serial:97:D2:DD:71:C9:58:DF:7F
+
+    Signature Algorithm: md5WithRSAEncryption
+        2c:ee:2e:ff:76:a8:c1:37:71:19:f8:7c:86:68:56:55:03:18:
+        48:94:7b:3b:ad:6e:30:16:7d:ef:14:15:94:5b:48:7d:78:2b:
+        04:66:38:c9:1a:64:7b:df:aa:ab:95:24:9c:3f:53:3c:3c:03:
+        c1:21:4a:00:18:d7:db:6d:45:79:ea:cf:5e:2f:bf:a2:8f:b6:
+        33:45:02:a7:86:e7:17:35:72:30:ba:01:07:e1:16:57:8f:ca:
+        00:5d:7d:27:39:27:e3:25:d2:06:37:52:d4:41:9c:92:1e:05:
+        09:8b:4e:06:d8:9c:0e:6e:1b:5b:1c:cb:f4:99:a6:5d:c5:7d:
+        d5:94
+-----BEGIN CERTIFICATE-----
+MIID1DCCAz2gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1VcmJh
+bi1WUE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDcwMTIz
+MTM1M1oXDTE4MDYyOTIzMTM1M1owgYgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNl
+czEdMBsGA1UEAxMUQU5XLVVyYmFuLVZQTi1zZXJ2ZXIxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQW5sh
+A+zbF8819Vvea6kaacwJyG6iSjZmEJsALBq9WW8PuDUijo6w5AeUbM17NWo+Nv8o
+6yp4OgZpgpA/jcl7W7cd9t/AZeraUPlrlLKUiV88daITnDdsEX/IiOZzPWduJ5gz
+gu52NabytfdfovK5x5DisdIgxu5FoDQno6jT8QIDAQABo4IBQDCCATwwCQYDVR0T
+BAIwADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wg
+R2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUOJMZhIt0wPEM
+yRnvaICZzgf9lwcwgccGA1UdIwSBvzCBvIAU2N9OHTISG3GmNMPw/iUaYv5XEWeh
+gZikgZUwgZIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
+BkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZp
+Y2VzMRYwFAYDVQQDEw1BTlctVXJiYW4tVlBOMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZYIJAJfS3XHJWN9/MA0GCSqGSIb3DQEBBAUAA4GBACzuLv92qME3
+cRn4fIZoVlUDGEiUezutbjAWfe8UFZRbSH14KwRmOMkaZHvfqquVJJw/Uzw8A8Eh
+SgAY19ttRXnqz14vv6KPtjNFAqeG5xc1cjC6AQfhFlePygBdfSc5J+Ml0gY3UtRB
+nJIeBQmLTgbYnA5uG1scy/SZpl3FfdWU
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/keys/02.pem b/ANW-URB/openvpn/keys/02.pem
new file mode 100644
index 0000000..99e2b13
--- /dev/null
+++ b/ANW-URB/openvpn/keys/02.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 23:15:58 2008 GMT
+            Not After : Jun 29 23:15:58 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN-undine/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c8:62:7d:b2:40:a2:db:94:db:5a:e6:21:70:a5:
+                    c9:a6:9e:72:5e:ec:a3:6e:ff:94:f1:cc:86:20:0f:
+                    73:f5:0d:12:9a:f8:3a:8a:9c:d9:71:fc:37:e3:bf:
+                    5b:c6:a3:70:b6:c8:c9:37:a4:b1:74:91:77:f2:6e:
+                    33:bf:fd:76:89:ee:34:f8:2b:3b:e9:02:03:c3:70:
+                    56:6d:f7:7a:e6:a6:9a:85:5d:c4:5f:27:90:2c:f4:
+                    b9:64:86:f4:75:c4:8e:02:04:18:6d:5a:9d:e7:64:
+                    fd:5e:af:7f:24:f7:a4:2b:f0:03:41:0f:3c:fb:26:
+                    38:66:34:8b:d7:9e:1f:0b:a5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                C8:0A:A1:82:F7:2E:F1:96:D2:2C:61:D9:B2:09:0C:6E:FF:08:DB:78
+            X509v3 Authority Key Identifier: 
+                keyid:D8:DF:4E:1D:32:12:1B:71:A6:34:C3:F0:FE:25:1A:62:FE:57:11:67
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+                serial:97:D2:DD:71:C9:58:DF:7F
+
+    Signature Algorithm: md5WithRSAEncryption
+        50:0e:8c:69:68:3a:4f:80:85:62:1f:d9:17:c1:af:f0:12:e3:
+        12:b8:63:52:d8:b6:bb:34:e2:c5:bc:88:a5:a0:eb:fd:1f:62:
+        32:6c:da:d7:c4:1d:75:e7:97:4f:92:d6:9c:a4:24:5f:f4:4c:
+        22:ce:87:3f:6a:d8:2f:90:2c:56:b5:91:ec:6a:bb:af:95:3d:
+        84:64:01:8b:9f:64:55:80:e1:2c:08:de:1f:d6:3d:d8:25:84:
+        fd:80:36:fc:b9:cf:ee:83:31:97:0f:72:2d:8e:a5:a7:0f:90:
+        0c:c6:5f:fb:75:a2:ca:75:81:ca:78:a1:9e:92:4a:72:a5:54:
+        b5:78
+-----BEGIN CERTIFICATE-----
+MIIDujCCAyOgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1VcmJh
+bi1WUE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDcwMTIz
+MTU1OFoXDTE4MDYyOTIzMTU1OFowgYgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNl
+czEdMBsGA1UEAxMUQU5XLVVyYmFuLVZQTi11bmRpbmUxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIYn2y
+QKLblNta5iFwpcmmnnJe7KNu/5TxzIYgD3P1DRKa+DqKnNlx/Dfjv1vGo3C2yMk3
+pLF0kXfybjO//XaJ7jT4KzvpAgPDcFZt93rmppqFXcRfJ5As9LlkhvR1xI4CBBht
+Wp3nZP1er38k96Qr8ANBDzz7JjhmNIvXnh8LpQIDAQABo4IBJjCCASIwCQYDVR0T
+BAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNh
+dGUwHQYDVR0OBBYEFMgKoYL3LvGW0ixh2bIJDG7/CNt4MIHHBgNVHSMEgb8wgbyA
+FNjfTh0yEhtxpjTD8P4lGmL+VxFnoYGYpIGVMIGSMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
+MBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEWMBQGA1UEAxMNQU5XLVVyYmFuLVZQ
+TjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCX0t1xyVjffzANBgkq
+hkiG9w0BAQQFAAOBgQBQDoxpaDpPgIViH9kXwa/wEuMSuGNS2La7NOLFvIiloOv9
+H2IybNrXxB1155dPktacpCRf9Ewizoc/atgvkCxWtZHsaruvlT2EZAGLn2RVgOEs
+CN4f1j3YJYT9gDb8uc/ugzGXD3ItjqWnD5AMxl/7daLKdYHKeKGekkpypVS1eA==
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/keys/03.pem b/ANW-URB/openvpn/keys/03.pem
new file mode 100644
index 0000000..826840e
--- /dev/null
+++ b/ANW-URB/openvpn/keys/03.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 23:17:00 2008 GMT
+            Not After : Jun 29 23:17:00 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN-chris/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e9:62:11:b8:ec:c5:0d:8a:33:18:ab:67:f8:19:
+                    bc:aa:5e:d4:65:07:2a:6c:bf:02:8e:69:b4:9f:06:
+                    51:b0:b8:ad:6d:0b:a8:69:63:eb:e1:f6:63:1b:36:
+                    ea:c2:46:fa:00:63:88:c5:b9:ab:8a:40:59:79:43:
+                    9e:0e:0d:2a:e8:8b:8e:dc:8c:4f:1d:49:c6:42:ab:
+                    46:ad:8b:9f:de:10:19:b0:db:a3:e6:f1:bc:0a:0e:
+                    64:bb:17:f9:08:91:87:ef:5c:60:27:b7:d5:f9:65:
+                    6e:43:c7:df:7f:20:2e:14:7f:dc:e5:8b:1f:01:53:
+                    fc:09:57:43:c6:21:90:3b:d5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                97:35:1E:8C:65:D7:C1:65:C1:D7:68:66:6F:BB:C9:82:A3:18:14:EE
+            X509v3 Authority Key Identifier: 
+                keyid:D8:DF:4E:1D:32:12:1B:71:A6:34:C3:F0:FE:25:1A:62:FE:57:11:67
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+                serial:97:D2:DD:71:C9:58:DF:7F
+
+    Signature Algorithm: md5WithRSAEncryption
+        1e:37:9a:a6:dd:39:43:87:a0:a9:d4:4c:0e:d9:5e:f6:43:0a:
+        6e:2a:e8:5d:06:76:c8:4c:6c:ef:dc:21:22:4f:59:aa:4d:6f:
+        21:3f:e5:3d:d5:7f:df:14:84:04:1d:78:0b:12:d2:00:89:09:
+        75:6a:55:f6:a5:0a:9f:47:56:49:53:98:38:23:94:4b:cf:5b:
+        57:1c:21:e0:f2:fb:4a:78:63:ad:fd:e4:1c:57:1c:ed:1d:45:
+        ae:85:6f:8a:9f:0f:1f:ea:34:ad:42:b4:18:77:dd:9f:86:9f:
+        48:28:0f:22:cc:c3:42:2b:7a:9f:f3:d2:ee:c3:20:7b:fa:d4:
+        a9:85
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAyKgAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1VcmJh
+bi1WUE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDcwMTIz
+MTcwMFoXDTE4MDYyOTIzMTcwMFowgYcxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNl
+czEcMBoGA1UEAxMTQU5XLVVyYmFuLVZQTi1jaHJpczEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOliEbjs
+xQ2KMxirZ/gZvKpe1GUHKmy/Ao5ptJ8GUbC4rW0LqGlj6+H2Yxs26sJG+gBjiMW5
+q4pAWXlDng4NKuiLjtyMTx1JxkKrRq2Ln94QGbDbo+bxvAoOZLsX+QiRh+9cYCe3
+1fllbkPH338gLhR/3OWLHwFT/AlXQ8YhkDvVAgMBAAGjggEmMIIBIjAJBgNVHRME
+AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQUlzUejGXXwWXB12hmb7vJgqMYFO4wgccGA1UdIwSBvzCBvIAU
+2N9OHTISG3GmNMPw/iUaYv5XEWehgZikgZUwgZIxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkw
+FwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1BTlctVXJiYW4tVlBO
+MR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJAJfS3XHJWN9/MA0GCSqG
+SIb3DQEBBAUAA4GBAB43mqbdOUOHoKnUTA7ZXvZDCm4q6F0GdshMbO/cISJPWapN
+byE/5T3Vf98UhAQdeAsS0gCJCXVqVfalCp9HVklTmDgjlEvPW1ccIeDy+0p4Y639
+5BxXHO0dRa6Fb4qfDx/qNK1CtBh33Z+Gn0goDyLMw0Irep/z0u7DIHv61KmF
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/keys/04.pem b/ANW-URB/openvpn/keys/04.pem
new file mode 100644
index 0000000..5320c64
--- /dev/null
+++ b/ANW-URB/openvpn/keys/04.pem
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Sep 18 00:00:05 2013 GMT
+            Not After : Sep 16 00:00:05 2023 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Netzwerk Services, CN=ANW-URB-VPN-gw-ckubu/name=Christoph Kuchenbuch/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:d7:02:6c:3b:15:f3:97:28:c0:5e:8d:24:ac:9a:
+                    9f:cd:11:f6:9d:5e:a5:5f:5d:3d:42:a5:de:b0:35:
+                    b5:d7:b1:e0:e0:f8:f3:29:53:7f:33:78:18:92:67:
+                    1c:aa:f9:16:48:5b:19:d3:cb:8d:d4:fe:1b:84:d9:
+                    e2:89:1a:85:5c:0b:93:c3:9d:6d:a8:4e:72:65:84:
+                    16:d6:02:6c:b0:0d:00:46:e3:06:15:54:bc:a8:84:
+                    80:f1:a9:93:b0:7a:a3:57:31:3a:9b:aa:29:9b:39:
+                    34:e2:64:df:4c:d5:3c:6c:c5:1c:3a:4b:26:ee:5e:
+                    58:e9:29:9b:42:ce:ef:90:5b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                5C:5B:7D:20:D6:16:C4:CD:E8:D8:F9:FF:86:B5:ED:8C:83:CF:90:C5
+            X509v3 Authority Key Identifier: 
+                keyid:D8:DF:4E:1D:32:12:1B:71:A6:34:C3:F0:FE:25:1A:62:FE:57:11:67
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+                serial:97:D2:DD:71:C9:58:DF:7F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         c3:95:2b:e3:f8:62:d2:5e:b8:02:bc:a9:11:f8:bb:f5:0a:04:
+         fe:a3:68:e7:c1:97:f0:44:77:c7:54:98:4a:dd:b9:df:76:4b:
+         2c:d5:4c:a1:9e:e6:da:5f:d0:e4:73:c1:63:6e:29:ef:3c:79:
+         82:0e:f1:59:ca:8d:41:aa:22:42:e6:e2:88:ba:00:91:b1:f6:
+         f5:15:03:db:72:ab:39:01:c7:ee:19:25:c1:fd:ff:5d:30:b2:
+         ff:76:70:e9:3b:4f:88:af:14:68:8b:63:e2:a6:9c:e6:05:0e:
+         eb:b9:9f:3d:04:2e:9f:34:c1:14:53:69:3e:5a:c3:2e:ab:8e:
+         12:72
+-----BEGIN CERTIFICATE-----
+MIIEDjCCA3egAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1VcmJh
+bi1WUE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEzMDkxODAw
+MDAwNVoXDTIzMDkxNjAwMDAwNVowgbkxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRowGAYDVQQL
+ExFOZXR6d2VyayBTZXJ2aWNlczEdMBsGA1UEAxMUQU5XLVVSQi1WUE4tZ3ctY2t1
+YnUxHTAbBgNVBCkTFENocmlzdG9waCBLdWNoZW5idWNoMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1wJs
+OxXzlyjAXo0krJqfzRH2nV6lX109QqXesDW117Hg4PjzKVN/M3gYkmccqvkWSFsZ
+08uN1P4bhNniiRqFXAuTw51tqE5yZYQW1gJssA0ARuMGFVS8qISA8amTsHqjVzE6
+m6opmzk04mTfTNU8bMUcOksm7l5Y6SmbQs7vkFsCAwEAAaOCAUkwggFFMAkGA1Ud
+EwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZp
+Y2F0ZTAdBgNVHQ4EFgQUXFt9INYWxM3o2Pn/hrXtjIPPkMUwgccGA1UdIwSBvzCB
+vIAU2N9OHTISG3GmNMPw/iUaYv5XEWehgZikgZUwgZIxCzAJBgNVBAYTAkRFMQ8w
+DQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVu
+MRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1BTlctVXJiYW4t
+VlBOMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJAJfS3XHJWN9/MBMG
+A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQUFAAOB
+gQDDlSvj+GLSXrgCvKkR+Lv1CgT+o2jnwZfwRHfHVJhK3bnfdkss1UyhnubaX9Dk
+c8FjbinvPHmCDvFZyo1BqiJC5uKIugCRsfb1FQPbcqs5AcfuGSXB/f9dMLL/dnDp
+O0+IrxRoi2PippzmBQ7ruZ89BC6fNMEUU2k+WsMuq44Scg==
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/keys/ca.crt b/ANW-URB/openvpn/keys/ca.crt
new file mode 100644
index 0000000..dc96316
--- /dev/null
+++ b/ANW-URB/openvpn/keys/ca.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAwigAwIBAgIJAJfS3XHJWN9/MA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEWMBQGA1UEAxMN
+QU5XLVVyYmFuLVZQTjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcN
+MDgwNzAxMjMwOTQyWhcNMTgwNjI5MjMwOTQyWjCBkjELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1VcmJhbi1W
+UE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDXN4KAEcJwYICMNTL47p3grgBwylUtkjtjJdmUVo8k85jR
+nZSlj592rDPB7/G1o7qU8vEQlmIQSjkfC/ViuMlS38kmn+1B8kVpqoUPWZ8PRnm5
+JHWRK6TD8LjHCEZKr1hfaviddbK8Exg7b+Va3Pz0eAqS/BfuuRXdrZYJTdiuDQID
+AQABo4H6MIH3MB0GA1UdDgQWBBTY304dMhIbcaY0w/D+JRpi/lcRZzCBxwYDVR0j
+BIG/MIG8gBTY304dMhIbcaY0w/D+JRpi/lcRZ6GBmKSBlTCBkjELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1V
+cmJhbi1WUE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkAl9LdcclY
+338wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCtIEYEN8d5imgML5V3
+OnwSN+aAm6hobm6IE1fFj+G6RyvcewrLaKybXljBe2sLB4TdK3CUntoJ7yaw28xl
+5u1rBmzFI7r/xNwdU+qurpb121yMnwQSSgF0bVpDZHdz4+V1+V4Lor8bvmqOIfsH
+YMgxU+nNxqoPlGaO1xxcEuK78g==
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/keys/ca.key b/ANW-URB/openvpn/keys/ca.key
new file mode 100644
index 0000000..9cf8727
--- /dev/null
+++ b/ANW-URB/openvpn/keys/ca.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDXN4KAEcJwYICMNTL47p3grgBwylUtkjtjJdmUVo8k85jRnZSl
+j592rDPB7/G1o7qU8vEQlmIQSjkfC/ViuMlS38kmn+1B8kVpqoUPWZ8PRnm5JHWR
+K6TD8LjHCEZKr1hfaviddbK8Exg7b+Va3Pz0eAqS/BfuuRXdrZYJTdiuDQIDAQAB
+AoGATTRWlkbIr7OOqb1z2aUP8ce51LxgrgZlU34CfZpHo4PXcGrNJk9Nby77Kjk/
+Rl/D0ScNn1uzNhDKSP7rOkz7uxyRLkh2GQIHOgCD4qvGVyvy1zjOWOrTjrl1RbOF
+QGNE3tNK9c8JuYGrxJPUIME61f7V8PQK98AmPVXaCR+u+GkCQQDzzLKHY3CnS5jh
+JeMD8XBTPEHYLL/yWp8qT1DgPsV6gebKrMOxWL/7pUfYMWRV4fItGcRAvAGLlN5G
+Pwhb0VGfAkEA4fyj5wLX7wxp43aHLJ2gJRFlfMnl9yUPh8zjGleqDI5+dfvp3GZC
+9rPvLRIEA+tjlBfx4bYAnQHXe9FoMqSY0wJBAM2Bb7/WH6C1haHLuOea/i77bRlW
+51nX77DPeQH9h6LzmuKe7LoycGoj8UKYp9YJBoXj4V0b3UWWcCLQgTA8aksCQEqP
+p6hVqNcnWlyBQ/I1g5wXVEvK9YQIh0pAEIIlgGaqMRFOb4eXeeqZzYUqV4bPiEhZ
+aiYVfbhP3j/tBJsI8Z8CQBDV21UILY09GiskhCKppEOaOgbD9e9YJ+fVxAl9bNAm
+0bxTK6lO4hhiSbPosS8h+rJEE/NRUNEuxrc4CvNdoTo=
+-----END RSA PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/keys/chris.crt b/ANW-URB/openvpn/keys/chris.crt
new file mode 100644
index 0000000..826840e
--- /dev/null
+++ b/ANW-URB/openvpn/keys/chris.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 23:17:00 2008 GMT
+            Not After : Jun 29 23:17:00 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN-chris/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e9:62:11:b8:ec:c5:0d:8a:33:18:ab:67:f8:19:
+                    bc:aa:5e:d4:65:07:2a:6c:bf:02:8e:69:b4:9f:06:
+                    51:b0:b8:ad:6d:0b:a8:69:63:eb:e1:f6:63:1b:36:
+                    ea:c2:46:fa:00:63:88:c5:b9:ab:8a:40:59:79:43:
+                    9e:0e:0d:2a:e8:8b:8e:dc:8c:4f:1d:49:c6:42:ab:
+                    46:ad:8b:9f:de:10:19:b0:db:a3:e6:f1:bc:0a:0e:
+                    64:bb:17:f9:08:91:87:ef:5c:60:27:b7:d5:f9:65:
+                    6e:43:c7:df:7f:20:2e:14:7f:dc:e5:8b:1f:01:53:
+                    fc:09:57:43:c6:21:90:3b:d5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                97:35:1E:8C:65:D7:C1:65:C1:D7:68:66:6F:BB:C9:82:A3:18:14:EE
+            X509v3 Authority Key Identifier: 
+                keyid:D8:DF:4E:1D:32:12:1B:71:A6:34:C3:F0:FE:25:1A:62:FE:57:11:67
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+                serial:97:D2:DD:71:C9:58:DF:7F
+
+    Signature Algorithm: md5WithRSAEncryption
+        1e:37:9a:a6:dd:39:43:87:a0:a9:d4:4c:0e:d9:5e:f6:43:0a:
+        6e:2a:e8:5d:06:76:c8:4c:6c:ef:dc:21:22:4f:59:aa:4d:6f:
+        21:3f:e5:3d:d5:7f:df:14:84:04:1d:78:0b:12:d2:00:89:09:
+        75:6a:55:f6:a5:0a:9f:47:56:49:53:98:38:23:94:4b:cf:5b:
+        57:1c:21:e0:f2:fb:4a:78:63:ad:fd:e4:1c:57:1c:ed:1d:45:
+        ae:85:6f:8a:9f:0f:1f:ea:34:ad:42:b4:18:77:dd:9f:86:9f:
+        48:28:0f:22:cc:c3:42:2b:7a:9f:f3:d2:ee:c3:20:7b:fa:d4:
+        a9:85
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAyKgAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1VcmJh
+bi1WUE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDcwMTIz
+MTcwMFoXDTE4MDYyOTIzMTcwMFowgYcxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNl
+czEcMBoGA1UEAxMTQU5XLVVyYmFuLVZQTi1jaHJpczEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOliEbjs
+xQ2KMxirZ/gZvKpe1GUHKmy/Ao5ptJ8GUbC4rW0LqGlj6+H2Yxs26sJG+gBjiMW5
+q4pAWXlDng4NKuiLjtyMTx1JxkKrRq2Ln94QGbDbo+bxvAoOZLsX+QiRh+9cYCe3
+1fllbkPH338gLhR/3OWLHwFT/AlXQ8YhkDvVAgMBAAGjggEmMIIBIjAJBgNVHRME
+AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQUlzUejGXXwWXB12hmb7vJgqMYFO4wgccGA1UdIwSBvzCBvIAU
+2N9OHTISG3GmNMPw/iUaYv5XEWehgZikgZUwgZIxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkw
+FwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1BTlctVXJiYW4tVlBO
+MR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJAJfS3XHJWN9/MA0GCSqG
+SIb3DQEBBAUAA4GBAB43mqbdOUOHoKnUTA7ZXvZDCm4q6F0GdshMbO/cISJPWapN
+byE/5T3Vf98UhAQdeAsS0gCJCXVqVfalCp9HVklTmDgjlEvPW1ccIeDy+0p4Y639
+5BxXHO0dRa6Fb4qfDx/qNK1CtBh33Z+Gn0goDyLMw0Irep/z0u7DIHv61KmF
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/keys/chris.csr b/ANW-URB/openvpn/keys/chris.csr
new file mode 100644
index 0000000..fabf476
--- /dev/null
+++ b/ANW-URB/openvpn/keys/chris.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB2TCCAUICAQAwgZgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRwwGgYDVQQDExNBTlctVXJiYW4tVlBOLWNocmlzMR0wGwYJKoZI
+hvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEA6WIRuOzFDYozGKtn+Bm8ql7UZQcqbL8Cjmm0nwZRsLitbQuoaWPr4fZjGzbq
+wkb6AGOIxbmrikBZeUOeDg0q6IuO3IxPHUnGQqtGrYuf3hAZsNuj5vG8Cg5kuxf5
+CJGH71xgJ7fV+WVuQ8fffyAuFH/c5YsfAVP8CVdDxiGQO9UCAwEAAaAAMA0GCSqG
+SIb3DQEBBQUAA4GBAMmA43TxDhInXxBpuJwRlk2hnY/nXZW1IrfQtpVC6v8WM+e1
+zWx9PNvV7Y6ocaFdGhxqnjUzkKb7lCfQ11aL6ehc5w9NWY8MaZ8J5N4u5ipr/pbO
+FdQKr8D44iHJ7a93cOsE0wDPGBpk5rp8Z2TsLaLYGQuoCNQEoFk6YB57CzB4
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-URB/openvpn/keys/chris.key b/ANW-URB/openvpn/keys/chris.key
new file mode 100644
index 0000000..d54210a
--- /dev/null
+++ b/ANW-URB/openvpn/keys/chris.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,3CEBF9073B3CB899
+
+5xX8Lu3DsaALocEwU7TDMEldu4UN2e6kIVoiN4+vjtH0A1BBdRhLjP2boTh6LyT7
+FObWp9OBmY6nXhDHGKIUB7QJFX69GeIaRdidDZmDmRgh9DnJFQF0eQfN9S4IYcW5
+Lm2Qehwc+Evno176WuX5mOQJ112UCRPf6mI1WwVloz20rvKebVtdZ9RLz9TlZToQ
+icwy93R8JjTLsFZnuUZzhECAXlkNGb7BS23J+w3yZmQhHAHDICL1qU8EDKxE8+XD
++uUCSaLhzpP6/LVdE1R+0027oa64zU5sSS1Q2qPGJL2DHPKnXYQcRPbVzMFvOkYI
+058ud8MztVQEpKBP2s3Ua8n7vHCEBsh0W7x+xbjIVjcGCV8m64Mm6pYdozmzfHRm
+qoEN98XsLyB/cbblBO1QpruCYZXDFf3OsfQq9lw+/m/RxESiAhFL0lBIBmgQVVFh
+rzNoilLge046sOo5HiGaJpiZbcM2Yjh3Lumoom+z+1p5FziL+gV1VFp3GF/y4Vr3
+AQ7HuAKIP0eO15jCDtYylmaNQM3ngd0/Wnd5YVIS+RHSVbE1/exXs/bRiyz5pjCl
+JPY4OtGYQ+mE6jycrbz+RGco20XPgjSyibjqm4a61FE9d5BrfJMqH2XTjpmNLpFD
+4xivB1aHy3CzCkxLaczQGLxOho3hibCK6P05xwQHwNgmmNqNuDazaASEdB9aUoDq
+WGux3OmUbDndOdL/UogaeqGurgQva81kUEHW7NXJLCRu4thr+OJhpAs3vdgXbiSL
+KhN1Mu4NGQynBPHcxMxcEUcZBCFZZPG55NQd/f5YAWXn2jxTZzZ+nw==
+-----END RSA PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/keys/dh1024.pem b/ANW-URB/openvpn/keys/dh1024.pem
new file mode 100644
index 0000000..4cc01c5
--- /dev/null
+++ b/ANW-URB/openvpn/keys/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAMnSQRsYjh/VIhYLr05WqaXvYrFnn8HmGo4D4p19C/qWLtSNi/zDB0eh
+M/ngjzWQuP/ew0IWuo2pRWsgUUUvHQH1gCzNDfi+AuT//a0kKQlnr6jwj/IlSQKq
+LrH/cdyEh74rjNCZTD6xN0xR3P991+w4r3vWXWzYo44+4swix9k7AgEC
+-----END DH PARAMETERS-----
diff --git a/ANW-URB/openvpn/keys/gw-ckubu.crt b/ANW-URB/openvpn/keys/gw-ckubu.crt
new file mode 100644
index 0000000..5320c64
--- /dev/null
+++ b/ANW-URB/openvpn/keys/gw-ckubu.crt
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Sep 18 00:00:05 2013 GMT
+            Not After : Sep 16 00:00:05 2023 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Netzwerk Services, CN=ANW-URB-VPN-gw-ckubu/name=Christoph Kuchenbuch/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:d7:02:6c:3b:15:f3:97:28:c0:5e:8d:24:ac:9a:
+                    9f:cd:11:f6:9d:5e:a5:5f:5d:3d:42:a5:de:b0:35:
+                    b5:d7:b1:e0:e0:f8:f3:29:53:7f:33:78:18:92:67:
+                    1c:aa:f9:16:48:5b:19:d3:cb:8d:d4:fe:1b:84:d9:
+                    e2:89:1a:85:5c:0b:93:c3:9d:6d:a8:4e:72:65:84:
+                    16:d6:02:6c:b0:0d:00:46:e3:06:15:54:bc:a8:84:
+                    80:f1:a9:93:b0:7a:a3:57:31:3a:9b:aa:29:9b:39:
+                    34:e2:64:df:4c:d5:3c:6c:c5:1c:3a:4b:26:ee:5e:
+                    58:e9:29:9b:42:ce:ef:90:5b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                5C:5B:7D:20:D6:16:C4:CD:E8:D8:F9:FF:86:B5:ED:8C:83:CF:90:C5
+            X509v3 Authority Key Identifier: 
+                keyid:D8:DF:4E:1D:32:12:1B:71:A6:34:C3:F0:FE:25:1A:62:FE:57:11:67
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+                serial:97:D2:DD:71:C9:58:DF:7F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         c3:95:2b:e3:f8:62:d2:5e:b8:02:bc:a9:11:f8:bb:f5:0a:04:
+         fe:a3:68:e7:c1:97:f0:44:77:c7:54:98:4a:dd:b9:df:76:4b:
+         2c:d5:4c:a1:9e:e6:da:5f:d0:e4:73:c1:63:6e:29:ef:3c:79:
+         82:0e:f1:59:ca:8d:41:aa:22:42:e6:e2:88:ba:00:91:b1:f6:
+         f5:15:03:db:72:ab:39:01:c7:ee:19:25:c1:fd:ff:5d:30:b2:
+         ff:76:70:e9:3b:4f:88:af:14:68:8b:63:e2:a6:9c:e6:05:0e:
+         eb:b9:9f:3d:04:2e:9f:34:c1:14:53:69:3e:5a:c3:2e:ab:8e:
+         12:72
+-----BEGIN CERTIFICATE-----
+MIIEDjCCA3egAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1VcmJh
+bi1WUE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEzMDkxODAw
+MDAwNVoXDTIzMDkxNjAwMDAwNVowgbkxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRowGAYDVQQL
+ExFOZXR6d2VyayBTZXJ2aWNlczEdMBsGA1UEAxMUQU5XLVVSQi1WUE4tZ3ctY2t1
+YnUxHTAbBgNVBCkTFENocmlzdG9waCBLdWNoZW5idWNoMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1wJs
+OxXzlyjAXo0krJqfzRH2nV6lX109QqXesDW117Hg4PjzKVN/M3gYkmccqvkWSFsZ
+08uN1P4bhNniiRqFXAuTw51tqE5yZYQW1gJssA0ARuMGFVS8qISA8amTsHqjVzE6
+m6opmzk04mTfTNU8bMUcOksm7l5Y6SmbQs7vkFsCAwEAAaOCAUkwggFFMAkGA1Ud
+EwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZp
+Y2F0ZTAdBgNVHQ4EFgQUXFt9INYWxM3o2Pn/hrXtjIPPkMUwgccGA1UdIwSBvzCB
+vIAU2N9OHTISG3GmNMPw/iUaYv5XEWehgZikgZUwgZIxCzAJBgNVBAYTAkRFMQ8w
+DQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVu
+MRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1BTlctVXJiYW4t
+VlBOMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJAJfS3XHJWN9/MBMG
+A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQUFAAOB
+gQDDlSvj+GLSXrgCvKkR+Lv1CgT+o2jnwZfwRHfHVJhK3bnfdkss1UyhnubaX9Dk
+c8FjbinvPHmCDvFZyo1BqiJC5uKIugCRsfb1FQPbcqs5AcfuGSXB/f9dMLL/dnDp
+O0+IrxRoi2PippzmBQ7ruZ89BC6fNMEUU2k+WsMuq44Scg==
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/keys/gw-ckubu.csr b/ANW-URB/openvpn/keys/gw-ckubu.csr
new file mode 100644
index 0000000..9f843c1
--- /dev/null
+++ b/ANW-URB/openvpn/keys/gw-ckubu.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB+jCCAWMCAQAwgbkxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRowGAYDVQQLExFOZXR6d2Vy
+ayBTZXJ2aWNlczEdMBsGA1UEAxMUQU5XLVVSQi1WUE4tZ3ctY2t1YnUxHTAbBgNV
+BCkTFENocmlzdG9waCBLdWNoZW5idWNoMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1wJsOxXzlyjAXo0k
+rJqfzRH2nV6lX109QqXesDW117Hg4PjzKVN/M3gYkmccqvkWSFsZ08uN1P4bhNni
+iRqFXAuTw51tqE5yZYQW1gJssA0ARuMGFVS8qISA8amTsHqjVzE6m6opmzk04mTf
+TNU8bMUcOksm7l5Y6SmbQs7vkFsCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBANL/
+u9Js7zeVzgCn2yz+RIiqWgVV2TiehC/FmRExuXtVf+5WTyQdu1Z8bS83ZxThAVzO
+Zyj59bJv7oQ4NYMNVe0SEB3qKawKiqjr/mv0qBhmerFYlY5XlMVfmdvNuxg15xXo
+8v1tGoV9bGb1vuoDUNvEPtG8nG53GoIfmbqg4YF/
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-URB/openvpn/keys/gw-ckubu.key b/ANW-URB/openvpn/keys/gw-ckubu.key
new file mode 100644
index 0000000..76b4ed1
--- /dev/null
+++ b/ANW-URB/openvpn/keys/gw-ckubu.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIciZPe4pZyPoCAggA
+MBQGCCqGSIb3DQMHBAilx1xBgz8S1wSCAoDBMXDwnWuOF66Yodm3A2D1Su9K+hVo
+5KfJeC0BmWDf1455kw/ZKiB7bdgUcgogJPpQgzjugGu04iugoC/KobocidD6NP7f
+ZkmT6UGPkFa+3xyr61rYBlKT9HqphAVRwUoNhNNbFG1h0oBIL9qjxuQCssL5qsne
+R9KN9VsYVDRloL5/RfmcozJ1mXeRQeBkDCiQWb7cCYSqzpXHD6Vf+Xabdb7KiEOp
+coIWoOLyX6JdlV47CN1bUVerZulyZfU+xaI1EyqDCiVR6uao7ggIrLEnnTj+3oYN
+0NK77BCAJBsMEvSa2ZJQUvKeAl8pHTZdD06ixZRFlroUbMYV3ns2BvlT/M2GT3Oz
+P55FxClNjnmST1+MB+Ak7rZxdSVXf6tJP7fyxWU/zeGqHFfhQS0soiJxsdu2+iAy
+/AW4d5eF7fDMNdtelQg9oNMu8DBqIEMt6iZtmEPMxXO18BWrOOuAcXNExjmX4YP5
+/WVKwpukfbizsCgA828Rmm6KlLaGcfwM4Q+msK9uQuLW1xrAjghS3KPgCFOnrRzV
+UCvZGaVAhdA8oSdigBJonQmC5KWjjd+MIHFUqHOz2CWdN2HPvn9DKUeZwUVqtyVZ
+LytntILVJ2CCLikf8iR2Q0YLCnA/Z0dA1+yy2OnSpFRv5qZ8alvn3sJ/RKCNnEVe
+5Y5mhfC/MFk2Ak7MaI66vW6WFFUWFzFqvpco2ItVF05mjN0QfQfwB0CllO5QzfCI
+xEwG4mcAgB7NceXHYh4mdX/nxDsmbkHSlWRKIE1SPuJzQPeolxKUcVr9O4UVHUya
+zL3PaQ4PZa1YeL01QrqeK/rgvirQbNqnNsr0diqNXiYPNGmIEW0Aln5u
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/keys/index.txt b/ANW-URB/openvpn/keys/index.txt
new file mode 100644
index 0000000..2b6bd86
--- /dev/null
+++ b/ANW-URB/openvpn/keys/index.txt
@@ -0,0 +1,4 @@
+V	180629231353Z		01	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN-server/emailAddress=argus@oopen.de
+V	180629231558Z		02	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN-undine/emailAddress=argus@oopen.de
+V	180629231700Z		03	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN-chris/emailAddress=argus@oopen.de
+V	230916000005Z		04	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Netzwerk Services/CN=ANW-URB-VPN-gw-ckubu/name=Christoph Kuchenbuch/emailAddress=argus@oopen.de
diff --git a/ANW-URB/openvpn/keys/index.txt.attr b/ANW-URB/openvpn/keys/index.txt.attr
new file mode 100644
index 0000000..3a7e39e
--- /dev/null
+++ b/ANW-URB/openvpn/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/ANW-URB/openvpn/keys/index.txt.attr.old b/ANW-URB/openvpn/keys/index.txt.attr.old
new file mode 100644
index 0000000..3a7e39e
--- /dev/null
+++ b/ANW-URB/openvpn/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/ANW-URB/openvpn/keys/index.txt.old b/ANW-URB/openvpn/keys/index.txt.old
new file mode 100644
index 0000000..ffffe6f
--- /dev/null
+++ b/ANW-URB/openvpn/keys/index.txt.old
@@ -0,0 +1,3 @@
+V	180629231353Z		01	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN-server/emailAddress=argus@oopen.de
+V	180629231558Z		02	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN-undine/emailAddress=argus@oopen.de
+V	180629231700Z		03	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN-chris/emailAddress=argus@oopen.de
diff --git a/ANW-URB/openvpn/keys/serial b/ANW-URB/openvpn/keys/serial
new file mode 100644
index 0000000..eeee65e
--- /dev/null
+++ b/ANW-URB/openvpn/keys/serial
@@ -0,0 +1 @@
+05
diff --git a/ANW-URB/openvpn/keys/serial.old b/ANW-URB/openvpn/keys/serial.old
new file mode 100644
index 0000000..6496923
--- /dev/null
+++ b/ANW-URB/openvpn/keys/serial.old
@@ -0,0 +1 @@
+04
diff --git a/ANW-URB/openvpn/keys/server.crt b/ANW-URB/openvpn/keys/server.crt
new file mode 100644
index 0000000..b8a81df
--- /dev/null
+++ b/ANW-URB/openvpn/keys/server.crt
@@ -0,0 +1,70 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 23:13:53 2008 GMT
+            Not After : Jun 29 23:13:53 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN-server/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d0:5b:9b:21:03:ec:db:17:cf:35:f5:5b:de:6b:
+                    a9:1a:69:cc:09:c8:6e:a2:4a:36:66:10:9b:00:2c:
+                    1a:bd:59:6f:0f:b8:35:22:8e:8e:b0:e4:07:94:6c:
+                    cd:7b:35:6a:3e:36:ff:28:eb:2a:78:3a:06:69:82:
+                    90:3f:8d:c9:7b:5b:b7:1d:f6:df:c0:65:ea:da:50:
+                    f9:6b:94:b2:94:89:5f:3c:75:a2:13:9c:37:6c:11:
+                    7f:c8:88:e6:73:3d:67:6e:27:98:33:82:ee:76:35:
+                    a6:f2:b5:f7:5f:a2:f2:b9:c7:90:e2:b1:d2:20:c6:
+                    ee:45:a0:34:27:a3:a8:d3:f1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                OpenSSL Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                38:93:19:84:8B:74:C0:F1:0C:C9:19:EF:68:80:99:CE:07:FD:97:07
+            X509v3 Authority Key Identifier: 
+                keyid:D8:DF:4E:1D:32:12:1B:71:A6:34:C3:F0:FE:25:1A:62:FE:57:11:67
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+                serial:97:D2:DD:71:C9:58:DF:7F
+
+    Signature Algorithm: md5WithRSAEncryption
+        2c:ee:2e:ff:76:a8:c1:37:71:19:f8:7c:86:68:56:55:03:18:
+        48:94:7b:3b:ad:6e:30:16:7d:ef:14:15:94:5b:48:7d:78:2b:
+        04:66:38:c9:1a:64:7b:df:aa:ab:95:24:9c:3f:53:3c:3c:03:
+        c1:21:4a:00:18:d7:db:6d:45:79:ea:cf:5e:2f:bf:a2:8f:b6:
+        33:45:02:a7:86:e7:17:35:72:30:ba:01:07:e1:16:57:8f:ca:
+        00:5d:7d:27:39:27:e3:25:d2:06:37:52:d4:41:9c:92:1e:05:
+        09:8b:4e:06:d8:9c:0e:6e:1b:5b:1c:cb:f4:99:a6:5d:c5:7d:
+        d5:94
+-----BEGIN CERTIFICATE-----
+MIID1DCCAz2gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1VcmJh
+bi1WUE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDcwMTIz
+MTM1M1oXDTE4MDYyOTIzMTM1M1owgYgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNl
+czEdMBsGA1UEAxMUQU5XLVVyYmFuLVZQTi1zZXJ2ZXIxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQW5sh
+A+zbF8819Vvea6kaacwJyG6iSjZmEJsALBq9WW8PuDUijo6w5AeUbM17NWo+Nv8o
+6yp4OgZpgpA/jcl7W7cd9t/AZeraUPlrlLKUiV88daITnDdsEX/IiOZzPWduJ5gz
+gu52NabytfdfovK5x5DisdIgxu5FoDQno6jT8QIDAQABo4IBQDCCATwwCQYDVR0T
+BAIwADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wg
+R2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUOJMZhIt0wPEM
+yRnvaICZzgf9lwcwgccGA1UdIwSBvzCBvIAU2N9OHTISG3GmNMPw/iUaYv5XEWeh
+gZikgZUwgZIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
+BkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZp
+Y2VzMRYwFAYDVQQDEw1BTlctVXJiYW4tVlBOMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZYIJAJfS3XHJWN9/MA0GCSqGSIb3DQEBBAUAA4GBACzuLv92qME3
+cRn4fIZoVlUDGEiUezutbjAWfe8UFZRbSH14KwRmOMkaZHvfqquVJJw/Uzw8A8Eh
+SgAY19ttRXnqz14vv6KPtjNFAqeG5xc1cjC6AQfhFlePygBdfSc5J+Ml0gY3UtRB
+nJIeBQmLTgbYnA5uG1scy/SZpl3FfdWU
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/keys/server.csr b/ANW-URB/openvpn/keys/server.csr
new file mode 100644
index 0000000..dabaa7d
--- /dev/null
+++ b/ANW-URB/openvpn/keys/server.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB2jCCAUMCAQAwgZkxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMR0wGwYDVQQDExRBTlctVXJiYW4tVlBOLXNlcnZlcjEdMBsGCSqG
+SIb3DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBANBbmyED7NsXzzX1W95rqRppzAnIbqJKNmYQmwAsGr1Zbw+4NSKOjrDkB5Rs
+zXs1aj42/yjrKng6BmmCkD+NyXtbtx3238Bl6tpQ+WuUspSJXzx1ohOcN2wRf8iI
+5nM9Z24nmDOC7nY1pvK191+i8rnHkOKx0iDG7kWgNCejqNPxAgMBAAGgADANBgkq
+hkiG9w0BAQUFAAOBgQDKK0jgo8ch23m7+RtGeApD51hcNUmFFpdIk+uH9mRZGDIq
+cF2XDqXTt8criP+HzRDl1LxdXLvrfC0/qNzOJTfbWeyuW7cCWXURZJGhFeM4I+Fk
+0BQcXJK3J2+AUyVyScVZXuu7lV33ncIrtouQWkieOwRo1swl/W+I4nHMOZVKpw==
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-URB/openvpn/keys/server.key b/ANW-URB/openvpn/keys/server.key
new file mode 100644
index 0000000..db0951f
--- /dev/null
+++ b/ANW-URB/openvpn/keys/server.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDQW5shA+zbF8819Vvea6kaacwJyG6iSjZmEJsALBq9WW8PuDUi
+jo6w5AeUbM17NWo+Nv8o6yp4OgZpgpA/jcl7W7cd9t/AZeraUPlrlLKUiV88daIT
+nDdsEX/IiOZzPWduJ5gzgu52NabytfdfovK5x5DisdIgxu5FoDQno6jT8QIDAQAB
+AoGAMfIjp7BnMMXuWALu+MxaBwjhbl7rll+v1puYbFwmNMmhg+UmZ5hAwEqJPp0u
+TKCrTSql08s7rQJL0zMHHRUB/O8/+dtycmASyqvWszmyGCFm9nHnLFbs10dmqtcQ
+ijXnly7FIW10b2tbNgwU7QOB/86SQHMAhAIIE1o87QuvyiECQQD0tUXOk38fkdWg
+zQjlA21GkaGt5x2GjluQU6kiMoLSy6SrbfNUXDaN9DV2HpdxV9q6x26BGT+94oA1
+Zbwsmuf9AkEA2fjt1vJOue2N+4iI4Em74f2tqy/kjJjlamzHWHAx4kjse0etSTuT
+Yk1kUiWc8FeEeJiVceujj3LdmCsFiz88BQJBAJGCgQH3Xu4sz7UQdquHQCFoU5WP
+ClWKrRPDS51UH8qs4Tw24yxUsPP0NR4Jzs/NB/lswV7u3qJQ3x/hYOW9LxkCQAM+
+J9Ot0SwE87rNQjQMBMaM7puAX+cTkz4tFh4jtSpHqXUAEPzo7P1mZ1qtgpM0yhy9
+MGP8fHdy3wcXhMKYkz0CQQDnarfxAj7shImn6DuLCGCzNmERohp8ZGQfqyjwoBPm
+Z/vUcw7DXvWcMKZeveWbwonwJlceGjn0l8Y8wLhpTWlH
+-----END RSA PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/keys/ta.key b/ANW-URB/openvpn/keys/ta.key
new file mode 100644
index 0000000..738f418
--- /dev/null
+++ b/ANW-URB/openvpn/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e19230da99dc39d3169c1a77dde7ad76
+8831a21b862a03aed5db8332bff9177a
+14ede9e8e89da3d4da92a5419006adaa
+b61c895a2445fe8a8fc15ec250f1dd53
+07860a266aa331691b89b129819ba7e0
+18731572474ad3a4e87accaf7e74010b
+6b28aaf82be7a726558b1cda354888af
+a574d1fb1bd0e86a16c0bf635a3f4ede
+cd156415a01cd62617abf1eda6c38585
+df9b9e8e831ce3e645ee0ea6fc1f2c27
+1c381080d87697462c4eb69c100a099e
+902a5423692b0ec0598a165e65da298e
+bd72f0f00216b026b6a2fc3f1a6ada6e
+db76051b9d055307f0e02f11c8b16419
+b246546fe5023afd1ca2b7328c69cf47
+d48f9015f5c5655dd899736d78bd7614
+-----END OpenVPN Static key V1-----
diff --git a/ANW-URB/openvpn/keys/undine.crt b/ANW-URB/openvpn/keys/undine.crt
new file mode 100644
index 0000000..99e2b13
--- /dev/null
+++ b/ANW-URB/openvpn/keys/undine.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  1 23:15:58 2008 GMT
+            Not After : Jun 29 23:15:58 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN-undine/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c8:62:7d:b2:40:a2:db:94:db:5a:e6:21:70:a5:
+                    c9:a6:9e:72:5e:ec:a3:6e:ff:94:f1:cc:86:20:0f:
+                    73:f5:0d:12:9a:f8:3a:8a:9c:d9:71:fc:37:e3:bf:
+                    5b:c6:a3:70:b6:c8:c9:37:a4:b1:74:91:77:f2:6e:
+                    33:bf:fd:76:89:ee:34:f8:2b:3b:e9:02:03:c3:70:
+                    56:6d:f7:7a:e6:a6:9a:85:5d:c4:5f:27:90:2c:f4:
+                    b9:64:86:f4:75:c4:8e:02:04:18:6d:5a:9d:e7:64:
+                    fd:5e:af:7f:24:f7:a4:2b:f0:03:41:0f:3c:fb:26:
+                    38:66:34:8b:d7:9e:1f:0b:a5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                C8:0A:A1:82:F7:2E:F1:96:D2:2C:61:D9:B2:09:0C:6E:FF:08:DB:78
+            X509v3 Authority Key Identifier: 
+                keyid:D8:DF:4E:1D:32:12:1B:71:A6:34:C3:F0:FE:25:1A:62:FE:57:11:67
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+                serial:97:D2:DD:71:C9:58:DF:7F
+
+    Signature Algorithm: md5WithRSAEncryption
+        50:0e:8c:69:68:3a:4f:80:85:62:1f:d9:17:c1:af:f0:12:e3:
+        12:b8:63:52:d8:b6:bb:34:e2:c5:bc:88:a5:a0:eb:fd:1f:62:
+        32:6c:da:d7:c4:1d:75:e7:97:4f:92:d6:9c:a4:24:5f:f4:4c:
+        22:ce:87:3f:6a:d8:2f:90:2c:56:b5:91:ec:6a:bb:af:95:3d:
+        84:64:01:8b:9f:64:55:80:e1:2c:08:de:1f:d6:3d:d8:25:84:
+        fd:80:36:fc:b9:cf:ee:83:31:97:0f:72:2d:8e:a5:a7:0f:90:
+        0c:c6:5f:fb:75:a2:ca:75:81:ca:78:a1:9e:92:4a:72:a5:54:
+        b5:78
+-----BEGIN CERTIFICATE-----
+MIIDujCCAyOgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1VcmJh
+bi1WUE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDcwMTIz
+MTU1OFoXDTE4MDYyOTIzMTU1OFowgYgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNl
+czEdMBsGA1UEAxMUQU5XLVVyYmFuLVZQTi11bmRpbmUxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIYn2y
+QKLblNta5iFwpcmmnnJe7KNu/5TxzIYgD3P1DRKa+DqKnNlx/Dfjv1vGo3C2yMk3
+pLF0kXfybjO//XaJ7jT4KzvpAgPDcFZt93rmppqFXcRfJ5As9LlkhvR1xI4CBBht
+Wp3nZP1er38k96Qr8ANBDzz7JjhmNIvXnh8LpQIDAQABo4IBJjCCASIwCQYDVR0T
+BAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNh
+dGUwHQYDVR0OBBYEFMgKoYL3LvGW0ixh2bIJDG7/CNt4MIHHBgNVHSMEgb8wgbyA
+FNjfTh0yEhtxpjTD8P4lGmL+VxFnoYGYpIGVMIGSMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
+MBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEWMBQGA1UEAxMNQU5XLVVyYmFuLVZQ
+TjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCX0t1xyVjffzANBgkq
+hkiG9w0BAQQFAAOBgQBQDoxpaDpPgIViH9kXwa/wEuMSuGNS2La7NOLFvIiloOv9
+H2IybNrXxB1155dPktacpCRf9Ewizoc/atgvkCxWtZHsaruvlT2EZAGLn2RVgOEs
+CN4f1j3YJYT9gDb8uc/ugzGXD3ItjqWnD5AMxl/7daLKdYHKeKGekkpypVS1eA==
+-----END CERTIFICATE-----
diff --git a/ANW-URB/openvpn/keys/undine.csr b/ANW-URB/openvpn/keys/undine.csr
new file mode 100644
index 0000000..a635136
--- /dev/null
+++ b/ANW-URB/openvpn/keys/undine.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB2jCCAUMCAQAwgZkxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMR0wGwYDVQQDExRBTlctVXJiYW4tVlBOLXVuZGluZTEdMBsGCSqG
+SIb3DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAMhifbJAotuU21rmIXClyaaecl7so27/lPHMhiAPc/UNEpr4Ooqc2XH8N+O/
+W8ajcLbIyTeksXSRd/JuM7/9donuNPgrO+kCA8NwVm33euammoVdxF8nkCz0uWSG
+9HXEjgIEGG1anedk/V6vfyT3pCvwA0EPPPsmOGY0i9eeHwulAgMBAAGgADANBgkq
+hkiG9w0BAQUFAAOBgQBzkf1LnqcmJvJAX9UYyeEhqa378SexpiKBrTitVQ6NKK5Z
+9VpCpVVE1exKAcn8xa+6Q29ZGjKkJ3ZlryXWn1692evqB9w3XAmcbxcmRHKaC2f0
+I8xFhrH3aUwtjmjNO2E/hI+oGWe44Y+rOcpVeKZ8i59FkxBbwLwbrwwRmlvnkw==
+-----END CERTIFICATE REQUEST-----
diff --git a/ANW-URB/openvpn/keys/undine.key b/ANW-URB/openvpn/keys/undine.key
new file mode 100644
index 0000000..a008ad3
--- /dev/null
+++ b/ANW-URB/openvpn/keys/undine.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6B5570B96C2E6CDD
+
+GFZwd1yrveHBtUnUqN5c28CuS7F/TFCt3dc/OpxOwuNH/xsdTHHpC78Zb/O+Hg9Y
+DvwEd+i1HCHDeY46as4+fGFjMMNlWICBzywsV+2KmLCteSG2O++qa+i0f8aqpT3q
+X/mXKHtuOP1groyMhKF3oYYaNDgGGfIsVs0WXgAzEzV591AckqFhMn0eUM8flhhC
+hkdV3fFtvbBiHBm0x7a7PCmP0aqkrzp3y8FaeP+phBQD0780Zv92zu6DmkMc5b/6
+gRdfee3wUod818LZscAeSUdQwvEjb37ADYkyJnmoPKiw/FrQ8UpOtU4NzvODuy26
+ouJKKvz7MKyRucvo6+dtP5ifKbRilI9PYWpcXkP+3OJzBufw8lC5lHbEQc22Duum
+2jKjFw26DWjWEreflvHafWfSt6cX6S4ZpsG+YsYbA07UNWbdfwVDAEdsy190jiwV
+AUwS2hWiK7xk6FSzPPAha8Gwe9AXLfUiHvueBGJje6YUGH5h7yyJxB68UHHGGjPI
++jIqw08VZb3JyOadqvuZUqfaRT8vXlHzkjFu32eDHgiYcLcD86LD4lsuvh51WHjM
+EKvqsffrQvoarOmMOsePUMuo0Kxed5GOoFMKhIzlpR5qDT7inIG6kibKlS10ppJ9
+k7PBGnuysQIEP7PQYFwKVe8296jxfJQSK/7qhqN0vgfDS/eOzgS0Q/lTzCh4cBom
+54+RSJD4gKmPgq+jYM5fPtmr0cGzyHo0ya/7Ov7BdD/oS9vEKvBjpMbkYvk1fOba
+5CbdIso1u0mAQWPv4G8S9SJV5FiZvrcW4GzaBE9netO0evXb/iwfEw==
+-----END RSA PRIVATE KEY-----
diff --git a/ANW-URB/openvpn/server-gw-ckubu.conf b/ANW-URB/openvpn/server-gw-ckubu.conf
new file mode 100644
index 0000000..1294747
--- /dev/null
+++ b/ANW-URB/openvpn/server-gw-ckubu.conf
@@ -0,0 +1,301 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1195
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+route 192.168.63.0 255.255.255.0 10.1.132.1
+route 192.168.64.0 255.255.255.0 10.1.132.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca keys/ca.crt
+cert keys/server.crt
+key keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys. 
+dh keys/dh1024.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.1.132.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 192.168.23.0 255.255.255.0"
+;push "route 192.168.82.0 255.255.255.0"
+;push "route 192.168.132.0 255.255.255.0"
+;push "route 192.168.133.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+client-config-dir /etc/openvpn/ccd/server-gw-ckubu
+;route 192.168.40.128 255.255.255.248
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option DNS 10.8.0.1"
+;push "dhcp-option WINS 10.8.0.1"
+;push "dhcp-option DNS 192.168.132.1"
+;push "dhcp-option DOMAIN anwaeltinnen.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+status /var/log/openvpn/status-server-gw-ckubu.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+log         /var/log/openvpn/server-gw-ckubu.log
+;log-append  openvpn.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+#crl-verify /etc/openvpn/keys/crl.pem
diff --git a/ANW-URB/openvpn/server-home.conf b/ANW-URB/openvpn/server-home.conf
new file mode 100644
index 0000000..94cb881
--- /dev/null
+++ b/ANW-URB/openvpn/server-home.conf
@@ -0,0 +1,302 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+#route 192.168.63.0 255.255.255.0 10.0.132.1
+#route 192.168.64.0 255.255.255.0 10.0.132.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca keys/ca.crt
+cert keys/server.crt
+key keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys. 
+dh keys/dh1024.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.0.132.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+push "route 192.168.132.0 255.255.255.0"
+push "route 192.168.133.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir ccd/server-home
+
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir ccd
+;route 192.168.40.128 255.255.255.248
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option DNS 10.8.0.1"
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.132.1"
+push "dhcp-option DOMAIN anwaeltinnen.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-home.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-home.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+#crl-verify /etc/openvpn/keys/crl.pem
diff --git a/ANW-URB/openvpn/server.conf.20130918 b/ANW-URB/openvpn/server.conf.20130918
new file mode 100644
index 0000000..14eeca3
--- /dev/null
+++ b/ANW-URB/openvpn/server.conf.20130918
@@ -0,0 +1,294 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca keys/ca.crt
+cert keys/server.crt
+key keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys. 
+dh keys/dh1024.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.0.82.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 192.168.23.0 255.255.255.0"
+;push "route 192.168.82.0 255.255.255.0"
+push "route 192.168.1.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+client-config-dir ccd
+;route 192.168.40.128 255.255.255.248
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option DNS 10.8.0.1"
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.1.1"
+push "dhcp-option DOMAIN anwaeltinnen.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+status openvpn-status.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+log         /var/log/openvpn/openvpn.log
+;log-append  openvpn.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
diff --git a/ANW-URB/openvpn/update-resolv-conf b/ANW-URB/openvpn/update-resolv-conf
new file mode 100755
index 0000000..8306380
--- /dev/null
+++ b/ANW-URB/openvpn/update-resolv-conf
@@ -0,0 +1,54 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk> 
+# and Chris Hanson
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+#
+# 05/2006 chlauber@bnc.ch
+# 
+# Example envs set from openvpn:
+# foreign_option_1='dhcp-option DNS 193.43.27.132'
+# foreign_option_2='dhcp-option DNS 193.43.27.133'
+# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+
+[ -x /sbin/resolvconf ] || exit 0
+
+case $script_type in
+
+up)
+	for optionname in ${!foreign_option_*} ; do
+		option="${!optionname}"
+		echo $option
+		part1=$(echo "$option" | cut -d " " -f 1)
+		if [ "$part1" == "dhcp-option" ] ; then
+			part2=$(echo "$option" | cut -d " " -f 2)
+			part3=$(echo "$option" | cut -d " " -f 3)
+			if [ "$part2" == "DNS" ] ; then
+				IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
+			fi
+			if [ "$part2" == "DOMAIN" ] ; then
+				IF_DNS_SEARCH="$part3"
+			fi
+		fi
+	done
+	R=""
+	if [ "$IF_DNS_SEARCH" ] ; then
+        	R="${R}search $IF_DNS_SEARCH
+"
+	fi
+	for NS in $IF_DNS_NAMESERVERS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.inet"
+	;;
+down)
+	/sbin/resolvconf -d "${dev}.inet"
+	;;
+esac
+
diff --git a/ANW-URB/pap-secrets.ANW-URB b/ANW-URB/pap-secrets.ANW-URB
new file mode 100644
index 0000000..9d768b1
--- /dev/null
+++ b/ANW-URB/pap-secrets.ANW-URB
@@ -0,0 +1,44 @@
+#
+# /etc/ppp/pap-secrets
+#
+# This is a pap-secrets file to be used with the AUTO_PPP function of
+# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
+# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
+# after a user has passed this file. Don't be disturbed therefore by the fact
+# that this file defines logins with any password for users. /etc/passwd
+# (again, /etc/shadow, too) will catch passwd mismatches.
+#
+# This file should block ALL users that should not be able to do AUTO_PPP.
+# AUTO_PPP bypasses the usual login program so it's necessary to list all
+# system userids with regular passwords here.
+#
+# ATTENTION: The definitions here can allow users to login without a
+# password if you don't use the login option of pppd! The mgetty Debian
+# package already provides this option; make sure you don't change that.
+
+# INBOUND connections
+
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+*	hostname	""	*
+
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd!
+guest	hostname	"*"	-
+master	hostname	"*"	-
+root	hostname	"*"	-
+support	hostname	"*"	-
+stats	hostname	"*"	-
+
+# OUTBOUND connections
+
+# Here you should add your userid password to connect to your providers via
+# PAP. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+
+#	*	password
+
+## - Anwaltskanzlei - Urbanstrasse (anw-urb)
+"0019673090265502751343110001@t-online.de" * "85593499"
diff --git a/ANW-URB/peers/dsl-provider b/ANW-URB/peers/dsl-provider
new file mode 100644
index 0000000..3112648
--- /dev/null
+++ b/ANW-URB/peers/dsl-provider
@@ -0,0 +1,22 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+plugin rp-pppoe.so eth2.7
+## -  first line 
+## -
+user "0019673090265502751343110001@t-online.de"
+## - second line
+## -
+#user "0012047971635502977079530001@t-online.de"
+#usepeerdns
diff --git a/ANW-URB/peers/dsl-provider.ADSL b/ANW-URB/peers/dsl-provider.ADSL
new file mode 100644
index 0000000..3e75cd4
--- /dev/null
+++ b/ANW-URB/peers/dsl-provider.ADSL
@@ -0,0 +1,22 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+plugin rp-pppoe.so eth2
+## -  first line 
+## -
+user "0019673090265502751343110001@t-online.de"
+## - second line
+## -
+#user "0012047971635502977079530001@t-online.de"
+#usepeerdns
diff --git a/ANW-URB/peers/dsl-provider.VDSL b/ANW-URB/peers/dsl-provider.VDSL
new file mode 100644
index 0000000..3112648
--- /dev/null
+++ b/ANW-URB/peers/dsl-provider.VDSL
@@ -0,0 +1,22 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+plugin rp-pppoe.so eth2.7
+## -  first line 
+## -
+user "0019673090265502751343110001@t-online.de"
+## - second line
+## -
+#user "0012047971635502977079530001@t-online.de"
+#usepeerdns
diff --git a/ANW-URB/peers/provider b/ANW-URB/peers/provider
new file mode 100644
index 0000000..e74d71a
--- /dev/null
+++ b/ANW-URB/peers/provider
@@ -0,0 +1,35 @@
+# example configuration for a dialup connection authenticated with PAP or CHAP
+#
+# This is the default configuration used by pon(1) and poff(1).
+# See the manual page pppd(8) for information on all the options.
+
+# MUST CHANGE: replace myusername@realm with the PPP login name given to
+# your by your provider.
+# There should be a matching entry with the password in /etc/ppp/pap-secrets
+# and/or /etc/ppp/chap-secrets.
+user "myusername@realm"
+
+# MUST CHANGE: replace ******** with the phone number of your provider.
+# The /etc/chatscripts/pap chat script may be modified to change the
+# modem initialization string.
+connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
+
+# Serial device to which the modem is connected.
+/dev/modem
+
+# Speed of the serial line.
+115200
+
+# Assumes that your IP address is allocated dynamically by the ISP.
+noipdefault
+# Try to get the name server addresses from the ISP.
+usepeerdns
+# Use this connection as the default route.
+defaultroute
+
+# Makes pppd "dial again" when the connection is lost.
+persist
+
+# Do not ask the remote to authenticate.
+noauth
+
diff --git a/ANW-URB/rc.local.ANW-URB b/ANW-URB/rc.local.ANW-URB
new file mode 100644
index 0000000..c4c1311
--- /dev/null
+++ b/ANW-URB/rc.local.ANW-URB
@@ -0,0 +1,12 @@
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+
+exit 0
diff --git a/ANW-URB/resolv.conf.ANW-URB b/ANW-URB/resolv.conf.ANW-URB
new file mode 100644
index 0000000..b76c390
--- /dev/null
+++ b/ANW-URB/resolv.conf.ANW-URB
@@ -0,0 +1,4 @@
+domain anwaeltinnen.netz
+search anwaeltinnen.netz
+#nameserver 188.40.47.40
+nameserver 127.0.0.1
diff --git a/ANW-URB/sasl_passwd.ANW-URB b/ANW-URB/sasl_passwd.ANW-URB
new file mode 100644
index 0000000..44b171b
--- /dev/null
+++ b/ANW-URB/sasl_passwd.ANW-URB
@@ -0,0 +1 @@
+[b.mx.oopen.de] anw-urb@b.mx.oopen.de:OhPie2aethei
diff --git a/ANW-URB/sasl_passwd.db.ANW-URB b/ANW-URB/sasl_passwd.db.ANW-URB
new file mode 100644
index 0000000..04b9ccc
Binary files /dev/null and b/ANW-URB/sasl_passwd.db.ANW-URB differ
diff --git a/ANW-URB/sbin/disk-action b/ANW-URB/sbin/disk-action
new file mode 100755
index 0000000..079f1e7
--- /dev/null
+++ b/ANW-URB/sbin/disk-action
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+BASENAME="${0##*/}"
+ACTION="$1"
+MOUNT_POINT="$2"
+
+transmission_try_start() {
+    . /etc/default/transmission-daemon
+    if [ $(expr "${BASE_DIR}/" : "${MOUNT_POINT}/") -gt 0 ]; then
+	sed -r 's/^ENABLE_DAEMON=.*$/ENABLE_DAEMON=1/' < /etc/default/transmission-daemon > /tmp/.transmission-daemon.$$
+	cat /tmp/.transmission-daemon.$$ > /etc/default/transmission-daemon
+	rm  /tmp/.transmission-daemon.$$
+	if [ "$(pidof transmission-daemon)" != "" ]; then
+	    killall -9 transmission-daemon 2>&1 >/dev/null
+	    sleep 1
+	fi
+	xMASK=$(umask); umask 0000
+	[ ! -d "${BASE_DIR}"     ] && mkdir -p "${BASE_DIR}"
+	[ ! -d "${CONFIG_DIR}"   ] && mkdir -p "${CONFIG_DIR}"
+	[ ! -d "${DOWNLOAD_DIR}" ] && mkdir -p "${DOWNLOAD_DIR}"
+	[ ! -d "${WATCH_DIR}"    ] && mkdir -p "${WATCH_DIR}"
+	[ ! -f "${CONFIG_DIR}/settings.json" ] && cp "/var/lib/transmission/settings.json.template" "${CONFIG_DIR}/settings.json" 
+	umask ${xMASK}
+	/etc/init.d/transmission-daemon start 2>&1 >/dev/null
+    fi
+}
+
+transmission_try_stop() {
+    . /etc/default/transmission-daemon
+    if [ $(expr "${BASE_DIR}/" : "${MOUNT_POINT}/") -gt 0 ]; then
+	sed -r 's/^ENABLE_DAEMON=.*$/ENABLE_DAEMON=0/' < /etc/default/transmission-daemon > /tmp/.transmission-daemon.$$
+	cat /tmp/.transmission-daemon.$$ > /etc/default/transmission-daemon
+	rm  /tmp/.transmission-daemon.$$
+	if [ "$(pidof transmission-daemon)" != "" ]; then
+	    killall -9 transmission-daemon 2>&1 >/dev/null
+	fi
+    fi
+}
+
+logger -t $BASENAME "$@ --> BEGIN"
+
+case "$1" in
+    add)
+	transmission_try_start
+    ;;
+    remove)
+	transmission_try_stop
+    ;;
+    *)
+	echo "Use: $0 (add|remove) /mount/point"
+esac
+
+logger -t $BASENAME "$@ --> END"
diff --git a/ANW-URB/sbin/ipt-firewall-gateway b/ANW-URB/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..5be1a57
--- /dev/null
+++ b/ANW-URB/sbin/ipt-firewall-gateway
@@ -0,0 +1,3947 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/ANW-URB/sbin/rebind b/ANW-URB/sbin/rebind
new file mode 100755
index 0000000..0661cae
--- /dev/null
+++ b/ANW-URB/sbin/rebind
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+case "$1" in
+	on)
+		set -x
+		mount --bind /proc    /ro/proc
+		mount --bind /sys     /ro/sys
+		mount --bind /dev     /ro/dev
+		mount --bind /dev/pts /ro/dev/pts
+	;;
+	off)
+		set -x
+		umount /ro/dev/pts
+		umount /ro/dev
+		umount /ro/sys
+		umount /ro/proc
+	;;
+	*)
+		echo "Use: $0 (on|off)"
+esac
diff --git a/ANW-URB/sbin/synctime b/ANW-URB/sbin/synctime
new file mode 100755
index 0000000..b623feb
--- /dev/null
+++ b/ANW-URB/sbin/synctime
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+NOW=$(date +%s)
+INTERVAL=$[ 8 * 60 * 60 ]  # 8 hs
+CONTROL=/tmp/.lastSyncTime
+
+sync_time() {
+    ntpdate-debian -s  || exit 1
+    hwclock --systohc  || exit 1
+    touch ${CONTROL}
+}
+
+[ ! -f ${CONTROL} ] && sync_time && exit 0
+
+SYNCRONIZED=$(stat -c %Y ${CONTROL})
+SECONDS=$[ ${NOW} - ${SYNCRONIZED} ]
+
+[ ${SECONDS} -gt ${INTERVAL} ] && sync_time && exit 0
+[ ${SECONDS} -lt 0           ] && sync_time && exit 0
+
+exit 0
diff --git a/ANW-URB/sbin/tmpsize b/ANW-URB/sbin/tmpsize
new file mode 100755
index 0000000..40cfab3
--- /dev/null
+++ b/ANW-URB/sbin/tmpsize
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+mount -t tmpfs | cut -d' ' -f3 | \
+while read MOUNT_POINT; do
+    mount -o remount,size=30M ${MOUNT_POINT}
+done
diff --git a/ANW-URB/sbin/usb-leds-on-off b/ANW-URB/sbin/usb-leds-on-off
new file mode 100755
index 0000000..0deba49
--- /dev/null
+++ b/ANW-URB/sbin/usb-leds-on-off
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+[ -e "/sys/class/leds/alix:${2}/brightness"  ] && {
+	/bin/echo ${1} > "/sys/class/leds/alix:${2}/brightness"
+}
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1.tar.gz b/ANW-URB/src/igmpproxy/igmpproxy-0.1.tar.gz
new file mode 100644
index 0000000..c429f21
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1.tar.gz differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/AUTHORS b/ANW-URB/src/igmpproxy/igmpproxy-0.1/AUTHORS
new file mode 100644
index 0000000..7023323
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/AUTHORS
@@ -0,0 +1,9 @@
+Authors and contributors, in alphabetical order: 
+
+Alexey Charkov <alchark@gmail.com>
+Christian Ruppert <idl0r@gentoo.org>
+Conrad Kostecki <ConiKost@gmx.de>
+Constantin Baranov <const@mimas.ru>
+Damjan Cvetko <zobo@users.sourceforge.net>
+Johnny Egeland <johnnyege@users.sourceforge.net>
+Martin Djernaes <djernaes@users.sourceforge.net>
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/COPYING b/ANW-URB/src/igmpproxy/igmpproxy-0.1/COPYING
new file mode 100644
index 0000000..3d11e36
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/COPYING
@@ -0,0 +1,28 @@
+igmpproxy - IGMP proxy based multicast router 
+Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+This software is derived work from the following software. The original
+source code has been modified from it's original state by the author
+of igmpproxy.
+
+smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+- Licensed under the GNU General Public License, version 2
+
+mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+Leland Stanford Junior University.
+- Original license can be found in the Stanford.txt file.
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/ChangeLog b/ANW-URB/src/igmpproxy/igmpproxy-0.1/ChangeLog
new file mode 100644
index 0000000..e8461bb
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/ChangeLog
@@ -0,0 +1,317 @@
+commit 0e8e7fde2d68f9ea9b5095c24231024be281393c
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Oct 5 21:31:42 2009 +0500
+
+    Release 0.1
+
+commit 68ba90446e02825073b779bd0628c4f34833665d
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu Oct 1 00:09:38 2009 +0500
+
+    Fix building on FreeBSD 8.0 (wrt #2870461)
+    
+    Several IGMP_* macroses was deprecated in r189347/v800069 and
+    removed in r193938/v800098. Redefine them if needed.
+
+commit 74c2e1aa414f33585562d6783a3290ac63ee6c69
+Author: Martin Djernaes <djernaes@users.sourceforge.net>
+Date:   Sun Sep 6 16:41:22 2009 +0500
+
+    Fix netmask detection on interfaces with multiple addresses
+    
+    When having multiple IP addresses on an interface the netmask retrieved for
+    each IP address is not correct. The reason is that ioctrl for
+    SIOCGIFNETMASK will just provide the first netmask when no IP address is
+    provided in the call.
+
+commit 64144607195b779396a49179518aade24707cbbc
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Sep 4 01:38:27 2009 +0500
+
+    Generate ChangeLog and AUTHORS by Git
+
+commit 94dd711318384e7b121924db0177a65b2fc38471
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Aug 16 19:45:04 2009 +0500
+
+    Release 0.1 beta5
+
+commit 3ac424f82ab9f281dd3a0bfccbc92352bd5512c0
+Author: Damjan Cvetko <zobo@users.sourceforge.net>
+Date:   Sun Aug 16 19:28:30 2009 +0500
+
+    Improve getIfByAddress() function (wrt #2835052)
+    
+    getIfByAddress does not find the best iterface in case of overlaping
+    networks. This patchs scans through all interfaces (and networks) and picks
+    the one with the longest subnet.
+
+commit 8ca5a29b56390020f27d4106643cd623cdb12bb2
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Aug 16 18:37:58 2009 +0500
+
+    Fix nextConfigToken() function (wrt #2838154)
+    
+    The nextConfigToken() returns NULL when EOF reached even if token
+    was read already. This results in loss of last token in file usually.
+    Let it return unterminated token if it is non-empty already.
+
+commit 954674bc4ec6a689b1de2f2a2766e993df1e2705
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:14:56 2009 +0500
+
+    Release 0.1 beta4
+
+commit a7908b855ecb6959ea08ef3b374ff2aca9939cf0
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:10:35 2009 +0500
+
+    Update README etc.
+
+commit 62fa19975ff4daa8e31a9b07bf33ddc8cd0129f8
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:06:44 2009 +0500
+
+    State licenses in the COPYING
+
+commit 3ac3ae462ca35ec7f1f22d968bf4fab0807d636f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 10 05:01:21 2009 +0500
+
+    Remove pointless backslashes in configure.ac
+
+commit 3c4118949b6a19b384b08e171a5294b0ea307e08
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 10 02:19:30 2009 +0500
+
+    Replace bzero() with memset()
+
+commit ee07cb5bfd2514503d0564d2aee0656203d9a91e
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 02:09:28 2009 +0500
+
+    Remove redundant #include
+
+commit 56e37ad6ba0c6aade86c1407ea55abb8b445d119
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 02:00:03 2009 +0500
+
+    Add DragonFly BSD support
+
+commit eccefd205c3fb326b6ae1b79676238fc349f8be8
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 01:57:07 2009 +0500
+
+    Add missed format argument in acceptLeaveMessage()
+
+commit 16c55bd5ab6a9608099252fa320ddbc0a05fca0a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Wed May 6 01:29:04 2009 +0500
+
+    Avoid inclusion if linux/in.h (wrt #2787118)
+    
+    The linux/in.h header conflicts with the netinet/in.h header in
+    certain Linux distributions. So let's ensure that linux/in.h will
+    never be included neither directly nor from linux/mroute.h.
+
+commit e01624e123c5a24310a4fb7f70ab6178278c3b7a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 22:00:33 2009 +0500
+
+    Release 0.1 beta3
+
+commit a3c84e48a1ff32812aac92ca0dba923ca7dd4ca0
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:53:56 2009 +0500
+
+    Show version in help message
+    
+    Also remove unused Version constant.
+
+commit f880a472f6b835d8139adc27908206a11a50846f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:43:01 2009 +0500
+
+    Remove IF_DEBUG macros
+    
+    IF_DEBUG macros hides my_log(LOG_DEBUG...) calls. Thus it is redundant.
+
+commit 6b1a4beb839f41ecc7468e2680f5d0eedbd49b35
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:29:16 2009 +0500
+
+    Break long lines in build scripts
+
+commit 55dcd57b8cfac25a4eeafae5a18ab85a07484418
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:19:19 2009 +0500
+
+    Remove hardcoded version strings from man pages
+
+commit e7880c542e38bae8efa16b148a431488456f5594
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:52:58 2009 +0500
+
+    Move mrouted-LICENSE out of doc directory
+
+commit 9fee127b13336776d2e6019db8c22ee7de9bf36f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:32:31 2009 +0500
+
+    Use strdup() instead of malloc() and strcpy()
+
+commit d34dee7ea0b03ba98806558a1eebf78061ce8878
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:30:44 2009 +0500
+
+    Eliminate message about IGMP_MEMBERSHIP_QUERY ignored
+
+commit 32de2bfbad537f6e60edddaefa6c240b2811c567
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:25:30 2009 +0500
+
+    Add OpenBSD support
+
+commit a85c620eccea244c80a34c3403b2ea7055616703
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 04:16:53 2009 +0500
+
+    Add NetBSD support
+
+commit d61d57c50b8b2399ff90e32da687686cf068680a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 05:07:12 2009 +0500
+
+    Remove outdated bug report email address
+
+commit 14edc6d6dab34e5e51bc12a61f45bae753235e98
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 04:49:38 2009 +0500
+
+    Improve OS checking mechanism
+    
+    Hide all OS-specific things in os-*.h headers and let autoconf select
+    proper header. Also add check for struct sockaddr_in.sin_len member.
+
+commit b23a4c9f9edd43a22759930ae969ee420c270456
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 04:48:23 2009 +0500
+
+    Do not close std* streams in non-debug mode
+
+commit 7256cb378db4b839f0138cc9422971f5fb353de1
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 21:16:47 2009 +0500
+
+    Clean up configure.ac and add check for sockaddr.sa_len member
+
+commit eb6f3eababbca43c517a1407e5af66ed384bf07d
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 20:04:32 2009 +0500
+
+    Install igmpproxy to sbin directory
+
+commit e22427f33150970f6bef3106ac018d7138dfbadb
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 20:03:46 2009 +0500
+
+    Add missing igmpproxy.h to list of sources
+
+commit 68fb7638f36c85c44b2a8a33e28af58c65de8a06
+Author: Christian Ruppert <idl0r@gentoo.org>
+Date:   Thu Apr 9 21:28:04 2009 +0500
+
+    Add missing 'h' to the getopt() optstring
+
+commit bae0b7b42ec948442945648878dbc8ef3ee1d2c5
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat Apr 4 00:38:37 2009 +0500
+
+    Rework logging
+    
+    Allow to control verbosity with -v option.
+    Don't write to syslog in debug mode.
+    Don't fork in background. Let start-stop-deamon do this.
+    
+    Also update man-pages and help messages.
+
+commit df0ffb7998cbbd3ab09c100f48dead6adb93aa2c
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat Apr 4 00:38:06 2009 +0500
+
+    Move igmpproxy.conf out of src directory
+
+commit 4c36c1ea8f9822f96031cff8f40ca3fc7cb93db3
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Mar 9 22:03:46 2009 +0400
+
+    Initial FreeBSD support
+    
+    Based on IGMPproxy port to FreeBSD made by
+    Pavel Korshunov and gygenot.
+
+commit fdc5cc59655a59f7f73af78d6606b5c45b9c1071
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 20:37:17 2009 +0400
+
+    Move to C99 and clean up the code
+    
+    Listen to compiler's warnings.
+    Use standard integer and boolean types.
+    Remove redundant version.h.
+
+commit b535f70ec3dfc73a767592739c8aa44583e7e833
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 17:53:24 2009 +0400
+
+    Rename defs.h to igmpproxy.h
+
+commit 2df90756d378de822d6ece6aa0a340cab6a489e4
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 16:17:20 2009 +0400
+
+    Add bootstrap script
+
+commit 3393d1cd7c0f13cc91fa3ec974eb2cd1409bb720
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Feb 27 22:28:03 2009 +0400
+
+    Remove stuff generated by autotools
+
+commit 576b42c7fc71757a33dbac0ebc388f8eebd81fe3
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Feb 23 00:36:39 2009 +0400
+
+    Fix logging to syslog
+    
+    Do not write textual representation of message severity
+    because syslog can do this itself. Also write only one
+    string at a time.
+
+commit 1223d5975a1da679d15120417365582a0054abc4
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Feb 23 00:22:20 2009 +0400
+
+    chmod -x on appropriate files
+
+commit 66145eee1d74c9edd23f3d72700911865b7a09bb
+Author: Conrad Kostecki <ConiKost@gmx.de>
+Date:   Mon Feb 23 00:18:48 2009 +0400
+
+    Remove banner
+
+commit 710d688641ca68d89a7b8958c7d84144d5fb1d9b
+Author: Alexey Charkov <alchark@gmail.com>
+Date:   Mon Feb 23 00:13:03 2009 +0400
+
+    Enable autotools
+    
+    I've packaged igmpproxy with GNU autotools, which will allow for a better
+    experience on Gentoo (CFLAGS, directory structure etc). Also, compile-time
+    warnings are fixed. As the project is dead, this is not even a fork :)
+
+commit f4c36aa73287b794e2c842564e82d2d4f3c1027f
+Author: Johnny Egeland <johnnyege@users.sourceforge.net>
+Date:   Mon Feb 23 00:10:48 2009 +0400
+
+    Initial import
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/GPL.txt b/ANW-URB/src/igmpproxy/igmpproxy-0.1/GPL.txt
new file mode 100644
index 0000000..97d8bc8
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/GPL.txt
@@ -0,0 +1,286 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+
+
+
+
+
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/INSTALL b/ANW-URB/src/igmpproxy/igmpproxy-0.1/INSTALL
new file mode 100644
index 0000000..2550dab
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/INSTALL
@@ -0,0 +1,302 @@
+Installation Instructions
+*************************
+
+Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
+2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+
+   This file is free documentation; the Free Software Foundation gives
+unlimited permission to copy, distribute and modify it.
+
+Basic Installation
+==================
+
+   Briefly, the shell commands `./configure; make; make install' should
+configure, build, and install this package.  The following
+more-detailed instructions are generic; see the `README' file for
+instructions specific to this package.
+
+   The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation.  It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions.  Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+   It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring.  Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.
+
+   If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release.  If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+   The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'.  You need `configure.ac' if
+you want to change it or regenerate `configure' using a newer version
+of `autoconf'.
+
+The simplest way to compile this package is:
+
+  1. `cd' to the directory containing the package's source code and type
+     `./configure' to configure the package for your system.
+
+     Running `configure' might take a while.  While running, it prints
+     some messages telling which features it is checking for.
+
+  2. Type `make' to compile the package.
+
+  3. Optionally, type `make check' to run any self-tests that come with
+     the package.
+
+  4. Type `make install' to install the programs and any data files and
+     documentation.
+
+  5. You can remove the program binaries and object files from the
+     source code directory by typing `make clean'.  To also remove the
+     files that `configure' created (so you can compile the package for
+     a different kind of computer), type `make distclean'.  There is
+     also a `make maintainer-clean' target, but that is intended mainly
+     for the package's developers.  If you use it, you may have to get
+     all sorts of other programs in order to regenerate files that came
+     with the distribution.
+
+  6. Often, you can also type `make uninstall' to remove the installed
+     files again.
+
+Compilers and Options
+=====================
+
+   Some systems require unusual options for compilation or linking that
+the `configure' script does not know about.  Run `./configure --help'
+for details on some of the pertinent environment variables.
+
+   You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment.  Here
+is an example:
+
+     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
+
+   *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+   You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory.  To do this, you can use GNU `make'.  `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script.  `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+   With a non-GNU `make', it is safer to compile the package for one
+architecture at a time in the source code directory.  After you have
+installed the package for one architecture, use `make distclean' before
+reconfiguring for another architecture.
+
+   On MacOS X 10.5 and later systems, you can create libraries and
+executables that work on multiple system types--known as "fat" or
+"universal" binaries--by specifying multiple `-arch' options to the
+compiler but only a single `-arch' option to the preprocessor.  Like
+this:
+
+     ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CPP="gcc -E" CXXCPP="g++ -E"
+
+   This is not guaranteed to produce working output in all cases, you
+may have to build one architecture at a time and combine the results
+using the `lipo' tool if you have problems.
+
+Installation Names
+==================
+
+   By default, `make install' installs the package's commands under
+`/usr/local/bin', include files under `/usr/local/include', etc.  You
+can specify an installation prefix other than `/usr/local' by giving
+`configure' the option `--prefix=PREFIX'.
+
+   You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files.  If you
+pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
+
+   In addition, if you use an unusual directory layout you can give
+options like `--bindir=DIR' to specify different values for particular
+kinds of files.  Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+   If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+   Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System).  The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+   For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Particular systems
+==================
+
+   On HP-UX, the default C compiler is not ANSI C compatible.  If GNU
+CC is not installed, it is recommended to use the following options in
+order to use an ANSI C compiler:
+
+     ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+
+and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+
+   On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+parse its `<wchar.h>' header file.  The option `-nodtk' can be used as
+a workaround.  If GNU CC is not installed, it is therefore recommended
+to try
+
+     ./configure CC="cc"
+
+and if that doesn't work, try
+
+     ./configure CC="cc -nodtk"
+
+   On Solaris, don't put `/usr/ucb' early in your `PATH'.  This
+directory contains several dysfunctional programs; working variants of
+these programs are available in `/usr/bin'.  So, if you need `/usr/ucb'
+in your `PATH', put it _after_ `/usr/bin'.
+
+   On Haiku, software installed for all users goes in `/boot/common',
+not `/usr/local'.  It is recommended to use the following options:
+
+     ./configure --prefix=/boot/common
+
+Specifying the System Type
+==========================
+
+   There may be some features `configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on.  Usually, assuming the package is built to be run on the
+_same_ architectures, `configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+`--build=TYPE' option.  TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
+     CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+     OS
+     KERNEL-OS
+
+   See the file `config.sub' for the possible values of each field.  If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+   If you are _building_ compiler tools for cross-compiling, you should
+use the option `--target=TYPE' to select the type of system they will
+produce code for.
+
+   If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
+
+Sharing Defaults
+================
+
+   If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists.  Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+   Variables not defined in a site shell script can be set in the
+environment passed to `configure'.  However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost.  In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'.  For example:
+
+     ./configure CC=/usr/local2/bin/gcc
+
+causes the specified `gcc' to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+an Autoconf bug.  Until the bug is fixed you can use this workaround:
+
+     CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
+
+`configure' Invocation
+======================
+
+   `configure' recognizes the following options to control how it
+operates.
+
+`--help'
+`-h'
+     Print a summary of all of the options to `configure', and exit.
+
+`--help=short'
+`--help=recursive'
+     Print a summary of the options unique to this package's
+     `configure', and exit.  The `short' variant lists options used
+     only in the top level, while the `recursive' variant lists options
+     also present in any nested packages.
+
+`--version'
+`-V'
+     Print the version of Autoconf used to generate the `configure'
+     script, and exit.
+
+`--cache-file=FILE'
+     Enable the cache: use and save the results of the tests in FILE,
+     traditionally `config.cache'.  FILE defaults to `/dev/null' to
+     disable caching.
+
+`--config-cache'
+`-C'
+     Alias for `--cache-file=config.cache'.
+
+`--quiet'
+`--silent'
+`-q'
+     Do not print messages saying which checks are being made.  To
+     suppress all normal output, redirect it to `/dev/null' (any error
+     messages will still be shown).
+
+`--srcdir=DIR'
+     Look for the package's source code in directory DIR.  Usually
+     `configure' can determine that directory automatically.
+
+`--prefix=DIR'
+     Use DIR as the installation prefix.  *Note Installation Names::
+     for more details, including other options available for fine-tuning
+     the installation locations.
+
+`--no-create'
+`-n'
+     Run the configure checks, but stop before creating any output
+     files.
+
+`configure' also accepts some other, not widely useful, options.  Run
+`configure --help' for more details.
+
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/Makefile b/ANW-URB/src/igmpproxy/igmpproxy-0.1/Makefile
new file mode 100644
index 0000000..ab42594
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/Makefile
@@ -0,0 +1,739 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = i586-pc-linux-gnu
+host_triplet = i586-pc-linux-gnu
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(dist_sysconf_DATA) \
+	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/config.h.in $(top_srcdir)/configure AUTHORS COPYING \
+	ChangeLog INSTALL NEWS config.guess config.sub depcomp \
+	install-sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(sysconfdir)"
+DATA = $(dist_sysconf_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+	$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+	distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d "$(distdir)" \
+    || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr "$(distdir)"; }; }
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy-0.1
+abs_srcdir = /usr/local/src/igmpproxy-0.1
+abs_top_builddir = /usr/local/src/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = i586-pc-linux-gnu
+build_alias = 
+build_cpu = i586
+build_os = linux-gnu
+build_vendor = pc
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = i586-pc-linux-gnu
+host_alias = 
+host_cpu = i586
+host_os = linux-gnu
+host_vendor = pc
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = 
+top_builddir = .
+top_srcdir = .
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh:
+	@:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
+	      $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	$(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in:  $(am__configure_deps) 
+	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-dist_sysconfDATA: $(dist_sysconf_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(sysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sysconfdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \
+	done
+
+uninstall-dist_sysconfDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sysconfdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sysconfdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	test -d "$(distdir)" || mkdir "$(distdir)"
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+		am__skip_mode_fix=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+	-test -n "$(am__skip_mode_fix)" \
+	|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-lzma: distdir
+	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+	$(am__remove_distdir)
+
+dist-xz: distdir
+	tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lzma*) \
+	  unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+	*.tar.xz*) \
+	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	test -d $(distdir)/_build || exit 0; \
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && am__cwd=`pwd` \
+	  && $(am__cd) $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+	  && cd "$$am__cwd" \
+	  || exit 1
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+	@$(am__cd) '$(distuninstallcheck_dir)' \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(DATA) config.h
+installdirs: installdirs-recursive
+installdirs-am:
+	for dir in "$(DESTDIR)$(sysconfdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-dist_sysconfDATA
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-dist_sysconfDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+	ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am am--refresh check check-am clean clean-generic \
+	ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
+	dist-lzma dist-shar dist-tarZ dist-xz dist-zip distcheck \
+	distclean distclean-generic distclean-hdr distclean-tags \
+	distcleancheck distdir distuninstallcheck dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_sysconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	installdirs-am maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \
+	tags-recursive uninstall uninstall-am \
+	uninstall-dist_sysconfDATA
+
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/Makefile.am b/ANW-URB/src/igmpproxy/igmpproxy-0.1/Makefile.am
new file mode 100644
index 0000000..b569f48
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/Makefile.am
@@ -0,0 +1,10 @@
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/Makefile.in b/ANW-URB/src/igmpproxy/igmpproxy-0.1/Makefile.in
new file mode 100644
index 0000000..508f703
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/Makefile.in
@@ -0,0 +1,739 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(dist_sysconf_DATA) \
+	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/config.h.in $(top_srcdir)/configure AUTHORS COPYING \
+	ChangeLog INSTALL NEWS config.guess config.sub depcomp \
+	install-sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(sysconfdir)"
+DATA = $(dist_sysconf_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+	$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+	distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d "$(distdir)" \
+    || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr "$(distdir)"; }; }
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh:
+	@:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
+	      $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	$(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in:  $(am__configure_deps) 
+	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-dist_sysconfDATA: $(dist_sysconf_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(sysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sysconfdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \
+	done
+
+uninstall-dist_sysconfDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sysconfdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sysconfdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	test -d "$(distdir)" || mkdir "$(distdir)"
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+		am__skip_mode_fix=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+	-test -n "$(am__skip_mode_fix)" \
+	|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-lzma: distdir
+	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+	$(am__remove_distdir)
+
+dist-xz: distdir
+	tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lzma*) \
+	  unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+	*.tar.xz*) \
+	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	test -d $(distdir)/_build || exit 0; \
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && am__cwd=`pwd` \
+	  && $(am__cd) $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+	  && cd "$$am__cwd" \
+	  || exit 1
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+	@$(am__cd) '$(distuninstallcheck_dir)' \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(DATA) config.h
+installdirs: installdirs-recursive
+installdirs-am:
+	for dir in "$(DESTDIR)$(sysconfdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-dist_sysconfDATA
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-dist_sysconfDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+	ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am am--refresh check check-am clean clean-generic \
+	ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
+	dist-lzma dist-shar dist-tarZ dist-xz dist-zip distcheck \
+	distclean distclean-generic distclean-hdr distclean-tags \
+	distcleancheck distdir distuninstallcheck dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_sysconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	installdirs-am maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \
+	tags-recursive uninstall uninstall-am \
+	uninstall-dist_sysconfDATA
+
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/NEWS b/ANW-URB/src/igmpproxy/igmpproxy-0.1/NEWS
new file mode 100644
index 0000000..fa39cb9
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/NEWS
@@ -0,0 +1,4 @@
+New releases, the Git repository and the bug tracker are accessible
+at project homepage:
+
+	http://sourceforge.net/projects/igmpproxy/
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/README b/ANW-URB/src/igmpproxy/igmpproxy-0.1/README
new file mode 100644
index 0000000..01add8d
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/README
@@ -0,0 +1,10 @@
+IGMPproxy is a simple mulitcast router that only uses the IGMP protocol.
+
+Supported operating systems:
+ - Linux
+ - FreeBSD
+ - NetBSD
+ - OpenBSD
+ - DragonFly BSD
+
+This software is released under the GNU GPL license v2. See details in COPYING.
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/Stanford.txt b/ANW-URB/src/igmpproxy/igmpproxy-0.1/Stanford.txt
new file mode 100644
index 0000000..ef7da47
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/Stanford.txt
@@ -0,0 +1,48 @@
+
+The mrouted program is covered by the following license.  Use of the
+mrouted program represents acceptance of these terms and conditions.
+
+1. STANFORD grants to LICENSEE a nonexclusive and nontransferable license
+to use, copy and modify the computer software ``mrouted'' (hereinafter
+called the ``Program''), upon the terms and conditions hereinafter set
+out and until Licensee discontinues use of the Licensed Program.
+
+2. LICENSEE acknowledges that the Program is a research tool still in
+the development state, that it is being supplied ``as is,'' without any
+accompanying services from STANFORD, and that this license is entered
+into in order to encourage scientific collaboration aimed at further
+development and application of the Program.
+
+3. LICENSEE may copy the Program and may sublicense others to use object
+code copies of the Program or any derivative version of the Program.
+All copies must contain all copyright and other proprietary notices found
+in the Program as provided by STANFORD.  Title to copyright to the
+Program remains with STANFORD.
+
+4. LICENSEE may create derivative versions of the Program.  LICENSEE
+hereby grants STANFORD a royalty-free license to use, copy, modify,
+distribute and sublicense any such derivative works.  At the time
+LICENSEE provides a copy of a derivative version of the Program to a
+third party, LICENSEE shall provide STANFORD with one copy of the source
+code of the derivative version at no charge to STANFORD.
+
+5. STANFORD MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED.
+By way of example, but not limitation, STANFORD MAKES NO REPRESENTATION
+OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR
+THAT THE USE OF THE LICENSED PROGRAM WILL NOT INFRINGE ANY PATENTS,
+COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. STANFORD shall not be held liable
+for any liability nor for any direct, indirect or consequential damages
+with respect to any claim by LICENSEE or any third party on account of or
+arising from this Agreement or use of the Program.
+
+6. This agreement shall be construed, interpreted and applied in
+accordance with the State of California and any legal action arising
+out of this Agreement or use of the Program shall be filed in a court
+in the State of California.
+
+7. Nothing in this Agreement shall be construed as conferring rights to
+use in advertising, publicity or otherwise any trademark or the name
+of ``Stanford''.
+
+The mrouted program is COPYRIGHT 1989 by The Board of Trustees of
+Leland Stanford Junior University.
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/aclocal.m4 b/ANW-URB/src/igmpproxy/igmpproxy-0.1/aclocal.m4
new file mode 100644
index 0000000..9304f88
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/aclocal.m4
@@ -0,0 +1,951 @@
+# generated automatically by aclocal 1.11 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2007, 2008, 2009  Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.63],,
+[m4_warning([this file was generated for autoconf 2.63.
+You have another version of autoconf.  It may work, but is not guaranteed to.
+If you have problems, you may need to regenerate the build system entirely.
+To do so, use the procedure documented by the package, typically `autoreconf'.])])
+
+# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+# (This private macro should not be called outside this file.)
+AC_DEFUN([AM_AUTOMAKE_VERSION],
+[am__api_version='1.11'
+dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+dnl require some minimum version.  Point them to the right macro.
+m4_if([$1], [1.11], [],
+      [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+])
+
+# _AM_AUTOCONF_VERSION(VERSION)
+# -----------------------------
+# aclocal traces this macro to find the Autoconf version.
+# This is a private macro too.  Using m4_define simplifies
+# the logic in aclocal, which can simply ignore this definition.
+m4_define([_AM_AUTOCONF_VERSION], [])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+[AM_AUTOMAKE_VERSION([1.11])dnl
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+
+# AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'.  In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory.  The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run.  This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+#    fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+#    fails if $ac_aux_dir is absolute,
+#    fails when called from a subdirectory in a VPATH build with
+#          a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir.  In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir.  That would be:
+#   am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+#   MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH.  The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL                                            -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 9
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
+	[$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
+if $2; then
+  $1_TRUE=
+  $1_FALSE='#'
+else
+  $1_TRUE='#'
+  $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+  AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 10
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery.  Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC,   [depcc="$CC"   am_compiler_list=],
+       [$1], CXX,  [depcc="$CXX"  am_compiler_list=],
+       [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+       [$1], UPC,  [depcc="$UPC"  am_compiler_list=],
+       [$1], GCJ,  [depcc="$GCJ"  am_compiler_list='gcc3 gcc'],
+                   [depcc="$$1"   am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+               [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_$1_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+  fi
+  am__universal=false
+  m4_case([$1], [CC],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac],
+    [CXX],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac])
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_$1_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
+])
+
+# Generate code to set up dependency tracking.              -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 5
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[{
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`AS_DIRNAME("$mf")`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`AS_DIRNAME(["$file"])`
+      AS_MKDIR_P([$dirpart/$fdir])
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled.  FIXME.  This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+     [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+     [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Do all the work for Automake.                             -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2008, 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 16
+
+# This macro actually does too much.  Some checks are only needed if
+# your package does certain things.  But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out.  PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition.  After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.62])dnl
+dnl Autoconf wants to disallow AM_ names.  We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
+m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
+  [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+	      [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+			     [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+		  [_AM_DEPENDENCIES(CC)],
+		  [define([AC_PROG_CC],
+			  defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+		  [_AM_DEPENDENCIES(CXX)],
+		  [define([AC_PROG_CXX],
+			  defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_OBJC],
+		  [_AM_DEPENDENCIES(OBJC)],
+		  [define([AC_PROG_OBJC],
+			  defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
+])
+_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl
+dnl The `parallel-tests' driver may need to know about EXEEXT, so add the
+dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen.  This macro
+dnl is hooked onto _AC_COMPILER_EXEEXT early, see below.
+AC_CONFIG_COMMANDS_PRE(dnl
+[m4_provide_if([_AM_COMPILER_EXEEXT],
+  [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
+])
+
+dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion.  Do not
+dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
+dnl mangled by Autoconf and run in a shell conditional statement.
+m4_define([_AC_COMPILER_EXEEXT],
+m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated.  The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_arg=$1
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+if test x"${install_sh}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot.  For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Check to see how 'make' treats includes.	            -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2009  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 6
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([missing])dnl
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check for `mkdir -p'.
+AC_DEFUN([AM_PROG_MKDIR_P],
+[AC_PREREQ([2.60])dnl
+AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+dnl Automake 1.8 to 1.9.6 used to define mkdir_p.  We now use MKDIR_P,
+dnl while keeping a definition of mkdir_p for backward compatibility.
+dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
+dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
+dnl Makefile.ins that do not define MKDIR_P, so we do our own
+dnl adjustment using top_builddir (which is defined more often than
+dnl MKDIR_P).
+AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
+case $mkdir_p in
+  [[\\/$]]* | ?:[[\\/]]*) ;;
+  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+])
+
+# Helper functions for option handling.                     -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME.  Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Check to make sure that the build environment is sane.    -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[[\\\"\#\$\&\'\`$am_lf]]*)
+    AC_MSG_ERROR([unsafe absolute working directory name]);;
+esac
+case $srcdir in
+  *[[\\\"\#\$\&\'\`$am_lf\ \	]]*)
+    AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+   if test "$[*]" = "X"; then
+      # -L didn't work.
+      set X `ls -t "$srcdir/configure" conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$[*]" != "X $srcdir/configure conftest.file" \
+      && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      AC_MSG_ERROR([ls -t appears to fail.  Make sure there is not a broken
+alias in your environment])
+   fi
+
+   test "$[2]" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries.  This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+  AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Copyright (C) 2006, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
+# This macro is traced by Automake.
+AC_DEFUN([_AM_SUBST_NOTMAKE])
+
+# AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Public sister of _AM_SUBST_NOTMAKE.
+AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+
+# Check how to create a tarball.                            -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+#     tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+#     $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+     [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+     [m4_case([$1], [ustar],, [pax],,
+              [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+  case $_am_tool in
+  gnutar)
+    for _am_tar in tar gnutar gtar;
+    do
+      AM_RUN_LOG([$_am_tar --version]) && break
+    done
+    am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+    am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+    am__untar="$_am_tar -xf -"
+    ;;
+  plaintar)
+    # Must skip GNU tar: if it does not support --format= it doesn't create
+    # ustar tarball either.
+    (tar --version) >/dev/null 2>&1 && continue
+    am__tar='tar chf - "$$tardir"'
+    am__tar_='tar chf - "$tardir"'
+    am__untar='tar xf -'
+    ;;
+  pax)
+    am__tar='pax -L -x $1 -w "$$tardir"'
+    am__tar_='pax -L -x $1 -w "$tardir"'
+    am__untar='pax -r'
+    ;;
+  cpio)
+    am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+    am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+    am__untar='cpio -i -H $1 -d'
+    ;;
+  none)
+    am__tar=false
+    am__tar_=false
+    am__untar=false
+    ;;
+  esac
+
+  # If the value was cached, stop now.  We just wanted to have am__tar
+  # and am__untar set.
+  test -n "${am_cv_prog_tar_$1}" && break
+
+  # tar/untar a dummy directory, and stop if the command works
+  rm -rf conftest.dir
+  mkdir conftest.dir
+  echo GrepMe > conftest.dir/file
+  AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+  rm -rf conftest.dir
+  if test -s conftest.tar; then
+    AM_RUN_LOG([$am__untar <conftest.tar])
+    grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+  fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.guess b/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.guess
new file mode 100755
index 0000000..12734a7
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.guess
@@ -0,0 +1,1554 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-08-19'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner.  Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+case "${UNAME_SYSTEM}" in
+Linux|GNU/*)
+	eval $set_cc_for_build
+	cat << EOF > $dummy.c
+	#include <features.h>
+	#ifdef __UCLIBC__
+	# ifdef __UCLIBC_CONFIG_VERSION__
+	LIBC=uclibc __UCLIBC_CONFIG_VERSION__
+	# else
+	LIBC=uclibc
+	# endif
+	#else
+	LIBC=gnu
+	#endif
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep LIBC= | sed -e 's: ::g'`
+	;;
+esac
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep -q __ELF__
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    s390x:SunOS:*:*)
+	echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+	eval $set_cc_for_build
+	SUN_ARCH="i386"
+	# If there is a compiler, see if it is configured for 64-bit objects.
+	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+	# This test works for both compilers.
+	if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+		(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+		grep IS_64BIT_ARCH >/dev/null
+	    then
+		SUN_ARCH="x86_64"
+	    fi
+	fi
+	echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[456])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep -q __LP64__
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86)
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd | genuineintel)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	    IA64)
+		echo ia64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    8664:Windows_NT:*)
+	echo x86_64-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	eval $set_cc_for_build
+	if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+	    | grep -q __ARM_EABI__
+	then
+	    echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	else
+	    echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
+	fi
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-${LIBC}
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-${LIBC}
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-${LIBC}
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    mips:Linux:*:* | mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef ${UNAME_MACHINE}
+	#undef ${UNAME_MACHINE}el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=${UNAME_MACHINE}el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=${UNAME_MACHINE}
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-${LIBC}
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-${LIBC}
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-${LIBC}
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep -q ld.so.1
+	if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    padre:Linux:*:*)
+	echo sparc-unknown-linux-${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
+	  PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
+	  *)    echo hppa-unknown-linux-${LIBC} ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-${LIBC}
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-${LIBC}
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-${LIBC}
+	exit ;;
+    xtensa*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-${LIBC}"
+		;;
+	esac
+	# This should get integrated into the C code below, but now we hack
+	if [ "$LIBC" != "gnu" ] ; then echo "$TENTATIVE" && exit 0 ; fi
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i586.
+	# Note: whatever this is, it MUST be the same as what config.sub
+	# prints for the "djgpp" host, or else GDB configury will decide that
+	# this is a cross-build.
+	echo i586-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+	OS_REL='.3'
+	test -r /etc/.relid \
+	    && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	    && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <Richard.M.Bartel@ccMail.Census.GOV>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    BePC:Haiku:*:*)	# Haiku running on Intel PC compatible.
+	echo i586-pc-haiku
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+    i*86:AROS:*:*)
+	echo ${UNAME_MACHINE}-pc-aros
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.h b/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.h
new file mode 100644
index 0000000..f438e80
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.h
@@ -0,0 +1,29 @@
+/* config.h.  Generated from config.h.in by configure.  */
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if `sin_len' is member of `struct sockaddr_in'. */
+/* #undef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
+
+/* Define to 1 if `sa_len' is member of `struct sockaddr'. */
+/* #undef HAVE_STRUCT_SOCKADDR_SA_LEN */
+
+/* Name of package */
+#define PACKAGE "igmpproxy"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT ""
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "igmpproxy"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "igmpproxy 0.1"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "igmpproxy"
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "0.1"
+
+/* Version number of package */
+#define VERSION "0.1"
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.h.in b/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.h.in
new file mode 100644
index 0000000..bb6a90d
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.h.in
@@ -0,0 +1,28 @@
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if `sin_len' is member of `struct sockaddr_in'. */
+#undef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
+
+/* Define to 1 if `sa_len' is member of `struct sockaddr'. */
+#undef HAVE_STRUCT_SOCKADDR_SA_LEN
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Version number of package */
+#undef VERSION
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.log b/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.log
new file mode 100644
index 0000000..11ca199
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.log
@@ -0,0 +1,559 @@
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by igmpproxy configure 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  $ ./configure --prefix=/usr/local/igmpproxy-0.1
+
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = gw-flr
+uname -m = i586
+uname -r = 3.2.0-4-486
+uname -s = Linux
+uname -v = #1 Debian 3.2.41-2
+
+/usr/bin/uname -p = unknown
+/bin/uname -X     = unknown
+
+/bin/arch              = unknown
+/usr/bin/arch -k       = unknown
+/usr/convex/getsysinfo = unknown
+/usr/bin/hostinfo      = unknown
+/bin/machine           = unknown
+/usr/bin/oslevel       = unknown
+/bin/universe          = unknown
+
+PATH: /root/bin
+PATH: /usr/local/sbin
+PATH: /usr/local/bin
+PATH: /usr/sbin
+PATH: /usr/bin
+PATH: /sbin
+PATH: /bin
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+configure:1839: checking for a BSD-compatible install
+configure:1907: result: /usr/bin/install -c
+configure:1918: checking whether build environment is sane
+configure:1978: result: yes
+configure:2119: checking for a thread-safe mkdir -p
+configure:2158: result: /bin/mkdir -p
+configure:2171: checking for gawk
+configure:2187: found /usr/bin/gawk
+configure:2198: result: gawk
+configure:2209: checking whether make sets $(MAKE)
+configure:2231: result: yes
+configure:2328: checking for style of include used by make
+configure:2356: result: GNU
+configure:2426: checking for gcc
+configure:2442: found /usr/bin/gcc
+configure:2453: result: gcc
+configure:2685: checking for C compiler version
+configure:2693: gcc --version >&5
+gcc (Debian 4.7.2-5) 4.7.2
+Copyright (C) 2012 Free Software Foundation, Inc.
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+configure:2697: $? = 0
+configure:2704: gcc -v >&5
+Using built-in specs.
+COLLECT_GCC=gcc
+COLLECT_LTO_WRAPPER=/usr/lib/gcc/i486-linux-gnu/4.7/lto-wrapper
+Target: i486-linux-gnu
+Configured with: ../src/configure -v --with-pkgversion='Debian 4.7.2-5' --with-bugurl=file:///usr/share/doc/gcc-4.7/README.Bugs --enable-languages=c,c++,go,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.7 --enable-shared --enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.7 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --enable-plugin --enable-objc-gc --enable-targets=all --with-arch-32=i586 --with-tune=generic --enable-checking=release --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu
+Thread model: posix
+gcc version 4.7.2 (Debian 4.7.2-5) 
+configure:2708: $? = 0
+configure:2715: gcc -V >&5
+gcc: error: unrecognized command line option '-V'
+gcc: fatal error: no input files
+compilation terminated.
+configure:2719: $? = 4
+configure:2742: checking for C compiler default output file name
+configure:2764: gcc    conftest.c  >&5
+configure:2768: $? = 0
+configure:2806: result: a.out
+configure:2825: checking whether the C compiler works
+configure:2835: ./a.out
+configure:2839: $? = 0
+configure:2858: result: yes
+configure:2865: checking whether we are cross compiling
+configure:2867: result: no
+configure:2870: checking for suffix of executables
+configure:2877: gcc -o conftest    conftest.c  >&5
+configure:2881: $? = 0
+configure:2907: result: 
+configure:2913: checking for suffix of object files
+configure:2939: gcc -c   conftest.c >&5
+configure:2943: $? = 0
+configure:2968: result: o
+configure:2972: checking whether we are using the GNU C compiler
+configure:3001: gcc -c   conftest.c >&5
+configure:3008: $? = 0
+configure:3025: result: yes
+configure:3034: checking whether gcc accepts -g
+configure:3064: gcc -c -g  conftest.c >&5
+configure:3071: $? = 0
+configure:3172: result: yes
+configure:3189: checking for gcc option to accept ISO C89
+configure:3263: gcc  -c -g -O2  conftest.c >&5
+configure:3270: $? = 0
+configure:3293: result: none needed
+configure:3313: checking dependency style of gcc
+configure:3423: result: gcc3
+configure:3438: checking for gcc option to accept ISO C99
+configure:3597: gcc  -c -g -O2  conftest.c >&5
+conftest.c:60:29: error: expected ';', ',' or ')' before 'text'
+conftest.c: In function 'main':
+conftest.c:114:18: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'newvar'
+conftest.c:114:18: error: 'newvar' undeclared (first use in this function)
+conftest.c:114:18: note: each undeclared identifier is reported only once for each function it appears in
+conftest.c:124:3: error: 'for' loop initial declarations are only allowed in C99 mode
+conftest.c:124:3: note: use option -std=c99 or -std=gnu99 to compile your code
+configure:3604: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| #include <stdarg.h>
+| #include <stdbool.h>
+| #include <stdlib.h>
+| #include <wchar.h>
+| #include <stdio.h>
+| 
+| // Check varargs macros.  These examples are taken from C99 6.10.3.5.
+| #define debug(...) fprintf (stderr, __VA_ARGS__)
+| #define showlist(...) puts (#__VA_ARGS__)
+| #define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+| static void
+| test_varargs_macros (void)
+| {
+|   int x = 1234;
+|   int y = 5678;
+|   debug ("Flag");
+|   debug ("X = %d\n", x);
+|   showlist (The first, second, and third items.);
+|   report (x>y, "x is %d but y is %d", x, y);
+| }
+| 
+| // Check long long types.
+| #define BIG64 18446744073709551615ull
+| #define BIG32 4294967295ul
+| #define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+| #if !BIG_OK
+|   your preprocessor is broken;
+| #endif
+| #if BIG_OK
+| #else
+|   your preprocessor is broken;
+| #endif
+| static long long int bignum = -9223372036854775807LL;
+| static unsigned long long int ubignum = BIG64;
+| 
+| struct incomplete_array
+| {
+|   int datasize;
+|   double data[];
+| };
+| 
+| struct named_init {
+|   int number;
+|   const wchar_t *name;
+|   double average;
+| };
+| 
+| typedef const char *ccp;
+| 
+| static inline int
+| test_restrict (ccp restrict text)
+| {
+|   // See if C++-style comments work.
+|   // Iterate through items via the restricted pointer.
+|   // Also check for declarations in for loops.
+|   for (unsigned int i = 0; *(text+i) != '\0'; ++i)
+|     continue;
+|   return 0;
+| }
+| 
+| // Check varargs and va_copy.
+| static void
+| test_varargs (const char *format, ...)
+| {
+|   va_list args;
+|   va_start (args, format);
+|   va_list args_copy;
+|   va_copy (args_copy, args);
+| 
+|   const char *str;
+|   int number;
+|   float fnumber;
+| 
+|   while (*format)
+|     {
+|       switch (*format++)
+| 	{
+| 	case 's': // string
+| 	  str = va_arg (args_copy, const char *);
+| 	  break;
+| 	case 'd': // int
+| 	  number = va_arg (args_copy, int);
+| 	  break;
+| 	case 'f': // float
+| 	  fnumber = va_arg (args_copy, double);
+| 	  break;
+| 	default:
+| 	  break;
+| 	}
+|     }
+|   va_end (args_copy);
+|   va_end (args);
+| }
+| 
+| int
+| main ()
+| {
+| 
+|   // Check bool.
+|   _Bool success = false;
+| 
+|   // Check restrict.
+|   if (test_restrict ("String literal") == 0)
+|     success = true;
+|   char *restrict newvar = "Another string";
+| 
+|   // Check varargs.
+|   test_varargs ("s, d' f .", "string", 65, 34.234);
+|   test_varargs_macros ();
+| 
+|   // Check flexible array members.
+|   struct incomplete_array *ia =
+|     malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+|   ia->datasize = 10;
+|   for (int i = 0; i < ia->datasize; ++i)
+|     ia->data[i] = i * 1.234;
+| 
+|   // Check named initializers.
+|   struct named_init ni = {
+|     .number = 34,
+|     .name = L"Test wide string",
+|     .average = 543.34343,
+|   };
+| 
+|   ni.number = 58;
+| 
+|   int dynamic_array[ni.number];
+|   dynamic_array[ni.number - 1] = 543;
+| 
+|   // work around unused variable warnings
+|   return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
+| 	  || dynamic_array[ni.number - 1] != 543);
+| 
+|   ;
+|   return 0;
+| }
+configure:3597: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+configure:3604: $? = 0
+configure:3634: result: -std=gnu99
+configure:3647: checking build system type
+configure:3665: result: i586-pc-linux-gnu
+configure:3687: checking host system type
+configure:3702: result: i586-pc-linux-gnu
+configure:3738: checking for struct sockaddr.sa_len
+configure:3770: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:12: error: 'struct sockaddr' has no member named 'sa_len'
+configure:3777: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <sys/socket.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr ac_aggr;
+| if (ac_aggr.sa_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3814: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:19: error: 'struct sockaddr' has no member named 'sa_len'
+configure:3821: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <sys/socket.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr ac_aggr;
+| if (sizeof ac_aggr.sa_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3839: result: no
+configure:3850: checking for struct sockaddr_in.sin_len
+configure:3882: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:12: error: 'struct sockaddr_in' has no member named 'sin_len'
+configure:3889: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <netinet/in.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr_in ac_aggr;
+| if (ac_aggr.sin_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3926: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:19: error: 'struct sockaddr_in' has no member named 'sin_len'
+configure:3933: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <netinet/in.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr_in ac_aggr;
+| if (sizeof ac_aggr.sin_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3951: result: no
+configure:4089: creating ./config.status
+
+## ---------------------- ##
+## Running config.status. ##
+## ---------------------- ##
+
+This file was extended by igmpproxy config.status 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = 
+  CONFIG_HEADERS  = 
+  CONFIG_LINKS    = 
+  CONFIG_COMMANDS = 
+  $ ./config.status 
+
+on gw-flr
+
+config.status:776: creating Makefile
+config.status:776: creating doc/Makefile
+config.status:776: creating src/Makefile
+config.status:776: creating doc/igmpproxy.8
+config.status:776: creating doc/igmpproxy.conf.5
+config.status:776: creating config.h
+config.status:1062: linking src/os-linux.h to src/os.h
+config.status:1085: executing depfiles commands
+
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+
+ac_cv_build=i586-pc-linux-gnu
+ac_cv_c_compiler_gnu=yes
+ac_cv_env_CC_set=
+ac_cv_env_CC_value=
+ac_cv_env_CFLAGS_set=
+ac_cv_env_CFLAGS_value=
+ac_cv_env_CPPFLAGS_set=
+ac_cv_env_CPPFLAGS_value=
+ac_cv_env_LDFLAGS_set=
+ac_cv_env_LDFLAGS_value=
+ac_cv_env_LIBS_set=
+ac_cv_env_LIBS_value=
+ac_cv_env_build_alias_set=
+ac_cv_env_build_alias_value=
+ac_cv_env_host_alias_set=
+ac_cv_env_host_alias_value=
+ac_cv_env_target_alias_set=
+ac_cv_env_target_alias_value=
+ac_cv_host=i586-pc-linux-gnu
+ac_cv_member_struct_sockaddr_in_sin_len=no
+ac_cv_member_struct_sockaddr_sa_len=no
+ac_cv_objext=o
+ac_cv_path_install='/usr/bin/install -c'
+ac_cv_path_mkdir=/bin/mkdir
+ac_cv_prog_AWK=gawk
+ac_cv_prog_ac_ct_CC=gcc
+ac_cv_prog_cc_c89=
+ac_cv_prog_cc_c99=-std=gnu99
+ac_cv_prog_cc_g=yes
+ac_cv_prog_make_make_set=yes
+am_cv_CC_dependencies_compiler_type=gcc3
+
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+
+ACLOCAL='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run aclocal-1.11'
+AMDEPBACKSLASH='\'
+AMDEP_FALSE='#'
+AMDEP_TRUE=''
+AMTAR='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run tar'
+AUTOCONF='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoconf'
+AUTOHEADER='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoheader'
+AUTOMAKE='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run automake-1.11'
+AWK='gawk'
+CC='gcc -std=gnu99'
+CCDEPMODE='depmode=gcc3'
+CFLAGS='-g -O2'
+CPPFLAGS=''
+CYGPATH_W='echo'
+DEFS='-DHAVE_CONFIG_H'
+DEPDIR='.deps'
+ECHO_C=''
+ECHO_N='-n'
+ECHO_T=''
+EXEEXT=''
+INSTALL_DATA='${INSTALL} -m 644'
+INSTALL_PROGRAM='${INSTALL}'
+INSTALL_SCRIPT='${INSTALL}'
+INSTALL_STRIP_PROGRAM='$(install_sh) -c -s'
+LDFLAGS=''
+LIBOBJS=''
+LIBS=''
+LTLIBOBJS=''
+MAKEINFO='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run makeinfo'
+MKDIR_P='/bin/mkdir -p'
+OBJEXT='o'
+PACKAGE='igmpproxy'
+PACKAGE_BUGREPORT=''
+PACKAGE_NAME='igmpproxy'
+PACKAGE_STRING='igmpproxy 0.1'
+PACKAGE_TARNAME='igmpproxy'
+PACKAGE_VERSION='0.1'
+PATH_SEPARATOR=':'
+SET_MAKE=''
+SHELL='/bin/sh'
+STRIP=''
+VERSION='0.1'
+ac_ct_CC='gcc'
+am__EXEEXT_FALSE=''
+am__EXEEXT_TRUE='#'
+am__fastdepCC_FALSE='#'
+am__fastdepCC_TRUE=''
+am__include='include'
+am__isrc=''
+am__leading_dot='.'
+am__quote=''
+am__tar='${AMTAR} chof - "$$tardir"'
+am__untar='${AMTAR} xf -'
+bindir='${exec_prefix}/bin'
+build='i586-pc-linux-gnu'
+build_alias=''
+build_cpu='i586'
+build_os='linux-gnu'
+build_vendor='pc'
+datadir='${datarootdir}'
+datarootdir='${prefix}/share'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+dvidir='${docdir}'
+exec_prefix='${prefix}'
+host='i586-pc-linux-gnu'
+host_alias=''
+host_cpu='i586'
+host_os='linux-gnu'
+host_vendor='pc'
+htmldir='${docdir}'
+includedir='${prefix}/include'
+infodir='${datarootdir}/info'
+install_sh='${SHELL} /usr/local/src/igmpproxy-0.1/install-sh'
+libdir='${exec_prefix}/lib'
+libexecdir='${exec_prefix}/libexec'
+localedir='${datarootdir}/locale'
+localstatedir='${prefix}/var'
+mandir='${datarootdir}/man'
+mkdir_p='/bin/mkdir -p'
+oldincludedir='/usr/include'
+pdfdir='${docdir}'
+prefix='/usr/local/igmpproxy-0.1'
+program_transform_name='s,x,x,'
+psdir='${docdir}'
+sbindir='${exec_prefix}/sbin'
+sharedstatedir='${prefix}/com'
+sysconfdir='${prefix}/etc'
+target_alias=''
+
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+
+#define PACKAGE_NAME "igmpproxy"
+#define PACKAGE_TARNAME "igmpproxy"
+#define PACKAGE_VERSION "0.1"
+#define PACKAGE_STRING "igmpproxy 0.1"
+#define PACKAGE_BUGREPORT ""
+#define PACKAGE "igmpproxy"
+#define VERSION "0.1"
+
+configure: exit 0
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.status b/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.status
new file mode 100755
index 0000000..e2e807e
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.status
@@ -0,0 +1,1232 @@
+#! /bin/sh
+# Generated by configure.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=${CONFIG_SHELL-/bin/sh}
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+
+# Save the log message, to keep $[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+# Files that config.status was made for.
+config_files=" Makefile doc/Makefile src/Makefile doc/igmpproxy.8 doc/igmpproxy.conf.5"
+config_headers=" config.h"
+config_links=" src/os.h:src/os-linux.h"
+config_commands=" depfiles"
+
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTION]... [FILE]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration links:
+$config_links
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-autoconf@gnu.org>."
+
+ac_cs_version="\
+igmpproxy config.status 0.1
+configured by ./configure, generated by GNU Autoconf 2.63,
+  with options \"'--prefix=/usr/local/igmpproxy-0.1'\"
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='/usr/local/src/igmpproxy-0.1'
+srcdir='.'
+INSTALL='/usr/bin/install -c'
+MKDIR_P='/bin/mkdir -p'
+AWK='gawk'
+test -n "$AWK" || AWK=awk
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_FILES="$CONFIG_FILES '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_HEADERS="$CONFIG_HEADERS '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    { $as_echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; };;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) { $as_echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; } ;;
+
+  *) ac_config_targets="$ac_config_targets $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+if $ac_cs_recheck; then
+  set X '/bin/sh' './configure'  '--prefix=/usr/local/igmpproxy-0.1' $ac_configure_extra_args --no-create --no-recursion
+  shift
+  $as_echo "running CONFIG_SHELL=/bin/sh $*" >&6
+  CONFIG_SHELL='/bin/sh'
+  export CONFIG_SHELL
+  exec "$@"
+fi
+
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="" ac_aux_dir="."
+
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+    "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+    "src/os.h") CONFIG_LINKS="$CONFIG_LINKS src/os.h:src/os-${os}.h" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+    "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+    "doc/igmpproxy.8") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.8" ;;
+    "doc/igmpproxy.conf.5") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.conf.5" ;;
+
+  *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_LINKS+set}" = set || CONFIG_LINKS=$config_links
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp=
+  trap 'exit_status=$?
+  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+  trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} ||
+{
+   $as_echo "$as_me: cannot create a temporary directory in ." >&2
+   { (exit 1); exit 1; }
+}
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr='
'
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+cat >>"$tmp/subs1.awk" <<\_ACAWK &&
+S["am__EXEEXT_FALSE"]=""
+S["am__EXEEXT_TRUE"]="#"
+S["LTLIBOBJS"]=""
+S["LIBOBJS"]=""
+S["host_os"]="linux-gnu"
+S["host_vendor"]="pc"
+S["host_cpu"]="i586"
+S["host"]="i586-pc-linux-gnu"
+S["build_os"]="linux-gnu"
+S["build_vendor"]="pc"
+S["build_cpu"]="i586"
+S["build"]="i586-pc-linux-gnu"
+S["am__fastdepCC_FALSE"]="#"
+S["am__fastdepCC_TRUE"]=""
+S["CCDEPMODE"]="depmode=gcc3"
+S["AMDEPBACKSLASH"]="\\"
+S["AMDEP_FALSE"]="#"
+S["AMDEP_TRUE"]=""
+S["am__quote"]=""
+S["am__include"]="include"
+S["DEPDIR"]=".deps"
+S["OBJEXT"]="o"
+S["EXEEXT"]=""
+S["ac_ct_CC"]="gcc"
+S["CPPFLAGS"]=""
+S["LDFLAGS"]=""
+S["CFLAGS"]="-g -O2"
+S["CC"]="gcc -std=gnu99"
+S["am__untar"]="${AMTAR} xf -"
+S["am__tar"]="${AMTAR} chof - \"$$tardir\""
+S["AMTAR"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run tar"
+S["am__leading_dot"]="."
+S["SET_MAKE"]=""
+S["AWK"]="gawk"
+S["mkdir_p"]="/bin/mkdir -p"
+S["MKDIR_P"]="/bin/mkdir -p"
+S["INSTALL_STRIP_PROGRAM"]="$(install_sh) -c -s"
+S["STRIP"]=""
+S["install_sh"]="${SHELL} /usr/local/src/igmpproxy-0.1/install-sh"
+S["MAKEINFO"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run makeinfo"
+S["AUTOHEADER"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoheader"
+S["AUTOMAKE"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run automake-1.11"
+S["AUTOCONF"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoconf"
+S["ACLOCAL"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run aclocal-1.11"
+S["VERSION"]="0.1"
+S["PACKAGE"]="igmpproxy"
+S["CYGPATH_W"]="echo"
+S["am__isrc"]=""
+S["INSTALL_DATA"]="${INSTALL} -m 644"
+S["INSTALL_SCRIPT"]="${INSTALL}"
+S["INSTALL_PROGRAM"]="${INSTALL}"
+S["target_alias"]=""
+S["host_alias"]=""
+S["build_alias"]=""
+S["LIBS"]=""
+S["ECHO_T"]=""
+S["ECHO_N"]="-n"
+S["ECHO_C"]=""
+S["DEFS"]="-DHAVE_CONFIG_H"
+S["mandir"]="${datarootdir}/man"
+S["localedir"]="${datarootdir}/locale"
+S["libdir"]="${exec_prefix}/lib"
+S["psdir"]="${docdir}"
+S["pdfdir"]="${docdir}"
+S["dvidir"]="${docdir}"
+S["htmldir"]="${docdir}"
+S["infodir"]="${datarootdir}/info"
+S["docdir"]="${datarootdir}/doc/${PACKAGE_TARNAME}"
+S["oldincludedir"]="/usr/include"
+S["includedir"]="${prefix}/include"
+S["localstatedir"]="${prefix}/var"
+S["sharedstatedir"]="${prefix}/com"
+S["sysconfdir"]="${prefix}/etc"
+S["datadir"]="${datarootdir}"
+S["datarootdir"]="${prefix}/share"
+S["libexecdir"]="${exec_prefix}/libexec"
+S["sbindir"]="${exec_prefix}/sbin"
+S["bindir"]="${exec_prefix}/bin"
+S["program_transform_name"]="s,x,x,"
+S["prefix"]="/usr/local/igmpproxy-0.1"
+S["exec_prefix"]="${prefix}"
+S["PACKAGE_BUGREPORT"]=""
+S["PACKAGE_STRING"]="igmpproxy 0.1"
+S["PACKAGE_VERSION"]="0.1"
+S["PACKAGE_TARNAME"]="igmpproxy"
+S["PACKAGE_NAME"]="igmpproxy"
+S["PATH_SEPARATOR"]=":"
+S["SHELL"]="/bin/sh"
+_ACAWK
+cat >>"$tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+  || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5
+$as_echo "$as_me: error: could not setup config files machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+D["PACKAGE_NAME"]=" \"igmpproxy\""
+D["PACKAGE_TARNAME"]=" \"igmpproxy\""
+D["PACKAGE_VERSION"]=" \"0.1\""
+D["PACKAGE_STRING"]=" \"igmpproxy 0.1\""
+D["PACKAGE_BUGREPORT"]=" \"\""
+D["PACKAGE"]=" \"igmpproxy\""
+D["VERSION"]=" \"0.1\""
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+[_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ][_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]*([\t (]|$)/ {
+  line = $ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+  { { $as_echo "$as_me:$LINENO: error: could not setup config headers machinery" >&5
+$as_echo "$as_me: error: could not setup config headers machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS  :L $CONFIG_LINKS  :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: invalid tag $ac_tag" >&5
+$as_echo "$as_me: error: invalid tag $ac_tag" >&2;}
+   { (exit 1); exit 1; }; };;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
+$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;}
+   { (exit 1); exit 1; }; };;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      ac_file_inputs="$ac_file_inputs '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:$LINENO: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$tmp/stdin" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; } ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  { as_dir="$ac_dir"
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+  ac_MKDIR_P=$MKDIR_P
+  case $MKDIR_P in
+  [\\/$]* | ?:[\\/]* ) ;;
+  */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+  esac
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p
+'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+  ac_datarootdir_hack='
+  s&@datadir@&${datarootdir}&g
+  s&@docdir@&${datarootdir}/doc/${PACKAGE_TARNAME}&g
+  s&@infodir@&${datarootdir}/info&g
+  s&@localedir@&${datarootdir}/locale&g
+  s&@mandir@&${datarootdir}/man&g
+    s&\${datarootdir}&${prefix}/share&g' ;;
+esac
+ac_sed_extra="/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[	 ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[	 ]*$//
+}
+
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&2;}
+
+  rm -f "$tmp/stdin"
+  case $ac_file in
+  -) cat "$tmp/out" && rm -f "$tmp/out";;
+  *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+  esac \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+    } >"$tmp/config.h" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$tmp/config.h" "$ac_file" \
+	|| { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create -" >&5
+$as_echo "$as_me: error: could not create -" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$_am_arg" : 'X\(//\)[^/]' \| \
+	 X"$_am_arg" : 'X\(//\)$' \| \
+	 X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+  :L)
+  #
+  # CONFIG_LINK
+  #
+
+  if test "$ac_source" = "$ac_file" && test "$srcdir" = '.'; then
+    :
+  else
+    # Prefer the file from the source tree if names are identical.
+    if test "$ac_source" = "$ac_file" || test ! -r "$ac_source"; then
+      ac_source=$srcdir/$ac_source
+    fi
+
+    { $as_echo "$as_me:$LINENO: linking $ac_source to $ac_file" >&5
+$as_echo "$as_me: linking $ac_source to $ac_file" >&6;}
+
+    if test ! -r "$ac_source"; then
+      { { $as_echo "$as_me:$LINENO: error: $ac_source: file not found" >&5
+$as_echo "$as_me: error: $ac_source: file not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    rm -f "$ac_file"
+
+    # Try a relative symlink, then a hard link, then a copy.
+    case $srcdir in
+    [\\/$]* | ?:[\\/]* ) ac_rel_source=$ac_source ;;
+	*) ac_rel_source=$ac_top_build_prefix$ac_source ;;
+    esac
+    ln -s "$ac_rel_source" "$ac_file" 2>/dev/null ||
+      ln "$ac_source" "$ac_file" 2>/dev/null ||
+      cp -p "$ac_source" "$ac_file" ||
+      { { $as_echo "$as_me:$LINENO: error: cannot link or copy $ac_source to $ac_file" >&5
+$as_echo "$as_me: error: cannot link or copy $ac_source to $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+ ;;
+  :C)  { $as_echo "$as_me:$LINENO: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
+
+
+  case $ac_file$ac_mode in
+    "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$mf" : 'X\(//\)[^/]' \| \
+	 X"$mf" : 'X\(//\)$' \| \
+	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$file" : 'X\(//\)[^/]' \| \
+	 X"$file" : 'X\(//\)$' \| \
+	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      { as_dir=$dirpart/$fdir
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+ ;;
+
+  esac
+done # for ac_tag
+
+
+{ (exit 0); exit 0; }
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.sub b/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.sub
new file mode 100755
index 0000000..3243784
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/config.sub
@@ -0,0 +1,1717 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-08-19'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>.  Submit a context
+# diff and a properly formatted GNU ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  kopensolaris*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray | -microblaze)
+		os=
+		basic_machine=$1
+		;;
+        -bluegene*)
+	        os=-cnk
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx | dvp \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| lm32 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep | metag \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64octeon | mips64octeonel \
+	| mips64orion | mips64orionel \
+	| mips64r5900 | mips64r5900el \
+	| mips64vr | mips64vrel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| moxie \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k | z80)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| lm32-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64octeon-* | mips64octeonel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64r5900-* | mips64r5900el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa*-* \
+	| ymp-* \
+	| z8k-* | z80-*)
+		;;
+	# Recognize the basic CPU types without company name, with glob match.
+	xtensa*)
+		basic_machine=$basic_machine-unknown
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aros)
+		basic_machine=i386-pc
+		os=-aros
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	blackfin)
+		basic_machine=bfin-unknown
+		os=-linux
+		;;
+	blackfin-*)
+		basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	bluegene*)
+		basic_machine=powerpc-ibm
+		os=-cnk
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+        cegcc)
+		basic_machine=arm-unknown
+		os=-cegcc
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16)
+		basic_machine=cr16-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	dicos)
+		basic_machine=i686-pc
+		os=-dicos
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m68knommu)
+		basic_machine=m68k-unknown
+		os=-linux
+		;;
+	m68knommu-*)
+		basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+        microblaze)
+		basic_machine=microblaze-xilinx
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mipsEE* | ee | ps2)
+		basic_machine=mips64r5900el-scei
+		case $os in
+		    -linux*)
+			;;
+		    *)
+			os=-elf
+			;;
+		esac
+		;;
+	iop)
+		basic_machine=mipsel-scei
+		os=-irx
+		;;
+	dvp)
+		basic_machine=dvp-scei
+		os=-elf
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	parisc)
+		basic_machine=hppa-unknown
+		os=-linux
+		;;
+	parisc-*)
+		basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tile*)
+		basic_machine=tile-unknown
+		os=-linux-gnu
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	z80-*-coff)
+		basic_machine=z80-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -kopensolaris* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* | -aros* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* | -cegcc* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -irx*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-dicos*)
+		os=-dicos
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-cnk*|-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/configure b/ANW-URB/src/igmpproxy/igmpproxy-0.1/configure
new file mode 100755
index 0000000..1314ebf
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/configure
@@ -0,0 +1,5469 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.63 for igmpproxy 0.1.
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+if test "x$CONFIG_SHELL" = x; then
+  if (eval ":") 2>/dev/null; then
+  as_have_required=yes
+else
+  as_have_required=no
+fi
+
+  if test $as_have_required = yes &&	 (eval ":
+(as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0) || { (exit 1); exit 1; }
+
+(
+  as_lineno_1=\$LINENO
+  as_lineno_2=\$LINENO
+  test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" &&
+  test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; }
+") 2> /dev/null; then
+  :
+else
+  as_candidate_shells=
+    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  case $as_dir in
+	 /*)
+	   for as_base in sh bash ksh sh5; do
+	     as_candidate_shells="$as_candidate_shells $as_dir/$as_base"
+	   done;;
+       esac
+done
+IFS=$as_save_IFS
+
+
+      for as_shell in $as_candidate_shells $SHELL; do
+	 # Try only shells that exist, to save several forks.
+	 if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		{ ("$as_shell") 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+_ASEOF
+}; then
+  CONFIG_SHELL=$as_shell
+	       as_have_required=yes
+	       if { "$as_shell" 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+(as_func_return () {
+  (exit $1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = "$1" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test $exitcode = 0) || { (exit 1); exit 1; }
+
+(
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; }
+
+_ASEOF
+}; then
+  break
+fi
+
+fi
+
+      done
+
+      if test "x$CONFIG_SHELL" != x; then
+  for as_var in BASH_ENV ENV
+	do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+	done
+	export CONFIG_SHELL
+	exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+fi
+
+
+    if test $as_have_required = no; then
+  echo This script requires a shell more modern than all the
+      echo shells that I found on your system.  Please install a
+      echo modern shell, or manually run the script under such a
+      echo shell if you do have one.
+      { (exit 1); exit 1; }
+fi
+
+
+fi
+
+fi
+
+
+
+(eval "as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0") || {
+  echo No shell found that supports shell functions.
+  echo Please tell bug-autoconf@gnu.org about your system,
+  echo including any error possibly output before this message.
+  echo This can help us improve future autoconf versions.
+  echo Configuration will now proceed without shell functions.
+}
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+
+exec 7<&0 </dev/null 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+# Identity of this package.
+PACKAGE_NAME='igmpproxy'
+PACKAGE_TARNAME='igmpproxy'
+PACKAGE_VERSION='0.1'
+PACKAGE_STRING='igmpproxy 0.1'
+PACKAGE_BUGREPORT=''
+
+ac_unique_file="src/igmpproxy.c"
+ac_subst_vars='am__EXEEXT_FALSE
+am__EXEEXT_TRUE
+LTLIBOBJS
+LIBOBJS
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+am__fastdepCC_FALSE
+am__fastdepCC_TRUE
+CCDEPMODE
+AMDEPBACKSLASH
+AMDEP_FALSE
+AMDEP_TRUE
+am__quote
+am__include
+DEPDIR
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+am__untar
+am__tar
+AMTAR
+am__leading_dot
+SET_MAKE
+AWK
+mkdir_p
+MKDIR_P
+INSTALL_STRIP_PROGRAM
+STRIP
+install_sh
+MAKEINFO
+AUTOHEADER
+AUTOMAKE
+AUTOCONF
+ACLOCAL
+VERSION
+PACKAGE
+CYGPATH_W
+am__isrc
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_dependency_tracking
+'
+      ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval $ac_prev=\$ac_option
+    ac_prev=
+    continue
+  fi
+
+  case $ac_option in
+  *=*)	ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *)	ac_optarg=yes ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
+    datadir=$ac_optarg ;;
+
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=no ;;
+
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
+  -enable-* | --enable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=\$ac_optarg ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst | --locals)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=\$ac_optarg ;;
+
+  -without-* | --without-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=no ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) { $as_echo "$as_me: error: unrecognized option: $ac_option
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; }
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid variable name: $ac_envvar" >&2
+   { (exit 1); exit 1; }; }
+    eval $ac_envvar=\$ac_optarg
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  { $as_echo "$as_me: error: missing argument to $ac_option" >&2
+   { (exit 1); exit 1; }; }
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+  case $enable_option_checking in
+    no) ;;
+    fatal) { $as_echo "$as_me: error: unrecognized options: $ac_unrecognized_opts" >&2
+   { (exit 1); exit 1; }; } ;;
+    *)     $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+  esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir
+do
+  eval ac_val=\$$ac_var
+  # Remove trailing slashes.
+  case $ac_val in
+    */ )
+      ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+      eval $ac_var=\$ac_val;;
+  esac
+  # Be sure to have absolute directory names.
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+  esac
+  { $as_echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+   { (exit 1); exit 1; }; }
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+    $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
+    If a cross compiler is detected then cross compile mode will be used." >&2
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  { $as_echo "$as_me: error: working directory cannot be determined" >&2
+   { (exit 1); exit 1; }; }
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  { $as_echo "$as_me: error: pwd does not report name of working directory" >&2
+   { (exit 1); exit 1; }; }
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_myself" : 'X\(//\)[^/]' \| \
+	 X"$as_myself" : 'X\(//\)$' \| \
+	 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r "$srcdir/$ac_unique_file"; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  { $as_echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
+   { (exit 1); exit 1; }; }
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || { $as_echo "$as_me: error: $ac_msg" >&2
+   { (exit 1); exit 1; }; }
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures igmpproxy 0.1 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR            user executables [EPREFIX/bin]
+  --sbindir=DIR           system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR        program executables [EPREFIX/libexec]
+  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --libdir=DIR            object code libraries [EPREFIX/lib]
+  --includedir=DIR        C header files [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR           info documentation [DATAROOTDIR/info]
+  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR            man documentation [DATAROOTDIR/man]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/igmpproxy]
+  --htmldir=DIR           html documentation [DOCDIR]
+  --dvidir=DIR            dvi documentation [DOCDIR]
+  --pdfdir=DIR            pdf documentation [DOCDIR]
+  --psdir=DIR             ps documentation [DOCDIR]
+_ACEOF
+
+  cat <<\_ACEOF
+
+Program names:
+  --program-prefix=PREFIX            prepend PREFIX to installed program names
+  --program-suffix=SUFFIX            append SUFFIX to installed program names
+  --program-transform-name=PROGRAM   run sed PROGRAM on installed program names
+
+System types:
+  --build=BUILD     configure for building on BUILD [guessed]
+  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of igmpproxy 0.1:";;
+   esac
+  cat <<\_ACEOF
+
+Optional Features:
+  --disable-option-checking  ignore unrecognized --enable/--with options
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors
+
+Some influential environment variables:
+  CC          C compiler command
+  CFLAGS      C compiler flags
+  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
+              nonstandard directory <lib dir>
+  LIBS        libraries to pass to the linker, e.g. -l<library>
+  CPPFLAGS    C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
+              you have headers in a nonstandard directory <include dir>
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" ||
+      { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+      continue
+    ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+  cat <<\_ACEOF
+igmpproxy configure 0.1
+generated by GNU Autoconf 2.63
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+  exit
+fi
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  $as_echo "PATH: $as_dir"
+done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *\'*)
+      ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
+    2)
+      ac_configure_args1="$ac_configure_args1 '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      ac_configure_args="$ac_configure_args '$ac_arg'"
+      ;;
+    esac
+  done
+done
+$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
+$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    cat <<\_ASBOX
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+_ASBOX
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) $as_unset $ac_var ;;
+      esac ;;
+    esac
+  done
+  (set) 2>&1 |
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      sed -n \
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
+    *)
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+)
+    echo
+
+    cat <<\_ASBOX
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+_ASBOX
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      $as_echo "$ac_var='\''$ac_val'\''"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      cat <<\_ASBOX
+## ------------------- ##
+## File substitutions. ##
+## ------------------- ##
+_ASBOX
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	$as_echo "$ac_var='\''$ac_val'\''"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      cat <<\_ASBOX
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+_ASBOX
+      echo
+      cat confdefs.h
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      $as_echo "$as_me: caught signal $ac_signal"
+    $as_echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+  ac_site_file1=$CONFIG_SITE
+elif test "x$prefix" != xNONE; then
+  ac_site_file1=$prefix/share/config.site
+  ac_site_file2=$prefix/etc/config.site
+else
+  ac_site_file1=$ac_default_prefix/share/config.site
+  ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+  test "x$ac_site_file" = xNONE && continue
+  if test -r "$ac_site_file"; then
+    { $as_echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file"
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special
+  # files actually), so we avoid doing that.
+  if test -f "$cache_file"; then
+    { $as_echo "$as_me:$LINENO: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . "$cache_file";;
+      *)                      . "./$cache_file";;
+    esac
+  fi
+else
+  { $as_echo "$as_me:$LINENO: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { $as_echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { $as_echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	# differences in whitespace do not lead to failure.
+	ac_old_val_w=`echo x $ac_old_val`
+	ac_new_val_w=`echo x $ac_new_val`
+	if test "$ac_old_val_w" != "$ac_new_val_w"; then
+	  { $as_echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	  ac_cache_corrupted=:
+	else
+	  { $as_echo "$as_me:$LINENO: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+	  eval $ac_var=\$ac_old_val
+	fi
+	{ $as_echo "$as_me:$LINENO:   former value:  \`$ac_old_val'" >&5
+$as_echo "$as_me:   former value:  \`$ac_old_val'" >&2;}
+	{ $as_echo "$as_me:$LINENO:   current value: \`$ac_new_val'" >&5
+$as_echo "$as_me:   current value: \`$ac_new_val'" >&2;}
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+  { $as_echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  { { $as_echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
+$as_echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+am__api_version='1.11'
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+  if test -f "$ac_dir/install-sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install-sh -c"
+    break
+  elif test -f "$ac_dir/install.sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install.sh -c"
+    break
+  elif test -f "$ac_dir/shtool"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/shtool install -c"
+    break
+  fi
+done
+if test -z "$ac_aux_dir"; then
+  { { $as_echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5
+$as_echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"  # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"  # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
+
+
+# Find a good install program.  We prefer a C program (faster),
+# so one script is as good as another.  But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if test "${ac_cv_path_install+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in
+  ./ | .// | /cC/* | \
+  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+  ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
+  /usr/ucb/* ) ;;
+  *)
+    # OSF1 and SCO ODT 3.0 have their own names for install.
+    # Don't use installbsd from OSF since it installs stuff as root
+    # by default.
+    for ac_prog in ginstall scoinst install; do
+      for ac_exec_ext in '' $ac_executable_extensions; do
+	if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+	  if test $ac_prog = install &&
+	    grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # AIX install.  It has an incompatible calling convention.
+	    :
+	  elif test $ac_prog = install &&
+	    grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # program-specific install script used by HP pwplus--don't use.
+	    :
+	  else
+	    rm -rf conftest.one conftest.two conftest.dir
+	    echo one > conftest.one
+	    echo two > conftest.two
+	    mkdir conftest.dir
+	    if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+	      test -s conftest.one && test -s conftest.two &&
+	      test -s conftest.dir/conftest.one &&
+	      test -s conftest.dir/conftest.two
+	    then
+	      ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+	      break 3
+	    fi
+	  fi
+	fi
+      done
+    done
+    ;;
+esac
+
+done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+  if test "${ac_cv_path_install+set}" = set; then
+    INSTALL=$ac_cv_path_install
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for INSTALL within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    INSTALL=$ac_install_sh
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ $as_echo "$as_me:$LINENO: checking whether build environment is sane" >&5
+$as_echo_n "checking whether build environment is sane... " >&6; }
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[\\\"\#\$\&\'\`$am_lf]*)
+    { { $as_echo "$as_me:$LINENO: error: unsafe absolute working directory name" >&5
+$as_echo "$as_me: error: unsafe absolute working directory name" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+case $srcdir in
+  *[\\\"\#\$\&\'\`$am_lf\ \	]*)
+    { { $as_echo "$as_me:$LINENO: error: unsafe srcdir value: \`$srcdir'" >&5
+$as_echo "$as_me: error: unsafe srcdir value: \`$srcdir'" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+   if test "$*" = "X"; then
+      # -L didn't work.
+      set X `ls -t "$srcdir/configure" conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$*" != "X $srcdir/configure conftest.file" \
+      && test "$*" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      { { $as_echo "$as_me:$LINENO: error: ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" >&5
+$as_echo "$as_me: error: ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" >&2;}
+   { (exit 1); exit 1; }; }
+   fi
+
+   test "$2" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   { { $as_echo "$as_me:$LINENO: error: newly created file is older than distributed files!
+Check your system clock" >&5
+$as_echo "$as_me: error: newly created file is older than distributed files!
+Check your system clock" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+{ $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+test "$program_prefix" != NONE &&
+  program_transform_name="s&^&$program_prefix&;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+  program_transform_name="s&\$&$program_suffix&;$program_transform_name"
+# Double any \ or $.
+# By default was `s,x,x', remove it if useless.
+ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  { $as_echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5
+$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+if test x"${install_sh}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+  if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$STRIP"; then
+  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+  { $as_echo "$as_me:$LINENO: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+  ac_ct_STRIP=$STRIP
+  # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_STRIP"; then
+  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_STRIP="strip"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_STRIP" = x; then
+    STRIP=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    STRIP=$ac_ct_STRIP
+  fi
+else
+  STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+
+{ $as_echo "$as_me:$LINENO: checking for a thread-safe mkdir -p" >&5
+$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+if test -z "$MKDIR_P"; then
+  if test "${ac_cv_path_mkdir+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_prog in mkdir gmkdir; do
+	 for ac_exec_ext in '' $ac_executable_extensions; do
+	   { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
+	   case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
+	     'mkdir (GNU coreutils) '* | \
+	     'mkdir (coreutils) '* | \
+	     'mkdir (fileutils) '4.1*)
+	       ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+	       break 3;;
+	   esac
+	 done
+       done
+done
+IFS=$as_save_IFS
+
+fi
+
+  if test "${ac_cv_path_mkdir+set}" = set; then
+    MKDIR_P="$ac_cv_path_mkdir -p"
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for MKDIR_P within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    test -d ./--version && rmdir ./--version
+    MKDIR_P="$ac_install_sh -d"
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: $MKDIR_P" >&5
+$as_echo "$MKDIR_P" >&6; }
+
+mkdir_p="$MKDIR_P"
+case $mkdir_p in
+  [\\/$]* | ?:[\\/]*) ;;
+  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+
+for ac_prog in gawk mawk nawk awk
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AWK+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$AWK"; then
+  ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_AWK="$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+  { $as_echo "$as_me:$LINENO: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$AWK" && break
+done
+
+{ $as_echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+	@echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+  *@@@%%%=?*=@@@%%%*)
+    eval ac_cv_prog_make_${ac_make}_set=yes;;
+  *)
+    eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+  { $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+  SET_MAKE=
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+  SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  am__isrc=' -I$(srcdir)'
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    { { $as_echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5
+$as_echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE='igmpproxy'
+ VERSION='0.1'
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+# Always define AMTAR for backward compatibility.
+
+AMTAR=${AMTAR-"${am_missing_run}tar"}
+
+am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+
+
+
+
+
+
+ac_config_headers="$ac_config_headers config.h"
+
+DEPDIR="${am__leading_dot}deps"
+
+ac_config_commands="$ac_config_commands depfiles"
+
+
+am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+{ $as_echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5
+$as_echo_n "checking for style of include used by $am_make... " >&6; }
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+
+
+{ $as_echo "$as_me:$LINENO: result: $_am_result" >&5
+$as_echo "$_am_result" >&6; }
+rm -f confinc confmf
+
+# Check whether --enable-dependency-tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then
+  enableval=$enable_dependency_tracking;
+fi
+
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+ if test "x$enable_dependency_tracking" != xno; then
+  AMDEP_TRUE=
+  AMDEP_FALSE='#'
+else
+  AMDEP_TRUE='#'
+  AMDEP_FALSE=
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}gcc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="gcc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+          if test -n "$ac_tool_prefix"; then
+    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}cc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  fi
+fi
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+       ac_prog_rejected=yes
+       continue
+     fi
+    ac_cv_prog_CC="cc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# != 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+  fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in cl.exe
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$CC" && break
+  done
+fi
+if test -z "$CC"; then
+  ac_ct_CC=$CC
+  for ac_prog in cl.exe
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CC" && break
+done
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:$LINENO: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+{ (ac_try="$ac_compiler --version >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler --version >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (ac_try="$ac_compiler -v >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler -v >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (ac_try="$ac_compiler -V >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler -V >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+  esac
+done
+rm -f $ac_rmfiles
+
+if { (ac_try="$ac_link_default"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link_default") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile.  We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+	;;
+    [ab].out )
+	# We found the default executable, but exeext='' is most
+	# certainly right.
+	break;;
+    *.* )
+        if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+	then :; else
+	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	fi
+	# We set ac_cv_exeext here because the later test for it is not
+	# safe: cross compilers may not add the suffix if given an `-o'
+	# argument, so we may need to know it at that point already.
+	# Even if this section looks crufty: it has the advantage of
+	# actually working.
+	break;;
+    * )
+	break;;
+  esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+  ac_file=''
+fi
+
+{ $as_echo "$as_me:$LINENO: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+if test -z "$ac_file"; then
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: C compiler cannot create executables
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: C compiler cannot create executables
+See \`config.log' for more details." >&2;}
+   { (exit 77); exit 77; }; }; }
+fi
+
+ac_exeext=$ac_cv_exeext
+
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:$LINENO: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
+# If not cross compiling, check that we can run a simple program.
+if test "$cross_compiling" != yes; then
+  if { ac_try='./$ac_file'
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+    cross_compiling=no
+  else
+    if test "$cross_compiling" = maybe; then
+	cross_compiling=yes
+    else
+	{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+    fi
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+{ $as_echo "$as_me:$LINENO: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+{ $as_echo "$as_me:$LINENO: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	  break;;
+    * ) break;;
+  esac
+done
+else
+  { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+fi
+
+rm -f conftest$ac_cv_exeext
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+{ $as_echo "$as_me:$LINENO: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if test "${ac_cv_objext+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  for ac_file in conftest.o conftest.obj conftest.*; do
+  test -f "$ac_file" || continue;
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+       break;;
+  esac
+done
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+fi
+
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if test "${ac_cv_c_compiler_gnu+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_compiler_gnu=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_compiler_gnu=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+  GCC=yes
+else
+  GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if test "${ac_cv_prog_cc_g+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_save_c_werror_flag=$ac_c_werror_flag
+   ac_c_werror_flag=yes
+   ac_cv_prog_cc_g=no
+   CFLAGS="-g"
+   cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	CFLAGS=""
+      cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  :
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_c_werror_flag=$ac_save_c_werror_flag
+	 CFLAGS="-g"
+	 cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+     char **p;
+     int i;
+{
+  return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+  char *s;
+  va_list v;
+  va_start (v,p);
+  s = g (p, va_arg (v,int));
+  va_end (v);
+  return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
+   function prototypes and stuff, but not '\xHH' hex character constants.
+   These don't provoke an error unfortunately, instead are silently treated
+   as 'x'.  The following induces an error, until -std is added to get
+   proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
+   array size at least.  It's necessary to write '\x00'==0 to get something
+   that's true only with -std.  */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+   inside strings and character constants.  */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+	-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+  CC="$ac_save_CC $ac_arg"
+  rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_c89=$ac_arg
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+  x)
+    { $as_echo "$as_me:$LINENO: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:$LINENO: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c89"
+    { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CC"   am_compiler_list=
+
+{ $as_echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_CC_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+  fi
+  am__universal=false
+  case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_CC_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+ if
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+  am__fastdepCC_TRUE=
+  am__fastdepCC_FALSE='#'
+else
+  am__fastdepCC_TRUE='#'
+  am__fastdepCC_FALSE=
+fi
+
+
+   { $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C99" >&5
+$as_echo_n "checking for $CC option to accept ISO C99... " >&6; }
+if test "${ac_cv_prog_cc_c99+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c99=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <wchar.h>
+#include <stdio.h>
+
+// Check varargs macros.  These examples are taken from C99 6.10.3.5.
+#define debug(...) fprintf (stderr, __VA_ARGS__)
+#define showlist(...) puts (#__VA_ARGS__)
+#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+static void
+test_varargs_macros (void)
+{
+  int x = 1234;
+  int y = 5678;
+  debug ("Flag");
+  debug ("X = %d\n", x);
+  showlist (The first, second, and third items.);
+  report (x>y, "x is %d but y is %d", x, y);
+}
+
+// Check long long types.
+#define BIG64 18446744073709551615ull
+#define BIG32 4294967295ul
+#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+#if !BIG_OK
+  your preprocessor is broken;
+#endif
+#if BIG_OK
+#else
+  your preprocessor is broken;
+#endif
+static long long int bignum = -9223372036854775807LL;
+static unsigned long long int ubignum = BIG64;
+
+struct incomplete_array
+{
+  int datasize;
+  double data[];
+};
+
+struct named_init {
+  int number;
+  const wchar_t *name;
+  double average;
+};
+
+typedef const char *ccp;
+
+static inline int
+test_restrict (ccp restrict text)
+{
+  // See if C++-style comments work.
+  // Iterate through items via the restricted pointer.
+  // Also check for declarations in for loops.
+  for (unsigned int i = 0; *(text+i) != '\0'; ++i)
+    continue;
+  return 0;
+}
+
+// Check varargs and va_copy.
+static void
+test_varargs (const char *format, ...)
+{
+  va_list args;
+  va_start (args, format);
+  va_list args_copy;
+  va_copy (args_copy, args);
+
+  const char *str;
+  int number;
+  float fnumber;
+
+  while (*format)
+    {
+      switch (*format++)
+	{
+	case 's': // string
+	  str = va_arg (args_copy, const char *);
+	  break;
+	case 'd': // int
+	  number = va_arg (args_copy, int);
+	  break;
+	case 'f': // float
+	  fnumber = va_arg (args_copy, double);
+	  break;
+	default:
+	  break;
+	}
+    }
+  va_end (args_copy);
+  va_end (args);
+}
+
+int
+main ()
+{
+
+  // Check bool.
+  _Bool success = false;
+
+  // Check restrict.
+  if (test_restrict ("String literal") == 0)
+    success = true;
+  char *restrict newvar = "Another string";
+
+  // Check varargs.
+  test_varargs ("s, d' f .", "string", 65, 34.234);
+  test_varargs_macros ();
+
+  // Check flexible array members.
+  struct incomplete_array *ia =
+    malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+  ia->datasize = 10;
+  for (int i = 0; i < ia->datasize; ++i)
+    ia->data[i] = i * 1.234;
+
+  // Check named initializers.
+  struct named_init ni = {
+    .number = 34,
+    .name = L"Test wide string",
+    .average = 543.34343,
+  };
+
+  ni.number = 58;
+
+  int dynamic_array[ni.number];
+  dynamic_array[ni.number - 1] = 543;
+
+  // work around unused variable warnings
+  return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
+	  || dynamic_array[ni.number - 1] != 543);
+
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -xc99=all -qlanglvl=extc99
+do
+  CC="$ac_save_CC $ac_arg"
+  rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_c99=$ac_arg
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c99" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c99" in
+  x)
+    { $as_echo "$as_me:$LINENO: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:$LINENO: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c99"
+    { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c99" >&5
+$as_echo "$ac_cv_prog_cc_c99" >&6; } ;;
+esac
+
+
+
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+  { { $as_echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5
+$as_echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;}
+   { (exit 1); exit 1; }; }
+
+{ $as_echo "$as_me:$LINENO: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if test "${ac_cv_build+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+  ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+  { { $as_echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
+$as_echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
+   { (exit 1); exit 1; }; }
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+  { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5
+$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical build" >&5
+$as_echo "$as_me: error: invalid value of canonical build" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:$LINENO: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if test "${ac_cv_host+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test "x$host_alias" = x; then
+  ac_cv_host=$ac_cv_build
+else
+  ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+    { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5
+$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical host" >&5
+$as_echo "$as_me: error: invalid value of canonical host" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+case $host_os in
+	linux*) os=linux;;
+	freebsd*) os=freebsd;;
+	netbsd*) os=netbsd;;
+	openbsd*) os=openbsd;;
+	dragonfly*) os=dragonfly;;
+	*) { { $as_echo "$as_me:$LINENO: error: OS $host_os is not supported" >&5
+$as_echo "$as_me: error: OS $host_os is not supported" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+ac_config_links="$ac_config_links src/os.h:src/os-${os}.h"
+
+
+
+{ $as_echo "$as_me:$LINENO: checking for struct sockaddr.sa_len" >&5
+$as_echo_n "checking for struct sockaddr.sa_len... " >&6; }
+if test "${ac_cv_member_struct_sockaddr_sa_len+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+
+int
+main ()
+{
+static struct sockaddr ac_aggr;
+if (ac_aggr.sa_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_sa_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+
+int
+main ()
+{
+static struct sockaddr ac_aggr;
+if (sizeof ac_aggr.sa_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_sa_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_member_struct_sockaddr_sa_len=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_sa_len" >&5
+$as_echo "$ac_cv_member_struct_sockaddr_sa_len" >&6; }
+if test "x$ac_cv_member_struct_sockaddr_sa_len" = x""yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_SA_LEN 1
+_ACEOF
+
+
+fi
+
+{ $as_echo "$as_me:$LINENO: checking for struct sockaddr_in.sin_len" >&5
+$as_echo_n "checking for struct sockaddr_in.sin_len... " >&6; }
+if test "${ac_cv_member_struct_sockaddr_in_sin_len+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+
+int
+main ()
+{
+static struct sockaddr_in ac_aggr;
+if (ac_aggr.sin_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_in_sin_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+
+int
+main ()
+{
+static struct sockaddr_in ac_aggr;
+if (sizeof ac_aggr.sin_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_in_sin_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_member_struct_sockaddr_in_sin_len=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_in_sin_len" >&5
+$as_echo "$ac_cv_member_struct_sockaddr_in_sin_len" >&6; }
+if test "x$ac_cv_member_struct_sockaddr_in_sin_len" = x""yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_IN_SIN_LEN 1
+_ACEOF
+
+
+fi
+
+
+ac_config_files="$ac_config_files Makefile doc/Makefile src/Makefile doc/igmpproxy.8 doc/igmpproxy.conf.5"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+  for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) $as_unset $ac_var ;;
+      esac ;;
+    esac
+  done
+
+  (set) 2>&1 |
+    case $as_nl`(ac_space=' '; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      # `set' does not quote correctly, so add quotes (double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \).
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;; #(
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+) |
+  sed '
+     /^ac_cv_env_/b end
+     t clear
+     :clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+     t end
+     s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+  if test -w "$cache_file"; then
+    test "x$cache_file" != "x/dev/null" &&
+      { $as_echo "$as_me:$LINENO: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+    cat confcache >$cache_file
+  else
+    { $as_echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+  ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
+  #    will be set to the directory where LIBOBJS objects are built.
+  ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+  ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+ if test -n "$EXEEXT"; then
+  am__EXEEXT_TRUE=
+  am__EXEEXT_FALSE='#'
+else
+  am__EXEEXT_TRUE='#'
+  am__EXEEXT_FALSE=
+fi
+
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+  { { $as_echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+$as_echo "$as_me: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+  { { $as_echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+$as_echo "$as_me: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+: ${CONFIG_STATUS=./config.status}
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+cat >$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=\${CONFIG_SHELL-$SHELL}
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+
+# Save the log message, to keep $[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+config_links="$ac_config_links"
+config_commands="$ac_config_commands"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTION]... [FILE]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration links:
+$config_links
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-autoconf@gnu.org>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_version="\\
+igmpproxy config.status 0.1
+configured by $0, generated by GNU Autoconf 2.63,
+  with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+MKDIR_P='$MKDIR_P'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_FILES="$CONFIG_FILES '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_HEADERS="$CONFIG_HEADERS '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    { $as_echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; };;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) { $as_echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; } ;;
+
+  *) ac_config_targets="$ac_config_targets $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+  set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+  shift
+  \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+  CONFIG_SHELL='$SHELL'
+  export CONFIG_SHELL
+  exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+    "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+    "src/os.h") CONFIG_LINKS="$CONFIG_LINKS src/os.h:src/os-${os}.h" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+    "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+    "doc/igmpproxy.8") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.8" ;;
+    "doc/igmpproxy.conf.5") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.conf.5" ;;
+
+  *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_LINKS+set}" = set || CONFIG_LINKS=$config_links
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp=
+  trap 'exit_status=$?
+  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+  trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} ||
+{
+   $as_echo "$as_me: cannot create a temporary directory in ." >&2
+   { (exit 1); exit 1; }
+}
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr='
'
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+  echo "cat >conf$$subs.awk <<_ACEOF" &&
+  echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+  echo "_ACEOF"
+} >conf$$subs.sh ||
+  { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  . ./conf$$subs.sh ||
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+
+  ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+  if test $ac_delim_n = $ac_delim_num; then
+    break
+  elif $ac_last_try; then
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\).*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\).*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+  N
+  s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+  || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5
+$as_echo "$as_me: error: could not setup config files machinery" >&2;}
+   { (exit 1); exit 1; }; }
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove $(srcdir),
+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[	 ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[	 ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+  ac_t=`sed -n "/$ac_delim/p" confdefs.h`
+  if test -z "$ac_t"; then
+    break
+  elif $ac_last_try; then
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_HEADERS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_HEADERS" >&2;}
+   { (exit 1); exit 1; }; }
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any.  Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[	 ]*#[	 ]*define[	 ][	 ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+  line = \$ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+  { { $as_echo "$as_me:$LINENO: error: could not setup config headers machinery" >&5
+$as_echo "$as_me: error: could not setup config headers machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS  :L $CONFIG_LINKS  :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: invalid tag $ac_tag" >&5
+$as_echo "$as_me: error: invalid tag $ac_tag" >&2;}
+   { (exit 1); exit 1; }; };;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
+$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;}
+   { (exit 1); exit 1; }; };;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      ac_file_inputs="$ac_file_inputs '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:$LINENO: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$tmp/stdin" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; } ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  { as_dir="$ac_dir"
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+  ac_MKDIR_P=$MKDIR_P
+  case $MKDIR_P in
+  [\\/$]* | ?:[\\/]* ) ;;
+  */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+  esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p
+'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  ac_datarootdir_hack='
+  s&@datadir@&$datadir&g
+  s&@docdir@&$docdir&g
+  s&@infodir@&$infodir&g
+  s&@localedir@&$localedir&g
+  s&@mandir@&$mandir&g
+    s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&2;}
+
+  rm -f "$tmp/stdin"
+  case $ac_file in
+  -) cat "$tmp/out" && rm -f "$tmp/out";;
+  *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+  esac \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+    } >"$tmp/config.h" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$tmp/config.h" "$ac_file" \
+	|| { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create -" >&5
+$as_echo "$as_me: error: could not create -" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$_am_arg" : 'X\(//\)[^/]' \| \
+	 X"$_am_arg" : 'X\(//\)$' \| \
+	 X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+  :L)
+  #
+  # CONFIG_LINK
+  #
+
+  if test "$ac_source" = "$ac_file" && test "$srcdir" = '.'; then
+    :
+  else
+    # Prefer the file from the source tree if names are identical.
+    if test "$ac_source" = "$ac_file" || test ! -r "$ac_source"; then
+      ac_source=$srcdir/$ac_source
+    fi
+
+    { $as_echo "$as_me:$LINENO: linking $ac_source to $ac_file" >&5
+$as_echo "$as_me: linking $ac_source to $ac_file" >&6;}
+
+    if test ! -r "$ac_source"; then
+      { { $as_echo "$as_me:$LINENO: error: $ac_source: file not found" >&5
+$as_echo "$as_me: error: $ac_source: file not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    rm -f "$ac_file"
+
+    # Try a relative symlink, then a hard link, then a copy.
+    case $srcdir in
+    [\\/$]* | ?:[\\/]* ) ac_rel_source=$ac_source ;;
+	*) ac_rel_source=$ac_top_build_prefix$ac_source ;;
+    esac
+    ln -s "$ac_rel_source" "$ac_file" 2>/dev/null ||
+      ln "$ac_source" "$ac_file" 2>/dev/null ||
+      cp -p "$ac_source" "$ac_file" ||
+      { { $as_echo "$as_me:$LINENO: error: cannot link or copy $ac_source to $ac_file" >&5
+$as_echo "$as_me: error: cannot link or copy $ac_source to $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+ ;;
+  :C)  { $as_echo "$as_me:$LINENO: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
+
+
+  case $ac_file$ac_mode in
+    "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$mf" : 'X\(//\)[^/]' \| \
+	 X"$mf" : 'X\(//\)$' \| \
+	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$file" : 'X\(//\)[^/]' \| \
+	 X"$file" : 'X\(//\)$' \| \
+	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      { as_dir=$dirpart/$fdir
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+ ;;
+
+  esac
+done # for ac_tag
+
+
+{ (exit 0); exit 0; }
+_ACEOF
+chmod +x $CONFIG_STATUS
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+  { { $as_echo "$as_me:$LINENO: error: write failure creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: write failure creating $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || { (exit 1); exit 1; }
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+  { $as_echo "$as_me:$LINENO: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/configure.ac b/ANW-URB/src/igmpproxy/igmpproxy-0.1/configure.ac
new file mode 100644
index 0000000..85beb08
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/configure.ac
@@ -0,0 +1,35 @@
+AC_PREREQ([2.63])
+AC_INIT([igmpproxy], [0.1])
+AM_INIT_AUTOMAKE
+AC_CONFIG_SRCDIR([src/igmpproxy.c])
+AC_CONFIG_HEADERS([config.h])
+AC_PROG_CC_C99
+
+AC_CANONICAL_HOST
+case $host_os in
+	linux*) os=linux;;
+	freebsd*) os=freebsd;;
+	netbsd*) os=netbsd;;
+	openbsd*) os=openbsd;;
+	dragonfly*) os=dragonfly;;
+	*) AC_MSG_ERROR([OS $host_os is not supported]);;
+esac
+AC_CONFIG_LINKS([src/os.h:src/os-${os}.h])
+
+AC_CHECK_MEMBERS([struct sockaddr.sa_len], [], [], [[
+#include <sys/types.h>
+#include <sys/socket.h>
+]])
+AC_CHECK_MEMBERS([struct sockaddr_in.sin_len], [], [], [[
+#include <sys/types.h>
+#include <netinet/in.h>
+]])
+
+AC_CONFIG_FILES([
+	Makefile
+	doc/Makefile
+	src/Makefile
+	doc/igmpproxy.8
+	doc/igmpproxy.conf.5
+])
+AC_OUTPUT
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/depcomp b/ANW-URB/src/igmpproxy/igmpproxy-0.1/depcomp
new file mode 100755
index 0000000..df8eea7
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/depcomp
@@ -0,0 +1,630 @@
+#! /bin/sh
+# depcomp - compile a program generating dependencies as side-effects
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free
+# Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
+
+case $1 in
+  '')
+     echo "$0: No command.  Try \`$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: depcomp [--help] [--version] PROGRAM [ARGS]
+
+Run PROGRAMS ARGS to compile a file, generating dependencies
+as side-effects.
+
+Environment variables:
+  depmode     Dependency tracking mode.
+  source      Source file read by `PROGRAMS ARGS'.
+  object      Object file output by `PROGRAMS ARGS'.
+  DEPDIR      directory where to store dependencies.
+  depfile     Dependency file to output.
+  tmpdepfile  Temporary file to use when outputing dependencies.
+  libtool     Whether libtool is used (yes/no).
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "depcomp $scriptversion"
+    exit $?
+    ;;
+esac
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+  echo "depcomp: Variables source, object and depmode must be set" 1>&2
+  exit 1
+fi
+
+# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
+depfile=${depfile-`echo "$object" |
+  sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Some modes work just like other modes, but use different flags.  We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write.  Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+  # HP compiler uses -M and no extra arg.
+  gccflag=-M
+  depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+   # This is just like dashmstdout with a different argument.
+   dashmflag=-xM
+   depmode=dashmstdout
+fi
+
+cygpath_u="cygpath -u -f -"
+if test "$depmode" = msvcmsys; then
+   # This is just like msvisualcpp but w/o cygpath translation.
+   # Just convert the backslash-escaped backslashes to single forward
+   # slashes to satisfy depend.m4
+   cygpath_u="sed s,\\\\\\\\,/,g"
+   depmode=msvisualcpp
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want.  Yay!  Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff.  Hmm.
+## Unfortunately, FreeBSD c89 acceptance of flags depends upon
+## the command line argument order; so add the flags where they
+## appear in depend2.am.  Note that the slowdown incurred here
+## affects only configure: in makefiles, %FASTDEP% shortcuts this.
+  for arg
+  do
+    case $arg in
+    -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
+    *)  set fnord "$@" "$arg" ;;
+    esac
+    shift # fnord
+    shift # $arg
+  done
+  "$@"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  mv "$tmpdepfile" "$depfile"
+  ;;
+
+gcc)
+## There are various ways to get dependency output from gcc.  Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+##   up in a subdir.  Having to rename by hand is ugly.
+##   (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+##   -MM, not -M (despite what the docs say).
+## - Using -M directly means running the compiler twice (even worse
+##   than renaming).
+  if test -z "$gccflag"; then
+    gccflag=-MD,
+  fi
+  "$@" -Wp,"$gccflag$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+## The second -e expression handles DOS-style file names with drive letters.
+  sed -e 's/^[^:]*: / /' \
+      -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the `deleted header file' problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header).  We avoid this by adding
+## dummy dependencies for each header file.  Too bad gcc doesn't do
+## this for us directly.
+  tr ' ' '
+' < "$tmpdepfile" |
+## Some versions of gcc put a space before the `:'.  On the theory
+## that the space means something, we add a space to the output as
+## well.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+sgi)
+  if test "$libtool" = yes; then
+    "$@" "-Wp,-MDupdate,$tmpdepfile"
+  else
+    "$@" -MDupdate "$tmpdepfile"
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+
+  if test -f "$tmpdepfile"; then  # yes, the sourcefile depend on other files
+    echo "$object : \\" > "$depfile"
+
+    # Clip off the initial element (the dependent).  Don't try to be
+    # clever and replace this with sed code, as IRIX sed won't handle
+    # lines with more than a fixed number of characters (4096 in
+    # IRIX 6.2 sed, 8192 in IRIX 6.5).  We also remove comment lines;
+    # the IRIX cc adds comments like `#:fec' to the end of the
+    # dependency line.
+    tr ' ' '
+' < "$tmpdepfile" \
+    | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
+    tr '
+' ' ' >> "$depfile"
+    echo >> "$depfile"
+
+    # The second pass generates a dummy entry for each header file.
+    tr ' ' '
+' < "$tmpdepfile" \
+   | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+   >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+aix)
+  # The C for AIX Compiler uses -M and outputs the dependencies
+  # in a .u file.  In older versions, this file always lives in the
+  # current directory.  Also, the AIX compiler puts `$object:' at the
+  # start of each line; $object doesn't have directory information.
+  # Version 6 uses the directory in both cases.
+  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+  test "x$dir" = "x$object" && dir=
+  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$base.u
+    tmpdepfile3=$dir.libs/$base.u
+    "$@" -Wc,-M
+  else
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$dir$base.u
+    tmpdepfile3=$dir$base.u
+    "$@" -M
+  fi
+  stat=$?
+
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+    exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  if test -f "$tmpdepfile"; then
+    # Each line is of the form `foo.o: dependent.h'.
+    # Do two passes, one to just change these to
+    # `$object: dependent.h' and one to simply `dependent.h:'.
+    sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+    # That's a tab and a space in the [].
+    sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+icc)
+  # Intel's C compiler understands `-MD -MF file'.  However on
+  #    icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+  # ICC 7.0 will fill foo.d with something like
+  #    foo.o: sub/foo.c
+  #    foo.o: sub/foo.h
+  # which is wrong.  We want:
+  #    sub/foo.o: sub/foo.c
+  #    sub/foo.o: sub/foo.h
+  #    sub/foo.c:
+  #    sub/foo.h:
+  # ICC 7.1 will output
+  #    foo.o: sub/foo.c sub/foo.h
+  # and will wrap long lines using \ :
+  #    foo.o: sub/foo.c ... \
+  #     sub/foo.h ... \
+  #     ...
+
+  "$@" -MD -MF "$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  # Each line is of the form `foo.o: dependent.h',
+  # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+  # Do two passes, one to just change these to
+  # `$object: dependent.h' and one to simply `dependent.h:'.
+  sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process this invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
+    sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp2)
+  # The "hp" stanza above does not work with aCC (C++) and HP's ia64
+  # compilers, which have integrated preprocessors.  The correct option
+  # to use with these is +Maked; it writes dependencies to a file named
+  # 'foo.d', which lands next to the object file, wherever that
+  # happens to be.
+  # Much of this is similar to the tru64 case; see comments there.
+  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+  test "x$dir" = "x$object" && dir=
+  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir.libs/$base.d
+    "$@" -Wc,+Maked
+  else
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir$base.d
+    "$@" +Maked
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+     rm -f "$tmpdepfile1" "$tmpdepfile2"
+     exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  if test -f "$tmpdepfile"; then
+    sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
+    # Add `dependent.h:' lines.
+    sed -ne '2,${
+	       s/^ *//
+	       s/ \\*$//
+	       s/$/:/
+	       p
+	     }' "$tmpdepfile" >> "$depfile"
+  else
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile" "$tmpdepfile2"
+  ;;
+
+tru64)
+   # The Tru64 compiler uses -MD to generate dependencies as a side
+   # effect.  `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+   # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+   # dependencies in `foo.d' instead, so we check for that too.
+   # Subdirectories are respected.
+   dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+   test "x$dir" = "x$object" && dir=
+   base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+
+   if test "$libtool" = yes; then
+      # With Tru64 cc, shared objects can also be used to make a
+      # static library.  This mechanism is used in libtool 1.4 series to
+      # handle both shared and static libraries in a single compilation.
+      # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
+      #
+      # With libtool 1.5 this exception was removed, and libtool now
+      # generates 2 separate objects for the 2 libraries.  These two
+      # compilations output dependencies in $dir.libs/$base.o.d and
+      # in $dir$base.o.d.  We have to check for both files, because
+      # one of the two compilations can be disabled.  We should prefer
+      # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
+      # automatically cleaned when .libs/ is deleted, while ignoring
+      # the former would cause a distcleancheck panic.
+      tmpdepfile1=$dir.libs/$base.lo.d   # libtool 1.4
+      tmpdepfile2=$dir$base.o.d          # libtool 1.5
+      tmpdepfile3=$dir.libs/$base.o.d    # libtool 1.5
+      tmpdepfile4=$dir.libs/$base.d      # Compaq CCC V6.2-504
+      "$@" -Wc,-MD
+   else
+      tmpdepfile1=$dir$base.o.d
+      tmpdepfile2=$dir$base.d
+      tmpdepfile3=$dir$base.d
+      tmpdepfile4=$dir$base.d
+      "$@" -MD
+   fi
+
+   stat=$?
+   if test $stat -eq 0; then :
+   else
+      rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+      exit $stat
+   fi
+
+   for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+   do
+     test -f "$tmpdepfile" && break
+   done
+   if test -f "$tmpdepfile"; then
+      sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+      # That's a tab and a space in the [].
+      sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+   else
+      echo "#dummy" > "$depfile"
+   fi
+   rm -f "$tmpdepfile"
+   ;;
+
+#nosideeffect)
+  # This comment above is used by automake to tell side-effect
+  # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout, regardless of -o.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  test -z "$dashmflag" && dashmflag=-M
+  # Require at least two characters before searching for `:'
+  # in the target name.  This is to cope with DOS-style filenames:
+  # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+  "$@" $dashmflag |
+    sed 's:^[  ]*[^: ][^:][^:]*\:[    ]*:'"$object"'\: :' > "$tmpdepfile"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  tr ' ' '
+' < "$tmpdepfile" | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+dashXmstdout)
+  # This case only exists to satisfy depend.m4.  It is never actually
+  # run, as this mode is specially recognized in the preamble.
+  exit 1
+  ;;
+
+makedepend)
+  "$@" || exit $?
+  # Remove any Libtool call
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+  # X makedepend
+  shift
+  cleared=no eat=no
+  for arg
+  do
+    case $cleared in
+    no)
+      set ""; shift
+      cleared=yes ;;
+    esac
+    if test $eat = yes; then
+      eat=no
+      continue
+    fi
+    case "$arg" in
+    -D*|-I*)
+      set fnord "$@" "$arg"; shift ;;
+    # Strip any option that makedepend may not understand.  Remove
+    # the object too, otherwise makedepend will parse it as a source file.
+    -arch)
+      eat=yes ;;
+    -*|$object)
+      ;;
+    *)
+      set fnord "$@" "$arg"; shift ;;
+    esac
+  done
+  obj_suffix=`echo "$object" | sed 's/^.*\././'`
+  touch "$tmpdepfile"
+  ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  sed '1,2d' "$tmpdepfile" | tr ' ' '
+' | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile" "$tmpdepfile".bak
+  ;;
+
+cpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  "$@" -E |
+    sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+       -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
+    sed '$ s: \\$::' > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  cat < "$tmpdepfile" >> "$depfile"
+  sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvisualcpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  IFS=" "
+  for arg
+  do
+    case "$arg" in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+	set fnord "$@"
+	shift
+	shift
+	;;
+    *)
+	set fnord "$@" "$arg"
+	shift
+	shift
+	;;
+    esac
+  done
+  "$@" -E 2>/dev/null |
+  sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::	\1 \\:p' >> "$depfile"
+  echo "	" >> "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvcmsys)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+none)
+  exec "$@"
+  ;;
+
+*)
+  echo "Unknown depmode $depmode" 1>&2
+  exit 1
+  ;;
+esac
+
+exit 0
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/Makefile b/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/Makefile
new file mode 100644
index 0000000..27b6736
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/Makefile
@@ -0,0 +1,447 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# doc/Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = i586-pc-linux-gnu
+host_triplet = i586-pc-linux-gnu
+subdir = doc
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/igmpproxy.8.in $(srcdir)/igmpproxy.conf.5.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = igmpproxy.8 igmpproxy.conf.5
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+man5dir = $(mandir)/man5
+am__installdirs = "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy-0.1/doc
+abs_srcdir = /usr/local/src/igmpproxy-0.1/doc
+abs_top_builddir = /usr/local/src/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = i586-pc-linux-gnu
+build_alias = 
+build_cpu = i586
+build_os = linux-gnu
+build_vendor = pc
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = i586-pc-linux-gnu
+host_alias = 
+host_cpu = i586
+host_os = linux-gnu
+host_vendor = pc
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = ../
+top_builddir = ..
+top_srcdir = ..
+man_MANS = igmpproxy.8 igmpproxy.conf.5
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu doc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+igmpproxy.8: $(top_builddir)/config.status $(srcdir)/igmpproxy.8.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+igmpproxy.conf.5: $(top_builddir)/config.status $(srcdir)/igmpproxy.conf.5.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-man5: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man5:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
+install-man8: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+	@list='$(MANS)'; if test -n "$$list"; then \
+	  list=`for p in $$list; do \
+	    if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	    if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+	  if test -n "$$list" && \
+	    grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+	    echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+	    grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/         /' >&2; \
+	    echo "       to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+	    echo "       typically \`make maintainer-clean' will remove them" >&2; \
+	    exit 1; \
+	  else :; fi; \
+	else :; fi
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(MANS)
+installdirs:
+	for dir in "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic distclean \
+	distclean-generic distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
+	pdf-am ps ps-am uninstall uninstall-am uninstall-man \
+	uninstall-man5 uninstall-man8
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am b/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am
new file mode 100644
index 0000000..1d4eb13
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am
@@ -0,0 +1 @@
+man_MANS = igmpproxy.8 igmpproxy.conf.5
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in b/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in
new file mode 100644
index 0000000..8a0c300
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in
@@ -0,0 +1,447 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = doc
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/igmpproxy.8.in $(srcdir)/igmpproxy.conf.5.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = igmpproxy.8 igmpproxy.conf.5
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+man5dir = $(mandir)/man5
+am__installdirs = "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+man_MANS = igmpproxy.8 igmpproxy.conf.5
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu doc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+igmpproxy.8: $(top_builddir)/config.status $(srcdir)/igmpproxy.8.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+igmpproxy.conf.5: $(top_builddir)/config.status $(srcdir)/igmpproxy.conf.5.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-man5: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man5:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
+install-man8: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+	@list='$(MANS)'; if test -n "$$list"; then \
+	  list=`for p in $$list; do \
+	    if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	    if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+	  if test -n "$$list" && \
+	    grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+	    echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+	    grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/         /' >&2; \
+	    echo "       to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+	    echo "       typically \`make maintainer-clean' will remove them" >&2; \
+	    exit 1; \
+	  else :; fi; \
+	else :; fi
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(MANS)
+installdirs:
+	for dir in "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic distclean \
+	distclean-generic distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
+	pdf-am ps ps-am uninstall uninstall-am uninstall-man \
+	uninstall-man5 uninstall-man8
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8 b/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8
new file mode 100644
index 0000000..10faec5
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8
@@ -0,0 +1,81 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy 8 "" "igmpproxy 0.1"
+.SH NAME
+igmpproxy \- Multicast router utilizing IGMP forwarding
+
+.SH SYNOPSIS
+.B igmpproxy [-h] [-d] [-v [-v]]
+.I config-file
+
+
+.SH DESCRIPTION
+.B igmpproxy
+is a simple multicast routing daemon which uses IGMP forwarding to
+dynamically route multicast traffic. Routing is done by defining an
+"upstream" interface on which the daemon act as a normal Multicast
+client, and one or more "downstream" interfaces that serves clients
+on the destination networks. This is useful in situations where other
+dynamic multicast routers (like 'mrouted' or 'pimd') cannot be used.
+
+Since 
+.B igmpproxy
+only uses IGMP signalling, the daemon is only suited for situations
+where multicast traffic comes from only one neighbouring network.
+In more advanced cases, 'mrouted' or 'pimd' is probably more suited.
+The daemon is not designed for cascading, and probably won't scale
+very well.
+
+Currently only IGMPv1 and v2 is supported on downstream interfaces.
+On the upstream interface the kernel IGMP client implementation is used,
+and supported IGMP versions is therefore limited to that supported by the
+kernel.
+
+
+.SH OPTIONS
+.IP -h
+Display help.
+.IP -v
+Verbose logging. Set logging level to INFO instead of WARNING used by default. 
+.IP -vv
+More verbose logging. Set logging level to DEBUG.
+.IP -d
+Output log messages to STDERR instead of to
+.BR syslog (3).
+
+
+.SH LIMITS
+The current version compiles and runs fine with the Linux kernel version 2.4. The known limits are:
+
+.B Multicast routes:
+more then 200
+
+.B Multicast group membership:
+max. 20
+.SH FILES
+.TP
+.B /proc/net/ip_mr_cache 
+- contains the active multicast routes
+.TP
+.B /proc/net/ip_mr_vif 
+- contains the 'virtual' interfaces used by the active multicast routing daemon
+.TP
+.B /proc/sys/net/ipv4/conf/<ifname>/force_igmp_version 
+- can be set to control what IGMP version the kernel should use on the upstream interface.
+Ex.: 'echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version' will force the kernel to
+use IGMPv2 on eth0 (provided this is the upstream interface).
+
+
+.SH SEE ALSO
+.BR igmpproxy.conf (5),
+.BR mrouted,
+.BR pimd,
+.BR smcroute
+
+.SH BUGS
+Currently none (but there probably will be :-/ )
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>.
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in b/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in
new file mode 100644
index 0000000..9d18e42
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in
@@ -0,0 +1,81 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy 8 "" "@PACKAGE_STRING@"
+.SH NAME
+igmpproxy \- Multicast router utilizing IGMP forwarding
+
+.SH SYNOPSIS
+.B igmpproxy [-h] [-d] [-v [-v]]
+.I config-file
+
+
+.SH DESCRIPTION
+.B igmpproxy
+is a simple multicast routing daemon which uses IGMP forwarding to
+dynamically route multicast traffic. Routing is done by defining an
+"upstream" interface on which the daemon act as a normal Multicast
+client, and one or more "downstream" interfaces that serves clients
+on the destination networks. This is useful in situations where other
+dynamic multicast routers (like 'mrouted' or 'pimd') cannot be used.
+
+Since 
+.B igmpproxy
+only uses IGMP signalling, the daemon is only suited for situations
+where multicast traffic comes from only one neighbouring network.
+In more advanced cases, 'mrouted' or 'pimd' is probably more suited.
+The daemon is not designed for cascading, and probably won't scale
+very well.
+
+Currently only IGMPv1 and v2 is supported on downstream interfaces.
+On the upstream interface the kernel IGMP client implementation is used,
+and supported IGMP versions is therefore limited to that supported by the
+kernel.
+
+
+.SH OPTIONS
+.IP -h
+Display help.
+.IP -v
+Verbose logging. Set logging level to INFO instead of WARNING used by default. 
+.IP -vv
+More verbose logging. Set logging level to DEBUG.
+.IP -d
+Output log messages to STDERR instead of to
+.BR syslog (3).
+
+
+.SH LIMITS
+The current version compiles and runs fine with the Linux kernel version 2.4. The known limits are:
+
+.B Multicast routes:
+more then 200
+
+.B Multicast group membership:
+max. 20
+.SH FILES
+.TP
+.B /proc/net/ip_mr_cache 
+- contains the active multicast routes
+.TP
+.B /proc/net/ip_mr_vif 
+- contains the 'virtual' interfaces used by the active multicast routing daemon
+.TP
+.B /proc/sys/net/ipv4/conf/<ifname>/force_igmp_version 
+- can be set to control what IGMP version the kernel should use on the upstream interface.
+Ex.: 'echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version' will force the kernel to
+use IGMPv2 on eth0 (provided this is the upstream interface).
+
+
+.SH SEE ALSO
+.BR igmpproxy.conf (5),
+.BR mrouted,
+.BR pimd,
+.BR smcroute
+
+.SH BUGS
+Currently none (but there probably will be :-/ )
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>.
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5 b/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5
new file mode 100644
index 0000000..176de46
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5
@@ -0,0 +1,146 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy.conf 5 "" "igmpproxy 0.1"
+.SH NAME
+igmpproxy.conf \- Configuration file for
+.BR igmpproxy (8)
+multicast daemon
+
+.SH DESCRIPTION
+.B igmpproxy.conf
+contains the configuration for the 
+.B igmpproxy
+multicast daemon. It defines which network interfaces should be
+used by the routing daemon. Each interface must be give one of the following roles:
+.B upstream
+,
+.B downstream
+or
+.B disabled
+.
+
+The
+.B upstream
+network interface is the outgoing interface which is responsible for communicating
+to availible multicast data sources. There can only be one upstream interface.
+
+.B Downstream
+network interfaces are the distribution interfaces to the destination networks, 
+where multicast clients can join groups and receive multicast data. One or more
+downstream interfaces must be configured.
+
+On
+.B disabled
+network interfaces all IGMP or multicast traffic is ignored altogether. If multiple
+IP addresses is used on one single interface (ae. eth0:1 ...), all interface
+aliases not in use should be configured as disabled.
+
+Any line in the configuration file starting with
+.B #
+is treated as a comment. Keywords and parameters can be distributed over many lines.
+The configuration file has two main keywords:
+
+.B quickleave
+.RS 
+Enables quickleave mode. In this mode the daemon will send a Leave IGMP message
+upstream as soon as it recieves a Leave message for any downstream interface.
+The daemon will then ask for Membership reports on the downstream interfaces, 
+and if a report is recieved the group is joined again upstream. Normally this
+is not noticed at all by clients on the downstream networks. If it's vital
+that the daemon should act exactly as a real multicast client on the upstream
+interface, this function should not be used. Disabling this function increases
+the risk of bandwidth saturation.
+.RE
+
+
+.B phyint 
+.I interface
+.I role 
+[ ratelimit 
+.I limit
+] [ threshold 
+.I ttl
+] [ altnet 
+.I networkaddr ... 
+]
+.RS
+Defines the state and settings of a network interface.
+.RE
+
+.SH PHYINT OPTIONS
+
+.B interface
+.RS
+The name of the interface the settings are for. This option is required for
+phyint settings.
+.RE
+
+.B role
+.RS
+The role of the interface. This should be either
+.B upstream
+(only one interface),
+.B downstream
+(one or more interfaces) or
+.B disabled
+. This option is required.
+.RE
+
+.B ratelimit
+.I limit
+.RS
+Defines a ratelimit for the network interface. If ratelimit is set to 0 (default),
+no ratelimit will be applied. This setting is optional.
+.RE
+
+.B threshold
+.I ttl
+.RS
+Defines the TTL threshold for the network interface. Packets with a lower TTL than the 
+threshols value will be ignored. This setting is optional, and by default the threshold is 1.
+.RE
+
+.B altnet
+.I networkaddr
+...
+.RS
+Defines alternate sources for multicasting and IGMP data. The network address must be on the 
+following format 'a.b.c.d/n'. By default the router will accept data from sources on the same
+network as configured on an interface. If the multicast source lies on a remote network, one
+must define from where traffic should be accepted. 
+
+This is especially useful for the upstream interface, since the source for multicast
+traffic is often from a remote location. Any number of altnet parameters can be specified.
+.RE
+
+
+.SH EXAMPLE
+## Enable quickleave
+quickleave
+.br
+## Define settings for eth0 (upstream)
+.br
+phyint eth0 upstream 
+       altnet 10.0.0.0/8
+       
+## Disable alternate IP on eth0 (eth0:0)
+.br
+phyint eth0:0 disabled
+
+## Define settings for eth1 (downstream)
+.br
+phyint eth1 downstream ratelimit 0 threshold 1
+
+## Define settings for eth2 (also downstream)
+.br
+phyint eth2 downstream
+
+
+.SH SEE ALSO
+.BR igmpproxy (8)
+
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in b/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in
new file mode 100644
index 0000000..a4ea7d0
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in
@@ -0,0 +1,146 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy.conf 5 "" "@PACKAGE_STRING@"
+.SH NAME
+igmpproxy.conf \- Configuration file for
+.BR igmpproxy (8)
+multicast daemon
+
+.SH DESCRIPTION
+.B igmpproxy.conf
+contains the configuration for the 
+.B igmpproxy
+multicast daemon. It defines which network interfaces should be
+used by the routing daemon. Each interface must be give one of the following roles:
+.B upstream
+,
+.B downstream
+or
+.B disabled
+.
+
+The
+.B upstream
+network interface is the outgoing interface which is responsible for communicating
+to availible multicast data sources. There can only be one upstream interface.
+
+.B Downstream
+network interfaces are the distribution interfaces to the destination networks, 
+where multicast clients can join groups and receive multicast data. One or more
+downstream interfaces must be configured.
+
+On
+.B disabled
+network interfaces all IGMP or multicast traffic is ignored altogether. If multiple
+IP addresses is used on one single interface (ae. eth0:1 ...), all interface
+aliases not in use should be configured as disabled.
+
+Any line in the configuration file starting with
+.B #
+is treated as a comment. Keywords and parameters can be distributed over many lines.
+The configuration file has two main keywords:
+
+.B quickleave
+.RS 
+Enables quickleave mode. In this mode the daemon will send a Leave IGMP message
+upstream as soon as it recieves a Leave message for any downstream interface.
+The daemon will then ask for Membership reports on the downstream interfaces, 
+and if a report is recieved the group is joined again upstream. Normally this
+is not noticed at all by clients on the downstream networks. If it's vital
+that the daemon should act exactly as a real multicast client on the upstream
+interface, this function should not be used. Disabling this function increases
+the risk of bandwidth saturation.
+.RE
+
+
+.B phyint 
+.I interface
+.I role 
+[ ratelimit 
+.I limit
+] [ threshold 
+.I ttl
+] [ altnet 
+.I networkaddr ... 
+]
+.RS
+Defines the state and settings of a network interface.
+.RE
+
+.SH PHYINT OPTIONS
+
+.B interface
+.RS
+The name of the interface the settings are for. This option is required for
+phyint settings.
+.RE
+
+.B role
+.RS
+The role of the interface. This should be either
+.B upstream
+(only one interface),
+.B downstream
+(one or more interfaces) or
+.B disabled
+. This option is required.
+.RE
+
+.B ratelimit
+.I limit
+.RS
+Defines a ratelimit for the network interface. If ratelimit is set to 0 (default),
+no ratelimit will be applied. This setting is optional.
+.RE
+
+.B threshold
+.I ttl
+.RS
+Defines the TTL threshold for the network interface. Packets with a lower TTL than the 
+threshols value will be ignored. This setting is optional, and by default the threshold is 1.
+.RE
+
+.B altnet
+.I networkaddr
+...
+.RS
+Defines alternate sources for multicasting and IGMP data. The network address must be on the 
+following format 'a.b.c.d/n'. By default the router will accept data from sources on the same
+network as configured on an interface. If the multicast source lies on a remote network, one
+must define from where traffic should be accepted. 
+
+This is especially useful for the upstream interface, since the source for multicast
+traffic is often from a remote location. Any number of altnet parameters can be specified.
+.RE
+
+
+.SH EXAMPLE
+## Enable quickleave
+quickleave
+.br
+## Define settings for eth0 (upstream)
+.br
+phyint eth0 upstream 
+       altnet 10.0.0.0/8
+       
+## Disable alternate IP on eth0 (eth0:0)
+.br
+phyint eth0:0 disabled
+
+## Define settings for eth1 (downstream)
+.br
+phyint eth1 downstream ratelimit 0 threshold 1
+
+## Define settings for eth2 (also downstream)
+.br
+phyint eth2 downstream
+
+
+.SH SEE ALSO
+.BR igmpproxy (8)
+
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf b/ANW-URB/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf
new file mode 100644
index 0000000..197ca30
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf
@@ -0,0 +1,46 @@
+########################################################
+#
+#   Example configuration file for the IgmpProxy
+#   --------------------------------------------
+#
+#   The configuration file must define one upstream
+#   interface, and one or more downstream interfaces.
+#
+#   If multicast traffic originates outside the
+#   upstream subnet, the "altnet" option can be
+#   used in order to define legal multicast sources.
+#   (Se example...)
+#
+#   The "quickleave" should be used to avoid saturation
+#   of the upstream link. The option should only
+#   be used if it's absolutely nessecary to
+#   accurately imitate just one Client.
+#
+########################################################
+
+##------------------------------------------------------
+## Enable Quickleave mode (Sends Leave instantly)
+##------------------------------------------------------
+quickleave
+
+
+##------------------------------------------------------
+## Configuration for eth0 (Upstream Interface)
+##------------------------------------------------------
+phyint eth0 upstream  ratelimit 0  threshold 1
+        altnet 10.0.0.0/8 
+        altnet 192.168.0.0/24
+
+
+##------------------------------------------------------
+## Configuration for eth1 (Downstream Interface)
+##------------------------------------------------------
+phyint eth1 downstream  ratelimit 0  threshold 1
+
+
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+phyint eth2 disabled
+
+
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/install-sh b/ANW-URB/src/igmpproxy/igmpproxy-0.1/install-sh
new file mode 100755
index 0000000..6781b98
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/install-sh
@@ -0,0 +1,520 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2009-04-28.21; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/missing b/ANW-URB/src/igmpproxy/igmpproxy-0.1/missing
new file mode 100755
index 0000000..28055d2
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/missing
@@ -0,0 +1,376 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
+# 2008, 2009 Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+  echo 1>&2 "Try \`$0 --help' for more information"
+  exit 1
+fi
+
+run=:
+sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
+sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+  configure_ac=configure.ac
+else
+  configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case $1 in
+--run)
+  # Try to run requested program, and just exit if it succeeds.
+  run=
+  shift
+  "$@" && exit 0
+  # Exit code 63 means version mismatch.  This often happens
+  # when the user try to use an ancient version of a tool on
+  # a file that requires a minimum version.  In this case we
+  # we should proceed has if the program had been absent, or
+  # if --run hadn't been passed.
+  if test $? = 63; then
+    run=:
+    msg="probably too old"
+  fi
+  ;;
+
+  -h|--h|--he|--hel|--help)
+    echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+  -h, --help      display this help and exit
+  -v, --version   output version information and exit
+  --run           try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+  aclocal      touch file \`aclocal.m4'
+  autoconf     touch file \`configure'
+  autoheader   touch file \`config.h.in'
+  autom4te     touch the output file, or create a stub one
+  automake     touch all \`Makefile.in' files
+  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
+  flex         create \`lex.yy.c', if possible, from existing .c
+  help2man     touch the output file
+  lex          create \`lex.yy.c', if possible, from existing .c
+  makeinfo     touch the output file
+  tar          try tar, gnutar, gtar, then tar without non-portable flags
+  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
+\`g' are ignored when checking the name.
+
+Send bug reports to <bug-automake@gnu.org>."
+    exit $?
+    ;;
+
+  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+    echo "missing $scriptversion (GNU Automake)"
+    exit $?
+    ;;
+
+  -*)
+    echo 1>&2 "$0: Unknown \`$1' option"
+    echo 1>&2 "Try \`$0 --help' for more information"
+    exit 1
+    ;;
+
+esac
+
+# normalize program name to check for.
+program=`echo "$1" | sed '
+  s/^gnu-//; t
+  s/^gnu//; t
+  s/^g//; t'`
+
+# Now exit if we have it, but it failed.  Also exit now if we
+# don't have it and --version was passed (most likely to detect
+# the program).  This is about non-GNU programs, so use $1 not
+# $program.
+case $1 in
+  lex*|yacc*)
+    # Not GNU programs, they don't have --version.
+    ;;
+
+  tar*)
+    if test -n "$run"; then
+       echo 1>&2 "ERROR: \`tar' requires --run"
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       exit 1
+    fi
+    ;;
+
+  *)
+    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+       # We have it, but it failed.
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       # Could not run --version or --help.  This is probably someone
+       # running `$TOOL --version' or `$TOOL --help' to check whether
+       # $TOOL exists and not knowing $TOOL uses missing.
+       exit 1
+    fi
+    ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case $program in
+  aclocal*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acinclude.m4' or \`${configure_ac}'.  You might want
+         to install the \`Automake' and \`Perl' packages.  Grab them from
+         any GNU archive site."
+    touch aclocal.m4
+    ;;
+
+  autoconf*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`${configure_ac}'.  You might want to install the
+         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
+         archive site."
+    touch configure
+    ;;
+
+  autoheader*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acconfig.h' or \`${configure_ac}'.  You might want
+         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
+         from any GNU archive site."
+    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+    test -z "$files" && files="config.h"
+    touch_files=
+    for f in $files; do
+      case $f in
+      *:*) touch_files="$touch_files "`echo "$f" |
+				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+      *) touch_files="$touch_files $f.in";;
+      esac
+    done
+    touch $touch_files
+    ;;
+
+  automake*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+         You might want to install the \`Automake' and \`Perl' packages.
+         Grab them from any GNU archive site."
+    find . -type f -name Makefile.am -print |
+	   sed 's/\.am$/.in/' |
+	   while read f; do touch "$f"; done
+    ;;
+
+  autom4te*)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.
+         You can get \`$1' as part of \`Autoconf' from any GNU
+         archive site."
+
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo "#! /bin/sh"
+	echo "# Created by GNU Automake missing as a replacement of"
+	echo "#  $ $@"
+	echo "exit 0"
+	chmod +x $file
+	exit 1
+    fi
+    ;;
+
+  bison*|yacc*)
+    echo 1>&2 "\
+WARNING: \`$1' $msg.  You should only need it if
+         you modified a \`.y' file.  You may need the \`Bison' package
+         in order for those modifications to take effect.  You can get
+         \`Bison' from any GNU archive site."
+    rm -f y.tab.c y.tab.h
+    if test $# -ne 1; then
+        eval LASTARG="\${$#}"
+	case $LASTARG in
+	*.y)
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" y.tab.c
+	    fi
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" y.tab.h
+	    fi
+	  ;;
+	esac
+    fi
+    if test ! -f y.tab.h; then
+	echo >y.tab.h
+    fi
+    if test ! -f y.tab.c; then
+	echo 'main() { return 0; }' >y.tab.c
+    fi
+    ;;
+
+  lex*|flex*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.l' file.  You may need the \`Flex' package
+         in order for those modifications to take effect.  You can get
+         \`Flex' from any GNU archive site."
+    rm -f lex.yy.c
+    if test $# -ne 1; then
+        eval LASTARG="\${$#}"
+	case $LASTARG in
+	*.l)
+	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" lex.yy.c
+	    fi
+	  ;;
+	esac
+    fi
+    if test ! -f lex.yy.c; then
+	echo 'main() { return 0; }' >lex.yy.c
+    fi
+    ;;
+
+  help2man*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+	 you modified a dependency of a manual page.  You may need the
+	 \`Help2man' package in order for those modifications to take
+	 effect.  You can get \`Help2man' from any GNU archive site."
+
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo ".ab help2man is required to generate this page"
+	exit $?
+    fi
+    ;;
+
+  makeinfo*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.texi' or \`.texinfo' file, or any other file
+         indirectly affecting the aspect of the manual.  The spurious
+         call might also be the consequence of using a buggy \`make' (AIX,
+         DU, IRIX).  You might want to install the \`Texinfo' package or
+         the \`GNU make' package.  Grab either from any GNU archive site."
+    # The file to touch is that specified with -o ...
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -z "$file"; then
+      # ... or it is the one specified with @setfilename ...
+      infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+      file=`sed -n '
+	/^@setfilename/{
+	  s/.* \([^ ]*\) *$/\1/
+	  p
+	  q
+	}' $infile`
+      # ... or it is derived from the source name (dir/f.texi becomes f.info)
+      test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
+    fi
+    # If the file does not exist, the user really needs makeinfo;
+    # let's fail without touching anything.
+    test -f $file || exit 1
+    touch $file
+    ;;
+
+  tar*)
+    shift
+
+    # We have already tried tar in the generic part.
+    # Look for gnutar/gtar before invocation to avoid ugly error
+    # messages.
+    if (gnutar --version > /dev/null 2>&1); then
+       gnutar "$@" && exit 0
+    fi
+    if (gtar --version > /dev/null 2>&1); then
+       gtar "$@" && exit 0
+    fi
+    firstarg="$1"
+    if shift; then
+	case $firstarg in
+	*o*)
+	    firstarg=`echo "$firstarg" | sed s/o//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+	case $firstarg in
+	*h*)
+	    firstarg=`echo "$firstarg" | sed s/h//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+    fi
+
+    echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+         You may want to install GNU tar or Free paxutils, or check the
+         command line arguments."
+    exit 1
+    ;;
+
+  *)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.  Check the \`README' file,
+         it often tells you about the needed prerequisites for installing
+         this package.  You may also peek at any GNU archive site, in case
+         some other package would contain this missing \`$1' program."
+    exit 1
+    ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po
new file mode 100644
index 0000000..cc79cb5
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po
@@ -0,0 +1,320 @@
+callout.o: callout.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po
new file mode 100644
index 0000000..54f5dd6
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po
@@ -0,0 +1,320 @@
+config.o: config.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po
new file mode 100644
index 0000000..7d81b02
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po
@@ -0,0 +1,320 @@
+confread.o: confread.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po
new file mode 100644
index 0000000..836dafa
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po
@@ -0,0 +1,320 @@
+ifvc.o: ifvc.c igmpproxy.h /usr/include/errno.h /usr/include/features.h \
+ /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po
new file mode 100644
index 0000000..a29d6fc
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po
@@ -0,0 +1,320 @@
+igmp.o: igmp.c igmpproxy.h /usr/include/errno.h /usr/include/features.h \
+ /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po
new file mode 100644
index 0000000..589a7b5
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po
@@ -0,0 +1,320 @@
+igmpproxy.o: igmpproxy.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po
new file mode 100644
index 0000000..b092adf
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po
@@ -0,0 +1,320 @@
+kern.o: kern.c igmpproxy.h /usr/include/errno.h /usr/include/features.h \
+ /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po
new file mode 100644
index 0000000..139d0e9
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po
@@ -0,0 +1,320 @@
+lib.o: lib.c igmpproxy.h /usr/include/errno.h /usr/include/features.h \
+ /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po
new file mode 100644
index 0000000..b9f6109
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po
@@ -0,0 +1,320 @@
+mcgroup.o: mcgroup.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po
new file mode 100644
index 0000000..bd9baa2
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po
@@ -0,0 +1,320 @@
+mroute-api.o: mroute-api.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po
new file mode 100644
index 0000000..08e93a8
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po
@@ -0,0 +1,320 @@
+request.o: request.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po
new file mode 100644
index 0000000..c1ccab5
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po
@@ -0,0 +1,320 @@
+rttable.o: rttable.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po
new file mode 100644
index 0000000..293c2e7
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po
@@ -0,0 +1,320 @@
+syslog.o: syslog.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po
new file mode 100644
index 0000000..770c0e2
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po
@@ -0,0 +1,320 @@
+udpsock.o: udpsock.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/Makefile b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/Makefile
new file mode 100644
index 0000000..1118be8
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/Makefile
@@ -0,0 +1,493 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# src/Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = i586-pc-linux-gnu
+host_triplet = i586-pc-linux-gnu
+sbin_PROGRAMS = igmpproxy$(EXEEXT)
+subdir = src
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = os.h
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am_igmpproxy_OBJECTS = callout.$(OBJEXT) config.$(OBJEXT) \
+	confread.$(OBJEXT) ifvc.$(OBJEXT) igmp.$(OBJEXT) \
+	igmpproxy.$(OBJEXT) kern.$(OBJEXT) lib.$(OBJEXT) \
+	mcgroup.$(OBJEXT) mroute-api.$(OBJEXT) request.$(OBJEXT) \
+	rttable.$(OBJEXT) syslog.$(OBJEXT) udpsock.$(OBJEXT)
+igmpproxy_OBJECTS = $(am_igmpproxy_OBJECTS)
+igmpproxy_LDADD = $(LDADD)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(igmpproxy_SOURCES)
+DIST_SOURCES = $(igmpproxy_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy-0.1/src
+abs_srcdir = /usr/local/src/igmpproxy-0.1/src
+abs_top_builddir = /usr/local/src/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = i586-pc-linux-gnu
+build_alias = 
+build_cpu = i586
+build_os = linux-gnu
+build_vendor = pc
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = i586-pc-linux-gnu
+host_alias = 
+host_cpu = i586
+host_os = linux-gnu
+host_vendor = pc
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = ../
+top_builddir = ..
+top_srcdir = ..
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p; \
+	  then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' `; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
+igmpproxy$(EXEEXT): $(igmpproxy_OBJECTS) $(igmpproxy_DEPENDENCIES) 
+	@rm -f igmpproxy$(EXEEXT)
+	$(LINK) $(igmpproxy_OBJECTS) $(igmpproxy_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+include ./$(DEPDIR)/callout.Po
+include ./$(DEPDIR)/config.Po
+include ./$(DEPDIR)/confread.Po
+include ./$(DEPDIR)/ifvc.Po
+include ./$(DEPDIR)/igmp.Po
+include ./$(DEPDIR)/igmpproxy.Po
+include ./$(DEPDIR)/kern.Po
+include ./$(DEPDIR)/lib.Po
+include ./$(DEPDIR)/mcgroup.Po
+include ./$(DEPDIR)/mroute-api.Po
+include ./$(DEPDIR)/request.Po
+include ./$(DEPDIR)/rttable.Po
+include ./$(DEPDIR)/syslog.Po
+include ./$(DEPDIR)/udpsock.Po
+
+.c.o:
+	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+#	source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(COMPILE) -c $<
+
+.c.obj:
+	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+#	source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+	for dir in "$(DESTDIR)$(sbindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-sbinPROGRAMS ctags distclean distclean-compile \
+	distclean-generic distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-sbinPROGRAMS install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-sbinPROGRAMS
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/Makefile.am b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/Makefile.am
new file mode 100644
index 0000000..fb63ff3
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/Makefile.am
@@ -0,0 +1,22 @@
+sbin_PROGRAMS = igmpproxy
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/Makefile.in b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/Makefile.in
new file mode 100644
index 0000000..ab670af
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/Makefile.in
@@ -0,0 +1,493 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+sbin_PROGRAMS = igmpproxy$(EXEEXT)
+subdir = src
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = os.h
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am_igmpproxy_OBJECTS = callout.$(OBJEXT) config.$(OBJEXT) \
+	confread.$(OBJEXT) ifvc.$(OBJEXT) igmp.$(OBJEXT) \
+	igmpproxy.$(OBJEXT) kern.$(OBJEXT) lib.$(OBJEXT) \
+	mcgroup.$(OBJEXT) mroute-api.$(OBJEXT) request.$(OBJEXT) \
+	rttable.$(OBJEXT) syslog.$(OBJEXT) udpsock.$(OBJEXT)
+igmpproxy_OBJECTS = $(am_igmpproxy_OBJECTS)
+igmpproxy_LDADD = $(LDADD)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(igmpproxy_SOURCES)
+DIST_SOURCES = $(igmpproxy_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p; \
+	  then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' `; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
+igmpproxy$(EXEEXT): $(igmpproxy_OBJECTS) $(igmpproxy_DEPENDENCIES) 
+	@rm -f igmpproxy$(EXEEXT)
+	$(LINK) $(igmpproxy_OBJECTS) $(igmpproxy_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callout.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/config.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/confread.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ifvc.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/igmp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/igmpproxy.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kern.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mcgroup.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mroute-api.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/request.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rttable.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/syslog.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/udpsock.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+	for dir in "$(DESTDIR)$(sbindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-sbinPROGRAMS ctags distclean distclean-compile \
+	distclean-generic distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-sbinPROGRAMS install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-sbinPROGRAMS
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/callout.c b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/callout.c
new file mode 100644
index 0000000..4edfe5e
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/callout.c
@@ -0,0 +1,255 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+
+#include "igmpproxy.h"
+
+/* the code below implements a callout queue */
+static int id = 0;
+static struct timeOutQueue  *queue = 0; /* pointer to the beginning of timeout queue */
+
+struct timeOutQueue {
+    struct timeOutQueue    *next;   // Next event in queue
+    int                     id;  
+    timer_f                 func;   // function to call
+    void                    *data;  // Data for function
+    int                     time;   // Time offset for next event
+};
+
+// Method for dumping the Queue to the log.
+static void debugQueue(void);
+
+/**
+*   Initializes the callout queue
+*/
+void callout_init() {
+    queue = NULL;
+}
+
+/**
+*   Clears all scheduled timeouts...
+*/
+void free_all_callouts() {
+    struct timeOutQueue *p;
+
+    while (queue) {
+        p = queue;
+        queue = queue->next;
+        free(p);
+    }
+}
+
+
+/**
+ * elapsed_time seconds have passed; perform all the events that should
+ * happen.
+ */
+void age_callout_queue(int elapsed_time) {
+    struct timeOutQueue *ptr;
+    int i = 0;
+
+    for (ptr = queue; ptr; ptr = queue, i++) {
+        if (ptr->time > elapsed_time) {
+            ptr->time -= elapsed_time;
+            return;
+        } else {
+            elapsed_time -= ptr->time;
+            queue = queue->next;
+            my_log(LOG_DEBUG, 0, "About to call timeout %d (#%d)", ptr->id, i);
+
+            if (ptr->func)
+                ptr->func(ptr->data);
+            free(ptr);
+        }
+    }
+}
+
+/**
+ * Return in how many seconds age_callout_queue() would like to be called.
+ * Return -1 if there are no events pending.
+ */
+int timer_nextTimer() {
+    if (queue) {
+        if (queue->time < 0) {
+            my_log(LOG_WARNING, 0, "timer_nextTimer top of queue says %d", 
+                queue->time);
+            return 0;
+        }
+        return queue->time;
+    }
+    return -1;
+}
+
+/**
+ *  Inserts a timer in queue.
+ *  @param delay - Number of seconds the timeout should happen in.
+ *  @param action - The function to call on timeout.
+ *  @param data - Pointer to the function data to supply...
+ */
+int timer_setTimer(int delay, timer_f action, void *data) {
+    struct     timeOutQueue  *ptr, *node, *prev;
+    int i = 0;
+
+    /* create a node */ 
+    node = (struct timeOutQueue *)malloc(sizeof(struct timeOutQueue));
+    if (node == 0) {
+        my_log(LOG_WARNING, 0, "Malloc Failed in timer_settimer\n");
+        return -1;
+    }
+    node->func = action; 
+    node->data = data;
+    node->time = delay; 
+    node->next = 0; 
+    node->id   = ++id;
+
+    prev = ptr = queue;
+
+    /* insert node in the queue */
+
+    /* if the queue is empty, insert the node and return */
+    if (!queue) {
+        queue = node;
+    }
+    else {
+        /* chase the pointer looking for the right place */
+        while (ptr) {
+            if (delay < ptr->time) {
+                // We found the correct node
+                node->next = ptr;
+                if (ptr == queue) {
+                    queue = node;
+                }
+                else {
+                    prev->next = node;
+                }
+                ptr->time -= node->time;
+		my_log(LOG_DEBUG, 0,
+			"Created timeout %d (#%d) - delay %d secs",
+			node->id, i, node->time);
+		debugQueue();
+                return node->id;
+            } else {
+                // Continur to check nodes.
+                delay -= ptr->time; node->time = delay;
+                prev = ptr;
+                ptr = ptr->next;
+            }
+            i++;
+        }
+        prev->next = node;
+    }
+    my_log(LOG_DEBUG, 0, "Created timeout %d (#%d) - delay %d secs", 
+            node->id, i, node->time);
+    debugQueue();
+
+    return node->id;
+}
+
+/**
+*   returns the time until the timer is scheduled 
+*/
+int timer_leftTimer(int timer_id) {
+    struct timeOutQueue *ptr;
+    int left = 0;
+
+    if (!timer_id)
+        return -1;
+
+    for (ptr = queue; ptr; ptr = ptr->next) {
+        left += ptr->time;
+        if (ptr->id == timer_id) {
+            return left;
+        }
+    }
+    return -1;
+}
+
+/**
+*   clears the associated timer.  Returns 1 if succeeded. 
+*/
+int timer_clearTimer(int  timer_id) {
+    struct timeOutQueue  *ptr, *prev;
+    int i = 0;
+
+    if (!timer_id)
+        return 0;
+
+    prev = ptr = queue;
+
+    /*
+     * find the right node, delete it. the subsequent node's time
+     * gets bumped up
+     */
+
+    debugQueue();
+    while (ptr) {
+        if (ptr->id == timer_id) {
+            /* got the right node */
+
+            /* unlink it from the queue */
+            if (ptr == queue)
+                queue = queue->next;
+            else
+                prev->next = ptr->next;
+
+            /* increment next node if any */
+            if (ptr->next != 0)
+                (ptr->next)->time += ptr->time;
+
+            if (ptr->data)
+                free(ptr->data);
+            my_log(LOG_DEBUG, 0, "deleted timer %d (#%d)", ptr->id, i);
+            free(ptr);
+            debugQueue();
+            return 1;
+        }
+        prev = ptr;
+        ptr = ptr->next;
+        i++;
+    }
+    // If we get here, the timer was not deleted.
+    my_log(LOG_DEBUG, 0, "failed to delete timer %d (#%d)", timer_id, i);
+    debugQueue();
+    return 0;
+}
+
+/**
+ * debugging utility
+ */
+static void debugQueue() {
+    struct timeOutQueue  *ptr;
+
+    for (ptr = queue; ptr; ptr = ptr->next) {
+            my_log(LOG_DEBUG, 0, "(Id:%d, Time:%d) ", ptr->id, ptr->time);
+    }
+}
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/callout.o b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/callout.o
new file mode 100644
index 0000000..d593331
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/callout.o differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/config.c b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/config.c
new file mode 100644
index 0000000..5a96ce0
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/config.c
@@ -0,0 +1,361 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   config.c - Contains functions to load and parse config
+*              file, and functions to configure the daemon.              
+*/
+
+#include "igmpproxy.h"
+                                      
+// Structure to keep configuration for VIFs...    
+struct vifconfig {
+    char*               name;
+    short               state;
+    int                 ratelimit;
+    int                 threshold;
+
+    // Keep allowed nets for VIF.
+    struct SubnetList*  allowednets;
+    
+    // Next config in list...
+    struct vifconfig*   next;
+};
+                 
+// Structure to keep vif configuration
+struct vifconfig*   vifconf;
+
+// Keeps common settings...
+static struct Config commonConfig;
+
+// Prototypes...
+struct vifconfig *parsePhyintToken();
+struct SubnetList *parseSubnetAddress(char *addrstr);
+
+
+/**
+*   Initializes common config..
+*/
+void initCommonConfig() {
+    commonConfig.robustnessValue = DEFAULT_ROBUSTNESS;
+    commonConfig.queryInterval = INTERVAL_QUERY;
+    commonConfig.queryResponseInterval = INTERVAL_QUERY_RESPONSE;
+
+    // The defaults are calculated from other settings.
+    commonConfig.startupQueryInterval = (unsigned int)(INTERVAL_QUERY / 4);
+    commonConfig.startupQueryCount = DEFAULT_ROBUSTNESS;
+
+    // Default values for leave intervals...
+    commonConfig.lastMemberQueryInterval = INTERVAL_QUERY_RESPONSE;
+    commonConfig.lastMemberQueryCount    = DEFAULT_ROBUSTNESS;
+
+    // If 1, a leave message is sent upstream on leave messages from downstream.
+    commonConfig.fastUpstreamLeave = 0;
+
+}
+
+/**
+*   Returns a pointer to the common config...
+*/
+struct Config *getCommonConfig() {
+    return &commonConfig;
+}
+
+/**
+*   Loads the configuration from file, and stores the config in 
+*   respective holders...
+*/                 
+int loadConfig(char *configFile) {
+    struct vifconfig  *tmpPtr;
+    struct vifconfig  **currPtr = &vifconf;
+    char *token;
+    
+    // Initialize common config
+    initCommonConfig();
+
+    // Test config file reader...
+    if(!openConfigFile(configFile)) {
+        my_log(LOG_ERR, 0, "Unable to open configfile from %s", configFile);
+    }
+
+    // Get first token...
+    token = nextConfigToken();
+    if(token == NULL) {
+        my_log(LOG_ERR, 0, "Config file was empty.");
+    }
+
+    // Loop until all configuration is read.
+    while ( token != NULL ) {
+        // Check token...
+        if(strcmp("phyint", token)==0) {
+            // Got a phyint token... Call phyint parser
+            my_log(LOG_DEBUG, 0, "Config: Got a phyint token.");
+            tmpPtr = parsePhyintToken();
+            if(tmpPtr == NULL) {
+                // Unparsable token... Exit...
+                closeConfigFile();
+                my_log(LOG_WARNING, 0, "Unknown token '%s' in configfile", token);
+                return 0;
+            } else {
+
+                my_log(LOG_DEBUG, 0, "IF name : %s", tmpPtr->name);
+                my_log(LOG_DEBUG, 0, "Next ptr : %x", tmpPtr->next);
+                my_log(LOG_DEBUG, 0, "Ratelimit : %d", tmpPtr->ratelimit);
+                my_log(LOG_DEBUG, 0, "Threshold : %d", tmpPtr->threshold);
+                my_log(LOG_DEBUG, 0, "State : %d", tmpPtr->state);
+                my_log(LOG_DEBUG, 0, "Allowednet ptr : %x", tmpPtr->allowednets);
+
+                // Insert config, and move temppointer to next location...
+                *currPtr = tmpPtr;
+                currPtr = &tmpPtr->next;
+            }
+        } 
+        else if(strcmp("quickleave", token)==0) {
+            // Got a quickleave token....
+            my_log(LOG_DEBUG, 0, "Config: Quick leave mode enabled.");
+            commonConfig.fastUpstreamLeave = 1;
+            
+            // Read next token...
+            token = nextConfigToken();
+            continue;
+        } else {
+            // Unparsable token... Exit...
+            closeConfigFile();
+            my_log(LOG_WARNING, 0, "Unknown token '%s' in configfile", token);
+            return 0;
+        }
+        // Get token that was not recognized by phyint parser.
+        token = getCurrentConfigToken();
+    }
+
+    // Close the configfile...
+    closeConfigFile();
+
+    return 1;
+}
+
+/**
+*   Appends extra VIF configuration from config file.
+*/
+void configureVifs() {
+    unsigned Ix;
+    struct IfDesc *Dp;
+    struct vifconfig *confPtr;
+
+    // If no config is availible, just return...
+    if(vifconf == NULL) {
+        return;
+    }
+
+    // Loop through all VIFs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+
+            // Now try to find a matching config...
+            for( confPtr = vifconf; confPtr; confPtr = confPtr->next) {
+
+                // I the VIF names match...
+                if(strcmp(Dp->Name, confPtr->name)==0) {
+                    struct SubnetList *vifLast;
+
+                    my_log(LOG_DEBUG, 0, "Found config for %s", Dp->Name);
+
+
+                    // Set the VIF state 
+                    Dp->state = confPtr->state;
+                    
+                    Dp->threshold = confPtr->threshold;
+                    Dp->ratelimit = confPtr->ratelimit;
+
+                    // Go to last allowed net on VIF...
+                    for(vifLast = Dp->allowednets; vifLast->next; vifLast = vifLast->next);
+                        
+                    // Insert the configured nets...
+                    vifLast->next = confPtr->allowednets;
+
+                    break;
+                }
+            }
+        }
+    }
+}
+
+
+/**
+*   Internal function to parse phyint config
+*/
+struct vifconfig *parsePhyintToken() {
+    struct vifconfig  *tmpPtr;
+    struct SubnetList **anetPtr;
+    char *token;
+    short parseError = 0;
+
+    // First token should be the interface name....
+    token = nextConfigToken();
+
+    // Sanitycheck the name...
+    if(token == NULL) return NULL;
+    if(strlen(token) >= IF_NAMESIZE) return NULL;
+    my_log(LOG_DEBUG, 0, "Config: IF: Config for interface %s.", token);
+
+    // Allocate memory for configuration...
+    tmpPtr = (struct vifconfig*)malloc(sizeof(struct vifconfig));
+    if(tmpPtr == NULL) {
+        my_log(LOG_ERR, 0, "Out of memory.");
+    }
+
+    // Set default values...
+    tmpPtr->next = NULL;    // Important to avoid seg fault...
+    tmpPtr->ratelimit = 0;
+    tmpPtr->threshold = 1;
+    tmpPtr->state = IF_STATE_DOWNSTREAM;
+    tmpPtr->allowednets = NULL;
+
+    // Make a copy of the token to store the IF name
+    tmpPtr->name = strdup( token );
+    if(tmpPtr->name == NULL) {
+        my_log(LOG_ERR, 0, "Out of memory.");
+    }
+
+    // Set the altnet pointer to the allowednets pointer.
+    anetPtr = &tmpPtr->allowednets;
+
+    // Parse the rest of the config..
+    token = nextConfigToken();
+    while(token != NULL) {
+        if(strcmp("altnet", token)==0) {
+            // Altnet...
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got altnet token %s.",token);
+
+            *anetPtr = parseSubnetAddress(token);
+            if(*anetPtr == NULL) {
+                parseError = 1;
+                my_log(LOG_WARNING, 0, "Unable to parse subnet address.");
+                break;
+            } else {
+                anetPtr = &(*anetPtr)->next;
+            }
+        }
+        else if(strcmp("upstream", token)==0) {
+            // Upstream
+            my_log(LOG_DEBUG, 0, "Config: IF: Got upstream token.");
+            tmpPtr->state = IF_STATE_UPSTREAM;
+        }
+        else if(strcmp("downstream", token)==0) {
+            // Downstream
+            my_log(LOG_DEBUG, 0, "Config: IF: Got downstream token.");
+            tmpPtr->state = IF_STATE_DOWNSTREAM;
+        }
+        else if(strcmp("disabled", token)==0) {
+            // Disabled
+            my_log(LOG_DEBUG, 0, "Config: IF: Got disabled token.");
+            tmpPtr->state = IF_STATE_DISABLED;
+        }
+        else if(strcmp("ratelimit", token)==0) {
+            // Ratelimit
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got ratelimit token '%s'.", token);
+            tmpPtr->ratelimit = atoi( token );
+            if(tmpPtr->ratelimit < 0) {
+                my_log(LOG_WARNING, 0, "Ratelimit must be 0 or more.");
+                parseError = 1;
+                break;
+            }
+        }
+        else if(strcmp("threshold", token)==0) {
+            // Threshold
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got threshold token '%s'.", token);
+            tmpPtr->threshold = atoi( token );
+            if(tmpPtr->threshold <= 0 || tmpPtr->threshold > 255) {
+                my_log(LOG_WARNING, 0, "Threshold must be between 1 and 255.");
+                parseError = 1;
+                break;
+            }
+        }
+        else {
+            // Unknown token. Break...
+            break;
+        }
+        token = nextConfigToken();
+    }
+
+    // Clean up after a parseerror...
+    if(parseError) {
+        free(tmpPtr);
+        tmpPtr = NULL;
+    }
+
+    return tmpPtr;
+}
+
+/**
+*   Parses a subnet address string on the format
+*   a.b.c.d/n into a SubnetList entry.
+*/
+struct SubnetList *parseSubnetAddress(char *addrstr) {
+    struct SubnetList *tmpSubnet;
+    char        *tmpStr;
+    uint32_t      addr = 0x00000000;
+    uint32_t      mask = 0xFFFFFFFF;
+
+    // First get the network part of the address...
+    tmpStr = strtok(addrstr, "/");
+    addr = inet_addr(tmpStr);
+
+    tmpStr = strtok(NULL, "/");
+    if(tmpStr != NULL) {
+        int bitcnt = atoi(tmpStr);
+        if(bitcnt <= 0 || bitcnt > 32) {
+            my_log(LOG_WARNING, 0, "The bits part of the address is invalid : %d.",tmpStr);
+            return NULL;
+        }
+
+        mask <<= (32 - bitcnt);
+    }
+
+    if(addr == -1 || addr == 0) {
+        my_log(LOG_WARNING, 0, "Unable to parse address token '%s'.", addrstr);
+        return NULL;
+    }
+
+    tmpSubnet = (struct SubnetList*) malloc(sizeof(struct SubnetList));
+    tmpSubnet->subnet_addr = addr;
+    tmpSubnet->subnet_mask = ntohl(mask);
+    tmpSubnet->next = NULL;
+
+    my_log(LOG_DEBUG, 0, "Config: IF: Altnet: Parsed altnet to %s.",
+	    inetFmts(tmpSubnet->subnet_addr, tmpSubnet->subnet_mask,s1));
+
+    return tmpSubnet;
+}
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/config.o b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/config.o
new file mode 100644
index 0000000..82093f4
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/config.o differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/confread.c b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/confread.c
new file mode 100644
index 0000000..6e267dc
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/confread.c
@@ -0,0 +1,213 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   confread.c
+*
+*   Generic config file reader. Used to open a config file,
+*   and read the tokens from it. The parser is really simple,
+*   and does no backlogging. This means that no form of
+*   text escaping and qouting is currently supported.
+*   '#' chars are read as comments, and the comment lasts until 
+*   a newline or EOF
+*
+*/
+
+#include "igmpproxy.h"
+
+#define     READ_BUFFER_SIZE    512   // Inputbuffer size...
+        
+#ifndef MAX_TOKEN_LENGTH
+  #define MAX_TOKEN_LENGTH  30     // Default max token length
+#endif
+                                     
+FILE            *confFilePtr;       // File handle pointer
+char            *iBuffer;           // Inputbuffer for reading...
+unsigned int    bufPtr;             // Buffer position pointer.
+unsigned int    readSize;           // Number of bytes in buffer after last read...
+char    cToken[MAX_TOKEN_LENGTH];   // Token buffer...
+short   validToken;
+
+/**
+*   Opens config file specified by filename.
+*/    
+int openConfigFile(char *filename) {
+
+    // Set the buffer to null initially...
+    iBuffer = NULL;
+
+    // Open the file for reading...
+    confFilePtr = fopen(filename, "r");
+    
+    // On error, return false
+    if(confFilePtr == NULL) {
+        return 0;
+    }
+    
+    // Allocate memory for inputbuffer...
+    iBuffer = (char*) malloc( sizeof(char) * READ_BUFFER_SIZE );
+    
+    if(iBuffer == NULL) {
+        closeConfigFile();
+        return 0;
+    }
+    
+    // Reset bufferpointer and readsize
+    bufPtr = 0;
+    readSize = 0;
+
+    return 1;
+}
+
+/**
+*   Closes the currently open config file.
+*/
+void closeConfigFile() {
+    // Close the file.
+    if(confFilePtr!=NULL) {
+        fclose(confFilePtr);
+    }
+    // Free input buffer memory...
+    if(iBuffer != NULL) {
+        free(iBuffer);
+    }
+}
+
+/**
+*   Returns the next token from the configfile. The function
+*   return NULL if there are no more tokens in the file.    
+*/
+char *nextConfigToken() {
+
+    validToken = 0;
+
+    // If no file or buffer, return NULL
+    if(confFilePtr == NULL || iBuffer == NULL) {
+        return NULL;
+    }
+
+    {
+        unsigned int tokenPtr       = 0;
+        unsigned short finished     = 0;
+        unsigned short commentFound = 0;
+
+        // Outer buffer fill loop...
+        while ( !finished ) {
+            // If readpointer is at the end of the buffer, we should read next chunk...
+            if(bufPtr == readSize) {
+                // Fill up the buffer...
+                readSize = fread (iBuffer, sizeof(char), READ_BUFFER_SIZE, confFilePtr);
+                bufPtr = 0;
+
+                // If the readsize is 0, we should just return...
+                if(readSize == 0) {
+                    return NULL;
+                }
+            }
+
+            // Inner char loop...
+            while ( bufPtr < readSize && !finished ) {
+
+                //printf("Char %s", iBuffer[bufPtr]);
+
+                // Break loop on \0
+                if(iBuffer[bufPtr] == '\0') {
+                    break;
+                }
+
+                if( commentFound ) {
+                    if( iBuffer[bufPtr] == '\n' ) {
+                        commentFound = 0;
+                    }
+                } else {
+
+                    // Check current char...
+                    switch(iBuffer[bufPtr]) {
+                    case '#':
+                        // Found a comment start...
+                        commentFound = 1;
+                        break;
+
+                    case '\n':
+                    case '\r':
+                    case '\t':
+                    case ' ':
+                        // Newline, CR, Tab and space are end of token, or ignored.
+                        if(tokenPtr > 0) {
+                            cToken[tokenPtr] = '\0';    // EOL
+                            finished = 1;
+                        }
+                        break;
+
+                    default:
+                        // Append char to token...
+                        cToken[tokenPtr++] = iBuffer[bufPtr];
+                        break;
+                    }
+                
+                }
+
+                // Check end of token buffer !!!
+                if(tokenPtr == MAX_TOKEN_LENGTH - 1) {
+                    // Prevent buffer overrun...
+                    cToken[tokenPtr] = '\0';
+                    finished = 1;
+                }
+
+                // Next char...
+                bufPtr++;
+            }
+            // If the readsize is less than buffersize, we assume EOF.
+            if(readSize < READ_BUFFER_SIZE && bufPtr == readSize) {
+                if (tokenPtr > 0)
+                    finished = 1;
+                else
+                    return NULL;
+            }
+        }
+        if(tokenPtr>0) {
+            validToken = 1;
+            return cToken;
+        }
+    }
+    return NULL;
+}
+
+
+/**
+*   Returns the currently active token, or null
+*   if no tokens are availible.
+*/
+char *getCurrentConfigToken() {
+    return validToken ? cToken : NULL;
+}
+
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/confread.o b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/confread.o
new file mode 100644
index 0000000..8c5ac54
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/confread.o differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/ifvc.c b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/ifvc.c
new file mode 100644
index 0000000..545b3b4
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/ifvc.c
@@ -0,0 +1,255 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+struct IfDesc IfDescVc[ MAX_IF ], *IfDescEp = IfDescVc;
+
+/*
+** Builds up a vector with the interface of the machine. Calls to the other functions of 
+** the module will fail if they are called before the vector is build.
+**          
+*/
+void buildIfVc() {
+    struct ifreq IfVc[ sizeof( IfDescVc ) / sizeof( IfDescVc[ 0 ] )  ];
+    struct ifreq *IfEp;
+
+    int Sock;
+
+    if ( (Sock = socket( AF_INET, SOCK_DGRAM, 0 )) < 0 )
+        my_log( LOG_ERR, errno, "RAW socket open" );
+
+    /* get If vector
+     */
+    {
+        struct ifconf IoCtlReq;
+
+        IoCtlReq.ifc_buf = (void *)IfVc;
+        IoCtlReq.ifc_len = sizeof( IfVc );
+
+        if ( ioctl( Sock, SIOCGIFCONF, &IoCtlReq ) < 0 )
+            my_log( LOG_ERR, errno, "ioctl SIOCGIFCONF" );
+
+        IfEp = (void *)((char *)IfVc + IoCtlReq.ifc_len);
+    }
+
+    /* loop over interfaces and copy interface info to IfDescVc
+     */
+    {
+        struct ifreq  *IfPt, *IfNext;
+
+        // Temp keepers of interface params...
+        uint32_t addr, subnet, mask;
+
+        for ( IfPt = IfVc; IfPt < IfEp; IfPt = IfNext ) {
+            struct ifreq IfReq;
+            char FmtBu[ 32 ];
+
+	    IfNext = (struct ifreq *)((char *)&IfPt->ifr_addr +
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+				    IfPt->ifr_addr.sa_len
+#else
+				    sizeof(struct sockaddr_in)
+#endif
+		    );
+	    if (IfNext < IfPt + 1)
+		    IfNext = IfPt + 1;
+
+            strncpy( IfDescEp->Name, IfPt->ifr_name, sizeof( IfDescEp->Name ) );
+
+            // Currently don't set any allowed nets...
+            //IfDescEp->allowednets = NULL;
+
+            // Set the index to -1 by default.
+            IfDescEp->index = -1;
+
+            /* don't retrieve more info for non-IP interfaces
+             */
+            if ( IfPt->ifr_addr.sa_family != AF_INET ) {
+                IfDescEp->InAdr.s_addr = 0;  /* mark as non-IP interface */
+                IfDescEp++;
+                continue;
+            }
+
+            // Get the interface adress...
+            IfDescEp->InAdr = ((struct sockaddr_in *)&IfPt->ifr_addr)->sin_addr;
+            addr = IfDescEp->InAdr.s_addr;
+
+            memcpy( IfReq.ifr_name, IfDescEp->Name, sizeof( IfReq.ifr_name ) );
+            IfReq.ifr_addr.sa_family = AF_INET;
+            ((struct sockaddr_in *)&IfReq.ifr_addr)->sin_addr.s_addr = addr;
+
+            // Get the subnet mask...
+            if (ioctl(Sock, SIOCGIFNETMASK, &IfReq ) < 0)
+                my_log(LOG_ERR, errno, "ioctl SIOCGIFNETMASK for %s", IfReq.ifr_name);
+            mask = ((struct sockaddr_in *)&IfReq.ifr_addr)->sin_addr.s_addr;
+            subnet = addr & mask;
+
+            /* get if flags
+            **
+            ** typical flags:
+            ** lo    0x0049 -> Running, Loopback, Up
+            ** ethx  0x1043 -> Multicast, Running, Broadcast, Up
+            ** ipppx 0x0091 -> NoArp, PointToPoint, Up 
+            ** grex  0x00C1 -> NoArp, Running, Up
+            ** ipipx 0x00C1 -> NoArp, Running, Up
+            */
+            if ( ioctl( Sock, SIOCGIFFLAGS, &IfReq ) < 0 )
+                my_log( LOG_ERR, errno, "ioctl SIOCGIFFLAGS" );
+
+            IfDescEp->Flags = IfReq.ifr_flags;
+
+            // Insert the verified subnet as an allowed net...
+            IfDescEp->allowednets = (struct SubnetList *)malloc(sizeof(struct SubnetList));
+            if(IfDescEp->allowednets == NULL) my_log(LOG_ERR, 0, "Out of memory !");
+            
+            // Create the network address for the IF..
+            IfDescEp->allowednets->next = NULL;
+            IfDescEp->allowednets->subnet_mask = mask;
+            IfDescEp->allowednets->subnet_addr = subnet;
+
+            // Set the default params for the IF...
+            IfDescEp->state         = IF_STATE_DOWNSTREAM;
+            IfDescEp->robustness    = DEFAULT_ROBUSTNESS;
+            IfDescEp->threshold     = DEFAULT_THRESHOLD;   /* ttl limit */
+            IfDescEp->ratelimit     = DEFAULT_RATELIMIT; 
+            
+
+            // Debug log the result...
+            my_log( LOG_DEBUG, 0, "buildIfVc: Interface %s Addr: %s, Flags: 0x%04x, Network: %s",
+                 IfDescEp->Name,
+                 fmtInAdr( FmtBu, IfDescEp->InAdr ),
+                 IfDescEp->Flags,
+                 inetFmts(subnet,mask, s1));
+
+            IfDescEp++;
+        } 
+    }
+
+    close( Sock );
+}
+
+/*
+** Returns a pointer to the IfDesc of the interface 'IfName'
+**
+** returns: - pointer to the IfDesc of the requested interface
+**          - NULL if no interface 'IfName' exists
+**          
+*/
+struct IfDesc *getIfByName( const char *IfName ) {
+    struct IfDesc *Dp;
+
+    for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ )
+        if ( ! strcmp( IfName, Dp->Name ) )
+            return Dp;
+
+    return NULL;
+}
+
+/*
+** Returns a pointer to the IfDesc of the interface 'Ix'
+**
+** returns: - pointer to the IfDesc of the requested interface
+**          - NULL if no interface 'Ix' exists
+**          
+*/
+struct IfDesc *getIfByIx( unsigned Ix ) {
+    struct IfDesc *Dp = &IfDescVc[ Ix ];
+    return Dp < IfDescEp ? Dp : NULL;
+}
+
+/**
+*   Returns a pointer to the IfDesc whose subnet matches
+*   the supplied IP adress. The IP must match a interfaces
+*   subnet, or any configured allowed subnet on a interface.
+*/
+struct IfDesc *getIfByAddress( uint32_t ipaddr ) {
+
+    struct IfDesc       *Dp;
+    struct SubnetList   *currsubnet;
+    struct IfDesc       *res = NULL;
+    uint32_t            last_subnet_mask = 0;
+
+    for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ ) {
+        // Loop through all registered allowed nets of the VIF...
+        for(currsubnet = Dp->allowednets; currsubnet != NULL; currsubnet = currsubnet->next) {
+            // Check if the ip falls in under the subnet....
+            if(currsubnet->subnet_mask > last_subnet_mask && (ipaddr & currsubnet->subnet_mask) == currsubnet->subnet_addr) {
+                res = Dp;
+                last_subnet_mask = currsubnet->subnet_mask;
+            }
+        }
+    }
+    return res;
+}
+
+
+/**
+*   Returns a pointer to the IfDesc whose subnet matches
+*   the supplied IP adress. The IP must match a interfaces
+*   subnet, or any configured allowed subnet on a interface.
+*/
+struct IfDesc *getIfByVifIndex( unsigned vifindex ) {
+    struct IfDesc       *Dp;
+    if(vifindex>0) {
+        for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ ) {
+            if(Dp->index == vifindex) {
+                return Dp;
+            }
+        }
+    }
+    return NULL;
+}
+
+
+/**
+*   Function that checks if a given ipaddress is a valid
+*   address for the supplied VIF.
+*/
+int isAdressValidForIf( struct IfDesc* intrface, uint32_t ipaddr ) {
+    struct SubnetList   *currsubnet;
+    
+    if(intrface == NULL) {
+        return 0;
+    }
+    // Loop through all registered allowed nets of the VIF...
+    for(currsubnet = intrface->allowednets; currsubnet != NULL; currsubnet = currsubnet->next) {
+        // Check if the ip falls in under the subnet....
+        if((ipaddr & currsubnet->subnet_mask) == currsubnet->subnet_addr) {
+            return 1;
+        }
+    }
+    return 0;
+}
+
+
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/ifvc.o b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/ifvc.o
new file mode 100644
index 0000000..33bd40e
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/ifvc.o differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmp.c b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmp.c
new file mode 100644
index 0000000..a0cd27d
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmp.c
@@ -0,0 +1,281 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmp.h - Recieves IGMP requests, and handle them 
+*            appropriately...
+*/
+
+#include "igmpproxy.h"
+ 
+// Globals                  
+uint32_t     allhosts_group;          /* All hosts addr in net order */
+uint32_t     allrouters_group;          /* All hosts addr in net order */
+              
+extern int MRouterFD;
+
+/*
+ * Open and initialize the igmp socket, and fill in the non-changing
+ * IP header fields in the output packet buffer.
+ */
+void initIgmp() {
+    struct ip *ip;
+
+    recv_buf = malloc(RECV_BUF_SIZE);
+    send_buf = malloc(RECV_BUF_SIZE);
+
+    k_hdr_include(true);    /* include IP header when sending */
+    k_set_rcvbuf(256*1024,48*1024); /* lots of input buffering        */
+    k_set_ttl(1);       /* restrict multicasts to one hop */
+    k_set_loop(false);      /* disable multicast loopback     */
+
+    ip         = (struct ip *)send_buf;
+    memset(ip, 0, sizeof(struct ip));
+    /*
+     * Fields zeroed that aren't filled in later:
+     * - IP ID (let the kernel fill it in)
+     * - Offset (we don't send fragments)
+     * - Checksum (let the kernel fill it in)
+     */
+    ip->ip_v   = IPVERSION;
+    ip->ip_hl  = sizeof(struct ip) >> 2;
+    ip->ip_tos = 0xc0;      /* Internet Control */
+    ip->ip_ttl = MAXTTL;    /* applies to unicasts only */
+    ip->ip_p   = IPPROTO_IGMP;
+
+    allhosts_group   = htonl(INADDR_ALLHOSTS_GROUP);
+    allrouters_group = htonl(INADDR_ALLRTRS_GROUP);
+}
+
+/**
+*   Finds the textual name of the supplied IGMP request.
+*/
+char *igmpPacketKind(u_int type, u_int code) {
+    static char unknown[20];
+
+    switch (type) {
+    case IGMP_MEMBERSHIP_QUERY:     return  "Membership query  ";
+    case IGMP_V1_MEMBERSHIP_REPORT:  return "V1 member report  ";
+    case IGMP_V2_MEMBERSHIP_REPORT:  return "V2 member report  ";
+    case IGMP_V2_LEAVE_GROUP:        return "Leave message     ";
+    
+    default:
+        sprintf(unknown, "unk: 0x%02x/0x%02x    ", type, code);
+        return unknown;
+    }
+}
+
+
+/**
+ * Process a newly received IGMP packet that is sitting in the input
+ * packet buffer.
+ */
+void acceptIgmp(int recvlen) {
+    register uint32_t src, dst, group;
+    struct ip *ip;
+    struct igmp *igmp;
+    int ipdatalen, iphdrlen, igmpdatalen;
+
+    if (recvlen < sizeof(struct ip)) {
+        my_log(LOG_WARNING, 0,
+            "received packet too short (%u bytes) for IP header", recvlen);
+        return;
+    }
+
+    ip        = (struct ip *)recv_buf;
+    src       = ip->ip_src.s_addr;
+    dst       = ip->ip_dst.s_addr;
+
+    /* 
+     * this is most likely a message from the kernel indicating that
+     * a new src grp pair message has arrived and so, it would be 
+     * necessary to install a route into the kernel for this.
+     */
+    if (ip->ip_p == 0) {
+        if (src == 0 || dst == 0) {
+            my_log(LOG_WARNING, 0, "kernel request not accurate");
+        }
+        else {
+            struct IfDesc *checkVIF;
+            
+            // Check if the source address matches a valid address on upstream vif.
+            checkVIF = getIfByIx( upStreamVif );
+            if(checkVIF == 0) {
+                my_log(LOG_ERR, 0, "Upstream VIF was null.");
+                return;
+            } 
+            else if(src == checkVIF->InAdr.s_addr) {
+                my_log(LOG_NOTICE, 0, "Route activation request from %s for %s is from myself. Ignoring.",
+                    inetFmt(src, s1), inetFmt(dst, s2));
+                return;
+            }
+            else if(!isAdressValidForIf(checkVIF, src)) {
+                my_log(LOG_WARNING, 0, "The source address %s for group %s, is not in any valid net for upstream VIF.",
+                    inetFmt(src, s1), inetFmt(dst, s2));
+                return;
+            }
+            
+            // Activate the route.
+            my_log(LOG_DEBUG, 0, "Route activate request from %s to %s",
+		    inetFmt(src,s1), inetFmt(dst,s2));
+            activateRoute(dst, src);
+            
+
+        }
+        return;
+    }
+
+    iphdrlen  = ip->ip_hl << 2;
+    ipdatalen = ip_data_len(ip);
+
+    if (iphdrlen + ipdatalen != recvlen) {
+        my_log(LOG_WARNING, 0,
+            "received packet from %s shorter (%u bytes) than hdr+data length (%u+%u)",
+            inetFmt(src, s1), recvlen, iphdrlen, ipdatalen);
+        return;
+    }
+
+    igmp        = (struct igmp *)(recv_buf + iphdrlen);
+    group       = igmp->igmp_group.s_addr;
+    igmpdatalen = ipdatalen - IGMP_MINLEN;
+    if (igmpdatalen < 0) {
+        my_log(LOG_WARNING, 0,
+            "received IP data field too short (%u bytes) for IGMP, from %s",
+            ipdatalen, inetFmt(src, s1));
+        return;
+    }
+
+    my_log(LOG_NOTICE, 0, "RECV %s from %-15s to %s",
+        igmpPacketKind(igmp->igmp_type, igmp->igmp_code),
+        inetFmt(src, s1), inetFmt(dst, s2) );
+
+    switch (igmp->igmp_type) {
+    case IGMP_V1_MEMBERSHIP_REPORT:
+    case IGMP_V2_MEMBERSHIP_REPORT:
+        acceptGroupReport(src, group, igmp->igmp_type);
+        return;
+    
+    case IGMP_V2_LEAVE_GROUP:
+        acceptLeaveMessage(src, group);
+        return;
+    
+    case IGMP_MEMBERSHIP_QUERY:
+        return;
+
+    default:
+        my_log(LOG_INFO, 0,
+            "ignoring unknown IGMP message type %x from %s to %s",
+            igmp->igmp_type, inetFmt(src, s1),
+            inetFmt(dst, s2));
+        return;
+    }
+}
+
+
+/*
+ * Construct an IGMP message in the output packet buffer.  The caller may
+ * have already placed data in that buffer, of length 'datalen'.
+ */
+void buildIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, int datalen) {
+    struct ip *ip;
+    struct igmp *igmp;
+    extern int curttl;
+
+    ip                      = (struct ip *)send_buf;
+    ip->ip_src.s_addr       = src;
+    ip->ip_dst.s_addr       = dst;
+    ip_set_len(ip, MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen);
+
+    if (IN_MULTICAST(ntohl(dst))) {
+        ip->ip_ttl = curttl;
+    } else {
+        ip->ip_ttl = MAXTTL;
+    }
+
+    igmp                    = (struct igmp *)(send_buf + MIN_IP_HEADER_LEN);
+    igmp->igmp_type         = type;
+    igmp->igmp_code         = code;
+    igmp->igmp_group.s_addr = group;
+    igmp->igmp_cksum        = 0;
+    igmp->igmp_cksum        = inetChksum((u_short *)igmp,
+                                         IGMP_MINLEN + datalen);
+}
+
+/* 
+ * Call build_igmp() to build an IGMP message in the output packet buffer.
+ * Then send the message from the interface with IP address 'src' to
+ * destination 'dst'.
+ */
+void sendIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, int datalen) {
+    struct sockaddr_in sdst;
+    int setloop = 0, setigmpsource = 0;
+
+    buildIgmp(src, dst, type, code, group, datalen);
+
+    if (IN_MULTICAST(ntohl(dst))) {
+        k_set_if(src);
+        setigmpsource = 1;
+        if (type != IGMP_DVMRP || dst == allhosts_group) {
+            setloop = 1;
+            k_set_loop(true);
+        }
+    }
+
+    memset(&sdst, 0, sizeof(sdst));
+    sdst.sin_family = AF_INET;
+#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
+    sdst.sin_len = sizeof(sdst);
+#endif
+    sdst.sin_addr.s_addr = dst;
+    if (sendto(MRouterFD, send_buf,
+               MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen, 0,
+               (struct sockaddr *)&sdst, sizeof(sdst)) < 0) {
+        if (errno == ENETDOWN)
+            my_log(LOG_ERR, errno, "Sender VIF was down.");
+        else
+            my_log(LOG_INFO, errno,
+                "sendto to %s on %s",
+                inetFmt(dst, s1), inetFmt(src, s2));
+    }
+
+    if(setigmpsource) {
+        if (setloop) {
+            k_set_loop(false);
+        }
+        // Restore original...
+        k_set_if(INADDR_ANY);
+    }
+
+    my_log(LOG_DEBUG, 0, "SENT %s from %-15s to %s",
+	    igmpPacketKind(type, code), src == INADDR_ANY ? "INADDR_ANY" :
+	    inetFmt(src, s1), inetFmt(dst, s2));
+}
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmp.o b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmp.o
new file mode 100644
index 0000000..3320ba5
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmp.o differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy
new file mode 100755
index 0000000..c81fa83
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c
new file mode 100644
index 0000000..1ece15a
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c
@@ -0,0 +1,357 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmpproxy.c - The main file for the IGMP proxy application.
+*
+*   February 2005 - Johnny Egeland
+*/
+
+#include "igmpproxy.h"
+
+static const char Usage[] = 
+"Usage: igmpproxy [-h] [-d] [-v [-v]] <configfile>\n"
+"\n" 
+"   -h   Display this help screen\n"
+"   -d   Run in debug mode. Output all messages on stderr\n"
+"   -v   Be verbose. Give twice to see even debug messages.\n"
+"\n"
+PACKAGE_STRING "\n"
+;
+
+// Local function Prototypes
+static void signalHandler(int);
+int     igmpProxyInit();
+void    igmpProxyCleanUp();
+void    igmpProxyRun();
+
+// Global vars...
+static int sighandled = 0;
+#define	GOT_SIGINT	0x01
+#define	GOT_SIGHUP	0x02
+#define	GOT_SIGUSR1	0x04
+#define	GOT_SIGUSR2	0x08
+
+// The upstream VIF index
+int         upStreamVif;   
+
+/**
+*   Program main method. Is invoked when the program is started
+*   on commandline. The number of commandline arguments, and a
+*   pointer to the arguments are recieved on the line...
+*/    
+int main( int ArgCn, char *ArgVc[] ) {
+
+    // Parse the commandline options and setup basic settings..
+    for (int c; (c = getopt(ArgCn, ArgVc, "vdh")) != -1;) {
+        switch (c) {
+        case 'd':
+            Log2Stderr = true;
+            break;
+        case 'v':
+            if (LogLevel == LOG_INFO)
+                LogLevel = LOG_DEBUG;
+            else
+                LogLevel = LOG_INFO;
+            break;
+        case 'h':
+            fputs(Usage, stderr);
+            exit(0);
+            break;
+        default:
+            exit(1);
+            break;
+        }
+    }
+
+    if (optind != ArgCn - 1) {
+	fputs("You must specify the configuration file.\n", stderr);
+	exit(1);
+    }
+    char *configFilePath = ArgVc[optind];
+
+    // Chech that we are root
+    if (geteuid() != 0) {
+       fprintf(stderr, "igmpproxy: must be root\n");
+       exit(1);
+    }
+
+    openlog("igmpproxy", LOG_PID, LOG_USER);
+
+    // Write debug notice with file path...
+    my_log(LOG_DEBUG, 0, "Searching for config file at '%s'" , configFilePath);
+
+    do {
+
+        // Loads the config file...
+        if( ! loadConfig( configFilePath ) ) {
+            my_log(LOG_ERR, 0, "Unable to load config file...");
+            break;
+        }
+    
+        // Initializes the deamon.
+        if ( !igmpProxyInit() ) {
+            my_log(LOG_ERR, 0, "Unable to initialize IGMPproxy.");
+            break;
+        }
+
+        // Go to the main loop.
+        igmpProxyRun();
+    
+        // Clean up
+        igmpProxyCleanUp();
+
+    } while ( false );
+
+    // Inform that we are exiting.
+    my_log(LOG_INFO, 0, "Shutdown complete....");
+
+    exit(0);
+}
+
+
+
+/**
+*   Handles the initial startup of the daemon.
+*/
+int igmpProxyInit() {
+    struct sigaction sa;
+    int Err;
+
+
+    sa.sa_handler = signalHandler;
+    sa.sa_flags = 0;    /* Interrupt system calls */
+    sigemptyset(&sa.sa_mask);
+    sigaction(SIGTERM, &sa, NULL);
+    sigaction(SIGINT, &sa, NULL);
+
+    // Loads configuration for Physical interfaces...
+    buildIfVc();    
+    
+    // Configures IF states and settings
+    configureVifs();
+
+    switch ( Err = enableMRouter() ) {
+    case 0: break;
+    case EADDRINUSE: my_log( LOG_ERR, EADDRINUSE, "MC-Router API already in use" ); break;
+    default: my_log( LOG_ERR, Err, "MRT_INIT failed" );
+    }
+
+    /* create VIFs for all IP, non-loop interfaces
+     */
+    {
+        unsigned Ix;
+        struct IfDesc *Dp;
+        int     vifcount = 0;
+        upStreamVif = -1;
+
+        for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+
+            if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+                if(Dp->state == IF_STATE_UPSTREAM) {
+                    if(upStreamVif == -1) {
+                        upStreamVif = Ix;
+                    } else {
+                        my_log(LOG_ERR, 0, "Vif #%d was already upstream. Cannot set VIF #%d as upstream as well.",
+                            upStreamVif, Ix);
+                    }
+                }
+
+                addVIF( Dp );
+                vifcount++;
+            }
+        }
+
+        // If there is only one VIF, or no defined upstream VIF, we send an error.
+        if(vifcount < 2 || upStreamVif < 0) {
+            my_log(LOG_ERR, 0, "There must be at least 2 Vif's where one is upstream.");
+        }
+    }  
+    
+    // Initialize IGMP
+    initIgmp();
+    // Initialize Routing table
+    initRouteTable();
+    // Initialize timer
+    callout_init();
+
+
+    return 1;
+}
+
+/**
+*   Clean up all on exit...
+*/
+void igmpProxyCleanUp() {
+
+    my_log( LOG_DEBUG, 0, "clean handler called" );
+    
+    free_all_callouts();    // No more timeouts.
+    clearAllRoutes();       // Remove all routes.
+    disableMRouter();       // Disable the multirout API
+
+}
+
+/**
+*   Main daemon loop.
+*/
+void igmpProxyRun() {
+    // Get the config.
+    //struct Config *config = getCommonConfig();
+    // Set some needed values.
+    register int recvlen;
+    int     MaxFD, Rt, secs;
+    fd_set  ReadFDS;
+    socklen_t dummy = 0;
+    struct  timeval  curtime, lasttime, difftime, tv; 
+    // The timeout is a pointer in order to set it to NULL if nessecary.
+    struct  timeval  *timeout = &tv;
+
+    // Initialize timer vars
+    difftime.tv_usec = 0;
+    gettimeofday(&curtime, NULL);
+    lasttime = curtime;
+
+    // First thing we send a membership query in downstream VIF's...
+    sendGeneralMembershipQuery();
+
+    // Loop until the end...
+    for (;;) {
+
+        // Process signaling...
+        if (sighandled) {
+            if (sighandled & GOT_SIGINT) {
+                sighandled &= ~GOT_SIGINT;
+                my_log(LOG_NOTICE, 0, "Got a interupt signal. Exiting.");
+                break;
+            }
+        }
+
+        // Prepare timeout...
+        secs = timer_nextTimer();
+        if(secs == -1) {
+            timeout = NULL;
+        } else {
+            timeout->tv_usec = 0;
+            timeout->tv_sec = secs;
+        }
+
+        // Prepare for select.
+        MaxFD = MRouterFD;
+
+        FD_ZERO( &ReadFDS );
+        FD_SET( MRouterFD, &ReadFDS );
+
+        // wait for input
+        Rt = select( MaxFD +1, &ReadFDS, NULL, NULL, timeout );
+
+        // log and ignore failures
+        if( Rt < 0 ) {
+            my_log( LOG_WARNING, errno, "select() failure" );
+            continue;
+        }
+        else if( Rt > 0 ) {
+
+            // Read IGMP request, and handle it...
+            if( FD_ISSET( MRouterFD, &ReadFDS ) ) {
+    
+                recvlen = recvfrom(MRouterFD, recv_buf, RECV_BUF_SIZE,
+                                   0, NULL, &dummy);
+                if (recvlen < 0) {
+                    if (errno != EINTR) my_log(LOG_ERR, errno, "recvfrom");
+                    continue;
+                }
+                
+
+                acceptIgmp(recvlen);
+            }
+        }
+
+        // At this point, we can handle timeouts...
+        do {
+            /*
+             * If the select timed out, then there's no other
+             * activity to account for and we don't need to
+             * call gettimeofday.
+             */
+            if (Rt == 0) {
+                curtime.tv_sec = lasttime.tv_sec + secs;
+                curtime.tv_usec = lasttime.tv_usec;
+                Rt = -1; /* don't do this next time through the loop */
+            } else {
+                gettimeofday(&curtime, NULL);
+            }
+            difftime.tv_sec = curtime.tv_sec - lasttime.tv_sec;
+            difftime.tv_usec += curtime.tv_usec - lasttime.tv_usec;
+            while (difftime.tv_usec > 1000000) {
+                difftime.tv_sec++;
+                difftime.tv_usec -= 1000000;
+            }
+            if (difftime.tv_usec < 0) {
+                difftime.tv_sec--;
+                difftime.tv_usec += 1000000;
+            }
+            lasttime = curtime;
+            if (secs == 0 || difftime.tv_sec > 0)
+                age_callout_queue(difftime.tv_sec);
+            secs = -1;
+        } while (difftime.tv_sec > 0);
+
+    }
+
+}
+
+/*
+ * Signal handler.  Take note of the fact that the signal arrived
+ * so that the main loop can take care of it.
+ */
+static void signalHandler(int sig) {
+    switch (sig) {
+    case SIGINT:
+    case SIGTERM:
+        sighandled |= GOT_SIGINT;
+        break;
+        /* XXX: Not in use.
+        case SIGHUP:
+            sighandled |= GOT_SIGHUP;
+            break;
+    
+        case SIGUSR1:
+            sighandled |= GOT_SIGUSR1;
+            break;
+    
+        case SIGUSR2:
+            sighandled |= GOT_SIGUSR2;
+            break;
+        */
+    }
+}
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h
new file mode 100644
index 0000000..4dabd1c
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h
@@ -0,0 +1,279 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmpproxy.h - Header file for common includes.
+*/
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <signal.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <stdbool.h>
+
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/time.h>
+#include <sys/ioctl.h>
+#include <sys/param.h>
+
+#include <net/if.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include "os.h"
+#include "config.h"
+
+/*
+ * Limit on length of route data
+ */
+#define MAX_IP_PACKET_LEN	576
+#define MIN_IP_HEADER_LEN	20
+#define MAX_IP_HEADER_LEN	60
+
+#define MAX_MC_VIFS    32     // !!! check this const in the specific includes
+
+// Useful macros..          
+#define VCMC( Vc )  (sizeof( Vc ) / sizeof( (Vc)[ 0 ] ))
+#define VCEP( Vc )  (&(Vc)[ VCMC( Vc ) ])
+
+// Bit manipulation macros...
+#define BIT_ZERO(X)      ((X) = 0)
+#define BIT_SET(X,n)     ((X) |= 1 << (n))
+#define BIT_CLR(X,n)     ((X) &= ~(1 << (n)))
+#define BIT_TST(X,n)     ((X) & 1 << (n))
+
+
+//#################################################################################
+//  Globals
+//#################################################################################
+
+/*
+ * External declarations for global variables and functions.
+ */
+#define RECV_BUF_SIZE 8192
+extern char     *recv_buf;
+extern char     *send_buf;
+
+extern char     s1[];
+extern char     s2[];
+extern char		s3[];
+extern char		s4[];
+
+
+
+//#################################################################################
+//  Lib function prototypes.
+//#################################################################################
+
+/* syslog.c
+ */
+extern bool Log2Stderr;           // Log to stderr instead of to syslog
+extern int  LogLevel;             // Log threshold, LOG_WARNING .... LOG_DEBUG 
+
+void my_log( int Serverity, int Errno, const char *FmtSt, ... );
+
+/* ifvc.c
+ */
+#define MAX_IF         40     // max. number of interfaces recognized 
+
+// Interface states
+#define IF_STATE_DISABLED      0   // Interface should be ignored.
+#define IF_STATE_UPSTREAM      1   // Interface is the upstream interface
+#define IF_STATE_DOWNSTREAM    2   // Interface is a downstream interface
+
+// Multicast default values...
+#define DEFAULT_ROBUSTNESS     2
+#define DEFAULT_THRESHOLD      1
+#define DEFAULT_RATELIMIT      0
+
+// Define timer constants (in seconds...)
+#define INTERVAL_QUERY          125
+#define INTERVAL_QUERY_RESPONSE  10
+//#define INTERVAL_QUERY_RESPONSE  10
+
+#define ROUTESTATE_NOTJOINED            0   // The group corresponding to route is not joined
+#define ROUTESTATE_JOINED               1   // The group corresponding to route is joined
+#define ROUTESTATE_CHECK_LAST_MEMBER    2   // The router is checking for hosts
+
+
+
+// Linked list of networks... 
+struct SubnetList {
+    uint32_t              subnet_addr;
+    uint32_t              subnet_mask;
+    struct SubnetList*  next;
+};
+
+struct IfDesc {
+    char                Name[IF_NAMESIZE];
+    struct in_addr      InAdr;          /* == 0 for non IP interfaces */            
+    short               Flags;
+    short               state;
+    struct SubnetList*  allowednets;
+    unsigned int        robustness;
+    unsigned char       threshold;   /* ttl limit */
+    unsigned int        ratelimit; 
+    unsigned int        index;
+};
+
+// Keeps common configuration settings 
+struct Config {
+    unsigned int        robustnessValue;
+    unsigned int        queryInterval;
+    unsigned int        queryResponseInterval;
+    // Used on startup..
+    unsigned int        startupQueryInterval;
+    unsigned int        startupQueryCount;
+    // Last member probe...
+    unsigned int        lastMemberQueryInterval;
+    unsigned int        lastMemberQueryCount;
+    // Set if upstream leave messages should be sent instantly..
+    unsigned short      fastUpstreamLeave;
+};
+
+// Defines the Index of the upstream VIF...
+extern int upStreamVif;
+
+/* ifvc.c
+ */
+void buildIfVc( void );
+struct IfDesc *getIfByName( const char *IfName );
+struct IfDesc *getIfByIx( unsigned Ix );
+struct IfDesc *getIfByAddress( uint32_t Ix );
+int isAdressValidForIf(struct IfDesc* intrface, uint32_t ipaddr);
+
+/* mroute-api.c
+ */
+struct MRouteDesc {
+    struct in_addr  OriginAdr, McAdr;
+    short           InVif;
+    uint8_t           TtlVc[ MAX_MC_VIFS ];
+};
+
+// IGMP socket as interface for the mrouted API
+// - receives the IGMP messages
+extern int MRouterFD;
+
+int enableMRouter( void );
+void disableMRouter( void );
+void addVIF( struct IfDesc *Dp );
+int addMRoute( struct MRouteDesc * Dp );
+int delMRoute( struct MRouteDesc * Dp );
+int getVifIx( struct IfDesc *IfDp );
+
+/* config.c
+ */
+int loadConfig(char *configFile);
+void configureVifs();
+struct Config *getCommonConfig();
+
+/* igmp.c
+*/
+extern uint32_t allhosts_group;
+extern uint32_t allrouters_group;
+void initIgmp(void);
+void acceptIgmp(int);
+void sendIgmp (uint32_t, uint32_t, int, int, uint32_t,int);
+
+/* lib.c
+ */
+char   *fmtInAdr( char *St, struct in_addr InAdr );
+char   *inetFmt(uint32_t addr, char *s);
+char   *inetFmts(uint32_t addr, uint32_t mask, char *s);
+uint16_t inetChksum(uint16_t *addr, int len);
+
+/* kern.c
+ */
+void k_set_rcvbuf(int bufsize, int minsize);
+void k_hdr_include(int hdrincl);
+void k_set_ttl(int t);
+void k_set_loop(int l);
+void k_set_if(uint32_t ifa);
+/*
+void k_join(uint32_t grp, uint32_t ifa);
+void k_leave(uint32_t grp, uint32_t ifa);
+*/
+
+/* udpsock.c
+ */
+int openUdpSocket( uint32_t PeerInAdr, uint16_t PeerPort );
+
+/* mcgroup.c
+ */
+int joinMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr );
+int leaveMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr );
+
+
+/* rttable.c
+ */
+void initRouteTable();
+void clearAllRoutes();
+int insertRoute(uint32_t group, int ifx);
+int activateRoute(uint32_t group, uint32_t originAddr);
+void ageActiveRoutes();
+void setRouteLastMemberMode(uint32_t group);
+int lastMemberGroupAge(uint32_t group);
+
+/* request.c
+ */
+void acceptGroupReport(uint32_t src, uint32_t group, uint8_t type);
+void acceptLeaveMessage(uint32_t src, uint32_t group);
+void sendGeneralMembershipQuery();
+
+/* callout.c 
+*/
+typedef void (*timer_f)(void *);
+
+void callout_init();
+void free_all_callouts();
+void age_callout_queue(int);
+int timer_nextTimer();
+int timer_setTimer(int, timer_f, void *);
+int timer_clearTimer(int);
+int timer_leftTimer(int);
+
+/* confread.c
+ */
+#define MAX_TOKEN_LENGTH    30
+
+int openConfigFile(char *filename);
+void closeConfigFile();
+char* nextConfigToken();
+char* getCurrentConfigToken();
+
+
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o
new file mode 100644
index 0000000..f7f42f4
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/kern.c b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/kern.c
new file mode 100644
index 0000000..2055636
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/kern.c
@@ -0,0 +1,140 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+
+#include "igmpproxy.h"
+
+int curttl = 0;
+
+void k_set_rcvbuf(int bufsize, int minsize) {
+    int delta = bufsize / 2;
+    int iter = 0;
+
+    /*
+     * Set the socket buffer.  If we can't set it as large as we
+     * want, search around to try to find the highest acceptable
+     * value.  The highest acceptable value being smaller than
+     * minsize is a fatal error.
+     */
+    if (setsockopt(MRouterFD, SOL_SOCKET, SO_RCVBUF,
+                   (char *)&bufsize, sizeof(bufsize)) < 0) {
+        bufsize -= delta;
+        while (1) {
+            iter++;
+            if (delta > 1)
+                delta /= 2;
+
+            if (setsockopt(MRouterFD, SOL_SOCKET, SO_RCVBUF,
+                           (char *)&bufsize, sizeof(bufsize)) < 0) {
+                bufsize -= delta;
+            } else {
+                if (delta < 1024)
+                    break;
+                bufsize += delta;
+            }
+        }
+        if (bufsize < minsize) {
+            my_log(LOG_ERR, 0, "OS-allowed buffer size %u < app min %u",
+                bufsize, minsize);
+            /*NOTREACHED*/
+        }
+    }
+    my_log(LOG_DEBUG, 0, "Got %d byte buffer size in %d iterations", bufsize, iter);
+}
+
+
+void k_hdr_include(int hdrincl) {
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_HDRINCL,
+                   (char *)&hdrincl, sizeof(hdrincl)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_HDRINCL %u", hdrincl);
+}
+
+
+void k_set_ttl(int t) {
+#ifndef RAW_OUTPUT_IS_RAW
+    u_char ttl;
+
+    ttl = t;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_TTL,
+                   (char *)&ttl, sizeof(ttl)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_TTL %u", ttl);
+#endif
+    curttl = t;
+}
+
+
+void k_set_loop(int l) {
+    u_char loop;
+
+    loop = l;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_LOOP,
+                   (char *)&loop, sizeof(loop)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_LOOP %u", loop);
+}
+
+void k_set_if(uint32_t ifa) {
+    struct in_addr adr;
+
+    adr.s_addr = ifa;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_IF,
+                   (char *)&adr, sizeof(adr)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_IF %s",
+            inetFmt(ifa, s1));
+}
+
+/*
+void k_join(uint32_t grp, uint32_t ifa) {
+    struct ip_mreq mreq;
+
+    mreq.imr_multiaddr.s_addr = grp;
+    mreq.imr_interface.s_addr = ifa;
+
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_ADD_MEMBERSHIP,
+                   (char *)&mreq, sizeof(mreq)) < 0)
+        my_log(LOG_WARNING, errno, "can't join group %s on interface %s",
+            inetFmt(grp, s1), inetFmt(ifa, s2));
+}
+
+
+void k_leave(uint32_t grp, uint32_t ifa) {
+    struct ip_mreq mreq;
+
+    mreq.imr_multiaddr.s_addr = grp;
+    mreq.imr_interface.s_addr = ifa;
+
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_DROP_MEMBERSHIP,
+                   (char *)&mreq, sizeof(mreq)) < 0)
+        my_log(LOG_WARNING, errno, "can't leave group %s on interface %s",
+            inetFmt(grp, s1), inetFmt(ifa, s2));
+}
+*/
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/kern.o b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/kern.o
new file mode 100644
index 0000000..09f1de3
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/kern.o differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/lib.c b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/lib.c
new file mode 100644
index 0000000..70a730a
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/lib.c
@@ -0,0 +1,148 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+/*
+ * Exported variables.
+ */
+char s1[19];        /* buffers to hold the string representations  */
+char s2[19];        /* of IP addresses, to be passed to inet_fmt() */
+char s3[19];        /* or inet_fmts().                             */
+char s4[19];
+            
+/*
+** Formats 'InAdr' into a dotted decimal string. 
+**
+** returns: - pointer to 'St'
+**          
+*/
+char *fmtInAdr( char *St, struct in_addr InAdr ) {
+    sprintf( St, "%u.%u.%u.%u", 
+             ((uint8_t *)&InAdr.s_addr)[ 0 ],
+             ((uint8_t *)&InAdr.s_addr)[ 1 ],
+             ((uint8_t *)&InAdr.s_addr)[ 2 ],
+             ((uint8_t *)&InAdr.s_addr)[ 3 ] );
+
+    return St;
+}
+
+/*
+ * Convert an IP address in u_long (network) format into a printable string.
+ */
+char *inetFmt(uint32_t addr, char *s) {
+    register u_char *a;
+
+    a = (u_char *)&addr;
+    sprintf(s, "%u.%u.%u.%u", a[0], a[1], a[2], a[3]);
+    return(s);
+}
+
+
+/*
+ * Convert an IP subnet number in u_long (network) format into a printable
+ * string including the netmask as a number of bits.
+ */
+char *inetFmts(uint32_t addr, uint32_t mask, char *s) {
+    register u_char *a, *m;
+    int bits;
+
+    if ((addr == 0) && (mask == 0)) {
+        sprintf(s, "default");
+        return(s);
+    }
+    a = (u_char *)&addr;
+    m = (u_char *)&mask;
+    bits = 33 - ffs(ntohl(mask));
+
+    if (m[3] != 0) sprintf(s, "%u.%u.%u.%u/%d", a[0], a[1], a[2], a[3],
+                           bits);
+    else if (m[2] != 0) sprintf(s, "%u.%u.%u/%d",    a[0], a[1], a[2], bits);
+    else if (m[1] != 0) sprintf(s, "%u.%u/%d",       a[0], a[1], bits);
+    else                sprintf(s, "%u/%d",          a[0], bits);
+
+    return(s);
+}
+
+/*
+ * inet_cksum extracted from:
+ *			P I N G . C
+ *
+ * Author -
+ *	Mike Muuss
+ *	U. S. Army Ballistic Research Laboratory
+ *	December, 1983
+ * Modified at Uc Berkeley
+ *
+ * (ping.c) Status -
+ *	Public Domain.  Distribution Unlimited.
+ *
+ *			I N _ C K S U M
+ *
+ * Checksum routine for Internet Protocol family headers (C Version)
+ *
+ */
+uint16_t inetChksum(uint16_t *addr, int len) {
+    register int nleft = len;
+    register uint16_t *w = addr;
+    uint16_t answer = 0;
+    register int32_t sum = 0;
+
+    /*
+     *  Our algorithm is simple, using a 32 bit accumulator (sum),
+     *  we add sequential 16 bit words to it, and at the end, fold
+     *  back all the carry bits from the top 16 bits into the lower
+     *  16 bits.
+     */
+    while (nleft > 1) {
+        sum += *w++;
+        nleft -= 2;
+    }
+
+    /* mop up an odd byte, if necessary */
+    if (nleft == 1) {
+        *(uint8_t *) (&answer) = *(uint8_t *)w ;
+        sum += answer;
+    }
+
+    /*
+     * add back carry outs from top 16 bits to low 16 bits
+     */
+    sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
+    sum += (sum >> 16);         /* add carry */
+    answer = ~sum;              /* truncate to 16 bits */
+    return(answer);
+}
+
+
+
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/lib.o b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/lib.o
new file mode 100644
index 0000000..22f3c01
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/lib.o differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c
new file mode 100644
index 0000000..e657c22
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c
@@ -0,0 +1,86 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   mcgroup contains functions for joining and leaving multicast groups.
+*
+*/
+
+#include "igmpproxy.h"
+       
+
+/**
+*   Common function for joining or leaving a MCast group.
+*/
+static int joinleave( int Cmd, int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    struct ip_mreq CtlReq;
+    const char *CmdSt = Cmd == 'j' ? "join" : "leave";
+    
+    memset(&CtlReq, 0, sizeof(CtlReq));
+    CtlReq.imr_multiaddr.s_addr = mcastaddr;
+    CtlReq.imr_interface.s_addr = IfDp->InAdr.s_addr;
+    
+    {
+        my_log( LOG_NOTICE, 0, "%sMcGroup: %s on %s", CmdSt, 
+            inetFmt( mcastaddr, s1 ), IfDp ? IfDp->Name : "<any>" );
+    }
+    
+    if( setsockopt( UdpSock, IPPROTO_IP, 
+          Cmd == 'j' ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP, 
+          (void *)&CtlReq, sizeof( CtlReq ) ) ) 
+    {
+        my_log( LOG_WARNING, errno, "MRT_%s_MEMBERSHIP failed", Cmd == 'j' ? "ADD" : "DROP" );
+        return 1;
+    }
+    
+    return 0;
+}
+
+/**
+*   Joins the MC group with the address 'McAdr' on the interface 'IfName'. 
+*   The join is bound to the UDP socket 'UdpSock', so if this socket is 
+*   closed the membership is dropped.
+*          
+*   @return 0 if the function succeeds, 1 if parameters are wrong or the join fails
+*/
+int joinMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    return joinleave( 'j', UdpSock, IfDp, mcastaddr );
+}
+
+/**
+*   Leaves the MC group with the address 'McAdr' on the interface 'IfName'. 
+*          
+*   @return 0 if the function succeeds, 1 if parameters are wrong or the join fails
+*/
+int leaveMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    return joinleave( 'l', UdpSock, IfDp, mcastaddr );
+}
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o
new file mode 100644
index 0000000..2fdb2f9
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c
new file mode 100644
index 0000000..7c2be3e
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c
@@ -0,0 +1,242 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   mroute-api.c
+*
+*   This module contains the interface routines to the Linux mrouted API
+*/
+
+
+#include "igmpproxy.h"
+
+// MAX_MC_VIFS from mclab.h must have same value as MAXVIFS from mroute.h
+#if MAX_MC_VIFS != MAXVIFS
+# error "constants don't match, correct mclab.h"
+#endif
+     
+// need an IGMP socket as interface for the mrouted API
+// - receives the IGMP messages
+int         MRouterFD;        /* socket for all network I/O  */
+char        *recv_buf;           /* input packet buffer         */
+char        *send_buf;           /* output packet buffer        */
+
+
+// my internal virtual interfaces descriptor vector  
+static struct VifDesc {
+    struct IfDesc *IfDp;
+} VifDescVc[ MAXVIFS ];
+
+
+
+/*
+** Initialises the mrouted API and locks it by this exclusively.
+**     
+** returns: - 0 if the functions succeeds     
+**          - the errno value for non-fatal failure condition
+*/
+int enableMRouter()
+{
+    int Va = 1;
+
+    if ( (MRouterFD  = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP)) < 0 )
+        my_log( LOG_ERR, errno, "IGMP socket open" );
+
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_INIT, 
+                     (void *)&Va, sizeof( Va ) ) )
+        return errno;
+
+    return 0;
+}
+
+/*
+** Diables the mrouted API and relases by this the lock.
+**          
+*/
+void disableMRouter()
+{
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_DONE, NULL, 0 ) 
+         || close( MRouterFD )
+       ) {
+        MRouterFD = 0;
+        my_log( LOG_ERR, errno, "MRT_DONE/close" );
+    }
+
+    MRouterFD = 0;
+}
+
+/*
+** Adds the interface '*IfDp' as virtual interface to the mrouted API
+** 
+*/
+void addVIF( struct IfDesc *IfDp )
+{
+    struct vifctl VifCtl;
+    struct VifDesc *VifDp;
+
+    /* search free VifDesc
+     */
+    for ( VifDp = VifDescVc; VifDp < VCEP( VifDescVc ); VifDp++ ) {
+        if ( ! VifDp->IfDp )
+            break;
+    }
+
+    /* no more space
+     */
+    if ( VifDp >= VCEP( VifDescVc ) )
+        my_log( LOG_ERR, ENOMEM, "addVIF, out of VIF space" );
+
+    VifDp->IfDp = IfDp;
+
+    VifCtl.vifc_vifi  = VifDp - VifDescVc; 
+    VifCtl.vifc_flags = 0;        /* no tunnel, no source routing, register ? */
+    VifCtl.vifc_threshold  = VifDp->IfDp->threshold;    // Packet TTL must be at least 1 to pass them
+    VifCtl.vifc_rate_limit = VifDp->IfDp->ratelimit;    // Ratelimit
+
+    VifCtl.vifc_lcl_addr.s_addr = VifDp->IfDp->InAdr.s_addr;
+    VifCtl.vifc_rmt_addr.s_addr = INADDR_ANY;
+
+    // Set the index...
+    VifDp->IfDp->index = VifCtl.vifc_vifi;
+
+    my_log( LOG_NOTICE, 0, "adding VIF, Ix %d Fl 0x%x IP 0x%08x %s, Threshold: %d, Ratelimit: %d", 
+         VifCtl.vifc_vifi, VifCtl.vifc_flags,  VifCtl.vifc_lcl_addr.s_addr, VifDp->IfDp->Name,
+         VifCtl.vifc_threshold, VifCtl.vifc_rate_limit);
+
+    struct SubnetList *currSubnet;
+    for(currSubnet = IfDp->allowednets; currSubnet; currSubnet = currSubnet->next) {
+	my_log(LOG_DEBUG, 0, "        Network for [%s] : %s",
+	    IfDp->Name,
+	    inetFmts(currSubnet->subnet_addr, currSubnet->subnet_mask, s1));
+    }
+
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_ADD_VIF, 
+                     (char *)&VifCtl, sizeof( VifCtl ) ) )
+        my_log( LOG_ERR, errno, "MRT_ADD_VIF" );
+
+}
+
+/*
+** Adds the multicast routed '*Dp' to the kernel routes
+**
+** returns: - 0 if the function succeeds
+**          - the errno value for non-fatal failure condition
+*/
+int addMRoute( struct MRouteDesc *Dp )
+{
+    struct mfcctl CtlReq;
+    int rc;
+
+    CtlReq.mfcc_origin    = Dp->OriginAdr;
+    CtlReq.mfcc_mcastgrp  = Dp->McAdr;
+    CtlReq.mfcc_parent    = Dp->InVif;
+
+    /* copy the TTL vector
+     */
+
+    memcpy( CtlReq.mfcc_ttls, Dp->TtlVc, sizeof( CtlReq.mfcc_ttls ) );
+
+    {
+        char FmtBuO[ 32 ], FmtBuM[ 32 ];
+
+        my_log( LOG_NOTICE, 0, "Adding MFC: %s -> %s, InpVIf: %d", 
+             fmtInAdr( FmtBuO, CtlReq.mfcc_origin ), 
+             fmtInAdr( FmtBuM, CtlReq.mfcc_mcastgrp ),
+             (int)CtlReq.mfcc_parent
+           );
+    }
+
+    rc = setsockopt( MRouterFD, IPPROTO_IP, MRT_ADD_MFC,
+		    (void *)&CtlReq, sizeof( CtlReq ) );
+    if (rc)
+        my_log( LOG_WARNING, errno, "MRT_ADD_MFC" );
+
+    return rc;
+}
+
+/*
+** Removes the multicast routed '*Dp' from the kernel routes
+**
+** returns: - 0 if the function succeeds
+**          - the errno value for non-fatal failure condition
+*/
+int delMRoute( struct MRouteDesc *Dp )
+{
+    struct mfcctl CtlReq;
+    int rc;
+
+    CtlReq.mfcc_origin    = Dp->OriginAdr;
+    CtlReq.mfcc_mcastgrp  = Dp->McAdr;
+    CtlReq.mfcc_parent    = Dp->InVif;
+
+    /* clear the TTL vector
+     */
+    memset( CtlReq.mfcc_ttls, 0, sizeof( CtlReq.mfcc_ttls ) );
+
+    {
+        char FmtBuO[ 32 ], FmtBuM[ 32 ];
+
+        my_log( LOG_NOTICE, 0, "Removing MFC: %s -> %s, InpVIf: %d", 
+             fmtInAdr( FmtBuO, CtlReq.mfcc_origin ), 
+             fmtInAdr( FmtBuM, CtlReq.mfcc_mcastgrp ),
+             (int)CtlReq.mfcc_parent
+           );
+    }
+
+    rc = setsockopt( MRouterFD, IPPROTO_IP, MRT_DEL_MFC,
+		    (void *)&CtlReq, sizeof( CtlReq ) );
+    if (rc)
+        my_log( LOG_WARNING, errno, "MRT_DEL_MFC" );
+
+    return rc;
+}
+
+/*
+** Returns for the virtual interface index for '*IfDp'
+**
+** returns: - the vitrual interface index if the interface is registered
+**          - -1 if no virtual interface exists for the interface 
+**          
+*/
+int getVifIx( struct IfDesc *IfDp )
+{
+    struct VifDesc *Dp;
+
+    for ( Dp = VifDescVc; Dp < VCEP( VifDescVc ); Dp++ )
+        if ( Dp->IfDp == IfDp )
+            return Dp - VifDescVc;
+
+    return -1;
+}
+
+
+
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o
new file mode 100644
index 0000000..d9b483e
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h
new file mode 100644
index 0000000..735401c
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h
@@ -0,0 +1,14 @@
+#include <net/route.h>
+#include <net/ip_mroute/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h
new file mode 100644
index 0000000..ca01cc5
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h
@@ -0,0 +1,23 @@
+#include <net/route.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#if __FreeBSD_version >= 800069 && defined BURN_BRIDGES \
+	|| __FreeBSD_version >= 800098
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+#endif
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os-linux.h b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os-linux.h
new file mode 100644
index 0000000..7504b1f
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os-linux.h
@@ -0,0 +1,15 @@
+#define _LINUX_IN_H
+#include <linux/types.h>
+#include <linux/mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ntohs(ip->ip_len) - (ip->ip_hl << 2);
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = htons(len);
+}
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h
new file mode 100644
index 0000000..17bd5fa
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h
@@ -0,0 +1,19 @@
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h
new file mode 100644
index 0000000..873e5fb
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h
@@ -0,0 +1,21 @@
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+
+#define INADDR_ALLRTRS_GROUP INADDR_ALLROUTERS_GROUP
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ntohs(ip->ip_len) - (ip->ip_hl << 2);
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = htons(len);
+}
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os.h b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os.h
new file mode 120000
index 0000000..142e404
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/os.h
@@ -0,0 +1 @@
+../src/os-linux.h
\ No newline at end of file
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/request.c b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/request.c
new file mode 100644
index 0000000..e3589f6
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/request.c
@@ -0,0 +1,222 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   request.c 
+*
+*   Functions for recieveing and processing IGMP requests.
+*
+*/
+
+#include "igmpproxy.h"
+
+// Prototypes...
+void sendGroupSpecificMemberQuery(void *argument);  
+    
+typedef struct {
+    uint32_t      group;
+    uint32_t      vifAddr;
+    short       started;
+} GroupVifDesc;
+
+
+/**
+*   Handles incoming membership reports, and
+*   appends them to the routing table.
+*/
+void acceptGroupReport(uint32_t src, uint32_t group, uint8_t type) {
+    struct IfDesc  *sourceVif;
+
+    // Sanitycheck the group adress...
+    if(!IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group.",
+            inetFmt(group, s1));
+        return;
+    }
+
+    // Find the interface on which the report was recieved.
+    sourceVif = getIfByAddress( src );
+    if(sourceVif == NULL) {
+        my_log(LOG_WARNING, 0, "No interfaces found for source %s",
+            inetFmt(src,s1));
+        return;
+    }
+
+    if(sourceVif->InAdr.s_addr == src) {
+        my_log(LOG_NOTICE, 0, "The IGMP message was from myself. Ignoring.");
+        return;
+    }
+
+    // We have a IF so check that it's an downstream IF.
+    if(sourceVif->state == IF_STATE_DOWNSTREAM) {
+
+        my_log(LOG_DEBUG, 0, "Should insert group %s (from: %s) to route table. Vif Ix : %d",
+            inetFmt(group,s1), inetFmt(src,s2), sourceVif->index);
+
+        // The membership report was OK... Insert it into the route table..
+        insertRoute(group, sourceVif->index);
+
+
+    } else {
+        // Log the state of the interface the report was recieved on.
+        my_log(LOG_INFO, 0, "Mebership report was recieved on %s. Ignoring.",
+            sourceVif->state==IF_STATE_UPSTREAM?"the upstream interface":"a disabled interface");
+    }
+
+}
+
+/**
+*   Recieves and handles a group leave message.
+*/
+void acceptLeaveMessage(uint32_t src, uint32_t group) {
+    struct IfDesc   *sourceVif;
+    
+    my_log(LOG_DEBUG, 0,
+	    "Got leave message from %s to %s. Starting last member detection.",
+	    inetFmt(src, s1), inetFmt(group, s2));
+
+    // Sanitycheck the group adress...
+    if(!IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group.",
+            inetFmt(group, s1));
+        return;
+    }
+
+    // Find the interface on which the report was recieved.
+    sourceVif = getIfByAddress( src );
+    if(sourceVif == NULL) {
+        my_log(LOG_WARNING, 0, "No interfaces found for source %s",
+            inetFmt(src,s1));
+        return;
+    }
+
+    // We have a IF so check that it's an downstream IF.
+    if(sourceVif->state == IF_STATE_DOWNSTREAM) {
+
+        GroupVifDesc   *gvDesc;
+        gvDesc = (GroupVifDesc*) malloc(sizeof(GroupVifDesc));
+
+        // Tell the route table that we are checking for remaining members...
+        setRouteLastMemberMode(group);
+
+        // Call the group spesific membership querier...
+        gvDesc->group = group;
+        gvDesc->vifAddr = sourceVif->InAdr.s_addr;
+        gvDesc->started = 0;
+
+        sendGroupSpecificMemberQuery(gvDesc);
+
+    } else {
+        // just ignore the leave request...
+        my_log(LOG_DEBUG, 0, "The found if for %s was not downstream. Ignoring leave request.", inetFmt(src, s1));
+    }
+}
+
+/**
+*   Sends a group specific member report query until the 
+*   group times out...
+*/
+void sendGroupSpecificMemberQuery(void *argument) {
+    struct  Config  *conf = getCommonConfig();
+
+    // Cast argument to correct type...
+    GroupVifDesc   *gvDesc = (GroupVifDesc*) argument;
+
+    if(gvDesc->started) {
+        // If aging returns false, we don't do any further action...
+        if(!lastMemberGroupAge(gvDesc->group)) {
+            return;
+        }
+    } else {
+        gvDesc->started = 1;
+    }
+
+    // Send a group specific membership query...
+    sendIgmp(gvDesc->vifAddr, gvDesc->group, 
+             IGMP_MEMBERSHIP_QUERY,
+             conf->lastMemberQueryInterval * IGMP_TIMER_SCALE, 
+             gvDesc->group, 0);
+
+    my_log(LOG_DEBUG, 0, "Sent membership query from %s to %s. Delay: %d",
+        inetFmt(gvDesc->vifAddr,s1), inetFmt(gvDesc->group,s2),
+        conf->lastMemberQueryInterval);
+
+    // Set timeout for next round...
+    timer_setTimer(conf->lastMemberQueryInterval, sendGroupSpecificMemberQuery, gvDesc);
+
+}
+
+
+/**
+*   Sends a general membership query on downstream VIFs
+*/
+void sendGeneralMembershipQuery() {
+    struct  Config  *conf = getCommonConfig();
+    struct  IfDesc  *Dp;
+    int             Ix;
+
+    // Loop through all downstream vifs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+            if(Dp->state == IF_STATE_DOWNSTREAM) {
+                // Send the membership query...
+                sendIgmp(Dp->InAdr.s_addr, allhosts_group, 
+                         IGMP_MEMBERSHIP_QUERY,
+                         conf->queryResponseInterval * IGMP_TIMER_SCALE, 0, 0);
+                
+                my_log(LOG_DEBUG, 0,
+			"Sent membership query from %s to %s. Delay: %d",
+			inetFmt(Dp->InAdr.s_addr,s1),
+			inetFmt(allhosts_group,s2),
+			conf->queryResponseInterval);
+            }
+        }
+    }
+
+    // Install timer for aging active routes.
+    timer_setTimer(conf->queryResponseInterval, ageActiveRoutes, NULL);
+
+    // Install timer for next general query...
+    if(conf->startupQueryCount>0) {
+        // Use quick timer...
+        timer_setTimer(conf->startupQueryInterval, sendGeneralMembershipQuery, NULL);
+        // Decrease startup counter...
+        conf->startupQueryCount--;
+    } 
+    else {
+        // Use slow timer...
+        timer_setTimer(conf->queryInterval, sendGeneralMembershipQuery, NULL);
+    }
+
+
+}
+ 
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/request.o b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/request.o
new file mode 100644
index 0000000..8c28a70
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/request.o differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/rttable.c b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/rttable.c
new file mode 100644
index 0000000..f0701a8
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/rttable.c
@@ -0,0 +1,662 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   rttable.c 
+*
+*   Updates the routingtable according to 
+*     recieved request.
+*/
+
+#include "igmpproxy.h"
+    
+/**
+*   Routing table structure definition. Double linked list...
+*/
+struct RouteTable {
+    struct RouteTable   *nextroute;     // Pointer to the next group in line.
+    struct RouteTable   *prevroute;     // Pointer to the previous group in line.
+    uint32_t              group;          // The group to route
+    uint32_t              originAddr;     // The origin adress (only set on activated routes)
+    uint32_t              vifBits;        // Bits representing recieving VIFs.
+
+    // Keeps the upstream membership state...
+    short               upstrState;     // Upstream membership state.
+
+    // These parameters contain aging details.
+    uint32_t              ageVifBits;     // Bits representing aging VIFs.
+    int                 ageValue;       // Downcounter for death.          
+    int                 ageActivity;    // Records any acitivity that notes there are still listeners.
+};
+
+                 
+// Keeper for the routing table...
+static struct RouteTable   *routing_table;
+
+// Prototypes
+void logRouteTable(char *header);
+int  internAgeRoute(struct RouteTable*  croute);
+int internUpdateKernelRoute(struct RouteTable *route, int activate);
+
+// Socket for sending join or leave requests.
+int mcGroupSock = 0;
+
+
+/**
+*   Function for retrieving the Multicast Group socket.
+*/
+int getMcGroupSock() {
+    if( ! mcGroupSock ) {
+        mcGroupSock = openUdpSocket( INADDR_ANY, 0 );;
+    }
+    return mcGroupSock;
+}
+ 
+/**
+*   Initializes the routing table.
+*/
+void initRouteTable() {
+    unsigned Ix;
+    struct IfDesc *Dp;
+
+    // Clear routing table...
+    routing_table = NULL;
+
+    // Join the all routers group on downstream vifs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        // If this is a downstream vif, we should join the All routers group...
+        if( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) && Dp->state == IF_STATE_DOWNSTREAM) {
+            my_log(LOG_DEBUG, 0, "Joining all-routers group %s on vif %s",
+                         inetFmt(allrouters_group,s1),inetFmt(Dp->InAdr.s_addr,s2));
+            
+            //k_join(allrouters_group, Dp->InAdr.s_addr);
+            joinMcGroup( getMcGroupSock(), Dp, allrouters_group );
+        }
+    }
+}
+
+/**
+*   Internal function to send join or leave requests for
+*   a specified route upstream...
+*/
+void sendJoinLeaveUpstream(struct RouteTable* route, int join) {
+    struct IfDesc*      upstrIf;
+    
+    // Get the upstream VIF...
+    upstrIf = getIfByIx( upStreamVif );
+    if(upstrIf == NULL) {
+        my_log(LOG_ERR, 0 ,"FATAL: Unable to get Upstream IF.");
+    }
+
+    // Send join or leave request...
+    if(join) {
+
+        // Only join a group if there are listeners downstream...
+        if(route->vifBits > 0) {
+            my_log(LOG_DEBUG, 0, "Joining group %s upstream on IF address %s",
+                         inetFmt(route->group, s1), 
+                         inetFmt(upstrIf->InAdr.s_addr, s2));
+
+            //k_join(route->group, upstrIf->InAdr.s_addr);
+            joinMcGroup( getMcGroupSock(), upstrIf, route->group );
+
+            route->upstrState = ROUTESTATE_JOINED;
+        } else {
+            my_log(LOG_DEBUG, 0, "No downstream listeners for group %s. No join sent.",
+                inetFmt(route->group, s1));
+        }
+
+    } else {
+        // Only leave if group is not left already...
+        if(route->upstrState != ROUTESTATE_NOTJOINED) {
+            my_log(LOG_DEBUG, 0, "Leaving group %s upstream on IF address %s",
+                         inetFmt(route->group, s1), 
+                         inetFmt(upstrIf->InAdr.s_addr, s2));
+            
+            //k_leave(route->group, upstrIf->InAdr.s_addr);
+            leaveMcGroup( getMcGroupSock(), upstrIf, route->group );
+
+            route->upstrState = ROUTESTATE_NOTJOINED;
+        }
+    }
+}
+
+/**
+*   Clear all routes from routing table, and alerts Leaves upstream.
+*/
+void clearAllRoutes() {
+    struct RouteTable   *croute, *remainroute;
+
+    // Loop through all routes...
+    for(croute = routing_table; croute; croute = remainroute) {
+
+        remainroute = croute->nextroute;
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_DEBUG, 0, "Removing route entry for %s",
+                     inetFmt(croute->group, s1));
+
+        // Uninstall current route
+        if(!internUpdateKernelRoute(croute, 0)) {
+            my_log(LOG_WARNING, 0, "The removal from Kernel failed.");
+        }
+
+        // Send Leave message upstream.
+        sendJoinLeaveUpstream(croute, 0);
+
+        // Clear memory, and set pointer to next route...
+        free(croute);
+    }
+    routing_table = NULL;
+
+    // Send a notice that the routing table is empty...
+    my_log(LOG_NOTICE, 0, "All routes removed. Routing table is empty.");
+}
+                 
+/**
+*   Private access function to find a route from a given 
+*   Route Descriptor.
+*/
+struct RouteTable *findRoute(uint32_t group) {
+    struct RouteTable*  croute;
+
+    for(croute = routing_table; croute; croute = croute->nextroute) {
+        if(croute->group == group) {
+            return croute;
+        }
+    }
+
+    return NULL;
+}
+
+/**
+*   Adds a specified route to the routingtable.
+*   If the route already exists, the existing route 
+*   is updated...
+*/
+int insertRoute(uint32_t group, int ifx) {
+    
+    struct Config *conf = getCommonConfig();
+    struct RouteTable*  croute;
+
+    // Sanitycheck the group adress...
+    if( ! IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group. Table insert failed.",
+            inetFmt(group, s1));
+        return 0;
+    }
+
+    // Santiycheck the VIF index...
+    //if(ifx < 0 || ifx >= MAX_MC_VIFS) {
+    if(ifx >= MAX_MC_VIFS) {
+        my_log(LOG_WARNING, 0, "The VIF Ix %d is out of range (0-%d). Table insert failed.",ifx,MAX_MC_VIFS);
+        return 0;
+    }
+
+    // Try to find an existing route for this group...
+    croute = findRoute(group);
+    if(croute==NULL) {
+        struct RouteTable*  newroute;
+
+        my_log(LOG_DEBUG, 0, "No existing route for %s. Create new.",
+                     inetFmt(group, s1));
+
+
+        // Create and initialize the new route table entry..
+        newroute = (struct RouteTable*)malloc(sizeof(struct RouteTable));
+        // Insert the route desc and clear all pointers...
+        newroute->group      = group;
+        newroute->originAddr = 0;
+        newroute->nextroute  = NULL;
+        newroute->prevroute  = NULL;
+
+        // The group is not joined initially.
+        newroute->upstrState = ROUTESTATE_NOTJOINED;
+
+        // The route is not active yet, so the age is unimportant.
+        newroute->ageValue    = conf->robustnessValue;
+        newroute->ageActivity = 0;
+        
+        BIT_ZERO(newroute->ageVifBits);     // Initially we assume no listeners.
+
+        // Set the listener flag...
+        BIT_ZERO(newroute->vifBits);    // Initially no listeners...
+        if(ifx >= 0) {
+            BIT_SET(newroute->vifBits, ifx);
+        }
+
+        // Check if there is a table already....
+        if(routing_table == NULL) {
+            // No location set, so insert in on the table top.
+            routing_table = newroute;
+            my_log(LOG_DEBUG, 0, "No routes in table. Insert at beginning.");
+        } else {
+
+            my_log(LOG_DEBUG, 0, "Found existing routes. Find insert location.");
+
+            // Check if the route could be inserted at the beginning...
+            if(routing_table->group > group) {
+                my_log(LOG_DEBUG, 0, "Inserting at beginning, before route %s",inetFmt(routing_table->group,s1));
+
+                // Insert at beginning...
+                newroute->nextroute = routing_table;
+                newroute->prevroute = NULL;
+                routing_table = newroute;
+
+                // If the route has a next node, the previous pointer must be updated.
+                if(newroute->nextroute != NULL) {
+                    newroute->nextroute->prevroute = newroute;
+                }
+
+            } else {
+
+                // Find the location which is closest to the route.
+                for( croute = routing_table; croute->nextroute != NULL; croute = croute->nextroute ) {
+                    // Find insert position.
+                    if(croute->nextroute->group > group) {
+                        break;
+                    }
+                }
+
+                my_log(LOG_DEBUG, 0, "Inserting after route %s",inetFmt(croute->group,s1));
+                
+                // Insert after current...
+                newroute->nextroute = croute->nextroute;
+                newroute->prevroute = croute;
+                if(croute->nextroute != NULL) {
+                    croute->nextroute->prevroute = newroute; 
+                }
+                croute->nextroute = newroute;
+            }
+        }
+
+        // Set the new route as the current...
+        croute = newroute;
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_INFO, 0, "Inserted route table entry for %s on VIF #%d",
+            inetFmt(croute->group, s1),ifx);
+
+    } else if(ifx >= 0) {
+
+        // The route exists already, so just update it.
+        BIT_SET(croute->vifBits, ifx);
+        
+        // Register the VIF activity for the aging routine
+        BIT_SET(croute->ageVifBits, ifx);
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_INFO, 0, "Updated route entry for %s on VIF #%d",
+            inetFmt(croute->group, s1), ifx);
+
+        // If the route is active, it must be reloaded into the Kernel..
+        if(croute->originAddr != 0) {
+
+            // Update route in kernel...
+            if(!internUpdateKernelRoute(croute, 1)) {
+                my_log(LOG_WARNING, 0, "The insertion into Kernel failed.");
+                return 0;
+            }
+        }
+    }
+
+    // Send join message upstream, if the route has no joined flag...
+    if(croute->upstrState != ROUTESTATE_JOINED) {
+        // Send Join request upstream
+        sendJoinLeaveUpstream(croute, 1);
+    }
+
+    logRouteTable("Insert Route");
+
+    return 1;
+}
+
+/**
+*   Activates a passive group. If the group is already
+*   activated, it's reinstalled in the kernel. If
+*   the route is activated, no originAddr is needed.
+*/
+int activateRoute(uint32_t group, uint32_t originAddr) {
+    struct RouteTable*  croute;
+    int result = 0;
+
+    // Find the requested route.
+    croute = findRoute(group);
+    if(croute == NULL) {
+        my_log(LOG_DEBUG, 0,
+		"No table entry for %s [From: %s]. Inserting route.",
+		inetFmt(group, s1),inetFmt(originAddr, s2));
+
+        // Insert route, but no interfaces have yet requested it downstream.
+        insertRoute(group, -1);
+
+        // Retrieve the route from table...
+        croute = findRoute(group);
+    }
+
+    if(croute != NULL) {
+        // If the origin address is set, update the route data.
+        if(originAddr > 0) {
+            if(croute->originAddr > 0 && croute->originAddr!=originAddr) {
+                my_log(LOG_WARNING, 0, "The origin for route %s changed from %s to %s",
+                    inetFmt(croute->group, s1),
+                    inetFmt(croute->originAddr, s2),
+                    inetFmt(originAddr, s3));
+            }
+            croute->originAddr = originAddr;
+        }
+
+        // Only update kernel table if there are listeners !
+        if(croute->vifBits > 0) {
+            result = internUpdateKernelRoute(croute, 1);
+        }
+    }
+    logRouteTable("Activate Route");
+
+    return result;
+}
+
+
+/**
+*   This function loops through all routes, and updates the age 
+*   of any active routes.
+*/
+void ageActiveRoutes() {
+    struct RouteTable   *croute, *nroute;
+    
+    my_log(LOG_DEBUG, 0, "Aging routes in table.");
+
+    // Scan all routes...
+    for( croute = routing_table; croute != NULL; croute = nroute ) {
+        
+        // Keep the next route (since current route may be removed)...
+        nroute = croute->nextroute;
+
+        // Run the aging round algorithm.
+        if(croute->upstrState != ROUTESTATE_CHECK_LAST_MEMBER) {
+            // Only age routes if Last member probe is not active...
+            internAgeRoute(croute);
+        }
+    }
+    logRouteTable("Age active routes");
+}
+
+/**
+*   Should be called when a leave message is recieved, to
+*   mark a route for the last member probe state.
+*/
+void setRouteLastMemberMode(uint32_t group) {
+    struct Config       *conf = getCommonConfig();
+    struct RouteTable   *croute;
+
+    croute = findRoute(group);
+    if(croute!=NULL) {
+        // Check for fast leave mode...
+        if(croute->upstrState == ROUTESTATE_JOINED && conf->fastUpstreamLeave) {
+            // Send a leave message right away..
+            sendJoinLeaveUpstream(croute, 0);
+        }
+        // Set the routingstate to Last member check...
+        croute->upstrState = ROUTESTATE_CHECK_LAST_MEMBER;
+        // Set the count value for expiring... (-1 since first aging)
+        croute->ageValue = conf->lastMemberQueryCount;
+    }
+}
+
+
+/**
+*   Ages groups in the last member check state. If the
+*   route is not found, or not in this state, 0 is returned.
+*/
+int lastMemberGroupAge(uint32_t group) {
+    struct RouteTable   *croute;
+
+    croute = findRoute(group);
+    if(croute!=NULL) {
+        if(croute->upstrState == ROUTESTATE_CHECK_LAST_MEMBER) {
+            return !internAgeRoute(croute);
+        } else {
+            return 0;
+        }
+    }
+    return 0;
+}
+
+/**
+*   Remove a specified route. Returns 1 on success,
+*   and 0 if route was not found.
+*/
+int removeRoute(struct RouteTable*  croute) {
+    struct Config       *conf = getCommonConfig();
+    int result = 1;
+    
+    // If croute is null, no routes was found.
+    if(croute==NULL) {
+        return 0;
+    }
+
+    // Log the cleanup in debugmode...
+    my_log(LOG_DEBUG, 0, "Removed route entry for %s from table.",
+                 inetFmt(croute->group, s1));
+
+    //BIT_ZERO(croute->vifBits);
+
+    // Uninstall current route from kernel
+    if(!internUpdateKernelRoute(croute, 0)) {
+        my_log(LOG_WARNING, 0, "The removal from Kernel failed.");
+        result = 0;
+    }
+
+    // Send Leave request upstream if group is joined
+    if(croute->upstrState == ROUTESTATE_JOINED || 
+       (croute->upstrState == ROUTESTATE_CHECK_LAST_MEMBER && !conf->fastUpstreamLeave)) 
+    {
+        sendJoinLeaveUpstream(croute, 0);
+    }
+
+    // Update pointers...
+    if(croute->prevroute == NULL) {
+        // Topmost node...
+        if(croute->nextroute != NULL) {
+            croute->nextroute->prevroute = NULL;
+        }
+        routing_table = croute->nextroute;
+
+    } else {
+        croute->prevroute->nextroute = croute->nextroute;
+        if(croute->nextroute != NULL) {
+            croute->nextroute->prevroute = croute->prevroute;
+        }
+    }
+    // Free the memory, and set the route to NULL...
+    free(croute);
+    croute = NULL;
+
+    logRouteTable("Remove route");
+
+    return result;
+}
+
+
+/**
+*   Ages a specific route
+*/
+int internAgeRoute(struct RouteTable*  croute) {
+    struct Config *conf = getCommonConfig();
+    int result = 0;
+
+    // Drop age by 1.
+    croute->ageValue--;
+
+    // Check if there has been any activity...
+    if( croute->ageVifBits > 0 && croute->ageActivity == 0 ) {
+        // There was some activity, check if all registered vifs responded.
+        if(croute->vifBits == croute->ageVifBits) {
+            // Everything is in perfect order, so we just update the route age.
+            croute->ageValue = conf->robustnessValue;
+            //croute->ageActivity = 0;
+        } else {
+            // One or more VIF has not gotten any response.
+            croute->ageActivity++;
+
+            // Update the actual bits for the route...
+            croute->vifBits = croute->ageVifBits;
+        }
+    } 
+    // Check if there have been activity in aging process...
+    else if( croute->ageActivity > 0 ) {
+
+        // If the bits are different in this round, we must
+        if(croute->vifBits != croute->ageVifBits) {
+            // Or the bits together to insure we don't lose any listeners.
+            croute->vifBits |= croute->ageVifBits;
+
+            // Register changes in this round as well..
+            croute->ageActivity++;
+        }
+    }
+
+    // If the aging counter has reached zero, its time for updating...
+    if(croute->ageValue == 0) {
+        // Check for activity in the aging process,
+        if(croute->ageActivity>0) {
+            
+            my_log(LOG_DEBUG, 0, "Updating route after aging : %s",
+                         inetFmt(croute->group,s1));
+            
+            // Just update the routing settings in kernel...
+            internUpdateKernelRoute(croute, 1);
+    
+            // We append the activity counter to the age, and continue...
+            croute->ageValue = croute->ageActivity;
+            croute->ageActivity = 0;
+        } else {
+
+            my_log(LOG_DEBUG, 0, "Removing group %s. Died of old age.",
+                         inetFmt(croute->group,s1));
+
+            // No activity was registered within the timelimit, so remove the route.
+            removeRoute(croute);
+        }
+        // Tell that the route was updated...
+        result = 1;
+    }
+
+    // The aging vif bits must be reset for each round...
+    BIT_ZERO(croute->ageVifBits);
+
+    return result;
+}
+
+/**
+*   Updates the Kernel routing table. If activate is 1, the route
+*   is (re-)activated. If activate is false, the route is removed.
+*/
+int internUpdateKernelRoute(struct RouteTable *route, int activate) {
+    struct   MRouteDesc     mrDesc;
+    struct   IfDesc         *Dp;
+    unsigned                Ix;
+    
+    if(route->originAddr>0) {
+
+        // Build route descriptor from table entry...
+        // Set the source address and group address...
+        mrDesc.McAdr.s_addr     = route->group;
+        mrDesc.OriginAdr.s_addr = route->originAddr;
+    
+        // clear output interfaces 
+        memset( mrDesc.TtlVc, 0, sizeof( mrDesc.TtlVc ) );
+    
+        my_log(LOG_DEBUG, 0, "Vif bits : 0x%08x", route->vifBits);
+
+        // Set the TTL's for the route descriptor...
+        for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+            if(Dp->state == IF_STATE_UPSTREAM) {
+                mrDesc.InVif = Dp->index;
+            }
+            else if(BIT_TST(route->vifBits, Dp->index)) {
+                my_log(LOG_DEBUG, 0, "Setting TTL for Vif %d to %d", Dp->index, Dp->threshold);
+                mrDesc.TtlVc[ Dp->index ] = Dp->threshold;
+            }
+        }
+    
+        // Do the actual Kernel route update...
+        if(activate) {
+            // Add route in kernel...
+            addMRoute( &mrDesc );
+    
+        } else {
+            // Delete the route from Kernel...
+            delMRoute( &mrDesc );
+        }
+
+    } else {
+        my_log(LOG_NOTICE, 0, "Route is not active. No kernel updates done.");
+    }
+
+    return 1;
+}
+
+/**
+*   Debug function that writes the routing table entries
+*   to the log.
+*/
+void logRouteTable(char *header) {
+        struct RouteTable*  croute = routing_table;
+        unsigned            rcount = 0;
+    
+        my_log(LOG_DEBUG, 0, "");
+        my_log(LOG_DEBUG, 0, "Current routing table (%s):", header);
+        my_log(LOG_DEBUG, 0, "-----------------------------------------------------");
+        if(croute==NULL) {
+            my_log(LOG_DEBUG, 0, "No routes in table...");
+        } else {
+            do {
+                /*
+                my_log(LOG_DEBUG, 0, "#%d: Src: %s, Dst: %s, Age:%d, St: %s, Prev: 0x%08x, T: 0x%08x, Next: 0x%08x",
+                    rcount, inetFmt(croute->originAddr, s1), inetFmt(croute->group, s2),
+                    croute->ageValue,(croute->originAddr>0?"A":"I"),
+                    croute->prevroute, croute, croute->nextroute);
+                */
+                my_log(LOG_DEBUG, 0, "#%d: Src: %s, Dst: %s, Age:%d, St: %s, OutVifs: 0x%08x",
+                    rcount, inetFmt(croute->originAddr, s1), inetFmt(croute->group, s2),
+                    croute->ageValue,(croute->originAddr>0?"A":"I"),
+                    croute->vifBits);
+                  
+                croute = croute->nextroute; 
+        
+                rcount++;
+            } while ( croute != NULL );
+        }
+    
+        my_log(LOG_DEBUG, 0, "-----------------------------------------------------");
+}
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/rttable.o b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/rttable.o
new file mode 100644
index 0000000..467cfe8
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/rttable.o differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/syslog.c b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/syslog.c
new file mode 100644
index 0000000..7c7166f
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/syslog.c
@@ -0,0 +1,62 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+int LogLevel = LOG_WARNING;
+bool Log2Stderr = false;
+
+void my_log( int Severity, int Errno, const char *FmtSt, ... )
+{
+    char LogMsg[ 128 ];
+
+    va_list ArgPt;
+    unsigned Ln;
+    va_start( ArgPt, FmtSt );
+    Ln = vsnprintf( LogMsg, sizeof( LogMsg ), FmtSt, ArgPt );
+    if( Errno > 0 )
+        snprintf( LogMsg + Ln, sizeof( LogMsg ) - Ln,
+                "; Errno(%d): %s", Errno, strerror(Errno) );
+    va_end( ArgPt );
+
+    if (Severity <= LogLevel) {
+        if (Log2Stderr)
+            fprintf(stderr, "%s\n", LogMsg);
+        else {
+            syslog(Severity, "%s", LogMsg);
+	}
+    }
+
+    if( Severity <= LOG_ERR )
+        exit( -1 );
+}
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/syslog.o b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/syslog.o
new file mode 100644
index 0000000..1a9d31d
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/syslog.o differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/udpsock.c b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/udpsock.c
new file mode 100644
index 0000000..150130e
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/udpsock.c
@@ -0,0 +1,65 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   udpsock.c contains function for creating a UDP socket.
+*
+*/
+
+#include "igmpproxy.h"
+
+/**
+*  Creates and connects a simple UDP socket to the target 
+*  'PeerInAdr':'PeerPort'
+*
+*   @param PeerInAdr - The address to connect to
+*   @param PeerPort  - The port to connect to
+*           
+*/
+int openUdpSocket( uint32_t PeerInAdr, uint16_t PeerPort ) {
+    int Sock;
+    struct sockaddr_in SockAdr;
+    
+    if( (Sock = socket( AF_INET, SOCK_RAW, IPPROTO_IGMP )) < 0 )
+        my_log( LOG_ERR, errno, "UDP socket open" );
+    
+    memset( &SockAdr, 0, sizeof( SockAdr ) );
+    SockAdr.sin_family      = AF_INET;
+    SockAdr.sin_port        = htons(PeerPort);
+    SockAdr.sin_addr.s_addr = htonl(PeerInAdr);
+    
+    if( bind( Sock, (struct sockaddr *)&SockAdr, sizeof( SockAdr ) ) )
+        my_log( LOG_ERR, errno, "UDP socket bind" );
+    
+    return Sock;
+}
+
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/udpsock.o b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/udpsock.o
new file mode 100644
index 0000000..c3d35d9
Binary files /dev/null and b/ANW-URB/src/igmpproxy/igmpproxy-0.1/src/udpsock.o differ
diff --git a/ANW-URB/src/igmpproxy/igmpproxy-0.1/stamp-h1 b/ANW-URB/src/igmpproxy/igmpproxy-0.1/stamp-h1
new file mode 100644
index 0000000..4547fe1
--- /dev/null
+++ b/ANW-URB/src/igmpproxy/igmpproxy-0.1/stamp-h1
@@ -0,0 +1 @@
+timestamp for config.h
diff --git a/ANW-URB/src/ipt-gateway b/ANW-URB/src/ipt-gateway
new file mode 160000
index 0000000..de0ebb6
--- /dev/null
+++ b/ANW-URB/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
diff --git a/ANW-URB/src/ipw2100/LICENSE b/ANW-URB/src/ipw2100/LICENSE
new file mode 100644
index 0000000..a3e83f5
--- /dev/null
+++ b/ANW-URB/src/ipw2100/LICENSE
@@ -0,0 +1,207 @@
+                             TERMS AND CONDITIONS
+    IMPORTANT - PLEASE READ BEFORE INSTALLING OR USING THIS INTEL(C) SOFTWARE
+
+Do not use or load this firmware (the "Software") until you have carefully read
+the following terms and conditions. By loading or using the Software, you agree
+to the terms of this Agreement. If you do not wish to so agree, do not install
+or use the Software.
+
+LICENSEES:
+
+Please note: 
+
+* If you are an End-User, only Exhibit A, the SOFTWARE LICENSE AGREEMENT,
+  applies.
+* If you are an Original Equipment Manufacturer (OEM), Independent Hardware
+  Vendor (IHV), or Independent Software Vendor (ISV), this complete Agreement
+  applies 
+
+--------------------------------------------------------------------------------
+
+For OEMs, IHVs, and ISVs:
+
+LICENSE. This Software is licensed for use only in conjunction with Intel
+component products. Use of the Software in conjunction with non-Intel component
+products is not licensed hereunder. Subject to the terms of this Agreement,
+Intel grants to you a nonexclusive, nontransferable, worldwide, fully paid-up
+license under Intel's copyrights to: (i) copy the Software internally for your
+own development and maintenance purposes; (ii) copy and distribute the Software
+to your end-users, but only under a license agreement with terms at least as
+restrictive as those contained in Intel's Final, Single User License Agreement,
+attached as Exhibit A; and (iii) modify, copy and distribute the end-user
+documentation which may accompany the Software, but only in association with
+the Software.  
+
+If you are not the final manufacturer or vendor of a computer system or software
+program incorporating the Software, then you may transfer a copy of the
+Software, including any related documentation (modified or unmodified) to your
+recipient for use in accordance with the terms of this Agreement, provided such
+recipient agrees to be fully bound by the terms hereof. You shall not otherwise
+assign, sublicense, lease, or in any other way transfer or disclose Software to
+any third party. You may not, nor may you assist any other person or entity to
+modify, translate, convert to another programming language, decompile, reverse
+engineer, or disassemble any portion of the Software or otherwise attempt to
+derive source code from any object code modules of the Software or any internal
+data files generated by the Software. Your rights to redistribute the Software
+shall be contingent upon your installation of this Agreement in its entirety in
+the same directory as the Software.
+
+CONFIDENTIALITY. If you wish to have a third party consultant or subcontractor
+("Contractor") perform work on your behalf which involves access to or use of
+Software, you shall obtain a written confidentiality agreement from the
+Contractor which contains provisions with respect to access to or use of the
+Software no less restrictive than those set forth in this Agreement and
+excluding any distribution rights, and use for any other purpose. Except as 
+expressly provided herein, you shall not disclose the terms or existence of 
+this Agreement or use Intel's name in any publications, advertisements, or 
+other announcements without Intel's prior written consent. You do not have any 
+rights to use any Intel trademarks or logos.
+
+OWNERSHIP OF SOFTWARE AND COPYRIGHTS. Software and accompanying materials, if
+any, are owned by Intel or its suppliers and licensors and may be protected by
+copyright, trademark, patent and trade secret law and international treaties. 
+Any rights, express or implied, in the intellectual property embodied in the
+foregoing, other than those specified in this Agreement, are reserved by Intel
+and its suppliers and licensors or otherwise as set forth in any applicable
+open source license agreement. You will keep the Software free of liens,
+attachments, and other encumbrances.  You agree not to remove any proprietary
+notices and/or any labels from the Software and accompanying materials without
+prior written approval by Intel
+
+LIMITATION OF LIABILITY. IN NO EVENT SHALL INTEL OR ITS SUPPLIERS AND LICENSORS
+BE LIABLE FOR ANY DAMAGES WHATSOEVER FROM ANY CAUSE OF ACTION OF ANY KIND
+(INCLUDING, WITHOUT LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, OR LOST
+INFORMATION) ARISING OUT OF THE USE, MODIFICATION, OR INABILITY TO USE THE
+INTEL SOFTWARE, OR OTHERWISE, NOR FOR PUNITIVE, INCIDENTAL, CONSEQUENTIAL, OR
+SPECIAL DAMAGES OF ANY KIND, EVEN IF INTEL OR ITS SUPPLIERS AND LICENSORS HAS
+BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.   SOME JURISDICTIONS PROHIBIT
+EXCLUSION OR LIMITATION OF LIABILITY FOR IMPLIED WARRANTIES, CONSEQUENTIAL OR
+INCIDENTAL DAMAGES, SO CERTAIN LIMITATIONS MAY NOT APPLY.  YOU MAY ALSO HAVE
+OTHER LEGAL RIGHTS THAT VARY BETWEEN JURISDICTIONS. 
+
+EXCLUSION OF WARRANTIES.  THE SOFTWARE IS PROVIDED "AS IS" AND POSSIBLY WITH
+FAULTS. UNLESS EXPRESSLY AGREED OTHERWISE, INTEL AND ITS SUPPLIERS AND
+LICENSORS DISCLAIM ANY AND ALL WARRANTIES AND GUARANTEES, EXPRESS, IMPLIED OR
+OTHERWISE, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE.  Intel does not warrant
+or assume responsibility for the accuracy or completeness of any information,
+text, graphics, links or other items contained within the Software.  You assume
+all liability, financial or otherwise, associated with Your use or disposition
+of the Software.
+		
+APPLICABLE LAW. Claims arising under this Agreement shall be governed by the
+laws of State of California], excluding its principles of conflict of laws and
+the United Nations Convention on Contracts for the Sale of Goods.  
+
+WAIVER AND AMENDMENT. No modification, amendment or waiver of any provision of
+this Agreement shall be effective unless in writing and signed by an officer of
+Intel.  No failure or delay in exercising any right, power, or remedy under
+this Agreement shall operate as a waiver of any such right, power or remedy. 
+Without limiting the foregoing, terms and conditions on any purchase orders or
+similar materials submitted by you to Intel, and any terms contained in Intel’s
+standard acknowledgment form that are in conflict with these terms, shall be of
+no force or effect.
+
+SEVERABILITY.  If any provision of this Agreement is held by a court of
+competent jurisdiction to be contrary to law, such provision shall be changed
+and interpreted so as to best accomplish the objectives of the original
+provision to the fullest extent allowed by law and the remaining provisions of
+this Agreement shall remain in full force and effect.
+
+EXPORT RESTRICTIONS.  Each party acknowledges that the Software is subject to
+applicable import and export regulations of the United States and of the
+countries in which each party transacts business, specifically including U.S.
+Export Administration Act and Export Administration Regulations.  Each party
+shall comply with such laws and regulations, as well as all other laws and
+regulations applicable to the Software.  Without limiting the generality of the
+foregoing, each party agrees that it will not export, re-export, transfer or
+divert any of the Software or the direct programs thereof to any restricted
+place or party in accordance with U.S. export regulations.  Note that Software
+containing encryption may be subject to additional restrictions.
+
+GOVERNMENT RESTRICTED RIGHTS. The Software is provided with "RESTRICTED RIGHTS."
+Use, duplication, or disclosure by the Government is subject to restrictions as
+set forth in FAR52.227-14 and DFAR252.227-7013 et seq. or their successors. Use
+of the Software by the Government constitutes acknowledgment of Intel's
+proprietary rights therein. Contractor or Manufacturer is Intel Corporation,
+2200 Mission College Blvd., Santa Clara, CA  95052.
+
+TERMINATION OF THE AGREEMENT. Intel may terminate this Agreement if you violate
+its terms. Upon termination, you will immediately destroy the Software or
+return all copies of the Software to Intel.
+
+--------------------------------------------------------------------------------
+
+EXHIBIT "A"
+
+SOFTWARE LICENSE AGREEMENT (Final, Single User)
+
+IMPORTANT - READ BEFORE COPYING, INSTALLING OR USING.
+
+Do not use or load this firmware image (the "Software") until you have carefully
+read the following terms and conditions. By loading or using the Software, you
+agree to the terms of this Agreement. If you do not wish to so agree, do not
+install or use the Software.
+
+LICENSE. You may copy and use the Software, subject to these conditions: 
+1. This Software is licensed for use only in conjunction with Intel component
+   products. Use of the Software in conjunction with non-Intel component 
+   products is not licensed hereunder. 
+2. You may not copy, modify, rent, sell, distribute or transfer any part of the
+   Software except as provided in this Agreement, and you agree to prevent
+   unauthorized copying of the Software. 
+3. You may not reverse engineer, decompile, or disassemble the Software. 
+4. You may not sublicense the Software. 
+5. The Software may contain the software or other property of third party
+   suppliers. 
+
+OWNERSHIP OF SOFTWARE AND COPYRIGHTS. Title to all copies of the Software
+remains with Intel or its suppliers. The Software is copyrighted and protected
+by the laws of the United States and other countries, and international treaty
+provisions. You may not remove any copyright notices from the Software. Intel
+may make changes to the Software, or items referenced therein, at any time
+without notice, but is not obligated to support or update the Software. Except
+as otherwise expressly provided, Intel grants no express or implied right under
+Intel patents, copyrights, trademarks, or other intellectual property rights.
+You may transfer the Software only if a copy of this license accompanies the 
+Software and the recipient agrees to be fully bound by these terms.
+
+EXCLUSION OF OTHER WARRANTIES EXCEPT AS PROVIDED ABOVE, THE SOFTWARE IS PROVIDED
+"AS IS" WITHOUT ANY EXPRESS OR IMPLIED WARRANTY OF ANY KIND INCLUDING
+WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR
+PURPOSE. Intel does not warrant or assume responsibility for the accuracy or
+completeness of any information, text, graphics, links or other items contained
+within the Software.
+
+LIMITATION OF LIABILITY. IN NO EVENT SHALL INTEL OR ITS SUPPLIERS BE LIABLE FOR
+ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, LOST PROFITS, BUSINESS
+INTERRUPTION, OR LOST INFORMATION) ARISING OUT OF THE USE OF OR INABILITY TO
+USE THE SOFTWARE, EVEN IF INTEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES. SOME JURISDICTIONS PROHIBIT EXCLUSION OR LIMITATION OF LIABILITY FOR
+IMPLIED WARRANTIES OR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE
+LIMITATION MAY NOT APPLY TO YOU. YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT VARY
+BETWEEN JURISDICTIONS.
+
+TERMINATION OF THIS AGREEMENT. Intel may terminate this Agreement at any time if
+you violate its terms. Upon termination, you will immediately destroy the
+Software.
+
+APPLICABLE LAWS. Claims arising under this Agreement shall be governed by the
+laws of California, excluding its principles of conflict of laws and the United
+Nations Convention on Contracts for the Sale of Goods. You may not export the
+Software in violation of applicable export laws and regulations. Intel is not
+obligated under any other agreements unless they are in writing and signed by
+an authorized representative 
+of Intel.
+
+GOVERNMENT RESTRICTED RIGHTS. The Software is provided with "RESTRICTED RIGHTS."
+Use, duplication, or disclosure by the Government is subject to restrictions as
+set forth in FAR52.227-14 and DFAR252.227-7013 et seq. or their successors. Use
+of the Software by the Government constitutes acknowledgment of Intel's
+proprietary rights therein. Contractor or Manufacturer is Intel Corporation,
+2200 Mission College Blvd., Santa Clara, CA 95052.
+
+
+
+		
+
diff --git a/ANW-URB/src/ipw2100/ipw2100-1.3-i.fw b/ANW-URB/src/ipw2100/ipw2100-1.3-i.fw
new file mode 100644
index 0000000..85c9ca5
Binary files /dev/null and b/ANW-URB/src/ipw2100/ipw2100-1.3-i.fw differ
diff --git a/ANW-URB/src/ipw2100/ipw2100-1.3-p.fw b/ANW-URB/src/ipw2100/ipw2100-1.3-p.fw
new file mode 100644
index 0000000..6fda4c3
Binary files /dev/null and b/ANW-URB/src/ipw2100/ipw2100-1.3-p.fw differ
diff --git a/ANW-URB/src/ipw2100/ipw2100-1.3.fw b/ANW-URB/src/ipw2100/ipw2100-1.3.fw
new file mode 100644
index 0000000..be2a69c
Binary files /dev/null and b/ANW-URB/src/ipw2100/ipw2100-1.3.fw differ
diff --git a/ANW-URB/src/ipw2100/ipw2100-fw-1.3.tgz b/ANW-URB/src/ipw2100/ipw2100-fw-1.3.tgz
new file mode 100644
index 0000000..ad30eee
Binary files /dev/null and b/ANW-URB/src/ipw2100/ipw2100-fw-1.3.tgz differ
diff --git a/B3-Bornim/README.txt b/B3-Bornim/README.txt
new file mode 100644
index 0000000..d53b7d1
--- /dev/null
+++ b/B3-Bornim/README.txt
@@ -0,0 +1,25 @@
+
+Notice:
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.B3-Bornim: ppp0 comes over eth2
+      interfaces.B3-Bornim: see above
+      default_isc-dhcp-server.B3-Bornim
+      ipt-firewall.B3-Bornim: LAN device (mostly ) = eth1
+                                second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/B3-Bornim/bin/admin-stuff b/B3-Bornim/bin/admin-stuff
new file mode 160000
index 0000000..6c91fc0
--- /dev/null
+++ b/B3-Bornim/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
diff --git a/B3-Bornim/bin/clean_log_files.sh b/B3-Bornim/bin/clean_log_files.sh
new file mode 120000
index 0000000..4a65412
--- /dev/null
+++ b/B3-Bornim/bin/clean_log_files.sh
@@ -0,0 +1 @@
+admin-stuff/clean_log_files.sh
\ No newline at end of file
diff --git a/B3-Bornim/bin/manage-gw-config b/B3-Bornim/bin/manage-gw-config
new file mode 160000
index 0000000..2a96dfd
--- /dev/null
+++ b/B3-Bornim/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit 2a96dfdc8f50605a84059b07e64b8ae6b41b5688
diff --git a/B3-Bornim/bin/monitoring b/B3-Bornim/bin/monitoring
new file mode 160000
index 0000000..0611d0a
--- /dev/null
+++ b/B3-Bornim/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
diff --git a/B3-Bornim/bind/bind.keys b/B3-Bornim/bind/bind.keys
new file mode 100644
index 0000000..db22d4b
--- /dev/null
+++ b/B3-Bornim/bind/bind.keys
@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};
diff --git a/B3-Bornim/bind/db.0 b/B3-Bornim/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/B3-Bornim/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/B3-Bornim/bind/db.127 b/B3-Bornim/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/B3-Bornim/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/B3-Bornim/bind/db.192.168.42.0 b/B3-Bornim/bind/db.192.168.42.0
new file mode 100644
index 0000000..19c2de5
--- /dev/null
+++ b/B3-Bornim/bind/db.192.168.42.0
@@ -0,0 +1,55 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.b3-bornim.netz. ckubu.oopen.de. (
+      2017032501     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+@            IN NS     ns.b3-bornim.netz.
+
+
+; - Gateway/Firewall
+254         IN PTR    gw-b3.b3-bornim.netz.
+
+
+; - (Caching ) Nameserver
+1           IN PTR    ns.b3-bornim.netz.
+
+
+; - Fileserver
+10          IN PTR    bbb-server.b3-bornim.netz.
+
+; - Alter Fileserver
+20          IN PTR   bbb-server-alt.b3-bornim.netz.
+
+
+; - Accesspoint  - FRITZ!Box
+60          IN PTR    fritzbox.b3-bornim.netz.
+
+
+; - Drucker
+56          IN PTR    hp-8610.b3-bornim.netz.
+58          IN PTR    hp-8610-wlan.b3-bornim.netz.
+
+
+; - PC's
+
+; - gerd Zimmer A ( dose 2 )
+110         IN PTR    rme.b3-bornim.netz.
+
+
+; - susi Zwischenraum ( linux + dose 3? )
+112        IN PTR     prakti-desktop.b3-bornim.netz.
+113        IN PTR     susi-desktop.b3-bornim.netz.
+114        IN PTR     ingo-laptop.b3-bornim.netz.
+119        IN PTR     mp-laptop.b3-bornim.netz.
+
+43         IN PTR     ingo-laptop-wlan.b3-bornim.netz.
+49         IN PTR     mp-laptop-wlan.b3-bornim.netz.
+
+
diff --git a/B3-Bornim/bind/db.255 b/B3-Bornim/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/B3-Bornim/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/B3-Bornim/bind/db.b3-bornim.netz b/B3-Bornim/bind/db.b3-bornim.netz
new file mode 100644
index 0000000..a22512b
--- /dev/null
+++ b/B3-Bornim/bind/db.b3-bornim.netz
@@ -0,0 +1,78 @@
+;
+; BIND data file for local b3-bornim.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.b3-bornim.netz. ckubu.oopen.de. (
+      2017032501     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+@                 IN NS    ns.b3-bornim.netz.
+
+; - Gateway/Firewall
+gw-b3             IN A     192.168.42.254
+gate              IN CNAME gw-b3
+gw                IN CNAME gw-b3
+b3gate            IN CNAME gw-b3
+
+; - IPMI Gateway
+gw-ipmi           IN A     172.16.42.15
+
+
+; - (Caching ) Nameserver
+ns                IN A     192.168.42.1
+nscache           IN CNAME ns
+
+; - Fileserver
+bbb-server        IN A     192.168.42.10
+file              IN CNAME bbb-server
+file-b3           IN CNAME bbb-server
+samba             IN CNAME bbb-server
+ntp               IN CNAME bbb-server
+
+; - Alter Fileserver
+bbb-server-alt    IN A     192.168.42.20
+fnrprojekt        IN CNAME bbb-server-alt
+mysql             IN CNAME bbb-server-alt
+phprojekt         IN CNAME bbb-server-alt
+webmail           IN CNAME bbb-server-alt
+www               IN CNAME bbb-server-alt
+
+phprojekt-test    IN CNAME bbb-server-alt
+imap              IN CNAME bbb-server-alt
+
+
+; - IPMI Fileserver
+file-ipmi         IN A     192.168.42.15
+
+
+; - Drucker
+
+hp-8610           IN A     192.168.42.56
+hp-8610-wlan      IN A     192.168.42.58
+
+
+; - Accesspoint - FRITZ!BOX
+fritzbox          IN A     192.168.42.60
+accesspoint       IN CNAME fritzbox
+
+
+; - PC's
+
+; - sb-desktop (Ubuntu 12.04)
+prakti-desktop    IN A     192.168.42.112
+sb-desktop        IN CNAME prakti-desktop
+
+; - susi-desktop (Ubuntu 12.04)
+susi-desktop      IN A     192.168.42.113
+
+ingo-laptop       IN A     192.168.42.114
+mp-laptop         IN A     192.168.42.119
+
+ingo-laptop-wlan  IN A     192.168.42.43
+mp-laptop-wlan    IN A     192.168.42.49
+
diff --git a/B3-Bornim/bind/db.empty b/B3-Bornim/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/B3-Bornim/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/B3-Bornim/bind/db.local b/B3-Bornim/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/B3-Bornim/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/B3-Bornim/bind/db.root b/B3-Bornim/bind/db.root
new file mode 100644
index 0000000..f0b79d2
--- /dev/null
+++ b/B3-Bornim/bind/db.root
@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file
diff --git a/B3-Bornim/bind/named.conf b/B3-Bornim/bind/named.conf
new file mode 100644
index 0000000..880786a
--- /dev/null
+++ b/B3-Bornim/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/B3-Bornim/bind/named.conf.default-zones b/B3-Bornim/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/B3-Bornim/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/B3-Bornim/bind/named.conf.local b/B3-Bornim/bind/named.conf.local
new file mode 100644
index 0000000..d091590
--- /dev/null
+++ b/B3-Bornim/bind/named.conf.local
@@ -0,0 +1,18 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+zone "b3-bornim.netz" {
+   type master;
+   file "/etc/bind/db.b3-bornim.netz";
+};
+
+zone "42.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.42.0";
+};
+
diff --git a/B3-Bornim/bind/named.conf.local.ORIG b/B3-Bornim/bind/named.conf.local.ORIG
new file mode 100644
index 0000000..7a57b10
--- /dev/null
+++ b/B3-Bornim/bind/named.conf.local.ORIG
@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
diff --git a/B3-Bornim/bind/named.conf.options b/B3-Bornim/bind/named.conf.options
new file mode 100644
index 0000000..c193324
--- /dev/null
+++ b/B3-Bornim/bind/named.conf.options
@@ -0,0 +1,94 @@
+options {
+   directory "/var/cache/bind";
+
+   // If there is a firewall between you and nameservers you want
+   // to talk to, you may need to fix the firewall to allow multiple
+   // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+   // If your ISP provided one or more IP addresses for stable
+   // nameservers, you probably want to use them as forwarders.
+   // Uncomment the following block, and insert the addresses replacing
+   // the all-0's placeholder.
+
+   // forwarders {
+   //    0.0.0.0;
+   // };
+
+   //========================================================================
+   // If BIND logs error messages about the root key being expired,
+   // you will need to update your keys.  See https://www.isc.org/bind-keys
+   //========================================================================
+   dnssec-validation auto;
+
+   // Security options
+   listen-on port 53 {
+      127.0.0.1;
+      172.16.42.1;
+      192.168.42.1;
+   };
+
+   allow-query {
+      127.0.0.1;
+      172.16.0.0/16;
+      192.168.0.0/16;
+      10.0.0.0/8;
+   };
+
+   // caching name services
+   recursion yes;
+   allow-recursion {
+      127.0.0.1;
+      172.16.0.0/16;
+      192.168.0.0/16;
+      10.0.0.0/16;
+   };
+
+   allow-transfer { none; };
+
+   auth-nxdomain no;    # conform to RFC1035
+   listen-on-v6 { any; };
+};
+
+logging {
+   channel simple_log {
+      file "/var/log/named/bind.log" versions 3 size 5m;
+      //severity warning;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category  yes;
+   };
+   channel queries_log {
+      file "/var/log/named/query.log" versions 10 size 5m;
+      severity debug;
+      //severity notice;
+      print-time yes;
+      print-severity yes;
+      print-category no;
+   };
+   channel log_zone_transfers {
+      file "/var/log/named/axfr.log" versions 5 size 2m;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   category resolver {
+      queries_log;
+   };
+   category queries {
+      queries_log;
+   };
+   category xfer-in {
+      log_zone_transfers;
+   };
+   category xfer-out {
+      log_zone_transfers;
+   };
+   category notify {
+      log_zone_transfers;
+   };
+   category default{
+      simple_log;
+   };
+};
diff --git a/B3-Bornim/bind/named.conf.options.ORIG b/B3-Bornim/bind/named.conf.options.ORIG
new file mode 100644
index 0000000..b1bef51
--- /dev/null
+++ b/B3-Bornim/bind/named.conf.options.ORIG
@@ -0,0 +1,26 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/B3-Bornim/bind/rndc.key b/B3-Bornim/bind/rndc.key
new file mode 100644
index 0000000..6d6adba
--- /dev/null
+++ b/B3-Bornim/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "e7SPwyNbq97vSf4q075JNg==";
+};
diff --git a/B3-Bornim/bind/zones.rfc1918 b/B3-Bornim/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/B3-Bornim/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/B3-Bornim/chap-secrets.B3-Bornim b/B3-Bornim/chap-secrets.B3-Bornim
new file mode 100644
index 0000000..b70983c
--- /dev/null
+++ b/B3-Bornim/chap-secrets.B3-Bornim
@@ -0,0 +1,4 @@
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+
+"t-online-com/8TB0LIXKXV82@t-online-com.de" * "38460707"
diff --git a/B3-Bornim/check_net-logrotate.B3-Bornim b/B3-Bornim/check_net-logrotate.B3-Bornim
new file mode 100644
index 0000000..f0a557b
--- /dev/null
+++ b/B3-Bornim/check_net-logrotate.B3-Bornim
@@ -0,0 +1,10 @@
+/var/log/check_net.log
+{
+   rotate 7
+   daily
+   missingok
+   notifempty
+   copytruncate
+   delaycompress
+   compress
+}
diff --git a/B3-Bornim/check_net.service.B3-Bornim b/B3-Bornim/check_net.service.B3-Bornim
new file mode 100644
index 0000000..0eff326
--- /dev/null
+++ b/B3-Bornim/check_net.service.B3-Bornim
@@ -0,0 +1,16 @@
+[Unit]
+Description=Configure Routing for Internet Connections;
+After=network.target
+After=rc-local.service
+
+[Service]
+ExecStart=/usr/local/sbin/check_net.sh
+ExecStartPre=rm -rf /tmp/check_net.sh.LOCK
+ExecStopPost=rm -rf /tmp/check_net.sh.LOCK
+KillMode=control-group
+SendSIGKILL=yes
+TimeoutStopSec=2
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/B3-Bornim/check_net/check_net.conf b/B3-Bornim/check_net/check_net.conf
new file mode 100644
index 0000000..b6ea4f4
--- /dev/null
+++ b/B3-Bornim/check_net/check_net.conf
@@ -0,0 +1,133 @@
+# - Configuration file for scrupts check_net.sh and netconfig.sh
+# -
+
+LOGGING_CONSOLE=false
+DEBUG=false
+
+# - Where are your scripts located?
+# -
+check_script=/usr/local/sbin/check_net.sh
+netconfig_script=/usr/local/sbin/netconfig.sh
+
+log_file=/var/log/check_net.log
+
+
+# - Put in your DSL devices (refers to your network configuration)
+# - youe wish be congigured by that script
+# -
+# - Notice:
+# -    If not using multiple default gatways, declare the list in the order of your 
+# -    preferred default gatway devices
+# -
+# -    Example:
+# -       _INITIAL_DEVICE_LIST="eth0:192.168.63.254 ppp-light"
+# -
+_INITIAL_DEVICE_LIST="ppp-b3"
+
+# - Set to "false" uses "0.0.0.0" as remote gateway instead of the real address
+# -
+USE_REMOTE_GATEWAY_ADDRESS=true
+#USE_REMOTE_GATEWAY_ADDRESS=false
+
+# - Set default gw (roundrobin)
+# -
+# - !! SET_MULTIPLE_DEFAULT_GW=true does not work for now..
+# -
+SET_MULTIPLE_DEFAULT_GW=false
+#SET_MULTIPLE_DEFAULT_GW=true
+
+
+# - Set to false uses "0.0.0.0" as default gateway adress instaed of real remote address
+# -
+USE_DEFAULT_GW_ADDRESS=true
+#USE_DEFAULT_GW_ADDRESS=false
+
+
+# - Hostnames for ping test
+# -
+# - Note: The first two reachable hosts will be used for ping test. 
+# -
+# - Space separated list
+# -
+PING_TEST_HOSTS="oopen.de google.com heise.de debian.org ubuntu.com"
+
+
+admin_email=root
+from_address="check-inet-devices@`hostname -f`"
+company="B3 Bornim"
+content_type='Content-Type: text/plain;\n charset="utf-8"'
+
+
+# - rule_local_ips
+# -
+# - Add rule(s) for routing local ip-address(es) through a given extern interface
+# -
+# - Space separated list of entries '<ext-interface>:<local-ip>'
+# -    rule_local_ips="<ext-interface>:<local-ip> [<ext-interface>:<local-ip>] [.."
+# -
+# - Example:
+# - ========
+# - local ip 192.168.10.1 through extern interface ppp-st and 
+# - local ip 192.168.10.13 through extern interface ppp-surf1
+# -     rule_local_ips="ppp-st:192.168.10.1 ppp-surf1:192.168.10.13"
+# -
+rule_local_ips=""
+
+# - rule_remote_ips
+# -
+# - Add rule(s) for routing remote ip-address(es) through a given extern interface
+# -
+# - Space separated list of entries '<ext-interface>:<remote-ip>'
+# -    rule_remote_ips="<ext-interface>:<remote-ip> [<ext-interface>:<remote-ip>] [.."
+# -
+# - Example:
+# - ========
+# - route remote ip-address  141.1.1.1 through extern interface ppp-ckubu and 
+# - also route ip-address 8.8.8.8 through through extern interface ppp-ckubu
+# -     rule_remote_ips="ppp-ckubu:141.1.1.1 ppp-ckubu:8.8.8.8"
+# - 
+rule_remote_ips=""
+
+# - rule_local_nets
+# -
+# - Add rule(s) for routing local networks through a given extern interface out
+# -
+# - Space separated list of entries '<extern-interface>:<local-net>'
+# -    rule_local_nets="<extern-interface>:<local-net> [<extern-interface>:<local-net>] [.."
+# -
+# -
+# - Example:
+# - ========
+# -     rule_local_nets="ppp-st:192.168.11.0/25 ppp-surf1:192.168.11.128/25"
+# -
+rule_local_nets=""
+
+
+
+## ====================================
+## - Don't make changes after this Line
+## ====================================
+
+# ---
+# - Add rule(s) for routing local ip-address(es)
+# ---
+declare -a rule_local_ip_arr
+for _str in $rule_local_ips ; do
+   rule_local_ip_arr+=("$_str")
+done
+
+# ---
+# - Add rule(s) for routing remote ip-address(es)
+# ---
+declare -a rule_remote_ip_arr
+for _str in $rule_remote_ips ; do
+   rule_remote_ip_arr+=("$_str")
+done
+
+# ---
+# - Add rule(s) for routing local networks
+# ---
+declare -a rule_local_net_arr
+for _str in $rule_local_nets ; do
+   rule_local_net_arr+=("$_str")
+done
diff --git a/B3-Bornim/cron_root.B3-Bornim b/B3-Bornim/cron_root.B3-Bornim
new file mode 100644
index 0000000..8ecb404
--- /dev/null
+++ b/B3-Bornim/cron_root.B3-Bornim
@@ -0,0 +1,47 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.b4E9C4/crontab installed on Tue Oct 24 12:45:33 2017)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+PATH=/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+
+# check forwarding ( /proc/sys/net/ipv4/ip_forward contains "1" )
+# if not set this entry to "1"
+#
+0-59/2 * * * * /root/bin/monitoring/check_forwarding.sh
+
+
+# check if openvpn is running if not restart the service
+#
+0-59/30 * * * * /root/bin/monitoring/check_vpn.sh
+
+
+# check if DynDNS ip is correct, adjust if needed
+# -
+27 * * * * /root/bin/monitoring/check_dyndns.sh b3.homelinux.org
+
+
+# - copy gatewy configuration
+# -
+11 3 * * * /root/bin/manage-gw-config/copy_gateway-config.sh B3-Bornim
diff --git a/B3-Bornim/ddclient.conf.B3-Bornim b/B3-Bornim/ddclient.conf.B3-Bornim
new file mode 100644
index 0000000..f36d38d
--- /dev/null
+++ b/B3-Bornim/ddclient.conf.B3-Bornim
@@ -0,0 +1,10 @@
+# Configuration file for ddclient generated by debconf
+#
+# /etc/ddclient.conf
+
+protocol=dyndns2
+use=web, web=checkip.dyndns.com, web-skip='IP Address'
+server=members.dyndns.org
+login=ckubu
+password='7213b4e6178a11e6ab1362f831f6741e'
+b3.homelinux.org
diff --git a/B3-Bornim/default_isc-dhcp-server.B3-Bornim b/B3-Bornim/default_isc-dhcp-server.B3-Bornim
new file mode 100644
index 0000000..df30daa
--- /dev/null
+++ b/B3-Bornim/default_isc-dhcp-server.B3-Bornim
@@ -0,0 +1,21 @@
+# Defaults for isc-dhcp-server initscript
+# sourced by /etc/init.d/isc-dhcp-server
+# installed at /etc/default/isc-dhcp-server by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPD_CONF=/etc/dhcp/dhcpd.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPD_PID=/var/run/dhcpd.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACES=""
diff --git a/B3-Bornim/dhcpd.conf.B3-Bornim b/B3-Bornim/dhcpd.conf.B3-Bornim
new file mode 100644
index 0000000..7e3e0f1
--- /dev/null
+++ b/B3-Bornim/dhcpd.conf.B3-Bornim
@@ -0,0 +1,195 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.42.255;
+
+
+option domain-name "b3-bornim.netz";
+option domain-name-servers 192.168.42.1;
+
+option routers 192.168.42.254;
+
+default-lease-time 43200;
+max-lease-time 86400;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+subnet 192.168.42.0 netmask 255.255.255.0 {
+   range 192.168.42.30 192.168.42.250;
+   option domain-name "b3-bornim.netz";
+   option domain-name-servers 192.168.42.1;
+   option subnet-mask 255.255.255.0;
+   option broadcast-address 192.168.42.255;
+   option routers 192.168.42.254;
+
+}
+
+# - Alter server
+# -
+host ex-server  {
+   hardware ethernet 00:30:48:be:cc:8c ;
+   fixed-address bbb-server-alt.b3-bornim.netz ;
+}
+
+# - Susi Desktop - LAN
+# -
+host susi-desktop {
+   hardware ethernet 50:af:73:1f:d6:66;
+   fixed-address susi-desktop.b3-bornim.netz ;
+}
+
+# - Ingo Laptop - LAN
+# -
+host ingo-laptop {
+   hardware ethernet 3c:97:0e:7e:69:ad;
+   fixed-address ingo-laptop.b3-bornim.netz ;
+}
+
+# - Ingo Laptop - WLAN
+# -
+host ingo-laptop-wlan {
+   hardware ethernet 00:90:a2:ce:6a:f9;
+   fixed-address ingo-laptop-wlan.b3-bornim.netz ;
+}
+
+# - Matthias Laptop - LAN
+# -
+host mp-laptop {
+   hardware ethernet 00:22:64:54:7b:be;
+   fixed-address mp-laptop.b3-bornim.netz ;
+}
+
+# - Matthias Laptop - WLAN
+# -
+host mp-laptop-wlan {
+   hardware ethernet 00:21:5d:18:23:2e;
+   fixed-address mp-laptop-wlan.b3-bornim.netz ;
+}
+
+# - sb-desktop ( Ubuntu 12.04 )
+# -
+# - Praktikanten Rechner
+# -
+host prakti-desktop {
+   hardware ethernet 00:e0:4c:46:c0:ec ;
+   fixed-address prakti-desktop.b3-bornim.netz ;
+}
+
+
+
+# - Drucker - HP Officejet Pro 8610
+# - 
+host hp-8610 {
+   hardware ethernet 94:57:A5:9E:11:B3 ;
+   fixed-address hp-8610.b3-bornim.netz ;
+}
+host hp-8610-wlan {
+   hardware ethernet 94:57:A5:9E:11:B4 ;
+   fixed-address hp-8610-wlan.b3-bornim.netz ;
+}
+
+
+
+## - wlan router
+#host wlan {
+#   hardware ethernet 00:0f:b5:99:33:ee;
+#   fixed-address wlan.b3-bornim.netz;
+#}
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/B3-Bornim/dhcpd6.conf.B3-Bornim b/B3-Bornim/dhcpd6.conf.B3-Bornim
new file mode 100644
index 0000000..87786b4
--- /dev/null
+++ b/B3-Bornim/dhcpd6.conf.B3-Bornim
@@ -0,0 +1,102 @@
+# Server configuration file example for DHCPv6
+# From the file used for TAHI tests - addresses chosen
+# to match TAHI rather than example block.
+
+# IPv6 address valid lifetime
+#  (at the end the address is no longer usable by the client)
+#  (set to 30 days, the usual IPv6 default)
+default-lease-time 2592000;
+
+# IPv6 address preferred lifetime
+#  (at the end the address is deprecated, i.e., the client should use
+#   other addresses for new connections)
+#  (set to 7 days, the	usual IPv6 default)
+preferred-lifetime 604800;
+
+# T1, the delay before Renew
+#  (default is 1/2 preferred lifetime)
+#  (set to 1 hour)
+option dhcp-renewal-time 3600;
+
+# T2, the delay before Rebind (if Renews failed)
+#  (default is 3/4 preferred lifetime)
+#  (set to 2 hours)
+option dhcp-rebinding-time 7200;
+
+# Enable RFC 5007 support (same than for DHCPv4)
+allow leasequery;
+
+# Global definitions for name server address(es) and domain search list
+option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
+option dhcp6.domain-search "test.example.com","example.com";
+
+# Set preference to 255 (maximum) in order to avoid waiting for
+# additional servers when there is only one
+##option dhcp6.preference 255;
+
+# Server side command to enable rapid-commit (2 packet exchange)
+##option dhcp6.rapid-commit;
+
+# The delay before information-request refresh
+#  (minimum is 10 minutes, maximum one day, default is to not refresh)
+#  (set to 6 hours)
+option dhcp6.info-refresh-time 21600;
+
+# Static definition (must be global)
+#host myclient {
+#	# The entry is looked up by this
+#	host-identifier option
+#		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
+#
+#	# A fixed address
+#	fixed-address6 3ffe:501:ffff:100::1234;
+#
+#	# A fixed prefix
+#	fixed-prefix6 3ffe:501:ffff:101::/64;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
+#
+#	# For debug (to see when the entry statements are executed)
+#	#  (log "sol" when a matching Solicitation is received)
+#	##if packet(0,1) = 1 { log(debug,"sol"); }
+#}
+#
+#host otherclient {
+#        # This host entry is hopefully matched if the client supplies a DUID-LL
+#        # or DUID-LLT containing this MAC address.
+#        hardware ethernet 01:00:80:a2:55:67;
+#
+#        fixed-address6 3ffe:501:ffff:100::4321;
+#}
+
+# The subnet where the server is attached
+#  (i.e., the server has an address in this subnet)
+#subnet6 3ffe:501:ffff:100::/64 {
+#	# Two addresses available to clients
+#	#  (the third client should get NoAddrsAvail)
+#	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
+#
+#	# Use the whole /64 prefix for temporary addresses
+#	#  (i.e., direct application of RFC 4941)
+#	range6 3ffe:501:ffff:100:: temporary;
+#
+#	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
+#	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
+#}
+
+# A second subnet behind a relay agent
+#subnet6 3ffe:501:ffff:101::/64 {
+#	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
+#
+#}
+
+# A third subnet behind a relay agent chain
+#subnet6 3ffe:501:ffff:102::/64 {
+#	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
+#}
diff --git a/B3-Bornim/hostname.B3-Bornim b/B3-Bornim/hostname.B3-Bornim
new file mode 100644
index 0000000..a8b0069
--- /dev/null
+++ b/B3-Bornim/hostname.B3-Bornim
@@ -0,0 +1 @@
+gw-b3
diff --git a/B3-Bornim/hosts.B3-Bornim b/B3-Bornim/hosts.B3-Bornim
new file mode 100644
index 0000000..56074e7
--- /dev/null
+++ b/B3-Bornim/hosts.B3-Bornim
@@ -0,0 +1,8 @@
+127.0.0.1	localhost
+
+192.168.42.254	gw-b3.b3-bornim.netz	gw-b3
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/B3-Bornim/interfaces.B3-Bornim b/B3-Bornim/interfaces.B3-Bornim
new file mode 100644
index 0000000..628b3f1
--- /dev/null
+++ b/B3-Bornim/interfaces.B3-Bornim
@@ -0,0 +1,97 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+
+
+#-----------------------------
+# eth0 - WLAN
+#-----------------------------
+
+auto eth0
+iface eth0 inet static
+   address 192.168.43.254
+   network 192.168.43.0
+   netmask 255.255.255.0
+   broadcast 192.168.43.255
+
+
+#-----------------------------
+# eth1 - LAN
+#-----------------------------
+
+auto eth1 eth1:ns
+iface eth1 inet static
+   address 192.168.42.254
+   network 192.168.42.0
+   netmask 255.255.255.0
+   broadcast 192.168.42.255
+
+iface eth1:ns inet static
+   address 192.168.42.1
+   network 192.168.42.1
+   netmask 255.255.255.255
+   broadcast 192.168.42.1
+
+
+#-----------------------------
+# eth2 - WAN
+#-----------------------------
+
+# The primary network interface
+auto eth2
+iface eth2 inet static
+	address 172.16.42.1
+	netmask 255.255.255.0
+	network 172.16.42.0
+	broadcast 172.16.42.255
+	gateway 172.16.42.254
+   #post-up vconfig add eth2 7
+   #post-down vconfig rem eth2.7
+	## dns-* options are implemented by the resolvconf package, if installed
+	#dns-nameservers 172.16.42.1
+	#dns-search b3-bornim.netz
+
+#iface eth2 inet static
+#	address 172.17.42.1
+#	netmask 255.255.255.0
+#	network 172.17.42.0
+#	broadcast 172.17.42.255
+#	gateway 172.17.42.254
+#   post-up vconfig add eth2 7
+#   post-down vconfig rem eth2.7
+#	# dns-* options are implemented by the resolvconf package, if installed
+#	dns-nameservers 172.16.42.1
+#	dns-search b3-bornim.netz
+
+#auto eth2:atb
+#iface eth2:atb inet static
+#   address 10.2.1.50
+#   netmask 255.255.255.0
+#   network 10.2.1.0
+
+
+#auto dsl-b3
+#iface dsl-b3 inet ppp
+#   pre-up /sbin/ifconfig eth2 up # line maintained by pppoeconf
+#   pre-up /sbin/ifconfig eth2.7 up # line maintained by pppoeconf
+#   provider dsl-b3
+
+
+
+
+#-----------------------------
+# eth3 - ATB
+#-----------------------------
+
+#auto eth3
+#iface eth3 inet static
+#   address 10.2.1.50
+#   netmask 255.255.255.0
+#   network 10.2.1.0
+#   #gateway 10.2.1.1
diff --git a/B3-Bornim/ipt-firewall.service.B3-Bornim b/B3-Bornim/ipt-firewall.service.B3-Bornim
new file mode 100644
index 0000000..9842090
--- /dev/null
+++ b/B3-Bornim/ipt-firewall.service.B3-Bornim
@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+SyslogIdentifier="ipt-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/B3-Bornim/ipt-firewall/default_ports.conf b/B3-Bornim/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..a6ee932
--- /dev/null
+++ b/B3-Bornim/ipt-firewall/default_ports.conf
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/B3-Bornim/ipt-firewall/include_functions.conf b/B3-Bornim/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/B3-Bornim/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/B3-Bornim/ipt-firewall/interfaces_ipv4.conf b/B3-Bornim/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..cc13dc1
--- /dev/null
+++ b/B3-Bornim/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1="ppp-b3"
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="eth0"
+local_if_2="eth1"
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/B3-Bornim/ipt-firewall/interfaces_ipv4.conf.sample b/B3-Bornim/ipt-firewall/interfaces_ipv4.conf.sample
new file mode 100644
index 0000000..43127e1
--- /dev/null
+++ b/B3-Bornim/ipt-firewall/interfaces_ipv4.conf.sample
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1=""
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1=""
+local_if_2=""
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/B3-Bornim/ipt-firewall/interfaces_ipv6.conf.sample b/B3-Bornim/ipt-firewall/interfaces_ipv6.conf.sample
new file mode 100644
index 0000000..b306637
--- /dev/null
+++ b/B3-Bornim/ipt-firewall/interfaces_ipv6.conf.sample
@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+# -
+# - Example:
+# -    ext_if_static_1="sixxs"
+# -
+ext_if_static_1=""
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1=""
+local_if_2=""
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/B3-Bornim/ipt-firewall/load_modules_ipv4.conf b/B3-Bornim/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/B3-Bornim/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/B3-Bornim/ipt-firewall/load_modules_ipv6.conf b/B3-Bornim/ipt-firewall/load_modules_ipv6.conf
new file mode 100644
index 0000000..2c55689
--- /dev/null
+++ b/B3-Bornim/ipt-firewall/load_modules_ipv6.conf
@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle
diff --git a/B3-Bornim/ipt-firewall/logging_ipv4.conf b/B3-Bornim/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..e653972
--- /dev/null
+++ b/B3-Bornim/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/B3-Bornim/ipt-firewall/logging_ipv6.conf b/B3-Bornim/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..a024215
--- /dev/null
+++ b/B3-Bornim/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/B3-Bornim/ipt-firewall/main_ipv4.conf b/B3-Bornim/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..1903e7d
--- /dev/null
+++ b/B3-Bornim/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1388 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+
+_ips="$(ip a | grep "inet " | awk '{print$2}' | cut -d'/' -f1)"
+for _ip in $_ips ; do
+   gateway_ipv4_address_arr+=("$_ip")
+done
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# - =====
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                    86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service="
+   172.16.42.0/24:192.168.42.1:53:udp
+   172.16.42.0/24:192.168.42.1:53:tcp"
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip=""
+#allow_local_net_to_local_ip="192.168.42.0/24:10.2.1.0/24"
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_2}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks=""
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_2 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195 1196"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports=""
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - Ist this Gateway DHCP Client?
+# - 
+# - local_dhcp_client_interfaces="<interface1> [<interface> [.."
+# -
+# - Example:
+# -    dhcp_client_interfaces="$ext_if_static_1"
+# -
+dhcp_client_interfaces=""
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+ssh_server_dmz_arr[192.168.42.10]=$ext_if_static_1
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - HP Officejet Pro 8610     192.168.42.56 (Admin Interface)
+# -
+# - Accesspoit FritBox 7170   192.168.42.60
+# -
+# - Blank separated list
+# -
+http_server_only_local_ips="
+   192.168.42.56 
+   192.168.42.60"
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - SMTP server (i.e. mail relay service) Gateway
+# -
+local_smtp_service=false
+
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+samba_server_local_ips="192.168.42.10"
+
+# - Samba Service DMZ
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips="192.168.42.0/24"
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=false
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - Blank seoarated list
+# -
+# - 172.16.42.15     IPMI Gateway
+# - 192.168.42.15    IPMI Fileserver (bbb-server)
+# -
+ipmi_server_ips="172.16.42.15 192.168.42.15"
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_ports="623 5900"
+ipmi_tcp_ports="80 443 623 3520"
+
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - 192.168.42.56 HP Officejet Pro 8610
+# -
+# - Blank separated list
+# -
+printer_ips="192.168.42.56"
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips=""
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_2"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade (NAT) networks
+# -
+# -    nat_networks="<src-network>:<output-device> [<src-network>:<output-device>] [.."
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -    nat_network="172.16.1.0/24:${local_if_2}
+# -                 172.16.63.0/24:${ext_if_static_1}"
+# -
+# - 172.16.1.0/24    Rescue network (routers)
+# -
+nat_networks=""
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_2} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_2}"
+# -
+# -    192.168.42.60: FRITZBox! Accesspoint (from VPN Connections gw-ckubu home-ckubu)
+# -    172.16.42.254: FRITZ!Box 7490 (Router)
+# -
+# -
+# - Blank separated list
+# -
+#masquerade_tcp_cons="
+#   192.168.63.0/24:192.168.42.60:80:${local_if_2}
+#   10.0.0.0/8:192.168.42.60:80:${local_if_2}
+#   192.168.63.0/24:172.16.42.254:80:${local_if_2}
+#   10.0.0.0/8:172.16.42.254:80:${local_if_2}
+#   192.168.63.0/24:172.16.42.254:43204:${local_if_2}
+#   10.0.0.0/8:172.16.42.254:43204:${local_if_2}
+#   192.168.42.0/24:172.16.42.254:80:${local_if_2}
+#   192.168.42.0/24:172.16.42.254:43204:${local_if_2}"
+masquerade_tcp_cons="
+   192.168.63.0/24:192.168.42.60:80:${local_if_2}
+   10.0.0.0/8:192.168.42.60:80:${local_if_2}
+   192.168.63.0/24:172.16.42.15:443:${ext_if_static_1}
+   10.0.0.0/8:172.16.42.15:443:${ext_if_static_1}
+   192.168.63.0/24:172.16.42.254:80:${ext_if_static_1}
+   10.0.0.0/8:172.16.42.254:80:${ext_if_static_1}
+   192.168.63.0/24:172.16.42.254:43204:${ext_if_static_1}
+   10.0.0.0/8:172.16.42.254:43204:${ext_if_static_1}
+   192.168.42.0/24:172.16.42.254:80:${ext_if_static_1}
+   192.168.42.0/24:172.16.42.254:43204:${ext_if_static_1}"
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# - Blank separated list
+# -
+portforward_tcp=""
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+allow_cisco_vpn_out=false
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=false
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=false
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=false
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14"
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/B3-Bornim/ipt-firewall/post_decalrations.conf b/B3-Bornim/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..7d0e9bf
--- /dev/null
+++ b/B3-Bornim/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/B3-Bornim/mailname.B3-Bornim b/B3-Bornim/mailname.B3-Bornim
new file mode 100644
index 0000000..a4ba32f
--- /dev/null
+++ b/B3-Bornim/mailname.B3-Bornim
@@ -0,0 +1 @@
+gw-b3.b3-bornim.netz
diff --git a/B3-Bornim/main.cf.B3-Bornim b/B3-Bornim/main.cf.B3-Bornim
new file mode 100644
index 0000000..1c375e0
--- /dev/null
+++ b/B3-Bornim/main.cf.B3-Bornim
@@ -0,0 +1,270 @@
+# ============ Basic settings ============
+
+compatibility_level = 2
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+
+## - The Internet protocols Postfix will attempt to use when making 
+## - or accepting connections.
+## - DEFAULT: ipv4
+inet_protocols = ipv4
+
+#inet_interfaces = all
+inet_interfaces =
+   127.0.0.1
+   #192.168.42.254
+
+myhostname = gw-b3.b3-bornim.netz
+
+mydestination = 
+   gw-b3.b3-bornim.netz
+   localhost
+
+## - The list of "trusted" SMTP clients that have more 
+## - privileges than "strangers"
+## -
+mynetworks = 
+   127.0.0.0/8
+   192.168.42.254/32
+
+#smtp_bind_address = 192.168.42.254
+#smtp_bind_address6 = 
+
+
+## - The method to generate the default value for the mynetworks parameter.
+## -
+## -   mynetworks_style = host" when Postfix should "trust" only the local machine
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -                       clients in the same IP subnetworks as the local machine.
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -                      IP class A/B/C networks as the local machine.
+## -
+#mynetworks_style = host
+
+
+## - The maximal size of any local(8) individual mailbox or maildir file, 
+## - or zero (no limit). In fact, this limits the size of any file that is 
+## - written to upon local delivery, including files written by external 
+## - commands that are executed by the local(8) delivery agent. 
+## -
+mailbox_size_limit = 0
+
+## - The maximal size in bytes of a message, including envelope information.
+## -
+## - we user 50MB
+## -
+message_size_limit = 52480000
+
+## - The system-wide recipient address extension delimiter
+## -
+recipient_delimiter = +
+
+## - The alias databases that are used for local(8) delivery.
+## -
+alias_maps =
+   hash:/etc/aliases
+
+## - The alias databases for local(8) delivery that are updated 
+## - with "newaliases" or with "sendmail -bi". 
+## -
+alias_database =
+   hash:/etc/aliases
+
+
+## - The maximal time a message is queued before it is sent back as 
+## - undeliverable. Defaults to 5d (5 days)
+## - Specify 0 when mail delivery should be tried only once.
+## - 
+maximal_queue_lifetime = 3d
+bounce_queue_lifetime = $maximal_queue_lifetime
+
+## - delay_warning_time (default: 0h)
+## -
+## - The time after which the sender receives a copy of the message 
+## - headers of mail that is still queued. To enable this feature, 
+## - specify a non-zero time value (an integral value plus an optional 
+## - one-letter suffix that specifies the time unit). 
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
+## - The default time unit is h (hours). 
+delay_warning_time = 1d
+
+
+
+# ============ Relay parameters ============
+
+#relayhost =
+
+
+# ============ SASL authentication ============
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+
+
+
+# ============ TLS parameters ============
+
+## - Aktiviert TLS für den Mailempfang
+## -
+## - may:
+## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - SMTP server, otherwise use plaintext
+## -
+## - This overrides the obsolete parameters smtpd_use_tls and 
+## - smtpd_enforce_tls. This parameter is ignored with 
+## - "smtpd_tls_wrappermode = yes".
+#smtpd_use_tls=yes
+smtp_tls_security_level=encrypt
+
+## - Aktiviert TLS für den Mailversand
+## -
+## - may:
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - but do not require that clients use TLS encryption.
+# smtp_use_tls=yes
+smtpd_tls_security_level=may
+
+## -    0 Disable logging of TLS activity. 
+## -    1 Log TLS handshake and certificate information. 
+## -    2 Log levels during TLS negotiation. 
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
+
+smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
+smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
+## -
+#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
+## - also possible to use 2048 key with that parameter
+## -
+smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
+## -
+smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
+
+
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
+## - server certificates or intermediate CA certificates. These are loaded into 
+## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
+## - 
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - necessary "hash" links with, for example, "
+## - /bin/c_rehash /etc/postfix/certs". 
+## -
+## - !! Note !!
+## - To use this option in chroot mode, this directory (or a copy) must be inside 
+## - the chroot jail. 
+## -
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - queue directory (/var/spool/postfix)
+## -
+#smtpd_tls_CApath = /etc/postfix/certs
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP server 
+# 
+# List of TLS protocols that the Postfix SMTP server will exclude or  
+# include with opportunistic TLS encryption.  
+smtpd_tls_protocols = !SSLv2, !SSLv3
+# 
+# The SSL/TLS protocols accepted by the Postfix SMTP server  
+# with mandatory TLS encryption. 
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP client 
+#  
+# List of TLS protocols that the Postfix SMTP client will exclude or  
+# include with opportunistic TLS encryption.  
+smtp_tls_protocols = !SSLv2, !SSLv3
+# 
+# List of SSL/TLS protocols that the Postfix SMTP client will use  
+# with mandatory TLS encryption 
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
+## -    openssl > 1.0
+## -
+smtpd_tls_eecdh_grade = strong
+
+# standard list cryptographic algorithm
+tls_preempt_cipherlist = yes
+
+# Disable ciphers which are less than 256-bit:
+#
+#smtpd_tls_mandatory_ciphers = high
+#
+# opportunistic
+smtpd_tls_ciphers = high
+
+
+# Exclude ciphers
+#smtpd_tls_exclude_ciphers =
+#   RC4
+#   aNULL
+#   SEED-SHA
+#   EXP
+#   MD5
+smtpd_tls_exclude_ciphers =
+   aNULL
+   eNULL
+   EXPORT
+   DES
+   RC4
+   MD5
+   PSK
+   aECDH
+   EDH-DSS-DES-CBC3-SHA
+   EDH-RSA-DES-CDC3-SHA
+   KRB5-DE5, CBC3-SHA
+
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
diff --git a/B3-Bornim/openvpn/ccd/server-gw-ckubu/B3-VPN-gw-ckubu b/B3-Bornim/openvpn/ccd/server-gw-ckubu/B3-VPN-gw-ckubu
new file mode 100644
index 0000000..c0ee4c4
--- /dev/null
+++ b/B3-Bornim/openvpn/ccd/server-gw-ckubu/B3-VPN-gw-ckubu
@@ -0,0 +1,5 @@
+ifconfig-push 10.1.42.2 255.255.255.0
+push "route 192.168.42.0 255.255.255.0 10.1.42.1"
+push "route 172.16.42.0 255.255.255.0 10.1.42.1"
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0
diff --git a/B3-Bornim/openvpn/ccd/server-home/B3-VPN-chris b/B3-Bornim/openvpn/ccd/server-home/B3-VPN-chris
new file mode 100644
index 0000000..6feb1d4
--- /dev/null
+++ b/B3-Bornim/openvpn/ccd/server-home/B3-VPN-chris
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.42.3 255.255.255.0
+#push "route 192.168.42.0 255.255.255.0"
diff --git a/B3-Bornim/openvpn/ccd/server-home/B3-VPN-matthias b/B3-Bornim/openvpn/ccd/server-home/B3-VPN-matthias
new file mode 100644
index 0000000..d3c6d7c
--- /dev/null
+++ b/B3-Bornim/openvpn/ccd/server-home/B3-VPN-matthias
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.42.2 255.255.255.0
+#push "route 192.168.42.0 255.255.255.0"
diff --git a/B3-Bornim/openvpn/crl.pem b/B3-Bornim/openvpn/crl.pem
new file mode 120000
index 0000000..98dd55e
--- /dev/null
+++ b/B3-Bornim/openvpn/crl.pem
@@ -0,0 +1 @@
+keys/crl.pem
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/build-ca b/B3-Bornim/openvpn/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/build-dh b/B3-Bornim/openvpn/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/build-inter b/B3-Bornim/openvpn/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/build-key b/B3-Bornim/openvpn/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/build-key-pass b/B3-Bornim/openvpn/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/build-key-pkcs12 b/B3-Bornim/openvpn/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/build-key-server b/B3-Bornim/openvpn/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/build-req b/B3-Bornim/openvpn/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/build-req-pass b/B3-Bornim/openvpn/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/clean-all b/B3-Bornim/openvpn/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/inherit-inter b/B3-Bornim/openvpn/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/list-crl b/B3-Bornim/openvpn/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/openssl-0.9.6.cnf b/B3-Bornim/openvpn/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/B3-Bornim/openvpn/easy-rsa/openssl-0.9.8.cnf b/B3-Bornim/openvpn/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/B3-Bornim/openvpn/easy-rsa/openssl-1.0.0.cnf b/B3-Bornim/openvpn/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..5245ed7
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 3650			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/B3-Bornim/openvpn/easy-rsa/openssl-1.1.0.cnf b/B3-Bornim/openvpn/easy-rsa/openssl-1.1.0.cnf
new file mode 100644
index 0000000..5245ed7
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/openssl-1.1.0.cnf
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 3650			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/B3-Bornim/openvpn/easy-rsa/openssl.cnf b/B3-Bornim/openvpn/easy-rsa/openssl.cnf
new file mode 120000
index 0000000..9cc2ab3
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/openssl.cnf
@@ -0,0 +1 @@
+openssl-1.0.0.cnf
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/pkitool b/B3-Bornim/openvpn/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/revoke-full b/B3-Bornim/openvpn/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/sign-req b/B3-Bornim/openvpn/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/easy-rsa/vars b/B3-Bornim/openvpn/easy-rsa/vars
new file mode 100644
index 0000000..4b1628f
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/vars
@@ -0,0 +1,95 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="O.OPEN"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="ckubu-adm@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN B3"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-B3"
+
+export KEY_ALTNAMES="VPN B3"
diff --git a/B3-Bornim/openvpn/easy-rsa/vars.ORIG b/B3-Bornim/openvpn/easy-rsa/vars.ORIG
new file mode 100644
index 0000000..e60420c
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/vars.ORIG
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/B3-Bornim/openvpn/easy-rsa/whichopensslcnf b/B3-Bornim/openvpn/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/B3-Bornim/openvpn/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/B3-Bornim/openvpn/ipp.txt b/B3-Bornim/openvpn/ipp.txt
new file mode 100644
index 0000000..e69de29
diff --git a/B3-Bornim/openvpn/keys/01.pem b/B3-Bornim/openvpn/keys/01.pem
new file mode 100644
index 0000000..98db11e
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/01.pem
@@ -0,0 +1,100 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 22 02:22:16 2017 GMT
+            Not After : Mar 22 02:22:16 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=B3-VPN-server/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:cc:97:ca:e4:d5:10:43:3b:8d:1e:a3:37:01:01:
+                    1d:09:b1:98:cc:f2:86:f8:c5:e9:a6:11:34:93:22:
+                    0a:7e:ec:9a:08:34:1d:b2:d3:db:49:8b:85:f7:a7:
+                    44:63:06:32:76:dc:93:ff:80:34:7a:8c:a1:a6:b4:
+                    0b:d3:2f:32:6f:52:bf:37:19:4d:03:6f:30:f3:6f:
+                    c2:cd:28:2c:d7:4a:bf:ec:90:35:7e:d6:93:26:ed:
+                    b6:24:ac:0f:c7:e7:04:60:c4:ed:01:cf:54:14:a1:
+                    9b:66:6b:17:82:be:ff:1e:30:2e:05:3a:a0:75:60:
+                    d6:8e:af:38:70:db:5f:72:79:3f:60:40:82:2b:97:
+                    26:82:8a:8a:f5:bb:17:9d:75:01:e0:7d:6d:4c:9c:
+                    15:7e:cd:fb:5e:01:f5:73:71:29:73:43:ab:6d:b6:
+                    08:1c:97:27:d0:5c:57:8e:7f:f8:b4:62:95:e0:a8:
+                    79:bc:e8:66:71:b7:8e:56:7c:65:49:b1:ca:9c:1d:
+                    0d:12:8c:ae:fb:95:c2:46:7b:5e:8c:db:63:7b:fe:
+                    48:fa:7b:7a:c6:d3:80:84:89:dd:ff:81:59:f6:c6:
+                    51:96:7a:21:58:c8:5d:57:06:ca:9b:e2:d0:3c:4e:
+                    4f:fa:1e:7b:e9:0a:cc:d6:85:b1:67:18:32:85:e0:
+                    45:53
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                FB:4E:20:BC:76:45:51:1F:F4:B4:28:8C:9F:B2:6C:45:01:88:12:E7
+            X509v3 Authority Key Identifier: 
+                keyid:1F:2E:5E:B0:40:0D:92:A7:09:83:DA:25:6C:19:20:9E:C9:60:CD:21
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+                serial:E5:9B:8C:3A:EB:E7:6E:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         ab:2c:b0:a8:a6:df:75:a7:9b:c4:f5:00:c4:a5:06:4a:16:d0:
+         17:7d:61:35:f5:97:3e:6b:14:a7:32:31:6b:f8:68:3f:45:13:
+         cb:72:20:fb:6b:ff:cb:b9:b2:60:3e:eb:b5:6d:5f:10:4a:39:
+         cd:1e:bc:ec:8d:cb:0d:b7:40:e7:d7:2d:ba:c3:e3:f4:ec:24:
+         34:9d:e0:0d:d3:d7:30:6a:e1:ed:50:1a:f2:47:51:57:5d:6f:
+         5c:cb:11:d3:c4:f1:ea:f4:09:ee:c2:5a:3c:92:41:54:01:5f:
+         1a:33:fb:f1:8e:f9:0a:8f:8f:74:f8:9b:39:8d:ef:10:06:3f:
+         b1:3d:e2:80:0c:4f:76:fe:d8:c2:04:d7:58:d7:4d:2c:a5:cb:
+         74:91:13:71:e8:33:93:db:e9:81:9c:bc:0b:88:6f:57:15:3b:
+         9b:3d:6e:3e:54:ee:1a:46:45:25:20:a1:dc:3a:a2:6e:c8:b2:
+         a2:4a:00:3a:67:89:61:c8:4a:32:ec:6c:39:a3:9b:65:3a:65:
+         f4:93:23:ba:59:0c:59:10:7f:e3:3f:61:b1:8d:31:8e:44:3c:
+         36:38:46:df:f9:4c:c4:69:5a:b6:3e:65:94:27:d1:38:90:d3:
+         7b:a1:e3:0d:f7:1f:6d:41:85:77:f1:15:bb:92:46:44:50:58:
+         21:97:40:65
+-----BEGIN CERTIFICATE-----
+MIIFUDCCBDigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1j
+YTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwHhcNMTcwMzIyMDIyMjE2WhcNMzcwMzIyMDIyMjE2WjCBpzELMAkGA1UE
+BhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQK
+EwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFjAUBgNVBAMTDUIz
+LVZQTi1zZXJ2ZXIxDzANBgNVBCkTBlZQTiBCMzEhMB8GCSqGSIb3DQEJARYSY2t1
+YnUtYWRtQG9vcGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+zJfK5NUQQzuNHqM3AQEdCbGYzPKG+MXpphE0kyIKfuyaCDQdstPbSYuF96dEYwYy
+dtyT/4A0eoyhprQL0y8yb1K/NxlNA28w82/CzSgs10q/7JA1ftaTJu22JKwPx+cE
+YMTtAc9UFKGbZmsXgr7/HjAuBTqgdWDWjq84cNtfcnk/YECCK5cmgoqK9bsXnXUB
+4H1tTJwVfs37XgH1c3Epc0OrbbYIHJcn0FxXjn/4tGKV4Kh5vOhmcbeOVnxlSbHK
+nB0NEoyu+5XCRntejNtje/5I+nt6xtOAhInd/4FZ9sZRlnohWMhdVwbKm+LQPE5P
++h576QrM1oWxZxgyheBFUwIDAQABo4IBhzCCAYMwCQYDVR0TBAIwADARBglghkgB
+hvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBT
+ZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPtOILx2RVEf9LQojJ+ybEUBiBLn
+MIHYBgNVHSMEgdAwgc2AFB8uXrBADZKnCYPaJWwZIJ7JYM0hoYGppIGmMIGjMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAGA1UE
+AxMJVlBOLUIzLWNhMQ8wDQYDVQQpEwZWUE4gQjMxITAfBgkqhkiG9w0BCQEWEmNr
+dWJ1LWFkbUBvb3Blbi5kZYIJAOWbjDrr526ZMBMGA1UdJQQMMAoGCCsGAQUFBwMB
+MAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcNAQELBQAD
+ggEBAKsssKim33Wnm8T1AMSlBkoW0Bd9YTX1lz5rFKcyMWv4aD9FE8tyIPtr/8u5
+smA+67VtXxBKOc0evOyNyw23QOfXLbrD4/TsJDSd4A3T1zBq4e1QGvJHUVddb1zL
+EdPE8er0Ce7CWjySQVQBXxoz+/GO+QqPj3T4mzmN7xAGP7E94oAMT3b+2MIE11jX
+TSyly3SRE3HoM5Pb6YGcvAuIb1cVO5s9bj5U7hpGRSUgodw6om7IsqJKADpniWHI
+SjLsbDmjm2U6ZfSTI7pZDFkQf+M/YbGNMY5EPDY4Rt/5TMRpWrY+ZZQn0TiQ03uh
+4w33H21BhXfxFbuSRkRQWCGXQGU=
+-----END CERTIFICATE-----
diff --git a/B3-Bornim/openvpn/keys/02.pem b/B3-Bornim/openvpn/keys/02.pem
new file mode 100644
index 0000000..6ead50d
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/02.pem
@@ -0,0 +1,97 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 22 02:24:54 2017 GMT
+            Not After : Mar 22 02:24:54 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=B3-VPN-chris/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:e3:b0:23:45:0e:07:84:b2:29:3d:0b:66:32:ca:
+                    ac:7f:ac:8a:2d:6b:11:eb:87:20:25:d0:3b:94:6a:
+                    05:b9:da:82:32:28:4e:cf:a8:9b:dc:6a:6b:1b:95:
+                    13:75:6e:ed:fb:fc:1d:8d:fe:23:cd:a1:0b:74:41:
+                    b1:4b:c8:59:9e:2d:5e:ff:46:21:83:32:19:fb:2a:
+                    ba:5b:9d:3c:f1:64:95:be:c3:cd:79:c4:ca:ef:71:
+                    6a:65:6f:81:0d:45:75:11:79:47:51:5e:db:85:c1:
+                    1b:c2:a2:c7:10:d3:39:09:ae:3a:e7:d1:15:91:08:
+                    fd:c8:25:cb:35:08:cf:fd:41:96:e3:59:6b:63:8a:
+                    e8:4a:12:bd:ee:b0:c2:97:fa:4f:3c:fe:98:02:58:
+                    2c:f4:d0:29:48:e9:5c:3d:f0:3a:f6:9c:b3:70:f9:
+                    a0:fb:f7:99:0a:5f:27:09:5e:de:0b:b1:02:26:c7:
+                    91:e0:3f:47:61:c6:52:13:2f:11:a5:77:45:2e:b9:
+                    40:3c:a3:40:10:5a:6c:5b:16:c7:2d:9e:aa:7f:45:
+                    c0:35:cb:11:45:89:00:38:08:9b:43:c3:01:bc:3a:
+                    3c:96:5e:56:03:67:69:b6:18:7a:ad:7f:22:44:8a:
+                    5c:6d:41:96:b6:08:87:fa:d5:99:6a:02:38:91:43:
+                    2d:ed
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                9E:9D:71:FC:38:46:22:BC:2B:8C:79:FE:09:44:0A:48:9D:AD:3E:5B
+            X509v3 Authority Key Identifier: 
+                keyid:1F:2E:5E:B0:40:0D:92:A7:09:83:DA:25:6C:19:20:9E:C9:60:CD:21
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+                serial:E5:9B:8C:3A:EB:E7:6E:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         03:72:39:b6:b0:4d:c8:9a:8d:39:b0:9f:43:8a:9d:93:17:06:
+         c7:45:40:00:21:d1:49:9c:69:55:e3:cb:19:fa:fe:94:c2:8c:
+         5e:18:74:a3:9b:95:b1:91:9a:4b:3c:cd:ec:47:d4:49:2d:8b:
+         e9:87:0c:cc:02:ea:e9:c7:51:14:f9:9c:c7:08:2a:c2:7d:c6:
+         49:d4:38:13:29:b6:f9:6f:60:c5:59:0b:96:a8:24:0c:c1:bd:
+         94:6a:48:66:aa:4d:b0:06:9c:2c:59:da:d1:43:35:f4:12:2a:
+         b3:3d:e1:43:e2:1d:46:dd:19:02:93:50:92:48:27:4b:77:9e:
+         29:7c:4d:db:05:fd:1d:4a:4a:09:70:f4:48:0c:4b:12:b8:fe:
+         94:3f:af:38:8e:c8:77:5a:c3:c3:2c:d1:cf:0e:4a:5d:40:62:
+         cd:be:52:6f:c7:55:b4:ac:59:5b:13:0f:ed:51:56:bf:4f:67:
+         d0:7d:4e:08:7c:84:b7:76:9d:a0:91:26:dc:12:38:ac:e2:b4:
+         57:b7:0c:5e:00:37:6f:f3:b0:3d:d5:28:d8:a5:9f:31:4c:32:
+         66:c6:56:a6:8c:57:2e:f8:a5:11:7b:69:c1:be:59:3e:f7:a5:
+         81:3b:d6:64:28:4e:72:be:cd:43:37:38:ca:16:1d:3a:5a:20:
+         19:46:f8:d3
+-----BEGIN CERTIFICATE-----
+MIIFNDCCBBygAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1j
+YTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwHhcNMTcwMzIyMDIyNDU0WhcNMzcwMzIyMDIyNDU0WjCBpjELMAkGA1UE
+BhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQK
+EwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFTATBgNVBAMTDEIz
+LVZQTi1jaHJpczEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3Vi
+dS1hZG1Ab29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj
+sCNFDgeEsik9C2Yyyqx/rIotaxHrhyAl0DuUagW52oIyKE7PqJvcamsblRN1bu37
+/B2N/iPNoQt0QbFLyFmeLV7/RiGDMhn7KrpbnTzxZJW+w815xMrvcWplb4ENRXUR
+eUdRXtuFwRvCoscQ0zkJrjrn0RWRCP3IJcs1CM/9QZbjWWtjiuhKEr3usMKX+k88
+/pgCWCz00ClI6Vw98Dr2nLNw+aD795kKXycJXt4LsQImx5HgP0dhxlITLxGld0Uu
+uUA8o0AQWmxbFsctnqp/RcA1yxFFiQA4CJtDwwG8OjyWXlYDZ2m2GHqtfyJEilxt
+QZa2CIf61ZlqAjiRQy3tAgMBAAGjggFsMIIBaDAJBgNVHRMEAjAAMC0GCWCGSAGG
++EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE
+FJ6dcfw4RiK8K4x5/glECkidrT5bMIHYBgNVHSMEgdAwgc2AFB8uXrBADZKnCYPa
+JWwZIJ7JYM0hoYGppIGmMIGjMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGlu
+MQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0
+d29yayBTZXJ2aWNlczESMBAGA1UEAxMJVlBOLUIzLWNhMQ8wDQYDVQQpEwZWUE4g
+QjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOWbjDrr526Z
+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVj
+aHJpczANBgkqhkiG9w0BAQsFAAOCAQEAA3I5trBNyJqNObCfQ4qdkxcGx0VAACHR
+SZxpVePLGfr+lMKMXhh0o5uVsZGaSzzN7EfUSS2L6YcMzALq6cdRFPmcxwgqwn3G
+SdQ4Eym2+W9gxVkLlqgkDMG9lGpIZqpNsAacLFna0UM19BIqsz3hQ+IdRt0ZApNQ
+kkgnS3eeKXxN2wX9HUpKCXD0SAxLErj+lD+vOI7Id1rDwyzRzw5KXUBizb5Sb8dV
+tKxZWxMP7VFWv09n0H1OCHyEt3adoJEm3BI4rOK0V7cMXgA3b/OwPdUo2KWfMUwy
+ZsZWpoxXLvilEXtpwb5ZPvelgTvWZChOcr7NQzc4yhYdOlogGUb40w==
+-----END CERTIFICATE-----
diff --git a/B3-Bornim/openvpn/keys/03.pem b/B3-Bornim/openvpn/keys/03.pem
new file mode 100644
index 0000000..96df26f
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/03.pem
@@ -0,0 +1,97 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 22 02:25:44 2017 GMT
+            Not After : Mar 22 02:25:44 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=B3-VPN-gw-ckubu/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a0:12:ec:ae:52:b3:19:53:4d:f4:ca:96:dc:4f:
+                    b8:94:e3:ff:77:97:93:2c:63:1f:af:b2:d5:e9:d4:
+                    32:16:ea:b5:62:93:c6:49:e4:48:1d:38:8b:a3:ac:
+                    11:82:50:05:24:6c:d4:5e:9b:d6:06:e5:a3:a2:77:
+                    eb:3c:14:23:2c:d0:3c:2d:15:32:8e:79:74:47:2d:
+                    1b:1b:e6:bc:bb:cd:f1:d7:e4:25:67:27:d9:e7:14:
+                    96:78:2f:f2:2e:a8:76:df:0f:20:18:ab:d6:54:31:
+                    72:88:81:be:17:2c:0d:e1:65:9f:17:b9:88:e2:b8:
+                    d4:ec:3e:a4:61:46:db:03:da:69:2d:be:2e:24:b9:
+                    53:59:9d:3d:ef:2b:75:ef:1b:40:ea:f7:a6:b2:7f:
+                    3c:b7:46:e4:f7:6c:db:8b:cc:4a:cc:3c:df:0e:a7:
+                    8c:39:2b:30:53:4a:19:10:84:34:f7:17:19:94:eb:
+                    fa:63:84:ce:4b:8f:09:04:19:38:98:24:19:24:96:
+                    6a:cf:f1:3e:42:8a:9e:cd:16:c5:39:de:bd:1e:fc:
+                    e6:57:12:3f:b5:59:d0:50:b7:38:d7:75:99:b0:4d:
+                    62:d7:95:64:fb:b5:8c:68:20:61:78:7a:04:45:c4:
+                    15:8c:92:60:b9:9e:24:3f:b5:54:fe:92:4a:1f:4b:
+                    09:37
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                01:0E:AD:99:D6:AD:30:D2:45:B3:FF:56:26:D4:E7:8F:BA:BD:41:86
+            X509v3 Authority Key Identifier: 
+                keyid:1F:2E:5E:B0:40:0D:92:A7:09:83:DA:25:6C:19:20:9E:C9:60:CD:21
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+                serial:E5:9B:8C:3A:EB:E7:6E:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         16:30:40:fa:eb:4f:06:12:81:ee:94:67:b7:22:67:53:af:f5:
+         23:29:43:7f:fe:9d:50:94:cf:ab:a5:a9:f4:85:36:4c:2a:38:
+         f4:46:b4:01:5c:0f:59:3b:d7:39:2c:a7:d5:64:b5:63:83:ff:
+         e7:98:c8:94:69:cc:a5:8a:03:ac:61:c5:0a:20:46:7b:f8:86:
+         71:39:ad:a4:bc:fd:cb:dc:ed:27:95:2e:d7:f9:2f:0a:26:1e:
+         e0:1e:4e:77:94:c1:08:11:b7:5f:6c:e7:5f:a1:98:4e:a2:8f:
+         46:d2:e3:c4:b8:fb:c0:51:8d:5f:d3:3e:a0:81:e8:c6:46:ef:
+         89:57:7a:8f:d8:af:e8:48:c2:c6:64:ef:d3:1e:77:72:17:c4:
+         57:87:19:97:e2:04:e5:27:11:40:28:52:a1:fc:79:85:56:69:
+         69:0d:04:a5:8d:b8:fe:4b:ca:6e:4b:6e:bb:7e:a8:10:54:6a:
+         45:ae:49:2f:10:8c:8e:cf:d8:b1:00:97:62:ed:14:84:1c:1b:
+         5b:b6:3c:44:e3:8e:8c:ac:25:33:39:6f:9d:7b:db:7c:0a:4c:
+         ec:70:d6:17:32:e2:93:8e:33:fe:aa:e1:12:f1:99:1e:f5:f8:
+         5f:b7:94:77:83:4f:6a:de:48:1a:db:9a:62:dc:7e:87:00:87:
+         c1:73:fc:ae
+-----BEGIN CERTIFICATE-----
+MIIFOjCCBCKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1j
+YTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwHhcNMTcwMzIyMDIyNTQ0WhcNMzcwMzIyMDIyNTQ0WjCBqTELMAkGA1UE
+BhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQK
+EwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD0Iz
+LVZQTi1ndy1ja3VidTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJj
+a3VidS1hZG1Ab29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCgEuyuUrMZU030ypbcT7iU4/93l5MsYx+vstXp1DIW6rVik8ZJ5EgdOIujrBGC
+UAUkbNRem9YG5aOid+s8FCMs0DwtFTKOeXRHLRsb5ry7zfHX5CVnJ9nnFJZ4L/Iu
+qHbfDyAYq9ZUMXKIgb4XLA3hZZ8XuYjiuNTsPqRhRtsD2mktvi4kuVNZnT3vK3Xv
+G0Dq96ayfzy3RuT3bNuLzErMPN8Op4w5KzBTShkQhDT3FxmU6/pjhM5LjwkEGTiY
+JBkklmrP8T5Cip7NFsU53r0e/OZXEj+1WdBQtzjXdZmwTWLXlWT7tYxoIGF4egRF
+xBWMkmC5niQ/tVT+kkofSwk3AgMBAAGjggFvMIIBazAJBgNVHRMEAjAAMC0GCWCG
+SAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFAEOrZnWrTDSRbP/VibU54+6vUGGMIHYBgNVHSMEgdAwgc2AFB8uXrBADZKn
+CYPaJWwZIJ7JYM0hoYGppIGmMIGjMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczESMBAGA1UEAxMJVlBOLUIzLWNhMQ8wDQYDVQQpEwZW
+UE4gQjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOWbjDrr
+526ZMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNVHREEDDAK
+gghndy1ja3VidTANBgkqhkiG9w0BAQsFAAOCAQEAFjBA+utPBhKB7pRntyJnU6/1
+IylDf/6dUJTPq6Wp9IU2TCo49Ea0AVwPWTvXOSyn1WS1Y4P/55jIlGnMpYoDrGHF
+CiBGe/iGcTmtpLz9y9ztJ5Uu1/kvCiYe4B5Od5TBCBG3X2znX6GYTqKPRtLjxLj7
+wFGNX9M+oIHoxkbviVd6j9iv6EjCxmTv0x53chfEV4cZl+IE5ScRQChSofx5hVZp
+aQ0EpY24/kvKbktuu36oEFRqRa5JLxCMjs/YsQCXYu0UhBwbW7Y8ROOOjKwlMzlv
+nXvbfApM7HDWFzLik44z/qrhEvGZHvX4X7eUd4NPat5IGtuaYtx+hwCHwXP8rg==
+-----END CERTIFICATE-----
diff --git a/B3-Bornim/openvpn/keys/04.pem b/B3-Bornim/openvpn/keys/04.pem
new file mode 100644
index 0000000..7049a71
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/04.pem
@@ -0,0 +1,97 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 22 02:26:25 2017 GMT
+            Not After : Mar 22 02:26:25 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=B3-VPN-ingo/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c1:ab:6d:d9:5b:fe:ce:60:c5:fd:f3:66:77:57:
+                    2a:05:af:c6:f9:ac:97:6d:29:43:d4:4a:9c:1c:8f:
+                    c1:00:38:47:6a:cc:55:5f:00:a9:98:fc:62:7e:ae:
+                    41:52:b9:44:a0:47:69:d1:e3:7a:db:0b:d0:0d:cf:
+                    71:d2:bc:43:92:9a:e9:80:ee:f0:d8:9d:67:3d:b1:
+                    da:39:f3:83:f5:d7:87:17:e9:b3:bb:0f:74:c3:7e:
+                    9f:c4:3c:0f:6d:43:94:63:e6:b6:55:c6:ec:d6:f1:
+                    08:b6:eb:cf:ae:a5:a8:61:f4:79:b0:a4:3f:e0:55:
+                    86:3b:22:a2:79:a9:04:ce:ba:78:1a:96:3b:e4:2e:
+                    1a:89:ba:1a:81:6c:9d:ea:54:6a:30:71:db:31:7b:
+                    c5:17:d1:40:8c:66:c8:8a:a5:c4:50:5d:97:0c:9a:
+                    42:2e:a6:41:67:8b:ef:93:af:28:42:b8:3f:65:0e:
+                    1d:1c:15:69:6f:4b:09:e1:54:d3:f9:fe:2a:a6:e8:
+                    cd:01:0f:ec:97:5a:62:28:7a:14:ab:f9:30:ed:5b:
+                    e0:e2:e6:02:9b:50:65:ac:1e:35:0f:76:b4:4e:ad:
+                    44:7a:66:5a:33:28:7c:b2:46:c2:ea:67:5f:cf:be:
+                    74:aa:0d:a8:f8:8e:4c:e9:95:d2:ca:11:ad:cc:f6:
+                    67:9b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                51:5B:AE:97:12:72:A4:2A:44:72:38:38:53:BF:14:F6:8F:88:0E:18
+            X509v3 Authority Key Identifier: 
+                keyid:1F:2E:5E:B0:40:0D:92:A7:09:83:DA:25:6C:19:20:9E:C9:60:CD:21
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+                serial:E5:9B:8C:3A:EB:E7:6E:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:ingo
+    Signature Algorithm: sha256WithRSAEncryption
+         63:66:7e:a1:53:e4:7c:55:5c:4a:cb:51:9e:10:b2:c4:21:b5:
+         9c:7d:3f:c0:b6:ea:cb:a9:07:32:76:eb:ad:0d:cf:cc:2a:85:
+         ca:d7:86:e3:6e:00:f0:70:29:f0:5f:73:1d:13:e2:bf:2d:99:
+         e6:33:65:af:6a:5b:d5:c1:4b:74:df:07:ab:a0:6f:49:7b:e3:
+         92:09:89:88:ce:3a:67:6e:d6:8f:fb:b8:9b:93:87:ad:1a:25:
+         b8:db:8e:92:d1:18:a5:f0:e1:c9:ab:0b:f6:9d:46:79:5d:d0:
+         24:44:eb:4b:5f:59:1b:f4:e3:92:ad:55:5e:af:af:2d:44:e3:
+         95:c5:de:1c:eb:c6:07:f6:5c:94:84:4d:41:33:c9:94:86:53:
+         63:95:e6:41:14:42:32:e2:88:b8:e8:23:44:fb:d4:19:0d:e6:
+         69:db:ff:97:e1:87:7f:72:4b:4e:3f:6a:49:50:60:eb:66:b4:
+         b5:4f:c6:db:93:fd:e8:b6:d1:b6:e4:b8:90:9d:65:e4:77:10:
+         d2:a5:0c:c3:0e:5f:7d:1d:0d:fb:ff:ca:1b:4f:d3:1c:c4:ba:
+         b8:c3:69:f1:04:ef:6d:21:93:11:4b:59:29:09:2c:e9:37:91:
+         c1:9c:17:3a:d2:55:e5:2f:0a:1a:4a:82:ae:d9:37:58:12:15:
+         8e:2d:19:f2
+-----BEGIN CERTIFICATE-----
+MIIFMjCCBBqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1j
+YTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwHhcNMTcwMzIyMDIyNjI1WhcNMzcwMzIyMDIyNjI1WjCBpTELMAkGA1UE
+BhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQK
+EwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC0Iz
+LVZQTi1pbmdvMQ8wDQYDVQQpEwZWUE4gQjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1
+LWFkbUBvb3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGr
+bdlb/s5gxf3zZndXKgWvxvmsl20pQ9RKnByPwQA4R2rMVV8AqZj8Yn6uQVK5RKBH
+adHjetsL0A3PcdK8Q5Ka6YDu8NidZz2x2jnzg/XXhxfps7sPdMN+n8Q8D21DlGPm
+tlXG7NbxCLbrz66lqGH0ebCkP+BVhjsionmpBM66eBqWO+QuGom6GoFsnepUajBx
+2zF7xRfRQIxmyIqlxFBdlwyaQi6mQWeL75OvKEK4P2UOHRwVaW9LCeFU0/n+Kqbo
+zQEP7JdaYih6FKv5MO1b4OLmAptQZaweNQ92tE6tRHpmWjMofLJGwupnX8++dKoN
+qPiOTOmV0soRrcz2Z5sCAwEAAaOCAWswggFnMAkGA1UdEwQCMAAwLQYJYIZIAYb4
+QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
+UVuulxJypCpEcjg4U78U9o+IDhgwgdgGA1UdIwSB0DCBzYAUHy5esEANkqcJg9ol
+bBkgnslgzSGhgamkgaYwgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMRIwEAYDVQQDEwlWUE4tQjMtY2ExDzANBgNVBCkTBlZQTiBC
+MzEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA5ZuMOuvnbpkw
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaCBGlu
+Z28wDQYJKoZIhvcNAQELBQADggEBAGNmfqFT5HxVXErLUZ4QssQhtZx9P8C26sup
+BzJ2660Nz8wqhcrXhuNuAPBwKfBfcx0T4r8tmeYzZa9qW9XBS3TfB6ugb0l745IJ
+iYjOOmdu1o/7uJuTh60aJbjbjpLRGKXw4cmrC/adRnld0CRE60tfWRv045KtVV6v
+ry1E45XF3hzrxgf2XJSETUEzyZSGU2OV5kEUQjLiiLjoI0T71BkN5mnb/5fhh39y
+S04/aklQYOtmtLVPxtuT/ei20bbkuJCdZeR3ENKlDMMOX30dDfv/yhtP0xzEurjD
+afEE720hkxFLWSkJLOk3kcGcFzrSVeUvChpKgq7ZN1gSFY4tGfI=
+-----END CERTIFICATE-----
diff --git a/B3-Bornim/openvpn/keys/05.pem b/B3-Bornim/openvpn/keys/05.pem
new file mode 100644
index 0000000..2f6b347
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/05.pem
@@ -0,0 +1,97 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 22 02:27:04 2017 GMT
+            Not After : Mar 22 02:27:04 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=B3-VPN-matthias/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d2:22:e5:ab:8d:2b:28:95:69:10:c3:ba:f2:9e:
+                    f4:f8:47:f2:81:fc:b1:35:70:fc:70:f4:e1:d1:4c:
+                    4e:b4:2b:7c:65:76:b0:88:15:07:11:c8:47:16:4b:
+                    91:98:80:c1:f2:51:1b:8c:77:87:e5:ca:06:14:7c:
+                    5b:2c:c4:ee:6c:de:2c:af:11:1c:2e:0b:74:73:6a:
+                    9f:8f:7f:1c:6a:5b:24:28:01:19:86:3a:ff:6d:48:
+                    56:7e:20:7c:94:d5:db:2e:a9:9f:f1:08:7d:9f:ec:
+                    b2:6e:8d:6b:6f:20:df:47:28:a8:e5:b8:29:92:b5:
+                    a0:93:29:b7:42:d0:0d:06:12:ec:39:fb:39:73:b8:
+                    ce:5d:9d:7c:a6:01:c3:e9:6d:39:83:07:16:8e:89:
+                    d0:69:c1:17:27:a5:5b:0c:41:41:36:86:10:62:73:
+                    ae:3e:88:48:bb:96:bb:aa:be:b8:5f:98:a6:4f:22:
+                    b8:01:c2:37:b2:36:9c:de:f0:a4:86:75:af:9a:ed:
+                    1c:71:29:78:5d:0d:65:18:85:91:7a:4f:ea:4a:93:
+                    1c:9c:be:7d:cd:95:eb:d0:28:f4:a7:c5:8a:2d:9e:
+                    c8:30:93:51:15:4c:8a:f0:ed:a2:ae:72:77:60:26:
+                    66:c2:df:7e:4b:aa:dc:dc:5c:cb:27:7d:7b:37:2e:
+                    d1:c1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D7:D3:A3:1A:84:6C:91:0A:6D:57:6E:BC:19:6B:25:50:5F:FC:27:9D
+            X509v3 Authority Key Identifier: 
+                keyid:1F:2E:5E:B0:40:0D:92:A7:09:83:DA:25:6C:19:20:9E:C9:60:CD:21
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+                serial:E5:9B:8C:3A:EB:E7:6E:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:matthias
+    Signature Algorithm: sha256WithRSAEncryption
+         b5:74:5e:d8:6c:a7:82:02:02:17:b2:db:f8:8b:a2:40:af:e4:
+         50:b1:bf:04:42:91:21:80:b5:b1:29:ef:d6:d8:03:9d:bf:a9:
+         73:13:02:8b:74:02:0c:07:6c:4a:79:e8:49:ae:e5:63:a6:61:
+         01:bf:18:a2:2f:00:5f:ef:ac:79:bd:62:93:5c:1a:1f:7e:50:
+         29:ca:51:e6:f8:aa:c3:96:5b:6c:cd:71:19:20:24:3f:c6:95:
+         22:62:1b:51:cb:80:6c:0d:5c:1c:ca:5c:a1:95:1a:fd:27:61:
+         6c:ce:cf:81:19:78:2e:08:9e:14:35:05:0e:0f:a3:b9:d5:44:
+         97:f1:35:9a:94:fb:3a:ee:c2:16:21:07:59:d8:ae:21:47:73:
+         24:da:7d:ba:d4:ab:63:80:2d:79:44:04:fc:51:0f:3b:fb:b3:
+         1e:3b:d8:f8:27:34:22:63:4f:ad:aa:43:99:a1:ac:39:1e:99:
+         ca:df:46:bd:4d:c6:69:3d:63:e6:f4:c1:8a:71:3a:9a:e6:05:
+         a7:04:38:f1:d8:31:f4:31:3d:f9:a7:28:94:73:bc:1a:27:c6:
+         35:9b:5a:ad:c1:58:de:eb:9a:cc:0a:93:a7:be:4e:3f:90:c3:
+         d7:23:6d:4d:eb:48:dc:da:d4:0f:cd:9e:51:7c:d8:39:eb:1d:
+         f9:d0:73:2d
+-----BEGIN CERTIFICATE-----
+MIIFOjCCBCKgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1j
+YTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwHhcNMTcwMzIyMDIyNzA0WhcNMzcwMzIyMDIyNzA0WjCBqTELMAkGA1UE
+BhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQK
+EwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD0Iz
+LVZQTi1tYXR0aGlhczEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJj
+a3VidS1hZG1Ab29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDSIuWrjSsolWkQw7rynvT4R/KB/LE1cPxw9OHRTE60K3xldrCIFQcRyEcWS5GY
+gMHyURuMd4flygYUfFssxO5s3iyvERwuC3Rzap+PfxxqWyQoARmGOv9tSFZ+IHyU
+1dsuqZ/xCH2f7LJujWtvIN9HKKjluCmStaCTKbdC0A0GEuw5+zlzuM5dnXymAcPp
+bTmDBxaOidBpwRcnpVsMQUE2hhBic64+iEi7lruqvrhfmKZPIrgBwjeyNpze8KSG
+da+a7RxxKXhdDWUYhZF6T+pKkxycvn3NlevQKPSnxYotnsgwk1EVTIrw7aKucndg
+JmbC335LqtzcXMsnfXs3LtHBAgMBAAGjggFvMIIBazAJBgNVHRMEAjAAMC0GCWCG
+SAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFNfToxqEbJEKbVduvBlrJVBf/CedMIHYBgNVHSMEgdAwgc2AFB8uXrBADZKn
+CYPaJWwZIJ7JYM0hoYGppIGmMIGjMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczESMBAGA1UEAxMJVlBOLUIzLWNhMQ8wDQYDVQQpEwZW
+UE4gQjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOWbjDrr
+526ZMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNVHREEDDAK
+gghtYXR0aGlhczANBgkqhkiG9w0BAQsFAAOCAQEAtXRe2GynggICF7Lb+IuiQK/k
+ULG/BEKRIYC1sSnv1tgDnb+pcxMCi3QCDAdsSnnoSa7lY6ZhAb8Yoi8AX++seb1i
+k1waH35QKcpR5viqw5ZbbM1xGSAkP8aVImIbUcuAbA1cHMpcoZUa/SdhbM7PgRl4
+LgieFDUFDg+judVEl/E1mpT7Ou7CFiEHWdiuIUdzJNp9utSrY4AteUQE/FEPO/uz
+HjvY+Cc0ImNPrapDmaGsOR6Zyt9GvU3GaT1j5vTBinE6muYFpwQ48dgx9DE9+aco
+lHO8GifGNZtarcFY3uuazAqTp75OP5DD1yNtTetI3NrUD82eUXzYOesd+dBzLQ==
+-----END CERTIFICATE-----
diff --git a/B3-Bornim/openvpn/keys/06.pem b/B3-Bornim/openvpn/keys/06.pem
new file mode 100644
index 0000000..cd060e4
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/06.pem
@@ -0,0 +1,97 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 22 02:27:47 2017 GMT
+            Not After : Mar 22 02:27:47 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=B3-VPN-susi/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b5:8e:d4:bd:3e:87:19:e5:f6:39:0a:48:5d:91:
+                    75:a4:cd:b7:ad:0e:cd:20:2f:c9:6c:b0:ba:49:28:
+                    e0:21:de:be:89:76:94:b9:5c:94:00:28:8d:74:15:
+                    8e:55:78:84:2f:95:46:59:f4:1d:52:12:2b:f6:b6:
+                    28:6a:c2:31:e1:3f:9c:25:e9:89:9c:80:eb:1e:50:
+                    42:7d:0d:01:bd:7f:d3:f1:33:21:20:1a:8f:1a:35:
+                    e1:bd:a7:d2:2d:c0:82:38:12:ae:6d:05:a1:64:f2:
+                    ce:29:9c:3e:f2:06:57:bd:7d:e7:f7:a1:a9:4e:6c:
+                    ae:4d:ec:20:78:88:4c:9a:ae:4d:26:9c:79:08:dc:
+                    27:79:86:ec:ca:fa:9f:ec:9c:c3:16:10:27:63:5a:
+                    c6:8b:e2:f3:21:e1:d1:00:16:db:a2:06:8a:c3:33:
+                    1b:08:52:df:46:1d:94:4d:04:7f:e0:d6:d4:71:72:
+                    7a:71:eb:5a:5e:e5:a1:cd:85:08:b7:9a:42:a9:0f:
+                    b3:3f:ae:b2:bf:a5:e3:87:18:9c:85:e3:c8:f8:41:
+                    c6:61:94:19:6c:6b:23:61:ca:9d:6b:84:c9:68:00:
+                    09:5e:a1:10:8c:db:37:75:17:f0:9d:78:09:8a:ad:
+                    89:3f:77:8f:74:41:72:83:31:14:c6:60:ea:cd:65:
+                    f5:b3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                73:B2:AC:2A:36:FA:71:6E:E3:A6:61:37:63:BF:41:8B:6F:6F:FF:6C
+            X509v3 Authority Key Identifier: 
+                keyid:1F:2E:5E:B0:40:0D:92:A7:09:83:DA:25:6C:19:20:9E:C9:60:CD:21
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+                serial:E5:9B:8C:3A:EB:E7:6E:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:susi
+    Signature Algorithm: sha256WithRSAEncryption
+         7d:b8:7d:f0:07:06:3c:f3:66:eb:e4:8b:dc:f4:23:24:9a:ee:
+         19:6d:20:bc:e3:50:80:2e:56:6d:21:ee:d5:8a:6c:d1:17:56:
+         29:79:c5:c0:97:ff:cb:c1:2e:85:c1:c8:28:ff:77:8d:eb:62:
+         08:2a:37:ed:89:f1:7f:04:81:90:db:4a:5b:69:c6:22:75:36:
+         07:78:1a:af:94:db:d6:3c:3a:74:c1:53:47:80:8e:f7:90:3f:
+         e8:55:79:8d:b4:e8:ab:24:08:a4:37:1d:b2:7a:a6:56:21:d3:
+         63:3c:fc:58:cd:d3:f4:4d:7a:fc:7a:3f:6f:77:d9:2a:01:50:
+         a0:6a:6d:b8:68:bc:d7:60:ee:8c:57:ae:72:26:b6:c8:66:f2:
+         b7:19:d4:29:bf:df:ea:47:1c:53:b1:22:98:e1:eb:26:85:fe:
+         52:47:a8:2c:f7:5f:d1:4d:01:34:8d:8c:94:78:76:9c:98:94:
+         51:4f:1e:bf:ac:87:74:ce:76:de:76:97:a4:67:28:32:16:eb:
+         c9:cc:e8:cf:d1:f2:dc:57:b6:af:c8:7a:df:c5:82:8d:20:af:
+         e2:83:fe:7e:17:4a:36:7f:e3:7a:bb:76:4e:81:ca:f7:43:c7:
+         5a:6c:28:50:5d:57:5b:e0:c3:ba:f4:3b:5c:1a:4b:ae:35:3a:
+         8e:1d:09:c7
+-----BEGIN CERTIFICATE-----
+MIIFMjCCBBqgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1j
+YTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwHhcNMTcwMzIyMDIyNzQ3WhcNMzcwMzIyMDIyNzQ3WjCBpTELMAkGA1UE
+BhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQK
+EwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC0Iz
+LVZQTi1zdXNpMQ8wDQYDVQQpEwZWUE4gQjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1
+LWFkbUBvb3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWO
+1L0+hxnl9jkKSF2RdaTNt60OzSAvyWywukko4CHevol2lLlclAAojXQVjlV4hC+V
+Rln0HVISK/a2KGrCMeE/nCXpiZyA6x5QQn0NAb1/0/EzISAajxo14b2n0i3AgjgS
+rm0FoWTyzimcPvIGV7195/ehqU5srk3sIHiITJquTSaceQjcJ3mG7Mr6n+ycwxYQ
+J2Naxovi8yHh0QAW26IGisMzGwhS30YdlE0Ef+DW1HFyenHrWl7loc2FCLeaQqkP
+sz+usr+l44cYnIXjyPhBxmGUGWxrI2HKnWuEyWgACV6hEIzbN3UX8J14CYqtiT93
+j3RBcoMxFMZg6s1l9bMCAwEAAaOCAWswggFnMAkGA1UdEwQCMAAwLQYJYIZIAYb4
+QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
+c7KsKjb6cW7jpmE3Y79Bi29v/2wwgdgGA1UdIwSB0DCBzYAUHy5esEANkqcJg9ol
+bBkgnslgzSGhgamkgaYwgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMRIwEAYDVQQDEwlWUE4tQjMtY2ExDzANBgNVBCkTBlZQTiBC
+MzEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA5ZuMOuvnbpkw
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaCBHN1
+c2kwDQYJKoZIhvcNAQELBQADggEBAH24ffAHBjzzZuvki9z0IySa7hltILzjUIAu
+Vm0h7tWKbNEXVil5xcCX/8vBLoXByCj/d43rYggqN+2J8X8EgZDbSltpxiJ1Ngd4
+Gq+U29Y8OnTBU0eAjveQP+hVeY206KskCKQ3HbJ6plYh02M8/FjN0/RNevx6P293
+2SoBUKBqbbhovNdg7oxXrnImtshm8rcZ1Cm/3+pHHFOxIpjh6yaF/lJHqCz3X9FN
+ATSNjJR4dpyYlFFPHr+sh3TOdt52l6RnKDIW68nM6M/R8txXtq/Iet/Fgo0gr+KD
+/n4XSjZ/43q7dk6ByvdDx1psKFBdV1vgw7r0O1waS641Oo4dCcc=
+-----END CERTIFICATE-----
diff --git a/B3-Bornim/openvpn/keys/ca.crt b/B3-Bornim/openvpn/keys/ca.crt
new file mode 100644
index 0000000..4a6a247
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/ca.crt
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIE2TCCA8GgAwIBAgIJAOWbjDrr526ZMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAGA1UEAxMJ
+VlBOLUIzLWNhMQ8wDQYDVQQpEwZWUE4gQjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1
+LWFkbUBvb3Blbi5kZTAeFw0xNzAzMjIwMjE5MjVaFw00OTAzMjIwMjE5MjVaMIGj
+MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4x
+DzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAG
+A1UEAxMJVlBOLUIzLWNhMQ8wDQYDVQQpEwZWUE4gQjMxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMzzVaCu/oIRHn9CaLJdwurZvlnnZ1xI+HtWlVnVY60QBzw38Rc36VUOH+bf
+NRM+aV95Pe6h0icFmiDfnSHQwogO56tkZFq6OW9RfnC/wSVXEfVrdvV8H9JgPiLM
+WdyRIgjdeM74EdZ0tFN8sO34Bf/dv3OYGUz7qJgFnKdy7ByTgv2maRmITds9Dk58
+H8h5wl0TnGRS+A8zOz1TAIjVjdPWEFOwkKLGRCSbiWIm2qqXzbhlwYYpxifxRkXW
+tcSLOB3lKtAM53l22Qvux6J5+s0UH3+WoPo+6Gc65Jtg6SUGxTpvJZgRyMpRKLNI
+JEFzo8JMYSb50TmC/9j6ZOX82VsCAwEAAaOCAQwwggEIMB0GA1UdDgQWBBQfLl6w
+QA2SpwmD2iVsGSCeyWDNITCB2AYDVR0jBIHQMIHNgBQfLl6wQA2SpwmD2iVsGSCe
+yWDNIaGBqaSBpjCBozELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0G
+A1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsg
+U2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1jYTEPMA0GA1UEKRMGVlBOIEIzMSEw
+HwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQDlm4w66+dumTAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAmLrMjjb3MV6gjBZCIDJag6X9+
+WOLY6UJfNGXyg9qt4SxKFqvBSCC+ZB+39rvl/+ReAULKCjggM3usRuPZfcK63Ncm
+FRqkxA+3xk+c60KZd3DP+4yRdY3j1GeHip8FJloT91eVkGdCGDAFwz3njBex40BA
+qpIPOoYDKJDZElrunB/8z0KW/12HqxowEnPQaSkTiFeb9hRJMB71/LvS0OZoWPj9
+4kvNGJq8H3VdWjzLDAXfX+VYI1gTWYax47klQM6QnKBOuQGPpHvVWBr0ifFsa6Wh
+eoBxJ50RuMwLoXNZqqJD6TH8vCv7IqARnhiNKhNiDQQr5CZyr4Nwn7gT4yw1
+-----END CERTIFICATE-----
diff --git a/B3-Bornim/openvpn/keys/ca.key b/B3-Bornim/openvpn/keys/ca.key
new file mode 100644
index 0000000..8182652
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDM81Wgrv6CER5/
+QmiyXcLq2b5Z52dcSPh7VpVZ1WOtEAc8N/EXN+lVDh/m3zUTPmlfeT3uodInBZog
+350h0MKIDuerZGRaujlvUX5wv8ElVxH1a3b1fB/SYD4izFnckSII3XjO+BHWdLRT
+fLDt+AX/3b9zmBlM+6iYBZyncuwck4L9pmkZiE3bPQ5OfB/IecJdE5xkUvgPMzs9
+UwCI1Y3T1hBTsJCixkQkm4liJtqql824ZcGGKcYn8UZF1rXEizgd5SrQDOd5dtkL
+7seiefrNFB9/lqD6PuhnOuSbYOklBsU6byWYEcjKUSizSCRBc6PCTGEm+dE5gv/Y
++mTl/NlbAgMBAAECggEBAIar/sAvPR3Kkfedc56A7evUWLhKzihd6qlhI5J8HZtC
+xP5U5B8VpkU1mtDiKsYSZLtPt9puiuEJVVX0mhP2UV2GLcT5mtfjNopnSmZcGlam
++C4EB48XmPFsPGgxT3sYAv1ASnn1mAMLfNK/RKOaLpcK5xrV/woO86GxTlbZtTyw
+oz0mEOGmR98vOtImIJ9ABTb5RWHqpAyeKcxjI+qb1MC+VZcSUvLbhr6mfq/vAWKk
+Rido3YAlVfzo8kRx6HeXSDZekfQcNPfnAfv3sKNujw9LdEneAbTPB7l5YTTIOxEn
+/vZi1BE+LMA8O1WFf6vlOlRWQqY0/kfRko60cODzzkECgYEA+xxKZVIzSWGw9WqH
+yU+EKU9IGRZ5HszSBOEGVqHjCSvNtFxkvKgpjZFhukLYruqTEOGTNDUnm+3grX08
+9eIaFHQrqrqAkMKertwlU5joSNN95UOJFJJCStQcKS8BToHR4sA5nHlKmvu/CKVM
+es1NUg9+5Er+o0TMax2AIhVEeh8CgYEA0PDzTkE52nMJin8IV8WqSdRnC96FBNN2
+n1n8xBJqgjQqRwI8H0dUs8GcRKUxP5JUfHjzVlWayW9Jn2jX4KR5/HE75mlCeeHP
++Ue+6m+hqNtTV0KmVAjF5dvH4Hsz5mNFh2pET7HPtB4gxn5/jfUYcWjlOYoXBXTJ
+EQuFrVvYMUUCgYEAqGP0T7Wrxs3ICQsDO7AjBECyLICxgEIBpFvyEC5HPWMucoBy
+3UA3fUO8sVcaT1HmhS9/s0bh5OLEBBMzyf9xVb4Bel/Oz0RzfPcL4N9tBUkt54w+
+ZJkf82YB7GwlCCxuPwyAlbmQmhWvqXCPtNnvu9PAV/8iewIrwrjpr/FrFikCgYEA
+gKD1iGWLUjqj0wllf3OG5DDIx3vT9CaiznM9sw+LVmD67gAoNzFYqdk1dOUlrndN
+X9uuIqZMxlmmv2ZyEC/xkUG8mJqQfCxSNqq+k+DpauSrJ/s2HmHQQzPMlxwB1YGj
+2jvHljBnKAGsN8bEjAYpaBgllgi3J3rAFag8QX9bVukCgYA9mbo9CbOvv+n6oYlZ
+vZLBQ4wDZGGOQpUCpYxY18wjxYc4k9AoXh3iruuzQBxmlDIMKUlAPByCVHfCOpDb
+eKQj8Azda37up0QMYsKMuLOFPREJDGZEbastPBH39Thl965As6iKOsd3R4jZ+2Ld
+GHmoTvHKwwKy9rmRgMFMpUkMIw==
+-----END PRIVATE KEY-----
diff --git a/B3-Bornim/openvpn/keys/chris.crt b/B3-Bornim/openvpn/keys/chris.crt
new file mode 100644
index 0000000..6ead50d
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/chris.crt
@@ -0,0 +1,97 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 22 02:24:54 2017 GMT
+            Not After : Mar 22 02:24:54 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=B3-VPN-chris/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:e3:b0:23:45:0e:07:84:b2:29:3d:0b:66:32:ca:
+                    ac:7f:ac:8a:2d:6b:11:eb:87:20:25:d0:3b:94:6a:
+                    05:b9:da:82:32:28:4e:cf:a8:9b:dc:6a:6b:1b:95:
+                    13:75:6e:ed:fb:fc:1d:8d:fe:23:cd:a1:0b:74:41:
+                    b1:4b:c8:59:9e:2d:5e:ff:46:21:83:32:19:fb:2a:
+                    ba:5b:9d:3c:f1:64:95:be:c3:cd:79:c4:ca:ef:71:
+                    6a:65:6f:81:0d:45:75:11:79:47:51:5e:db:85:c1:
+                    1b:c2:a2:c7:10:d3:39:09:ae:3a:e7:d1:15:91:08:
+                    fd:c8:25:cb:35:08:cf:fd:41:96:e3:59:6b:63:8a:
+                    e8:4a:12:bd:ee:b0:c2:97:fa:4f:3c:fe:98:02:58:
+                    2c:f4:d0:29:48:e9:5c:3d:f0:3a:f6:9c:b3:70:f9:
+                    a0:fb:f7:99:0a:5f:27:09:5e:de:0b:b1:02:26:c7:
+                    91:e0:3f:47:61:c6:52:13:2f:11:a5:77:45:2e:b9:
+                    40:3c:a3:40:10:5a:6c:5b:16:c7:2d:9e:aa:7f:45:
+                    c0:35:cb:11:45:89:00:38:08:9b:43:c3:01:bc:3a:
+                    3c:96:5e:56:03:67:69:b6:18:7a:ad:7f:22:44:8a:
+                    5c:6d:41:96:b6:08:87:fa:d5:99:6a:02:38:91:43:
+                    2d:ed
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                9E:9D:71:FC:38:46:22:BC:2B:8C:79:FE:09:44:0A:48:9D:AD:3E:5B
+            X509v3 Authority Key Identifier: 
+                keyid:1F:2E:5E:B0:40:0D:92:A7:09:83:DA:25:6C:19:20:9E:C9:60:CD:21
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+                serial:E5:9B:8C:3A:EB:E7:6E:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         03:72:39:b6:b0:4d:c8:9a:8d:39:b0:9f:43:8a:9d:93:17:06:
+         c7:45:40:00:21:d1:49:9c:69:55:e3:cb:19:fa:fe:94:c2:8c:
+         5e:18:74:a3:9b:95:b1:91:9a:4b:3c:cd:ec:47:d4:49:2d:8b:
+         e9:87:0c:cc:02:ea:e9:c7:51:14:f9:9c:c7:08:2a:c2:7d:c6:
+         49:d4:38:13:29:b6:f9:6f:60:c5:59:0b:96:a8:24:0c:c1:bd:
+         94:6a:48:66:aa:4d:b0:06:9c:2c:59:da:d1:43:35:f4:12:2a:
+         b3:3d:e1:43:e2:1d:46:dd:19:02:93:50:92:48:27:4b:77:9e:
+         29:7c:4d:db:05:fd:1d:4a:4a:09:70:f4:48:0c:4b:12:b8:fe:
+         94:3f:af:38:8e:c8:77:5a:c3:c3:2c:d1:cf:0e:4a:5d:40:62:
+         cd:be:52:6f:c7:55:b4:ac:59:5b:13:0f:ed:51:56:bf:4f:67:
+         d0:7d:4e:08:7c:84:b7:76:9d:a0:91:26:dc:12:38:ac:e2:b4:
+         57:b7:0c:5e:00:37:6f:f3:b0:3d:d5:28:d8:a5:9f:31:4c:32:
+         66:c6:56:a6:8c:57:2e:f8:a5:11:7b:69:c1:be:59:3e:f7:a5:
+         81:3b:d6:64:28:4e:72:be:cd:43:37:38:ca:16:1d:3a:5a:20:
+         19:46:f8:d3
+-----BEGIN CERTIFICATE-----
+MIIFNDCCBBygAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1j
+YTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwHhcNMTcwMzIyMDIyNDU0WhcNMzcwMzIyMDIyNDU0WjCBpjELMAkGA1UE
+BhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQK
+EwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFTATBgNVBAMTDEIz
+LVZQTi1jaHJpczEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3Vi
+dS1hZG1Ab29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj
+sCNFDgeEsik9C2Yyyqx/rIotaxHrhyAl0DuUagW52oIyKE7PqJvcamsblRN1bu37
+/B2N/iPNoQt0QbFLyFmeLV7/RiGDMhn7KrpbnTzxZJW+w815xMrvcWplb4ENRXUR
+eUdRXtuFwRvCoscQ0zkJrjrn0RWRCP3IJcs1CM/9QZbjWWtjiuhKEr3usMKX+k88
+/pgCWCz00ClI6Vw98Dr2nLNw+aD795kKXycJXt4LsQImx5HgP0dhxlITLxGld0Uu
+uUA8o0AQWmxbFsctnqp/RcA1yxFFiQA4CJtDwwG8OjyWXlYDZ2m2GHqtfyJEilxt
+QZa2CIf61ZlqAjiRQy3tAgMBAAGjggFsMIIBaDAJBgNVHRMEAjAAMC0GCWCGSAGG
++EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE
+FJ6dcfw4RiK8K4x5/glECkidrT5bMIHYBgNVHSMEgdAwgc2AFB8uXrBADZKnCYPa
+JWwZIJ7JYM0hoYGppIGmMIGjMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGlu
+MQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0
+d29yayBTZXJ2aWNlczESMBAGA1UEAxMJVlBOLUIzLWNhMQ8wDQYDVQQpEwZWUE4g
+QjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOWbjDrr526Z
+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVj
+aHJpczANBgkqhkiG9w0BAQsFAAOCAQEAA3I5trBNyJqNObCfQ4qdkxcGx0VAACHR
+SZxpVePLGfr+lMKMXhh0o5uVsZGaSzzN7EfUSS2L6YcMzALq6cdRFPmcxwgqwn3G
+SdQ4Eym2+W9gxVkLlqgkDMG9lGpIZqpNsAacLFna0UM19BIqsz3hQ+IdRt0ZApNQ
+kkgnS3eeKXxN2wX9HUpKCXD0SAxLErj+lD+vOI7Id1rDwyzRzw5KXUBizb5Sb8dV
+tKxZWxMP7VFWv09n0H1OCHyEt3adoJEm3BI4rOK0V7cMXgA3b/OwPdUo2KWfMUwy
+ZsZWpoxXLvilEXtpwb5ZPvelgTvWZChOcr7NQzc4yhYdOlogGUb40w==
+-----END CERTIFICATE-----
diff --git a/B3-Bornim/openvpn/keys/chris.csr b/B3-Bornim/openvpn/keys/chris.csr
new file mode 100644
index 0000000..d57bdda
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/chris.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC7DCCAdQCAQAwgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRUwEwYDVQQDEwxCMy1WUE4tY2hyaXMxDzANBgNVBCkTBlZQTiBC
+MzEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA47AjRQ4HhLIpPQtmMsqsf6yKLWsR64cgJdA7
+lGoFudqCMihOz6ib3GprG5UTdW7t+/wdjf4jzaELdEGxS8hZni1e/0YhgzIZ+yq6
+W5088WSVvsPNecTK73FqZW+BDUV1EXlHUV7bhcEbwqLHENM5Ca4659EVkQj9yCXL
+NQjP/UGW41lrY4roShK97rDCl/pPPP6YAlgs9NApSOlcPfA69pyzcPmg+/eZCl8n
+CV7eC7ECJseR4D9HYcZSEy8RpXdFLrlAPKNAEFpsWxbHLZ6qf0XANcsRRYkAOAib
+Q8MBvDo8ll5WA2dpthh6rX8iRIpcbUGWtgiH+tWZagI4kUMt7QIDAQABoAAwDQYJ
+KoZIhvcNAQELBQADggEBAMx4Vsu3nIBZoE/Y4L6aE89+tA1Y44pgrHGIwqBfpqvp
+0YWMtG50wbgUZvetbQ0ttnqQeVeqzOr+x63UVURkubO3lDOEME5XXjxV90sDvq2m
+VJswYoeneCtZ0T6fUdh0x5nNQtegV8lycqmrRZoupefeswaCwCNkBjRLIe1e0bsW
+y0wmbTj3HTC2X6sw6QaHfSt9uST5bOvMy5d/5nwZ0DDu15Vy4fESZEqFLRRtClIo
+frge1K1KPuVQLQC9q54z0R8cD2Y4JiKy95QWfr/7I+YsxB/SAvIoJ9eCJjTcxZOu
+azhQRGHXEYKUbqOlc6q0yYi47hXZbbBTTt0ujCOe6P0=
+-----END CERTIFICATE REQUEST-----
diff --git a/B3-Bornim/openvpn/keys/chris.key b/B3-Bornim/openvpn/keys/chris.key
new file mode 100644
index 0000000..f671ad8
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/chris.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIkeGWXvvuPJ0CAggA
+MBQGCCqGSIb3DQMHBAg4m/SzcARAfwSCBMiYFmYOVQU7NW4SiZhjv2s/Ciy1Lli4
+D0RdT6kcrHuPmm53FQB4aJY6wT7bPGn1bVn+Kbhv8gloe83v8wJrp3AJ2rnb5hUW
+dwJvuppTj4+gzFHsB0rOYeIhFq0DZDkg2tXFXlwdyQUW3/dkaWMqMDIEbWGrIBhB
+JRJc83W6DZClSGlyBQD6Ef0Ij0uoytVbnYPWSrG1mS/6PQ7JkvFDBqJKoORwWEzZ
+kfQVkwhDU1rv/iCsr4ADAaxgUVapa8ESdkgzGbDmBjcefAWjDOMnFgNwJHqiqdng
+jIbp/8s4ZotT3r79IpxpvXrubXl6qUlUtWURQ7WJRy4w7fuBwy2gJ8UEzL1zYECq
+gR0goGOUQxX6iECydc8/ppDo4000IxTxO/TUE59Im+Xxc3twIGgiWITu4iQY5DQz
+CB4fd/okj46hfOpJi4ND4g1BYQd7wCo/Rhn96FQAdhMHfD7sC9Wsrgx5uAUsTIym
+ZYc+60Iu9hdfP4zNz/ZnYNui9qEbQCr1W3nVk5Q4wR2XS4TjtOkKPJYRYcX1ngLm
+p/B1Wy79T3tFvN5n6/5Z5uiplqcij16Tfw7u9i6EqOeTy/33EkF1PkRP8EqP7jXw
+d4sbSYS0TjrY3TUrERCxG2DT1NU/ruZwTka+mnYIzQXJ+LsnG21zTrRB4dLuM4zz
+pOGGL+sYBGwg5/67w1W7xzar8XDlAj8OJDlrUw7syEsXDyoLf2o8tYXAOOd5jXuX
+76XZ90s2YrXCHFVnUdTK9xzdrbnoErDHa6wZ0d1mS7DVDnymQRHnSIidAOQ+f3za
+NajEsEBBN1rsPE3qajbflRINIzs5hRwPBfUxkRG2IR6GuDxmJYQAS5uwLhFd1vJl
+7/SnSB6spqWTR8xPz/Lb+Vu/0aUN01Gd4m3toGFiIgdjyIZbZSEtAK/sGmAAxOoz
+GuSOF4AwSrmCp5/sSvFuhlwMe/pqRbidgbW0TZiOzrupzkTgPyaixdHPfycTT0Y5
+wB3N76LdmO8Bkc0wQoBUEWWUFbXzywo/EjTslBv1mTK0RGkMnDDZkrJbPYTTckzU
+yU+b98diD4B6VSf460a4YEdeZpc52Wmbv+cTkeWSEaQ79hWSRXLPBXwdXwOfzr94
+S10yBDKWBU/w3ynCBPM8WlMjkFX/BlNoPPRzgw6ozeH9KMmuJlAHOw352N/8QtZE
+n3baGa1mdxplc4JV9SgDkH4OyEyan/ytpr6R2oCCNnHo+OOerft2rZolKIsLGOEP
+ds7QJjj7hc1FtcePNXsC0piKjTq1eHTVtIT851q0+TNfpPesUnhNzRU8fgDswJoM
+ssjdt9BsOuwO1jPt/Wuh4gwIHyLKY6DWkmjXVSoLrRWZaRK+m2AARCH0/oCDk/9v
+Dr0zRA0z1KNRUmHRp2CR6pY+bcDus0RLon3SjHq1EvPgOCnGT9F7H/hZwtzcegF8
+qcOj+rXs3l439t4HLDwZ8hqVsSOnQZ8Ztxc5T+TQ3bscTg2JrkF36Nl+E1x53U7+
+akClupFKOE6H63TSy582zPmaecBUU0xqZmms9jkXGdwBVyJXXqKLlMkZIK6kBeu2
+cHuWFrOuSzZFhQGaLxkJYTrxnyGInD8Wha6IVo/AuBXKauT/bi+VCCfvxLfPEhOX
+hVs=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/B3-Bornim/openvpn/keys/crl.pem b/B3-Bornim/openvpn/keys/crl.pem
new file mode 100644
index 0000000..8bf0872
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/crl.pem
@@ -0,0 +1,13 @@
+-----BEGIN X509 CRL-----
+MIIB6jCB0zANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1jYTEPMA0GA1UE
+KRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUXDTE4
+MDExMjA0MDc0NVoXDTI4MDExMDA0MDc0NVowDQYJKoZIhvcNAQELBQADggEBAGI8
+7CEDAWKfmJr6JJgkqAk8XVGKNU4yGZBmC4OFpEFHNdnyVRz4V8UMEUjVp+pKXhIe
+hldECPYxYnCxwWh3HORz1tZl0m+fwYyxZCXsEpr7lwwdrn+vACh1rsaWr84540oI
+cceKx4QegU8u8hMSjfux9YGarl1qBGVg/Gl7v6NKuhAiMwJ+9/03i3sKEuzZ3dL0
+wwpl/tBoaPhCsh6aMbeN1t6ZTCWxjzDSTJYCIMIf2C/7EhsfcVGzWAqyV2yG3iLd
+vnwcw6OUVZS2Dh8759MdvJUowtiIozHzYwCN69XB6EBN40RvR/aXXkbfDOKDIGwb
+HmeHzYuk+k/DPckTOcI=
+-----END X509 CRL-----
diff --git a/B3-Bornim/openvpn/keys/dh2048.pem b/B3-Bornim/openvpn/keys/dh2048.pem
new file mode 100644
index 0000000..5cc57cc
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/dh2048.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAnXqnqyXh6ONT/Xa2OupiIMCOeEPoidhdLpFV+voegHYuKRhIHUMd
+K7NgTQIsGid6bqFg6UplUOlh0ut6ASv8MG/u/Avy1HEq148Xrkxxe8eHhCrRd4n7
+g7huGLNkgnzGbRQaTuiUj5QFpobUI0QEN9SqHenmJoqCG0goQTqthQ0nBdmiV25T
+vL5eRm6Y+62Ye4G9J19h6Yyu8PElPdepYxDDhY0kI9zJHorWy+7ymudmwCA9+B3q
+/5WmvMsFvd5c99UFKWKn3zhjbwWSjdWYU8v4jl4DMALbPhc9dZnPDvkq4Jr59QTI
+vHoN9MabWkRMqUHAjukSTmwe7qWN0gjnEwIBAg==
+-----END DH PARAMETERS-----
diff --git a/B3-Bornim/openvpn/keys/gw-ckubu.crt b/B3-Bornim/openvpn/keys/gw-ckubu.crt
new file mode 100644
index 0000000..96df26f
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/gw-ckubu.crt
@@ -0,0 +1,97 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 22 02:25:44 2017 GMT
+            Not After : Mar 22 02:25:44 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=B3-VPN-gw-ckubu/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a0:12:ec:ae:52:b3:19:53:4d:f4:ca:96:dc:4f:
+                    b8:94:e3:ff:77:97:93:2c:63:1f:af:b2:d5:e9:d4:
+                    32:16:ea:b5:62:93:c6:49:e4:48:1d:38:8b:a3:ac:
+                    11:82:50:05:24:6c:d4:5e:9b:d6:06:e5:a3:a2:77:
+                    eb:3c:14:23:2c:d0:3c:2d:15:32:8e:79:74:47:2d:
+                    1b:1b:e6:bc:bb:cd:f1:d7:e4:25:67:27:d9:e7:14:
+                    96:78:2f:f2:2e:a8:76:df:0f:20:18:ab:d6:54:31:
+                    72:88:81:be:17:2c:0d:e1:65:9f:17:b9:88:e2:b8:
+                    d4:ec:3e:a4:61:46:db:03:da:69:2d:be:2e:24:b9:
+                    53:59:9d:3d:ef:2b:75:ef:1b:40:ea:f7:a6:b2:7f:
+                    3c:b7:46:e4:f7:6c:db:8b:cc:4a:cc:3c:df:0e:a7:
+                    8c:39:2b:30:53:4a:19:10:84:34:f7:17:19:94:eb:
+                    fa:63:84:ce:4b:8f:09:04:19:38:98:24:19:24:96:
+                    6a:cf:f1:3e:42:8a:9e:cd:16:c5:39:de:bd:1e:fc:
+                    e6:57:12:3f:b5:59:d0:50:b7:38:d7:75:99:b0:4d:
+                    62:d7:95:64:fb:b5:8c:68:20:61:78:7a:04:45:c4:
+                    15:8c:92:60:b9:9e:24:3f:b5:54:fe:92:4a:1f:4b:
+                    09:37
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                01:0E:AD:99:D6:AD:30:D2:45:B3:FF:56:26:D4:E7:8F:BA:BD:41:86
+            X509v3 Authority Key Identifier: 
+                keyid:1F:2E:5E:B0:40:0D:92:A7:09:83:DA:25:6C:19:20:9E:C9:60:CD:21
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+                serial:E5:9B:8C:3A:EB:E7:6E:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         16:30:40:fa:eb:4f:06:12:81:ee:94:67:b7:22:67:53:af:f5:
+         23:29:43:7f:fe:9d:50:94:cf:ab:a5:a9:f4:85:36:4c:2a:38:
+         f4:46:b4:01:5c:0f:59:3b:d7:39:2c:a7:d5:64:b5:63:83:ff:
+         e7:98:c8:94:69:cc:a5:8a:03:ac:61:c5:0a:20:46:7b:f8:86:
+         71:39:ad:a4:bc:fd:cb:dc:ed:27:95:2e:d7:f9:2f:0a:26:1e:
+         e0:1e:4e:77:94:c1:08:11:b7:5f:6c:e7:5f:a1:98:4e:a2:8f:
+         46:d2:e3:c4:b8:fb:c0:51:8d:5f:d3:3e:a0:81:e8:c6:46:ef:
+         89:57:7a:8f:d8:af:e8:48:c2:c6:64:ef:d3:1e:77:72:17:c4:
+         57:87:19:97:e2:04:e5:27:11:40:28:52:a1:fc:79:85:56:69:
+         69:0d:04:a5:8d:b8:fe:4b:ca:6e:4b:6e:bb:7e:a8:10:54:6a:
+         45:ae:49:2f:10:8c:8e:cf:d8:b1:00:97:62:ed:14:84:1c:1b:
+         5b:b6:3c:44:e3:8e:8c:ac:25:33:39:6f:9d:7b:db:7c:0a:4c:
+         ec:70:d6:17:32:e2:93:8e:33:fe:aa:e1:12:f1:99:1e:f5:f8:
+         5f:b7:94:77:83:4f:6a:de:48:1a:db:9a:62:dc:7e:87:00:87:
+         c1:73:fc:ae
+-----BEGIN CERTIFICATE-----
+MIIFOjCCBCKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1j
+YTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwHhcNMTcwMzIyMDIyNTQ0WhcNMzcwMzIyMDIyNTQ0WjCBqTELMAkGA1UE
+BhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQK
+EwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD0Iz
+LVZQTi1ndy1ja3VidTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJj
+a3VidS1hZG1Ab29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCgEuyuUrMZU030ypbcT7iU4/93l5MsYx+vstXp1DIW6rVik8ZJ5EgdOIujrBGC
+UAUkbNRem9YG5aOid+s8FCMs0DwtFTKOeXRHLRsb5ry7zfHX5CVnJ9nnFJZ4L/Iu
+qHbfDyAYq9ZUMXKIgb4XLA3hZZ8XuYjiuNTsPqRhRtsD2mktvi4kuVNZnT3vK3Xv
+G0Dq96ayfzy3RuT3bNuLzErMPN8Op4w5KzBTShkQhDT3FxmU6/pjhM5LjwkEGTiY
+JBkklmrP8T5Cip7NFsU53r0e/OZXEj+1WdBQtzjXdZmwTWLXlWT7tYxoIGF4egRF
+xBWMkmC5niQ/tVT+kkofSwk3AgMBAAGjggFvMIIBazAJBgNVHRMEAjAAMC0GCWCG
+SAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFAEOrZnWrTDSRbP/VibU54+6vUGGMIHYBgNVHSMEgdAwgc2AFB8uXrBADZKn
+CYPaJWwZIJ7JYM0hoYGppIGmMIGjMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczESMBAGA1UEAxMJVlBOLUIzLWNhMQ8wDQYDVQQpEwZW
+UE4gQjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOWbjDrr
+526ZMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNVHREEDDAK
+gghndy1ja3VidTANBgkqhkiG9w0BAQsFAAOCAQEAFjBA+utPBhKB7pRntyJnU6/1
+IylDf/6dUJTPq6Wp9IU2TCo49Ea0AVwPWTvXOSyn1WS1Y4P/55jIlGnMpYoDrGHF
+CiBGe/iGcTmtpLz9y9ztJ5Uu1/kvCiYe4B5Od5TBCBG3X2znX6GYTqKPRtLjxLj7
+wFGNX9M+oIHoxkbviVd6j9iv6EjCxmTv0x53chfEV4cZl+IE5ScRQChSofx5hVZp
+aQ0EpY24/kvKbktuu36oEFRqRa5JLxCMjs/YsQCXYu0UhBwbW7Y8ROOOjKwlMzlv
+nXvbfApM7HDWFzLik44z/qrhEvGZHvX4X7eUd4NPat5IGtuaYtx+hwCHwXP8rg==
+-----END CERTIFICATE-----
diff --git a/B3-Bornim/openvpn/keys/gw-ckubu.csr b/B3-Bornim/openvpn/keys/gw-ckubu.csr
new file mode 100644
index 0000000..a5bbb25
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/gw-ckubu.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC7zCCAdcCAQAwgakxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRgwFgYDVQQDEw9CMy1WUE4tZ3ctY2t1YnUxDzANBgNVBCkTBlZQ
+TiBCMzEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBLsrlKzGVNN9MqW3E+4lOP/d5eTLGMf
+r7LV6dQyFuq1YpPGSeRIHTiLo6wRglAFJGzUXpvWBuWjonfrPBQjLNA8LRUyjnl0
+Ry0bG+a8u83x1+QlZyfZ5xSWeC/yLqh23w8gGKvWVDFyiIG+FywN4WWfF7mI4rjU
+7D6kYUbbA9ppLb4uJLlTWZ097yt17xtA6vemsn88t0bk92zbi8xKzDzfDqeMOSsw
+U0oZEIQ09xcZlOv6Y4TOS48JBBk4mCQZJJZqz/E+QoqezRbFOd69HvzmVxI/tVnQ
+ULc413WZsE1i15Vk+7WMaCBheHoERcQVjJJguZ4kP7VU/pJKH0sJNwIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBADVuBSLICq4H4uHH5Kelj4xkfahSVfwgX69uumJI
+qqmX4ByVxmbdrJ+6ySGJUeI4kIQxLnR/ah2SNRVChUMe1/yx9UEdX8VzL0kAeyT2
+8fve2gJzL8W9Kmmi9BXpwmfoK3yvlP2W/PI8i3yDinXigSjRNMe8tPqYF+7hP3f5
+le7TkTC5a9ztVFm6il+VO3JY9y9bzV14DMOU6YFrtaTQoHwyk0X8BDqJTVt3/5lU
+Q8x6w/GJ2AKQvWlbynubF69fti3j/PtpmFgX5zVLAs5W7INGwDs0o6FHakJJFShO
+alfv8G9WIZkloe4TE9aXaKZCL3/w1AekCLEFWTY6tCt3ezE=
+-----END CERTIFICATE REQUEST-----
diff --git a/B3-Bornim/openvpn/keys/gw-ckubu.key b/B3-Bornim/openvpn/keys/gw-ckubu.key
new file mode 100644
index 0000000..63e793b
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/gw-ckubu.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIFoCf5M5Q7nwCAggA
+MBQGCCqGSIb3DQMHBAg/IMWDanMqPwSCBMgU7zQul5AkX/TrxXfYu6f1PRJEpfb/
+v6F9NXOH42JaWp7VDTI/aQgToi0q+qZRE3GCj9eCGsv7XcltWVtt0c0Qd3jHB+N3
+IRXAqNH5dUhpuBJstMBFrYL01TbPkg7fhGhtYYJIJz11BTiwllZULGEJXTXyiusI
+zWnkt37KdnhOaWVhAHaf+gWQayB/rMiI5HM4dkdgHm/VQKBrOQGJYn8LMqLqmHKd
+kLYeYultYkPtcqDRpnxERbtLXItC2PneKU2WKPwsmCsCy6CTIJoSF6FAxluv8jhO
+etLKAzLiDRg9Q/xB+50o8ouRHtNLFSo4FoF7BSeS7ZfdVfRKMMpzUzzRys4KVQry
+vXng3IQVxLzHEEZAP9HXcGNuvXeFq5LC72oCSob0ynpPdaTnI00O8vLBib93RfIh
+Wn4Tsc7w8Ls3AWhFStkz+8sJ6iewgcp0BlhWLBbTn38sIhW9vG20zAR/CvOpT5vT
+8lxLrphsbOuf1HsH7vsYbzsXAwB5Jpu6NCpuiDS4NaBKZAAVmBi37tAc3KbTlUzx
+BUhxlrwwDSdQ8j2KXk+/LAXpXM3oj9fKyDOIzuQtFXP7dV9ohX6YHocwMoQCgCl/
+ab7mw0ouIb5uUwR5s8dFfFl8scWPsvs9/BALC+ZAfvWBaWvq9dCrngdciM90Sg1c
+CQjsBSGMbUTSSgxQE/DdI/mMRa+gqVLe6IniRB/RoKyyBdufkkqhNf2D/d0Ll5uF
+yPKvuOJxYHwGPnwknGQrBCe2KMRotzCRliMZ2ua5SPe2fhnVJ0E3jTgABz+ArZhN
+XNBAjY/lM80App2NFP6A2p1ryxf5M9j/qbiGFyPaXsnFHT/8Iku+FErWzRQ0fASQ
+SC/8kuGWWafwKig6wjHDv6yrIYrtzWiLd5OTpi6QqD1JY19s4pP04v50XL9F9scK
+ypESdCcZz9+Q18N4yxREKbCviThpTy3FBoWa1v4SZeerAroUdhGJjXzWfypzmHo4
+21J004Dhb7XXKfqsE6MU1TVDQ64Qg/NalULs3LAdHCfur/JR2Htme7/k3jAuJNDF
+SPu8PNVH9lnUcxaMVOIMfYtcwMCCn6lW25WqbKPG/VIir4WG2HmGxqbEqugNgt1H
+VTxV2uYU1CGEGTlR/EgiI0QDGjVfVLHgugvnTY0T3w7r1kfYKhyyggQ5k3mqvPFX
+4B5lm2cCUYBlg4hkWsCTOs+dBG4zB54fl1kfkZ34u9BoTSOFoBi5v0Jhg1CQEgxH
+Gesw0YH/gqR2UiWzzwQf/K3WFHaawSmK94ChEMLX6FIUbLwBC4Y9I4J0oT2wfXgi
+pzyXR2BL8ccCXlSIzvxDLie3jCgBtuwxAUkK3QifE2+ksM2+3cZk9FMXVlVnGYyz
+bTqTxZ/RJCNFIZr2Z2gl2uBhU3Q1k8aWyF6Yu+q1FxtMzIyltYgTUia72vkyGCLG
+O0mqRbsxW5RaPpIC7P1fj3IQ5IjvamDPhpG0nXX9RXNlGjRn8QbPX7NEk6WCVgc7
+dpNAaZOY68LoQpw344GVWXl5O8sQvrQuLMzoIeeMNlGxK9fjFsf/vUDz3JNy0Q8Q
+dni2K4UplAMnfeG+A2DcGQRQ11MRLLJ9cIT2z4lLvv1Vd+Lbv31O1ucdh6kuQbMG
+WXY=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/B3-Bornim/openvpn/keys/index.txt b/B3-Bornim/openvpn/keys/index.txt
new file mode 100644
index 0000000..4088f42
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/index.txt
@@ -0,0 +1,6 @@
+V	370322022216Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=B3-VPN-server/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+V	370322022454Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=B3-VPN-chris/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+V	370322022544Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=B3-VPN-gw-ckubu/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+V	370322022625Z		04	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=B3-VPN-ingo/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+V	370322022704Z		05	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=B3-VPN-matthias/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+V	370322022747Z		06	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=B3-VPN-susi/name=VPN B3/emailAddress=ckubu-adm@oopen.de
diff --git a/B3-Bornim/openvpn/keys/index.txt.attr b/B3-Bornim/openvpn/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/B3-Bornim/openvpn/keys/index.txt.attr.old b/B3-Bornim/openvpn/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/B3-Bornim/openvpn/keys/index.txt.old b/B3-Bornim/openvpn/keys/index.txt.old
new file mode 100644
index 0000000..ea85d1d
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/index.txt.old
@@ -0,0 +1,5 @@
+V	370322022216Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=B3-VPN-server/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+V	370322022454Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=B3-VPN-chris/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+V	370322022544Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=B3-VPN-gw-ckubu/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+V	370322022625Z		04	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=B3-VPN-ingo/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+V	370322022704Z		05	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=B3-VPN-matthias/name=VPN B3/emailAddress=ckubu-adm@oopen.de
diff --git a/B3-Bornim/openvpn/keys/ingo.crt b/B3-Bornim/openvpn/keys/ingo.crt
new file mode 100644
index 0000000..7049a71
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/ingo.crt
@@ -0,0 +1,97 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 22 02:26:25 2017 GMT
+            Not After : Mar 22 02:26:25 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=B3-VPN-ingo/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c1:ab:6d:d9:5b:fe:ce:60:c5:fd:f3:66:77:57:
+                    2a:05:af:c6:f9:ac:97:6d:29:43:d4:4a:9c:1c:8f:
+                    c1:00:38:47:6a:cc:55:5f:00:a9:98:fc:62:7e:ae:
+                    41:52:b9:44:a0:47:69:d1:e3:7a:db:0b:d0:0d:cf:
+                    71:d2:bc:43:92:9a:e9:80:ee:f0:d8:9d:67:3d:b1:
+                    da:39:f3:83:f5:d7:87:17:e9:b3:bb:0f:74:c3:7e:
+                    9f:c4:3c:0f:6d:43:94:63:e6:b6:55:c6:ec:d6:f1:
+                    08:b6:eb:cf:ae:a5:a8:61:f4:79:b0:a4:3f:e0:55:
+                    86:3b:22:a2:79:a9:04:ce:ba:78:1a:96:3b:e4:2e:
+                    1a:89:ba:1a:81:6c:9d:ea:54:6a:30:71:db:31:7b:
+                    c5:17:d1:40:8c:66:c8:8a:a5:c4:50:5d:97:0c:9a:
+                    42:2e:a6:41:67:8b:ef:93:af:28:42:b8:3f:65:0e:
+                    1d:1c:15:69:6f:4b:09:e1:54:d3:f9:fe:2a:a6:e8:
+                    cd:01:0f:ec:97:5a:62:28:7a:14:ab:f9:30:ed:5b:
+                    e0:e2:e6:02:9b:50:65:ac:1e:35:0f:76:b4:4e:ad:
+                    44:7a:66:5a:33:28:7c:b2:46:c2:ea:67:5f:cf:be:
+                    74:aa:0d:a8:f8:8e:4c:e9:95:d2:ca:11:ad:cc:f6:
+                    67:9b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                51:5B:AE:97:12:72:A4:2A:44:72:38:38:53:BF:14:F6:8F:88:0E:18
+            X509v3 Authority Key Identifier: 
+                keyid:1F:2E:5E:B0:40:0D:92:A7:09:83:DA:25:6C:19:20:9E:C9:60:CD:21
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+                serial:E5:9B:8C:3A:EB:E7:6E:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:ingo
+    Signature Algorithm: sha256WithRSAEncryption
+         63:66:7e:a1:53:e4:7c:55:5c:4a:cb:51:9e:10:b2:c4:21:b5:
+         9c:7d:3f:c0:b6:ea:cb:a9:07:32:76:eb:ad:0d:cf:cc:2a:85:
+         ca:d7:86:e3:6e:00:f0:70:29:f0:5f:73:1d:13:e2:bf:2d:99:
+         e6:33:65:af:6a:5b:d5:c1:4b:74:df:07:ab:a0:6f:49:7b:e3:
+         92:09:89:88:ce:3a:67:6e:d6:8f:fb:b8:9b:93:87:ad:1a:25:
+         b8:db:8e:92:d1:18:a5:f0:e1:c9:ab:0b:f6:9d:46:79:5d:d0:
+         24:44:eb:4b:5f:59:1b:f4:e3:92:ad:55:5e:af:af:2d:44:e3:
+         95:c5:de:1c:eb:c6:07:f6:5c:94:84:4d:41:33:c9:94:86:53:
+         63:95:e6:41:14:42:32:e2:88:b8:e8:23:44:fb:d4:19:0d:e6:
+         69:db:ff:97:e1:87:7f:72:4b:4e:3f:6a:49:50:60:eb:66:b4:
+         b5:4f:c6:db:93:fd:e8:b6:d1:b6:e4:b8:90:9d:65:e4:77:10:
+         d2:a5:0c:c3:0e:5f:7d:1d:0d:fb:ff:ca:1b:4f:d3:1c:c4:ba:
+         b8:c3:69:f1:04:ef:6d:21:93:11:4b:59:29:09:2c:e9:37:91:
+         c1:9c:17:3a:d2:55:e5:2f:0a:1a:4a:82:ae:d9:37:58:12:15:
+         8e:2d:19:f2
+-----BEGIN CERTIFICATE-----
+MIIFMjCCBBqgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1j
+YTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwHhcNMTcwMzIyMDIyNjI1WhcNMzcwMzIyMDIyNjI1WjCBpTELMAkGA1UE
+BhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQK
+EwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC0Iz
+LVZQTi1pbmdvMQ8wDQYDVQQpEwZWUE4gQjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1
+LWFkbUBvb3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGr
+bdlb/s5gxf3zZndXKgWvxvmsl20pQ9RKnByPwQA4R2rMVV8AqZj8Yn6uQVK5RKBH
+adHjetsL0A3PcdK8Q5Ka6YDu8NidZz2x2jnzg/XXhxfps7sPdMN+n8Q8D21DlGPm
+tlXG7NbxCLbrz66lqGH0ebCkP+BVhjsionmpBM66eBqWO+QuGom6GoFsnepUajBx
+2zF7xRfRQIxmyIqlxFBdlwyaQi6mQWeL75OvKEK4P2UOHRwVaW9LCeFU0/n+Kqbo
+zQEP7JdaYih6FKv5MO1b4OLmAptQZaweNQ92tE6tRHpmWjMofLJGwupnX8++dKoN
+qPiOTOmV0soRrcz2Z5sCAwEAAaOCAWswggFnMAkGA1UdEwQCMAAwLQYJYIZIAYb4
+QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
+UVuulxJypCpEcjg4U78U9o+IDhgwgdgGA1UdIwSB0DCBzYAUHy5esEANkqcJg9ol
+bBkgnslgzSGhgamkgaYwgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMRIwEAYDVQQDEwlWUE4tQjMtY2ExDzANBgNVBCkTBlZQTiBC
+MzEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA5ZuMOuvnbpkw
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaCBGlu
+Z28wDQYJKoZIhvcNAQELBQADggEBAGNmfqFT5HxVXErLUZ4QssQhtZx9P8C26sup
+BzJ2660Nz8wqhcrXhuNuAPBwKfBfcx0T4r8tmeYzZa9qW9XBS3TfB6ugb0l745IJ
+iYjOOmdu1o/7uJuTh60aJbjbjpLRGKXw4cmrC/adRnld0CRE60tfWRv045KtVV6v
+ry1E45XF3hzrxgf2XJSETUEzyZSGU2OV5kEUQjLiiLjoI0T71BkN5mnb/5fhh39y
+S04/aklQYOtmtLVPxtuT/ei20bbkuJCdZeR3ENKlDMMOX30dDfv/yhtP0xzEurjD
+afEE720hkxFLWSkJLOk3kcGcFzrSVeUvChpKgq7ZN1gSFY4tGfI=
+-----END CERTIFICATE-----
diff --git a/B3-Bornim/openvpn/keys/ingo.csr b/B3-Bornim/openvpn/keys/ingo.csr
new file mode 100644
index 0000000..e48305d
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/ingo.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC6zCCAdMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRQwEgYDVQQDEwtCMy1WUE4taW5nbzEPMA0GA1UEKRMGVlBOIEIz
+MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDBq23ZW/7OYMX982Z3VyoFr8b5rJdtKUPUSpwc
+j8EAOEdqzFVfAKmY/GJ+rkFSuUSgR2nR43rbC9ANz3HSvEOSmumA7vDYnWc9sdo5
+84P114cX6bO7D3TDfp/EPA9tQ5Rj5rZVxuzW8Qi268+upahh9HmwpD/gVYY7IqJ5
+qQTOungaljvkLhqJuhqBbJ3qVGowcdsxe8UX0UCMZsiKpcRQXZcMmkIupkFni++T
+ryhCuD9lDh0cFWlvSwnhVNP5/iqm6M0BD+yXWmIoehSr+TDtW+Di5gKbUGWsHjUP
+drROrUR6ZlozKHyyRsLqZ1/PvnSqDaj4jkzpldLKEa3M9mebAgMBAAGgADANBgkq
+hkiG9w0BAQsFAAOCAQEAcfANYU+IUWT3uOG53DqENmx0gbVB7UirvBEHqh7EFDLK
+JJ+VTpR0K7bPXHLWZoKFhTXt8jPD2bpx25+Kwboh+9uR17loNgis6Ifr0SgXDI1t
+Qn+IfB6Y6P1IJNTL5hMeuIs1x5wuU6EA1P3wM/42ZzJyBOrPgUkRMkf5hmrVimwB
+hR3LsnnBr7AGqzFBZuN2I3tNsHqIOcbIHmEZJfIEwITDHVEJ+wEEZVA9pjXsj3Cd
+3hbsUf8eXGniRdSbeDZPI4Ekab4dR+SiR1Z+M/UC45PNjS0rfK3M7I/1rCipT506
+CwUSXCeuN23Ld7KGUCIg78ZqvQySKOubTN8hPfH4rA==
+-----END CERTIFICATE REQUEST-----
diff --git a/B3-Bornim/openvpn/keys/ingo.key b/B3-Bornim/openvpn/keys/ingo.key
new file mode 100644
index 0000000..6eedfad
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/ingo.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIrr3UfJ98RGcCAggA
+MBQGCCqGSIb3DQMHBAiiGKJtZCU09wSCBMg27Hq3ED23Yh7iKrmDLyLvSMyFmlJm
+n6Pn6URs29Urh6PryZSnbVxjwtCJPU4A3BwXmvyHLZOIJZbji09QCPkQvCfxUnVP
+ti6D/SowdEgdv0GFGH1X4ZiFOSFciDlt7bQBKIY4LppVqd9TxwXOe07RFQZVlJdo
+3FHo+6ct5qiXwa+vLvAu+zuRGpQdFKXRNx5l7e28hlusIOD4aAysddKaYGL3w0MO
+XWsv7T0ezv5a7gHBBOz9mMTHQz3x0xiE1Xy4bKTJVyeglDrSvnkZhb/L9GH5ycw2
+/0IEEaWE/GCNWWDzT2/v6HYIrH+83QR7j241R7Q3HtJmfiGqaBI9oElUf8tcR6re
+qoHzomzGSUc+fbtDhSPLlYdt8av7SbTmD/YL41eaeATqk0d7gWzXsl54jHEo//UC
+wWbxA8cR+hVs0wiByXQoT7DtczPOl2u6cwWwR+7btFO5oNEcciOwmyVBltW9ksKK
+nHGasx8c5e2pqzEA3yKr13HwewrhJ90i5gPzHDkzyXWt2IGWC2HDeWDXuxbHDUPM
+1lwacx90RDSM9a+Nfiy9Pk3WLfpScaeN0M6ir+QKvDKaZfFfRvOyB2PfnNorm9ce
+i+1M+6MZhi0p8n1VriFYjdjvzRGrdzWgDjrnDNR5/0LL71u/ltLCZE1pt9KuLWYk
+Qpi1gcBG4bb0xb4Kbte0YdJ7dlrTSbfQFNt5LKw+M8kRvLkRRirb9JpTE2w8IC7W
+jrFN+xjbFOjkxdef0CluGL9rhAZ8fk/WpOm2WpsBoXy0/JDURMQYLXGdgRoaVArJ
+fc7J3Hh8/v0EvbbP7L43I9vIOsqwq6GsdndIRjak5XElT7wsACTaFD6qO5xIGgkk
+MK8YLIpt5Pe4hvwbHNMKBcYgpWof3f/yOT0ZxzTkSR6c7bFJP58N88zf0OWtUL1P
+Lc3t38DRkPFrk4W36tQyLWStxfKGyY77VbtwGj6+3H4qIeYuG+aORDcjPWnbcksH
+dSDmLYprcpXeiYRLpnjRLqkMzeq2e5auNygVIB1lOamztjgOJcn3TsX7yxEgvaYX
+ll76FIcaZ3T3vspRRe7Q6tk7LH7mArxAjAVBVpxrIhqWlou5Vl2G5lkpWXZ5kXdt
+AQ2S8UK6BwFkXzggekR2IxOceE7iIdJvXFTsKVWb9yau3wbS5+gzTxmKWkz1Xk7I
+KGjs9Y/ar9XjtTh2kKkYgqqFt77pZ1rm0HVVnhJn7aRDG4Fj5z4vAG3mmVZt/v6n
+kTANOIe4RnLLuD+A1HMIVjiKCuhEYuvemSsGJdT9qPQPzgXS1mjToOwXYa1fFC90
+xfEgSGuvIalrS1jL5+6sRb/8JNRfBwUbGyPXRNBlzQngVeR7Dc68Q7hWCliZ5DxJ
+EWKx8/1NiMvHWV9NEUbYvwkxgw1HkXgu1m3Dl/27goHzmTG9QIrXnXpugS5RqaRg
+0r4t45WMUq4CqrNzV9YGG4kJw6Go+YpY8jgkpesxA9qQvWuKOu+3JdM8i/5BVglb
+0NcNqYOIHVxdV/u+4eR62cL0KQ7WUugvaFoDBiuunAXIXatr6zLXX0JZzhuTKCNp
+XRXHTWgamSOVoXm88g3/CZW/XRWmvUGXWiC2ZEzJEuNKnu7RdQDdIULY/u3jKNKX
+FfQ=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/B3-Bornim/openvpn/keys/matthias.crt b/B3-Bornim/openvpn/keys/matthias.crt
new file mode 100644
index 0000000..2f6b347
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/matthias.crt
@@ -0,0 +1,97 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 22 02:27:04 2017 GMT
+            Not After : Mar 22 02:27:04 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=B3-VPN-matthias/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d2:22:e5:ab:8d:2b:28:95:69:10:c3:ba:f2:9e:
+                    f4:f8:47:f2:81:fc:b1:35:70:fc:70:f4:e1:d1:4c:
+                    4e:b4:2b:7c:65:76:b0:88:15:07:11:c8:47:16:4b:
+                    91:98:80:c1:f2:51:1b:8c:77:87:e5:ca:06:14:7c:
+                    5b:2c:c4:ee:6c:de:2c:af:11:1c:2e:0b:74:73:6a:
+                    9f:8f:7f:1c:6a:5b:24:28:01:19:86:3a:ff:6d:48:
+                    56:7e:20:7c:94:d5:db:2e:a9:9f:f1:08:7d:9f:ec:
+                    b2:6e:8d:6b:6f:20:df:47:28:a8:e5:b8:29:92:b5:
+                    a0:93:29:b7:42:d0:0d:06:12:ec:39:fb:39:73:b8:
+                    ce:5d:9d:7c:a6:01:c3:e9:6d:39:83:07:16:8e:89:
+                    d0:69:c1:17:27:a5:5b:0c:41:41:36:86:10:62:73:
+                    ae:3e:88:48:bb:96:bb:aa:be:b8:5f:98:a6:4f:22:
+                    b8:01:c2:37:b2:36:9c:de:f0:a4:86:75:af:9a:ed:
+                    1c:71:29:78:5d:0d:65:18:85:91:7a:4f:ea:4a:93:
+                    1c:9c:be:7d:cd:95:eb:d0:28:f4:a7:c5:8a:2d:9e:
+                    c8:30:93:51:15:4c:8a:f0:ed:a2:ae:72:77:60:26:
+                    66:c2:df:7e:4b:aa:dc:dc:5c:cb:27:7d:7b:37:2e:
+                    d1:c1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D7:D3:A3:1A:84:6C:91:0A:6D:57:6E:BC:19:6B:25:50:5F:FC:27:9D
+            X509v3 Authority Key Identifier: 
+                keyid:1F:2E:5E:B0:40:0D:92:A7:09:83:DA:25:6C:19:20:9E:C9:60:CD:21
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+                serial:E5:9B:8C:3A:EB:E7:6E:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:matthias
+    Signature Algorithm: sha256WithRSAEncryption
+         b5:74:5e:d8:6c:a7:82:02:02:17:b2:db:f8:8b:a2:40:af:e4:
+         50:b1:bf:04:42:91:21:80:b5:b1:29:ef:d6:d8:03:9d:bf:a9:
+         73:13:02:8b:74:02:0c:07:6c:4a:79:e8:49:ae:e5:63:a6:61:
+         01:bf:18:a2:2f:00:5f:ef:ac:79:bd:62:93:5c:1a:1f:7e:50:
+         29:ca:51:e6:f8:aa:c3:96:5b:6c:cd:71:19:20:24:3f:c6:95:
+         22:62:1b:51:cb:80:6c:0d:5c:1c:ca:5c:a1:95:1a:fd:27:61:
+         6c:ce:cf:81:19:78:2e:08:9e:14:35:05:0e:0f:a3:b9:d5:44:
+         97:f1:35:9a:94:fb:3a:ee:c2:16:21:07:59:d8:ae:21:47:73:
+         24:da:7d:ba:d4:ab:63:80:2d:79:44:04:fc:51:0f:3b:fb:b3:
+         1e:3b:d8:f8:27:34:22:63:4f:ad:aa:43:99:a1:ac:39:1e:99:
+         ca:df:46:bd:4d:c6:69:3d:63:e6:f4:c1:8a:71:3a:9a:e6:05:
+         a7:04:38:f1:d8:31:f4:31:3d:f9:a7:28:94:73:bc:1a:27:c6:
+         35:9b:5a:ad:c1:58:de:eb:9a:cc:0a:93:a7:be:4e:3f:90:c3:
+         d7:23:6d:4d:eb:48:dc:da:d4:0f:cd:9e:51:7c:d8:39:eb:1d:
+         f9:d0:73:2d
+-----BEGIN CERTIFICATE-----
+MIIFOjCCBCKgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1j
+YTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwHhcNMTcwMzIyMDIyNzA0WhcNMzcwMzIyMDIyNzA0WjCBqTELMAkGA1UE
+BhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQK
+EwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD0Iz
+LVZQTi1tYXR0aGlhczEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJj
+a3VidS1hZG1Ab29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDSIuWrjSsolWkQw7rynvT4R/KB/LE1cPxw9OHRTE60K3xldrCIFQcRyEcWS5GY
+gMHyURuMd4flygYUfFssxO5s3iyvERwuC3Rzap+PfxxqWyQoARmGOv9tSFZ+IHyU
+1dsuqZ/xCH2f7LJujWtvIN9HKKjluCmStaCTKbdC0A0GEuw5+zlzuM5dnXymAcPp
+bTmDBxaOidBpwRcnpVsMQUE2hhBic64+iEi7lruqvrhfmKZPIrgBwjeyNpze8KSG
+da+a7RxxKXhdDWUYhZF6T+pKkxycvn3NlevQKPSnxYotnsgwk1EVTIrw7aKucndg
+JmbC335LqtzcXMsnfXs3LtHBAgMBAAGjggFvMIIBazAJBgNVHRMEAjAAMC0GCWCG
+SAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFNfToxqEbJEKbVduvBlrJVBf/CedMIHYBgNVHSMEgdAwgc2AFB8uXrBADZKn
+CYPaJWwZIJ7JYM0hoYGppIGmMIGjMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczESMBAGA1UEAxMJVlBOLUIzLWNhMQ8wDQYDVQQpEwZW
+UE4gQjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOWbjDrr
+526ZMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNVHREEDDAK
+gghtYXR0aGlhczANBgkqhkiG9w0BAQsFAAOCAQEAtXRe2GynggICF7Lb+IuiQK/k
+ULG/BEKRIYC1sSnv1tgDnb+pcxMCi3QCDAdsSnnoSa7lY6ZhAb8Yoi8AX++seb1i
+k1waH35QKcpR5viqw5ZbbM1xGSAkP8aVImIbUcuAbA1cHMpcoZUa/SdhbM7PgRl4
+LgieFDUFDg+judVEl/E1mpT7Ou7CFiEHWdiuIUdzJNp9utSrY4AteUQE/FEPO/uz
+HjvY+Cc0ImNPrapDmaGsOR6Zyt9GvU3GaT1j5vTBinE6muYFpwQ48dgx9DE9+aco
+lHO8GifGNZtarcFY3uuazAqTp75OP5DD1yNtTetI3NrUD82eUXzYOesd+dBzLQ==
+-----END CERTIFICATE-----
diff --git a/B3-Bornim/openvpn/keys/matthias.csr b/B3-Bornim/openvpn/keys/matthias.csr
new file mode 100644
index 0000000..523d4fb
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/matthias.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC7zCCAdcCAQAwgakxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRgwFgYDVQQDEw9CMy1WUE4tbWF0dGhpYXMxDzANBgNVBCkTBlZQ
+TiBCMzEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0iLlq40rKJVpEMO68p70+EfygfyxNXD8
+cPTh0UxOtCt8ZXawiBUHEchHFkuRmIDB8lEbjHeH5coGFHxbLMTubN4srxEcLgt0
+c2qfj38calskKAEZhjr/bUhWfiB8lNXbLqmf8Qh9n+yybo1rbyDfRyio5bgpkrWg
+kym3QtANBhLsOfs5c7jOXZ18pgHD6W05gwcWjonQacEXJ6VbDEFBNoYQYnOuPohI
+u5a7qr64X5imTyK4AcI3sjac3vCkhnWvmu0ccSl4XQ1lGIWRek/qSpMcnL59zZXr
+0Cj0p8WKLZ7IMJNRFUyK8O2irnJ3YCZmwt9+S6rc3FzLJ317Ny7RwQIDAQABoAAw
+DQYJKoZIhvcNAQELBQADggEBAALa3dTu2onH5r14HWywOaaLQ056pn4ReFxTd9RK
+Dyw7Dr9YYemas0Ipw4qf5ZR6iqMuFTFomzlb/CfmZitV57ECWOGCU+HR3nTPEUw+
+aF/Abp2OOAfYhUR5zFjRJldzpHfu0ETXJstT9bFkqK2h910NjSroQA1rRDEnVn/a
+GARUZMK1ECf7qE4E/tFAzCBtF09oDT4iFP1QQG2fyHyOMcXQTl642V6pA1jwER9D
+EfpONJ4B76q+7mCC5eBUssHE+Qkv2afz/LmOztnc5NAlWRjx5WJJwQjrmZfE/0R5
+0Kd9tSjyP1PmB8vTFg49cQmiJl438K8C+4pBvcTuwAxgY6s=
+-----END CERTIFICATE REQUEST-----
diff --git a/B3-Bornim/openvpn/keys/matthias.key b/B3-Bornim/openvpn/keys/matthias.key
new file mode 100644
index 0000000..8a93ccc
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/matthias.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIMM2QT5WzWxMCAggA
+MBQGCCqGSIb3DQMHBAjMsm+2Ob6rJgSCBMiuNO+UWfJow5sGnMjQ56kiBTLt9AV7
+dZAurCXKimQuoqF+tgUEC0ZMMd+usVua/Gn67eaq+UnHYXL6e6L1tJR1/r0P3mre
+cIrVngwXsl5ajgtOVcU9rGm+a1maCos0iZuU2pMDR/DrvdjUEdejImDr4XOGrrI7
+WW0NpdmN8ix4F7dFk5RPmELi/c7tvWIm98SwaO52foGjrFS7GWBjY9UCdTWkF6CB
+tORSCANd4DPv7+gsERuAvU8eweP3TligvYjsMEJATEATUYPso5QFzCUAskjV6N5l
+aaAiUvLI0+dc/1TMG7H9C5UO1Lujr0zCA6ZtuE+xAt5+a5XP81PZQWklW/LX6AcW
+ipuswDUmuaYBDf/fvvNBMJMGzKj+JC0LGjm4VDuwBcR/z454P/5OXOHsgmSyIuDC
+9K/q95VlHKxhjfSlXX+HGvbKYl8zCaGIzbQtTDB8DdZFOAq+f5c+BsE9lw0/6aAv
+JI905UAFTNoMIRJ81YUabBdl8y4pun3ns/2TZgvv1ZKALxyKueDnSXvY26/mHqVG
+uKZU0+HX49EVymoDJntGMbZSHb3YgzmpwMPYeN988CcOwZ1R/oU+jDGlR6KUJSJQ
+mMMQy8+mVsHi6/nowMI0ggT+tnoBEHoBwmCIXdzgMuyPSDhNhntMNleHYkO33A1C
+K0wJN1Z3p6DlrIBCrlE/so1OQbBbR4G/Ce1X8H7Y0Omt3l2p2ip4ebGDqc5ao6Gb
+XyPciUrf06fjpstmO4DvvSFE6sH8ZgN0gch3vQMUMRrQWhzRXtmS5i/H/HwTO/3Q
+3+kS7dwgKVaS/3PaZmWjxiVq9G7rtXYz5KPL1nToLcwoXn4QXggPa7xn0Vbwaprm
+mdNfweKEICJQcHCTeadSCJoTJNm1/kJaSHSrQb7lWwJRb4ibtsqcDIMTetduSgPC
+FuxjxT1sRdAnihqhyNOa7UXPO2Pq1wEx+6JCk5RvBfsFhpVV18euZcyj4U+mJiQ8
+fDHqiewTik8ibEdZTUS/ATZ0zaPdNlaDZUnNvWRm1JH/I9JwfNiD+vet5DcuBYDy
+I0kpAG6L+j5x49UElg1EMgrg8XZ1HAtV7TELLsVzJqA9lLKupzVMMM3wtU5HEXwY
+djNXtnz4S57l5JeTuYuelVgBgC7C64CacJ6dyBenFDEePx8jzwqhIXxjrJUj7rAj
+f2tEzZYdjl/TN3LeFhMX4KS9FAkaAvZVL/6QalgQQPnX/ApVQWgRS9bgvyzPZ6Vi
+eL7k7QDEyjQXwUHkDkmKwxvohUjKEw4KWyG4snNdj04U/mEmW9Gh9sJVouykUtGU
+txo4PVXBUXWzmbdJ268TwTLDLrJmMeFQiZLsAehIbSsHMwVU7r5+euR5+rgNWFJW
+aJWlwXMc56PJPHdDfEklaURpfnCldbN+E5tdPBfc8BKGZ0BWrl2sy5Ak0N8jLW/S
+NpgGUlOObQ1aQoaG/LapjPBpz8R7T+uNVtrUPCwLPFyoEfVEmXL4cklr2r55ldkd
+U3GLO2yhRnA7jb2UG6zsorx8Kmc9AlbHi45TBQ9Kaj+T16Oo3ZCnVbdJmB/4BG4z
+AI01Znps0WQ+Uo+Cc/Xj8xzaFIA85wYJMiaUCzR3Sw1t9Y2VZPmI/8kb3dTTLMbh
+gHA=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/B3-Bornim/openvpn/keys/serial b/B3-Bornim/openvpn/keys/serial
new file mode 100644
index 0000000..2c7456e
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/serial
@@ -0,0 +1 @@
+07
diff --git a/B3-Bornim/openvpn/keys/serial.old b/B3-Bornim/openvpn/keys/serial.old
new file mode 100644
index 0000000..cd672a5
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/serial.old
@@ -0,0 +1 @@
+06
diff --git a/B3-Bornim/openvpn/keys/server.crt b/B3-Bornim/openvpn/keys/server.crt
new file mode 100644
index 0000000..98db11e
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/server.crt
@@ -0,0 +1,100 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 22 02:22:16 2017 GMT
+            Not After : Mar 22 02:22:16 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=B3-VPN-server/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:cc:97:ca:e4:d5:10:43:3b:8d:1e:a3:37:01:01:
+                    1d:09:b1:98:cc:f2:86:f8:c5:e9:a6:11:34:93:22:
+                    0a:7e:ec:9a:08:34:1d:b2:d3:db:49:8b:85:f7:a7:
+                    44:63:06:32:76:dc:93:ff:80:34:7a:8c:a1:a6:b4:
+                    0b:d3:2f:32:6f:52:bf:37:19:4d:03:6f:30:f3:6f:
+                    c2:cd:28:2c:d7:4a:bf:ec:90:35:7e:d6:93:26:ed:
+                    b6:24:ac:0f:c7:e7:04:60:c4:ed:01:cf:54:14:a1:
+                    9b:66:6b:17:82:be:ff:1e:30:2e:05:3a:a0:75:60:
+                    d6:8e:af:38:70:db:5f:72:79:3f:60:40:82:2b:97:
+                    26:82:8a:8a:f5:bb:17:9d:75:01:e0:7d:6d:4c:9c:
+                    15:7e:cd:fb:5e:01:f5:73:71:29:73:43:ab:6d:b6:
+                    08:1c:97:27:d0:5c:57:8e:7f:f8:b4:62:95:e0:a8:
+                    79:bc:e8:66:71:b7:8e:56:7c:65:49:b1:ca:9c:1d:
+                    0d:12:8c:ae:fb:95:c2:46:7b:5e:8c:db:63:7b:fe:
+                    48:fa:7b:7a:c6:d3:80:84:89:dd:ff:81:59:f6:c6:
+                    51:96:7a:21:58:c8:5d:57:06:ca:9b:e2:d0:3c:4e:
+                    4f:fa:1e:7b:e9:0a:cc:d6:85:b1:67:18:32:85:e0:
+                    45:53
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                FB:4E:20:BC:76:45:51:1F:F4:B4:28:8C:9F:B2:6C:45:01:88:12:E7
+            X509v3 Authority Key Identifier: 
+                keyid:1F:2E:5E:B0:40:0D:92:A7:09:83:DA:25:6C:19:20:9E:C9:60:CD:21
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+                serial:E5:9B:8C:3A:EB:E7:6E:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         ab:2c:b0:a8:a6:df:75:a7:9b:c4:f5:00:c4:a5:06:4a:16:d0:
+         17:7d:61:35:f5:97:3e:6b:14:a7:32:31:6b:f8:68:3f:45:13:
+         cb:72:20:fb:6b:ff:cb:b9:b2:60:3e:eb:b5:6d:5f:10:4a:39:
+         cd:1e:bc:ec:8d:cb:0d:b7:40:e7:d7:2d:ba:c3:e3:f4:ec:24:
+         34:9d:e0:0d:d3:d7:30:6a:e1:ed:50:1a:f2:47:51:57:5d:6f:
+         5c:cb:11:d3:c4:f1:ea:f4:09:ee:c2:5a:3c:92:41:54:01:5f:
+         1a:33:fb:f1:8e:f9:0a:8f:8f:74:f8:9b:39:8d:ef:10:06:3f:
+         b1:3d:e2:80:0c:4f:76:fe:d8:c2:04:d7:58:d7:4d:2c:a5:cb:
+         74:91:13:71:e8:33:93:db:e9:81:9c:bc:0b:88:6f:57:15:3b:
+         9b:3d:6e:3e:54:ee:1a:46:45:25:20:a1:dc:3a:a2:6e:c8:b2:
+         a2:4a:00:3a:67:89:61:c8:4a:32:ec:6c:39:a3:9b:65:3a:65:
+         f4:93:23:ba:59:0c:59:10:7f:e3:3f:61:b1:8d:31:8e:44:3c:
+         36:38:46:df:f9:4c:c4:69:5a:b6:3e:65:94:27:d1:38:90:d3:
+         7b:a1:e3:0d:f7:1f:6d:41:85:77:f1:15:bb:92:46:44:50:58:
+         21:97:40:65
+-----BEGIN CERTIFICATE-----
+MIIFUDCCBDigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1j
+YTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwHhcNMTcwMzIyMDIyMjE2WhcNMzcwMzIyMDIyMjE2WjCBpzELMAkGA1UE
+BhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQK
+EwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFjAUBgNVBAMTDUIz
+LVZQTi1zZXJ2ZXIxDzANBgNVBCkTBlZQTiBCMzEhMB8GCSqGSIb3DQEJARYSY2t1
+YnUtYWRtQG9vcGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+zJfK5NUQQzuNHqM3AQEdCbGYzPKG+MXpphE0kyIKfuyaCDQdstPbSYuF96dEYwYy
+dtyT/4A0eoyhprQL0y8yb1K/NxlNA28w82/CzSgs10q/7JA1ftaTJu22JKwPx+cE
+YMTtAc9UFKGbZmsXgr7/HjAuBTqgdWDWjq84cNtfcnk/YECCK5cmgoqK9bsXnXUB
+4H1tTJwVfs37XgH1c3Epc0OrbbYIHJcn0FxXjn/4tGKV4Kh5vOhmcbeOVnxlSbHK
+nB0NEoyu+5XCRntejNtje/5I+nt6xtOAhInd/4FZ9sZRlnohWMhdVwbKm+LQPE5P
++h576QrM1oWxZxgyheBFUwIDAQABo4IBhzCCAYMwCQYDVR0TBAIwADARBglghkgB
+hvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBT
+ZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPtOILx2RVEf9LQojJ+ybEUBiBLn
+MIHYBgNVHSMEgdAwgc2AFB8uXrBADZKnCYPaJWwZIJ7JYM0hoYGppIGmMIGjMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAGA1UE
+AxMJVlBOLUIzLWNhMQ8wDQYDVQQpEwZWUE4gQjMxITAfBgkqhkiG9w0BCQEWEmNr
+dWJ1LWFkbUBvb3Blbi5kZYIJAOWbjDrr526ZMBMGA1UdJQQMMAoGCCsGAQUFBwMB
+MAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcNAQELBQAD
+ggEBAKsssKim33Wnm8T1AMSlBkoW0Bd9YTX1lz5rFKcyMWv4aD9FE8tyIPtr/8u5
+smA+67VtXxBKOc0evOyNyw23QOfXLbrD4/TsJDSd4A3T1zBq4e1QGvJHUVddb1zL
+EdPE8er0Ce7CWjySQVQBXxoz+/GO+QqPj3T4mzmN7xAGP7E94oAMT3b+2MIE11jX
+TSyly3SRE3HoM5Pb6YGcvAuIb1cVO5s9bj5U7hpGRSUgodw6om7IsqJKADpniWHI
+SjLsbDmjm2U6ZfSTI7pZDFkQf+M/YbGNMY5EPDY4Rt/5TMRpWrY+ZZQn0TiQ03uh
+4w33H21BhXfxFbuSRkRQWCGXQGU=
+-----END CERTIFICATE-----
diff --git a/B3-Bornim/openvpn/keys/server.csr b/B3-Bornim/openvpn/keys/server.csr
new file mode 100644
index 0000000..bed79ff
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/server.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC7TCCAdUCAQAwgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRYwFAYDVQQDEw1CMy1WUE4tc2VydmVyMQ8wDQYDVQQpEwZWUE4g
+QjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMyXyuTVEEM7jR6jNwEBHQmxmMzyhvjF6aYR
+NJMiCn7smgg0HbLT20mLhfenRGMGMnbck/+ANHqMoaa0C9MvMm9SvzcZTQNvMPNv
+ws0oLNdKv+yQNX7WkybttiSsD8fnBGDE7QHPVBShm2ZrF4K+/x4wLgU6oHVg1o6v
+OHDbX3J5P2BAgiuXJoKKivW7F511AeB9bUycFX7N+14B9XNxKXNDq222CByXJ9Bc
+V45/+LRileCoebzoZnG3jlZ8ZUmxypwdDRKMrvuVwkZ7XozbY3v+SPp7esbTgISJ
+3f+BWfbGUZZ6IVjIXVcGypvi0DxOT/oee+kKzNaFsWcYMoXgRVMCAwEAAaAAMA0G
+CSqGSIb3DQEBCwUAA4IBAQAsXng2aH7hNLQYCM9ndA3qQXle+ax7L+wfuFKzuMWL
+FZkor+QqfT4Vh1UQ6A/k6RKOXj5CHyg8IjeshSr7e4mF6K02xeNTzcd4AObQdFBU
+RjcoQ3yaYt4X860wX6ylD0U42oKm8vCdGER++u7DXSAI7E460UGPWjazJmuKtfA6
+CTZTtgxijb0av/0BIMKGI9GI4ES7eTIs3Jp3r5jabnfiu1+6bdQREpAermq078ea
+KcKcD2UqSCJhdPjf1792AfApHJHDHyQTOSzKOegMU/y6A/sjWeSr0uRepsbco7JK
+xTr+rpG2vpFU/jIyGQIa0gj5Y3SReazbu7zzmTpBjxCv
+-----END CERTIFICATE REQUEST-----
diff --git a/B3-Bornim/openvpn/keys/server.key b/B3-Bornim/openvpn/keys/server.key
new file mode 100644
index 0000000..403646c
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDMl8rk1RBDO40e
+ozcBAR0JsZjM8ob4xemmETSTIgp+7JoINB2y09tJi4X3p0RjBjJ23JP/gDR6jKGm
+tAvTLzJvUr83GU0DbzDzb8LNKCzXSr/skDV+1pMm7bYkrA/H5wRgxO0Bz1QUoZtm
+axeCvv8eMC4FOqB1YNaOrzhw219yeT9gQIIrlyaCior1uxeddQHgfW1MnBV+zfte
+AfVzcSlzQ6tttggclyfQXFeOf/i0YpXgqHm86GZxt45WfGVJscqcHQ0SjK77lcJG
+e16M22N7/kj6e3rG04CEid3/gVn2xlGWeiFYyF1XBsqb4tA8Tk/6HnvpCszWhbFn
+GDKF4EVTAgMBAAECggEBALBDPkvzvDUQQz5YA3VcDjZhyXEYqWv+ppOqUw9Hzp8X
+HIVg0Q1WNKCiEeMROnvNxQBefSssuwmxyzsh9uYUzXDXa2H+7Di/PP8eFEhIConZ
+HoyimVQTbWemeLwTeO0SfNUaE87xXlEAAjA0p2a/QnAxthRPNBqsOW1oTEn+1bZ6
+b23XKY9tGtDz/yoD/OsFMTIx9GKB+ZzvCvwSEKZTJf4bi7YIGiiGhuSZXWIWoEZo
+lsp8S1vQcjoB0Ab221tO6wlrOY8twA5KrWMW6HaXEF3MkPghsOtavbdW2bYsVdvf
+P+y2817NMVfaUjTmGSkambwxnspAensj5okpzYnm9+ECgYEA+X3EWjxKGBwknPTs
+kfgRyR3hdRISlQM2S6IWlCNuyalseK7tQLtRetMzqOrlRv4JS9EVfI18+cE11a0C
+na0R8UShhmgFEuyoMeckcM24qzXYZK7WbaB1qvx+TxPXBwGNk8AsepkM0J/ucOMQ
+JnOiJ1YiXjlzXZuG9A0MDSnUdFsCgYEA0e4rx5Dj+9QQPHNk9zykX+jjqwVu2bCq
+MdittIBC4f/4SdD3cS9zAB6gvkG5R3BuI+8UFRjgmgcURRYUZcRQYlcZuQTnrhE4
+CD51HkWikNxBl1dEWE9mpwe2KzZ3qSYTQ6U2ylnp/tvptEUarBvhyIr6Y3li1iU6
+47RrBY8rZGkCgYEAvyDH8VDKelnk+pDvQovGJEpN07+6mIlTaPGNVoMmdjrirDll
+6/cUXoG5y6fXaWFngbt1OGuz2ClZso3NuTlCy5AGJc8+Q9ckqsYmNnyDAjZHxini
+fy0zt3+iy7WpPubDrPLFoE3rcU9z/OsWDj77dCMaRRDB/m4NHp14JAVtio0CgYEA
+qNlQDSvUs3BVvslxpAn6i8ndlGjCSAV4Xq9Qx6WCJhSjt3uECl2HucjosR5bz8H2
+VKCvHmjr/fdDrm2b6l6D6RT1c4MmdTMURk02FiscHjeJ6hgeuIjkn+Pr+cXNaRde
+10HDV+4J7xsiVgRe959Vct+VlPzFKki3nP44Njh5RkECgYAAzg39DZJ4dgMz5rrH
+cjXjXRrwi6a4x0k6MupvnnixEK0oHsAWfxn3b3/xKG7SIOGK5EY0+PWNPU/hDDuG
+TgmWw8g0iwT7Gh1wJDPjPxOmz8TqbuZgUPTNVAddEcsdvxOzMl5ZZZq1wzMWVEKE
+xTc2WYN6nM7o/IQeJjHnZwfDtw==
+-----END PRIVATE KEY-----
diff --git a/B3-Bornim/openvpn/keys/susi.crt b/B3-Bornim/openvpn/keys/susi.crt
new file mode 100644
index 0000000..cd060e4
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/susi.crt
@@ -0,0 +1,97 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 22 02:27:47 2017 GMT
+            Not After : Mar 22 02:27:47 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=B3-VPN-susi/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b5:8e:d4:bd:3e:87:19:e5:f6:39:0a:48:5d:91:
+                    75:a4:cd:b7:ad:0e:cd:20:2f:c9:6c:b0:ba:49:28:
+                    e0:21:de:be:89:76:94:b9:5c:94:00:28:8d:74:15:
+                    8e:55:78:84:2f:95:46:59:f4:1d:52:12:2b:f6:b6:
+                    28:6a:c2:31:e1:3f:9c:25:e9:89:9c:80:eb:1e:50:
+                    42:7d:0d:01:bd:7f:d3:f1:33:21:20:1a:8f:1a:35:
+                    e1:bd:a7:d2:2d:c0:82:38:12:ae:6d:05:a1:64:f2:
+                    ce:29:9c:3e:f2:06:57:bd:7d:e7:f7:a1:a9:4e:6c:
+                    ae:4d:ec:20:78:88:4c:9a:ae:4d:26:9c:79:08:dc:
+                    27:79:86:ec:ca:fa:9f:ec:9c:c3:16:10:27:63:5a:
+                    c6:8b:e2:f3:21:e1:d1:00:16:db:a2:06:8a:c3:33:
+                    1b:08:52:df:46:1d:94:4d:04:7f:e0:d6:d4:71:72:
+                    7a:71:eb:5a:5e:e5:a1:cd:85:08:b7:9a:42:a9:0f:
+                    b3:3f:ae:b2:bf:a5:e3:87:18:9c:85:e3:c8:f8:41:
+                    c6:61:94:19:6c:6b:23:61:ca:9d:6b:84:c9:68:00:
+                    09:5e:a1:10:8c:db:37:75:17:f0:9d:78:09:8a:ad:
+                    89:3f:77:8f:74:41:72:83:31:14:c6:60:ea:cd:65:
+                    f5:b3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                73:B2:AC:2A:36:FA:71:6E:E3:A6:61:37:63:BF:41:8B:6F:6F:FF:6C
+            X509v3 Authority Key Identifier: 
+                keyid:1F:2E:5E:B0:40:0D:92:A7:09:83:DA:25:6C:19:20:9E:C9:60:CD:21
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+                serial:E5:9B:8C:3A:EB:E7:6E:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:susi
+    Signature Algorithm: sha256WithRSAEncryption
+         7d:b8:7d:f0:07:06:3c:f3:66:eb:e4:8b:dc:f4:23:24:9a:ee:
+         19:6d:20:bc:e3:50:80:2e:56:6d:21:ee:d5:8a:6c:d1:17:56:
+         29:79:c5:c0:97:ff:cb:c1:2e:85:c1:c8:28:ff:77:8d:eb:62:
+         08:2a:37:ed:89:f1:7f:04:81:90:db:4a:5b:69:c6:22:75:36:
+         07:78:1a:af:94:db:d6:3c:3a:74:c1:53:47:80:8e:f7:90:3f:
+         e8:55:79:8d:b4:e8:ab:24:08:a4:37:1d:b2:7a:a6:56:21:d3:
+         63:3c:fc:58:cd:d3:f4:4d:7a:fc:7a:3f:6f:77:d9:2a:01:50:
+         a0:6a:6d:b8:68:bc:d7:60:ee:8c:57:ae:72:26:b6:c8:66:f2:
+         b7:19:d4:29:bf:df:ea:47:1c:53:b1:22:98:e1:eb:26:85:fe:
+         52:47:a8:2c:f7:5f:d1:4d:01:34:8d:8c:94:78:76:9c:98:94:
+         51:4f:1e:bf:ac:87:74:ce:76:de:76:97:a4:67:28:32:16:eb:
+         c9:cc:e8:cf:d1:f2:dc:57:b6:af:c8:7a:df:c5:82:8d:20:af:
+         e2:83:fe:7e:17:4a:36:7f:e3:7a:bb:76:4e:81:ca:f7:43:c7:
+         5a:6c:28:50:5d:57:5b:e0:c3:ba:f4:3b:5c:1a:4b:ae:35:3a:
+         8e:1d:09:c7
+-----BEGIN CERTIFICATE-----
+MIIFMjCCBBqgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1j
+YTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwHhcNMTcwMzIyMDIyNzQ3WhcNMzcwMzIyMDIyNzQ3WjCBpTELMAkGA1UE
+BhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQK
+EwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxFDASBgNVBAMTC0Iz
+LVZQTi1zdXNpMQ8wDQYDVQQpEwZWUE4gQjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1
+LWFkbUBvb3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWO
+1L0+hxnl9jkKSF2RdaTNt60OzSAvyWywukko4CHevol2lLlclAAojXQVjlV4hC+V
+Rln0HVISK/a2KGrCMeE/nCXpiZyA6x5QQn0NAb1/0/EzISAajxo14b2n0i3AgjgS
+rm0FoWTyzimcPvIGV7195/ehqU5srk3sIHiITJquTSaceQjcJ3mG7Mr6n+ycwxYQ
+J2Naxovi8yHh0QAW26IGisMzGwhS30YdlE0Ef+DW1HFyenHrWl7loc2FCLeaQqkP
+sz+usr+l44cYnIXjyPhBxmGUGWxrI2HKnWuEyWgACV6hEIzbN3UX8J14CYqtiT93
+j3RBcoMxFMZg6s1l9bMCAwEAAaOCAWswggFnMAkGA1UdEwQCMAAwLQYJYIZIAYb4
+QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
+c7KsKjb6cW7jpmE3Y79Bi29v/2wwgdgGA1UdIwSB0DCBzYAUHy5esEANkqcJg9ol
+bBkgnslgzSGhgamkgaYwgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMRIwEAYDVQQDEwlWUE4tQjMtY2ExDzANBgNVBCkTBlZQTiBC
+MzEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA5ZuMOuvnbpkw
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQIMAaCBHN1
+c2kwDQYJKoZIhvcNAQELBQADggEBAH24ffAHBjzzZuvki9z0IySa7hltILzjUIAu
+Vm0h7tWKbNEXVil5xcCX/8vBLoXByCj/d43rYggqN+2J8X8EgZDbSltpxiJ1Ngd4
+Gq+U29Y8OnTBU0eAjveQP+hVeY206KskCKQ3HbJ6plYh02M8/FjN0/RNevx6P293
+2SoBUKBqbbhovNdg7oxXrnImtshm8rcZ1Cm/3+pHHFOxIpjh6yaF/lJHqCz3X9FN
+ATSNjJR4dpyYlFFPHr+sh3TOdt52l6RnKDIW68nM6M/R8txXtq/Iet/Fgo0gr+KD
+/n4XSjZ/43q7dk6ByvdDx1psKFBdV1vgw7r0O1waS641Oo4dCcc=
+-----END CERTIFICATE-----
diff --git a/B3-Bornim/openvpn/keys/susi.csr b/B3-Bornim/openvpn/keys/susi.csr
new file mode 100644
index 0000000..52a60d7
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/susi.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC6zCCAdMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRQwEgYDVQQDEwtCMy1WUE4tc3VzaTEPMA0GA1UEKRMGVlBOIEIz
+MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC1jtS9PocZ5fY5CkhdkXWkzbetDs0gL8lssLpJ
+KOAh3r6JdpS5XJQAKI10FY5VeIQvlUZZ9B1SEiv2tihqwjHhP5wl6YmcgOseUEJ9
+DQG9f9PxMyEgGo8aNeG9p9ItwII4Eq5tBaFk8s4pnD7yBle9fef3oalObK5N7CB4
+iEyark0mnHkI3Cd5huzK+p/snMMWECdjWsaL4vMh4dEAFtuiBorDMxsIUt9GHZRN
+BH/g1tRxcnpx61pe5aHNhQi3mkKpD7M/rrK/peOHGJyF48j4QcZhlBlsayNhyp1r
+hMloAAleoRCM2zd1F/CdeAmKrYk/d490QXKDMRTGYOrNZfWzAgMBAAGgADANBgkq
+hkiG9w0BAQsFAAOCAQEAiEdqX/KvGfMn0H0DQTAiAtlXSYpsVrqjoQCOlAJzbPp8
+33CE5Oav0IkSBk110S2suGmqUcuv9MwHTc0Cg6aycZ5iewSx5y66LJaOxRCITch3
+g5pZ/9X4/z9sksHJTU0yBpd4Lhl2QChos5DlrNGIFrLQvCSYKmPTMdXGdaXj0pNK
+GPmhOCMl/JKWzWUe6AJBMzy/gZeU0XHKaqY81cicMAsOuTsQGFmPowUDwmXDXGbr
+pKJ6IZCyADyepKuSx8vvOjRt6qWG7kXsFdkTFezfbINTg9XxF5t6+Fcld2+um1Ec
+oaaH7PPBL1q6lwftlMtLl0IGi2MJ2QsmurEZL6h+Lg==
+-----END CERTIFICATE REQUEST-----
diff --git a/B3-Bornim/openvpn/keys/susi.key b/B3-Bornim/openvpn/keys/susi.key
new file mode 100644
index 0000000..dfdcc57
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/susi.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIvLuCV2JXLNwCAggA
+MBQGCCqGSIb3DQMHBAj6gUOznP9CAASCBMjTE7EiK8Rt2iUygJpZs5OaUoKl6t6b
+edpoyqrkUT3pUu/QkqDy81xbYy1b8qn9xBega3GbIgy44RctfdxOAkppjtUc/oCl
+AqZuOpljinW6C6wWvwz/9hJuVeDMVQ8S8mi4JbbUZaWGYY48isoU4GeZ6cSXw4qy
+NUEfZOcjbnwOkP2CCLzkabSODRFHNq1SQXmSypwajD431C1/7U+cjNSAxuIK9HBs
+KU509czI/b70Ap/d4k81DMKUT2SVxlhf+2l5GcBkVoOMoB9q/tpVS/iS4cWwBxHt
+wzkR0ONxMJQqfJ9laiZfVIBugGLlFiXr+LxT4k0814ZXtOraVnuxS9vsR1XSoUwl
+wwo8fpn67Lr2BWvJP0MxPUujNrtCIJloTwv991tUtsN81f/+zC2ziSo1w/a+WWE8
+DNJszD6fTQtj8V/LSiXujabb4sRZ1vArB0lYS02oi3ycNSZ5OxXFqSgevS/3qXNR
+zSoQvO26buTgpL4cdNMLmUs2u5bsS+hl9ZbFY3hMXJui0SG+TymdTd/uCEGvQZpg
+ZJwfgqVwjYP66XnAvcBfxSzr8hBHVlEvgz71O/1JxncxkYWN1Ve8ZFLSy8MO1cjz
+LubT9Ibn9eNm2fr1BF+c61DVZMWZNEvWfYy/HuUhBQ3rIJWb1/IVAFAKHKQGyudU
+mp/+risaqPnd2kuh4b5bJrIvwNlQSwyiPWpmi+P4lMjvwGJrnYeMpzTpG2L9+Hh6
++Omk2LBcutJJSZscbWmti3TjclPUNgFCS9jkuFo5Cyn/3nxmXi1ULkceU5FuB/pR
+wrLszwXOA7SmoMmiXjzBgbnxUq4JOjQwYSKUiPTRNiwuQGMMUxjoHsVCWK9Zyrf5
+a+NO0Sx9VyeL6SSMgIFz1s1l/UiE55zihl6WPhvGTUZVN3hUg96Ws/Q7TQTApyih
+RZqQ7WiHFYV885XdInX+D0ZT+2OdhPlgqC1V6wyXiRb44SxO3AgWhmdIxLzYxZQE
+0ZT1+A30N4OayGOv3O6l2r6AoU27+OudOJviBNAjuToYqVyqeY9OyC6MnWZ0J6xa
+nztSPxLONd8wqefhPMTd1TxHiqEi8/OZ/hIpOffUdDeNd+Fjl0pPSIvW4NkqVz4z
+d0huBaIKQnUsZJ4PVT78Ok2fIU93hpS2Xf0lvrsWHVb4UFm4tq8O18bJO4dGK0qs
+KPH8+cLdkALJmb2ZUwYN6YK8dM0WscddEhF9aXLnc0AjpCM/UjkXkyRnzC6iVgy8
+7cBxq0fLOZodi4yvSbwaxQhu0JVNHM44RiNQxk141cvxipzadqGjHztooaG8d2Vz
+aJvORV85GCQdp9W0rHS9CrMsE3B+IVFCIvXiWmgoyMwSSAgcOR0nio1993QJWrOM
+UAsWZV7S6mXydMJV0bfyN5Tu7bztyQdH/YQW4xuPmeFWos8/XCfHL2jcKDgWSWeI
+1tGOmiWFNYuV0TIbiYnLtV6rVrfz4iS1QLeqE04tQ9ddgbVmq5GMZvEpYOnvz3NY
+i50xqTa/3oxKv9fgo2bpwR9HPzRUvV83N5z48REApJJDaF6R0uQozMAEzGV3vpaj
+J05yT+2+jj3NIzNnwmViZ6i2+MC+pBHKR1zMuvxY9x4QYvxxdJyxiD8oGGXpPfcx
+Vvw=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/B3-Bornim/openvpn/keys/ta.key b/B3-Bornim/openvpn/keys/ta.key
new file mode 100644
index 0000000..5b229dc
--- /dev/null
+++ b/B3-Bornim/openvpn/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+21da7cfaf8c240eaa9597be6998e7c8c
+7d58443834682a57b9af84412d7106cc
+089a4030a6380ab83988694fab469c88
+bbc1bb60d1164ad108cd4564fbed5891
+024dd88abcd93e02d5b28de7e84296b4
+cbd182474cf02852d319c864e614aa4f
+3b2747bc8b617dc897e279dc34f262de
+47f8cf2b7f3c99322710881dc7d48bb3
+224ca59ec3cfec94a392f7c30bcb08aa
+3796c4eb3c1faf682a313b146cae545a
+a052f3bdc66caf301aee6c862c10361a
+106747075f4a82742f29a230bdae4df8
+6ace60b7d8e702b792fede84f619f009
+ba6c953baf22ade495cb4da8b2702650
+1954246931a08e7e508f8535a65e5f36
+587bf48f2e80fdbe53d1ed8a797cd5aa
+-----END OpenVPN Static key V1-----
diff --git a/B3-Bornim/openvpn/server-gw-ckubu.conf b/B3-Bornim/openvpn/server-gw-ckubu.conf
new file mode 100644
index 0000000..86b1111
--- /dev/null
+++ b/B3-Bornim/openvpn/server-gw-ckubu.conf
@@ -0,0 +1,316 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\Program Files\OpenVPN\config\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1195
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+
+topology subnet
+route 192.168.63.0 255.255.255.0 10.1.42.1
+route 192.168.64.0 255.255.255.0 10.1.42.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca keys/ca.crt
+cert keys/server.crt
+key keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh keys/dh2048.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.1.42.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.42.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+
+client-config-dir /etc/openvpn/ccd/server-gw-ckubu
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+
+# - Do NOT push DNS settings in THIS configuration. We use
+# - this VPN tunnel as a static line, and the remote host
+# - should user his own dns settings.
+# -
+;push "dhcp-option DNS 192.168.42.1"
+;push "dhcp-option DOMAIN b3-bornim.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+status /var/log/openvpn/status-server-gw-ckubu.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+log         /var/log/openvpn/server-gw-ckubu.log
+;log-append  openvpn.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+crl-verify /etc/openvpn/keys/crl.pem
diff --git a/B3-Bornim/openvpn/server-home.conf b/B3-Bornim/openvpn/server-home.conf
new file mode 100644
index 0000000..614476c
--- /dev/null
+++ b/B3-Bornim/openvpn/server-home.conf
@@ -0,0 +1,312 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\Program Files\OpenVPN\config\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+
+topology subnet
+#route 192.168.63.0 255.255.255.0 10.1.72.1
+#route 192.168.64.0 255.255.255.0 10.1.72.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca keys/ca.crt
+cert keys/server.crt
+key keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh keys/dh2048.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.0.42.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.42.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+
+client-config-dir /etc/openvpn/ccd/server-home
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.42.1"
+push "dhcp-option DOMAIN b3-bornim.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+status /var/log/openvpn/status-server-home.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+log         /var/log/openvpn/server-home.log
+;log-append  openvpn.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+crl-verify /etc/openvpn/keys/crl.pem
+
diff --git a/B3-Bornim/openvpn/update-resolv-conf b/B3-Bornim/openvpn/update-resolv-conf
new file mode 100755
index 0000000..fc2f031
--- /dev/null
+++ b/B3-Bornim/openvpn/update-resolv-conf
@@ -0,0 +1,58 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+# 
+# Example envs set from openvpn:
+#
+#     foreign_option_1='dhcp-option DNS 193.43.27.132'
+#     foreign_option_2='dhcp-option DNS 193.43.27.133'
+#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+[ -x /sbin/resolvconf ] || exit 0
+[ "$script_type" ] || exit 0
+[ "$dev" ] || exit 0
+
+split_into_parts()
+{
+	part1="$1"
+	part2="$2"
+	part3="$3"
+}
+
+case "$script_type" in
+  up)
+	NMSRVRS=""
+	SRCHS=""
+	for optionvarname in ${!foreign_option_*} ; do
+		option="${!optionvarname}"
+		echo "$option"
+		split_into_parts $option
+		if [ "$part1" = "dhcp-option" ] ; then
+			if [ "$part2" = "DNS" ] ; then
+				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
+			elif [ "$part2" = "DOMAIN" ] ; then
+				SRCHS="${SRCHS:+$SRCHS }$part3"
+			fi
+		fi
+	done
+	R=""
+	[ "$SRCHS" ] && R="search $SRCHS
+"
+	for NS in $NMSRVRS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
+	;;
+  down)
+	/sbin/resolvconf -d "${dev}.openvpn"
+	;;
+esac
+
diff --git a/B3-Bornim/pap-secrets.B3-Bornim b/B3-Bornim/pap-secrets.B3-Bornim
new file mode 100644
index 0000000..2e9f77b
--- /dev/null
+++ b/B3-Bornim/pap-secrets.B3-Bornim
@@ -0,0 +1,43 @@
+#
+# /etc/ppp/pap-secrets
+#
+# This is a pap-secrets file to be used with the AUTO_PPP function of
+# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
+# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
+# after a user has passed this file. Don't be disturbed therefore by the fact
+# that this file defines logins with any password for users. /etc/passwd
+# (again, /etc/shadow, too) will catch passwd mismatches.
+#
+# This file should block ALL users that should not be able to do AUTO_PPP.
+# AUTO_PPP bypasses the usual login program so it's necessary to list all
+# system userids with regular passwords here.
+#
+# ATTENTION: The definitions here can allow users to login without a
+# password if you don't use the login option of pppd! The mgetty Debian
+# package already provides this option; make sure you don't change that.
+
+# INBOUND connections
+
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+*	hostname	""	*
+
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd!
+guest	hostname	"*"	-
+master	hostname	"*"	-
+root	hostname	"*"	-
+support	hostname	"*"	-
+stats	hostname	"*"	-
+
+# OUTBOUND connections
+
+# Here you should add your userid password to connect to your providers via
+# PAP. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+
+#	*	password
+
+"t-online-com/8TB0LIXKXV82@t-online-com.de" * "38460707"
diff --git a/B3-Bornim/peers/dsl-b3 b/B3-Bornim/peers/dsl-b3
new file mode 100644
index 0000000..c9d722f
--- /dev/null
+++ b/B3-Bornim/peers/dsl-b3
@@ -0,0 +1,17 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+ifname ppp-b3
+plugin rp-pppoe.so eth2
+user "t-online-com/8TB0LIXKXV82@t-online-com.de"
diff --git a/B3-Bornim/peers/provider b/B3-Bornim/peers/provider
new file mode 100644
index 0000000..e74d71a
--- /dev/null
+++ b/B3-Bornim/peers/provider
@@ -0,0 +1,35 @@
+# example configuration for a dialup connection authenticated with PAP or CHAP
+#
+# This is the default configuration used by pon(1) and poff(1).
+# See the manual page pppd(8) for information on all the options.
+
+# MUST CHANGE: replace myusername@realm with the PPP login name given to
+# your by your provider.
+# There should be a matching entry with the password in /etc/ppp/pap-secrets
+# and/or /etc/ppp/chap-secrets.
+user "myusername@realm"
+
+# MUST CHANGE: replace ******** with the phone number of your provider.
+# The /etc/chatscripts/pap chat script may be modified to change the
+# modem initialization string.
+connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
+
+# Serial device to which the modem is connected.
+/dev/modem
+
+# Speed of the serial line.
+115200
+
+# Assumes that your IP address is allocated dynamically by the ISP.
+noipdefault
+# Try to get the name server addresses from the ISP.
+usepeerdns
+# Use this connection as the default route.
+defaultroute
+
+# Makes pppd "dial again" when the connection is lost.
+persist
+
+# Do not ask the remote to authenticate.
+noauth
+
diff --git a/B3-Bornim/rc.local.B3-Bornim b/B3-Bornim/rc.local.B3-Bornim
new file mode 100755
index 0000000..f4ed2f1
--- /dev/null
+++ b/B3-Bornim/rc.local.B3-Bornim
@@ -0,0 +1,21 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+# By default this script does nothing.
+
+if ! cat /proc/swaps | grep -q "/dev/sda1" ; then
+   swapon -p 1 /dev/sda1 > /dev/null 2>&1 || /bin/true
+fi
+if ! cat /proc/swaps | grep -q "/dev/sdb1" ; then
+   swapon -p 1 /dev/sdb1 > /dev/null 2>&1 || /bin/true
+fi
+
+exit 0
diff --git a/B3-Bornim/resolv.conf.B3-Bornim b/B3-Bornim/resolv.conf.B3-Bornim
new file mode 100644
index 0000000..8b3c040
--- /dev/null
+++ b/B3-Bornim/resolv.conf.B3-Bornim
@@ -0,0 +1,3 @@
+domain b3-bornim.netz
+search b3-bornim.netz
+nameserver 127.0.0.1
diff --git a/B3-Bornim/sasl_passwd.B3-Bornim b/B3-Bornim/sasl_passwd.B3-Bornim
new file mode 100644
index 0000000..e0b50a5
--- /dev/null
+++ b/B3-Bornim/sasl_passwd.B3-Bornim
@@ -0,0 +1 @@
+[b.mx.oopen.de] b3@b.mx.oopen.de:hkjRCwhfGtD7
diff --git a/B3-Bornim/sasl_passwd.db.B3-Bornim b/B3-Bornim/sasl_passwd.db.B3-Bornim
new file mode 100644
index 0000000..bc58f3a
Binary files /dev/null and b/B3-Bornim/sasl_passwd.db.B3-Bornim differ
diff --git a/B3-Bornim/sbin/check_net.sh b/B3-Bornim/sbin/check_net.sh
new file mode 100755
index 0000000..e1607fa
--- /dev/null
+++ b/B3-Bornim/sbin/check_net.sh
@@ -0,0 +1,623 @@
+#!/usr/bin/env bash
+
+## -------------------------------------------------------------------
+## --- All Configurations ill be done in /etc/check_net/check_net.conf
+## -------------------------------------------------------------------
+
+## - Load Configuration
+## -
+source /etc/check_net/check_net.conf
+
+
+## ------------------
+## --- Some functions
+## ------------------
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+fatal(){
+   echo ""
+   echo -e "[ \033[31m\033[1mError\033[m ]: $*"
+   echo ""
+   echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m"
+   echo ""
+
+   echo "" >> $log_file
+   echo "[ Error ]: $*" >> $log_file
+   echo "" >> $log_file
+   echo "           Script is canceled." >> $log_file
+   echo "" >> $log_file
+
+   exit 1
+}
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+set_ping_addresses () {
+
+   if $DEBUG ; then
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Try to set IP-Address(es) for ping test. This may take some time.." >> $log_file
+   fi
+
+   ping_test_ip=""
+   unset ping_ip_arr 
+   declare -i i=0
+   for _host in $PING_TEST_HOSTS ; do
+      while [ $i -lt 2 ]; do
+         if dig +short $_host > /dev/null 2>&1 ; then
+            ping_test_ip=`dig +short $_host | head -1`
+            if ping -q -c2 $ping_test_ip >/dev/null 2>&1 ; then
+               ping_ip_arr+=("$ping_test_ip")
+               let i++
+               break
+            fi
+         fi
+         break
+      done
+   done
+
+   if [ ${#ping_ip_arr[@]} -lt 1 ]; then
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Setting IP-Address(es) for ping test FAILED!" >> $log_file
+   else
+      if $DEBUG ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] IP-Addresses for ping tests set to ${ping_ip_arr[@]}" >> $log_file 
+      fi
+   fi
+}
+usage() { 
+   echo  
+   [ -n  "$1" ] && echo -e "[ \033[1;31mError\033[m ] : $1\n" 
+ 
+echo -e "   Usage:" 
+echo -e "          \033[1m`basename $0` [OPTIONS] <device1> <device2> ..\033[m" 
+echo "" 
+echo -e "   This script checks the status (online/offline) of the given devices. Afterward another"
+echo "      script called \033[1m`basename $netconfig_script`\033[m will be triggered to configure"
+echo "      the routing depending on the status of the devices."
+echo ""
+echo -e "   It is strongly recommend to put \033[1mall devices, which should have a connection to"
+echo -e "   the internet\033[m, on the command line."
+echo ""
+echo -e "   \033[1mNotice\033[m"
+echo -e "      On static line devices \033[1mappend \":<gateway>\"\033[m. This is very important,"
+echo -e "      otherwise this script will \033[1mNOT work as expected\033[m."
+echo -e "      Example:"
+echo -e "            \033[1m`basename $0` -l \"eth0 ppp-light\" eth0:172.16.0.1 ppp-light\033[m"
+echo ""
+echo -e "   The declaration of the device(s) is mandatory."
+echo ""
+echo -e "   Options:"
+echo ""
+echo -e "      \033[1m-h\033[m"
+echo -e "         Prints this help\033[m"
+echo ""   
+echo -e "      \033[1m-l <list of online devices>\033[m"
+echo -e "         List of all (internet) devices known as online."
+echo ""
+
+exit 1
+}
+
+
+if [[ $EUID -ne 0 ]]; then
+   fatal "This script must be run as root" 1>&2
+fi
+
+if [[ ! -f "$netconfig_script" ]]; then
+   fatal "Netconfig script \"$netconfig_script\" not found!"
+fi
+
+
+## -------------------------------------------------
+## --- If script is  already running, stop execution
+## -------------------------------------------------
+
+LOCK_DIR=/tmp/`basename $0`.LOCK
+if mkdir "$LOCK_DIR" 2> /dev/null ; then
+
+   ## - Remove lockdir when the script finishes, or when it receives a signal
+   trap 'rm -rf "$LOCK_DIR"' 0 2 15
+
+else
+
+   datum=`date +"%d.%m.%Y"`
+   msg="[ Error ]: A previos instance of script \"`basename $0`\" seems already be running.\n\n           Exiting now.."
+   echo -e "To:${admin_email}\n${content_type}\nSubject:DSL Script Error $company -- $datum\n\n${msg}\n" | /usr/sbin/sendmail -F "DSL Monitoring $company" -f $from_address $admin_email 2> /dev/null
+
+   if $LOGGING_CONSOLE ; then
+      echo ""
+      echo "[ Error ]: A previos instance script \"`basename $0`\" seems already be running."
+      echo ""
+      echo "           Exiting now.."
+      echo ""
+   fi
+   exit 1
+
+fi
+
+
+## -------------
+## --- Configure
+## -------------
+
+while getopts l:h opt ; do
+   case $opt in
+      h) usage ;;
+      l) ONLINE_DEVICE_LIST=$OPTARG
+         ;;
+   esac
+done
+
+shift `expr $OPTIND - 1`
+
+INITIAL_DEVICE_LIST="$@"
+if [[ -z "$INITIAL_DEVICE_LIST" ]]; then
+   INITIAL_DEVICE_LIST=$_INITIAL_DEVICE_LIST
+fi
+
+[[ -z "$INITIAL_DEVICE_LIST" ]] && usage "No device list given"
+      
+
+## - Define (non associative) array
+## -
+declare -a inet_devices_arr
+declare -a dsl_devices_arr
+declare -a static_devices_arr
+declare -a online_devices_arr
+declare -A static_gw_arr
+declare -A dsl_gw_available_arr
+
+for _device in $INITIAL_DEVICE_LIST ; do
+   if [[ "$_device" =~ : ]]; then
+      static_gateway="${_device##*:}"
+      _device="${_device%:*}"
+      static_gw_arr[$_device]="$static_gateway"
+
+      static_devices_arr+=("$_device")
+
+   else
+      dsl_devices_arr+=("$_device")
+   fi
+   inet_devices_arr+=("$_device")
+done
+
+for _online_device in $ONLINE_DEVICE_LIST ; do
+   online_devices_arr+=("$_online_device")
+done
+
+## - Define associative array
+## -
+declare -A remote_gw_arr
+declare -A filetime_PID_arr
+for inet_device in "${online_devices_arr[@]}" ; do
+
+   if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+      remote_gw_address=`ifconfig $inet_device 2> /dev/null | grep "inet Adresse"  | cut -d":" -f3 | cut -d" " -f1`
+   else
+      remote_gw_address=${static_gw_arr[$inet_device]}
+   fi
+
+   remote_gw_arr[$inet_device]=$remote_gw_address
+   _pid_file=/var/run/${inet_device}.pid
+   if [ -f $_pid_file ]; then
+      filetime_PID_arr[$inet_device]=`stat -c %Y /var/run/${inet_device}.pid`
+   else
+      filetime_PID_arr[$inet_device]="NOT FOUND"
+   fi
+done
+
+declare -a ping_ip_arr;
+
+
+#echo "--"
+#for _key in "${!filetime_PID_arr[@]}" ; do
+#   echo "filetime_PID_arr[$_key]: ${filetime_PID_arr[$_key]}"
+#done
+#
+#for _key in "${!remote_gw_arr[@]}" ; do
+#   echo "remote_gw_arr[$_key]: ${remote_gw_arr[$_key]}"
+#done
+#
+#for _device in ${online_devices_arr[@]} ; do
+#   echo "$_device is online"
+#done
+#echo "--"
+#exit
+
+echo "" >> $log_file
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## ---" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## --- Starting script `basename $0`" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## ---" >> $log_file
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Devices configured..: ${inet_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Devices Online......: ${online_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] DSL Devices.........: ${dsl_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Static Devices......: ${static_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Remote Gateways.....: ${remote_gw_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## ---" >> $log_file
+
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## --- Initial Setup:" >> $log_file
+
+## - Initial: get ping addresses
+## -
+set_ping_addresses
+echo "" >> $log_file
+
+while true ; do
+
+   changed=false
+
+   for inet_device in "${inet_devices_arr[@]}" ; do
+
+      if $DEBUG ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] ## --- Device $inet_device" >> $log_file
+      fi
+
+      ## - Set interface name, routing tables name and, if available, remote gateway.
+      ## -
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+
+         ## - Is remote a remote gateway for this device knpn?
+         ## -
+         remote_gw_address=`ifconfig $inet_device 2> /dev/null | grep "inet Adresse"  | cut -d":" -f3 | cut -d" " -f1`
+         iface_name="dsl-`echo $inet_device | cut -d '-' -f2`"
+         rt_name="dsl_`echo $inet_device | cut -d '-' -f2`"
+         if [[ -n "$remote_gw_address" ]]; then
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Add $remote_gw_address to array dsl_gw_available_arr for DSL line $inet_device" >> $log_file
+            fi
+            dsl_gw_available_arr[$inet_device]=$remote_gw_address
+         else
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] No remote gateway found for DSL line $inet_device" >> $log_file
+            fi
+            if [[ ${dsl_gw_available_arr[$inet_device]+_} ]]; then
+               if $DEBUG; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Unset dsl_gw_available_arr for DSL line $inet_device" >> $log_file
+               fi
+               unset ${dsl_gw_available_arr[$inet_device]}
+            fi
+         fi
+      else
+         remote_gw_address=${static_gw_arr[$inet_device]}
+         iface_name=$inet_device
+         rt_name="static_`echo $inet_device | cut -d '-' -f1`"
+      fi
+
+      
+      ## ---
+      ## ---  Check if routing through this connection works
+      ## ---
+
+      ## - Notice:
+      ## -    if no remote gateway is known (remote_gw_address is empty), then we don't
+      ## -    need to test here. 
+      ## -
+      device_is_online=false
+      if [[ -n "$remote_gw_address" ]]; then
+
+
+         ## - Check if routing through this dsl connection realy works
+         ## -
+         if [ ${#ping_ip_arr[@]} -lt 1 ]; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] No ip-address for ping-test is set. Skipping test.." >> $log_file
+         else
+            failed=true
+            for _key in ${!ping_ip_arr[@]} ; do
+               /sbin/ip rule add to ${ping_ip_arr[$_key]} table $rt_name
+               if ping -q -c2 ${ping_ip_arr[$_key]} >/dev/null 2>&1 ; then
+                  if $DEBUG ; then
+                     _local_gw=`curl -4 https://meine-ip.oopen.de 2> /dev/null` 
+                     if [ -n "$_local_gw" ]; then
+                        echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Using local gateway \"$_local_gw\" for ping test" >> $log_file
+                     fi
+                     echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Ping test (to ${ping_ip_arr[$_key]}) for device \"${inet_device}\" was successful." >> $log_file
+                  fi
+                  /sbin/ip rule del to ${ping_ip_arr[$_key]} table $rt_name
+                  failed=false
+                  device_is_online=true
+                  break
+               fi
+               /sbin/ip rule del to ${ping_ip_arr[$_key]} table $rt_name
+            done
+            if $failed ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Ping test for device \"${inet_device}\" failed" >> $log_file
+               #echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Status Devices \"$inet_device\" changed" >> $log_file
+               #echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Devices \"$inet_device\" is now OFFLINE" >> $log_file
+
+               ## - Remote gateway is not reachable. So empty variable "remote_gw_address"
+               #remote_gw_address=
+
+            fi # End: if $failed
+            
+         fi # End: if [ ${#ping_ip_arr[@]} -lt 1 ]; then
+
+      fi # End: if [[ -n "$remote_gw_address" ]]
+
+
+      ## ---
+      ## --- Now check, if something has changed
+      ## ---
+
+      if $device_is_online; then
+
+         if containsElement "$inet_device" ${online_devices_arr[@]} ; then
+
+            ## - <before>  <now>
+            ## -
+            ## -  online    online
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $inet_device is still online" >> $log_file
+            fi
+
+            ## - Check if remote gateway has changed
+            ## -
+            if [ "$remote_gw_address" != "${remote_gw_arr[$inet_device]}" ]; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ WARN  ] Remote Gateway on device \"$inet_device\" has changed: ${remote_gw_arr[$inet_device]} --> $remote_gw_address" >> $log_file
+               remote_gw_arr[$inet_device]=$remote_gw_address
+
+               _pid_file=/var/run/${inet_device}.pid
+               if [ -f $_pid_file ]; then
+                  filetime_PID_arr[$inet_device]=`stat -c %Y $_pid_file`
+               fi
+               changed=true
+            else
+               if $DEBUG ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Remote Gateway on device \"$inet_device\": still ${remote_gw_arr[$inet_device]}" >> $log_file
+               fi
+
+               ## - Test if pid-file's modify time hs changed
+               ## -
+               ## - Notice: that happens if your provider forces a reconnect (mostly one time a day
+               ## -         or in other words after 1440 minutes)
+               ## -
+               _pid_file=/var/run/${inet_device}.pid
+               if [ -f $_pid_file ]; then
+                  if [ "`stat -c %Y $_pid_file`" != "${filetime_PID_arr[$inet_device]}" ]; then
+                     echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Modify time for pid-file \"${inet_device}.pid\" has changed" >> $log_file
+                     filetime_PID_arr[$inet_device]=`stat -c %Y $_pid_file`
+                     changed=true
+                  fi
+               fi
+
+            fi
+
+         else
+            ## - <before>  <now>
+            ## -
+            ## -  offline   online
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Status Devices \"$inet_device\" changed" >> $log_file
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Devices \"$inet_device\" is now online" >> $log_file
+
+            ## - Add device to array online_devices_arr
+            ## -            
+            online_devices_arr+=("$inet_device")
+            ## - Add device to array remote_gw_arr
+            ## -
+            remote_gw_arr[$inet_device]=$remote_gw_address
+
+            _pid=/var/run/${inet_device}.pid
+            if [ -f "$_pid" ]; then
+               filetime_PID_arr[$inet_device]=`stat -c %Y /var/run/${inet_device}.pid`
+            fi
+            changed=true
+         fi # END: if containsElement "$inet_device" ${online_devices_arr[@]}
+
+      else # ELSE: if $device_is_online; then
+
+         if containsElement "$inet_device" ${online_devices_arr[@]} ; then
+
+            ## - <before>  <now>
+            ## -
+            ## -  online    offline
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Status Devices \"$inet_device\" changed" >> $log_file
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Devices \"$inet_device\" is now OFFLINE" >> $log_file
+
+            ## - In case of DSL Device, have a look at the ppp deamon
+            ## -
+            if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+               if ps -x | grep -E "/usr/sbin/pppd\s+call\s+$iface_name" > /dev/null 2>&1 ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] pppd for \"$iface_name\" is running: Waiting another period"  >> $log_file
+               else
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Trying to start pppd for \"$inet_device\".." >> $log_file
+                  /usr/sbin/pppd call $iface_name > /dev/null 2>&1
+               fi
+            fi
+
+            ## - Remove device from array online_devices_arr
+            ## - 
+            for _index in ${!online_devices_arr[@]} ; do
+               if [ "${online_devices_arr[$_index]}" = "$inet_device" ]; then
+                  unset online_devices_arr[$_index]
+                  break
+               fi
+            done
+            ## - Also remove device from remote_gw_arr
+            ## -
+            unset remote_gw_arr[$inet_device]
+
+            ## - In case of DSL Device, kill the concerning the ppp deamon
+            ## -
+            if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+               _pid=`ps -ax | grep -e "pppd call $iface_name" | grep -v grep | awk '{print$1}'`
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Kill ppp-daemon for $iface_name (pid $_pid)" >> $log_file
+
+               kill -9 $_pid
+            fi
+
+            changed=true
+         else
+            ## - <before>  <now>
+            ## -
+            ## -  offline   offline
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $inet_device is still offline" >> $log_file
+            fi
+
+            ## - In case of DSL Device, have a look at the ppp deamon
+            ## -
+            if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+               if ps -x | grep -E "/usr/sbin/pppd\s+call\s+$iface_name" > /dev/null 2>&1 ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] pppd for \"$iface_name\" is running: Waiting another period"  >> $log_file
+               else
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Trying to start pppd for \"$inet_device\".." >> $log_file
+                  /usr/sbin/pppd call $iface_name > /dev/null 2>&1
+               fi
+            fi
+
+         fi # END: if containsElement "$inet_device" ${online_devices_arr[@]}
+
+      fi # END: if $device_is_online; then
+
+   done # End: for inet_device in "${inet_devices_arr[@]}"
+
+
+   if $changed ; then
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Status Online Devices changed" >> $log_file
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Online Devices: ${online_devices_arr[@]}" >> $log_file
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Reconfigure Routing: invoking script \"$netconfig_script\".." >> $log_file
+      if [[ -z "${online_devices_arr[@]}" ]]; then
+         if $DEBUG ; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $netconfig_script $INITIAL_DEVICE_LIST" >> $log_file 
+         fi
+
+         $netconfig_script $INITIAL_DEVICE_LIST > /dev/null 2>&1
+      else
+         
+         _LIST=
+         for _device in ${online_devices_arr[@]} ; do
+            _LIST="$_LIST $_device"
+         done
+         _LIST=`echo "${_LIST}" | sed -e 's/^[ \t]*//'`
+         if $DEBUG ; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $netconfig_script -l \"$_LIST\" $INITIAL_DEVICE_LIST" >> $log_file 
+         fi
+         $netconfig_script -l "$_LIST" $INITIAL_DEVICE_LIST > /dev/null 2>&1
+      fi
+
+      datum=`date +"%d.%m.%Y"`
+      msg="[ `date +\"%H:%M:%S\"` ]: Status Online Devices changed..\n              Online Devices: ${online_devices_arr[@]}\n\n              Script \"$netconfig_script\" was invoked to reconfigure routing."
+      echo -e "To:${admin_email}\n${content_type}\nSubject:DSL Status changed $company -- $datum\n\n${msg}\n" | /usr/sbin/sendmail -F "DSL Monitoring $company" -f $from_address $admin_email 2> /dev/null
+   fi # END if $changed
+
+
+   ## - Set IP-adresses for Ping-Test at next run
+   ## -
+   if [[ ${#online_devices_arr[@]} -gt 0 ]]; then
+
+      ## - Try to set IP-Addresses for ping test
+      ## -
+      set_ping_addresses
+
+   elif [[ ${#dsl_gw_available_arr[@]} -gt 0 ]]; then
+
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Try to set default gateway to an existing DSL line .." >> $log_file
+
+      __set_default_gatway=false
+      default_gw_deleted=false
+
+      for _device in "${dsl_devices_arr[@]}" ; do
+
+         if $DEBUG ; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Device: $_device - Gateway: ${dsl_gw_available_arr[$_device]}" >> $log_file
+         fi
+
+         if [[ -n "${dsl_gw_available_arr[$_device]}" ]]; then
+
+            ## - Delete old default route
+            ## -
+            if ! $default_gw_deleted ; then
+               if $DEBUG ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route delete default" >> $log_file
+                  /sbin/ip route delete default >> $log_file 2>&1
+               else
+                  /sbin/ip route delete default > /dev/null 2>&1
+               fi
+               default_gw_deleted=true
+            fi
+            
+            ## - Try to set default gateway to this DSL connection
+            ## -
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route add default via ${dsl_gw_available_arr[$_device]} dev $_device" >> $log_file
+               /sbin/ip route add default via ${dsl_gw_available_arr[$_device]} dev $_device >> $log_file 2>&1
+            else
+               /sbin/ip route add default via ${dsl_gw_available_arr[$_device]} dev $_device > /dev/null 2>&1
+            fi
+            if [[ "$?" == "0" ]]; then
+               __set_default_gatway=true
+               break
+            fi
+         fi
+
+      done # END: for _device in "${inet_devices_arr[@]}"
+
+      if ! $__set_default_gatway ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] No default gateway (for DSL Device ${_device}) is set!"  >> $log_file
+      else
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Default gateway on DSL Device $_device is set to ${inet_devices_arr[$_device]}"  >> $log_file 
+
+
+         ## - Try to set IP-Addresses for ping test
+         ## -
+         set_ping_addresses
+      fi
+
+   elif [[  ${#static_devices_arr[@]} -gt 0 ]]; then
+
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Try to set default gateway to an existing static line .." >> $log_file
+
+      __set_default_gatway=false
+      default_gw_deleted=false
+
+      for _device in "${static_devices_arr[@]}" ; do
+
+            ## - Delete old default route
+            ## -
+            if ! $default_gw_deleted ; then
+               if $DEBUG ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route delete default" >> $log_file
+                  /sbin/ip route delete default >> $log_file 2>&1
+               else
+                  /sbin/ip route delete default > /dev/null 2>&1
+               fi
+               default_gw_deleted=true
+            fi
+
+            ## - Set new default route
+            ## -
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device" >> $log_file
+               /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device >> $log_file 2>&1
+            else
+               /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device > /dev/null 2>&1
+            fi
+
+            if [[ "$?" == 0 ]] ; then
+               __set_default_gatway=true
+               break
+            fi
+      done
+
+      if ! $__set_default_gatway ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] No default gateway is set!"  >> $log_file
+      else
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Default gateway is set to ${static_gw_arr[$_device]}"  >> $log_file
+
+         ## - Try to set IP-Addresses for ping test
+         ## -
+         set_ping_addresses
+
+      fi
+
+   fi # if [[ ${#online_devices_arr[@]} -gt 0 ]]
+
+   sleep 30
+
+done
+
+exit 0
diff --git a/B3-Bornim/sbin/ipt-firewall-gateway b/B3-Bornim/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..5be1a57
--- /dev/null
+++ b/B3-Bornim/sbin/ipt-firewall-gateway
@@ -0,0 +1,3947 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/B3-Bornim/sbin/netconfig.sh b/B3-Bornim/sbin/netconfig.sh
new file mode 100755
index 0000000..bce0dee
--- /dev/null
+++ b/B3-Bornim/sbin/netconfig.sh
@@ -0,0 +1,993 @@
+#!/usr/bin/env bash
+
+## -------------------------------------------------------------------
+## --- All Configurations ill be done in /etc/check_net/check_net.conf
+## -------------------------------------------------------------------
+
+## - Load Configuration
+## -
+source /etc/check_net/check_net.conf
+
+
+## ------------------
+## --- Some functions
+## ------------------
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+fatal(){
+   echo ""
+   echo -e "[ \033[31m\033[1mError\033[m ]: $*"
+   echo ""
+   echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m"
+   echo ""
+
+   echo "" >> $log_file
+   echo "[ Error ]: $*" >> $log_file
+   echo "" >> $log_file
+   echo "           Script is canceled." >> $log_file
+   echo "" >> $log_file
+
+   exit 1
+}
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
+usage() {
+   echo 
+   [ -n  "$1" ] && echo -e "[ \033[1;31mError\033[m ] : $1\n"
+
+echo -e "   Usage:"
+echo -e "          \033[1m`basename $0` [OPTIONS] <device1> <device2> ..\033[m"
+echo ""
+echo -e "   This script configures the default route, especially if more than one"
+echo -e "   route to the internet exists. Also the routing tables are managed by this"
+echo -e "   script."
+echo ""
+echo -e "   The Parameter \033[1mdevice list\033[m contains all network devices, which should have"
+echo -e "   a connection to the Internet. Tha can be DSL lines as well as static lines."
+echo -e "   The declaration of the device list is mandatory."
+echo ""
+echo -e "   \033[1mNotice\033[m"
+echo -e "      Declare the device list in the order of your preferred default gatway devices."
+echo ""
+echo -e "   \033[1mNotice\033[m"
+echo -e "      On static line devices \033[1mappend \":<gateway>\033[m. This is very important,"
+echo -e "      otherwise this script will \033[1mNOT work as expected\033[m."
+echo ""
+echo -e "   If this script is invoked with option \033[1m-m\033[m, another script called \033[1m`basename $check_script`\033[m"
+echo -e "   will be triigered to monitor the devices and informs about changes (online/offline"
+echo -e "   status) of the given devices. If the status of a line has changed, this script"
+echo -e "   is reinvoked by the monitoring script \033[1m`basename $check_script`\033[m to reconfigure"
+echo -e "   the routing."
+echo ""
+echo -e "   Options:"
+echo ""
+echo -e "      \033[1m-h\033[m"
+echo -e "         Prints this help\033[m"
+echo ""   
+echo -e "      \033[1m-l <list of online devices>\033[m"
+echo -e "         List of all (internet) devices known as online. Usually, this option will"
+echo -e "         be used by triggering this script from check script \033[1m`basename $check_script`\033[m."
+echo ""   
+echo -e "      \033[1m-m\033[m"
+echo -e "          Activates monitoring of the given network devices."
+echo ""
+echo -e "   Example:"
+echo -e "      - Simply configure routing for devices \"$_INITIAL_DEVICE_LIST\""
+echo -e "            \033[1m`basename $0` $_INITIAL_DEVICE_LIST\033[m"
+echo ""
+echo -e "      - Configure routing for devices \"$_INITIAL_DEVICE_LIST\" and activate monitoring"
+echo -e "            \033[1m`basename $0` -m $_INITIAL_DEVICE_LIST\033[m"
+echo ""
+
+exit 1
+}
+
+if [[ ! -f "$check_script" ]] ; then 
+   fatal "Check script \033[1m$check_script\033[m not found!" 
+fi
+ 
+if [[ "`which sipcalc`" == "" ]]; then
+   fatal "\033[1msipcalc\033[m must be installed to run this script"
+fi
+
+if [[ $EUID -ne 0 ]]; then
+   fatal "This script must be run as root" 1>&2
+fi
+
+## ---
+## --- Configure
+## ---
+
+_monitoring=false
+ONLINE_DEVICE_LIST=
+while getopts hl:m opt ; do
+   case $opt in
+      h) usage
+         ;;
+      l) ONLINE_DEVICE_LIST=$OPTARG
+         ;;
+      m) _monitoring=true
+         ;;
+   esac
+done
+
+shift `expr $OPTIND - 1`
+
+INITIAL_DEVICE_LIST="$@"
+if [[ -z "$INITIAL_DEVICE_LIST" ]]; then
+   INITIAL_DEVICE_LIST=$_INITIAL_DEVICE_LIST
+fi
+
+[[ -z "$INITIAL_DEVICE_LIST" ]] && usage "No device list given"
+
+## - Define (non associative) array
+## -
+declare -a inet_devices_arr
+declare -a dsl_devices_arr
+declare -a static_devices_arr
+declare -a online_devices_arr
+declare -A static_gw_arr
+
+for _device in $INITIAL_DEVICE_LIST ; do
+   if [[ "$_device" =~ : ]]; then
+      static_gateway="${_device##*:}"
+      _device="${_device%:*}"
+      static_gw_arr[$_device]="$static_gateway"
+
+      static_devices_arr+=("$_device")
+
+   else
+      dsl_devices_arr+=("$_device")
+   fi
+   inet_devices_arr+=("$_device")
+done
+
+for _online_device in $ONLINE_DEVICE_LIST ; do
+   online_devices_arr+=("$_online_device")
+done
+
+
+#echo "All Devices:"
+#for _device in "${inet_devices_arr[@]}" ; do
+#   echo -e "\t$_device"
+#done
+#echo "Online Devices:"
+#for _device in "${online_devices_arr[@]}" ; do
+#   echo -e "\t$_device"
+#done
+#
+#for inet_device in "${inet_devices_arr[@]}" ; do
+#   if [ -n "$ONLINE_DEVICE_LIST" ]; then
+#      if ! containsElement "$inet_device" "${online_devices_arr[@]}" ; then
+#         echo "$inet_device is offline"
+#         continue
+#      fi
+#   fi
+#done
+#
+#echo ""
+#exit
+
+
+## - Define associative arrays
+## -
+declare -A default_gw_arr 
+declare -A gw_connection_arr
+
+declare -i number_rt_table=0
+
+
+## ---
+## --- Start
+## ---
+
+#echo "" >> $log_file
+#echo "" >> $log_file
+#echo "#############################" >> $log_file
+#echo "### ---" >> $log_file
+#echo "### --- [ `date +'%Y-%m-%d %H:%M'` ]: Starting Script `basename $0`.." >> $log_file
+#echo "### ---                       Devices all:    $INITIAL_DEVICE_LIST" >> $log_file
+#echo "### ---                       Devices online: $ONLINE_DEVICE_LIST" >> $log_file
+#echo "### ---" >> $log_file
+#echo "### ---" >> $log_file
+#echo "#############################" >> $log_file
+
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Starting Script `basename $0`.." >> $log_file
+echo "                              Devices all:    $INITIAL_DEVICE_LIST" >> $log_file
+echo "                              Devices online: $ONLINE_DEVICE_LIST" >> $log_file
+
+configured=false
+if $_monitoring ; then
+   max_attempts=20
+else
+   max_attempts=1
+fi
+declare -i _try_number=0
+declare -i prio=0
+
+while  ! $configured && [ $_try_number -lt $max_attempts ]  ; do
+
+   let _try_number++
+
+   if [ $_try_number -gt 1 ]; then
+      echo "" >> $log_file
+      echo "# --- sleeping 2 seconds before attempt number $_try_number" >> $log_file
+      sleep 2
+   fi
+
+   number_rt_table=0
+
+   #for inet_device in "${dsl_devices_arr[@]}" ; do
+   for inet_device in "${inet_devices_arr[@]}" ; do
+
+      ## - Create routing table name
+      ## - 
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then      
+         __name=`echo $inet_device | cut -d '-' -f2`
+         rt_name="dsl_$__name"
+      else
+         __name=`echo $inet_device | cut -d '-' -f1`
+         rt_name="static_$__name"
+      fi
+
+      if ! $_monitoring ; then
+
+         ## - Check if device was reported (from check script) as offline
+         ## -
+         _offline=false
+         if [ -n "$ONLINE_DEVICE_LIST" ]; then
+            if ! containsElement "$inet_device" "${online_devices_arr[@]}" ; then
+               _offline=true
+            fi
+         else
+            _offline=true
+         fi
+
+         ## - Cleanup routing tables
+         ## -
+         if $_offline ; then
+
+            if $LOGGING_CONSOLE ; then
+               echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" was reported to be down !"
+               echo -e "\t           So device \"$inet_device\" will be excluded from routing."
+            fi
+
+            echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" was reported to be down !" >> $log_file
+            echo -e "\t           So device \"$inet_device\" will be excluded from routing." >> $log_file
+
+            ## - Delete all existing entries of this routing table
+            ## -
+            echo "" >> $log_file
+            echo "## - Delete all existing entries of routing table \"$rt_name\"" >> $log_file
+            echo "## -" >> $log_file
+            echo "/sbin/ip route flush table $rt_name" >> $log_file
+            /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+            if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 ; then
+               ## - Delete all rules concerning table $rt_name
+               ## -
+               echo "" >> $log_file
+               echo "## - Delete all rules concerning routing table $rt_name" >> $log_file
+               echo "## -" >> $log_file
+               while read line ; do
+                  direction=`echo $line | awk '{print$2}'`
+                  ip=`echo $line | awk '{print$3}'`
+                  echo "/sbin/ip rule delete $direction $ip table $rt_name"  >> $log_file
+                  /sbin/ip rule delete $direction $ip table $rt_name
+               done < <(/sbin/ip rule | grep $rt_name)
+               echo "" >> $log_file
+            fi # End: if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 
+
+            continue
+
+         fi # End: if $_offline
+      fi # End: if ! $_monitoring ; then
+
+      let number_rt_table="$number_rt_table+100"
+      prio=0
+
+
+      ## - Add new routing table to /etc/iproute2/rt_tables
+      ## - if not yet exists
+      ## -
+      if ! grep $rt_name /etc/iproute2/rt_tables > /dev/null 2>&1 ; then
+
+         echo "" >> $log_file
+         echo "## - Add new routing table to /etc/iproute2/rt_tables" >> $log_file
+         echo "## -" >> $log_file
+         echo "echo \"$number_rt_table $rt_name\" >> /etc/iproute2/rt_tables" >> $log_file
+
+         echo -e "$number_rt_table\t$rt_name" >> /etc/iproute2/rt_tables
+      fi
+
+      ## - Is the device present and has local Address ?
+      ## -
+      local_gw_address=`ifconfig $inet_device 2> /dev/null | grep "inet Adresse" | cut -d":" -f2 | cut -d" " -f1`
+      if [ -z $local_gw_address ]; then
+         if $LOGGING_CONSOLE ; then
+            echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !"
+            echo -e "\t           No local address was found."
+         fi
+
+         echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !" >> $log_file
+         echo -e "\t           No local address was found." >> $log_file
+
+
+         ## - Cleanup routing tables
+         ## -
+         ## - Delete all existing entries of this routing table
+         ## -
+         echo "" >> $log_file
+         echo "## - Delete all existing entries of this routing table" >> $log_file
+         echo "## -" >> $log_file
+         echo "/sbin/ip route flush table $rt_name" >> $log_file
+         /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+         if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 ; then
+            ## - Delete all rules concerning table $rt_name
+            ## -
+            echo "" >> $log_file
+            echo "## - Delete all rules concerning routing table $rt_name" >> $log_file
+            echo "## -" >> $log_file
+            while read line ; do
+               direction=`echo $line | awk '{print$2}'`
+               ip=`echo $line | awk '{print$3}'`
+               echo "/sbin/ip rule delete $direction $ip table $rt_name"  >> $log_file
+               /sbin/ip rule delete $direction $ip table $rt_name
+            done < <(/sbin/ip rule | grep $rt_name)
+            echo "" >> $log_file
+         fi
+
+         continue
+      fi # End: if [ -z $local_gw_address ]
+
+      ## - Is the DSL-device known and has remote Address ?
+      ## -
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+         remote_gw_address=`ifconfig $inet_device 2> /dev/null | grep "inet Adresse"  | cut -d":" -f3 | cut -d" " -f1`
+         remote_gw_net="$remote_gw_address/32"
+      else
+         net_address=`sipcalc $inet_device 2> /dev/null | grep -i -e "^network\s*address\s*-" | awk '{print$4}'`
+         remote_gw_address=${static_gw_arr[$inet_device]}
+         _netmask_bits=`sipcalc $inet_device 2> /dev/null | grep -i -e "Network\s*mask\s*(bits)" | awk '{print$5}'`
+         remote_gw_net="${net_address}/$_netmask_bits"
+      fi
+      if [ -z $remote_gw_address ]; then
+         if $LOGGING_CONSOLE ; then
+            echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !"
+            echo -e "\t           No remote gateway was found."
+         fi
+
+
+         echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !" >> $log_file
+         echo -e "\t           No remote gateway was found." >> $log_file
+
+         ## - Cleanup routing tables
+         ## -
+         ## - Delete all existing entries of this routing table
+         ## -
+         echo "" >> $log_file
+         echo "## - Delete all existing entries of this routing table" >> $log_file
+         echo "## -" >> $log_file
+         echo "/sbin/ip route flush table $rt_name" >> $log_file
+         /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+         if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 ; then
+            ## - Delete all rules concerning table $rt_name
+            ## -
+            echo "" >> $log_file
+            echo "## - Delete all rules concerning routing table $rt_name" >> $log_file
+            echo "## -" >> $log_file
+            while read line ; do
+               direction=`echo $line | awk '{print$2}'`
+               ip=`echo $line | awk '{print$3}'`
+               echo "/sbin/ip rule delete $direction $ip table $rt_name"  >> $log_file
+               /sbin/ip rule delete $direction $ip table $rt_name
+            done < <(/sbin/ip rule | grep $rt_name)
+            echo "" >> $log_file
+         fi
+
+         continue
+      fi
+
+      ## - Device already configured by that script?
+      ## -
+      if [ ${default_gw_arr[$inet_device]+_} ] ; then
+         continue
+      fi
+ 
+
+      # -
+      # - Ready to start configuration for that device
+      # - 
+      echo "" >> $log_file
+      echo "# ---" >> $log_file
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+         echo "# --- Routing Table for (DSL) network device \"$inet_device\" was created" >> $log_file
+      else
+         echo "# --- Routing Table for (static line) network device \"$inet_device\"" >> $log_file
+      fi
+      echo "# ---" >> $log_file
+
+      if $LOGGING_CONSOLE ; then
+         echo
+         echo
+         if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+            echo -e "\t--- DSL Connection at interface $inet_device"
+         else
+            echo -e "\t--- Static Connection at interface $inet_device"
+         fi
+         echo -e "\t---"
+         echo -e "\tRouting Table Name..: $rt_name"
+         echo
+         echo -e "\tInterface...........: $inet_device"
+         echo
+         echo -e "\tLocal GW address....: $local_gw_address"
+         echo -e "\tRemote GW address...: $remote_gw_address"
+         echo -e "\tRemote network......: $remote_gw_net"
+         echo
+      fi
+      echo "# --- Routing Table Name..: $rt_name" >> $log_file
+      echo "# --- " >> $log_file
+      echo "# --- Interface...........: $inet_device" >> $log_file
+      echo "# --- " >> $log_file
+      echo "# --- Local GW address....: $local_gw_address" >> $log_file
+      echo "# --- Remote GW address...: $remote_gw_address" >> $log_file
+      echo "# --- Remote network......: $remote_gw_net" >> $log_file
+      echo "# --- " >> $log_file
+
+      ## - Read routing table from output of "netstat -rn"
+      ## -
+      routing_table_main_arr=()
+      while read  _destination _gateway _genmask _flags _mss _window _irtt _iface; do 
+         if [ "$_destination" = "Destination" -o "$_destination" = "Kernel" \
+            -o "$_destination" = "Ziel" -o "$_destination" = "Kernel-IP-Routentabelle" ]; then 
+               continue 
+         fi  
+         routing_table_main_arr+=("$_destination $_gateway $_genmask $_iface")
+      done < <(netstat -rn)
+
+      ## - First delete all existing entries of this routing table
+      ## -
+      echo "" >> $log_file
+      echo "## - First delete all existing entries of this routing table" >> $log_file
+      echo "## -" >> $log_file
+      echo "/sbin/ip route flush table $rt_name" >> $log_file
+      /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+
+      ## - Add loopback device to routing table $rt_name
+      ## -
+      echo "" >> $log_file
+      echo "## - Add loopback device to routing table $rt_name " >> $log_file
+      echo "## -" >> $log_file
+      echo "/sbin/ip route add 127.0.0.0/8 dev lo table table $rt_name" >> $log_file
+      /sbin/ip route add 127.0.0.0/8 dev lo table $rt_name >> $log_file 2>&1
+
+
+      ## - Add routing tables of all (local) network interfaces
+      ## -
+      echo "" >> $log_file
+      echo "## - Add routing tables of all (local) network interfaces" >> $log_file
+      echo "## -" >> $log_file
+      for _entry in "${routing_table_main_arr[@]}" ; do
+         dest=`echo $_entry | cut -d " " -f1`
+         gateway=`echo $_entry | cut -d " " -f2`
+         genmask=`echo $_entry | cut -d " " -f3`
+         iface=`echo $_entry | cut -d " " -f4`
+
+         ## - We will set default route later..
+         ## -
+         if  [ "$dest" = "0.0.0.0" ]; then
+            continue
+         fi
+
+         ## - Is this a "ppp"-device ?
+         ## -
+         if [[ "$iface" =~ "ppp" ]]; then
+            continue
+         fi
+
+         if [ "$dest" = "$remote_gw_address" ]; then
+            continue
+         fi
+
+         if [ "$gateway" = "0.0.0.0" ]; then
+            echo "/sbin/ip route add ${dest}/$genmask dev $iface table $rt_name" >> $log_file
+            /sbin/ip route add ${dest}/$genmask dev $iface table $rt_name >> $log_file 2>&1
+         else
+            echo "/sbin/ip route add ${dest}/$genmask via $gateway table $rt_name" >> $log_file
+            /sbin/ip route add ${dest}/$genmask via $gateway table $rt_name >> $log_file 2>&1
+         fi
+      done
+
+      ## - Add this connection to the routing table
+      ## -
+      echo "" >> $log_file
+      echo "## - Add this connection to the routing table $rt_name" >> $log_file
+      echo "## -" >> $log_file
+
+      if $USE_REMOTE_GATEWAY_ADDRESS ; then
+         ## - Remote Network: $remote_gw_net
+         ## -
+         echo "/sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address table $rt_name" >> $log_file
+         /sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address table $rt_name >> $log_file 2>&1
+      else
+         ## - Remote Network: 0.0.0.0
+         ## -
+         echo "/sbin/ip route add 0.0.0.0 dev $inet_device src $local_gw_address table $rt_name" >> $log_file
+         /sbin/ip route add 0.0.0.0 dev $inet_device src $local_gw_address table $rt_name >> $log_file 2>&1
+      fi
+
+      if $SET_MULTIPLE_DEFAULT_GW ; then
+         if /sbin/ip route show table main | grep -e "^$remote_gw_address" | grep $inet_device  > /dev/null 2>&1 ; then
+            echo "" >> $log_file
+            echo "## - Delete route via (dsl remote) host $remote_gw_address" >> $log_file
+            echo "## -"
+            echo "/sbin/ip route delete $remote_gw_address dev $inet_device" >> $log_file
+            /sbin/ip route delete $remote_gw_address dev $inet_device >> $log_file 2>&1
+         fi
+
+         echo "" >> $log_file
+         echo "## - Add this connection also to the main routing table" >> $log_file
+         echo "## -" >> $log_file
+         echo "/sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address" >> $log_file
+         /sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address >> $log_file 2>&1
+      fi
+
+      ## - Remeber that route in order to add it to the routing table
+      ## - of other connections
+      ## -
+      gw_connection_arr[$inet_device]="$remote_gw_net $local_gw_address" 
+      
+
+      ## - Add the connections associated gateway as default gateway for this
+      ## - routing table
+      ## -
+      echo "" >> $log_file
+      echo "## - Add the connections associated gateway as default gateway for this" >> $log_file
+      echo "## - routing table" >> $log_file
+      echo "## -" >> $log_file
+
+      if $USE_REMOTE_GATEWAY_ADDRESS ; then
+         ## - Default Gatway: $remote_gw_address
+         ## -
+         #echo "/sbin/ip route add default via $remote_gw_address dev $inet_device table $rt_name" >> $log_file
+         #/sbin/ip route add default via $remote_gw_address dev $inet_device table $rt_name >> $log_file 2>&1
+         echo "/sbin/ip route add default via $remote_gw_address table $rt_name" >> $log_file
+         /sbin/ip route add default via $remote_gw_address table $rt_name >> $log_file 2>&1
+      else
+         ## - Default Gatway: 0.0.0.0
+         ## -
+         echo "/sbin/ip route add default via 0.0.0.0 dev $inet_device table $rt_name" >> $log_file
+         /sbin/ip route add default via 0.0.0.0 dev $inet_device table $rt_name >> $log_file 2>&1
+      fi
+
+
+      ## - Make sure that a reply goes out over the same connection as came in
+      ## - 
+      echo "" >> $log_file
+      echo "## - Make sure that a reply goes out over the same connection as came in" >> $log_file
+      echo "## -" >> $log_file
+
+      if ! /sbin/ip rule | grep "from $local_gw_address" > /dev/null 2>&1 ; then
+         let prio="$number_rt_table"
+         echo "/sbin/ip rule add from $local_gw_address table $rt_name prio $prio" >> $log_file
+         /sbin/ip rule add from $local_gw_address table $rt_name prio $prio >> $log_file 2>&1
+         #let prio="10+$prio"
+         #echo "/sbin/ip rule add to $local_gw_address table $rt_name prio $prio" >> $log_file
+         #/sbin/ip rule add to $local_gw_address table $rt_name prio $prio >> $log_file 2>&1
+      else
+         let prio="1010+$number_rt_table"
+         echo -e "#\t[ info ]: Rule already exists.." >> $log_file
+      fi
+
+
+      ## ---
+      ## --- Special Routing (local) IP-Address OUT
+      ## ---
+
+      if [[ ${#rule_local_ip_arr[@]} -gt 0 ]] ; then
+
+         let prio="1000+${number_rt_table}+10"
+
+         for _val in "${rule_local_ip_arr[@]}" ; do
+
+            IFS=':' read -a _val_arr <<< "${_val}"
+
+            if [[ "${_val_arr[0]}" = "$inet_device" ]]; then
+
+               echo "" >> $log_file
+               echo "## - Rule ${prio}: from ${_val_arr[1]} through ${_val_arr[0]}" >> $log_file
+               echo "## -" >> $log_file
+               if ! /sbin/ip rule | grep "from ${_val_arr[1]} " > /dev/null 2>&1 ; then
+                  echo "/sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio" >> $log_file
+                  /sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio >> $log_file 2>&1
+               else
+                  echo "# Rule already exists" >> $log_file
+               fi
+               prio="10+$prio"
+            fi
+         done
+      fi
+
+
+
+      ## ---
+      ## --- Special Routing (remote) Services
+      ## ---
+
+      if [[ ${#rule_remote_ip_arr[@]} -gt 0 ]] ; then
+
+         let prio="5000+${number_rt_table}+10"
+
+         for _val in "${rule_remote_ip_arr[@]}" ; do
+
+            IFS=':' read -a _val_arr <<< "${_val}"
+
+            if [[ "${_val_arr[0]}" = "$inet_device" ]]; then
+
+               echo "" >> $log_file
+               echo "## - Rule ${prio}: to ${_val_arr[1]} through ${_val_arr[0]}" >> $log_file
+               echo "## -" >> $log_file
+               if ! /sbin/ip rule | grep "to ${_val_arr[1]} " > /dev/null 2>&1 ; then
+                  echo "/sbin/ip rule add to ${_val_arr[1]} table $rt_name prio $prio" >> $log_file
+                  /sbin/ip rule add to ${_val_arr[1]} table $rt_name prio $prio >> $log_file 2>&1
+               else
+                  echo "# Rule already exists" >> $log_file
+               fi
+               prio="10+$prio"
+            fi
+         done
+      fi
+
+
+      ## ---
+      ## --- Special Routing Networks
+      ## ---
+
+      if [[ ${#rule_local_net_arr[@]} -gt 0 ]] ; then
+
+         let prio="10000+${number_rt_table}+10"
+
+         for _val in "${rule_local_net_arr[@]}" ; do
+
+            IFS=':' read -a _val_arr <<< "${_val}"
+
+            if [[ "${_val_arr[0]}" = "$inet_device" ]]; then
+
+               echo "" >> $log_file
+               echo "## - Rule ${prio}: from ${_val_arr[1]} through ${_val_arr[0]}" >> $log_file
+               echo "## -" >> $log_file
+               if ! /sbin/ip rule | grep "from ${_val_arr[1]} " > /dev/null 2>&1 ; then
+                  echo "/sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio" >> $log_file
+                  /sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio >> $log_file 2>&1
+               else
+                  echo "# Rule already exists" >> $log_file
+               fi
+               prio="10+$prio"
+            fi
+         done
+      fi
+
+
+      ## - Add this connection to the routing tables of other already configured dsl-connections
+      ## -
+      ## - Note:
+      ## -    Connections which will be configured later at this loop will
+      ## -    not have that connection in their routing tables. So you have 
+      ## -    to add missing routes at the end (after that loop has finisched).
+      ## -
+      ## -    _key is eqal to the ppp-device
+      ## -
+      for _key in "${!gw_connection_arr[@]}"; do
+
+         if containsElement "$_key" "${dsl_devices_arr[@]}" ; then      
+            __name=`echo $_key | cut -d '-' -f2`
+            _rt_name="dsl_$__name"
+         else
+            __name=`echo $_key | cut -d '-' -f1`
+            _rt_name="static_$__name"
+         fi
+         if [[ "$_rt_name" == "$rt_name" ]]; then
+            continue
+         fi
+
+         _local_gw_address=`echo ${gw_connection_arr[$_key]} | cut -d " " -f2`
+         _remote_gw_net=`echo ${gw_connection_arr[$_key]} | cut -d " " -f1`
+         echo "" >> $log_file
+         echo "## - Add this connection to the routing table \"$_rt_name\"" >> $log_file
+         echo "## -" >> $log_file
+
+         if $USE_REMOTE_GATEWAY_ADDRESS ; then
+            ## - Remote Network: $_remote_gw_net
+            ## -
+            if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw_net\s+dev\s+$_key" >/dev/null 2>&1 ; then
+               _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+               if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw\s+dev\s+$_key" >/dev/null 2>&1 ; then
+                  echo "/sbin/ip route add $_remote_gw_net dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+                  /sbin/ip route add $_remote_gw_net dev $_key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               else
+                  echo -e "#\t[ info ]: Connection through $_key is already part of table $_rt_name" >> $log_file
+               fi
+            fi
+         else
+            ## - Remote Network: 0.0.0.0
+            ## -
+            if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$_key" >/dev/null 2>&1 ; then
+               _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+               if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$_key" >/dev/null 2>&1 ; then
+                  echo "/sbin/ip route add 0.0.0.0 dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+                  /sbin/ip route add 0.0.0.0 dev $_key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               else
+                  echo -e "#\t[ info ]: Connection through $_key is already part of table $_rt_name" >> $log_file
+               fi
+            fi
+         fi
+      done 
+
+
+      ## - Add this gateway data to the array concerning all outgoing gatways 
+      ## -
+      #default_gw_arr[$inet_device]="$local_gw_address"
+      default_gw_arr[$inet_device]="$remote_gw_address"
+
+
+      if $SET_MULTIPLE_DEFAULT_GW ; then
+
+         default_gw_arg=""
+         for _key in "${!default_gw_arr[@]}"; do
+
+            if $USE_DEFAULT_GW_ADDRESS ; then
+               ## - Default Gateway: $remote_gw_address
+               ## -
+               default_gw_arg="$default_gw_arg nexthop via ${default_gw_arr[$_key]} dev $_key weight 1"
+            else
+               ## - Default Gateway: 0.0.0.0
+               ## -
+               default_gw_arg="$default_gw_arg nexthop via 0.0.0.0 dev $_key weight 1"
+            fi
+
+         done 
+         if [ -n "$default_gw_arg" ] ; then
+            echo "" >> $log_file
+            echo "## - Add multiple default gateways" >> $log_file
+            echo "## -" >> $log_file
+            echo "/sbin/ip route delete default" >> $log_file
+            /sbin/ip route delete default >> $log_file 2>&1
+            echo "/sbin/ip route add default scope global $default_gw_arg" >> $log_file
+            /sbin/ip route add default scope global $default_gw_arg >> $log_file 2>&1
+         else
+            echo "" >> $log_file
+            echo "## -" >> $log_file
+            echo "## - [ Warning]: No default gateway found!" >> $log_file
+            echo "## -" >> $log_file
+         fi
+
+      fi
+
+
+
+      ## - Notice:
+      ## - It is possible to first make a number of changes and then flush 
+      ## - the cache so that all of the changes will be implemented simultaneously. 
+      ## - This is actually convenient when working on an active router. 
+      ## -
+      echo "" >> $log_file
+      echo "## - Flush table cache" >> $log_file
+      echo "## -" >> $log_file
+      echo "/sbin/ip route flush table cache" >> $log_file
+      /sbin/ip route flush table cache >> $log_file 2>&1
+
+      echo "" >> $log_file
+
+      if [ ${#default_gw_arr[@]} -eq ${#inet_devices_arr[@]} ]; then
+         configured=true
+      fi
+
+   done
+
+done
+
+
+## - Some dsl-connections maybe not known to all routing tables. So add
+## - the missing routes to the appropriate tables..
+## -
+echo "" >> $log_file
+echo "" >> $log_file
+echo "## - Some dsl-connections maybe not known to all routing tables. So add" >> $log_file
+echo "## - the missing routes to the appropriate tables.." >> $log_file
+echo "## -" >> $log_file
+_changed=false
+
+if $USE_REMOTE_GATEWAY_ADDRESS ; then
+   ## - Remote Network: $_remote_gw_net
+   ## -
+   for _key in "${!gw_connection_arr[@]}"; do
+
+      if containsElement "$_key" "${dsl_devices_arr[@]}" ; then      
+         __name=`echo $_key | cut -d '-' -f2`
+         _rt_name="dsl_$__name"
+      else
+         __name=`echo $_key | cut -d '-' -f1`
+         _rt_name="static_$__name"
+      fi
+
+      echo "# Routing Table \"$_rt_name\"" >> $log_file
+      for __key in "${!gw_connection_arr[@]}"; do
+         _local_gw_address=`echo ${gw_connection_arr[$__key]} | cut -d " " -f2`
+         _remote_gw_net=`echo ${gw_connection_arr[$__key]} | cut -d " " -f1`
+         if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw_net\s+dev\s+$__key" >/dev/null 2>&1 ; then
+            _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+            if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw\s+dev\s+$__key" >/dev/null 2>&1 ; then
+               #echo "/sbin/ip route add $_remote_gw_net dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+               #/sbin/ip route add $_remote_gw_net dev $__key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               echo "/sbin/ip route add $_remote_gw dev $__key table $_rt_name" >> $log_file
+               /sbin/ip route add $_remote_gw dev $__key table $_rt_name >> $log_file 2>&1
+               _changed=true
+            else
+               echo -e "#\t[ info ]: Connection through $__key is already part of table $_rt_name" >> $log_file
+            fi
+         fi
+      done
+   done
+else
+   ## - Remote Network: 0.0.0.0
+   ## -
+   for _key in "${!gw_connection_arr[@]}"; do
+
+
+      if containsElement "$_key" "${dsl_devices_arr[@]}" ; then      
+         __name=`echo $_key | cut -d '-' -f2`
+         _rt_name="dsl_$__name"
+      else
+         __name=`echo $_key | cut -d '-' -f1`
+         _rt_name="static_$__name"
+      fi
+
+      echo "# Routing Table \"$_rt_name\"" >> $log_file
+      for __key in "${!gw_connection_arr[@]}"; do
+         _local_gw_address=`echo ${gw_connection_arr[$__key]} | cut -d " " -f2`
+         _remote_gw_net=`echo ${gw_connection_arr[$__key]} | cut -d " " -f1`
+         if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$__key" >/dev/null 2>&1 ; then
+            _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+            if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$__key" >/dev/null 2>&1 ; then
+               echo "/sbin/ip route add 0.0.0.0 dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+               /sbin/ip route add 0.0.0.0 dev $__key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               _changed=true
+            else
+               echo -e "#\t[ info ]: Connection through $__key is already part of table $_rt_name" >> $log_file
+            fi
+         fi
+      done
+   done
+fi
+
+
+## - If not using multiple default gatways, set the default gateway here
+## -
+if ! $SET_MULTIPLE_DEFAULT_GW ; then
+
+   __set_default_gatway=false
+
+   echo "" >> $log_file
+   echo "" >> $log_file
+   echo "## ---" >> $log_file
+   echo "## --- Add default gateway" >> $log_file
+   echo "## ---" >> $log_file
+
+   ## - Note: the first online device will become default route
+   ## -
+   for _device in "${inet_devices_arr[@]}" ; do
+      ## - Device online ?
+      if [ -n "${default_gw_arr[$_device]}" ]; then
+         echo "/sbin/ip route delete default" >> $log_file
+         /sbin/ip route delete default >> $log_file 2>&1
+         if $USE_REMOTE_GATEWAY_ADDRESS ; then
+            echo "/sbin/ip route add default via ${default_gw_arr[$_device]} dev $_device" >> $log_file
+            /sbin/ip route add default via ${default_gw_arr[$_device]} dev $_device >> $log_file 2>&1
+         else
+            echo "/sbin/ip route add default via 0.0.0.0 dev $_device" >> $log_file
+            /sbin/ip route add default via 0.0.0.0 dev $_device >> $log_file 2>&1
+         fi
+         __set_default_gatway=true
+         _changed=true
+         break
+      else
+         echo "" >> $log_file
+         echo -e "\t[ Warning ]: $_device is OFFLINE ! Trying next.."  >> $log_file
+      fi
+   done
+   if ! $__set_default_gatway ; then
+
+      echo "" >> $log_file
+      echo -e "\t[ Error ]: No connection is online!"  >> $log_file
+      echo -e "\t           Try to set default gateway from an existing static line .."  >> $log_file
+
+      ## - Notice:
+      ## -
+      ## - If no connection is available (the machine is fully offline), the check script will not 
+      ## - recognize, if the static line becomes online. A way to handle this is to let the
+      ## - default gateway active.
+      ## -
+      default_gw_deleted=false
+      for _device in "${inet_devices_arr[@]}" ; do
+         if containsElement "$_device" "${static_devices_arr[@]}" ; then
+
+            ## - Delete old default route
+            ## -
+            if ! $default_gw_deleted ; then
+               echo "" >> $log_file
+               echo "## - Delete existing default gatewy" >> $log_file
+               echo "## - " >> $log_file
+               echo "/sbin/ip route delete default" >> $log_file
+               /sbin/ip route delete default >> $log_file 2>&1
+               default_gw_deleted=true
+            fi
+
+            ## - Set new default route
+            ## -
+
+            echo "" >> $log_file
+            echo "## - Try to set default gateway to ${static_gw_arr[$_device]}.." >> $log_file
+            echo "## - " >> $log_file
+            echo "/sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device" >> $log_file
+            /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device >> $log_file 2>&1
+
+            if [[ "$?" == 0 ]] ; then
+               __set_default_gatway=true
+               break
+            fi
+         fi
+      done
+
+      if ! $__set_default_gatway ; then
+         echo "" >> $log_file
+         echo -e "\t[ Error ]: No default gateway is set!"  >> $log_file
+      fi
+   fi
+fi
+
+## - Flush the routing tables cache if somethimg has changed
+## -
+if $_changed ; then
+   echo "" >> $log_file
+   echo "" >> $log_file
+   echo "## - Some Routing tables has changed, so flush table cache" >> $log_file
+   echo "## -" >> $log_file
+   echo "/sbin/ip route flush table cache" >> $log_file
+   /sbin/ip route flush table cache >> $log_file 2>&1
+fi
+
+if $_monitoring ; then
+   echo "" >> $log_file
+   echo "" >> $log_file
+   echo "## - Starting monitoring script to check dsl connections.." >> $log_file
+   echo "## -" >> $log_file
+
+   if [[ -z "${!default_gw_arr[@]}" ]] ; then
+      echo "$check_script $INITIAL_DEVICE_LIST &"  >> $log_file 2>&1
+      $check_script $INITIAL_DEVICE_LIST &
+   else
+
+      _LIST=
+      for _device in ${!default_gw_arr[@]} ; do
+         _LIST="$_LIST $_device"
+      done
+      _LIST=`echo "${_LIST}" | sed -e 's/^[ \t]*//'`
+
+      echo "$check_script -l \"$_LIST\" $INITIAL_DEVICE_LIST &"  >> $log_file 2>&1
+      $check_script -l "$_LIST" $INITIAL_DEVICE_LIST &
+   fi
+fi
+
+echo "" >> $log_file
+echo "### -------------------------" >> $log_file
+
+exit 0
diff --git a/B3-Bornim/sbin/rebind b/B3-Bornim/sbin/rebind
new file mode 100755
index 0000000..c60e07b
--- /dev/null
+++ b/B3-Bornim/sbin/rebind
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+case "$1" in
+   on)
+      set -x
+      mount --bind /proc    /ro/proc
+      mount --bind /sys     /ro/sys
+      mount --bind /dev     /ro/dev
+      mount --bind /dev/pts /ro/dev/pts
+   ;;
+   off)
+      set -x
+      umount /ro/dev/pts
+      umount /ro/dev
+      umount /ro/sys
+      umount /ro/proc
+   ;;
+   *)
+      echo "Use: $0 (on|off)"
+esac
diff --git a/B3-Bornim/src/check_net b/B3-Bornim/src/check_net
new file mode 160000
index 0000000..6bde0e7
--- /dev/null
+++ b/B3-Bornim/src/check_net
@@ -0,0 +1 @@
+Subproject commit 6bde0e7c07c4d0ee8cc6f6aa37c49608fe924a5b
diff --git a/B3-Bornim/src/ipt-gateway b/B3-Bornim/src/ipt-gateway
new file mode 160000
index 0000000..de0ebb6
--- /dev/null
+++ b/B3-Bornim/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
diff --git a/B3-Bornim/src/openvpn b/B3-Bornim/src/openvpn
new file mode 160000
index 0000000..ebff5a5
--- /dev/null
+++ b/B3-Bornim/src/openvpn
@@ -0,0 +1 @@
+Subproject commit ebff5a557b537bcb8192d94f733c4df86594258d
diff --git a/B3-Bornim/src/postfix b/B3-Bornim/src/postfix
new file mode 160000
index 0000000..37b16e3
--- /dev/null
+++ b/B3-Bornim/src/postfix
@@ -0,0 +1 @@
+Subproject commit 37b16e39d82f50b5dce79b83810d10a37a83a741
diff --git a/CKUBU/.openvpn/123comics b/CKUBU/.openvpn/123comics
new file mode 100644
index 0000000..54b9c97
--- /dev/null
+++ b/CKUBU/.openvpn/123comics
@@ -0,0 +1 @@
+FHcXxR3wH7rrF4KCzcWqXzKc
diff --git a/CKUBU/.openvpn/ak b/CKUBU/.openvpn/ak
new file mode 100644
index 0000000..88842c9
--- /dev/null
+++ b/CKUBU/.openvpn/ak
@@ -0,0 +1 @@
+oot4yoociepaPuumahlieyie
diff --git a/CKUBU/.openvpn/ak.ALT b/CKUBU/.openvpn/ak.ALT
new file mode 100644
index 0000000..a020da5
--- /dev/null
+++ b/CKUBU/.openvpn/ak.ALT
@@ -0,0 +1 @@
+dbddhkpuka.&EadGl15E.
diff --git a/CKUBU/.openvpn/akb b/CKUBU/.openvpn/akb
new file mode 100644
index 0000000..21aecfe
--- /dev/null
+++ b/CKUBU/.openvpn/akb
@@ -0,0 +1 @@
+Boox9caegaijie4pihu7bu8gei0quo0h
diff --git a/CKUBU/.openvpn/anw-km b/CKUBU/.openvpn/anw-km
new file mode 100644
index 0000000..a020da5
--- /dev/null
+++ b/CKUBU/.openvpn/anw-km
@@ -0,0 +1 @@
+dbddhkpuka.&EadGl15E.
diff --git a/CKUBU/.openvpn/anw-urb b/CKUBU/.openvpn/anw-urb
new file mode 100644
index 0000000..78ee8f3
--- /dev/null
+++ b/CKUBU/.openvpn/anw-urb
@@ -0,0 +1 @@
+iBeiGo4she3oorae3ualuj4seegaiwih
diff --git a/CKUBU/.openvpn/b3-bornim b/CKUBU/.openvpn/b3-bornim
new file mode 100644
index 0000000..732f2e6
--- /dev/null
+++ b/CKUBU/.openvpn/b3-bornim
@@ -0,0 +1 @@
+yeeshohHu5acag7oosigohL0ud1iegh2
diff --git a/CKUBU/.openvpn/flr-brb b/CKUBU/.openvpn/flr-brb
new file mode 100644
index 0000000..500b2cb
--- /dev/null
+++ b/CKUBU/.openvpn/flr-brb
@@ -0,0 +1 @@
+He7eiChawau3Sae3matood5meiyezoeF
diff --git a/CKUBU/.openvpn/ga-nh-gw b/CKUBU/.openvpn/ga-nh-gw
new file mode 100644
index 0000000..f95cb7d
--- /dev/null
+++ b/CKUBU/.openvpn/ga-nh-gw
@@ -0,0 +1 @@
+UGhee6nieraepu0uaCh8lizainieLee2
diff --git a/CKUBU/.openvpn/ga-st-gw b/CKUBU/.openvpn/ga-st-gw
new file mode 100644
index 0000000..3ca56e1
--- /dev/null
+++ b/CKUBU/.openvpn/ga-st-gw
@@ -0,0 +1 @@
+RCp6jC4qck2MKLZdLFPCklXBXD5RchzW
diff --git a/CKUBU/.openvpn/jonas b/CKUBU/.openvpn/jonas
new file mode 100644
index 0000000..1e80376
--- /dev/null
+++ b/CKUBU/.openvpn/jonas
@@ -0,0 +1 @@
+gbhbgzn3H7vr4PCWdfxfcxKq
diff --git a/CKUBU/.openvpn/kanzlei-kiel b/CKUBU/.openvpn/kanzlei-kiel
new file mode 100644
index 0000000..138b501
--- /dev/null
+++ b/CKUBU/.openvpn/kanzlei-kiel
@@ -0,0 +1 @@
+uoziengeeyiephu5voh7eothu1Aex8ar
diff --git a/CKUBU/.openvpn/mbr b/CKUBU/.openvpn/mbr
new file mode 100644
index 0000000..397afcf
--- /dev/null
+++ b/CKUBU/.openvpn/mbr
@@ -0,0 +1 @@
+eicoomeisi0eengoh1eev2cioQuuor2f
diff --git a/CKUBU/.openvpn/opp b/CKUBU/.openvpn/opp
new file mode 100644
index 0000000..225c101
--- /dev/null
+++ b/CKUBU/.openvpn/opp
@@ -0,0 +1 @@
+aeg7gaer9beMohngieMu8Paegei0kaen
diff --git a/CKUBU/.openvpn/ro b/CKUBU/.openvpn/ro
new file mode 100644
index 0000000..8c2ad26
--- /dev/null
+++ b/CKUBU/.openvpn/ro
@@ -0,0 +1 @@
+DXCkxgwN337gcP3mm6GXsN3Lcq8LcJhp
diff --git a/CKUBU/.openvpn/so36 b/CKUBU/.openvpn/so36
new file mode 100644
index 0000000..fbb27cb
--- /dev/null
+++ b/CKUBU/.openvpn/so36
@@ -0,0 +1 @@
+aiyooch6aeve9Aucaingeek3iedeera8
diff --git a/CKUBU/.openvpn/spr b/CKUBU/.openvpn/spr
new file mode 100644
index 0000000..138b501
--- /dev/null
+++ b/CKUBU/.openvpn/spr
@@ -0,0 +1 @@
+uoziengeeyiephu5voh7eothu1Aex8ar
diff --git a/CKUBU/.openvpn/wf b/CKUBU/.openvpn/wf
new file mode 100644
index 0000000..d8ee1a3
--- /dev/null
+++ b/CKUBU/.openvpn/wf
@@ -0,0 +1 @@
+jeew4rai0bei9noo7Eixoh4aL2Aeveux
diff --git a/CKUBU/README.txt b/CKUBU/README.txt
new file mode 100644
index 0000000..7f4c296
--- /dev/null
+++ b/CKUBU/README.txt
@@ -0,0 +1,28 @@
+
+-------
+Notice:
+-------
+
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.CKUBU: ppp0 comes over eth2
+      interfaces.CKUBU: see above
+      default_isc-dhcp-server.CKUBU
+      ipt-firewall.CKUBU: LAN device (mostly ) = eth1
+      second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/CKUBU/bin/admin-stuff b/CKUBU/bin/admin-stuff
new file mode 160000
index 0000000..8d81bd8
--- /dev/null
+++ b/CKUBU/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 8d81bd8667f74cf7f7cc1c521b52eab0e7c4b034
diff --git a/CKUBU/bin/get_revoked_keys.sh b/CKUBU/bin/get_revoked_keys.sh
new file mode 120000
index 0000000..7c22f88
--- /dev/null
+++ b/CKUBU/bin/get_revoked_keys.sh
@@ -0,0 +1 @@
+/usr/local/src/openvpn/get_revoked_keys.sh
\ No newline at end of file
diff --git a/CKUBU/bin/manage-gw-config b/CKUBU/bin/manage-gw-config
new file mode 160000
index 0000000..b5fb1f7
--- /dev/null
+++ b/CKUBU/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit b5fb1f7b3a421a24388ba6b25a3e5d58591ae7fe
diff --git a/CKUBU/bin/monitoring b/CKUBU/bin/monitoring
new file mode 160000
index 0000000..db0077f
--- /dev/null
+++ b/CKUBU/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit db0077fdbfedbd37e45e063baccd499905ffadea
diff --git a/CKUBU/bin/postfix b/CKUBU/bin/postfix
new file mode 160000
index 0000000..c1934d5
--- /dev/null
+++ b/CKUBU/bin/postfix
@@ -0,0 +1 @@
+Subproject commit c1934d5bdeee88e6f5b868c7d0bdb955539d34d4
diff --git a/CKUBU/bind/VPN/123/db.123.netz b/CKUBU/bind/VPN/123/db.123.netz
new file mode 100644
index 0000000..e0103dd
--- /dev/null
+++ b/CKUBU/bind/VPN/123/db.123.netz
@@ -0,0 +1,52 @@
+;
+; BIND data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.123.netz. argus.oopen.de. (
+      2017032801     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+;
+; NS Records
+;
+                  IN NS    ns.123.netz.
+
+
+; Gateway/Firewall
+gw-123                  IN A     192.168.142.254
+gate                    IN CNAME gw-123
+gw                      IN CNAME gw-123
+
+gw-ipmi                 IN A     172.16.142.15
+
+gw-ext                  IN A     172.16.142.1
+
+; (Caching ) Nameserver
+ns                      IN A     192.168.142.1
+nscache                 IN CNAME ns
+
+; Drucker - Brother MFC-J5910DW
+brother-mfc-j5190dw     IN A     192.168.142.5
+brn001ba9df6ae0         IN CNAME brother-mfc-j5190dw
+mfc-j5190dw             IN CNAME brother-mfc-j5190dw
+brother                 IN CNAME brother-mfc-j5190dw
+drucker                 IN CNAME brother-mfc-j5190dw
+
+; NAS Server
+file-123                IN A     192.168.142.10
+file                    IN CNAME file-123
+nas                     IN CNAME file-123
+
+; TP-Link TL-WR842N/ND v3
+ac-buero                IN A     192.168.143.253
+ac1                     IN CNAME ac-buero
+tl-wr842n               IN CNAME ac-buero
+
+; Telekom Router  Speedport W 723V Typ B
+dsl-router              IN A     172.16.142.254
+fritzbox                IN CNAME dsl-router
diff --git a/CKUBU/bind/VPN/123/db.172.16.142.0 b/CKUBU/bind/VPN/123/db.172.16.142.0
new file mode 100644
index 0000000..dda882a
--- /dev/null
+++ b/CKUBU/bind/VPN/123/db.172.16.142.0
@@ -0,0 +1,27 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.123.netz. argus.oopen.de. (
+      2017031001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+;
+; NS Records
+;
+
+@                 IN NS    ns.123.netz.
+
+; Gateway - extern
+1                 IN PTR   gw-ext.123.netz.
+
+; IPMI Gateway
+15                IN PTR   gw-ipmi.123.netz.
+
+; Telekom Router Speedport W 723V Typ B
+254               IN PTR   tk-router.123.netz.
diff --git a/CKUBU/bind/VPN/123/db.192.168.142.0 b/CKUBU/bind/VPN/123/db.192.168.142.0
new file mode 100644
index 0000000..cd82d8f
--- /dev/null
+++ b/CKUBU/bind/VPN/123/db.192.168.142.0
@@ -0,0 +1,28 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.123.netz. argus.oopen.de. (
+      2017031001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+;
+; NS Records
+;
+
+@                 IN NS    ns.123.netz.
+
+; Gateway/Firewall
+254               IN PTR   gw-123.123.netz.
+
+; (Caching ) Nameserver
+1                 IN PTR   ns.123.netz.
+
+; NAS Server
+10                IN PTR   file-123.123.netz.
+
diff --git a/CKUBU/bind/VPN/123/db.192.168.143.0 b/CKUBU/bind/VPN/123/db.192.168.143.0
new file mode 100644
index 0000000..23d74fc
--- /dev/null
+++ b/CKUBU/bind/VPN/123/db.192.168.143.0
@@ -0,0 +1,22 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.123.netz. argus.oopen.de. (
+      2017031001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+;
+; NS Records
+;
+
+@                 IN NS    ns.123.netz.
+
+; TP-Link TL-WR842N/ND v3 (123Comics-Buro)
+;
+253               IN PTR   ac-buero.123.netz.
diff --git a/CKUBU/bind/VPN/123/db.192.168.144.0 b/CKUBU/bind/VPN/123/db.192.168.144.0
new file mode 100644
index 0000000..e5126c8
--- /dev/null
+++ b/CKUBU/bind/VPN/123/db.192.168.144.0
@@ -0,0 +1,19 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.123.netz. argus.oopen.de. (
+      2017031001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+;
+; NS Records
+;
+
+@                 IN NS    ns.123.netz.
+
diff --git a/CKUBU/bind/VPN/ak/db.192.168.0.0 b/CKUBU/bind/VPN/ak/db.192.168.0.0
new file mode 100644
index 0000000..c514547
--- /dev/null
+++ b/CKUBU/bind/VPN/ak/db.192.168.0.0
@@ -0,0 +1,96 @@
+;
+; BIND reverse data file for local ak.netz zone
+;
+$TTL  43600
+@  IN SOA   ns-ak.ak.netz. ckubu.oopen.de. (
+      2016022601     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-ak.ak.netz.
+
+
+
+; - Alter Server
+1              IN PTR   at-1.ak.netz.
+
+; - Fileserver (neu)
+10             IN PTR   at-10.ak.netz.
+
+; IPMI
+11             IN PTR   ipmi-at-10.ak.netz.
+12             IN PTR   ipmi-at-44.ak.netz.
+
+; - w2k-Server
+14             IN PTR   at-14.ak.netz.
+
+15             IN PTR   at-15.ak.netz.
+16             IN PTR   at-16.ak.netz.
+17             IN PTR   at-17.ak.netz.
+18             IN PTR   at-18.ak.netz.
+19             IN PTR   at-19.ak.netz.
+
+; - Renate
+20             IN PTR   at-20.ak.netz.
+22             IN PTR   at-22.ak.netz.
+
+; - Anke
+21             IN PTR   at-21.ak.netz.
+
+; - fibu
+23             IN PTR   at-23.ak.netz.
+
+24             IN PTR   at-24.ak.netz.
+25             IN PTR   at-25.ak.netz.
+
+; - Redaktion/Technik
+26             IN PTR   at-26.ak.netz.
+27             IN PTR   at-27.ak.netz.
+28             IN PTR   at-28.ak.netz.
+
+30             IN PTR   at-30.ak.netz.
+31             IN PTR   at-31.ak.netz.
+32             IN PTR   at-32.ak.netz.
+
+40             IN PTR   at-40.ak.netz.
+41             IN PTR   at-41.ak.netz.
+
+; - Neuer server
+44             IN PTR   at-44.ak.netz.
+
+; - Server LAN 2
+45             IN PTR   at-45.ak.netz.
+
+; - VPN, CMS Backup
+48             IN PTR   at-48.ak.netz.
+
+; - Hans Hermann (Vertrieb)
+49             IN PTR   at-49.ak.netz.
+
+; - Redaktionsrechner (einer von 4) Jens
+50             IN PTR   at-50.ak.netz.
+
+; - dialin-adresse
+100            IN PTR   at-100.ak.netz.
+
+; - reserviert fuer Notebook Martin
+101            IN PTR   at-101.ak.netz.
+
+; - lancom-1
+102            IN PTR   at-102.ak.netz.
+
+; - nas
+103            IN PTR   at-103.ak.netz.
+
+; - Drucker
+249            IN PTR   hp-lj5000.ak.netz.
+252            IN PTR   canon-ir.ak.netz.
+253            IN PTR   canon-c5030i.ak.netz.
+
+
+; - (Caching ) Nameserver
+254            IN PTR   ns-ak.ak.netz.
+
diff --git a/CKUBU/bind/VPN/ak/db.192.168.128.0 b/CKUBU/bind/VPN/ak/db.192.168.128.0
new file mode 100644
index 0000000..ab8c384
--- /dev/null
+++ b/CKUBU/bind/VPN/ak/db.192.168.128.0
@@ -0,0 +1,23 @@
+;
+; BIND reverse data file for local ak.netz zone
+;
+$TTL  43600
+@  IN SOA   ns-ak.ak.netz. ckubu.oopen.de. (
+      2014121401     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-ak.ak.netz.
+
+
+
+; - Fritz! Box Accesspoint
+103            IN PTR   ap-fritz.ak.netz.
+
+
+; - (Caching ) Nameserver
+254            IN PTR   ns-ak.ak.netz.
+
diff --git a/CKUBU/bind/VPN/ak/db.ak.local b/CKUBU/bind/VPN/ak/db.ak.local
new file mode 100644
index 0000000..6f93bed
--- /dev/null
+++ b/CKUBU/bind/VPN/ak/db.ak.local
@@ -0,0 +1,126 @@
+;
+; BIND data file for local ak.local zone
+;
+$TTL  43600
+@  IN SOA   ns-ak.ak.local. ckubu.oopen.de. (
+      2016022601     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+               IN NS     ns-ak.ak.local.
+
+; - Alter Server
+at-1           IN A     192.168.0.1
+
+; - Fileserver (neu)
+at-10          IN A     192.168.0.10
+mediawiki      IN CNAME at-10
+
+; IPMI
+ipmi-at-10     IN A     192.168.0.11
+ipmi-at-44     IN A     192.168.0.12
+ipmi           IN CNAME ipmi-at-44
+
+; - w2k-Server
+at-14          IN A     192.168.0.14
+wsus           IN CNAME at-14
+
+at-15          IN A     192.168.0.15
+at-16          IN A     192.168.0.16
+at-17          IN A     192.168.0.17
+at-18          IN A     192.168.0.18
+at-19          IN A     192.168.0.19
+
+; - Renate
+at-20          IN A     192.168.0.20
+at-22          IN A     192.168.0.22
+renate         IN CNAME at-22
+; - Anke
+at-21          IN A     192.168.0.21
+anke           IN CNAME at-21
+
+; - fibu
+at-23          IN A     192.168.0.23
+fibu           IN CNAME at-23
+
+at-24          IN A     192.168.0.24
+at-25          IN A     192.168.0.25
+
+; - Redaktion/Technik
+at-26          IN A     192.168.0.26
+at-27          IN A     192.168.0.27
+at-28          IN A     192.168.0.28
+
+at-30          IN A     192.168.0.30
+at-31          IN A     192.168.0.31
+at-32          IN A     192.168.0.32
+
+at-40          IN A     192.168.0.40
+at-41          IN A     192.168.0.41
+
+; - Vertrieb
+at-42          IN A     192.168.0.42
+
+; - Neuer server
+at-44          IN A     192.168.0.44
+ldap           IN CNAME at-44
+git            IN CNAME at-44
+web            IN CNAME at-44
+wiki           IN CNAME at-44
+imap           IN CNAME at-44
+smtp           IN CNAME at-44
+
+; - Server LAN 2
+at-45          IN A     192.168.0.45
+
+; - VPN, CMS Backup
+at-48          IN A     192.168.0.48
+
+; - Hans Hermann (Vertrieb)
+at-49          IN A     192.168.0.49
+
+; - Redaktionsrechner (einer von 4) Jens
+at-50          IN A     192.168.0.50
+
+; - dialin-adresse
+at-100         IN A     192.168.0.100
+
+; - reserviert fuer Notebook Martin
+at-101         IN A     192.168.0.101
+
+; - lancom-1
+lancom-1       IN A     192.168.0.102
+
+; - nas
+nas-1          IN A     192.168.0.103
+
+; - Drucker
+hp-lj5000      IN A     192.168.0.249
+canon-ir       IN A     192.168.0.252
+canon-c5030i   IN A     192.168.0.253
+
+; (Caching ) Nameserver
+ns-ak          IN A     192.168.0.254
+ns             IN CNAME ns-ak
+nscache        IN CNAME ns-ak
+resolver       IN CNAME ns-ak
+at-254         IN CNAME ns-ak
+
+
+; - 192.168.128.0/24
+
+ap-fritz       IN A     192.168.128.103
+accesspoint    IN CNAME ap-fritz
+
+
+; - 172.16.0.0/24
+
+; - Fritz! Box 7390
+gw-fritz       IN A     172.16.0.254
+fritz.box      IN CNAME gw-fritz
+
+gw-ak          IN A     172.16.0.1
diff --git a/CKUBU/bind/VPN/ak/db.ak.netz b/CKUBU/bind/VPN/ak/db.ak.netz
new file mode 100644
index 0000000..3b8733c
--- /dev/null
+++ b/CKUBU/bind/VPN/ak/db.ak.netz
@@ -0,0 +1,126 @@
+;
+; BIND data file for local ak.local zone
+;
+$TTL  43600
+@  IN SOA   ns-ak.ak.netz. ckubu.oopen.de. (
+      2016022601     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+               IN NS     ns-ak.ak.netz.
+
+; - Alter Server
+at-1           IN A     192.168.0.1
+
+; - Fileserver (neu)
+at-10          IN A     192.168.0.10
+mediawiki      IN CNAME at-10
+
+; IPMI
+ipmi-at-10     IN A     192.168.0.11
+ipmi-at-44     IN A     192.168.0.12
+ipmi           IN CNAME ipmi-at-44
+
+; - w2k-Server
+at-14          IN A     192.168.0.14
+wsus           IN CNAME at-14
+
+at-15          IN A     192.168.0.15
+at-16          IN A     192.168.0.16
+at-17          IN A     192.168.0.17
+at-18          IN A     192.168.0.18
+at-19          IN A     192.168.0.19
+
+; - Renate
+at-20          IN A     192.168.0.20
+at-22          IN A     192.168.0.22
+renate         IN CNAME at-22
+; - Anke
+at-21          IN A     192.168.0.21
+anke           IN CNAME at-21
+
+; - fibu
+at-23          IN A     192.168.0.23
+fibu           IN CNAME at-23
+
+at-24          IN A     192.168.0.24
+at-25          IN A     192.168.0.25
+
+; - Redaktion/Technik
+at-26          IN A     192.168.0.26
+at-27          IN A     192.168.0.27
+at-28          IN A     192.168.0.28
+
+at-30          IN A     192.168.0.30
+at-31          IN A     192.168.0.31
+at-32          IN A     192.168.0.32
+
+at-40          IN A     192.168.0.40
+at-41          IN A     192.168.0.41
+
+; - Vertrieb
+at-42          IN A     192.168.0.42
+
+; - Neuer server
+at-44          IN A     192.168.0.44
+ldap           IN CNAME at-44
+git            IN CNAME at-44
+web            IN CNAME at-44
+wiki           IN CNAME at-44
+imap           IN CNAME at-44
+smtp           IN CNAME at-44
+
+; - Server LAN 2
+at-45          IN A     192.168.0.45
+
+; - VPN, CMS Backup
+at-48          IN A     192.168.0.48
+
+; - Hans Hermann (Vertrieb)
+at-49          IN A     192.168.0.49
+
+; - Redaktionsrechner (einer von 4) Jens
+at-50          IN A     192.168.0.50
+
+; - dialin-adresse
+at-100         IN A     192.168.0.100
+
+; - reserviert fuer Notebook Martin
+at-101         IN A     192.168.0.101
+
+; - lancom-1
+lancom-1       IN A     192.168.0.102
+
+; - nas
+nas-1          IN A     192.168.0.103
+
+; - Drucker
+hp-lj5000      IN A     192.168.0.249
+canon-ir       IN A     192.168.0.252
+canon-c5030i   IN A     192.168.0.253
+
+; (Caching ) Nameserver
+ns-ak          IN A     192.168.0.254
+ns             IN CNAME ns-ak
+nscache        IN CNAME ns-ak
+resolver       IN CNAME ns-ak
+at-254         IN CNAME ns-ak
+
+
+; - 192.168.128.0/24
+
+ap-fritz       IN A     192.168.128.103
+accesspoint    IN CNAME ap-fritz
+
+
+; - 172.16.0.0/24
+
+; - Fritz! Box 7390
+gw-fritz       IN A     172.16.0.254
+fritz.box      IN CNAME gw-fritz
+
+gw-ak          IN A     172.16.0.1
diff --git a/CKUBU/bind/VPN/akb/db.192.168.82.0 b/CKUBU/bind/VPN/akb/db.192.168.82.0
new file mode 100644
index 0000000..88705bd
--- /dev/null
+++ b/CKUBU/bind/VPN/akb/db.192.168.82.0
@@ -0,0 +1,66 @@
+;
+; BIND reverse data file for local akb.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.akb.netz. ckubu.oopen.de. (
+      2012011501     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns.akb.netz.
+
+; Gateway/Firewall
+254         IN PTR    gw-akb.akb.netz.
+
+; (Caching ) Nameserver
+1           IN PTR    ns.akb.netz.
+
+
+; File Server
+10          IN PTR    file-akb.akb.netz.
+
+
+; IPMI - File Server
+11          IN PTR    file-ipmi.akb.netz.
+
+; USV 
+15          IN PTR    usv-akb.akb.netz.
+
+; Windows 7 Server
+20          IN PTR    file-win7.akb.netz.
+
+; Laserdrucker Lexmark X466de
+30          IN PTR    lexmark-cx410de.akb.netz.
+
+; Ueberwachungs Kameras
+40          IN PTR    kamera0.akb.netz.
+41          IN PTR    kamera1.akb.netz.
+
+; Buero PC's
+100         IN PTR    ab0.akb.netz.
+101         IN PTR    ab1.akb.netz.
+102         IN PTR    ab2.akb.netz.
+103         IN PTR    ab3.akb.netz.
+104         IN PTR    ab4.akb.netz.
+105         IN PTR    ab5.akb.netz.
+106         IN PTR    ab6.akb.netz.
+107         IN PTR    ab7.akb.netz.
+108         IN PTR    ab8.akb.netz.
+
+; Netbooks LAN Schnittstelle
+121         IN PTR    netbook1.akb.netz.
+122         IN PTR    netbook2.akb.netz.
+123         IN PTR    netbook3.akb.netz.
+
+
+; Accesspoint (WAN - Schnittstelle)
+253         IN PTR    accesspoint.akb.netz.
+
+
+; ## --- ckubu --- ##
+
+;  Laptop (devil) LAN (eth0)
+90          IN PTR    devil.akb.netz.
diff --git a/CKUBU/bind/VPN/akb/db.192.168.83.0 b/CKUBU/bind/VPN/akb/db.192.168.83.0
new file mode 100644
index 0000000..08ccd3d
--- /dev/null
+++ b/CKUBU/bind/VPN/akb/db.192.168.83.0
@@ -0,0 +1,30 @@
+;
+; BIND reverse data file for local akb.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.akb.netz. ckubu.oopen.de. (
+      2012120401     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns.akb.netz.
+
+
+; Accesspoint (LAN/WLAN - Schnittstelle)
+253         IN PTR    accesspoint-wlan.akb.netz.
+
+
+
+; Netbooks LAN Schnittstelle
+121         IN PTR    netbook1-wlan.akb.netz.
+122         IN PTR    netbook2-wlan.akb.netz.
+123         IN PTR    netbook3-wlan.akb.netz.
+
+
+; ## --- ckubu --- ##
+
+;  Laptop (devil) WLAN (wlan0)
+90          IN PTR    devil-wlan.akb.netz.
diff --git a/CKUBU/bind/VPN/akb/db.akb.netz b/CKUBU/bind/VPN/akb/db.akb.netz
new file mode 100644
index 0000000..2947194
--- /dev/null
+++ b/CKUBU/bind/VPN/akb/db.akb.netz
@@ -0,0 +1,92 @@
+;
+; BIND data file for local akb.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.akb.netz. ckubu.oopen.de. (
+      2015122301     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+                 IN NS     ns.akb.netz.
+
+; Gateway/Firewall
+gw-akb           IN A      192.168.82.254
+gate             IN CNAME  gw-akb
+gw               IN CNAME  gw-akb
+gw-ipmi          IN A      172.16.82.15
+
+; (Caching ) Nameserver
+ns               IN A      192.168.82.1
+nscache          IN CNAME  ns
+
+; File Server
+file-akb         IN A      192.168.82.10
+file             IN CNAME  file-akb
+
+ftp              IN A      192.168.82.10
+
+; IPMI - File Server
+file-ipmi        IN A      192.168.82.11
+
+; USV - APC Management Card
+usv-akb          IN A      192.168.82.15
+usv              IN CNAME  usv-akb
+
+; Windows 7 Server
+;file-win7       IN A      192.168.82.20
+
+; Laserdrucker Lexmark X466de
+;lexmark-X466de   IN A      192.168.82.30
+
+; Laserdrucker Lexmark CX410de
+lexmark-cx410de  IN A      192.168.82.30
+lexmark          IN CNAME  lexmark-cx410de
+
+; Ueberwachungs Kameras
+kamera0          IN A      192.168.82.40
+camera0          IN A      192.168.82.40
+kamera1          IN A      192.168.82.41
+camera1          IN A      192.168.82.41
+ 
+; Buero PC's
+ab0              IN A      192.168.82.100
+ab1              IN A      192.168.82.101
+ab2              IN A      192.168.82.102
+ab3              IN A      192.168.82.103
+ab4              IN A      192.168.82.104
+ab5              IN A      192.168.82.105
+ab6              IN A      192.168.82.106
+ab7              IN A      192.168.82.107
+ab8              IN A      192.168.82.108
+
+; Netbooks LAN Schnittstelle
+netbook1-lan     IN A      192.168.82.121
+netbook1         IN CNAME  netbook1-lan
+
+netbook2-lan     IN A      192.168.82.122
+netbook2         IN CNAME  netbook2-lan
+
+netbook3-lan     IN A      192.168.82.123
+netbook3         IN CNAME  netbook3-lan
+
+; Accesspoint (WAN - Schnittstelle)
+accesspoint      IN A      192.168.82.253
+; Accesspoint (LAN/WLAN - Schnittstelle)
+accesspoint-wlan IN A      192.168.83.253
+
+
+; Netbooks WLAN Schnittstelle
+netbook1-wlan    IN A      192.168.83.121
+netbook2-wlan    IN A      192.168.83.122
+netbook3-wlan    IN A      192.168.83.123
+
+; ## --- ckubu --- ##
+
+;  Laptop (devil) LAN (eth0)
+devil       IN A      192.168.82.90
+;  Laptop (devil) WLAN (wlan0)
+devil-wlan  IN A      192.168.83.90
diff --git a/CKUBU/bind/VPN/anw-km/db.192.168.122.0 b/CKUBU/bind/VPN/anw-km/db.192.168.122.0
new file mode 100644
index 0000000..b98b32c
--- /dev/null
+++ b/CKUBU/bind/VPN/anw-km/db.192.168.122.0
@@ -0,0 +1,54 @@
+;
+; BIND reverse data file for local km.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.anw-km.netz. ckubu.oopen.de. (
+      2012082701     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-km.anw-km.netz.
+
+; - Gateway/Firewall
+254         IN PTR    gw-km.anw-km.netz.
+
+
+; - (Caching ) Nameserver
+53          IN PTR    ns-km.anw-km.netz.
+
+
+; - Fileserver
+10           IN PTR    file-km.anw-km.netz.
+
+; - KVM Windows 7
+20           IN PTR    file-win7.anw-km.netz.
+
+
+; - IPMI
+201         IN PTR    ipmi-gw-km.anw-km.netz.
+202         IN PTR    ipmi-file-km.anw-km.netz.
+
+
+; - Drucker
+5            IN PTR    hp-4500.anw-km.netz.
+177          IN PTR    utax-lp-3235.anw-km.netz.
+
+
+; - Accesspoint
+50           IN PTR    wlan-km.anw-km.netz.
+
+
+; - LAN
+110          IN PTR    berenice.anw-km.netz.
+111          IN PTR    buero.anw-km.netz.
+112          IN PTR    buero2.anw-km.netz.
+113          IN PTR    buero3.anw-km.netz.
+
+120          IN PTR    berenice-alt.anw-km.netz.
+
+; - WLAN
+211          IN PTR    berenice-laptop.anw-km.netz.
+
diff --git a/CKUBU/bind/VPN/anw-km/db.anw-km.netz b/CKUBU/bind/VPN/anw-km/db.anw-km.netz
new file mode 100644
index 0000000..d95b1a5
--- /dev/null
+++ b/CKUBU/bind/VPN/anw-km/db.anw-km.netz
@@ -0,0 +1,78 @@
+;
+; BIND data file for local km.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.anw-km.netz. ckubu.oopen.de. (
+      2012082701     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+                IN NS     ns-km.anw-km.netz.
+
+; Gateway/Firewall
+gw-km           IN A      192.168.122.254
+gate            IN CNAME  gw-km
+gw              IN CNAME  gw-km
+
+; (Caching ) Nameserver
+ns-km           IN A      192.168.122.53
+ns              IN CNAME  ns-km
+nscache         IN CNAME  ns-km
+resolver        IN CNAME  ns-km
+
+
+; - Fileserver
+file-km         IN A      192.168.122.10
+file            IN CNAME  file-km
+
+; - KVM Windows 7
+file-win7       IN A      192.168.122.20
+winserver       IN CNAME  file-win7
+
+
+; - IPMI
+ipmi-file-km    IN A      192.168.122.201
+file-ipmi       IN CNAME  ipmi-file-km
+
+ipmi-gw-km      IN A      192.168.122.202
+gw-ipmi         IN CNAME  ipmi-gw-km
+
+
+; - Drucker
+hp-4500          IN A     192.168.122.5
+
+utax-lp-3235     IN A     192.168.122.177
+
+
+
+; - Accesspoint
+wlan-km         IN A      192.168.122.50
+ap              IN CNAME  wlan-km
+accesspoint     IN CNAME  wlan-km
+
+
+; - LAN
+berenice         IN A      192.168.122.110
+berenice-desktop IN CNAME  berenice
+
+buero2          IN A      192.168.122.112
+buero2-desktop  IN CNAME  buero2
+
+buero           IN A      192.168.122.111
+buero-desktop   IN CNAME  buero
+
+buero3          IN A      192.168.122.113
+buero3-desktop  IN CNAME  buero3
+
+berenice-alt    IN A      192.168.122.120
+
+
+; - WLAN
+berenice-laptop IN A      192.168.122.211
+
+
+; - Services
diff --git a/CKUBU/bind/VPN/anw-urb/db.192.168.132.0 b/CKUBU/bind/VPN/anw-urb/db.192.168.132.0
new file mode 100644
index 0000000..1b3222d
--- /dev/null
+++ b/CKUBU/bind/VPN/anw-urb/db.192.168.132.0
@@ -0,0 +1,48 @@
+;
+; BIND reverse data file for local anwaeltinnen.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.anwaeltinnen.netz. ckubu.oopen.de. (
+      2012082601     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-urban.anwaeltinnen.netz.
+
+; - Gateway/Firewall
+254         IN PTR    gw-urban.anwaeltinnen.netz.
+
+
+; - (Caching ) Nameserver
+1           IN PTR    ns-urban.anwaeltinnen.netz.
+
+
+; - Fileserver
+10          IN PTR    file-urban.anwaeltinnen.netz.
+
+
+; - Drucker
+;6            IN PTR    canon0b7d6f.anwaeltinnen.netz.
+6            IN PTR    canon-ir-4045i.anwaeltinnen.netz.
+
+
+; - IPMI
+15          IN PTR    ipmi-urban.anwaeltinnen.netz.
+
+
+; - Windows 7 Server
+;
+20          IN PTR     file-win7.anwaeltinnen.netz.
+
+
+; - Buero PC's
+211          IN PTR    pcbuero1.anwaeltinnen.netz.
+212          IN PTR    pcbuero.anwaeltinnen.netz.
+213          IN PTR    pcbuero2.anwaeltinnen.netz.
+214          IN PTR    pcreg.anwaeltinnen.netz.
+215          IN PTR    pcson.anwaeltinnen.netz.
+216          IN PTR    pcund.anwaeltinnen.netz.
+
diff --git a/CKUBU/bind/VPN/anw-urb/db.anwaeltinnen.netz b/CKUBU/bind/VPN/anw-urb/db.anwaeltinnen.netz
new file mode 100644
index 0000000..0b027b1
--- /dev/null
+++ b/CKUBU/bind/VPN/anw-urb/db.anwaeltinnen.netz
@@ -0,0 +1,57 @@
+;
+; BIND data file for local anwaeltinnen.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.anwaeltinnen.netz. ckubu.oopen.de. (
+      2012082601     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+                IN NS     ns-urban.anwaeltinnen.netz.
+
+; Gateway/Firewall
+gw-urban        IN A      192.168.132.254
+gate            IN CNAME  gw-urban
+gw              IN CNAME  gw-urban
+
+; (Caching ) Nameserver
+ns-urban        IN A      192.168.132.1
+ns              IN CNAME  ns-urban
+nscache         IN CNAME  ns-urban
+
+
+; - Fileserver
+file-urban      IN A      192.168.132.10
+file            IN CNAME  file-urban
+marvin          IN CNAME  file-urban
+
+
+; - IPMI
+ipmi-urban      IN A      192.168.132.15
+file-ipmi       IN CNAME  ipmi-urban
+ipmi            IN CNAME  ipmi-urban
+
+
+; - Windows 7 Server
+file-win7       IN A      192.168.132.20
+
+
+; - Drucker
+canon0b7d6f     IN A      192.168.132.6
+canon-ir-4045i  IN A      192.168.132.6
+canon           IN CNAME  canon-ir-4045i
+
+
+
+; PC's
+pcbuero1        IN A      192.168.132.211
+pcbuero         IN A      192.168.132.212
+pcbuero2        IN A      192.168.132.213
+pcreg           IN A      192.168.132.214
+pcson           IN A      192.168.132.215
+pcund           IN A      192.168.132.216
+
diff --git a/CKUBU/bind/VPN/b3-bornim/db.192.168.42.0 b/CKUBU/bind/VPN/b3-bornim/db.192.168.42.0
new file mode 100644
index 0000000..4f696ac
--- /dev/null
+++ b/CKUBU/bind/VPN/b3-bornim/db.192.168.42.0
@@ -0,0 +1,53 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.b3-bornim.netz. ckubu.oopen.de. (
+      2017032501     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+@            IN NS     ns.b3-bornim.netz.
+
+
+; - Gateway/Firewall
+254         IN PTR    gw-b3.b3-bornim.netz.
+
+
+; - (Caching ) Nameserver
+1           IN PTR    ns.b3-bornim.netz.
+
+
+; - Fileserver
+10          IN PTR    bbb-server.b3-bornim.netz.
+
+; - Alter Fileserver
+20          IN PTR   bbb-server-alt.b3-bornim.netz.
+
+
+; - Accesspoint  - FRITZ!Box
+60          IN PTR    fritzbox.b3-bornim.netz.
+
+; - Drucker
+56          IN PTR    hp-8610.b3-bornim.netz.
+58          IN PTR    hp-8610-wlan.b3-bornim.netz.
+
+
+; - PC's
+
+; - gerd Zimmer A ( dose 2 )
+110         IN PTR    rme.b3-bornim.netz.
+
+
+; - susi Zwischenraum ( linux + dose 3? )
+112        IN PTR     prakti-desktop.b3-bornim.netz.
+113        IN PTR     susi-desktop.b3-bornim.netz.
+114        IN PTR     ingo-laptop.b3-bornim.netz.
+119        IN PTR     mp-laptop.b3-bornim.netz.
+
+43         IN PTR     ingo-laptop-wlan.b3-bornim.netz.
+49         IN PTR     mp-laptop-wlan.b3-bornim.netz.
+
diff --git a/CKUBU/bind/VPN/b3-bornim/db.b3-bornim.netz b/CKUBU/bind/VPN/b3-bornim/db.b3-bornim.netz
new file mode 100644
index 0000000..cfbe87e
--- /dev/null
+++ b/CKUBU/bind/VPN/b3-bornim/db.b3-bornim.netz
@@ -0,0 +1,77 @@
+;
+; BIND data file for local b3-bornim.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.b3-bornim.netz. ckubu.oopen.de. (
+      2017032501     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+@                 IN NS    ns.b3-bornim.netz.
+
+; - Gateway/Firewall
+gw-b3             IN A     192.168.42.254
+gate              IN CNAME gw-b3
+gw                IN CNAME gw-b3
+b3gate            IN CNAME gw-b3
+
+; - IPMI Gateway
+gw-ipmi           IN A     172.16.42.15
+
+
+; - (Caching ) Nameserver
+ns                IN A     192.168.42.1
+nscache           IN CNAME ns
+
+; - Fileserver
+bbb-server        IN A     192.168.42.10
+file              IN CNAME bbb-server
+file-b3           IN CNAME bbb-server
+samba             IN CNAME bbb-server
+ntp               IN CNAME bbb-server
+
+; - Alter Fileserver
+bbb-server-alt    IN A     192.168.42.20
+fnrprojekt        IN CNAME bbb-server-alt
+mysql             IN CNAME bbb-server-alt
+phprojekt         IN CNAME bbb-server-alt
+webmail           IN CNAME bbb-server-alt
+www               IN CNAME bbb-server-alt
+
+phprojekt-test    IN CNAME bbb-server-alt
+imap              IN CNAME bbb-server-alt
+
+
+; - IPMI Fileserver
+file-ipmi         IN A     192.168.42.15
+
+
+; - Accesspoint - FRITZ!BOX
+fritzbox          IN A     192.168.42.60
+accesspoint       IN CNAME fritzbox
+
+; - Drucker
+
+hp-8610           IN A     192.168.42.56
+hp-8610-wlan      IN A     192.168.42.58
+
+
+; - PC's
+
+; - sb-desktop (Ubuntu 12.04)
+prakti-desktop    IN A     192.168.42.112
+sb-desktop        IN CNAME prakti-desktop
+
+; - susi-desktop (Ubuntu 12.04)
+susi-desktop      IN A     192.168.42.113
+
+ingo-laptop       IN A     192.168.42.114
+mp-laptop         IN A     192.168.42.119
+
+ingo-laptop-wlan  IN A     192.168.42.43
+mp-laptop-wlan    IN A     192.168.42.49
+
diff --git a/CKUBU/bind/VPN/flr-brb/db.192.168.102.0 b/CKUBU/bind/VPN/flr-brb/db.192.168.102.0
new file mode 100644
index 0000000..b16cabb
--- /dev/null
+++ b/CKUBU/bind/VPN/flr-brb/db.192.168.102.0
@@ -0,0 +1,38 @@
+;
+; BIND reverse data file for local 102.168.192.in-addr.arpa zone
+;
+$TTL  43600
+@  IN SOA   ns.flr.netz. ckubu.oopen.de. (
+      2017042001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+@              IN NS    ns-flr.flr.netz.
+
+; - Gateway/Firewall
+254            IN PTR   gw-flr.flr.netz.
+
+
+; - (Caching ) Nameserver
+1              IN PTR   ns-flr.flr.netz.
+
+
+; - Fileserver
+10             IN PTR   file-flr.flr.netz.
+
+; - IPMI (Fileserver)
+11             IN PTR   file-ipmi.flr.netz.
+
+; - Drucker Brother MFC-9450CDN
+5              IN PTR   mfc-9450cdn.flr.netz.
+
+; - Drucker Brother MFC-9142CDN
+6              IN PTR   mfc-9142cdn.flr.netz.
+
+; - Office PCs
+101            IN PTR   pcbuero1.flr.netz.
+102            IN PTR   pcbuero2.flr.netz.
+103            IN PTR   pcbuero3.flr.netz.
diff --git a/CKUBU/bind/VPN/flr-brb/db.192.168.103.0 b/CKUBU/bind/VPN/flr-brb/db.192.168.103.0
new file mode 100644
index 0000000..7751413
--- /dev/null
+++ b/CKUBU/bind/VPN/flr-brb/db.192.168.103.0
@@ -0,0 +1,27 @@
+;
+; BIND reverse data file for local 103.168.192.in-addr.arpa zone
+;
+$TTL  43600
+@  IN SOA   ns.flr.netz. ckubu.oopen.de. (
+      2017042001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+@              IN NS    ns-flr.flr.netz.
+
+; - Gateway/Firewall
+254            IN PTR   gw-flr-wlan.flr.netz.
+
+; Accesspoint - TP-Link WR841N
+253            IN PTR   tl-wr841n.flr.netz.
+
+
+; - Laptops
+
+142            IN PTR   ivana-laptop.flr.netz
+142            IN PTR   lisa-laptop.flr.netz
+143            IN PTR   sabrina-laptop.flr.netz
+144            IN PTR   flr-1-laptop.flr.netz
diff --git a/CKUBU/bind/VPN/flr-brb/db.flr.netz b/CKUBU/bind/VPN/flr-brb/db.flr.netz
new file mode 100644
index 0000000..f7197e6
--- /dev/null
+++ b/CKUBU/bind/VPN/flr-brb/db.flr.netz
@@ -0,0 +1,64 @@
+;
+; BIND data file for local flr.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.flr.netz. ckubu.oopen.de. (
+      2017042001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+@                 IN NS    ns-flr.flr.netz.
+
+; Gateway/Firewall
+gw-flr            IN A     192.168.102.254
+gate              IN CNAME gw-flr
+gw                IN CNAME gw-flr
+
+gw-flr-wlan       IN A     192.168.103.254
+
+
+; Accesspoint - TP-Link WR841N
+tl-wr841n         IN A     192.168.103.253
+ap                IN CNAME tl-wr841n
+
+; (Caching ) Nameserver
+ns-flr            IN A      192.168.102.1
+ns                IN CNAME  ns-flr
+nscache           IN CNAME  ns-flr
+resolver          IN CNAME  ns-flr
+
+
+; - Fileserver
+file-flr          IN A      192.168.102.10
+file              IN CNAME  file-flr
+
+; - IPMI (Fileserver)
+file-ipmi         IN A      192.168.102.11
+ipmi              IN CNAME  file-ipmi
+
+; - Drucker Brother MFC-9450CDN
+mfc-9450cdn       IN A      192.168.102.5
+BRNF33586         IN CNAME  mfc-9450cdn
+
+; - Drucker Brother MFC-9142CDN
+mfc-9142cdn       IN A      192.168.102.6
+BRN30055C746BC0   IN CNAME  mfc-9142cdn
+drucker           IN CNAME  mfc-9142cdn
+
+
+; - Office PCs
+pcbuero1          IN A      192.168.102.101
+pcbuero2          IN A      192.168.102.102
+pcbuero3          IN A      192.168.102.103
+
+
+; - Laptops
+ivana-laptop      IN A      192.168.103.141
+
+lisa-laptop       IN A      192.168.103.142
+sabrina-laptop    IN A      192.168.103.143
+flr-1-laptop      IN A      192.168.103.144
diff --git a/CKUBU/bind/VPN/ga/ga.netz.zone b/CKUBU/bind/VPN/ga/ga.netz.zone
new file mode 100644
index 0000000..292a89a
--- /dev/null
+++ b/CKUBU/bind/VPN/ga/ga.netz.zone
@@ -0,0 +1,111 @@
+;
+; BIND data file for local ga.netz zone
+;
+$TTL  43200
+@  IN SOA   ns.local.netz. ckubu.oopen.de. (
+      2018032201     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+						IN	NS		ns1.ga.netz.
+						IN	NS		ns2.ga.netz.
+						IN	NS		ns3.ga.netz.
+						IN	NS		ga-st-dc.ga.intra.
+						IN	NS		gaasdc01.ga.intra.
+
+
+; Gateway/Firewall Server
+ga-st-gw          IN A     192.168.11.254
+st-gw             IN CNAME ga-st-gw
+gw-schloss			IN	CNAME ga-st-gw
+ga-st-gw-ipmi     IN A     10.11.11.15
+st-gw-ipmi        IN CNAME ga-st-gw-ipmi
+ga-schloss-ipmi   IN CNAME ga-st-gw-ipmi
+
+ga-nh-gw          IN A     192.168.81.254
+nh-gw             IN CNAME ga-nh-gw
+gw-nh             IN CNAME ga-nh-gw
+ga-nh-gw-ipmi     IN A     192.168.81.15
+nh-gw-ipmi        IN CNAME ga-nh-gw-ipmi
+gw-nh-ipmi        IN CNAME ga-nh-gw-ipmi
+
+
+ga-al-gw          IN A     192.168.10.254
+al-gw             IN CNAME ga-al-gw
+gw-altenschlirf   IN CNAME ga-al-gw
+gw-al-gw-ipmi     IN A     172.17.0.15
+al-gw-ipmi        IN CNAME gw-al-gw-ipmi
+
+ga-st-gw-ersatz   IN A     192.168.11.19
+st-gw-ersatz      IN CNAME ga-st-gw-ersatz
+gw-ersatz         IN CNAME ga-st-gw-ersatz
+ga-st-gw-ersatz-ipmi IN A     10.11.11.16
+st-gw-ersatz-ipmi IN CNAME ga-st-gw-ersatz-ipmi
+gw-ersatz-ipmi    IN CNAME ga-st-gw-ersatz-ipmi
+
+; Controller for Unifi AP's
+ga-st-ctl-unifi   IN A     10.121.15.254
+st-ctl-unifi      IN CNAME ga-st-ctl-unifi
+
+
+; KVM Hostsysteme
+ga-st-kvm1        IN A     10.10.11.1
+st-kvm1           IN CNAME ga-st-kvm1
+ga-st-kvm1-ipmi   IN A     10.10.10.115
+st-kvm1-ipmi      IN CNAME ga-st-kvm1-ipmi
+
+ga-al-kvm2        IN A     10.10.10.3
+al-kvm2           IN CNAME ga-al-kvm2
+ga-al-kvm2-ipmi   IN A     10.10.10.115
+al-kvm2-ipmi      IN CNAME ga-al-kvm2-ipmi
+
+
+; Nameserver
+ns1					IN	A 		192.168.11.1
+ns                IN CNAME ns1
+ga-st-ns1         IN CNAME ns1
+st-ns1            IN CNAME ns1
+ns2					IN	A 		192.168.10.254
+ga-al-ns2         IN CNAME ns2
+al-ns2            IN CNAME ns2
+ns3					IN	A 		192.168.81.1
+ga-nh-ns3         IN CNAME ns3
+nh-ns3            IN CNAME ns3
+
+ns.wolle          IN A     10.113.12.3
+
+; Linux Dienste Server 
+ga-st-lsx1        IN A     192.168.11.2
+st-lsx1           IN CNAME ga-st-lsx1
+lsx1              IN CNAME ga-st-lsx1
+
+; Tech wiki
+ga-st-twiki       IN A     192.168.11.5
+st-twiki          IN CNAME ga-st-twiki
+dokuwiki          IN CNAME ga-st-twiki
+techwiki          IN CNAME ga-st-twiki
+wiki              IN CNAME ga-st-twiki
+
+; Backup Server Stockhausen
+ga-st-rsync1      IN A     10.10.11.7
+st-rsync1         IN CNAME ga-st-rsync1
+rsync1            IN CNAME ga-st-rsync1
+
+; Backup Server Altenschlirf
+ga-al-rsync2      IN A     10.10.10.7
+al-rsync2         IN CNAME ga-al-rsync2
+rsync2            IN CNAME ga-al-rsync2
+
+; Xymon Server Altenschlirf
+ga-al-xymon       IN A     192.168.10.16
+al-xymon          IN CNAME ga-al-xymon
+xymon             IN CNAME ga-al-xymon
+
+; Webserver 1 (Altenschlirf)
+ga-al-ws1         IN A     192.168.10.17
+al-ws1            IN CNAME ga-al-ws1
+
diff --git a/CKUBU/bind/VPN/jonas/db.192.168.86.0 b/CKUBU/bind/VPN/jonas/db.192.168.86.0
new file mode 100644
index 0000000..ef9daea
--- /dev/null
+++ b/CKUBU/bind/VPN/jonas/db.192.168.86.0
@@ -0,0 +1,31 @@
+;
+; BIND reverse data file for local jonas.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.jonas.netz. ckubu.oopen.de. (
+      2013123001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-jonas.jonas.netz.
+
+; - Gateway/Firewall
+254         IN PTR    gw-jonas.jonas.netz.
+
+
+; - (Caching ) Nameserver
+1           IN PTR    ns-jonas.jonas.netz.
+
+
+; - Fileserver
+10          IN PTR    file-jonas.jonas.netz.
+
+
+; - Drucker Canon PIXMA MG51
+5           IN PTR    pixma-mg7150.jonas.netz.
+
+; - Telefonanlage Auerswald Compact 3000 VoIP
+240         IN PTR    compact3000.jonas.netz.
diff --git a/CKUBU/bind/VPN/jonas/db.jonas.netz b/CKUBU/bind/VPN/jonas/db.jonas.netz
new file mode 100644
index 0000000..5f22a7c
--- /dev/null
+++ b/CKUBU/bind/VPN/jonas/db.jonas.netz
@@ -0,0 +1,40 @@
+;
+; BIND data file for local anwaeltinnen.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.anwaeltinnen.netz. ckubu.oopen.de. (
+      2013123001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+                IN NS     ns-urban.anwaeltinnen.netz.
+
+; Gateway/Firewall
+gw-jonas        IN A      192.168.86.254
+gate            IN CNAME  gw-urban
+gw              IN CNAME  gw-urban
+
+; (Caching ) Nameserver
+ns-jonas        IN A      192.168.86.1
+ns              IN CNAME  ns-urban
+nscache         IN CNAME  ns-urban
+
+
+; - Fileserver
+file-jonas      IN A      192.168.86.10
+file            IN CNAME  file-jonas
+backup          IN CNAME  file-jonas
+
+
+; - Drucker Canon MG-7175
+pixma-mg7150    IN A      192.168.86.5
+pixma           IN CNAME  pixma-mg7150
+
+
+; Telefonanlage Auerswald Compact 3000 VoIP
+compact3000     IN A      192.168.86.240
+
diff --git a/CKUBU/bind/VPN/kanzlei-kiel/db.192.168.100.0 b/CKUBU/bind/VPN/kanzlei-kiel/db.192.168.100.0
new file mode 100644
index 0000000..850ae57
--- /dev/null
+++ b/CKUBU/bind/VPN/kanzlei-kiel/db.192.168.100.0
@@ -0,0 +1,80 @@
+;
+; BIND reverse data file for local kanzlei-kiel.netz zone
+;
+$TTL  43600
+@  IN SOA   kanzlei-kiel.netz. ckubu.oopen.de. (
+      2012020701     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns.kanzlei-kiel.netz.
+
+; ==========
+; - Server
+; ==========
+
+; Gateway/Firewall
+254         IN PTR    gw-kanzlei-kiel.kanzlei-kiel.netz.
+
+; (Caching ) Nameserver
+1           IN PTR    ns.kanzlei-kiel.netz.
+
+; File Server
+10          IN PTR    file-ah.kanzlei-kiel.netz.
+
+; IPMI - File Server
+11          IN PTR    file-ipmi.kanzlei-kiel.netz.
+
+; USV 
+;15          IN PTR    usv-kanzlei-kiel.kanzlei-kiel.netz.
+
+; Windows 7 Server
+20          IN PTR    file-win7.kanzlei-kiel.netz.
+25          IN PTR    win7-ah.kanzlei-kiel.netz.
+
+
+; ==========
+; - Accesspoints
+; ==========
+
+; UniFi AP-AC-LR
+50         IN PTR    unify-ap.kanzlei-kiel.netz.
+
+
+; ==========
+; - Drucker
+; ==========
+
+; Laserdrucker Kyocera FS-2020D
+19          IN PTR     kyocera-fs-2020d.kanzlei-kiel.netz.
+; Multifunktions Drucker Kyocera TASKalfa 3051ci
+100         IN PTR     kyocera-taskalfa-3051ci.kanzlei-kiel.netz.
+
+; Laserdrucker Kyocera FS-2100DN
+189         IN PTR     kyocera-fs-2100dn.kanzlei-kiel.netz.
+
+
+; ==========
+; - Buero PC's
+; ==========
+
+22           IN PTR    buerozwei.kanzlei-kiel.netz.
+77           IN PTR    dokumentenscannerrechner.kanzlei-kiel.netz.
+81           IN PTR    buero-doro.kanzlei-kiel.netz.
+88           IN PTR    axel.kanzlei-kiel.netz.
+99           IN PTR    zk.kanzlei-kiel.netz.
+101          IN PTR    shuttle.kanzlei-kiel.netz.
+121          IN PTR    buerooben.kanzlei-kiel.netz.
+184          IN PTR    laptop-doro.kanzlei-kiel.netz.
+
+; --- 
+; - ckubu 
+; ---
+
+;  Laptop (devil) LAN (eth0)
+90          IN PTR    devil.kanzlei-kiel.netz.
+91          IN PTR    devil-wlan.kanzlei-kiel.netz.
+
diff --git a/CKUBU/bind/VPN/kanzlei-kiel/db.192.168.101.0 b/CKUBU/bind/VPN/kanzlei-kiel/db.192.168.101.0
new file mode 100644
index 0000000..a774411
--- /dev/null
+++ b/CKUBU/bind/VPN/kanzlei-kiel/db.192.168.101.0
@@ -0,0 +1,14 @@
+;
+; BIND reverse data file for local kanzlei-kiel.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.kanzlei-kiel.netz. ckubu.oopen.de. (
+      2012020201     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns.kanzlei-kiel.netz.
+
diff --git a/CKUBU/bind/VPN/kanzlei-kiel/db.kanzlei-kiel.netz b/CKUBU/bind/VPN/kanzlei-kiel/db.kanzlei-kiel.netz
new file mode 100644
index 0000000..57bd236
--- /dev/null
+++ b/CKUBU/bind/VPN/kanzlei-kiel/db.kanzlei-kiel.netz
@@ -0,0 +1,94 @@
+;
+; BIND data file for local kanzlei-kiel.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.kanzlei-kiel.netz. ckubu.oopen.de. (
+      2017013001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+            IN NS     ns.kanzlei-kiel.netz.
+
+
+; ==========
+; - Server
+; ==========
+
+; Gateway/Firewall
+gw-ah       IN A      192.168.100.254
+gate        IN CNAME  gw-ah
+gw          IN CNAME  gw-ah
+
+; (Caching ) Nameserver
+ns          IN A      192.168.100.1
+nscache     IN CNAME  ns
+
+; File Server
+file-ah    IN A      192.168.100.10
+file        IN CNAME  file-ah
+
+; IPMI - File Server
+file-ipmi   IN A      192.168.100.11
+
+; USV - APC Management Card
+;usv-ah     IN A      192.168.100.15
+;usv         IN CNAME  usv-ah
+
+; Windows 7 Server
+file-win7   IN A      192.168.100.20
+win7-ah     IN A      192.168.100.25
+
+
+; ==========
+; - Accesspoints
+; ==========
+
+; Controller for Unifi AP's
+unifi-ctl    IN A      192.168.100.254
+
+; UniFi AP-AC-LR
+unify-ap     IN A      192.168.100.50
+accesspoint  IN CNAME  unify-ap
+
+
+; ==========
+; - Drucker
+; ==========
+
+; Laserdrucker Kyocera FS-2020D
+kyocera-fs-2020d  IN A 192.168.100.29
+
+; Multifunktions Drucker Kyocera TASKalfa 3051ci
+kyocera-taskalfa-3051ci IN A  192.168.100.100
+kyocera-scanner   IN CNAME kyocera-taskalfa-3051ci
+
+; Laserdrucker Kyocera FS-2100DN
+kyocera-fs-2100dn  IN A 192.168.100.189
+
+
+; ==========
+; - Buero PC's
+; ==========
+
+buerozwei    IN A      192.168.100.22
+dokumentenscannerrechner IN A 192.168.100.77
+buero-doro   IN A      192.168.100.81
+axel         IN A      192.168.100.88
+zk           IN A      192.168.100.99
+shuttle      IN A      192.168.100.101
+buerooben    IN A      192.168.100.121
+laptop-doro  IN A      192.168.100.184
+
+; --- 
+; - ckubu 
+; ---
+
+;  Laptop (devil) LAN (eth0)
+devil       IN A      192.168.100.90
+;  Laptop (devil) WLAN (wlan0)
+devil-wlan  IN A      192.168.101.91
+
diff --git a/CKUBU/bind/VPN/mbr-bln/db.192.168.112.0 b/CKUBU/bind/VPN/mbr-bln/db.192.168.112.0
new file mode 100644
index 0000000..d4b3f5c
--- /dev/null
+++ b/CKUBU/bind/VPN/mbr-bln/db.192.168.112.0
@@ -0,0 +1,97 @@
+;
+; BIND reverse data file for local mbr-bln.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.mbr-bln.netz. ckubu.oopen.de. (
+      2012122401     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns.mbr-bln.netz.
+
+; Gateway/Firewall
+254         IN PTR    gw-mbr.mbr-bln.netz.
+
+; (Caching ) Nameserver
+1           IN PTR    ns.mbr-bln.netz.
+
+; - Fileserver
+10           IN PTR    file-mbr.mbr-bln.netz.
+
+201          IN PTR    file-ipmi-alt.mbr-bln.netz.
+15           IN PTR    file-ipmi.mbr-bln.netz.
+
+
+; - KVM Windows 7
+20           IN PTR    file-win10.mbr-bln.netz.
+21           IN PTR    file-win7-alt.mbr-bln.netz.
+
+; Accesspoint - WAG54GX2
+; 52          IN PTR    linksys-wag54gx2.mbr-bln.netz. 
+
+
+; Laserdrucker Kyocera FS 3838DN
+;230         IN PTR    fs_3830dtn.mbr-bln.netz.
+
+; Multifunktionsgeraet (Triumph)
+5            IN PTR    drucker-triumph.mbr-bln.netz.
+6            IN PTR    drucker-samsung.mbr-bln.netz.
+7            IN PTR    canon-lpb712cx.mbr-bln.netz.
+
+35           IN PTR    camera.mbr-bln.netz.
+
+
+; - Office PCs
+101          IN PTR    pc101.mbr-bln.netz.
+102          IN PTR    pc102.mbr-bln.netz.
+103          IN PTR    pc103.mbr-bln.netz.
+104          IN PTR    pc104.mbr-bln.netz.
+105          IN PTR    pc105.mbr-bln.netz.
+106          IN PTR    pc106.mbr-bln.netz.
+107          IN PTR    pc107.mbr-bln.netz.
+108          IN PTR    pc108.mbr-bln.netz.
+109          IN PTR    pc109.mbr-bln.netz.
+110          IN PTR    pc110.mbr-bln.netz.
+111          IN PTR    pc111.mbr-bln.netz.
+112          IN PTR    pc112.mbr-bln.netz.
+113          IN PTR    pc113.mbr-bln.netz.
+114          IN PTR    pc114.mbr-bln.netz.
+115          IN PTR    pc115.mbr-bln.netz.
+116          IN PTR    pc116.mbr-bln.netz.
+117          IN PTR    pc117.mbr-bln.netz.
+118          IN PTR    pc118.mbr-bln.netz.
+119          IN PTR    pc119.mbr-bln.netz.
+120          IN PTR    pc120.mbr-bln.netz.
+121          IN PTR    pc121.mbr-bln.netz.
+122          IN PTR    pc122.mbr-bln.netz.
+123          IN PTR    pc123.mbr-bln.netz.
+124          IN PTR    pc124.mbr-bln.netz.
+125          IN PTR    pc125.mbr-bln.netz.
+126          IN PTR    pc126.mbr-bln.netz.
+127          IN PTR    pc127.mbr-bln.netz.
+128          IN PTR    pc128.mbr-bln.netz.
+129          IN PTR    pc129.mbr-bln.netz.
+130          IN PTR    pc130.mbr-bln.netz.
+131          IN PTR    pc131.mbr-bln.netz.
+132          IN PTR    pc132.mbr-bln.netz.
+133          IN PTR    pc133.mbr-bln.netz.
+134          IN PTR    pc134.mbr-bln.netz.
+135          IN PTR    pc135.mbr-bln.netz.
+136          IN PTR    pc136.mbr-bln.netz.
+137          IN PTR    pc137.mbr-bln.netz.
+138          IN PTR    pc138.mbr-bln.netz.
+
+151          IN PTR    pc101-alt.mbr-bln.netz.
+
+; - Laptops
+131          IN PTR    lap131.mbr-bln.netz.
+132          IN PTR    lap132.mbr-bln.netz.
+133          IN PTR    lap133.mbr-bln.netz.
+134          IN PTR    lap134.mbr-bln.netz.
+
+; - ckubu
+90           IN PTR    devil.mbr-bln.netz.
+
diff --git a/CKUBU/bind/VPN/mbr-bln/db.mbr-bln.netz b/CKUBU/bind/VPN/mbr-bln/db.mbr-bln.netz
new file mode 100644
index 0000000..872c1fc
--- /dev/null
+++ b/CKUBU/bind/VPN/mbr-bln/db.mbr-bln.netz
@@ -0,0 +1,120 @@
+;
+; BIND data file for local mbr-bln.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.mbr-bln.netz. ckubu.oopen.de. (
+      2012122401     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+
+
+
+                IN NS     ns.mbr-bln.netz.
+
+; - Gateway/Firewall
+gw-mbr        IN A      192.168.112.254
+gate            IN CNAME  gw-mbr
+gw              IN CNAME  gw-mbr
+
+gw-ipmi        IN A     172.16.112.15
+
+; - (Caching ) Nameserver
+ns              IN A      192.168.112.1
+nscache         IN CNAME  ns
+
+
+; - Fileserver
+file-mbr        IN A      192.168.112.10
+file            IN CNAME  file-mbr
+
+file-mbr-neu    IN A      192.168.112.10
+file-mbr-alt    IN A      192.168.112.210
+
+file-ipmi-alt   IN A      192.168.112.201
+file-ipmi       IN A      192.168.112.15
+
+
+; - KVM Windows 7
+file-win7-alt   IN A      192.168.112.21
+
+; - KVM Windows 10
+file-win10     IN A       192.168.112.20
+winserver      IN CNAME  file-win10
+
+; - Accesspoint - WAG54GX2
+;linksys_wag54gx2 IN A   192.168.112.52 
+;ap-nuclear       IN CNAME linksys-wag54gx2
+
+
+; - Laserdrucker Kyocera FS 3838DN
+;fs-3830dtn    IN A      192.168.112.230
+;drucker       IN CNAME  fs-3830dtn
+
+drucker-triumph IN A 192.168.112.5
+
+drucker-samsung IN A 192.168.112.6
+
+canon-lpb712cx  IN A 192.168.112.7
+canondb88b2     IN CNAME canon-lpb712cx
+
+camera          IN A 192.168.112.35
+
+; - Lancom 1781VAW
+lancom          IN A 172.16.112.254
+
+
+; - Office PCs
+pc101           IN A      192.168.112.101
+pc101a          IN CNAME  pc101
+pc102           IN A      192.168.112.102
+pc103           IN A      192.168.112.103
+pc104           IN A      192.168.112.104
+pc105           IN A      192.168.112.105
+pc106           IN A      192.168.112.106
+pc107           IN A      192.168.112.107
+pc108           IN A      192.168.112.108
+pc109           IN A      192.168.112.109
+pc110           IN A      192.168.112.110
+pc111           IN A      192.168.112.111
+pc112           IN A      192.168.112.112
+pc113           IN A      192.168.112.113
+pc114           IN A      192.168.112.114
+pc115           IN A      192.168.112.115
+pc116           IN A      192.168.112.116
+pc117           IN A      192.168.112.117
+pc118           IN A      192.168.112.118
+pc119           IN A      192.168.112.119
+pc120           IN A      192.168.112.120
+pc121           IN A      192.168.112.121
+pc122           IN A      192.168.112.122
+pc123           IN A      192.168.112.123
+pc124           IN A      192.168.112.124
+pc125           IN A      192.168.112.125
+pc126           IN A      192.168.112.126
+pc127           IN A      192.168.112.127
+pc128           IN A      192.168.112.128
+pc129           IN A      192.168.112.129
+pc130           IN A      192.168.112.130
+pc131           IN A      192.168.112.131
+pc132           IN A      192.168.112.132
+pc133           IN A      192.168.112.133
+pc134           IN A      192.168.112.134
+pc135           IN A      192.168.112.135
+pc136           IN A      192.168.112.136
+pc137           IN A      192.168.112.137
+pc138           IN A      192.168.112.138
+
+pc101-alt       IN A      192.168.112.151
+
+
+; - Laptops
+lap131          IN A      192.168.112.131
+lap132          IN A      192.168.112.132
+lap133          IN A      192.168.112.133
+lap134          IN A      192.168.112.134
+
+; - ckubu
+devil           IN A      192.168.112.90
+kvm-win7        IN A      192.168.112.41
diff --git a/CKUBU/bind/VPN/opp/db.192.168.62.0 b/CKUBU/bind/VPN/opp/db.192.168.62.0
new file mode 100644
index 0000000..46a5bb7
--- /dev/null
+++ b/CKUBU/bind/VPN/opp/db.192.168.62.0
@@ -0,0 +1,86 @@
+;
+; BIND reverse data file for local opp.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.opp.netz. ckubu.oopen.de. (
+      2018010301     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-opp.opp.netz.
+
+; - Gateway/Firewall
+254         IN PTR    gw-opp.opp.netz.
+
+
+; - (Caching ) Nameserver
+53          IN PTR    ns-opp.opp.netz.
+
+
+; - Fileserver
+1           IN PTR    file-opp.opp.netz.
+
+
+; - IPMI
+;202         IN PTR    ipmi-opp.opp.netz.
+11           IN PTR    file-ipmi.opp.netz.
+12           IN PTR    gw-ipmi.opp.netz.
+
+
+; - Drucker
+5            IN PTR    hp-lj-3055.opp.netz.
+6            IN PTR    brother-mfc-7460.opp.netz.
+7            IN PTR    kyocera-m6535cidn.opp.netz.
+
+
+; - Accesspoint
+50           IN PTR    wlan-opp.opp.netz.
+51           IN PTR    ap-unifi-1.opp.netz.
+
+
+; - LAN
+104          IN PTR    opp4.opp.netz.
+105          IN PTR    opp5.opp.netz.
+106          IN PTR    opp6.opp.netz.
+
+120          IN PTR    opp3-lan.opp.netz.
+121          IN PTR    katja.opp.netz.
+122          IN PTR    katrin-eth-usb.opp.netz.
+123          IN PTR    marcus-eth-usb.opp.netz.
+124          IN PTR    ines.opp.netz.
+125          IN PTR    tobias.opp.netz.
+126          IN PTR    ulrike.opp.netz.
+127          IN PTR    opp2-lan.opp.netz.
+128          IN PTR    sofia.opp.netz.
+129          IN PTR    judith.opp.netz.
+130          IN PTR    amine.opp.netz.
+131          IN PTR    martin.opp.netz.
+132          IN PTR    cristina.opp.netz.
+133          IN PTR    katrin-priv.opp.netz.
+135          IN PTR    hannes.opp.netz.
+136          IN PTR    ingmar-eth-usb.opp.netz.
+137          IN PTR    opp1-lan.opp.netz.
+139          IN PTR    eli-eth-usb.opp.netz.
+
+
+141          IN PTR    katja-wlan.opp.netz.
+142          IN PTR    katrin-wlan.opp.netz.
+143          IN PTR    marcus-wlan.opp.netz.
+144          IN PTR    ines-wlan.opp.netz.
+145          IN PTR    tobias-wlan.opp.netz.
+146          IN PTR    ulrike-wlan.opp.netz.
+147          IN PTR    anne-wlan.opp.netz.
+148          IN PTR    sofia-wlan.opp.netz.
+149          IN PTR    judith-wlan.opp.netz.
+150          IN PTR    amine-wlan.opp.netz.
+151          IN PTR    martin-wlan.opp.netz.
+152          IN PTR    cristina-wlan.opp.netz.
+153          IN PTR    katrin-priv-wlan.opp.netz.
+155          IN PTR    hannes-wlan.opp.netz.
+156          IN PTR    ingmar-wlan.opp.netz.
+157          IN PTR    opp1-wlan.opp.netz.
+159          IN PTR    eli-wlan.opp.netz
+
diff --git a/CKUBU/bind/VPN/opp/db.opp.netz b/CKUBU/bind/VPN/opp/db.opp.netz
new file mode 100644
index 0000000..76f885e
--- /dev/null
+++ b/CKUBU/bind/VPN/opp/db.opp.netz
@@ -0,0 +1,180 @@
+;
+; BIND data file for local opp.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.opp.netz. ckubu.oopen.de. (
+      2018010301     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+                IN NS     ns-opp.opp.netz.
+
+; Gateway/Firewall
+gw-opp          IN A      192.168.62.254
+gate            IN CNAME  gw-opp
+gw              IN CNAME  gw-opp
+
+; (Caching ) Nameserver
+ns-opp          IN A      192.168.62.53
+ns              IN CNAME  ns-opp
+nscache         IN CNAME  ns-opp
+
+
+; Accesspoint Unifi AP AC PRO Ubiquiti
+ap-unifi-1        IN A     192.168.62.51
+ap-1              IN CNAME ap-unifi-1
+
+; Controller for Unifi AP's
+ctl-unifi         IN A     192.168.62.254
+
+
+; - Fileserver
+file-opp        IN A      192.168.62.1
+file            IN CNAME  file-opp
+zapata          IN CNAME  file-opp
+
+
+; - IPMI
+file-ipmi        IN A      192.168.62.11
+zapata-ipmi      IN CNAME  file-ipmi
+
+gw-ipmi          IN A      192.168.62.12
+gate-ipmi        IN CNAME  gw-ipmi
+
+
+; - Drucker
+hp-lj-3055      IN A      192.168.62.5
+hp-laserjet-3055 IN CNAME  hp-lj-3055
+
+brother-mfc-7460 IN A     192.168.62.6
+brother          IN CNAME brother-mfc-7460
+
+kyocera-m6535cidn IN A  192.168.62.7
+kyocera           IN CNAME kyocera-m6535cidn
+
+
+
+; - Accesspoint
+wlan-opp        IN A      192.168.62.50
+ap              IN CNAME  wlan-opp
+accesspoint     IN CNAME  wlan-opp
+
+
+; - LAN
+opp4            IN A      192.168.62.104
+opp4-lan        IN CNAME  opp4
+
+opp5            IN A      192.168.62.105
+opp5-lan        IN CNAME  opp5
+
+opp6            IN A      192.168.62.106
+opp6-lan        IN CNAME  opp6
+
+
+
+opp3-lan        IN A      192.168.62.120
+opp3            IN CNAME  opp3-lan
+opp3-eth-usb    IN CNAME  opp3-lan
+
+katja           IN A      192.168.62.121
+katja-lan       IN CNAME  katja
+
+katrin-eth-usb  IN A      192.168.62.122
+katrin-lan      IN CNAME  katrin-eth-usb
+
+marcus-eth-usb  IN A      192.168.62.123
+marcus-lan      IN CNAME  marcus-eth-usb
+marcus          IN CNAME  marcus-eth-usb
+
+ines            IN A      192.168.62.124
+ines-lan        IN CNAME  ines
+
+tobias          IN A      192.168.62.125
+tobias-lan      IN CNAME  tobias
+
+ulrike          IN A      192.168.62.126
+ulrike-lan      IN CNAME  ulrike
+
+opp2-lan        IN A      192.168.62.127
+opp2            IN CNAME  opp2-lan
+opp2-eth-usb    IN CNAME  opp2-lan
+
+sofia           IN A      192.168.62.128
+sofia-lan       IN CNAME  sofia
+
+judith          IN A      192.168.62.129
+judith-lan      IN CNAME  judith
+
+amine-eth-usb   IN A      192.168.62.130
+amine-lan       IN CNAME  amine-eth-usb
+amine           IN CNAME  amine-eth-usb
+
+martin          IN A      192.168.62.131
+martin-lan      IN CNAME  martin
+
+cristina        IN A      192.168.62.132
+cristina-lan    IN CNAME  cristina
+
+katrin-priv     IN A      192.168.62.133
+katrin-priv-lan IN CNAME  katrin
+
+hannes          IN A      192.168.62.135
+hannes-lan      IN CNAME  hannes
+
+ingmar-eth-usb  IN A      192.168.62.136
+ingmar-lan      IN CNAME  ingmar-eth-usb
+ingmar          IN CNAME  ingmar-eth-usb
+
+opp1-lan        IN A      192.168.62.137
+opp1            IN CNAME  opp1-lan
+opp1-eth-usb    IN CNAME  opp1-lan
+
+eli-eth-usb     IN A      192.168.62.139
+eli             IN CNAME  eli-eth-usb
+eli-lan         IN CNAME  eli-eth-usb
+
+
+; - WLAN
+opp3-wlan       IN A      192.168.62.140
+
+katja-wlan      IN A      192.168.62.141
+
+katrin-wlan     IN A      192.168.62.142
+
+marcus-wlan     IN A      192.168.62.143
+
+ines-wlan       IN A      192.168.62.144
+
+tobias-wlan     IN A      192.168.62.145
+
+ulrike-wlan     IN A      192.168.62.146
+
+opp2-wlan       IN A      192.168.62.147
+
+sofia-wlan      IN A      192.168.62.148
+
+judith-wlan     IN A      192.168.62.149
+
+amine-wlan      IN A      192.168.62.150
+
+martin-wlan     IN A      192.168.62.151
+
+cristina-wlan   IN A      192.168.62.152
+
+katrin-priv-wlan IN A      192.168.62.153
+
+hannes-wlan      IN A      192.168.62.155
+
+ingmar-wlan      IN A      192.168.62.156
+
+opp1-wlan        IN A      192.168.62.157
+
+eli-wlan         IN A      192.168.62.159
+
+
+; - Services
+wiki            IN A      192.168.62.254
diff --git a/CKUBU/bind/VPN/ro/db.192.168.72.0 b/CKUBU/bind/VPN/ro/db.192.168.72.0
new file mode 100644
index 0000000..b394858
--- /dev/null
+++ b/CKUBU/bind/VPN/ro/db.192.168.72.0
@@ -0,0 +1,74 @@
+;
+; BIND reverse data file for local ro.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.ro.netz. ckubu.oopen.de. (
+      2012120501     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-ro.ro.netz.
+
+; - Gateway/Firewall
+254				IN	PTR	gw-ro.ro.netz.
+
+
+; - (Caching ) Nameserver
+1 					IN	PTR	ns-ro.ro.netz.
+
+
+; - Fileserver
+10				IN	PTR    file-ro.ro.netz.
+20          IN PTR    file-ro-alt.ro.netz.
+
+; - IPMI - Fileserver
+15				IN	PTR    file-ipmi.ro.netz.
+
+
+; - Drucker
+;
+; Brother MFC-9332CDW (Buero Sabine)
+4              IN PTR   brother-mfc-9332cdw.ro.netz.
+; - Kyocera KM-1635
+5              IN PTR   km-1635.ro.netz.
+; - HP Color Laser Jet 2600 n
+6              IN PTR   hp-2600n.ro.netz.
+; - HP Color LaserJet Pro MFP M177fw
+; - Büro Maria
+7              IN PTR   hp-mfp-m177fw.ro.netz.
+; - HP Laser Jet P2055dn (Buero Helga)
+8              IN PTR   hp-p2055dn.ro.netz.
+; - Brother MFC-L2700DW (Buero Biplab/Ulle)
+9              IN PTR   brother-mfc-l2700DW.ro.netz.
+
+
+; - Vodafone easybox
+20             IN PTR  easybox.ro.netz.
+
+; Telefonanlage
+;
+50             IN PTR  tka.ro.netz.
+; Telefone
+51             IN PTR  app01.ro.netz.
+52             IN PTR  app02.ro.netz.
+53             IN PTR  app03.ro.netz.
+
+
+; - Office PCs
+101				IN	PTR	pc101.ro.netz.
+102				IN	PTR	pc102.ro.netz.
+103				IN	PTR	pc103.ro.netz.
+104				IN	PTR	pc104.ro.netz.
+105				IN	PTR	pc105.ro.netz.
+106				IN	PTR	pc106.ro.netz.
+107				IN	PTR	pc107.ro.netz.
+108				IN	PTR	pc108.ro.netz.
+
+
+; - Laptops
+121				IN	PTR	pc121.ro.netz.
+122				IN	PTR	pc122.ro.netz.
+123            IN PTR   pc123.ro.netz.
diff --git a/CKUBU/bind/VPN/ro/db.192.168.73.0 b/CKUBU/bind/VPN/ro/db.192.168.73.0
new file mode 100644
index 0000000..3eeb102
--- /dev/null
+++ b/CKUBU/bind/VPN/ro/db.192.168.73.0
@@ -0,0 +1,20 @@
+;
+; BIND reverse data file for local ro.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.ro.netz. ckubu.oopen.de. (
+      2016123101     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-ro.ro.netz.
+
+            
+; Unifi AP AC PRO
+51          IN PTR    ap-unifi-1.ro.netz.
+52          IN PTR    ap-unifi-2.ro.netz.
+; Controler Unifi AP AC PRO
+254         IN PTR    ctl-unifi.ro.netz.
diff --git a/CKUBU/bind/VPN/ro/db.ro.netz b/CKUBU/bind/VPN/ro/db.ro.netz
new file mode 100644
index 0000000..d28cdd9
--- /dev/null
+++ b/CKUBU/bind/VPN/ro/db.ro.netz
@@ -0,0 +1,99 @@
+;
+; BIND data file for local ro.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.ro.netz. ckubu.oopen.de. (
+      2012120501     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+					IN	NS		ns-ro.ro.netz.
+
+; Gateway/Firewall
+gw-ro				IN	A		192.168.72.254
+gate				IN	CNAME	gw-ro
+gw					IN	CNAME	gw-ro
+
+; (Caching ) Nameserver
+ns-ro				IN	A		192.168.72.1
+ns					IN	CNAME	ns-ro
+nscache			IN	CNAME	ns-ro
+resolver			IN	CNAME	ns-ro
+
+
+; Accesspoint Unifi AP AC PRO Ubiquiti
+ap-unifi-1     IN A      192.168.73.51
+ap-1           IN CNAME  ap-unifi-1
+ap-unifi-2     IN A      192.168.73.52
+ap-2           IN CNAME  ap-unifi-2
+
+
+; - Fileserver
+file-ro			IN	A		192.168.72.10
+file				IN	CNAME	file-ro
+pandora			IN	CNAME	file-ro
+
+; Controller for Unifi AP's
+ctl-unifi      IN A      192.168.73.254
+
+
+; - IPMI - Fileserver
+file-ipmi		IN	A		192.168.72.11
+ipmi				IN	CNAME	file-ipmi
+
+
+; - Drucker
+;
+; Brother MFC-9332CDW
+brother-mfc-9332cdw  IN A     192.168.72.4
+brn3c2af40bfbf2      IN CNAME brother-mfc-9332cdw
+; - Kyocera KM-1635
+km-1635        IN A     192.168.72.5
+; - HP Color Laser Jet 2600 n
+hp-2600n       IN A     192.168.72.6
+; - HP Color LaserJet Pro MFP M177fw
+; - Büro Maria
+hp-mfp-m177fw  IN A     192.168.72.7
+; - HP Laser Jet P2055dn (Buero Helga)
+hp-p2055dn     IN A     192.168.72.8
+; - Brother MFC-L2700DW (Buero Biplab/Ulle)
+brother-mfc-l2700DW  IN A     192.168.72.9
+brn30055c601bd2      IN CNAME brother-mfc-l2700DW
+
+
+; - Vodafone EasyBox
+easybox        IN A     192.168.72.20
+
+
+; Telefonanlage
+tka            IN A     192.168.72.50
+; Telefone
+app01          IN A     192.168.72.51
+app02          IN A     192.168.72.52
+app03          IN A     192.168.72.53
+
+
+
+; - Office PCs
+pc101				IN	A  	192.168.72.101
+pc102				IN	A		192.168.72.102
+pc103				IN	A		192.168.72.103
+pc104				IN	A		192.168.72.104
+pc105				IN	A		192.168.72.105
+pc106				IN	A		192.168.72.106
+pc107				IN	A		192.168.72.107
+pc108				IN	A		192.168.72.108
+
+pc101-alt      IN A     192.168.72.111
+pc104-alt      IN A     192.168.72.114
+pc106-alt      IN A     192.168.72.116
+
+
+; - Laptops
+pc121				IN	A		192.168.72.121
+pc122				IN	A		192.168.72.122
+pc123				IN	A		192.168.72.123
diff --git a/CKUBU/bind/VPN/spr-be/db.192.168.92.0 b/CKUBU/bind/VPN/spr-be/db.192.168.92.0
new file mode 100644
index 0000000..af4eef9
--- /dev/null
+++ b/CKUBU/bind/VPN/spr-be/db.192.168.92.0
@@ -0,0 +1,59 @@
+;
+; BIND reverse data file for local sprachenatelier.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.sprachenatelier.netz. ckubu.oopen.de. (
+      2017060301     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+@              IN NS    ns-spr.sprachenatelier.netz.
+
+; - Gateway/Firewall
+254            IN PTR   gw-spr.sprachenatelier.netz.
+
+
+; - (Caching ) Nameserver
+1              IN PTR   ns-spr.sprachenatelier.netz.
+
+
+; - Fileserver
+10             IN PTR   file-spr.sprachenatelier.netz.
+11             IN PTR   file-spr-alt.sprachenatelier.netz.
+
+
+; - IPMI
+15             IN PTR   file-ipmi.sprachenatelier.netz.
+202            IN PTR   file-ipmi-alt.sprachenatelier.netz.
+
+
+; - Drucker
+5              IN PTR   hp-cp1515n.sprachenatelier.netz.
+6              IN PTR   kyocera-p2040dn.sprachenatelier.netz.
+7              IN PTR   br-mfc-jw5910dw.sprachenatelier.netz.   
+8              IN PTR   kyocera-p2135dn.sprachenatelier.netz.
+
+
+; - Accesspoint
+50             IN PTR   wlan-spr.sprachenatelier.netz.
+
+
+; - Buero PC's
+101            IN PTR   cl101.sprachenatelier.netz.
+102            IN PTR   cl102.sprachenatelier.netz.
+103            IN PTR   cl103.sprachenatelier.netz.
+104            IN PTR   cl104.sprachenatelier.netz.
+105            IN PTR   cl105.sprachenatelier.netz.
+106            IN PTR   cl106.sprachenatelier.netz.
+107            IN PTR   cl107.sprachenatelier.netz.
+108            IN PTR   cl108.sprachenatelier.netz.
+109            IN PTR   cl109.sprachenatelier.netz.
+110            IN PTR   cl110.sprachenatelier.netz.
+;111            IN PTR    cl111.sprachenatelier.netz.
+;112            IN PTR    cl112.sprachenatelier.netz.
+
+137            IN PTR   cl107-alt.sprachenatelier.netz.
+138            IN PTR   cl108-alt.sprachenatelier.netz.
diff --git a/CKUBU/bind/VPN/spr-be/db.sprachenatelier.netz b/CKUBU/bind/VPN/spr-be/db.sprachenatelier.netz
new file mode 100644
index 0000000..028227b
--- /dev/null
+++ b/CKUBU/bind/VPN/spr-be/db.sprachenatelier.netz
@@ -0,0 +1,148 @@
+;
+; BIND data file for local sprachenatelier.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.sprachenatelier.netz. ckubu.oopen.de. (
+      2017060301     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+@                 IN NS     ns-spr.sprachenatelier.netz.
+
+; Gateway/Firewall
+gw-spr            IN A      192.168.92.254
+gate              IN CNAME  gw-spr
+gw                IN CNAME  gw-spr
+
+
+; (Caching ) Nameserver
+ns-spr            IN A      192.168.92.1
+ns                IN CNAME  ns-spr
+nscache           IN CNAME  ns-spr
+
+
+; - Fileserver
+file-spr          IN A      192.168.92.10
+file              IN CNAME  file-spr
+www               IN CNAME  file-spr
+
+file-spr-alt      IN A      192.168.92.11
+
+
+; - IPMI
+gw-ipmi           IN A      172.16.92.15
+file-ipmi         IN A      192.168.92.15
+
+file-ipmi-alt     IN A      192.168.92.202
+
+
+; - HP Color LaserJet CP1515DN
+;
+hp-cp1515n        IN A      192.168.92.5
+hp-color          IN CNAME  hp-cp1515n
+
+; - Kyocera ECOSYS P3040DN
+;
+kyocera-p2040dn   IN A     192.168.92.6
+km-p2040dn        IN CNAME kyocera-p2040dn
+
+; Brother MFC-J5910DW
+;
+br-mfc-jw5910dw  IN A     192.168.92.7
+brother          IN CNAME br-mfc-jw5910dw
+
+; - KyoceraA P2035D
+; - Gibt es nicht mehr -
+;
+;kyocera-p2135dn  IN A 192.168.92.8
+;kyocera          IN CNAME kyocera-p2135dn
+
+; - Kyocera ECOSYS P2135DN
+;
+kyocera-p2035d    IN A 192.168.92.9
+km29df05          IN CNAME kyocera-p2035d
+
+
+; - Accesspoint
+wlan-spr          IN A      192.168.92.50
+wlan              IN CNAME  wlan-spr
+accesspoint       IN CNAME  wlan-spr
+
+
+; PC's
+cl101-spr         IN A      192.168.92.101
+cl101             IN CNAME  cl101-spr
+
+cl102-spr         IN A      192.168.92.102
+cl102             IN CNAME  cl102-spr
+
+cl103-spr         IN A      192.168.92.103
+cl103             IN CNAME  cl103-spr
+
+cl104-spr         IN A      192.168.92.104
+cl104             IN CNAME  cl104-spr
+
+cl105-spr         IN A      192.168.92.105
+cl105             IN CNAME  cl105-spr
+
+cl106-spr         IN A      192.168.92.106
+cl106             IN CNAME  cl106-spr
+
+cl107-spr         IN A      192.168.92.107
+cl107             IN CNAME  cl107-spr
+
+cl108-spr         IN A      192.168.92.108
+cl108             IN CNAME  cl108-spr
+
+cl109-spr         IN A      192.168.92.109
+cl109             IN CNAME  cl109-spr
+
+cl110-spr         IN A      192.168.92.110
+cl110             IN CNAME  cl110-spr
+
+cl111-spr         IN A      192.168.92.111
+cl111             IN CNAME  cl111-spr
+
+cl112-spr         IN A      192.168.92.112
+cl112             IN CNAME  cl112-spr
+
+
+cl101-alt-spr     IN A      192.168.92.131
+cl101-alt         IN CNAME  cl101-alt-spr
+
+cl102-alt-spr     IN A      192.168.92.132
+cl102-alt         IN CNAME  cl102-alt-spr
+
+cl103-alt-spr     IN A      192.168.92.133
+cl103-alt         IN CNAME  cl103-alt-spr
+
+cl105-alt-spr     IN A      192.168.92.135
+cl105-alt         IN CNAME  cl105-alt-spr
+
+cl106-alt-spr     IN A      192.168.92.136
+cl106-alt         IN CNAME  cl106-alt-spr
+
+cl107-alt-spr     IN A      192.168.92.137
+cl107-alt         IN CNAME  cl107-alt-spr
+
+cl108-alt-spr     IN A      192.168.92.138
+cl108-alt         IN CNAME  cl108-alt-spr
+
+
+; Lancom 1781VAW - Router (von der Telekom)
+;
+lancome-router    IN A       172.16.92.254
+lancom            IN CNAME   lancome-router
+router            IN CNAME   lancome-router
+
+; Lancom L-322agn dual Wireless (R2)
+; 2 * Accespoint (HotSpot)
+;
+lancom-ap1        IN A       192.168.150.11
+ap1               IN CNAME   lancom-ap1
+lancom-ap2        IN A       192.168.150.12
+ap2               IN CNAME   lancom-ap2
diff --git a/CKUBU/bind/VPN/wf/db.192.168.52.0 b/CKUBU/bind/VPN/wf/db.192.168.52.0
new file mode 100644
index 0000000..84983a7
--- /dev/null
+++ b/CKUBU/bind/VPN/wf/db.192.168.52.0
@@ -0,0 +1,77 @@
+;
+; BIND data file for local wf.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.wf.netz. ckubu.oopen.de. (
+      2014031001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+
+                   IN NS     ns.wf.netz.
+
+; Gateway/Firewall
+254                IN PTR    gw-wf.wf.netz.
+
+; Ersatz Gateway
+253                IN PTR    gw-replacement.wf.netz.
+
+
+; (Caching ) Nameserver
+53                 IN PTR    ns-wf.wf.netz.
+
+
+; File-Server
+60                 IN PTR    anita.wf.netz.
+
+
+; Development - Server (Vserver System)
+20                 IN PTR    devel-root.wf.netz.
+
+
+; NAS System
+80                 IN PTR    wf-nas.wf.netz.
+
+
+; IPMI
+21                 IN PTR    devel-ipmi.wf.netz
+61                 IN PTR    anita-ipmi.wf.netz
+
+
+; APC - Smart UPS 3000 RM
+15                 IN PTR    usv.wf.netz.
+
+
+; Drucker
+179                IN PTR    brother-5890.wf.netz.
+
+
+; Vserver Instanzen
+
+22                 IN PTR    devel-php54.wf.netz.
+23                 IN PTR    devel-db.wf.netz.
+24                 IN PTR    devel-php5.wf.netz.
+25                 IN PTR    devel-repos.wf.netz.
+26                 IN PTR    devel-todo.wf.netz.
+27                 IN PTR    devel-spi.wf.netz.
+28                 IN PTR    devel-schott-be.wf.netz.
+29                 IN PTR    devel-schott-fe.wf.netz.
+30                 IN PTR    devel-solr.wf.netz.
+
+31                 IN PTR    devel-php7.wf.netz.
+
+
+; Buero PC's
+78                 IN PTR    kaya.wf.netz.
+84                 IN PTR    christian.wf.netz.
+85                 IN PTR    axel-mini.wf.netz.
+87                 IN PTR    mariettewf.netz.
+
+
+; Ersatz Gatewy
+253                IN PTR    gw-replacement.wf.netz.
+
diff --git a/CKUBU/bind/VPN/wf/db.wf-wlan.netz b/CKUBU/bind/VPN/wf/db.wf-wlan.netz
new file mode 100644
index 0000000..579fcbd
--- /dev/null
+++ b/CKUBU/bind/VPN/wf/db.wf-wlan.netz
@@ -0,0 +1,21 @@
+;
+; BIND data file for local wf.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.wf.netz. ckubu.oopen.de. (
+      2013030701     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+
+                   IN NS     ns.wf.netz.
+
+; Gateway/Firewall
+gw-wf              IN A      192.168.42.254
+gate               IN CNAME  gw-wf
+gw                 IN CNAME  gw-wf
+gw-d11             IN CNAME  gw-wf
diff --git a/CKUBU/bind/VPN/wf/db.wf.netz b/CKUBU/bind/VPN/wf/db.wf.netz
new file mode 100644
index 0000000..110be40
--- /dev/null
+++ b/CKUBU/bind/VPN/wf/db.wf.netz
@@ -0,0 +1,199 @@
+;
+; BIND data file for local wf.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.wf.netz. ckubu.oopen.de. (
+      2017071301     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+
+                   IN NS     ns-wf.wf.netz.
+
+; Gateway/Firewall
+gw-wf              IN A      192.168.52.254
+gate               IN CNAME  gw-wf
+gw                 IN CNAME  gw-wf
+gw-d11             IN CNAME  gw-wf
+
+; Ersatz Gateway
+gw-replacement     IN A      192.168.52.253
+
+; (Caching ) Nameserver
+ns-wf              IN A      192.168.52.53
+ns                 IN CNAME  ns-wf
+nscache            IN CNAME  ns-wf
+resolver           IN CNAME  ns-wf
+
+; File-Server
+anita              IN A      192.168.52.60
+
+; Development - Server (Vserver System)
+devel-root         IN A      192.168.52.20
+devel              IN CNAME  devel-root
+
+
+; NAS System
+wf-nas             IN A      192.168.52.80
+nas                IN CNAME  wf-nas
+
+
+; IPMI
+anita-ipmi         IN A      192.168.52.61
+devel-ipmi         IN A      192.168.52.21
+
+
+; APC - Smart UPS 3000 RM
+usv                IN A      192.168.52.15
+ups                IN CNAME  usv
+
+; Drucker
+brother-5890       IN A      192.168.52.179
+
+
+; Vserver Instanzen
+devel-php54        IN A      192.168.52.22
+php54              IN CNAME  devel-php54
+
+devel-db           IN A      192.168.52.23
+db                 IN CNAME  devel-db
+
+devel-php5         IN A      192.168.52.24
+php5               IN CNAME  devel-php5
+
+devel-repos        IN A      192.168.52.25
+repos              IN CNAME  devel-repos
+
+devel-todo         IN A      192.168.52.26
+todo               IN CNAME  devel-todo
+todo-dev           IN CNAME  devel-todo
+
+devel-spi          IN A      192.168.52.27
+spi                IN CNAME  devel-spi
+
+devel-schott-be    IN A      192.168.52.28
+schott-be          IN CNAME  devel-schott-be
+
+devel-schott-fe    IN A      192.168.52.29
+schott-fe          IN CNAME  devel-schott-fe
+
+devel-solr         IN A      192.168.52.30
+solr               IN CNAME  devel-solr
+
+devel-php7         IN A      192.168.52.31
+php7               IN CNAME  devel-php7
+
+
+; php5 - Webserver
+;
+artikelbox         IN A      192.168.52.24
+benjamin-hoff      IN A      192.168.52.24
+bodyvib-shop       IN A      192.168.52.24
+callinus           IN A      192.168.52.24
+contao             IN A      192.168.52.24
+demasi             IN A      192.168.52.24
+die-linke-europa   IN A      192.168.52.24
+dkf                IN A      192.168.52.24
+egypt-at-work      IN A      192.168.52.24
+etherpad           IN A      192.168.52.24
+forum-ds           IN A      192.168.52.24
+gambio-shop        IN A      192.168.52.24
+ism                IN A      192.168.52.24
+hp-address         IN A      192.168.52.24
+helle-panke        IN A      192.168.52.24
+juergen-klute      IN A      192.168.52.24
+jewrovision-voting IN A      192.168.52.24
+jugendkongress     IN A      192.168.52.24
+jw                 IN A      192.168.52.24
+jw56               IN A      192.168.52.24
+jw-test            IN A      192.168.52.24
+kaya-test          IN A      192.168.52.24
+kleinpetersberg    IN A      192.168.52.24
+kontext-chris      IN A      192.168.52.24
+kontext-emt        IN A      192.168.52.24
+kontext-felix      IN A      192.168.52.24
+kontext-test       IN A      192.168.52.24
+kontext-ml         IN A      192.168.52.24
+kontext-emt-zr     IN A      192.168.52.24
+kontext3           IN A      192.168.52.24
+kontext3-mvc       IN A      192.168.52.24
+kontext3-sass      IN A      192.168.52.24
+limesurvey         IN A      192.168.52.24
+medientagung       IN A      192.168.52.24
+mitzvahday         IN A      192.168.52.24
+michael-leutert    IN A      192.168.52.24
+nd                 IN A      192.168.52.24
+nd-2017            IN A      192.168.52.24
+ndkz               IN A      192.168.52.24
+nd-archiv          IN A      192.168.52.24
+nd-2013            IN A      192.168.52.24
+nd-redesign2011    IN A      192.168.52.24
+parkaue            IN A      192.168.52.24
+php-manual         IN A      192.168.52.24
+php5-opcache       IN A      192.168.52.24
+pessach            IN A      192.168.52.24
+platinit           IN A      192.168.52.24
+prager-fruehling-magazin   IN A      192.168.52.24
+zrkalender         IN A      192.168.52.24
+zr-alt             IN A      192.168.52.24
+silverstripe       IN A      192.168.52.24
+solidarische-moderne       IN A      192.168.52.24
+typo3neos          IN A      192.168.52.24
+tvet-laos          IN A      192.168.52.24
+voltaire           IN A      192.168.52.24
+wagenknecht        IN A      192.168.52.24
+wiki               IN A      192.168.52.24
+wwl                IN A      192.168.52.24
+wwl-intellektuelle IN A      192.168.52.24
+wwl-gewerkschafter IN A      192.168.52.24
+wordpress          IN A      192.168.52.24
+
+
+; php54 - Webserver
+devel-php54-neu    IN A      192.168.52.22
+nd-54              IN A      192.168.52.22
+kontext3-54        IN A      192.168.52.22
+kontext-emt-54     IN A      192.168.52.22
+kontext-emt-zr-54  IN A      192.168.52.22
+
+
+; php7 (php57) - Webserver
+helle-panke-php7   IN A      192.168.52.31
+kontext3-php7      IN A      192.168.52.31
+jw-php7            IN A      192.168.52.31
+nd-php7            IN A      192.168.52.31
+
+
+; Repository Server
+trac-efi           IN A      192.168.52.25
+trac-bdb           IN A      192.168.52.25
+spider-trac        IN A      192.168.52.25
+
+
+; spi Server
+spider             IN A      192.168.52.27
+spider-dev         IN A      192.168.52.27
+spider-dev56       IN A      192.168.52.27
+
+
+; Buero PC's
+kaya               IN A      192.168.52.78
+axel               IN A      192.168.52.84
+*.axel             IN CNAME  axel
+axel-mini          IN CNAME  axel
+christian          IN A      192.168.52.85
+*.christian        IN CNAME  christian
+mariette           IN A      192.168.52.87
+
+
+; Ersatz Gatewy
+gw-replacement     IN A      192.168.52.253
+
+
+; raspberry (netz 192.168.43.0/24)
+raspberry          IN A      192.168.43.10
+owncloud           IN CNAME  raspberry
diff --git a/CKUBU/bind/bind.keys b/CKUBU/bind/bind.keys
new file mode 100644
index 0000000..db22d4b
--- /dev/null
+++ b/CKUBU/bind/bind.keys
@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};
diff --git a/CKUBU/bind/db.0 b/CKUBU/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/CKUBU/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/CKUBU/bind/db.127 b/CKUBU/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/CKUBU/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/CKUBU/bind/db.172.16.63.0 b/CKUBU/bind/db.172.16.63.0
new file mode 100644
index 0000000..d533c36
--- /dev/null
+++ b/CKUBU/bind/db.172.16.63.0
@@ -0,0 +1,23 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.local.netz. ckubu.oopen.de. (
+      2015100601     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns.local.netz.
+
+; IPMI Gateway/Firewall
+15          IN PTR    gw-ckubu-ipmi.local.netz.
+
+; Telefonanlage
+240         IN PTR    erkel.local.netz.
+245         IN PTR    comfortel-2600.local.netz.
+
+; Entertain TV Media Reciever
+5           IN PTR    media-reciever.local.netz.
diff --git a/CKUBU/bind/db.192.168.63.0 b/CKUBU/bind/db.192.168.63.0
new file mode 100644
index 0000000..00feea3
--- /dev/null
+++ b/CKUBU/bind/db.192.168.63.0
@@ -0,0 +1,58 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.local.netz. ckubu.oopen.de. (
+      2015100601     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns.local.netz.
+
+; Gateway/Firewall
+254         IN PTR    gw-ckubu.local.netz.
+15          IN PTR    gw-ckubu-ipmi.local.netz.
+
+; Ersatz Gateway
+253         IN PTR    gw-replacement.local.netz.
+
+; (Caching ) Nameserver
+1           IN PTR    ns.local.netz.
+
+; Accesspoint - WAG54GX2
+52          IN PTR    linksys-wag54gx2.local.netz.
+
+
+
+; Laserdrucker Kyocera FS 3838DN
+;230         IN PTR    fs_3830dtn.local.netz.
+
+; Brother MFC-7860DW WLAN
+235         IN PTR    mfc-7860dw.local.netz.
+
+; Telefonanlage
+240         IN PTR    erkel.local.netz.
+245         IN PTR    comfortel-2600.local.netz.
+
+; DVBT 2 Reciever
+4           IN PTR    dvbt2-reciever.local.netz.
+
+; Entertain TV Media Reciever
+5           IN PTR    media-reciever.local.netz.
+
+; Buero PC's
+20          IN PTR    luna.local.netz.
+30          IN PTR    inge-desktop-lan.local.netz.
+
+; Laptop's
+35          IN PTR    frida-laptop.local.netz.
+45          IN PTR    netbook.local.netz.
+90          IN PTR    devil.local.netz.
+
+
+; weitere
+131         IN PTR    cl109.local.netz.
+132         IN PTR    cl110.local.netz.
diff --git a/CKUBU/bind/db.192.168.64.0 b/CKUBU/bind/db.192.168.64.0
new file mode 100644
index 0000000..c59a90e
--- /dev/null
+++ b/CKUBU/bind/db.192.168.64.0
@@ -0,0 +1,39 @@
+;
+; BIND reverse data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.local.netz. ckubu.oopen.de. (
+      2012013101     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns.local.netz.
+
+; Accesspoint - WRT54G
+;54          IN PTR    linksys-wrt54g.local.netz.
+
+; Switch TP-LINK TL-SG108E
+40          IN PTR    switch-tp-link
+
+; Unifi AP AC PRO
+50          IN PTR    ap-unifi.local.netz.
+
+; TP-Link Repeater (TL-WA850RE)
+55          IN PTR    ap-repeater.local.netz.
+
+; Controler Unifi AP AC PRO
+254         IN PTR    ctl-unifi.local.netz.
+
+; PC's
+30          IN PTR    inge-desktop.local.netz.
+
+; Laptop's
+35          IN PTR    frida-laptop.local.netz.
+45          IN PTR    inge-netbook.local.netz.
+90          IN PTR    devil1.local.netz.
+
+; Brother MFC-7860DW WLAN
+235         IN PTR    mfc-7860dw-wlan.local.netz.
diff --git a/CKUBU/bind/db.255 b/CKUBU/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/CKUBU/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/CKUBU/bind/db.empty b/CKUBU/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/CKUBU/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/CKUBU/bind/db.local b/CKUBU/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/CKUBU/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/CKUBU/bind/db.local.netz b/CKUBU/bind/db.local.netz
new file mode 100644
index 0000000..b7a5ac0
--- /dev/null
+++ b/CKUBU/bind/db.local.netz
@@ -0,0 +1,108 @@
+;
+; BIND data file for local local.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.local.netz. ckubu.oopen.de. (
+      2017052001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+                  IN NS    ns.local.netz.
+
+; Gateway/Firewall
+gw-ckubu          IN A     192.168.63.254
+                  
+gate              IN CNAME gw-ckubu
+gw                IN CNAME gw-ckubu
+
+gw-ckubu-ipmi     IN A     172.16.63.15
+gw-ipmi           IN CNAME gw-ckubu-ipmi
+
+; Ersatz Gateway
+gw-replacement    IN A     192.168.63.253
+
+; (Caching ) Nameserver
+ns                IN A     192.168.63.1
+nscache           IN CNAME ns
+
+; Accesspoint Unifi AP AC PRO Ubiquiti
+ap-unifi          IN A     192.168.64.50
+accesspoint       IN CNAME ap-unifi
+
+ap-repeater       IN A     192.168.64.55
+repeater          IN CNAME ap-repeater
+
+
+; Controller for Unifi AP's
+ctl-unifi         IN A     192.168.64.254
+
+; Switch TP-LINK TL-SG108E
+switch-tp-link    IN A     192.168.64.60
+
+
+; Laserdrucker Kyocera FS 3838DN
+fs-3830dtn        IN A     192.168.63.230
+drucker           IN CNAME fs-3830dtn
+
+; Brother MFC 7860DW LAN
+mfc-7860dw        IN A     192.168.63.235
+fax               IN CNAME mfc-7860dw
+
+; Brother MFC 7860DW WLAN
+mfc-7860dw-wlan   IN A     192.168.64.235
+fax-wlan          IN CNAME mfc-7860dw-wlan
+
+; Telefonanlage
+erkel             IN A     172.16.63.240
+telefonanlage     IN CNAME erkel
+
+; Systemtelefon - COMfortel 2600 IP
+;
+comfortel-2600    IN A     172.16.63.245
+systemtelefon     IN CNAME comfortel-2600
+telefon           IN CNAME comfortel-2600
+
+; FRITZ!Box 7490
+fritzbox          IN A     172.16.63.254
+fritz             IN CNAME fritzbox
+
+; DVBT 2 Reciever
+dvbt2-reciever    IN A     192.168.63.4
+
+;  Entertain TV Media Reciever
+media-reciever    IN A     172.16.63.5
+
+; PC's
+luna              IN A     192.168.63.20
+                  IN AAAA  fd5c:45d3:2a6e:1:76d4:35ff:febd:7783
+inge-desktop      IN A     192.168.64.30
+inge-desktop-lan  IN A     192.168.64.30
+
+; Laptop's
+netbook           IN A     192.168.63.45
+                  IN AAAA  fd5c:45d3:2a6e:1:67d:7bff:fe30:4b64
+netboo-lan        IN CNAME netbook
+inge-netbook-lan  IN CNAME netbook
+inge-netbook      IN A     192.168.64.45 
+                  IN AAAA  fd5c:45d3:2a6e:1:62d8:19ff:feca:113c
+netbook-wlan      IN CNAME inge-netbook
+
+devil             IN A     192.168.63.90
+                  IN AAAA  fd5c:45d3:2a6e:1:5eff:35ff:fe01:e903
+devil-lan         IN CNAME devil
+
+devil-wlan        IN A     192.168.64.90
+                  IN AAAA  fd5c:45d3:2a6e:1:224:d7ff:fe24:dc6c
+
+frida-laptop      IN A      192.168.64.35 
+
+; weitere
+wipe              IN A      192.168.63.70
+
+
+; temprär spider
+spider            IN A      192.168.63.173
diff --git a/CKUBU/bind/db.root b/CKUBU/bind/db.root
new file mode 100644
index 0000000..f0b79d2
--- /dev/null
+++ b/CKUBU/bind/db.root
@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file
diff --git a/CKUBU/bind/named.conf b/CKUBU/bind/named.conf
new file mode 100644
index 0000000..880786a
--- /dev/null
+++ b/CKUBU/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/CKUBU/bind/named.conf.default-zones b/CKUBU/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/CKUBU/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/CKUBU/bind/named.conf.local b/CKUBU/bind/named.conf.local
new file mode 100644
index 0000000..2ca5874
--- /dev/null
+++ b/CKUBU/bind/named.conf.local
@@ -0,0 +1,259 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+zone "local.netz" {
+   type master;
+   file "/etc/bind/db.local.netz";
+};
+
+zone "63.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.63.0";
+};
+
+zone "63.16.172.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.172.16.63.0";
+};
+
+zone "64.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.64.0";
+};
+
+
+// AKB - Aktionsbündnis-brandenburg
+//
+zone "akb.netz" {
+   type master;
+   file "/etc/bind/VPN/akb/db.akb.netz";
+};
+
+zone "82.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/akb/db.192.168.82.0";
+};
+
+zone "83.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/akb/db.192.168.83.0";
+};
+
+
+// ANW-Berenice - Anwaeltin Berenice Böhlo
+//
+zone "anw-km.netz" {
+   type master;
+   file "/etc/bind/VPN/anw-km/db.anw-km.netz";
+};
+
+zone "122.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/anw-km/db.192.168.122.0";
+};
+
+
+// ANW-URB - Anwaeltinnen Urbanstrasse
+//
+zone "anwaeltinnen.netz" {
+   type master;
+   file "/etc/bind/VPN/anw-urb/db.anwaeltinnen.netz";
+};
+
+zone "1.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/anw-urb/db.192.168.132.0";
+};
+
+
+// FLR-BRB - Flüchtlingsrat Brandenburg
+//
+zone "flr.netz" {
+   type master;
+   file "/etc/bind/VPN/flr-brb/db.flr.netz";
+};
+
+zone "102.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/flr-brb/db.192.168.102.0";
+};
+
+zone "103.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/flr-brb/db.192.168.103.0";
+};
+
+
+// B3-BORNIM
+//
+zone "b3-bornim.netz" {
+   type master;
+   file "/etc/bind/VPN/b3-bornim/db.b3-bornim.netz";
+};
+
+zone "42.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/b3-bornim/db.192.168.42.0";
+};
+
+
+// GA - Gemeinschaft Altenschlirf
+//
+zone "ga.netz" {
+   type master;
+   file "/etc/bind/VPN/ga/ga.netz.zone";
+};
+
+
+// Kanzlei-Kiel
+//
+zone "kanzlei-kiel.netz" {
+   type master;
+   file "/etc/bind/VPN/kanzlei-kiel/db.kanzlei-kiel.netz";
+};
+
+zone "100.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/kanzlei-kiel/db.192.168.100.0";
+};
+
+zone "101.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/kanzlei-kiel/db.192.168.101.0";
+};
+
+
+// MBR - Mobile Opferberatung Berlin
+//
+zone "mbr-bln.netz" {
+   type master;
+   file "/etc/bind/VPN/mbr-bln/db.mbr-bln.netz";
+};
+
+zone "112.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/mbr-bln/db.192.168.112.0";
+};
+
+
+// OPP - Opferperspektive
+//
+zone "opp.netz" {
+   type master;
+   file "/etc/bind/VPN/opp/db.opp.netz";
+};
+
+zone "62.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/opp/db.192.168.62.0";
+};
+
+
+// ReachOut - ReachOut Berlin
+//
+zone "ro.netz" {
+   type master;
+   file "/etc/bind/VPN/ro/db.ro.netz";
+};
+
+zone "72.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/ro/db.192.168.72.0";
+};
+zone "73.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/ro/db.192.168.73.0";
+};
+
+
+// SPR-BE - Sprachenatelier Berlin
+//
+zone "sprachenatelier.netz" {
+   type master;
+   file "/etc/bind/VPN/spr-be/db.sprachenatelier.netz";
+};
+
+zone "92.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/spr-be/db.192.168.92.0";
+};
+
+// WF - Warenform
+//
+zone "wf.netz" {
+   type master;
+   file "/etc/bind/VPN/wf/db.wf.netz";
+};
+
+zone "52.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/wf/db.192.168.52.0";
+};
+zone "wf-wlan.netz" {
+   type master;
+   file "/etc/bind/VPN/wf/db.wf-wlan.netz";
+};
+
+
+// AK - Analyse & Kritik
+//
+zone "ak.local" {
+   type master;
+   file "/etc/bind/VPN/ak/db.ak.local";
+};
+zone "ak.netz" {
+   type master;
+   file "/etc/bind/VPN/ak/db.ak.netz";
+};
+
+zone "128.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/ak/db.192.168.128.0";
+};
+
+zone "0.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/ak/db.192.168.0.0";
+};
+
+
+// 123 - 123Comics
+//
+zone "123.netz" {
+   type master;
+   file "/etc/bind/VPN/123/db.123.netz";
+};
+
+zone "142.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/123/db.192.168.142.0";
+};
+
+zone "143.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/123/db.192.168.143.0";
+};
+
+zone "144.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/123/db.192.168.144.0";
+};
+
+
+
+// Jonas - privat 
+//
+zone "jonas.netz" {
+   type master;
+   file "/etc/bind/VPN/jonas/db.jonas.netz";
+};
+
+zone "86.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/VPN/jonas/db.192.168.86.0";
+};
diff --git a/CKUBU/bind/named.conf.local.ORIG b/CKUBU/bind/named.conf.local.ORIG
new file mode 100644
index 0000000..7a57b10
--- /dev/null
+++ b/CKUBU/bind/named.conf.local.ORIG
@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
diff --git a/CKUBU/bind/named.conf.options b/CKUBU/bind/named.conf.options
new file mode 100644
index 0000000..112d7a7
--- /dev/null
+++ b/CKUBU/bind/named.conf.options
@@ -0,0 +1,108 @@
+options {
+   directory "/var/cache/bind";
+
+   // If there is a firewall between you and nameservers you want
+   // to talk to, you may need to fix the firewall to allow multiple
+   // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+   // If your ISP provided one or more IP addresses for stable
+   // nameservers, you probably want to use them as forwarders.
+   // Uncomment the following block, and insert the addresses replacing
+   // the all-0's placeholder.
+
+   #forwarders {
+   #   # FRITZ!Box
+   #   #
+   #   172.16.63.254;
+   #};
+
+   //========================================================================
+   // If BIND logs error messages about the root key being expired,
+   // you will need to update your keys.  See https://www.isc.org/bind-keys
+   //========================================================================
+   dnssec-validation auto;
+
+   auth-nxdomain no;    # conform to RFC1035
+
+   // Security options
+   #listen-on port 53 {
+   #   127.0.0.1;
+   #   192.168.63.1;
+   #   fd5c:45d3:2a6e:1:ec4:7aff:feac:5ecf;
+   #   #172.16.102.254;
+   #};
+
+   allow-query {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/8;
+      172.16.0.0/16;
+      fe80::/8;
+      fd5c:45d3:2a6e:1::/64;
+      ::1/128;
+   };
+
+   // caching name services
+   recursion yes;
+   allow-recursion {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/16;
+      172.16.0.0/16;
+      fd5c:45d3:2a6e:1::/64;
+      fe80::/8;
+      ::1/128;
+   };
+
+   allow-transfer { none; };
+
+   #listen-on-v6 { 
+   #   ::1;
+   #   fd5c:45d3:2a6e:1:ec4:7aff:feac:5ecf;
+   #};
+
+};
+
+logging {
+   channel simple_log {
+      file "/var/log/named/bind.log" versions 3 size 5m;
+      //severity warning;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category  yes;
+   };
+   channel queries_log {
+      file "/var/log/named/query.log" versions 10 size 5m;
+      severity debug;
+      //severity notice;
+      print-time yes;
+      print-severity yes;
+      print-category no;
+   };
+   channel log_zone_transfers {
+      file "/var/log/named/axfr.log" versions 5 size 2m;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   category resolver {
+      queries_log;
+   };
+   category queries {
+      queries_log;
+   };
+   category xfer-in {
+      log_zone_transfers;
+   };
+   category xfer-out {
+      log_zone_transfers;
+   };
+   category notify {
+      log_zone_transfers;
+   };
+   category default{
+      simple_log;
+   };
+};
diff --git a/CKUBU/bind/named.conf.options.ORIG b/CKUBU/bind/named.conf.options.ORIG
new file mode 100644
index 0000000..b1bef51
--- /dev/null
+++ b/CKUBU/bind/named.conf.options.ORIG
@@ -0,0 +1,26 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/CKUBU/bind/rndc.key b/CKUBU/bind/rndc.key
new file mode 100644
index 0000000..0c03762
--- /dev/null
+++ b/CKUBU/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "7Lu2rc9TioQK4/CQ6jMU8g==";
+};
diff --git a/CKUBU/bind/zones.rfc1918 b/CKUBU/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/CKUBU/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/CKUBU/chap-secrets.CKUBU b/CKUBU/chap-secrets.CKUBU
new file mode 100644
index 0000000..89de203
--- /dev/null
+++ b/CKUBU/chap-secrets.CKUBU
@@ -0,0 +1,39 @@
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+
+
+## - Aktionsbuendnis
+"feste-ip9/1TBGC27CYX92@t-online-com.de" * "7FbmJz7L"
+
+## - Anwaltskanzlei - Karl-Marx_Strasse (anw-km)
+"0017005041965502052728690001@t-online.de" * "62812971"
+
+## - Anwaltskanzlei - Urbanstrasse (anw-urb)
+"0019673090265502751343110001@t-online.de" * "85593499"
+
+## - B3 Bornim
+"t-online-com/8TB0LIXKXV82@t-online-com.de" * "38460707"
+
+## - Fluechlingsrat BRB
+"0022044435885511150351780001@t-online.de" * "27475004"
+
+## - Kanzlei Kiel
+"ar0284280107" * "39457541"
+
+## - MBR Berlin
+## - DSL
+"0019507524965100021004430001@t-online.de" * "76695918"
+## - VDSL
+"0029741693695511193970180001@t-online.de" * "84616024"
+
+## - Opferperspektive
+"feste-ip3/6TB9UZGGP1GK@t-online-com.de" * "53506202"
+
+## - Sprachenatelier Berlin
+"0021920376975502683262730001@t-online.de" * "52167784"
+
+## - Warenform
+"feste-ip4/7TB02K2HZ4Q3@t-online-com.de" * "EadGl15E"
+
+## - ckubu
+"0025591824365511139967620001@t-online.de" * "67982653"
diff --git a/CKUBU/cron_root.CKUBU b/CKUBU/cron_root.CKUBU
new file mode 100644
index 0000000..85d566f
--- /dev/null
+++ b/CKUBU/cron_root.CKUBU
@@ -0,0 +1,52 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.1ndZ3d/crontab installed on Wed May 17 02:08:53 2017)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+PATH=/root/bin:/root/bin/admin-stuff:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+
+# - Check forwarding ( /proc/sys/net/ipv4/ip_forward contains "1" )
+# - if not set this entry to "1"
+#
+0-59/2 * * * * /root/bin/monitoring/check_forwarding.sh
+
+# - Check if nameservice (bind) is running. If not restart the service
+# -
+*/10 * * * * /root/bin/monitoring/check_dns.sh
+
+# - Check if Postfix Mailservice is running. If not restart the service
+# -
+*/10 * * * * /root/bin/monitoring/check_postfix.sh
+
+# - Check if openvpn is running if not restart the service
+# -
+*/30 * * * * /root/bin/monitoring/check_vpn.sh
+
+# - Check if DynDNS ip is correct, adjust if needed
+# -
+07,27,47 * * * * /root/bin/monitoring/check_dyndns.sh ckubu.homelinux.org
+
+# - copy gateway configuration
+# -
+13 4 * * * /root/bin/manage-gw-config/copy_gateway-config.sh CKUBU
diff --git a/CKUBU/ddclient.conf.CKUBU b/CKUBU/ddclient.conf.CKUBU
new file mode 100644
index 0000000..10dd772
--- /dev/null
+++ b/CKUBU/ddclient.conf.CKUBU
@@ -0,0 +1,14 @@
+# Configuration file for ddclient generated by debconf
+#
+# /etc/ddclient.conf
+
+protocol=dyndns2
+use=web, web=checkip.dyndns.com, web-skip='IP Address'
+server=members.dyndns.org
+login=ckubu
+password='7213b4e6178a11e6ab1362f831f6741e'
+ckubu.homelinux.org
+
+ssl=yes
+#mail=argus@oopen.de
+mail-failure=root
diff --git a/CKUBU/dhcpd.conf.CKUBU b/CKUBU/dhcpd.conf.CKUBU
new file mode 100644
index 0000000..d9c0454
--- /dev/null
+++ b/CKUBU/dhcpd.conf.CKUBU
@@ -0,0 +1,331 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.63.255;
+
+option domain-name "local.netz.";
+#option domain-search "local.netz";
+#option domain-search "akb.netz.";
+#option domain-search "anwaeltinnen.netz.";
+#option domain-search "flr.netz.";
+#option domain-search "b3-bornim.netz.";
+#option domain-search "kanzlei-kiel.netz.";
+#option domain-search "mbr.netz.";
+#option domain-search "opp.netz.";
+#option domain-search "sprachenatelier.netz.";
+#option domain-search "wf.netz.";
+option domain-name-servers nscache.local.netz;
+#option domain-name-servers ns1.example.org, ns2.example.org;
+option routers gw-ckubu.local.netz;
+option ntp-servers 192.168.63.254;
+
+default-lease-time 86400;
+max-lease-time 259200;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+subnet 192.168.63.0 netmask 255.255.255.0 {
+
+   # --- 192.168.63.160/27 ---
+   # network address....: 192.168.63.160
+   # Broadcast address..: 192.168.63.191
+   # netmask............: 255.255.255.224
+   # network range......: 192.168.63.160 - 192.168.63.191
+   # Usable range.......: 192.168.63.161 - 192.168.63.190
+
+  range 192.168.63.161 192.168.63.190;
+  option domain-name-servers nscache.local.netz;
+  option subnet-mask 255.255.255.0;
+  option broadcast-address 192.168.63.255;
+  option routers gw-ckubu.local.netz;
+  option ntp-servers 192.168.63.254;
+}
+
+## devil (T410)
+host devil {
+   hardware ethernet 5C:FF:35:01:E9:03;
+   fixed-address devil.local.netz;
+}
+## Inge Netbook (X121e)
+host netbook {
+   hardware ethernet 04:7d:7b:30:4b:64;
+   fixed-address netbook.local.netz;
+}
+## luna - eth0
+host luna {
+   hardware ethernet 74:d4:35:bd:77:83 ;
+   fixed-address luna.local.netz ;
+}
+## sol - eth0
+host sol {
+   hardware ethernet 1c:6f:65:97:4a:9d ;
+   fixed-address sol.local.netz ;
+}
+## sol1 - eth1
+host sol1 {
+   hardware ethernet 1c:6f:65:97:4a:9f ;
+   fixed-address sol1.local.netz ;
+}
+## crash
+host crash {
+   hardware ethernet 00:1A:92:72:D6:39;
+   fixed-address crash.local.netz;
+}
+## telefonanlage
+host erkel {
+   hardware ethernet 00:09:52:01:21:7F;
+   fixed-address erkel.local.netz;
+}
+## Syste,telefon COMfortel 2600IP
+host comfortel-2600 {
+   hardware ethernet 00:09:52:04:4f:2e;
+   fixed-address comfortel-2600.local.netz;
+}
+
+## Drucker Brother MFC-7860DW -  LAN
+host mfc-7860dw {
+   hardware ethernet 30:05:5c:1e:62:c1;
+   fixed-address mfc-7860dw.local.netz;
+}
+
+## Drucker Brother MFC-7860DW WLAN
+host mfc-7860dw-wlan {
+   hardware ethernet 00:80:92:b8:c1:9e;
+   fixed-address mfc-7860dw-wlan.local.netz;
+}
+
+## Switch TP-Link TL-SG108PE
+host switch-tp-link {
+   hardware ethernet 98:DE:D0:FC:2E:85 ;
+   fixed-address switch-tp-link.local.netz;
+}
+
+host ap-repeater {
+   hardware ethernet 82:16:f9:2d:d5:4c;
+   fixed-address ap-repeater.local.netz;
+}
+
+## - DVBT 2 Reciever
+host dvbt2-reciever {
+   hardware ethernet 00:22:28:10:39:3a ;
+   fixed-address dvbt2-reciever.local.netz;
+}
+
+## - Entertain TV Media Reciever
+host media-reciever {
+   hardware ethernet 00:80:3f:21:2b:8f ;
+   fixed-address media-reciever.local.netz;
+}
+
+## sun - provide netinstall FreeBSD
+host sun {
+   hardware ethernet 00:03:ba:0f:ce:53;
+   fixed-address 192.168.63.161 ;
+   server-name "crash.local.netz";    # name of the tftp-server
+   server-identifier 192.168.63.100;  # address of the tftp-server
+   next-server 192.168.63.100;        # address of the NFS-server
+   option root-path "/data/freebsd/8.0/pxeboot"; # root-path for NFS
+   filename "loader";                            # filename of NBP (network bootstrap program)
+}
+
+host net6501 {
+   hardware ethernet 00:00:24:ce:7c:fc ;
+   fixed-address 192.168.63.9 ;          
+   next-server 192.168.63.20;             # address of the NFS-server
+   filename "pxelinux.0";                 # filename to serv first
+}
+
+host server {
+   hardware ethernet 00:25:90:52:c6:fe ;
+   fixed-address 192.168.63.36 ;
+   next-server 192.168.63.20;
+   filename "pxelinux.0";
+}
+
+## - zweite netzwerkkarte
+## -
+host at-10 {
+   hardware ethernet 0c:c4:7a:b3:46:1f ;
+   fixed-address 192.168.63.36 ;
+   next-server 192.168.63.20;
+   filename "pxelinux.0";
+}
+
+
+## weitere
+host cl109 {
+   hardware ethernet 38:60:77:39:f2:49 ;
+   fixed-address cl109.local.netz;
+}
+host cl110 {
+   hardware ethernet 38:60:77:4e:34:fe ;
+   fixed-address cl110.local.netz;
+}
+
+#subnet 192.168.93.0 netmask 255.255.255.0 {
+#
+#   # --- 192.168.93.160/27 ---
+#   # network address....: 192.168.93.160
+#   # Broadcast address..: 192.168.93.191
+#   # netmask............: 255.255.255.224
+#   # network range......: 192.168.93.160 - 192.168.93.191
+#   # Usable range.......: 192.168.63.191 - 192.168.93.190
+#
+#  range 192.168.93.161 192.168.93.190;
+#  option domain-name "sprachenatelier.netz";
+#  option domain-name-servers nscache.local.netz;
+#  option subnet-mask 255.255.255.0;
+#  option broadcast-address 192.168.93.255;
+#  option routers 192.168.93.254;
+#}
+
+## - wireless LAN
+subnet 192.168.64.0 netmask 255.255.255.0 {
+  range 192.168.64.150 192.168.64.199;
+  #local-address 192.168.64.254 ;
+  option domain-name "local.netz";
+  option subnet-mask 255.255.255.0;
+  option broadcast-address 192.168.64.255;
+  option domain-name-servers 192.168.63.1;
+  option routers 192.168.64.254;
+  option ntp-servers 192.168.63.254;
+  default-lease-time 86400;
+  max-lease-time 259200;
+
+}
+
+host 6501 {
+   #hardware ethernet  00:00:24:CE:99:30;
+   #hardware ethernet  00:00:24:ce:99:b0;
+   hardware ethernet  00:00:24:ce:99:ac;
+   fixed-address 192.168.63.9 ;
+   next-server 192.168.63.40;
+   filename "pxelinux.0";
+}
+
+## inge-desktop (W-LAN)
+host inge-desktop {
+   hardware ethernet b0:c0:90:4a:00:a3;
+   fixed-address inge-desktop.local.netz;
+}
+## inge-desktop-lan 
+host inge-desktop-lan {
+   hardware ethernet 80:ee:73:bb:d9:d4;
+   fixed-address inge-desktop-lan.local.netz;
+}
+
+## Inge Netbook WLAN (X121e)
+host inge-netbook {
+   hardware ethernet 60:d8:19:ca:11:3c;
+   fixed-address inge-netbook.local.netz;
+}
+## frida-laptop (W-LAN)
+host frida-laptop {
+   hardware ethernet 00:21:5d:75:41:f4;
+   fixed-address frida-laptop.local.netz;
+}
+## devil wireless device
+host devil1 {
+   hardware ethernet 00:24:d7:24:dc:6c;
+   fixed-address devil1.local.netz;
+}
+
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/CKUBU/dhcpd6.conf.CKUBU b/CKUBU/dhcpd6.conf.CKUBU
new file mode 100644
index 0000000..87786b4
--- /dev/null
+++ b/CKUBU/dhcpd6.conf.CKUBU
@@ -0,0 +1,102 @@
+# Server configuration file example for DHCPv6
+# From the file used for TAHI tests - addresses chosen
+# to match TAHI rather than example block.
+
+# IPv6 address valid lifetime
+#  (at the end the address is no longer usable by the client)
+#  (set to 30 days, the usual IPv6 default)
+default-lease-time 2592000;
+
+# IPv6 address preferred lifetime
+#  (at the end the address is deprecated, i.e., the client should use
+#   other addresses for new connections)
+#  (set to 7 days, the	usual IPv6 default)
+preferred-lifetime 604800;
+
+# T1, the delay before Renew
+#  (default is 1/2 preferred lifetime)
+#  (set to 1 hour)
+option dhcp-renewal-time 3600;
+
+# T2, the delay before Rebind (if Renews failed)
+#  (default is 3/4 preferred lifetime)
+#  (set to 2 hours)
+option dhcp-rebinding-time 7200;
+
+# Enable RFC 5007 support (same than for DHCPv4)
+allow leasequery;
+
+# Global definitions for name server address(es) and domain search list
+option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
+option dhcp6.domain-search "test.example.com","example.com";
+
+# Set preference to 255 (maximum) in order to avoid waiting for
+# additional servers when there is only one
+##option dhcp6.preference 255;
+
+# Server side command to enable rapid-commit (2 packet exchange)
+##option dhcp6.rapid-commit;
+
+# The delay before information-request refresh
+#  (minimum is 10 minutes, maximum one day, default is to not refresh)
+#  (set to 6 hours)
+option dhcp6.info-refresh-time 21600;
+
+# Static definition (must be global)
+#host myclient {
+#	# The entry is looked up by this
+#	host-identifier option
+#		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
+#
+#	# A fixed address
+#	fixed-address6 3ffe:501:ffff:100::1234;
+#
+#	# A fixed prefix
+#	fixed-prefix6 3ffe:501:ffff:101::/64;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
+#
+#	# For debug (to see when the entry statements are executed)
+#	#  (log "sol" when a matching Solicitation is received)
+#	##if packet(0,1) = 1 { log(debug,"sol"); }
+#}
+#
+#host otherclient {
+#        # This host entry is hopefully matched if the client supplies a DUID-LL
+#        # or DUID-LLT containing this MAC address.
+#        hardware ethernet 01:00:80:a2:55:67;
+#
+#        fixed-address6 3ffe:501:ffff:100::4321;
+#}
+
+# The subnet where the server is attached
+#  (i.e., the server has an address in this subnet)
+#subnet6 3ffe:501:ffff:100::/64 {
+#	# Two addresses available to clients
+#	#  (the third client should get NoAddrsAvail)
+#	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
+#
+#	# Use the whole /64 prefix for temporary addresses
+#	#  (i.e., direct application of RFC 4941)
+#	range6 3ffe:501:ffff:100:: temporary;
+#
+#	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
+#	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
+#}
+
+# A second subnet behind a relay agent
+#subnet6 3ffe:501:ffff:101::/64 {
+#	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
+#
+#}
+
+# A third subnet behind a relay agent chain
+#subnet6 3ffe:501:ffff:102::/64 {
+#	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
+#}
diff --git a/CKUBU/hostname.CKUBU b/CKUBU/hostname.CKUBU
new file mode 100644
index 0000000..00f1b2c
--- /dev/null
+++ b/CKUBU/hostname.CKUBU
@@ -0,0 +1 @@
+gw-ckubu
diff --git a/CKUBU/hosts.CKUBU b/CKUBU/hosts.CKUBU
new file mode 100644
index 0000000..e207947
--- /dev/null
+++ b/CKUBU/hosts.CKUBU
@@ -0,0 +1,7 @@
+127.0.0.1	localhost
+192.168.63.254 gw-ckubu.local.netz gw-ckubu
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/CKUBU/interfaces.CKUBU b/CKUBU/interfaces.CKUBU
new file mode 100644
index 0000000..548cc85
--- /dev/null
+++ b/CKUBU/interfaces.CKUBU
@@ -0,0 +1,104 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+
+#-----------------------------
+# lo - loopback interface
+#-----------------------------
+auto lo
+iface lo inet loopback
+
+
+#-----------------------------
+# enp0s20f0 - WLAN
+#-----------------------------
+
+auto enp0s20f0
+iface enp0s20f0 inet static
+   address 192.168.64.254
+   network 192.168.64.0
+   netmask 255.255.255.0
+   broadcast 192.168.64.255
+
+iface enp0s20f0 inet6 static
+  address  fd5c:45d3:2a6e:1:ec4:7aff:feac:5ece
+  netmask 64
+  autoconf 0
+  dad-attempts 0
+  accept_ra 0
+
+
+#-----------------------------
+# enp0s20f1 - LAN
+#-----------------------------
+
+auto enp0s20f1
+iface enp0s20f1 inet static
+   address 192.168.63.254
+   network 192.168.63.0
+   netmask 255.255.255.0
+   broadcast 192.168.63.255
+   ## - add route 172.16.1.0/24 (gw-replacement)
+   #post-up route add -net 172.16.1.0 netmask 255.255.255.0 dev eth1
+
+iface enp0s20f1 inet6 static
+  address  fd5c:45d3:2a6e:1:ec4:7aff:feac:5ecf
+  netmask 64
+  autoconf 0
+  dad-attempts 0
+  accept_ra 0
+
+auto enp0s20f1:ns
+iface enp0s20f1:ns inet static
+   address 192.168.63.1
+   network 192.168.63.1
+   netmask 255.255.255.255
+   broadcast 192.168.63.1
+   pre-up /sbin/ifconfig enp0s20f1 up
+
+auto enp0s20f1:resc
+iface enp0s20f1:resc inet static
+   address 172.16.1.254
+   network 172.16.1.0
+   netmask 255.255.255.0
+   broadcast 172.16.1.255
+   pre-up /sbin/ifconfig enp0s20f1 up
+
+
+#-----------------------------
+# enp0s20f2 - WAN
+#-----------------------------
+
+auto enp0s20f2
+iface enp0s20f2 inet static
+   address 172.16.63.1
+   network 172.16.63.0
+   netmask 255.255.255.0
+   broadcast 172.16.63.255
+   gateway 172.16.63.254
+   #post-up vconfig add enp0s20f2 7
+   #post-up vconfig add enp0s20f2 8
+   #post-down vconfig rem enp0s20f2.7
+   #post-down vconfig rem enp0s20f2.8
+
+# This is an autoconfigured IPv6 interface
+iface enp0s20f2 inet6 auto
+
+
+# - Entertain TV
+# -
+#auto enp0s20f2.8 
+#iface enp0s20f2.8 inet dhcp
+#   ## - Start igmpproxy
+#   post-up /usr/local/igmpproxy/sbin/igmpproxy /usr/local/igmpproxy/etc/igmpproxy.conf &
+#   #post-up /usr/local/igmpproxy/sbin/igmpproxy -d -v /usr/local/igmpproxy/etc/igmpproxy.conf > /var/log/igmpproxy.log 2>&1 &
+
+# - VDSL
+# -
+#auto dsl-ckubu
+#iface dsl-ckubu inet ppp
+#   pre-up /sbin/ifconfig enp0s20f2 up # line maintained by pppoeconf
+#   pre-up /sbin/ifconfig enp0s20f2.7 up # line maintained by pppoeconf
+# 
diff --git a/CKUBU/ip6t-firewall.service.CKUBU b/CKUBU/ip6t-firewall.service.CKUBU
new file mode 100644
index 0000000..a61e4ee
--- /dev/null
+++ b/CKUBU/ip6t-firewall.service.CKUBU
@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv6 Firewall with ip6tables
+After=network.target
+
+[Service]
+SyslogIdentifier="ip6t-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ip6t-firewall-gateway start
+ExecStop=/usr/local/sbin/ip6t-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/CKUBU/ipt-firewall.service.CKUBU b/CKUBU/ipt-firewall.service.CKUBU
new file mode 100644
index 0000000..9842090
--- /dev/null
+++ b/CKUBU/ipt-firewall.service.CKUBU
@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+SyslogIdentifier="ipt-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/CKUBU/ipt-firewall/ban_ipv4.list b/CKUBU/ipt-firewall/ban_ipv4.list
new file mode 100644
index 0000000..10b7da3
--- /dev/null
+++ b/CKUBU/ipt-firewall/ban_ipv4.list
@@ -0,0 +1,22 @@
+# - IPv4 addresses listet here will be completly banned by the firewall
+# -
+# -    - Line beginning with '#' will be ignored.
+# -    - Blank lines will be ignored
+# -    - Only the first entry (until space sign or end of line) of each line will be considered.
+# -
+# - Valid values are:
+# -    complete IPv4 adresses like 1.2.3.4 (will be converted to 1.2.3.0/32)
+# -    partial IPv4 addresses like 1.2.3 (will be converted to 1.2.3.0/24)
+# -    network/nn CIDR notation like 1.2.3.0/27
+# -    network/netmask notaions like 1.2.3.0/255.255.255.0
+# -    network/partial_netmask  like 1.2.3.4/255
+# -
+# - Note: 
+# -    - wrong addresses like 1.2.3.256 or 1.2.3.4/33 will be ignored
+# -
+# - Example:
+# -    79.171.81.0/24
+# -    79.171.81.0/255.255.255.0
+# -    79.171.81.0/255.255.255
+# -    79.171.81
+
diff --git a/CKUBU/ipt-firewall/default_ports.conf b/CKUBU/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..a6ee932
--- /dev/null
+++ b/CKUBU/ipt-firewall/default_ports.conf
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/CKUBU/ipt-firewall/include_functions.conf b/CKUBU/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/CKUBU/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/CKUBU/ipt-firewall/interfaces_ipv4.conf b/CKUBU/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..c9a9fad
--- /dev/null
+++ b/CKUBU/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="enp0s20f2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="enp0s20f0"
+local_if_2="enp0s20f1"
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/CKUBU/ipt-firewall/interfaces_ipv6.conf b/CKUBU/ipt-firewall/interfaces_ipv6.conf
new file mode 100644
index 0000000..115655d
--- /dev/null
+++ b/CKUBU/ipt-firewall/interfaces_ipv6.conf
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+#ext_if_static_1="sixxs"
+ext_if_static_1="enp0s20f2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="enp0s20f0"
+local_if_2="enp0s20f1"
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/CKUBU/ipt-firewall/load_modules_ipv4.conf b/CKUBU/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/CKUBU/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/CKUBU/ipt-firewall/load_modules_ipv6.conf b/CKUBU/ipt-firewall/load_modules_ipv6.conf
new file mode 100644
index 0000000..2c55689
--- /dev/null
+++ b/CKUBU/ipt-firewall/load_modules_ipv6.conf
@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle
diff --git a/CKUBU/ipt-firewall/logging_ipv4.conf b/CKUBU/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..e653972
--- /dev/null
+++ b/CKUBU/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/CKUBU/ipt-firewall/logging_ipv6.conf b/CKUBU/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..bbb6f79
--- /dev/null
+++ b/CKUBU/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=true
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/CKUBU/ipt-firewall/main_ipv4.conf b/CKUBU/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..775f1c3
--- /dev/null
+++ b/CKUBU/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1404 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+
+_ips="$(ip a | grep "inet " | awk '{print$2}' | cut -d'/' -f1)"
+for _ip in $_ips ; do
+   gateway_ipv4_address_arr+=("$_ip")
+done
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                    86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+#allow_ext_net_to_local_service="
+#   172.16.63.0/24:192.168.63.1:53:udp
+#   172.16.63.0/24:192.168.63.1:53:tcp"
+allow_ext_net_to_local_service="
+   192.168.63.0/24:192.168.63.1:53:udp
+   172.16.63.0/24:192.168.63.1:53:udp
+   172.16.63.0/24:192.168.63.1:53:tcp"
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+#allow_ext_net_to_local_net="
+#   172.16.63.240/32:192.168.63.0/24
+#   172.16.63.245/32:192.168.63.0/24"
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip=""
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks=""
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=true
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195 1196"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - Ist this Gateway DHCP Client?
+# - 
+# - local_dhcp_client_interfaces="<interface1> [<interface> [.."
+# -
+# - Example:
+# -    dhcp_client_interfaces=$ext_if_static_1
+# -
+dhcp_client_interfaces=""
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips="192.168.63.253"
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+#ssh_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - Web Server Luna:                    192.168.63.20
+# - Kyocera FS 3838DN:                  192.168.63.230
+# - Telefonanlage - COMpact 5020 VoIP:  192.168.63.240
+# - Systemtelefon - COMfortel 2600 IP : 192.168.63.245
+# -
+# - Accesspoint - TP-Link TL-WR841N:    172.16.64.1
+# - W-LAn Repeater - TP-Link WA850RE:   192.168.64.55
+# - 
+# - Brother MFC 7860DW:                 192.168.64.235
+# -
+# - Blank separated list
+# -
+http_server_only_local_ips="192.168.63.20 
+                            192.168.63.230 
+                            192.168.63.240
+                            192.168.63.245
+                            192.168.64.235
+                            192.168.72.15
+                            192.168.64.55
+                            172.16.64.1
+                            192.168.42.254
+                            172.17.1.1
+                            192.168.103.253"
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+#http_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+#http_ssl_server_dmz_arr[192.168.63.90]=$ext_if_dsl_1
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - SMTP server (i.e. mail relay service) Gateway
+# -
+local_smtp_service=true
+
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=true
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips="172.16.63.245"
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+#mail_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+# - 192.168.63.20    Fileserver luna
+# -
+samba_server_local_ips="192.168.63.20"
+
+# - Samba Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+#samba_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+# - Blank separated list of ip's
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips="192.168.64.0/24 192.168.42.15"
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=true
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - Blank seoarated list
+# -
+# - 172.16.63.15     IPMI Gateway
+# -
+ipmi_server_ips="172.16.63.15"
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_ports="623 5900"
+ipmi_tcp_ports="80 443 623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - 192.168.63.230     Laserdrucker Kyocera FS 3838DN
+# - 192.168.63.235     Brother MFC 7860DW LAN
+# - 192.168.64.235     Brother MFC 7860DW WLAN
+# -
+# - Blank separated list
+# -
+printer_ips="192.168.63.230 192.168.63.235 192.168.64.235"
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips="192.168.64.235"
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips="192.168.63.240"
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=true
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade (NAT) networks
+# -
+# -    nat_networks="<src-network>:<output-device> [<src-network>:<output-device>] [.."
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -    nat_network="172.16.1.0/24:${local_if_2}
+# -                 172.16.63.0/24:${ext_if_static_1}"
+# -
+# - 172.16.1.0/24    Rescue network (routers)
+# -
+nat_networks="
+   172.16.92.0/24:${ext_if_static_1}
+   172.16.1.0/24:${local_if_2}"
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+# -    192.168.64.55: Repeater TP-Link TL-WA850RE
+# -    172.16.63.254: FRITZ!Box 7490
+# -    172.16.63.240: Telefonanlage
+# -    172.16.63.245: Systemtelephon
+# -    192.168.64.235: Brother Drucker
+# -
+# - Blank separated list
+# -
+masquerade_tcp_cons="
+   192.168.63.0/24:192.168.64.55:80:${local_if_1}
+   192.168.63.0/24:172.16.63.254:80:${ext_if_static_1}
+   10.0.0.0/8:172.16.63.240:80:${ext_if_static_1}
+   10.0.0.0/8:172.16.63.245:80:${ext_if_static_1}
+   10.0.0.0/8:172.16.63.254:80:${ext_if_static_1}"
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# - Blank separated list
+# -
+portforward_tcp=""
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196 1197"
+
+allow_cisco_vpn_out=true
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=false
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=false
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=true
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14"
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/CKUBU/ipt-firewall/main_ipv6.conf b/CKUBU/ipt-firewall/main_ipv6.conf
new file mode 100644
index 0000000..66622b4
--- /dev/null
+++ b/CKUBU/ipt-firewall/main_ipv6.conf
@@ -0,0 +1,1221 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv6 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv6 Addresses Gateway
+# ---
+declare -a gateway_ipv6_address_arr
+
+_ips="$(ip a | grep "inet6 " | awk '{print$2}' | cut -d'/' -f1)"
+for _ip in $_ips ; do
+   gateway_ipv6_address_arr+=("$_ip")
+done
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth2 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net,local-address,port,protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 2001:6f8:107e:63::20/128 to ssh service at 2a01:30:1fff:fd00::210 on port 1036
+# -    allow access from 2a01:30:0:13:5054:ff:fe09:2318/64 to https service at 2a01:30:1fff:fd00::204
+# -
+# -    allow_ext_net_to_local_service="2001:6f8:107e:63::20/128,2a01:30:1fff:fd00::210,1036,tcp 
+# -                                    2a01:30:0:13:5054:ff:fe09:2318/64,2a01:30:1fff:fd00::204,$standard_https_port,tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>,<dst-local-net> [<src-ext-net>,<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="2a01:30:0:13:5054:ff:fe09:2318/64,2a01:30:1fff:fd00::0/64
+# -                               2001:6f8:107e:63::/64,2a01:30:ff:fd00::204/128"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Example:
+# -    block_all_ext_to_local_net="2a01:30:1fff:fd01::1/64 2a01:30:1fff:fd04::1/64"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net,local-service,port,protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 2001:6f8:107e:64::/64 to https service at 2001:6f8:107e:63::20
+# -    allow access from 2001:6f8:107e:64::/64 to ssh service at 2001:6f8:107e:63::20
+# -
+# -    allow_local_net_to_local_service="2001:6f8:107e:64::/64,2001:6f8:107e:63::20,$standard_https_port,tcp 
+# -                                      2001:6f8:107e:64::/64,2001:6f8:107e:63::20,$standard_ssh_port,tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="2001:6f8:107e:64::/64,2001:6f8:107e:63::20 
+# -                                2001:6f8:107e:64::/64,2001:6f8:107e:63::10"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip=""
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="2001:6f8:107e:63::20,2001:6f8:107e:64::/64
+# -                                2001:6f8:107e:63::10,2001:6f8:107e:64::/64"
+# -
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="2001:6f8:107e:64::/64,2001:6f8:107e:63::/64
+# -                                 2001:6f8:107e:63::/64,2001:6f8:107e:64::/64"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1},2001:6f8:107e:63::20 
+# -                               ${local_if_2},2001:6f8:107e:63::20"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="2001:6f8:107e:63::/64 2001:6f8:107e:64::/64"
+# -
+# - Blank separated list
+# -
+separate_local_networks=""
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=""
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_static_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv4 over IPv4
+# ======
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195 1196"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ipv6-address>]=<extern-interface>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[2001:6f8:107e:63::20]=$ext_if_static_1
+# -   vpn_server_dmz_arr[2001:6f8:107e:63::40]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194 1197"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - Ist this Gateway DHCP Client?
+# - 
+# - local_dhcp_client_interfaces="<interface1> [<interface> [.."
+# -
+# - Example:
+# -    dhcp_client_interfaces="$ext_if_static_1"
+# -
+dhcp_client_interfaces="$ext_if_static_1"
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[2001:6f8:107e:63::20]=$ext_if_dsl_1
+# -    ssh_server_dmz_arr[2001:6f8:107e:63::20]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+
+
+# - SSH Ports
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - Web Server Luna:                    2001:6f8:107e:63::20
+# - Kyocera FS 3838DN:                  2001:6f8:107e:63::230
+# - Telefonanlage - COMpact 5020 VoIP:  2001:6f8:107e:63::240
+# - Systemtelefon - COMfortel 2600 IP : 2001:6f8:107e:63::245
+# - 
+# - Brother MFC 7860DW:                 2001:6f8:107e:64::235
+# -
+# - Blank separated list
+# -
+http_server_only_local_ips=""
+#http_server_only_local_ips="2001:6f8:107e:63::20"
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ipv6-address>]=<extern-device>
+# -
+# - Example:
+# -
+# -    http_server_dmz_arr[2001:6f8:107e:63::20]=$ext_if_static_1
+# -    http_server_dmz_arr[2001:6f8:107e:63::90]=$ext_if_static_1
+# -
+# - WebServer Luna: 2001:6f8:107e:63::20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+#http_server_dmz_arr[2001:6f8:107e:63::20]=$ext_if_static_1
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http_ssl_server_dmz_arr[<ipv6-address>]=<extern-device>
+# -
+# -
+# -    http_ssl_server_dmz_arr[2001:6f8:107e:63::20]=$ext_if_static1
+# -    http_ssl_server_dmz_arr[2001:6f8:107e:64::90]=$ext_if_static_2
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+#http_ssl_server_dmz_arr[2001:6f8:107e:63::20]=$ext_if_static_1
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+#local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   2001:6f8:107e:63::20 incomming on ppp-st ($ext_if_static_1)
+# -
+# -    mail_server_dmz_arr[2001:6f8:107e:63::20]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+#mail_server_dmz_arr[2001:6f8:107e:63::20]=$ext_if_static_1
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<extern-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[2001:6f8:107e:63::20]=$ext_if_static_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+samba_server_local_ips=""
+#samba_server_local_ips="2001:6f8:107e:63::20"
+
+# - Samba Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    samba_server_dmz_arr[<ipv6-address>]=<extern-device>
+# -
+declare -A samba_server_dmz_arr
+#samba_server_dmz_arr[2001:6f8:107e:63::20]=$ext_if_static_1
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Comma separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service
+# -
+# - munin_local_client_ip_arr[<ipv6-address>]=<extern-device>
+# -
+#munin_remote_server="2a01:30:1fff:a::163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips=""
+#rm_server_ips="2001:6f8:107e:63::/64"
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[2001:6f8:107e:63::20]=$ext_if_static_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=false
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - Blank seoarated list
+# -
+ipmi_server_ips=""
+
+# - IPMI Tools Port
+# -
+# - UDP 623: Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623: Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_ports="623 5900"
+ipmi_tcp_ports="80 443 623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - 2001:6f8:107e:63::240     Laserdrucker Kyocera FS 3838DN
+# - 2001:6f8:107e:63::235     Brother MFC 7860DW LAN
+# - 2001:6f8:107e:64::235     Brother MFC 7860DW WLAN
+# -
+# - Blank separated list
+# -
+printer_ips=""
+#printer_ips="2001:6f8:107e:63::240"
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips=""
+#brother_scanner_ips="2001:6f8:107e:64::235"
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank separated list
+# -
+tele_sys_ips=""
+#tele_sys_ips="2001:6f8:107e:63::240"
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+#tv_ip="2001:6f8:107e:63::5"
+tv_ip=""
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>,<port>,<protocol> [<ip-addr-of-service>,<port>,<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Destination NAT
+# =============
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>,<port-in>,<ip-to-forward>,<port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_static_1,9997,2001:6f8:107e:63::20,22
+# -                     $ext_if_static_1,9998,2001:6f8:107e:63::90,22"
+# -
+# - Blank separated list
+# -
+portforward_tcp=""
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>,<udp-port-in>,<ip-to-forward>,<udp-port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_static_1,1094,2001:6f8,107e:63::90,1094
+# -                     $ext_if_static_1,9999,2001:6f8,107e:63::90,1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+allow_cisco_vpn_out=true
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=false
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=false
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=false
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=false
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# - Blank separated list
+# -
+blocked_ips=""
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Disable ip forwarding between interfaces
+# -
+kernel_forward_between_interfaces=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# unique local address (ULA) - private address block
+ula_block="fc00::/7"
+
+# - Loopback
+loopback="::1/128"
+
diff --git a/CKUBU/ipt-firewall/post_decalrations.conf b/CKUBU/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..7d0e9bf
--- /dev/null
+++ b/CKUBU/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/CKUBU/mailname.CKUBU b/CKUBU/mailname.CKUBU
new file mode 100644
index 0000000..710c152
--- /dev/null
+++ b/CKUBU/mailname.CKUBU
@@ -0,0 +1 @@
+gw-ckubu.local.netz
diff --git a/CKUBU/main.cf.CKUBU b/CKUBU/main.cf.CKUBU
new file mode 100644
index 0000000..f86f7ae
--- /dev/null
+++ b/CKUBU/main.cf.CKUBU
@@ -0,0 +1,268 @@
+# ============ Basic settings ============
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+
+## - The Internet protocols Postfix will attempt to use when making 
+## - or accepting connections.
+## - DEFAULT: ipv4
+inet_protocols = all
+
+inet_interfaces = all
+#inet_interfaces =
+#   127.0.0.1
+#   192.168.63.254
+
+myhostname = gw-ckubu.local.netz
+
+mydestination = 
+   gw-ckubu.local.netz
+   localhost
+
+## - The list of "trusted" SMTP clients that have more 
+## - privileges than "strangers"
+## -
+mynetworks = 
+   127.0.0.0/8
+   192.168.63.254/32
+
+#smtp_bind_address = 192.168.63.254
+#smtp_bind_address6 = 
+
+
+## - The method to generate the default value for the mynetworks parameter.
+## -
+## -   mynetworks_style = host" when Postfix should "trust" only the local machine
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -                       clients in the same IP subnetworks as the local machine.
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -                      IP class A/B/C networks as the local machine.
+## -
+#mynetworks_style = host
+
+
+## - The maximal size of any local(8) individual mailbox or maildir file, 
+## - or zero (no limit). In fact, this limits the size of any file that is 
+## - written to upon local delivery, including files written by external 
+## - commands that are executed by the local(8) delivery agent. 
+## -
+mailbox_size_limit = 0
+
+## - The maximal size in bytes of a message, including envelope information.
+## -
+## - we user 50MB
+## -
+message_size_limit = 52480000
+
+## - The system-wide recipient address extension delimiter
+## -
+recipient_delimiter = +
+
+## - The alias databases that are used for local(8) delivery.
+## -
+alias_maps =
+   hash:/etc/aliases
+
+## - The alias databases for local(8) delivery that are updated 
+## - with "newaliases" or with "sendmail -bi". 
+## -
+alias_database =
+   hash:/etc/aliases
+
+
+## - The maximal time a message is queued before it is sent back as 
+## - undeliverable. Defaults to 5d (5 days)
+## - Specify 0 when mail delivery should be tried only once.
+## - 
+maximal_queue_lifetime = 3d
+bounce_queue_lifetime = $maximal_queue_lifetime
+
+## - delay_warning_time (default: 0h)
+## -
+## - The time after which the sender receives a copy of the message 
+## - headers of mail that is still queued. To enable this feature, 
+## - specify a non-zero time value (an integral value plus an optional 
+## - one-letter suffix that specifies the time unit). 
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
+## - The default time unit is h (hours). 
+delay_warning_time = 1d
+
+
+
+# ============ Relay parameters ============
+
+#relayhost =
+
+
+# ============ SASL authentication ============
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+
+
+
+# ============ TLS parameters ============
+
+## - Aktiviert TLS für den Mailempfang
+## -
+## - may:
+## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - SMTP server, otherwise use plaintext
+## -
+## - This overrides the obsolete parameters smtpd_use_tls and 
+## - smtpd_enforce_tls. This parameter is ignored with 
+## - "smtpd_tls_wrappermode = yes".
+#smtpd_use_tls=yes
+smtp_tls_security_level=encrypt
+
+## - Aktiviert TLS für den Mailversand
+## -
+## - may:
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - but do not require that clients use TLS encryption.
+# smtp_use_tls=yes
+smtpd_tls_security_level=may
+
+## -    0 Disable logging of TLS activity. 
+## -    1 Log TLS handshake and certificate information. 
+## -    2 Log levels during TLS negotiation. 
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
+
+smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
+smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024
+## -
+#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
+## - also possible to use 2048 key with that parameter
+## -
+smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512
+## -
+smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
+
+
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
+## - server certificates or intermediate CA certificates. These are loaded into 
+## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
+## - 
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - necessary "hash" links with, for example, "
+## - /bin/c_rehash /etc/postfix/certs". 
+## -
+## - !! Note !!
+## - To use this option in chroot mode, this directory (or a copy) must be inside 
+## - the chroot jail. 
+## -
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - queue directory (/var/spool/postfix)
+## -
+#smtpd_tls_CApath = /etc/postfix/certs
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP server 
+# 
+# List of TLS protocols that the Postfix SMTP server will exclude or  
+# include with opportunistic TLS encryption.  
+smtpd_tls_protocols = !SSLv2, !SSLv3
+# 
+# The SSL/TLS protocols accepted by the Postfix SMTP server  
+# with mandatory TLS encryption. 
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP client 
+#  
+# List of TLS protocols that the Postfix SMTP client will exclude or  
+# include with opportunistic TLS encryption.  
+smtp_tls_protocols = !SSLv2, !SSLv3
+# 
+# List of SSL/TLS protocols that the Postfix SMTP client will use  
+# with mandatory TLS encryption 
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
+## -    openssl > 1.0
+## -
+smtpd_tls_eecdh_grade = strong
+
+# standard list cryptographic algorithm
+tls_preempt_cipherlist = yes
+
+# Disable ciphers which are less than 256-bit:
+#
+#smtpd_tls_mandatory_ciphers = high
+#
+# opportunistic
+smtpd_tls_ciphers = high
+
+
+# Exclude ciphers
+#smtpd_tls_exclude_ciphers =
+#   RC4
+#   aNULL
+#   SEED-SHA
+#   EXP
+#   MD5
+smtpd_tls_exclude_ciphers =
+   aNULL
+   eNULL
+   EXPORT
+   DES
+   RC4
+   MD5
+   PSK
+   aECDH
+   EDH-DSS-DES-CBC3-SHA
+   EDH-RSA-DES-CDC3-SHA
+   KRB5-DE5, CBC3-SHA
+
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
diff --git a/CKUBU/openvpn/client-confs/123comics/ca.crt b/CKUBU/openvpn/client-confs/123comics/ca.crt
new file mode 100644
index 0000000..1996d94
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/123comics/ca.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFAzCCA+ugAwIBAgIJAOCmM/+DK/WPMA0GCSqGSIb3DQEBCwUAMIGxMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
+VlBOLTEyM0NvbWljcy1jYTEWMBQGA1UEKRMNVlBOIDEyM0NvbWljczEhMB8GCSqG
+SIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDMxMTAyMTYyOFoXDTQ5
+MDMxMTAyMTYyOFowgbExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tMTIzQ29taWNzLWNhMRYwFAYDVQQpEw1W
+UE4gMTIzQ29taWNzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI6ZDkXY0diPbLB91BnCq6
+yzxnCn/zp6jHE1D/pHWSRFcitbne4z4n7uHg9rVo+ytwS32KOSqDKUw7nV1SdoGT
+29R6Hoy6RV5aub7UD6CeF7ksZ2xd7359PIYedeyBKB/R3TlLo/2w+sW1womyEdpl
+USvG3nVYGBL/KFKxIaKUXxzTAPagzBUfzgI0AfVCzOJlRmw7Oin/xmrf7Bp0FQnx
+labMu0FVWuKrwvNL0IeQkRvm4zVICFsajjzaWribwKxVZe88iDVCCkizgv9HI7yk
+G+YrnZJbYxYvWisv5Gf6yDBfixgRES1itkGHEco4qBjTNfXxc1TvxBQZdHVkes3L
+AgMBAAGjggEaMIIBFjAdBgNVHQ4EFgQUYHIe6kctqrNxGDLhMBx3CLHUJBEwgeYG
+A1UdIwSB3jCB24AUYHIe6kctqrNxGDLhMBx3CLHUJBGhgbekgbQwgbExCzAJBgNV
+BAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UE
+ChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBW
+UE4tMTIzQ29taWNzLWNhMRYwFAYDVQQpEw1WUE4gMTIzQ29taWNzMSEwHwYJKoZI
+hvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQDgpjP/gyv1jzAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBqSNHim3BDVX4ptcnhYaw1RNEHq2sWkL6O
+m6MLJpwk1BW0ZhKG45/lA8x+FB1npsL9ck/GcTG41UOwCJU3jIKyS5rug7hHAz7t
+GShvWEOLnk0Y9veMOM0Iwsqs4d4qeDQZH2RZCnQqjVt5bXRFDGE0X0Lqa04nVXVU
+8JThZvjNq19jzEulZwg/x356J/VbNX/gtqddqRHw1j5uvsiAnTjQeDZTLjP3SDOS
+vYVjJGF35QyarN0iJpH8TQGeA89EOJyLaQjfd+MG05cDYHo44brJgc26rJRp5QCa
+cp2h9ajosKcIhk1lrY+kLf/XiwYDZ3TyhYhqoM998XggUuinF1r9
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/123comics/client.conf b/CKUBU/openvpn/client-confs/123comics/client.conf
new file mode 100644
index 0000000..58098d3
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/123comics/client.conf
@@ -0,0 +1,138 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote 123.homelinux.org 1195
+
+topology subnet
+
+#push "route 192.168.82.0 255.255.255.0"
+#route 192.168.82.0 255.255.255.0
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+# user nobody
+# group nogroup
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca /etc/openvpn/client-confs/123comics/ca.crt
+cert /etc/openvpn/client-confs/123comics/gw-ckubu.crt
+key /etc/openvpn/client-confs/123comics/gw-ckubu.key
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+tls-auth /etc/openvpn/client-confs/123comics/ta.key 1
+
+status   /var/log/openvpn/status-123comics.log
+log   /var/log/openvpn/123comics.log
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher x
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+pull
+
+#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
+#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh
+
diff --git a/CKUBU/openvpn/client-confs/123comics/gw-ckubu.crt b/CKUBU/openvpn/client-confs/123comics/gw-ckubu.crt
new file mode 100644
index 0000000..48e0fb4
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/123comics/gw-ckubu.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 27 01:22:52 2017 GMT
+            Not After : Mar 27 01:22:52 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-123Comics-gw-ckubu/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d6:4a:11:c9:92:5d:41:10:43:41:f9:d0:31:82:
+                    47:6f:9c:10:dd:f2:2d:c1:14:0a:56:6a:82:54:01:
+                    7c:7c:aa:ec:13:c9:26:c1:38:cb:f5:ae:3c:c2:1f:
+                    f0:88:ba:7b:84:e1:ce:bf:40:54:a2:87:40:49:e7:
+                    4e:e0:5c:1a:e5:cb:a5:37:73:99:5f:f2:ed:38:c1:
+                    a5:10:72:8a:10:3d:d6:41:dc:a5:e3:28:f1:2b:b0:
+                    6b:0a:f2:4a:9a:be:15:07:e1:0d:40:69:e2:53:b4:
+                    1e:1e:32:fe:1c:65:4f:38:d5:e8:a1:38:eb:fa:8a:
+                    46:2e:e3:2d:ed:be:1e:e9:5a:c9:62:e3:59:f2:28:
+                    fc:28:c0:9e:ee:8a:12:73:d2:a2:be:6d:41:eb:f1:
+                    85:29:2e:3e:cd:73:ba:37:a0:eb:cf:a3:04:29:db:
+                    79:5f:9b:a8:80:e9:ec:80:94:6a:8e:83:5f:bd:9d:
+                    02:20:27:0b:00:1d:17:3d:50:71:a2:b8:fd:92:c8:
+                    f8:db:a1:1d:98:43:3a:d9:b0:66:0d:ce:62:26:a6:
+                    e2:cb:92:04:de:9d:1c:ea:5a:3b:53:10:a8:36:4c:
+                    b7:07:37:da:aa:01:9a:a9:98:37:b1:23:b2:19:a7:
+                    e7:40:20:09:0b:e8:b1:5c:87:66:05:27:90:a8:a1:
+                    fd:3d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                88:EE:C2:37:75:7A:6F:00:9C:EF:11:64:CD:08:96:0A:45:18:63:1B
+            X509v3 Authority Key Identifier: 
+                keyid:60:72:1E:EA:47:2D:AA:B3:71:18:32:E1:30:1C:77:08:B1:D4:24:11
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-123Comics-ca/name=VPN 123Comics/emailAddress=ckubu-adm@oopen.de
+                serial:E0:A6:33:FF:83:2B:F5:8F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         66:20:ee:15:bf:c7:8e:47:40:4c:1b:6e:b6:c9:82:53:a9:67:
+         52:51:f1:38:c0:b8:19:90:c2:40:49:2e:b4:27:d3:b8:0f:4a:
+         a2:cc:0b:5b:5a:34:07:aa:32:3e:7f:bf:1d:75:5a:69:19:7f:
+         37:a7:89:dd:6d:c5:8c:6a:68:c7:c7:e3:96:83:cc:26:b1:86:
+         a9:02:07:6c:f1:52:9a:0a:00:b2:39:9b:b2:6b:3b:01:97:9e:
+         02:53:28:07:0f:3d:77:24:3e:69:98:aa:28:99:ac:fa:18:06:
+         a2:ae:c5:ca:b5:3f:4b:ab:30:db:65:99:95:55:52:1e:a4:b4:
+         c6:94:eb:b5:66:ef:2c:7e:5d:cd:0c:0d:be:9d:8e:79:46:90:
+         50:5e:29:99:36:c8:9d:83:5f:d9:da:3d:e9:56:17:2e:0c:8c:
+         57:84:2c:75:92:5f:ac:69:58:59:db:2d:d8:e6:c8:e8:b4:74:
+         c7:b5:33:a5:95:cc:8f:0f:f6:c1:73:4e:40:4b:a3:a1:60:40:
+         d8:2a:2d:87:84:d5:77:35:37:d0:b7:8e:e7:31:01:8e:cf:03:
+         9e:80:3c:25:0e:83:63:34:e7:5e:4e:1f:c6:d6:6f:da:96:b8:
+         c0:9d:fd:d5:57:84:98:9d:28:f7:ca:9d:c5:1b:87:03:4a:46:
+         60:94:02:18
+-----BEGIN CERTIFICATE-----
+MIIFZDCCBEygAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi0xMjND
+b21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3MxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzAzMjcwMTIyNTJaFw0zNzAzMjcwMTIy
+NTJaMIG3MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEfMB0GA1UEAxMWVlBOLTEyM0NvbWljcy1ndy1ja3VidTEWMBQGA1UEKRMNVlBO
+IDEyM0NvbWljczEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1koRyZJdQRBDQfnQMYJHb5wQ
+3fItwRQKVmqCVAF8fKrsE8kmwTjL9a48wh/wiLp7hOHOv0BUoodASedO4Fwa5cul
+N3OZX/LtOMGlEHKKED3WQdyl4yjxK7BrCvJKmr4VB+ENQGniU7QeHjL+HGVPONXo
+oTjr+opGLuMt7b4e6VrJYuNZ8ij8KMCe7ooSc9Kivm1B6/GFKS4+zXO6N6Drz6ME
+Kdt5X5uogOnsgJRqjoNfvZ0CICcLAB0XPVBxorj9ksj426EdmEM62bBmDc5iJqbi
+y5IE3p0c6lo7UxCoNky3BzfaqgGaqZg3sSOyGafnQCAJC+ixXIdmBSeQqKH9PQID
+AQABo4IBfTCCAXkwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0Eg
+R2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSI7sI3dXpvAJzvEWTNCJYK
+RRhjGzCB5gYDVR0jBIHeMIHbgBRgch7qRy2qs3EYMuEwHHcIsdQkEaGBt6SBtDCB
+sTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGlu
+MQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAX
+BgNVBAMTEFZQTi0xMjNDb21pY3MtY2ExFjAUBgNVBCkTDVZQTiAxMjNDb21pY3Mx
+ITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOCmM/+DK/WPMBMG
+A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNVHREEDDAKgghndy1j
+a3VidTANBgkqhkiG9w0BAQsFAAOCAQEAZiDuFb/HjkdATBtutsmCU6lnUlHxOMC4
+GZDCQEkutCfTuA9KoswLW1o0B6oyPn+/HXVaaRl/N6eJ3W3FjGpox8fjloPMJrGG
+qQIHbPFSmgoAsjmbsms7AZeeAlMoBw89dyQ+aZiqKJms+hgGoq7FyrU/S6sw22WZ
+lVVSHqS0xpTrtWbvLH5dzQwNvp2OeUaQUF4pmTbInYNf2do96VYXLgyMV4QsdZJf
+rGlYWdst2ObI6LR0x7UzpZXMjw/2wXNOQEujoWBA2Coth4TVdzU30LeO5zEBjs8D
+noA8JQ6DYzTnXk4fxtZv2pa4wJ391VeEmJ0o98qdxRuHA0pGYJQCGA==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/123comics/gw-ckubu.key b/CKUBU/openvpn/client-confs/123comics/gw-ckubu.key
new file mode 100644
index 0000000..5bd9c9e
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/123comics/gw-ckubu.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIUPPvb55y11ACAggA
+MBQGCCqGSIb3DQMHBAjjOqpaPsnUowSCBMiALIvfB2vXtETRZxybvvubeJLEp5eA
+qkQ7cdy331ti8XJ6fkHcU3mBQwbBDD5KSDBLRnRU8LegMWvRTKGjQ8lRGCULTvxI
+sr3HuR5omwXUMVwRLWTht++I1IIYoIwwnVU9/7vMy3nJPixP3OKRGwkmv5IedCvc
+5a/KqJuc+ezRVjQ8/Dl8fs+VRefd5Tmh3TYROu1vuV0pQaT33ceXDVJqZ2B+dmoT
+AHFE3FUex60YlXt5iUhdGWzItdeXnI5tDMnoFcAtCPbBAB7DhynqfEn7dlaxrCrH
+4POq5KvMUu5/sXlQoZR+SvkOx7Z3JNTYj/PL0OpM8tXJFvc5nT733iVcNjyauLhf
+rcXqnih6MUrWYaBAfL4od6/ne27vqriKwtFUfASTqlW8pN4uESbngXx2Ww5CqM7+
+K7Hz3XDF04Y92YBndBr1ZTUiFbypO5PjygZz8Jeia6RYXLUU+6kO/VQ4WsnbGep1
+ftQGc5tNhwEwJC+tacFzPdd6hRnosGSs9jhHk7v8CY58V2wBcgXxBDgVZeHbp2bL
+9lJmyohvZ/nzxmb99TxD6j154OqC+4cJLze5AG2AO5QmrNhMcFt+mEIxL1uiBU77
+SHe+konUZuAH67UPR5oJm1x7KmGjYOmdeke3wgkFKUIRCQ04OikOvUkIJB5mO2D0
+uoG6caj/KQQdweqhOMELoOj/GDQhxNCtD4Zx8LhKDz4VL/c5+s23oJX/pALuDlNs
+JpxI/v6gkxVLIZwyxhNVxKFNYEMERmxN6GePdPki0iEDGRRuSjat3xnMh0N+Yp2f
+N3lNDNoBfZRuBcgugF70O7P38tQXgEZF8tECwRHogmCDDSSOw4DbvbBSVdMhlMIF
+oUmNKqSyGKIONwsvCYHSKJ37DDIyvi/nEbSLHy+HRQ7/foM0nwnmxrgUk17VVknK
+RUqob0PeSFBMsjVV6kDrTHj2uiRYq5qD5bRh9hCKOWCdk0WgRspjUlBm4Yw1sTan
+/Zakk8MAyIl3dOrwnaTuiiYVFi2mIWwRSrjV0wYriGypez5LdVew01ISx/tqudzC
+6XvwMcNFeM0bzIT8PJI0g9b8JZrDGk8UbMIw0AfV1jakzZoDUNcv9BQHNGxcdcLN
+TFNY6BiTgAAsZvaapUU+oRqPB6UHubbfmRAfX2AzrctucYtVNZTNExytM85qslPF
+ZE4dx+yJ/irUzenP5ABVobpbvriX78d6hiuRHiAqbO90Co9nBffwDQnZptSdXRGT
++aubzGluIA0piOyW3r2s4KGRH+2s5TqHeW3WoTJTJuFlGB2lqn/Ieg0xl9Xy6rNp
+31oh/n8K6XjqIl1k7NWjLq++gzkoRyidZjvjzkKGkCEqfbZvE31m9LQ3ntxAsMgs
+WWXfWz+O9INtN2YzcVEDPNvbNA31FdtUs5nLVO5KPut2Rl/po2d8m+5WTdgQkpmm
+8x2IA7ZEUyYXKmFa0nFEZ7H2XhRizk4jfr0eQyx43nfXab7s7L2wy5IAxpksO54P
+H0VNIaaADeV/4PdbHODB4zOrrYEigUeMBVJaiZAyjvC1u1mLEtFkajWwBMaqgWA0
+0A31VtMvPn8b8lEhQhirgcJzHK/550hkEAgm5kmiWe8ZoLCw0Ej8Dofr5HA/GuZg
+mNs=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/CKUBU/openvpn/client-confs/123comics/ta.key b/CKUBU/openvpn/client-confs/123comics/ta.key
new file mode 100644
index 0000000..8bdac31
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/123comics/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+92f8950e3eeb9728413080949bac24e9
+d84bc4e08de921cb7c64250dbbe03d9c
+27040263bc8d4c035bb5f5d7b6445cd7
+ac017ce7ab6830264b1246289401cfc4
+84e6173530cc4e602cfac0d736e7633e
+54314d44704842dab40b638bd9860bec
+a770067ee4aa7d35ed085359f0ac6370
+ec85b7a1eddd369eca7b9aad36651484
+1836322e2d1dd5dc1b405f042f19c9b4
+9857030d1d37880f26a17c9e7eb9cb50
+97e7927acdd974d34f1eb57b3d4c1dad
+ad3bb0380b80b673508022c3895bb6d2
+9b9f1b3b4b3ecb9155523799708032bd
+c3172244a5f639bc8dd1d94c1197e0b1
+94f69490aee75ba48ae63b442119918a
+707bfc5c40ae6ebfe6fe3f93f311a924
+-----END OpenVPN Static key V1-----
diff --git a/CKUBU/openvpn/client-confs/ak/client-gw-ckubu.conf b/CKUBU/openvpn/client-confs/ak/client-gw-ckubu.conf
new file mode 100644
index 0000000..e36a6e4
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/ak/client-gw-ckubu.conf
@@ -0,0 +1,257 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-ak.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGxjCCBK6gAwIBAgIJALRp90TzgA00MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLUFLMQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMCAXDTE4MDIwNjEyNDAwN1oYDzIwNTAwMjA2MTI0MDA3WjCBnDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
+BlZQTi1BSzEPMA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOMNalpNk0cB
+wPdZemz4r4TIhtRSxZEEg9yhTRo9LdMa6oNo1gpg3/60n9nBtA0cDnllx7Z37PvC
+Pg4RJksrB2ZYOB3oSo8LoMzlA0lZl4AMKnxau1ZJI8OB9Ia+6uJxBnpwVULsL4sx
+ds9pHsnXU74UWgdZPAHsfWhogMtk8TsikLFv7P6oxg3fXeVriWP/SUETTWHgSD3x
+gPsnrcGqlCPcfb/mH5SU+v+ge+iue0BXe/1OZkJDHdj5vLZ4MiUCiVVslX36uqti
+sI3Jt2OyF9XQwu5wms3ioW3XydpPmbisRuI7qrTdnmT1iVhbk29eQK/yHrXvuuXQ
+i6PQAirBtMYD8tx5FbMJ6ueDcm0jTVedfHtdkWkBY84bBnecF7ys000fDzJs1YH2
+SP3cb0KbREG2RE5BE1OgUgg8odbJ7/K+Tp0VKEbJAZCwpaw+qAU9xfH3pDoSX+iD
+N+SXxnjSpamwGYmx+PGpwIe3RnlEx8XUcMbEBq5grq7aR7tYd5qh1NKTUKleGucD
+1izZeGLLkh81Gpx+KFXNm7lk3WDx3dqUXc3tJgpZsZJc3VI3UjO5WaYlrdTc6IQs
+3rD0rOGrETI/utLQI9PNFSis00h2LmcPVnEL0N/W71kHeOuytr1Tg1FyFGY7Wbth
+bei4c14kNkVUk1Ncfl07pMR+/i9yee3DAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
+EHXXKayMfThSNCInVWJK275Iub8wgdEGA1UdIwSByTCBxoAUEHXXKayMfThSNCIn
+VWJK275Iub+hgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkTBlZQTiBBSzEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC0afdE84ANNDAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBIgCBt6v6t2HSqwkLKjgR1c2cDViPe
+WmX8E8maqaDIUopyvNzsZCXjqZ1RNnIHgFKZyZqXSzXRGHbUiohJ4WkkOy+QV64L
+/LUizsZkMJasjYQgcDcXu5sN9mIzGW6C5myjwtSYBWITPxLsedOQLIhYulLrCBa0
+A/gs/gfODm0opsCOuvQn33psUyLda/k9BE/9EHmOg37IRh/rQi3dyQaW2DGfCgZc
+GSIMsxobp4QbdUTJyyIoJW/ZK20Mam+IWNhptqCX/SXlx0pzakkdAulwMtUCPwyD
+8IJEy5ST+qBoctg1mSLts14ZYM63NRYKPfnSUN1JfQE5Sl624c8koVJcKjFnPdII
+cFwo9R+SQFDfTva/xRC8Ydwp1C8V+wnXtM9B1aigule5MXe8CQE4PZjG1Bh7992x
+GcKGBCWR/8JmfipvH4EJ9brS4ZsQ5snfJImBtmmVxSjXn1aE77UYNEp8GF2vW8CV
+7j+neVQtQdA16tXYH4bWy4MCpVCuoBj2ffTkN/5cp9xWHt9D1w73LxXHMEWoQojF
+cOeUda1VSwR17SiEy/lo3mRnWoT6AzLVwYzVQg0W8dc9wPcJ2EiVzQu6ccs2gIJV
+RtdV9iX+oAkwK3/lPB68LvfMEw3Qcy3OY9DmjZNajlv8HCTirBuGNaUwR6pZGqiG
+JN2zjAizahwZgQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1BSzEP
+MA0GA1UEKRMGVlBOIEFLMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODAyMDYxMzM2NTRaFw0zODAyMDYxMzM2NTRaMIGlMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLUFLLWd3
+LWNrdWJ1MQ8wDQYDVQQpEwZWUE4gQUsxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1iJXRCsnhrkw
+vrvWg11+tAy89uYWXSt5lDxBVwuqoTEacmhnhfOT9yEDQys1jSm8u4FET2UUzI9g
+SNYFigYnKoVjjKKxGtlK2Bt9qgu36WlfzlnqNiKvUO2aHnxNwRNvI7b4YI2/uk3V
+gZAAQdH4DiR0rFSDNmBKyvMQKP6ix1dy4+riACIP22n/bltEp9KmYkoU5XomS+DM
+Fqd5wvCt/A18n3x5Ijw1Z8EGz7YCzMqGrt2HA+zRL8r0d//DS3KfHrZH+5qrrrbl
+j8aHydvklLxDqqn+ZgbxKIRjOJ+DXG3MbGvk4gaUj/+fR5nfoBDxIxlA2wn+hXAX
+v6r/eVSPPs6kGqYLNJsw8qjtuG89PggyhkuNsCoOLY/JvtXMRzadcz3RIS5nnwQe
+EoLDtn+E9NbQlrj9XyKYbzCW2EMJANoNmHsCW/IZ0aKhd7C7lMNxaYGARAssNo+r
+gUXj1bUbJQBpHZOJj4AZV9um1YM4ef9v9hb0slYolHw6YS1ys3Ur38+/005gVFtR
+daFQLsUXvLavCALJRuWfFv6k6Vp/HyDlRiwL3kDCsy+ul+ll9DC42rMb6y7WxAnK
+7lN6I5mWLkL7aWY4Qj9Fa+OeavGweSSYOaEzGHhNulQ9pIsw9f3XEKGh1XhSojpK
+hHM40wuTmGMwb53GhX5jB3UPijMdbgECAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
+LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUBYLo1mtxM1jb3ogF+1KEvfNNZDowgdEGA1UdIwSByTCBxoAUEHXX
+KayMfThSNCInVWJK275Iub+hgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQUsxDzANBgNVBCkT
+BlZQTiBBSzEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQC0afdE84AN
+NDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
+Z3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAHe1NvTTAE32RzjFyUZz72suEVrk
+OChnbtlokfhencfOZ+241jMswpg5aQDA2jY+lmEQW5tK4N+2hglTFHM4gW4b362b
+rJFEe0fCMl3r/cqdmZbDNXSm9xR7pSoIWt/2vo4ucZQzQEqN6CXA0/rOx84yPDj+
+UFHqvoOAAUbdBZOWqZ4Q+Qni5Y4QmUsGWaoK3LApKSEdfNxiKZkNZ6joWkjJiE45
+pdYd5qeUR1plixNhl5dITH0VfeM+85IXS6y9Tm4kb6tbLPO7KPu9vF/7UD0+Z+zM
+hA8nDu4CjQtN3aSq6Hazi17lDbjpYEWid2LQ0Epvh0c8PHcdNzpf3343/+fun+qH
+xKcEM/7BzyHtVaqPMRqLIMVx4+jAN2k9Lj7oswzTZa526G85kStfwZ5EzuHZ+53s
+2cH6ado+SZDbV2agrcjPri3Bmve36Ed0jLcAA0KcNVOKGfUuY/UR08j/0NbG12ZZ
+IZACPxtIiRcd97cvPXJIxn60LqvBkiRX9rRWA0se//hkCEbUC/w9YekDzDtKU5vw
+JdHjdPVX1NZgXOWom9lUFmWTzeTWC81iAG/YNw271yZ5be8RysAhx+u8ql5AuHL3
+tRsHj1TUbdBINePBvWexL2XdddojjwC3h42N7AvnMNW7ukSxzCog9eGxXmhKkTt9
+En3pD1oBbG67z5tL
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI62QkbYGv0EYCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM5hsq05gmbkBIIJSJV6xZtsAe56
+teLN4Bl1fR+qUAfmKm3q94RgI1f9Rc4MpBf64b61IgkVWnQ4ec4CAPnhe2FeUExh
+HGRoeBWR88WaTgNBo6+VUhTCYPAelLvGjhG9TUjn4sigSU3/nQos9NTEMiZjv4+j
+zQxhAxcdjWHOtUkScKz9EDAmU5EAais87VSg4a0AORgHNp88SOdTf56EqzZ5nh06
+NQwiUN4zlrTs2X3mnL9Xx9OPqkha4Ij2efr7eKN9Oex/IpQndH/5AUpNcjfn1sQw
+pokSOQK85AulhRVD9BMD+PTVsOy7xIrQkusv80NsZyqdCAGZLaRzw1aQv5tTLsD+
+pukAzv8rdaFX+k3+Pa3IZbjDGibPTw6Jy+2RY1XEOn7KD/PaULhWnNqioWG93Prh
+ShsAYUeAJaAmiY61D5ORiHVw0D3lUwBjuENd8AQ+y6ofIpdMnsJGzyfomswxSpz9
+CjwXUgdd99A+eeS/IDzDVECeAM0X/ugJ/gILa3ntK/DVVjap5UfCch6wpYnCYoIc
+p3aRYc5TeMR1U1DDrWt9c/4hB22dn5On0mSyC0K/eYdFYqZq+jDCNkMbvGRqFfCl
+qUP+SO+h6miAjakBymIZ/X4i82PucHqC+HXvcYbY4LttKEsztl+WcK8qXWxhgljv
+8dJLEqD6l4FmcdP1CCIpnMnYmjJLVmOVxhusWnSsbj9se55nL+mjtOCdWCMlAMr1
+06sz34Ujq1lfsB7nn+z7O+1ZuMU3qcgPigHXQYJRwpD+eCCUsKbKAPvCHqZxjtOR
+k9eDTQvJMsHFA0TCQ1sMPFhuMAkH+ZhW5Fn1Qguc52aG5oT+ABjhvtN1qKQhhu88
+AwfAPME60+1rmUwu75OZ22lDBVCmqu1MHQEtI7QoJqIXP9fY8bZk9XjgrqzYeQqV
+ls5DVJ48uY9BoMHYNFCwnSVmMFHIVPySSjZNN7LoEICevbr1iL3la8BtGaEFPo6V
+0u+xZMDB8uRoX4sc/yBavu85FWUEKP3P/IZ0Q7qhVd27Y+gZqGqm4HZ6SWMNx3qv
+zNfnfx8ChYWhMbZOAuurEJ/ge0lN5pHJQYPaHJ7J5UIXHclAXPKUJXiSam6XiIyo
+NAlxHvHItk5xnvgqq0m5jRkyhU+LcPplee7AIFptpk1Snrxv7weofqrUrRP0XPMr
+YUxQHbqq+P1XDJQzS/fk/CE3hvwoIPTcnsazvaymaMCN4f+yAIkIur26FoN1Egz0
+ed9zMuE/Q+Uy2wctVDf7ckcAvUJVmQO8ZeM81JO8qak424so9K+VK/1c5+nmwPx+
+HbzSzGCLvT/AsAsgAWuSnqSpfNkK78YHsZ0166CZgsuUxbr2QncU88m4u+nxvPhV
+88MTibkCopYa0fLgrdmM0KbgY0wCGBmMIgrSd77kKuKZuqtKKPvPClK8XeI5I1Kg
+vaeZslPTCFJQAmABLcbtZi5GejUlh3zxPXWwr0xHWt9QMxqXIbKz9w98ZVxB6JgG
+dc2eXN6Y53GWS2rPMCj57JnJzSOY7cH3mUcEAn8sZj3tfnhvjyjrLoVW6DS9DxH6
++hrYeEH2SB4VFo9LAkQf8nXGmf6Drc2CuHBggdL6E7eiqJwpFxJyWZF9cAyUIKNY
+3QGe01nD7/FJ2OdQ3TewwJdO6VM9MCacCg5Tu3CCaBn/ROMDeJ6waxCAaWC0a3ye
+/qF72uUPBnGmepCL8UNty5EHGJEQdLsFUqcz6esBd5QsJQFd4a6Dj+6dygHA5pFS
+imsM3CvEucQLinv14T2MlSfEHGKG838XcNz45z55C6LRWmDo8YhGJpyWLTRanOPO
+YgzRW64jjoowmCOYN+dHMu2N8TuHJaGtNywwzJS/hAmGywn8nQjm2hBBgmzbP4Z9
+mv/j3sym/S43HLgoxFXdyy+A4mWhC6DYyqctC5stUb7LWhDDH1q3/vIpbGzNOlIU
+64RU7tnb73tfNAvP27wok1Y5QulkrcgmGhT1mEXC2Dmd6UNU53cPKC2L9mSYwpLY
+oI0S5LrNfvcJbv1T+Q+6tl4JOviv9c1pxHrGU5QiUC9iWHQAqABewDQcvZHCgkv3
+n1GU2n/Cw3FJN5VKZvsEsL3uLt0iPNsq+gXt1O1+72vnsU9WGb3cLpei+69NaWC2
+Y1eYROJUwvISYh5Fj3AbQHkeaoMBnlD65MtCC27e4wQ08f1WK9yqD9RuF0/AyoMq
+eKuacUkDdRsGtv/EPw+2Y4TVZU8NCx/bklwzfti9d5Gvl13dVKH2rNxNzfU2uwN9
+VMylBtSPKy0M7mIneZmpAFRDUzcVAV/+1u8khfWG0L6AX9jD3m/9/kKZIsVRuxLP
+RW8OcSkZ38Y8LachhEToEyr1s0iPWOa2Uo6/nPpBswk8yI5CGETSvsL0+imcnykU
+GJJGLNRg8QZRAXzB/CadLZ2YLSp+VbwY1RI9MUnOIQy4nDJYmqtrlFtFlbkgYign
+eI6NycS8iTSQkGJHJCxftPW5HU/rOFoVmDkdpZ8lMBJsjqsrWxuMhZdYhd12SYRz
+c8MUarMyTCNYOA/U3avP3wcMWlIBGXnDhCSJWuP4TgekL8YeXIZlpqfLNSbjjzjK
+Qjr1QWrFcheKFtcN+RwxjmEH9VIx/Gl+j39GKjuVE6qFv8ydf5pO6hNlpUhdPwbw
+AfnY26813nPRQszCSKXgT6ZzLExlOdGEtcsLdVgNhqTG/YLSOWOzLogqbbIGBXrP
+iDenjXgL+KWWVx68rLIkX6uXp7ECyJuIzHdA4rz4BJ2E8N07RWIB4UIJqDkb+SmB
+uBjHA/lnnF1NgTaF1YfGTBYJBh9A5De0lWs7f/4FBuQ6cudLHw1TWFzXNYrBUvIi
+JVi3wm1MZYiLz5uWvf4hqS6kuxtHlkxmZeOjawxyNAaESesM3LiuGNa4wlAdLqrb
+Re9jzz6n7OyL+7NEjpDgxS7kx2UjgZfrH3+FhGAGJaaqfeC1Gz21jXNc4S+zHxP2
+Qt3/qm027TN1TARpTxDK4eGRFgOLyDbb+8aeaywjcqUWRN5tWutFNavSn/Amgugh
+mSxJJvyf0WKnh6cbX5mGQFzKiaAqz22IgtcSovZt0K13KR6IExQZW1N2QbpchjWM
+NFwD7jxGsOPeukul9fpANrZk+qXZqjSX58bEbMax+th1WNpnEqG470FvcJv8z72e
+6YP6NW+YmJhshYOCv/q6Ng==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+9b6729c5c91b466a2bf7a494c2773f66
+6f580c49cf669c267b408d4e69b47554
+eb9a77dc00111f2ffb3be09c38a34c29
+441ed188e45a20a0bc31e28f0740ee28
+10a36049da14f04a4efdfbfc15e492c4
+e8c6cc0e07b5ad43f8a7f9685edf07cc
+3764e44b091a1277195ff52cad66574b
+b9396a38e10445255a387a4c510ad5c9
+9376d6cfe2aee6b4970faadbe8b4b581
+cd01a751bd07d53d984cdbd82c357820
+0251066db57e5863fc96e6ccc4ac9ebf
+b06231f21e93d1934a9ed0352ff0d3cc
+e1fc4269821572b858b3461c4eacacd0
+0eb309b692e49ea3cd9683ff4ae85161
+790f3ff5bc0d7dba51015e182d88a09c
+9389557003a462a4c57467320c9913a8
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/CKUBU/openvpn/client-confs/akb/client-gw-ckubu.conf b/CKUBU/openvpn/client-confs/akb/client-gw-ckubu.conf
new file mode 100644
index 0000000..65f28ba
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/akb/client-gw-ckubu.conf
@@ -0,0 +1,257 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-akb.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGzDCCBLSgAwIBAgIJAJ2nraWZ6Z+uMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwIBcNMTgwMjA1MjAzMDM3WhgPMjA1MDAyMDUyMDMwMzdaMIGeMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
+AxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3ELr
+25xiRgZY6TlrEyKW4z26lI0B/f3q4NcgbZee+6XMU4mLyfbxMDowyfxs1QdhmVZX
+H4aFhfpge25w4V4XEgslYHV4Tx6fN9jlA5EAwusByayiq2YZ/ZrAqsaSK25atH/E
+US3tS/bthj4Tt1DGSmXJzVP2d89vDbfdk82lKTBdtlfbnL+zLG8NmL1NHeAGel+B
+kjHRMXo8m+04Zcq6xykBQZ2/lfS1jhqCUygCyub3moHTCTVmkfbKm9qWrqBMVTbn
+c5ld3G2TTjuRYVsYGzgnFHPrHtqMFgJOYgS5CIZ2mTsYgAaREt4IPDu5oIC+oe4X
+iErcIJoCO1NEsuHkuchvWhqRoSaqVOT1bRdVc+v/pfVkRVBb+VOeVQUG78LHRpDx
+LMx48QtN2P0HY2mdQK1FWZetFo0ncJvmjnFWqV3ZdWwWJmeXGCU+pNmokcP2wn6b
+zJ9lhtntS5IWqlAWUIUfJEXL+FbRbCCFG5reKcdSoNHFBewvcRfg5wPz6cMQDHXd
+B03168HJSVb8mB76bmBmc+zsLIFoCm7kepm+uzpY0//Uz0WXXXg6OI/zhBSECng6
+hamvri9k6uAeoyVjKJVpG2tALMmYcC2ygxYuFi5mbYg41eAMfBwAtK6sWdLy99qz
+sLWze8fwl8wHJhfHlLTQrLpMz0lpnjDtVOyP1wIDAQABo4IBBzCCAQMwHQYDVR0O
+BBYEFHxCgucD6wWX5p49FMX/rCWhuAzoMIHTBgNVHSMEgcswgciAFHxCgucD6wWX
+5p49FMX/rCWhuAzooYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLUFLQjEQMA4GA1UEKRMHVlBO
+IEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCdp62lmemfrjAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBwmgxFIhkxilpGef3bjiAH
+yyP78nFOtrQb0lb640pySl07F/2xHTYOPb/TECNzQR8no9aNGZHQlvwEdgLdIrDE
+I96AwMfhvVqducsXtR7xjX5YV1Dpa7Yqvt10teuhuPtnXV/ClNaNnFMAlJtnw6bs
++6cGDATRmizu/lZiHnuzG/ANr9AtMOp5R1yw3vPn/Fx6lQ/M4sKxJg0FrJDMvhDh
+sFbHA2T+u1Ke7z4BjSFAWb2tTDWfcffBuQhLRYdG0R3RgsZIVP9dtrdrKRAsdIHC
+FxL9IHr4mlS3VHqtcyXxFlVhOZsQ5KVt4hFUPgMzIEnFq+T+Q9YXnYM72g1An9d1
++Y5YBkhPZONrmUE2zDjdk4bSy58h9xdSCAyziRvKomtrqx0CDOTJyTqPYjWsLCFu
+xer7bvoWGw1bfC2+5TgcLlCqRtGbgeCj3NJ9xHcv5ZP4PVC5VhmewYJFsDiDEfw7
+GOc8y5liXX/+YoJjEHrPwMS/QN7mDH60JdXngm7BafQa29mw3GQXwWlLvfFekMXe
+DtkRyz0a0FsplnwOScDCsuA0RrJD8T/iUNW6ecdXwwFY5vl8/NhZx2wBnchsBO+z
+/Aw8kwc9X87NVqIrJVh2i4UWBo/bAlKSTHY2/i+IeMZf2oXhc6yyleXk6jbZ4b2t
+KIajjnXU5P26nFWLP8IiIA==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1BS0Ix
+EDAOBgNVBCkTB1ZQTiBBS0IxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDIwNTIwNTQ1NVoXDTM4MDIwNTIwNTQ1NVowgacxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tQUtC
+LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gQUtCMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKpSg7Om
+QQO8vMdmYcgOqYwpz3BSRDDjQJSnKwlNXanVLR8t5ZJQtJKLqUsKo8CC2jyBZQrN
+kusVwz5ecKbuyDPnDhl4ra6mCWTQnxKhUX2e9DtK7W0gc8HZ8TAa9tJt2tcKpX7S
+MNeEwYETPhQk9rUUxxkynIfr38n8nodyVdtFo/nhhlsqyZO4UHLPhC5Op/lPPvzh
+Ioz/I66GquHcwX+bfszWlOw3DJeAXw+qPMyjpOzQbsAzqEXHgDY84/4G+safqD2Z
+l4UsoAIbEpdSmHF+blkiuXllT9cZ7l3RIxP4pC4c+NoWZFe5Uve6dv11TdREAzhi
+PFI1og3c5wGIRbt757687oJ48Ou7w+MKfoGB/ErjrSrItX8CEMO3u17hgQzzGZ/u
+iK/zSR0jTUuTnf2hFByXnR89YqXrEWg5Uch755cZPXzx2phniffQndNzTJcPJOr+
+LpxpndzInEqC31Q8ZDUgQ/1Xv0or6ePzpTuxt9VKiA16Zn83RzO8ZIR60lO1+VQP
+Uxc+oeZLp+AfbHBHO/yqNws0V4vYOo1XtUN/Uj3jFkYnfcaH0iQTXIR/aGUz6rMO
+tuA5e3Y9i8qBpwnDQrG7RlBtOr1Nrrue15yTaEhPHKzBpBYWhbsIyJuBwBdxh96X
+QkBgEyKRTYUAge0VS3DD9dkdLgsbst1Ed1ppAgMBAAGjggFqMIIBZjAJBgNVHRME
+AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
+dGUwHQYDVR0OBBYEFOK0KTR2vda8ZJ/b0eqc0wAVmCA3MIHTBgNVHSMEgcswgciA
+FHxCgucD6wWX5p49FMX/rCWhuAzooYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
+MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLUFLQjEQMA4G
+A1UEKRMHVlBOIEFLQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCd
+p62lmemfrjATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
+BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBABfYhzlm8VjYvuZwySkA
+9mR1xblTWn/E/d8r0BR8E1ra9bi5jGqYrIzyoCNNFdL0yjvXGNHZIwN0sn22LlC1
+1ikhaWV3WcQhtAT91NJfcXr2tk8xOhmIeGlmHBPW8VwwLjl/6WnUEK0PB7skYjq9
+iS+ftC5lFNXFCvaJpReC0HGEoo8nf17PKoktzKFWNb0m6UtS8i8QmHcm+SpqHW7b
+kbgGioVYbPrkjpySFigQVu3E4Siu2MO2Z9O8y7kutXzwhCom5zBPAkUrvYchl+IX
+AXF3MY/dFaxMezt+SubuTWpvH2cbxdfEusNFbG/bC5NywR+0wAKiM/gySb+TfeB+
+0NPEQSDYm6stuTCrC8bu20CevLnQhzI5QsBDi3xc+I0g0aER7uJCQ5ajUtjpM8qy
+0Toph7IEzQP1JQnsroNlbdI4QI1anACziCYgToYTvLaDaUulMpzGOKMiP6lXDUfy
+nggOubzmWcei6syfxWizdkEJeAeHGrlcsJYMyza5PCExNodjuiUUOVrZGKZYLqsR
+2kMysKxFO8x81EBhK7fSJ4wIvM/koKKKSDozTWDTbOA7cWjRYWPIAoA+c7sB7VKd
+bdGCHVQVH5/YUXHIEbjM24ZYVP7UX8hQWtfxDOYHL8gSRSncI6T9HXs0p1Mlh0eQ
+kJdQyX6Vs+d2zTzAbPqICNGM
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIrroJRG8KWNgCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECADohDo0yZ+5BIIJSJ+akpQD4kl1
+0K+EMwYmNiqrlC1VpdMMFVEKYL34uhieaWkmhPdmlo5RXggBkdzsKb9V6veIiWBo
+i7kF8ywMBzR8xP9hqE/1V64vlsz2YOi0jS55CgAL/g/vtWV/lXHecgCjLgytlkrP
+Zsj/cb65XhpnEWP2fFilUAU14K2/5ecJce3kAWMbSBnms9fMXN6uIsdr+J39KaYn
+thsTaH7zOfOOeqhvc5g9hcTl248RgQhpDPzCsGqOvKvzdSiKbPPxFSveNE5L8Siv
+Zu0g7PvGincOw4AiNwizy1VgR2UTEagmQvqAiI1aBxP6jvePnn0CoG+DAnPlhyMk
+Ei2uQ76USFtC3DBFpzfg2NU5pubq90dq0Zgdc4LUz9czwE5XUFXShQ70BGqLHvYG
+clSMu3D0lodbQ0Cdg10hCKesNz4i+T7Z7xkvEERB1v7p564qGrn7NAb5tb6JmxlR
+wHwS6zsaLzAymNSdxh87hlpupXn688HUSn51KKwjVYnJxyYSAIzkNRQ1LVwzS4TJ
+R81J6GpPawKzFGZYnvdbLw72ohyLu8D6d7NMLR/Fc/pYT/QgoH801DeseSpaDd/h
+RFr0ax3EA7MDnFQfmv6m+I9OmhTX+qdhFHtRolW+NUGAdXHFun34+cuIy5hPP3OT
+FyW7vAE0gQN2zgllJcIUjz2Xd9PzoX/tsuh0/RTaj1sEAQhlENfhDfz5GFHSHYbS
+fTCLLHR7YISlqUwSH0TdzP2/vsh283iqaQJL+OLfwquTDONDekNtoiIG7HlB6dQr
+9ni9wg9lO8fGRbFsN9DrJ1vJcJN5CmY+fE77BNJV2K6J/9EX1wOKp3PaTFTFOjqy
+tp2K/M4BTT+JVG6sC2gcDgHYg/2pGTc+YxaKyFVziP7rFQ0plzB1GqrFOGeaSDkH
+7VfuUbwlTtohiToL+Fc7sbKV95bcjtug9o9bxdzTPikd5E0gAqOLwJ2bqgFBYZFl
+t/Ohm8BBwnKuJqKMJXSHvEDFTM9e6VaTVKD4r+7lI9Ng8h89ergjBUdRxB0I/4PE
+g7HvzcXm8Vru8U7LmfCR3KKBtfwNN3n0v9pFk4D24pMRX4o+SD+INDVaoZ/Dswqp
+sI75SngxgOXdvP5x9F6LiTklZ+jxciYsVzb5f3CqkjQ57990Dxyt/+EveQBO4yLb
+Hnzw9wYcunqsiRmhzKfkkHwHAYmGggtWWaZN7qhLPFgvmtt+Tkf6Ord6FWlEpr6y
+5dzHds5tqH/v3Tv4NsTp8bLWqSACVoZ4tKbiv/AijVGar7hiHS4sJ+ty8q7TriNM
+46TxQ/iyxQ+4ycfE0yv6MIYv3g135X8lZJfP0gK5wv5sdtgppUcHpySngJv1Se2+
+KGS0WjQ9ZqlBFl2V2eJcSRzHRh4351BnoGYsogBrMxUUuFvHho9BkP+fPPkCna6V
+S8f7AKb1YuyfeNrq9dLW/5FjaSI/or6VGSv62LBUXXGflFQgu18IZ6eNkzgir0Bi
+bdPBiUjnYxTVbfEaxP2CGCuPyG4AQhkbjciyHj5fuQkXIq4e6x91u3FVRHu/LOwN
+zjWYs+JhgVzWlH1S2qTaO1LplMt1mG6TXFEouC+qkZ6Os+Tk8jPfUj71/ffh/p73
+We9RMPEdvBnOQXRlIJQXa14QYQ218POC2LSD23aWqPdDsssIwpxOKBJHuRqBZWd2
+0VK6YpFubZtJW4Z6DKoc98exR+JU3y9ah2V2G7poE4m9V7Np/PjGJ5zLPtx4GhFO
+Xr2D6FK26IGUQlO9G+iErvIOeo6j1GJw85HfDY8+wGFNrPmYXXDbkbgwKhcg86Oq
+hBh9Zd6P4J7cvtps8A0+F/ROWalmb06TOSZ62lHrJZpnMuI4enSLh7fq3gfPLKgc
+MWbxw9Td9LxGt4So4sg8QT2uKlVDDpsP81Jaz1wK9H71GZ+cKhYs4nEQChSPGh2f
+XcpV0/CM855FsRTXOpbNHi9rj4jUWOYRkpF7nCdEiGxBDQ5mMdzQ2j+wWUpCl4XH
+oD39DVsEmDvRM4fIoYfiurZB+ByWfNwQ5uWcLqexapu+MzVgzEZd+UcejmmlLc0E
+BV3U/DgoRoI4zkpRMzKeRMdKFZ93HjHETrSISfqvulOqgA/FsWCoSt3OSxlYQ+vm
+bS8gFuF7FuadfQpZ+9wnsrVceNL4bgaZ8jB2wYLPJ+YGz16DtRkfp24gYPSfKfeU
+LuhWbKrRE3MLlMSsjtdrLMUW5nxttdDyxbOj9lBezA+LEiiQGP5Wv10wWyjaAFTg
+UCAfWr2oP1WH/lXmIqDYD6zgZEgb2rRmnpeZGbzB5xKYTp97YeKxg/kuPIl9Tf5t
+GKYUPp5wO6PEkiHDCyCC8cyzs54pAwMBZZkuNcMZ0vse1FcBFZ8YjEwuxRnVMHdJ
+3ZEi1b/kHTWDgH1zvj9pHbT+p1DZmZakV6P+gPxkvcLyzb9Zkt4pWQ6PbmZa6q/c
+dYDQExeB/tEiGBn+nb5mYbjhGm8kkokK3lbRRuoqCG/cNBDeGYGNU8q6EabbrSGQ
+BU1s4Uda/kHzXXmHxphV8P6luvh/aI56RHPVzj3tDBhNBZXjsIm8vyLi1jd5Y/AD
+vzg1Vkhf0AAZpSA6w4uTj+/JCVR8ksitXuDNit2iEWcFHmz6vtuKw78lB8VkpI1s
+Y5WmXsZbdWsp66GNWcA5MmBRBb7vd1idSfbw9yRLuiZAhVAmlGpVbSUplfTe4wOi
+lDfAZLGVbfvdjWIR1fY5QzJBckfSe3QuuHPmsa+qTLlYbZxWeO01JfoWBADwIa28
+otFSYOi9gLAIHOHuRTB4uGZZ1R2B1HjDOx+VFfkpuzUvevG3sA7VZGP7KlvtJ4TJ
++f1KvxBkQoVK0e1dKOFJfqsUDUt+hADQt3fpSpw/x+AROybuynbtJV5oC9/VJG76
+7n3dkmZ/07ALJ1vATwMK3/XUW/JNVKjmS87/HkqvpPYlgHK1avwWvEf+Y/0LM6VM
+mfEi3ZGo6yGye9O1f5ISRdNpXkFRTYTpOpxGL7vGy7JnGE8ZEpkqHREbqptw34I9
+I0DuWszHoohU/MNfXUYIIssmWi54iwN8DHDWoh3bNMmEtLEOzPFGk4016yGpXLea
+zrMG2XcHwgwX0S/qORDLR4N826diQqrd49V0yjBnqCyAtIlOrW0l7oAqaJK5eaeO
+k5E/xOQ9MK94fdI8ahT+Bw==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+ea4b0c3c2469d8119fba1b968f7a3ac1
+97af13fc4b4fd1d7e6e3aa6b6513ca98
+0acee9fba071da555f9ce14d6642e20a
+452192aada6a80e73dc62c3103c780fe
+8b5df3a054ba1e86d01bb880defbac93
+f061ebe4cf87f5c123ec49ba82f50e1a
+e83290dfd4debeba063e3ca1c5f37bac
+457184dea9a1a97a053ada58f63b7c1f
+1de01ca49f3789716e8df654727e4ee4
+77d9b182ba174ef871d72ea2bf82d25b
+8d02b7a783324263e03229c0852e712f
+950c0528985bc1050145f6e1a2379466
+11058027d0373a920718c5a5b2f9177c
+94365214e24022b2c34d51f25b008f02
+8a198e2ae5910e83120b533853bc47a6
+2a579fc8df42a997fa4e4854fcf1608a
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/CKUBU/openvpn/client-confs/anw-km/ca.crt b/CKUBU/openvpn/client-confs/anw-km/ca.crt
new file mode 100644
index 0000000..9a0a4b0
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/anw-km/ca.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAwigAwIBAgIJAOPMOpcckCT9MA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEWMBQGA1UEAxMN
+QU5XLUtNLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcN
+MDgwNTIwMDAwMTI4WhcNMTgwNTE4MDAwMTI4WjCBkjELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1LTS1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCz6U29hsY9zm7uv7aG2lnlRKyeVCwQYUw5/BPT9DaSqROz
+Kuidjnu/mmwqmwiPQi8ikkEb2sgH+EdxMXig9DSgoVNrXCYCDLlhruyf2Gr6XPXY
+q0IzhskqilP3QkjTnrJabBZSdXF6JWVXSVZXiP0tpJZZpCIQAUzkN2aBOk2PrwID
+AQABo4H6MIH3MB0GA1UdDgQWBBRoRIdr8PyJcZnPMsgcEDjrUtg0mDCBxwYDVR0j
+BIG/MIG8gBRoRIdr8PyJcZnPMsgcEDjrUtg0mKGBmKSBlTCBkjELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1L
+TS1WcG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA48w6lxyQ
+JP0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB/ETqWltrGX7r72NED
+4vpdN2ZVYxEMz0A4UI6dCRrqEMmhbN7WbvTN/pYaIEl5C41ANGG8ZZKiSrjFwrXC
+wevYMUKtHMFeV9Bn116w3odXdD+/Z6ykGvrX3jk5BNYbekVLxG3XgQt1lurvTWle
+La/k2uEdxP0RwOLDm75rVYw8ag==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/anw-km/client.conf b/CKUBU/openvpn/client-confs/anw-km/client.conf
new file mode 100644
index 0000000..1d74962
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/anw-km/client.conf
@@ -0,0 +1,137 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote anw-km.homelinux.org 1195
+
+topology subnet
+
+#push "route 192.168.82.0 255.255.255.0"
+#route 192.168.82.0 255.255.255.0
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+# user nobody
+# group nogroup
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca /etc/openvpn/client-confs/anw-km/ca.crt
+cert /etc/openvpn/client-confs/anw-km/gw-ckubu.crt
+key /etc/openvpn/client-confs/anw-km/gw-ckubu.key
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+tls-auth /etc/openvpn/client-confs/anw-km/ta.key 1
+
+status   /var/log/openvpn/status-anw-km.log
+log   /var/log/openvpn/anw-km.log
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher x
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+pull
+
+#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
+#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh
+
diff --git a/CKUBU/openvpn/client-confs/anw-km/gw-ckubu.crt b/CKUBU/openvpn/client-confs/anw-km/gw-ckubu.crt
new file mode 100644
index 0000000..0d79629
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/anw-km/gw-ckubu.crt
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jan  2 03:39:56 2015 GMT
+            Not After : Dec 25 03:39:56 2044 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-KM-Vpn-gw-ckubu/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:9d:32:39:db:a9:6d:78:47:e2:78:2a:0e:2d:60:
+                    b9:ee:27:e9:a3:59:cf:5b:90:6c:3a:5a:c9:e8:9c:
+                    72:a9:6a:e7:c2:b2:99:78:94:e2:34:69:af:33:42:
+                    64:51:34:0c:ff:84:59:b5:1a:d8:f7:3b:4a:94:f9:
+                    75:cf:5d:66:23:a3:38:b6:dd:b8:59:e5:1b:be:d5:
+                    5e:91:c8:28:83:90:bd:26:a3:2d:1d:32:1c:bc:98:
+                    aa:4e:99:fc:34:7a:9a:4e:13:9b:aa:f3:e4:c6:e0:
+                    93:1f:5a:ca:f5:56:51:4d:ff:1c:ce:b1:9b:ae:2a:
+                    4c:3d:fd:8e:5f:68:26:b0:13
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                EC:14:0E:00:D3:F8:F9:BB:B3:E1:63:47:96:45:00:C4:7F:00:FC:2E
+            X509v3 Authority Key Identifier: 
+                keyid:68:44:87:6B:F0:FC:89:71:99:CF:32:C8:1C:10:38:EB:52:D8:34:98
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-KM-Vpn-ca/emailAddress=argus@oopen.de
+                serial:E3:CC:3A:97:1C:90:24:FD
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        18:00:f8:c3:1d:2a:78:32:56:b8:d8:5d:93:2f:bd:78:8a:71:
+        c1:ca:48:40:60:f4:e8:cf:52:ef:9f:44:e9:12:20:b6:08:54:
+        ef:83:9d:00:b3:ab:c3:68:dc:92:ff:71:11:23:40:d1:31:12:
+        00:8c:65:10:81:96:a8:d3:5a:85:cb:6e:ac:69:4a:86:c7:65:
+        52:72:f9:50:e6:d8:61:47:27:6e:13:77:59:2f:07:fd:4f:26:
+        98:7c:bc:b2:b2:14:79:af:78:f8:6e:6b:35:79:59:38:21:87:
+        b2:30:b9:df:5a:7a:ac:fb:1a:e8:4e:0a:4b:b9:7d:0a:fc:57:
+        bb:05
+-----BEGIN CERTIFICATE-----
+MIID7TCCA1agAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1LTS1W
+cG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE1MDEwMjAz
+Mzk1NloXDTQ0MTIyNTAzMzk1NlowgZgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBuZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNBTlctS00tVnBuLWd3LWNrdWJ1
+MR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAnTI526lteEfieCoOLWC57ifpo1nPW5BsOlrJ6JxyqWrnwrKZ
+eJTiNGmvM0JkUTQM/4RZtRrY9ztKlPl1z11mI6M4tt24WeUbvtVekcgog5C9JqMt
+HTIcvJiqTpn8NHqaThObqvPkxuCTH1rK9VZRTf8czrGbripMPf2OX2gmsBMCAwEA
+AaOCAUkwggFFMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdl
+bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU7BQOANP4+buz4WNHlkUAxH8A
+/C4wgccGA1UdIwSBvzCBvIAUaESHa/D8iXGZzzLIHBA461LYNJihgZikgZUwgZIx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYD
+VQQDEw1BTlctS00tVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
+ZYIJAOPMOpcckCT9MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAN
+BgkqhkiG9w0BAQUFAAOBgQAYAPjDHSp4Mla42F2TL714inHBykhAYPToz1Lvn0Tp
+EiC2CFTvg50As6vDaNyS/3ERI0DRMRIAjGUQgZao01qFy26saUqGx2VScvlQ5thh
+RyduE3dZLwf9TyaYfLyyshR5r3j4bms1eVk4IYeyMLnfWnqs+xroTgpLuX0K/Fe7
+BQ==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/anw-km/gw-ckubu.key b/CKUBU/openvpn/client-confs/anw-km/gw-ckubu.key
new file mode 100644
index 0000000..40803b0
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/anw-km/gw-ckubu.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,17FCFC43E5265156
+
+V8gYTlFBeMXEIZUYq1fLtRIYjVnYNBRGmGNHtraHXZycO/RUnnEyoawl6pTPRWlM
+z1fVM7sK93uyEX6yftVG9DfFbMSkzkW8P3CLIMGNvVE5kF2KzpNPDJ1Lvfi7Vafu
+KPvUngUAEjQQ968NIAGvN+fOeICoihNZYro6lNaN1iOPTHO1ySiSEGslbW2Q7WrQ
+RyUJPS1onvAMkEOp+E15g+BNVLVap0iISlIW+urCnJ0dhVUAS/bZNaQVh6MsKUnp
+rYh/t3DZmXTBOG5gu/VSY4PU7zGMuHKNyA0hMUEapvzAeyyVfppjvKN31OhqXZAS
+X65uD8x0nMH8NgBuh7ZJBmMIYjjAvHi4/0hsfRjp5ZbADkeay+cyzjo1t8q0xctJ
+qZdLFcTj+XVN9DfPeAkg6RQa1sUKJE+n0enmsBL+99fopWH+GrxEDqux+JHhRrlc
+15fzFh8AZBe3Fl8aheDE9n2f4sk63ap+u7hgPMRa0wYJVU5meYLsfaU4XRJnq73f
+LO6ZwLV0MDEm1sc4k1P9KkPbZc/XxIXDtsev3psy/M39zWodhtfXMrzYVfH3ChRn
+uIFV8EhkEMPj6hPFFubhHRFjW09Pa2knWOZK6x8Wad6YEJxMw/pB6NAa1m2bkGan
+EXTL3Ehb6iAQvQ6BBb5+kqjnWFuCqjsz9h2Rb5r/l0KvO+VScF10mkDLoNqCHhBK
+BNLKYngRCZw+8N4vnhsc3s8GPf5ssSpFEW1sypaSbW2Hgux55jBu9NtNzo4vQLGM
+UoxiJoq54w9a3EjgVspMQ1qy6WzJaNCZpqvdl2fT43c=
+-----END RSA PRIVATE KEY-----
diff --git a/CKUBU/openvpn/client-confs/anw-km/ta.key b/CKUBU/openvpn/client-confs/anw-km/ta.key
new file mode 100644
index 0000000..3fbb66d
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/anw-km/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+82b1f1533640a6436ed2eb2993ef9e7c
+f867d5f61ffe5691be2bc8304714b41a
+9f49a741e0c9f22417ee9ee6893434fb
+1e5611b7d64d31532a450e41871c4885
+c3ac11d33ed5c878500206416cb88c9b
+c0487fd5098dc3a5982694feb2d4d3fe
+1ba4f32fc7574fa4b09d47aa1986c096
+e022fcd44b87ad8c08c979b8ac7ade3d
+130f838ffaedf278360eba2f6f9b94db
+e1d0e0f6f4a44210f4acb38835797444
+fa2b5e067ec14e5f2013a36827c85722
+386cf69b2c5e9c3bced20e4aac287edc
+da8b1eb743cf527750999e01274f2e47
+e79c9cbede772362b103a6ddebff76da
+ed23277286cf8da544d86f6e5f6046b7
+a0d2f4b8bf57d734ef4ec3763979ced2
+-----END OpenVPN Static key V1-----
diff --git a/CKUBU/openvpn/client-confs/anw-urb/ca.crt b/CKUBU/openvpn/client-confs/anw-urb/ca.crt
new file mode 100644
index 0000000..dc96316
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/anw-urb/ca.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAwigAwIBAgIJAJfS3XHJWN9/MA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEWMBQGA1UEAxMN
+QU5XLVVyYmFuLVZQTjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcN
+MDgwNzAxMjMwOTQyWhcNMTgwNjI5MjMwOTQyWjCBkjELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1VcmJhbi1W
+UE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDXN4KAEcJwYICMNTL47p3grgBwylUtkjtjJdmUVo8k85jR
+nZSlj592rDPB7/G1o7qU8vEQlmIQSjkfC/ViuMlS38kmn+1B8kVpqoUPWZ8PRnm5
+JHWRK6TD8LjHCEZKr1hfaviddbK8Exg7b+Va3Pz0eAqS/BfuuRXdrZYJTdiuDQID
+AQABo4H6MIH3MB0GA1UdDgQWBBTY304dMhIbcaY0w/D+JRpi/lcRZzCBxwYDVR0j
+BIG/MIG8gBTY304dMhIbcaY0w/D+JRpi/lcRZ6GBmKSBlTCBkjELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1V
+cmJhbi1WUE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkAl9LdcclY
+338wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCtIEYEN8d5imgML5V3
+OnwSN+aAm6hobm6IE1fFj+G6RyvcewrLaKybXljBe2sLB4TdK3CUntoJ7yaw28xl
+5u1rBmzFI7r/xNwdU+qurpb121yMnwQSSgF0bVpDZHdz4+V1+V4Lor8bvmqOIfsH
+YMgxU+nNxqoPlGaO1xxcEuK78g==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/anw-urb/client.conf b/CKUBU/openvpn/client-confs/anw-urb/client.conf
new file mode 100644
index 0000000..b8bcec9
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/anw-urb/client.conf
@@ -0,0 +1,137 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote anw-urb.homelinux.org 1195
+
+topology subnet
+
+#push "route 192.168.82.0 255.255.255.0"
+#route 192.168.82.0 255.255.255.0
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+# user nobody
+# group nogroup
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca /etc/openvpn/client-confs/anw-urb/ca.crt
+cert /etc/openvpn/client-confs/anw-urb/gw-ckubu.crt
+key /etc/openvpn/client-confs/anw-urb/gw-ckubu.key
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+tls-auth /etc/openvpn/client-confs/anw-urb/ta.key 1
+
+status   /var/log/openvpn/status-anw-urb.log
+log   /var/log/openvpn/anw-urb.log
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher x
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+pull
+
+#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
+#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh
+
diff --git a/CKUBU/openvpn/client-confs/anw-urb/gw-ckubu.crt b/CKUBU/openvpn/client-confs/anw-urb/gw-ckubu.crt
new file mode 100644
index 0000000..5320c64
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/anw-urb/gw-ckubu.crt
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Sep 18 00:00:05 2013 GMT
+            Not After : Sep 16 00:00:05 2023 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Netzwerk Services, CN=ANW-URB-VPN-gw-ckubu/name=Christoph Kuchenbuch/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:d7:02:6c:3b:15:f3:97:28:c0:5e:8d:24:ac:9a:
+                    9f:cd:11:f6:9d:5e:a5:5f:5d:3d:42:a5:de:b0:35:
+                    b5:d7:b1:e0:e0:f8:f3:29:53:7f:33:78:18:92:67:
+                    1c:aa:f9:16:48:5b:19:d3:cb:8d:d4:fe:1b:84:d9:
+                    e2:89:1a:85:5c:0b:93:c3:9d:6d:a8:4e:72:65:84:
+                    16:d6:02:6c:b0:0d:00:46:e3:06:15:54:bc:a8:84:
+                    80:f1:a9:93:b0:7a:a3:57:31:3a:9b:aa:29:9b:39:
+                    34:e2:64:df:4c:d5:3c:6c:c5:1c:3a:4b:26:ee:5e:
+                    58:e9:29:9b:42:ce:ef:90:5b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                5C:5B:7D:20:D6:16:C4:CD:E8:D8:F9:FF:86:B5:ED:8C:83:CF:90:C5
+            X509v3 Authority Key Identifier: 
+                keyid:D8:DF:4E:1D:32:12:1B:71:A6:34:C3:F0:FE:25:1A:62:FE:57:11:67
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=ANW-Urban-VPN/emailAddress=argus@oopen.de
+                serial:97:D2:DD:71:C9:58:DF:7F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         c3:95:2b:e3:f8:62:d2:5e:b8:02:bc:a9:11:f8:bb:f5:0a:04:
+         fe:a3:68:e7:c1:97:f0:44:77:c7:54:98:4a:dd:b9:df:76:4b:
+         2c:d5:4c:a1:9e:e6:da:5f:d0:e4:73:c1:63:6e:29:ef:3c:79:
+         82:0e:f1:59:ca:8d:41:aa:22:42:e6:e2:88:ba:00:91:b1:f6:
+         f5:15:03:db:72:ab:39:01:c7:ee:19:25:c1:fd:ff:5d:30:b2:
+         ff:76:70:e9:3b:4f:88:af:14:68:8b:63:e2:a6:9c:e6:05:0e:
+         eb:b9:9f:3d:04:2e:9f:34:c1:14:53:69:3e:5a:c3:2e:ab:8e:
+         12:72
+-----BEGIN CERTIFICATE-----
+MIIEDjCCA3egAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxFjAUBgNVBAMTDUFOVy1VcmJh
+bi1WUE4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEzMDkxODAw
+MDAwNVoXDTIzMDkxNjAwMDAwNVowgbkxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRowGAYDVQQL
+ExFOZXR6d2VyayBTZXJ2aWNlczEdMBsGA1UEAxMUQU5XLVVSQi1WUE4tZ3ctY2t1
+YnUxHTAbBgNVBCkTFENocmlzdG9waCBLdWNoZW5idWNoMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1wJs
+OxXzlyjAXo0krJqfzRH2nV6lX109QqXesDW117Hg4PjzKVN/M3gYkmccqvkWSFsZ
+08uN1P4bhNniiRqFXAuTw51tqE5yZYQW1gJssA0ARuMGFVS8qISA8amTsHqjVzE6
+m6opmzk04mTfTNU8bMUcOksm7l5Y6SmbQs7vkFsCAwEAAaOCAUkwggFFMAkGA1Ud
+EwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZp
+Y2F0ZTAdBgNVHQ4EFgQUXFt9INYWxM3o2Pn/hrXtjIPPkMUwgccGA1UdIwSBvzCB
+vIAU2N9OHTISG3GmNMPw/iUaYv5XEWehgZikgZUwgZIxCzAJBgNVBAYTAkRFMQ8w
+DQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVu
+MRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1BTlctVXJiYW4t
+VlBOMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJAJfS3XHJWN9/MBMG
+A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQUFAAOB
+gQDDlSvj+GLSXrgCvKkR+Lv1CgT+o2jnwZfwRHfHVJhK3bnfdkss1UyhnubaX9Dk
+c8FjbinvPHmCDvFZyo1BqiJC5uKIugCRsfb1FQPbcqs5AcfuGSXB/f9dMLL/dnDp
+O0+IrxRoi2PippzmBQ7ruZ89BC6fNMEUU2k+WsMuq44Scg==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/anw-urb/gw-ckubu.key b/CKUBU/openvpn/client-confs/anw-urb/gw-ckubu.key
new file mode 100644
index 0000000..76b4ed1
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/anw-urb/gw-ckubu.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIciZPe4pZyPoCAggA
+MBQGCCqGSIb3DQMHBAilx1xBgz8S1wSCAoDBMXDwnWuOF66Yodm3A2D1Su9K+hVo
+5KfJeC0BmWDf1455kw/ZKiB7bdgUcgogJPpQgzjugGu04iugoC/KobocidD6NP7f
+ZkmT6UGPkFa+3xyr61rYBlKT9HqphAVRwUoNhNNbFG1h0oBIL9qjxuQCssL5qsne
+R9KN9VsYVDRloL5/RfmcozJ1mXeRQeBkDCiQWb7cCYSqzpXHD6Vf+Xabdb7KiEOp
+coIWoOLyX6JdlV47CN1bUVerZulyZfU+xaI1EyqDCiVR6uao7ggIrLEnnTj+3oYN
+0NK77BCAJBsMEvSa2ZJQUvKeAl8pHTZdD06ixZRFlroUbMYV3ns2BvlT/M2GT3Oz
+P55FxClNjnmST1+MB+Ak7rZxdSVXf6tJP7fyxWU/zeGqHFfhQS0soiJxsdu2+iAy
+/AW4d5eF7fDMNdtelQg9oNMu8DBqIEMt6iZtmEPMxXO18BWrOOuAcXNExjmX4YP5
+/WVKwpukfbizsCgA828Rmm6KlLaGcfwM4Q+msK9uQuLW1xrAjghS3KPgCFOnrRzV
+UCvZGaVAhdA8oSdigBJonQmC5KWjjd+MIHFUqHOz2CWdN2HPvn9DKUeZwUVqtyVZ
+LytntILVJ2CCLikf8iR2Q0YLCnA/Z0dA1+yy2OnSpFRv5qZ8alvn3sJ/RKCNnEVe
+5Y5mhfC/MFk2Ak7MaI66vW6WFFUWFzFqvpco2ItVF05mjN0QfQfwB0CllO5QzfCI
+xEwG4mcAgB7NceXHYh4mdX/nxDsmbkHSlWRKIE1SPuJzQPeolxKUcVr9O4UVHUya
+zL3PaQ4PZa1YeL01QrqeK/rgvirQbNqnNsr0diqNXiYPNGmIEW0Aln5u
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/CKUBU/openvpn/client-confs/anw-urb/ta.key b/CKUBU/openvpn/client-confs/anw-urb/ta.key
new file mode 100644
index 0000000..738f418
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/anw-urb/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+e19230da99dc39d3169c1a77dde7ad76
+8831a21b862a03aed5db8332bff9177a
+14ede9e8e89da3d4da92a5419006adaa
+b61c895a2445fe8a8fc15ec250f1dd53
+07860a266aa331691b89b129819ba7e0
+18731572474ad3a4e87accaf7e74010b
+6b28aaf82be7a726558b1cda354888af
+a574d1fb1bd0e86a16c0bf635a3f4ede
+cd156415a01cd62617abf1eda6c38585
+df9b9e8e831ce3e645ee0ea6fc1f2c27
+1c381080d87697462c4eb69c100a099e
+902a5423692b0ec0598a165e65da298e
+bd72f0f00216b026b6a2fc3f1a6ada6e
+db76051b9d055307f0e02f11c8b16419
+b246546fe5023afd1ca2b7328c69cf47
+d48f9015f5c5655dd899736d78bd7614
+-----END OpenVPN Static key V1-----
diff --git a/CKUBU/openvpn/client-confs/b3-bornim/ca.crt b/CKUBU/openvpn/client-confs/b3-bornim/ca.crt
new file mode 100644
index 0000000..4a6a247
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/b3-bornim/ca.crt
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIE2TCCA8GgAwIBAgIJAOWbjDrr526ZMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAGA1UEAxMJ
+VlBOLUIzLWNhMQ8wDQYDVQQpEwZWUE4gQjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1
+LWFkbUBvb3Blbi5kZTAeFw0xNzAzMjIwMjE5MjVaFw00OTAzMjIwMjE5MjVaMIGj
+MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4x
+DzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAG
+A1UEAxMJVlBOLUIzLWNhMQ8wDQYDVQQpEwZWUE4gQjMxITAfBgkqhkiG9w0BCQEW
+EmNrdWJ1LWFkbUBvb3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMzzVaCu/oIRHn9CaLJdwurZvlnnZ1xI+HtWlVnVY60QBzw38Rc36VUOH+bf
+NRM+aV95Pe6h0icFmiDfnSHQwogO56tkZFq6OW9RfnC/wSVXEfVrdvV8H9JgPiLM
+WdyRIgjdeM74EdZ0tFN8sO34Bf/dv3OYGUz7qJgFnKdy7ByTgv2maRmITds9Dk58
+H8h5wl0TnGRS+A8zOz1TAIjVjdPWEFOwkKLGRCSbiWIm2qqXzbhlwYYpxifxRkXW
+tcSLOB3lKtAM53l22Qvux6J5+s0UH3+WoPo+6Gc65Jtg6SUGxTpvJZgRyMpRKLNI
+JEFzo8JMYSb50TmC/9j6ZOX82VsCAwEAAaOCAQwwggEIMB0GA1UdDgQWBBQfLl6w
+QA2SpwmD2iVsGSCeyWDNITCB2AYDVR0jBIHQMIHNgBQfLl6wQA2SpwmD2iVsGSCe
+yWDNIaGBqaSBpjCBozELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0G
+A1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsg
+U2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1jYTEPMA0GA1UEKRMGVlBOIEIzMSEw
+HwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQDlm4w66+dumTAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAmLrMjjb3MV6gjBZCIDJag6X9+
+WOLY6UJfNGXyg9qt4SxKFqvBSCC+ZB+39rvl/+ReAULKCjggM3usRuPZfcK63Ncm
+FRqkxA+3xk+c60KZd3DP+4yRdY3j1GeHip8FJloT91eVkGdCGDAFwz3njBex40BA
+qpIPOoYDKJDZElrunB/8z0KW/12HqxowEnPQaSkTiFeb9hRJMB71/LvS0OZoWPj9
+4kvNGJq8H3VdWjzLDAXfX+VYI1gTWYax47klQM6QnKBOuQGPpHvVWBr0ifFsa6Wh
+eoBxJ50RuMwLoXNZqqJD6TH8vCv7IqARnhiNKhNiDQQr5CZyr4Nwn7gT4yw1
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/b3-bornim/client.conf b/CKUBU/openvpn/client-confs/b3-bornim/client.conf
new file mode 100644
index 0000000..8818ec3
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/b3-bornim/client.conf
@@ -0,0 +1,138 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote b3.homelinux.org 1195
+
+topology subnet
+
+#push "route 192.168.82.0 255.255.255.0"
+#route 192.168.82.0 255.255.255.0
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+# user nobody
+# group nogroup
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca /etc/openvpn/client-confs/b3-bornim/ca.crt
+cert /etc/openvpn/client-confs/b3-bornim/gw-ckubu.crt
+key /etc/openvpn/client-confs/b3-bornim/gw-ckubu.key
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+tls-auth /etc/openvpn/client-confs/b3-bornim/ta.key 1
+
+status   /var/log/openvpn/status-b3-bornim.log
+log   /var/log/openvpn/b3-bornim.log
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher x
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+pull
+
+#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
+#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh
+
diff --git a/CKUBU/openvpn/client-confs/b3-bornim/gw-ckubu.crt b/CKUBU/openvpn/client-confs/b3-bornim/gw-ckubu.crt
new file mode 100644
index 0000000..96df26f
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/b3-bornim/gw-ckubu.crt
@@ -0,0 +1,97 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Mar 22 02:25:44 2017 GMT
+            Not After : Mar 22 02:25:44 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=B3-VPN-gw-ckubu/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a0:12:ec:ae:52:b3:19:53:4d:f4:ca:96:dc:4f:
+                    b8:94:e3:ff:77:97:93:2c:63:1f:af:b2:d5:e9:d4:
+                    32:16:ea:b5:62:93:c6:49:e4:48:1d:38:8b:a3:ac:
+                    11:82:50:05:24:6c:d4:5e:9b:d6:06:e5:a3:a2:77:
+                    eb:3c:14:23:2c:d0:3c:2d:15:32:8e:79:74:47:2d:
+                    1b:1b:e6:bc:bb:cd:f1:d7:e4:25:67:27:d9:e7:14:
+                    96:78:2f:f2:2e:a8:76:df:0f:20:18:ab:d6:54:31:
+                    72:88:81:be:17:2c:0d:e1:65:9f:17:b9:88:e2:b8:
+                    d4:ec:3e:a4:61:46:db:03:da:69:2d:be:2e:24:b9:
+                    53:59:9d:3d:ef:2b:75:ef:1b:40:ea:f7:a6:b2:7f:
+                    3c:b7:46:e4:f7:6c:db:8b:cc:4a:cc:3c:df:0e:a7:
+                    8c:39:2b:30:53:4a:19:10:84:34:f7:17:19:94:eb:
+                    fa:63:84:ce:4b:8f:09:04:19:38:98:24:19:24:96:
+                    6a:cf:f1:3e:42:8a:9e:cd:16:c5:39:de:bd:1e:fc:
+                    e6:57:12:3f:b5:59:d0:50:b7:38:d7:75:99:b0:4d:
+                    62:d7:95:64:fb:b5:8c:68:20:61:78:7a:04:45:c4:
+                    15:8c:92:60:b9:9e:24:3f:b5:54:fe:92:4a:1f:4b:
+                    09:37
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                01:0E:AD:99:D6:AD:30:D2:45:B3:FF:56:26:D4:E7:8F:BA:BD:41:86
+            X509v3 Authority Key Identifier: 
+                keyid:1F:2E:5E:B0:40:0D:92:A7:09:83:DA:25:6C:19:20:9E:C9:60:CD:21
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-B3-ca/name=VPN B3/emailAddress=ckubu-adm@oopen.de
+                serial:E5:9B:8C:3A:EB:E7:6E:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         16:30:40:fa:eb:4f:06:12:81:ee:94:67:b7:22:67:53:af:f5:
+         23:29:43:7f:fe:9d:50:94:cf:ab:a5:a9:f4:85:36:4c:2a:38:
+         f4:46:b4:01:5c:0f:59:3b:d7:39:2c:a7:d5:64:b5:63:83:ff:
+         e7:98:c8:94:69:cc:a5:8a:03:ac:61:c5:0a:20:46:7b:f8:86:
+         71:39:ad:a4:bc:fd:cb:dc:ed:27:95:2e:d7:f9:2f:0a:26:1e:
+         e0:1e:4e:77:94:c1:08:11:b7:5f:6c:e7:5f:a1:98:4e:a2:8f:
+         46:d2:e3:c4:b8:fb:c0:51:8d:5f:d3:3e:a0:81:e8:c6:46:ef:
+         89:57:7a:8f:d8:af:e8:48:c2:c6:64:ef:d3:1e:77:72:17:c4:
+         57:87:19:97:e2:04:e5:27:11:40:28:52:a1:fc:79:85:56:69:
+         69:0d:04:a5:8d:b8:fe:4b:ca:6e:4b:6e:bb:7e:a8:10:54:6a:
+         45:ae:49:2f:10:8c:8e:cf:d8:b1:00:97:62:ed:14:84:1c:1b:
+         5b:b6:3c:44:e3:8e:8c:ac:25:33:39:6f:9d:7b:db:7c:0a:4c:
+         ec:70:d6:17:32:e2:93:8e:33:fe:aa:e1:12:f1:99:1e:f5:f8:
+         5f:b7:94:77:83:4f:6a:de:48:1a:db:9a:62:dc:7e:87:00:87:
+         c1:73:fc:ae
+-----BEGIN CERTIFICATE-----
+MIIFOjCCBCKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBozELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1CMy1j
+YTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwHhcNMTcwMzIyMDIyNTQ0WhcNMzcwMzIyMDIyNTQ0WjCBqTELMAkGA1UE
+BhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQK
+EwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD0Iz
+LVZQTi1ndy1ja3VidTEPMA0GA1UEKRMGVlBOIEIzMSEwHwYJKoZIhvcNAQkBFhJj
+a3VidS1hZG1Ab29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCgEuyuUrMZU030ypbcT7iU4/93l5MsYx+vstXp1DIW6rVik8ZJ5EgdOIujrBGC
+UAUkbNRem9YG5aOid+s8FCMs0DwtFTKOeXRHLRsb5ry7zfHX5CVnJ9nnFJZ4L/Iu
+qHbfDyAYq9ZUMXKIgb4XLA3hZZ8XuYjiuNTsPqRhRtsD2mktvi4kuVNZnT3vK3Xv
+G0Dq96ayfzy3RuT3bNuLzErMPN8Op4w5KzBTShkQhDT3FxmU6/pjhM5LjwkEGTiY
+JBkklmrP8T5Cip7NFsU53r0e/OZXEj+1WdBQtzjXdZmwTWLXlWT7tYxoIGF4egRF
+xBWMkmC5niQ/tVT+kkofSwk3AgMBAAGjggFvMIIBazAJBgNVHRMEAjAAMC0GCWCG
+SAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFAEOrZnWrTDSRbP/VibU54+6vUGGMIHYBgNVHSMEgdAwgc2AFB8uXrBADZKn
+CYPaJWwZIJ7JYM0hoYGppIGmMIGjMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczESMBAGA1UEAxMJVlBOLUIzLWNhMQ8wDQYDVQQpEwZW
+UE4gQjMxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAOWbjDrr
+526ZMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNVHREEDDAK
+gghndy1ja3VidTANBgkqhkiG9w0BAQsFAAOCAQEAFjBA+utPBhKB7pRntyJnU6/1
+IylDf/6dUJTPq6Wp9IU2TCo49Ea0AVwPWTvXOSyn1WS1Y4P/55jIlGnMpYoDrGHF
+CiBGe/iGcTmtpLz9y9ztJ5Uu1/kvCiYe4B5Od5TBCBG3X2znX6GYTqKPRtLjxLj7
+wFGNX9M+oIHoxkbviVd6j9iv6EjCxmTv0x53chfEV4cZl+IE5ScRQChSofx5hVZp
+aQ0EpY24/kvKbktuu36oEFRqRa5JLxCMjs/YsQCXYu0UhBwbW7Y8ROOOjKwlMzlv
+nXvbfApM7HDWFzLik44z/qrhEvGZHvX4X7eUd4NPat5IGtuaYtx+hwCHwXP8rg==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/b3-bornim/gw-ckubu.key b/CKUBU/openvpn/client-confs/b3-bornim/gw-ckubu.key
new file mode 100644
index 0000000..63e793b
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/b3-bornim/gw-ckubu.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIFoCf5M5Q7nwCAggA
+MBQGCCqGSIb3DQMHBAg/IMWDanMqPwSCBMgU7zQul5AkX/TrxXfYu6f1PRJEpfb/
+v6F9NXOH42JaWp7VDTI/aQgToi0q+qZRE3GCj9eCGsv7XcltWVtt0c0Qd3jHB+N3
+IRXAqNH5dUhpuBJstMBFrYL01TbPkg7fhGhtYYJIJz11BTiwllZULGEJXTXyiusI
+zWnkt37KdnhOaWVhAHaf+gWQayB/rMiI5HM4dkdgHm/VQKBrOQGJYn8LMqLqmHKd
+kLYeYultYkPtcqDRpnxERbtLXItC2PneKU2WKPwsmCsCy6CTIJoSF6FAxluv8jhO
+etLKAzLiDRg9Q/xB+50o8ouRHtNLFSo4FoF7BSeS7ZfdVfRKMMpzUzzRys4KVQry
+vXng3IQVxLzHEEZAP9HXcGNuvXeFq5LC72oCSob0ynpPdaTnI00O8vLBib93RfIh
+Wn4Tsc7w8Ls3AWhFStkz+8sJ6iewgcp0BlhWLBbTn38sIhW9vG20zAR/CvOpT5vT
+8lxLrphsbOuf1HsH7vsYbzsXAwB5Jpu6NCpuiDS4NaBKZAAVmBi37tAc3KbTlUzx
+BUhxlrwwDSdQ8j2KXk+/LAXpXM3oj9fKyDOIzuQtFXP7dV9ohX6YHocwMoQCgCl/
+ab7mw0ouIb5uUwR5s8dFfFl8scWPsvs9/BALC+ZAfvWBaWvq9dCrngdciM90Sg1c
+CQjsBSGMbUTSSgxQE/DdI/mMRa+gqVLe6IniRB/RoKyyBdufkkqhNf2D/d0Ll5uF
+yPKvuOJxYHwGPnwknGQrBCe2KMRotzCRliMZ2ua5SPe2fhnVJ0E3jTgABz+ArZhN
+XNBAjY/lM80App2NFP6A2p1ryxf5M9j/qbiGFyPaXsnFHT/8Iku+FErWzRQ0fASQ
+SC/8kuGWWafwKig6wjHDv6yrIYrtzWiLd5OTpi6QqD1JY19s4pP04v50XL9F9scK
+ypESdCcZz9+Q18N4yxREKbCviThpTy3FBoWa1v4SZeerAroUdhGJjXzWfypzmHo4
+21J004Dhb7XXKfqsE6MU1TVDQ64Qg/NalULs3LAdHCfur/JR2Htme7/k3jAuJNDF
+SPu8PNVH9lnUcxaMVOIMfYtcwMCCn6lW25WqbKPG/VIir4WG2HmGxqbEqugNgt1H
+VTxV2uYU1CGEGTlR/EgiI0QDGjVfVLHgugvnTY0T3w7r1kfYKhyyggQ5k3mqvPFX
+4B5lm2cCUYBlg4hkWsCTOs+dBG4zB54fl1kfkZ34u9BoTSOFoBi5v0Jhg1CQEgxH
+Gesw0YH/gqR2UiWzzwQf/K3WFHaawSmK94ChEMLX6FIUbLwBC4Y9I4J0oT2wfXgi
+pzyXR2BL8ccCXlSIzvxDLie3jCgBtuwxAUkK3QifE2+ksM2+3cZk9FMXVlVnGYyz
+bTqTxZ/RJCNFIZr2Z2gl2uBhU3Q1k8aWyF6Yu+q1FxtMzIyltYgTUia72vkyGCLG
+O0mqRbsxW5RaPpIC7P1fj3IQ5IjvamDPhpG0nXX9RXNlGjRn8QbPX7NEk6WCVgc7
+dpNAaZOY68LoQpw344GVWXl5O8sQvrQuLMzoIeeMNlGxK9fjFsf/vUDz3JNy0Q8Q
+dni2K4UplAMnfeG+A2DcGQRQ11MRLLJ9cIT2z4lLvv1Vd+Lbv31O1ucdh6kuQbMG
+WXY=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/CKUBU/openvpn/client-confs/b3-bornim/ta.key b/CKUBU/openvpn/client-confs/b3-bornim/ta.key
new file mode 100644
index 0000000..5b229dc
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/b3-bornim/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+21da7cfaf8c240eaa9597be6998e7c8c
+7d58443834682a57b9af84412d7106cc
+089a4030a6380ab83988694fab469c88
+bbc1bb60d1164ad108cd4564fbed5891
+024dd88abcd93e02d5b28de7e84296b4
+cbd182474cf02852d319c864e614aa4f
+3b2747bc8b617dc897e279dc34f262de
+47f8cf2b7f3c99322710881dc7d48bb3
+224ca59ec3cfec94a392f7c30bcb08aa
+3796c4eb3c1faf682a313b146cae545a
+a052f3bdc66caf301aee6c862c10361a
+106747075f4a82742f29a230bdae4df8
+6ace60b7d8e702b792fede84f619f009
+ba6c953baf22ade495cb4da8b2702650
+1954246931a08e7e508f8535a65e5f36
+587bf48f2e80fdbe53d1ed8a797cd5aa
+-----END OpenVPN Static key V1-----
diff --git a/CKUBU/openvpn/client-confs/flr-brb/ca.crt b/CKUBU/openvpn/client-confs/flr-brb/ca.crt
new file mode 100644
index 0000000..7d5eb2b
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/flr-brb/ca.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzjCCAzegAwIBAgIJAPf/MOnEeNJTMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLUNBMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwHhcNMTIxMTExMTgyMzU5WhcNMzIxMTA2MTgyMzU5WjCBoTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNV
+BAMTBlZQTi1DQTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIdp+t
+lUB/nx3JqiZiBEkyTK2m+uH/hes4wYTpmbRY2x1YJtwQegX/sfxuu0n1xA42gON0
+eOBc2v/MmKzrGP+VP2VxWBhR/VnJsPeFTJJvD6ioM+jc9xNeZFNgHibRw4vzipyK
+ALQJK6gJ3COvhb3YWOul3njUGgZZkaikPMuTQQIDAQABo4IBCjCCAQYwHQYDVR0O
+BBYEFFb+8DvjraReG34P1h/k6dWObxLWMIHWBgNVHSMEgc4wgcuAFFb+8DvjraRe
+G34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtWUE4t
+RkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDpxHjS
+UzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADPFDfqCtYtsS/NxGVYc
+hgxKsA9S/kBifNbde0e6nmPBgufW+O3uPrkvg7Wx2EayxMhX/dVrAYm8NSNCdWXV
+5ra0lu6cTI8rwWt404e0F/o0v6u+5eWHFxSF0lDJIVhwvvVoiAUJQw8h+BlI5PYO
+JcHZCQoQE1/RE6Xp+0xgTXvW
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/flr-brb/client.conf b/CKUBU/openvpn/client-confs/flr-brb/client.conf
new file mode 100644
index 0000000..9ce01ea
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/flr-brb/client.conf
@@ -0,0 +1,137 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote flr-brb.homelinux.org 1195
+
+topology subnet
+
+#push "route 192.168.82.0 255.255.255.0"
+#route 192.168.82.0 255.255.255.0
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+# user nobody
+# group nogroup
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca /etc/openvpn/client-confs/flr-brb/ca.crt
+cert /etc/openvpn/client-confs/flr-brb/gw-ckubu.crt
+key /etc/openvpn/client-confs/flr-brb/gw-ckubu.key
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+tls-auth /etc/openvpn/client-confs/flr-brb/ta.key 1
+
+status   /var/log/openvpn/status-flr-brb.log
+log   /var/log/openvpn/flr-brb.log
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher x
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+pull
+
+#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
+#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh
+
diff --git a/CKUBU/openvpn/client-confs/flr-brb/gw-ckubu.crt b/CKUBU/openvpn/client-confs/flr-brb/gw-ckubu.crt
new file mode 100644
index 0000000..d7b6049
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/flr-brb/gw-ckubu.crt
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Sep 18 11:07:19 2013 GMT
+            Not After : Sep 16 11:07:19 2023 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-gw-ckubu/name=Christoph Kuchenbuch/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:c8:6b:44:7a:ce:51:74:af:7e:b0:db:ab:e5:cb:
+                    50:f7:01:9b:da:d4:38:7e:35:01:0c:60:4f:28:92:
+                    90:4c:dd:06:1a:a0:89:d6:65:c4:97:d4:22:35:3f:
+                    8c:0c:79:e2:ec:9a:26:4e:e7:ee:f7:73:02:65:12:
+                    9f:cf:5e:05:0c:1e:96:c7:f1:81:92:8f:ac:48:71:
+                    93:df:f8:f2:a3:66:65:ad:13:81:c1:f1:23:a2:c5:
+                    04:86:26:29:bf:2c:7d:28:43:fa:a1:3d:dd:aa:47:
+                    01:af:0f:c2:ba:e0:0b:1d:af:53:f1:f7:a8:b2:90:
+                    2f:4a:ab:c8:19:f6:9c:eb:23
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                DC:10:87:FA:DA:75:B6:5E:0D:5F:CD:4E:2C:9B:B0:E5:A1:E8:85:1D
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         9a:71:cd:8f:8a:8a:a0:96:68:01:5e:86:36:74:41:1d:1a:99:
+         66:56:83:09:c5:18:7f:a1:ec:bf:b8:17:52:e8:fb:09:9c:b3:
+         5b:b7:0f:ec:e5:4f:db:87:7d:0d:bf:4b:ce:b1:f6:fb:c8:e0:
+         99:f5:aa:39:ce:dd:8e:7d:6d:b0:70:7f:00:42:de:6e:55:be:
+         57:f4:01:8d:2e:00:b7:90:b1:92:73:65:89:20:52:8b:b9:f2:
+         28:eb:e6:32:0d:ed:a0:51:2a:73:fa:dd:6b:86:b5:71:b1:d5:
+         b7:30:59:6b:94:dd:fc:c9:47:00:35:a8:b7:18:53:c6:99:fb:
+         0a:70
+-----BEGIN CERTIFICATE-----
+MIIEKzCCA5SgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTEzMDkxODExMDcxOVoXDTIzMDkxNjExMDcxOVowgbgxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMR0wGwYDVQQDExRWUE4t
+RkxSLUJSQi1ndy1ja3VidTEdMBsGA1UEKRMUQ2hyaXN0b3BoIEt1Y2hlbmJ1Y2gx
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDIa0R6zlF0r36w26vly1D3AZva1Dh+NQEMYE8okpBM3QYaoInW
+ZcSX1CI1P4wMeeLsmiZO5+73cwJlEp/PXgUMHpbH8YGSj6xIcZPf+PKjZmWtE4HB
+8SOixQSGJim/LH0oQ/qhPd2qRwGvD8K64Asdr1Px96iykC9Kq8gZ9pzrIwIDAQAB
+o4IBWDCCAVQwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTcEIf62nW2Xg1fzU4sm7DloeiF
+HTCB1gYDVR0jBIHOMIHLgBRW/vA7462kXht+D9Yf5OnVjm8S1qGBp6SBpDCBoTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNV
+BAMTBlZQTi1DQTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlggkA9/8w6cR40lMwEwYDVR0lBAwwCgYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4GBAJpxzY+KiqCWaAFehjZ0QR0a
+mWZWgwnFGH+h7L+4F1Lo+wmcs1u3D+zlT9uHfQ2/S86x9vvI4Jn1qjnO3Y59bbBw
+fwBC3m5Vvlf0AY0uALeQsZJzZYkgUou58ijr5jIN7aBRKnP63WuGtXGx1bcwWWuU
+3fzJRwA1qLcYU8aZ+wpw
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/flr-brb/gw-ckubu.key b/CKUBU/openvpn/client-confs/flr-brb/gw-ckubu.key
new file mode 100644
index 0000000..456d2ba
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/flr-brb/gw-ckubu.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI2PZiohF8ugcCAggA
+MBQGCCqGSIb3DQMHBAhTTx6Dj3br7gSCAoDTyLVebeOV/njatPhy0qEi/DlH/6+H
+oK9kQaUV69QS6NO3N1RqqDvXu2DcdlkzLLvi1CJWgTJyeHbtKHyTMEEXI/P2SOZL
+wBGqXZ2Nav6MqjGpjzHryAAh32thyGJC5o/m/SOMX1lMvDln/g9WzC0ZRAMdNi5M
+SrLZieR41OA/0Pt7EuBIfuIvs2MhQwaUbVgdVShmBDVVS+44qJU36wmTT47mEFCD
+47ghy6xXvfykiI30fYO4qPad+nR8zpnpEGB5ZQfEx2SRdsbWxY1GMT4rAzTBMgiJ
+bbyVY8rEb0kKqbJhUFQ9jjodW2b94p6nayaJHoyO4sFEgvvPhpPsBXRPKOZXMSl1
+kNjDEwUjpPCxm2v4JpYiPUoiZO4IAKbXcfJ8WWuKZp1Du37PVD/EnXDjyKBFOyzD
+QJDF7ukzAwMHcq9bVv8AybVxC6I+1nDgdrD9s/8cBQiCyYufV/5H484GBI6d2dXo
+SyKffomnpHVK7AzAYZXmyxlQj1kwJeh73xYFH06fec0VmmH6vHkN+wjYheJLrqSi
+xZkOnxggAecIINh3kVbPrZCfKn46vYwDoFHgK8Ek7nRaIXaYGuKrRfHZRTN6g98s
++QK5iGSL/5Fg8EdsgRtAm4Ss/mBUCEY2AZF4fekfyhtzbpYLtb5XJIw42SCwJstN
+dd35UeaUWTOXkO7sIub88UVxv9VXIXpq+2DD7emd9jpyQVp0W2/jlGEvtSNUUsMD
+E26+ck8dSOnJI/FFYOeqtW24dZ+0g2NXAoUiwtqQweOJKkOjQlNV/L1Ud68zSy0e
+oDCt0c3xYx5JAXDKximQqlVAenc5rl+4kHVnG8wmULmTgWCMbYSk/sAC
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/CKUBU/openvpn/client-confs/flr-brb/ta.key b/CKUBU/openvpn/client-confs/flr-brb/ta.key
new file mode 100644
index 0000000..99d6559
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/flr-brb/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+670c1735182a2aa7373f3913f4bb9922
+1011f52b6004f688f702ee2eebf789de
+8e9a7cbbe597de15dcd0944cc77c63bb
+247ef4ec6beb0ab1ad0e68fd3224d9c3
+50f3536eb45f0582ab3deb4a84144e08
+4ab82c010550262a803f617826443ed5
+34ace631dd1115372b4b6d91523ebf9d
+5212960ff14b16776359a2c4a8a78672
+c6dd16d8e3bead764da1f39a267a5d2c
+e798d3f52e0d8ceb7cafde530cbff390
+7a099224465c3bde210bdc7e713dae1c
+05e190846e0bc7cc8e4c79427516eed3
+b580385daaef259dd823e67970ffd9f3
+125c3b6217f6622652f76f1da0ea96e5
+b9724b6abd8384f45f11d9b41a9afa7b
+34d1a506ef314806f46e64d46f4b53a7
+-----END OpenVPN Static key V1-----
diff --git a/CKUBU/openvpn/client-confs/ga-nh-gw/client-gw-ckubu.conf b/CKUBU/openvpn/client-confs/ga-nh-gw/client-gw-ckubu.conf
new file mode 100644
index 0000000..9e2dbd3
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/ga-nh-gw/client-gw-ckubu.conf
@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote ga-nh-gw-widsl.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIG2DCCBMCgAwIBAgIJAIfpECeVF6BJMA0GCSqGSIb3DQEBCwUAMIGiMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAGA1UEAxMJ
+VlBOLUdBLU5IMRIwEAYDVQQpEwlWUE4gR0EtTkgxHTAbBgkqhkiG9w0BCQEWDmFy
+Z3VzQG9vcGVuLmRlMCAXDTE4MDMwNzE4NTcwOVoYDzIwNTAwMzA3MTg1NzA5WjCB
+ojELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGlu
+MQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQ
+BgNVBAMTCVZQTi1HQS1OSDESMBAGA1UEKRMJVlBOIEdBLU5IMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBALlE1NE6tNFSDcmhjj9yyWXd1gXn7u3sk7r/gLyvUs1yIpmSKRlMJOh7kXUQ
+AXiPsNavC6QFDMq1mFjIuhkNqpl8YC2NgWhfjsaxi4+oa8d+e0nr1Y0jHkLKOWvT
+OqKHL2gqFeumOPNOQ1lyoiQzcBfgs28WLk+hfeqv4CPPrPRAXMv0C3jy73T+ZHr7
+MCCxpNIcbKZO4vxaPWwi5pnBS7RTIB0OGOEgoWTpryjRiiJ7xuZCF8bQTfucS6fl
+9sm2wuftifgU2S81bmrlQ7Wfkm2Xr/QaEKCS/nMhdju6UaC07/22SHGqaqT7eJrr
+hk3psq7ecPRmMTj9neN/yYoDByWFUz7nhGmVnCXOO3Ct8KjSeH75W0vf9rCOwY+/
+7YUz7ACiz0itjQlj+jdHqwvB3a97v/mf2WFVhbJ84dhUUeW9CmaebLAJMNIqccWX
+VibBtG4g1mv9xm0oiIpyNW89Zo24cLXX46P6OAukwSPVnTcfyCxZo2g1EHVVk5oI
+nti2sR+h6aabRR+rmPqym1R4rbPMZjDH3NNsazdINRBGkY2Igk36xYFLydrpUiKr
+uidboUu/85wZr6xKu7QJYjliP1lkxFuIuzlGFCd41q3CgYPNKO3KPLAeTOzaa6yq
+9alxtqs3z3ccOaXyjp/AsDiSsH8qoNKaMQEFyyQeRppNOkgJAgMBAAGjggELMIIB
+BzAdBgNVHQ4EFgQUIhsBj9GmWfsTD+kHmHt1fFK3SR8wgdcGA1UdIwSBzzCBzIAU
+IhsBj9GmWfsTD+kHmHt1fFK3SR+hgaikgaUwgaIxCzAJBgNVBAYTAkRFMQ8wDQYD
+VQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkw
+FwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRIwEAYDVQQDEwlWUE4tR0EtTkgxEjAQ
+BgNVBCkTCVZQTiBHQS1OSDEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWC
+CQCH6RAnlRegSTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBkQr2/
+StSTSKY3Q3OfZzh3+Lqq5Hppk02N4WwwQ9d3c7TQowoHnI/a7llgAb9gu1sExL2p
+9QSj+M4sEcSnouLUdnHDArrxJ78AHBGnPq4hHODChkrGFiqvw4yXsNcfhOdv6hrL
+LO8OJJyenSnaWL/gCqKDCjdrsB28I65ancGWyBN55UKVGxDpQi14cT2ImSPQAIAy
+Rlh7l6uZ8l9SRLtvnjZ7na4VL5JUsXYUIHqc9qUoRwF0At5UmnIPwXZvG0GgA15B
+h36Cqf21WfoYZwdff52xwKyl3qjdt3h8tq3XuAqto8rk2Q0aawDgrC9tXJwKB3mo
+EZVX1aAxmdDGKIQQzkoU6uR6tYum1H9XFci9QbBMhADLiE4ohn2ukjSV7Z47Cr3+
+sClUbqxpfJFIGknSB0KZiFBsnnrB+ICDczPljyHoXbgDV4NvUnKFjzpnFfIhkSvR
+ZOm9Qq51b+4XbmXX/+GlsxWYcM2WfkYRaJcRk12z/6Oi3udKB7omp3oI+ZGRvI3D
+Rsq1cKwPFFO3EiyPI6GV8BdYTLZ51WSgHohV5rI9c6nre05AB+97kQDUj7jz62P2
+ERZr5oWSViGniiQtgclFuMWY+VvuT3DDNtdRikMy3f59S0vslV2HkgLugXgu6RFL
+keMwZh7pXr5MP/CUpGgsLMHd627uIuryVYbaLQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHOjCCBSKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1HQS1O
+SDESMBAGA1UEKRMJVlBOIEdBLU5IMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTAeFw0xODAzMDcyMTM0MTRaFw0zODAzMDcyMTM0MTRaMIGrMQswCQYDVQQG
+EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
+Bm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEbMBkGA1UEAxMSVlBO
+LUdBLU5ILWd3LWNrdWJ1MRIwEAYDVQQpEwlWUE4gR0EtTkgxHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEA3RJLZn4alzVmYVq47nEh8G3YHJ6j2m/5QDtOE1L2sYYVUNV6FvIlQEsX9aDW
+S0ufoShyTeN3XjKXL/U88C7s1FK37Fo1l+jnsAhkxCraGeMxGrC1qhdo6lgRvDhV
+tQjJR8teGtIN7iYK5jLDEq+0J1U5DS1ORVmOZ4b6TIjW8Z97zeiVQc3bsu8Jqdct
+Tb3WKa9G57ZXN8eP4huyrXA1qsOWfkkrTPJoieuFcbqBZ5ylEQvPvgcUek90J0G/
+6JKe0z1DTCEi5KxMv+ueWvrT2qFzGybEVWwRNmHzjQUEJAOhNGXsCEZoj1HjKpVz
+xMdtQ9f7/6BWUUwOR+qfFMO4to8MbOZWdTjGU2jMlgB/KUzbmqgOFUhDxkBtpDwp
+2vMaRu5Cu5vbMXjrjnV8r2NBO/5TUawzsXkNWMytRMHux2UOgMY8Yfzvl/owCI51
+6YISg8C1z1VlGXiHYWtCOIb/J8kgtHRO0TyeX1oflXqGIvAexmcOQu82YiBKkqwm
+LOMbHOaJ5bj4FUT84zl87gfePXJyCs0dyTY+y18+eUunx6xvirDxt2aAtwwbrKSI
+KU7AxqkRm7hn9W0jdKDSFBfMEp5RP3IQRgUT1Ww4IW2YBWphCk3UIWt/xnozHUVo
+xPQ6sj9xPBul/GuOPmDngyP6fIRdlrXR48nkDXd6DzzpUx0CAwEAAaOCAW4wggFq
+MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU/RfN0H8Xjr2+04e2mjbz15uj0DswgdcGA1Ud
+IwSBzzCBzIAUIhsBj9GmWfsTD+kHmHt1fFK3SR+hgaikgaUwgaIxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRIwEAYDVQQDEwlWUE4t
+R0EtTkgxEjAQBgNVBCkTCVZQTiBHQS1OSDEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGWCCQCH6RAnlRegSTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
+BAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAJQ8
+Nc99G3xd7HbOjLFELWdO1CnoGWH9fK1OsFpbAtNKmPKU8Rf9uXfgaeydRsjjpP66
+CnPfzCSAG12fR665becRzWqCiDexBYvegS8H3VlL9ExlB6BYnRVfj2EpU/urzi+T
+EPnTcnaFuqRjt0WAM3MqbV7aKNy+kGJDMO9d50QEKBcgCK2iYL7VZyPAj30K13n+
++/wHydJAmPK4aXXZ4cchg9RBl9lpIIGIO8Oz6xfr5BfhgJjramPjGLHpJ4Y1pGrh
+R7VI4Jzkkeze1MRCOKmQ+GaUePdou0w/9C/k0e7Pv31erVGXDAtcXHJ2qzxZO9u5
+ZctJ+Ap4IhOs++GjI9xpsEnoDuOrQFOK0qREAZ0nFkkxQI0vbxGx33lzWdCkjS9Q
+K4V/V7QvYd6R9ZKYdfg2zROWelTfIRRw3+Qfa/FFGdi7lzLLukCX2UfY814cMOJz
+Zz2XqwoRxpc+YvfNaWJdUucxm1KOUzOw1LHzvi1pSzF+j73USlPZWIXA8PSkPcTM
+UXYZNzHtv9eI+a3s+FIzrSrk/AGeJSSC8fYKw/n8h8Vp/TsfIYlk5DveJyVZSV4B
+4a+sm9k/Jh3WlR0XCxutajGrUcxlfPkYdpj1mA1/c+I2eWkMQlpyXK39iVMn12Bs
+qGFRp7CLxAigMKutOthbSiD5kZrZxt6poFdV0AuA
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI1yL8hnrdSkUCAggA
+MBQGCCqGSIb3DQMHBAhZy5GBL/4zwQSCCUiDbKR0EKOVYrvrjTQHSQjDeGFwS2FM
+cDmu+aDi2oNHKjxk1DHevNDbnxksCws6HNQvclJwJ1jdwVcq44QcaotGEfw7z2B6
+wi24lYxML5t3uGpMrP/QVhtNXrxi7JgPG+9A9JHh1WCihwYDm8XQjytFTP/KvPAJ
+E4vEGvVLJk0xRHsfhTYj6s5vX60Oe1SURv1mlQBQGyEZYCoMVQGFFUnc+Q/uRo/o
+sTTJCkDUJgil/OzmkVVwHmrs1gqfHFp3ywlav7bqf38ixO19Vydz+LvqyuvtxYyh
+QFb8ZJJgTa6RvpDrgoLFQ5Ry7rjgWhzSLonQE6qYGM2gvWcNLmOGqv6wVyV/inYy
+S+fKB+clGRFM8SITr48eEQbLEa2NN5woidfplSmacQtflxiMPu9SAbgKWSzZ8PAU
+XyTcEt7tL3RAnfhXdCMWsWNlcATDOvWXj27VcJmgVp+jt0GFpBacxpW//fB6Yqy8
+C1ogguXgrQPRe5FVmVZOFgnbK5phn3qmWsNgDR/r669Ro1b4P34pSVTQb+VG9000
+cjwb785IvMk6zwl3jdKacOauiltc6H42FWUbnLy7u0TYUvDSTa8YsbNBB1kQYvlo
+kMlMJLx3o9SjYjZjPELAPHFGY03h04nWih5Ov0ygVNi2Es5+GQmj4HCl2tAMEgDX
+p3FE33b1Gobv7hJv9ode+R7lDfvciqBUsFSE+1lIvoeqM74RUDrtDEDlGY0MTpmB
+78oooQV8F5JjEkkxKZOsucIyvl5m6ZK5/N4gbHkjG0LKvyUVsAOtENxvgFPC6/zz
+Qm/IbgjCDxYAFzmdTZL0nR6VMQH7VSUBo8rLhWbswbGIXG23YDDur4Y5Qe5nR4bp
+h1f60fO3ziFcP/nmkJUdtNowT7GoueKEahs2OT6ub+aBZwE5nCVc37XucP2s/9eR
+9Bojti1Zf5c91lUgnfey+9P61mYkEVIweHcC4nc39MYhlRzWZsmoFh5j8gwvEh0i
+9hb+wNfeFNH2LDCoxwtbhfBudJe3e9eCMcDyO302LPtpc+e3mGwsdKZuaMZ07lTf
+0YYOOBQMVOOHEQWF0JuKHLaoqPtikPsgCnoRteBG5sHG18PVqJGlb+vijzUaY7Er
+AkdjafXA9m6YOo5H3mae89ax4xNfCUlu9buAIOjsM2ISKGmfRzWmCEA8MfsESaP3
+w6gducanrAP1sGspy21EDrQ49ElxpPC6aG74ic2F2vhJfdtd6kQU/Azax9nvCJIY
+xUaHVOHPPmDd0aS3EJma/Q9z+av1pGQB4hRZY/E50p8VtV8cOp2kSgUra+amYl5b
+wk4SokCgIz/cW6S0wkI+jd+uvGU4rgxgNlCGdDEP4HYjdrEb1b5aB0N+Gki5LEYl
+42qFQ6BOXxRQkydEGvPDCY0888Kivm6IvoEj8E+7C5/LVG28XcoQZWTI6QLMloQQ
+ZYcOYgjnvvMRs9wMbZrUrSYFZtLfNttWrIm4Z1lMCUmahM6CSMx2gYCBXbhMeEKV
+dc9FwL9wfcRmvtz2Hh/+EmW4tzSiwr0OxVXhdeSLmnzpAMPJBKhj2jxNs8mhj/CO
+PFSxVBB4SZlyzsuViheq89ImeGAELOWpFmKDpbdgpY8ng+QEb4TJhFEWoK29XXfe
+0ePEykrlYFn64ZDuLhWlYC4XgILkj8sJFCYGUv0D2mTSXAoVRmmiglhBvDyjOxHC
+wgU10rNuYrMARoSUqGwxcznEzsoFYfaP4BXaifTgMOP8qDcXF2gn1c36QxLYIsLO
+mu5xCK60ysNINePqJb5slxHlgC3hlDovukuvW/AZGuDHJQMnaiViJh9xGc3uXGf1
+0X9dSvNsbzrjch/pX5HKJg9UBFh6q3tR7dRmT4K/9++iB9mzLA3xFRDBFRzdl3P8
+ixWVhMMFRNM8b4uvKv/smeRzbbGTDXOG7qr+Jei3zJlEQAvqXiG9xTtp/i0IQm69
+KpM7QCGgJ2/HukvywHrwidsVQT2SCkq/wzSlg8pnal6skBK/ncVZPW7dqufT9Csi
+Zi5deietR8XeAs9mKJv+FyWL2+q/wMn4PBdHDqVDHaCgrBCSyMTJke26ytb4XQwD
+WuVLLlHMwwR+BbFIcAyq5CShfuCboJUJ+FXbzTpOWduLWbZaR/EhqrZbv+9cmCj6
+Awu3akR3QkdQJ6gHj1cUeGPtA1RiItVmQlkuMEokFY8oIolCEbzhGd3zfjo27InC
+uzGfQbuVo4D9xFNbgEE3lRG8yARp5NXgwiEF8QIwoS95qjZ4h9IQoKs18ap7QYsO
+GM1CLLvhuHFFenM61/KitgbY8WOrQilRkw1lAyIyzeLDc2i/aL1dmumbvKjVjQAU
+0BwRHO6HTtUtQKv0aH/J/p37I9HUEAhbuXDpJCg8uQa1rhe9Ebkc4GCNDrDXwOaa
+OQdguRGZGOJwlRx+5GnVqAdyGKrtqIZsBAYTSwB5Itb/xRVcPv+c4cFIQDFfcau2
+DMn8ejXCSIAAlR9MykeuMpg2jRxMDknYNqy6rtasJdHUZrSE6wuTLMpmLSb2IUBO
+BIQIbA8+0dOZ95M+5LH1wu+2D1JhGPYQ2iW/PfPMeaKZvtrKCvmWGHA+a07duor5
+YorAhCKWEYkpClpRlnQMBoqnZugivE9dhhl5IR3CZDYkQRq4kfnosT1p8aAMwCou
+PZb7pQk5R/hBT40U8U/PbHMLBy4wNCkSigBZTA6zPc3QrOw7gFQ0asioNCmq0L+3
+UiDQ4zD12y7bXdqSvQfYTnmZew4De9sCW2A25mkYIyPmdc8T9lw+03feCCcvJeUH
+xKa+OtKYsLt8pGkj6J6/1n9fOzDX+ExXtAtbsFhYrMlJaZuOg3aD3eB/MW+HbYn5
+iCloFAbOcAAn+hi+ZHCqHUot/bYLzKVxHRT6fDcU4O7Ae/ysHsG9HztlRTSjz+Ha
+2H+arhs1M4gs0KsqSPWkOuBbTuTL23jsIINXlqPYbWfepwOTyHw0q+OZLm19badR
+3ZWJEvcRHFEek0Dfq0BjnhiCcGKMppAGdRcKC/1k3KvYRtV/4sSaHZdQvmAH6kyD
+D5c9U71rOgzJw+cRhlB8yEi1f0r5G0ih3btgtTZfZ4NYk47so9hm5E7+/SXkaGWd
+/74UNEWXt4YB/vGgwYG8VDXD3+FsjQA+HX20wzS4Is0z2TUf7vQblNiSypFEWEB7
+3Os=
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+2465bfa0ca1b39fdae239633c579f730
+7c1894c67cd8cd57107824be00af4ba6
+77bb44be275b284684f1b0131cc6eb7a
+8755ad6f5ffe282608733f6652c611f4
+08f374e03ee93ce5d148a5c5b8d0a9ac
+468136e0d5ef9718b9dee785fc514d7f
+fe96e14977285b5a8c5cc27c0a864e68
+44cdb07c51273b90c16f0fb2188228f3
+808058fe88e5f51cbf5f802743ea8261
+3fc042173bcedabe518ebd0295844f75
+2dcb570c2bfd968513f4102b645113ef
+7ce8d5086b47f4e10480c9e900c6e3ed
+cff01982b7d910f795f014d4e7d44b1d
+f5400b02c8d51383271c16f6b05a790e
+a6e0f99603d6f4de67f34fe82f0dcf09
+3b99102bae425ec22a98d1b074c27728
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/CKUBU/openvpn/client-confs/ga-st-gw/client-gw-ckubu.conf b/CKUBU/openvpn/client-confs/ga-st-gw/client-gw-ckubu.conf
new file mode 100644
index 0000000..7510118
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/ga-st-gw/client-gw-ckubu.conf
@@ -0,0 +1,223 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote ga-st-gw-surf2.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIFKjCCBBKgAwIBAgIJANXFq8sijdObMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMRQwEgYDVQQHEwtTdG9ja2hhdXNlbjEY
+MBYGA1UEChMPR0EgQWx0ZW5zY2hsaXJmMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZp
+Y2VzMRIwEAYDVQQDEwlWUE4tR0EtY2ExDzANBgNVBCkTBlZQTiBHQTEuMCwGCSqG
+SIb3DQEJARYfaXRAZ2VtZWluc2NoYWZ0LWFsdGVuc2NobGlyZi5kZTAeFw0xNTEw
+MDkxNTQwMzBaFw00NTEwMDgxNTQwMzBaMIG+MQswCQYDVQQGEwJERTEPMA0GA1UE
+CBMGSGVzc2VuMRQwEgYDVQQHEwtTdG9ja2hhdXNlbjEYMBYGA1UEChMPR0EgQWx0
+ZW5zY2hsaXJmMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRIwEAYDVQQDEwlW
+UE4tR0EtY2ExDzANBgNVBCkTBlZQTiBHQTEuMCwGCSqGSIb3DQEJARYfaXRAZ2Vt
+ZWluc2NoYWZ0LWFsdGVuc2NobGlyZi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKLTHSHgX6/Ibr3AlmJfQ3k3yTvaD031Ps3c+bsXgOQEPNO4x7er
+8R47osA7FHNKI8ob7jnX/xJSJcsE2B1zsYpceW7IN/Mmmz0eZyIr7B0tu2dFixxC
+t4Vi4dBTh8ZvEaTZ3YUzROBc/YnWFyq3NFZ0DLdJBX+lFXAYg7qVyD7RCB1Yrwxq
+rJFYK28qeIi4WHfHQICZ1dBlf7qpnL76MjfzjjiTTs4MZwjYRT2RJaPOhnNzPaeF
+c11kP8T+ER46TqYbmBuImpoOntca002opJxw9iXoYJRLYYfhs4XS654iApGbG0vc
+2Kd7uH+QyWElW19EDmeDRJM6Bc0LUu1rKtkCAwEAAaOCAScwggEjMB0GA1UdDgQW
+BBQ1n9sNhkD5ZQ7jRXnON5gNKFeVWTCB8wYDVR0jBIHrMIHogBQ1n9sNhkD5ZQ7j
+RXnON5gNKFeVWaGBxKSBwTCBvjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3Nl
+bjEUMBIGA1UEBxMLU3RvY2toYXVzZW4xGDAWBgNVBAoTD0dBIEFsdGVuc2NobGly
+ZjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAGA1UEAxMJVlBOLUdBLWNh
+MQ8wDQYDVQQpEwZWUE4gR0ExLjAsBgkqhkiG9w0BCQEWH2l0QGdlbWVpbnNjaGFm
+dC1hbHRlbnNjaGxpcmYuZGWCCQDVxavLIo3TmzAMBgNVHRMEBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQCXp1hi923vehUa/Gd9Ze9UobRo0kPCLxgQkPOotUPAX+Dp
+BDJOIHzoijORN4LmtQV+UNbRGsGU+Mwbejx1b4NHrFtj6KaCbCdB3bumcSmfFbaJ
+QM+qvMtQYXx1NnFnoV6PYD9ZjfsY0AaVi5FB/eHnP5xuGzmbq7gPgG5sz2RO5jcR
+1jO26hbrOINfYplu/NNQqBfRJPwyPFjHcCD/wWE63fnue3A5Oj6jUcuNLbOAHJEy
+Pu37BPHNzjnTUdOe9scXp3WMCJXOtdxoZkfHfGKXYhz//XwX6X/hJMzOZ2K+kUHC
+NfKwQ6snmDzycXtx0EqsYjzGgxbOR0qJbK/pJhii
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIFhDCCBGygAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkhlc3NlbjEUMBIGA1UEBxMLU3RvY2toYXVzZW4xGDAWBgNVBAoT
+D0dBIEFsdGVuc2NobGlyZjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczESMBAG
+A1UEAxMJVlBOLUdBLWNhMQ8wDQYDVQQpEwZWUE4gR0ExLjAsBgkqhkiG9w0BCQEW
+H2l0QGdlbWVpbnNjaGFmdC1hbHRlbnNjaGxpcmYuZGUwHhcNMTUxMDA5MTYwNzUz
+WhcNMzUxMDA5MTYwNzUzWjCBvTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3Nl
+bjEUMBIGA1UEBxMLU3RvY2toYXVzZW4xGDAWBgNVBAoTD0dBIEFsdGVuc2NobGly
+ZjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczERMA8GA1UEAxMIZ3ctY2t1YnUx
+DzANBgNVBCkTBlZQTiBHQTEuMCwGCSqGSIb3DQEJARYfaXRAZ2VtZWluc2NoYWZ0
+LWFsdGVuc2NobGlyZi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AK7355Rx645LFvVBtQAzVNqcEVSj4xQP9B3jMiCUSP1G2LJ2EjsjPKLy5IGa5YWr
+w904xeDK7q8REvGPeDp4pT+56k6O2j7md9XOy1Y6yr+X1qVlSRXO4Hta+cKWinAY
+vjtPIL3FubVGB/FUrXZWR/GD7nyKnelCI6Gntvt2wwWt3aj+yPoV9J86MN1NwFAz
+Cxn2UcufcFPHfIDFaXpMuwbsRuRudxh3fBRYRkmarB+mRl/3HHEzpCX0gpKWVv2v
+a8RaDu/T5mg2yOiMHHUS+D40LmTdo7yzfizoVlVbGrNG5AbXs/gZRKMOLZIPyGR2
+r+eD+2KhOpFW+kdjwsPFe0ECAwEAAaOCAYowggGGMAkGA1UdEwQCMAAwLQYJYIZI
+AYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUdxceVU2ZsbHErH1NiTl5R5Oj99kwgfMGA1UdIwSB6zCB6IAUNZ/bDYZA+WUO
+40V5zjeYDShXlVmhgcSkgcEwgb4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZIZXNz
+ZW4xFDASBgNVBAcTC1N0b2NraGF1c2VuMRgwFgYDVQQKEw9HQSBBbHRlbnNjaGxp
+cmYxGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEjAQBgNVBAMTCVZQTi1HQS1j
+YTEPMA0GA1UEKRMGVlBOIEdBMS4wLAYJKoZIhvcNAQkBFh9pdEBnZW1laW5zY2hh
+ZnQtYWx0ZW5zY2hsaXJmLmRlggkA1cWryyKN05swEwYDVR0lBAwwCgYIKwYBBQUH
+AwIwCwYDVR0PBAQDAgeAMBMGA1UdEQQMMAqCCGd3LWNrdWJ1MA0GCSqGSIb3DQEB
+CwUAA4IBAQBBTSwtPN85g+0QPT8XvxYQFv9PedtEFdKf4R5JWisSI0hyvW9Sf3Vc
+4bc2GYIIG2DFSJip2lUgyvC3yOqKtT6vF32M4NS+GglDOycXWbpZNB9vtjrDvpo/
+Xhv8dSuwE9BIsoJF+peEbP6lINGi6W/p61NHWmO1ClvtZyRxb4YnqOmIEr9s3XP7
+Mm6nttX7690jwZoae/xwGOy17eUz/cGLBq2t7t7m1rhU4ErvGgJOP9PKHkgFrYjm
+jHeBXLbHsff+Tq10bhyiDb0hsAoZi1bViGpRtfaQ+eC0rXnDy/C+/nm+SzlEKeiC
+2XmTO8dbNgoOqETj7d/iDd4copvdzZYw
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI5AUTsVDif7oCAggA
+MBQGCCqGSIb3DQMHBAg12+MbxEoyygSCBMgCrl75V6WYOCdXaXmPDePYFZnY1rms
+O7VBq16osPoJCUbnowfDlWyj73kM0kypBQPK1l9ZtXiC50BgbjPS16CeeAZNvFyr
+/1glAmHv4wKArmzF8GL98vEDsKbnBV9nFnPe1YV+Rq4QqeSiOmnWJOqoFbpYDJiO
+f2Io1g9DgoYYjMhvvjMk/mG4Oa6aOueMDYBFQ17NCNwXDj65HI685SiMEYzksQEW
+GcerSML5Q9PDwbaiH+xs1AVp3MEa65PDj3KW7jcB8LenSAzodXo6dhzJelSgv2Bo
+Q769n14ZetOK0Mv/o4blxQAPsbfknKylg/tvGIkFt38mH3PBJeXCNElyWHZJD6BR
+xZah53ajLQa6XXhV2LOj+qKjgvIH4lwb10nr+eL3VdXKPXdMrGQUHHx59Z5zGnwK
+qoRvKOtx/Lk56c+ycjCo0MJW4QddxB8rBmMEduUcI+jIk0ffF26F/uWh/gZO59hj
+Tu6cGAgZY5hxkofm+b4FdyC8dNgQUspPqs9iIqkMSjttzuihme2qdQg5cgl0F2Zp
+u7FTp/E8CsRX+MpVm/i+/0oXi9hspvEwfZcg1hpk3LdF2w3Ym+Wj/jlBiUbTC17K
+YSLQQk2WEWLbvhGLA/3Hp2auYm0h4PxyG9lp1RTkK6WJSz+Vjc/Y8V01Ml5l7pT5
+22eTksbqTeNcasCZkm7dEfAiuA222qS6OUZLzUkX9cBb6EXG/XIQ0qzY6c0UR/38
+qfU0aP1Z08mIwMhGfyn/QmYTcxMw2rov6eHt2tsemDFXNf3qj2dUvJn91nu4b0OQ
+3ddYB6mazfwCOqXeAzxv+POxuJvjUIx3MmIyQtQTvlNa0nzg89DNlAtBrRKDJVvS
+mRLEBT/mFTz6KPpdfVp+qdx+akAQ7YCpmRfBs1Am685b9azOs8+VQOl8rp4PpkU3
+T2rSCRpc7O6hW+YZYBwEMgJn0Qs5YXyiE8Js+k9QB5d20hGIJQAQ6hAyLLamHcj4
+K6KaBhycvsXvB27drkkofQOVEIV751McsgwC+cxS2DRaJf4udr20Pg/2Trc539kp
+anj/hT2auv3/rGGTfY9RLblp00eCjKazltsg3/DbQ5S34hSxnipfa7o6PACxqgAk
+qgZ0G5K/smgql5nppPpE8udS0utfDKgi7lCwlviIfKY/UjsQwRr3wh1L2NrjG1nY
+f7df0/WfVAc9+LA7QBVtKp68oh2wTCGQXdhgjwJgDMJp7xA/I1kd6tsjkXPjPNct
+tg1MZYL/jDjAEzC96ikhLCjbybLVmL3NJKC8Y5+kpxrIs7W4T+ZwTXwfgBUN58Kw
+ZHK7JSQzlBKmLlRbpYcjT+Ra5Mf78xA0ZsJ5D7yVoKYmMRfGfDAXQ4s3ri/EyC5h
+t4FeFvUdrr4fTu3FlxCAOhxV6rFG/pkjIe/o0JHEZpTvxnd9algrNCTu4D6EFJTW
+tQNfQY0mctQhtuMoqG51dB1jVRnZ+f+b7bzBnsesSzJNXKcrq8N0mgcZx0nNDn65
+Db32YOv28+JaID53Bq811tHtsybiuTCx+77oubUaH1it5xIMe7NzL9/gQAPkfn5r
+LnaDPGgPFEy6UaErrCOo10CkLq61VoCj8DgQz5fQ41OQrd0WbKYR5yqh/nTXpFus
+z3U=
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+#
+# Note!
+# This option has been deprecated since version 2.4 and 
+# will be removed from later distributions.
+#
+#ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+2e6c91c0db488d5f018432f60605fbba
+5ec1afd4522ddd28d917ade2c7515daf
+9a7a3104b523c929f10a2ccdd2197b83
+949e5644669ab0f82b62e08aa887252a
+cc20618f9f8c1b0eeded6ea92a392e79
+e477a890e2800cf0cf340ac6139cf7a6
+0cfc5c713a39e8b2c44347006bb90583
+8fe0bccf4feea50e7880ee7c7c510114
+e9613960f8af9096fc46d75886b1bdbd
+773b77d9044db17109a5615614797b98
+bdacaae155966bad69819d08f1c8cafa
+1cf102981e2188d155d26043b59538b9
+15c1d67430d6b67c9c313123fb7cb427
+29cc6972e63470c74c6bf2342fb57ba3
+50d3254df49d2158f4faf5bc38fa9d69
+1014d126eac903e30f6c97df69a3b665
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 4
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/CKUBU/openvpn/client-confs/jonas/ca.crt b/CKUBU/openvpn/client-confs/jonas/ca.crt
new file mode 100644
index 0000000..8bde766
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/jonas/ca.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3TCCA0agAwIBAgIJAN8aOZJGFGPvMA0GCSqGSIb3DQEBBQUAMIGmMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEaMBgGA1UECxMRTmV0endlcmsgU2VydmljZXMxFTATBgNVBAMT
+DFZQTi1Kb25hcy1DQTESMBAGA1UEKRMJVlBOLUpvbmFzMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTAeFw0xMzEyMzAxMTM1NDVaFw0zMzEyMjUxMTM1NDVa
+MIGmMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEaMBgGA1UECxMRTmV0endlcmsgU2VydmljZXMx
+FTATBgNVBAMTDFZQTi1Kb25hcy1DQTESMBAGA1UEKRMJVlBOLUpvbmFzMR0wGwYJ
+KoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAout6qX8xnAqKRuPPLrYXFkRi8jQ8kfzP/IcD/kLvwDK+wN4Uvfb+88Lv
+pJ5dTdBWPkvBLt4wEq6gjs/Nqr0lX5V2I6HfnSN2rLvtrtIsfrjmBo0SNpvuxj8Q
+FW5cl+M7d9b8RATFg5I4Senr+pZzIZc82OliVWNSv3j/mXK4NIUCAwEAAaOCAQ8w
+ggELMB0GA1UdDgQWBBQCAq4BgqamRfpKEE0YafCQh/QdGzCB2wYDVR0jBIHTMIHQ
+gBQCAq4BgqamRfpKEE0YafCQh/QdG6GBrKSBqTCBpjELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GjAYBgNVBAsTEU5ldHp3ZXJrIFNlcnZpY2VzMRUwEwYDVQQDEwxWUE4tSm9uYXMt
+Q0ExEjAQBgNVBCkTCVZQTi1Kb25hczEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGWCCQDfGjmSRhRj7zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
+AAvXrWdgzgaLfSSgQQP0g1UlSkKwQr4KpYQuL6Hy/RJbpkhgBiAUm502G2Z4Syiv
+p+W6jvEctOUPoXnc6qPgBA7He6tBdVuH7/xshFdO2ik7LBjTWPMfNr6L49FXRJ2r
+h414q4N9S1EMZwl1TMqyXTHmHOtLoCdBub1McFu0tfni
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/jonas/client.conf b/CKUBU/openvpn/client-confs/jonas/client.conf
new file mode 100644
index 0000000..6e674b6
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/jonas/client.conf
@@ -0,0 +1,137 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote jonas.homelinux.org 1195
+
+topology subnet
+
+#push "route 192.168.72.0 255.255.255.0"
+#route 192.168.72.0 255.255.255.0
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+# user nobody
+# group nogroup
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca /etc/openvpn/client-confs/jonas/ca.crt
+cert /etc/openvpn/client-confs/jonas/gw-ckubu.crt
+key /etc/openvpn/client-confs/jonas/gw-ckubu.key
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+tls-auth /etc/openvpn/client-confs/jonas/ta.key 1
+
+status   /var/log/openvpn/status-jonas.log
+log   /var/log/openvpn/jonas.log
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher x
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+pull
+
+#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
+#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh
+
diff --git a/CKUBU/openvpn/client-confs/jonas/gw-ckubu.crt b/CKUBU/openvpn/client-confs/jonas/gw-ckubu.crt
new file mode 100644
index 0000000..e4ac354
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/jonas/gw-ckubu.crt
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Netzwerk Services, CN=VPN-Jonas-CA/name=VPN-Jonas/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb 22 13:49:03 2015 GMT
+            Not After : Feb 17 13:49:03 2035 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Netzwerk Services, CN=VPN-Jonas-gw-ckubu/name=VPN-Jonas/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:db:71:8d:eb:12:6a:d0:a9:a7:6f:66:80:3f:44:
+                    cd:48:95:9a:29:c3:15:d6:2e:66:ea:36:c2:44:85:
+                    bf:03:df:cd:c6:29:54:7c:99:a2:2e:26:7f:70:e9:
+                    5f:d8:dc:06:cb:79:4d:9f:6c:fc:e2:e3:50:c1:9e:
+                    77:88:77:5b:65:89:b1:e9:6c:e7:c9:bc:7c:a9:b6:
+                    1e:2a:e5:81:32:6c:a1:98:44:74:cd:a7:7f:7b:f2:
+                    0c:87:25:f9:ed:2e:30:9d:6a:5d:25:48:84:82:cb:
+                    38:9d:85:ca:8e:38:de:8c:25:8f:f9:f3:50:fc:3d:
+                    57:8c:b8:c9:73:2f:83:c6:41
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                5A:D4:32:1B:A5:71:82:40:00:1D:40:F3:18:29:94:F0:4D:14:78:CD
+            X509v3 Authority Key Identifier: 
+                keyid:02:02:AE:01:82:A6:A6:45:FA:4A:10:4D:18:69:F0:90:87:F4:1D:1B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Netzwerk Services/CN=VPN-Jonas-CA/name=VPN-Jonas/emailAddress=argus@oopen.de
+                serial:DF:1A:39:92:46:14:63:EF
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         6b:5a:01:5f:9b:69:de:64:1a:ec:4b:42:f4:c0:19:41:33:57:
+         36:95:50:4b:6c:32:cf:32:fd:8d:3d:1e:dd:1a:c0:ca:e9:6c:
+         57:23:51:0a:be:a5:5e:8c:87:3a:53:91:e8:f3:e5:5b:95:da:
+         e9:41:25:26:5d:0d:3a:9f:07:14:be:9f:a9:d9:4e:e8:53:82:
+         c4:39:75:63:16:22:68:6f:29:3d:4a:71:ed:bd:53:dc:84:86:
+         57:a5:93:75:f0:6e:f5:fa:31:96:e9:79:9e:4b:9c:3e:2e:91:
+         46:3a:b2:17:b6:bd:04:03:ab:27:cd:af:0f:66:ab:3e:1b:32:
+         db:80
+-----BEGIN CERTIFICATE-----
+MIIEKTCCA5KgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGjAYBgNVBAsTEU5ldHp3ZXJrIFNlcnZpY2VzMRUwEwYDVQQDEwxWUE4tSm9u
+YXMtQ0ExEjAQBgNVBCkTCVZQTi1Kb25hczEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwHhcNMTUwMjIyMTM0OTAzWhcNMzUwMjE3MTM0OTAzWjCBrDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGjAYBgNVBAsTEU5ldHp3ZXJrIFNlcnZpY2VzMRswGQYDVQQD
+ExJWUE4tSm9uYXMtZ3ctY2t1YnUxEjAQBgNVBCkTCVZQTi1Kb25hczEdMBsGCSqG
+SIb3DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBANtxjesSatCpp29mgD9EzUiVminDFdYuZuo2wkSFvwPfzcYpVHyZoi4mf3Dp
+X9jcBst5TZ9s/OLjUMGed4h3W2WJsels58m8fKm2HirlgTJsoZhEdM2nf3vyDIcl
++e0uMJ1qXSVIhILLOJ2Fyo443owlj/nzUPw9V4y4yXMvg8ZBAgMBAAGjggFdMIIB
+WTAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFFrUMhulcYJAAB1A8xgplPBNFHjNMIHbBgNV
+HSMEgdMwgdCAFAICrgGCpqZF+koQTRhp8JCH9B0boYGspIGpMIGmMQswCQYDVQQG
+EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
+Bm8ub3BlbjEaMBgGA1UECxMRTmV0endlcmsgU2VydmljZXMxFTATBgNVBAMTDFZQ
+Ti1Kb25hcy1DQTESMBAGA1UEKRMJVlBOLUpvbmFzMR0wGwYJKoZIhvcNAQkBFg5h
+cmd1c0Bvb3Blbi5kZYIJAN8aOZJGFGPvMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsG
+A1UdDwQEAwIHgDANBgkqhkiG9w0BAQUFAAOBgQBrWgFfm2neZBrsS0L0wBlBM1c2
+lVBLbDLPMv2NPR7dGsDK6WxXI1EKvqVejIc6U5Ho8+VbldrpQSUmXQ06nwcUvp+p
+2U7oU4LEOXVjFiJobyk9SnHtvVPchIZXpZN18G71+jGW6XmeS5w+LpFGOrIXtr0E
+A6snza8PZqs+GzLbgA==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/jonas/gw-ckubu.key b/CKUBU/openvpn/client-confs/jonas/gw-ckubu.key
new file mode 100644
index 0000000..71bcfe5
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/jonas/gw-ckubu.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQICD/000w6/2YCAggA
+MBQGCCqGSIb3DQMHBAj0c3QKF6N/gwSCAoAHSua9v8RQvKZJV7LAvoRIwhtVbgLH
+Yt5QOREISVUTu+wJHL5d9CQGOS5OAdDkxVQrdDmqJMUzyEQZZysYpaVFCHKgqaGz
+UxURznrGug5xLSmt+30IooAcvELwyPRq5cwwD3//NQAonN3mAZQe5fkcHCFHjAZL
+qo30yLD19xoGPaBU9mR7uRMILoRD1NbDF4a+juPfc0JxJdCYUHOBV5aR4Bf495Fd
+z5Pa9zVRIlsLwPqYEUv2SpwmlifrIGAVT4sDMy4fM/z8DwuSIiSH6ay9FEvxPyVy
+Em5WhLJ8yj+ZYC9PSWlzhTqKYLCAMCoOx8Nr+1P3p7vlNrxtJuHWX0bcBNP7BSk1
+Emeu9Nwo9miTIPdqN2t7nSoDf4vt8vY/RGyLD9Q9M7TPNCB9NqqIE/M44PuUP/oC
+1JnLJkfrZl06SSk1TC9cBacmziXjqgYZGyCDPgwkjeDB18ZY2/U/woUZcHuz8v6X
+UGuLL4hyi08V1EGIdmtIse28b0cU8eXyFPG2C5gMANzMPfqpcxMFA9gz8r8qkD8F
+sqjKvPgVQXTowO0HtB2c89/rkoF0E3T1GEdPxo7xX0gfK/WwwkQyX2hVwotu0pPD
+JFEXAGTE34/Pg09Qg8jaOaewMmqoM7UVxHz57SmxHyH1y/B5+5VVoRER2RHym23l
+hj7q60UGDIRE3ckIt5JEB4Pl0u6im+7SYXMWgqkq0zoUTBcK6WXFAiJZ8rxqJLka
+Qx4Y3HnYDPd2Cqd80XPjQ4FMM2TQROv3+7t8b2mVaoE/mUAIcY228DLag036HcK2
+SOWWLrA7cMcbkiDjCaovZoALKKyDnyBQD9AioxSbbYEdcWIjyJDYB2Kw
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/CKUBU/openvpn/client-confs/jonas/ta.key b/CKUBU/openvpn/client-confs/jonas/ta.key
new file mode 100644
index 0000000..267999f
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/jonas/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+3e1e6a6db0e098d43da080f87c6bcf9c
+6259d4439e5caa74289b3bcb0931e07e
+b3170b66ffd4b242a7aa58ac2ce19cca
+09652d59ff49a3e2b4ce570078186820
+66434fe8cee219da9cdd10e99091de98
+b2179eecf24200e5fab0c47fd268aa84
+711ebb8ca7cf154ce331067c8822eb56
+b8cf0cf1d20439deab1c83369a52f670
+56633c2c49865d8c20c77975834a57cb
+faa66bf71e704c6a80863ca7e626308b
+9e460dae6cb6ab87ce3a088c257120cb
+48f04f3103e7c5bff04c26efc57fa300
+fa2c43faa67bf1da9569541110a6860d
+329b06934e0f157fad54dfc64ab5568c
+0b116ca80f9edd7fce35103facf0e6ff
+b34c00b297ffe4e3a63808c2172f84e8
+-----END OpenVPN Static key V1-----
diff --git a/CKUBU/openvpn/client-confs/kanzlei-kiel/ca.crt b/CKUBU/openvpn/client-confs/kanzlei-kiel/ca.crt
new file mode 100644
index 0000000..593b7d7
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/kanzlei-kiel/ca.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
+VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
+CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
+DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
+ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
+xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
+k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
+A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
+w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
+0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
+68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
+/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
+VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
+MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
+cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
+mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
+SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
+ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
+uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/kanzlei-kiel/client.conf b/CKUBU/openvpn/client-confs/kanzlei-kiel/client.conf
new file mode 100644
index 0000000..b6381f2
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/kanzlei-kiel/client.conf
@@ -0,0 +1,138 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote anw-kiel.homelinux.org 1195
+
+topology subnet
+
+#push "route 192.168.82.0 255.255.255.0"
+#route 192.168.82.0 255.255.255.0
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+# user nobody
+# group nogroup
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca /etc/openvpn/client-confs/kanzlei-kiel/ca.crt
+cert /etc/openvpn/client-confs/kanzlei-kiel/gw-ckubu.crt
+key /etc/openvpn/client-confs/kanzlei-kiel/gw-ckubu.key
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+tls-auth /etc/openvpn/client-confs/kanzlei-kiel/ta.key 1
+
+status   /var/log/openvpn/status-kanzlei-kiel.log
+log   /var/log/openvpn/kanzlei-kiel.log
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher x
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+pull
+
+#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
+#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh
+
diff --git a/CKUBU/openvpn/client-confs/kanzlei-kiel/gw-ckubu.crt b/CKUBU/openvpn/client-confs/kanzlei-kiel/gw-ckubu.crt
new file mode 100644
index 0000000..cded62e
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/kanzlei-kiel/gw-ckubu.crt
@@ -0,0 +1,99 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Jun 27 23:24:59 2017 GMT
+            Not After : Jun 27 23:24:59 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-gw-ckubu/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:cb:3a:12:41:57:f6:08:8a:9d:c8:f2:7d:de:eb:
+                    9a:0a:05:44:82:28:16:30:bf:be:20:50:93:61:6f:
+                    a4:ed:ae:61:dc:2a:4b:61:03:a8:c5:c1:86:c2:88:
+                    34:66:c7:49:3d:61:59:e9:d0:88:d3:ad:af:8d:92:
+                    c8:5a:ad:a6:4d:0b:38:41:b1:85:61:34:8e:94:56:
+                    55:d4:05:85:02:5e:6d:cc:3d:81:26:1d:93:04:0a:
+                    38:d5:c0:93:22:00:93:bd:dc:1f:9b:af:1f:78:1c:
+                    f1:2c:b0:11:7e:4e:cf:62:8b:ce:7e:e2:bc:b3:8e:
+                    af:a9:c6:cc:f3:40:a2:30:d6:a0:4d:9e:3f:54:5e:
+                    74:35:67:3b:c5:78:ef:f5:9e:b1:39:fc:ad:71:13:
+                    e9:84:cf:11:55:78:59:49:26:e9:1e:35:62:66:8b:
+                    d2:f8:d7:19:94:31:5f:28:6a:69:25:a1:f7:c7:23:
+                    82:d3:48:e9:58:2d:b9:a7:8d:41:6e:dd:3b:cd:27:
+                    16:bd:6c:4d:7b:35:62:fd:b7:5a:90:ce:bb:6d:31:
+                    c7:53:b0:df:aa:08:eb:69:d5:11:c6:66:58:8d:02:
+                    61:79:bb:a0:fd:fd:8d:5f:67:26:8b:a2:d6:09:e5:
+                    78:e2:f0:7a:2f:f4:98:ec:98:7a:a8:5f:f3:64:c1:
+                    82:65
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                19:56:3C:B0:C3:18:52:DE:13:D0:D0:A6:B9:FB:E2:71:73:EC:63:2B
+            X509v3 Authority Key Identifier: 
+                keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+                serial:FE:59:AD:5E:BE:90:05:3E
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         bb:0b:05:a8:4c:67:80:ce:29:fd:b2:8f:9a:e9:3b:e4:40:9d:
+         9d:96:27:46:0b:4e:cb:0e:48:9f:4e:78:b4:fe:5c:93:f2:54:
+         c6:55:c2:18:7a:b0:c9:6f:f5:8b:a5:e6:87:0a:0d:75:23:6f:
+         cd:a2:32:d6:89:39:ad:46:3c:27:e2:cd:5d:8a:6f:7b:6a:43:
+         65:60:9d:9c:22:a8:34:52:a7:29:f4:c4:ba:65:18:86:70:6d:
+         82:09:d5:b1:4b:7d:f4:1d:5d:9f:a3:89:36:6b:62:7b:01:ea:
+         41:76:4e:22:b2:8e:b9:b7:70:e1:9e:76:d8:f9:f7:0f:67:1f:
+         fc:cb:71:4a:af:aa:60:91:15:f4:df:52:2b:c6:1e:3e:63:87:
+         cd:86:1f:52:fb:73:9f:20:d3:77:20:41:c2:fc:b7:34:93:6e:
+         8f:6f:55:3f:9f:e9:17:1d:23:63:84:d1:55:94:bf:b8:9d:46:
+         f4:d9:bf:1c:09:99:b4:dc:d0:b1:65:d0:3b:d6:94:8a:fd:78:
+         c4:b3:d9:52:24:6d:88:56:f9:ff:bb:d9:c3:c8:0c:3d:b6:60:
+         ae:5d:2c:3a:79:2d:fc:3c:46:05:a1:9d:e7:ba:07:f7:f2:48:
+         88:1b:21:36:49:72:9a:e2:a9:6f:ca:84:89:f6:83:ea:0d:b1:
+         d1:95:1f:16
+-----BEGIN CERTIFICATE-----
+MIIFcDCCBFigAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
+bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
+CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzI0NTlaFw0zNzA2Mjcy
+MzI0NTlaMIG9MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
+EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
+aWNlczEiMCAGA1UEAxMZVlBOLUthbnpsZWktS2llbC1ndy1ja3VidTEZMBcGA1UE
+KRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9v
+cGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzoSQVf2CIqd
+yPJ93uuaCgVEgigWML++IFCTYW+k7a5h3CpLYQOoxcGGwog0ZsdJPWFZ6dCI062v
+jZLIWq2mTQs4QbGFYTSOlFZV1AWFAl5tzD2BJh2TBAo41cCTIgCTvdwfm68feBzx
+LLARfk7PYovOfuK8s46vqcbM80CiMNagTZ4/VF50NWc7xXjv9Z6xOfytcRPphM8R
+VXhZSSbpHjViZovS+NcZlDFfKGppJaH3xyOC00jpWC25p41Bbt07zScWvWxNezVi
+/bdakM67bTHHU7DfqgjradURxmZYjQJhebug/f2NX2cmi6LWCeV44vB6L/SY7Jh6
+qF/zZMGCZQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYe
+RWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQZVjywwxhS
+3hPQ0Ka5++Jxc+xjKzCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/
+1KGBuqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
+BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
+dmljZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBL
+YW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJ
+AP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNV
+HREEDDAKgghndy1ja3VidTANBgkqhkiG9w0BAQsFAAOCAQEAuwsFqExngM4p/bKP
+muk75ECdnZYnRgtOyw5In054tP5ck/JUxlXCGHqwyW/1i6XmhwoNdSNvzaIy1ok5
+rUY8J+LNXYpve2pDZWCdnCKoNFKnKfTEumUYhnBtggnVsUt99B1dn6OJNmtiewHq
+QXZOIrKOubdw4Z522Pn3D2cf/MtxSq+qYJEV9N9SK8YePmOHzYYfUvtznyDTdyBB
+wvy3NJNuj29VP5/pFx0jY4TRVZS/uJ1G9Nm/HAmZtNzQsWXQO9aUiv14xLPZUiRt
+iFb5/7vZw8gMPbZgrl0sOnkt/DxGBaGd57oH9/JIiBshNklymuKpb8qEifaD6g2x
+0ZUfFg==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/kanzlei-kiel/gw-ckubu.key b/CKUBU/openvpn/client-confs/kanzlei-kiel/gw-ckubu.key
new file mode 100644
index 0000000..6c2de6a
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/kanzlei-kiel/gw-ckubu.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIgzdhh+GFVpkCAggA
+MBQGCCqGSIb3DQMHBAhQnYHUELQpXASCBMicbtCdvVEgK+pV8reDVVuacqqeIwQV
+OIa/MCryNPukqS0P10WT6SLzIN2c/A3jVAmHbm+E5Zvk6bX5LmmAIClEulVnZsbV
+qeXz/jlbKBZAj4hYVmvUfKMQUj99Hnn6JdGfEgvYauQIzhwujHvAyV7kfXufEQxj
+kUrE5U97HPfbVj4f2kUNNcLU3gSX91ILoO5lGDUcTpceYQXO00EI0ftsdHp+qKgc
+7kJ/ntt779n72r99BaFMXZ5V/DSuQeNvKE98+PIRQF1ffDW/aJZq1B1MUJC83esO
+VC2Fxg3ZNRNTcyQXC2MzQ7ZLkQWdPOsElcZ1NDqrEXUQtbrVfNCjuFvPPNeorld0
+3uLFOytLv0OTc/AMDmEFGMap8XmWBK4g63Rhi3WIwxECYp6+s7uFu5VC54poD0Fm
+aerMKnVadW9FbH69Oe5+hfhRlJ6N/H5Wp5XMCl2ttzSFcZhiiufuTjaxUgAF2vLP
+xKtrQAIQkOZJabeGrJR8zzIN/FsziWh8xHbnl3aO6gXS5SDpIypBADEvc2aibEAC
+DhJkCasUTzETpZVdRfBD2CHXk0krg2HHo3HUyw8nb4aZg9EbbMiLK113hWDCr2z3
+evhJzaTdZUvJlgNGTcLOd1ZgLpwXIil4r54LsT4A1skZ7CNgO1zVzxo/sBZ9V5J/
+PMdhTmPeqFXwHp6cA0+Cr4r0oqEBbJ0OjjwtXA8RvbTDBkKi3Bq0YgudSoJ6mgt/
+SwlsiL+FFQWnhhgWMfXXS7qEzTgHgkBM7AgupJYo2VqU/pcLOxSvbLs35MMj2cij
+Bj12/78AqHDGEwlAhyD31ndTC4Lbpy/VcBcDi7RByXPgHH2R79qXuS1WQJD5Y2CT
+UvkCFLCz+zlxyMFzRhJ+rTXPiCQTwtrnMRYmZTR+YyPa/nJcXJ5OH7aq6ypuP50C
+IeeBci5fEuiBqEH1QPmUx/ByMXVhybxUnuN0V0u4TtJJOzQrXKDz3tulklVBFFp2
+MFTU+20jAMxVmVHz03fCORZSjKShubS8AJR823lXXlW0CtcwErRqjyJyxk4svnJ9
+bRENRA+5G329kCxGm04AO4po+NCf1w08wRTJsTE9GRzDKu3i27J5jf8SxfzbCX+5
+isjOyhEgnTkM3fMWRk9t4ZSsKIg+BqwtwYQJq1AI6Now3FhxfGt+0jfO43jBOa8u
+5LnTO9uZzJL1Go0LjsFS2kL6MGQ6wYtsG0Rl2KpUtuzZgph7BHbxUMYY1UUES8tp
+S1fC9u3NIb/E4179WHzle5wBbUEZtHXxbfWzIi9fwQSKgJ3LPsjaVEjPknpzy9Sv
+sfZKsef78D9XynCAyqP4GU1nvpLaZ8+SGPiuvXc1kjHgrUm06stmvXG4Tsxiv0Ag
+aORlceD+G4tUms67AkeBWTZ+wTKukN6dfgbZqQxSC6ut0JkkDdoMOdSAl2E88XXj
+/vJHw4YdaKsCuxcL7nVIX4fiL8E8Vr/haqmaj9xBvkXorqtpPHWiyn4+aW1ZVONe
+1+kioFYClC3faJTQA1oFPfUcq38HNtLtHHh4e/JtjnYH2WE4C3vZCkEnZ60KwVh2
+7S/Sc7lu5UEyCkiKudCfX59vWRpxrzBcLy6rlncqtpWtipQjBLU24mihofJvKRBO
+qAg=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/CKUBU/openvpn/client-confs/kanzlei-kiel/passwd.txt b/CKUBU/openvpn/client-confs/kanzlei-kiel/passwd.txt
new file mode 100644
index 0000000..87ab739
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/kanzlei-kiel/passwd.txt
@@ -0,0 +1,3 @@
+   key...............: gw-ckubu.key
+   common name.......: VPN-Kanzlei-Kiel-gw-ckubu
+   password..........: uoziengeeyiephu5voh7eothu1Aex8ar
diff --git a/CKUBU/openvpn/client-confs/kanzlei-kiel/ta.key b/CKUBU/openvpn/client-confs/kanzlei-kiel/ta.key
new file mode 100644
index 0000000..e0f4e74
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/kanzlei-kiel/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+36188fa3977457d267ecae99373870f5
+ef6e44a8899d4f5ccc831e9d2dbc31ac
+e171c7e8e49e0d2edd43c3834a2d0099
+236aa4924c80971b0a34310eb69b70e2
+fbe85a7395cc10bea13ad09efa46d738
+f594c332d26c068b289ba96bbb1f661d
+efb873b76137057a62b4e27b522cfce6
+aef7ea67ec2540b00b4782780352addf
+2f7722d1edd40a8f3de3b0295e2da07e
+b46d196a4cbfd85e47739dc320af6584
+eb960e2c5ba27bf2f56381f8eb3ceaf7
+cc72d829ab05aaca6fbb205b78606ff8
+cc58bc336adb644adfb0034f9974b7d9
+f2b1308249cd74ecb555a550af6af1ad
+b15a3f03ecef5f89fa70d2fada97a1b8
+6179b0d487a6e3196209d053597a7416
+-----END OpenVPN Static key V1-----
diff --git a/CKUBU/openvpn/client-confs/mbr/client-gw-ckubu.conf b/CKUBU/openvpn/client-confs/mbr/client-gw-ckubu.conf
new file mode 100644
index 0000000..bea27bb
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/mbr/client-gw-ckubu.conf
@@ -0,0 +1,258 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-mbr.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIG1jCCBL6gAwIBAgIJANEahjl9dpJcMA0GCSqGSIb3DQEBCwUAMIGiMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUt
+YWRtQG9vcGVuLmRlMB4XDTE3MTIxODIwMzc1MVoXDTQ5MTIxODIwMzc1MVowgaIx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYD
+VQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJj
+a3VidS1hZG1Ab29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCxgVOFpm61twgXerJYeVjTi7Kv4R/aOxh9UCXqjJN6cfR2Dhj5CX07fIf7Ed0S
+8s+xBrwl3PZXACiz3CkTP7Zygw4TtYyUuTvvjzfcJfE+hv7SeYxOU/YYVlznGbqC
+o8R9uNJYKeKEJnX2oo9RnR3Q10d03twKFlm50Rv8L4Oi502Qo5gaeLMP2D81rz4o
+UcEVWU1PtnblkV7ARQOR0QF77ea3UwM5pnBxD0UnsaH4tJc7MwDSUxaDaiUZ9ecE
+sJ0+ZaTrsgB//kbF3iB0cjBs1/Qfz8vgQMVpOax6lckZZ4WKwdo3iOckglvjh6NU
+SED6H8ru2p6bmfyqjMMzpj4AQw+BYFQhDuXQpx9d5vyxS+fjW1qDVGG84Ahaj6pf
+XdznK5BXygnyItcD5Q4ZHQdz1GqCL1LdcNXiurWbSvUYLlIpotMxePEmncv006hx
+YvbLzjvsAGfsbs2gnx9IxCi+sPiFacWvpYolVdd8l67kDAihG8iokTR3wpHM6Xe6
+vD49xDnd86rRSn30dDgxsWSI8lyh15akAhzS2dUk/8aX7lIcpFNTPBJHppXalrsx
+4wuXAR/78v2eiLpdORBerzIYjgyzcpsZZZe85BrkhKi3mgu1tJZMH1yhRKvgUhnu
+K1HF8AgBi63YTvari6R1HiTtKXZqaxlJ4d3/OwIjvcxa5QIDAQABo4IBCzCCAQcw
+HQYDVR0OBBYEFGHocrkyEFyjv6enWR014LS1UYD7MIHXBgNVHSMEgc8wgcyAFGHo
+crkyEFyjv6enWR014LS1UYD7oYGopIGlMIGiMQswCQYDVQQGEwJERTEPMA0GA1UE
+CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcG
+A1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UE
+KRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA
+0RqGOX12klwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAdTsZUi6m
+BS0MqhTwPmCF2bjFOwFs+oHpEIRKwBQXSFJfOysFl6RPgn9PlmsGmNmn/2gH7GTN
+YMjPjnlArRZTVhcULG7IsabXCAgWIXcxwYciCmtFAse15kda/EUohP2yG4EIJURK
+cUCK/fer3Blh63t+K0/Dq9eWJ4bVrfLoYp+Fl+ciomQhQXz9pZrgGSvDZLGg0upi
+zGPsrEJHT+zPcJfQunZHXGF36eq5uWMuB83WYhvE8rNwz4OIDhLlongt2Lf/gWP7
+rpVlDzNarOc2tl800C3/UePtAhEr4Nr3UYcbV7Nb063o0nGklxIr3FE5jMkzOj3p
+q8Lyd+wHqPG18ysXaSbyCAjXSOQ4OjIOz1tPC3QabycNkrV4QGN6KlJypfJ16P7t
+2ui2HB1bfX9wbwXOHxjDlx7mssaaygI3+RVB5yjJGJs286AO+YInWul6T3kPAZNn
+EXhjZz8fOjRsaKR4dVZfI6/zzyg7vv++iNQ2/yNe11Bcjo5jwpuKZyFmmFpj9xoL
+0uCOJnnHrhqIfy/LVTH+b9K3UQDgBHd3InFKt/Uy1rMNyBbH0tcnj2PZGct7Mg2G
+vIgjygOKrYJytFrVtHFw2xKGIW40ohy7JzXTPjTFUj2q5GtVcGLIBiryOlTz3bsv
+s4eV4pJgMrNqR14qsRN3HvAvf4DLigpuYR8=
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHOjCCBSKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
+EDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
+bi5kZTAeFw0xNzEyMTgyMzMzMzBaFw0zNzEyMTgyMzMzMzBaMIGrMQswCQYDVQQG
+EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
+Bk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQVlBO
+LU1CUi1ndy1ja3VidTEQMA4GA1UEKRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYS
+Y2t1YnUtYWRtQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEAx/Q0+5i0lCTsMpXtQfxqi/OWcGOgWG50lqapVshmCOXKh5JT5bWRYqpumOYB
+T2VLprpWnurVCkksKO5U/rMISRxmKckThTgyG9GJLkw9we8gXxXGHfdfSo1mnY48
+9J3+pp7r+C3OSVGceBv1IGvkVRRAS2jL5IKi8TBE3YSbvPQ0Bm9CHAWXtDKE85a0
+ocj++z26WvmuCnl5mYbs39LwKbusYOzEQN+ffuTU24PKQk5R32YqxOiCxQr9kgi8
+m9CUtO3BVgF8hJBUXVc2tiDu/3QhpcafDi/nf4rLr7mlJs808BTwU8gw2aP+vnqe
+yTrKcv+wTl1D2lyhy3WVErctPJG9tijr0B/2cnAdeqf8Xh+fBysZNdV6m8u4jA3l
+oht6JnFqbRtpmUh9YQEfGm4WJ3F/BJopPvZRa5+DZYKFYySdFjtxiJmXO1E9dT1F
+2/fBUVQBdgOqHYLccySPVYDy5CFGu0VuKdl/bCqB+KNzlQi3DF0R64DGMJfF8NsW
+14+SmmdwytcYyE0LEQU4vL9Nit+pZbKbrMU3nXgMoArAiKRShS4ceJOl2koNOAmr
+ZezesJ7f0L5IArjlk7HzhxTNWq63AG/NtRMQtJzkdlihV4OVE0Guya/N8SknZXPp
+TZnWLCn7Vq3FiPRHw0ieLD6bUvYuqEk4JWW/brwZMKBEpeECAwEAAaOCAW4wggFq
+MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUyCmYxdwfXdP9ZsTs9RHh/GYg+XwwgdcGA1Ud
+IwSBzzCBzIAUYehyuTIQXKO/p6dZHTXgtLVRgPuhgaikgaUwgaIxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+Ty5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4t
+TUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
+b29wZW4uZGWCCQDRGoY5fXaSXDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
+BAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAKaX
+0hCwrna+rQvUBQ+RKIYBjThRjNu0cSm6OZIgVqhdhqOKe3CU2SwpzIiEUv2vgN9w
+aa38VffKa9J94bYqxBVCNTQvV6hK3dVbsmiVFRXVWkGwtOl0DPb+UPooX7qtdWY8
++6jvUXz6rhOZl0KFrX1Udl06VwZrG5+O0ioZnBpTEqTy+nNHG+QffThY4RMxk4fu
+9B63i0bW3dCHV/Us9fsJnxN+TqslLmRnRyVmdFqB69t3jv9Ru1OncC6bF7eHBOmX
+P8E91Atr115FVVjZXeZ7+NDpN97oqMX9Bf2OCXu/HjEQIW/zvoFScWkf8FPLjKV2
+/ms4X7H5ZDxNumkaJB3DRDPyKrkvJZQ8HqhcMKo7qPFLnBGORad/fto+SAJoBE2v
+Ie2h67vU4Wr3qQILebkCqLkYYdE9W02CAZcZ+2O0BZCtrs1HbGDIIt5CfqkrxulE
+8opGS53U8A+CXuUcOdPRrdz10/7o76chJfEciOQ1UaHShtNe5g04/SDn1UQuWltv
+YhcAZmrOUbzIY8FWFLJ0XwCMFc1m0rABskQGEDjb3UL66cgOIrUg1lDlKGZpi51c
+4eqTfuR1dk+wtwWgNU78UrIgPDw1TitA/aDRaugymPUnVeM6/CRqNSrlEU+QmIVf
+2VSZXxkvk0sFPh/1h5Hk86tezdb6ucm+3ow3HcCd
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIoJKekP1ZYoMCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHiPXCkPcmkMBIIJSBkqxukBibbl
+LdkzjsRmpDCFmPbmEzu/YKmXCMqSbgnEp0Ny2/05sWH2x7DDfZHC8IkzSZb6nqz3
+G5AenJ6wZhPhtVEHFJaiVkJv0pIGXpGvqVsXimDSBWMnIwBFUfzrKSOu7Dhiw7Cx
+1KdGgfoISh/BTLF2UAJjRqIL/Hw0nlqungeXV46twKFW83fBwxJBMj5HwfHtkTqN
+yXOoRLOFJHwYAn6qqBw7n/pJyb4XzOqmmPqC8S96WPQwTCUDlJCSg6AGpobEfxQx
+KFreSVCyQadyFSO3C8jGIOsP+55j7sk/GwABYx9iZ+hPiH1uBhhDNzLpnDbLsrgf
+chvpMoftpmgZxxd6bFbWdhZGhWKSGivmujfaAQySc8+w9ejjpCiHg9oEBsm78whh
+UcxXNrbfVpj4ivZm6K+BoM710imeQu22t/SNeO7S6Mko9Weu/8vlg3976H8E58PG
+NwseCQRyVKmIC1i8EuKbYt4Fr66YTkuv+OGdqmvTPRe8aMQOgEFU3NaoQ5rHBfma
+24NZoy/Hk1QXYSkCIc6izJdv07u44ZK2X0LGGiETin8lmCmyrph+iP51Hl2np8gk
+5PiHAVcnhuSrBP9nVOZ6XFbBFYwItTdtlkpSfJBYlNnEHK2gA6wIF8dQhQE3VXS7
+H9F3MdaJx7qVRy7qDwEG/ONBDX/QrU9cTom07TP1T7IHbqfF6koZE8fOEnwFPwpE
+4sFuaRfrPdBDaE6jww0NLdAHC8eSdNgrHHVEUnwWosAldapfmj3JNONc+tJPYo4r
+usMPPL+THX9UA9D7hxZ5wHz4fqyTlkK2bE0aK0euEaAe7tQ8+teYYEiO+OkRNQI4
+yyHAX8b1jCaCOOMTeSHdV3gFhh8wmRsZqa4i1a4lWqeQlXKA9/Iq5Uk0ujNOSYMG
+ttMyS7b38IvDCog9G1XYiSqH8DE/IzSi9tUbfUtqRX9jqUp9ZGlY0h8R/5I9oDKa
+4IQRYAjktsJDi1dxYffQpWX0XeDZdlT6drhZv3OZHfTzX7pAI8TbEcu48tuI/JpB
+zzI9/+yxF2hDNlecWYi8BP5vt5u58oiO+IEReFC1sPVssJSQisOJp1qNQCwgvNxu
+/1heDohlurh5Ra3XtFddDVg5r92A9yuM5LZFGNA4VDZe8WzFOv9adKrZARBiWqBH
+CG2KwL8o/psC37BT0SRCQd8iOHTlfMUIPd9j7WxfM1DcxywEcLCwtBjMXidVVIB+
+YG58huH2AdEgm01f7UeJrd0RBCV4Lx58nNnnkBoTQXzP5KqpAHmSndsOy8dAUf4F
+lk0zC1LARseF3r9eeFxNeMC+diQHzLOGLQNhyojlhA2/9FO546lOH3TLlBNgQ41w
+CfhTRa5aU+w+OmYjkPEnhde4NzzSXEbFMjGQvt0rrn+6jFMQ/kDLSoJEHBEa+Anf
+VAbVZThhy8JhkRrKpEht3sLUd/mR57Vrk47xZnV8uGBW0Ii28rRYdImHV3CGUys+
+S6r5o5zLa1yRhz2hGQE8kpnu5HiF4Pz7svBp8FEiRLTxvTQ9D5MgdlXUHr5Ujaco
+ivlm4WvXoNyji2FbWDVgscvfbOQgNnaQ5uY5g3rxC2PTCwNbTCGNLxYJbJ4zzkp+
+NHS9xuV39AggXJpFpb6vl30NU4pQCLDTYpembdhNmIfgGo4DS1bMSWZyz9I1OkOa
+rNtVWidyTgZd3I3v5r5weD30gb+D/aaCxSEa4CCp1e7Wbdjwb9tuj6bJsRlnAn/K
+ucDfQzTlImshtBjtWG2C+dpRyTVLpo/49kQmHhXvr/OpDWv5tggrvEZ87gEvCgOA
+KkPNFET5itNA3KkVX6fi9Lg4g94hwEqAUnKHFvhatMC6DYYXF2hnZLIAaXjCAysz
+ubxOMEeyEYEBpGnWuWgK6uv+IgwYdA9+vca69upH19J9sxvdhUluRo4ghoH2Ufuz
+gz1P852iCvVGsGgUgWsyRgEqylP726YxNyxBot8EZ8uUXVaUFs540nJRY85Sli4f
+17WzMYKTgV+790XFUgYlV8K9wVL2qCcCPwlUS/sjLIUACnuiDucMT/3J9zQcssY6
+3ka8UhMzaFGys0FQl1WwcXZ+gWtQJcF7R1nB8PCbUFt06+adyJaSrE4UTQAZYMM5
+NS06CVaVBxhZDukAq9Rw/W1mnfkJTb9IHy3n/5RJqNzf0PXDe4CbXKqRDWx4aPbr
+bklCRDCujoECsnYuTEdNbRawubCrt0uAAAudJkHQsDHJcjs1Uxr26duRhElsolJX
+bkSOiarjckoGZG2k05aBkZq9HcOMNMHiGsia9/3TmEIWkuOxY+EVB/FHUdjeJA1F
+1pI4phDz3rGYJOcWwMtW47P7vemKi7UXzfgCVW0wS/pxI5+PGUxq3NrxLz0TMdxa
+lKAH18quz3tRaqlGNQ2d9NVEn17589JLS72OFROnK0tUBQevaVwP4MHwu5g/lz8h
+C72U86jx1ps1N32y3SV5T/U0rch1PT9v8PO4kD3ojoMAjxXSe4Iv6gXaJSKmORdD
+WHb7W2Tq7IWHRjUWWl0wVsqLyEfu9LAPTw688P17UWvK4fDQDvr0dOyMRSYNBTiU
+YudmGZh0lphuEXnMmPgD5l06EmKbXzSIWwg1iMlOKQzENxTR5fr9ozvpe1KDqAGK
+Fcd/QRNydHOJcLShwhX2ZTfVMMzoE3t5hizS7cbo3j+OYKJ30P4GFbXrEIj+c6Jd
+FOT30UZWZ1lK+jFscJcKCZMDFvHVDk63pOLCdxxQlmovuaCjsdGXRh1mvtYyV+wE
+kDCbCdjjlf5Qj8TwxNmKA9Rg5dlTIOSFALGM50YX3Iq/rwJahBOpirKXNcQ8/qoG
+0sF+4jQyNQSMu6Y+9RKGBwPESZa05M9N0xbcAz+wFlOKBRXzioMRNoG5rOew1mTj
+wgxpNTidqvnVE36gw0hYy1K8+jyYwFwdh+t++p+VQ3kctc1QPVgomouC8DY7UCNg
+5wFFqm/lru87YJcsgrso6/fHvaTkA3toS5olRrmhq68hjISk1XArDm1vDo/hcvFX
+L4MLrR/LpUCccUFV26NaNJuQdvpzBiGTwyetK1+rC5QtvNvfTQL/1WeKpbOpJCkl
+2FqU9ZXvhJH4N3zxGf9LRkg/tQjYKLfDbvjZZzDnk66fJMK19FkuCm2uqeRQZHiQ
+j3AScnn8S7SPYjaNkOxAmQ==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+79d91376ee2c248cb615cd6291bf2954
+a8e96540005b24814cf8b156c133033a
+8d46114db5bb435551604fcb18c56b09
+09750d641767657cebf8151735230e61
+b2a9631cd7490ab824333b74e60e4cc0
+c3fce42e7518bd6519347f7e111b9f61
+be2682407cd8186c2c9b03987a6d0fd0
+52599e30c6e2214cd9734f442e4d9a34
+62e1dc096e13a894538798a94b2e2d54
+f1c5bd884fe95aefdd919a96cdbf8f1d
+c60a65e7b59990a11324fa1960b8cb3f
+ac2fc846d6860e50f7b35f83eb6b791b
+d59707320a80e639b2226c2d16830757
+f7d29d94fd8c5fe1ab8c939e394d2126
+bd880494edfa929b03b894c6984890c2
+8e1ab55c781b17828ec1d4126a9736e2
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/CKUBU/openvpn/client-confs/opp/ca.crt b/CKUBU/openvpn/client-confs/opp/ca.crt
new file mode 100644
index 0000000..591236e
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/opp/ca.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
+T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
+NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
+BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
+BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
+BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
+75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
+MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
+gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
+nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
+JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
+Y/hjEv3y78V8QA==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/opp/client.conf b/CKUBU/openvpn/client-confs/opp/client.conf
new file mode 100644
index 0000000..84b2ea7
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/opp/client.conf
@@ -0,0 +1,137 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote opp.oopen.de 1195
+
+topology subnet
+
+#push "route 192.168.82.0 255.255.255.0"
+#route 192.168.82.0 255.255.255.0
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+# user nobody
+# group nogroup
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca /etc/openvpn/client-confs/opp/ca.crt
+cert /etc/openvpn/client-confs/opp/gw-ckubu.crt
+key /etc/openvpn/client-confs/opp/gw-ckubu.key
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+tls-auth /etc/openvpn/client-confs/opp/ta.key 1
+
+status   /var/log/openvpn/status-opp.log
+log   /var/log/openvpn/opp.log
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher x
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+pull
+
+#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
+#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh
+
diff --git a/CKUBU/openvpn/client-confs/opp/gw-ckubu.crt b/CKUBU/openvpn/client-confs/opp/gw-ckubu.crt
new file mode 100644
index 0000000..6be5879
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/opp/gw-ckubu.crt
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 27 (0x1b)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Sep 20 11:41:43 2013 GMT
+            Not After : Sep 18 11:41:43 2023 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-gw-ckubu/name=VPN OPP/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:97:a7:33:b6:32:9c:b4:75:af:7a:7e:54:53:25:
+                    cc:06:7b:f9:e0:93:3f:2f:9d:83:d2:ce:49:27:ed:
+                    da:35:19:fc:a2:40:67:52:db:8e:ba:42:42:13:74:
+                    73:00:eb:97:12:ad:e0:5f:8e:de:59:ff:c9:d6:8c:
+                    27:a1:95:28:0e:06:5e:ae:49:29:3e:97:60:3a:76:
+                    b4:f0:e4:11:0f:c6:07:fa:e5:42:0d:e8:82:d0:71:
+                    38:a0:07:a6:aa:20:45:7e:d9:78:2e:66:53:8c:10:
+                    77:44:e8:49:57:50:5c:33:85:b0:88:61:1d:64:aa:
+                    4f:0c:bc:b2:1b:b0:5c:6d:cb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                3F:A4:2B:57:0D:33:62:CA:48:8B:87:19:C6:1E:15:A6:31:A6:FE:6B
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        20:73:fd:0e:d1:64:95:60:ef:19:ae:dc:e6:e0:38:c8:f4:aa:
+        fe:1b:89:a6:ff:ed:b2:36:ec:1a:38:08:5f:53:61:c6:b8:7e:
+        c8:fd:82:6d:69:b3:92:bf:ad:40:4e:7e:d1:b3:c4:21:5c:d6:
+        6e:eb:ea:64:51:e2:3a:49:d0:4b:49:dd:ca:9d:4b:ab:a5:b1:
+        1a:82:ff:7b:0d:44:10:91:1a:11:db:ae:8f:2a:88:8f:d9:ce:
+        a9:56:e6:da:8a:ba:27:0d:44:4b:2f:70:da:c9:34:cd:c8:19:
+        79:93:d5:45:16:49:7b:53:7a:83:3c:14:6b:09:71:bc:5c:58:
+        e8:cf
+-----BEGIN CERTIFICATE-----
+MIID9jCCA1+gAwIBAgIBGzANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEzMDkyMDExNDE0
+M1oXDTIzMDkxODExNDE0M1owgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRkwFwYDVQQDExBPUFAtVnBuLWd3LWNrdWJ1MRAwDgYD
+VQQpEwdWUE4gT1BQMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAl6cztjKctHWven5UUyXMBnv54JM/L52D
+0s5JJ+3aNRn8okBnUtuOukJCE3RzAOuXEq3gX47eWf/J1ownoZUoDgZerkkpPpdg
+Ona08OQRD8YH+uVCDeiC0HE4oAemqiBFftl4LmZTjBB3ROhJV1BcM4WwiGEdZKpP
+DLyyG7BcbcsCAwEAAaOCAUYwggFCMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
+HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUP6QrVw0z
+YspIi4cZxh4VpjGm/mswgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuT
+U+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
+BAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNl
+cnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
+DwQEAwIHgDANBgkqhkiG9w0BAQUFAAOBgQAgc/0O0WSVYO8Zrtzm4DjI9Kr+G4mm
+/+2yNuwaOAhfU2HGuH7I/YJtabOSv61ATn7Rs8QhXNZu6+pkUeI6SdBLSd3KnUur
+pbEagv97DUQQkRoR266PKoiP2c6pVubaironDURLL3DayTTNyBl5k9VFFkl7U3qD
+PBRrCXG8XFjozw==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/opp/gw-ckubu.key b/CKUBU/openvpn/client-confs/opp/gw-ckubu.key
new file mode 100644
index 0000000..112e6a0
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/opp/gw-ckubu.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,4CB95F5C6DD612B2
+
+Nw2A/U2PvM2266HmN6E58eFsPDSAFKbtiM8FLA1D20R3TDhzGETcv0J3v5iQFRMp
+oeBthXWiNOvT0HfU4cjhR5MPs3gmLN+OF8U61kCRf9767Smp8zaXdRwgQ4gOMM63
+DVQZhNlY0MaeX5IS2HKvO+gZ/DAUDTU/lDnVSe11bAibzmDwbQXZ4eV2gP8dH2/n
+nYKWagqqUjU90HpxkFO1XQgQ3ShGUoTB2v6UYqi6NhvH7Jz/0IN+eTHHPbPr2CXw
+CRm9bFQbKchp3N6V5oHhY5RO3KgNa/w+/XoxjJZ3bBeCjZeFgeNMDkKC0YnTCz+/
++hO6sgHM5I5oYYEvvZflKg7JMBSY/w/XyfWQTh2FLOvcJDh85ozU/JeQ7EbNaiRt
+ZF2TaMHbcmKSdyoW5VL3iRirq93nbpFl6wUFuifKobLniqT/rjwiSvirqoYds2S/
+sDn19aC/DtOxTXXqp3ReRvBQ56CL4exROHTYrHjh6ECvofdiWoO/tjZrcbtpsIla
+v6nTqo/FMvetbvLPoRfzfeoXIzH6q8fBJ7M10L/AGdbAEW0x5VyMTceHhn/rvdWM
+EPIewbUDKb5WQm2nPxST540fvUMizScGrKVhJbA/2uMtsKjN1G0cF0yPUouK9itW
+1ChqDPJWZJegXNcwcVHHX8hIDCcpd/sFFKVlGDThPmDv6LQ2mgy1nkIDslvsRyeZ
+j40+xfwhXQ49PnGLndkBT4MtvxR46Zt2PH9FFPC18EGDoces2Fv8IKjGVlZpd9uO
+W5D1D69vwgYVFV6E7ZMWF9z/mY53ci0VSMnRjVh3R2rTQjqXypDCDQ==
+-----END RSA PRIVATE KEY-----
diff --git a/CKUBU/openvpn/client-confs/opp/ta.key b/CKUBU/openvpn/client-confs/opp/ta.key
new file mode 100644
index 0000000..dde9eff
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/opp/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+ff2b7b56af351769ba703f874d389327
+2e8fed8405df740d51d58eff3eb25af3
+d6de19376333a9b05aa72f8b90124bbf
+5ea3085029070d28952a1fe9baa392fc
+4865bd5dbc58a4ccfc373d2ce772a217
+17f099df7d2354e404ae7690cbc50002
+151667c2af583705bd3896327917327a
+a8b2c9073e58b7deabb3ad04336170b9
+6fcce57b50827b0f393b7d1f0a7f6299
+d15140e46f6108983234eb53b0a6d56c
+6ce3815bc7f5ec9f52bc7eb680562b4f
+1241f1378b774491ca817b56f1d5ba09
+c25e8a4dff3610c60e4f9f3c306c15af
+8a70829075343f2ab24d61560804c78a
+dda39ceb12e11a0079b59dcb607166e5
+567cbf1dc83c2f32f8ce1cb4576c12df
+-----END OpenVPN Static key V1-----
diff --git a/CKUBU/openvpn/client-confs/ro/ca.crt b/CKUBU/openvpn/client-confs/ro/ca.crt
new file mode 100644
index 0000000..592c068
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/ro/ca.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE/TCCA+WgAwIBAgIJAMlUrtE4JKkVMA0GCSqGSIb3DQEBCwUAMIGvMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMP
+VlBOLVJlYWNoT3V0LWNhMRUwEwYDVQQpEwxWUE4gUmVhY2hPdXQxITAfBgkqhkiG
+9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNjEyMDIxMjQ2MzlaFw00NjEy
+MDIxMjQ2MzlaMIGvMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYD
+VQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBT
+ZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVJlYWNoT3V0LWNhMRUwEwYDVQQpEwxWUE4g
+UmVhY2hPdXQxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/Xi+e76pcPgW/mq45tSezbSTlH
+qnNmNf82uxgobSdQNKoNm41CJh/W8qjfaGAjLyuIwbPAyRCjxt1WeL9vje0mMd5P
+GVNMZsc2c72R7Yel9La51tWoDfkYjU+uQVUjPo12RTnAQwPRAS4q2riHIu+OkAzZ
+QnEEy1CC/spLqWvDDyaY2vEKWldFyIdCxT1wV/DJUESriCHoz2fgM5stslgbd3Dj
+qHsObhhlGdAI4aZ5KaAbDNk+DyiWRWefTZ7POBcLmSQCYCfbq2JXvt7ZtEt9KZM6
+RUpfPaAC2HXt+m2+zTSBhpwm6WN5MxJkQg8Po5mgVYPSVifsy2UjHNWKsVMCAwEA
+AaOCARgwggEUMB0GA1UdDgQWBBRf3ZvIHiBrLarJsif7fOv+3181ezCB5AYDVR0j
+BIHcMIHZgBRf3ZvIHiBrLarJsif7fOv+3181e6GBtaSBsjCBrzELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZP
+Lk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1S
+ZWFjaE91dC1jYTEVMBMGA1UEKRMMVlBOIFJlYWNoT3V0MSEwHwYJKoZIhvcNAQkB
+FhJja3VidS1hZG1Ab29wZW4uZGWCCQDJVK7ROCSpFTAMBgNVHRMEBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQBaFsB+tMuVX7/Yj8yGngmA3raqK2kPsyPzIDGMSgyZ
+lBkjaCIG2+VogDlJhdr4qg0WGVhtLwFdUhVlMdzKhmQFvH8BVEYcJRjinlJ4j6/5
+V6eWaVuY2uc/tfOz4vuMLSj2LFIPMjjPlGthUm2M+LITMv8yS27Ww2/5iD4B37vb
+znbJkY0khWK/oDNVvabVm/XNLt18vzmtee4XiCQoZEgnCgh7M42icScjNwPVGJx3
+co4BQk0M0yO1nnwdtLMKDRTX/FpNv2mztvh4qa/Xm74imeFFtY6WfX+jIxHdMrCX
+F4AosN0ktKNj+jFja4Vbhk+r2rME2llSsrrdr3E5JrLy
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/ro/client.conf b/CKUBU/openvpn/client-confs/ro/client.conf
new file mode 100644
index 0000000..6fb9d46
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/ro/client.conf
@@ -0,0 +1,137 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote reachout.homelinux.org 1195
+
+topology subnet
+
+#push "route 192.168.72.0 255.255.255.0"
+#route 192.168.72.0 255.255.255.0
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+# user nobody
+# group nogroup
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca /etc/openvpn/client-confs/ro/ca.crt
+cert /etc/openvpn/client-confs/ro/gw-ckubu.crt
+key /etc/openvpn/client-confs/ro/gw-ckubu.key
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+tls-auth /etc/openvpn/client-confs/ro/ta.key 1
+
+status   /var/log/openvpn/status-ro.log
+log   /var/log/openvpn/ro.log
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher x
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+pull
+
+#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
+#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh
+
diff --git a/CKUBU/openvpn/client-confs/ro/gw-ckubu.crt b/CKUBU/openvpn/client-confs/ro/gw-ckubu.crt
new file mode 100644
index 0000000..346f52a
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/ro/gw-ckubu.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-ReachOut-ca/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Dec 12 19:50:59 2016 GMT
+            Not After : Dec 12 19:50:59 2036 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-ReachOut-gw-ckubu/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:96:37:a7:11:5b:b5:7c:04:77:d3:a1:6d:fc:88:
+                    ba:e0:b1:83:32:0b:29:86:7e:7d:40:5e:79:cc:5f:
+                    35:09:fb:8d:3f:7d:22:4f:7d:ed:c9:4b:73:fb:cd:
+                    e2:eb:14:cb:95:29:67:c6:53:c4:81:01:72:e2:9c:
+                    96:6b:a2:a7:3a:08:dc:29:7e:8f:fa:37:73:21:b6:
+                    49:7e:1c:c0:31:f6:34:0c:94:62:f5:57:a8:00:8a:
+                    b1:28:82:f6:4e:a9:c1:64:d3:aa:81:57:d4:9c:6b:
+                    5d:9e:15:cc:b7:b8:a0:a8:00:68:c5:f8:22:c3:26:
+                    db:18:df:da:91:96:34:37:71:8b:d1:cb:e2:1b:52:
+                    27:db:22:57:23:fb:ec:46:79:5e:67:eb:c5:05:8d:
+                    5f:dd:b0:b9:b8:df:6f:c0:5e:ca:69:7e:66:d1:d0:
+                    63:b1:28:eb:48:82:94:c2:94:8d:95:19:47:3c:ec:
+                    08:43:e9:4e:36:b5:31:5e:a6:5c:b9:92:e9:ef:a5:
+                    3a:5d:aa:78:f1:44:4b:53:78:27:85:9b:09:19:ee:
+                    7d:d7:ec:bb:73:a8:02:e6:3d:01:71:c0:c1:07:ba:
+                    2a:f3:11:b3:c2:52:f6:aa:f6:08:2e:14:8a:b2:25:
+                    df:bb:d9:a4:3b:90:2f:0e:ec:37:cf:0b:6f:cc:23:
+                    ad:4b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                EC:45:15:E6:92:4D:CA:CA:4E:6B:7D:D3:52:18:00:A5:92:69:24:1E
+            X509v3 Authority Key Identifier: 
+                keyid:5F:DD:9B:C8:1E:20:6B:2D:AA:C9:B2:27:FB:7C:EB:FE:DF:5F:35:7B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-ReachOut-ca/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+                serial:C9:54:AE:D1:38:24:A9:15
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         8e:58:7f:4f:ff:32:4f:22:e6:98:95:bf:2c:a8:d0:c9:54:1a:
+         0c:58:4a:d5:11:b6:3d:d7:8e:c2:84:36:9b:4f:c3:0c:e5:b9:
+         f2:40:7e:e1:93:7f:28:b6:61:c6:f4:96:f3:82:f3:be:22:e5:
+         7f:b7:ea:3c:09:b7:ad:db:28:0e:79:ab:03:c0:38:c3:ae:cf:
+         85:91:d1:6d:6f:b5:c5:97:c5:72:5e:87:7a:f1:bc:9a:39:4c:
+         ae:38:e7:9a:6f:8c:ad:7f:37:12:e3:4e:38:63:04:da:20:dd:
+         d0:77:7e:66:93:8f:a3:0d:a0:1d:67:69:7f:3a:a0:b8:47:56:
+         f3:a6:e6:9e:5d:5f:ac:6e:3b:fc:df:2b:9d:31:d2:11:0b:a9:
+         3f:17:ef:9a:2b:9c:af:dc:b7:ba:46:5e:d3:77:dc:52:f3:25:
+         b6:52:c8:ae:ab:48:8b:4d:8b:a2:25:d3:80:f4:76:88:31:18:
+         4a:f1:03:39:1c:30:d1:1b:ee:ec:6d:c8:2e:42:98:56:10:a2:
+         a8:94:16:fa:c7:eb:84:6d:4b:d9:63:43:3d:cb:66:7e:81:47:
+         80:90:4e:d6:ae:a3:66:b6:08:6f:dc:46:81:1f:33:c3:89:23:
+         2e:f8:54:a9:0f:16:23:6c:e9:b5:49:88:34:bf:1e:42:39:42:
+         7f:f8:d6:89
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBrzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1SZWFj
+aE91dC1jYTEVMBMGA1UEKRMMVlBOIFJlYWNoT3V0MSEwHwYJKoZIhvcNAQkBFhJj
+a3VidS1hZG1Ab29wZW4uZGUwHhcNMTYxMjEyMTk1MDU5WhcNMzYxMjEyMTk1MDU5
+WjCBtTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVy
+bGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMx
+HjAcBgNVBAMTFVZQTi1SZWFjaE91dC1ndy1ja3VidTEVMBMGA1UEKRMMVlBOIFJl
+YWNoT3V0MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWN6cRW7V8BHfToW38iLrgsYMyCymG
+fn1AXnnMXzUJ+40/fSJPfe3JS3P7zeLrFMuVKWfGU8SBAXLinJZroqc6CNwpfo/6
+N3Mhtkl+HMAx9jQMlGL1V6gAirEogvZOqcFk06qBV9Sca12eFcy3uKCoAGjF+CLD
+JtsY39qRljQ3cYvRy+IbUifbIlcj++xGeV5n68UFjV/dsLm432/AXsppfmbR0GOx
+KOtIgpTClI2VGUc87AhD6U42tTFeply5kunvpTpdqnjxREtTeCeFmwkZ7n3X7Ltz
+qALmPQFxwMEHuirzEbPCUvaq9gguFIqyJd+72aQ7kC8O7DfPC2/MI61LAgMBAAGj
+ggF7MIIBdzAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5l
+cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFOxFFeaSTcrKTmt901IYAKWSaSQe
+MIHkBgNVHSMEgdwwgdmAFF/dm8geIGstqsmyJ/t86/7fXzV7oYG1pIGyMIGvMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UE
+AxMPVlBOLVJlYWNoT3V0LWNhMRUwEwYDVQQpEwxWUE4gUmVhY2hPdXQxITAfBgkq
+hkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAMlUrtE4JKkVMBMGA1UdJQQM
+MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNVHREEDDAKgghndy1ja3VidTAN
+BgkqhkiG9w0BAQsFAAOCAQEAjlh/T/8yTyLmmJW/LKjQyVQaDFhK1RG2PdeOwoQ2
+m0/DDOW58kB+4ZN/KLZhxvSW84LzviLlf7fqPAm3rdsoDnmrA8A4w67PhZHRbW+1
+xZfFcl6HevG8mjlMrjjnmm+MrX83EuNOOGME2iDd0Hd+ZpOPow2gHWdpfzqguEdW
+86bmnl1frG47/N8rnTHSEQupPxfvmiucr9y3ukZe03fcUvMltlLIrqtIi02LoiXT
+gPR2iDEYSvEDORww0Rvu7G3ILkKYVhCiqJQW+sfrhG1L2WNDPctmfoFHgJBO1q6j
+ZrYIb9xGgR8zw4kjLvhUqQ8WI2zptUmINL8eQjlCf/jWiQ==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/ro/gw-ckubu.key b/CKUBU/openvpn/client-confs/ro/gw-ckubu.key
new file mode 100644
index 0000000..92fa684
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/ro/gw-ckubu.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIX1f/p8SfdJ4CAggA
+MBQGCCqGSIb3DQMHBAi+ldSjE0eLdwSCBMi3tzjN920KGtkWzX8EqiUpOrNj+HzD
+i/AX1NgTAqOmLatuowdCBuezyBcNTE4YXqqbFZ5LMPi4/4cXP3LjfH3E5D1TMNT4
+QcFzSYbgHkFVTq2ghxCIyWG06J5Z8dx30G+ANfcKt2t/chyCoFf7jaGVqjQaL4cv
+AfKHgPpaVpGvbfW7st/ZzCwkma5M9OskuI716dmjLhhPpXry3HaFXOc0kGQk9UHP
+rn2kM3tPSLnX/0fwMKedb433V6h5+w+H4tiiKMhfSY34XT11NGeZ/WYvV2Ew17yf
+kNHGxewn0ad+dYcdPJVoW/8m64dOTy0opOa0eZyO1WByCqqtGnv5pkXM9tU2vEFq
+87SD50oWQ2lM4Z5jYAyrHRrb0A5ErTTa7ZWSvq+GNid6G71kR8STYnH3PgFzufQA
+14i/WqJ7UJXfv2/0xDsCr+1W0LIF6tnTK1B+08rDVTFatrLpTuVMD3vdYFBMCoF2
+RQ0P8b45Ud9zbKYEr2tVIDH06OP/qW57IQu5yjGBelnUUQhz/cdfSCJOAKqxABfH
+5PoYV01N+NISPMrToGiwl1v75WT/nTzFNwuD+Bj7jylQhXbkPa/1+LOFAoNAm3SK
+U9O8wOm2gOwVMr4FrEfPIG6JjfIuXdSgEMDUnSnSqo/vBT4O7VcHFjAACkJQ1iQU
+ZqE3LaojZrSyFRFGbTeQZd0nRTBqD/i91UwZdAZmMhFHFtbjz5b43WLIsYhIUL9s
+0r8b6CuUS7BGvBGiLFsUhcSKc3cEWChjbQlaamViykk+dp8RluI+N9G97NCEnv29
+HHjoH/1ixQlFGYlU7fnWZkKc1A/U9wog7J2Hw1DJPo1O35p7qkPlDhGJ/5d773U1
+V/dAn59liYGB/u5m33Tig/SXULXgYxPFqB0lQGk3P3J+5BEHbsuaaj0BJpVFDgxH
+1zCX01ctyGbRx/pSNQw6FmpgMRHZgnW2vnAM3LOiDlxf7tSwvD5AqWUZXOzj/uQf
+hWPENVARorjj8aBhVdbeCerHrxhBvt96FZ4xG7460hgu9ZyXTV52fbCVJqcNo7dx
+zFvXQ5KwLEv+nwATD40d4VV7pewIE3kokQ2FFb+3t2SJ9Cjd4sBU9duhrgpVNmjg
+ODA/v+VCr1KNE52JYIZOFiiueyOq93r+Vlo/TRznqcrjB2nMbfTJRJt+Cl8+IRNm
+3GjsZzHAGEg4i91YyKouFXm4pDl8z6oMa9jY7icq79uQMWCJp0SXLyyo528uKf4Q
+MHQQrti/+/41yqNNdnw8XcQFL9FLh8YLCn9Kn7Er0C0XGrmFlcgC78ROi7XxClFO
+a9dwJSlRgsDq5nN9oYRJI+gECHXOLoBtHiXNd8LXyjrO7IxhCcpq/xyF9QA5zxot
+7QsXm9zfhGXp3kE3bJN7qO8yJgwUpcKRb8dL7LUcAJZEP5HkLyL0Aw4FSRfKUJ2f
+Dq92Zee+yyvKxamIpVLZDCLhSHghMOqip1/r4Z50UrFhy+0yyjkzF+0Z8S5Rew9f
+o/oNdZV8acDqYbzY1fDZN1ZHVIc+hf7vyVSxp4nyDvTusa6MxPw0C3fn8/qcv8qN
+Ez2+K15DBtdzkOJXPUFaCPn/HHpl5++WI314o+8eci8E8Q8y36a1btFlr9vMw8hR
+998=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/CKUBU/openvpn/client-confs/ro/ta.key b/CKUBU/openvpn/client-confs/ro/ta.key
new file mode 100644
index 0000000..86a5b17
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/ro/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+0d93f89ecf24cf310bd30e8319a142e1
+4ebf7508a293db1392c69e7cd4079271
+a27f9e64288772ffc7d6645cd7c7f5d5
+0681237cff1fe4ef520d9b90609f053f
+e4980b81c1cf14015ea0510114c4a71d
+b0fac8f22a02fa4bb63dbfb90b094842
+9ae86a022ee4f8ea344cfb89cb787fa8
+79b5ac1178bcba8cc27619cdd5ba7a0f
+46d11ea63d7a9fe1f1ff84d631124ce7
+04ea9fd27add0e4462cc5a404227f0bc
+533647d8412d6399010729d4dd4dbd6f
+70d667a64ef8183d9db91ee13c5efe2d
+3f559bf3c5bb0fce0010522dd61ee765
+1b078eb55aea89a0c89f23ba7a6d2c39
+b5ca2616e27001dfbf7e58065a31ad61
+1d236dc8bff5873f97d0790df1de11db
+-----END OpenVPN Static key V1-----
diff --git a/CKUBU/openvpn/client-confs/so36/ca.crt b/CKUBU/openvpn/client-confs/so36/ca.crt
new file mode 100644
index 0000000..6ebeeda
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/so36/ca.crt
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIGzTCCBLWgAwIBAgIJAKuW4e7lOKjBMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xETAPBgNV
+BAoTCHNvMzYubmV0MREwDwYDVQQLEwhzbzM2Lm5ldDEUMBIGA1UEAxMLc28zNi5u
+ZXQgQ0ExETAPBgNVBCkTCHNvMzYubmV0MR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0
+QHNvMzYubmV0MB4XDTE3MDYwNzE5MTkzM1oXDTI3MDYwNTE5MTkzM1owgZ8xCzAJ
+BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjERMA8G
+A1UEChMIc28zNi5uZXQxETAPBgNVBAsTCHNvMzYubmV0MRQwEgYDVQQDEwtzbzM2
+Lm5ldCBDQTERMA8GA1UEKRMIc28zNi5uZXQxHzAdBgkqhkiG9w0BCQEWEHN1cHBv
+cnRAc28zNi5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+72M9
+e5VDY9bQv0KXFOhYVP1JMojpyQitAmAtLJOBtPzrxRKHQgwk8RALOV5Vd25i3bWV
+CsyIO7lBd3JXvETogcAgSuPYo2qlCvP6ja3y+mG0KcdV+VHfzOlsKjkrSTVpHbHZ
+4eknnE9oNL6NEFNQ1qGBs9FO+E1l7T0MThM57pfXvh7EvHZRexyVDF46mr6Ko2S3
+dxfW1vOD8ULzbIVACUODIh5ZM6+/OaxgFM5yda2o3NPUrSWIyQS/2cmHgMBqacH/
+q1p72iwV1UHgr+8MV6MWQoxMcTpFbUkWCvz1TIOqT2DhX1FTVCjZ26FvRct++S15
+unlHxO+Gr6xiP6dClTP/bUrQVvkK8lZBkIewF67xHlMEVjW0pzBS0cQi7BwKWzkJ
+4GH24CY9QOnOalc0ORo1FY66VlJytQfPql8zPp9Ucx+KHFH3siSzY8IKACZSfh8B
+1SaTMDcWvGvdpIG0/yq0po5kgQwDJVkmPU+lmqhQ3e+HA8tJ82P0EmBmtRNhKtZF
+rGyIw9/k4h6Nr0ihUO1uxVJG1bbEVszpy+oT3EwCYo0WL+WSFQ/2h9Y+OUqljz86
+SEI7dHxP8uj+w8V8ITRYSPrzv2iH3pwE35Vo2mPDEn9bUc0QrY3f+hL+n4e83bhQ
+k9Z15cbplfyal/eMlgU1C7bv94anTRzsWEPkuwIDAQABo4IBCDCCAQQwHQYDVR0O
+BBYEFNAuARkBJeMMa5jcjhFJT635LHFfMIHUBgNVHSMEgcwwgcmAFNAuARkBJeMM
+a5jcjhFJT635LHFfoYGlpIGiMIGfMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xETAPBgNVBAoTCHNvMzYubmV0MREwDwYDVQQL
+EwhzbzM2Lm5ldDEUMBIGA1UEAxMLc28zNi5uZXQgQ0ExETAPBgNVBCkTCHNvMzYu
+bmV0MR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QHNvMzYubmV0ggkAq5bh7uU4qMEw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAq4I1SRHvZSe1xBFsd79b
+xVUlY3y743yDsSFJYbEl3E1tbufBuidQcfZlX5j5clHZt40DfZV1YniyWgaOBxOm
+XqljVOIX1GaEPZiQlLWCbmOifEiTSa7BxFFZBRNO0PYe4vzJ6dp/lIUEApVK0S+X
+QhXkNp1Xh7aYYNW46/1DHdwVhJo+tZlHkAYy+8m/xF5dWDDtxNkTNI3v2SPC8ujv
+xgoHCJk1+dKZ26Y7BPv18hkw7LhrFlQeZraa1Dz6EDb/FIGcS0Caw3WMbOMiMuyD
+gzKP75o7Brue46HcM5DB3j5Q5Qbgir/2NqWFoIv2062lbY34Vrkoihmz/daIj07T
+1xFQ8qqk973WKUyxyZunKHfVaRCxG9KQN8/iDzaGJFWVo8U9PLsiIqyL9twdSu2P
+zSQZMJ6GicdxAMIVrh58FneCt3G7bNmVLeSUpGTbGPrCbwtHFGhREADRA5PZ4NRb
+5iB9+bQExqdTXyZozcHp7pp2dTHJU1yui6AOsOYyaGhFiOCzVE9KPLvhOTVGClQY
+gBxcEkM4rr6T07roEWW0I/X0+pWx1wLsGp6x4dqypE3piGj+l9XMhq6GCWuS0Hwu
+8CLoAWaN6I4jHjkwjKc8dEbm7PZw2/2rUqWEU2N+T3LCQSF1uTCC3TDmPPHapfwI
+t104nf7W0IY4I64g+onavOA=
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/so36/ckubu-gateway.crt b/CKUBU/openvpn/client-confs/so36/ckubu-gateway.crt
new file mode 100644
index 0000000..8a4d8c4
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/so36/ckubu-gateway.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 12 (0xc)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=so36.net, OU=so36.net, CN=so36.net CA/name=so36.net/emailAddress=support@so36.net
+        Validity
+            Not Before: Jun  7 19:34:49 2017 GMT
+            Not After : Jun  5 19:34:49 2027 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=so36.net, OU=so36.net, CN=ckubu-gateway/name=so36.net/emailAddress=support@so36.net
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c8:bf:6c:c3:92:0d:dd:82:c3:89:00:5f:5b:8f:
+                    30:ea:65:ec:35:72:f6:24:05:81:8a:ce:64:3a:93:
+                    f1:ff:fd:9a:31:43:49:53:c0:3e:63:b5:17:81:50:
+                    e9:7f:79:f9:b9:3a:f2:fa:df:eb:29:5e:2f:f9:ca:
+                    aa:c9:07:56:11:59:6a:52:40:7d:1e:21:44:65:ee:
+                    fd:e3:b3:e7:18:9b:25:bc:33:05:b9:b6:39:e9:0b:
+                    20:75:53:01:db:78:3d:2f:bd:e5:50:35:ce:d6:23:
+                    b7:d9:e0:d4:72:d5:8b:eb:17:9d:de:f6:58:28:37:
+                    db:2a:fc:0f:b7:a7:b0:a7:a1:b6:b2:10:9c:39:96:
+                    a8:28:54:da:e0:85:20:5d:1e:b7:62:e3:f3:2c:be:
+                    c5:bd:8a:d7:57:6c:13:c0:cd:51:48:40:41:17:15:
+                    79:1c:3d:0e:e5:66:9c:56:25:90:1d:69:5c:bb:a5:
+                    c5:6d:14:10:e9:47:47:f8:50:09:a4:65:3d:c9:9a:
+                    8b:b2:d0:5a:95:19:d8:b5:eb:2e:78:2e:e9:f3:8e:
+                    6c:82:d5:d6:17:7c:ee:ef:64:8e:3b:97:8e:83:37:
+                    63:ea:4a:f9:71:5d:67:fb:31:0f:76:c0:9f:e7:d6:
+                    fb:4b:2b:17:5d:bc:46:d8:85:b5:8a:c3:e7:5a:87:
+                    28:ef:bd:1a:bf:66:cb:9d:61:85:72:ee:00:bb:4d:
+                    9b:03:a3:88:9e:bc:30:66:64:5a:a0:f2:dd:69:4b:
+                    0c:39:aa:d6:fa:fb:9f:6e:81:18:f8:84:dd:c6:cd:
+                    07:2f:0c:77:d6:91:9d:da:77:d3:e7:3a:c9:be:02:
+                    72:91:2b:86:69:42:a2:88:c4:85:ad:09:de:d0:95:
+                    e4:16:99:8e:8a:a7:41:a2:e0:0a:6f:44:34:6b:23:
+                    bd:15:6c:3e:48:23:92:d1:be:33:11:b5:bf:79:cc:
+                    f8:0e:5f:3b:88:8f:90:5c:94:96:d4:3d:a1:da:01:
+                    2c:c1:de:91:fa:d2:e3:67:e5:34:19:65:7d:b7:32:
+                    90:d0:d0:36:35:20:71:d6:b4:32:aa:c5:e3:9d:6c:
+                    b1:f8:b6:d4:4b:52:16:dc:0e:b0:9f:44:e7:4d:1f:
+                    ed:5e:fb:e7:19:b9:f7:b1:e5:ff:e1:ae:23:04:a2:
+                    52:fb:ce:79:eb:7c:58:8a:b8:b6:83:88:82:08:6a:
+                    92:25:80:ae:d5:e2:79:2c:c1:ea:21:e5:08:ae:de:
+                    0a:69:c1:2f:5c:e2:8b:e6:4b:21:57:0a:be:d2:86:
+                    39:de:e0:8a:c3:58:c8:ec:07:28:aa:3f:12:27:d5:
+                    50:ae:7b:75:c0:b3:74:04:03:73:df:62:94:cf:d7:
+                    49:ee:b3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                B8:AB:F9:BC:B2:A2:11:23:D4:3B:03:5E:59:B4:98:80:FF:51:16:DD
+            X509v3 Authority Key Identifier: 
+                keyid:D0:2E:01:19:01:25:E3:0C:6B:98:DC:8E:11:49:4F:AD:F9:2C:71:5F
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=so36.net/OU=so36.net/CN=so36.net CA/name=so36.net/emailAddress=support@so36.net
+                serial:AB:96:E1:EE:E5:38:A8:C1
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:ckubu-gateway
+    Signature Algorithm: sha256WithRSAEncryption
+         09:1b:bb:a3:38:8f:69:09:0a:00:b3:f3:4e:ab:55:66:c7:d1:
+         61:19:5b:a1:57:de:2d:30:58:31:08:a9:5f:c7:bf:7d:29:ef:
+         26:0b:54:98:a6:61:4d:42:d6:12:6f:4f:59:40:67:be:e0:14:
+         21:1e:ed:0d:e3:d4:9a:38:c4:a2:d4:c6:94:1b:c3:6e:a4:4e:
+         13:cf:7b:0c:66:1f:b3:f5:eb:33:d9:50:10:01:cd:eb:62:ae:
+         04:3a:d2:2f:16:e4:e9:b6:b1:1f:83:b5:21:6f:0c:72:87:60:
+         10:a8:84:66:e8:18:29:b0:ca:26:5e:63:ba:25:59:24:42:ef:
+         9d:5c:5e:66:3e:ce:72:ae:2b:a4:e6:bd:f1:8d:3e:dc:10:f2:
+         1b:e4:1c:d9:66:6f:8d:58:d1:6d:60:e9:75:21:da:dd:14:41:
+         87:d2:f8:18:05:db:9c:8d:7e:8b:d4:05:3d:3a:26:fd:a6:2a:
+         2d:73:47:dd:59:7a:ff:e3:b2:b6:59:1c:6d:c1:a8:0c:b4:d7:
+         bb:75:69:54:cb:05:7b:5d:be:ba:a3:8e:f1:d6:06:2b:85:23:
+         96:59:a9:ad:b9:c9:71:d9:35:cd:86:da:0b:f6:19:d3:c4:81:
+         5c:20:22:32:fb:6a:68:2c:12:0b:09:37:11:80:9c:b3:0e:16:
+         45:8a:71:63:fb:64:a0:f3:b3:c1:de:7c:33:eb:67:a7:40:f0:
+         98:bd:6b:d4:02:bc:4e:51:80:2b:cb:27:4f:00:97:32:51:f3:
+         b1:33:2b:bd:c3:f2:0d:6b:7d:95:5e:8f:b9:96:d1:43:59:d6:
+         8e:39:3d:fd:12:51:2f:30:bf:e1:d4:9b:44:67:0e:b0:c1:d5:
+         1b:58:28:11:4b:a2:a3:68:e6:ce:70:6f:79:9d:ac:ee:54:71:
+         67:dd:61:1c:97:9b:5b:ed:d4:ec:76:20:60:bf:e9:8e:42:a0:
+         17:e7:ca:38:7d:e2:0c:77:e5:6b:e7:cc:4d:7f:b3:84:2a:8b:
+         08:6c:8a:f9:d5:6b:b0:43:59:c8:8a:69:4e:83:c4:42:3b:d9:
+         74:3f:a2:ac:66:52:e4:79:69:6c:a2:0f:2a:e7:49:60:a2:14:
+         12:23:73:1d:31:65:c9:09:38:97:af:fa:56:8e:8a:ed:0f:1c:
+         fa:da:6a:7c:28:90:64:ff:e4:ff:7c:29:cf:0a:78:a3:25:33:
+         0b:9b:73:18:5a:7e:03:16:4a:ff:dd:ec:0c:c9:57:56:d1:e7:
+         e1:df:1b:48:af:cd:93:05:cb:31:90:f7:14:ec:c3:22:c6:4b:
+         3c:fe:a3:d6:24:cb:a6:dc:70:1b:55:3a:e4:29:25:0c:65:0c:
+         de:3f:83:5f:9f:be:61:30
+-----BEGIN CERTIFICATE-----
+MIIHLzCCBRegAwIBAgIBDDANBgkqhkiG9w0BAQsFADCBnzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMREwDwYDVQQKEwhzbzM2
+Lm5ldDERMA8GA1UECxMIc28zNi5uZXQxFDASBgNVBAMTC3NvMzYubmV0IENBMREw
+DwYDVQQpEwhzbzM2Lm5ldDEfMB0GCSqGSIb3DQEJARYQc3VwcG9ydEBzbzM2Lm5l
+dDAeFw0xNzA2MDcxOTM0NDlaFw0yNzA2MDUxOTM0NDlaMIGhMQswCQYDVQQGEwJE
+RTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xETAPBgNVBAoTCHNv
+MzYubmV0MREwDwYDVQQLEwhzbzM2Lm5ldDEWMBQGA1UEAxMNY2t1YnUtZ2F0ZXdh
+eTERMA8GA1UEKRMIc28zNi5uZXQxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAc28z
+Ni5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDIv2zDkg3dgsOJ
+AF9bjzDqZew1cvYkBYGKzmQ6k/H//ZoxQ0lTwD5jtReBUOl/efm5OvL63+spXi/5
+yqrJB1YRWWpSQH0eIURl7v3js+cYmyW8MwW5tjnpCyB1UwHbeD0vveVQNc7WI7fZ
+4NRy1YvrF53e9lgoN9sq/A+3p7CnobayEJw5lqgoVNrghSBdHrdi4/MsvsW9itdX
+bBPAzVFIQEEXFXkcPQ7lZpxWJZAdaVy7pcVtFBDpR0f4UAmkZT3Jmouy0FqVGdi1
+6y54LunzjmyC1dYXfO7vZI47l46DN2PqSvlxXWf7MQ92wJ/n1vtLKxddvEbYhbWK
+w+dahyjvvRq/ZsudYYVy7gC7TZsDo4ievDBmZFqg8t1pSww5qtb6+59ugRj4hN3G
+zQcvDHfWkZ3ad9PnOsm+AnKRK4ZpQqKIxIWtCd7QleQWmY6Kp0Gi4ApvRDRrI70V
+bD5II5LRvjMRtb95zPgOXzuIj5BclJbUPaHaASzB3pH60uNn5TQZZX23MpDQ0DY1
+IHHWtDKqxeOdbLH4ttRLUhbcDrCfROdNH+1e++cZufex5f/hriMEolL7znnrfFiK
+uLaDiIIIapIlgK7V4nksweoh5Qiu3gppwS9c4ovmSyFXCr7Shjne4IrDWMjsByiq
+PxIn1VCue3XAs3QEA3PfYpTP10nuswIDAQABo4IBcDCCAWwwCQYDVR0TBAIwADAt
+BglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0G
+A1UdDgQWBBS4q/m8sqIRI9Q7A15ZtJiA/1EW3TCB1AYDVR0jBIHMMIHJgBTQLgEZ
+ASXjDGuY3I4RSU+t+SxxX6GBpaSBojCBnzELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMREwDwYDVQQKEwhzbzM2Lm5ldDERMA8G
+A1UECxMIc28zNi5uZXQxFDASBgNVBAMTC3NvMzYubmV0IENBMREwDwYDVQQpEwhz
+bzM2Lm5ldDEfMB0GCSqGSIb3DQEJARYQc3VwcG9ydEBzbzM2Lm5ldIIJAKuW4e7l
+OKjBMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAYBgNVHREEETAP
+gg1ja3VidS1nYXRld2F5MA0GCSqGSIb3DQEBCwUAA4ICAQAJG7ujOI9pCQoAs/NO
+q1Vmx9FhGVuhV94tMFgxCKlfx799Ke8mC1SYpmFNQtYSb09ZQGe+4BQhHu0N49Sa
+OMSi1MaUG8NupE4Tz3sMZh+z9esz2VAQAc3rYq4EOtIvFuTptrEfg7Uhbwxyh2AQ
+qIRm6BgpsMomXmO6JVkkQu+dXF5mPs5yriuk5r3xjT7cEPIb5BzZZm+NWNFtYOl1
+IdrdFEGH0vgYBducjX6L1AU9Oib9piotc0fdWXr/47K2WRxtwagMtNe7dWlUywV7
+Xb66o47x1gYrhSOWWamtuclx2TXNhtoL9hnTxIFcICIy+2poLBILCTcRgJyzDhZF
+inFj+2Sg87PB3nwz62enQPCYvWvUArxOUYAryydPAJcyUfOxMyu9w/INa32VXo+5
+ltFDWdaOOT39ElEvML/h1JtEZw6wwdUbWCgRS6KjaObOcG95nazuVHFn3WEcl5tb
+7dTsdiBgv+mOQqAX58o4feIMd+Vr58xNf7OEKosIbIr51WuwQ1nIimlOg8RCO9l0
+P6KsZlLkeWlsog8q50lgohQSI3MdMWXJCTiXr/pWjortDxz62mp8KJBk/+T/fCnP
+CnijJTMLm3MYWn4DFkr/3ewMyVdW0efh3xtIr82TBcsxkPcU7MMixks8/qPWJMum
+3HAbVTrkKSUMZQzeP4Nfn75hMA==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/so36/ckubu-gateway.key b/CKUBU/openvpn/client-confs/so36/ckubu-gateway.key
new file mode 100644
index 0000000..b777398
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/so36/ckubu-gateway.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDIv2zDkg3dgsOJ
+AF9bjzDqZew1cvYkBYGKzmQ6k/H//ZoxQ0lTwD5jtReBUOl/efm5OvL63+spXi/5
+yqrJB1YRWWpSQH0eIURl7v3js+cYmyW8MwW5tjnpCyB1UwHbeD0vveVQNc7WI7fZ
+4NRy1YvrF53e9lgoN9sq/A+3p7CnobayEJw5lqgoVNrghSBdHrdi4/MsvsW9itdX
+bBPAzVFIQEEXFXkcPQ7lZpxWJZAdaVy7pcVtFBDpR0f4UAmkZT3Jmouy0FqVGdi1
+6y54LunzjmyC1dYXfO7vZI47l46DN2PqSvlxXWf7MQ92wJ/n1vtLKxddvEbYhbWK
+w+dahyjvvRq/ZsudYYVy7gC7TZsDo4ievDBmZFqg8t1pSww5qtb6+59ugRj4hN3G
+zQcvDHfWkZ3ad9PnOsm+AnKRK4ZpQqKIxIWtCd7QleQWmY6Kp0Gi4ApvRDRrI70V
+bD5II5LRvjMRtb95zPgOXzuIj5BclJbUPaHaASzB3pH60uNn5TQZZX23MpDQ0DY1
+IHHWtDKqxeOdbLH4ttRLUhbcDrCfROdNH+1e++cZufex5f/hriMEolL7znnrfFiK
+uLaDiIIIapIlgK7V4nksweoh5Qiu3gppwS9c4ovmSyFXCr7Shjne4IrDWMjsByiq
+PxIn1VCue3XAs3QEA3PfYpTP10nuswIDAQABAoICAQCq510/Om6XcKXrUufb2RH5
+2/+2mUK39AAPHhryS9Ww7ESDQBeDN51l4Vw7eZjwL/XMHkWSE2Pu+gK6FDJFpvs9
+FfSQRdq+9e93IHoBir1pk1wS1xU+v8aZgiGGAL8KC1l79ZzuJoEKiaoR0XjMssTF
+xntewDbZNoReGe1/m0Gn1OLmwYFe/cX3YBZfIrckz+usQwhZxagu767Y/Gfssl9K
+tXk0n9FVmx29axgZtyzz/Sk3j69+Z6DmGQtKeUlcLdzmb64S85LKcRCv/6K2Kqp9
+8XisAkScBn6cS+1TCnoHd/aWFnI6cxz9Gw1hOihohfu2SN9Bq/Jcj6i4lIO37G2J
++ImYSi5lku22e5lpWPkecBcPVxS7epnRHG67x9Dm2E2uVbIvtmEKt70Dkt89aVaQ
+i6BujajwO4n4i/EOF/a3ZbWpNCHNsA2XOdSQtYKxQE8bREM7YZ8TzWMtiAftTxvX
+NXuiTt8y+WT6bfQEs7MkW9509EMGYnH8HCtBCI/BE1Tpk9P1kgZieuj9WnNJqeWk
+0gXKnKlStpf0EB5FRJelt+6xYbuGct096ro0VtXu4/+h3Az6PUXvQ65FYBCySLVc
+xUpdjZvzzSOM8aUDzs8BJlN8XUhaQNwlSluxn5tkh5hRtKJsmpF6PH3Ms9HqNC3b
+qjqwEfgaz0Vc9FxhWxNCgQKCAQEA+gMMFmFCNucF2hDoxd1XpxuTlU7DndHNpyb8
+bZiQiR/OqcB67hGRUFZCLlj2BvZj08za7kTucbEuEUgc/zAmsDQRJuA+oOREBRNY
+1k//vtROpEVPzwWgZqWF2BZQxlfcmOwAzUUc45Di6U6i3UtSbMdCLSRggB44bcBi
+dxLagxwgZDgXwY23OiQWm33EO6LhzOAcUu4eYxYJIXSXtzzGYSP9kRxxnBuW1Mr6
+ICyNXIJ7Yea1y/KErLzvwkuyGaNb5gvQ5gLFTAMr7Dgab8cHzrbHbg7nGO/t4Ydl
+K89Ynl2UFSNn6Z9bhRfc+0NMVO2fpIRwWA3cmblNe/79lMnW0wKCAQEAzY5QRZ7g
+AEWlIb0pwujZudVkuWK9MrPUDA4dsiTsGzT2lZw7I+DY31EKJjclTF4ZtYaCwzL6
+DLoGP1MrlzaYMBcOSZ7aPGbrRWAa4vh5xUUSu9POnfYoEmSx/Ekf2L4EPC22Rw3u
+yiXOONNPUgtfoYtGQMvB4exltya2P2spWmT/O4SffyA+GBGyJWdPwZCW3FoxX0Te
+plILfz08ObwFFhE21Yk/dQynCsLz1o2gBF3lbqRG6s57L1AYZWrRBdqxkiygDe7D
+XIzhU3FYf12IBLmL4Ax8GHGXkcNLcm0vndHX3LzeTCAsUWSIbs6Lma1qsnbG9jUs
+v1rgCnWtTIJcoQKCAQAZeLgBi7UoTM8+0Vw11IA6qUeW/ahWauqt7f3n2JRZNCFl
+EBQ2LxoD+lXRzQR73xx6lrNzdRhqAugzoIo7wZcfep6IvG4FDFyVu8vgQdRHh+/f
+MqSX7fXSn2iMhHGEU61I8zp9r13rHXbQ2E8lhqgGJyLp4HvocavEGsatZQFYPERc
+kY5yDNMvHEAlZWHZxZWFvwuDs3jrFXKmsu9GHu4DNZx+7Uvx4Km0Ul27a26Xjz+s
+0MmS1smHo9Q1kmq5y/fv7yJAXOXnAae28FxZKQj1mY+l+eS3mLI+uQGovf5EXDpb
+EPlkRvUXEUBVZRzgxjjulQOxJPBlxQhM6sTBJPM7AoIBAFaayz9J/N6geT6J0HqK
+WJFvUwy4iTY/heu+VsyjucaMvgey10f6h+Uu47POMCzIyNQuZBGR/MA38EHl7Mu8
++MnqLN7fytsAEcgdAbb3MXbn70irqLXs7F0zh7nfpUdQZ8BjEhVFzYHmA8j1XsoW
+eKg7YdITBxEE5KYR7V8y6y1muBJ/giOxlffWHNSdfoDzRlx4s6yL+7LfhnCJgEJi
+8VGm1w+Iz++k8Qwbr1iKOw0b8np3RFnRvRzmBiFUq9Rnm8EWhCjam/z2bkkVzE99
+PL2g30n6eJ5j3ZRQUA1Z62H285fRC2fPdlykmsb0xuRsqDOgz5sUNFI7G4HMqsM9
+eYECggEAEgTE3vFElm1lwohqD9ipJ4BiIxyO7WwKcE6cMDf0gL6j/W1mO8V5LNmE
+VZGICH0cfr/aNBczncT2GedAdUCyGYGM045tX+oR8jkHItzO0NqRV4owMH6EOOjB
+NybTZqW0ojA9eF3azqxyYmsLTO+jFQ2GkMKAGZ2gNgHCzHiF+oszBubiiMd08aBE
+chw0zyHJASJpH+o6CTMQ0soBgT01q7C7MmWD30lENdeFeZqDzd/tdSaDvAEZms4a
+OmAQ36dqC9d8naP/3LexNt3uJuSXRIBnTXROYs0SVzXhvy97ib72ikcjiWOSyr+w
+XSkDYBzAon2ExAAnOyVaHMd1Hjt9RA==
+-----END PRIVATE KEY-----
diff --git a/CKUBU/openvpn/client-confs/so36/client.conf b/CKUBU/openvpn/client-confs/so36/client.conf
new file mode 100644
index 0000000..caff19a
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/so36/client.conf
@@ -0,0 +1,138 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote 83.223.85.170 1195
+
+topology subnet
+
+#push "route 192.168.82.0 255.255.255.0"
+#route 192.168.82.0 255.255.255.0
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+# user nobody
+# group nogroup
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca /etc/openvpn/client-confs/so36/ca.crt
+cert /etc/openvpn/client-confs/so36/ckubu-gateway.crt
+key /etc/openvpn/client-confs/so36/ckubu-gateway.key
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+tls-auth /etc/openvpn/client-confs/so36/ta.key 1
+
+status   /var/log/openvpn/status-so36.log
+log   /var/log/openvpn/so36.log
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher x
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+pull
+
+#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
+#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh
+
diff --git a/CKUBU/openvpn/client-confs/so36/ta.key b/CKUBU/openvpn/client-confs/so36/ta.key
new file mode 100644
index 0000000..397d74f
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/so36/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+2123228b19ae0734476f0c93a174ce69
+6a45377c25c0be0eee565817c8a256cc
+a1c45878b98c45673289dce0f7d500e1
+bcb35e7a873de37f3e35ec8c5f831052
+359d725daa58bbebe00db87101e13241
+3166eb7e9e34c3e6dc204c45e17d4521
+d3ab157e9d991b992ed58855ddff1cfa
+3f4f7edaf8c093f427e8b6fc27f0d783
+d2c41272edcb23b8bcd9d0f9d298c6e9
+38cef17f95c56186513a6e066bfc788d
+14e56795ff0cd54da1726ded95e89b43
+465a368fa0621388fbda13598190071e
+81fb21d93c4864ae8d5754a05489f46b
+6a03f3e07455e9db47c9f94a6223c7b3
+27d969cfc9b2b1adacde7f374709a442
+a4626075275ed4a1e07461ca4d0df2d6
+-----END OpenVPN Static key V1-----
diff --git a/CKUBU/openvpn/client-confs/spr/client-gw-ckubu.conf b/CKUBU/openvpn/client-confs/spr/client-gw-ckubu.conf
new file mode 100644
index 0000000..bee6e20
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/spr/client-gw-ckubu.conf
@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-spr.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGzDCCBLSgAwIBAgIJAMzhic2M9z96MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwIBcNMTgwMzE4MTM1NDAzWhgPMjA1MDAzMTgxMzU0MDNaMIGeMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
+AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3Y3K
+UW+th51pqc+MttFyQNVQ+TwGUFptpoES5KIDqXifbqQfTLNUch1us+C0e6qt6B/t
+ZSotqwAqBgA9bT4ws02sMP2U7U0+sn+rxvb9H/6Q0H4KixfsyTTxqrstEphEE2aF
+eC9L3Z4QlJuafsuUWIxT9LW1KnaPV5CIDz/cJZIO/Xc7/TRyiO0ylgf6+br2zAFH
+Rm8Tnr1TDUm2ftB0ukG2wsmGhd/+lXPBrXWwC83NBYjFi0o9OZZmAUekyNWUTHQY
+UJ1fLJAPLdpoVuxbV0BK6HQdpRvj4KyMBt/kEcGMXSLuAr1/848wI1EI8AuFyaZV
+RQdnS6yHxZ4+Mi8YSdXEj+nb/SwBGxz9kmmVUQCTlPm/B4Y5I+3ivS9PxihpSwHo
+zJkr8tr+xwfnFXSXB3wPdYu9rD8KmY3/uDYy9iWLg0/xW6keL4luDCVNjltMjc0x
+03MOpv9cjN2eBwGyU2dHyyfDPSqSsQi9FZeWmgCzwJ0rL4WywDRc5paXbaWtzdqQ
+98gVox7lFbmQIE5VoFc4VTKEIY9D/cLdmZpWzPHOn3vPEc5eAFKb5qZv2IlN420Q
+CSCFJAb5orrIj9ALAIvFXfvTv5o7G+ZEvk4eMP39nK1ZXc6/cL7/IapPfy3/vUs0
+tEph6pRHP39bcH9pxVAA7WkTS5ZEUshA7NrUEwIDAQABo4IBBzCCAQMwHQYDVR0O
+BBYEFHHdskSE3v+RJciX4ZEOWD5SJZ+qMIHTBgNVHSMEgcswgciAFHHdskSE3v+R
+JciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
+IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQB1cA8o2Fo78xQ8jRdyfbvK
+GFH8+SMoOh/8qxj9prk0kLYAro5QnzEBmftHhf3sXevEAUWpr77VL1FxhTXgKUp2
+S06S/meC24M/KclxM+W/7AuG9yrJuW122l61OuWUcDWA24oj0KG896Mbw13ieeWS
+7XmC1YU5Lix3wiWnjD7QZ+E4dg09z722+zwUi1UwRekzJZmB8pTHHmbX4Yig/K27
+STnxQEiVZzlzcvjY6QvC3Sj/aA3YCSNl0bsSwH6GwXXJZ3BEKmm6w+ZRQMTz7+72
+q0ybGf43XH4sj2OBm1YvCD8LehygPy2uJYlDxG8zRq2kxYxiWLbncs1x9Acusd7l
+Te+k8YArRTqsWLN5Q47sGO4H1clz4ay80TTuz4Vc6JQ3banHDmMFV2nMsR2YtKX6
+lKD3lXvMU04ZvZe2SolP1uTto3Jw3cNarigj/nHjn5s16uvy6Q3x4TyVUqyAOqrG
+cuGrbYAEqtVnMrrovGZTj73HSwAx2PD+3jJKZH+suwBIijNL90wbkNlsNHlNcQeQ
+zQAlYRBdCYWFU+7d86kUWYYrActGZc2MJmBZzZ/Tt7YoOIw6NMnWcpMMTUV+zToP
+WWrD5OMDc7EX9BmMg7uif46UF6ol2puGXpQIF/yVRbFk1IiPwhc1ZyCuh+1ugh5+
+CZSTeKgLDVjfXlqH1ErAvQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODIyMTMwNloXDTM4MDMxODIyMTMwNlowgacxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BS
+LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANmowNDa
+f1Pz+ACS/w8DzUiRIu7i6yfteeWBnVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5D
+jqm1750YUPKVmJi7c+CNKkQt2kNa80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4
+rVKPwC0B2qolvH8lj1VXgt6ieRU6CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9
+DAB6Cr1t4MkawJ7h3mn17N3tmfDUqyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ5
+8rqNlBjssx24T2Kv/V72tvgv0Y88jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9M
+sExKswfEvGLgly+3EkMhPuEU9Jqi+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2
+sVwSWijStYRmf/LmYlS2Ts38MHAC0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FC
+DqVqTWhzJGkMsUowk4AyWrnKNsMfC4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMh
+GZus/VoPJudF5vp+5AkthAo/N5wPxIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O3
+1BWxJZ93n5Pv6uEPlBp1bh5oj69F2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF
++Pz68w/5B170pguuybyq8UQNJJhYMyo9L9nBAgMBAAGjggFqMIIBZjAJBgNVHRME
+AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
+dGUwHQYDVR0OBBYEFBNSxrpHA9HfrvuHjvuKZnTXkdN2MIHTBgNVHSMEgcswgciA
+FHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
+MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4G
+A1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM
+4YnNjPc/ejATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
+BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAEDGKiwnx2nlVB4VpK+H
+4fE6KYLjqGCpZLliRxXD2V/zLwXt63hYGMPUxUmqq+nnQAIzbReOf4/3avwuaoMc
+h8PGmbTdoZic5Qxu0FwN7f24eemYuEtC8R6jrLVHffuCmNX+n94T9Fw8dh5Z4BY9
+W3JHr62y5CkRE03VTWgiu4nRluknwyJFYFcj8p8h6kt9qIoSpcaOTfyrhUUgxu4n
+jECCw7ZjZbLvaWq4k5Sea9zBL/5p9phJVvgmZBfioMXKbYrg9MUunWxMDJ2+DRdL
+vV7wWwByHrMhfbZ71KPAeJF8MsXR6WHaHTzckqOh0l8O5BPzU07IJxhKh2HI2joa
+ZfEf5df99ARtH7yUi9qb2/OgqUe2uF/Z6MDUuuipoK95PACf8yvGGEprzqAEusoS
+kvXJAkTHBajNPZf3M909Wqy0C8rRVC06+y9AT1Toba3yTb2wUEOFQ4vwJK+Iwi3d
+16za6vzZArEgpij2me5RVblwVoSDlqbTTKN/obTOm3Vr2tBX1NCdVaQuwwWTcAmj
+zuMd+bluEOOnlBfATuLdnRdgZAA0LbtQAxOcpdUsxR6KxyXFqlo7wPefx7GJKeTa
+At0U50Jw76gTAwxTgdgyBuol998pZheyuFavjH9KmWY/q1N+WyOtPgF30VjbpDNf
+GXH8zFh56LyFtBxdpjuVSUEj
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsMy/MytYtzsCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM8bcaVcNffeBIIJUNOSqKmf153a
+NBjm25drvNrgo+bEd2kxywgcjqIyl/csUjkbx3WWANZZAdRIFgtM2mN6xiGPAzpB
+AMU+0FhbMeSC4aaoE6kbu0QREcHxgLemoA1+3c/VMfzTXJQ5xtr84pyBfj7lwYTh
+uOC8k5WYV0VCWWwj39TAAfF/eqIzfuN4L2ybSgQyHHyWQPvCgfEPMZi5lBcPtZT5
+OQgS30tFTgNOmz+wTex6uOJi0Qqo6MvH3rWv5rRwO17FZU6v+SLXcopvZfrO4WLN
+AMHzjIvvfwmO+7/ypLnVdBYCd+CpvBUwcEbPVqrddWhNgidlOkoQzVnK34wexRvm
+eDjmm8JbTHFQP8+DMEAODlMPNxMD1vCC/vM7bKMjCNYGjRwrxtL9Z8drp1wgzULJ
+8AY3J72+lL1yMQNoch0Niuda3RDBs68FeVvGaFmGCPlzDdfTlex0Pi+BFeuTao0Q
+7Y9zfcjyv+p4HxMg6YoIIQYOEogWO58GF1UL0zOJD81j4ihkT7HTWtOskw5E6Kfq
+WEWyW5Oe4xR0PZpHNrYVURNg6kIxEBwRFfskFofGac36tKJ2fJseESkuqvXLenNt
+Y0Epi/AxwEZa0E+G2ewNPNoBAIvRlOx0CBWWQKeCVaOgsOD0zyqYPsCGFWDl+2d5
+i8afGhTw/8oqhwNwr25tWhW1xKbMEGchycywGGQloGvquv7kchJb6lDADZtF1++v
+4wgRwtiBYOvkqXSLOpFiZinvmUMmqXD7PqG9yWF7XlnRV8JJ61RP2cuKCTXXCGfI
+dtzLnet/4lUV7S0Wd3g1US2iPz6LJ+ngOBQEbAqFvInBiZFyduPwQJo0yswDyJYd
+WNhmHumuFSSCdnAF6qVjuKhsNhftY5w+xww6RhAqst1idoVqYSt1LLODwKVQfIPs
+uctF108LBYPBGf5tEC5Z1KRpDQO41q3F91eTZTVEH8Su1pW7IbMGt8XTUVRJESbQ
+SYH5ELMdd+tb1ccD2fZZV3R6V7vI7ejAzOWdmjqaITtPGsFcMevc36YmJ18OQVBe
+mTZJjdx28sGrsoqCSvgc7ii0DFLWZrRs4WRrgoxQq/G0zKLuuGXhlEgVw9QhIfeo
+fMj1ebR0oElSimcqwPJYI/DDfhYZUA5Mx2Ewnfs1NS+CGoo+UcDKNHQRR3uEmP7T
+1Mhg+MQ3b6ssZ8uZQut1E6bALf9ipH5xkN6rgniJsBL3lzvkN+/5XiE5qz16bmkN
+gpF1+8G0/pjDi7a0Fw602ffdD1XAfcV6SMobDgTyMmjybgZHzf6cFy9gKrRa6WV0
+do4Oc+uv0Nmj6wrAYO4s/nuJnpeTY0wbuHJgcYnTmUX15kIw+bPJ2UIGjyS8QpkF
+evX8XeN48U9mknoQv1OfC6+kE6jgqQiDzigy9nSHFc4kIQWsihO6NKDEia11RWCn
+QN3t8sHDNZdFY3dy7nnQRIhFNEy6InjLnUbfhuzgZVaVoaqULH8EmoE78z25zi0H
+Xt6P+hkW8zZthYHsucVvyiNqZmIb50MK/5VHuORXsepWD9hX/rEyFxsv71AyBl9x
+TSHjk4cgBqVh3uRH8NxNNvWnx7Th03Zk4/2dzNUc5taj3WX2jCH1vaKBMI1BBHJD
+QWNIrwCExUOIAbYJLGkyihnTv4PCRlZrYQtMyx0laxYRdWR6lsIk83jcMWkWfhPf
+YbYd/XIIR+hOFrUIM28Y2TTPHpJhbuORP7z18o2heUV0ZD3LdMi27/JtsSZHlbOu
+nqdP9reWG8Kx6mjEdSFe5hTD0VmZ3Yks1jGp3QBcxQivAbLoXsP5VOMOPr7zXmb1
+m9uWqtC+/1L6lAg5iH0YNyvrmRL02uzMiEXBQQDx0CYqcWJY+hwaXU6MnSyUMH7F
+H7wAW2cqq1XCBVFWUIPI6P63LUlgewzmseaAGgD7tfbGSsx7BwseMXUwtdOYt+Rp
+H8/3QeLLAfgD2Kl7Mv8F8l+KsBRNpaSJVYCqYH5ogzjRiuwDwsOmRdHKRh+r825g
+fAJsI3grgZOd7poDQSisRZKOAF/ytTclreostJGfwLEE7IpUA/R7yLPCTI/mdPwT
+4zRZ2N0fovkApA6hvhIpnhaA5XXuY7gmN8E0tgokZ7NsiL0JgFUFevEwzvZhlCJI
+7edh2kPl379+bT1lgy37Z0V8ntU0S3I/g+6RsepDuWtCGsW434Z+iAAv7aKPJz0H
+UqNHS4vElG8tQKBkO+qWRdC19hmM5itQoy/nD935hyZgRBZKFTmO3kNPPyvHVTdJ
+hYTN/WAuXAMrP5HvkMv4AXZLQSk/YJCcJsPN5p8Kd40oEuwMumI8HCwXlSnpHnro
+prdZrrCCUQ2232zCw5qQ4KZl7i5LB8AkLmNXtMUscHf6Nge3GSTILFaKoFYrDPF5
+P6u21fO1R2HcA+b7xKzK6ecpPZA25ggxPMqvRwCnT/gueVSXjOIhd3f2pEs3yVWM
+W0HenWuiWcbryuzcPAJytianU1KqtrEYhqFTxcdJAYa4xvFbCtGrmVuJ8NRomSg3
+BdL8lOfdYxE5R8VYfVxw2jcLiK4o2Bqjt17kHTzzP95E8Eybkzgo5vycmMedOBsn
+rBOUJXYFSo6hONNiMR1vlIxNi2Tdo9w5wKHUerVdXhVSLgvC7SeJeArN6+To+MVR
+n73jBAA48VcA8d5miDNnfwEDguP/Fg3+vo9VAWccR3lq9tHT1GkNyz0gyYLxmwoV
+2w+QkNYM2SzbrsDJ0GEN7s8gEkeQHuwcXHsdyJnLJQJsTrZaaHDd65BMXseE9dwu
+Lgf0zuiq2DCDTJEvabd9siS7wDOxJAKzd3atP1O4ylnzSHgvi7DNQJ8Xeu8FF43L
+Sn6KmWhdtfIhL3uNAvI2/6434qWKU4WE5Ro/TjI4uMxmfkTTQPmffJTGnH9nYJjJ
+aURTTNSKQGbeyBS9KEUjSyQAAXBaDka4zP93eOi66aeUNaMcod1aKLo9r1LpjVqe
+3qLBy7cCP56qaMTJChhwhYWtwyu5AqX2fk4LRAOrm7olFNlbJ/QMYEahztZzFuiO
+hCCGNebRqk7IYmXnvoA1gJ7VJEov1QYeLX9xnZqF+qwHzs29pNZwADtvBlWn+MT4
+yCy2JxLwIwfVuMsJWRzvHcpeOzmgtDIgUkqGzpjPB5bdtbr7GFbFkpms29DmGLtT
+Ujfylfy4W1TZtS1ryCsskAiOrTpXH0G7
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+50c09d4cd2d32cbfadcc9ebff8e624d2
+f7a5730ff6b708aad8a6bb14b3a7619d
+e32764bbe875f11ce46213a35500cc2c
+fd0b6bf2e7b8cc2392a478ad7f4e7c7a
+3fbe2e50a781ea9a4fd83cfaf64725db
+98b4740b145e2d948b3b09975866c03b
+a268f82e767fa2517b469ec3e563d321
+8156f8f192f75bf8385697aeed6b9f33
+fd74e02426437c42dc7a85afd828012a
+911e7d8e837249d33a4209dbd0a2c017
+c0ee31207a0e5ba05e736fa1c9af1cbb
+0b39dab31939eb37df367d1eccf61ff3
+28135f42ba70344179186cdd0cac5058
+9cb4bac7dd08436d1efbd452b72416e8
+59bc9118c2c6aba6107faca0604d947f
+ff8569318b234e4ddbb68189b1504969
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/CKUBU/openvpn/client-confs/wf.bak/ca.crt b/CKUBU/openvpn/client-confs/wf.bak/ca.crt
new file mode 100644
index 0000000..2eda70a
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/wf.bak/ca.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqzCCAxSgAwIBAgIJAIlzPeW78XsvMA0GCSqGSIb3DQEBBQUAMIGWMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xEjAQBgNV
+BAoTCXdhcmVuZm9ybTEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczESMBAGA1UE
+AxMJV0YtVnBuLWNhMSIwIAYJKoZIhvcNAQkBFhNhZG1pbkB3YXJlbmZvcm0ubmV0
+MB4XDTA4MDUxOTE1NDA1N1oXDTE4MDUxNzE1NDA1N1owgZYxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjESMBAGA1UEChMJd2Fy
+ZW5mb3JtMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRIwEAYDVQQDEwlXRi1W
+cG4tY2ExIjAgBgkqhkiG9w0BCQEWE2FkbWluQHdhcmVuZm9ybS5uZXQwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBANuLDmTY+5mYLbm9Pml3RwzxtTJ2NiLzAocR
+sfxqux6P0ns1qCXOYmrdP8/+iCvZqw432htmyV+lSFdwh8lRe/hzklpr0Eq7PRVa
++D7Y4zlFtrz3j2w7WbYVUdSjC1/nQC0RiUbR6LdL389rnAeN/EOCCPOmilikLXSu
+wtMXFbr7AgMBAAGjgf4wgfswHQYDVR0OBBYEFBL216mxa4JrWCNvx4pPQRJOcTeE
+MIHLBgNVHSMEgcMwgcCAFBL216mxa4JrWCNvx4pPQRJOcTeEoYGcpIGZMIGWMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xEjAQ
+BgNVBAoTCXdhcmVuZm9ybTEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczESMBAG
+A1UEAxMJV0YtVnBuLWNhMSIwIAYJKoZIhvcNAQkBFhNhZG1pbkB3YXJlbmZvcm0u
+bmV0ggkAiXM95bvxey8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQC9
+FU3NZa7dpiLVvvUQ7jWbl0LDI97jP8ScAzc/JWTrh5Pa45Fae28BQkU2NmelyL0T
+yMVy/9UdpdU0H3RpOAfd02z1thxZqr3wR5rEURzwR6uYmdwHyPNYfMhdmXVIfXcp
+pLHN2t3YBwKP5UCgULPDO8n7rVzYBs3MtfaCiQgXrQ==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/wf.bak/client.conf b/CKUBU/openvpn/client-confs/wf.bak/client.conf
new file mode 100644
index 0000000..f527707
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/wf.bak/client.conf
@@ -0,0 +1,137 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote wf.oopen.de 1195
+
+topology subnet
+
+#push "route 192.168.82.0 255.255.255.0"
+#route 192.168.82.0 255.255.255.0
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+# user nobody
+# group nogroup
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+ca /etc/openvpn/client-confs/wf/ca.crt
+cert /etc/openvpn/client-confs/wf/gw-ckubu.crt
+key /etc/openvpn/client-confs/wf/gw-ckubu.key
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+tls-auth /etc/openvpn/client-confs/wf/ta.key 1
+
+status   /var/log/openvpn/status-wf.log
+log   /var/log/openvpn/wf.log
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher x
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+pull
+
+#up /etc/openvpn/client-confs/anw-km/openvpn-up.sh
+#down /etc/openvpn/client-confs/anw-km/openvpn-down.sh
+
diff --git a/CKUBU/openvpn/client-confs/wf.bak/gw-ckubu.crt b/CKUBU/openvpn/client-confs/wf.bak/gw-ckubu.crt
new file mode 100644
index 0000000..3664025
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/wf.bak/gw-ckubu.crt
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 16 (0x10)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=warenform, OU=network services, CN=WF-Vpn-ca/emailAddress=admin@warenform.net
+        Validity
+            Not Before: Sep 24 01:00:16 2013 GMT
+            Not After : Sep 22 01:00:16 2023 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=warenform, OU=network services, CN=WF-Vpn-gw-ckubu/name=VPN Warenform/emailAddress=admin@warenform.net
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d2:b6:81:f7:48:97:39:5f:c3:c5:c4:9f:54:95:
+                    34:65:2b:4d:5c:02:bb:4a:34:3e:36:d2:7e:b3:d0:
+                    74:6d:6b:ea:c7:a3:73:1c:a8:0b:78:fc:cc:13:d2:
+                    a0:a3:38:ea:f8:9a:b0:6c:fe:51:32:aa:39:77:f5:
+                    26:27:a4:de:79:bb:4c:3b:1b:48:86:90:a2:13:6e:
+                    b1:44:20:c0:73:98:e1:c7:eb:de:5b:75:20:e5:66:
+                    9f:30:f3:c2:53:be:f8:2f:c5:23:5e:71:f2:34:37:
+                    44:65:7b:a0:9a:23:3c:ba:96:5d:83:e3:f3:da:3d:
+                    72:aa:fc:f0:59:7c:23:2b:c5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                EB:59:09:B5:2B:F3:62:60:75:4F:71:74:AF:9D:6F:C4:02:DC:D2:2C
+            X509v3 Authority Key Identifier: 
+                keyid:12:F6:D7:A9:B1:6B:82:6B:58:23:6F:C7:8A:4F:41:12:4E:71:37:84
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=warenform/OU=network services/CN=WF-Vpn-ca/emailAddress=admin@warenform.net
+                serial:89:73:3D:E5:BB:F1:7B:2F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        b9:18:88:3c:c7:d0:11:e5:a2:f9:01:2c:6d:52:38:a4:10:bd:
+        c0:da:ba:9e:5c:72:4a:2e:11:80:4c:a6:95:13:2c:f3:bc:d9:
+        31:06:a3:0f:78:7e:a7:06:03:17:56:8c:c0:f2:45:7d:33:19:
+        5a:85:e1:b0:7c:37:c1:a4:08:e1:4e:be:57:cd:2a:d9:95:34:
+        26:ea:88:ab:b1:09:c7:29:6d:3e:0b:36:a7:37:be:78:17:22:
+        8c:c1:64:38:55:6c:69:07:af:9e:f2:07:1f:ba:57:66:60:21:
+        85:9b:59:71:df:34:8c:03:38:b5:0a:8f:77:67:2a:2a:0b:d4:
+        9c:76
+-----BEGIN CERTIFICATE-----
+MIIEETCCA3qgAwIBAgIBEDANBgkqhkiG9w0BAQUFADCBljELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMRIwEAYDVQQKEwl3YXJl
+bmZvcm0xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEjAQBgNVBAMTCVdGLVZw
+bi1jYTEiMCAGCSqGSIb3DQEJARYTYWRtaW5Ad2FyZW5mb3JtLm5ldDAeFw0xMzA5
+MjQwMTAwMTZaFw0yMzA5MjIwMTAwMTZaMIG0MQswCQYDVQQGEwJERTEPMA0GA1UE
+CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xEjAQBgNVBAoTCXdhcmVuZm9ybTEZ
+MBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEYMBYGA1UEAxMPV0YtVnBuLWd3LWNr
+dWJ1MRYwFAYDVQQpEw1WUE4gV2FyZW5mb3JtMSIwIAYJKoZIhvcNAQkBFhNhZG1p
+bkB3YXJlbmZvcm0ubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDStoH3
+SJc5X8PFxJ9UlTRlK01cArtKND420n6z0HRta+rHo3McqAt4/MwT0qCjOOr4mrBs
+/lEyqjl39SYnpN55u0w7G0iGkKITbrFEIMBzmOHH695bdSDlZp8w88JTvvgvxSNe
+cfI0N0Rle6CaIzy6ll2D4/PaPXKq/PBZfCMrxQIDAQABo4IBTTCCAUkwCQYDVR0T
+BAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBTrWQm1K/NiYHVPcXSvnW/EAtzSLDCBywYDVR0jBIHDMIHA
+gBQS9tepsWuCa1gjb8eKT0ESTnE3hKGBnKSBmTCBljELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMRIwEAYDVQQKEwl3YXJlbmZv
+cm0xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEjAQBgNVBAMTCVdGLVZwbi1j
+YTEiMCAGCSqGSIb3DQEJARYTYWRtaW5Ad2FyZW5mb3JtLm5ldIIJAIlzPeW78Xsv
+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQUF
+AAOBgQC5GIg8x9AR5aL5ASxtUjikEL3A2rqeXHJKLhGATKaVEyzzvNkxBqMPeH6n
+BgMXVozA8kV9MxlaheGwfDfBpAjhTr5XzSrZlTQm6oirsQnHKW0+CzanN754FyKM
+wWQ4VWxpB6+e8gcfuldmYCGFm1lx3zSMAzi1Co93ZyoqC9Scdg==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/client-confs/wf.bak/gw-ckubu.key b/CKUBU/openvpn/client-confs/wf.bak/gw-ckubu.key
new file mode 100644
index 0000000..6acaee5
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/wf.bak/gw-ckubu.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,37AB2C6A648F9B51
+
+//7pxmUNAeKIEUpYC68megc6A52uE+0wYP+R6Wgr+LlZo9OMmgloxVCB4UBbh5dG
+yhQm14DDwr0Wwsx/TCT44PvUM6At4londgCScVLf5oG6G3zMiXAwDvW2Y5f3Q9Ur
+8h1VV4jtmuFnah+IwLixkdJ8RK7BuBgUk0w8ifDFRUKRA5vmAjI5cw75JHl3HLsM
+Cdcx2+utLB84iDSox0GADkCqZpdiMpxpfin4qzec6IrZtyf3wG7mZpbPTLjOhWcP
+JpYFegM0VzAjaaPV1e9MB1MDFK5D0hiwiN0FQuJN0AP88cNrOIx8qYoDAjEbnuFz
+egarxVZuO9qrjU/ZwkTU/5MRG2g5cB/0z35r6lA02jLQQRLYovq/5BxFpSpU4dMO
+gJ6DUthCwh27LUKI4vwZ9r3tHTsVntylCE0T+5MKcbjZcdIcfTd/G6MvR8u66M8K
+PG7tuXQJ1+/ibqMKP/C7bRCOojVf336J2Qf2phIXtnfq5b+OrlURr72E2X5/P7KD
+Pl+aI48IngqQ8t1YYlXoPWg2A+w7/wHI8CmT2lEy5Vi/U/yeP/fHRIQTQdOCoPdV
+pwtmQDC67W347RHHvxebSMHJFQhJJxR6oJeNho5yAJ7FqOcyUb9kNTaVujQ3BYhu
+4RZ+D0/N/2V7IZ0hh+WtWw68DbP0WaPGxipYZXkk5sbTjnGs1OmFfbwIJ0QTu/8J
+SRl4EWCkzm1ourCYzWLQmRfkcYsJ2btnh1WNz7J+N98cO9lR6mJagQU2gZvcL3PH
+XmrtVsUlfkoVQpxKjqg1y9slUn0bnGd3nDghYsSt9zSxVYSPjmI9SA==
+-----END RSA PRIVATE KEY-----
diff --git a/CKUBU/openvpn/client-confs/wf.bak/ta.key b/CKUBU/openvpn/client-confs/wf.bak/ta.key
new file mode 100644
index 0000000..1ed0965
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/wf.bak/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+487f0b0b91c11fc48fd4ff982521d467
+203219c102195d26fc58585619060699
+1891b99c2d6d314ba08a35256c901e1b
+a916cf8c9e9b43f2219d66cba4cf9bd9
+843e45c6bb28224cd4a69fe863d45d05
+b1260969b01939384a4ac77d7ef8be24
+6eca30bd6e7c2f493d0bb798becab038
+5525e0f54c3cac4a2886ee7a6350a182
+733528cdcf7d84959209e73339c235d3
+0bf58b8509dca56278b6289b94b45585
+4d734f7c553c047f06a7fc60b19c2ac4
+2e7b82683114377d003be670fe2f52d8
+6a075c16de4301fc2ce65cb8fee4d6b0
+d23938abfaaf35456b3784719528b35b
+2b864497880d3a92540a8698d10d9299
+edf5e74ba8378ca58a90909c5aedf05e
+-----END OpenVPN Static key V1-----
diff --git a/CKUBU/openvpn/client-confs/wf/client-gw-ckubu.conf b/CKUBU/openvpn/client-confs/wf/client-gw-ckubu.conf
new file mode 100644
index 0000000..42e696b
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/wf/client-gw-ckubu.conf
@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote wf.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGxjCCBK6gAwIBAgIJANI5OJTs0bx/MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMCAXDTE4MDUwNDIyMDQzNVoYDzIwNTAwNTA0MjIwNDM1WjCBnDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
+BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+Qg+M2wuVE
+xG3mDM6abF2wyU7bVeIVgbdU3L+aleso8IyCwyZS3JTWafR2HzHGBIRvmmxNVehs
+EAM8AtkxMqKSGTv3HgnaHy6XSNlMqmO78rCUifFs24Uw2vbnbrytxEGGr7aFVaiy
+f+nZ6uc+KT4sJzzxc4UV3BxH6aBt/itNCrx/mPrQ6JBsH1U0pJp8O35UNmgPxRTW
+A96LMxvupC4K5MWCK/ZMgJ+zaKuHY2Zn09vmxIOEkzGY0MSQynLaIa/W6TLlGXpn
+UKRArd098gS6IF3TNLeTHKwwEMdQREguL+C3I4m9a9uCFs9AUGmKx93prRG38RL7
+TrdJTG5J2642xBQae/M4NjjPZ8yiNKMiO5CM6RiINtC3NykwlR+74LmDz0wxvxoz
+zsNdpYKH9eaqE7xmRhpXPYc41oCT7QOg8kh1k11dx7awx1edD+5MBklyr23yph7I
+p4j2aA2Ce4PKgH9p4pPNDuMI7o6AFpQZC/YaKO315PIvkGbI2FPvkD6WAFo6ol4K
+P4Qs8l3dek6cqys5tkq5G1vh61P33hnRqIOlDjZ/03gtsZKjndY+WSR+ilcTb+dP
+I2dYXqX+Cy6xY4bHVxpHg7MXYDZoXtVnjLcC5EviwiShqDBReH1CFCfDlleWjkob
+vlLjvCO19SEzHWK7lAUvSuOk+XFlPwgRAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
+0PJ0ICpJa0iXvNFbAFu9khFc+mkwgdEGA1UdIwSByTCBxoAU0PJ0ICpJa0iXvNFb
+AFu9khFc+mmhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDSOTiU7NG8fzAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQA1PlBb6rHJnwpZwfY0Uvb1CVbCuVF2
+4C54AMdWKTORs8U9fVKTwVxzV+aeHiEztxOoKLhIq8EN3+0HkDdXBKHagHXjzEoe
+h91n/5nfc9IqR4WVO9AqFaqiIQmSOFqtryoG8ZgHtAz65YCGruG3BS95IIooeXQW
+r1sH3L/2rb0ea11zP3CtBy2pKlHiu6289JiLyObKFaQFu7PCJzWARV4pIJf1XgZl
+qk2YundPpKxtxHUhe0UObYFrcgo1ccBnKEsEcMANk7nz27QXML1dSSRMFc/AInpJ
+EMrInTaGI5rGusgbGrPSVAnuLMkmDdNE6r6l4L9cd5m867CUfp89m4BCU8Cjv+UP
+5bnBU9DgUqMs0jlOqbfy27FOsPXBhsyR4QdddJCAg+yYuYdBgVo8XRZiSPYTi55G
+M29n92ma9HVU95WA4cR9d3IlgNk40RhgAVMcGAOgk/sQFfp43DssBtcY5wweva7B
+a9M34o0f4HslXDm6xV8y9P+zcScbs9B9WXE+2HvMwVTrXnM/EhpyL0MlZ5NXcHld
+cBqNwRu84Rw2iw54sQDb8R0a3NJ3ZxHbQG8crgUD80xgZe1ds9k6YoCr4c4wh7SP
+ru1i2v9bdCskC/vsGOR7BNUvVfJFcfk6PcqynHjvGgz8tWWdEkbRA29UZM0paAwZ
+Ic3ZiGwAJvoitQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTQyMzFaFw0zODA1MDUwOTQyMzFaMIGlMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVdGLWd3
+LWNrdWJ1MQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAspSsnUm1LQ7b
+8RkbTcnOZbkY5nrCxuUS48TTR5xldAqAIE4dcBiOt4bk4Owq+Ga/ahSPRE4bzWGg
+sxMPAOwrTQbIzTTSa+hE88yb/Yex+ajFF3l5P8UFDnuhsktYKTO5gmm/s7ylUXkD
+229PVWJSZPDkoyCk6X9dePIr1Y5bp9hVsu+kAbgv+hqDKVs2t9SEz9sR1D3bPBSo
+Qq922A+uAB8TuMO7+Qa56SN3TNeppDbZ8sMJDACo4n6kuGiiwGKwQisuClWc4Ztk
+lyxRyk4nX3tazoZ5/HhnWAVIyDtKJLoGTtuJQPTrg6u73L8dZ/Xdzs44JtcVgFyX
+c/tYfpa0qwOaEjY4eIZbR8fnE1aDVKOxpF6+dT687g2ejZnk7xat7nQ1xO0dOpuU
+nGcHoj6xS/qelJdREhoSmBcM+s47AcChvLQcnYxoMUttGa1IwMQ+JLKAkoe6SxY5
+O/RFc7ikFtxqTjoYhEaeOEdpylddkls2GgY+zhr19Q7fQG4GJAzcaX8kZNW9lCsL
+bnVNKs0NPqSzlH1V8fRW8qbGLBYo4psmv9ZSVz4uSvjeiztxDXacrn/mk6QaCsBU
+iGL5W10SMVzdoCDhZaXLpbav3TqSdO8McJgOrRw4oj6ub4FeRD1PjLfLUJNT4yQU
+xaM4cJrrOREcZrZ/QzFb50A5wPj3XmECAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
+LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUC1o/4VMVvM1Vd/5aZ/6VotQG7/IwgdEGA1UdIwSByTCBxoAU0PJ0
+ICpJa0iXvNFbAFu9khFc+mmhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkT
+BlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDSOTiU7NG8
+fzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
+Z3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAF5Lkr5dmfn07fwGHbjBYQcGapqI
+r4GEBG9E52PFBL432FLlaLy9HrpQfIj+6aCpO6/M7u5GSQH9/2Bo1COQDenWVJdD
+4oAkCcuBFwY2xIMMF4RkWXKrKEVCc+hZsgHl5/ZFKQdx/XYLrJc4s+ZUFgiESfmX
+NpP9d2T5kB/SuxxXIP+1wVe7sbKMsa2VZDTe1KI7c1xgb5Z+azGmED3MyfLf+jS2
+jOPhJZAxpiGhBC8SvTzmaysGkakAEBzgIuPz3a6rKn3lPFKNp1zoALGVRMwkRYdu
+ufdoBlwGq9Vt6WKlih9XFBcuFbKLH20ZG9oPrElMnkMdDucoQZ6hx6WNdvVs5TNb
++kaDaWu4dQqr4VrY1Xx96VctvvkbLT9BWzFBMlOAXJi4Ndox+P9W0z9oq++bOVpN
+7H9qrdIG83tN7El4elemvXeyHfq+4vVgrPvLJ3blhuoZKONauXu/0D3Vt3mB2Gv2
+JL2oYFMa7reU+IYBZ6HzR0AOTmy/9emA6h5jf27WSWY9JYzvflzIRg6i9eH/goDs
+vAYjExeG8UelahsS2XhVhnYzimigBfPE2CkBXCTX9KnEumF/Tk6kb7u9Pqs7Sw+u
+w9dpCWspa9+H75kl/I5k52mJpxg0tbG3GP65DpwnGtIYvTFs0DSywlh/5hnoN5Go
+Ww26mZRoHwHAtAHo
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI59wBCS9KufACAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMafpEYThPSNBIIJSMfS/Nhh6rKg
+wYowIdjqeXtALfdMjYM1VPFesantrtCGxxZgyvGhT8GJylJvyKlHpaGKXnqib9k9
+vtmLEwgte4gfKQ4DfBLKSx59tMWOubFkP0UipolhJeksCzyq8Jz+vqITr8ZIHm3F
++Rw6Vmf/tH6+tl4E+K9RsC6y9DV+3LT8nApLJw1jFCOPTYJ4MGMXyacrQ0s6uluB
+vL0T47A9OVemH9dAJhxIeYXP6oNM5/bbMe7ipAQDmwzAU4YGn3VR7hRdFjhcsw9G
+3MiQQc3/vBKYmIwDKdRhkNr6BWU6kj00aHShchQQB3igc/C0T+OdYjbV395+AoeW
+N2elVKmVR+jPmQCngb4adE13PqzAil29SMNGCYUmrr6w9beof1lkNgaPGMlizSrj
+dyViCIfyKUZIyHoTM2tkWZnvwvTAiLnq/KLb3xeFEz1P52dXNa+iaaT+2/CMJK8y
+/K3tI3LelE4GlJ0pqPeBbgPdJtDjti5eLAzlpVt36FXYIauNHPqdudD2gkU1uyQ+
+UczS0aiHp/HyR35OhOtjTq9WjL6rNcQydYxKZkQS6SftqC9B3ulG6miI1qykoQRt
+7mCOE4hdRLb4qU7ZbuLh3ysX90FgSaCTRkn/WLLRdXL9rnp18/i1o628449p+sCQ
+1Y1BaMSiwBKHu5kvFCUiZ/9gS71rZvz2fWYvZult9hM9++XXwGjmaQFTO/O/YAKA
+PMnsS7XZZLF8kvWp7kXU94ws+Bozhbfd3Owpktr7oe5pnUz3JoIuZZN7kq99u8+c
+0n9hIBrMKcMWbyDOVwlNJ8GvR8QkEcXwzfNjEqawHpjZ4I3FV+nyVuCOt0Ap7ic3
+GqEkpfUQavLyxxYanchf04/obbiW63+r2LbLeouvk44LjOdjP1cD9Q72jdEfYTeS
+bnqeqA7LtNJ334SsetLyfPpf5StF59HGAlOLRQ5zCM2UW8HPGK+BRn5FWw6lfp9x
+8wCIYs8QDzq8PwRNpi5z1YgXGM0GV15uk4JRPphSD0GdB4bDjIufhG1WzAMgHd3K
+99ppEmtguBXQwjt3KnRed+sjbhnPEsdfAKlvGhtHgMlxa9Pt+4HY6BapcVrcpE1U
+yx72S3BrWgY1b+4E6DEkAZurGcqNeBf+3kXzQb/bgZ089oSkcULayx3qMv9I8pWk
+SQ/KiWz0w7LhPcxOHtyLEjn1z/FMnc/H+HYL7nVLHvPQI1QqN6QVDBXMnzWe/LYm
+pRlKnFXL8DSQ+U3Y32CsCGmRFoHnC5IOJ9AyLcH8Cf1mGHtq2AUR6A+5fnDnzs4W
+wneYMYE+chjoEBhyrbhaBmzMsZn1EQeRSWnKFUv380OeBTQvA6UEX2NbYe96Sm8/
+5vym3c9js8SioBiM5nT1IO5w3ySjnaF3UmUldlk3JUCOey7HiuCXBGNiDq06laPX
+Gy3cAy9zasaPdsPaPcOjNyHurSp23qXua446IyBZTdzQewE5AcfQMyJIwzuck/oq
+UDZvHZUbiqcaWtEcquyLRSQPSRj8zAN0+VJoO88ptfC423ye3SV/bsIJV/dlys0W
+NqkfK4e7sqXlbESlxMfhTqKHD0JgC/mvlfWcQi7zQ3KTjWQGKGgkZgPe5YKa9XNy
+r1iA0sVKrvJcFWNb64wXUN5KKP+7j+jnkLdsQKrDDrQcdkFZI3TTjB61We8xG4EK
+vEkhpxf3DG6QOYpC5xpKGKIKDvb3PlxDw2zLoRghlLOYcrzrCKCRpykVdPa2/WtY
+ImvtspFedb1erVuObp7KJtfhnKsiT6D2QXX1YceYwmC+6tbpdyi1/SsnwOnP1vyD
+2Kt+l10ISuDIE50NtEmwWjluSHenQXwgkM57YrYi2cwOB8tPxUiFevpFcQpErVyd
+7Ocgd7n+NEM0Wk2+9Ap8+uAqIGnwy1og41/EzpaSybhMHhI4W8o7ocTIU+P4o3+5
+Lpq67MLebA0nJ2UFK0/CsJFH0mqL+MyYbON5T7IimS5f+dxBTX80zZeyIcV/uf4d
+w5T79/5ltjQ61MYS6nxnuEFVsO+S4iQZPV8lyszucRXhK9czJ7DULvbOcUqFgVU/
+wkkmIeGRiqntohas7mLzl/GIExt6e/yK40jTbIq0wGt2fXncVZ9yLn5Piap0kjTn
+SrDcvBHR2yOjvt/hSiIhB/8Stxfspc+a0gPMWzaFzw5IFxzihA6FI+wnRmLTAIY3
+niq6ORveC/9iZLe0tJ6AAG4vw6oDi9wQPqdqMfwcmiFDqT+lpNd0aWOpTvTnVt07
+ibNVRV7H1DRomeUodkwcnvlONBWyt30WOE46C6zRGnIpfKO8NSUG5CTJd3YKUo2b
+wqSd2N/jhQ5is+vHIxqhHl53p3DvO/OMSb9vYtBoUlHUhxU+4dJa3T1qibKtHXHa
+2gsG64/AFt2OQqq9KS9Zi8Hc2MyI3tPeAy4xMctYM2b1fjE9UHWRfbcVZTOPWbz8
+PWfvyNwc4c8pqeojmMaMyUPYMsoM+yhj8tHRpoTNUSZx2I9VrhrAMQQt5HIThY0n
+/MSWjaWOH1CPbgIyJaBY8WLL1Kz/QsAPV7PgeG5YJVvuqM0uo+iDhf4fHXR4TYqS
+baeXV8sXQg+6WDmBESsPOGpL7jMRg0Ay6HHnAmZHWWC+9J4trVerJct621A26y9V
+3Bh2r1zbL8dkC3WHvBu1uVlWam1z4Qj+sS66HCDlPWsgQZzBOX3JPRn7IUjCFzWM
+q0wZPSNO1outCFEs/uW8nelWr3EOeYBtpJZU81rXSYHvDa0mWZCroabNcgDiHbcj
+DwhtAewmLeJhYUPUkU7SoqZLJy/RRymEO1vaNutQtm61vlbnAatcM6y1v51/vLRl
+xe5fpp9/EZGXMfnjgKApAO0WFYPk6FhZydm4KrXTQueLS63GGCuSmaAVP3aLWt06
+qn5FfIqupymn8xqNkmToUhE4559j7Z+//tvvdNppsD1YY6x6S0NfWreGhArL0uYu
+er9iXtrbb0QCitzXdWh90+CEFvENzeYOqE1T4C7pq1Nhoqu6qCzFk63TPBBhlFm9
+R002jRL/UcjqDy7L4L4hE6TCQqlnVuPl1Ru8uCpRAUARPbmWNBVi+yUeGTh3YFOa
+yPuYDrvQEjzXl16q+U/5MNQ4S0MZzEDtjMYKqLyGsVh503jKO6XH3UmMAFlrWf7J
+1xr8RI04RwGrFDkPkuw1dQ==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+3e5606d9c9b42920092f825f6a23844f
+2f37246d81d815ac43de66f4ecfd7237
+5c7a90624fce693c8b98330f067e3fb0
+3a7e09895d73d7567f1054b54882d4c6
+72b6d4b075c817d6304a2928a03af610
+89090caccd14025b83683285228bb280
+8255101ec75398ec183f14d3ecb45fe7
+e26e6fdb81e7d5ac8a81965acd7094a5
+5b99d8b392a9998f7468e553a049c539
+876925b61b9fc07ebeefad3f672e6baa
+538e516961f37ca0e09666cdd6f67d37
+89a39089fed07e8755a410b86ca40061
+cdb81e6fa11b17b2b5dd74eca1447aa8
+b2611b543751b2d53fc79fddbc26f91f
+4d9ded064e9ea85b882475aa965950d0
+7ee0cd2ce141eb6678d23a7bfa832536
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/CKUBU/openvpn/client-confs/wipe.so36.net/as250oob.key b/CKUBU/openvpn/client-confs/wipe.so36.net/as250oob.key
new file mode 100644
index 0000000..87adb2c
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/wipe.so36.net/as250oob.key
@@ -0,0 +1,18 @@
+-----BEGIN OpenVPN Static key V1-----
+c9434047b9f0191c50a8a49a81a2cb22
+4c0a197ae768f6f9754b34cce526245e
+ca10ad7d8068bd73ce6560a15d23d72f
+c6cc5eb12a47a5fa1d7dfee09db0b1d6
+e349ac98e759d2845129d1e907575f90
+a41c055815d50e6890107f9677c2884d
+46eaefca8050bbfbd3b9fa386a998e2d
+6da1b1b38496248a280211868e271dda
+163e81c342a1279d848de32864394f1a
+10486ec963189d236b4237aa396eaefb
+bb64cf9749a3f0d11b75eb1d90772cbc
+8edaac9bd760d1d51060ea910404f0de
+fc924e923644c94082db0751844c4af6
+a4eb385827e62af0e77134608bd237f7
+d9e1e52d4d1595181a21b54d01f1db8b
+abb34d551b204876ebc703c3e325dc11
+-----END OpenVPN Static key V1-----
diff --git a/CKUBU/openvpn/client-confs/wipe.so36.net/client.conf b/CKUBU/openvpn/client-confs/wipe.so36.net/client.conf
new file mode 100644
index 0000000..9a6fc86
--- /dev/null
+++ b/CKUBU/openvpn/client-confs/wipe.so36.net/client.conf
@@ -0,0 +1,14 @@
+dev as250oob
+rport 65001
+proto udp
+secret /etc/openvpn/client-confs/wipe.so36.net/as250oob.key
+dev-type tun
+remote 212.42.242.221
+persist-tun
+persist-key
+verb 0
+ping 5
+ping-restart 30
+ping-timer-rem
+ifconfig 10.250.134.1 195.85.254.134
+script-security 2
diff --git a/CKUBU/openvpn/home-ckubu/chris.conf.sample b/CKUBU/openvpn/home-ckubu/chris.conf.sample
new file mode 100644
index 0000000..35cd57a
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/chris.conf.sample
@@ -0,0 +1,258 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote ckubu.homelinux.org 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIG4jCCBMqgAwIBAgIJAJJFyNRqWYU3MA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczETMBEGA1UEAxMK
+SE9NRS1DS1VCVTETMBEGA1UEKRMKSE9NRS1DS1VCVTEfMB0GCSqGSIb3DQEJARYQ
+c3VwcG9ydEBvb3Blbi5kZTAeFw0xNzA4MDkxNDAxNDRaFw00OTA4MDkxNDAxNDRa
+MIGmMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJs
+aW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczET
+MBEGA1UEAxMKSE9NRS1DS1VCVTETMBEGA1UEKRMKSE9NRS1DS1VCVTEfMB0GCSqG
+SIb3DQEJARYQc3VwcG9ydEBvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBALae3zg7UYlmziw+LCYVg65H+lKNOcj/JArsL2MOnYEcmrePLI4e
+GWRppLVpxKeG9kIpfVglfqRDdEY9eOFguJs+MsKwwRi2LzY1rCjDazCjTnQ0L0Zj
+1RqJT1LqaEkzLv0cAWxza67K/n6vMaXxQ59jNAW/bOik1SogHiwrT78f2e+Zu3K8
+tqkuuDwtwbU0jzL+m+IuHNVl1CTcAIZRmFbdxpWfi5pocrbOIlCwXbUP8ltp/E/t
+xLKQqBP3ccgFwPuCGZBymUcpRdMgiDwifYnZK3H4STLSDN4b6K1PclKh46QuxDv2
+egap+vctIKJRLguAPqRVjSoYK5UXUcZC+R6t8rHvxDGLwvk3IPeEI9z5bCvnm8cw
+0e4/dr1EDjtwHXtw8X6DDf2biNmq4edCRxrgyQKwSOAsC4MhzFNPM112N1nJNrpR
+nXNCKRNGF4MdI/zFqRLraafk0eT6yP9/6lmoQDJsjhUH/ziOB+cPS4XmUI/XwMF5
+c56mD49gdG4ZivDtJeGcdZ4TSbD/lvc3yI1ECgouFPcBAJHwendA29xYMmuj4oCP
+stW7N8HARZWzfwIdbB/HHupHIZ1HV4ACY0H7Sju6SMFxWi09dl92BYG9rhMW/M6A
++k7WxW0IEqZyQgen3fTRw97GJXaLM+anwwl89c6trOaME1ql/w91lAInAgMBAAGj
+ggEPMIIBCzAdBgNVHQ4EFgQUXaBXd/nJzd6Iqb7Q+/D8ihm1nfAwgdsGA1UdIwSB
+0zCB0IAUXaBXd/nJzd6Iqb7Q+/D8ihm1nfChgaykgakwgaYxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5P
+UEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRMwEQYDVQQDEwpIT01FLUNL
+VUJVMRMwEQYDVQQpEwpIT01FLUNLVUJVMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0
+QG9vcGVuLmRlggkAkkXI1GpZhTcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF
+AAOCAgEAquNynEChfqP/lTY48YE3xhDycq0YF0WimD5NzKPgrCIP/1x3lyufzoiz
+8DrqVZ61LKdJUJMcWRmyqiXS3WZFX9X7ktZvmf37E7JUvorSuF21PMm9Oj0yUsUX
+y0AFUiH3fpNhCMxYiCqS85wWBy1+/6np1RodihGTPcLwAGLIVGEklyffyamQ2i2E
+TZwZrZJrmLyzsdn4PT3vJyfAUUbcpgf32zjEZCCozlSdisZi8cn2pL7y1pcXA5Oi
+gvLhDNntYTKcE1JjWqa/989JJgvvYD2fgCo+DkPw6i/Dic0UAZypHLKqiCc4f3Pc
+GqtaY7nxQjMSGVnMjEn2yzyFtXep4lXn16Nh8ZnGbEk3dqCIBS2xzjcUs6YRdyMb
+b2JIflNuI4Wrqx5CTyMM7lSNapZRPiP7Qw4xyq+og1TABJuc+9A3Pj/R/oztoHim
+9p1zCM4m3tEBUCkYxet87BojVn4MQ37pees1Xi4oAFHqU5mCwpakO6rVOt4Y4vyZ
+K4eF0w3NoRl+z4tbDFh+RjUj5tChKcMxaSitCsD0GGvd0nlO550tbxjMZlchpLhP
+xG+rcU6098AdwAIjESyYfowVhHT+BDTefXphSYMz0ImaiBzbGwEmpce7sD1bYFSn
+Wer/Kh24vsIIxcO2PNEKvQbO/I7YD4Yjk4pVGTUgD54LLX7k+7U=
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tV
+QlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
+b29wZW4uZGUwHhcNMTcwODA5MTU1MzI1WhcNMzcwODA5MTU1MzI1WjCBrDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMT
+EEhPTUUtQ0tVQlUtY2hyaXMxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG
+9w0BCQEWEHN1cHBvcnRAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDA5DrGxKOrIDkG6bN41khikTnVEWmg35qFA1OkbezVg8e0tuhAhDqh
+ugWUbbKJAj/KIwQS1z/8yNfkb5GKNEJYCnUvuvnxc/AKJ1c5DrijeRm5PHyXs7sn
+RFm+EOB5G+czct5JEfTUkVsftSZboLhQ+GESNB4DJj7cZX5Eb3CQQm60a4cBMzEa
+r9W7LyWBQEHcuY3oI6s/R9g72QGJaNQWJklBT4TOcnz3nvs5/SYvvxVsykqDD8ii
+9SzqA3zuvBoTUHFaw7YfoBkclQ5ziV0iNYUXb937DArbvnhNbDxb9EjBCmJxZ8Uh
+ryVIyLnSvtLgar3I/eHFeJEhxwdhmNuYR1tLKjkVLFb6rTWZiizRUSUnidNHXbu1
+K/FbOsurd3ZRLMttZNTc1kNdXy3JDUToy9rZOUpoRbfY1UnCNN2tWNB+U6wYgAUn
+V1bZhWnUdX1stP96G3kIjff1LvfcheevgaLDNFDAtgRwYjawP/uXdybmQAIO6UQr
+jLfA2958sGEKWrB1Pgy8kmvXE3xGajNDTP3UNFIJsc6/nE7DaA8VTuVW0ypgNSwS
+uvI4HJnbxV9YDCozojOVjN4ICyqDtBabKbuZ6C2lvrMsKMrvUTkdVei5YJELHH6f
+qT0Wvgt+YjGmu9LuG44v2lKWqw0oxsnnhElcmMyuimrWiWH0FsflJQIDAQABo4IB
+bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
+dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSZ3aK5+DrQI6Jqd/Rr85dJ25MefzCB
+2wYDVR0jBIHTMIHQgBRdoFd3+cnN3oipvtD78PyKGbWd8KGBrKSBqTCBpjELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMT
+CkhPTUUtQ0tVQlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEW
+EHN1cHBvcnRAb29wZW4uZGWCCQCSRcjUalmFNzATBgNVHSUEDDAKBggrBgEFBQcD
+AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
+ggIBAKh8doaLAtydm7PEcC7QAP5Uc3TNqCpfNCDApfjLpl7rdKrgAnmeV9kQ3IVq
+AAeyl2vuctEbcsX8/oNYEJFuUIwNf4mFDdp1Ifq8/ieCw2KLDU3zYH8sKQDTZHwT
+w6xuXocuVQ5mcwwjP7ERmYXUnnnHAOgSvjgXBBtNV8tAYGCLDkjGvcUZ0oNVBgAx
+Xoewhmd+1Oozr9I0YH1EhEDECVTbivb0So+2ZbEjmOXhSlJdgdi2MO96dsEOuMjH
+KMVTqBhMNtBOHXtDbfZC2NwzO5RcAV9FeWkHj6oaWIEl7RTiw52gMTygbx6ezZT/
+2fKq7TrY8fuRWLmQ77+TwIkT2oyr7DjJ9s+kY3AU7XKAZHTUbhGlqKsWUiV/3+5f
+S1v/4hjtuAA3JPOToBcEn9YAR2djavYIRM82YbRByHvrJZkCEnfOs57Wv5XZGKLK
+J4ph1ikT+lLBVczZVB14Elz6Vz0/CHlT2Q6/MtENpLyJop6uVCTmpIiKcfF+kuR3
+/f8pdXOzGc1nOwT3g75A+D70nWaXULZUBlRKJ3FZCo+Ecx73YRhU82frDL9+jYiw
+ui8IfDjmAQIqFivcHYLizZtpJhrqa7oG7MY80lfsHTPnUU/jkdRBYBzGk3yrFXpE
+KN1k61XVk3Iv9lDA/Oa9/Q85eSmj8a49ZQ+GLsTaOx7eBi8j
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIQu1w1fZPHpMCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECFN1kcfwGMq/BIIJSDyJVQRMO58N
+9RxwtPDyai8u6aTPghUdUdTAxnVXw/lDSJ0mJbSRm9Q6D7t/+JS+/wGAldmoZUHp
+a/jVAOtSwplaO0RnsHXtYA5QxrjrsrDdMXIQuwFOHIu1x8n/fE1mUnQ3ca9Q9wwR
+qFj+/oDNw7eYHrps0k/WNVlo83GCa9LUX9bXHFNhPXDm5RGFHhBT9cMPmXByii7J
+j+7MVCiOSgi4alMPGgNezDVBzJvWip3GzTH7ivxLZOl9ETQ1GpmaMS//9BLoO+2H
+ckghogZ94Nxq6NFRXH/618PKFzahcnBbqpuIbo0wzpx6WS64hsHUwnqXFlTzTeXs
+1Kkg8uT/hy7iMkGTQsdOqsHweUR8KoUbQCeHt5oB8xUkDBrjIRSxCwkfnIs6fsWW
+EEoRUCM4cjbmX4Owb4ywbRzbJPjubkNs2b3GKo84b6Z9lS/02VP9GjB6n8hDx7b/
+gB1fcRPLpzdNFq5hI2twKZw7XiXU6CeG5FrZcDdsOgaEsDXbEkGMAnBOyUkusmSi
+7McHm8BHYs6JynQon7577W2cuw4WAlu1fmnToXBlB+zivn7C0ywM8/V7ZAFMXH3P
+BO//emkfZ2CbBj4tjqq/X4vYLVYwTgjeOuE16w7QORfGAQH3/g84nHGKmRGQmf8C
+XK3zC3ybOkoXzrMmOfFRqVkWLI9NYSFXypd4rXPOdIT/PPxHzoZV9Zhlb+fobNy1
+yt2ProN/eHecTgJzthizNpbp0vexQSnEfjbgn8KEiEBcHm7cYbcWxM7bJtf2VgdK
+lSa4H6xX3bndC8avZX3tYdGda83p0NA34cT0V3zzSCiBXbSEysfCoEGpT3fgVxrO
+gc00qgief0oNdTeO8qnGjgc4SgsxH1yzoFsLsZ/JoHfeap/AIO2axCyxf1yPOrsv
+lTUJPWhi8Hda+1iaHElSFsKBLBMnty6mGh9J2b5JpmGCbjOKg35G9G0gZPbo7hP1
+Wfte5bXq+Ur+7sfS+cj5DS+04p4xygI1djc3vRk+QJxd5z6gjKuJVIpK/+qRTzP/
+6vtnE/59xFGmxKZsgVW5ZTMM0e0eUneST4h1ciCAmqdXsTAIoLuTXi4gkf/P85Ye
+7NoiPc6SamqktvUxDTP6nGP906LhnNxjhjswhhi33aBXLKLLbNKm4aT8bBm+DISh
+KRa3qK97Q2GwEpYp6xticBa5FNHFPhLWBzB9Acms77lRQ+V/d1qZ+EBnaq3zv4tH
+3zSfhimNyhWSvbl08Nr7OSWJIYQzpHKiUpqypoWmrBCpnBDSdug3h+qXf99RnQSJ
+5xGe87H3v8xSub+f3uZMf8S9LxQuWDv+bGUfxXla/234duO8E4CcOBbiMdI1khcO
+XPSKvqEuwdnZfDNvxQq8u5R83zI/zMh+/KI8bjo3qe7O5TVUpxb6YFM74KuGLZTW
+EPWTJereXtVQYC+dHl2An41RKO4+4wXFPf9etILMwCtvPrnYompz9l2lEKfA7WOP
+uSFH42JayyhaTjvXsdPPQbeZpCKeJqsESclF5LfXxLwPAnfRWlEVXEht+j85Q0oX
+UUhzS44LqEGzrFgot1vp3au+7PsxyRBCg96us6E8z151/VxX1R+lrmaUEQweh2lv
+tn1ZAXksB7AisUu3Uw1nz5JMhn0tX3/NKKyQLHwwcrlH51Bxrzhlrpc0SsKbpjcE
+4r7eiT01S9njVOIPJVaHd/KvdyhNXViKMW2uF7dc8viYPjM3xnEnp3Cp0BFnjEBL
+wjAcxhaAvwUg0TG7s3IM5RiqOsUCmRYN7n/hJdZF7/5qtwkIB+5BJ+ow4AdPSdym
+AX8ukmiBjhvgQq8EAlDreQeWVXtAY8HcHkU6KjIoFVoiLCqrwTVSmxSXfLRuw2NG
+cRdnGvoZ6LxF69ocap7kgulT3haUid5w9FFEuzDJtW8bdTlqCqgUdaukLN3mOjEj
+C+3ynprAD0JjcU+4Q8ZGX5Ozaxx0o/dN2BaTnj872434V0XSUcsdlssbVoFfQe1Q
+7ftu05xbSTpQi+aj+BqDltwHezifev2UpRFMENqIkpSl/jKtdbaapBk1uxxDDnX+
+a6m0b7ykrVe18TjiiSsGGf0TTuwvcJW6bmh08Eg+NitDl5HPHabLUY8lornzbw68
++0C/wVllFiX4WGMJ33FztI6/DZdIa/tTEEYQKn+WDaPVwKFp0j3kzfUBj9zHDC0J
+YJbuQJ/nq52rqADqbEBlNv2DYwWgAA2znk2yL0mUT9IwegE6nw9/X97zr5tgtkni
+PPP+MI/H4seURLnkyr2v//0niLPAXwiru9g5omMbWYn78va3GcaAWvypRb2VMyX4
+Ve4rb2gdXioM93T2umZbAph0GtjZ/jSnKobq46xl4wuxqQ2qRWDlb7I1Eda/Hn1O
+oFBlJ8T7yaBWLsMHJW76lWIov05fYRRNQvrOPB7+Jz/TxhAGF75GZzLbN82jCaRd
+jJCbfdc/DCYSNAkCuLcDn00BGxYCQ70Mu0LVG0wrnyMIg1JXK5oTZkdsNPml9Mij
+CsNLf3Wh60iX9qWt3rdSppO6mCJKmWIfyTS3tfxB3NE+/M37KtrCK76fhFEfYfHm
+7xhqzsq1j5e1DXxhrqtQZPTqAuOLjbQzsTAyFFJJKz1aZk1dOFFrj9hmsIEwBUe/
+6zrX+oPk1aEmT4qGb29DMn69ruUlcZQ+5kIBGMXPsnBV7TEm30HE8QGnVWUOlIZ6
+1etXLSJsmCEkV81N4JZyNDGONzvuqGnoDMeEE8d9EnztwGIEUD2lLmiWg3PKsvgg
+/dWjirUdVRVwb7YTZL3NsWn11TehCMxUFSXDYMVWcRTaYLqMNLDlZL1zAj3YRzDV
+1iGR7s+Jw5VkGZrSqSPuRW4dBjr8JulHimKhRCZw/cIzl9EXISsVRP/gFEc3OvEl
+TrpE8hsvOrKd5wWziJjJ0YXHTjXKoYjeD1Cg95oZII3iEJ6d3k80p73QHcC89kyF
+U5KG3WtaGrDmS/aw7UpNJQI6UuMSli8bsvmTO/ko/YEKlN75YD4doxuHAYz1s2UB
+Ii6EFbLrhG/Lk1VP7AxTSyiFSY3iS1l92fvv72BI5J7G6Okk66BWvdNUFH8crEXJ
+woiQ5eUk2Mv756C4fCIPmgv3zv7T71r3L5mc6hQ4MEuVHDfSvFfiRd2w2z/5WjKy
+JY+xOBY3LmvpvhogMLpFhQ==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+1c8b2c0960c29ba0f8b85d20cf7654a3
+2429c0a7e6c898f834473377846b349b
+e5070fadf83aa6f2143ddedd5fed69b8
+6b4303181d4cf8b130777033982585fa
+24796676d2c096db93d8ec0bf221a33f
+974c554b7173faaa46badec409713525
+927fdabb473a3e24d309983c858b1b7c
+7ea88198f4f01d1a5c2fb6920a1dcd4b
+d1a3918e736899803896aa1d43ad131d
+996e9f78bcc1faccb83276e65ca43626
+c4b0de36dfaff3be40276a0126d15690
+bf7c3baca7d51d4ed78efb8248d6e3c1
+43fb2424ed1b31e7a2cb14506a3d5fd2
+3f3f58ee93eb615044fb6d0d345095c8
+c0c5551065d416d1b6781d8436f8afb9
+2f34aef585ba7ec0a977386b3a3b9c0d
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/CKUBU/openvpn/home-ckubu/client-configs/chris.conf b/CKUBU/openvpn/home-ckubu/client-configs/chris.conf
new file mode 100644
index 0000000..39a0aa1
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/client-configs/chris.conf
@@ -0,0 +1,271 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote ckubu.homelinux.org 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIG4jCCBMqgAwIBAgIJAJJFyNRqWYU3MA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczETMBEGA1UEAxMK
+SE9NRS1DS1VCVTETMBEGA1UEKRMKSE9NRS1DS1VCVTEfMB0GCSqGSIb3DQEJARYQ
+c3VwcG9ydEBvb3Blbi5kZTAeFw0xNzA4MDkxNDAxNDRaFw00OTA4MDkxNDAxNDRa
+MIGmMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJs
+aW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczET
+MBEGA1UEAxMKSE9NRS1DS1VCVTETMBEGA1UEKRMKSE9NRS1DS1VCVTEfMB0GCSqG
+SIb3DQEJARYQc3VwcG9ydEBvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBALae3zg7UYlmziw+LCYVg65H+lKNOcj/JArsL2MOnYEcmrePLI4e
+GWRppLVpxKeG9kIpfVglfqRDdEY9eOFguJs+MsKwwRi2LzY1rCjDazCjTnQ0L0Zj
+1RqJT1LqaEkzLv0cAWxza67K/n6vMaXxQ59jNAW/bOik1SogHiwrT78f2e+Zu3K8
+tqkuuDwtwbU0jzL+m+IuHNVl1CTcAIZRmFbdxpWfi5pocrbOIlCwXbUP8ltp/E/t
+xLKQqBP3ccgFwPuCGZBymUcpRdMgiDwifYnZK3H4STLSDN4b6K1PclKh46QuxDv2
+egap+vctIKJRLguAPqRVjSoYK5UXUcZC+R6t8rHvxDGLwvk3IPeEI9z5bCvnm8cw
+0e4/dr1EDjtwHXtw8X6DDf2biNmq4edCRxrgyQKwSOAsC4MhzFNPM112N1nJNrpR
+nXNCKRNGF4MdI/zFqRLraafk0eT6yP9/6lmoQDJsjhUH/ziOB+cPS4XmUI/XwMF5
+c56mD49gdG4ZivDtJeGcdZ4TSbD/lvc3yI1ECgouFPcBAJHwendA29xYMmuj4oCP
+stW7N8HARZWzfwIdbB/HHupHIZ1HV4ACY0H7Sju6SMFxWi09dl92BYG9rhMW/M6A
++k7WxW0IEqZyQgen3fTRw97GJXaLM+anwwl89c6trOaME1ql/w91lAInAgMBAAGj
+ggEPMIIBCzAdBgNVHQ4EFgQUXaBXd/nJzd6Iqb7Q+/D8ihm1nfAwgdsGA1UdIwSB
+0zCB0IAUXaBXd/nJzd6Iqb7Q+/D8ihm1nfChgaykgakwgaYxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5P
+UEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRMwEQYDVQQDEwpIT01FLUNL
+VUJVMRMwEQYDVQQpEwpIT01FLUNLVUJVMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0
+QG9vcGVuLmRlggkAkkXI1GpZhTcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF
+AAOCAgEAquNynEChfqP/lTY48YE3xhDycq0YF0WimD5NzKPgrCIP/1x3lyufzoiz
+8DrqVZ61LKdJUJMcWRmyqiXS3WZFX9X7ktZvmf37E7JUvorSuF21PMm9Oj0yUsUX
+y0AFUiH3fpNhCMxYiCqS85wWBy1+/6np1RodihGTPcLwAGLIVGEklyffyamQ2i2E
+TZwZrZJrmLyzsdn4PT3vJyfAUUbcpgf32zjEZCCozlSdisZi8cn2pL7y1pcXA5Oi
+gvLhDNntYTKcE1JjWqa/989JJgvvYD2fgCo+DkPw6i/Dic0UAZypHLKqiCc4f3Pc
+GqtaY7nxQjMSGVnMjEn2yzyFtXep4lXn16Nh8ZnGbEk3dqCIBS2xzjcUs6YRdyMb
+b2JIflNuI4Wrqx5CTyMM7lSNapZRPiP7Qw4xyq+og1TABJuc+9A3Pj/R/oztoHim
+9p1zCM4m3tEBUCkYxet87BojVn4MQ37pees1Xi4oAFHqU5mCwpakO6rVOt4Y4vyZ
+K4eF0w3NoRl+z4tbDFh+RjUj5tChKcMxaSitCsD0GGvd0nlO550tbxjMZlchpLhP
+xG+rcU6098AdwAIjESyYfowVhHT+BDTefXphSYMz0ImaiBzbGwEmpce7sD1bYFSn
+Wer/Kh24vsIIxcO2PNEKvQbO/I7YD4Yjk4pVGTUgD54LLX7k+7U=
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tV
+QlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
+b29wZW4uZGUwHhcNMTcwODA5MTU1MzI1WhcNMzcwODA5MTU1MzI1WjCBrDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMT
+EEhPTUUtQ0tVQlUtY2hyaXMxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG
+9w0BCQEWEHN1cHBvcnRAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDA5DrGxKOrIDkG6bN41khikTnVEWmg35qFA1OkbezVg8e0tuhAhDqh
+ugWUbbKJAj/KIwQS1z/8yNfkb5GKNEJYCnUvuvnxc/AKJ1c5DrijeRm5PHyXs7sn
+RFm+EOB5G+czct5JEfTUkVsftSZboLhQ+GESNB4DJj7cZX5Eb3CQQm60a4cBMzEa
+r9W7LyWBQEHcuY3oI6s/R9g72QGJaNQWJklBT4TOcnz3nvs5/SYvvxVsykqDD8ii
+9SzqA3zuvBoTUHFaw7YfoBkclQ5ziV0iNYUXb937DArbvnhNbDxb9EjBCmJxZ8Uh
+ryVIyLnSvtLgar3I/eHFeJEhxwdhmNuYR1tLKjkVLFb6rTWZiizRUSUnidNHXbu1
+K/FbOsurd3ZRLMttZNTc1kNdXy3JDUToy9rZOUpoRbfY1UnCNN2tWNB+U6wYgAUn
+V1bZhWnUdX1stP96G3kIjff1LvfcheevgaLDNFDAtgRwYjawP/uXdybmQAIO6UQr
+jLfA2958sGEKWrB1Pgy8kmvXE3xGajNDTP3UNFIJsc6/nE7DaA8VTuVW0ypgNSwS
+uvI4HJnbxV9YDCozojOVjN4ICyqDtBabKbuZ6C2lvrMsKMrvUTkdVei5YJELHH6f
+qT0Wvgt+YjGmu9LuG44v2lKWqw0oxsnnhElcmMyuimrWiWH0FsflJQIDAQABo4IB
+bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
+dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSZ3aK5+DrQI6Jqd/Rr85dJ25MefzCB
+2wYDVR0jBIHTMIHQgBRdoFd3+cnN3oipvtD78PyKGbWd8KGBrKSBqTCBpjELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMT
+CkhPTUUtQ0tVQlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEW
+EHN1cHBvcnRAb29wZW4uZGWCCQCSRcjUalmFNzATBgNVHSUEDDAKBggrBgEFBQcD
+AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
+ggIBAKh8doaLAtydm7PEcC7QAP5Uc3TNqCpfNCDApfjLpl7rdKrgAnmeV9kQ3IVq
+AAeyl2vuctEbcsX8/oNYEJFuUIwNf4mFDdp1Ifq8/ieCw2KLDU3zYH8sKQDTZHwT
+w6xuXocuVQ5mcwwjP7ERmYXUnnnHAOgSvjgXBBtNV8tAYGCLDkjGvcUZ0oNVBgAx
+Xoewhmd+1Oozr9I0YH1EhEDECVTbivb0So+2ZbEjmOXhSlJdgdi2MO96dsEOuMjH
+KMVTqBhMNtBOHXtDbfZC2NwzO5RcAV9FeWkHj6oaWIEl7RTiw52gMTygbx6ezZT/
+2fKq7TrY8fuRWLmQ77+TwIkT2oyr7DjJ9s+kY3AU7XKAZHTUbhGlqKsWUiV/3+5f
+S1v/4hjtuAA3JPOToBcEn9YAR2djavYIRM82YbRByHvrJZkCEnfOs57Wv5XZGKLK
+J4ph1ikT+lLBVczZVB14Elz6Vz0/CHlT2Q6/MtENpLyJop6uVCTmpIiKcfF+kuR3
+/f8pdXOzGc1nOwT3g75A+D70nWaXULZUBlRKJ3FZCo+Ecx73YRhU82frDL9+jYiw
+ui8IfDjmAQIqFivcHYLizZtpJhrqa7oG7MY80lfsHTPnUU/jkdRBYBzGk3yrFXpE
+KN1k61XVk3Iv9lDA/Oa9/Q85eSmj8a49ZQ+GLsTaOx7eBi8j
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,A8DCE11902B81F52
+
+YoUKcSwJtgulV5k8iXSNF/U2joi5fD9mOXOy5qQWkn20s3uAnapYL05jv7x5WZnB
+r9Q37oFVgB5bu0THLqa64fORUOOmin/PhepgBkV1BWmx75Y1FdHaylnBqqudlhn+
+Ae/pXlhWET1aWXvdKPGMhFJ+RKevHEoThGMxHC/Hj3a0Rl+AzrPbl6YROZ1eM2cB
+Kd3nWrdrGhcUyDUn8cg9n1pDnouEGm/krbn1zjQsISlYmxDMoHBHAj+bAFJKTtkt
+NiidhN2lNbw9WfEOm5MZCaM0c1GrK1Uw9AhpkZcvKhVx6yZNa52c53a/xxzoPcq8
+kA+4n73NoyJzmi+q8egPKCBt2lXyHPDkfsrns3ljJPG7DMPfSazKH6KG4B/ONS9b
+wxzNCuyFyWfJdbDpN02FXZHeyg7CGPU4kpSgy0XwFakjQ6+a5hbRLIVkDb8PCvIA
+ayLSOvB9WgQzBQjnXyiujTMDz4FzLOVzGJUGKvgkNqv7oxHbCjNTynS+VIWw8wAk
+nLcV7F8GTGU76h/TG9IOsVaq1eQIpXq01NvMwZAezh24QfM1VZwuB1vgcAren0P6
+78pOKpuPtzEJWJy3zwbSGHtRetB+E7riU6eJHzFsZtJExxn2Rd3ATpIb7MtG9b0v
+MKzqPhWHzEQz/psMrZaQ3ONsmi0Ti8Yjn/lvV5B/whwBEeJ101ju/ZXvPyqINzQH
+5E1/Flwrr2hXkEchaGJoREN26tWUu5x5E7KWu37wzbb6533veoVFmoLm0+NdHDM6
++LOlq6xSy5vDH1qNaSPf7mtfBJVx/2f5I6IIGfPJ8wNWQsb7ij/vXpJIGaS3lee1
+1ZMnIiFQAGs5rQh+XqWRLFL2Z5Omf8SeE4Zr3Pd5Ax9+8UjpNgMPlNCZ66yyOzO7
+lwSQWbEVx8HG9Eg1hFOIgZhVbDmaukHLJcVaT0A0WR2/19iu3zZZ0VgJcz4i+Qp4
+RlznHpOJQ6FvpydxW93BkRpikMfpRL8PdPKswbIbTAkwTCV7EIceSnH2NL+EFsLQ
+/muGyx4IhpFsJB4gE0TR0t/U4FdBijILd3wZnFBxPfhofc393P2OfeRLk4tvaeae
+Eqwzkcdcm5zG0dbxFUTXe7pQB54hRvJ/4XFMhTwQBjZDKr0RH0mNEgomqU8s8Lfm
+qaMY3OGuYAMpTE3t+NIBdge8SoSSxxl/kR+2V2h04zjZ9uYss4b5Bj127tGbbSS8
+nH4cDwysTTtcACuh8FLByoFio9Rnt73uckhflskaLvwZE/8A0uhD01F+chatvSAJ
+Aix9oQwDtiyHF2t8C3eouOWl7Is+BDlh2iWYEaNPgFpXwR5eRqUpkDCDFurecT3t
+ru7i47QftimArrx//dWdNZDDXC2vY32zr4e3wLoEkuFZb/uiXA067AVvCKTuN6H4
+M00kzpAfyawLaLFsPFxi/hISWq96OzmguivsDsoraIl8Uz1xkL4/zhHdJDToHV4E
+wTrQlvoA4zWDa3DNbwRH9vna/zY8owktR9nDb50xlmmzXT8ucAFN8BNLCeQMir4u
+2HjGic2gBFrnOgafVXsnJam+a0ce2mPSRQ1hLNxquDdB3gT1Woiczhl1HBRX9U7K
+BpOJeVWF9kLBhbTTWqXQMnZNOnh0iEmjtDg22dg0hsHsoo8z0ngUGGrDofPRQ9Xy
+Aw/GmAwF7pmwSfIWiCndFMFeCN418nugtX2QavkIkm8OFm522RRwUCX5lKdZAlzG
+nX947m997mZMtdilpcl/F03N6/gKu1S1Wrmug8sPD6R9mugzcNQDFRsS+8dcwmwf
++zYInaSO6tmI7+GqlaIORXB9vNawy9vElGOqx69No4vjHP1x9+6xEtJk4O6aRDtl
+Ju7/NlDildpIhjIvnJe/eKEBDfyyGDlHyVAEqnf7Yzz92j+3ZugIz/zd4iTdGzfg
+tsQx0x2i/WsDw11/cefPXth07kJVfgM3jdgk2d0Yd0LpWWjxUZp5H4zJ5FZ5yl6s
+GFLYCK6Fj1QsWXd4qQjH7092ka5GKvYLcR4DxCocJ6tS1UE0MReI1YaJ8GU3dwaY
+91+Q2j3+lPY3PKH8/MjL8ZZJoIjlyvXwYff1quObbUYIYbtuhJ3c1PYeigt/G5Du
+nb4qJuZ6ue2OEfuvRnXgH4aNgZEfrVuYydDBxM55HpaxZBjC0ipqGYnC2X9rU7JI
+dD+r0ymGoIt91ZhgnahhIx4zzrJ5i7BNujMYal9AEkPXV+VkY/iNJJKjIzFEc9J0
+GX9ELhXHzed3xxy3goTqJPgY0u/jBsUca3l2AI9H8qjeAltbiRP+TdyafhCr/RX1
+f2t+KLLvK7F2Ls4VcRPIpuEWrnbvJbh3ot5anzzR20ifFy2fIXyI/Sy/DPAy3hgD
+adNfY29lyY8dLv/CTXju9AHEX/Z/IvEBBZkAUUIJ8v2wIR2HMOi/kCsEl3HnK/Sq
+aKHenYE5QqME+Y6b8t+w3vhNT7HAcaH/sjrDn08Wls/XqTDEEr+fFV8i/Z0bFQjs
+27pbdDrYCmQjGizP2INARVIBYeCk/LQ8kSgIy2pI6uzqdXiHjeeSLtLxl7fmLw3j
+VNzCP0uY407/N6WTOYEvg/SHAYQZNA3zSA/xsNihRGGDvj75a0WI1p+QDMUUGiYJ
+xdDU4lM+L6YP2yZ75XBUNhwHHX6C1vfQC/BvnszRSdnEZeq+bOwAkBDC31eH6y4J
+tbqxOXB71x6Ljcwp3BnpKbnXt9VzLM+O96sSc4wOfJl7AeHWD6eEKJNT1mfjWfN3
+jB68ezZhQpth7RilxtECMz4pcigGsljHkIfd9nweahAwq2RNwhz5cafpQqDeJV+c
+0o05tSNvR8snLX+fbnBTxHl4025lTmJNh9Hv4DY3UnAVL/e/wkmupb6gYA+N3s03
+ZJhhG0YBUviuuH6DrRdxTrHjnVveJHSuHhUHrgM3PeX8cspBBYbX77d52jqDS3HJ
+UD6eCrIbxyDsKDFS1DEby2KZYM5CBmI4AzUW4nKBuRPZ0uFiM7b/KXptQvC/sUWE
+6DgVcIz2ExivDyiHo5XSWsssRRI+vXtJ/GSghWTZuN6WI3whZtnYQyS0L+tZCRdi
+GHaFz1YOvzTJZoWHZgXg0fe58Q7CLdco+66scYlHstj562mjsd7fPa59KaGKluvM
+-----END RSA PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+1c8b2c0960c29ba0f8b85d20cf7654a3
+2429c0a7e6c898f834473377846b349b
+e5070fadf83aa6f2143ddedd5fed69b8
+6b4303181d4cf8b130777033982585fa
+24796676d2c096db93d8ec0bf221a33f
+974c554b7173faaa46badec409713525
+927fdabb473a3e24d309983c858b1b7c
+7ea88198f4f01d1a5c2fb6920a1dcd4b
+d1a3918e736899803896aa1d43ad131d
+996e9f78bcc1faccb83276e65ca43626
+c4b0de36dfaff3be40276a0126d15690
+bf7c3baca7d51d4ed78efb8248d6e3c1
+43fb2424ed1b31e7a2cb14506a3d5fd2
+3f3f58ee93eb615044fb6d0d345095c8
+c0c5551065d416d1b6781d8436f8afb9
+2f34aef585ba7ec0a977386b3a3b9c0d
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/CKUBU/openvpn/home-ckubu/crl.pem b/CKUBU/openvpn/home-ckubu/crl.pem
new file mode 100644
index 0000000..6815894
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/crl.pem
@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC7TCB1jANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tVQlUxEzARBgNV
+BCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4uZGUX
+DTE3MDgwOTE1NTA0N1oXDTQ5MDgwOTE1NTA0N1owDQYJKoZIhvcNAQELBQADggIB
+ACjHl5NsKZ+RmQFK9PGDNVQg+aPaAdUpOQVY3VqQtMEN1yPlSQE0To9+u+fxlyxt
+XTNe7D8xTeTLU3J57UjEZerxJXPWMHKlOMSt1xDD51Y81IChYzyM0yvTcNlNHi71
+1IcI/MzX4M2Jy2tf1tL8MXDkXMEwDWH17XyUN246h8D9p/B/SO6Uem8Jt7YIxT4R
+n6P4B63iFIVROU21rCqJ84f/obUFpRS/ZV7c0Gz9lLbfdEG2eAxuaNxjSk79rosY
+myZuMe1WTjDkgAg8y/E0j4HnAUE6Cos0fz+R3XrPlZLVVbnVngXcjP/J8LBQNDNR
+1gNh6ZsW8zDt3ZoILH0J/0gvF+JBBuIwi0bgLqbj1hYBDIA9IhPbDlt7+36o/wQA
+vqoPWzCT+koF4xWA8q/LgQpL1ta9oozFOC8Lb/7Hhu4P6abeMDbuGrye4wP6nT2H
+xrO4yLpvvmRRMLIs8SiS0IcLT/nHGJZ6SOLn5zqf2aIzGYvoE8uqjhSbHMZwZFZi
+4rZPaivzd1c9IWrW3WN5o403mvNkUS6Z1/Hhk9Jc++ZMUIOA5r2A/RPaUxOZMAD2
+RYmLE3b/VeZefx/PXTmlu3+0OGMCvOIUTx8bKG8bNEmK3i+6lOB8I0JqKszGEFuT
+JnlqO8kgBnwRugI29zY4tFLjKs99DwOHoZAPSMiDi/Mc
+-----END X509 CRL-----
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/build-ca b/CKUBU/openvpn/home-ckubu/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/build-dh b/CKUBU/openvpn/home-ckubu/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/build-inter b/CKUBU/openvpn/home-ckubu/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/build-key b/CKUBU/openvpn/home-ckubu/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/build-key-pass b/CKUBU/openvpn/home-ckubu/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/build-key-pkcs12 b/CKUBU/openvpn/home-ckubu/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/build-key-server b/CKUBU/openvpn/home-ckubu/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/build-req b/CKUBU/openvpn/home-ckubu/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/build-req-pass b/CKUBU/openvpn/home-ckubu/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/clean-all b/CKUBU/openvpn/home-ckubu/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/inherit-inter b/CKUBU/openvpn/home-ckubu/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/list-crl b/CKUBU/openvpn/home-ckubu/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/openssl-0.9.6.cnf b/CKUBU/openvpn/home-ckubu/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/openssl-0.9.8.cnf b/CKUBU/openvpn/home-ckubu/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/openssl-1.0.0.cnf b/CKUBU/openvpn/home-ckubu/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..30689ad
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG b/CKUBU/openvpn/home-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
new file mode 100644
index 0000000..c301e44
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/openssl.cnf b/CKUBU/openvpn/home-ckubu/easy-rsa/openssl.cnf
new file mode 120000
index 0000000..31956b6
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/openssl.cnf
@@ -0,0 +1 @@
+/etc/openvpn/home-ckubu/easy-rsa/openssl-1.0.0.cnf
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/pkitool b/CKUBU/openvpn/home-ckubu/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/revoke-full b/CKUBU/openvpn/home-ckubu/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/sign-req b/CKUBU/openvpn/home-ckubu/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/vars b/CKUBU/openvpn/home-ckubu/easy-rsa/vars
new file mode 100644
index 0000000..af9cf45
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/vars
@@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/home-ckubu"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="O.OPEN"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="support@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="HOME-CKUBU"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="HOME-CKUBU"
+
+export KEY_ALTNAMES="HOME-CKUBU"
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/vars.2017-08-09-1558 b/CKUBU/openvpn/home-ckubu/easy-rsa/vars.2017-08-09-1558
new file mode 100644
index 0000000..e60420c
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/vars.2017-08-09-1558
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/CKUBU/openvpn/home-ckubu/easy-rsa/whichopensslcnf b/CKUBU/openvpn/home-ckubu/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/ipp.txt b/CKUBU/openvpn/home-ckubu/ipp.txt
new file mode 100644
index 0000000..f8e4407
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/ipp.txt
@@ -0,0 +1 @@
+HOME-CKUBU-chris,10.0.63.2
diff --git a/CKUBU/openvpn/home-ckubu/keys-created.txt b/CKUBU/openvpn/home-ckubu/keys-created.txt
new file mode 100644
index 0000000..af75e1b
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys-created.txt
@@ -0,0 +1,4 @@
+
+key...............: chris.key
+common name.......: HOME-CKUBU-chris
+password..........: dbddhkpuka.&EadGl15E.
diff --git a/CKUBU/openvpn/home-ckubu/keys/01.pem b/CKUBU/openvpn/home-ckubu/keys/01.pem
new file mode 100644
index 0000000..3296867
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/01.pem
@@ -0,0 +1,142 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=HOME-CKUBU/name=HOME-CKUBU/emailAddress=support@oopen.de
+        Validity
+            Not Before: Aug  9 15:50:41 2017 GMT
+            Not After : Aug  9 15:50:41 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=HOME-CKUBU-server/name=HOME-CKUBU/emailAddress=support@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d5:6c:90:c5:16:11:24:57:61:7d:60:5f:48:f6:
+                    05:a7:41:e4:09:74:39:63:d5:2b:5e:44:74:20:e1:
+                    ec:d0:57:6d:1e:eb:e5:d0:77:c3:aa:52:c5:00:6e:
+                    de:69:7d:af:43:d2:c8:d7:fe:6c:38:a6:76:f5:8e:
+                    8e:70:e9:63:b6:58:71:9a:2f:95:fc:1b:65:73:29:
+                    47:b4:82:90:25:52:34:59:f9:b9:9b:1d:f5:e8:f7:
+                    18:a1:08:86:8a:c9:65:15:ae:05:09:c6:cb:8c:eb:
+                    e4:cc:01:d6:a1:82:54:58:d1:5e:75:cc:f0:7b:fe:
+                    f7:04:92:72:62:0d:b7:7f:fd:b4:8b:f8:8e:08:ac:
+                    57:da:6c:ab:e1:0d:73:a5:62:55:f6:98:89:a5:9f:
+                    19:4f:6e:b5:17:03:7d:e7:78:b0:15:29:15:af:7d:
+                    f7:57:00:ef:10:4a:15:7d:fc:8e:b8:4c:da:04:67:
+                    12:6f:71:1f:99:c0:36:e5:cf:37:35:3d:ec:b1:08:
+                    3f:32:c5:51:53:9c:61:02:cf:da:03:56:bc:76:0c:
+                    c5:94:94:f4:bf:12:8e:5c:65:1f:3f:0b:8d:20:20:
+                    ee:12:d4:63:6c:94:b6:d2:00:f1:8f:53:6f:db:fc:
+                    71:d6:56:1d:27:ad:fc:cf:55:b1:d7:fa:68:4d:e6:
+                    b1:91:8f:2d:d4:8b:f6:20:26:f1:d7:e5:99:a0:e3:
+                    42:53:21:ca:f9:63:28:6b:e4:24:7f:ca:5d:33:03:
+                    53:8a:71:94:e6:4b:dc:70:79:2f:1e:fd:80:ad:4e:
+                    20:6a:52:ec:2d:7a:ca:04:44:62:cf:6e:b0:47:7f:
+                    5d:d4:39:c3:3b:a6:c2:8e:31:1e:6b:f1:72:89:ce:
+                    e6:d5:61:de:cd:bd:30:2b:2c:fe:db:07:8d:f5:2f:
+                    1c:eb:13:47:f1:ba:3a:bc:16:59:2b:cc:f0:0d:90:
+                    8e:63:cc:67:86:1f:13:94:87:97:11:c3:f5:44:85:
+                    dc:c0:e3:14:b1:df:d3:0b:a5:77:34:45:c6:25:9a:
+                    8f:f9:f3:5b:c5:c6:83:f2:ed:7c:35:f9:15:2e:5f:
+                    72:17:0e:fa:3b:7e:31:2a:76:28:d9:2f:7d:28:98:
+                    ee:f9:48:29:3e:dd:fb:99:d3:30:88:06:9a:b7:6a:
+                    c7:37:a6:92:56:db:be:d1:64:de:6e:b6:15:20:f9:
+                    56:59:a7:be:f0:a5:96:a4:e4:06:b1:3e:c1:df:11:
+                    a9:88:c8:10:2d:5e:0e:53:08:29:0f:e5:a2:57:58:
+                    bc:e9:bb:e1:64:71:50:35:5b:aa:b0:04:87:33:d4:
+                    31:a6:da:3e:15:9f:d6:2c:c6:39:ac:f4:fe:e1:48:
+                    81:a5:2d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                E8:E1:ED:6A:13:1F:29:D0:15:EF:B3:C1:57:7D:2E:4C:49:E0:CB:FB
+            X509v3 Authority Key Identifier: 
+                keyid:5D:A0:57:77:F9:C9:CD:DE:88:A9:BE:D0:FB:F0:FC:8A:19:B5:9D:F0
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=HOME-CKUBU/name=HOME-CKUBU/emailAddress=support@oopen.de
+                serial:92:45:C8:D4:6A:59:85:37
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         96:98:28:5d:5f:64:66:c6:43:92:11:90:81:6a:f3:da:30:ad:
+         f4:d9:3f:17:19:d1:98:4a:a0:78:d2:8a:1f:1f:9d:27:b8:b6:
+         44:bc:8d:a4:86:04:6a:a9:1a:a3:b8:00:f7:b7:19:be:06:65:
+         e1:20:be:d4:3e:79:9b:17:36:90:96:78:ac:8b:08:c9:e5:dc:
+         d6:68:7b:8b:67:88:42:d2:0b:24:96:5b:24:b4:ea:a5:10:be:
+         59:23:57:f7:ee:52:ce:2d:79:f0:9c:a6:e1:3a:de:fe:46:8b:
+         af:a1:80:2e:08:34:ab:59:55:02:22:39:63:6b:ff:4c:ca:fa:
+         ba:f8:43:86:a3:7c:95:bb:5e:e8:85:17:02:ce:4f:7a:17:c9:
+         71:0f:13:13:c7:5b:cf:22:92:6a:a4:7f:ae:67:b4:78:6e:6b:
+         1b:10:81:10:b7:a0:c4:c6:d2:3b:c2:b1:1e:3f:b1:0b:a0:fa:
+         8e:36:0b:55:8c:8a:b9:8e:fb:85:e5:48:b5:9f:00:c9:52:e3:
+         91:4c:e5:ba:05:03:55:4c:1c:d0:ea:c5:36:40:5b:36:b6:cc:
+         7e:b9:c1:57:12:9a:e6:7f:41:69:6f:7a:24:5c:b8:66:c0:b6:
+         91:09:50:bc:75:2a:eb:28:9b:0a:4e:cb:fc:47:65:f5:3d:75:
+         80:89:83:7e:50:95:fb:07:19:1a:e4:cd:fd:5e:ce:4b:89:4c:
+         24:0c:c9:be:67:03:9f:65:63:b2:3f:24:39:40:76:cb:6a:3b:
+         86:7c:7b:9a:b6:b1:fe:7c:51:5b:ec:91:ff:ad:ff:3c:9d:00:
+         70:3b:af:30:e3:78:56:55:a8:77:2d:95:f1:a0:fc:e1:2e:f3:
+         9b:b0:3c:bd:52:dc:1b:cd:99:83:37:bc:2d:03:e4:4a:ec:f0:
+         88:7c:48:33:2b:99:1e:78:bf:d0:30:4f:e2:0e:c7:04:13:52:
+         9d:cb:33:ee:b7:98:e0:8e:f2:64:20:64:71:d5:24:67:9c:a4:
+         52:e6:3a:de:bd:d1:1d:2b:d7:60:d7:3b:53:59:bf:33:60:47:
+         bd:26:9a:de:46:25:63:cf:77:f3:69:38:6d:d2:1c:37:a5:61:
+         6e:27:4e:52:6f:8b:11:4c:6c:ba:0e:b6:ad:c7:23:cf:0c:be:
+         c8:18:a9:7d:46:8c:6d:64:4e:d2:06:b0:9c:9c:6e:14:58:4a:
+         a5:32:36:a5:0c:58:94:d8:8f:d8:e7:5e:69:0b:3f:30:68:5e:
+         ea:b4:3f:7b:2a:20:7a:3b:b2:af:27:4f:3f:0d:fe:1a:5a:61:
+         ed:05:2d:6b:65:8e:bf:86:b0:1c:51:0a:14:35:e7:31:6e:c6:
+         fa:86:7c:d2:97:ae:73:e3
+-----BEGIN CERTIFICATE-----
+MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tV
+QlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
+b29wZW4uZGUwHhcNMTcwODA5MTU1MDQxWhcNMzcwODA5MTU1MDQxWjCBrTELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGjAYBgNVBAMT
+EUhPTUUtQ0tVQlUtc2VydmVyMRMwEQYDVQQpEwpIT01FLUNLVUJVMR8wHQYJKoZI
+hvcNAQkBFhBzdXBwb3J0QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA1WyQxRYRJFdhfWBfSPYFp0HkCXQ5Y9UrXkR0IOHs0FdtHuvl0HfD
+qlLFAG7eaX2vQ9LI1/5sOKZ29Y6OcOljtlhxmi+V/BtlcylHtIKQJVI0Wfm5mx31
+6PcYoQiGisllFa4FCcbLjOvkzAHWoYJUWNFedczwe/73BJJyYg23f/20i/iOCKxX
+2myr4Q1zpWJV9piJpZ8ZT261FwN953iwFSkVr333VwDvEEoVffyOuEzaBGcSb3Ef
+mcA25c83NT3ssQg/MsVRU5xhAs/aA1a8dgzFlJT0vxKOXGUfPwuNICDuEtRjbJS2
+0gDxj1Nv2/xx1lYdJ638z1Wx1/poTeaxkY8t1Iv2ICbx1+WZoONCUyHK+WMoa+Qk
+f8pdMwNTinGU5kvccHkvHv2ArU4galLsLXrKBERiz26wR39d1DnDO6bCjjEea/Fy
+ic7m1WHezb0wKyz+2weN9S8c6xNH8bo6vBZZK8zwDZCOY8xnhh8TlIeXEcP1RIXc
+wOMUsd/TC6V3NEXGJZqP+fNbxcaD8u18NfkVLl9yFw76O34xKnYo2S99KJju+Ugp
+Pt37mdMwiAaat2rHN6aSVtu+0WTebrYVIPlWWae+8KWWpOQGsT7B3xGpiMgQLV4O
+UwgpD+WiV1i86bvhZHFQNVuqsASHM9Qxpto+FZ/WLMY5rPT+4UiBpS0CAwEAAaOC
+AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
+DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBTo4e1qEx8p0BXvs8FXfS5MSeDL+zCB2wYDVR0jBIHTMIHQgBRdoFd3+cnN
+3oipvtD78PyKGbWd8KGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
+cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsT
+EE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tVQlUxEzARBgNVBCkT
+CkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4uZGWCCQCS
+RcjUalmFNzATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
+BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQCWmChdX2RmxkOSEZCBavPa
+MK302T8XGdGYSqB40oofH50nuLZEvI2khgRqqRqjuAD3txm+BmXhIL7UPnmbFzaQ
+lnisiwjJ5dzWaHuLZ4hC0gskllsktOqlEL5ZI1f37lLOLXnwnKbhOt7+RouvoYAu
+CDSrWVUCIjlja/9Myvq6+EOGo3yVu17ohRcCzk96F8lxDxMTx1vPIpJqpH+uZ7R4
+bmsbEIEQt6DExtI7wrEeP7ELoPqONgtVjIq5jvuF5Ui1nwDJUuORTOW6BQNVTBzQ
+6sU2QFs2tsx+ucFXEprmf0Fpb3okXLhmwLaRCVC8dSrrKJsKTsv8R2X1PXWAiYN+
+UJX7Bxka5M39Xs5LiUwkDMm+ZwOfZWOyPyQ5QHbLajuGfHuatrH+fFFb7JH/rf88
+nQBwO68w43hWVah3LZXxoPzhLvObsDy9UtwbzZmDN7wtA+RK7PCIfEgzK5keeL/Q
+ME/iDscEE1KdyzPut5jgjvJkIGRx1SRnnKRS5jrevdEdK9dg1ztTWb8zYEe9Jpre
+RiVjz3fzaTht0hw3pWFuJ05Sb4sRTGy6DratxyPPDL7IGKl9RoxtZE7SBrCcnG4U
+WEqlMjalDFiU2I/Y515pCz8waF7qtD97KiB6O7KvJ08/Df4aWmHtBS1rZY6/hrAc
+UQoUNecxbsb6hnzSl65z4w==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/home-ckubu/keys/02.pem b/CKUBU/openvpn/home-ckubu/keys/02.pem
new file mode 100644
index 0000000..c60f1ca
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/02.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=HOME-CKUBU/name=HOME-CKUBU/emailAddress=support@oopen.de
+        Validity
+            Not Before: Aug  9 15:53:25 2017 GMT
+            Not After : Aug  9 15:53:25 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=HOME-CKUBU-chris/name=HOME-CKUBU/emailAddress=support@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c0:e4:3a:c6:c4:a3:ab:20:39:06:e9:b3:78:d6:
+                    48:62:91:39:d5:11:69:a0:df:9a:85:03:53:a4:6d:
+                    ec:d5:83:c7:b4:b6:e8:40:84:3a:a1:ba:05:94:6d:
+                    b2:89:02:3f:ca:23:04:12:d7:3f:fc:c8:d7:e4:6f:
+                    91:8a:34:42:58:0a:75:2f:ba:f9:f1:73:f0:0a:27:
+                    57:39:0e:b8:a3:79:19:b9:3c:7c:97:b3:bb:27:44:
+                    59:be:10:e0:79:1b:e7:33:72:de:49:11:f4:d4:91:
+                    5b:1f:b5:26:5b:a0:b8:50:f8:61:12:34:1e:03:26:
+                    3e:dc:65:7e:44:6f:70:90:42:6e:b4:6b:87:01:33:
+                    31:1a:af:d5:bb:2f:25:81:40:41:dc:b9:8d:e8:23:
+                    ab:3f:47:d8:3b:d9:01:89:68:d4:16:26:49:41:4f:
+                    84:ce:72:7c:f7:9e:fb:39:fd:26:2f:bf:15:6c:ca:
+                    4a:83:0f:c8:a2:f5:2c:ea:03:7c:ee:bc:1a:13:50:
+                    71:5a:c3:b6:1f:a0:19:1c:95:0e:73:89:5d:22:35:
+                    85:17:6f:dd:fb:0c:0a:db:be:78:4d:6c:3c:5b:f4:
+                    48:c1:0a:62:71:67:c5:21:af:25:48:c8:b9:d2:be:
+                    d2:e0:6a:bd:c8:fd:e1:c5:78:91:21:c7:07:61:98:
+                    db:98:47:5b:4b:2a:39:15:2c:56:fa:ad:35:99:8a:
+                    2c:d1:51:25:27:89:d3:47:5d:bb:b5:2b:f1:5b:3a:
+                    cb:ab:77:76:51:2c:cb:6d:64:d4:dc:d6:43:5d:5f:
+                    2d:c9:0d:44:e8:cb:da:d9:39:4a:68:45:b7:d8:d5:
+                    49:c2:34:dd:ad:58:d0:7e:53:ac:18:80:05:27:57:
+                    56:d9:85:69:d4:75:7d:6c:b4:ff:7a:1b:79:08:8d:
+                    f7:f5:2e:f7:dc:85:e7:af:81:a2:c3:34:50:c0:b6:
+                    04:70:62:36:b0:3f:fb:97:77:26:e6:40:02:0e:e9:
+                    44:2b:8c:b7:c0:db:de:7c:b0:61:0a:5a:b0:75:3e:
+                    0c:bc:92:6b:d7:13:7c:46:6a:33:43:4c:fd:d4:34:
+                    52:09:b1:ce:bf:9c:4e:c3:68:0f:15:4e:e5:56:d3:
+                    2a:60:35:2c:12:ba:f2:38:1c:99:db:c5:5f:58:0c:
+                    2a:33:a2:33:95:8c:de:08:0b:2a:83:b4:16:9b:29:
+                    bb:99:e8:2d:a5:be:b3:2c:28:ca:ef:51:39:1d:55:
+                    e8:b9:60:91:0b:1c:7e:9f:a9:3d:16:be:0b:7e:62:
+                    31:a6:bb:d2:ee:1b:8e:2f:da:52:96:ab:0d:28:c6:
+                    c9:e7:84:49:5c:98:cc:ae:8a:6a:d6:89:61:f4:16:
+                    c7:e5:25
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                99:DD:A2:B9:F8:3A:D0:23:A2:6A:77:F4:6B:F3:97:49:DB:93:1E:7F
+            X509v3 Authority Key Identifier: 
+                keyid:5D:A0:57:77:F9:C9:CD:DE:88:A9:BE:D0:FB:F0:FC:8A:19:B5:9D:F0
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=HOME-CKUBU/name=HOME-CKUBU/emailAddress=support@oopen.de
+                serial:92:45:C8:D4:6A:59:85:37
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         a8:7c:76:86:8b:02:dc:9d:9b:b3:c4:70:2e:d0:00:fe:54:73:
+         74:cd:a8:2a:5f:34:20:c0:a5:f8:cb:a6:5e:eb:74:aa:e0:02:
+         79:9e:57:d9:10:dc:85:6a:00:07:b2:97:6b:ee:72:d1:1b:72:
+         c5:fc:fe:83:58:10:91:6e:50:8c:0d:7f:89:85:0d:da:75:21:
+         fa:bc:fe:27:82:c3:62:8b:0d:4d:f3:60:7f:2c:29:00:d3:64:
+         7c:13:c3:ac:6e:5e:87:2e:55:0e:66:73:0c:23:3f:b1:11:99:
+         85:d4:9e:79:c7:00:e8:12:be:38:17:04:1b:4d:57:cb:40:60:
+         60:8b:0e:48:c6:bd:c5:19:d2:83:55:06:00:31:5e:87:b0:86:
+         67:7e:d4:ea:33:af:d2:34:60:7d:44:84:40:c4:09:54:db:8a:
+         f6:f4:4a:8f:b6:65:b1:23:98:e5:e1:4a:52:5d:81:d8:b6:30:
+         ef:7a:76:c1:0e:b8:c8:c7:28:c5:53:a8:18:4c:36:d0:4e:1d:
+         7b:43:6d:f6:42:d8:dc:33:3b:94:5c:01:5f:45:79:69:07:8f:
+         aa:1a:58:81:25:ed:14:e2:c3:9d:a0:31:3c:a0:6f:1e:9e:cd:
+         94:ff:d9:f2:aa:ed:3a:d8:f1:fb:91:58:b9:90:ef:bf:93:c0:
+         89:13:da:8c:ab:ec:38:c9:f6:cf:a4:63:70:14:ed:72:80:64:
+         74:d4:6e:11:a5:a8:ab:16:52:25:7f:df:ee:5f:4b:5b:ff:e2:
+         18:ed:b8:00:37:24:f3:93:a0:17:04:9f:d6:00:47:67:63:6a:
+         f6:08:44:cf:36:61:b4:41:c8:7b:eb:25:99:02:12:77:ce:b3:
+         9e:d6:bf:95:d9:18:a2:ca:27:8a:61:d6:29:13:fa:52:c1:55:
+         cc:d9:54:1d:78:12:5c:fa:57:3d:3f:08:79:53:d9:0e:bf:32:
+         d1:0d:a4:bc:89:a2:9e:ae:54:24:e6:a4:88:8a:71:f1:7e:92:
+         e4:77:fd:ff:29:75:73:b3:19:cd:67:3b:04:f7:83:be:40:f8:
+         3e:f4:9d:66:97:50:b6:54:06:54:4a:27:71:59:0a:8f:84:73:
+         1e:f7:61:18:54:f3:67:eb:0c:bf:7e:8d:88:b0:ba:2f:08:7c:
+         38:e6:01:02:2a:16:2b:dc:1d:82:e2:cd:9b:69:26:1a:ea:6b:
+         ba:06:ec:c6:3c:d2:57:ec:1d:33:e7:51:4f:e3:91:d4:41:60:
+         1c:c6:93:7c:ab:15:7a:44:28:dd:64:eb:55:d5:93:72:2f:f6:
+         50:c0:fc:e6:bd:fd:0f:39:79:29:a3:f1:ae:3d:65:0f:86:2e:
+         c4:da:3b:1e:de:06:2f:23
+-----BEGIN CERTIFICATE-----
+MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tV
+QlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
+b29wZW4uZGUwHhcNMTcwODA5MTU1MzI1WhcNMzcwODA5MTU1MzI1WjCBrDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMT
+EEhPTUUtQ0tVQlUtY2hyaXMxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG
+9w0BCQEWEHN1cHBvcnRAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDA5DrGxKOrIDkG6bN41khikTnVEWmg35qFA1OkbezVg8e0tuhAhDqh
+ugWUbbKJAj/KIwQS1z/8yNfkb5GKNEJYCnUvuvnxc/AKJ1c5DrijeRm5PHyXs7sn
+RFm+EOB5G+czct5JEfTUkVsftSZboLhQ+GESNB4DJj7cZX5Eb3CQQm60a4cBMzEa
+r9W7LyWBQEHcuY3oI6s/R9g72QGJaNQWJklBT4TOcnz3nvs5/SYvvxVsykqDD8ii
+9SzqA3zuvBoTUHFaw7YfoBkclQ5ziV0iNYUXb937DArbvnhNbDxb9EjBCmJxZ8Uh
+ryVIyLnSvtLgar3I/eHFeJEhxwdhmNuYR1tLKjkVLFb6rTWZiizRUSUnidNHXbu1
+K/FbOsurd3ZRLMttZNTc1kNdXy3JDUToy9rZOUpoRbfY1UnCNN2tWNB+U6wYgAUn
+V1bZhWnUdX1stP96G3kIjff1LvfcheevgaLDNFDAtgRwYjawP/uXdybmQAIO6UQr
+jLfA2958sGEKWrB1Pgy8kmvXE3xGajNDTP3UNFIJsc6/nE7DaA8VTuVW0ypgNSwS
+uvI4HJnbxV9YDCozojOVjN4ICyqDtBabKbuZ6C2lvrMsKMrvUTkdVei5YJELHH6f
+qT0Wvgt+YjGmu9LuG44v2lKWqw0oxsnnhElcmMyuimrWiWH0FsflJQIDAQABo4IB
+bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
+dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSZ3aK5+DrQI6Jqd/Rr85dJ25MefzCB
+2wYDVR0jBIHTMIHQgBRdoFd3+cnN3oipvtD78PyKGbWd8KGBrKSBqTCBpjELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMT
+CkhPTUUtQ0tVQlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEW
+EHN1cHBvcnRAb29wZW4uZGWCCQCSRcjUalmFNzATBgNVHSUEDDAKBggrBgEFBQcD
+AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
+ggIBAKh8doaLAtydm7PEcC7QAP5Uc3TNqCpfNCDApfjLpl7rdKrgAnmeV9kQ3IVq
+AAeyl2vuctEbcsX8/oNYEJFuUIwNf4mFDdp1Ifq8/ieCw2KLDU3zYH8sKQDTZHwT
+w6xuXocuVQ5mcwwjP7ERmYXUnnnHAOgSvjgXBBtNV8tAYGCLDkjGvcUZ0oNVBgAx
+Xoewhmd+1Oozr9I0YH1EhEDECVTbivb0So+2ZbEjmOXhSlJdgdi2MO96dsEOuMjH
+KMVTqBhMNtBOHXtDbfZC2NwzO5RcAV9FeWkHj6oaWIEl7RTiw52gMTygbx6ezZT/
+2fKq7TrY8fuRWLmQ77+TwIkT2oyr7DjJ9s+kY3AU7XKAZHTUbhGlqKsWUiV/3+5f
+S1v/4hjtuAA3JPOToBcEn9YAR2djavYIRM82YbRByHvrJZkCEnfOs57Wv5XZGKLK
+J4ph1ikT+lLBVczZVB14Elz6Vz0/CHlT2Q6/MtENpLyJop6uVCTmpIiKcfF+kuR3
+/f8pdXOzGc1nOwT3g75A+D70nWaXULZUBlRKJ3FZCo+Ecx73YRhU82frDL9+jYiw
+ui8IfDjmAQIqFivcHYLizZtpJhrqa7oG7MY80lfsHTPnUU/jkdRBYBzGk3yrFXpE
+KN1k61XVk3Iv9lDA/Oa9/Q85eSmj8a49ZQ+GLsTaOx7eBi8j
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/home-ckubu/keys/ca.crt b/CKUBU/openvpn/home-ckubu/keys/ca.crt
new file mode 100644
index 0000000..0766315
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/ca.crt
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIG4jCCBMqgAwIBAgIJAJJFyNRqWYU3MA0GCSqGSIb3DQEBCwUAMIGmMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczETMBEGA1UEAxMK
+SE9NRS1DS1VCVTETMBEGA1UEKRMKSE9NRS1DS1VCVTEfMB0GCSqGSIb3DQEJARYQ
+c3VwcG9ydEBvb3Blbi5kZTAeFw0xNzA4MDkxNDAxNDRaFw00OTA4MDkxNDAxNDRa
+MIGmMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJs
+aW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczET
+MBEGA1UEAxMKSE9NRS1DS1VCVTETMBEGA1UEKRMKSE9NRS1DS1VCVTEfMB0GCSqG
+SIb3DQEJARYQc3VwcG9ydEBvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBALae3zg7UYlmziw+LCYVg65H+lKNOcj/JArsL2MOnYEcmrePLI4e
+GWRppLVpxKeG9kIpfVglfqRDdEY9eOFguJs+MsKwwRi2LzY1rCjDazCjTnQ0L0Zj
+1RqJT1LqaEkzLv0cAWxza67K/n6vMaXxQ59jNAW/bOik1SogHiwrT78f2e+Zu3K8
+tqkuuDwtwbU0jzL+m+IuHNVl1CTcAIZRmFbdxpWfi5pocrbOIlCwXbUP8ltp/E/t
+xLKQqBP3ccgFwPuCGZBymUcpRdMgiDwifYnZK3H4STLSDN4b6K1PclKh46QuxDv2
+egap+vctIKJRLguAPqRVjSoYK5UXUcZC+R6t8rHvxDGLwvk3IPeEI9z5bCvnm8cw
+0e4/dr1EDjtwHXtw8X6DDf2biNmq4edCRxrgyQKwSOAsC4MhzFNPM112N1nJNrpR
+nXNCKRNGF4MdI/zFqRLraafk0eT6yP9/6lmoQDJsjhUH/ziOB+cPS4XmUI/XwMF5
+c56mD49gdG4ZivDtJeGcdZ4TSbD/lvc3yI1ECgouFPcBAJHwendA29xYMmuj4oCP
+stW7N8HARZWzfwIdbB/HHupHIZ1HV4ACY0H7Sju6SMFxWi09dl92BYG9rhMW/M6A
++k7WxW0IEqZyQgen3fTRw97GJXaLM+anwwl89c6trOaME1ql/w91lAInAgMBAAGj
+ggEPMIIBCzAdBgNVHQ4EFgQUXaBXd/nJzd6Iqb7Q+/D8ihm1nfAwgdsGA1UdIwSB
+0zCB0IAUXaBXd/nJzd6Iqb7Q+/D8ihm1nfChgaykgakwgaYxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5P
+UEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRMwEQYDVQQDEwpIT01FLUNL
+VUJVMRMwEQYDVQQpEwpIT01FLUNLVUJVMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0
+QG9vcGVuLmRlggkAkkXI1GpZhTcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsF
+AAOCAgEAquNynEChfqP/lTY48YE3xhDycq0YF0WimD5NzKPgrCIP/1x3lyufzoiz
+8DrqVZ61LKdJUJMcWRmyqiXS3WZFX9X7ktZvmf37E7JUvorSuF21PMm9Oj0yUsUX
+y0AFUiH3fpNhCMxYiCqS85wWBy1+/6np1RodihGTPcLwAGLIVGEklyffyamQ2i2E
+TZwZrZJrmLyzsdn4PT3vJyfAUUbcpgf32zjEZCCozlSdisZi8cn2pL7y1pcXA5Oi
+gvLhDNntYTKcE1JjWqa/989JJgvvYD2fgCo+DkPw6i/Dic0UAZypHLKqiCc4f3Pc
+GqtaY7nxQjMSGVnMjEn2yzyFtXep4lXn16Nh8ZnGbEk3dqCIBS2xzjcUs6YRdyMb
+b2JIflNuI4Wrqx5CTyMM7lSNapZRPiP7Qw4xyq+og1TABJuc+9A3Pj/R/oztoHim
+9p1zCM4m3tEBUCkYxet87BojVn4MQ37pees1Xi4oAFHqU5mCwpakO6rVOt4Y4vyZ
+K4eF0w3NoRl+z4tbDFh+RjUj5tChKcMxaSitCsD0GGvd0nlO550tbxjMZlchpLhP
+xG+rcU6098AdwAIjESyYfowVhHT+BDTefXphSYMz0ImaiBzbGwEmpce7sD1bYFSn
+Wer/Kh24vsIIxcO2PNEKvQbO/I7YD4Yjk4pVGTUgD54LLX7k+7U=
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/home-ckubu/keys/ca.key b/CKUBU/openvpn/home-ckubu/keys/ca.key
new file mode 100644
index 0000000..299fe80
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC2nt84O1GJZs4s
+PiwmFYOuR/pSjTnI/yQK7C9jDp2BHJq3jyyOHhlkaaS1acSnhvZCKX1YJX6kQ3RG
+PXjhYLibPjLCsMEYti82Nawow2swo050NC9GY9UaiU9S6mhJMy79HAFsc2uuyv5+
+rzGl8UOfYzQFv2zopNUqIB4sK0+/H9nvmbtyvLapLrg8LcG1NI8y/pviLhzVZdQk
+3ACGUZhW3caVn4uaaHK2ziJQsF21D/JbafxP7cSykKgT93HIBcD7ghmQcplHKUXT
+IIg8In2J2Stx+Eky0gzeG+itT3JSoeOkLsQ79noGqfr3LSCiUS4LgD6kVY0qGCuV
+F1HGQvkerfKx78Qxi8L5NyD3hCPc+Wwr55vHMNHuP3a9RA47cB17cPF+gw39m4jZ
+quHnQkca4MkCsEjgLAuDIcxTTzNddjdZyTa6UZ1zQikTRheDHSP8xakS62mn5NHk
++sj/f+pZqEAybI4VB/84jgfnD0uF5lCP18DBeXOepg+PYHRuGYrw7SXhnHWeE0mw
+/5b3N8iNRAoKLhT3AQCR8Hp3QNvcWDJro+KAj7LVuzfBwEWVs38CHWwfxx7qRyGd
+R1eAAmNB+0o7ukjBcVotPXZfdgWBva4TFvzOgPpO1sVtCBKmckIHp9300cPexiV2
+izPmp8MJfPXOrazmjBNapf8PdZQCJwIDAQABAoICAASeBbTNQyV/NO1HcSRRXO/2
+H+0gZvqfANFJ4XTWtMLD72F+vDinqCqyxRhVIUS/E9Deba3h3M7YacMw4LKKGIDM
+VMo5X9h5Gr57Iuww7K/hISWtABj+gy/VkuzcwmA/bAu4Poz4ahuURFT9pvq0G+qW
+voT6rw0+xaj4AOtK+QwzCPaW43dmMBQc+0mCOqiTOJ+oclaIpe/7UB7SdSzwOTLR
+DqlPzF7OD0Bx+8oge24Nhiorhtaag2OkZquCkRzmkFeLlYviad+zunE5HFiw4o2u
+sPuDtI4VY3/mIr7nCFPwhenryMhfVfx/JbpEKNQRy2E9D9hl1VjgHZH6cfXaUaQa
+7gRjlL4/UA7gZLQlpe8JhVYz4sNOCsxopyjpAnfoFegfb20Dxu8vzGQ3vhzqKhKA
+gfFuVX+yZL5DdrWCcpXMJIdZyN/A0G/SnKfCLUQ86MMajnzG2AbI5IumSXRFm1rN
+A9KmdHqTD0/tS3DNdNo4lfcRVUXbM4H328rdj1Mq09IJN6xtNPEHbDit3Q+/7E+I
+bFAGLmxXtR87FjY/N7TW1SgZUM3UY6ASJ10QFMyrJrVVHhdnKLs3cIpGz40TsSaf
+5l0aSXGqAprIGkNExxpwztdO2QsCZaNpg3NzzwCSnofweqlRfaRsPAriiNoA6K06
+Yvp3kIB3038+502k955JAoIBAQDyvXB/1xMxUQOAI9X/ltVR+jDIETNVKOUFicDf
+CMsQV3In23N9SKEUEpucgbsLJvN04kKOIZKE6E9J9a/J9ftaZJSyg0Ge+/rKK8c0
+K6w891I08dowYtw42X3U24HvJv9U9AP/OGTQv6DzM2TJqCCYK8BxymWsBcMxd8dR
+jhoIjuxv/H+osg8tXsS/2eHuwyNf0qkh/ln7kgdzVHgu5hB34LVe8Cu7/eSMwlcF
++yYQJsqBwV9aA1ozK8UairULyZifoRTBfvETYRiwEqn9AkYwj8gA7MaAOb2TUFec
+XNRSpR3g8gv2JsvN6XiwSxnl9QePWFTErV8FONT4eXLbUHfrAoIBAQDAmLOsATrF
+nkVdcifMOX8CYrqCbJNst1Wh0FEv0OxZUEcvgm4F7u0tw8wEb9RrMVrHcuNQ0nrv
+1lECyuazuny5W+LbphoKM174JbfHmtHACg6hJ8w5IDC5g9Q/jtpA8kG0EfzyBuQL
+FH1mtUkf1wwX4wxgz7SQgF7gATDAinID2qrgFYHzjXK5OsgVcl3mmQqbyBKkMqaU
+bGM28FWtFNdhUvVin/ZmaGU9/uKMRa9z2ye4zR+2Kd92aXOLOUQ0hJnmjfXlZFFN
+F2TH78eK4G/wanEj6b0BHZqCg012dGj4WttoRvBnl9WnXGrXFnKRfzGA0WjU6yGC
+OV8lewV2sGu1AoIBAHXxK89BzjaBGYVSZDEqtX1+ZeNf0CRJmXWmaAs2d4v6ISJS
+k3vFJVbeb7OMqTgS9enN4e6zS0C+q3/RG1ey6C0Uf9d4xRKddk5zFPg5XBfHR68n
+8A7gigYpTuV0vl5YAWniomqImRuAcJCaYRdGVIf7gicH43zA1AWeID91HxsXbrQ+
+6DwsQAmYaVqaYBelwvNVJQ66SjhczLfxy+9lo4zLpvR5F5bhFwJ5jtT+IZFpd62y
+KkVPKa2BT+TEjpEqo7i0CKS3rCTxYZBzkRq41yfTRKeGZDB7XaxNNjRoOlXpmmno
+0X0Jfq8PCLAH3Y6JDuJMVeu2HVwpL/mG8RK0t38CggEBAIhPi1rBxAb57b4lfWVd
+jDb0CW0ly3G2kDTma4+cHqtX1goaFiS85cDuQwcg3wa+97ER7zDUx43X8Z44XO/3
+nS7TicxL00JE+YJHr7rmKG3ysEf/EtubnOCwHRie0noE+9umn4/ssJnm9poq1IZk
+fXqqh6g9WV6sfHmuXgLn+aogqa/PiRoHkprmr5X+S9dZmdiH0inEb4G89Lt9fiXy
+Cj4nqOUUsh/o4z7tlwoQiA1HnuV8yGT1XeNA3zY6YbuJ3iL/dnnUdnZJiFq5qlDw
+aEmQDGOOmuafPSwCImEkIucj5wX2r0+iduTs0/FHQe8YRsEVdUy83gp88Ipmd4d5
+dcECggEBAOwamiapuqbq5pG35i6ratzhsOO29siwSgzcHZJNJ2y2vhOeaovnckKb
+HCPoBx4s+g3f0HqtRL4LqriprpAoDm9S8w+rUxYdSBsRG11c2A5M6pSDlMaSj9Q/
+rSX7js4CBiCnU9d5zVx3hpV2tC3Hbwv7p6qZHjMZCWIhbdAgnCmJInPJ3a/dnFLR
+x3gbHFpJogaVdqj+wMl8KPBTpxynXacRhrmL0vTSluTR/JNBI9lzHjUTkIWAL7fu
+y3TpsfLzzFOx64984sCWjjD8f0x0WnLxs6pn2n+OFSlEiRAtd+enek9dWR2mn7Bl
+fcz/AV/tpNScYj3viev/6L6UZt6LKss=
+-----END PRIVATE KEY-----
diff --git a/CKUBU/openvpn/home-ckubu/keys/chris.crt b/CKUBU/openvpn/home-ckubu/keys/chris.crt
new file mode 100644
index 0000000..c60f1ca
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/chris.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=HOME-CKUBU/name=HOME-CKUBU/emailAddress=support@oopen.de
+        Validity
+            Not Before: Aug  9 15:53:25 2017 GMT
+            Not After : Aug  9 15:53:25 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=HOME-CKUBU-chris/name=HOME-CKUBU/emailAddress=support@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c0:e4:3a:c6:c4:a3:ab:20:39:06:e9:b3:78:d6:
+                    48:62:91:39:d5:11:69:a0:df:9a:85:03:53:a4:6d:
+                    ec:d5:83:c7:b4:b6:e8:40:84:3a:a1:ba:05:94:6d:
+                    b2:89:02:3f:ca:23:04:12:d7:3f:fc:c8:d7:e4:6f:
+                    91:8a:34:42:58:0a:75:2f:ba:f9:f1:73:f0:0a:27:
+                    57:39:0e:b8:a3:79:19:b9:3c:7c:97:b3:bb:27:44:
+                    59:be:10:e0:79:1b:e7:33:72:de:49:11:f4:d4:91:
+                    5b:1f:b5:26:5b:a0:b8:50:f8:61:12:34:1e:03:26:
+                    3e:dc:65:7e:44:6f:70:90:42:6e:b4:6b:87:01:33:
+                    31:1a:af:d5:bb:2f:25:81:40:41:dc:b9:8d:e8:23:
+                    ab:3f:47:d8:3b:d9:01:89:68:d4:16:26:49:41:4f:
+                    84:ce:72:7c:f7:9e:fb:39:fd:26:2f:bf:15:6c:ca:
+                    4a:83:0f:c8:a2:f5:2c:ea:03:7c:ee:bc:1a:13:50:
+                    71:5a:c3:b6:1f:a0:19:1c:95:0e:73:89:5d:22:35:
+                    85:17:6f:dd:fb:0c:0a:db:be:78:4d:6c:3c:5b:f4:
+                    48:c1:0a:62:71:67:c5:21:af:25:48:c8:b9:d2:be:
+                    d2:e0:6a:bd:c8:fd:e1:c5:78:91:21:c7:07:61:98:
+                    db:98:47:5b:4b:2a:39:15:2c:56:fa:ad:35:99:8a:
+                    2c:d1:51:25:27:89:d3:47:5d:bb:b5:2b:f1:5b:3a:
+                    cb:ab:77:76:51:2c:cb:6d:64:d4:dc:d6:43:5d:5f:
+                    2d:c9:0d:44:e8:cb:da:d9:39:4a:68:45:b7:d8:d5:
+                    49:c2:34:dd:ad:58:d0:7e:53:ac:18:80:05:27:57:
+                    56:d9:85:69:d4:75:7d:6c:b4:ff:7a:1b:79:08:8d:
+                    f7:f5:2e:f7:dc:85:e7:af:81:a2:c3:34:50:c0:b6:
+                    04:70:62:36:b0:3f:fb:97:77:26:e6:40:02:0e:e9:
+                    44:2b:8c:b7:c0:db:de:7c:b0:61:0a:5a:b0:75:3e:
+                    0c:bc:92:6b:d7:13:7c:46:6a:33:43:4c:fd:d4:34:
+                    52:09:b1:ce:bf:9c:4e:c3:68:0f:15:4e:e5:56:d3:
+                    2a:60:35:2c:12:ba:f2:38:1c:99:db:c5:5f:58:0c:
+                    2a:33:a2:33:95:8c:de:08:0b:2a:83:b4:16:9b:29:
+                    bb:99:e8:2d:a5:be:b3:2c:28:ca:ef:51:39:1d:55:
+                    e8:b9:60:91:0b:1c:7e:9f:a9:3d:16:be:0b:7e:62:
+                    31:a6:bb:d2:ee:1b:8e:2f:da:52:96:ab:0d:28:c6:
+                    c9:e7:84:49:5c:98:cc:ae:8a:6a:d6:89:61:f4:16:
+                    c7:e5:25
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                99:DD:A2:B9:F8:3A:D0:23:A2:6A:77:F4:6B:F3:97:49:DB:93:1E:7F
+            X509v3 Authority Key Identifier: 
+                keyid:5D:A0:57:77:F9:C9:CD:DE:88:A9:BE:D0:FB:F0:FC:8A:19:B5:9D:F0
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=HOME-CKUBU/name=HOME-CKUBU/emailAddress=support@oopen.de
+                serial:92:45:C8:D4:6A:59:85:37
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         a8:7c:76:86:8b:02:dc:9d:9b:b3:c4:70:2e:d0:00:fe:54:73:
+         74:cd:a8:2a:5f:34:20:c0:a5:f8:cb:a6:5e:eb:74:aa:e0:02:
+         79:9e:57:d9:10:dc:85:6a:00:07:b2:97:6b:ee:72:d1:1b:72:
+         c5:fc:fe:83:58:10:91:6e:50:8c:0d:7f:89:85:0d:da:75:21:
+         fa:bc:fe:27:82:c3:62:8b:0d:4d:f3:60:7f:2c:29:00:d3:64:
+         7c:13:c3:ac:6e:5e:87:2e:55:0e:66:73:0c:23:3f:b1:11:99:
+         85:d4:9e:79:c7:00:e8:12:be:38:17:04:1b:4d:57:cb:40:60:
+         60:8b:0e:48:c6:bd:c5:19:d2:83:55:06:00:31:5e:87:b0:86:
+         67:7e:d4:ea:33:af:d2:34:60:7d:44:84:40:c4:09:54:db:8a:
+         f6:f4:4a:8f:b6:65:b1:23:98:e5:e1:4a:52:5d:81:d8:b6:30:
+         ef:7a:76:c1:0e:b8:c8:c7:28:c5:53:a8:18:4c:36:d0:4e:1d:
+         7b:43:6d:f6:42:d8:dc:33:3b:94:5c:01:5f:45:79:69:07:8f:
+         aa:1a:58:81:25:ed:14:e2:c3:9d:a0:31:3c:a0:6f:1e:9e:cd:
+         94:ff:d9:f2:aa:ed:3a:d8:f1:fb:91:58:b9:90:ef:bf:93:c0:
+         89:13:da:8c:ab:ec:38:c9:f6:cf:a4:63:70:14:ed:72:80:64:
+         74:d4:6e:11:a5:a8:ab:16:52:25:7f:df:ee:5f:4b:5b:ff:e2:
+         18:ed:b8:00:37:24:f3:93:a0:17:04:9f:d6:00:47:67:63:6a:
+         f6:08:44:cf:36:61:b4:41:c8:7b:eb:25:99:02:12:77:ce:b3:
+         9e:d6:bf:95:d9:18:a2:ca:27:8a:61:d6:29:13:fa:52:c1:55:
+         cc:d9:54:1d:78:12:5c:fa:57:3d:3f:08:79:53:d9:0e:bf:32:
+         d1:0d:a4:bc:89:a2:9e:ae:54:24:e6:a4:88:8a:71:f1:7e:92:
+         e4:77:fd:ff:29:75:73:b3:19:cd:67:3b:04:f7:83:be:40:f8:
+         3e:f4:9d:66:97:50:b6:54:06:54:4a:27:71:59:0a:8f:84:73:
+         1e:f7:61:18:54:f3:67:eb:0c:bf:7e:8d:88:b0:ba:2f:08:7c:
+         38:e6:01:02:2a:16:2b:dc:1d:82:e2:cd:9b:69:26:1a:ea:6b:
+         ba:06:ec:c6:3c:d2:57:ec:1d:33:e7:51:4f:e3:91:d4:41:60:
+         1c:c6:93:7c:ab:15:7a:44:28:dd:64:eb:55:d5:93:72:2f:f6:
+         50:c0:fc:e6:bd:fd:0f:39:79:29:a3:f1:ae:3d:65:0f:86:2e:
+         c4:da:3b:1e:de:06:2f:23
+-----BEGIN CERTIFICATE-----
+MIIHQDCCBSigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tV
+QlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
+b29wZW4uZGUwHhcNMTcwODA5MTU1MzI1WhcNMzcwODA5MTU1MzI1WjCBrDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMT
+EEhPTUUtQ0tVQlUtY2hyaXMxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG
+9w0BCQEWEHN1cHBvcnRAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDA5DrGxKOrIDkG6bN41khikTnVEWmg35qFA1OkbezVg8e0tuhAhDqh
+ugWUbbKJAj/KIwQS1z/8yNfkb5GKNEJYCnUvuvnxc/AKJ1c5DrijeRm5PHyXs7sn
+RFm+EOB5G+czct5JEfTUkVsftSZboLhQ+GESNB4DJj7cZX5Eb3CQQm60a4cBMzEa
+r9W7LyWBQEHcuY3oI6s/R9g72QGJaNQWJklBT4TOcnz3nvs5/SYvvxVsykqDD8ii
+9SzqA3zuvBoTUHFaw7YfoBkclQ5ziV0iNYUXb937DArbvnhNbDxb9EjBCmJxZ8Uh
+ryVIyLnSvtLgar3I/eHFeJEhxwdhmNuYR1tLKjkVLFb6rTWZiizRUSUnidNHXbu1
+K/FbOsurd3ZRLMttZNTc1kNdXy3JDUToy9rZOUpoRbfY1UnCNN2tWNB+U6wYgAUn
+V1bZhWnUdX1stP96G3kIjff1LvfcheevgaLDNFDAtgRwYjawP/uXdybmQAIO6UQr
+jLfA2958sGEKWrB1Pgy8kmvXE3xGajNDTP3UNFIJsc6/nE7DaA8VTuVW0ypgNSwS
+uvI4HJnbxV9YDCozojOVjN4ICyqDtBabKbuZ6C2lvrMsKMrvUTkdVei5YJELHH6f
+qT0Wvgt+YjGmu9LuG44v2lKWqw0oxsnnhElcmMyuimrWiWH0FsflJQIDAQABo4IB
+bzCCAWswCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
+dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSZ3aK5+DrQI6Jqd/Rr85dJ25MefzCB
+2wYDVR0jBIHTMIHQgBRdoFd3+cnN3oipvtD78PyKGbWd8KGBrKSBqTCBpjELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMT
+CkhPTUUtQ0tVQlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEW
+EHN1cHBvcnRAb29wZW4uZGWCCQCSRcjUalmFNzATBgNVHSUEDDAKBggrBgEFBQcD
+AjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hyaXMwDQYJKoZIhvcNAQELBQAD
+ggIBAKh8doaLAtydm7PEcC7QAP5Uc3TNqCpfNCDApfjLpl7rdKrgAnmeV9kQ3IVq
+AAeyl2vuctEbcsX8/oNYEJFuUIwNf4mFDdp1Ifq8/ieCw2KLDU3zYH8sKQDTZHwT
+w6xuXocuVQ5mcwwjP7ERmYXUnnnHAOgSvjgXBBtNV8tAYGCLDkjGvcUZ0oNVBgAx
+Xoewhmd+1Oozr9I0YH1EhEDECVTbivb0So+2ZbEjmOXhSlJdgdi2MO96dsEOuMjH
+KMVTqBhMNtBOHXtDbfZC2NwzO5RcAV9FeWkHj6oaWIEl7RTiw52gMTygbx6ezZT/
+2fKq7TrY8fuRWLmQ77+TwIkT2oyr7DjJ9s+kY3AU7XKAZHTUbhGlqKsWUiV/3+5f
+S1v/4hjtuAA3JPOToBcEn9YAR2djavYIRM82YbRByHvrJZkCEnfOs57Wv5XZGKLK
+J4ph1ikT+lLBVczZVB14Elz6Vz0/CHlT2Q6/MtENpLyJop6uVCTmpIiKcfF+kuR3
+/f8pdXOzGc1nOwT3g75A+D70nWaXULZUBlRKJ3FZCo+Ecx73YRhU82frDL9+jYiw
+ui8IfDjmAQIqFivcHYLizZtpJhrqa7oG7MY80lfsHTPnUU/jkdRBYBzGk3yrFXpE
+KN1k61XVk3Iv9lDA/Oa9/Q85eSmj8a49ZQ+GLsTaOx7eBi8j
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/home-ckubu/keys/chris.csr b/CKUBU/openvpn/home-ckubu/keys/chris.csr
new file mode 100644
index 0000000..101f670
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/chris.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE8jCCAtoCAQAwgawxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRkwFwYDVQQDExBIT01FLUNLVUJVLWNocmlzMRMwEQYDVQQpEwpI
+T01FLUNLVUJVMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QG9vcGVuLmRlMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwOQ6xsSjqyA5BumzeNZIYpE51RFp
+oN+ahQNTpG3s1YPHtLboQIQ6oboFlG2yiQI/yiMEEtc//MjX5G+RijRCWAp1L7r5
+8XPwCidXOQ64o3kZuTx8l7O7J0RZvhDgeRvnM3LeSRH01JFbH7UmW6C4UPhhEjQe
+AyY+3GV+RG9wkEJutGuHATMxGq/Vuy8lgUBB3LmN6COrP0fYO9kBiWjUFiZJQU+E
+znJ89577Of0mL78VbMpKgw/IovUs6gN87rwaE1BxWsO2H6AZHJUOc4ldIjWFF2/d
++wwK2754TWw8W/RIwQpicWfFIa8lSMi50r7S4Gq9yP3hxXiRIccHYZjbmEdbSyo5
+FSxW+q01mYos0VElJ4nTR127tSvxWzrLq3d2USzLbWTU3NZDXV8tyQ1E6Mva2TlK
+aEW32NVJwjTdrVjQflOsGIAFJ1dW2YVp1HV9bLT/eht5CI339S733IXnr4GiwzRQ
+wLYEcGI2sD/7l3cm5kACDulEK4y3wNvefLBhClqwdT4MvJJr1xN8RmozQ0z91DRS
+CbHOv5xOw2gPFU7lVtMqYDUsErryOByZ28VfWAwqM6IzlYzeCAsqg7QWmym7megt
+pb6zLCjK71E5HVXouWCRCxx+n6k9Fr4LfmIxprvS7huOL9pSlqsNKMbJ54RJXJjM
+ropq1olh9BbH5SUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQChm1NZmMoGNRdv
+pAjF02f0/1QDOoxmnNC8IcQ+LXQSEwdxz9R2IdNPpqMYHw4iKv8AcnbQCqXyqqye
+Ec8TEPHxtrEm7fIsoTKG9SNL6/QzAIM795ZBGi9J5nw+smwaKsUqiOwT2RjUWTnU
+1oXEbxYsOvtD4UYYY4OUm6sH2yL/1Ki3Xqz8AqexVfW2seq3oTwOlTPxHynFLid2
+yMARkcMnakTlW63p6bNEUUhdDmZD1IWcpd08lUF0iovFNh3Z2OowSrE5QBD4UbzH
+DUQJ9VuyWHcyhETHQOpZSM3o6Jb3AMuPreyc9+NnGeQwtQpOe6sKg48hf6reB+H4
+BSDoWRevH8qRZPRkY8uE2FlXK+jUTboB1GMp3LRu9sVZLsbGETueP/1knv2uzWI7
+f1IabglUo1gPSyh5wXMwHGfEhP92omNC0ujsiGedp/xmUDvVjIgK28jZSDvzDO89
+rqr+wEaiRyWWxoUVA8KXncmHp8FSIV8EX71hCzGeukXpXgedWssA6jgAEDos99Vf
+JQpZGKtB0KnEfkddmNWMT0VQ0jO9OyqxJ5+OXG2/pHdTRQCFfYSnOA6iXUySliI6
+EtiYHTJAG//mIqM7tCIHvWidzNarnsmQxDYg1ul36tuUHMNDA5Pw0WnYdieXE0wF
+f7BXlUhKTv1L90VkEkvEYc/U7QAkyA==
+-----END CERTIFICATE REQUEST-----
diff --git a/CKUBU/openvpn/home-ckubu/keys/chris.key b/CKUBU/openvpn/home-ckubu/keys/chris.key
new file mode 100644
index 0000000..5db16b1
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/chris.key
@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,A8DCE11902B81F52
+
+YoUKcSwJtgulV5k8iXSNF/U2joi5fD9mOXOy5qQWkn20s3uAnapYL05jv7x5WZnB
+r9Q37oFVgB5bu0THLqa64fORUOOmin/PhepgBkV1BWmx75Y1FdHaylnBqqudlhn+
+Ae/pXlhWET1aWXvdKPGMhFJ+RKevHEoThGMxHC/Hj3a0Rl+AzrPbl6YROZ1eM2cB
+Kd3nWrdrGhcUyDUn8cg9n1pDnouEGm/krbn1zjQsISlYmxDMoHBHAj+bAFJKTtkt
+NiidhN2lNbw9WfEOm5MZCaM0c1GrK1Uw9AhpkZcvKhVx6yZNa52c53a/xxzoPcq8
+kA+4n73NoyJzmi+q8egPKCBt2lXyHPDkfsrns3ljJPG7DMPfSazKH6KG4B/ONS9b
+wxzNCuyFyWfJdbDpN02FXZHeyg7CGPU4kpSgy0XwFakjQ6+a5hbRLIVkDb8PCvIA
+ayLSOvB9WgQzBQjnXyiujTMDz4FzLOVzGJUGKvgkNqv7oxHbCjNTynS+VIWw8wAk
+nLcV7F8GTGU76h/TG9IOsVaq1eQIpXq01NvMwZAezh24QfM1VZwuB1vgcAren0P6
+78pOKpuPtzEJWJy3zwbSGHtRetB+E7riU6eJHzFsZtJExxn2Rd3ATpIb7MtG9b0v
+MKzqPhWHzEQz/psMrZaQ3ONsmi0Ti8Yjn/lvV5B/whwBEeJ101ju/ZXvPyqINzQH
+5E1/Flwrr2hXkEchaGJoREN26tWUu5x5E7KWu37wzbb6533veoVFmoLm0+NdHDM6
++LOlq6xSy5vDH1qNaSPf7mtfBJVx/2f5I6IIGfPJ8wNWQsb7ij/vXpJIGaS3lee1
+1ZMnIiFQAGs5rQh+XqWRLFL2Z5Omf8SeE4Zr3Pd5Ax9+8UjpNgMPlNCZ66yyOzO7
+lwSQWbEVx8HG9Eg1hFOIgZhVbDmaukHLJcVaT0A0WR2/19iu3zZZ0VgJcz4i+Qp4
+RlznHpOJQ6FvpydxW93BkRpikMfpRL8PdPKswbIbTAkwTCV7EIceSnH2NL+EFsLQ
+/muGyx4IhpFsJB4gE0TR0t/U4FdBijILd3wZnFBxPfhofc393P2OfeRLk4tvaeae
+Eqwzkcdcm5zG0dbxFUTXe7pQB54hRvJ/4XFMhTwQBjZDKr0RH0mNEgomqU8s8Lfm
+qaMY3OGuYAMpTE3t+NIBdge8SoSSxxl/kR+2V2h04zjZ9uYss4b5Bj127tGbbSS8
+nH4cDwysTTtcACuh8FLByoFio9Rnt73uckhflskaLvwZE/8A0uhD01F+chatvSAJ
+Aix9oQwDtiyHF2t8C3eouOWl7Is+BDlh2iWYEaNPgFpXwR5eRqUpkDCDFurecT3t
+ru7i47QftimArrx//dWdNZDDXC2vY32zr4e3wLoEkuFZb/uiXA067AVvCKTuN6H4
+M00kzpAfyawLaLFsPFxi/hISWq96OzmguivsDsoraIl8Uz1xkL4/zhHdJDToHV4E
+wTrQlvoA4zWDa3DNbwRH9vna/zY8owktR9nDb50xlmmzXT8ucAFN8BNLCeQMir4u
+2HjGic2gBFrnOgafVXsnJam+a0ce2mPSRQ1hLNxquDdB3gT1Woiczhl1HBRX9U7K
+BpOJeVWF9kLBhbTTWqXQMnZNOnh0iEmjtDg22dg0hsHsoo8z0ngUGGrDofPRQ9Xy
+Aw/GmAwF7pmwSfIWiCndFMFeCN418nugtX2QavkIkm8OFm522RRwUCX5lKdZAlzG
+nX947m997mZMtdilpcl/F03N6/gKu1S1Wrmug8sPD6R9mugzcNQDFRsS+8dcwmwf
++zYInaSO6tmI7+GqlaIORXB9vNawy9vElGOqx69No4vjHP1x9+6xEtJk4O6aRDtl
+Ju7/NlDildpIhjIvnJe/eKEBDfyyGDlHyVAEqnf7Yzz92j+3ZugIz/zd4iTdGzfg
+tsQx0x2i/WsDw11/cefPXth07kJVfgM3jdgk2d0Yd0LpWWjxUZp5H4zJ5FZ5yl6s
+GFLYCK6Fj1QsWXd4qQjH7092ka5GKvYLcR4DxCocJ6tS1UE0MReI1YaJ8GU3dwaY
+91+Q2j3+lPY3PKH8/MjL8ZZJoIjlyvXwYff1quObbUYIYbtuhJ3c1PYeigt/G5Du
+nb4qJuZ6ue2OEfuvRnXgH4aNgZEfrVuYydDBxM55HpaxZBjC0ipqGYnC2X9rU7JI
+dD+r0ymGoIt91ZhgnahhIx4zzrJ5i7BNujMYal9AEkPXV+VkY/iNJJKjIzFEc9J0
+GX9ELhXHzed3xxy3goTqJPgY0u/jBsUca3l2AI9H8qjeAltbiRP+TdyafhCr/RX1
+f2t+KLLvK7F2Ls4VcRPIpuEWrnbvJbh3ot5anzzR20ifFy2fIXyI/Sy/DPAy3hgD
+adNfY29lyY8dLv/CTXju9AHEX/Z/IvEBBZkAUUIJ8v2wIR2HMOi/kCsEl3HnK/Sq
+aKHenYE5QqME+Y6b8t+w3vhNT7HAcaH/sjrDn08Wls/XqTDEEr+fFV8i/Z0bFQjs
+27pbdDrYCmQjGizP2INARVIBYeCk/LQ8kSgIy2pI6uzqdXiHjeeSLtLxl7fmLw3j
+VNzCP0uY407/N6WTOYEvg/SHAYQZNA3zSA/xsNihRGGDvj75a0WI1p+QDMUUGiYJ
+xdDU4lM+L6YP2yZ75XBUNhwHHX6C1vfQC/BvnszRSdnEZeq+bOwAkBDC31eH6y4J
+tbqxOXB71x6Ljcwp3BnpKbnXt9VzLM+O96sSc4wOfJl7AeHWD6eEKJNT1mfjWfN3
+jB68ezZhQpth7RilxtECMz4pcigGsljHkIfd9nweahAwq2RNwhz5cafpQqDeJV+c
+0o05tSNvR8snLX+fbnBTxHl4025lTmJNh9Hv4DY3UnAVL/e/wkmupb6gYA+N3s03
+ZJhhG0YBUviuuH6DrRdxTrHjnVveJHSuHhUHrgM3PeX8cspBBYbX77d52jqDS3HJ
+UD6eCrIbxyDsKDFS1DEby2KZYM5CBmI4AzUW4nKBuRPZ0uFiM7b/KXptQvC/sUWE
+6DgVcIz2ExivDyiHo5XSWsssRRI+vXtJ/GSghWTZuN6WI3whZtnYQyS0L+tZCRdi
+GHaFz1YOvzTJZoWHZgXg0fe58Q7CLdco+66scYlHstj562mjsd7fPa59KaGKluvM
+-----END RSA PRIVATE KEY-----
diff --git a/CKUBU/openvpn/home-ckubu/keys/crl.pem b/CKUBU/openvpn/home-ckubu/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/CKUBU/openvpn/home-ckubu/keys/dh4096.pem b/CKUBU/openvpn/home-ckubu/keys/dh4096.pem
new file mode 100644
index 0000000..6b79efe
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/dh4096.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAkb98/ZYPH87EHpUo6LatlbDgwe/tquFxg8EnrgAGaHrQMWDnSOvm
+A1rXnnpql+avwnloGIqrQ+HjWMLq7KEBYc2W0KN37/qTQw0X7NPixQgDfaeainjQ
+TpcAdjKcLCVeHd7J0aiKC/C1u1vRBCf14+wd0NZK7PXCRY8Ggft7hc0ya//riD+s
+R4v1A1XXdMkns/YJMKzvvGEvV6IOlFuLUbbU6kYCUjVWDqsvNaRZpGuIiMis1e1l
+PRtmIHGlhw/phKgK42ct5OIv2fjTkgg+u31ljptBBr6524HePx8ArifYySHIkk66
+O6NeTQpX0VSqs4gpSgAQYAZS5M8DwMrMykmZml1PJkotevBP2YswNvTxwDRosaVu
+1u0vJknjPyXnf+BvB9mbcZBVLqJ9YwdjxfVT5biIFVty7V5Oavxkn0zGdH+72eTT
+t2FdyTx36Xwl/cRxeXENpVa4xsd7b1zxLLHP9gVHadrTsScplsiZcYZaxrMufuIp
+r/I3W9FAgG8zxvnwNRPEjvqLEwuvgo0Ab3bQcl/Sz7Z36lo6TRS8y4V7uZdmdJ+w
+92VxbVPFCb27veqrXooZJY5wVAkxdeG7NyS/MScC1JjpmqMK/fTcwfWzA0EH/k8Y
+rEv324x/7ZK7gf9mNw21CcXHfBidZhyaU0imHQ5KhUOQS11xHQDqN4MCAQI=
+-----END DH PARAMETERS-----
diff --git a/CKUBU/openvpn/home-ckubu/keys/index.txt b/CKUBU/openvpn/home-ckubu/keys/index.txt
new file mode 100644
index 0000000..dcbfd98
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/index.txt
@@ -0,0 +1,2 @@
+V	370809155041Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=HOME-CKUBU-server/name=HOME-CKUBU/emailAddress=support@oopen.de
+V	370809155325Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=HOME-CKUBU-chris/name=HOME-CKUBU/emailAddress=support@oopen.de
diff --git a/CKUBU/openvpn/home-ckubu/keys/index.txt.attr b/CKUBU/openvpn/home-ckubu/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/CKUBU/openvpn/home-ckubu/keys/index.txt.attr.old b/CKUBU/openvpn/home-ckubu/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/CKUBU/openvpn/home-ckubu/keys/index.txt.old b/CKUBU/openvpn/home-ckubu/keys/index.txt.old
new file mode 100644
index 0000000..470e9b9
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/index.txt.old
@@ -0,0 +1 @@
+V	370809155041Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=HOME-CKUBU-server/name=HOME-CKUBU/emailAddress=support@oopen.de
diff --git a/CKUBU/openvpn/home-ckubu/keys/serial b/CKUBU/openvpn/home-ckubu/keys/serial
new file mode 100644
index 0000000..75016ea
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/serial
@@ -0,0 +1 @@
+03
diff --git a/CKUBU/openvpn/home-ckubu/keys/serial.old b/CKUBU/openvpn/home-ckubu/keys/serial.old
new file mode 100644
index 0000000..9e22bcb
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/serial.old
@@ -0,0 +1 @@
+02
diff --git a/CKUBU/openvpn/home-ckubu/keys/server.crt b/CKUBU/openvpn/home-ckubu/keys/server.crt
new file mode 100644
index 0000000..3296867
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/server.crt
@@ -0,0 +1,142 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=HOME-CKUBU/name=HOME-CKUBU/emailAddress=support@oopen.de
+        Validity
+            Not Before: Aug  9 15:50:41 2017 GMT
+            Not After : Aug  9 15:50:41 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=HOME-CKUBU-server/name=HOME-CKUBU/emailAddress=support@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d5:6c:90:c5:16:11:24:57:61:7d:60:5f:48:f6:
+                    05:a7:41:e4:09:74:39:63:d5:2b:5e:44:74:20:e1:
+                    ec:d0:57:6d:1e:eb:e5:d0:77:c3:aa:52:c5:00:6e:
+                    de:69:7d:af:43:d2:c8:d7:fe:6c:38:a6:76:f5:8e:
+                    8e:70:e9:63:b6:58:71:9a:2f:95:fc:1b:65:73:29:
+                    47:b4:82:90:25:52:34:59:f9:b9:9b:1d:f5:e8:f7:
+                    18:a1:08:86:8a:c9:65:15:ae:05:09:c6:cb:8c:eb:
+                    e4:cc:01:d6:a1:82:54:58:d1:5e:75:cc:f0:7b:fe:
+                    f7:04:92:72:62:0d:b7:7f:fd:b4:8b:f8:8e:08:ac:
+                    57:da:6c:ab:e1:0d:73:a5:62:55:f6:98:89:a5:9f:
+                    19:4f:6e:b5:17:03:7d:e7:78:b0:15:29:15:af:7d:
+                    f7:57:00:ef:10:4a:15:7d:fc:8e:b8:4c:da:04:67:
+                    12:6f:71:1f:99:c0:36:e5:cf:37:35:3d:ec:b1:08:
+                    3f:32:c5:51:53:9c:61:02:cf:da:03:56:bc:76:0c:
+                    c5:94:94:f4:bf:12:8e:5c:65:1f:3f:0b:8d:20:20:
+                    ee:12:d4:63:6c:94:b6:d2:00:f1:8f:53:6f:db:fc:
+                    71:d6:56:1d:27:ad:fc:cf:55:b1:d7:fa:68:4d:e6:
+                    b1:91:8f:2d:d4:8b:f6:20:26:f1:d7:e5:99:a0:e3:
+                    42:53:21:ca:f9:63:28:6b:e4:24:7f:ca:5d:33:03:
+                    53:8a:71:94:e6:4b:dc:70:79:2f:1e:fd:80:ad:4e:
+                    20:6a:52:ec:2d:7a:ca:04:44:62:cf:6e:b0:47:7f:
+                    5d:d4:39:c3:3b:a6:c2:8e:31:1e:6b:f1:72:89:ce:
+                    e6:d5:61:de:cd:bd:30:2b:2c:fe:db:07:8d:f5:2f:
+                    1c:eb:13:47:f1:ba:3a:bc:16:59:2b:cc:f0:0d:90:
+                    8e:63:cc:67:86:1f:13:94:87:97:11:c3:f5:44:85:
+                    dc:c0:e3:14:b1:df:d3:0b:a5:77:34:45:c6:25:9a:
+                    8f:f9:f3:5b:c5:c6:83:f2:ed:7c:35:f9:15:2e:5f:
+                    72:17:0e:fa:3b:7e:31:2a:76:28:d9:2f:7d:28:98:
+                    ee:f9:48:29:3e:dd:fb:99:d3:30:88:06:9a:b7:6a:
+                    c7:37:a6:92:56:db:be:d1:64:de:6e:b6:15:20:f9:
+                    56:59:a7:be:f0:a5:96:a4:e4:06:b1:3e:c1:df:11:
+                    a9:88:c8:10:2d:5e:0e:53:08:29:0f:e5:a2:57:58:
+                    bc:e9:bb:e1:64:71:50:35:5b:aa:b0:04:87:33:d4:
+                    31:a6:da:3e:15:9f:d6:2c:c6:39:ac:f4:fe:e1:48:
+                    81:a5:2d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                E8:E1:ED:6A:13:1F:29:D0:15:EF:B3:C1:57:7D:2E:4C:49:E0:CB:FB
+            X509v3 Authority Key Identifier: 
+                keyid:5D:A0:57:77:F9:C9:CD:DE:88:A9:BE:D0:FB:F0:FC:8A:19:B5:9D:F0
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=HOME-CKUBU/name=HOME-CKUBU/emailAddress=support@oopen.de
+                serial:92:45:C8:D4:6A:59:85:37
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         96:98:28:5d:5f:64:66:c6:43:92:11:90:81:6a:f3:da:30:ad:
+         f4:d9:3f:17:19:d1:98:4a:a0:78:d2:8a:1f:1f:9d:27:b8:b6:
+         44:bc:8d:a4:86:04:6a:a9:1a:a3:b8:00:f7:b7:19:be:06:65:
+         e1:20:be:d4:3e:79:9b:17:36:90:96:78:ac:8b:08:c9:e5:dc:
+         d6:68:7b:8b:67:88:42:d2:0b:24:96:5b:24:b4:ea:a5:10:be:
+         59:23:57:f7:ee:52:ce:2d:79:f0:9c:a6:e1:3a:de:fe:46:8b:
+         af:a1:80:2e:08:34:ab:59:55:02:22:39:63:6b:ff:4c:ca:fa:
+         ba:f8:43:86:a3:7c:95:bb:5e:e8:85:17:02:ce:4f:7a:17:c9:
+         71:0f:13:13:c7:5b:cf:22:92:6a:a4:7f:ae:67:b4:78:6e:6b:
+         1b:10:81:10:b7:a0:c4:c6:d2:3b:c2:b1:1e:3f:b1:0b:a0:fa:
+         8e:36:0b:55:8c:8a:b9:8e:fb:85:e5:48:b5:9f:00:c9:52:e3:
+         91:4c:e5:ba:05:03:55:4c:1c:d0:ea:c5:36:40:5b:36:b6:cc:
+         7e:b9:c1:57:12:9a:e6:7f:41:69:6f:7a:24:5c:b8:66:c0:b6:
+         91:09:50:bc:75:2a:eb:28:9b:0a:4e:cb:fc:47:65:f5:3d:75:
+         80:89:83:7e:50:95:fb:07:19:1a:e4:cd:fd:5e:ce:4b:89:4c:
+         24:0c:c9:be:67:03:9f:65:63:b2:3f:24:39:40:76:cb:6a:3b:
+         86:7c:7b:9a:b6:b1:fe:7c:51:5b:ec:91:ff:ad:ff:3c:9d:00:
+         70:3b:af:30:e3:78:56:55:a8:77:2d:95:f1:a0:fc:e1:2e:f3:
+         9b:b0:3c:bd:52:dc:1b:cd:99:83:37:bc:2d:03:e4:4a:ec:f0:
+         88:7c:48:33:2b:99:1e:78:bf:d0:30:4f:e2:0e:c7:04:13:52:
+         9d:cb:33:ee:b7:98:e0:8e:f2:64:20:64:71:d5:24:67:9c:a4:
+         52:e6:3a:de:bd:d1:1d:2b:d7:60:d7:3b:53:59:bf:33:60:47:
+         bd:26:9a:de:46:25:63:cf:77:f3:69:38:6d:d2:1c:37:a5:61:
+         6e:27:4e:52:6f:8b:11:4c:6c:ba:0e:b6:ad:c7:23:cf:0c:be:
+         c8:18:a9:7d:46:8c:6d:64:4e:d2:06:b0:9c:9c:6e:14:58:4a:
+         a5:32:36:a5:0c:58:94:d8:8f:d8:e7:5e:69:0b:3f:30:68:5e:
+         ea:b4:3f:7b:2a:20:7a:3b:b2:af:27:4f:3f:0d:fe:1a:5a:61:
+         ed:05:2d:6b:65:8e:bf:86:b0:1c:51:0a:14:35:e7:31:6e:c6:
+         fa:86:7c:d2:97:ae:73:e3
+-----BEGIN CERTIFICATE-----
+MIIHXDCCBUSgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tV
+QlUxEzARBgNVBCkTCkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRA
+b29wZW4uZGUwHhcNMTcwODA5MTU1MDQxWhcNMzcwODA5MTU1MDQxWjCBrTELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGjAYBgNVBAMT
+EUhPTUUtQ0tVQlUtc2VydmVyMRMwEQYDVQQpEwpIT01FLUNLVUJVMR8wHQYJKoZI
+hvcNAQkBFhBzdXBwb3J0QG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA1WyQxRYRJFdhfWBfSPYFp0HkCXQ5Y9UrXkR0IOHs0FdtHuvl0HfD
+qlLFAG7eaX2vQ9LI1/5sOKZ29Y6OcOljtlhxmi+V/BtlcylHtIKQJVI0Wfm5mx31
+6PcYoQiGisllFa4FCcbLjOvkzAHWoYJUWNFedczwe/73BJJyYg23f/20i/iOCKxX
+2myr4Q1zpWJV9piJpZ8ZT261FwN953iwFSkVr333VwDvEEoVffyOuEzaBGcSb3Ef
+mcA25c83NT3ssQg/MsVRU5xhAs/aA1a8dgzFlJT0vxKOXGUfPwuNICDuEtRjbJS2
+0gDxj1Nv2/xx1lYdJ638z1Wx1/poTeaxkY8t1Iv2ICbx1+WZoONCUyHK+WMoa+Qk
+f8pdMwNTinGU5kvccHkvHv2ArU4galLsLXrKBERiz26wR39d1DnDO6bCjjEea/Fy
+ic7m1WHezb0wKyz+2weN9S8c6xNH8bo6vBZZK8zwDZCOY8xnhh8TlIeXEcP1RIXc
+wOMUsd/TC6V3NEXGJZqP+fNbxcaD8u18NfkVLl9yFw76O34xKnYo2S99KJju+Ugp
+Pt37mdMwiAaat2rHN6aSVtu+0WTebrYVIPlWWae+8KWWpOQGsT7B3xGpiMgQLV4O
+UwgpD+WiV1i86bvhZHFQNVuqsASHM9Qxpto+FZ/WLMY5rPT+4UiBpS0CAwEAAaOC
+AYowggGGMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDQGCWCGSAGG+EIB
+DQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBTo4e1qEx8p0BXvs8FXfS5MSeDL+zCB2wYDVR0jBIHTMIHQgBRdoFd3+cnN
+3oipvtD78PyKGbWd8KGBrKSBqTCBpjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
+cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsT
+EE5ldHdvcmsgU2VydmljZXMxEzARBgNVBAMTCkhPTUUtQ0tVQlUxEzARBgNVBCkT
+CkhPTUUtQ0tVQlUxHzAdBgkqhkiG9w0BCQEWEHN1cHBvcnRAb29wZW4uZGWCCQCS
+RcjUalmFNzATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0R
+BAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4ICAQCWmChdX2RmxkOSEZCBavPa
+MK302T8XGdGYSqB40oofH50nuLZEvI2khgRqqRqjuAD3txm+BmXhIL7UPnmbFzaQ
+lnisiwjJ5dzWaHuLZ4hC0gskllsktOqlEL5ZI1f37lLOLXnwnKbhOt7+RouvoYAu
+CDSrWVUCIjlja/9Myvq6+EOGo3yVu17ohRcCzk96F8lxDxMTx1vPIpJqpH+uZ7R4
+bmsbEIEQt6DExtI7wrEeP7ELoPqONgtVjIq5jvuF5Ui1nwDJUuORTOW6BQNVTBzQ
+6sU2QFs2tsx+ucFXEprmf0Fpb3okXLhmwLaRCVC8dSrrKJsKTsv8R2X1PXWAiYN+
+UJX7Bxka5M39Xs5LiUwkDMm+ZwOfZWOyPyQ5QHbLajuGfHuatrH+fFFb7JH/rf88
+nQBwO68w43hWVah3LZXxoPzhLvObsDy9UtwbzZmDN7wtA+RK7PCIfEgzK5keeL/Q
+ME/iDscEE1KdyzPut5jgjvJkIGRx1SRnnKRS5jrevdEdK9dg1ztTWb8zYEe9Jpre
+RiVjz3fzaTht0hw3pWFuJ05Sb4sRTGy6DratxyPPDL7IGKl9RoxtZE7SBrCcnG4U
+WEqlMjalDFiU2I/Y515pCz8waF7qtD97KiB6O7KvJ08/Df4aWmHtBS1rZY6/hrAc
+UQoUNecxbsb6hnzSl65z4w==
+-----END CERTIFICATE-----
diff --git a/CKUBU/openvpn/home-ckubu/keys/server.csr b/CKUBU/openvpn/home-ckubu/keys/server.csr
new file mode 100644
index 0000000..e322f89
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/server.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE8zCCAtsCAQAwga0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRowGAYDVQQDExFIT01FLUNLVUJVLXNlcnZlcjETMBEGA1UEKRMK
+SE9NRS1DS1VCVTEfMB0GCSqGSIb3DQEJARYQc3VwcG9ydEBvb3Blbi5kZTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANVskMUWESRXYX1gX0j2BadB5Al0
+OWPVK15EdCDh7NBXbR7r5dB3w6pSxQBu3ml9r0PSyNf+bDimdvWOjnDpY7ZYcZov
+lfwbZXMpR7SCkCVSNFn5uZsd9ej3GKEIhorJZRWuBQnGy4zr5MwB1qGCVFjRXnXM
+8Hv+9wSScmINt3/9tIv4jgisV9psq+ENc6ViVfaYiaWfGU9utRcDfed4sBUpFa99
+91cA7xBKFX38jrhM2gRnEm9xH5nANuXPNzU97LEIPzLFUVOcYQLP2gNWvHYMxZSU
+9L8SjlxlHz8LjSAg7hLUY2yUttIA8Y9Tb9v8cdZWHSet/M9Vsdf6aE3msZGPLdSL
+9iAm8dflmaDjQlMhyvljKGvkJH/KXTMDU4pxlOZL3HB5Lx79gK1OIGpS7C16ygRE
+Ys9usEd/XdQ5wzumwo4xHmvxconO5tVh3s29MCss/tsHjfUvHOsTR/G6OrwWWSvM
+8A2QjmPMZ4YfE5SHlxHD9USF3MDjFLHf0wuldzRFxiWaj/nzW8XGg/LtfDX5FS5f
+chcO+jt+MSp2KNkvfSiY7vlIKT7d+5nTMIgGmrdqxzemklbbvtFk3m62FSD5Vlmn
+vvCllqTkBrE+wd8RqYjIEC1eDlMIKQ/loldYvOm74WRxUDVbqrAEhzPUMabaPhWf
+1izGOaz0/uFIgaUtAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAxgJAZXxkyl1N
+pPVZ3LvUDGkJs2RqrjMPKicfHfCNACSNWPgg/n9AanG2GL8HoVS35uYfPRVQFrd3
+eDfP1ef0pk52tnbez9/eCEet9ccF0pV+qgiS5XdsZIOhDKoIm3kpsw7v7emnzsRz
+kwMIpwZ5lhutyJRIO4Erx02d9s+pPSpg/NtB84NYW1hMyMsrycIN8xIzrpAwTkd/
+JGh4zw1D2DYlPZFYppjgcSUvATG4IK8X4JP2FtYwnz4402GjFEsajcvo2MtwYPaW
+t4jhW2+1vxu/b+KcXrmQxbfSuw51pXw5dPEO6Mpp8acyMOxLqcfW2vokJACRGBvH
+AJprrMdBa4joVLiLs3Ml1tHiyf5x/PvqHilnQoUA+1UyoQEXIJist9bYX6rJWFJ9
+I00E+sjQXiyqASh3kiFeOMbNvSgS4PL4W6nHwFiqAaeB1UFro8lsfqg4op+vG+Ty
+MmYzvdGaDGwqNy4hDq18AVuqvTfiIB3Nza8HWbsXzZSuLkoyTjvNjR5EKvyH0Qh/
+bLadRrU5zIMTc1mtGnkGcGx71omxIngloJ3WhR7/AO2tvzNT5r5iy6meLxuDxS2v
+LbiG1I5F/fXkkkBDHCGHd6TJ8LbZ3GTnEhjqsI1Yzpsyp25XAau+H6ci4R86Uz1F
+kbOwozXSE3vPnoEBZtI4z6TDZ8GH3d0=
+-----END CERTIFICATE REQUEST-----
diff --git a/CKUBU/openvpn/home-ckubu/keys/server.key b/CKUBU/openvpn/home-ckubu/keys/server.key
new file mode 100644
index 0000000..e293330
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/server.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDVbJDFFhEkV2F9
+YF9I9gWnQeQJdDlj1SteRHQg4ezQV20e6+XQd8OqUsUAbt5pfa9D0sjX/mw4pnb1
+jo5w6WO2WHGaL5X8G2VzKUe0gpAlUjRZ+bmbHfXo9xihCIaKyWUVrgUJxsuM6+TM
+AdahglRY0V51zPB7/vcEknJiDbd//bSL+I4IrFfabKvhDXOlYlX2mImlnxlPbrUX
+A33neLAVKRWvffdXAO8QShV9/I64TNoEZxJvcR+ZwDblzzc1PeyxCD8yxVFTnGEC
+z9oDVrx2DMWUlPS/Eo5cZR8/C40gIO4S1GNslLbSAPGPU2/b/HHWVh0nrfzPVbHX
++mhN5rGRjy3Ui/YgJvHX5Zmg40JTIcr5Yyhr5CR/yl0zA1OKcZTmS9xweS8e/YCt
+TiBqUuwtesoERGLPbrBHf13UOcM7psKOMR5r8XKJzubVYd7NvTArLP7bB431Lxzr
+E0fxujq8FlkrzPANkI5jzGeGHxOUh5cRw/VEhdzA4xSx39MLpXc0RcYlmo/581vF
+xoPy7Xw1+RUuX3IXDvo7fjEqdijZL30omO75SCk+3fuZ0zCIBpq3asc3ppJW277R
+ZN5uthUg+VZZp77wpZak5AaxPsHfEamIyBAtXg5TCCkP5aJXWLzpu+FkcVA1W6qw
+BIcz1DGm2j4Vn9Ysxjms9P7hSIGlLQIDAQABAoICADBGZliuLSJzQXICoor2W0EB
+/nrE91ZFmZGxGjN15wMZQ22DHnCRJokYP8dhTJ2/+Cz3OMbincgSn0XcAQw5Pny4
+dLnTmbF04PWzmKyT+9b1STIw8nLLzBvuCHwkWYp7E4pb2nfjp5cwpIggwlO2Dy4n
+7Z3nxV3GxkkadxUG1UL2OCiRCE+d7CFUA2zchhQasicdScVUv3zgJcYW3BvHiMzA
+hk8zxwa/B1Q/7ayZvA6kE4x7ZAghJmy4tbI1tN8uKqPAocryJvsqnCburPmkXOy2
+5to89z9hCyKLHQ49pqZlzHQl5ndhDBlkbT9mOB8icv1wbRfUmyKq15dq5Lz6OZ+x
+YuxSE+ihV6t+A1RoZcVHlhxwQJrjF9UE0ZM1x+Nhw1KfeLVO7WexztZiHr5RKZkE
+uELCtq7C9AqNKL7Rk4EvvT5JWTPfhtQjd2Z34DZ3QXc2KVcpddKQ2zB+7siIK1lu
+bpSo58vk6i+HFYjvZtIpyeHTxMKDoL8pqWyKi44p+U5bE0K7mXI/L+YO6Y6EopXB
+x+YVwxRkd2lErYCEjNFy/2vz8Djj/KSH5Wwu0bMwvtK66dB4kkmqxoC/ris+18t5
+wQzxOu/VpFrGnooP8bpEXj29/cj0gJZy/s5nDoLS0mEkbqMaMSYihy7DsZAJoRQc
+qW9/vgb578ALGEw4nohhAoIBAQDwHdDnC5xCGUZDxjZVj/cGa9apbPERTqRRbueL
+hEglpbL+dCiJFmkLy7pXzDNnMOc9wR75zJb0v+uuAYsRGYOjk9THSUz7sj7S2LTR
+NINrS0WOgVc9MUjo9Dk681LxAmKVBNA9BTsqK5McN1ZU/dmW3GLOmWpC5IDtS5+r
+hprx/s20pgO+ait/EYfOUPEcDcC4vp4dJUhSFQMXQJqu9azLNnaE1NcZv9mkuUjV
+cRp+A6QinvNgNon3dHT0ZgQeDQsRzJy/odwR3N+dM1ivizPOve3ljJuYt7GB3hYl
+9V8uJf7Lg4jC7xGF8AZlYAI/zkx5goeojUEAH1x7vfZ03mZrAoIBAQDjirwhzbt6
+vP4fkQ9yBzoHR9swmJxUyqo1iSpSdFVVWer/2GE59lWGqZ37E2mgBkEn4ALOFbYr
+JHxmyVvoYY31Hi4KPQ+cu6unKtR0XcgMrhN+JxOPj3G4LNDko4QAjZAu/URccmgT
+8OY36BHc4MpD1AqYZ8N1nbXm/idF+w4Z/XAGHUTVKvSS7Fg9SHckcXTC7znz8kd+
+G43ZWkxSyCNqM6YARh8Rt9uuhLK7MaWU/T/gL86GsN1iAgumgeYEbiQ+6Vz8+hvj
+pQpNbywZlClKgpI/BDWVGIx2lzZvdhbzpwNpq4JH7wTTJonvRuecqHgevLng8lIC
+OM/w46zHkhjHAoIBAQCrt2byFGeHDbQmO9YXkoFCYlR9jZ9IlUkFw55rNAq0ga9k
+MYXbo98zxFpa93m7TknQ7A9O7XT3S1ksc4YUkH6HuOzuKAmZ5nrvJnMJOdjSHl57
+7xuIc3qEvkM/WUvzd5UwpOSW/uq02by27Qwcc/3r2Wf//87yT5+0E+T4MacVcPeD
+PUZoIl1A3jSU42XKfjtY41kH1uXFbalsM5Nrk94i5awUinHZxE3Nc4QWwHAFtmzn
+JW0/XUGFag9JyLshEorcC8v9b6+GRsLUFShTQeWm8ET1aHzN1nBnQ3/rXXLX+ewh
+dsuTPIz3kBPC48o3/zzJmQOTEpFtmP/2rn9WTMZJAoIBAQCnQwFeW+wXojuvmqNe
+798BIRoH0/b/AWczKVwZ9ngP4KQ1Y6q8v85IygBeYvu+7ToSBMIrGZyqhAyKRjQw
+Ux3V9FRlpFMIpI/et0YrMBDw+TlM/46Kdihi+Vao62YKPgWh9Py+dD77gZbJu+b9
+laQ5TfJn68are74OSf82mwDXrAwgAn3psMTOB7wpeE5UVK4+6TmRkCRrl/eisZTv
+OT2HQOYix2jpTlzHIbZ8klckeTDuLFZFfleORvCnek9KLGiqckKvl27O3TAAkds6
+BkaABhFZD1AQBFakii0yq/zdKIUCtVd0Z0gFqwuz/0wcRV7fQV3l9FrCVV7NtZ75
+qPRbAoIBAQCNxAjGgT+wuY6uEupTXdjXqP6LED1jTOwXV6fZ7/5svlZ/MTxR1LLQ
+2mYnRg2YQgyT5lG1Sfq97dwZeNPgKbWyXJUyKhDQUSHYeqx0hPOVLXifHJaXLKkg
+90e3DTa4Sapv4c/mOYgiOle306lUe4lLNzXBIWSnoYkoPWV41tWX+iFCBWusvpHF
+YLCzoqycN/QUF6XzUpJQrU8J3xS7tV0JmVqSGvWVinCOHT3bjApusqnXrfCTgPY0
+NkT2EWkO38eBb5KORyhkk93LMjzapUFn+AJqkreR6sJWJ5P3VWxtF7+/4Na2usbV
+n0I7baBebvqXlKuMu8VxLiK9OPmW9eGV
+-----END PRIVATE KEY-----
diff --git a/CKUBU/openvpn/home-ckubu/keys/ta.key b/CKUBU/openvpn/home-ckubu/keys/ta.key
new file mode 100644
index 0000000..8a4abbd
--- /dev/null
+++ b/CKUBU/openvpn/home-ckubu/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+1c8b2c0960c29ba0f8b85d20cf7654a3
+2429c0a7e6c898f834473377846b349b
+e5070fadf83aa6f2143ddedd5fed69b8
+6b4303181d4cf8b130777033982585fa
+24796676d2c096db93d8ec0bf221a33f
+974c554b7173faaa46badec409713525
+927fdabb473a3e24d309983c858b1b7c
+7ea88198f4f01d1a5c2fb6920a1dcd4b
+d1a3918e736899803896aa1d43ad131d
+996e9f78bcc1faccb83276e65ca43626
+c4b0de36dfaff3be40276a0126d15690
+bf7c3baca7d51d4ed78efb8248d6e3c1
+43fb2424ed1b31e7a2cb14506a3d5fd2
+3f3f58ee93eb615044fb6d0d345095c8
+c0c5551065d416d1b6781d8436f8afb9
+2f34aef585ba7ec0a977386b3a3b9c0d
+-----END OpenVPN Static key V1-----
diff --git a/CKUBU/openvpn/ipp.txt b/CKUBU/openvpn/ipp.txt
new file mode 100644
index 0000000..e69de29
diff --git a/CKUBU/openvpn/server-home-ckubu.conf b/CKUBU/openvpn/server-home-ckubu.conf
new file mode 100644
index 0000000..4f13a6c
--- /dev/null
+++ b/CKUBU/openvpn/server-home-ckubu.conf
@@ -0,0 +1,317 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+#route 192.168.64.0 255.255.255.0 10.0.63.1
+#route 192.168.63.0 255.255.255.0 10.0.63.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Enable TUN IPv6 module
+;tun-ipv6
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca /etc/openvpn/home-ckubu/keys/ca.crt
+cert /etc/openvpn/home-ckubu/keys/server.crt
+key /etc/openvpn/home-ckubu/keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh /etc/openvpn/home-ckubu/keys/dh4096.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+;server 10.8.0.0 255.255.255.0
+;server-ipv6 2a01:30:1fff:fd00::/64
+server 10.0.63.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/home-ckubu/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.63.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir /etc/openvpn/home-ckubu/ccd/server-home-ckubu
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.63.1"
+push "dhcp-option DOMAIN local.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth /etc/openvpn/home-ckubu/keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-home-ckubu.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-home-ckubu.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 1
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/home-ckubu/crl.pem
diff --git a/CKUBU/openvpn/update-resolv-conf b/CKUBU/openvpn/update-resolv-conf
new file mode 100755
index 0000000..fc2f031
--- /dev/null
+++ b/CKUBU/openvpn/update-resolv-conf
@@ -0,0 +1,58 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+# 
+# Example envs set from openvpn:
+#
+#     foreign_option_1='dhcp-option DNS 193.43.27.132'
+#     foreign_option_2='dhcp-option DNS 193.43.27.133'
+#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+[ -x /sbin/resolvconf ] || exit 0
+[ "$script_type" ] || exit 0
+[ "$dev" ] || exit 0
+
+split_into_parts()
+{
+	part1="$1"
+	part2="$2"
+	part3="$3"
+}
+
+case "$script_type" in
+  up)
+	NMSRVRS=""
+	SRCHS=""
+	for optionvarname in ${!foreign_option_*} ; do
+		option="${!optionvarname}"
+		echo "$option"
+		split_into_parts $option
+		if [ "$part1" = "dhcp-option" ] ; then
+			if [ "$part2" = "DNS" ] ; then
+				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
+			elif [ "$part2" = "DOMAIN" ] ; then
+				SRCHS="${SRCHS:+$SRCHS }$part3"
+			fi
+		fi
+	done
+	R=""
+	[ "$SRCHS" ] && R="search $SRCHS
+"
+	for NS in $NMSRVRS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
+	;;
+  down)
+	/sbin/resolvconf -d "${dev}.openvpn"
+	;;
+esac
+
diff --git a/CKUBU/pap-secrets.CKUBU b/CKUBU/pap-secrets.CKUBU
new file mode 100644
index 0000000..b20458e
--- /dev/null
+++ b/CKUBU/pap-secrets.CKUBU
@@ -0,0 +1,77 @@
+#
+# /etc/ppp/pap-secrets
+#
+# This is a pap-secrets file to be used with the AUTO_PPP function of
+# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
+# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
+# after a user has passed this file. Don't be disturbed therefore by the fact
+# that this file defines logins with any password for users. /etc/passwd
+# (again, /etc/shadow, too) will catch passwd mismatches.
+#
+# This file should block ALL users that should not be able to do AUTO_PPP.
+# AUTO_PPP bypasses the usual login program so it's necessary to list all
+# system userids with regular passwords here.
+#
+# ATTENTION: The definitions here can allow users to login without a
+# password if you don't use the login option of pppd! The mgetty Debian
+# package already provides this option; make sure you don't change that.
+
+# INBOUND connections
+
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+*	hostname	""	*
+
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd!
+guest	hostname	"*"	-
+master	hostname	"*"	-
+root	hostname	"*"	-
+support	hostname	"*"	-
+stats	hostname	"*"	-
+
+# OUTBOUND connections
+
+# Here you should add your userid password to connect to your providers via
+# PAP. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+
+#	*	password
+
+## - Aktionsbuendnis
+"feste-ip9/1TBGC27CYX92@t-online-com.de" * "7FbmJz7L"
+
+## - Anwaltskanzlei - Karl-Marx_Strasse (anw-km)
+"0017005041965502052728690001@t-online.de" * "62812971"
+
+## - Anwaltskanzlei - Urbanstrasse (anw-urb)
+"0019673090265502751343110001@t-online.de" * "85593499"
+
+## - B3 Bornim
+"t-online-com/8TB0LIXKXV82@t-online-com.de" * "38460707"
+
+## - Fluechlingsrat BRB
+"0022044435885511150351780001@t-online.de" * "27475004"
+
+## - Kanzlei Kiel
+"ar0284280107" * "39457541"
+
+## - MBR Berlin
+## - DSL
+"0019507524965100021004430001@t-online.de" * "76695918"
+## - VDSL
+"0029741693695511193970180001@t-online.de" * "84616024"
+
+## - Opferperspektive
+"feste-ip3/6TB9UZGGP1GK@t-online-com.de" * "53506202"
+
+## - Sprachenatelier Berlin
+"0021920376975502683262730001@t-online.de" * "52167784"
+
+## - Warenform
+"feste-ip4/7TB02K2HZ4Q3@t-online-com.de" * "EadGl15E"
+
+## - ckubu
+"0025591824365511139967620001@t-online.de" * "67982653"
diff --git a/CKUBU/peers/.dsl-ckubu.swp b/CKUBU/peers/.dsl-ckubu.swp
new file mode 100644
index 0000000..e0efcd0
Binary files /dev/null and b/CKUBU/peers/.dsl-ckubu.swp differ
diff --git a/CKUBU/peers/dsl-ckubu b/CKUBU/peers/dsl-ckubu
new file mode 100644
index 0000000..32478d9
--- /dev/null
+++ b/CKUBU/peers/dsl-ckubu
@@ -0,0 +1,23 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+
+## - !! Keine Default Route
+## -
+defaultroute
+replacedefaultroute
+#nodefaultroute
+#noreplacedefaultroute
+
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+ifname ppp-ckubu
+plugin rp-pppoe.so eth2.7
+user "0025591824365511139967620001@t-online.de"
diff --git a/CKUBU/peers/dsl-provider b/CKUBU/peers/dsl-provider
new file mode 100644
index 0000000..c31d24c
--- /dev/null
+++ b/CKUBU/peers/dsl-provider
@@ -0,0 +1,16 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+plugin rp-pppoe.so eth2.7
+user "0025591824365511139967620001@t-online.de"
diff --git a/CKUBU/peers/provider b/CKUBU/peers/provider
new file mode 100644
index 0000000..e74d71a
--- /dev/null
+++ b/CKUBU/peers/provider
@@ -0,0 +1,35 @@
+# example configuration for a dialup connection authenticated with PAP or CHAP
+#
+# This is the default configuration used by pon(1) and poff(1).
+# See the manual page pppd(8) for information on all the options.
+
+# MUST CHANGE: replace myusername@realm with the PPP login name given to
+# your by your provider.
+# There should be a matching entry with the password in /etc/ppp/pap-secrets
+# and/or /etc/ppp/chap-secrets.
+user "myusername@realm"
+
+# MUST CHANGE: replace ******** with the phone number of your provider.
+# The /etc/chatscripts/pap chat script may be modified to change the
+# modem initialization string.
+connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
+
+# Serial device to which the modem is connected.
+/dev/modem
+
+# Speed of the serial line.
+115200
+
+# Assumes that your IP address is allocated dynamically by the ISP.
+noipdefault
+# Try to get the name server addresses from the ISP.
+usepeerdns
+# Use this connection as the default route.
+defaultroute
+
+# Makes pppd "dial again" when the connection is lost.
+persist
+
+# Do not ask the remote to authenticate.
+noauth
+
diff --git a/CKUBU/radvd.conf.CKUBU b/CKUBU/radvd.conf.CKUBU
new file mode 100644
index 0000000..40893ef
--- /dev/null
+++ b/CKUBU/radvd.conf.CKUBU
@@ -0,0 +1,65 @@
+interface enp0s20f0
+{
+        AdvSendAdvert on;
+        prefix ::/64
+        {
+                AdvValidLifetime 86400;
+                AdvPreferredLifetime 14400;
+                AdvOnLink on;
+                AdvAutonomous on;
+                AdvRouterAddr on;
+        };
+
+        # Distributing DNS server addresses
+        #  - multiple entries are possible
+        #
+        #RDNSS 2001:4860:4860::8888  2001:4860:4860::8844
+        RDNSS fe80::ec4:7aff:feac:5ece
+        {
+        };
+
+        # Distributing a DNS search list
+        #  - multiple entries are possible
+        #
+        DNSSL local.netz
+        {
+        };
+};
+
+interface enp0s20f1
+{
+        AdvSendAdvert on;
+        prefix ::/64
+        {
+                AdvValidLifetime 86400;
+                AdvPreferredLifetime 14400;
+                AdvOnLink on;
+                AdvAutonomous on;
+                AdvRouterAddr on;
+        };
+
+#        prefix fd5c:45d3:2a6e:1::/64
+#        {
+#                AdvValidLifetime 86400;
+#                AdvPreferredLifetime 14400;
+#                AdvOnLink on;
+#                AdvAutonomous on;
+#                AdvRouterAddr on;
+#        }; # End of prefix definition
+
+        
+        # Distributing DNS server addresses
+        #  - multiple entries are possible
+        #
+        #RDNSS 2001:4860:4860::8888  2001:4860:4860::8844
+        RDNSS fe80::ec4:7aff:feac:5ecf
+        {
+        };
+
+        # Distributing a DNS search list
+        #  - multiple entries are possible
+        #
+        DNSSL local.netz
+        {
+        };
+};
diff --git a/CKUBU/rc.local.CKUBU b/CKUBU/rc.local.CKUBU
new file mode 100755
index 0000000..90de297
--- /dev/null
+++ b/CKUBU/rc.local.CKUBU
@@ -0,0 +1,75 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+# By default this script does nothing.
+
+
+if ! cat /proc/swaps | grep -q "/dev/sda1" ; then
+   swapon -p 1 /dev/sda1 > /dev/null 2>&1 || /bin/true
+fi
+
+
+sleep 2
+/usr/sbin/openvpn  --writepid /var/run/openvpn-akb.pid --config /etc/openvpn/client-confs/akb/client-gw-ckubu.conf --askpass /root/.openvpn/akb &
+
+sleep 2
+/usr/sbin/openvpn --writepid /var/run/openvpn-anw-urb.pid --config /etc/openvpn/client-confs/anw-urb/client.conf --askpass /root/.openvpn/anw-urb &
+
+sleep 2
+/usr/sbin/openvpn --writepid /var/run/openvpn-anw-km --config /etc/openvpn/client-confs/anw-km/client.conf --askpass /root/.openvpn/anw-km &
+
+sleep 2
+/usr/sbin/openvpn --writepid /var/run/openvpn-b3-bornim.pid --config /etc/openvpn/client-confs/b3-bornim/client.conf --askpass /root/.openvpn/b3-bornim &
+
+sleep 2
+/usr/sbin/openvpn --writepid /var/run/openvpn-flr-brb.pid --config /etc/openvpn/client-confs/flr-brb/client.conf --askpass /root/.openvpn/flr-brb &
+
+sleep 2
+/usr/sbin/openvpn --writepid /var/run/openvpn-kanzlei-kiel.pid --config /etc/openvpn/client-confs/kanzlei-kiel/client.conf --askpass /root/.openvpn/kanzlei-kiel &
+
+sleep 2
+#/usr/sbin/openvpn --writepid /var/run/openvpn-mbr.pid --config /etc/openvpn/client-confs/mbr/client.conf --askpass /root/.openvpn/mbr &
+/usr/sbin/openvpn --writepid /var/run/openvpn-mbr.pid --config /etc/openvpn/client-confs/mbr/client-gw-ckubu.conf --askpass /root/.openvpn/mbr &
+
+sleep 2
+/usr/sbin/openvpn --writepid /var/run/openvpn-opp.pid --config /etc/openvpn/client-confs/opp/client.conf --askpass /root/.openvpn/opp &
+
+sleep 2
+/usr/sbin/openvpn --writepid /var/run/openvpn-ro.pid --config /etc/openvpn/client-confs/ro/client.conf --askpass /root/.openvpn/ro &
+
+sleep 2
+/usr/sbin/openvpn --writepid /var/run/openvpn-spr.pid --config /etc/openvpn/client-confs/spr/client-gw-ckubu.conf --log /var/log/openvpn/spr.log --status /var/log/openvpn/status-spr.log --askpass /root/.openvpn/spr &
+
+sleep 2
+#/usr/sbin/openvpn --writepid /var/run/openvpn-wf.pid --config /etc/openvpn/client-confs/wf/client.conf --askpass /root/.openvpn/wf &
+/usr/sbin/openvpn --writepid /var/run/openvpn-wf.pid --config /etc/openvpn/client-confs/wf/client-gw-ckubu.conf --log /var/log/openvpn/gw-d11.log --status /var/log/openvpn/status-gw-d11.log  --askpass /root/.openvpn/wf &
+
+sleep 2
+/usr/sbin/openvpn --writepid /var/run/openvpn-so36.pid --config /etc/openvpn/client-confs/so36/client.conf --askpass /root/.openvpn/so36 &
+
+sleep 2
+/usr/sbin/openvpn --writepid /var/run/openvpn-ak.pid --config /etc/openvpn/client-confs/ak/client-gw-ckubu.conf --askpass /root/.openvpn/ak &
+
+
+sleep 2
+/usr/sbin/openvpn --writepid /var/run/openvpn-jonas.pid --config /etc/openvpn/client-confs/jonas/client.conf --askpass /root/.openvpn/jonas &
+
+sleep 2
+/usr/sbin/openvpn --writepid /var/run/openvpn-ga-nh-gw.pid --config /etc/openvpn/client-confs/ga-nh-gw/client-gw-ckubu.conf --log /var/log/openvpn/ga-nh-gw.log --status /var/log/openvpn/status-ga-nh-gw.log --askpass /root/.openvpn/ga-nh-gw &
+
+sleep 2
+/usr/sbin/openvpn --writepid /var/run/openvpn-ga-st-gw.pid --config /etc/openvpn/client-confs/ga-st-gw/client-gw-ckubu.conf --log /var/log/openvpn/ga-st-gw.log --status /var/log/openvpn/status-ga-st-gw.log --askpass /root/.openvpn/ga-st-gw &
+
+sleep 2
+/usr/sbin/openvpn --writepid /var/run/openvpn-123comics.pid --config /etc/openvpn/client-confs/123comics/client.conf --askpass /root/.openvpn/123comics &
+
+
+exit 0
diff --git a/CKUBU/resolv.conf.CKUBU b/CKUBU/resolv.conf.CKUBU
new file mode 100644
index 0000000..2b703fd
--- /dev/null
+++ b/CKUBU/resolv.conf.CKUBU
@@ -0,0 +1,3 @@
+domain local.netz
+search local.netz
+nameserver 127.0.0.1
diff --git a/CKUBU/sasl_passwd.CKUBU b/CKUBU/sasl_passwd.CKUBU
new file mode 100644
index 0000000..c93d772
--- /dev/null
+++ b/CKUBU/sasl_passwd.CKUBU
@@ -0,0 +1 @@
+[b.mx.oopen.de] ckubu@b.mx.oopen.de:3q4b2SqCcbqNZwdp
diff --git a/CKUBU/sasl_passwd.db.CKUBU b/CKUBU/sasl_passwd.db.CKUBU
new file mode 100644
index 0000000..ba2b127
Binary files /dev/null and b/CKUBU/sasl_passwd.db.CKUBU differ
diff --git a/CKUBU/sbin/ip6t-firewall-gateway b/CKUBU/sbin/ip6t-firewall-gateway
new file mode 100755
index 0000000..3df216f
--- /dev/null
+++ b/CKUBU/sbin/ip6t-firewall-gateway
@@ -0,0 +1,3414 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ip6t-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv6 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv6.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv6.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv6.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv6.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ip6t=$(which ip6tables)
+
+if [[ -z "$ip6t" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IPv6)..\033[m"
+else
+   echo "Starting firewall iptables (IPv4).."
+fi
+echo
+
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+# ---
+# - Enable/Disable ip forwarding between interfaces
+# ---
+if $kernel_forward_between_interfaces ; then
+   echononl "\tActivate Forwarding.."
+   echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+else
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
+fi
+
+echo_done
+
+
+# -------------
+# --- Adjust Kernel Parameters
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+
+   # ---
+   # - Deactivate Source Routed Packets
+   # ---
+   for asr in /proc/sys/net/ipv6/conf/*/accept_source_route; do
+      if $kernel_deactivate_source_route ; then
+         echo 0 > $asr
+      fi
+   done
+
+
+   # ---
+   # -  Deactivate sending ICMP redirects
+   # ---
+   if $kernel_dont_accept_redirects ; then
+      echo "0" > /proc/sys/net/ipv6/conf/all/accept_redirects
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+
+fi 
+
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv6).."
+
+# - default policies
+# -
+$ip6t -P INPUT ACCEPT
+$ip6t -P OUTPUT ACCEPT
+$ip6t -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ip6t -F
+$ip6t -F INPUT
+$ip6t -F OUTPUT
+$ip6t -F FORWARD
+$ip6t -F -t mangle
+$ip6t -F -t nat
+$ip6t -F -t raw
+$ip6t -X
+$ip6t -Z
+
+#$ip6t -t nat -A POSTROUTING -o $ext_if_static_1 -j MASQUERADE
+$ip6t -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+echo_done # Flushing firewall iptable (IPv6)..
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ip6t -A INPUT -s $_ip -j LOG --log-prefix "$_ip IN: " --log-level $log_level
+      $ip6t -A OUTPUT -d $_ip -j LOG --log-prefix "$_ip OUT: " --log-level $log_level
+      $ip6t -A FORWARD -s $_ip -j LOG --log-prefix "$_ip FORWARD FROM: " --log-level $log_level
+      $ip6t -A FORWARD -d $_ip -j LOG --log-prefix "$_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP IPv6 traffic.."
+if $permit_all_icmp_traffic ; then
+   $ip6t -A INPUT -p ipv6-icmp -j ACCEPT
+   $ip6t -A OUTPUT -p ipv6-icmp -j ACCEPT
+   $ip6t -A FORWARD -p ipv6-icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ip6t -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ip6t -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ip6t -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -j ACCEPT
+         $ip6t -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ip6t -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ip6t -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ip6t -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ip6t -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -i $_if -j DROP
+      $ip6t -A FORWARD -o $_if -j DROP
+   fi
+   $ip6t -A INPUT -i $_if -j DROP
+   $ip6t -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -d $_ip -j ACCEPT
+         $ip6t -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ip6t -N syn-flood
+   $ip6t -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ip6t -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ip6t -A syn-flood -j DROP
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   if $log_new_not_sync || $log_all  ; then
+      $ip6t -A INPUT -p tcp ! --syn -m state --state NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      $ip6t -A OUTPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      fi
+   fi
+   $ip6t -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
+   $ip6t -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP
+   fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   if $log_invalid_state || $log_all  ; then
+      $ip6t -A INPUT -m state --state INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -m state --state INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+      fi
+   fi
+   $ip6t -A INPUT -m state --state INVALID -j DROP
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -m state --state INVALID -j DROP
+   fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # - Refuse spoofed packets pretending to be from your IP address.
+   if $log_spoofed || $log_all ; then
+      for _ip in ${ext_ip_arr[@]} ; do
+         $ip6t -A INPUT -s $_ip -d $_ip -j LOG --log-prefix "$log_prefix Spoofed (own ip): " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -s $_ip -d $_ip -j LOG --log-prefix "$log_prefix Spoofed (own ip): " --log-level $log_level
+         fi
+      done
+   fi
+   for _ip in ${ext_ip_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -s $_ip -d $_ip -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ipi6t -A FORWARD -s $_ip -d $_ip -j DROP
+      fi
+   done
+
+
+   # - private Adressen auf externen interface verwerfen
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ip6t -A INPUT -i $_dev -s $ula_block -j LOG --log-prefix "$log_prefix Private (ula_block): " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix (loopback): " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -s $ula_block -j LOG --log-prefix "$log_prefix Private (ula_block): " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix (loopback): " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -s $ula_block -j DROP
+      $ip6t -A INPUT -i $_dev -s $loopback -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -s $ula_block -j DROP
+         $ip6t -A FORWARD -i $_dev -s $loopback -j DROP
+      fi
+
+      # Don't allow spoofing from that server
+      $ip6t -A OUTPUT -o $_dev -s $ula_block -j DROP
+      $ip6t -A OUTPUT -o $_dev -s $loopback -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -s $ula_block -j DROP
+         $ip6t -A FORWARD -o $_dev -s $loopback -j DROP
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ip6t -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ip6t -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ip6t -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ip6t -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ip6t -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ip6t -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ip6t -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ip6t -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ip6t -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ip6t -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_forward_between_interfaces ; then
+         if $block_ident ; then
+            $ip6t -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ip6t -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ip6t -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ip6t -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_forward_between_interfaces ; then
+      if $block_ident ; then
+         $ip6t -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ip6t -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ip6t -A INPUT -i lo -j ACCEPT
+$ip6t -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ip6t -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ip6t -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_forward_between_interfaces ; then
+   $ip6t -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ip6t -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ip6t -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv6_address_arr[@]}" ; then
+            $ip6t -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         $ip6t -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ip6t -A FORWARD -p ${_val_arr[3]} -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+echononl "\tSeparate local networks.."
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+echononl "\tSeparate local interfaces.."
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            [[ "$_dev_1" = "$_dev_2" ]] && continue
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+            $ip6t -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+         done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_forward_between_interfaces ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+
+
+# ---
+# - IPv4 over IPv6
+# ---
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 546 -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp --dport 547 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP Service (local network only)"
+
+if $local_dhcp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type echo-request -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
+
+      $ip6t -A INPUT -p udp -i $_dev --sport 546 --dport 547 -j ACCEPT
+      $ip6t -A OUTPUT -p udp -o $_dev --sport 547 --dport 546 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ip6t -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ip6t -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ip6t -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_forward_between_interfaces=true)
+   if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ip6t -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ip6t -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ip6t -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ip6t -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ip6t -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_forward_between_interfaces ; then
+
+            $ip6t -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_forward_between_interfaces ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ip6t -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ip6t -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -t filter -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ip6t -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $standard_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $standard_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ip6t -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_forward_between_interfaces ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then 
+         $ip6t -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+      $ip6t -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ip6t -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_forward_between_interfaces && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_forward_between_interfaces && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ip6t -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tDruck Port 9100 only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ip6t -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces $$ ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ip6t -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ip6t -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv6_address_arr[@]}" ; then
+         $ip6t -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ip6t -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_forward_between_interfaces \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_forward_between_interfaces ; then
+
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces ; then
+
+         # - From extern
+         $ip6t -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ip6t -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ip6t -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv6_address_arr[@]}" ; then
+         $ip6t -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_forward_between_interfaces ; then
+         $ip6t -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ip6t -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=',' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      if [[ "${_val_arr[1]}" = "${_val_arr[3]}" ]] ; then
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination ${_val_arr[2]}
+      else
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination [${_val_arr[2]}]:${_val_arr[3]}
+      fi
+
+      # - Allow Packets
+      # -
+      $ip6t -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=',' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      if [[ "${_val_arr[1]}" = "${_val_arr[3]}" ]] ; then
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination ${_val_arr[2]}
+      else
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination [${_val_arr[2]}]:${_val_arr[3]}
+      fi
+
+      # - Allow Packets
+      # -
+      $ip6t -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ip6t -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ip6t -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ip6t -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+# ---
+# - ICMP is configured above..
+# ---
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_forward_between_interfaces ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ip6t -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ip6t -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ip6t -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ip6t -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ip6t -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ip6t -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ip6t -A INPUT -j DROP
+$ip6t -A OUTPUT -j DROP
+$ip6t -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/CKUBU/sbin/ipt-firewall-gateway b/CKUBU/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..a50ad68
--- /dev/null
+++ b/CKUBU/sbin/ipt-firewall-gateway
@@ -0,0 +1,4130 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      #$ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -s ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+
+# ---
+# - Block IPs/Netwoks reading from file 'ban_ipv4.list'"
+# ---
+
+echononl "\tBlock IPs/Netwoks reading from file 'ban_ipv4.list' .."
+
+if [[ -f "${ipt_conf_dir}/ban_ipv4.list" ]] ; then
+
+   declare -a octets
+   declare -i index
+
+   while IFS='' read -r _line || [[ -n $_line ]] ; do
+
+      is_valid_ipv4=true
+      is_valid_mask=true
+      ipv4=""
+      mask=""
+      
+      # Ignore comment lines
+      #
+      [[ $_line =~ ^[[:space:]]{0,}# ]] && continue
+
+      # Ignore blank lines
+      #
+      [[ $_line =~ ^[[:space:]]*$ ]] && continue
+
+      # Remove leading whitespace characters
+      #
+      _line="${_line#"${_line%%[![:space:]]*}"}"
+
+
+      # Catch IPv4 Address
+      #
+      given_ipv4="$(echo  $_line | cut -d ' ' -f1)"
+
+
+      # Splitt Ipv4 address from possible given CIDR number
+      #
+      IFS='/' read -ra _addr <<< "$given_ipv4"
+      _ipv4="${_addr[0]}"
+
+      if [[ -n "${_addr[1]}" ]] ; then
+         _mask="${_addr[1]}"
+         test_netmask=false
+
+         # Is 'mask' a valid CIDR number? If not, test agains a valid netmask
+         #
+         if $(test -z "${_mask##*[!0-9]*}" > /dev/null 2>&1) ; then
+
+            # Its not a vaild mask number, but naybe a valit netmask.
+            # 
+            test_netmask=true
+         else
+            if [[ $_mask -gt 32 ]]; then
+
+               # Its not a vaild cidr number, but naybe a valit netmask.
+               # 
+               test_netmask=true
+            else
+
+               # OK, we have a vaild cidr number between '0' and '32'
+               #
+               mask=$_mask
+            fi
+         fi
+
+         # Test if given '_mask' is a valid netmask.
+         #
+         if $test_netmask ; then
+            octets=( ${_mask//\./ } )
+
+            # Complete netmask if necessary
+            #
+            while [[ ${#octets[@]} -lt 4 ]]; do
+               octets+=(0)
+            done
+
+            [[ ${#octets[@]} -gt 4 ]] && is_valid_mask=false
+
+            index=0
+            for octet in ${octets[@]} ; do
+               if [[ ${octet} =~ ^[0-9]{1,3}$ ]] ; then
+                  if [[ $octet -gt 255 ]] ; then
+                     is_valid_mask=false
+                  fi
+                  if [[ $index -gt 0 ]] ; then
+                     mask="${mask}.${octet}"
+                  else
+                     mask="${octet}"
+                  fi
+                  
+               else
+                  is_valid_mask=false
+               fi
+
+               ((index++))
+            done
+         fi
+
+         adjust_mask=false
+      else
+         mask=32
+         adjust_mask=true
+      fi
+
+      # Splitt given address into their octets
+      #
+      octets=( ${_ipv4//\./ } )
+
+      # Complete IPv4 address if necessary
+      #
+      while [[ ${#octets[@]} -lt 4 ]]; do
+         octets+=(0)
+
+         # Only adjust CIDR number if not given
+         #
+         if $adjust_mask ; then
+            mask="$(expr $mask - 8)"
+         fi
+      done
+
+      # Pre-check if given IPv4 Address seems to be a valid address
+      #
+      [[ ${#octets[@]} -gt 4 ]] && is_valid_ipv4=false
+
+      # Check if given IPv4 Address is a valid address
+      #
+      if $is_valid_ipv4 ; then
+         index=0
+         for octet in ${octets[@]} ; do
+            if [[ ${octet} =~ ^[0-9]{1,3}$ ]] ; then
+               if [[ $octet -gt 255 ]] ; then
+                  is_valid_ipv4=false
+               fi
+               if [[ $index -gt 0 ]] ; then
+                  ipv4="${ipv4}.${octet}"
+               else
+                  ipv4="${octet}"
+               fi
+               
+            else
+               is_valid_ipv4=false
+            fi
+
+            ((index++))
+         done
+      fi
+
+      if $is_valid_ipv4 && $is_valid_mask; then
+
+         _ip="${ipv4}/${mask}"
+
+         for _dev in ${ext_if_arr[@]} ; do
+            if $log_blocked_ip || $log_all ; then
+               $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+               if $kernel_activate_forwarding ; then
+                  $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+               fi
+            fi
+            $ipt -A INPUT -i $_dev -s $_ip -j DROP
+            if $kernel_activate_forwarding ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+            fi
+         done
+
+
+      else
+         msg="$msg '${given_ipv4}'"
+      fi
+
+   done < "${ipt_conf_dir}/ban_ipv4.list"
+   echo_done
+
+   if [[ -n "$msg" ]]; then
+      warn "Ignored:$msg"
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ipt -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/CKUBU/sbin/rebind b/CKUBU/sbin/rebind
new file mode 100755
index 0000000..c60e07b
--- /dev/null
+++ b/CKUBU/sbin/rebind
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+case "$1" in
+   on)
+      set -x
+      mount --bind /proc    /ro/proc
+      mount --bind /sys     /ro/sys
+      mount --bind /dev     /ro/dev
+      mount --bind /dev/pts /ro/dev/pts
+   ;;
+   off)
+      set -x
+      umount /ro/dev/pts
+      umount /ro/dev
+      umount /ro/sys
+      umount /ro/proc
+   ;;
+   *)
+      echo "Use: $0 (on|off)"
+esac
diff --git a/CKUBU/src/ipt-gateway b/CKUBU/src/ipt-gateway
new file mode 160000
index 0000000..de0ebb6
--- /dev/null
+++ b/CKUBU/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
diff --git a/CKUBU/src/openvpn b/CKUBU/src/openvpn
new file mode 160000
index 0000000..a1bd46c
--- /dev/null
+++ b/CKUBU/src/openvpn
@@ -0,0 +1 @@
+Subproject commit a1bd46c9e8f6dc2ce55cb2faf861cd9ed2a2b7bf
diff --git a/CKUBU/src/postfix b/CKUBU/src/postfix
new file mode 160000
index 0000000..37b16e3
--- /dev/null
+++ b/CKUBU/src/postfix
@@ -0,0 +1 @@
+Subproject commit 37b16e39d82f50b5dce79b83810d10a37a83a741
diff --git a/FLR-BRB/README.txt b/FLR-BRB/README.txt
new file mode 100644
index 0000000..9abc2fc
--- /dev/null
+++ b/FLR-BRB/README.txt
@@ -0,0 +1,25 @@
+
+Notice:
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.FLR-BRB: ppp0 comes over eth2
+      interfaces.FLR-BRB: see above
+      default_isc-dhcp-server.FLR-BRB
+      ipt-firewall.FLR-BRB: LAN device (mostly ) = eth1
+                                second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/FLR-BRB/bin/admin-stuff b/FLR-BRB/bin/admin-stuff
new file mode 160000
index 0000000..6c91fc0
--- /dev/null
+++ b/FLR-BRB/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
diff --git a/FLR-BRB/bin/get_revoked_keys.sh b/FLR-BRB/bin/get_revoked_keys.sh
new file mode 120000
index 0000000..7c22f88
--- /dev/null
+++ b/FLR-BRB/bin/get_revoked_keys.sh
@@ -0,0 +1 @@
+/usr/local/src/openvpn/get_revoked_keys.sh
\ No newline at end of file
diff --git a/FLR-BRB/bin/manage-gw-config b/FLR-BRB/bin/manage-gw-config
new file mode 160000
index 0000000..2a96dfd
--- /dev/null
+++ b/FLR-BRB/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit 2a96dfdc8f50605a84059b07e64b8ae6b41b5688
diff --git a/FLR-BRB/bin/monitoring b/FLR-BRB/bin/monitoring
new file mode 160000
index 0000000..0611d0a
--- /dev/null
+++ b/FLR-BRB/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
diff --git a/FLR-BRB/bin/wakeup_fileserver.sh b/FLR-BRB/bin/wakeup_fileserver.sh
new file mode 100755
index 0000000..4581a28
--- /dev/null
+++ b/FLR-BRB/bin/wakeup_fileserver.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env sh
+
+_NETW=192.168.102.0
+_MAC_FILESERVER="00:30:48:8c:de:c0"
+
+/usr/bin/wakeonlan -i $_NETW $_MAC_FILESERVER
+
+exit 0
diff --git a/FLR-BRB/bind/bind.keys b/FLR-BRB/bind/bind.keys
new file mode 100644
index 0000000..db22d4b
--- /dev/null
+++ b/FLR-BRB/bind/bind.keys
@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};
diff --git a/FLR-BRB/bind/db.0 b/FLR-BRB/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/FLR-BRB/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/FLR-BRB/bind/db.127 b/FLR-BRB/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/FLR-BRB/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/FLR-BRB/bind/db.192.168.102.0 b/FLR-BRB/bind/db.192.168.102.0
new file mode 100644
index 0000000..4c43ab6
--- /dev/null
+++ b/FLR-BRB/bind/db.192.168.102.0
@@ -0,0 +1,43 @@
+;
+; BIND reverse data file for local 102.168.192.in-addr.arpa zone
+;
+$TTL  43600
+@  IN SOA   ns.flr.netz. ckubu.oopen.de. (
+      2017042001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+@              IN NS    ns-flr.flr.netz.
+
+; - Gateway/Firewall
+254            IN PTR   gw-flr.flr.netz.
+
+
+; - (Caching ) Nameserver
+1              IN PTR   ns-flr.flr.netz.
+
+
+; - Fileserver
+10             IN PTR   file-flr.flr.netz.
+
+; - IPMI (Fileserver)
+11             IN PTR   file-ipmi.flr.netz.
+
+; - Drucker Brother MFC-9450CDN
+5              IN PTR   mfc-9450cdn.flr.netz.
+
+; - Drucker Brother MFC-9142CDN
+6              IN PTR   mfc-9142cdn.flr.netz.
+
+; - Office PCs
+101            IN PTR   pcbuero1.flr.netz.
+102            IN PTR   pcbuero2.flr.netz.
+103            IN PTR   pcbuero3.flr.netz.
+
+141            IN PTR   ivana-lan.flr.netz.
+142            IN PTR   lis-lan.flr.netz.
+143            IN PTR   sabrina-lan.flr.netz.
+143            IN PTR   flr-1-lan.flr.netz.
diff --git a/FLR-BRB/bind/db.192.168.103.0 b/FLR-BRB/bind/db.192.168.103.0
new file mode 100644
index 0000000..88becf5
--- /dev/null
+++ b/FLR-BRB/bind/db.192.168.103.0
@@ -0,0 +1,27 @@
+;
+; BIND reverse data file for local 103.168.192.in-addr.arpa zone
+;
+$TTL  43600
+@  IN SOA   ns.flr.netz. ckubu.oopen.de. (
+      2017042001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+@              IN NS    ns-flr.flr.netz.
+
+; - Gateway/Firewall
+254            IN PTR   gw-flr-wlan.flr.netz.
+
+; Accesspoint - TP-Link WR841N
+253            IN PTR   tl-wr841n.flr.netz.
+
+
+; - Laptops
+
+141            IN PTR   ivana-laptop.flr.netz.
+142            IN PTR   lisa-laptop.flr.netz.
+143            IN PTR   sabrina-laptop.flr.netz.
+144            IN PTR   flr-1-laptop.flr.netz.
diff --git a/FLR-BRB/bind/db.255 b/FLR-BRB/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/FLR-BRB/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/FLR-BRB/bind/db.empty b/FLR-BRB/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/FLR-BRB/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/FLR-BRB/bind/db.flr.netz b/FLR-BRB/bind/db.flr.netz
new file mode 100644
index 0000000..acd866f
--- /dev/null
+++ b/FLR-BRB/bind/db.flr.netz
@@ -0,0 +1,70 @@
+;
+; BIND data file for local flr.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.flr.netz. ckubu.oopen.de. (
+      2017042001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+@                 IN NS    ns-flr.flr.netz.
+
+; Gateway/Firewall
+gw-flr            IN A     192.168.102.254
+gate              IN CNAME gw-flr
+gw                IN CNAME gw-flr
+
+gw-flr-wlan       IN A     192.168.103.254
+
+
+; Accesspoint - TP-Link WR841N
+tl-wr841n         IN A     192.168.103.253  
+ap                IN CNAME tl-wr841n
+
+; (Caching ) Nameserver
+ns-flr            IN A      192.168.102.1
+ns                IN CNAME  ns-flr
+nscache           IN CNAME  ns-flr
+resolver          IN CNAME  ns-flr
+
+
+; - Fileserver
+file-flr          IN A      192.168.102.10
+file              IN CNAME  file-flr
+
+; - IPMI (Fileserver)
+file-ipmi         IN A      192.168.102.11
+ipmi              IN CNAME  file-ipmi
+
+; - Drucker Brother MFC-9450CDN
+mfc-9450cdn       IN A      192.168.102.5
+BRNF33586         IN CNAME  mfc-9450cdn
+
+; - Drucker Brother MFC-9142CDN
+mfc-9142cdn       IN A      192.168.102.6
+BRN30055C746BC0   IN CNAME  mfc-9142cdn
+drucker           IN CNAME  mfc-9142cdn
+
+
+; - Office PCs
+pcbuero1          IN A      192.168.102.101
+pcbuero2          IN A      192.168.102.102
+pcbuero3          IN A      192.168.102.103
+
+
+; Laptops LAN
+ivana-lan         IN A      192.168.102.141
+lisa-lan          IN A      192.168.102.142
+sabrina-lan       IN A      192.168.102.143
+flr-1-lan         IN A      192.168.102.144
+
+
+; - Laptops WLAN
+ivana-laptop      IN A      192.168.103.141
+lisa-laptop       IN A      192.168.103.142
+sabrina-laptop    IN A      192.168.103.143
+flr-1-laptop      IN A      192.168.103.144
diff --git a/FLR-BRB/bind/db.local b/FLR-BRB/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/FLR-BRB/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/FLR-BRB/bind/db.root b/FLR-BRB/bind/db.root
new file mode 100644
index 0000000..f0b79d2
--- /dev/null
+++ b/FLR-BRB/bind/db.root
@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file
diff --git a/FLR-BRB/bind/named.conf b/FLR-BRB/bind/named.conf
new file mode 100644
index 0000000..880786a
--- /dev/null
+++ b/FLR-BRB/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/FLR-BRB/bind/named.conf.default-zones b/FLR-BRB/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/FLR-BRB/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/FLR-BRB/bind/named.conf.local b/FLR-BRB/bind/named.conf.local
new file mode 100644
index 0000000..4468c41
--- /dev/null
+++ b/FLR-BRB/bind/named.conf.local
@@ -0,0 +1,19 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+
+zone "flr.netz" {
+   type master;
+   file "/etc/bind/db.flr.netz";
+};
+
+zone "102.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.102.0";
+};
+
diff --git a/FLR-BRB/bind/named.conf.local.ORIG b/FLR-BRB/bind/named.conf.local.ORIG
new file mode 100644
index 0000000..7a57b10
--- /dev/null
+++ b/FLR-BRB/bind/named.conf.local.ORIG
@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
diff --git a/FLR-BRB/bind/named.conf.options b/FLR-BRB/bind/named.conf.options
new file mode 100644
index 0000000..824301a
--- /dev/null
+++ b/FLR-BRB/bind/named.conf.options
@@ -0,0 +1,91 @@
+options {
+   directory "/var/cache/bind";
+
+   // If there is a firewall between you and nameservers you want
+   // to talk to, you may need to fix the firewall to allow multiple
+   // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+   // If your ISP provided one or more IP addresses for stable
+   // nameservers, you probably want to use them as forwarders.
+   // Uncomment the following block, and insert the addresses replacing
+   // the all-0's placeholder.
+
+   // forwarders {
+   //    0.0.0.0;
+   // };
+
+   //========================================================================
+   // If BIND logs error messages about the root key being expired,
+   // you will need to update your keys.  See https://www.isc.org/bind-keys
+   //========================================================================
+   dnssec-validation auto;
+
+   // Security options
+   listen-on port 53 {
+      127.0.0.1;
+      192.168.102.1;
+   };
+
+   allow-query {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/8;
+   };
+
+   // caching name services
+   recursion yes;
+   allow-recursion {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/16;
+   };
+
+   allow-transfer { none; };
+
+   auth-nxdomain no;    # conform to RFC1035
+   listen-on-v6 { any; };
+};
+
+logging {
+   channel simple_log {
+      file "/var/log/named/bind.log" versions 3 size 5m;
+      //severity warning;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category  yes;
+   };
+   channel queries_log {
+      file "/var/log/named/query.log" versions 10 size 5m;
+      severity debug;
+      //severity notice;
+      print-time yes;
+      print-severity yes;
+      print-category no;
+   };
+   channel log_zone_transfers {
+      file "/var/log/named/axfr.log" versions 5 size 2m;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   category resolver {
+      queries_log;
+   };
+   category queries {
+      queries_log;
+   };
+   category xfer-in {
+      log_zone_transfers;
+   };
+   category xfer-out {
+      log_zone_transfers;
+   };
+   category notify {
+      log_zone_transfers;
+   };
+   category default{
+      simple_log;
+   };
+};
diff --git a/FLR-BRB/bind/named.conf.options.ORIG b/FLR-BRB/bind/named.conf.options.ORIG
new file mode 100644
index 0000000..b1bef51
--- /dev/null
+++ b/FLR-BRB/bind/named.conf.options.ORIG
@@ -0,0 +1,26 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/FLR-BRB/bind/rndc.key b/FLR-BRB/bind/rndc.key
new file mode 100644
index 0000000..2d6c5da
--- /dev/null
+++ b/FLR-BRB/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "hlqmXw2FiKndTvcEUP86Qw==";
+};
diff --git a/FLR-BRB/bind/zones.rfc1918 b/FLR-BRB/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/FLR-BRB/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/FLR-BRB/chap-secrets.FLR-BRB b/FLR-BRB/chap-secrets.FLR-BRB
new file mode 100644
index 0000000..52ca573
--- /dev/null
+++ b/FLR-BRB/chap-secrets.FLR-BRB
@@ -0,0 +1,5 @@
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+
+## - Fluechlingsrat BRB
+"0022044435885511150351780001@t-online.de" * "27475004"
diff --git a/FLR-BRB/cron_root.FLR-BRB b/FLR-BRB/cron_root.FLR-BRB
new file mode 100644
index 0000000..fd7d256
--- /dev/null
+++ b/FLR-BRB/cron_root.FLR-BRB
@@ -0,0 +1,51 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.9PMQig/crontab installed on Fri Jan 26 01:07:45 2018)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+PATH=/root/bin:/root/bin/admin-stuff:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# - Check if postfix mailservice is running. Restart service if needed.
+# -
+*/15 * * * * /root/bin/monitoring/check_postfix.sh
+
+# - check forwarding ( /proc/sys/net/ipv4/ip_forward contains "1" )
+# - if not set this entry to "1"
+#
+0-59/2 * * * * /root/bin/monitoring/check_forwarding.sh
+
+# - check if openvpn is running if not restart the service
+# -
+0-59/30 * * * * /root/bin/monitoring/check_vpn.sh
+
+# - check if nameservice (bind) is running if not restart the service
+# -
+*/10 * * * * /root/bin/monitoring/check_dns.sh
+
+# - check if DynDNS ip is correct, adjust if needed
+# -
+07,27,47 * * * * /root/bin/monitoring/check_dyndns.sh flr-brb.homelinux.org
+
+# - copy gateway configuration
+# -
+13 4 * * * /root/bin/manage-gw-config/copy_gateway-config.sh FLR-BRB
diff --git a/FLR-BRB/ddclient.conf.FLR-BRB b/FLR-BRB/ddclient.conf.FLR-BRB
new file mode 100644
index 0000000..deb7db8
--- /dev/null
+++ b/FLR-BRB/ddclient.conf.FLR-BRB
@@ -0,0 +1,15 @@
+# Configuration file for ddclient generated by debconf
+#
+# /etc/ddclient.conf
+
+protocol=dyndns2
+use=web, web=checkip.dyndns.com, web-skip='IP Address'
+server=members.dyndns.org
+login=ckubu
+password='7213b4e6178a11e6ab1362f831f6741e'
+flr-brb.homelinux.org
+mail=argus@oopen.de
+
+ssl=yes
+mail=argus@oopen.de
+mail-failure=root
diff --git a/FLR-BRB/default_isc-dhcp-server.FLR-BRB b/FLR-BRB/default_isc-dhcp-server.FLR-BRB
new file mode 100644
index 0000000..df30daa
--- /dev/null
+++ b/FLR-BRB/default_isc-dhcp-server.FLR-BRB
@@ -0,0 +1,21 @@
+# Defaults for isc-dhcp-server initscript
+# sourced by /etc/init.d/isc-dhcp-server
+# installed at /etc/default/isc-dhcp-server by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPD_CONF=/etc/dhcp/dhcpd.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPD_PID=/var/run/dhcpd.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACES=""
diff --git a/FLR-BRB/dhcpd.conf.FLR-BRB b/FLR-BRB/dhcpd.conf.FLR-BRB
new file mode 100644
index 0000000..1c8f0b3
--- /dev/null
+++ b/FLR-BRB/dhcpd.conf.FLR-BRB
@@ -0,0 +1,227 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.102.255;
+
+
+option domain-name "flr.netz";
+option domain-name-servers nscache.flr.netz;
+#option domain-name "example.org";
+#option domain-name-servers ns1.example.org, ns2.example.org;
+option routers gw-flr.flr.netz;
+
+
+default-lease-time 86400;
+max-lease-time 259200;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+subnet 192.168.102.0 netmask 255.255.255.0 {
+
+   # --- 192.168.102.160/27 ---
+   # network address....: 192.168.102.160
+   # Broadcast address..: 192.168.102.191
+   # netmask............: 255.255.255.224
+   # network range......: 192.168.102.160 - 192.168.102.191
+   # Usable range.......: 192.168.102.161 - 192.168.102.190
+
+   range 192.168.102.161 192.168.102.190;
+   option domain-name "flr.netz";
+   option domain-name-servers nscache.flr.netz;
+   option subnet-mask 255.255.255.0;
+   option broadcast-address 192.168.102.255;
+   option routers gw-flr.flr.netz;
+
+}
+
+host file-flr {
+   hardware ethernet 00:25:90:0b:77:90;
+   fixed-address file-flr.flr.netz ;
+}
+
+host file-ipmi {
+   hardware ethernet 00:25:90:0b:7f:3d;
+   fixed-address file-ipmi.flr.netz ;
+}
+
+host mfc-9142cdn.flr.netz {
+   hardware ethernet 30:05:5c:74:6b:c0;
+   fixed-address mfc-9142cdn.flr.netz ;
+}
+
+host pcbuero1 {
+   # - on chipset LAN
+   #hardware ethernet 00:1D:7D:E5:42:69;
+   # - Intel PRO/1000 GT
+   hardware ethernet 90:e2:ba:0c:bb:fb;
+   fixed-address pcbuero1.flr.netz ;
+}
+
+host pcbuero2 {
+   # - on chipset LAN
+   #hardware ethernet 00:1d:7d:e5:3f:9f;
+   # - Intel PRO/1000 GT
+   hardware ethernet 90:e2:ba:0c:bc:0e;
+   fixed-address pcbuero2.flr.netz ;
+}
+
+host pcbuero3 {
+   hardware ethernet 80:ee:73:b9:8a:d6;
+   fixed-address pcbuero3.flr.netz ;
+}
+
+host ivana-Laptop {
+   # - on chipset WLAN
+   hardware ethernet 5c:51:4f:ff:dc:cd;
+   fixed-address ivana-laptop.flr.netz ;
+}
+
+#host lisa-Laptop {
+#   # - on chipset WLAN
+#   hardware ethernet ;
+#   fixed-address lisa-laptop.flr.netz ;
+#}
+
+host lisa-lan {
+   # - on chipset LAN
+   hardware ethernet 3c:97:0e:d5:f0:f7;
+   fixed-address lisa-lan.flr.netz ;
+}
+
+host sabrina-Laptop {
+   # - on chipset LAN
+   hardware ethernet b4:6d:83:4a:ab:c3;
+   fixed-address sabrina-laptop.flr.netz ;
+}
+
+host sabrina-lan {
+   # - on chipset LAN
+   hardware ethernet 50:7b:9d:29:50:2f;
+   fixed-address sabrina-lan.flr.netz ;
+}
+
+host flr-1-lan {
+   # - on chipset LAN
+   hardware ethernet 1c:39:47:d8:75:ae;
+   fixed-address flr-1-lan.flr.netz ;
+}
+
+
+## - wireless LAN
+subnet 192.168.103.0 netmask 255.255.255.0 {
+
+   # --- 192.168.103.160/27 ---
+   # network address....: 192.168.103.160
+   # Broadcast address..: 192.168.103.191
+   # netmask............: 255.255.255.224
+   # network range......: 192.168.103.160 - 192.168.103.191
+   # Usable range.......: 192.168.103.161 - 192.168.103.190
+
+   range 192.168.103.161 192.168.103.190;
+   option domain-name "flr.netz";
+   option domain-name-servers nscache.flr.netz;
+   option subnet-mask 255.255.255.0;
+   option broadcast-address 192.168.103.255;
+   option routers gw-flr-wlan.flr.netz;
+
+   default-lease-time 86400;
+   max-lease-time 259200;
+}
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/FLR-BRB/dhcpd6.conf.FLR-BRB b/FLR-BRB/dhcpd6.conf.FLR-BRB
new file mode 100644
index 0000000..87786b4
--- /dev/null
+++ b/FLR-BRB/dhcpd6.conf.FLR-BRB
@@ -0,0 +1,102 @@
+# Server configuration file example for DHCPv6
+# From the file used for TAHI tests - addresses chosen
+# to match TAHI rather than example block.
+
+# IPv6 address valid lifetime
+#  (at the end the address is no longer usable by the client)
+#  (set to 30 days, the usual IPv6 default)
+default-lease-time 2592000;
+
+# IPv6 address preferred lifetime
+#  (at the end the address is deprecated, i.e., the client should use
+#   other addresses for new connections)
+#  (set to 7 days, the	usual IPv6 default)
+preferred-lifetime 604800;
+
+# T1, the delay before Renew
+#  (default is 1/2 preferred lifetime)
+#  (set to 1 hour)
+option dhcp-renewal-time 3600;
+
+# T2, the delay before Rebind (if Renews failed)
+#  (default is 3/4 preferred lifetime)
+#  (set to 2 hours)
+option dhcp-rebinding-time 7200;
+
+# Enable RFC 5007 support (same than for DHCPv4)
+allow leasequery;
+
+# Global definitions for name server address(es) and domain search list
+option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
+option dhcp6.domain-search "test.example.com","example.com";
+
+# Set preference to 255 (maximum) in order to avoid waiting for
+# additional servers when there is only one
+##option dhcp6.preference 255;
+
+# Server side command to enable rapid-commit (2 packet exchange)
+##option dhcp6.rapid-commit;
+
+# The delay before information-request refresh
+#  (minimum is 10 minutes, maximum one day, default is to not refresh)
+#  (set to 6 hours)
+option dhcp6.info-refresh-time 21600;
+
+# Static definition (must be global)
+#host myclient {
+#	# The entry is looked up by this
+#	host-identifier option
+#		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
+#
+#	# A fixed address
+#	fixed-address6 3ffe:501:ffff:100::1234;
+#
+#	# A fixed prefix
+#	fixed-prefix6 3ffe:501:ffff:101::/64;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
+#
+#	# For debug (to see when the entry statements are executed)
+#	#  (log "sol" when a matching Solicitation is received)
+#	##if packet(0,1) = 1 { log(debug,"sol"); }
+#}
+#
+#host otherclient {
+#        # This host entry is hopefully matched if the client supplies a DUID-LL
+#        # or DUID-LLT containing this MAC address.
+#        hardware ethernet 01:00:80:a2:55:67;
+#
+#        fixed-address6 3ffe:501:ffff:100::4321;
+#}
+
+# The subnet where the server is attached
+#  (i.e., the server has an address in this subnet)
+#subnet6 3ffe:501:ffff:100::/64 {
+#	# Two addresses available to clients
+#	#  (the third client should get NoAddrsAvail)
+#	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
+#
+#	# Use the whole /64 prefix for temporary addresses
+#	#  (i.e., direct application of RFC 4941)
+#	range6 3ffe:501:ffff:100:: temporary;
+#
+#	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
+#	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
+#}
+
+# A second subnet behind a relay agent
+#subnet6 3ffe:501:ffff:101::/64 {
+#	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
+#
+#}
+
+# A third subnet behind a relay agent chain
+#subnet6 3ffe:501:ffff:102::/64 {
+#	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
+#}
diff --git a/FLR-BRB/hostname.FLR-BRB b/FLR-BRB/hostname.FLR-BRB
new file mode 100644
index 0000000..f8b083c
--- /dev/null
+++ b/FLR-BRB/hostname.FLR-BRB
@@ -0,0 +1 @@
+gw-flr
diff --git a/FLR-BRB/hosts.FLR-BRB b/FLR-BRB/hosts.FLR-BRB
new file mode 100644
index 0000000..7e4fff7
--- /dev/null
+++ b/FLR-BRB/hosts.FLR-BRB
@@ -0,0 +1,7 @@
+127.0.0.1	localhost
+#172.16.102.1	gw-flr.flr.netz	gw-flr
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/FLR-BRB/igmpproxy.conf.FLR-BRB b/FLR-BRB/igmpproxy.conf.FLR-BRB
new file mode 100644
index 0000000..197ca30
--- /dev/null
+++ b/FLR-BRB/igmpproxy.conf.FLR-BRB
@@ -0,0 +1,46 @@
+########################################################
+#
+#   Example configuration file for the IgmpProxy
+#   --------------------------------------------
+#
+#   The configuration file must define one upstream
+#   interface, and one or more downstream interfaces.
+#
+#   If multicast traffic originates outside the
+#   upstream subnet, the "altnet" option can be
+#   used in order to define legal multicast sources.
+#   (Se example...)
+#
+#   The "quickleave" should be used to avoid saturation
+#   of the upstream link. The option should only
+#   be used if it's absolutely nessecary to
+#   accurately imitate just one Client.
+#
+########################################################
+
+##------------------------------------------------------
+## Enable Quickleave mode (Sends Leave instantly)
+##------------------------------------------------------
+quickleave
+
+
+##------------------------------------------------------
+## Configuration for eth0 (Upstream Interface)
+##------------------------------------------------------
+phyint eth0 upstream  ratelimit 0  threshold 1
+        altnet 10.0.0.0/8 
+        altnet 192.168.0.0/24
+
+
+##------------------------------------------------------
+## Configuration for eth1 (Downstream Interface)
+##------------------------------------------------------
+phyint eth1 downstream  ratelimit 0  threshold 1
+
+
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+phyint eth2 disabled
+
+
diff --git a/FLR-BRB/interfaces.FLR-BRB b/FLR-BRB/interfaces.FLR-BRB
new file mode 100644
index 0000000..6ac47b1
--- /dev/null
+++ b/FLR-BRB/interfaces.FLR-BRB
@@ -0,0 +1,59 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+#-----------------------------
+# lo - loopback interface
+#-----------------------------
+
+auto lo
+iface lo inet loopback
+
+
+
+#-----------------------------
+# eth0 - (W)LAN
+#-----------------------------
+
+auto eth0
+iface eth0 inet static
+   address 192.168.103.254
+   network 192.168.103.0
+   netmask 255.255.255.0
+
+
+
+#-----------------------------
+# eth1 - LAN
+#-----------------------------
+
+auto eth1
+iface eth1 inet static
+   address 192.168.102.254
+   network 192.168.102.0
+   netmask 255.255.255.0
+   broadcast 192.168.102.255
+
+auto eth1:ns
+iface eth1:ns inet static
+   address 192.168.102.1
+   network 192.168.102.0
+   netmask 255.255.255.0
+   broadcast 192.168.102.255
+
+
+#-----------------------------
+# eth2 - WAN
+#-----------------------------
+
+allow-hotplug eth2
+iface eth2 inet static
+   address 172.16.102.1
+   netmask 255.255.255.0
+   network 172.16.102.0
+   broadcast 172.16.102.255
+   gateway 172.16.102.254
+   # dns-* options are implemented by the resolvconf package, if installed
+   dns-nameservers 127.0.0.1
+   dns-search flr.netz
diff --git a/FLR-BRB/ipt-firewall.service.FLR-BRB b/FLR-BRB/ipt-firewall.service.FLR-BRB
new file mode 100644
index 0000000..9842090
--- /dev/null
+++ b/FLR-BRB/ipt-firewall.service.FLR-BRB
@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+SyslogIdentifier="ipt-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/FLR-BRB/ipt-firewall/default_ports.conf b/FLR-BRB/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..a6ee932
--- /dev/null
+++ b/FLR-BRB/ipt-firewall/default_ports.conf
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/FLR-BRB/ipt-firewall/include_functions.conf b/FLR-BRB/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/FLR-BRB/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/FLR-BRB/ipt-firewall/interfaces_ipv4.conf b/FLR-BRB/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..2462995
--- /dev/null
+++ b/FLR-BRB/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="eth1"
+local_if_2="eth0"
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/FLR-BRB/ipt-firewall/load_modules_ipv4.conf b/FLR-BRB/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/FLR-BRB/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/FLR-BRB/ipt-firewall/load_modules_ipv6.conf b/FLR-BRB/ipt-firewall/load_modules_ipv6.conf
new file mode 100644
index 0000000..2c55689
--- /dev/null
+++ b/FLR-BRB/ipt-firewall/load_modules_ipv6.conf
@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle
diff --git a/FLR-BRB/ipt-firewall/logging_ipv4.conf b/FLR-BRB/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..e653972
--- /dev/null
+++ b/FLR-BRB/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/FLR-BRB/ipt-firewall/logging_ipv6.conf b/FLR-BRB/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..a024215
--- /dev/null
+++ b/FLR-BRB/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/FLR-BRB/ipt-firewall/main_ipv4.conf b/FLR-BRB/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..0d4eaa9
--- /dev/null
+++ b/FLR-BRB/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1355 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+read -a gateway_ipv4_address_arr <<<$(ifconfig | grep "inet Ad" | awk '{print$2}' | cut -d':' -f2)
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# - =====
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                    86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip=""
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks=""
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195 1196"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - 192.168.102.10      Brother MFC-9142CDN
+
+# - Blank separated list
+# -
+http_server_only_local_ips="192.168.102.6"
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+http_server_dmz_arr[192.168.103.253]=$ext_if_static_1
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - SMTP server (i.e. mail relay service) Gateway
+# -
+local_smtp_service=false
+
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+# - 192.168.102.10      Fileserver
+# -
+samba_server_local_ips="192.168.102.10"
+
+# - Samba Service DMZ
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips=""
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=false
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - 192.168.102.11      IPMI Fileserver
+# -
+# - Blank seoarated list
+# -
+ipmi_server_ips="192.168.102.11"
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_ports="623 5900"
+ipmi_tcp_ports="80 443 623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - 192.168.102.6    Brother MFC-9142CDN
+# -
+# - Blank separated list
+# -
+printer_ips="192.168.102.6"
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - 192.168.102.6    Brother MFC-9142CDN
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips="192.168.102.6"
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade (NAT) networks
+# -
+# -    nat_networks="<src-network>:<output-device> [<src-network>:<output-device>] [.."
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -    nat_network="172.16.1.0/24:${local_if_2}
+# -                 172.16.63.0/24:${ext_if_static_1}"
+# -
+# - 172.16.1.0/24    Rescue network (routers)
+# -
+nat_networks=""
+
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+# -    192.168.102.254: Xycel Speedport 5501
+# -
+# - Blank separated list
+# -
+masquerade_tcp_cons="
+   192.168.63.0/24:192.168.102.254:80:${ext_if_static_1}
+   192.168.63.0/24:192.168.102.254:443:${ext_if_static_1}
+   10.0.0.0/8:192.168.102.254:80:${ext_if_static_1}
+   10.0.0.0/8:192.168.102.254:443:${ext_if_static_1}"
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# - Blank separated list
+# -
+portforward_tcp=""
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+allow_cisco_vpn_out=false
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=true
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=false
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=false
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14"
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/FLR-BRB/ipt-firewall/post_decalrations.conf b/FLR-BRB/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..7d0e9bf
--- /dev/null
+++ b/FLR-BRB/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/FLR-BRB/mailname.FLR-BRB b/FLR-BRB/mailname.FLR-BRB
new file mode 100644
index 0000000..0cdd040
--- /dev/null
+++ b/FLR-BRB/mailname.FLR-BRB
@@ -0,0 +1 @@
+gw-flr.flr.netz
diff --git a/FLR-BRB/main.cf.FLR-BRB b/FLR-BRB/main.cf.FLR-BRB
new file mode 100644
index 0000000..a951e7c
--- /dev/null
+++ b/FLR-BRB/main.cf.FLR-BRB
@@ -0,0 +1,268 @@
+# ============ Basic settings ============
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+
+## - The Internet protocols Postfix will attempt to use when making 
+## - or accepting connections.
+## - DEFAULT: ipv4
+inet_protocols = ipv4
+
+#inet_interfaces = all
+inet_interfaces =
+   127.0.0.1
+   #192.168.102.254
+
+myhostname = gw-flr.flr.netz
+
+mydestination = 
+   gw-flr.flr.netz
+   localhost
+
+## - The list of "trusted" SMTP clients that have more 
+## - privileges than "strangers"
+## -
+mynetworks = 
+   127.0.0.0/8
+   192.168.102.254/32
+
+smtp_bind_address = 192.168.102.254
+smtp_bind_address6 = 
+
+
+## - The method to generate the default value for the mynetworks parameter.
+## -
+## -   mynetworks_style = host" when Postfix should "trust" only the local machine
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -                       clients in the same IP subnetworks as the local machine.
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -                      IP class A/B/C networks as the local machine.
+## -
+#mynetworks_style = host
+
+
+## - The maximal size of any local(8) individual mailbox or maildir file, 
+## - or zero (no limit). In fact, this limits the size of any file that is 
+## - written to upon local delivery, including files written by external 
+## - commands that are executed by the local(8) delivery agent. 
+## -
+mailbox_size_limit = 0
+
+## - The maximal size in bytes of a message, including envelope information.
+## -
+## - we user 50MB
+## -
+message_size_limit = 52480000
+
+## - The system-wide recipient address extension delimiter
+## -
+recipient_delimiter = +
+
+## - The alias databases that are used for local(8) delivery.
+## -
+alias_maps =
+   hash:/etc/aliases
+
+## - The alias databases for local(8) delivery that are updated 
+## - with "newaliases" or with "sendmail -bi". 
+## -
+alias_database =
+   hash:/etc/aliases
+
+
+## - The maximal time a message is queued before it is sent back as 
+## - undeliverable. Defaults to 5d (5 days)
+## - Specify 0 when mail delivery should be tried only once.
+## - 
+maximal_queue_lifetime = 3d
+bounce_queue_lifetime = $maximal_queue_lifetime
+
+## - delay_warning_time (default: 0h)
+## -
+## - The time after which the sender receives a copy of the message 
+## - headers of mail that is still queued. To enable this feature, 
+## - specify a non-zero time value (an integral value plus an optional 
+## - one-letter suffix that specifies the time unit). 
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
+## - The default time unit is h (hours). 
+delay_warning_time = 1d
+
+
+
+# ============ Relay parameters ============
+
+#relayhost =
+
+
+# ============ SASL authentication ============
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+
+
+
+# ============ TLS parameters ============
+
+## - Aktiviert TLS für den Mailempfang
+## -
+## - may:
+## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - SMTP server, otherwise use plaintext
+## -
+## - This overrides the obsolete parameters smtpd_use_tls and 
+## - smtpd_enforce_tls. This parameter is ignored with 
+## - "smtpd_tls_wrappermode = yes".
+#smtpd_use_tls=yes
+smtp_tls_security_level=encrypt
+
+## - Aktiviert TLS für den Mailversand
+## -
+## - may:
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - but do not require that clients use TLS encryption.
+# smtp_use_tls=yes
+smtpd_tls_security_level=may
+
+## -    0 Disable logging of TLS activity. 
+## -    1 Log TLS handshake and certificate information. 
+## -    2 Log levels during TLS negotiation. 
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
+
+smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
+smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024
+## -
+#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
+## - also possible to use 2048 key with that parameter
+## -
+smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512
+## -
+smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
+
+
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
+## - server certificates or intermediate CA certificates. These are loaded into 
+## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
+## - 
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - necessary "hash" links with, for example, "
+## - /bin/c_rehash /etc/postfix/certs". 
+## -
+## - !! Note !!
+## - To use this option in chroot mode, this directory (or a copy) must be inside 
+## - the chroot jail. 
+## -
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - queue directory (/var/spool/postfix)
+## -
+#smtpd_tls_CApath = /etc/postfix/certs
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP server 
+# 
+# List of TLS protocols that the Postfix SMTP server will exclude or  
+# include with opportunistic TLS encryption.  
+smtpd_tls_protocols = !SSLv2, !SSLv3
+# 
+# The SSL/TLS protocols accepted by the Postfix SMTP server  
+# with mandatory TLS encryption. 
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP client 
+#  
+# List of TLS protocols that the Postfix SMTP client will exclude or  
+# include with opportunistic TLS encryption.  
+smtp_tls_protocols = !SSLv2, !SSLv3
+# 
+# List of SSL/TLS protocols that the Postfix SMTP client will use  
+# with mandatory TLS encryption 
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
+## -    openssl > 1.0
+## -
+smtpd_tls_eecdh_grade = strong
+
+# standard list cryptographic algorithm
+tls_preempt_cipherlist = yes
+
+# Disable ciphers which are less than 256-bit:
+#
+#smtpd_tls_mandatory_ciphers = high
+#
+# opportunistic
+smtpd_tls_ciphers = high
+
+
+# Exclude ciphers
+#smtpd_tls_exclude_ciphers =
+#   RC4
+#   aNULL
+#   SEED-SHA
+#   EXP
+#   MD5
+smtpd_tls_exclude_ciphers =
+   aNULL
+   eNULL
+   EXPORT
+   DES
+   RC4
+   MD5
+   PSK
+   aECDH
+   EDH-DSS-DES-CBC3-SHA
+   EDH-RSA-DES-CDC3-SHA
+   KRB5-DE5, CBC3-SHA
+
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
diff --git a/FLR-BRB/openvpn/home-flr/ccd/server-gw-ckubu/VPN-FLR-BRB-gw-ckubu b/FLR-BRB/openvpn/home-flr/ccd/server-gw-ckubu/VPN-FLR-BRB-gw-ckubu
new file mode 100644
index 0000000..e867714
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/ccd/server-gw-ckubu/VPN-FLR-BRB-gw-ckubu
@@ -0,0 +1,6 @@
+ifconfig-push 10.1.102.2 255.255.255.0
+push "route 192.168.102.0 255.255.255.0 10.1.102.1"
+push "route 192.168.103.0 255.255.255.0 10.1.102.1"
+push "route 172.16.102.0 255.255.255.0 10.1.102.1"
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0
diff --git a/FLR-BRB/openvpn/home-flr/ccd/server-home/VPN-FLR-BRB-chris b/FLR-BRB/openvpn/home-flr/ccd/server-home/VPN-FLR-BRB-chris
new file mode 100644
index 0000000..76909cf
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/ccd/server-home/VPN-FLR-BRB-chris
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.102.3 255.255.255.0
+#push "route 192.168.102.0 255.255.255.0 10.0.102.1"
diff --git a/FLR-BRB/openvpn/home-flr/ccd/server-home/VPN-FLR-BRB-flr-pierre b/FLR-BRB/openvpn/home-flr/ccd/server-home/VPN-FLR-BRB-flr-pierre
new file mode 100644
index 0000000..be98cf6
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/ccd/server-home/VPN-FLR-BRB-flr-pierre
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.102.5 255.255.255.0
+
diff --git a/FLR-BRB/openvpn/home-flr/ccd/server-home/VPN-FLR-BRB-ivana b/FLR-BRB/openvpn/home-flr/ccd/server-home/VPN-FLR-BRB-ivana
new file mode 100644
index 0000000..04af62b
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/ccd/server-home/VPN-FLR-BRB-ivana
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.102.4 255.255.255.0
+
diff --git a/FLR-BRB/openvpn/home-flr/ccd/server-home/VPN-FLR-BRB-sabrina b/FLR-BRB/openvpn/home-flr/ccd/server-home/VPN-FLR-BRB-sabrina
new file mode 100644
index 0000000..3c8d685
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/ccd/server-home/VPN-FLR-BRB-sabrina
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.102.6 255.255.255.0
+
diff --git a/FLR-BRB/openvpn/home-flr/ccd/server-home/VPN-FLR-BRB-yilmaz b/FLR-BRB/openvpn/home-flr/ccd/server-home/VPN-FLR-BRB-yilmaz
new file mode 100644
index 0000000..ab32e26
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/ccd/server-home/VPN-FLR-BRB-yilmaz
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.102.7 255.255.255.0
+
diff --git a/FLR-BRB/openvpn/home-flr/crl.pem b/FLR-BRB/openvpn/home-flr/crl.pem
new file mode 100644
index 0000000..1c60b16
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/crl.pem
@@ -0,0 +1,14 @@
+-----BEGIN X509 CRL-----
+MIICHzCCAYgwDQYJKoZIhvcNAQELBQAwgaExCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBuZXR3b3JrIHNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQ0ExFDASBgNVBCkT
+C1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZRcNMTcw
+OTI4MDEzNjEzWhcNMjcwOTI2MDEzNjEzWjCBtDASAgEFFw0xNzA5MjcxNDUwMjla
+MBICAQYXDTE3MDkyNzE0NTAzNVowEgIBBxcNMTcwOTI3MTQ1MDAzWjASAgEIFw0x
+NzA5MjcxNDQ4NTFaMBICAQkXDTE3MDkyNzE0NTAyMVowEgIBChcNMTcwOTI3MTQ1
+MDQ0WjASAgEMFw0xNjExMTgwMTQ0NDdaMBICAQ4XDTE2MTExODAxNTcyMVowEgIB
+EBcNMTcwOTI4MDEzNjEzWjANBgkqhkiG9w0BAQsFAAOBgQCIMVV2OOJx1+9IGDZ5
+CDctK7rmuKAs1S7/633UeY260hMdkcoB+4y/6eZb95kVvGg79JkVUoNOm24oywZg
+o/ehuXFdTCHXbjXdFCD2NHAYaO3HzV/mTGnJDy1yBAdqkYnKZGYxH8LRL7sa7kBy
+CL3D/j5RQpp/NW5Fr//CNzV7Pg==
+-----END X509 CRL-----
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/build-ca b/FLR-BRB/openvpn/home-flr/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/build-dh b/FLR-BRB/openvpn/home-flr/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/build-inter b/FLR-BRB/openvpn/home-flr/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/build-key b/FLR-BRB/openvpn/home-flr/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/build-key-pass b/FLR-BRB/openvpn/home-flr/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/build-key-pkcs12 b/FLR-BRB/openvpn/home-flr/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/build-key-server b/FLR-BRB/openvpn/home-flr/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/build-req b/FLR-BRB/openvpn/home-flr/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/build-req-pass b/FLR-BRB/openvpn/home-flr/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/clean-all b/FLR-BRB/openvpn/home-flr/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/inherit-inter b/FLR-BRB/openvpn/home-flr/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/list-crl b/FLR-BRB/openvpn/home-flr/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/openssl-0.9.6.cnf b/FLR-BRB/openvpn/home-flr/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/openssl-0.9.8.cnf b/FLR-BRB/openvpn/home-flr/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/openssl-1.0.0.cnf b/FLR-BRB/openvpn/home-flr/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..5db8851
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,289 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+#default_crl_days= 30			# how long before next CRL
+default_crl_days= 3650			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/pkitool b/FLR-BRB/openvpn/home-flr/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/revoke-full b/FLR-BRB/openvpn/home-flr/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/sign-req b/FLR-BRB/openvpn/home-flr/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/vars b/FLR-BRB/openvpn/home-flr/easy-rsa/vars
new file mode 100644
index 0000000..d0a13b8
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/vars
@@ -0,0 +1,94 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+BASE_DIR="/etc/openvpn/home-flr"
+export EASY_RSA="${BASE_DIR}/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="${BASE_DIR}/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="o.open"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="argus@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="network services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN FLR-BRB"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-FLR-BRB"
+
+export KEY_ALTNAMES="VPN FLR-BRB"
diff --git a/FLR-BRB/openvpn/home-flr/easy-rsa/whichopensslcnf b/FLR-BRB/openvpn/home-flr/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/ipp.txt b/FLR-BRB/openvpn/home-flr/ipp.txt
new file mode 100644
index 0000000..e69de29
diff --git a/FLR-BRB/openvpn/home-flr/juergen.conf b/FLR-BRB/openvpn/home-flr/juergen.conf
new file mode 100644
index 0000000..ab18c54
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/juergen.conf
@@ -0,0 +1,205 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-flr.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDzjCCAzegAwIBAgIJAPf/MOnEeNJTMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLUNBMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwHhcNMTIxMTExMTgyMzU5WhcNMzIxMTA2MTgyMzU5WjCBoTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNV
+BAMTBlZQTi1DQTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIdp+t
+lUB/nx3JqiZiBEkyTK2m+uH/hes4wYTpmbRY2x1YJtwQegX/sfxuu0n1xA42gON0
+eOBc2v/MmKzrGP+VP2VxWBhR/VnJsPeFTJJvD6ioM+jc9xNeZFNgHibRw4vzipyK
+ALQJK6gJ3COvhb3YWOul3njUGgZZkaikPMuTQQIDAQABo4IBCjCCAQYwHQYDVR0O
+BBYEFFb+8DvjraReG34P1h/k6dWObxLWMIHWBgNVHSMEgc4wgcuAFFb+8DvjraRe
+G34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtWUE4t
+RkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDpxHjS
+UzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADPFDfqCtYtsS/NxGVYc
+hgxKsA9S/kBifNbde0e6nmPBgufW+O3uPrkvg7Wx2EayxMhX/dVrAYm8NSNCdWXV
+5ra0lu6cTI8rwWt404e0F/o0v6u+5eWHFxSF0lDJIVhwvvVoiAUJQw8h+BlI5PYO
+JcHZCQoQE1/RE6Xp+0xgTXvW
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIEuTCCBCKgAwIBAgIBEjANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE3MTAyNDAxMzQzM1oXDTI3MTAyMjAxMzQzM1owga4xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNWUE4t
+RkxSLUJSQi1qdWVyZ2VuMRQwEgYDVQQpEwtWUE4gRkxSLUJSQjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCbcT8YKpUSZXTqr+4DmcrBRImukIl/TuDzNiLCtXmQmXPQ7BxpfQAqpki2
+/xKdqMD9zz9UKemwej3J6GZu2GpeXmDFiOGWxNDyjzB2n32hg9jLztl7K5yImyS/
+WJyhDhkfVkvSlSDFY2aONywpbyOSkKTwoQMba7+lHzGcK1ogGeqLFtKPPymhp7Hw
+hrSlxDT81Sgdoyrck4Q3ERrWdV9MlFYjJ+mSVc0LF44YRP+HuZD/BjyMZM245dWS
+Me5AM7XsXNURgmBXMvvZYhlqOmodPJ300RAf3Bm+LHwKuJsx5CHyIP9+Q8mLJKny
+Ryww6VlKiB0HasdI2466pDl5cmjxAgMBAAGjggFsMIIBaDAJBgNVHRMEAjAAMC0G
+CWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFBD13+ToD3+TqfZlR+sVdmtWguBBMIHWBgNVHSMEgc4wgcuAFFb+8Dvj
+raReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMG
+QmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UE
+CxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtW
+UE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDp
+xHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEgYDVR0RBAsw
+CYIHanVlcmdlbjANBgkqhkiG9w0BAQsFAAOBgQAyqNVmA6YQXmkLSqYklZ0ZHu5S
+07URoL3ouY0NGoOzG7zTsnaPYcqp7gYNfW6Bs6J0hc9kmh95aWEfj+EcL15OQ6wP
+8W4ei0pbNNPoKem851DYiDbFA5FTbh5khd1ba891HrHuBll4XmJTblwU48AL89j2
+KMUGFiL+tYBc2XRHnQ==
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI5cJs+DRA7GwCAggA
+MBQGCCqGSIb3DQMHBAhKECB4U6HVGgSCBMiITLbqpSHVKSBnOcUgt8xKlUWYbYaJ
+tXzPgTRzWnMOT466ryIik9wrDKtMupE6oVWigc58zY6sA96M+wOy5jSXfa9ON5gQ
+uuFfQYrAAjMcVvC4sO0meAlyEPKraphvvq+MdJnae3DwzR/v1xRk87gBMaXA/vYL
+mIn/w2jPaeQmBjEmKEfggwgCx6x5Eb4GL+K8cEw/EAU3oJBo71KwRsQZ5T4bXxUJ
+8bmEZoUGS+Dugv7mRE2xXVv277wqKgpubadZUjw1K29lvhSeYT1EDGCXYz7thl3K
+98F1mw3DpGdctQ3uaA1uLWrgMys67ZDRciazHWD6YCQOhX6YpjIwU7dCGJe8vpDz
++My3VTIMQxUwLdaxB1ZHQAKBCrToNZKMxhfPVWDUgureq+05xcifBQ8aqr1v5HJN
+s2ciqtVKWd0uaJbwOhPMQJc6QTcvzHtKmjW2yeqHF/WmluIcUH3ddJ18d9SK8p28
+Uo7H5LAvfD45TWXzjQVnRrZNKCTGSGfosdW2Cd5xLfXLVxH6xRZZJLhg/umU+TLD
+lnQYLMh6kBJeatrk6+z9wTAVk4ctagqR6N4nTOv68ncfQ5XSpeHH8ZKi5/ZhvW8K
+eyjHQzxCAZyaMe2g5gymAtgSVlaJbILGVjJ3Pey++W4akvN30DpRmaXIwdSyrH3W
+w3zW93WzfDqN71a3vpaSojiwUGj0Fj6c1ptGUHIIGd3A59YhJQqAyEZc8dHwaXwp
+ojbiYtzX8yto7OMeenLNlLqJxSBLw2ztqibqtmI7C1/00O6ECUdyZEJqbwwFxbPb
+VmXv/luXvzmGkqBdoMvPe4hF4ii0srciezxsVlUMpde1gAG1mQTZBYvTRwALOInW
+GmjOHLwBShm9y2XRgiAzXnBvEP/dto6JbUDQMwmn3PwhSpiotqJY2CnR5GI7BDcu
+nCEf45tbYyNjPJVcki5vyHaTkfT2vpWG+4ixYEmrgimcJFN1yxFWTbZ0661qvW2z
+epXgiJCkliqniaXxqV7pcwNUYl4SIto9yqY0Iw9fEp7KE76rZrwzBYV5RXXohgWN
+0mHcyscJE3P8M9n0AMFFxN+YUKEk5xxkYD7vwIyvYVR+QbXrVecJtT4f5JPkaFSR
+s5+mUjUJ8EhTKLa1CS7i0vOX8lmnu9NgZdn+lzXPFbpIFHSKtaTtKvKVpQgoXhJB
+6nm+qQVMScDMR/6XDXr9IC1ujV4rlYmpJCBKZzTeRAoykkw6LPfLyyQwMJJ/9Z7T
+53xrJ+wNy2ZioBwZxjd6z2ZGbkmLMRMZXdA48W4OSN7rm7CozhJNq12G7svmjwDs
+zS8y7UIFc+qbAiZd/CiBsR1B4j9uIeCCj9tc9iNYc2j3d+AZRr94hxOuqmHQEYyF
+5vzsXZb6xd4YmMG/5PfQnd4wr3xCJHFAACpMioPSGmlr0Y+HnqCPdKshn9C0IBQ5
+ZEDUszNbdAKjPgHi+u2AaDzAZmKQ0DvA8CBijJmI7R8JCDzDcTYjLwhAJeJLtwxB
+BT/HwSiAy/tbazXyZBMEPk5MOsCok7tTe1fmI/igYUj2h+oyJYr9ymBU97IyyBes
+b+sm7SgLb+7dh58VhE8tlhihqrWVvHak5qkyvQI02ffAuOg809Pftsdki2LKMBsy
+svM=
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+670c1735182a2aa7373f3913f4bb9922
+1011f52b6004f688f702ee2eebf789de
+8e9a7cbbe597de15dcd0944cc77c63bb
+247ef4ec6beb0ab1ad0e68fd3224d9c3
+50f3536eb45f0582ab3deb4a84144e08
+4ab82c010550262a803f617826443ed5
+34ace631dd1115372b4b6d91523ebf9d
+5212960ff14b16776359a2c4a8a78672
+c6dd16d8e3bead764da1f39a267a5d2c
+e798d3f52e0d8ceb7cafde530cbff390
+7a099224465c3bde210bdc7e713dae1c
+05e190846e0bc7cc8e4c79427516eed3
+b580385daaef259dd823e67970ffd9f3
+125c3b6217f6622652f76f1da0ea96e5
+b9724b6abd8384f45f11d9b41a9afa7b
+34d1a506ef314806f46e64d46f4b53a7
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/FLR-BRB/openvpn/home-flr/keys-created.txt b/FLR-BRB/openvpn/home-flr/keys-created.txt
new file mode 100644
index 0000000..0688659
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys-created.txt
@@ -0,0 +1,8 @@
+
+key...............: kirstin.key
+common name.......: VPN-FLR-BRB-kirstin
+password..........: gz3n7PhPvFrW
+
+key...............: juergen.key
+common name.......: VPN-FLR-BRB-juergen
+password..........: P7N4bxCFT9Nz
diff --git a/FLR-BRB/openvpn/home-flr/keys/01.pem b/FLR-BRB/openvpn/home-flr/keys/01.pem
new file mode 100644
index 0000000..bcfb047
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/01.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov 11 18:29:25 2012 GMT
+            Not After : Nov  6 18:29:25 2032 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA-server/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b8:f5:73:7b:83:be:ce:17:23:57:29:d3:29:c9:
+                    44:4c:bd:83:39:1f:0f:12:35:87:9c:87:c6:a0:47:
+                    00:77:28:0a:84:23:36:98:fd:a9:ce:80:d6:3f:a6:
+                    59:9d:7a:a9:bf:11:08:c9:37:54:30:0e:5a:b9:1c:
+                    91:b6:d9:2c:c2:b1:34:9d:76:58:f7:bc:8b:44:eb:
+                    4c:d4:69:58:14:cd:02:ca:d5:34:bc:1a:78:c9:8e:
+                    2c:89:65:01:28:0b:39:39:f5:23:51:93:0b:ac:76:
+                    d2:ec:ed:16:45:7f:c8:b1:b6:bf:86:c8:40:20:e3:
+                    52:98:a5:43:ac:90:d3:e6:89
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                2A:A7:8E:B5:AA:B6:80:DC:14:3D:8A:E7:71:3D:50:BF:EC:84:10:52
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: sha1WithRSAEncryption
+        6e:26:e1:ae:74:b2:9b:f8:fc:61:9f:4e:b3:92:cc:4d:bf:5e:
+        50:70:90:cf:ce:e2:e4:aa:de:b7:3c:18:ce:2d:c3:ef:fd:94:
+        59:ed:cf:be:36:d6:d5:16:f2:86:fe:2d:ed:2a:d6:3f:19:8f:
+        83:9f:ea:84:75:06:c3:6f:7c:37:ef:5b:e4:be:9f:13:92:be:
+        43:e7:53:25:f5:c8:85:30:5e:e8:2d:f0:b6:ed:e1:e1:20:86:
+        06:1e:9d:29:94:fa:36:78:c4:9c:0c:12:56:31:93:8c:83:4d:
+        67:49:df:61:f4:4a:15:51:3d:d2:a1:e1:9e:18:37:8b:fe:19:
+        f6:21
+-----BEGIN CERTIFICATE-----
+MIIENTCCA56gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTEyMTExMTE4MjkyNVoXDTMyMTEwNjE4MjkyNVowgagxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1WUE4t
+Q0Etc2VydmVyMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALj1c3uD
+vs4XI1cp0ynJREy9gzkfDxI1h5yHxqBHAHcoCoQjNpj9qc6A1j+mWZ16qb8RCMk3
+VDAOWrkckbbZLMKxNJ12WPe8i0TrTNRpWBTNAsrVNLwaeMmOLIllASgLOTn1I1GT
+C6x20uztFkV/yLG2v4bIQCDjUpilQ6yQ0+aJAgMBAAGjggFyMIIBbjAJBgNVHRME
+AjAAMBEGCWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0Eg
+R2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUKqeOtaq2gNwU
+PYrncT1Qv+yEEFIwgdYGA1UdIwSBzjCBy4AUVv7wO+OtpF4bfg/WH+Tp1Y5vEtah
+gaekgaQwgaExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
+BkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZp
+Y2VzMQ8wDQYDVQQDEwZWUE4tQ0ExFDASBgNVBCkTC1ZQTi1GTFItQlJCMR0wGwYJ
+KoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJAPf/MOnEeNJTMBMGA1UdJQQMMAoG
+CCsGAQUFBwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQUFAAOBgQBuJuGudLKb
++Pxhn06zksxNv15QcJDPzuLkqt63PBjOLcPv/ZRZ7c++NtbVFvKG/i3tKtY/GY+D
+n+qEdQbDb3w371vkvp8Tkr5D51Ml9ciFMF7oLfC27eHhIIYGHp0plPo2eMScDBJW
+MZOMg01nSd9h9EoVUT3SoeGeGDeL/hn2IQ==
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/02.pem b/FLR-BRB/openvpn/home-flr/keys/02.pem
new file mode 100644
index 0000000..dcce997
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/02.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov 11 18:31:17 2012 GMT
+            Not After : Nov  6 18:31:17 2032 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-chris/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bb:b8:e0:59:a9:0b:ce:92:92:45:6f:0a:17:c0:
+                    a5:31:2e:86:eb:d7:a9:47:5d:80:b6:5b:94:6b:9f:
+                    58:5d:6b:df:73:99:f8:5d:3a:f6:58:a7:9b:da:20:
+                    48:e5:19:cb:e0:f7:ad:47:05:a2:b0:db:ed:54:ec:
+                    75:45:05:31:b7:68:62:47:35:3f:89:1b:f6:8b:7d:
+                    72:fe:ee:a6:21:60:5e:c1:59:f1:32:25:2e:79:14:
+                    1d:03:38:a1:a9:e2:28:52:52:c3:c0:51:91:fd:44:
+                    50:3b:be:c7:ba:df:5a:47:38:47:29:78:c7:a0:ec:
+                    b6:ea:46:28:ed:62:fd:3a:7f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                68:00:5D:CF:D6:87:2A:65:E2:31:F7:56:87:B1:3B:FF:78:1F:28:B0
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        50:68:35:b1:f8:03:97:a3:ae:e8:2c:40:c1:0b:f8:a7:d7:f2:
+        e1:f0:de:62:a9:0b:ee:18:44:8d:c9:f9:9f:ac:4b:b7:95:6c:
+        fc:43:95:aa:b0:6f:b8:35:bb:a0:a8:c1:48:d9:2d:d9:7e:50:
+        fb:2b:ba:c5:31:e1:a7:af:b1:58:4a:44:28:69:84:bc:9c:e0:
+        90:b7:95:36:ee:00:3b:1e:0a:09:90:2f:be:d9:0c:07:78:8e:
+        79:21:4a:af:2b:7d:f3:30:4d:70:04:f2:95:55:4b:d8:24:46:
+        09:f9:08:3c:b0:c1:ad:49:5c:ec:47:55:bc:16:49:80:8e:01:
+        1c:e6
+-----BEGIN CERTIFICATE-----
+MIIEHzCCA4igAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTEyMTExMTE4MzExN1oXDTMyMTEwNjE4MzExN1owgawxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRowGAYDVQQDExFWUE4t
+RkxSLUJSQi1jaHJpczEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7
+uOBZqQvOkpJFbwoXwKUxLobr16lHXYC2W5Rrn1hda99zmfhdOvZYp5vaIEjlGcvg
+961HBaKw2+1U7HVFBTG3aGJHNT+JG/aLfXL+7qYhYF7BWfEyJS55FB0DOKGp4ihS
+UsPAUZH9RFA7vse631pHOEcpeMeg7LbqRijtYv06fwIDAQABo4IBWDCCAVQwCQYD
+VR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBRoAF3P1ocqZeIx91aHsTv/eB8osDCB1gYDVR0jBIHO
+MIHLgBRW/vA7462kXht+D9Yf5OnVjm8S1qGBp6SBpDCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlggkA9/8w6cR40lMwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeA
+MA0GCSqGSIb3DQEBBQUAA4GBAFBoNbH4A5ejrugsQMEL+KfX8uHw3mKpC+4YRI3J
++Z+sS7eVbPxDlaqwb7g1u6CowUjZLdl+UPsrusUx4aevsVhKRChphLyc4JC3lTbu
+ADseCgmQL77ZDAd4jnkhSq8rffMwTXAE8pVVS9gkRgn5CDywwa1JXOxHVbwWSYCO
+ARzm
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/03.pem b/FLR-BRB/openvpn/home-flr/keys/03.pem
new file mode 100644
index 0000000..6ac328a
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/03.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jan  8 18:20:29 2013 GMT
+            Not After : Jan  3 18:20:29 2033 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-ivana/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:cf:7f:bf:39:14:b4:f5:71:58:db:eb:0f:64:c5:
+                    93:7f:3c:25:51:b9:ce:85:fa:af:73:9a:d4:1e:6a:
+                    89:1a:bc:ed:ba:b6:cf:65:0f:77:ea:fd:cf:2d:6b:
+                    71:4a:05:b6:7e:86:b5:22:c3:cc:7e:9b:35:cb:bc:
+                    cd:5c:a7:37:8d:e7:a7:27:a5:80:e4:ca:08:46:95:
+                    61:ed:38:7d:49:fa:4c:e9:ef:bf:4a:79:aa:92:45:
+                    10:41:22:bb:60:60:4b:ec:a6:e5:ca:62:0c:bd:be:
+                    ea:95:e4:63:5d:32:ee:83:5c:ca:49:40:e9:be:f3:
+                    c4:7f:e6:10:34:27:f6:55:31
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                90:C9:26:75:C9:2A:14:6C:0B:6D:89:7B:C4:8A:27:F3:8D:25:96:5C
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        76:3f:16:0a:89:d0:aa:0f:d9:7d:2e:45:f3:8f:ab:ac:0a:32:
+        b9:3e:1b:80:b1:60:fb:a5:81:2e:78:a4:e1:47:33:e2:97:e7:
+        9f:0f:88:06:af:cd:80:e8:21:0d:00:7d:83:56:9d:c6:ff:fb:
+        cb:74:92:d9:39:4a:b1:44:14:73:31:85:f0:87:66:10:d1:63:
+        db:97:d5:89:47:a1:55:91:82:0c:0c:d9:45:bb:60:20:bb:3b:
+        23:b4:23:e7:0c:3c:57:91:33:23:ab:9f:18:76:f5:ae:44:71:
+        ba:53:45:d7:a3:f5:42:cf:b1:d7:31:74:d1:30:ba:bc:12:d9:
+        22:79
+-----BEGIN CERTIFICATE-----
+MIIEHzCCA4igAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTEzMDEwODE4MjAyOVoXDTMzMDEwMzE4MjAyOVowgawxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRowGAYDVQQDExFWUE4t
+RkxSLUJSQi1pdmFuYTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDP
+f785FLT1cVjb6w9kxZN/PCVRuc6F+q9zmtQeaokavO26ts9lD3fq/c8ta3FKBbZ+
+hrUiw8x+mzXLvM1cpzeN56cnpYDkyghGlWHtOH1J+kzp779KeaqSRRBBIrtgYEvs
+puXKYgy9vuqV5GNdMu6DXMpJQOm+88R/5hA0J/ZVMQIDAQABo4IBWDCCAVQwCQYD
+VR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBSQySZ1ySoUbAttiXvEiifzjSWWXDCB1gYDVR0jBIHO
+MIHLgBRW/vA7462kXht+D9Yf5OnVjm8S1qGBp6SBpDCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlggkA9/8w6cR40lMwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeA
+MA0GCSqGSIb3DQEBBQUAA4GBAHY/FgqJ0KoP2X0uRfOPq6wKMrk+G4CxYPulgS54
+pOFHM+KX558PiAavzYDoIQ0AfYNWncb/+8t0ktk5SrFEFHMxhfCHZhDRY9uX1YlH
+oVWRggwM2UW7YCC7OyO0I+cMPFeRMyOrnxh29a5EcbpTRdej9ULPsdcxdNEwurwS
+2SJ5
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/04.pem b/FLR-BRB/openvpn/home-flr/keys/04.pem
new file mode 100644
index 0000000..d7b6049
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/04.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Sep 18 11:07:19 2013 GMT
+            Not After : Sep 16 11:07:19 2023 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-gw-ckubu/name=Christoph Kuchenbuch/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:c8:6b:44:7a:ce:51:74:af:7e:b0:db:ab:e5:cb:
+                    50:f7:01:9b:da:d4:38:7e:35:01:0c:60:4f:28:92:
+                    90:4c:dd:06:1a:a0:89:d6:65:c4:97:d4:22:35:3f:
+                    8c:0c:79:e2:ec:9a:26:4e:e7:ee:f7:73:02:65:12:
+                    9f:cf:5e:05:0c:1e:96:c7:f1:81:92:8f:ac:48:71:
+                    93:df:f8:f2:a3:66:65:ad:13:81:c1:f1:23:a2:c5:
+                    04:86:26:29:bf:2c:7d:28:43:fa:a1:3d:dd:aa:47:
+                    01:af:0f:c2:ba:e0:0b:1d:af:53:f1:f7:a8:b2:90:
+                    2f:4a:ab:c8:19:f6:9c:eb:23
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                DC:10:87:FA:DA:75:B6:5E:0D:5F:CD:4E:2C:9B:B0:E5:A1:E8:85:1D
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         9a:71:cd:8f:8a:8a:a0:96:68:01:5e:86:36:74:41:1d:1a:99:
+         66:56:83:09:c5:18:7f:a1:ec:bf:b8:17:52:e8:fb:09:9c:b3:
+         5b:b7:0f:ec:e5:4f:db:87:7d:0d:bf:4b:ce:b1:f6:fb:c8:e0:
+         99:f5:aa:39:ce:dd:8e:7d:6d:b0:70:7f:00:42:de:6e:55:be:
+         57:f4:01:8d:2e:00:b7:90:b1:92:73:65:89:20:52:8b:b9:f2:
+         28:eb:e6:32:0d:ed:a0:51:2a:73:fa:dd:6b:86:b5:71:b1:d5:
+         b7:30:59:6b:94:dd:fc:c9:47:00:35:a8:b7:18:53:c6:99:fb:
+         0a:70
+-----BEGIN CERTIFICATE-----
+MIIEKzCCA5SgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTEzMDkxODExMDcxOVoXDTIzMDkxNjExMDcxOVowgbgxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMR0wGwYDVQQDExRWUE4t
+RkxSLUJSQi1ndy1ja3VidTEdMBsGA1UEKRMUQ2hyaXN0b3BoIEt1Y2hlbmJ1Y2gx
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDIa0R6zlF0r36w26vly1D3AZva1Dh+NQEMYE8okpBM3QYaoInW
+ZcSX1CI1P4wMeeLsmiZO5+73cwJlEp/PXgUMHpbH8YGSj6xIcZPf+PKjZmWtE4HB
+8SOixQSGJim/LH0oQ/qhPd2qRwGvD8K64Asdr1Px96iykC9Kq8gZ9pzrIwIDAQAB
+o4IBWDCCAVQwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTcEIf62nW2Xg1fzU4sm7DloeiF
+HTCB1gYDVR0jBIHOMIHLgBRW/vA7462kXht+D9Yf5OnVjm8S1qGBp6SBpDCBoTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNV
+BAMTBlZQTi1DQTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlggkA9/8w6cR40lMwEwYDVR0lBAwwCgYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4GBAJpxzY+KiqCWaAFehjZ0QR0a
+mWZWgwnFGH+h7L+4F1Lo+wmcs1u3D+zlT9uHfQ2/S86x9vvI4Jn1qjnO3Y59bbBw
+fwBC3m5Vvlf0AY0uALeQsZJzZYkgUou58ijr5jIN7aBRKnP63WuGtXGx1bcwWWuU
+3fzJRwA1qLcYU8aZ+wpw
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/05.pem b/FLR-BRB/openvpn/home-flr/keys/05.pem
new file mode 100644
index 0000000..2c05522
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/05.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Oct 29 15:02:57 2014 GMT
+            Not After : Oct 26 15:02:57 2024 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-mariusz/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:a8:7e:61:36:b1:2f:4f:24:75:68:ff:ac:85:a2:
+                    10:eb:1d:ad:d3:82:81:34:ce:ab:d8:94:e6:14:39:
+                    95:c6:84:ea:72:59:28:11:4b:80:a6:90:13:62:23:
+                    75:89:f5:2f:d1:19:21:7d:65:1d:18:f0:b1:61:2d:
+                    69:68:2a:e9:4d:85:72:4f:83:ca:ef:75:2a:d7:65:
+                    e1:3a:d5:82:fc:1d:95:19:0b:a0:a3:3e:9b:75:74:
+                    23:71:53:5c:06:de:d7:9c:bc:72:56:db:47:a5:dc:
+                    d8:6f:78:a8:5e:4d:6f:77:d4:a7:4a:0e:e7:67:f2:
+                    64:7b:ba:c1:51:b1:0e:17:e3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                1F:79:F0:09:41:57:66:6C:A7:D4:F5:7A:60:9D:BA:17:0C:04:7A:45
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         69:7f:24:d6:65:ae:ae:1d:d3:0a:31:df:42:3c:b8:75:5b:aa:
+         fc:3d:5d:b2:85:41:6a:a4:69:7f:e3:cd:22:f2:04:10:19:d0:
+         ca:67:91:7d:22:5d:d5:42:4f:0d:84:d0:99:1b:59:29:43:3e:
+         58:11:9a:0a:fd:70:de:08:82:91:dc:43:3f:4b:87:c1:fe:39:
+         50:cb:35:58:66:08:c2:c9:f9:b9:c7:3a:3e:f8:83:bf:1e:2c:
+         ad:a9:cc:42:ce:98:ad:df:0d:8c:bc:3c:c3:81:fa:44:f4:9b:
+         2a:3e:20:74:8f:3e:4a:fd:be:01:5b:5c:ac:a5:c1:ce:13:2b:
+         cb:78
+-----BEGIN CERTIFICATE-----
+MIIEITCCA4qgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE0MTAyOTE1MDI1N1oXDTI0MTAyNjE1MDI1N1owga4xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNWUE4t
+RkxSLUJSQi1tYXJpdXN6MRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AKh+YTaxL08kdWj/rIWiEOsdrdOCgTTOq9iU5hQ5lcaE6nJZKBFLgKaQE2IjdYn1
+L9EZIX1lHRjwsWEtaWgq6U2Fck+Dyu91Ktdl4TrVgvwdlRkLoKM+m3V0I3FTXAbe
+15y8clbbR6Xc2G94qF5Nb3fUp0oO52fyZHu6wVGxDhfjAgMBAAGjggFYMIIBVDAJ
+BgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2Vy
+dGlmaWNhdGUwHQYDVR0OBBYEFB958AlBV2Zsp9T1emCduhcMBHpFMIHWBgNVHSME
+gc4wgcuAFFb+8DvjraReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJE
+RTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8u
+b3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNB
+MRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGWCCQD3/zDpxHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMC
+B4AwDQYJKoZIhvcNAQEFBQADgYEAaX8k1mWurh3TCjHfQjy4dVuq/D1dsoVBaqRp
+f+PNIvIEEBnQymeRfSJd1UJPDYTQmRtZKUM+WBGaCv1w3giCkdxDP0uHwf45UMs1
+WGYIwsn5ucc6PviDvx4sranMQs6Yrd8NjLw8w4H6RPSbKj4gdI8+Sv2+AVtcrKXB
+zhMry3g=
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/06.pem b/FLR-BRB/openvpn/home-flr/keys/06.pem
new file mode 100644
index 0000000..0e05130
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/06.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr  9 13:50:54 2015 GMT
+            Not After : Apr  6 13:50:54 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-tobias/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:a4:c4:1d:99:73:7a:4b:5e:09:c0:6f:58:86:e7:
+                    33:6f:21:b5:28:57:b7:6f:d0:96:69:a5:0a:06:3b:
+                    e5:c9:97:78:fc:57:3a:5e:2a:a6:2f:19:ed:52:28:
+                    b2:7b:0d:88:6d:da:84:8e:3d:57:9d:3f:9f:49:40:
+                    f1:5c:f1:ff:c8:bf:96:d7:21:3e:f5:bd:e6:4c:8c:
+                    fb:b3:3b:90:5d:9e:16:30:ad:e1:76:70:c2:53:38:
+                    da:1d:19:78:fc:62:6e:67:85:d9:11:7c:ed:15:f8:
+                    c2:cd:ad:d4:e1:73:c7:45:33:f5:1f:8c:21:13:da:
+                    87:29:c5:29:40:91:0e:8b:11
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                EB:34:0B:7C:F3:FE:0C:45:55:E3:8F:E2:0B:99:5C:7D:22:A0:09:0F
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         1a:1b:12:2e:fc:4a:ad:c1:4d:4b:0f:a0:c5:cd:db:a3:44:cb:
+         9c:3a:f2:5d:32:ae:42:c8:0b:b4:99:37:3b:6b:7f:bc:26:b2:
+         dd:13:a8:33:8a:0b:63:6e:99:cf:ee:a5:de:69:ab:d8:02:b7:
+         28:33:e4:c9:8b:86:3d:fc:06:e7:9f:8f:c9:42:e4:ec:46:23:
+         ad:a1:d7:cc:eb:3e:f6:60:90:40:09:d0:32:6d:6a:d2:cd:11:
+         3f:79:d0:60:57:35:1c:22:76:b1:8d:04:00:2f:82:ea:29:48:
+         8d:cb:74:e0:2d:d8:79:53:99:d8:2f:9c:fe:14:0b:83:9e:32:
+         8c:84
+-----BEGIN CERTIFICATE-----
+MIIEIDCCA4mgAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE1MDQwOTEzNTA1NFoXDTI1MDQwNjEzNTA1NFowga0xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRswGQYDVQQDExJWUE4t
+RkxSLUJSQi10b2JpYXMxFDASBgNVBCkTC1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+pMQdmXN6S14JwG9YhuczbyG1KFe3b9CWaaUKBjvlyZd4/Fc6XiqmLxntUiiyew2I
+bdqEjj1XnT+fSUDxXPH/yL+W1yE+9b3mTIz7szuQXZ4WMK3hdnDCUzjaHRl4/GJu
+Z4XZEXztFfjCza3U4XPHRTP1H4whE9qHKcUpQJEOixECAwEAAaOCAVgwggFUMAkG
+A1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQU6zQLfPP+DEVV44/iC5lcfSKgCQ8wgdYGA1UdIwSB
+zjCBy4AUVv7wO+OtpF4bfg/WH+Tp1Y5vEtahgaekgaQwgaExCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQ0Ex
+FDASBgNVBCkTC1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZYIJAPf/MOnEeNJTMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIH
+gDANBgkqhkiG9w0BAQUFAAOBgQAaGxIu/EqtwU1LD6DFzdujRMucOvJdMq5CyAu0
+mTc7a3+8JrLdE6gzigtjbpnP7qXeaavYArcoM+TJi4Y9/Abnn4/JQuTsRiOtodfM
+6z72YJBACdAybWrSzRE/edBgVzUcInaxjQQAL4LqKUiNy3TgLdh5U5nYL5z+FAuD
+njKMhA==
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/07.pem b/FLR-BRB/openvpn/home-flr/keys/07.pem
new file mode 100644
index 0000000..581d08d
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/07.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 7 (0x7)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  8 11:06:29 2015 GMT
+            Not After : Jul  5 11:06:29 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-gabi/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:b4:25:18:ee:65:f4:03:b4:f1:a0:ca:e9:66:34:
+                    42:4f:73:5c:1a:84:fd:a4:55:72:fa:c8:6d:f6:5a:
+                    09:90:ea:dd:66:82:4f:a0:33:f6:11:27:26:83:cc:
+                    63:18:de:00:2d:f0:33:41:4f:c0:d4:1e:29:d0:41:
+                    8b:b9:89:cd:1c:cc:1e:ca:ef:f9:89:3f:4a:3b:71:
+                    df:45:83:bd:cd:c6:11:43:dd:d5:20:c9:86:63:c0:
+                    4f:d7:33:50:82:14:db:52:4d:f5:26:b8:1f:75:52:
+                    c7:68:bf:3b:a5:0d:52:6e:e3:8a:86:fe:f6:5f:84:
+                    aa:f5:2c:1d:00:48:d9:4a:e3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                15:48:AB:D9:07:76:C9:5B:84:5D:4B:AB:61:47:DC:2C:01:2C:4E:CF
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         a8:8d:06:47:92:b9:0b:ed:28:62:b4:47:a1:8a:30:e1:50:d6:
+         5a:b5:62:69:4c:81:61:d1:46:be:f3:a7:07:41:61:5e:22:5e:
+         ed:21:c4:93:c8:5f:64:ac:72:10:b3:c4:c7:b6:43:f8:be:fd:
+         e1:a9:23:75:31:46:0e:a7:02:48:66:81:52:6b:97:a1:8f:46:
+         fe:91:97:5e:7a:43:3e:d8:d9:f3:28:5a:b2:34:76:06:e2:b8:
+         ba:79:f9:0f:0b:f3:5c:04:b1:d9:c7:c8:bf:ae:09:cb:50:da:
+         f1:37:13:94:f7:20:b6:2e:9a:a9:e3:f2:d8:4d:93:a9:de:c9:
+         4e:57
+-----BEGIN CERTIFICATE-----
+MIIEHjCCA4egAwIBAgIBBzANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE1MDcwODExMDYyOVoXDTI1MDcwNTExMDYyOVowgasxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRkwFwYDVQQDExBWUE4t
+RkxSLUJSQi1nYWJpMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJ
+ARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALQl
+GO5l9AO08aDK6WY0Qk9zXBqE/aRVcvrIbfZaCZDq3WaCT6Az9hEnJoPMYxjeAC3w
+M0FPwNQeKdBBi7mJzRzMHsrv+Yk/Sjtx30WDvc3GEUPd1SDJhmPAT9czUIIU21JN
+9Sa4H3VSx2i/O6UNUm7jiob+9l+EqvUsHQBI2UrjAgMBAAGjggFYMIIBVDAJBgNV
+HRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlm
+aWNhdGUwHQYDVR0OBBYEFBVIq9kHdslbhF1Lq2FH3CwBLE7PMIHWBgNVHSMEgc4w
+gcuAFFb+8DvjraReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQw
+EgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGWCCQD3/zDpxHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
+DQYJKoZIhvcNAQEFBQADgYEAqI0GR5K5C+0oYrRHoYow4VDWWrViaUyBYdFGvvOn
+B0FhXiJe7SHEk8hfZKxyELPEx7ZD+L794akjdTFGDqcCSGaBUmuXoY9G/pGXXnpD
+PtjZ8yhasjR2BuK4unn5DwvzXASx2cfIv64Jy1Da8TcTlPcgti6aqePy2E2Tqd7J
+Tlc=
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/08.pem b/FLR-BRB/openvpn/home-flr/keys/08.pem
new file mode 100644
index 0000000..ea325ec
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/08.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 8 (0x8)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  8 11:07:55 2015 GMT
+            Not After : Jul  5 11:07:55 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-almut/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:e6:b1:b6:df:9d:e7:65:dd:d6:6b:5e:4b:16:62:
+                    7d:30:59:35:63:fe:4e:03:16:5a:e1:5d:d8:05:2b:
+                    fe:83:46:14:75:2d:cc:b5:2b:b9:c0:5e:bf:1f:6f:
+                    f2:79:e3:74:c5:cf:13:d8:82:87:19:06:05:35:cf:
+                    d3:6a:f9:be:ad:66:e1:8c:29:65:6d:e3:e6:44:2b:
+                    0b:21:25:d6:24:91:27:bc:7d:82:58:b9:22:e5:d5:
+                    b4:22:72:7e:03:38:93:18:71:f1:a2:18:6c:87:6e:
+                    2e:1d:cb:4c:a1:5e:c1:13:d9:2a:1a:8e:47:67:6e:
+                    b2:63:e3:7f:f0:3a:bc:6c:37
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                1C:17:CE:68:3A:6B:CA:ED:98:E4:63:13:C7:A2:60:E1:D2:51:DF:9A
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         c3:24:0b:75:30:4a:dc:79:f6:55:e3:95:4b:5d:d3:6d:4d:42:
+         41:54:a9:5f:0d:d1:3b:cd:9f:bb:7e:19:fc:ca:dd:a6:92:6e:
+         2a:28:57:b2:a9:99:9a:9b:11:60:34:ec:09:3c:bb:91:d5:37:
+         89:14:9a:c2:c6:52:af:b9:f0:a6:c9:aa:b3:e5:b5:80:07:40:
+         ac:a2:fd:98:c2:5b:16:20:c4:39:31:b7:73:ee:65:79:75:86:
+         41:70:26:a5:c4:fc:a8:f4:50:cf:34:2d:85:22:21:e9:84:2c:
+         8e:08:09:d1:75:a7:76:f7:f3:be:09:b0:79:7f:0d:c6:7d:6b:
+         57:b9
+-----BEGIN CERTIFICATE-----
+MIIEHzCCA4igAwIBAgIBCDANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE1MDcwODExMDc1NVoXDTI1MDcwNTExMDc1NVowgawxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRowGAYDVQQDExFWUE4t
+RkxSLUJSQi1hbG11dDEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDm
+sbbfnedl3dZrXksWYn0wWTVj/k4DFlrhXdgFK/6DRhR1Lcy1K7nAXr8fb/J543TF
+zxPYgocZBgU1z9Nq+b6tZuGMKWVt4+ZEKwshJdYkkSe8fYJYuSLl1bQicn4DOJMY
+cfGiGGyHbi4dy0yhXsET2SoajkdnbrJj43/wOrxsNwIDAQABo4IBWDCCAVQwCQYD
+VR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBQcF85oOmvK7ZjkYxPHomDh0lHfmjCB1gYDVR0jBIHO
+MIHLgBRW/vA7462kXht+D9Yf5OnVjm8S1qGBp6SBpDCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlggkA9/8w6cR40lMwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeA
+MA0GCSqGSIb3DQEBBQUAA4GBAMMkC3UwStx59lXjlUtd021NQkFUqV8N0TvNn7t+
+GfzK3aaSbiooV7KpmZqbEWA07Ak8u5HVN4kUmsLGUq+58KbJqrPltYAHQKyi/ZjC
+WxYgxDkxt3PuZXl1hkFwJqXE/Kj0UM80LYUiIemELI4ICdF1p3b3874JsHl/DcZ9
+a1e5
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/09.pem b/FLR-BRB/openvpn/home-flr/keys/09.pem
new file mode 100644
index 0000000..33e67d3
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/09.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 9 (0x9)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Oct 13 13:35:55 2015 GMT
+            Not After : Oct 10 13:35:55 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-lisa/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:af:f3:dd:c0:7e:0b:a2:0d:c2:ba:de:67:bb:5d:
+                    80:43:b0:f9:a4:5b:58:c2:58:53:ce:6f:58:74:18:
+                    67:cf:b2:ee:6d:d0:fc:75:29:8f:cf:b7:b9:5a:2e:
+                    8e:fb:0c:52:55:b7:47:ef:2d:9f:8e:ae:14:e3:84:
+                    ab:d3:b1:d0:24:c8:c3:5c:f7:41:e7:38:0c:95:b2:
+                    bb:93:58:99:17:58:41:20:fe:1e:26:70:60:2c:dc:
+                    2f:c1:a8:f6:20:70:3f:2a:6d:9e:8a:0d:b0:08:13:
+                    09:d7:05:9c:e9:d7:2b:70:62:21:5a:3a:a7:d1:89:
+                    ab:c3:41:d7:a1:f5:0f:2b:f1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                57:37:68:B3:B8:03:AA:98:FC:DA:7D:D3:5D:80:10:FD:08:72:1A:D4
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         78:13:a3:3a:0a:85:d6:ae:98:71:63:d1:4f:7b:99:38:74:a6:
+         89:f6:32:dc:74:e2:da:85:eb:71:1b:39:e7:3f:76:3f:5e:ef:
+         c7:52:85:18:6e:bd:a7:2e:b9:1f:65:54:a1:22:3d:25:86:2c:
+         e3:95:1a:48:5b:b0:e8:00:02:d4:9c:a9:71:2e:5d:54:29:03:
+         bc:38:76:b2:fc:76:13:30:8a:e8:f6:5c:be:98:48:a5:f4:28:
+         ac:0c:13:c9:9b:10:29:18:6a:28:58:bf:f0:6a:7c:00:d8:d5:
+         c1:36:db:aa:12:63:d9:84:f0:1f:36:7a:48:06:11:59:df:71:
+         3d:41
+-----BEGIN CERTIFICATE-----
+MIIEHjCCA4egAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE1MTAxMzEzMzU1NVoXDTI1MTAxMDEzMzU1NVowgasxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRkwFwYDVQQDExBWUE4t
+RkxSLUJSQi1saXNhMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJ
+ARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK/z
+3cB+C6INwrreZ7tdgEOw+aRbWMJYU85vWHQYZ8+y7m3Q/HUpj8+3uVoujvsMUlW3
+R+8tn46uFOOEq9Ox0CTIw1z3Qec4DJWyu5NYmRdYQSD+HiZwYCzcL8Go9iBwPypt
+nooNsAgTCdcFnOnXK3BiIVo6p9GJq8NB16H1DyvxAgMBAAGjggFYMIIBVDAJBgNV
+HRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlm
+aWNhdGUwHQYDVR0OBBYEFFc3aLO4A6qY/Np9012AEP0IchrUMIHWBgNVHSMEgc4w
+gcuAFFb+8DvjraReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQw
+EgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGWCCQD3/zDpxHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
+DQYJKoZIhvcNAQEFBQADgYEAeBOjOgqF1q6YcWPRT3uZOHSmifYy3HTi2oXrcRs5
+5z92P17vx1KFGG69py65H2VUoSI9JYYs45UaSFuw6AAC1JypcS5dVCkDvDh2svx2
+EzCK6PZcvphIpfQorAwTyZsQKRhqKFi/8Gp8ANjVwTbbqhJj2YTwHzZ6SAYRWd9x
+PUE=
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/0A.pem b/FLR-BRB/openvpn/home-flr/keys/0A.pem
new file mode 100644
index 0000000..f03883c
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/0A.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 10 (0xa)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr 22 11:38:47 2016 GMT
+            Not After : Apr 20 11:38:47 2026 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-yilmaz/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:df:95:6e:ce:0c:d4:d9:1f:3d:83:d8:88:1f:49:
+                    b9:21:96:1f:7b:b9:c9:e2:c9:e0:cb:c3:7b:34:6b:
+                    21:b9:32:8c:43:3c:a8:53:bb:9e:ba:0e:e1:30:9d:
+                    e7:b0:f6:ad:cc:ce:34:09:07:9d:3e:05:38:58:ff:
+                    6b:eb:34:81:bb:8f:a7:59:ca:41:45:1b:db:6d:5e:
+                    8b:71:f6:ad:e0:b3:77:28:c2:7f:ff:7c:5d:dd:4b:
+                    b0:fb:b2:8d:99:e9:e7:bc:be:16:22:d3:1d:72:fd:
+                    b8:ab:a9:64:11:cc:95:27:b9:23:7f:45:36:ef:72:
+                    c6:0e:97:84:7c:05:a8:d2:bf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                11:AB:C8:D6:9A:1E:E1:E4:FD:6E:B0:F4:D4:86:1F:B5:30:93:5F:78
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         50:0d:74:88:36:8c:28:80:81:e9:18:3b:ec:61:29:29:e9:b5:
+         b3:7b:ca:2d:96:c8:8d:f6:c2:36:35:0f:5a:5d:07:d1:e2:38:
+         5f:9c:8d:63:ff:fc:d4:26:89:a9:2c:f3:0e:61:b1:ce:a3:81:
+         cc:e1:0a:98:fb:f8:42:dc:f2:04:e3:5e:f5:41:87:e0:23:02:
+         f2:58:1b:24:21:87:7d:5b:c6:6a:f0:15:18:40:f4:20:56:91:
+         4d:24:06:1e:e6:58:3f:50:00:ab:ad:37:d0:09:53:e2:92:4c:
+         51:3a:68:d8:46:b3:c3:46:d0:8e:36:95:3e:da:01:f7:a2:d0:
+         61:21
+-----BEGIN CERTIFICATE-----
+MIIEIDCCA4mgAwIBAgIBCjANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE2MDQyMjExMzg0N1oXDTI2MDQyMDExMzg0N1owga0xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRswGQYDVQQDExJWUE4t
+RkxSLUJSQi15aWxtYXoxFDASBgNVBCkTC1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+35VuzgzU2R89g9iIH0m5IZYfe7nJ4sngy8N7NGshuTKMQzyoU7ueug7hMJ3nsPat
+zM40CQedPgU4WP9r6zSBu4+nWcpBRRvbbV6Lcfat4LN3KMJ//3xd3Uuw+7KNmenn
+vL4WItMdcv24q6lkEcyVJ7kjf0U273LGDpeEfAWo0r8CAwEAAaOCAVgwggFUMAkG
+A1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUEavI1poe4eT9brD01IYftTCTX3gwgdYGA1UdIwSB
+zjCBy4AUVv7wO+OtpF4bfg/WH+Tp1Y5vEtahgaekgaQwgaExCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQ0Ex
+FDASBgNVBCkTC1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZYIJAPf/MOnEeNJTMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIH
+gDANBgkqhkiG9w0BAQUFAAOBgQBQDXSINowogIHpGDvsYSkp6bWze8otlsiN9sI2
+NQ9aXQfR4jhfnI1j//zUJompLPMOYbHOo4HM4QqY+/hC3PIE4171QYfgIwLyWBsk
+IYd9W8Zq8BUYQPQgVpFNJAYe5lg/UACrrTfQCVPikkxROmjYRrPDRtCONpU+2gH3
+otBhIQ==
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/0B.pem b/FLR-BRB/openvpn/home-flr/keys/0B.pem
new file mode 100644
index 0000000..77c73be
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/0B.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 11 (0xb)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr 22 11:39:45 2016 GMT
+            Not After : Apr 20 11:39:45 2026 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-sabrina/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:a2:73:e9:c5:a4:41:5c:75:bb:c2:bc:ad:71:a0:
+                    ca:9e:74:68:5e:dd:92:bb:b4:2e:bd:7e:ea:fd:b2:
+                    fe:b9:f7:3d:da:02:2e:05:db:e9:f0:23:97:93:b3:
+                    74:c7:4d:2f:01:8a:1d:0e:a1:63:14:b8:b4:f1:a1:
+                    4e:0d:ff:61:1b:76:75:49:2f:93:ef:8a:57:6d:bb:
+                    44:c0:b3:d0:3e:94:b6:33:21:ec:c6:26:75:db:dd:
+                    84:2c:2e:16:68:4e:39:70:19:3c:56:a8:94:8e:a1:
+                    ea:b1:a7:62:a9:e0:03:47:ea:28:e6:9b:9f:50:dd:
+                    f8:5c:0e:38:55:d1:19:c4:a5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                45:86:60:2C:D6:88:E4:17:AB:C6:80:90:AA:90:A6:00:8A:D2:11:F1
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         a3:a8:fb:c0:30:a6:4c:92:c7:26:68:84:5a:38:22:f1:c1:ef:
+         af:37:47:6f:31:55:95:aa:3b:91:04:a4:7e:cd:95:63:58:84:
+         64:8b:fd:8c:0c:82:97:1b:be:e9:fb:0d:6e:98:37:1c:52:23:
+         f6:f3:16:8b:89:ed:c9:bc:bc:be:6b:dd:ab:e4:69:9a:67:77:
+         e3:15:b5:c8:05:f3:d3:d5:11:7e:02:5d:5d:14:29:ab:16:5d:
+         f1:bf:01:ee:6b:da:13:a3:47:e2:51:b4:8d:c1:f1:91:fb:f4:
+         a2:fd:88:00:2a:d1:84:eb:22:b5:d5:0a:2d:c0:2e:b3:c7:0b:
+         20:db
+-----BEGIN CERTIFICATE-----
+MIIEITCCA4qgAwIBAgIBCzANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE2MDQyMjExMzk0NVoXDTI2MDQyMDExMzk0NVowga4xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNWUE4t
+RkxSLUJSQi1zYWJyaW5hMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AKJz6cWkQVx1u8K8rXGgyp50aF7dkru0Lr1+6v2y/rn3PdoCLgXb6fAjl5OzdMdN
+LwGKHQ6hYxS4tPGhTg3/YRt2dUkvk++KV227RMCz0D6UtjMh7MYmddvdhCwuFmhO
+OXAZPFaolI6h6rGnYqngA0fqKOabn1Dd+FwOOFXRGcSlAgMBAAGjggFYMIIBVDAJ
+BgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2Vy
+dGlmaWNhdGUwHQYDVR0OBBYEFEWGYCzWiOQXq8aAkKqQpgCK0hHxMIHWBgNVHSME
+gc4wgcuAFFb+8DvjraReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJE
+RTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8u
+b3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNB
+MRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGWCCQD3/zDpxHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMC
+B4AwDQYJKoZIhvcNAQEFBQADgYEAo6j7wDCmTJLHJmiEWjgi8cHvrzdHbzFVlao7
+kQSkfs2VY1iEZIv9jAyClxu+6fsNbpg3HFIj9vMWi4ntyby8vmvdq+Rpmmd34xW1
+yAXz09URfgJdXRQpqxZd8b8B7mvaE6NH4lG0jcHxkfv0ov2IACrRhOsitdUKLcAu
+s8cLINs=
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/0C.pem b/FLR-BRB/openvpn/home-flr/keys/0C.pem
new file mode 100644
index 0000000..32bb484
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/0C.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 12 (0xc)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr 22 11:40:34 2016 GMT
+            Not After : Apr 20 11:40:34 2026 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-pierre/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:97:d8:d9:51:1f:da:2d:25:4b:38:10:96:41:f9:
+                    bf:7b:2e:70:3f:5b:ea:28:3e:c4:9c:6d:b8:2f:c2:
+                    f9:34:27:ce:a3:a9:63:71:07:a3:79:b9:8f:10:6b:
+                    23:60:7b:24:37:4a:9b:54:51:9c:4a:c1:61:a3:bf:
+                    e9:68:32:73:5e:1b:c1:e9:74:f7:68:6e:dc:11:2a:
+                    14:91:b3:e0:33:e8:06:e5:22:cd:52:cf:c5:7d:df:
+                    28:a7:a8:ae:54:b3:85:de:12:0f:aa:12:39:19:be:
+                    7d:87:43:df:2a:73:aa:0c:40:b0:22:1e:7a:6d:01:
+                    19:f7:14:94:05:2e:58:87:0d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                06:90:87:29:A3:95:B7:FF:11:87:22:6B:50:72:B5:7C:D5:24:8F:DC
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         5e:e9:53:73:1e:d8:4d:c5:c1:e3:f5:00:fa:aa:52:12:95:bc:
+         a6:e6:67:a1:bf:be:93:b1:f6:3b:d3:7a:93:d0:72:35:d8:16:
+         2e:26:6f:2c:ac:5d:4c:21:0c:bf:1f:8a:ec:fe:e1:d2:5f:df:
+         b8:ce:4c:70:99:c8:19:54:64:e1:00:a9:60:fd:16:2a:69:d8:
+         6e:8b:55:a0:99:72:e4:e7:a7:1c:34:e7:d8:08:ce:d3:0e:33:
+         1f:bd:55:73:f2:63:87:d6:2e:86:ec:df:4c:11:1d:56:5c:92:
+         cf:10:93:5c:63:a6:f4:05:f1:ff:48:43:47:81:a7:4d:3e:4c:
+         a2:4a
+-----BEGIN CERTIFICATE-----
+MIIEIDCCA4mgAwIBAgIBDDANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE2MDQyMjExNDAzNFoXDTI2MDQyMDExNDAzNFowga0xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRswGQYDVQQDExJWUE4t
+RkxSLUJSQi1waWVycmUxFDASBgNVBCkTC1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+l9jZUR/aLSVLOBCWQfm/ey5wP1vqKD7EnG24L8L5NCfOo6ljcQejebmPEGsjYHsk
+N0qbVFGcSsFho7/paDJzXhvB6XT3aG7cESoUkbPgM+gG5SLNUs/Ffd8op6iuVLOF
+3hIPqhI5Gb59h0PfKnOqDECwIh56bQEZ9xSUBS5Yhw0CAwEAAaOCAVgwggFUMAkG
+A1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUBpCHKaOVt/8RhyJrUHK1fNUkj9wwgdYGA1UdIwSB
+zjCBy4AUVv7wO+OtpF4bfg/WH+Tp1Y5vEtahgaekgaQwgaExCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQ0Ex
+FDASBgNVBCkTC1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZYIJAPf/MOnEeNJTMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIH
+gDANBgkqhkiG9w0BAQUFAAOBgQBe6VNzHthNxcHj9QD6qlISlbym5mehv76TsfY7
+03qT0HI12BYuJm8srF1MIQy/H4rs/uHSX9+4zkxwmcgZVGThAKlg/RYqadhui1Wg
+mXLk56ccNOfYCM7TDjMfvVVz8mOH1i6G7N9MER1WXJLPEJNcY6b0BfH/SENHgadN
+PkyiSg==
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/0D.pem b/FLR-BRB/openvpn/home-flr/keys/0D.pem
new file mode 100644
index 0000000..0e7c3c7
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/0D.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 13 (0xd)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jun 10 17:30:36 2016 GMT
+            Not After : Jun  8 17:30:36 2026 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-lotta/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:b6:3a:d8:30:3f:d9:64:c6:75:1f:c5:41:37:25:
+                    53:90:8f:8d:bd:d0:d6:55:a0:13:ca:50:ce:ef:84:
+                    8c:c6:1a:a5:51:64:46:95:be:a8:da:0e:b9:22:a6:
+                    c7:1b:b9:c8:25:e7:77:fb:27:0e:6b:a5:1d:a6:02:
+                    16:bc:af:23:4c:e8:70:ef:f3:73:ad:ce:51:7f:ec:
+                    0e:3a:e0:1e:44:0b:72:53:8e:49:32:3f:30:14:34:
+                    ca:2c:65:5b:b7:9f:88:00:ec:e5:3c:02:0a:0d:bd:
+                    ce:01:30:4e:69:f3:a0:16:0b:89:d1:33:99:b8:8c:
+                    5d:6a:0b:ea:c8:74:70:8c:d5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                EB:01:5B:84:3B:15:BD:99:87:33:8E:3B:6B:9E:4D:DC:89:34:03:0E
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         5f:df:0d:5c:f2:02:37:c2:1c:0d:4b:37:6a:8e:ff:16:47:c4:
+         f8:2b:17:95:e0:a0:7d:44:aa:03:e5:bf:06:12:32:10:27:7b:
+         39:ac:ab:e9:94:e1:91:7a:2a:ea:0b:07:ea:bb:c8:31:a0:4e:
+         64:1e:0e:04:29:90:8b:fc:65:a5:8e:57:24:7e:9b:ed:49:58:
+         b3:c7:cb:e2:11:c7:a2:32:95:b8:56:dd:e0:38:a9:4b:75:65:
+         da:a1:48:e3:72:0a:be:56:af:4b:41:98:ef:8d:e7:c3:74:20:
+         b8:fa:50:95:a8:ce:81:e7:07:d3:5c:41:55:0c:26:4e:c9:0d:
+         e3:97
+-----BEGIN CERTIFICATE-----
+MIIEHzCCA4igAwIBAgIBDTANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE2MDYxMDE3MzAzNloXDTI2MDYwODE3MzAzNlowgawxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRowGAYDVQQDExFWUE4t
+RkxSLUJSQi1sb3R0YTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
+OtgwP9lkxnUfxUE3JVOQj4290NZVoBPKUM7vhIzGGqVRZEaVvqjaDrkipscbucgl
+53f7Jw5rpR2mAha8ryNM6HDv83OtzlF/7A464B5EC3JTjkkyPzAUNMosZVu3n4gA
+7OU8AgoNvc4BME5p86AWC4nRM5m4jF1qC+rIdHCM1QIDAQABo4IBWDCCAVQwCQYD
+VR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBTrAVuEOxW9mYczjjtrnk3ciTQDDjCB1gYDVR0jBIHO
+MIHLgBRW/vA7462kXht+D9Yf5OnVjm8S1qGBp6SBpDCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlggkA9/8w6cR40lMwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeA
+MA0GCSqGSIb3DQEBBQUAA4GBAF/fDVzyAjfCHA1LN2qO/xZHxPgrF5XgoH1EqgPl
+vwYSMhAnezmsq+mU4ZF6KuoLB+q7yDGgTmQeDgQpkIv8ZaWOVyR+m+1JWLPHy+IR
+x6IylbhW3eA4qUt1ZdqhSONyCr5Wr0tBmO+N58N0ILj6UJWozoHnB9NcQVUMJk7J
+DeOX
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/0E.pem b/FLR-BRB/openvpn/home-flr/keys/0E.pem
new file mode 100644
index 0000000..fd40396
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/0E.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 14 (0xe)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov 18 01:47:17 2016 GMT
+            Not After : Nov 16 01:47:17 2026 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-pierre/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:ec:42:58:9e:f1:d6:65:e4:05:e4:d3:4f:d9:70:
+                    16:df:19:e1:85:81:5a:ee:69:05:f3:00:83:b3:49:
+                    fd:b7:1c:3a:d3:5f:82:cf:28:84:06:5b:88:11:64:
+                    97:56:4e:4f:19:0c:c8:73:87:9d:03:ee:27:3e:c9:
+                    53:f8:d2:ad:bc:19:5b:d3:3f:02:aa:10:e8:29:4c:
+                    2e:af:bc:a0:7a:e5:c6:8b:c3:fa:71:98:b5:c5:2b:
+                    46:d8:aa:37:ae:98:2f:99:0d:19:0d:63:5c:cf:13:
+                    c8:cd:0b:50:24:3a:55:75:0c:6b:73:7b:8f:2a:b7:
+                    5b:70:60:62:51:9b:28:62:bd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                AD:91:04:D1:8A:AA:1A:8A:4B:9F:D0:A8:9C:21:56:45:0D:D9:0D:E2
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         6f:cb:7c:a9:7c:3d:18:59:ec:06:81:0d:56:2b:95:a4:b7:59:
+         e6:ee:4c:a4:d8:03:44:74:50:e3:06:05:38:1f:47:a0:fb:16:
+         4e:1d:44:4e:77:ff:75:09:d8:b4:cd:86:10:35:5b:f2:07:81:
+         47:65:22:97:c5:22:09:7e:d6:e5:df:94:44:c8:08:5c:da:5d:
+         14:f1:7a:ab:83:e7:c5:bf:71:49:19:0a:fc:24:3b:88:f4:ab:
+         1e:14:0c:b8:c1:c4:06:ae:83:96:8b:6c:a7:cc:c4:23:ff:63:
+         ca:7b:a1:7f:ea:a1:27:2b:02:8c:f6:72:6a:f1:fa:c5:ba:4f:
+         2c:44
+-----BEGIN CERTIFICATE-----
+MIIEIDCCA4mgAwIBAgIBDjANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE2MTExODAxNDcxN1oXDTI2MTExNjAxNDcxN1owga0xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRswGQYDVQQDExJWUE4t
+RkxSLUJSQi1waWVycmUxFDASBgNVBCkTC1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+7EJYnvHWZeQF5NNP2XAW3xnhhYFa7mkF8wCDs0n9txw601+CzyiEBluIEWSXVk5P
+GQzIc4edA+4nPslT+NKtvBlb0z8CqhDoKUwur7ygeuXGi8P6cZi1xStG2Ko3rpgv
+mQ0ZDWNczxPIzQtQJDpVdQxrc3uPKrdbcGBiUZsoYr0CAwEAAaOCAVgwggFUMAkG
+A1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUrZEE0YqqGopLn9ConCFWRQ3ZDeIwgdYGA1UdIwSB
+zjCBy4AUVv7wO+OtpF4bfg/WH+Tp1Y5vEtahgaekgaQwgaExCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQ0Ex
+FDASBgNVBCkTC1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZYIJAPf/MOnEeNJTMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIH
+gDANBgkqhkiG9w0BAQUFAAOBgQBvy3ypfD0YWewGgQ1WK5Wkt1nm7kyk2ANEdFDj
+BgU4H0eg+xZOHUROd/91Cdi0zYYQNVvyB4FHZSKXxSIJftbl35REyAhc2l0U8Xqr
+g+fFv3FJGQr8JDuI9KseFAy4wcQGroOWi2ynzMQj/2PKe6F/6qEnKwKM9nJq8frF
+uk8sRA==
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/0F.pem b/FLR-BRB/openvpn/home-flr/keys/0F.pem
new file mode 100644
index 0000000..1a9faac
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/0F.pem
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 15 (0xf)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov 18 01:59:40 2016 GMT
+            Not After : Nov 16 01:59:40 2026 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-flr-pierre/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:a2:13:0c:ff:8b:0a:7f:29:6a:fa:01:32:4a:f1:
+                    60:72:44:0c:f8:41:82:59:44:93:db:30:6c:6a:92:
+                    1e:9e:fd:d6:a1:99:90:2e:02:7b:9c:59:8d:5e:a8:
+                    a5:de:77:56:33:39:0b:0a:1a:ad:08:79:97:94:59:
+                    33:bb:fd:b2:17:54:88:fe:54:90:35:ef:79:a9:98:
+                    7f:e6:f9:d1:db:2a:bd:06:c5:4a:c9:11:c4:43:a8:
+                    6f:66:82:10:b7:a9:8c:66:8a:41:c1:75:b4:41:19:
+                    e2:09:d7:fb:e7:8f:35:f2:8e:cb:7e:ec:9a:89:e0:
+                    d0:9c:d6:ff:37:13:22:02:1f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                B2:F2:A2:88:A9:FA:9E:66:8C:ED:BB:35:D8:4E:04:D3:81:38:5B:B8
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         91:84:59:e0:e5:1a:04:62:1a:17:a4:41:ce:fb:d8:d6:3f:86:
+         5b:36:6e:51:b7:7e:15:38:69:56:77:8b:dc:20:7e:19:dc:f6:
+         ac:eb:ed:cc:a9:aa:5b:68:8c:a9:36:04:4a:4c:0c:21:47:d1:
+         7d:77:cb:f9:7f:46:52:5a:42:61:0d:8a:01:b5:5a:90:25:4e:
+         bd:5f:5f:2a:d6:af:49:fb:9f:92:72:bc:6a:95:72:86:29:6a:
+         e2:14:f2:c7:dd:4f:79:78:24:1e:49:b0:f5:cb:69:73:2c:bd:
+         6c:26:4b:c2:03:37:d9:ed:8d:b7:4a:bf:19:c1:54:8b:4b:5d:
+         df:8a
+-----BEGIN CERTIFICATE-----
+MIIEJDCCA42gAwIBAgIBDzANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE2MTExODAxNTk0MFoXDTI2MTExNjAxNTk0MFowgbExCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMR8wHQYDVQQDExZWUE4t
+RkxSLUJSQi1mbHItcGllcnJlMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqG
+SIb3DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAKITDP+LCn8pavoBMkrxYHJEDPhBgllEk9swbGqSHp791qGZkC4Ce5xZjV6o
+pd53VjM5CwoarQh5l5RZM7v9shdUiP5UkDXveamYf+b50dsqvQbFSskRxEOob2aC
+ELepjGaKQcF1tEEZ4gnX++ePNfKOy37smong0JzW/zcTIgIfAgMBAAGjggFYMIIB
+VDAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFLLyooip+p5mjO27NdhOBNOBOFu4MIHWBgNV
+HSMEgc4wgcuAFFb+8DvjraReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQG
+EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
+Bm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBO
+LUNBMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGWCCQD3/zDpxHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
+BAMCB4AwDQYJKoZIhvcNAQEFBQADgYEAkYRZ4OUaBGIaF6RBzvvY1j+GWzZuUbd+
+FThpVneL3CB+Gdz2rOvtzKmqW2iMqTYESkwMIUfRfXfL+X9GUlpCYQ2KAbVakCVO
+vV9fKtavSfufknK8apVyhilq4hTyx91PeXgkHkmw9ctpcyy9bCZLwgM32e2Nt0q/
+GcFUi0td34o=
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/10.pem b/FLR-BRB/openvpn/home-flr/keys/10.pem
new file mode 100644
index 0000000..8cd6938
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/10.pem
@@ -0,0 +1,88 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 16 (0x10)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr 20 13:38:03 2017 GMT
+            Not After : Apr 18 13:38:03 2027 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-test/name=VPN FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:cc:ff:52:dc:42:3e:ec:5d:ed:35:cc:b1:a8:bd:
+                    0b:a9:79:52:0d:40:d4:37:90:cf:f5:34:f8:7b:3b:
+                    8b:ce:a8:58:53:f5:ce:20:67:00:d3:97:ae:ff:1f:
+                    4f:be:05:8f:68:4d:40:a9:2f:01:86:72:dc:8a:73:
+                    67:d0:f1:e1:00:5f:58:0c:62:d6:5b:62:11:65:62:
+                    7e:a6:46:99:ef:3c:66:7d:c7:dc:e0:68:1d:f2:58:
+                    cf:d7:0e:9a:9f:d2:e9:f6:9d:11:0a:35:ae:47:27:
+                    f9:63:de:8b:cc:7f:64:ff:67:dc:51:b6:11:ca:18:
+                    94:ac:b9:b1:81:cc:22:89:fe:ea:77:46:38:34:b3:
+                    de:b0:be:cf:15:7c:c2:ee:22:d7:da:27:93:c7:42:
+                    45:37:64:48:4a:7c:4b:d1:02:c4:70:a0:91:30:cc:
+                    3b:88:29:69:34:7c:67:a8:b2:3c:fc:37:bf:34:a2:
+                    2e:db:7c:94:f2:05:b9:45:46:49:26:b8:5a:57:ea:
+                    00:5a:db:f0:35:62:9c:3c:38:af:d8:5f:c8:1b:f7:
+                    08:a6:7b:15:63:d8:3d:7a:5b:18:69:ba:a1:0b:01:
+                    a8:17:7a:e3:48:0b:5e:da:9d:0e:c7:04:49:55:9a:
+                    15:2b:ce:c8:47:8e:c8:81:eb:f3:39:64:5d:10:32:
+                    8b:c7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                A0:88:26:03:2B:48:AB:B4:04:E2:70:30:D5:A4:10:4E:46:64:D4:68
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:test
+    Signature Algorithm: sha256WithRSAEncryption
+         4a:a3:e6:d7:e9:ef:5f:73:5c:58:bb:64:4e:a2:76:27:30:4c:
+         6e:84:1f:a0:2b:1a:0b:eb:b9:4d:31:e4:2e:3b:d5:92:a0:13:
+         ac:fc:33:c7:1c:86:ef:d9:77:8f:88:f7:26:89:f5:ab:78:a5:
+         84:b4:c5:db:45:5f:61:17:ed:0c:d6:7a:99:73:fb:05:dc:8d:
+         77:70:c3:0b:4c:eb:cc:30:9c:85:45:9f:e8:15:5d:45:d2:67:
+         85:da:d0:5f:c2:23:41:e4:25:65:a1:a1:68:42:ad:50:3d:ff:
+         34:f1:73:93:d8:2d:0c:48:4d:85:b8:fc:7b:c3:76:ff:71:43:
+         8b:03
+-----BEGIN CERTIFICATE-----
+MIIEszCCBBygAwIBAgIBEDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE3MDQyMDEzMzgwM1oXDTI3MDQxODEzMzgwM1owgasxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRkwFwYDVQQDExBWUE4t
+RkxSLUJSQi10ZXN0MRQwEgYDVQQpEwtWUE4gRkxSLUJSQjEdMBsGCSqGSIb3DQEJ
+ARYOYXJndXNAb29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDM/1LcQj7sXe01zLGovQupeVINQNQ3kM/1NPh7O4vOqFhT9c4gZwDTl67/H0++
+BY9oTUCpLwGGctyKc2fQ8eEAX1gMYtZbYhFlYn6mRpnvPGZ9x9zgaB3yWM/XDpqf
+0un2nREKNa5HJ/lj3ovMf2T/Z9xRthHKGJSsubGBzCKJ/up3Rjg0s96wvs8VfMLu
+ItfaJ5PHQkU3ZEhKfEvRAsRwoJEwzDuIKWk0fGeosjz8N780oi7bfJTyBblFRkkm
+uFpX6gBa2/A1Ypw8OK/YX8gb9wimexVj2D16WxhpuqELAagXeuNIC17anQ7HBElV
+mhUrzshHjsiB6/M5ZF0QMovHAgMBAAGjggFpMIIBZTAJBgNVHRMEAjAAMC0GCWCG
+SAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFKCIJgMrSKu0BOJwMNWkEE5GZNRoMIHWBgNVHSMEgc4wgcuAFFb+8DvjraRe
+G34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtWUE4t
+RkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDpxHjS
+UzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIE
+dGVzdDANBgkqhkiG9w0BAQsFAAOBgQBKo+bX6e9fc1xYu2ROonYnMExuhB+gKxoL
+67lNMeQuO9WSoBOs/DPHHIbv2XePiPcmifWreKWEtMXbRV9hF+0M1nqZc/sF3I13
+cMMLTOvMMJyFRZ/oFV1F0meF2tBfwiNB5CVloaFoQq1QPf808XOT2C0MSE2FuPx7
+w3b/cUOLAw==
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/11.pem b/FLR-BRB/openvpn/home-flr/keys/11.pem
new file mode 100644
index 0000000..38e16d0
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/11.pem
@@ -0,0 +1,88 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 17 (0x11)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Sep 28 01:51:57 2017 GMT
+            Not After : Sep 26 01:51:57 2027 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-kirstin/name=VPN FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b4:de:6c:e3:57:67:78:af:40:8d:cb:12:9c:e2:
+                    9c:47:0b:21:92:38:c7:bd:1b:f0:80:88:34:0d:a3:
+                    0e:90:13:b3:08:ba:0e:89:4b:e9:48:55:07:1b:dc:
+                    b0:f3:b7:2d:0b:fb:49:f7:26:a8:78:bd:2d:7b:d0:
+                    7e:03:c2:65:41:91:00:7c:c2:30:ed:36:6b:1e:27:
+                    f5:37:7c:de:3d:22:5e:45:0d:b0:33:75:55:bb:69:
+                    14:32:6e:3a:80:69:db:2e:06:5f:67:73:d9:13:9f:
+                    7e:0e:3a:db:59:9a:84:90:28:04:ff:ba:36:aa:c7:
+                    c7:8d:a0:0e:ad:f7:93:20:37:8a:59:7f:16:91:20:
+                    00:2f:e3:26:9d:41:40:e1:62:37:16:02:8d:9a:ba:
+                    05:59:ff:c5:c5:05:e5:00:4a:0a:53:6f:2f:87:47:
+                    ed:ce:12:44:bb:01:82:16:e0:0a:06:5c:49:f2:3b:
+                    a1:d9:14:4a:40:c1:7e:30:b8:2c:99:ac:23:44:45:
+                    ca:a3:4a:ad:7a:c5:d3:b5:48:35:e8:d4:5e:ef:2c:
+                    bf:62:c1:87:ad:85:79:11:0e:97:a9:ee:d8:bb:aa:
+                    79:ed:9f:15:0b:23:79:c8:c8:91:27:77:55:90:19:
+                    8e:21:e9:77:60:fc:5c:94:39:34:7f:1c:9d:ee:c6:
+                    c5:0d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                59:AE:3C:E4:DC:A9:72:F8:07:17:B5:BC:AD:CE:2F:1D:86:14:D7:1C
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:kirstin
+    Signature Algorithm: sha256WithRSAEncryption
+         5e:0c:c0:a6:b2:3d:cc:09:f3:5a:7c:72:05:0b:02:2b:a1:06:
+         46:68:ef:9e:67:d2:d0:6b:07:bb:dc:4a:ca:e2:7b:34:1e:fb:
+         3f:16:56:c8:48:07:21:aa:ab:a7:01:eb:3c:19:14:a6:8d:70:
+         1b:0d:2b:8a:b2:7f:09:f4:77:9f:4f:0c:6c:aa:08:b6:ca:1f:
+         cd:4f:2f:75:c6:26:41:11:72:17:c3:a6:b1:26:2b:43:8e:60:
+         15:93:5c:ab:83:0b:17:7f:e5:5f:74:d9:c5:9a:d5:27:bf:bc:
+         8d:35:2f:b4:97:64:9a:4b:c2:02:d8:ed:b3:9a:9b:4f:78:b9:
+         24:0e
+-----BEGIN CERTIFICATE-----
+MIIEuTCCBCKgAwIBAgIBETANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE3MDkyODAxNTE1N1oXDTI3MDkyNjAxNTE1N1owga4xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNWUE4t
+RkxSLUJSQi1raXJzdGluMRQwEgYDVQQpEwtWUE4gRkxSLUJSQjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC03mzjV2d4r0CNyxKc4pxHCyGSOMe9G/CAiDQNow6QE7MIug6JS+lIVQcb
+3LDzty0L+0n3Jqh4vS170H4DwmVBkQB8wjDtNmseJ/U3fN49Il5FDbAzdVW7aRQy
+bjqAadsuBl9nc9kTn34OOttZmoSQKAT/ujaqx8eNoA6t95MgN4pZfxaRIAAv4yad
+QUDhYjcWAo2augVZ/8XFBeUASgpTby+HR+3OEkS7AYIW4AoGXEnyO6HZFEpAwX4w
+uCyZrCNERcqjSq16xdO1SDXo1F7vLL9iwYethXkRDpep7ti7qnntnxULI3nIyJEn
+d1WQGY4h6Xdg/FyUOTR/HJ3uxsUNAgMBAAGjggFsMIIBaDAJBgNVHRMEAjAAMC0G
+CWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFFmuPOTcqXL4Bxe1vK3OLx2GFNccMIHWBgNVHSMEgc4wgcuAFFb+8Dvj
+raReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMG
+QmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UE
+CxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtW
+UE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDp
+xHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEgYDVR0RBAsw
+CYIHa2lyc3RpbjANBgkqhkiG9w0BAQsFAAOBgQBeDMCmsj3MCfNafHIFCwIroQZG
+aO+eZ9LQawe73ErK4ns0Hvs/FlbISAchqqunAes8GRSmjXAbDSuKsn8J9HefTwxs
+qgi2yh/NTy91xiZBEXIXw6axJitDjmAVk1yrgwsXf+VfdNnFmtUnv7yNNS+0l2Sa
+S8IC2O2zmptPeLkkDg==
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/12.pem b/FLR-BRB/openvpn/home-flr/keys/12.pem
new file mode 100644
index 0000000..f89aa24
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/12.pem
@@ -0,0 +1,88 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 18 (0x12)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Oct 24 01:34:33 2017 GMT
+            Not After : Oct 22 01:34:33 2027 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-juergen/name=VPN FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:9b:71:3f:18:2a:95:12:65:74:ea:af:ee:03:99:
+                    ca:c1:44:89:ae:90:89:7f:4e:e0:f3:36:22:c2:b5:
+                    79:90:99:73:d0:ec:1c:69:7d:00:2a:a6:48:b6:ff:
+                    12:9d:a8:c0:fd:cf:3f:54:29:e9:b0:7a:3d:c9:e8:
+                    66:6e:d8:6a:5e:5e:60:c5:88:e1:96:c4:d0:f2:8f:
+                    30:76:9f:7d:a1:83:d8:cb:ce:d9:7b:2b:9c:88:9b:
+                    24:bf:58:9c:a1:0e:19:1f:56:4b:d2:95:20:c5:63:
+                    66:8e:37:2c:29:6f:23:92:90:a4:f0:a1:03:1b:6b:
+                    bf:a5:1f:31:9c:2b:5a:20:19:ea:8b:16:d2:8f:3f:
+                    29:a1:a7:b1:f0:86:b4:a5:c4:34:fc:d5:28:1d:a3:
+                    2a:dc:93:84:37:11:1a:d6:75:5f:4c:94:56:23:27:
+                    e9:92:55:cd:0b:17:8e:18:44:ff:87:b9:90:ff:06:
+                    3c:8c:64:cd:b8:e5:d5:92:31:ee:40:33:b5:ec:5c:
+                    d5:11:82:60:57:32:fb:d9:62:19:6a:3a:6a:1d:3c:
+                    9d:f4:d1:10:1f:dc:19:be:2c:7c:0a:b8:9b:31:e4:
+                    21:f2:20:ff:7e:43:c9:8b:24:a9:f2:47:2c:30:e9:
+                    59:4a:88:1d:07:6a:c7:48:db:8e:ba:a4:39:79:72:
+                    68:f1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                10:F5:DF:E4:E8:0F:7F:93:A9:F6:65:47:EB:15:76:6B:56:82:E0:41
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:juergen
+    Signature Algorithm: sha256WithRSAEncryption
+         32:a8:d5:66:03:a6:10:5e:69:0b:4a:a6:24:95:9d:19:1e:ee:
+         52:d3:b5:11:a0:bd:e8:b9:8d:0d:1a:83:b3:1b:bc:d3:b2:76:
+         8f:61:ca:a9:ee:06:0d:7d:6e:81:b3:a2:74:85:cf:64:9a:1f:
+         79:69:61:1f:8f:e1:1c:2f:5e:4e:43:ac:0f:f1:6e:1e:8b:4a:
+         5b:34:d3:e8:29:e9:bc:e7:50:d8:88:36:c5:03:91:53:6e:1e:
+         64:85:dd:5b:6b:cf:75:1e:b1:ee:06:59:78:5e:62:53:6e:5c:
+         14:e3:c0:0b:f3:d8:f6:28:c5:06:16:22:fe:b5:80:5c:d9:74:
+         47:9d
+-----BEGIN CERTIFICATE-----
+MIIEuTCCBCKgAwIBAgIBEjANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE3MTAyNDAxMzQzM1oXDTI3MTAyMjAxMzQzM1owga4xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNWUE4t
+RkxSLUJSQi1qdWVyZ2VuMRQwEgYDVQQpEwtWUE4gRkxSLUJSQjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCbcT8YKpUSZXTqr+4DmcrBRImukIl/TuDzNiLCtXmQmXPQ7BxpfQAqpki2
+/xKdqMD9zz9UKemwej3J6GZu2GpeXmDFiOGWxNDyjzB2n32hg9jLztl7K5yImyS/
+WJyhDhkfVkvSlSDFY2aONywpbyOSkKTwoQMba7+lHzGcK1ogGeqLFtKPPymhp7Hw
+hrSlxDT81Sgdoyrck4Q3ERrWdV9MlFYjJ+mSVc0LF44YRP+HuZD/BjyMZM245dWS
+Me5AM7XsXNURgmBXMvvZYhlqOmodPJ300RAf3Bm+LHwKuJsx5CHyIP9+Q8mLJKny
+Ryww6VlKiB0HasdI2466pDl5cmjxAgMBAAGjggFsMIIBaDAJBgNVHRMEAjAAMC0G
+CWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFBD13+ToD3+TqfZlR+sVdmtWguBBMIHWBgNVHSMEgc4wgcuAFFb+8Dvj
+raReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMG
+QmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UE
+CxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtW
+UE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDp
+xHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEgYDVR0RBAsw
+CYIHanVlcmdlbjANBgkqhkiG9w0BAQsFAAOBgQAyqNVmA6YQXmkLSqYklZ0ZHu5S
+07URoL3ouY0NGoOzG7zTsnaPYcqp7gYNfW6Bs6J0hc9kmh95aWEfj+EcL15OQ6wP
+8W4ei0pbNNPoKem851DYiDbFA5FTbh5khd1ba891HrHuBll4XmJTblwU48AL89j2
+KMUGFiL+tYBc2XRHnQ==
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/almut.crt b/FLR-BRB/openvpn/home-flr/keys/almut.crt
new file mode 100644
index 0000000..ea325ec
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/almut.crt
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 8 (0x8)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  8 11:07:55 2015 GMT
+            Not After : Jul  5 11:07:55 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-almut/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:e6:b1:b6:df:9d:e7:65:dd:d6:6b:5e:4b:16:62:
+                    7d:30:59:35:63:fe:4e:03:16:5a:e1:5d:d8:05:2b:
+                    fe:83:46:14:75:2d:cc:b5:2b:b9:c0:5e:bf:1f:6f:
+                    f2:79:e3:74:c5:cf:13:d8:82:87:19:06:05:35:cf:
+                    d3:6a:f9:be:ad:66:e1:8c:29:65:6d:e3:e6:44:2b:
+                    0b:21:25:d6:24:91:27:bc:7d:82:58:b9:22:e5:d5:
+                    b4:22:72:7e:03:38:93:18:71:f1:a2:18:6c:87:6e:
+                    2e:1d:cb:4c:a1:5e:c1:13:d9:2a:1a:8e:47:67:6e:
+                    b2:63:e3:7f:f0:3a:bc:6c:37
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                1C:17:CE:68:3A:6B:CA:ED:98:E4:63:13:C7:A2:60:E1:D2:51:DF:9A
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         c3:24:0b:75:30:4a:dc:79:f6:55:e3:95:4b:5d:d3:6d:4d:42:
+         41:54:a9:5f:0d:d1:3b:cd:9f:bb:7e:19:fc:ca:dd:a6:92:6e:
+         2a:28:57:b2:a9:99:9a:9b:11:60:34:ec:09:3c:bb:91:d5:37:
+         89:14:9a:c2:c6:52:af:b9:f0:a6:c9:aa:b3:e5:b5:80:07:40:
+         ac:a2:fd:98:c2:5b:16:20:c4:39:31:b7:73:ee:65:79:75:86:
+         41:70:26:a5:c4:fc:a8:f4:50:cf:34:2d:85:22:21:e9:84:2c:
+         8e:08:09:d1:75:a7:76:f7:f3:be:09:b0:79:7f:0d:c6:7d:6b:
+         57:b9
+-----BEGIN CERTIFICATE-----
+MIIEHzCCA4igAwIBAgIBCDANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE1MDcwODExMDc1NVoXDTI1MDcwNTExMDc1NVowgawxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRowGAYDVQQDExFWUE4t
+RkxSLUJSQi1hbG11dDEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDm
+sbbfnedl3dZrXksWYn0wWTVj/k4DFlrhXdgFK/6DRhR1Lcy1K7nAXr8fb/J543TF
+zxPYgocZBgU1z9Nq+b6tZuGMKWVt4+ZEKwshJdYkkSe8fYJYuSLl1bQicn4DOJMY
+cfGiGGyHbi4dy0yhXsET2SoajkdnbrJj43/wOrxsNwIDAQABo4IBWDCCAVQwCQYD
+VR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBQcF85oOmvK7ZjkYxPHomDh0lHfmjCB1gYDVR0jBIHO
+MIHLgBRW/vA7462kXht+D9Yf5OnVjm8S1qGBp6SBpDCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlggkA9/8w6cR40lMwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeA
+MA0GCSqGSIb3DQEBBQUAA4GBAMMkC3UwStx59lXjlUtd021NQkFUqV8N0TvNn7t+
+GfzK3aaSbiooV7KpmZqbEWA07Ak8u5HVN4kUmsLGUq+58KbJqrPltYAHQKyi/ZjC
+WxYgxDkxt3PuZXl1hkFwJqXE/Kj0UM80LYUiIemELI4ICdF1p3b3874JsHl/DcZ9
+a1e5
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/almut.csr b/FLR-BRB/openvpn/home-flr/keys/almut.csr
new file mode 100644
index 0000000..4396243
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/almut.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB7TCCAVYCAQAwgawxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRowGAYDVQQDExFWUE4tRkxSLUJSQi1hbG11dDEUMBIGA1UEKRML
+VlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmsbbfnedl3dZrXksWYn0wWTVj/k4DFlrh
+XdgFK/6DRhR1Lcy1K7nAXr8fb/J543TFzxPYgocZBgU1z9Nq+b6tZuGMKWVt4+ZE
+KwshJdYkkSe8fYJYuSLl1bQicn4DOJMYcfGiGGyHbi4dy0yhXsET2SoajkdnbrJj
+43/wOrxsNwIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAsRoYDX/mMD6vDxsz/RH9
+7GCblltxzQl3McntUp9K44xRC5vhP4E0EZ2cWsnrDtMlI3cn93I6H7NuVbk3CKy0
+J/uJjRmQ8ZrmTjmxJY1MRoz7MQll6IfGyHVMyeKqL+0KjI5PlJMK43nb8Vm3wmPW
+5R9r5Yf5urpsCJPFfAp1kgc=
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/almut.key b/FLR-BRB/openvpn/home-flr/keys/almut.key
new file mode 100644
index 0000000..737b1aa
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/almut.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIQ9cKL0FNsPUCAggA
+MBQGCCqGSIb3DQMHBAg62rRyltv9pASCAoB8imFD1xrg+dgYwmoxHIOYYB1ZNVWc
+BA0T0UsuJEys4+tVuDhn0M5K7Gq1wo7tvrkeGHI2egNbSDq9atWwx8HI8r8stsIH
+eFejTJChv/vfAaE4K89R0q0pnPyjRoIiYqzRH0SCbHNEssfBFoytGhG4eqd49yQY
+XA2/Z67xXqwvIgYP1+n403yD2Kni7snCoO9CDBovJowAbcaafhgu76E36U/A6fja
+uwCUfcDTFyuMbYg25yGffzD3TIH4GDBucgGlZf41msUcSxu7iC4MkK04oHAE2dnp
+lMeJww/ByaTuew08VI6ccBZ7tSegh1ZKvzzzf01dd+xU5RSUf8MIzKZD4kcoLAOc
+uEDvtkqENADYB8eZmOpSX17h0p4HB6Rk+mgPwRMzfPfDa99eBYHC4g+pkgUcUvCC
+DvOISXwSxZeEcg81RSd5yXgJGOag8fYheWmd/MT2LML5eHXrpndITBkQ9uaKcvd7
+Kx9nPvQdF3Tz9VVUbKJ4rk1uAyadr265B4odL95ztdNtr4wiXdGNPtRxOHdMLQVO
+YhZ+JTflR4BK+igwUA1ze70GzPIU1emlESPo47h8kCK9mPjHEavITDpdsZZU67Aa
+P3fWEA3127PoxyK4Arr1ZOv+LOCEcqhPHcwkKLP8HLM288eJ2z9SW0HxrLsgtt3H
+oUxHlYH3+5zmRc7D/bNJyuPmRGmwW2nDs+c7yBUE+hUeDWGUJufQ+mRl5PpZo33q
+Hm1lxpFvWbOWsZqQsUWdGIHouKcv/Q5XoxlbCyVx54a8b23PTqHTRuGD0+v0CFz2
+DPSCaHZxdi/FvAbslomywjgiYW7h3bZA9/+N5LcxjDz53YI+cho7kf2M
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/ca.crt b/FLR-BRB/openvpn/home-flr/keys/ca.crt
new file mode 100644
index 0000000..7d5eb2b
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/ca.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzjCCAzegAwIBAgIJAPf/MOnEeNJTMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLUNBMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwHhcNMTIxMTExMTgyMzU5WhcNMzIxMTA2MTgyMzU5WjCBoTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNV
+BAMTBlZQTi1DQTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIdp+t
+lUB/nx3JqiZiBEkyTK2m+uH/hes4wYTpmbRY2x1YJtwQegX/sfxuu0n1xA42gON0
+eOBc2v/MmKzrGP+VP2VxWBhR/VnJsPeFTJJvD6ioM+jc9xNeZFNgHibRw4vzipyK
+ALQJK6gJ3COvhb3YWOul3njUGgZZkaikPMuTQQIDAQABo4IBCjCCAQYwHQYDVR0O
+BBYEFFb+8DvjraReG34P1h/k6dWObxLWMIHWBgNVHSMEgc4wgcuAFFb+8DvjraRe
+G34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtWUE4t
+RkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDpxHjS
+UzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADPFDfqCtYtsS/NxGVYc
+hgxKsA9S/kBifNbde0e6nmPBgufW+O3uPrkvg7Wx2EayxMhX/dVrAYm8NSNCdWXV
+5ra0lu6cTI8rwWt404e0F/o0v6u+5eWHFxSF0lDJIVhwvvVoiAUJQw8h+BlI5PYO
+JcHZCQoQE1/RE6Xp+0xgTXvW
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/ca.key b/FLR-BRB/openvpn/home-flr/keys/ca.key
new file mode 100644
index 0000000..6984c05
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/ca.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDIdp+tlUB/nx3JqiZiBEkyTK2m+uH/hes4wYTpmbRY2x1YJtwQ
+egX/sfxuu0n1xA42gON0eOBc2v/MmKzrGP+VP2VxWBhR/VnJsPeFTJJvD6ioM+jc
+9xNeZFNgHibRw4vzipyKALQJK6gJ3COvhb3YWOul3njUGgZZkaikPMuTQQIDAQAB
+AoGAOvhiar7gNWrKaXurROQ74BcccmWVPATaOFz9S3bSzdzPWhI8ZIBw6VIjjzN7
+Q1gEUlZCEw5H+ijWXQqAu7wj2u9z+sv0CSuMivGWkfvfWqB/hkR/48gNXrcBoRUI
+Vuvu+9s+9PnAGOy53hAoTBKiD75TpGGhPIjAP0bRyYw9UkECQQDoH9k2ps4Xo0eG
+RRy+sOFMWJ+c3796STIoPmVNaxITV7rngWGggcq2L63n9HbBMTzEiJ7MFFYiCBee
+eFGUSOHpAkEA3RUY3lXJpH3lE/vHZehfVEz7iWVzlllmYIpqVZgs/rIUW0+GpSbN
+U6OH8iJ/aU8963oHu294q7JbMR6oR2e3mQJAZM8gGJoMuztQHsH5H9/VmMCMYSbT
+E5qiS9P9TsgHS5s4Mr5/1aNIlCLU1f3XbUOi7n+e52aVmaYGC+6ZD1svsQJACNhV
+PF/2R0x6I8iI+7zGQ5so3SBf9X3yKJ6hDneeJTp+sgCGhIj+4f/C6p8SteXjtk4V
+jRwymbvzBg4R8Xlm0QJBAJ6FO/1rJr+C9jEqkjDspfpyUH9OFQvytYTNGTwp41Iw
+VkrEXqL3yUhtmj0F7UTzfjp9dVzGVLqHjkO3AXaXUr4=
+-----END RSA PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/chris.crt b/FLR-BRB/openvpn/home-flr/keys/chris.crt
new file mode 100644
index 0000000..dcce997
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/chris.crt
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov 11 18:31:17 2012 GMT
+            Not After : Nov  6 18:31:17 2032 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-chris/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bb:b8:e0:59:a9:0b:ce:92:92:45:6f:0a:17:c0:
+                    a5:31:2e:86:eb:d7:a9:47:5d:80:b6:5b:94:6b:9f:
+                    58:5d:6b:df:73:99:f8:5d:3a:f6:58:a7:9b:da:20:
+                    48:e5:19:cb:e0:f7:ad:47:05:a2:b0:db:ed:54:ec:
+                    75:45:05:31:b7:68:62:47:35:3f:89:1b:f6:8b:7d:
+                    72:fe:ee:a6:21:60:5e:c1:59:f1:32:25:2e:79:14:
+                    1d:03:38:a1:a9:e2:28:52:52:c3:c0:51:91:fd:44:
+                    50:3b:be:c7:ba:df:5a:47:38:47:29:78:c7:a0:ec:
+                    b6:ea:46:28:ed:62:fd:3a:7f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                68:00:5D:CF:D6:87:2A:65:E2:31:F7:56:87:B1:3B:FF:78:1F:28:B0
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        50:68:35:b1:f8:03:97:a3:ae:e8:2c:40:c1:0b:f8:a7:d7:f2:
+        e1:f0:de:62:a9:0b:ee:18:44:8d:c9:f9:9f:ac:4b:b7:95:6c:
+        fc:43:95:aa:b0:6f:b8:35:bb:a0:a8:c1:48:d9:2d:d9:7e:50:
+        fb:2b:ba:c5:31:e1:a7:af:b1:58:4a:44:28:69:84:bc:9c:e0:
+        90:b7:95:36:ee:00:3b:1e:0a:09:90:2f:be:d9:0c:07:78:8e:
+        79:21:4a:af:2b:7d:f3:30:4d:70:04:f2:95:55:4b:d8:24:46:
+        09:f9:08:3c:b0:c1:ad:49:5c:ec:47:55:bc:16:49:80:8e:01:
+        1c:e6
+-----BEGIN CERTIFICATE-----
+MIIEHzCCA4igAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTEyMTExMTE4MzExN1oXDTMyMTEwNjE4MzExN1owgawxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRowGAYDVQQDExFWUE4t
+RkxSLUJSQi1jaHJpczEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7
+uOBZqQvOkpJFbwoXwKUxLobr16lHXYC2W5Rrn1hda99zmfhdOvZYp5vaIEjlGcvg
+961HBaKw2+1U7HVFBTG3aGJHNT+JG/aLfXL+7qYhYF7BWfEyJS55FB0DOKGp4ihS
+UsPAUZH9RFA7vse631pHOEcpeMeg7LbqRijtYv06fwIDAQABo4IBWDCCAVQwCQYD
+VR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBRoAF3P1ocqZeIx91aHsTv/eB8osDCB1gYDVR0jBIHO
+MIHLgBRW/vA7462kXht+D9Yf5OnVjm8S1qGBp6SBpDCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlggkA9/8w6cR40lMwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeA
+MA0GCSqGSIb3DQEBBQUAA4GBAFBoNbH4A5ejrugsQMEL+KfX8uHw3mKpC+4YRI3J
++Z+sS7eVbPxDlaqwb7g1u6CowUjZLdl+UPsrusUx4aevsVhKRChphLyc4JC3lTbu
+ADseCgmQL77ZDAd4jnkhSq8rffMwTXAE8pVVS9gkRgn5CDywwa1JXOxHVbwWSYCO
+ARzm
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/chris.csr b/FLR-BRB/openvpn/home-flr/keys/chris.csr
new file mode 100644
index 0000000..b02c253
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/chris.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB7TCCAVYCAQAwgawxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRowGAYDVQQDExFWUE4tRkxSLUJSQi1jaHJpczEUMBIGA1UEKRML
+VlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7uOBZqQvOkpJFbwoXwKUxLobr16lHXYC2
+W5Rrn1hda99zmfhdOvZYp5vaIEjlGcvg961HBaKw2+1U7HVFBTG3aGJHNT+JG/aL
+fXL+7qYhYF7BWfEyJS55FB0DOKGp4ihSUsPAUZH9RFA7vse631pHOEcpeMeg7Lbq
+RijtYv06fwIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEATkO1ZFcAecHtrCSGov0b
+cuwr6l/JaPtMjULjHIGNNgYqsMaZv+XY23UcCbbO77dr4vxjybRPHE5407gDFbju
+1HGfO1j5pQ1HSK6ttimU3NRSnxiFO3aoDLIwhp70mesnft6IeyoXXjIIB5EM5xun
+IBevUI4E3MvTiolSNQ12Fkg=
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/chris.key b/FLR-BRB/openvpn/home-flr/keys/chris.key
new file mode 100644
index 0000000..7ced779
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/chris.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,229740442A4BCCD3
+
+VYnLpcg9s5ua/gaXMcMbASZpvrClylV4Vxj4e6xcpR1piLL0DSsyUmqjBd5mON0K
+Lc1gMzY0h6B9YLfDrhFVnSXmf/SHycd3JiqCrWFM5Dsy0/flGhHqUZeNF8vGRd//
+dUscgct296OGfwDo/CXODRLYDGdgGrzfXY18SdKJLfERvvQCllfBNX2Zd+2Onuke
+GzxymE7mVDo2Jve6TaQmwjsU5oro3891obCSQFYV7tAsvHKJ8jO6Br+hScXx9GsA
+BR5c/jYDFpssmE0kFYjTtciIJtsFT/7z1bf3UrYMzaAWJjakOfe5YRCWh7v/pqm/
+ofjGeaCxkTzq14/dF/zrSBDCpaMnXEbePCO3Efzn99f64zrJ7BV0GXsww4qOhRQ/
+GCqCdyULsLSmGpX3tiRB5l3asXsXLJCfAhFC3rre9UjVx4iGGl7OtYZ91HhrT8ME
+ITm09cPA04cjStIflRnXiHsz0o83p3cac/TF2Cus8b8dxPBJ854gsglZ8hZ81eA5
+uvA/iO9Unw3jRzpRkYAwQzWBTDPM1p47QciiJNcJjxzeZYM1rQDn0v+6Zxb/8mmI
+43OCdslUT8woBd2iVfV59Ygj19/JAQB74uxX2bjlePlgzIQdxciQ84K96WWOuICL
+LP5y0PILTLXTb3U0iCb1mNNGSUk1EZka+jVOdiGZU/8Uuo4HHZ7Ilhq8d4MM3k2T
+U60iIw292aHSHQOCS0w20OBxuNe8xcmEzla3M9MuXdcugDiKeCPWJLRUdas72gD+
+RVF4+GCYXToxKBMNa55HbeeoJrJhCUlUr6830UApRsKwatwquQGCEA==
+-----END RSA PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/crl.pem b/FLR-BRB/openvpn/home-flr/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/FLR-BRB/openvpn/home-flr/keys/dh1024.pem b/FLR-BRB/openvpn/home-flr/keys/dh1024.pem
new file mode 100644
index 0000000..4ecbb53
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBALwWhQVnrSFb5w9iLZZ0+YKmJG5h39bTze7t8G2g1m+NbG9OcGDfEOGv
+Kk16xMNEUh67TykNv6e/Ha9uSd/6IvsMN0RoF+36Nq1XdQdijrfOoigX0F4Tfms4
+8NP5Kws+ZRwUqF7cevx8jFY57lubvGe90xDWYc6NZUvtCGV1HWiLAgEC
+-----END DH PARAMETERS-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/dh2048.pem b/FLR-BRB/openvpn/home-flr/keys/dh2048.pem
new file mode 100644
index 0000000..4a51cef
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/dh2048.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAxJdg6irv+86FbiFN/9fs9KSssOLaY9EN6i6fs1hdl4tx7V20bhZx
+lIPXXicynPMbaQmS/9rtBHX1XYxlksDtvyFw9PHkJ7H0LNqhgboUsJtgx67ae3ZQ
+XjkkS/9M2LXvwUx1BipYAPOgKRD9+H1i5PCxHlR9MK69XB7WNoBWWxNyg9wR0IZn
+U2yMwcLsdYfFvVg0U1/SaI3o2NqO4+lxdaTdMfmskNHcnRcLLLKS6a/49PcWToWp
+cIuiTTwOiWyTvSXmwNwFvSsCn4DcXXVSdMoSqdJOidaE6Ng2XtzsTJ1aD5aAG2IA
+f1uxfwI4Pgw+nYNLuvabj+XHyt/gSs3jywIBAg==
+-----END DH PARAMETERS-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/flr-pierre.crt b/FLR-BRB/openvpn/home-flr/keys/flr-pierre.crt
new file mode 100644
index 0000000..1a9faac
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/flr-pierre.crt
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 15 (0xf)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov 18 01:59:40 2016 GMT
+            Not After : Nov 16 01:59:40 2026 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-flr-pierre/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:a2:13:0c:ff:8b:0a:7f:29:6a:fa:01:32:4a:f1:
+                    60:72:44:0c:f8:41:82:59:44:93:db:30:6c:6a:92:
+                    1e:9e:fd:d6:a1:99:90:2e:02:7b:9c:59:8d:5e:a8:
+                    a5:de:77:56:33:39:0b:0a:1a:ad:08:79:97:94:59:
+                    33:bb:fd:b2:17:54:88:fe:54:90:35:ef:79:a9:98:
+                    7f:e6:f9:d1:db:2a:bd:06:c5:4a:c9:11:c4:43:a8:
+                    6f:66:82:10:b7:a9:8c:66:8a:41:c1:75:b4:41:19:
+                    e2:09:d7:fb:e7:8f:35:f2:8e:cb:7e:ec:9a:89:e0:
+                    d0:9c:d6:ff:37:13:22:02:1f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                B2:F2:A2:88:A9:FA:9E:66:8C:ED:BB:35:D8:4E:04:D3:81:38:5B:B8
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         91:84:59:e0:e5:1a:04:62:1a:17:a4:41:ce:fb:d8:d6:3f:86:
+         5b:36:6e:51:b7:7e:15:38:69:56:77:8b:dc:20:7e:19:dc:f6:
+         ac:eb:ed:cc:a9:aa:5b:68:8c:a9:36:04:4a:4c:0c:21:47:d1:
+         7d:77:cb:f9:7f:46:52:5a:42:61:0d:8a:01:b5:5a:90:25:4e:
+         bd:5f:5f:2a:d6:af:49:fb:9f:92:72:bc:6a:95:72:86:29:6a:
+         e2:14:f2:c7:dd:4f:79:78:24:1e:49:b0:f5:cb:69:73:2c:bd:
+         6c:26:4b:c2:03:37:d9:ed:8d:b7:4a:bf:19:c1:54:8b:4b:5d:
+         df:8a
+-----BEGIN CERTIFICATE-----
+MIIEJDCCA42gAwIBAgIBDzANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE2MTExODAxNTk0MFoXDTI2MTExNjAxNTk0MFowgbExCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMR8wHQYDVQQDExZWUE4t
+RkxSLUJSQi1mbHItcGllcnJlMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqG
+SIb3DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
+AoGBAKITDP+LCn8pavoBMkrxYHJEDPhBgllEk9swbGqSHp791qGZkC4Ce5xZjV6o
+pd53VjM5CwoarQh5l5RZM7v9shdUiP5UkDXveamYf+b50dsqvQbFSskRxEOob2aC
+ELepjGaKQcF1tEEZ4gnX++ePNfKOy37smong0JzW/zcTIgIfAgMBAAGjggFYMIIB
+VDAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFLLyooip+p5mjO27NdhOBNOBOFu4MIHWBgNV
+HSMEgc4wgcuAFFb+8DvjraReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQG
+EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
+Bm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBO
+LUNBMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGWCCQD3/zDpxHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
+BAMCB4AwDQYJKoZIhvcNAQEFBQADgYEAkYRZ4OUaBGIaF6RBzvvY1j+GWzZuUbd+
+FThpVneL3CB+Gdz2rOvtzKmqW2iMqTYESkwMIUfRfXfL+X9GUlpCYQ2KAbVakCVO
+vV9fKtavSfufknK8apVyhilq4hTyx91PeXgkHkmw9ctpcyy9bCZLwgM32e2Nt0q/
+GcFUi0td34o=
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/flr-pierre.csr b/FLR-BRB/openvpn/home-flr/keys/flr-pierre.csr
new file mode 100644
index 0000000..4b3818a
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/flr-pierre.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB8jCCAVsCAQAwgbExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMR8wHQYDVQQDExZWUE4tRkxSLUJSQi1mbHItcGllcnJlMRQwEgYD
+VQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKITDP+LCn8pavoBMkrxYHJEDPhB
+gllEk9swbGqSHp791qGZkC4Ce5xZjV6opd53VjM5CwoarQh5l5RZM7v9shdUiP5U
+kDXveamYf+b50dsqvQbFSskRxEOob2aCELepjGaKQcF1tEEZ4gnX++ePNfKOy37s
+mong0JzW/zcTIgIfAgMBAAGgADANBgkqhkiG9w0BAQsFAAOBgQAeUi8rdMGA4uqR
+PFBuSJuIMQjxDrYWtWckkTt3YaSfGXyPV3VN7dWbqPsaZUMN5hs7Wa8tRXstrqE8
+saTftT5D284gdO5mbn7VVQNVkTx4kzfnZsmDgL9M2iDM2bIEHcbDzqqe79Gx3p4d
+DwjfWFYep7ev5LTROpquXZ/VTtgCcw==
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/flr-pierre.key b/FLR-BRB/openvpn/home-flr/keys/flr-pierre.key
new file mode 100644
index 0000000..9321645
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/flr-pierre.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIBlm/H9lXqrQCAggA
+MBQGCCqGSIb3DQMHBAjNEukoJaZEMQSCAoCNz3Y8uNtpy+7xtNBqmkWjuaQK0C6q
+WC7vKJcmZ3L8SkzEW7GaGUivFLUy0JMlblVQg078ddZsjkas+MT38XSJkEPMIbej
+MMxB5fGO6a7Ikvj7yXByjuu0/hwooXOzRAFsZCMzgsYy+zHpu+XDB8X0tw+EPPXj
+rW+53O/a8Ao2ihLCQejnRe3llhz/9DnzBry/RGn0ID4yvvguz/waPNuxRNb1CTSz
+JR2HIjJ/o9eN+D8Rwr4olkyHSQj3wJSybktGURy02ubz65OL1ZB/qInsfwazImCM
+2suaPt1I2o5v7bM/m6lG9CcBG1VrGKHnfh0vwbW9onOLJkPNdqP64oPhOpOSm/da
+LuB28Xf4CkhdIj/xognVHRSMFHgjvEvrthp199XUUbSC6uJTI3PZghbvUY36vvRB
+tgOdIwPMxjzPp6w2+oJc+erhBJLb6zS4n4oHsoUpuL4jp4Xo9flMdnvOdE8wPB34
+SgqYJx6gTLb8Un9Wt7WoV3Wnu8UYqIyfxqVaFx+aEudM2/F/UQIv1/CXD7V8sUbj
+MBlMNYMB093H6BtY3mtRC+Iee8a9UJ3x73fMoxydLuFmUyLZoTXrIWHLzodC61mh
+JVKj/VYLQwUpHZ4UsVywGnKwB55hp8nYVo4oaTmRemyLyTlLx90+t5osjRZ0dKu4
+XO8w8YnCrhUgkELMP6se5hN8m/iTK9+XzVl0t5zwiAjPxaRcuLApeoOQjFhItCa4
+0/1yyviXogYJrLbQIkssQC4NycH84u/EgrM6sUHAbZR5eYoAqPWNSlxOA0OIggsL
+qIWI5YbP6H6bmm1IkjWXV2K92bSZ5DVJgMOUC3QxXsmgqzKhvIUC57q3
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/gabi.crt b/FLR-BRB/openvpn/home-flr/keys/gabi.crt
new file mode 100644
index 0000000..581d08d
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/gabi.crt
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 7 (0x7)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jul  8 11:06:29 2015 GMT
+            Not After : Jul  5 11:06:29 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-gabi/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:b4:25:18:ee:65:f4:03:b4:f1:a0:ca:e9:66:34:
+                    42:4f:73:5c:1a:84:fd:a4:55:72:fa:c8:6d:f6:5a:
+                    09:90:ea:dd:66:82:4f:a0:33:f6:11:27:26:83:cc:
+                    63:18:de:00:2d:f0:33:41:4f:c0:d4:1e:29:d0:41:
+                    8b:b9:89:cd:1c:cc:1e:ca:ef:f9:89:3f:4a:3b:71:
+                    df:45:83:bd:cd:c6:11:43:dd:d5:20:c9:86:63:c0:
+                    4f:d7:33:50:82:14:db:52:4d:f5:26:b8:1f:75:52:
+                    c7:68:bf:3b:a5:0d:52:6e:e3:8a:86:fe:f6:5f:84:
+                    aa:f5:2c:1d:00:48:d9:4a:e3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                15:48:AB:D9:07:76:C9:5B:84:5D:4B:AB:61:47:DC:2C:01:2C:4E:CF
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         a8:8d:06:47:92:b9:0b:ed:28:62:b4:47:a1:8a:30:e1:50:d6:
+         5a:b5:62:69:4c:81:61:d1:46:be:f3:a7:07:41:61:5e:22:5e:
+         ed:21:c4:93:c8:5f:64:ac:72:10:b3:c4:c7:b6:43:f8:be:fd:
+         e1:a9:23:75:31:46:0e:a7:02:48:66:81:52:6b:97:a1:8f:46:
+         fe:91:97:5e:7a:43:3e:d8:d9:f3:28:5a:b2:34:76:06:e2:b8:
+         ba:79:f9:0f:0b:f3:5c:04:b1:d9:c7:c8:bf:ae:09:cb:50:da:
+         f1:37:13:94:f7:20:b6:2e:9a:a9:e3:f2:d8:4d:93:a9:de:c9:
+         4e:57
+-----BEGIN CERTIFICATE-----
+MIIEHjCCA4egAwIBAgIBBzANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE1MDcwODExMDYyOVoXDTI1MDcwNTExMDYyOVowgasxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRkwFwYDVQQDExBWUE4t
+RkxSLUJSQi1nYWJpMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJ
+ARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALQl
+GO5l9AO08aDK6WY0Qk9zXBqE/aRVcvrIbfZaCZDq3WaCT6Az9hEnJoPMYxjeAC3w
+M0FPwNQeKdBBi7mJzRzMHsrv+Yk/Sjtx30WDvc3GEUPd1SDJhmPAT9czUIIU21JN
+9Sa4H3VSx2i/O6UNUm7jiob+9l+EqvUsHQBI2UrjAgMBAAGjggFYMIIBVDAJBgNV
+HRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlm
+aWNhdGUwHQYDVR0OBBYEFBVIq9kHdslbhF1Lq2FH3CwBLE7PMIHWBgNVHSMEgc4w
+gcuAFFb+8DvjraReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQw
+EgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGWCCQD3/zDpxHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
+DQYJKoZIhvcNAQEFBQADgYEAqI0GR5K5C+0oYrRHoYow4VDWWrViaUyBYdFGvvOn
+B0FhXiJe7SHEk8hfZKxyELPEx7ZD+L794akjdTFGDqcCSGaBUmuXoY9G/pGXXnpD
+PtjZ8yhasjR2BuK4unn5DwvzXASx2cfIv64Jy1Da8TcTlPcgti6aqePy2E2Tqd7J
+Tlc=
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/gabi.csr b/FLR-BRB/openvpn/home-flr/keys/gabi.csr
new file mode 100644
index 0000000..873771c
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/gabi.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB7DCCAVUCAQAwgasxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRkwFwYDVQQDExBWUE4tRkxSLUJSQi1nYWJpMRQwEgYDVQQpEwtW
+UE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBALQlGO5l9AO08aDK6WY0Qk9zXBqE/aRVcvrI
+bfZaCZDq3WaCT6Az9hEnJoPMYxjeAC3wM0FPwNQeKdBBi7mJzRzMHsrv+Yk/Sjtx
+30WDvc3GEUPd1SDJhmPAT9czUIIU21JN9Sa4H3VSx2i/O6UNUm7jiob+9l+EqvUs
+HQBI2UrjAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQBdhmZA5ODa50NsNIHOOsNR
+/5AQm4wOaehEYFvYvs6eXJavsSoNgwBSM1jLH6uO7EaIdHMpSszQLHitcV+SG41T
+gdx561MZZ1u5a4pWYa46YAiSu5fK2dzPaiELa4sEVhV2bjdmjpR30ap7PQkR56oZ
+TX7H2XUU2WtKJx9m7YTN4g==
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/gabi.key b/FLR-BRB/openvpn/home-flr/keys/gabi.key
new file mode 100644
index 0000000..dc3550d
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/gabi.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIzqWD1gLqB8UCAggA
+MBQGCCqGSIb3DQMHBAhwaNLfHLx0GgSCAoBWomP2SYbfsH2wNBJhJM0CiL7c2cV6
+cW+x9WHK3/ZW/FhMDcPHIgl77T0BeNdkz9yzDFfun9OYmjxL8Hh3/4UjgCOqCscc
+XuGZTNlCMWby3NWeWaS6zJl8WhoZ6W1WGN+/QO9HGkE1VJLm1gO8P62suMxLLJBR
+aY1VXKxJvS1CIjmIXI9rStGi5W1QdrrYjX4KQ2xlEsGWIbdaUiHLAmrGiNDm0OLb
+aPy7AvPWfiAhWJxA+q0Ws2S0tf73ccAyq6o+1214akxy/2KbJ7Tu878CF549VNHM
+kcNEKcaMSbyCmnDmjC6QAxq2KmPJjLB4xNp3nvNXt72GvLH5i3sOryBUrkKnV6VL
+p6lIJhiWbLq144pMCM7GUCvjHwvG/CWoAjayYHkmOTnuqEEIFfZH2QYYcITVmoSH
+syMhYuj6z2rVxe+QrXUjY//5MrfKQn1trN33t2r7G4gK7XV3ZI21xZ2M6Sr0Wx02
+oFJlzB+VAzLCgpTkCD8LXexX99VsFfV/UqTgzujWFNMWJlV0PjPOEYZu5krvm9LD
+ERmmC7vu/M7A3ivL+szxuJISbsQa5N1jvq1SQEZbR3Gw9SLvrWCv+IFvU6gWpGV4
+VeRc+TPvgi5eLUSqULNTkJJXAaypBAR13dDGaT3pswAf33rs8/oc9MLcxYOmHdLE
+PMGo/ujbYXFxmmh9hVQRvxQF09japR0lEFu4/hyA3oStOWABfF/Tj0reVC/kCBXf
+w/jCyZa8bi+0Elr0LG6NDH3zMSaBIalGGlNZx5etHG4hdRv8BKaLnmohxO8B21iz
+uoo1nvYY7dBQoryurEZd5/xxRAwr7QIAlpu+aXO1mLp7SBWfuc7HjlV3
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/gw-ckubu.crt b/FLR-BRB/openvpn/home-flr/keys/gw-ckubu.crt
new file mode 100644
index 0000000..d7b6049
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/gw-ckubu.crt
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Sep 18 11:07:19 2013 GMT
+            Not After : Sep 16 11:07:19 2023 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-gw-ckubu/name=Christoph Kuchenbuch/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:c8:6b:44:7a:ce:51:74:af:7e:b0:db:ab:e5:cb:
+                    50:f7:01:9b:da:d4:38:7e:35:01:0c:60:4f:28:92:
+                    90:4c:dd:06:1a:a0:89:d6:65:c4:97:d4:22:35:3f:
+                    8c:0c:79:e2:ec:9a:26:4e:e7:ee:f7:73:02:65:12:
+                    9f:cf:5e:05:0c:1e:96:c7:f1:81:92:8f:ac:48:71:
+                    93:df:f8:f2:a3:66:65:ad:13:81:c1:f1:23:a2:c5:
+                    04:86:26:29:bf:2c:7d:28:43:fa:a1:3d:dd:aa:47:
+                    01:af:0f:c2:ba:e0:0b:1d:af:53:f1:f7:a8:b2:90:
+                    2f:4a:ab:c8:19:f6:9c:eb:23
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                DC:10:87:FA:DA:75:B6:5E:0D:5F:CD:4E:2C:9B:B0:E5:A1:E8:85:1D
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         9a:71:cd:8f:8a:8a:a0:96:68:01:5e:86:36:74:41:1d:1a:99:
+         66:56:83:09:c5:18:7f:a1:ec:bf:b8:17:52:e8:fb:09:9c:b3:
+         5b:b7:0f:ec:e5:4f:db:87:7d:0d:bf:4b:ce:b1:f6:fb:c8:e0:
+         99:f5:aa:39:ce:dd:8e:7d:6d:b0:70:7f:00:42:de:6e:55:be:
+         57:f4:01:8d:2e:00:b7:90:b1:92:73:65:89:20:52:8b:b9:f2:
+         28:eb:e6:32:0d:ed:a0:51:2a:73:fa:dd:6b:86:b5:71:b1:d5:
+         b7:30:59:6b:94:dd:fc:c9:47:00:35:a8:b7:18:53:c6:99:fb:
+         0a:70
+-----BEGIN CERTIFICATE-----
+MIIEKzCCA5SgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTEzMDkxODExMDcxOVoXDTIzMDkxNjExMDcxOVowgbgxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMR0wGwYDVQQDExRWUE4t
+RkxSLUJSQi1ndy1ja3VidTEdMBsGA1UEKRMUQ2hyaXN0b3BoIEt1Y2hlbmJ1Y2gx
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDIa0R6zlF0r36w26vly1D3AZva1Dh+NQEMYE8okpBM3QYaoInW
+ZcSX1CI1P4wMeeLsmiZO5+73cwJlEp/PXgUMHpbH8YGSj6xIcZPf+PKjZmWtE4HB
+8SOixQSGJim/LH0oQ/qhPd2qRwGvD8K64Asdr1Px96iykC9Kq8gZ9pzrIwIDAQAB
+o4IBWDCCAVQwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTcEIf62nW2Xg1fzU4sm7DloeiF
+HTCB1gYDVR0jBIHOMIHLgBRW/vA7462kXht+D9Yf5OnVjm8S1qGBp6SBpDCBoTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNV
+BAMTBlZQTi1DQTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlggkA9/8w6cR40lMwEwYDVR0lBAwwCgYIKwYBBQUHAwIw
+CwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4GBAJpxzY+KiqCWaAFehjZ0QR0a
+mWZWgwnFGH+h7L+4F1Lo+wmcs1u3D+zlT9uHfQ2/S86x9vvI4Jn1qjnO3Y59bbBw
+fwBC3m5Vvlf0AY0uALeQsZJzZYkgUou58ijr5jIN7aBRKnP63WuGtXGx1bcwWWuU
+3fzJRwA1qLcYU8aZ+wpw
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/gw-ckubu.csr b/FLR-BRB/openvpn/home-flr/keys/gw-ckubu.csr
new file mode 100644
index 0000000..367da88
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/gw-ckubu.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB+TCCAWICAQAwgbgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMR0wGwYDVQQDExRWUE4tRkxSLUJSQi1ndy1ja3VidTEdMBsGA1UE
+KRMUQ2hyaXN0b3BoIEt1Y2hlbmJ1Y2gxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIa0R6zlF0r36w26vl
+y1D3AZva1Dh+NQEMYE8okpBM3QYaoInWZcSX1CI1P4wMeeLsmiZO5+73cwJlEp/P
+XgUMHpbH8YGSj6xIcZPf+PKjZmWtE4HB8SOixQSGJim/LH0oQ/qhPd2qRwGvD8K6
+4Asdr1Px96iykC9Kq8gZ9pzrIwIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAc174
+I0VE0s2W71q+wOMIFQ5Z8ZzQUl80E44sU7wOWHzUHsj7jfClJ3CTwz1ygSy3oiek
+TPWsek505brw3kIV/O3iUVArXEQPHvhLufJqhL4R3oHRy7fQr5L7LX4kQFXkUPjf
+roo/ixghM+5DBO/e9TAf5RH/6FO83aOqESVcZtI=
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/gw-ckubu.key b/FLR-BRB/openvpn/home-flr/keys/gw-ckubu.key
new file mode 100644
index 0000000..456d2ba
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/gw-ckubu.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI2PZiohF8ugcCAggA
+MBQGCCqGSIb3DQMHBAhTTx6Dj3br7gSCAoDTyLVebeOV/njatPhy0qEi/DlH/6+H
+oK9kQaUV69QS6NO3N1RqqDvXu2DcdlkzLLvi1CJWgTJyeHbtKHyTMEEXI/P2SOZL
+wBGqXZ2Nav6MqjGpjzHryAAh32thyGJC5o/m/SOMX1lMvDln/g9WzC0ZRAMdNi5M
+SrLZieR41OA/0Pt7EuBIfuIvs2MhQwaUbVgdVShmBDVVS+44qJU36wmTT47mEFCD
+47ghy6xXvfykiI30fYO4qPad+nR8zpnpEGB5ZQfEx2SRdsbWxY1GMT4rAzTBMgiJ
+bbyVY8rEb0kKqbJhUFQ9jjodW2b94p6nayaJHoyO4sFEgvvPhpPsBXRPKOZXMSl1
+kNjDEwUjpPCxm2v4JpYiPUoiZO4IAKbXcfJ8WWuKZp1Du37PVD/EnXDjyKBFOyzD
+QJDF7ukzAwMHcq9bVv8AybVxC6I+1nDgdrD9s/8cBQiCyYufV/5H484GBI6d2dXo
+SyKffomnpHVK7AzAYZXmyxlQj1kwJeh73xYFH06fec0VmmH6vHkN+wjYheJLrqSi
+xZkOnxggAecIINh3kVbPrZCfKn46vYwDoFHgK8Ek7nRaIXaYGuKrRfHZRTN6g98s
++QK5iGSL/5Fg8EdsgRtAm4Ss/mBUCEY2AZF4fekfyhtzbpYLtb5XJIw42SCwJstN
+dd35UeaUWTOXkO7sIub88UVxv9VXIXpq+2DD7emd9jpyQVp0W2/jlGEvtSNUUsMD
+E26+ck8dSOnJI/FFYOeqtW24dZ+0g2NXAoUiwtqQweOJKkOjQlNV/L1Ud68zSy0e
+oDCt0c3xYx5JAXDKximQqlVAenc5rl+4kHVnG8wmULmTgWCMbYSk/sAC
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/index.txt b/FLR-BRB/openvpn/home-flr/keys/index.txt
new file mode 100644
index 0000000..b7acd89
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/index.txt
@@ -0,0 +1,18 @@
+V	321106182925Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA-server/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+V	321106183117Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-chris/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+V	330103182029Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-ivana/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+V	230916110719Z		04	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-gw-ckubu/name=Christoph Kuchenbuch/emailAddress=argus@oopen.de
+R	241026150257Z	170927145029Z	05	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-mariusz/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	250406135054Z	170927145035Z	06	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-tobias/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	250705110629Z	170927145003Z	07	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-gabi/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	250705110755Z	170927144851Z	08	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-almut/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	251010133555Z	170927145021Z	09	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-lisa/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	260420113847Z	170927145044Z	0A	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-yilmaz/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+V	260420113945Z		0B	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-sabrina/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	260420114034Z	161118014447Z	0C	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-pierre/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+V	260608173036Z		0D	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-lotta/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	261116014717Z	161118015721Z	0E	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-pierre/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+V	261116015940Z		0F	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-flr-pierre/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	270418133803Z	170928013613Z	10	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-test/name=VPN FLR-BRB/emailAddress=argus@oopen.de
+V	270926015157Z		11	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-kirstin/name=VPN FLR-BRB/emailAddress=argus@oopen.de
+V	271022013433Z		12	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-juergen/name=VPN FLR-BRB/emailAddress=argus@oopen.de
diff --git a/FLR-BRB/openvpn/home-flr/keys/index.txt.attr b/FLR-BRB/openvpn/home-flr/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/FLR-BRB/openvpn/home-flr/keys/index.txt.attr.old b/FLR-BRB/openvpn/home-flr/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/FLR-BRB/openvpn/home-flr/keys/index.txt.old b/FLR-BRB/openvpn/home-flr/keys/index.txt.old
new file mode 100644
index 0000000..c6b3b27
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/index.txt.old
@@ -0,0 +1,17 @@
+V	321106182925Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA-server/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+V	321106183117Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-chris/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+V	330103182029Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-ivana/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+V	230916110719Z		04	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-gw-ckubu/name=Christoph Kuchenbuch/emailAddress=argus@oopen.de
+R	241026150257Z	170927145029Z	05	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-mariusz/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	250406135054Z	170927145035Z	06	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-tobias/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	250705110629Z	170927145003Z	07	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-gabi/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	250705110755Z	170927144851Z	08	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-almut/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	251010133555Z	170927145021Z	09	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-lisa/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	260420113847Z	170927145044Z	0A	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-yilmaz/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+V	260420113945Z		0B	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-sabrina/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	260420114034Z	161118014447Z	0C	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-pierre/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+V	260608173036Z		0D	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-lotta/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	261116014717Z	161118015721Z	0E	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-pierre/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+V	261116015940Z		0F	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-flr-pierre/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+R	270418133803Z	170928013613Z	10	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-test/name=VPN FLR-BRB/emailAddress=argus@oopen.de
+V	270926015157Z		11	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-FLR-BRB-kirstin/name=VPN FLR-BRB/emailAddress=argus@oopen.de
diff --git a/FLR-BRB/openvpn/home-flr/keys/ivana.crt b/FLR-BRB/openvpn/home-flr/keys/ivana.crt
new file mode 100644
index 0000000..6ac328a
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/ivana.crt
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jan  8 18:20:29 2013 GMT
+            Not After : Jan  3 18:20:29 2033 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-ivana/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:cf:7f:bf:39:14:b4:f5:71:58:db:eb:0f:64:c5:
+                    93:7f:3c:25:51:b9:ce:85:fa:af:73:9a:d4:1e:6a:
+                    89:1a:bc:ed:ba:b6:cf:65:0f:77:ea:fd:cf:2d:6b:
+                    71:4a:05:b6:7e:86:b5:22:c3:cc:7e:9b:35:cb:bc:
+                    cd:5c:a7:37:8d:e7:a7:27:a5:80:e4:ca:08:46:95:
+                    61:ed:38:7d:49:fa:4c:e9:ef:bf:4a:79:aa:92:45:
+                    10:41:22:bb:60:60:4b:ec:a6:e5:ca:62:0c:bd:be:
+                    ea:95:e4:63:5d:32:ee:83:5c:ca:49:40:e9:be:f3:
+                    c4:7f:e6:10:34:27:f6:55:31
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                90:C9:26:75:C9:2A:14:6C:0B:6D:89:7B:C4:8A:27:F3:8D:25:96:5C
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        76:3f:16:0a:89:d0:aa:0f:d9:7d:2e:45:f3:8f:ab:ac:0a:32:
+        b9:3e:1b:80:b1:60:fb:a5:81:2e:78:a4:e1:47:33:e2:97:e7:
+        9f:0f:88:06:af:cd:80:e8:21:0d:00:7d:83:56:9d:c6:ff:fb:
+        cb:74:92:d9:39:4a:b1:44:14:73:31:85:f0:87:66:10:d1:63:
+        db:97:d5:89:47:a1:55:91:82:0c:0c:d9:45:bb:60:20:bb:3b:
+        23:b4:23:e7:0c:3c:57:91:33:23:ab:9f:18:76:f5:ae:44:71:
+        ba:53:45:d7:a3:f5:42:cf:b1:d7:31:74:d1:30:ba:bc:12:d9:
+        22:79
+-----BEGIN CERTIFICATE-----
+MIIEHzCCA4igAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTEzMDEwODE4MjAyOVoXDTMzMDEwMzE4MjAyOVowgawxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRowGAYDVQQDExFWUE4t
+RkxSLUJSQi1pdmFuYTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDP
+f785FLT1cVjb6w9kxZN/PCVRuc6F+q9zmtQeaokavO26ts9lD3fq/c8ta3FKBbZ+
+hrUiw8x+mzXLvM1cpzeN56cnpYDkyghGlWHtOH1J+kzp779KeaqSRRBBIrtgYEvs
+puXKYgy9vuqV5GNdMu6DXMpJQOm+88R/5hA0J/ZVMQIDAQABo4IBWDCCAVQwCQYD
+VR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBSQySZ1ySoUbAttiXvEiifzjSWWXDCB1gYDVR0jBIHO
+MIHLgBRW/vA7462kXht+D9Yf5OnVjm8S1qGBp6SBpDCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlggkA9/8w6cR40lMwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeA
+MA0GCSqGSIb3DQEBBQUAA4GBAHY/FgqJ0KoP2X0uRfOPq6wKMrk+G4CxYPulgS54
+pOFHM+KX558PiAavzYDoIQ0AfYNWncb/+8t0ktk5SrFEFHMxhfCHZhDRY9uX1YlH
+oVWRggwM2UW7YCC7OyO0I+cMPFeRMyOrnxh29a5EcbpTRdej9ULPsdcxdNEwurwS
+2SJ5
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/ivana.csr b/FLR-BRB/openvpn/home-flr/keys/ivana.csr
new file mode 100644
index 0000000..751dfb7
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/ivana.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB7TCCAVYCAQAwgawxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRowGAYDVQQDExFWUE4tRkxSLUJSQi1pdmFuYTEUMBIGA1UEKRML
+VlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPf785FLT1cVjb6w9kxZN/PCVRuc6F+q9z
+mtQeaokavO26ts9lD3fq/c8ta3FKBbZ+hrUiw8x+mzXLvM1cpzeN56cnpYDkyghG
+lWHtOH1J+kzp779KeaqSRRBBIrtgYEvspuXKYgy9vuqV5GNdMu6DXMpJQOm+88R/
+5hA0J/ZVMQIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAlOk3D6e/KJ1rk+riOjbp
+4NUkMnIjHRmQwRaRdikJ6kHeHKlCLaXALfCm4YyQEv3/dgDnlSV8f3PXcUJdeY7l
+G3EuS40IwoUkCsFgLw0ymSa+NLLOBbLqx3BfN70eld/QLJXjLc8x5ZoExY2q1vev
+iPEaMY+x4A37p49UoZfBTUw=
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/ivana.key b/FLR-BRB/openvpn/home-flr/keys/ivana.key
new file mode 100644
index 0000000..e65e275
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/ivana.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A1E0120A12E78F90
+
+1GwancKJvowRleO493cy4bgFGmLNFXAO4GwM4pJqb+MF5BWmQrudgByVznXqVw2y
+miku4BsFr9xltYeIzhLRS6qN62is1GBYkgql38NzBZOS3Jl2wsEhs4Ha4UKNFnMZ
+1mXIt/Ua1mL7tJDIBxSvgFa3FImwxaObTD54JIqGS2XrWsJ8PajhRMD+MGncLnP2
+ZVDIVwUX2dWXdP+e9dtH87m+8vGPhJQ+JntVLkQwL13XgGbCWUnMbnbC+APvQvXx
+c9kk78X2VQwwE4sDOzXM1xD/EgDwC3m4/QeCn/RnlxKx3P636FKaLl37SwZjvRg3
+AT92OJDCn8G+SH63PXQSWXsaGN/1mNxvg41s3aWd/E00oY7igzx1rzU4f4di6kIw
+PI2N4EUlsaiPbG0j1x6eNvILxKqqyxg5x8pXnMbU1j0Nbm+TT7AQSQXohNwHDTri
+XoJ5uW+PXUxFzTP313z9J5a9tcBerJW46Rc6Dxr1tOTi6fQwcjfLUDB3cxizP5Ek
+VOJlbz4CCITj+Q4RN4MkyrRfETDE4GL+Cpt/ii2vCi9LarLayrug1pv3Oh0yAWXx
+LtGCKNPb/bICyhqOZ3N7Q8pmUzClZzIQUvJ1bMVKYlpsRXD2bxekvPT4teNI+XXK
+vzyxjQyoewmw/ZXL1NNxAHkvgzGsQET5rWWyYmUN4ZUpWmd3GsKupHaxr9EeXSCS
+Zw5Nl4IpBZZsfIj+072klohSlRerL73WU2KfjQl2iXftOz6RAj3kfxk8NQbaZu+C
+RJveRfYykCbNjMbXrEAxmHe6naRuJevTscv5XV2qJQ9x/llW28MjaA==
+-----END RSA PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/juergen.crt b/FLR-BRB/openvpn/home-flr/keys/juergen.crt
new file mode 100644
index 0000000..f89aa24
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/juergen.crt
@@ -0,0 +1,88 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 18 (0x12)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Oct 24 01:34:33 2017 GMT
+            Not After : Oct 22 01:34:33 2027 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-juergen/name=VPN FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:9b:71:3f:18:2a:95:12:65:74:ea:af:ee:03:99:
+                    ca:c1:44:89:ae:90:89:7f:4e:e0:f3:36:22:c2:b5:
+                    79:90:99:73:d0:ec:1c:69:7d:00:2a:a6:48:b6:ff:
+                    12:9d:a8:c0:fd:cf:3f:54:29:e9:b0:7a:3d:c9:e8:
+                    66:6e:d8:6a:5e:5e:60:c5:88:e1:96:c4:d0:f2:8f:
+                    30:76:9f:7d:a1:83:d8:cb:ce:d9:7b:2b:9c:88:9b:
+                    24:bf:58:9c:a1:0e:19:1f:56:4b:d2:95:20:c5:63:
+                    66:8e:37:2c:29:6f:23:92:90:a4:f0:a1:03:1b:6b:
+                    bf:a5:1f:31:9c:2b:5a:20:19:ea:8b:16:d2:8f:3f:
+                    29:a1:a7:b1:f0:86:b4:a5:c4:34:fc:d5:28:1d:a3:
+                    2a:dc:93:84:37:11:1a:d6:75:5f:4c:94:56:23:27:
+                    e9:92:55:cd:0b:17:8e:18:44:ff:87:b9:90:ff:06:
+                    3c:8c:64:cd:b8:e5:d5:92:31:ee:40:33:b5:ec:5c:
+                    d5:11:82:60:57:32:fb:d9:62:19:6a:3a:6a:1d:3c:
+                    9d:f4:d1:10:1f:dc:19:be:2c:7c:0a:b8:9b:31:e4:
+                    21:f2:20:ff:7e:43:c9:8b:24:a9:f2:47:2c:30:e9:
+                    59:4a:88:1d:07:6a:c7:48:db:8e:ba:a4:39:79:72:
+                    68:f1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                10:F5:DF:E4:E8:0F:7F:93:A9:F6:65:47:EB:15:76:6B:56:82:E0:41
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:juergen
+    Signature Algorithm: sha256WithRSAEncryption
+         32:a8:d5:66:03:a6:10:5e:69:0b:4a:a6:24:95:9d:19:1e:ee:
+         52:d3:b5:11:a0:bd:e8:b9:8d:0d:1a:83:b3:1b:bc:d3:b2:76:
+         8f:61:ca:a9:ee:06:0d:7d:6e:81:b3:a2:74:85:cf:64:9a:1f:
+         79:69:61:1f:8f:e1:1c:2f:5e:4e:43:ac:0f:f1:6e:1e:8b:4a:
+         5b:34:d3:e8:29:e9:bc:e7:50:d8:88:36:c5:03:91:53:6e:1e:
+         64:85:dd:5b:6b:cf:75:1e:b1:ee:06:59:78:5e:62:53:6e:5c:
+         14:e3:c0:0b:f3:d8:f6:28:c5:06:16:22:fe:b5:80:5c:d9:74:
+         47:9d
+-----BEGIN CERTIFICATE-----
+MIIEuTCCBCKgAwIBAgIBEjANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE3MTAyNDAxMzQzM1oXDTI3MTAyMjAxMzQzM1owga4xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNWUE4t
+RkxSLUJSQi1qdWVyZ2VuMRQwEgYDVQQpEwtWUE4gRkxSLUJSQjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCbcT8YKpUSZXTqr+4DmcrBRImukIl/TuDzNiLCtXmQmXPQ7BxpfQAqpki2
+/xKdqMD9zz9UKemwej3J6GZu2GpeXmDFiOGWxNDyjzB2n32hg9jLztl7K5yImyS/
+WJyhDhkfVkvSlSDFY2aONywpbyOSkKTwoQMba7+lHzGcK1ogGeqLFtKPPymhp7Hw
+hrSlxDT81Sgdoyrck4Q3ERrWdV9MlFYjJ+mSVc0LF44YRP+HuZD/BjyMZM245dWS
+Me5AM7XsXNURgmBXMvvZYhlqOmodPJ300RAf3Bm+LHwKuJsx5CHyIP9+Q8mLJKny
+Ryww6VlKiB0HasdI2466pDl5cmjxAgMBAAGjggFsMIIBaDAJBgNVHRMEAjAAMC0G
+CWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFBD13+ToD3+TqfZlR+sVdmtWguBBMIHWBgNVHSMEgc4wgcuAFFb+8Dvj
+raReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMG
+QmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UE
+CxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtW
+UE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDp
+xHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEgYDVR0RBAsw
+CYIHanVlcmdlbjANBgkqhkiG9w0BAQsFAAOBgQAyqNVmA6YQXmkLSqYklZ0ZHu5S
+07URoL3ouY0NGoOzG7zTsnaPYcqp7gYNfW6Bs6J0hc9kmh95aWEfj+EcL15OQ6wP
+8W4ei0pbNNPoKem851DYiDbFA5FTbh5khd1ba891HrHuBll4XmJTblwU48AL89j2
+KMUGFiL+tYBc2XRHnQ==
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/juergen.csr b/FLR-BRB/openvpn/home-flr/keys/juergen.csr
new file mode 100644
index 0000000..7edbc0c
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/juergen.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC9DCCAdwCAQAwga4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRwwGgYDVQQDExNWUE4tRkxSLUJSQi1qdWVyZ2VuMRQwEgYDVQQp
+EwtWUE4gRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbcT8YKpUSZXTqr+4DmcrBRImu
+kIl/TuDzNiLCtXmQmXPQ7BxpfQAqpki2/xKdqMD9zz9UKemwej3J6GZu2GpeXmDF
+iOGWxNDyjzB2n32hg9jLztl7K5yImyS/WJyhDhkfVkvSlSDFY2aONywpbyOSkKTw
+oQMba7+lHzGcK1ogGeqLFtKPPymhp7HwhrSlxDT81Sgdoyrck4Q3ERrWdV9MlFYj
+J+mSVc0LF44YRP+HuZD/BjyMZM245dWSMe5AM7XsXNURgmBXMvvZYhlqOmodPJ30
+0RAf3Bm+LHwKuJsx5CHyIP9+Q8mLJKnyRyww6VlKiB0HasdI2466pDl5cmjxAgMB
+AAGgADANBgkqhkiG9w0BAQsFAAOCAQEAks3wr1wsFadDxUkYlFBF+rwhVJ0xidmC
+ray3tBeTMyj2DBB1n9hPtRmkbJcMp5Qv1eH8ln1/xg2p5O7RXGrt6/eDedYCR/p3
+ae54loN/tLgHiW/xJLUkd51TV63up/xlpR4DMkL4uPUAdR5Nzc+7n5YubzHznbIZ
+IPd3tDpMSPHYvmKP4Q5fYJ50gTeyO0cQRoOd+wCMSslja4sQVs7hzGChH9iDFoKc
+14gnXWaJfYvvDp39/F6YgokD0G7apDVV0mlvyCC9/1xcuyruOSzZXQfPdGJuJ0oQ
+yxVwQ/eeVHRE+T25wFlFtbcd6j0VvpPU8yGV6PZJVW9ewXCx1H4wnw==
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/juergen.key b/FLR-BRB/openvpn/home-flr/keys/juergen.key
new file mode 100644
index 0000000..663c6d3
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/juergen.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI5cJs+DRA7GwCAggA
+MBQGCCqGSIb3DQMHBAhKECB4U6HVGgSCBMiITLbqpSHVKSBnOcUgt8xKlUWYbYaJ
+tXzPgTRzWnMOT466ryIik9wrDKtMupE6oVWigc58zY6sA96M+wOy5jSXfa9ON5gQ
+uuFfQYrAAjMcVvC4sO0meAlyEPKraphvvq+MdJnae3DwzR/v1xRk87gBMaXA/vYL
+mIn/w2jPaeQmBjEmKEfggwgCx6x5Eb4GL+K8cEw/EAU3oJBo71KwRsQZ5T4bXxUJ
+8bmEZoUGS+Dugv7mRE2xXVv277wqKgpubadZUjw1K29lvhSeYT1EDGCXYz7thl3K
+98F1mw3DpGdctQ3uaA1uLWrgMys67ZDRciazHWD6YCQOhX6YpjIwU7dCGJe8vpDz
++My3VTIMQxUwLdaxB1ZHQAKBCrToNZKMxhfPVWDUgureq+05xcifBQ8aqr1v5HJN
+s2ciqtVKWd0uaJbwOhPMQJc6QTcvzHtKmjW2yeqHF/WmluIcUH3ddJ18d9SK8p28
+Uo7H5LAvfD45TWXzjQVnRrZNKCTGSGfosdW2Cd5xLfXLVxH6xRZZJLhg/umU+TLD
+lnQYLMh6kBJeatrk6+z9wTAVk4ctagqR6N4nTOv68ncfQ5XSpeHH8ZKi5/ZhvW8K
+eyjHQzxCAZyaMe2g5gymAtgSVlaJbILGVjJ3Pey++W4akvN30DpRmaXIwdSyrH3W
+w3zW93WzfDqN71a3vpaSojiwUGj0Fj6c1ptGUHIIGd3A59YhJQqAyEZc8dHwaXwp
+ojbiYtzX8yto7OMeenLNlLqJxSBLw2ztqibqtmI7C1/00O6ECUdyZEJqbwwFxbPb
+VmXv/luXvzmGkqBdoMvPe4hF4ii0srciezxsVlUMpde1gAG1mQTZBYvTRwALOInW
+GmjOHLwBShm9y2XRgiAzXnBvEP/dto6JbUDQMwmn3PwhSpiotqJY2CnR5GI7BDcu
+nCEf45tbYyNjPJVcki5vyHaTkfT2vpWG+4ixYEmrgimcJFN1yxFWTbZ0661qvW2z
+epXgiJCkliqniaXxqV7pcwNUYl4SIto9yqY0Iw9fEp7KE76rZrwzBYV5RXXohgWN
+0mHcyscJE3P8M9n0AMFFxN+YUKEk5xxkYD7vwIyvYVR+QbXrVecJtT4f5JPkaFSR
+s5+mUjUJ8EhTKLa1CS7i0vOX8lmnu9NgZdn+lzXPFbpIFHSKtaTtKvKVpQgoXhJB
+6nm+qQVMScDMR/6XDXr9IC1ujV4rlYmpJCBKZzTeRAoykkw6LPfLyyQwMJJ/9Z7T
+53xrJ+wNy2ZioBwZxjd6z2ZGbkmLMRMZXdA48W4OSN7rm7CozhJNq12G7svmjwDs
+zS8y7UIFc+qbAiZd/CiBsR1B4j9uIeCCj9tc9iNYc2j3d+AZRr94hxOuqmHQEYyF
+5vzsXZb6xd4YmMG/5PfQnd4wr3xCJHFAACpMioPSGmlr0Y+HnqCPdKshn9C0IBQ5
+ZEDUszNbdAKjPgHi+u2AaDzAZmKQ0DvA8CBijJmI7R8JCDzDcTYjLwhAJeJLtwxB
+BT/HwSiAy/tbazXyZBMEPk5MOsCok7tTe1fmI/igYUj2h+oyJYr9ymBU97IyyBes
+b+sm7SgLb+7dh58VhE8tlhihqrWVvHak5qkyvQI02ffAuOg809Pftsdki2LKMBsy
+svM=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/kirstin.crt b/FLR-BRB/openvpn/home-flr/keys/kirstin.crt
new file mode 100644
index 0000000..38e16d0
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/kirstin.crt
@@ -0,0 +1,88 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 17 (0x11)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Sep 28 01:51:57 2017 GMT
+            Not After : Sep 26 01:51:57 2027 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-kirstin/name=VPN FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b4:de:6c:e3:57:67:78:af:40:8d:cb:12:9c:e2:
+                    9c:47:0b:21:92:38:c7:bd:1b:f0:80:88:34:0d:a3:
+                    0e:90:13:b3:08:ba:0e:89:4b:e9:48:55:07:1b:dc:
+                    b0:f3:b7:2d:0b:fb:49:f7:26:a8:78:bd:2d:7b:d0:
+                    7e:03:c2:65:41:91:00:7c:c2:30:ed:36:6b:1e:27:
+                    f5:37:7c:de:3d:22:5e:45:0d:b0:33:75:55:bb:69:
+                    14:32:6e:3a:80:69:db:2e:06:5f:67:73:d9:13:9f:
+                    7e:0e:3a:db:59:9a:84:90:28:04:ff:ba:36:aa:c7:
+                    c7:8d:a0:0e:ad:f7:93:20:37:8a:59:7f:16:91:20:
+                    00:2f:e3:26:9d:41:40:e1:62:37:16:02:8d:9a:ba:
+                    05:59:ff:c5:c5:05:e5:00:4a:0a:53:6f:2f:87:47:
+                    ed:ce:12:44:bb:01:82:16:e0:0a:06:5c:49:f2:3b:
+                    a1:d9:14:4a:40:c1:7e:30:b8:2c:99:ac:23:44:45:
+                    ca:a3:4a:ad:7a:c5:d3:b5:48:35:e8:d4:5e:ef:2c:
+                    bf:62:c1:87:ad:85:79:11:0e:97:a9:ee:d8:bb:aa:
+                    79:ed:9f:15:0b:23:79:c8:c8:91:27:77:55:90:19:
+                    8e:21:e9:77:60:fc:5c:94:39:34:7f:1c:9d:ee:c6:
+                    c5:0d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                59:AE:3C:E4:DC:A9:72:F8:07:17:B5:BC:AD:CE:2F:1D:86:14:D7:1C
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:kirstin
+    Signature Algorithm: sha256WithRSAEncryption
+         5e:0c:c0:a6:b2:3d:cc:09:f3:5a:7c:72:05:0b:02:2b:a1:06:
+         46:68:ef:9e:67:d2:d0:6b:07:bb:dc:4a:ca:e2:7b:34:1e:fb:
+         3f:16:56:c8:48:07:21:aa:ab:a7:01:eb:3c:19:14:a6:8d:70:
+         1b:0d:2b:8a:b2:7f:09:f4:77:9f:4f:0c:6c:aa:08:b6:ca:1f:
+         cd:4f:2f:75:c6:26:41:11:72:17:c3:a6:b1:26:2b:43:8e:60:
+         15:93:5c:ab:83:0b:17:7f:e5:5f:74:d9:c5:9a:d5:27:bf:bc:
+         8d:35:2f:b4:97:64:9a:4b:c2:02:d8:ed:b3:9a:9b:4f:78:b9:
+         24:0e
+-----BEGIN CERTIFICATE-----
+MIIEuTCCBCKgAwIBAgIBETANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE3MDkyODAxNTE1N1oXDTI3MDkyNjAxNTE1N1owga4xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNWUE4t
+RkxSLUJSQi1raXJzdGluMRQwEgYDVQQpEwtWUE4gRkxSLUJSQjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC03mzjV2d4r0CNyxKc4pxHCyGSOMe9G/CAiDQNow6QE7MIug6JS+lIVQcb
+3LDzty0L+0n3Jqh4vS170H4DwmVBkQB8wjDtNmseJ/U3fN49Il5FDbAzdVW7aRQy
+bjqAadsuBl9nc9kTn34OOttZmoSQKAT/ujaqx8eNoA6t95MgN4pZfxaRIAAv4yad
+QUDhYjcWAo2augVZ/8XFBeUASgpTby+HR+3OEkS7AYIW4AoGXEnyO6HZFEpAwX4w
+uCyZrCNERcqjSq16xdO1SDXo1F7vLL9iwYethXkRDpep7ti7qnntnxULI3nIyJEn
+d1WQGY4h6Xdg/FyUOTR/HJ3uxsUNAgMBAAGjggFsMIIBaDAJBgNVHRMEAjAAMC0G
+CWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFFmuPOTcqXL4Bxe1vK3OLx2GFNccMIHWBgNVHSMEgc4wgcuAFFb+8Dvj
+raReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMG
+QmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UE
+CxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtW
+UE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDp
+xHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEgYDVR0RBAsw
+CYIHa2lyc3RpbjANBgkqhkiG9w0BAQsFAAOBgQBeDMCmsj3MCfNafHIFCwIroQZG
+aO+eZ9LQawe73ErK4ns0Hvs/FlbISAchqqunAes8GRSmjXAbDSuKsn8J9HefTwxs
+qgi2yh/NTy91xiZBEXIXw6axJitDjmAVk1yrgwsXf+VfdNnFmtUnv7yNNS+0l2Sa
+S8IC2O2zmptPeLkkDg==
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/kirstin.csr b/FLR-BRB/openvpn/home-flr/keys/kirstin.csr
new file mode 100644
index 0000000..ea22786
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/kirstin.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC9DCCAdwCAQAwga4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRwwGgYDVQQDExNWUE4tRkxSLUJSQi1raXJzdGluMRQwEgYDVQQp
+EwtWUE4gRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC03mzjV2d4r0CNyxKc4pxHCyGS
+OMe9G/CAiDQNow6QE7MIug6JS+lIVQcb3LDzty0L+0n3Jqh4vS170H4DwmVBkQB8
+wjDtNmseJ/U3fN49Il5FDbAzdVW7aRQybjqAadsuBl9nc9kTn34OOttZmoSQKAT/
+ujaqx8eNoA6t95MgN4pZfxaRIAAv4yadQUDhYjcWAo2augVZ/8XFBeUASgpTby+H
+R+3OEkS7AYIW4AoGXEnyO6HZFEpAwX4wuCyZrCNERcqjSq16xdO1SDXo1F7vLL9i
+wYethXkRDpep7ti7qnntnxULI3nIyJEnd1WQGY4h6Xdg/FyUOTR/HJ3uxsUNAgMB
+AAGgADANBgkqhkiG9w0BAQsFAAOCAQEAahiUjIJotct41onxCzT5NKo9Qzn8eXGS
+C+SeaOs5iLozPFqTziXKtU933+ljm6o6E9xIkuN94bNGPODqpwQG66BIyLZ00BbW
++sohDxiVNk6V+6+FJDbqK3/0K9LOew5RYf4/fEK9JftCodiJOLFoMkkgp3mSuyyT
+YEhUUAGSc1y7+zCvNdMykycqF7cdIAP7Z/cPPK+0T26kb/yXfrMyaYI1S0pIi+dj
+46cmTNGECrTTMSSzhR4MjmfoqRfYF5IbZSuDlIcDyJg3XsDktZT0ip1EnMxDU1m7
+ZGFZ+8yIKe+fHrAlvTEh14nPMBAN6cZMnITlUWr74XGFHTJ6iw7mZw==
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/kirstin.key b/FLR-BRB/openvpn/home-flr/keys/kirstin.key
new file mode 100644
index 0000000..19daf65
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/kirstin.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIZLyjPOPjcmUCAggA
+MBQGCCqGSIb3DQMHBAg+fO69EK1qlwSCBMioorKHJweCJL+vE8CDuzm4KL7s+dq2
+KX11hok8oPhkhAa05Vgl21rTur8fj8h+MzxKFIsWsd3JQ+LRi+qFLObTNM21Tewz
+v4Nu79NLgZu3vA4FZ4VdSwxOebE3IJuS6xFpiskOLWLGT/H5G+bnUyUY5nnELxEd
+eYiNYDLyJ4ZcBKDU2yQ04EMMDObxi1ervCxoYYwV7bqV2hjxVTC7a/bLF25HTY/4
+UxwbwVGnGAgjWjZiPAiM4sROEZc5Mzgk1cx2K4p1bnu4ZMcnhvL3GnasODFfYnGs
+Qq1WQX/gGEGPEgP2k/EyZD8KwrShYQyOfygw5096VGXREc9xXtfWy4NbHaFkbBMm
+JL9Bx6whE88RmsVSYwa0JQlTsiDayMDTgWHq2LUwy2zN0JJns9TWGu/3SsOkVQyg
+NTr256KsW8SOUa8pAgb5VtBQOkYus9t9FOFzuIRfSjqDruTQQDcXBJPKp6v8XR+E
+FYDm24KebxvH0URfIO2vmnyC/0uFJWicwzRogTYVoFzcfRKPuC32OL2bNklWVe+9
+xqPU685DytZhMzLyoNC+SI49WoaoslZy7YhqX3ClQ7Ac3t2ykw1sCjud05u+G+Ys
+5OFxlaj7qk3VEiWgfNFM3gbONf8asZPI81WEhHykFFnQO7852ZnsduGjZ2XqLBMr
+kZzYYxShvQoqIJKz/FfZ4T8/CIIE6LfWy+Izj72G7ifr8Sl1NH+6EMkTZSX6yZda
+KUnf60oNKpObhywNV4YWi1vsIqbqaX/u12+2Iu9EPxVrno81OrQomrsrYW1PG3ww
+e7uRugmg9m8TgvDVuQa51dtK44YjmQJgbWRRTfIHzg2gQXV0F5PA32tFsdgR3OuW
+a1aW93UOhss9jp0SExvTve8pxgexVwuqPHl3ClVWUSBz/azvJUH9DxBZNuSMxONv
+cV2lkraPY1H6UiVheV70OYM9niXRgkBpMVa6FdU9YtEtoCGhhxLzOImAaatTfCbe
+vAomJvuusEHvEGiqhL+yB6Gk5s1jNG9+FN0JkamNnPNoRjIMF09W1IkcRpBN4wEC
+HHtQzCdl3SkcXaJ4EWO8SrTFXcCgkdC3vqOqPRqegh57e3+XROSoxYJ2rYHAnPzH
+AUczUx+W/B9zQWoq1lRrST+xydErWphlwzCIBsOW5aMTdOaKlKpzPDjGbL6ATnx7
+pN0z/+giP9s6Rlj/HUhG35HG1lqE5PcjykKA78Ki6Vf8rc+uveu16+SpDMwQ5kZj
+uSjXypevq48Xh/ZcmZho5rLB0sq3cW8taqVxZXyL+HzZhSzra08BXe2FCy48yvsr
+QaVfP5rMDFX+aNiD8Xng8ATNBL+ontY+Y5RNb8NdVljxCBb7E0yBveN6ve574jQG
+Z3qrJ13xwM+zNqBT48dbIpYTN60cLfdmj1jN1yuhNeajdwwwDG7i5ix4Afmwls1R
+MA0Z87Jl/fUDY5ymTSkiNTBq+90vWu7asRp0wSlxNDg3EOko9mbQ6XA1v7NJfV+s
+YtlT2DRNtt1xfA/XKLH7NuIkkf+iiLY5H1o1SJaRSuI8AUI9MFoazob9y+RkS+Pv
+0u7y8U1a45idpqfC0RONKRukMS4xicTC58YcDadlni5HgQq35VC90UMckQz9p+Wa
+Iug=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/lisa.crt b/FLR-BRB/openvpn/home-flr/keys/lisa.crt
new file mode 100644
index 0000000..33e67d3
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/lisa.crt
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 9 (0x9)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Oct 13 13:35:55 2015 GMT
+            Not After : Oct 10 13:35:55 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-lisa/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:af:f3:dd:c0:7e:0b:a2:0d:c2:ba:de:67:bb:5d:
+                    80:43:b0:f9:a4:5b:58:c2:58:53:ce:6f:58:74:18:
+                    67:cf:b2:ee:6d:d0:fc:75:29:8f:cf:b7:b9:5a:2e:
+                    8e:fb:0c:52:55:b7:47:ef:2d:9f:8e:ae:14:e3:84:
+                    ab:d3:b1:d0:24:c8:c3:5c:f7:41:e7:38:0c:95:b2:
+                    bb:93:58:99:17:58:41:20:fe:1e:26:70:60:2c:dc:
+                    2f:c1:a8:f6:20:70:3f:2a:6d:9e:8a:0d:b0:08:13:
+                    09:d7:05:9c:e9:d7:2b:70:62:21:5a:3a:a7:d1:89:
+                    ab:c3:41:d7:a1:f5:0f:2b:f1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                57:37:68:B3:B8:03:AA:98:FC:DA:7D:D3:5D:80:10:FD:08:72:1A:D4
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         78:13:a3:3a:0a:85:d6:ae:98:71:63:d1:4f:7b:99:38:74:a6:
+         89:f6:32:dc:74:e2:da:85:eb:71:1b:39:e7:3f:76:3f:5e:ef:
+         c7:52:85:18:6e:bd:a7:2e:b9:1f:65:54:a1:22:3d:25:86:2c:
+         e3:95:1a:48:5b:b0:e8:00:02:d4:9c:a9:71:2e:5d:54:29:03:
+         bc:38:76:b2:fc:76:13:30:8a:e8:f6:5c:be:98:48:a5:f4:28:
+         ac:0c:13:c9:9b:10:29:18:6a:28:58:bf:f0:6a:7c:00:d8:d5:
+         c1:36:db:aa:12:63:d9:84:f0:1f:36:7a:48:06:11:59:df:71:
+         3d:41
+-----BEGIN CERTIFICATE-----
+MIIEHjCCA4egAwIBAgIBCTANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE1MTAxMzEzMzU1NVoXDTI1MTAxMDEzMzU1NVowgasxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRkwFwYDVQQDExBWUE4t
+RkxSLUJSQi1saXNhMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJ
+ARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK/z
+3cB+C6INwrreZ7tdgEOw+aRbWMJYU85vWHQYZ8+y7m3Q/HUpj8+3uVoujvsMUlW3
+R+8tn46uFOOEq9Ox0CTIw1z3Qec4DJWyu5NYmRdYQSD+HiZwYCzcL8Go9iBwPypt
+nooNsAgTCdcFnOnXK3BiIVo6p9GJq8NB16H1DyvxAgMBAAGjggFYMIIBVDAJBgNV
+HRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlm
+aWNhdGUwHQYDVR0OBBYEFFc3aLO4A6qY/Np9012AEP0IchrUMIHWBgNVHSMEgc4w
+gcuAFFb+8DvjraReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQw
+EgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGWCCQD3/zDpxHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4Aw
+DQYJKoZIhvcNAQEFBQADgYEAeBOjOgqF1q6YcWPRT3uZOHSmifYy3HTi2oXrcRs5
+5z92P17vx1KFGG69py65H2VUoSI9JYYs45UaSFuw6AAC1JypcS5dVCkDvDh2svx2
+EzCK6PZcvphIpfQorAwTyZsQKRhqKFi/8Gp8ANjVwTbbqhJj2YTwHzZ6SAYRWd9x
+PUE=
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/lisa.csr b/FLR-BRB/openvpn/home-flr/keys/lisa.csr
new file mode 100644
index 0000000..ad62dc3
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/lisa.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB7DCCAVUCAQAwgasxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRkwFwYDVQQDExBWUE4tRkxSLUJSQi1saXNhMRQwEgYDVQQpEwtW
+UE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAK/z3cB+C6INwrreZ7tdgEOw+aRbWMJYU85v
+WHQYZ8+y7m3Q/HUpj8+3uVoujvsMUlW3R+8tn46uFOOEq9Ox0CTIw1z3Qec4DJWy
+u5NYmRdYQSD+HiZwYCzcL8Go9iBwPyptnooNsAgTCdcFnOnXK3BiIVo6p9GJq8NB
+16H1DyvxAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQAikmjRYRiEZCsf17X77Cg/
+jedUQ6X8OXkjc+aNNbgp8q/0gOSWRItBplM+aXZfqSrgrJ9Vxp5q8b4noBGh17YC
+oEidiiliY+76jDXMptCE1CHNlUNfArGPmAV/Djgj/NhZN8cfFRjRADvWyWHhKBkp
+MQmDg4x8KOT8ktTfU0inDw==
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/lisa.key b/FLR-BRB/openvpn/home-flr/keys/lisa.key
new file mode 100644
index 0000000..3f9f815
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/lisa.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIe80jIktDmO8CAggA
+MBQGCCqGSIb3DQMHBAhDqmwKeDMxEgSCAoCwonBHI1uQzC/BP30tkTvQL5X/hqBr
+mnW+BROQ7JZB4KPvXb3iO5+StS+sdGcZodN4PZNBr5A0K3SzV4Vle5vuWH48BD1p
+ABt4B0b1slbf2tSYjy9OtXq3TLs/8yZzzLFnMr5nNZyZ49VBDwS9VBVkdU0+dmvo
+RUjyFLDcv8P4FYWQynBt/jgYXcTBzvRg1A6olIPhQKTixZyKAyAaU/emGZZLiDVM
+wW7LJdUclvV8UDvELCc//Q0OJIzG6ul07uMSYlaF8xzH/7IzxZKc3YdBSF5GqoiS
+ZqiRZ6yzNjjivk6h/idvJFua37qyAUmy2jV+mCCFFxHmmObi7ANxErvo+sdPeFJ5
+Go6micONa1xQ81TjdA4LycSavTvdxyxD+ReTqV5mYNDRgBt4/SDtn/kDmMB6KZpe
+NBGTCKh5BpqhDVZ4RME5IFQsAAayNYJyBSOo2fiUhQUVAmgLg3rxXjJ0Ka8ACDl8
+uCnKuTNae3f0Amgw5dRA6D0D8CyI3qwcyGqcrmEU5vondC6jNoiUEYo2sHnHvhMO
+t1QqOtSc7AaJpCRM/ptw42a/MwU5zPhk3hKa4tyCApjlYuujiYPfoG00QsKAkbir
+ea10NZcoiSelx2liYp/Ao/Pq7dzsLdLXVz9/s4iT4OSEahYFW0RO+dvrGfHunNf2
+MJnMdIJ0ixD899L3nbwYoAmOhVRc+Smq4zgrGC88iHEf4X2xknfqmNXf2UGDrw5z
+k2h2shYKHEv6ZJ6YEI576MJOx618qXahuNCjwzxZkFQvIMK/CKIE+g5tqIUDo2AS
+koiu+t+8Ftnony820zNVjiCewxo+aJNGTlXkXXNE1pK8YFEW1tvxmRJK
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/lotta.crt b/FLR-BRB/openvpn/home-flr/keys/lotta.crt
new file mode 100644
index 0000000..0e7c3c7
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/lotta.crt
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 13 (0xd)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jun 10 17:30:36 2016 GMT
+            Not After : Jun  8 17:30:36 2026 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-lotta/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:b6:3a:d8:30:3f:d9:64:c6:75:1f:c5:41:37:25:
+                    53:90:8f:8d:bd:d0:d6:55:a0:13:ca:50:ce:ef:84:
+                    8c:c6:1a:a5:51:64:46:95:be:a8:da:0e:b9:22:a6:
+                    c7:1b:b9:c8:25:e7:77:fb:27:0e:6b:a5:1d:a6:02:
+                    16:bc:af:23:4c:e8:70:ef:f3:73:ad:ce:51:7f:ec:
+                    0e:3a:e0:1e:44:0b:72:53:8e:49:32:3f:30:14:34:
+                    ca:2c:65:5b:b7:9f:88:00:ec:e5:3c:02:0a:0d:bd:
+                    ce:01:30:4e:69:f3:a0:16:0b:89:d1:33:99:b8:8c:
+                    5d:6a:0b:ea:c8:74:70:8c:d5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                EB:01:5B:84:3B:15:BD:99:87:33:8E:3B:6B:9E:4D:DC:89:34:03:0E
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         5f:df:0d:5c:f2:02:37:c2:1c:0d:4b:37:6a:8e:ff:16:47:c4:
+         f8:2b:17:95:e0:a0:7d:44:aa:03:e5:bf:06:12:32:10:27:7b:
+         39:ac:ab:e9:94:e1:91:7a:2a:ea:0b:07:ea:bb:c8:31:a0:4e:
+         64:1e:0e:04:29:90:8b:fc:65:a5:8e:57:24:7e:9b:ed:49:58:
+         b3:c7:cb:e2:11:c7:a2:32:95:b8:56:dd:e0:38:a9:4b:75:65:
+         da:a1:48:e3:72:0a:be:56:af:4b:41:98:ef:8d:e7:c3:74:20:
+         b8:fa:50:95:a8:ce:81:e7:07:d3:5c:41:55:0c:26:4e:c9:0d:
+         e3:97
+-----BEGIN CERTIFICATE-----
+MIIEHzCCA4igAwIBAgIBDTANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE2MDYxMDE3MzAzNloXDTI2MDYwODE3MzAzNlowgawxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRowGAYDVQQDExFWUE4t
+RkxSLUJSQi1sb3R0YTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
+OtgwP9lkxnUfxUE3JVOQj4290NZVoBPKUM7vhIzGGqVRZEaVvqjaDrkipscbucgl
+53f7Jw5rpR2mAha8ryNM6HDv83OtzlF/7A464B5EC3JTjkkyPzAUNMosZVu3n4gA
+7OU8AgoNvc4BME5p86AWC4nRM5m4jF1qC+rIdHCM1QIDAQABo4IBWDCCAVQwCQYD
+VR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBTrAVuEOxW9mYczjjtrnk3ciTQDDjCB1gYDVR0jBIHO
+MIHLgBRW/vA7462kXht+D9Yf5OnVjm8S1qGBp6SBpDCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlggkA9/8w6cR40lMwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeA
+MA0GCSqGSIb3DQEBBQUAA4GBAF/fDVzyAjfCHA1LN2qO/xZHxPgrF5XgoH1EqgPl
+vwYSMhAnezmsq+mU4ZF6KuoLB+q7yDGgTmQeDgQpkIv8ZaWOVyR+m+1JWLPHy+IR
+x6IylbhW3eA4qUt1ZdqhSONyCr5Wr0tBmO+N58N0ILj6UJWozoHnB9NcQVUMJk7J
+DeOX
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/lotta.csr b/FLR-BRB/openvpn/home-flr/keys/lotta.csr
new file mode 100644
index 0000000..731d96b
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/lotta.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB7TCCAVYCAQAwgawxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRowGAYDVQQDExFWUE4tRkxSLUJSQi1sb3R0YTEUMBIGA1UEKRML
+VlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2OtgwP9lkxnUfxUE3JVOQj4290NZVoBPK
+UM7vhIzGGqVRZEaVvqjaDrkipscbucgl53f7Jw5rpR2mAha8ryNM6HDv83OtzlF/
+7A464B5EC3JTjkkyPzAUNMosZVu3n4gA7OU8AgoNvc4BME5p86AWC4nRM5m4jF1q
+C+rIdHCM1QIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAN1F2Dm8oqw/qEd7Qceyg
+m98fAuBGGW+Hbl5AImJJyOKeOqgeuQwkd77mDgf3lDnnRE4nLUS320Q56HT/WsHK
+rpNwKnojeL8uA8vxh34OhWiq05B04/kU8np8xP6bwBykuXLoYjgL24sTHQo2oOTG
+jCqgQAmBIfRujz8BntdupNQ=
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/lotta.key b/FLR-BRB/openvpn/home-flr/keys/lotta.key
new file mode 100644
index 0000000..11d8d35
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/lotta.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI9mlNjmbi05sCAggA
+MBQGCCqGSIb3DQMHBAiYgUZ8YYd0yQSCAoCn2ENyZImHv33524G0rlF7TZhPesAa
+ZL7d1JWTgD2RwKT3AMa3G6ZXf1sDbCGWYQ2VX+zOMCNbtSpZDwIcaP/dbTt3hCre
+DUDxRejgD22q/7phGHazi/NAw2jgSkPUEDCIcBJFevp8v7+z1VYUN8C4MMLNa38l
+zDa7x7225zReH527HC0//3v+NaO/MiY6mu1O65p4kul9QkD7yamnSrYasaIAOUAR
+xcx0VK2jR3YGnV5RC3yj0YZMbuOMTTx0hNL/TMZY4Rs6H0EXbPDFjZdGv5rVbGpq
+crzSJrqs/CZ8l/AoJv/DmwjzHOY7XIqKQBuzxak/DcYvJ4wLFjnpsO7cBhUmLTGS
+GgzmS7s5E5bIKQvkgYZuJBvyi/VWKtK+VzwweCy8nEzOeXTrbsSzZLjmkGFWlDSv
+n82rbSPPpD/8tkkCg/9kNamIdgIJlpxEAMwGLAOeUtGh0iqutdLP1edcv955H9Nc
+5VhpT7TQ7VW990TXgu8AH0d1ajojNo213XMT24voP0zIBKS79LISwArotrOK+OjR
++06WQO5lTsJl5ywcdigV9rOZyG21q3BoObcDdbN7Ooj5QDbG6CTU0FgqvVV+vj0s
+1TA1pdZ1JGc49eXQ77KoannQS5C93iPZzqVNzl628HFuxkXCqgjXDC/B7RCxHABF
+vTEsUx2Bh4tp3lysxlKMf0+EFFyRiuFg8NX7IuPKoD64YheFN5HYB+h1QmLyC5at
+6GMRZYjOmronuF2akE6Wf7bI8zrVN/18+CL3PJzazsPx6LFip0mergUGRpkVrkJo
+mZ9ZC/zonFbp1rdwN8psiC/ghs25HvnM1XHPZlXnuqjLhL54WUoGWGUX
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/mariusz.crt b/FLR-BRB/openvpn/home-flr/keys/mariusz.crt
new file mode 100644
index 0000000..2c05522
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/mariusz.crt
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Oct 29 15:02:57 2014 GMT
+            Not After : Oct 26 15:02:57 2024 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-mariusz/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:a8:7e:61:36:b1:2f:4f:24:75:68:ff:ac:85:a2:
+                    10:eb:1d:ad:d3:82:81:34:ce:ab:d8:94:e6:14:39:
+                    95:c6:84:ea:72:59:28:11:4b:80:a6:90:13:62:23:
+                    75:89:f5:2f:d1:19:21:7d:65:1d:18:f0:b1:61:2d:
+                    69:68:2a:e9:4d:85:72:4f:83:ca:ef:75:2a:d7:65:
+                    e1:3a:d5:82:fc:1d:95:19:0b:a0:a3:3e:9b:75:74:
+                    23:71:53:5c:06:de:d7:9c:bc:72:56:db:47:a5:dc:
+                    d8:6f:78:a8:5e:4d:6f:77:d4:a7:4a:0e:e7:67:f2:
+                    64:7b:ba:c1:51:b1:0e:17:e3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                1F:79:F0:09:41:57:66:6C:A7:D4:F5:7A:60:9D:BA:17:0C:04:7A:45
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         69:7f:24:d6:65:ae:ae:1d:d3:0a:31:df:42:3c:b8:75:5b:aa:
+         fc:3d:5d:b2:85:41:6a:a4:69:7f:e3:cd:22:f2:04:10:19:d0:
+         ca:67:91:7d:22:5d:d5:42:4f:0d:84:d0:99:1b:59:29:43:3e:
+         58:11:9a:0a:fd:70:de:08:82:91:dc:43:3f:4b:87:c1:fe:39:
+         50:cb:35:58:66:08:c2:c9:f9:b9:c7:3a:3e:f8:83:bf:1e:2c:
+         ad:a9:cc:42:ce:98:ad:df:0d:8c:bc:3c:c3:81:fa:44:f4:9b:
+         2a:3e:20:74:8f:3e:4a:fd:be:01:5b:5c:ac:a5:c1:ce:13:2b:
+         cb:78
+-----BEGIN CERTIFICATE-----
+MIIEITCCA4qgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE0MTAyOTE1MDI1N1oXDTI0MTAyNjE1MDI1N1owga4xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNWUE4t
+RkxSLUJSQi1tYXJpdXN6MRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AKh+YTaxL08kdWj/rIWiEOsdrdOCgTTOq9iU5hQ5lcaE6nJZKBFLgKaQE2IjdYn1
+L9EZIX1lHRjwsWEtaWgq6U2Fck+Dyu91Ktdl4TrVgvwdlRkLoKM+m3V0I3FTXAbe
+15y8clbbR6Xc2G94qF5Nb3fUp0oO52fyZHu6wVGxDhfjAgMBAAGjggFYMIIBVDAJ
+BgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2Vy
+dGlmaWNhdGUwHQYDVR0OBBYEFB958AlBV2Zsp9T1emCduhcMBHpFMIHWBgNVHSME
+gc4wgcuAFFb+8DvjraReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJE
+RTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8u
+b3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNB
+MRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGWCCQD3/zDpxHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMC
+B4AwDQYJKoZIhvcNAQEFBQADgYEAaX8k1mWurh3TCjHfQjy4dVuq/D1dsoVBaqRp
+f+PNIvIEEBnQymeRfSJd1UJPDYTQmRtZKUM+WBGaCv1w3giCkdxDP0uHwf45UMs1
+WGYIwsn5ucc6PviDvx4sranMQs6Yrd8NjLw8w4H6RPSbKj4gdI8+Sv2+AVtcrKXB
+zhMry3g=
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/mariusz.csr b/FLR-BRB/openvpn/home-flr/keys/mariusz.csr
new file mode 100644
index 0000000..4db3d9c
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/mariusz.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB7zCCAVgCAQAwga4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRwwGgYDVQQDExNWUE4tRkxSLUJSQi1tYXJpdXN6MRQwEgYDVQQp
+EwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKh+YTaxL08kdWj/rIWiEOsdrdOCgTTO
+q9iU5hQ5lcaE6nJZKBFLgKaQE2IjdYn1L9EZIX1lHRjwsWEtaWgq6U2Fck+Dyu91
+Ktdl4TrVgvwdlRkLoKM+m3V0I3FTXAbe15y8clbbR6Xc2G94qF5Nb3fUp0oO52fy
+ZHu6wVGxDhfjAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQCVqvJmWukFcfww70l5
+Zeg0EYraXlDr6WBjnrX215DYgQST+fr8D7kHJGwCu8WPmQ6iBClETN4z4Xet7rdh
+ulCjHjqBRkq98YDIqyFe28jR5jrabSQQ5jQkrDAH7Q1InM5SY4Lod9wwKswZ/qxn
+JO2PuvaJCTf62wTzFy+9qTo55w==
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/mariusz.key b/FLR-BRB/openvpn/home-flr/keys/mariusz.key
new file mode 100644
index 0000000..d98dde7
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/mariusz.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIAAVGJP+e1OACAggA
+MBQGCCqGSIb3DQMHBAhDJW6A+tMe2wSCAoAoMnnowPrVmNNKgdYKjKkE/xxwjLBF
+xfIrD/OGIwi5vhb5dmbqferjd7tyLblJ39Ergf2PwGbztH4JvuWY/J0139fieZO+
+R1y49DJIDzyHQBC7CwJu+EzAzgFd+EJIpERJjYgsrh5KsyGwkS3BnhWehDaHJ3NU
+znF4J+hJVNbwcjEkSUv5ScvpyYSGlP0ahuw11WE1u24A/DTtQuQd7n5Zerus0daj
+V+pKrKttX5+MFKOICcpP52KyiUAWBHt6KLbYAXNznKieKDcBeJ6NrLfOIZ0z5+Ba
+HrgJCcGWy++4V/7wAADucFfP8Cur/8IzmTiDIy/EsHxsqrqOgqtPrNTeVStEad7q
+L0l1GJe60SChXMLPu7f+UsRVJ/ecQRWAtMFXzSOMIiZiBcdx3ggO4KM+ChRSMorz
+sx/vQZdym/axRnliA/q/pUW3mB7LRtnWoXRVahP7lw5hN864XxyNem7on3Qr9kp6
+iq3JaiZ2FORKkcH02MfHm999aZtzNAOHhfGDycpmafqxxAyX7WyyMHIHuKu0Jh1y
+amE/NOGBftup4YYP2h8kDlUS+JCamq3jDIlUYC4XHvB4eNWguNNF6Rn/J8+GdTga
+5TAhIsHeTQHBKSKHlB8AjHC/IV2Ea3zg/T653xqoVxqD8uSi+UmFRZkSEPuZN9jM
+WIjWOsLIKB8XFxy3lMLAyBevZHaWbS1CdWWRXAvu7NxDugxIqbX62y+ZCyYO2K0g
+E5rRNX1v9HEIczGrWVLky9xw1zA28mjvzoZsg/fYOjGdb9PtFC5uiYZw7lkMfBYt
+x7kXYB60gnSziQr7e3L3XZufvZ3z6hEe/uIbid2eNH5VnnEVEwnYu1MW
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/revoke-test.pem b/FLR-BRB/openvpn/home-flr/keys/revoke-test.pem
new file mode 100644
index 0000000..9f8af62
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/revoke-test.pem
@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIDzjCCAzegAwIBAgIJAPf/MOnEeNJTMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLUNBMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwHhcNMTIxMTExMTgyMzU5WhcNMzIxMTA2MTgyMzU5WjCBoTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNV
+BAMTBlZQTi1DQTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIdp+t
+lUB/nx3JqiZiBEkyTK2m+uH/hes4wYTpmbRY2x1YJtwQegX/sfxuu0n1xA42gON0
+eOBc2v/MmKzrGP+VP2VxWBhR/VnJsPeFTJJvD6ioM+jc9xNeZFNgHibRw4vzipyK
+ALQJK6gJ3COvhb3YWOul3njUGgZZkaikPMuTQQIDAQABo4IBCjCCAQYwHQYDVR0O
+BBYEFFb+8DvjraReG34P1h/k6dWObxLWMIHWBgNVHSMEgc4wgcuAFFb+8DvjraRe
+G34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtWUE4t
+RkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDpxHjS
+UzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADPFDfqCtYtsS/NxGVYc
+hgxKsA9S/kBifNbde0e6nmPBgufW+O3uPrkvg7Wx2EayxMhX/dVrAYm8NSNCdWXV
+5ra0lu6cTI8rwWt404e0F/o0v6u+5eWHFxSF0lDJIVhwvvVoiAUJQw8h+BlI5PYO
+JcHZCQoQE1/RE6Xp+0xgTXvW
+-----END CERTIFICATE-----
+-----BEGIN X509 CRL-----
+MIICHzCCAYgwDQYJKoZIhvcNAQELBQAwgaExCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBuZXR3b3JrIHNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQ0ExFDASBgNVBCkT
+C1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZRcNMTcw
+OTI4MDEzNjEzWhcNMjcwOTI2MDEzNjEzWjCBtDASAgEFFw0xNzA5MjcxNDUwMjla
+MBICAQYXDTE3MDkyNzE0NTAzNVowEgIBBxcNMTcwOTI3MTQ1MDAzWjASAgEIFw0x
+NzA5MjcxNDQ4NTFaMBICAQkXDTE3MDkyNzE0NTAyMVowEgIBChcNMTcwOTI3MTQ1
+MDQ0WjASAgEMFw0xNjExMTgwMTQ0NDdaMBICAQ4XDTE2MTExODAxNTcyMVowEgIB
+EBcNMTcwOTI4MDEzNjEzWjANBgkqhkiG9w0BAQsFAAOBgQCIMVV2OOJx1+9IGDZ5
+CDctK7rmuKAs1S7/633UeY260hMdkcoB+4y/6eZb95kVvGg79JkVUoNOm24oywZg
+o/ehuXFdTCHXbjXdFCD2NHAYaO3HzV/mTGnJDy1yBAdqkYnKZGYxH8LRL7sa7kBy
+CL3D/j5RQpp/NW5Fr//CNzV7Pg==
+-----END X509 CRL-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/sabrina.crt b/FLR-BRB/openvpn/home-flr/keys/sabrina.crt
new file mode 100644
index 0000000..77c73be
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/sabrina.crt
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 11 (0xb)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr 22 11:39:45 2016 GMT
+            Not After : Apr 20 11:39:45 2026 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-sabrina/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:a2:73:e9:c5:a4:41:5c:75:bb:c2:bc:ad:71:a0:
+                    ca:9e:74:68:5e:dd:92:bb:b4:2e:bd:7e:ea:fd:b2:
+                    fe:b9:f7:3d:da:02:2e:05:db:e9:f0:23:97:93:b3:
+                    74:c7:4d:2f:01:8a:1d:0e:a1:63:14:b8:b4:f1:a1:
+                    4e:0d:ff:61:1b:76:75:49:2f:93:ef:8a:57:6d:bb:
+                    44:c0:b3:d0:3e:94:b6:33:21:ec:c6:26:75:db:dd:
+                    84:2c:2e:16:68:4e:39:70:19:3c:56:a8:94:8e:a1:
+                    ea:b1:a7:62:a9:e0:03:47:ea:28:e6:9b:9f:50:dd:
+                    f8:5c:0e:38:55:d1:19:c4:a5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                45:86:60:2C:D6:88:E4:17:AB:C6:80:90:AA:90:A6:00:8A:D2:11:F1
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         a3:a8:fb:c0:30:a6:4c:92:c7:26:68:84:5a:38:22:f1:c1:ef:
+         af:37:47:6f:31:55:95:aa:3b:91:04:a4:7e:cd:95:63:58:84:
+         64:8b:fd:8c:0c:82:97:1b:be:e9:fb:0d:6e:98:37:1c:52:23:
+         f6:f3:16:8b:89:ed:c9:bc:bc:be:6b:dd:ab:e4:69:9a:67:77:
+         e3:15:b5:c8:05:f3:d3:d5:11:7e:02:5d:5d:14:29:ab:16:5d:
+         f1:bf:01:ee:6b:da:13:a3:47:e2:51:b4:8d:c1:f1:91:fb:f4:
+         a2:fd:88:00:2a:d1:84:eb:22:b5:d5:0a:2d:c0:2e:b3:c7:0b:
+         20:db
+-----BEGIN CERTIFICATE-----
+MIIEITCCA4qgAwIBAgIBCzANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE2MDQyMjExMzk0NVoXDTI2MDQyMDExMzk0NVowga4xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNWUE4t
+RkxSLUJSQi1zYWJyaW5hMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AKJz6cWkQVx1u8K8rXGgyp50aF7dkru0Lr1+6v2y/rn3PdoCLgXb6fAjl5OzdMdN
+LwGKHQ6hYxS4tPGhTg3/YRt2dUkvk++KV227RMCz0D6UtjMh7MYmddvdhCwuFmhO
+OXAZPFaolI6h6rGnYqngA0fqKOabn1Dd+FwOOFXRGcSlAgMBAAGjggFYMIIBVDAJ
+BgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2Vy
+dGlmaWNhdGUwHQYDVR0OBBYEFEWGYCzWiOQXq8aAkKqQpgCK0hHxMIHWBgNVHSME
+gc4wgcuAFFb+8DvjraReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJE
+RTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8u
+b3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNB
+MRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGWCCQD3/zDpxHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMC
+B4AwDQYJKoZIhvcNAQEFBQADgYEAo6j7wDCmTJLHJmiEWjgi8cHvrzdHbzFVlao7
+kQSkfs2VY1iEZIv9jAyClxu+6fsNbpg3HFIj9vMWi4ntyby8vmvdq+Rpmmd34xW1
+yAXz09URfgJdXRQpqxZd8b8B7mvaE6NH4lG0jcHxkfv0ov2IACrRhOsitdUKLcAu
+s8cLINs=
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/sabrina.csr b/FLR-BRB/openvpn/home-flr/keys/sabrina.csr
new file mode 100644
index 0000000..242b1f0
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/sabrina.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB7zCCAVgCAQAwga4xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRwwGgYDVQQDExNWUE4tRkxSLUJSQi1zYWJyaW5hMRQwEgYDVQQp
+EwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKJz6cWkQVx1u8K8rXGgyp50aF7dkru0
+Lr1+6v2y/rn3PdoCLgXb6fAjl5OzdMdNLwGKHQ6hYxS4tPGhTg3/YRt2dUkvk++K
+V227RMCz0D6UtjMh7MYmddvdhCwuFmhOOXAZPFaolI6h6rGnYqngA0fqKOabn1Dd
++FwOOFXRGcSlAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQBSJGUxjwVbWWFQvEoE
+FZxRiacZHDHl5Xjrir1m4+pJFvB4Z8Vr4OglsJuDZ0Nw/EHmrqhelJhhdhuczkoV
+jOjMTYTKbR6Td0GMetdDzlaTZ6QuGkH3sH9fbBbFSbjSfrTPUExU/5o5gp8RqPfV
+M6WzaaZRfRjZocaikmJsxyhe+g==
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/sabrina.key b/FLR-BRB/openvpn/home-flr/keys/sabrina.key
new file mode 100644
index 0000000..0817995
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/sabrina.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIW3xdJ2HlrIUCAggA
+MBQGCCqGSIb3DQMHBAjQ48UTmm8rEwSCAoC1hWqb+HyFaeAH/46FnDybUOCFTQ5y
+fOByIpU4cKpZy+ZseVfga04aLC7YPvkgFZIRI0pI250dly1cxhmAOtWwtKIaLtRw
+wMe4O1mthg70zOqwbxv3gZmXnv7Cszh4ickWAxHEnfzC+yxqIzgMu0CK/IIVtGGu
+HKb8ruPXgxYiaEhaPt2A9B5LM47ZWhUd00WKD+q9MbUeycwGxFC7JMg2qhejthJu
+bE3q5I5EjynHLePVTgMT+LN/0uvbOe7BQAfeNOitMkAc/eiwFKYSVUEqjt9qYoE3
+TXLo3wlQXHmXuuWYeyL0rP7H+U522jVHHWdKFbw/wS0Wf1O5sjRiNtBhWwM3n9CE
+yVWIkCX9SjsKQYZVAKA0bPyRiuofBHhsBZrW9doOllCSiPURwhn5SheQo/fMw3xX
+TjTPGBCVPUwL4Out1SHat6DVsj7Yhb1wy0qOcr1gNYDox+JxVjCR46HGzMm+GaVn
+uQVOxpRO/NxQCit2/8pRNcLBd7LICLAMs6z+VuF2Tbwx9aNLeYqwqCjfYiYmHJfB
+DtfKkUT36ynvw570FEpOgXtR7NWuIOSj20IOk2HMzDKIUVjBKylHyULyYISb+hLG
+alOMBdITEb1ll5CsVuGoJBowsTOqhrjpi5dn+lPG3AHAvFSZh9jCRckWABOTt7Oc
+FOT1n80riMduSbIqqRyfkpzgXm1Glsa3sHxQHqhMkasjwYJYjGxgHVVArBVauQc5
+syAYEuMtSNr0fuqZlR9LgUW4dGWv3dVjCx1FpQ8Yix7lgQhsYC8q2BSHr8jbV2+y
+9fGqSPUq7eBb8RzVxrCK76xOZmXciGHeKpFalhqSgIuz33ErRwUXSrXq
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/serial b/FLR-BRB/openvpn/home-flr/keys/serial
new file mode 100644
index 0000000..b1bd38b
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/serial
@@ -0,0 +1 @@
+13
diff --git a/FLR-BRB/openvpn/home-flr/keys/serial.old b/FLR-BRB/openvpn/home-flr/keys/serial.old
new file mode 100644
index 0000000..48082f7
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/serial.old
@@ -0,0 +1 @@
+12
diff --git a/FLR-BRB/openvpn/home-flr/keys/server.crt b/FLR-BRB/openvpn/home-flr/keys/server.crt
new file mode 100644
index 0000000..bcfb047
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/server.crt
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov 11 18:29:25 2012 GMT
+            Not After : Nov  6 18:29:25 2032 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA-server/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b8:f5:73:7b:83:be:ce:17:23:57:29:d3:29:c9:
+                    44:4c:bd:83:39:1f:0f:12:35:87:9c:87:c6:a0:47:
+                    00:77:28:0a:84:23:36:98:fd:a9:ce:80:d6:3f:a6:
+                    59:9d:7a:a9:bf:11:08:c9:37:54:30:0e:5a:b9:1c:
+                    91:b6:d9:2c:c2:b1:34:9d:76:58:f7:bc:8b:44:eb:
+                    4c:d4:69:58:14:cd:02:ca:d5:34:bc:1a:78:c9:8e:
+                    2c:89:65:01:28:0b:39:39:f5:23:51:93:0b:ac:76:
+                    d2:ec:ed:16:45:7f:c8:b1:b6:bf:86:c8:40:20:e3:
+                    52:98:a5:43:ac:90:d3:e6:89
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                2A:A7:8E:B5:AA:B6:80:DC:14:3D:8A:E7:71:3D:50:BF:EC:84:10:52
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: sha1WithRSAEncryption
+        6e:26:e1:ae:74:b2:9b:f8:fc:61:9f:4e:b3:92:cc:4d:bf:5e:
+        50:70:90:cf:ce:e2:e4:aa:de:b7:3c:18:ce:2d:c3:ef:fd:94:
+        59:ed:cf:be:36:d6:d5:16:f2:86:fe:2d:ed:2a:d6:3f:19:8f:
+        83:9f:ea:84:75:06:c3:6f:7c:37:ef:5b:e4:be:9f:13:92:be:
+        43:e7:53:25:f5:c8:85:30:5e:e8:2d:f0:b6:ed:e1:e1:20:86:
+        06:1e:9d:29:94:fa:36:78:c4:9c:0c:12:56:31:93:8c:83:4d:
+        67:49:df:61:f4:4a:15:51:3d:d2:a1:e1:9e:18:37:8b:fe:19:
+        f6:21
+-----BEGIN CERTIFICATE-----
+MIIENTCCA56gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTEyMTExMTE4MjkyNVoXDTMyMTEwNjE4MjkyNVowgagxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1WUE4t
+Q0Etc2VydmVyMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALj1c3uD
+vs4XI1cp0ynJREy9gzkfDxI1h5yHxqBHAHcoCoQjNpj9qc6A1j+mWZ16qb8RCMk3
+VDAOWrkckbbZLMKxNJ12WPe8i0TrTNRpWBTNAsrVNLwaeMmOLIllASgLOTn1I1GT
+C6x20uztFkV/yLG2v4bIQCDjUpilQ6yQ0+aJAgMBAAGjggFyMIIBbjAJBgNVHRME
+AjAAMBEGCWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0Eg
+R2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUKqeOtaq2gNwU
+PYrncT1Qv+yEEFIwgdYGA1UdIwSBzjCBy4AUVv7wO+OtpF4bfg/WH+Tp1Y5vEtah
+gaekgaQwgaExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
+BkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZp
+Y2VzMQ8wDQYDVQQDEwZWUE4tQ0ExFDASBgNVBCkTC1ZQTi1GTFItQlJCMR0wGwYJ
+KoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJAPf/MOnEeNJTMBMGA1UdJQQMMAoG
+CCsGAQUFBwMBMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQUFAAOBgQBuJuGudLKb
++Pxhn06zksxNv15QcJDPzuLkqt63PBjOLcPv/ZRZ7c++NtbVFvKG/i3tKtY/GY+D
+n+qEdQbDb3w371vkvp8Tkr5D51Ml9ciFMF7oLfC27eHhIIYGHp0plPo2eMScDBJW
+MZOMg01nSd9h9EoVUT3SoeGeGDeL/hn2IQ==
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/server.csr b/FLR-BRB/openvpn/home-flr/keys/server.csr
new file mode 100644
index 0000000..0029077
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/server.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB6TCCAVICAQAwgagxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tQ0Etc2VydmVyMRQwEgYDVQQpEwtWUE4t
+RkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBALj1c3uDvs4XI1cp0ynJREy9gzkfDxI1h5yHxqBH
+AHcoCoQjNpj9qc6A1j+mWZ16qb8RCMk3VDAOWrkckbbZLMKxNJ12WPe8i0TrTNRp
+WBTNAsrVNLwaeMmOLIllASgLOTn1I1GTC6x20uztFkV/yLG2v4bIQCDjUpilQ6yQ
+0+aJAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQCAnm0CcWJhAp+norLfCHhyM3QM
+UT5qbmsfivvtMwnRWvziFqlmR6Y3auDdBZh5HE8IwKFQJeYsIH5cpWSPbbx7siMU
+XA8IVRX+sesOd4VkTrM9AWEcgRt0IeWAJ31sQV7OUkl2iE9LauMZO5I1d4Krbe/z
+US1y+TD2uRNBARNMZA==
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/server.key b/FLR-BRB/openvpn/home-flr/keys/server.key
new file mode 100644
index 0000000..fc1a215
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/server.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQC49XN7g77OFyNXKdMpyURMvYM5Hw8SNYech8agRwB3KAqEIzaY
+/anOgNY/plmdeqm/EQjJN1QwDlq5HJG22SzCsTSddlj3vItE60zUaVgUzQLK1TS8
+GnjJjiyJZQEoCzk59SNRkwusdtLs7RZFf8ixtr+GyEAg41KYpUOskNPmiQIDAQAB
+AoGBAKSRgJc9ueAVplQ/2qsrcaH2XXPNttM03dzg0lJ52mgrMHAyBLpLuXMMH5Wy
+pboBElf3CCJBIJ9BpmdejChtQ+zUDCpD/OhFY87z5hU6fh+WSePv6sHa4PgtbsBA
+dsOE/QSJ6/6q1v6JPp339UFAbK+SJ2GKZN1eiG2UL9stV7gBAkEA3I5AqhjeCX7t
+25EwJsRrDLo935Wgw6WaleV99RlEdNNfPHouuCGlkhRq2PcHr0SziENR4EAb0iy9
+xAn+JXfMYQJBANauupJEwLoN+MMBdUPckOahJvV8nBrKP8zNSfTqOYNcFXvu9HcB
+BoGS5AnaOPpasKx4ZbecGbQV9koS8fhcCykCQQCUg21jnG8W8dN0wCUuVaDH5zj2
+ryib1Y1sViYkvqjsCdDdRmDjODTnUrxH8L/J83b40Gv3lvOk6N+3fAsYa7zBAkEA
+izTBxhbO4dYteEV5xIdBbksQ+B3VG4oJ1MNJMYavxH3xcGuCGaiQj3SwabMXPz+P
+UEbBrk2KXTvgeCfQvzrwAQJAfduhdRzgJ0lBnqHR7Sq/fxTpFsH5VwBwLuIg+W94
++rWVAzO4E2/RGD//PfGb2PwgGlXxlfdIbJG4Ru0gG7NfyA==
+-----END RSA PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/ta.key b/FLR-BRB/openvpn/home-flr/keys/ta.key
new file mode 100644
index 0000000..99d6559
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+670c1735182a2aa7373f3913f4bb9922
+1011f52b6004f688f702ee2eebf789de
+8e9a7cbbe597de15dcd0944cc77c63bb
+247ef4ec6beb0ab1ad0e68fd3224d9c3
+50f3536eb45f0582ab3deb4a84144e08
+4ab82c010550262a803f617826443ed5
+34ace631dd1115372b4b6d91523ebf9d
+5212960ff14b16776359a2c4a8a78672
+c6dd16d8e3bead764da1f39a267a5d2c
+e798d3f52e0d8ceb7cafde530cbff390
+7a099224465c3bde210bdc7e713dae1c
+05e190846e0bc7cc8e4c79427516eed3
+b580385daaef259dd823e67970ffd9f3
+125c3b6217f6622652f76f1da0ea96e5
+b9724b6abd8384f45f11d9b41a9afa7b
+34d1a506ef314806f46e64d46f4b53a7
+-----END OpenVPN Static key V1-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/test.crt b/FLR-BRB/openvpn/home-flr/keys/test.crt
new file mode 100644
index 0000000..8cd6938
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/test.crt
@@ -0,0 +1,88 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 16 (0x10)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr 20 13:38:03 2017 GMT
+            Not After : Apr 18 13:38:03 2027 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-test/name=VPN FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:cc:ff:52:dc:42:3e:ec:5d:ed:35:cc:b1:a8:bd:
+                    0b:a9:79:52:0d:40:d4:37:90:cf:f5:34:f8:7b:3b:
+                    8b:ce:a8:58:53:f5:ce:20:67:00:d3:97:ae:ff:1f:
+                    4f:be:05:8f:68:4d:40:a9:2f:01:86:72:dc:8a:73:
+                    67:d0:f1:e1:00:5f:58:0c:62:d6:5b:62:11:65:62:
+                    7e:a6:46:99:ef:3c:66:7d:c7:dc:e0:68:1d:f2:58:
+                    cf:d7:0e:9a:9f:d2:e9:f6:9d:11:0a:35:ae:47:27:
+                    f9:63:de:8b:cc:7f:64:ff:67:dc:51:b6:11:ca:18:
+                    94:ac:b9:b1:81:cc:22:89:fe:ea:77:46:38:34:b3:
+                    de:b0:be:cf:15:7c:c2:ee:22:d7:da:27:93:c7:42:
+                    45:37:64:48:4a:7c:4b:d1:02:c4:70:a0:91:30:cc:
+                    3b:88:29:69:34:7c:67:a8:b2:3c:fc:37:bf:34:a2:
+                    2e:db:7c:94:f2:05:b9:45:46:49:26:b8:5a:57:ea:
+                    00:5a:db:f0:35:62:9c:3c:38:af:d8:5f:c8:1b:f7:
+                    08:a6:7b:15:63:d8:3d:7a:5b:18:69:ba:a1:0b:01:
+                    a8:17:7a:e3:48:0b:5e:da:9d:0e:c7:04:49:55:9a:
+                    15:2b:ce:c8:47:8e:c8:81:eb:f3:39:64:5d:10:32:
+                    8b:c7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                A0:88:26:03:2B:48:AB:B4:04:E2:70:30:D5:A4:10:4E:46:64:D4:68
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:test
+    Signature Algorithm: sha256WithRSAEncryption
+         4a:a3:e6:d7:e9:ef:5f:73:5c:58:bb:64:4e:a2:76:27:30:4c:
+         6e:84:1f:a0:2b:1a:0b:eb:b9:4d:31:e4:2e:3b:d5:92:a0:13:
+         ac:fc:33:c7:1c:86:ef:d9:77:8f:88:f7:26:89:f5:ab:78:a5:
+         84:b4:c5:db:45:5f:61:17:ed:0c:d6:7a:99:73:fb:05:dc:8d:
+         77:70:c3:0b:4c:eb:cc:30:9c:85:45:9f:e8:15:5d:45:d2:67:
+         85:da:d0:5f:c2:23:41:e4:25:65:a1:a1:68:42:ad:50:3d:ff:
+         34:f1:73:93:d8:2d:0c:48:4d:85:b8:fc:7b:c3:76:ff:71:43:
+         8b:03
+-----BEGIN CERTIFICATE-----
+MIIEszCCBBygAwIBAgIBEDANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE3MDQyMDEzMzgwM1oXDTI3MDQxODEzMzgwM1owgasxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRkwFwYDVQQDExBWUE4t
+RkxSLUJSQi10ZXN0MRQwEgYDVQQpEwtWUE4gRkxSLUJSQjEdMBsGCSqGSIb3DQEJ
+ARYOYXJndXNAb29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDM/1LcQj7sXe01zLGovQupeVINQNQ3kM/1NPh7O4vOqFhT9c4gZwDTl67/H0++
+BY9oTUCpLwGGctyKc2fQ8eEAX1gMYtZbYhFlYn6mRpnvPGZ9x9zgaB3yWM/XDpqf
+0un2nREKNa5HJ/lj3ovMf2T/Z9xRthHKGJSsubGBzCKJ/up3Rjg0s96wvs8VfMLu
+ItfaJ5PHQkU3ZEhKfEvRAsRwoJEwzDuIKWk0fGeosjz8N780oi7bfJTyBblFRkkm
+uFpX6gBa2/A1Ypw8OK/YX8gb9wimexVj2D16WxhpuqELAagXeuNIC17anQ7HBElV
+mhUrzshHjsiB6/M5ZF0QMovHAgMBAAGjggFpMIIBZTAJBgNVHRMEAjAAMC0GCWCG
+SAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFKCIJgMrSKu0BOJwMNWkEE5GZNRoMIHWBgNVHSMEgc4wgcuAFFb+8DvjraRe
+G34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtWUE4t
+RkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDpxHjS
+UzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIE
+dGVzdDANBgkqhkiG9w0BAQsFAAOBgQBKo+bX6e9fc1xYu2ROonYnMExuhB+gKxoL
+67lNMeQuO9WSoBOs/DPHHIbv2XePiPcmifWreKWEtMXbRV9hF+0M1nqZc/sF3I13
+cMMLTOvMMJyFRZ/oFV1F0meF2tBfwiNB5CVloaFoQq1QPf808XOT2C0MSE2FuPx7
+w3b/cUOLAw==
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/test.csr b/FLR-BRB/openvpn/home-flr/keys/test.csr
new file mode 100644
index 0000000..9bff903
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/test.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC8TCCAdkCAQAwgasxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRkwFwYDVQQDExBWUE4tRkxSLUJSQi10ZXN0MRQwEgYDVQQpEwtW
+UE4gRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM/1LcQj7sXe01zLGovQupeVINQNQ3
+kM/1NPh7O4vOqFhT9c4gZwDTl67/H0++BY9oTUCpLwGGctyKc2fQ8eEAX1gMYtZb
+YhFlYn6mRpnvPGZ9x9zgaB3yWM/XDpqf0un2nREKNa5HJ/lj3ovMf2T/Z9xRthHK
+GJSsubGBzCKJ/up3Rjg0s96wvs8VfMLuItfaJ5PHQkU3ZEhKfEvRAsRwoJEwzDuI
+KWk0fGeosjz8N780oi7bfJTyBblFRkkmuFpX6gBa2/A1Ypw8OK/YX8gb9wimexVj
+2D16WxhpuqELAagXeuNIC17anQ7HBElVmhUrzshHjsiB6/M5ZF0QMovHAgMBAAGg
+ADANBgkqhkiG9w0BAQsFAAOCAQEAVQhA2xsdq1dzv16TeFdgaiKLELyrTYWIpQby
+EDkFMhfBydCNTPtJW1BnLQo4aE/qAIHEfOhNisWGb4x47H0JYmRgc+s/ptC/W2k9
+D+fWircRP4l8K1cRabkySC0T3htsFBYX2y5nrWhYNziGrVjHr49Mnhauc4GwlJDe
+7InccVyoIjyi+bTod+8u2lcXvu4S7axUn2AggivMwIKyzaK4eKfhCFOAhDozMulm
+MSQ/0jFOkxAXeoeIVaOJtiIyTinJnAI009kWum7byMnuGEKD1q+rmVmPGZhUeY7P
+AFb3fdkTJ/3j+BV1PLhGVi1wmoVA5TnjeDbciTzxviEUl2C46g==
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/test.key b/FLR-BRB/openvpn/home-flr/keys/test.key
new file mode 100644
index 0000000..0546f7c
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/test.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIKPJGM3vEsM4CAggA
+MBQGCCqGSIb3DQMHBAg6sLjACW756wSCBMjdKZ9VPQDw0PZe6H7LBYhuJ+SwGaym
+2p/9poiUWc2VazngtZWIfVe5+Cs/TafC5Ve7KrYlewlUBP/ijZ5n/jYR0Hjlpqop
+9AkAOmORj2a8qjqn/+bPeXWPPgRKpqQVTXpm+PORhs16ufsWMlDROVHt9EP2SyAn
+IuuAGguAAFlKgX3p55gIVKkYnUYfupifZT/Yj0BI5JI3EecokS8X695mZ9WI8eOZ
+JmLnZz/Il+406Vgfe1UI1iXyO6VgItvfAKUk1N+a6xgIiKz3uSv3ILaXMgaQgNYW
+ymDOzXSMSAdmBDWXy69eMu2bY1UB08xknz9ybfglDvqMNzp2bSdRNJ5+1M7evpe4
+hiP2DbqlruHLjoL7PqCCP2cWFSdqXG2L6ZXhZfQWcxq4FxPU7tmhf4pAKNiHKgHe
+t1YbDB3smoYN2/Rbo4nrhQlE+LqlfRxdET7MDcGo8n5VifZlFJ1S6vwQuk9/8tGB
+nTUtnGlQxaDhuqpBqYkj03qMiDN1PK25VCWl9dERrY0djP2FyiM15MMSvcjfqjl2
+nibepTlFKbBnrDS1wVBTB8wiLXXwvXXktAEoE+fy2F9MSbsD7BQvwYS17TjE46FU
+XlrME2iLA99oOgdd8eWZ62ekHHBwrG0QfZP2gY+ZrFafoT2xwk9Jz+uttzn8okD4
+yM41+5nS0MfmstiniyvFvLcMJfQJZ3hImr5tGRvNUZusxRFuqUk+jHqrDpsMHzge
+QOfV5OqmIMiXug9ekFTmhhQRGKLXE3dCaONEHdJZA4JAxol2zwD1WMQLYZNjEZP3
+K1XirzFt7dEVEJEgwxrPCg9aFw81I/LCp0/3OdomHYVQvmPSiCdjRoWP8PXKuV2I
+JaAqExmfZ5I3iQLVBfYSUrf8U8Srv6c7nkSnrVbr3kDuVJVMu2aRKxnpDcCDcg7I
+SJCrnCnyH2tgNxmA4NVTgXN7Evg6CaDfwtJnpZFFFY6kyHfre+MEbf2KGRsqOO/R
+Tlan2tLGYAvmeHL2WXvnRPBmqMg2WA2Wc2Jp/8ov0lsBp2c8yW/63GPGx1tn2304
+z8l+9tZ9qg3NSrQho+6U1/k7tsiz12Aep9MKI4O48Uzw7MIjragXYl2t5VoDvS4I
+0ZuvOHX5QSa/XR2xow+c4+5UYd8gDfdcb3Zbe0XDTy0Nvc8KCRD1ykaMBSf2yMgx
+YxwqDndgtsTEYKwQTybaE3rYxDbzPcwsQMRzMWNFnsox7Znm2ZiC4d/a8lmsUq5L
++sFTJe7+JnEzMiwZtjJ4kRdBWtiAkS1DXBRdd/wziceTA9/liwvIE6UlcKYpNDy/
+tr425PCpinp639OnNO46pGG81RlH7g4xuCbSpT+1kHCJAHdgN3M0bkoKZYZaaHsH
+j97guG/GZUWkA+VpkzR1ShL1i+sWOI2Aipg+TKnu55N4OEP9JhT6rrGWp/Aoez4Z
++vvk/twj3yWfPvTQo7CeHcK+iN9pngp5rgU+mugsJuUiEyKSqc4UChI0AL7cJ86v
+uvqJz1+SfxtJ2xAIy8RTexqvl3vPsjgE6zVr0vcy/WuapGT/YaEXIs5VDmpphjka
+ReoV27DQ6pVrHHxT60tPoNbPdaRQoEIscvjT9ar79bKB8MzYAGS0nlfCjW2DPT7t
+Ulk=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/tobias.crt b/FLR-BRB/openvpn/home-flr/keys/tobias.crt
new file mode 100644
index 0000000..0e05130
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/tobias.crt
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr  9 13:50:54 2015 GMT
+            Not After : Apr  6 13:50:54 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-tobias/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:a4:c4:1d:99:73:7a:4b:5e:09:c0:6f:58:86:e7:
+                    33:6f:21:b5:28:57:b7:6f:d0:96:69:a5:0a:06:3b:
+                    e5:c9:97:78:fc:57:3a:5e:2a:a6:2f:19:ed:52:28:
+                    b2:7b:0d:88:6d:da:84:8e:3d:57:9d:3f:9f:49:40:
+                    f1:5c:f1:ff:c8:bf:96:d7:21:3e:f5:bd:e6:4c:8c:
+                    fb:b3:3b:90:5d:9e:16:30:ad:e1:76:70:c2:53:38:
+                    da:1d:19:78:fc:62:6e:67:85:d9:11:7c:ed:15:f8:
+                    c2:cd:ad:d4:e1:73:c7:45:33:f5:1f:8c:21:13:da:
+                    87:29:c5:29:40:91:0e:8b:11
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                EB:34:0B:7C:F3:FE:0C:45:55:E3:8F:E2:0B:99:5C:7D:22:A0:09:0F
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         1a:1b:12:2e:fc:4a:ad:c1:4d:4b:0f:a0:c5:cd:db:a3:44:cb:
+         9c:3a:f2:5d:32:ae:42:c8:0b:b4:99:37:3b:6b:7f:bc:26:b2:
+         dd:13:a8:33:8a:0b:63:6e:99:cf:ee:a5:de:69:ab:d8:02:b7:
+         28:33:e4:c9:8b:86:3d:fc:06:e7:9f:8f:c9:42:e4:ec:46:23:
+         ad:a1:d7:cc:eb:3e:f6:60:90:40:09:d0:32:6d:6a:d2:cd:11:
+         3f:79:d0:60:57:35:1c:22:76:b1:8d:04:00:2f:82:ea:29:48:
+         8d:cb:74:e0:2d:d8:79:53:99:d8:2f:9c:fe:14:0b:83:9e:32:
+         8c:84
+-----BEGIN CERTIFICATE-----
+MIIEIDCCA4mgAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE1MDQwOTEzNTA1NFoXDTI1MDQwNjEzNTA1NFowga0xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRswGQYDVQQDExJWUE4t
+RkxSLUJSQi10b2JpYXMxFDASBgNVBCkTC1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+pMQdmXN6S14JwG9YhuczbyG1KFe3b9CWaaUKBjvlyZd4/Fc6XiqmLxntUiiyew2I
+bdqEjj1XnT+fSUDxXPH/yL+W1yE+9b3mTIz7szuQXZ4WMK3hdnDCUzjaHRl4/GJu
+Z4XZEXztFfjCza3U4XPHRTP1H4whE9qHKcUpQJEOixECAwEAAaOCAVgwggFUMAkG
+A1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQU6zQLfPP+DEVV44/iC5lcfSKgCQ8wgdYGA1UdIwSB
+zjCBy4AUVv7wO+OtpF4bfg/WH+Tp1Y5vEtahgaekgaQwgaExCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQ0Ex
+FDASBgNVBCkTC1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZYIJAPf/MOnEeNJTMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIH
+gDANBgkqhkiG9w0BAQUFAAOBgQAaGxIu/EqtwU1LD6DFzdujRMucOvJdMq5CyAu0
+mTc7a3+8JrLdE6gzigtjbpnP7qXeaavYArcoM+TJi4Y9/Abnn4/JQuTsRiOtodfM
+6z72YJBACdAybWrSzRE/edBgVzUcInaxjQQAL4LqKUiNy3TgLdh5U5nYL5z+FAuD
+njKMhA==
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/tobias.csr b/FLR-BRB/openvpn/home-flr/keys/tobias.csr
new file mode 100644
index 0000000..699d302
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/tobias.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB7jCCAVcCAQAwga0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRswGQYDVQQDExJWUE4tRkxSLUJSQi10b2JpYXMxFDASBgNVBCkT
+C1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApMQdmXN6S14JwG9YhuczbyG1KFe3b9CW
+aaUKBjvlyZd4/Fc6XiqmLxntUiiyew2IbdqEjj1XnT+fSUDxXPH/yL+W1yE+9b3m
+TIz7szuQXZ4WMK3hdnDCUzjaHRl4/GJuZ4XZEXztFfjCza3U4XPHRTP1H4whE9qH
+KcUpQJEOixECAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAHZaUGP06BzJ8RB9B/+J
+YZuT6M9nZdO6bnJnbSW7orlA+h8gZ7b44vA1Xgj0ROTaL1ErlTecZSqQbKK2zc8p
+fPkQqjJfANJOK3pp1+dJwuRsDN5GxEAXhoQvppyFD7OHh49fyPSZ6gUV8INBDGpq
+MlUrqGDwKArDWfPbjsY9zF6m
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/tobias.key b/FLR-BRB/openvpn/home-flr/keys/tobias.key
new file mode 100644
index 0000000..84d9e0d
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/tobias.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIGg89L0FGpXACAggA
+MBQGCCqGSIb3DQMHBAhGoA09YvqNpASCAoBXuUA/TZ5tCB/KMMPwzceF/IKkXQTI
+GCIfljTFsYy7wh82TrZPt9UEFzc7DBvJYtgH1ob4retua3+751oDQPEF9j6MaePy
+9x4RDhtEZKr32bIKX5bdJZi2v40lBjeyZkvDeAeSrzI8K3AaqZHjgkGI5GxhWmBR
+JIUN8HmguxYegcOAYoRIzgNjGUH3geq0H/mKbRIGjG2sKebJ6iSO24DO34lXbxbQ
+mW4qUTPuxnn1mxC0Q3IoZCDxauBMFhQDaYLipAOJET1wIH07VGwCOcKcEXD/GDhS
+HpPujecN7gU7hqn+3HQxy6MNByyKIXAr9Z95YjMY+eYUY2u0jpzyrJmgf6svEXpC
+iU+0RI2i4o6gNpjsDbMcHv3Ihp8NPD7XV8Q/1FCPnmpveI1kvvmlsC0A5MogsRQC
+d89qG98CW8+XeK/N+c42kRYvUBR8yH6v9B+JMpiVQX0cJ9duM44JtvFLLZSm3yLA
+q8ZUXrBXODOVbzIWDuL+7UiaJudYw289GExWRzWASxueY4isQS7Jl3k80rfKat/j
++upKH2/n/7o7hiXd+yx2D3SPPwtcd2ylTIjjuTk/GPdoowI+a4zR6ww4Ckycren7
+ptKZIZDHjSGP+g9E0fENlaZW4tC1crIYJyO+xszW977LfsiqreNm80ImnZw0fWAZ
+8t7W9Eaqo1m51vh3MCLwIQhtaJUezio25d/l9uoC5JFnQPmHEBnu8ZY/g5hjyOKS
++3b8ZqW7w7hc92p4u4/rvwkCwOBiMhGIncYwmUZdv3xvIDrngiU8oeUb+P7u7nbH
+9wX2xJ2ysCvttdpHlNRyegSJkl68b9wehYOM4zbThNBNZWf4T+alT4CA
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/yilmaz.crt b/FLR-BRB/openvpn/home-flr/keys/yilmaz.crt
new file mode 100644
index 0000000..f03883c
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/yilmaz.crt
@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 10 (0xa)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr 22 11:38:47 2016 GMT
+            Not After : Apr 20 11:38:47 2026 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=VPN-FLR-BRB-yilmaz/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:df:95:6e:ce:0c:d4:d9:1f:3d:83:d8:88:1f:49:
+                    b9:21:96:1f:7b:b9:c9:e2:c9:e0:cb:c3:7b:34:6b:
+                    21:b9:32:8c:43:3c:a8:53:bb:9e:ba:0e:e1:30:9d:
+                    e7:b0:f6:ad:cc:ce:34:09:07:9d:3e:05:38:58:ff:
+                    6b:eb:34:81:bb:8f:a7:59:ca:41:45:1b:db:6d:5e:
+                    8b:71:f6:ad:e0:b3:77:28:c2:7f:ff:7c:5d:dd:4b:
+                    b0:fb:b2:8d:99:e9:e7:bc:be:16:22:d3:1d:72:fd:
+                    b8:ab:a9:64:11:cc:95:27:b9:23:7f:45:36:ef:72:
+                    c6:0e:97:84:7c:05:a8:d2:bf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                11:AB:C8:D6:9A:1E:E1:E4:FD:6E:B0:F4:D4:86:1F:B5:30:93:5F:78
+            X509v3 Authority Key Identifier: 
+                keyid:56:FE:F0:3B:E3:AD:A4:5E:1B:7E:0F:D6:1F:E4:E9:D5:8E:6F:12:D6
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=VPN-CA/name=VPN-FLR-BRB/emailAddress=argus@oopen.de
+                serial:F7:FF:30:E9:C4:78:D2:53
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         50:0d:74:88:36:8c:28:80:81:e9:18:3b:ec:61:29:29:e9:b5:
+         b3:7b:ca:2d:96:c8:8d:f6:c2:36:35:0f:5a:5d:07:d1:e2:38:
+         5f:9c:8d:63:ff:fc:d4:26:89:a9:2c:f3:0e:61:b1:ce:a3:81:
+         cc:e1:0a:98:fb:f8:42:dc:f2:04:e3:5e:f5:41:87:e0:23:02:
+         f2:58:1b:24:21:87:7d:5b:c6:6a:f0:15:18:40:f4:20:56:91:
+         4d:24:06:1e:e6:58:3f:50:00:ab:ad:37:d0:09:53:e2:92:4c:
+         51:3a:68:d8:46:b3:c3:46:d0:8e:36:95:3e:da:01:f7:a2:d0:
+         61:21
+-----BEGIN CERTIFICATE-----
+MIIEIDCCA4mgAwIBAgIBCjANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE2MDQyMjExMzg0N1oXDTI2MDQyMDExMzg0N1owga0xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRswGQYDVQQDExJWUE4t
+RkxSLUJSQi15aWxtYXoxFDASBgNVBCkTC1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+35VuzgzU2R89g9iIH0m5IZYfe7nJ4sngy8N7NGshuTKMQzyoU7ueug7hMJ3nsPat
+zM40CQedPgU4WP9r6zSBu4+nWcpBRRvbbV6Lcfat4LN3KMJ//3xd3Uuw+7KNmenn
+vL4WItMdcv24q6lkEcyVJ7kjf0U273LGDpeEfAWo0r8CAwEAAaOCAVgwggFUMAkG
+A1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUEavI1poe4eT9brD01IYftTCTX3gwgdYGA1UdIwSB
+zjCBy4AUVv7wO+OtpF4bfg/WH+Tp1Y5vEtahgaekgaQwgaExCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tQ0Ex
+FDASBgNVBCkTC1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZYIJAPf/MOnEeNJTMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIH
+gDANBgkqhkiG9w0BAQUFAAOBgQBQDXSINowogIHpGDvsYSkp6bWze8otlsiN9sI2
+NQ9aXQfR4jhfnI1j//zUJompLPMOYbHOo4HM4QqY+/hC3PIE4171QYfgIwLyWBsk
+IYd9W8Zq8BUYQPQgVpFNJAYe5lg/UACrrTfQCVPikkxROmjYRrPDRtCONpU+2gH3
+otBhIQ==
+-----END CERTIFICATE-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/yilmaz.csr b/FLR-BRB/openvpn/home-flr/keys/yilmaz.csr
new file mode 100644
index 0000000..8a4d755
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/yilmaz.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB7jCCAVcCAQAwga0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRswGQYDVQQDExJWUE4tRkxSLUJSQi15aWxtYXoxFDASBgNVBCkT
+C1ZQTi1GTFItQlJCMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA35VuzgzU2R89g9iIH0m5IZYfe7nJ4sng
+y8N7NGshuTKMQzyoU7ueug7hMJ3nsPatzM40CQedPgU4WP9r6zSBu4+nWcpBRRvb
+bV6Lcfat4LN3KMJ//3xd3Uuw+7KNmennvL4WItMdcv24q6lkEcyVJ7kjf0U273LG
+DpeEfAWo0r8CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAGUlxQGBM0GpPVRxGe0u
+tEcWHPwXQop4JTpB4w/oqaL6rT1P04o5U2JmQg0hyHtimCbgU0QbPTCoMsr5axAU
+dg3ngKJIj7cxAgJgC9GLLf4ikRz/8GeJblFF+Q/wckRCdNYYSRrMo6ALSAzXfHdz
+p4aLm8kDhCnQS8FcWKXr8/fZ
+-----END CERTIFICATE REQUEST-----
diff --git a/FLR-BRB/openvpn/home-flr/keys/yilmaz.key b/FLR-BRB/openvpn/home-flr/keys/yilmaz.key
new file mode 100644
index 0000000..789039c
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/keys/yilmaz.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIH6C/4CM7Y6ACAggA
+MBQGCCqGSIb3DQMHBAgE1ptUhjLa0ASCAoDQngn5bzZfWbYt5YchEe03wte33DFa
+EVuQtU2TcLLIJGrOmU1UdzEQkl+jCtJmle23nRzz3KwmntWg1CTAxqjuAZORktyk
+tOTx/Op6O+6HLSZMzabx3ma4ciW+MLNFtwwkrI1kGK4V/bOmSeGPWqn1GvFlHagZ
+qriXIUpwfj8lXq3BLhGSEZBJtjuViAhcMopjgQuu0hxlr9TJyPzIkeu2B+5MYxG+
+et1bs0eb64W+zKS5e/+iP7tG7za4TkiArK787EJx4itLDEfr2BKCVfFBND7q4Zhc
+5E84Zop82iej7w8FJAcjkrcNqKGa6VO/9zFChWXPrQE0Fs5FvFA6WG7wrbFgm7fH
+tnTs9UO5PlmgjY9UM81MbB7PcGZTiAEzZiwm5lZdtrrAbvQGT7nYGqNK9pDy2GDU
+J8KrGXj0pBOTLpdyew3//NnATYgFq8m3mTcPNOmBgnu8ZZk94EysOINuAqXYUxnZ
+mEOj3xeDmhZbR1awDTkRvsNn04Myf8myYwg1atXnjKqr4QvEc60TBHerMfGD9bcg
+IWHv8I9MRWWjUfwi5hd0A+N6dWCGp7B6l4qpBDV+kRrXA46+8ceiuruwVJxxAwNk
+zrz42rZXmFreafw3nhoDhJJybadsHw692om+kSysuEp2qOSt3YFCON4+12P30GnO
+QcOpADPwhnCwc/vAcCWLMu9r3uju/uLvqFIcDOWdTXJ4T6FupteTFzIWEtONBjo4
+OLAMaauiHFcw5qMHLmmmMRvWouYb6FJ0P4WHIBgBrSY8HLpFrzO6B2aE+ExAh+it
+IepPhHlLq1V3dq/pSk+EaGSd5CjsIRDxSyxuSlPGOeENQzspee0CQh7p
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/FLR-BRB/openvpn/home-flr/kirstin.conf.sample b/FLR-BRB/openvpn/home-flr/kirstin.conf.sample
new file mode 100644
index 0000000..5fc9caf
--- /dev/null
+++ b/FLR-BRB/openvpn/home-flr/kirstin.conf.sample
@@ -0,0 +1,205 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-flr.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDzjCCAzegAwIBAgIJAPf/MOnEeNJTMA0GCSqGSIb3DQEBBQUAMIGhMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLUNBMRQwEgYDVQQpEwtWUE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwHhcNMTIxMTExMTgyMzU5WhcNMzIxMTA2MTgyMzU5WjCBoTEL
+MAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8w
+DQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNV
+BAMTBlZQTi1DQTEUMBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIdp+t
+lUB/nx3JqiZiBEkyTK2m+uH/hes4wYTpmbRY2x1YJtwQegX/sfxuu0n1xA42gON0
+eOBc2v/MmKzrGP+VP2VxWBhR/VnJsPeFTJJvD6ioM+jc9xNeZFNgHibRw4vzipyK
+ALQJK6gJ3COvhb3YWOul3njUGgZZkaikPMuTQQIDAQABo4IBCjCCAQYwHQYDVR0O
+BBYEFFb+8DvjraReG34P1h/k6dWObxLWMIHWBgNVHSMEgc4wgcuAFFb+8DvjraRe
+G34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtWUE4t
+RkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDpxHjS
+UzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADPFDfqCtYtsS/NxGVYc
+hgxKsA9S/kBifNbde0e6nmPBgufW+O3uPrkvg7Wx2EayxMhX/dVrAYm8NSNCdWXV
+5ra0lu6cTI8rwWt404e0F/o0v6u+5eWHFxSF0lDJIVhwvvVoiAUJQw8h+BlI5PYO
+JcHZCQoQE1/RE6Xp+0xgTXvW
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIEuTCCBCKgAwIBAgIBETANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxDzANBgNVBAMTBlZQTi1DQTEU
+MBIGA1UEKRMLVlBOLUZMUi1CUkIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMB4XDTE3MDkyODAxNTE1N1oXDTI3MDkyNjAxNTE1N1owga4xCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+by5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNWUE4t
+RkxSLUJSQi1raXJzdGluMRQwEgYDVQQpEwtWUE4gRkxSLUJSQjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC03mzjV2d4r0CNyxKc4pxHCyGSOMe9G/CAiDQNow6QE7MIug6JS+lIVQcb
+3LDzty0L+0n3Jqh4vS170H4DwmVBkQB8wjDtNmseJ/U3fN49Il5FDbAzdVW7aRQy
+bjqAadsuBl9nc9kTn34OOttZmoSQKAT/ujaqx8eNoA6t95MgN4pZfxaRIAAv4yad
+QUDhYjcWAo2augVZ/8XFBeUASgpTby+HR+3OEkS7AYIW4AoGXEnyO6HZFEpAwX4w
+uCyZrCNERcqjSq16xdO1SDXo1F7vLL9iwYethXkRDpep7ti7qnntnxULI3nIyJEn
+d1WQGY4h6Xdg/FyUOTR/HJ3uxsUNAgMBAAGjggFsMIIBaDAJBgNVHRMEAjAAMC0G
+CWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFFmuPOTcqXL4Bxe1vK3OLx2GFNccMIHWBgNVHSMEgc4wgcuAFFb+8Dvj
+raReG34P1h/k6dWObxLWoYGnpIGkMIGhMQswCQYDVQQGEwJERTEPMA0GA1UECBMG
+QmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UE
+CxMQbmV0d29yayBzZXJ2aWNlczEPMA0GA1UEAxMGVlBOLUNBMRQwEgYDVQQpEwtW
+UE4tRkxSLUJSQjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQD3/zDp
+xHjSUzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEgYDVR0RBAsw
+CYIHa2lyc3RpbjANBgkqhkiG9w0BAQsFAAOBgQBeDMCmsj3MCfNafHIFCwIroQZG
+aO+eZ9LQawe73ErK4ns0Hvs/FlbISAchqqunAes8GRSmjXAbDSuKsn8J9HefTwxs
+qgi2yh/NTy91xiZBEXIXw6axJitDjmAVk1yrgwsXf+VfdNnFmtUnv7yNNS+0l2Sa
+S8IC2O2zmptPeLkkDg==
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIZLyjPOPjcmUCAggA
+MBQGCCqGSIb3DQMHBAg+fO69EK1qlwSCBMioorKHJweCJL+vE8CDuzm4KL7s+dq2
+KX11hok8oPhkhAa05Vgl21rTur8fj8h+MzxKFIsWsd3JQ+LRi+qFLObTNM21Tewz
+v4Nu79NLgZu3vA4FZ4VdSwxOebE3IJuS6xFpiskOLWLGT/H5G+bnUyUY5nnELxEd
+eYiNYDLyJ4ZcBKDU2yQ04EMMDObxi1ervCxoYYwV7bqV2hjxVTC7a/bLF25HTY/4
+UxwbwVGnGAgjWjZiPAiM4sROEZc5Mzgk1cx2K4p1bnu4ZMcnhvL3GnasODFfYnGs
+Qq1WQX/gGEGPEgP2k/EyZD8KwrShYQyOfygw5096VGXREc9xXtfWy4NbHaFkbBMm
+JL9Bx6whE88RmsVSYwa0JQlTsiDayMDTgWHq2LUwy2zN0JJns9TWGu/3SsOkVQyg
+NTr256KsW8SOUa8pAgb5VtBQOkYus9t9FOFzuIRfSjqDruTQQDcXBJPKp6v8XR+E
+FYDm24KebxvH0URfIO2vmnyC/0uFJWicwzRogTYVoFzcfRKPuC32OL2bNklWVe+9
+xqPU685DytZhMzLyoNC+SI49WoaoslZy7YhqX3ClQ7Ac3t2ykw1sCjud05u+G+Ys
+5OFxlaj7qk3VEiWgfNFM3gbONf8asZPI81WEhHykFFnQO7852ZnsduGjZ2XqLBMr
+kZzYYxShvQoqIJKz/FfZ4T8/CIIE6LfWy+Izj72G7ifr8Sl1NH+6EMkTZSX6yZda
+KUnf60oNKpObhywNV4YWi1vsIqbqaX/u12+2Iu9EPxVrno81OrQomrsrYW1PG3ww
+e7uRugmg9m8TgvDVuQa51dtK44YjmQJgbWRRTfIHzg2gQXV0F5PA32tFsdgR3OuW
+a1aW93UOhss9jp0SExvTve8pxgexVwuqPHl3ClVWUSBz/azvJUH9DxBZNuSMxONv
+cV2lkraPY1H6UiVheV70OYM9niXRgkBpMVa6FdU9YtEtoCGhhxLzOImAaatTfCbe
+vAomJvuusEHvEGiqhL+yB6Gk5s1jNG9+FN0JkamNnPNoRjIMF09W1IkcRpBN4wEC
+HHtQzCdl3SkcXaJ4EWO8SrTFXcCgkdC3vqOqPRqegh57e3+XROSoxYJ2rYHAnPzH
+AUczUx+W/B9zQWoq1lRrST+xydErWphlwzCIBsOW5aMTdOaKlKpzPDjGbL6ATnx7
+pN0z/+giP9s6Rlj/HUhG35HG1lqE5PcjykKA78Ki6Vf8rc+uveu16+SpDMwQ5kZj
+uSjXypevq48Xh/ZcmZho5rLB0sq3cW8taqVxZXyL+HzZhSzra08BXe2FCy48yvsr
+QaVfP5rMDFX+aNiD8Xng8ATNBL+ontY+Y5RNb8NdVljxCBb7E0yBveN6ve574jQG
+Z3qrJ13xwM+zNqBT48dbIpYTN60cLfdmj1jN1yuhNeajdwwwDG7i5ix4Afmwls1R
+MA0Z87Jl/fUDY5ymTSkiNTBq+90vWu7asRp0wSlxNDg3EOko9mbQ6XA1v7NJfV+s
+YtlT2DRNtt1xfA/XKLH7NuIkkf+iiLY5H1o1SJaRSuI8AUI9MFoazob9y+RkS+Pv
+0u7y8U1a45idpqfC0RONKRukMS4xicTC58YcDadlni5HgQq35VC90UMckQz9p+Wa
+Iug=
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+670c1735182a2aa7373f3913f4bb9922
+1011f52b6004f688f702ee2eebf789de
+8e9a7cbbe597de15dcd0944cc77c63bb
+247ef4ec6beb0ab1ad0e68fd3224d9c3
+50f3536eb45f0582ab3deb4a84144e08
+4ab82c010550262a803f617826443ed5
+34ace631dd1115372b4b6d91523ebf9d
+5212960ff14b16776359a2c4a8a78672
+c6dd16d8e3bead764da1f39a267a5d2c
+e798d3f52e0d8ceb7cafde530cbff390
+7a099224465c3bde210bdc7e713dae1c
+05e190846e0bc7cc8e4c79427516eed3
+b580385daaef259dd823e67970ffd9f3
+125c3b6217f6622652f76f1da0ea96e5
+b9724b6abd8384f45f11d9b41a9afa7b
+34d1a506ef314806f46e64d46f4b53a7
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/FLR-BRB/openvpn/server-gw-ckubu.conf b/FLR-BRB/openvpn/server-gw-ckubu.conf
new file mode 100644
index 0000000..5ab3ab7
--- /dev/null
+++ b/FLR-BRB/openvpn/server-gw-ckubu.conf
@@ -0,0 +1,318 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1195
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+route 192.168.63.0 255.255.255.0 10.1.102.1
+route 192.168.64.0 255.255.255.0 10.1.102.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Enable TUN IPv6 module
+;tun-ipv6
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca /etc/openvpn/home-flr/keys/ca.crt
+cert /etc/openvpn/home-flr/keys/server.crt
+key /etc/openvpn/home-flr/keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh /etc/openvpn/home-flr/keys/dh2048.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+;server 10.8.0.0 255.255.255.0
+;server-ipv6 2a01:30:1fff:fd00::/64
+server 10.1.102.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/home-flr/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.102.0 255.255.255.0"
+push "route 192.168.103.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir /etc/openvpn/home-flr/ccd/server-gw-ckubu
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.102.1"
+push "dhcp-option DOMAIN flr.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth /etc/openvpn/home-flr/keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+;cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-gw-ckubu.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-gw-ckubu.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 1
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/home-flr/crl.pem
diff --git a/FLR-BRB/openvpn/server-home.conf b/FLR-BRB/openvpn/server-home.conf
new file mode 100644
index 0000000..cc70f35
--- /dev/null
+++ b/FLR-BRB/openvpn/server-home.conf
@@ -0,0 +1,316 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+#route 192.168.63.0 255.255.255.0 10.1.102.1
+#route 192.168.64.0 255.255.255.0 10.1.102.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Enable TUN IPv6 module
+;tun-ipv6
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca /etc/openvpn/home-flr/keys/ca.crt
+cert /etc/openvpn/home-flr/keys/server.crt
+key /etc/openvpn/home-flr/keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys. 
+;dh /etc/openvpn/home-flr/keys/dh1024.pem
+dh /etc/openvpn/home-flr/keys/dh2048.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.0.102.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/home-flr/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 192.168.23.0 255.255.255.0"
+push "route 192.168.102.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir /etc/openvpn/home-flr/ccd/server-home
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option DNS 10.8.0.1"
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.102.1"
+push "dhcp-option DOMAIN flr.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth /etc/openvpn/home-flr/keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+
+;status openvpn-status.log
+status /var/log/openvpn/status-server-home.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-home.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/home-flr/crl.pem
diff --git a/FLR-BRB/openvpn/update-resolv-conf b/FLR-BRB/openvpn/update-resolv-conf
new file mode 100755
index 0000000..fc2f031
--- /dev/null
+++ b/FLR-BRB/openvpn/update-resolv-conf
@@ -0,0 +1,58 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+# 
+# Example envs set from openvpn:
+#
+#     foreign_option_1='dhcp-option DNS 193.43.27.132'
+#     foreign_option_2='dhcp-option DNS 193.43.27.133'
+#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+[ -x /sbin/resolvconf ] || exit 0
+[ "$script_type" ] || exit 0
+[ "$dev" ] || exit 0
+
+split_into_parts()
+{
+	part1="$1"
+	part2="$2"
+	part3="$3"
+}
+
+case "$script_type" in
+  up)
+	NMSRVRS=""
+	SRCHS=""
+	for optionvarname in ${!foreign_option_*} ; do
+		option="${!optionvarname}"
+		echo "$option"
+		split_into_parts $option
+		if [ "$part1" = "dhcp-option" ] ; then
+			if [ "$part2" = "DNS" ] ; then
+				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
+			elif [ "$part2" = "DOMAIN" ] ; then
+				SRCHS="${SRCHS:+$SRCHS }$part3"
+			fi
+		fi
+	done
+	R=""
+	[ "$SRCHS" ] && R="search $SRCHS
+"
+	for NS in $NMSRVRS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
+	;;
+  down)
+	/sbin/resolvconf -d "${dev}.openvpn"
+	;;
+esac
+
diff --git a/FLR-BRB/pap-secrets.FLR-BRB b/FLR-BRB/pap-secrets.FLR-BRB
new file mode 100644
index 0000000..a425d84
--- /dev/null
+++ b/FLR-BRB/pap-secrets.FLR-BRB
@@ -0,0 +1,44 @@
+#
+# /etc/ppp/pap-secrets
+#
+# This is a pap-secrets file to be used with the AUTO_PPP function of
+# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
+# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
+# after a user has passed this file. Don't be disturbed therefore by the fact
+# that this file defines logins with any password for users. /etc/passwd
+# (again, /etc/shadow, too) will catch passwd mismatches.
+#
+# This file should block ALL users that should not be able to do AUTO_PPP.
+# AUTO_PPP bypasses the usual login program so it's necessary to list all
+# system userids with regular passwords here.
+#
+# ATTENTION: The definitions here can allow users to login without a
+# password if you don't use the login option of pppd! The mgetty Debian
+# package already provides this option; make sure you don't change that.
+
+# INBOUND connections
+
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+*	hostname	""	*
+
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd!
+guest	hostname	"*"	-
+master	hostname	"*"	-
+root	hostname	"*"	-
+support	hostname	"*"	-
+stats	hostname	"*"	-
+
+# OUTBOUND connections
+
+# Here you should add your userid password to connect to your providers via
+# PAP. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+
+#	*	password
+
+## - Fluechlingsrat BRB
+"0022044435885511150351780001@t-online.de" * "27475004"
diff --git a/FLR-BRB/peers/dsl-provider b/FLR-BRB/peers/dsl-provider
new file mode 100644
index 0000000..1cb87df
--- /dev/null
+++ b/FLR-BRB/peers/dsl-provider
@@ -0,0 +1,19 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+plugin rp-pppoe.so eth2.7
+#user "feste-ip7/9TB3EGVM46Z6@t-online-com.de"
+## - second line kanzlei undine
+#user "0012047971635502977079530001@t-online.de"
+user "0025591824365511139967620001@t-online.de"
diff --git a/FLR-BRB/peers/provider b/FLR-BRB/peers/provider
new file mode 100644
index 0000000..e74d71a
--- /dev/null
+++ b/FLR-BRB/peers/provider
@@ -0,0 +1,35 @@
+# example configuration for a dialup connection authenticated with PAP or CHAP
+#
+# This is the default configuration used by pon(1) and poff(1).
+# See the manual page pppd(8) for information on all the options.
+
+# MUST CHANGE: replace myusername@realm with the PPP login name given to
+# your by your provider.
+# There should be a matching entry with the password in /etc/ppp/pap-secrets
+# and/or /etc/ppp/chap-secrets.
+user "myusername@realm"
+
+# MUST CHANGE: replace ******** with the phone number of your provider.
+# The /etc/chatscripts/pap chat script may be modified to change the
+# modem initialization string.
+connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
+
+# Serial device to which the modem is connected.
+/dev/modem
+
+# Speed of the serial line.
+115200
+
+# Assumes that your IP address is allocated dynamically by the ISP.
+noipdefault
+# Try to get the name server addresses from the ISP.
+usepeerdns
+# Use this connection as the default route.
+defaultroute
+
+# Makes pppd "dial again" when the connection is lost.
+persist
+
+# Do not ask the remote to authenticate.
+noauth
+
diff --git a/FLR-BRB/rc.local.FLR-BRB b/FLR-BRB/rc.local.FLR-BRB
new file mode 100755
index 0000000..f4ed2f1
--- /dev/null
+++ b/FLR-BRB/rc.local.FLR-BRB
@@ -0,0 +1,21 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+# By default this script does nothing.
+
+if ! cat /proc/swaps | grep -q "/dev/sda1" ; then
+   swapon -p 1 /dev/sda1 > /dev/null 2>&1 || /bin/true
+fi
+if ! cat /proc/swaps | grep -q "/dev/sdb1" ; then
+   swapon -p 1 /dev/sdb1 > /dev/null 2>&1 || /bin/true
+fi
+
+exit 0
diff --git a/FLR-BRB/resolv.conf.FLR-BRB b/FLR-BRB/resolv.conf.FLR-BRB
new file mode 100644
index 0000000..9510b0d
--- /dev/null
+++ b/FLR-BRB/resolv.conf.FLR-BRB
@@ -0,0 +1,4 @@
+# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
+#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
+nameserver 127.0.0.1
+search flr.netz
diff --git a/FLR-BRB/sasl_passwd.FLR-BRB b/FLR-BRB/sasl_passwd.FLR-BRB
new file mode 100644
index 0000000..f49b136
--- /dev/null
+++ b/FLR-BRB/sasl_passwd.FLR-BRB
@@ -0,0 +1 @@
+[b.mx.oopen.de] flr-brb@b.mx.oopen.de:Jq49mcWs5q
diff --git a/FLR-BRB/sasl_passwd.db.FLR-BRB b/FLR-BRB/sasl_passwd.db.FLR-BRB
new file mode 100644
index 0000000..c20aeb5
Binary files /dev/null and b/FLR-BRB/sasl_passwd.db.FLR-BRB differ
diff --git a/FLR-BRB/sbin/ipt-firewall-gateway b/FLR-BRB/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..5be1a57
--- /dev/null
+++ b/FLR-BRB/sbin/ipt-firewall-gateway
@@ -0,0 +1,3947 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/FLR-BRB/sbin/rebind b/FLR-BRB/sbin/rebind
new file mode 100755
index 0000000..c60e07b
--- /dev/null
+++ b/FLR-BRB/sbin/rebind
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+case "$1" in
+   on)
+      set -x
+      mount --bind /proc    /ro/proc
+      mount --bind /sys     /ro/sys
+      mount --bind /dev     /ro/dev
+      mount --bind /dev/pts /ro/dev/pts
+   ;;
+   off)
+      set -x
+      umount /ro/dev/pts
+      umount /ro/dev
+      umount /ro/sys
+      umount /ro/proc
+   ;;
+   *)
+      echo "Use: $0 (on|off)"
+esac
diff --git a/FLR-BRB/src/check_net b/FLR-BRB/src/check_net
new file mode 160000
index 0000000..6bde0e7
--- /dev/null
+++ b/FLR-BRB/src/check_net
@@ -0,0 +1 @@
+Subproject commit 6bde0e7c07c4d0ee8cc6f6aa37c49608fe924a5b
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1.tar.gz b/FLR-BRB/src/igmpproxy/igmpproxy-0.1.tar.gz
new file mode 100644
index 0000000..c429f21
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1.tar.gz differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/AUTHORS b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/AUTHORS
new file mode 100644
index 0000000..7023323
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/AUTHORS
@@ -0,0 +1,9 @@
+Authors and contributors, in alphabetical order: 
+
+Alexey Charkov <alchark@gmail.com>
+Christian Ruppert <idl0r@gentoo.org>
+Conrad Kostecki <ConiKost@gmx.de>
+Constantin Baranov <const@mimas.ru>
+Damjan Cvetko <zobo@users.sourceforge.net>
+Johnny Egeland <johnnyege@users.sourceforge.net>
+Martin Djernaes <djernaes@users.sourceforge.net>
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/COPYING b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/COPYING
new file mode 100644
index 0000000..3d11e36
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/COPYING
@@ -0,0 +1,28 @@
+igmpproxy - IGMP proxy based multicast router 
+Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+This software is derived work from the following software. The original
+source code has been modified from it's original state by the author
+of igmpproxy.
+
+smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+- Licensed under the GNU General Public License, version 2
+
+mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+Leland Stanford Junior University.
+- Original license can be found in the Stanford.txt file.
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/ChangeLog b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/ChangeLog
new file mode 100644
index 0000000..e8461bb
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/ChangeLog
@@ -0,0 +1,317 @@
+commit 0e8e7fde2d68f9ea9b5095c24231024be281393c
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Oct 5 21:31:42 2009 +0500
+
+    Release 0.1
+
+commit 68ba90446e02825073b779bd0628c4f34833665d
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu Oct 1 00:09:38 2009 +0500
+
+    Fix building on FreeBSD 8.0 (wrt #2870461)
+    
+    Several IGMP_* macroses was deprecated in r189347/v800069 and
+    removed in r193938/v800098. Redefine them if needed.
+
+commit 74c2e1aa414f33585562d6783a3290ac63ee6c69
+Author: Martin Djernaes <djernaes@users.sourceforge.net>
+Date:   Sun Sep 6 16:41:22 2009 +0500
+
+    Fix netmask detection on interfaces with multiple addresses
+    
+    When having multiple IP addresses on an interface the netmask retrieved for
+    each IP address is not correct. The reason is that ioctrl for
+    SIOCGIFNETMASK will just provide the first netmask when no IP address is
+    provided in the call.
+
+commit 64144607195b779396a49179518aade24707cbbc
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Sep 4 01:38:27 2009 +0500
+
+    Generate ChangeLog and AUTHORS by Git
+
+commit 94dd711318384e7b121924db0177a65b2fc38471
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Aug 16 19:45:04 2009 +0500
+
+    Release 0.1 beta5
+
+commit 3ac424f82ab9f281dd3a0bfccbc92352bd5512c0
+Author: Damjan Cvetko <zobo@users.sourceforge.net>
+Date:   Sun Aug 16 19:28:30 2009 +0500
+
+    Improve getIfByAddress() function (wrt #2835052)
+    
+    getIfByAddress does not find the best iterface in case of overlaping
+    networks. This patchs scans through all interfaces (and networks) and picks
+    the one with the longest subnet.
+
+commit 8ca5a29b56390020f27d4106643cd623cdb12bb2
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Aug 16 18:37:58 2009 +0500
+
+    Fix nextConfigToken() function (wrt #2838154)
+    
+    The nextConfigToken() returns NULL when EOF reached even if token
+    was read already. This results in loss of last token in file usually.
+    Let it return unterminated token if it is non-empty already.
+
+commit 954674bc4ec6a689b1de2f2a2766e993df1e2705
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:14:56 2009 +0500
+
+    Release 0.1 beta4
+
+commit a7908b855ecb6959ea08ef3b374ff2aca9939cf0
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:10:35 2009 +0500
+
+    Update README etc.
+
+commit 62fa19975ff4daa8e31a9b07bf33ddc8cd0129f8
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:06:44 2009 +0500
+
+    State licenses in the COPYING
+
+commit 3ac3ae462ca35ec7f1f22d968bf4fab0807d636f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 10 05:01:21 2009 +0500
+
+    Remove pointless backslashes in configure.ac
+
+commit 3c4118949b6a19b384b08e171a5294b0ea307e08
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 10 02:19:30 2009 +0500
+
+    Replace bzero() with memset()
+
+commit ee07cb5bfd2514503d0564d2aee0656203d9a91e
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 02:09:28 2009 +0500
+
+    Remove redundant #include
+
+commit 56e37ad6ba0c6aade86c1407ea55abb8b445d119
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 02:00:03 2009 +0500
+
+    Add DragonFly BSD support
+
+commit eccefd205c3fb326b6ae1b79676238fc349f8be8
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 01:57:07 2009 +0500
+
+    Add missed format argument in acceptLeaveMessage()
+
+commit 16c55bd5ab6a9608099252fa320ddbc0a05fca0a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Wed May 6 01:29:04 2009 +0500
+
+    Avoid inclusion if linux/in.h (wrt #2787118)
+    
+    The linux/in.h header conflicts with the netinet/in.h header in
+    certain Linux distributions. So let's ensure that linux/in.h will
+    never be included neither directly nor from linux/mroute.h.
+
+commit e01624e123c5a24310a4fb7f70ab6178278c3b7a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 22:00:33 2009 +0500
+
+    Release 0.1 beta3
+
+commit a3c84e48a1ff32812aac92ca0dba923ca7dd4ca0
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:53:56 2009 +0500
+
+    Show version in help message
+    
+    Also remove unused Version constant.
+
+commit f880a472f6b835d8139adc27908206a11a50846f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:43:01 2009 +0500
+
+    Remove IF_DEBUG macros
+    
+    IF_DEBUG macros hides my_log(LOG_DEBUG...) calls. Thus it is redundant.
+
+commit 6b1a4beb839f41ecc7468e2680f5d0eedbd49b35
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:29:16 2009 +0500
+
+    Break long lines in build scripts
+
+commit 55dcd57b8cfac25a4eeafae5a18ab85a07484418
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:19:19 2009 +0500
+
+    Remove hardcoded version strings from man pages
+
+commit e7880c542e38bae8efa16b148a431488456f5594
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:52:58 2009 +0500
+
+    Move mrouted-LICENSE out of doc directory
+
+commit 9fee127b13336776d2e6019db8c22ee7de9bf36f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:32:31 2009 +0500
+
+    Use strdup() instead of malloc() and strcpy()
+
+commit d34dee7ea0b03ba98806558a1eebf78061ce8878
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:30:44 2009 +0500
+
+    Eliminate message about IGMP_MEMBERSHIP_QUERY ignored
+
+commit 32de2bfbad537f6e60edddaefa6c240b2811c567
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:25:30 2009 +0500
+
+    Add OpenBSD support
+
+commit a85c620eccea244c80a34c3403b2ea7055616703
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 04:16:53 2009 +0500
+
+    Add NetBSD support
+
+commit d61d57c50b8b2399ff90e32da687686cf068680a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 05:07:12 2009 +0500
+
+    Remove outdated bug report email address
+
+commit 14edc6d6dab34e5e51bc12a61f45bae753235e98
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 04:49:38 2009 +0500
+
+    Improve OS checking mechanism
+    
+    Hide all OS-specific things in os-*.h headers and let autoconf select
+    proper header. Also add check for struct sockaddr_in.sin_len member.
+
+commit b23a4c9f9edd43a22759930ae969ee420c270456
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 04:48:23 2009 +0500
+
+    Do not close std* streams in non-debug mode
+
+commit 7256cb378db4b839f0138cc9422971f5fb353de1
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 21:16:47 2009 +0500
+
+    Clean up configure.ac and add check for sockaddr.sa_len member
+
+commit eb6f3eababbca43c517a1407e5af66ed384bf07d
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 20:04:32 2009 +0500
+
+    Install igmpproxy to sbin directory
+
+commit e22427f33150970f6bef3106ac018d7138dfbadb
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 20:03:46 2009 +0500
+
+    Add missing igmpproxy.h to list of sources
+
+commit 68fb7638f36c85c44b2a8a33e28af58c65de8a06
+Author: Christian Ruppert <idl0r@gentoo.org>
+Date:   Thu Apr 9 21:28:04 2009 +0500
+
+    Add missing 'h' to the getopt() optstring
+
+commit bae0b7b42ec948442945648878dbc8ef3ee1d2c5
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat Apr 4 00:38:37 2009 +0500
+
+    Rework logging
+    
+    Allow to control verbosity with -v option.
+    Don't write to syslog in debug mode.
+    Don't fork in background. Let start-stop-deamon do this.
+    
+    Also update man-pages and help messages.
+
+commit df0ffb7998cbbd3ab09c100f48dead6adb93aa2c
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat Apr 4 00:38:06 2009 +0500
+
+    Move igmpproxy.conf out of src directory
+
+commit 4c36c1ea8f9822f96031cff8f40ca3fc7cb93db3
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Mar 9 22:03:46 2009 +0400
+
+    Initial FreeBSD support
+    
+    Based on IGMPproxy port to FreeBSD made by
+    Pavel Korshunov and gygenot.
+
+commit fdc5cc59655a59f7f73af78d6606b5c45b9c1071
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 20:37:17 2009 +0400
+
+    Move to C99 and clean up the code
+    
+    Listen to compiler's warnings.
+    Use standard integer and boolean types.
+    Remove redundant version.h.
+
+commit b535f70ec3dfc73a767592739c8aa44583e7e833
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 17:53:24 2009 +0400
+
+    Rename defs.h to igmpproxy.h
+
+commit 2df90756d378de822d6ece6aa0a340cab6a489e4
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 16:17:20 2009 +0400
+
+    Add bootstrap script
+
+commit 3393d1cd7c0f13cc91fa3ec974eb2cd1409bb720
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Feb 27 22:28:03 2009 +0400
+
+    Remove stuff generated by autotools
+
+commit 576b42c7fc71757a33dbac0ebc388f8eebd81fe3
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Feb 23 00:36:39 2009 +0400
+
+    Fix logging to syslog
+    
+    Do not write textual representation of message severity
+    because syslog can do this itself. Also write only one
+    string at a time.
+
+commit 1223d5975a1da679d15120417365582a0054abc4
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Feb 23 00:22:20 2009 +0400
+
+    chmod -x on appropriate files
+
+commit 66145eee1d74c9edd23f3d72700911865b7a09bb
+Author: Conrad Kostecki <ConiKost@gmx.de>
+Date:   Mon Feb 23 00:18:48 2009 +0400
+
+    Remove banner
+
+commit 710d688641ca68d89a7b8958c7d84144d5fb1d9b
+Author: Alexey Charkov <alchark@gmail.com>
+Date:   Mon Feb 23 00:13:03 2009 +0400
+
+    Enable autotools
+    
+    I've packaged igmpproxy with GNU autotools, which will allow for a better
+    experience on Gentoo (CFLAGS, directory structure etc). Also, compile-time
+    warnings are fixed. As the project is dead, this is not even a fork :)
+
+commit f4c36aa73287b794e2c842564e82d2d4f3c1027f
+Author: Johnny Egeland <johnnyege@users.sourceforge.net>
+Date:   Mon Feb 23 00:10:48 2009 +0400
+
+    Initial import
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/GPL.txt b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/GPL.txt
new file mode 100644
index 0000000..97d8bc8
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/GPL.txt
@@ -0,0 +1,286 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+
+
+
+
+
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/INSTALL b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/INSTALL
new file mode 100644
index 0000000..2550dab
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/INSTALL
@@ -0,0 +1,302 @@
+Installation Instructions
+*************************
+
+Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
+2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+
+   This file is free documentation; the Free Software Foundation gives
+unlimited permission to copy, distribute and modify it.
+
+Basic Installation
+==================
+
+   Briefly, the shell commands `./configure; make; make install' should
+configure, build, and install this package.  The following
+more-detailed instructions are generic; see the `README' file for
+instructions specific to this package.
+
+   The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation.  It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions.  Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+   It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring.  Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.
+
+   If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release.  If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+   The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'.  You need `configure.ac' if
+you want to change it or regenerate `configure' using a newer version
+of `autoconf'.
+
+The simplest way to compile this package is:
+
+  1. `cd' to the directory containing the package's source code and type
+     `./configure' to configure the package for your system.
+
+     Running `configure' might take a while.  While running, it prints
+     some messages telling which features it is checking for.
+
+  2. Type `make' to compile the package.
+
+  3. Optionally, type `make check' to run any self-tests that come with
+     the package.
+
+  4. Type `make install' to install the programs and any data files and
+     documentation.
+
+  5. You can remove the program binaries and object files from the
+     source code directory by typing `make clean'.  To also remove the
+     files that `configure' created (so you can compile the package for
+     a different kind of computer), type `make distclean'.  There is
+     also a `make maintainer-clean' target, but that is intended mainly
+     for the package's developers.  If you use it, you may have to get
+     all sorts of other programs in order to regenerate files that came
+     with the distribution.
+
+  6. Often, you can also type `make uninstall' to remove the installed
+     files again.
+
+Compilers and Options
+=====================
+
+   Some systems require unusual options for compilation or linking that
+the `configure' script does not know about.  Run `./configure --help'
+for details on some of the pertinent environment variables.
+
+   You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment.  Here
+is an example:
+
+     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
+
+   *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+   You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory.  To do this, you can use GNU `make'.  `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script.  `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+   With a non-GNU `make', it is safer to compile the package for one
+architecture at a time in the source code directory.  After you have
+installed the package for one architecture, use `make distclean' before
+reconfiguring for another architecture.
+
+   On MacOS X 10.5 and later systems, you can create libraries and
+executables that work on multiple system types--known as "fat" or
+"universal" binaries--by specifying multiple `-arch' options to the
+compiler but only a single `-arch' option to the preprocessor.  Like
+this:
+
+     ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CPP="gcc -E" CXXCPP="g++ -E"
+
+   This is not guaranteed to produce working output in all cases, you
+may have to build one architecture at a time and combine the results
+using the `lipo' tool if you have problems.
+
+Installation Names
+==================
+
+   By default, `make install' installs the package's commands under
+`/usr/local/bin', include files under `/usr/local/include', etc.  You
+can specify an installation prefix other than `/usr/local' by giving
+`configure' the option `--prefix=PREFIX'.
+
+   You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files.  If you
+pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
+
+   In addition, if you use an unusual directory layout you can give
+options like `--bindir=DIR' to specify different values for particular
+kinds of files.  Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+   If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+   Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System).  The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+   For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Particular systems
+==================
+
+   On HP-UX, the default C compiler is not ANSI C compatible.  If GNU
+CC is not installed, it is recommended to use the following options in
+order to use an ANSI C compiler:
+
+     ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+
+and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+
+   On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+parse its `<wchar.h>' header file.  The option `-nodtk' can be used as
+a workaround.  If GNU CC is not installed, it is therefore recommended
+to try
+
+     ./configure CC="cc"
+
+and if that doesn't work, try
+
+     ./configure CC="cc -nodtk"
+
+   On Solaris, don't put `/usr/ucb' early in your `PATH'.  This
+directory contains several dysfunctional programs; working variants of
+these programs are available in `/usr/bin'.  So, if you need `/usr/ucb'
+in your `PATH', put it _after_ `/usr/bin'.
+
+   On Haiku, software installed for all users goes in `/boot/common',
+not `/usr/local'.  It is recommended to use the following options:
+
+     ./configure --prefix=/boot/common
+
+Specifying the System Type
+==========================
+
+   There may be some features `configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on.  Usually, assuming the package is built to be run on the
+_same_ architectures, `configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+`--build=TYPE' option.  TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
+     CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+     OS
+     KERNEL-OS
+
+   See the file `config.sub' for the possible values of each field.  If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+   If you are _building_ compiler tools for cross-compiling, you should
+use the option `--target=TYPE' to select the type of system they will
+produce code for.
+
+   If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
+
+Sharing Defaults
+================
+
+   If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists.  Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+   Variables not defined in a site shell script can be set in the
+environment passed to `configure'.  However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost.  In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'.  For example:
+
+     ./configure CC=/usr/local2/bin/gcc
+
+causes the specified `gcc' to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+an Autoconf bug.  Until the bug is fixed you can use this workaround:
+
+     CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
+
+`configure' Invocation
+======================
+
+   `configure' recognizes the following options to control how it
+operates.
+
+`--help'
+`-h'
+     Print a summary of all of the options to `configure', and exit.
+
+`--help=short'
+`--help=recursive'
+     Print a summary of the options unique to this package's
+     `configure', and exit.  The `short' variant lists options used
+     only in the top level, while the `recursive' variant lists options
+     also present in any nested packages.
+
+`--version'
+`-V'
+     Print the version of Autoconf used to generate the `configure'
+     script, and exit.
+
+`--cache-file=FILE'
+     Enable the cache: use and save the results of the tests in FILE,
+     traditionally `config.cache'.  FILE defaults to `/dev/null' to
+     disable caching.
+
+`--config-cache'
+`-C'
+     Alias for `--cache-file=config.cache'.
+
+`--quiet'
+`--silent'
+`-q'
+     Do not print messages saying which checks are being made.  To
+     suppress all normal output, redirect it to `/dev/null' (any error
+     messages will still be shown).
+
+`--srcdir=DIR'
+     Look for the package's source code in directory DIR.  Usually
+     `configure' can determine that directory automatically.
+
+`--prefix=DIR'
+     Use DIR as the installation prefix.  *Note Installation Names::
+     for more details, including other options available for fine-tuning
+     the installation locations.
+
+`--no-create'
+`-n'
+     Run the configure checks, but stop before creating any output
+     files.
+
+`configure' also accepts some other, not widely useful, options.  Run
+`configure --help' for more details.
+
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/Makefile b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/Makefile
new file mode 100644
index 0000000..1ea5f09
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/Makefile
@@ -0,0 +1,739 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = x86_64-unknown-linux-gnu
+host_triplet = x86_64-unknown-linux-gnu
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(dist_sysconf_DATA) \
+	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/config.h.in $(top_srcdir)/configure AUTHORS COPYING \
+	ChangeLog INSTALL NEWS config.guess config.sub depcomp \
+	install-sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(sysconfdir)"
+DATA = $(dist_sysconf_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+	$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+	distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d "$(distdir)" \
+    || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr "$(distdir)"; }; }
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1
+abs_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1
+abs_top_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = x86_64-unknown-linux-gnu
+build_alias = 
+build_cpu = x86_64
+build_os = linux-gnu
+build_vendor = unknown
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = x86_64-unknown-linux-gnu
+host_alias = 
+host_cpu = x86_64
+host_os = linux-gnu
+host_vendor = unknown
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = 
+top_builddir = .
+top_srcdir = .
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh:
+	@:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
+	      $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	$(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in:  $(am__configure_deps) 
+	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-dist_sysconfDATA: $(dist_sysconf_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(sysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sysconfdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \
+	done
+
+uninstall-dist_sysconfDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sysconfdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sysconfdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	test -d "$(distdir)" || mkdir "$(distdir)"
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+		am__skip_mode_fix=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+	-test -n "$(am__skip_mode_fix)" \
+	|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-lzma: distdir
+	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+	$(am__remove_distdir)
+
+dist-xz: distdir
+	tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lzma*) \
+	  unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+	*.tar.xz*) \
+	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	test -d $(distdir)/_build || exit 0; \
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && am__cwd=`pwd` \
+	  && $(am__cd) $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+	  && cd "$$am__cwd" \
+	  || exit 1
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+	@$(am__cd) '$(distuninstallcheck_dir)' \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(DATA) config.h
+installdirs: installdirs-recursive
+installdirs-am:
+	for dir in "$(DESTDIR)$(sysconfdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-dist_sysconfDATA
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-dist_sysconfDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+	ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am am--refresh check check-am clean clean-generic \
+	ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
+	dist-lzma dist-shar dist-tarZ dist-xz dist-zip distcheck \
+	distclean distclean-generic distclean-hdr distclean-tags \
+	distcleancheck distdir distuninstallcheck dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_sysconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	installdirs-am maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \
+	tags-recursive uninstall uninstall-am \
+	uninstall-dist_sysconfDATA
+
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/Makefile.am b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/Makefile.am
new file mode 100644
index 0000000..b569f48
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/Makefile.am
@@ -0,0 +1,10 @@
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/Makefile.in b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/Makefile.in
new file mode 100644
index 0000000..508f703
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/Makefile.in
@@ -0,0 +1,739 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(dist_sysconf_DATA) \
+	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/config.h.in $(top_srcdir)/configure AUTHORS COPYING \
+	ChangeLog INSTALL NEWS config.guess config.sub depcomp \
+	install-sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(sysconfdir)"
+DATA = $(dist_sysconf_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+	$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+	distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d "$(distdir)" \
+    || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr "$(distdir)"; }; }
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh:
+	@:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
+	      $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	$(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in:  $(am__configure_deps) 
+	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-dist_sysconfDATA: $(dist_sysconf_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(sysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sysconfdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \
+	done
+
+uninstall-dist_sysconfDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sysconfdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sysconfdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	test -d "$(distdir)" || mkdir "$(distdir)"
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+		am__skip_mode_fix=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+	-test -n "$(am__skip_mode_fix)" \
+	|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-lzma: distdir
+	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+	$(am__remove_distdir)
+
+dist-xz: distdir
+	tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lzma*) \
+	  unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+	*.tar.xz*) \
+	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	test -d $(distdir)/_build || exit 0; \
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && am__cwd=`pwd` \
+	  && $(am__cd) $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+	  && cd "$$am__cwd" \
+	  || exit 1
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+	@$(am__cd) '$(distuninstallcheck_dir)' \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(DATA) config.h
+installdirs: installdirs-recursive
+installdirs-am:
+	for dir in "$(DESTDIR)$(sysconfdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-dist_sysconfDATA
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-dist_sysconfDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+	ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am am--refresh check check-am clean clean-generic \
+	ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
+	dist-lzma dist-shar dist-tarZ dist-xz dist-zip distcheck \
+	distclean distclean-generic distclean-hdr distclean-tags \
+	distcleancheck distdir distuninstallcheck dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_sysconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	installdirs-am maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \
+	tags-recursive uninstall uninstall-am \
+	uninstall-dist_sysconfDATA
+
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/NEWS b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/NEWS
new file mode 100644
index 0000000..fa39cb9
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/NEWS
@@ -0,0 +1,4 @@
+New releases, the Git repository and the bug tracker are accessible
+at project homepage:
+
+	http://sourceforge.net/projects/igmpproxy/
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/README b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/README
new file mode 100644
index 0000000..01add8d
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/README
@@ -0,0 +1,10 @@
+IGMPproxy is a simple mulitcast router that only uses the IGMP protocol.
+
+Supported operating systems:
+ - Linux
+ - FreeBSD
+ - NetBSD
+ - OpenBSD
+ - DragonFly BSD
+
+This software is released under the GNU GPL license v2. See details in COPYING.
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/Stanford.txt b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/Stanford.txt
new file mode 100644
index 0000000..ef7da47
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/Stanford.txt
@@ -0,0 +1,48 @@
+
+The mrouted program is covered by the following license.  Use of the
+mrouted program represents acceptance of these terms and conditions.
+
+1. STANFORD grants to LICENSEE a nonexclusive and nontransferable license
+to use, copy and modify the computer software ``mrouted'' (hereinafter
+called the ``Program''), upon the terms and conditions hereinafter set
+out and until Licensee discontinues use of the Licensed Program.
+
+2. LICENSEE acknowledges that the Program is a research tool still in
+the development state, that it is being supplied ``as is,'' without any
+accompanying services from STANFORD, and that this license is entered
+into in order to encourage scientific collaboration aimed at further
+development and application of the Program.
+
+3. LICENSEE may copy the Program and may sublicense others to use object
+code copies of the Program or any derivative version of the Program.
+All copies must contain all copyright and other proprietary notices found
+in the Program as provided by STANFORD.  Title to copyright to the
+Program remains with STANFORD.
+
+4. LICENSEE may create derivative versions of the Program.  LICENSEE
+hereby grants STANFORD a royalty-free license to use, copy, modify,
+distribute and sublicense any such derivative works.  At the time
+LICENSEE provides a copy of a derivative version of the Program to a
+third party, LICENSEE shall provide STANFORD with one copy of the source
+code of the derivative version at no charge to STANFORD.
+
+5. STANFORD MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED.
+By way of example, but not limitation, STANFORD MAKES NO REPRESENTATION
+OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR
+THAT THE USE OF THE LICENSED PROGRAM WILL NOT INFRINGE ANY PATENTS,
+COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. STANFORD shall not be held liable
+for any liability nor for any direct, indirect or consequential damages
+with respect to any claim by LICENSEE or any third party on account of or
+arising from this Agreement or use of the Program.
+
+6. This agreement shall be construed, interpreted and applied in
+accordance with the State of California and any legal action arising
+out of this Agreement or use of the Program shall be filed in a court
+in the State of California.
+
+7. Nothing in this Agreement shall be construed as conferring rights to
+use in advertising, publicity or otherwise any trademark or the name
+of ``Stanford''.
+
+The mrouted program is COPYRIGHT 1989 by The Board of Trustees of
+Leland Stanford Junior University.
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/aclocal.m4 b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/aclocal.m4
new file mode 100644
index 0000000..9304f88
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/aclocal.m4
@@ -0,0 +1,951 @@
+# generated automatically by aclocal 1.11 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2007, 2008, 2009  Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.63],,
+[m4_warning([this file was generated for autoconf 2.63.
+You have another version of autoconf.  It may work, but is not guaranteed to.
+If you have problems, you may need to regenerate the build system entirely.
+To do so, use the procedure documented by the package, typically `autoreconf'.])])
+
+# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+# (This private macro should not be called outside this file.)
+AC_DEFUN([AM_AUTOMAKE_VERSION],
+[am__api_version='1.11'
+dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+dnl require some minimum version.  Point them to the right macro.
+m4_if([$1], [1.11], [],
+      [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+])
+
+# _AM_AUTOCONF_VERSION(VERSION)
+# -----------------------------
+# aclocal traces this macro to find the Autoconf version.
+# This is a private macro too.  Using m4_define simplifies
+# the logic in aclocal, which can simply ignore this definition.
+m4_define([_AM_AUTOCONF_VERSION], [])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+[AM_AUTOMAKE_VERSION([1.11])dnl
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+
+# AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'.  In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory.  The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run.  This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+#    fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+#    fails if $ac_aux_dir is absolute,
+#    fails when called from a subdirectory in a VPATH build with
+#          a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir.  In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir.  That would be:
+#   am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+#   MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH.  The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL                                            -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 9
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
+	[$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
+if $2; then
+  $1_TRUE=
+  $1_FALSE='#'
+else
+  $1_TRUE='#'
+  $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+  AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 10
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery.  Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC,   [depcc="$CC"   am_compiler_list=],
+       [$1], CXX,  [depcc="$CXX"  am_compiler_list=],
+       [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+       [$1], UPC,  [depcc="$UPC"  am_compiler_list=],
+       [$1], GCJ,  [depcc="$GCJ"  am_compiler_list='gcc3 gcc'],
+                   [depcc="$$1"   am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+               [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_$1_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+  fi
+  am__universal=false
+  m4_case([$1], [CC],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac],
+    [CXX],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac])
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_$1_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
+])
+
+# Generate code to set up dependency tracking.              -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 5
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[{
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`AS_DIRNAME("$mf")`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`AS_DIRNAME(["$file"])`
+      AS_MKDIR_P([$dirpart/$fdir])
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled.  FIXME.  This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+     [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+     [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Do all the work for Automake.                             -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2008, 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 16
+
+# This macro actually does too much.  Some checks are only needed if
+# your package does certain things.  But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out.  PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition.  After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.62])dnl
+dnl Autoconf wants to disallow AM_ names.  We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
+m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
+  [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+	      [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+			     [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+		  [_AM_DEPENDENCIES(CC)],
+		  [define([AC_PROG_CC],
+			  defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+		  [_AM_DEPENDENCIES(CXX)],
+		  [define([AC_PROG_CXX],
+			  defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_OBJC],
+		  [_AM_DEPENDENCIES(OBJC)],
+		  [define([AC_PROG_OBJC],
+			  defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
+])
+_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl
+dnl The `parallel-tests' driver may need to know about EXEEXT, so add the
+dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen.  This macro
+dnl is hooked onto _AC_COMPILER_EXEEXT early, see below.
+AC_CONFIG_COMMANDS_PRE(dnl
+[m4_provide_if([_AM_COMPILER_EXEEXT],
+  [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
+])
+
+dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion.  Do not
+dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
+dnl mangled by Autoconf and run in a shell conditional statement.
+m4_define([_AC_COMPILER_EXEEXT],
+m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated.  The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_arg=$1
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+if test x"${install_sh}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot.  For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Check to see how 'make' treats includes.	            -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2009  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 6
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([missing])dnl
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check for `mkdir -p'.
+AC_DEFUN([AM_PROG_MKDIR_P],
+[AC_PREREQ([2.60])dnl
+AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+dnl Automake 1.8 to 1.9.6 used to define mkdir_p.  We now use MKDIR_P,
+dnl while keeping a definition of mkdir_p for backward compatibility.
+dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
+dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
+dnl Makefile.ins that do not define MKDIR_P, so we do our own
+dnl adjustment using top_builddir (which is defined more often than
+dnl MKDIR_P).
+AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
+case $mkdir_p in
+  [[\\/$]]* | ?:[[\\/]]*) ;;
+  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+])
+
+# Helper functions for option handling.                     -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME.  Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Check to make sure that the build environment is sane.    -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[[\\\"\#\$\&\'\`$am_lf]]*)
+    AC_MSG_ERROR([unsafe absolute working directory name]);;
+esac
+case $srcdir in
+  *[[\\\"\#\$\&\'\`$am_lf\ \	]]*)
+    AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+   if test "$[*]" = "X"; then
+      # -L didn't work.
+      set X `ls -t "$srcdir/configure" conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$[*]" != "X $srcdir/configure conftest.file" \
+      && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      AC_MSG_ERROR([ls -t appears to fail.  Make sure there is not a broken
+alias in your environment])
+   fi
+
+   test "$[2]" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries.  This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+  AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Copyright (C) 2006, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
+# This macro is traced by Automake.
+AC_DEFUN([_AM_SUBST_NOTMAKE])
+
+# AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Public sister of _AM_SUBST_NOTMAKE.
+AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+
+# Check how to create a tarball.                            -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+#     tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+#     $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+     [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+     [m4_case([$1], [ustar],, [pax],,
+              [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+  case $_am_tool in
+  gnutar)
+    for _am_tar in tar gnutar gtar;
+    do
+      AM_RUN_LOG([$_am_tar --version]) && break
+    done
+    am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+    am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+    am__untar="$_am_tar -xf -"
+    ;;
+  plaintar)
+    # Must skip GNU tar: if it does not support --format= it doesn't create
+    # ustar tarball either.
+    (tar --version) >/dev/null 2>&1 && continue
+    am__tar='tar chf - "$$tardir"'
+    am__tar_='tar chf - "$tardir"'
+    am__untar='tar xf -'
+    ;;
+  pax)
+    am__tar='pax -L -x $1 -w "$$tardir"'
+    am__tar_='pax -L -x $1 -w "$tardir"'
+    am__untar='pax -r'
+    ;;
+  cpio)
+    am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+    am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+    am__untar='cpio -i -H $1 -d'
+    ;;
+  none)
+    am__tar=false
+    am__tar_=false
+    am__untar=false
+    ;;
+  esac
+
+  # If the value was cached, stop now.  We just wanted to have am__tar
+  # and am__untar set.
+  test -n "${am_cv_prog_tar_$1}" && break
+
+  # tar/untar a dummy directory, and stop if the command works
+  rm -rf conftest.dir
+  mkdir conftest.dir
+  echo GrepMe > conftest.dir/file
+  AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+  rm -rf conftest.dir
+  if test -s conftest.tar; then
+    AM_RUN_LOG([$am__untar <conftest.tar])
+    grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+  fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.guess b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.guess
new file mode 100755
index 0000000..12734a7
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.guess
@@ -0,0 +1,1554 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-08-19'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner.  Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+case "${UNAME_SYSTEM}" in
+Linux|GNU/*)
+	eval $set_cc_for_build
+	cat << EOF > $dummy.c
+	#include <features.h>
+	#ifdef __UCLIBC__
+	# ifdef __UCLIBC_CONFIG_VERSION__
+	LIBC=uclibc __UCLIBC_CONFIG_VERSION__
+	# else
+	LIBC=uclibc
+	# endif
+	#else
+	LIBC=gnu
+	#endif
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep LIBC= | sed -e 's: ::g'`
+	;;
+esac
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep -q __ELF__
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    s390x:SunOS:*:*)
+	echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+	eval $set_cc_for_build
+	SUN_ARCH="i386"
+	# If there is a compiler, see if it is configured for 64-bit objects.
+	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+	# This test works for both compilers.
+	if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+		(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+		grep IS_64BIT_ARCH >/dev/null
+	    then
+		SUN_ARCH="x86_64"
+	    fi
+	fi
+	echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[456])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep -q __LP64__
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86)
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd | genuineintel)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	    IA64)
+		echo ia64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    8664:Windows_NT:*)
+	echo x86_64-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	eval $set_cc_for_build
+	if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+	    | grep -q __ARM_EABI__
+	then
+	    echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	else
+	    echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
+	fi
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-${LIBC}
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-${LIBC}
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-${LIBC}
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    mips:Linux:*:* | mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef ${UNAME_MACHINE}
+	#undef ${UNAME_MACHINE}el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=${UNAME_MACHINE}el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=${UNAME_MACHINE}
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-${LIBC}
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-${LIBC}
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-${LIBC}
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep -q ld.so.1
+	if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    padre:Linux:*:*)
+	echo sparc-unknown-linux-${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
+	  PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
+	  *)    echo hppa-unknown-linux-${LIBC} ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-${LIBC}
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-${LIBC}
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-${LIBC}
+	exit ;;
+    xtensa*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-${LIBC}"
+		;;
+	esac
+	# This should get integrated into the C code below, but now we hack
+	if [ "$LIBC" != "gnu" ] ; then echo "$TENTATIVE" && exit 0 ; fi
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i586.
+	# Note: whatever this is, it MUST be the same as what config.sub
+	# prints for the "djgpp" host, or else GDB configury will decide that
+	# this is a cross-build.
+	echo i586-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+	OS_REL='.3'
+	test -r /etc/.relid \
+	    && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	    && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <Richard.M.Bartel@ccMail.Census.GOV>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    BePC:Haiku:*:*)	# Haiku running on Intel PC compatible.
+	echo i586-pc-haiku
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+    i*86:AROS:*:*)
+	echo ${UNAME_MACHINE}-pc-aros
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.h b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.h
new file mode 100644
index 0000000..f438e80
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.h
@@ -0,0 +1,29 @@
+/* config.h.  Generated from config.h.in by configure.  */
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if `sin_len' is member of `struct sockaddr_in'. */
+/* #undef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
+
+/* Define to 1 if `sa_len' is member of `struct sockaddr'. */
+/* #undef HAVE_STRUCT_SOCKADDR_SA_LEN */
+
+/* Name of package */
+#define PACKAGE "igmpproxy"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT ""
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "igmpproxy"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "igmpproxy 0.1"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "igmpproxy"
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "0.1"
+
+/* Version number of package */
+#define VERSION "0.1"
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.h.in b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.h.in
new file mode 100644
index 0000000..bb6a90d
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.h.in
@@ -0,0 +1,28 @@
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if `sin_len' is member of `struct sockaddr_in'. */
+#undef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
+
+/* Define to 1 if `sa_len' is member of `struct sockaddr'. */
+#undef HAVE_STRUCT_SOCKADDR_SA_LEN
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Version number of package */
+#undef VERSION
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.log b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.log
new file mode 100644
index 0000000..b761862
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.log
@@ -0,0 +1,574 @@
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by igmpproxy configure 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  $ ./configure --prefix=/usr/local/igmpproxy-0.1
+
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = gw-flr
+uname -m = x86_64
+uname -r = 3.16.0-4-amd64
+uname -s = Linux
+uname -v = #1 SMP Debian 3.16.39-1+deb8u2 (2017-03-07)
+
+/usr/bin/uname -p = unknown
+/bin/uname -X     = unknown
+
+/bin/arch              = unknown
+/usr/bin/arch -k       = unknown
+/usr/convex/getsysinfo = unknown
+/usr/bin/hostinfo      = unknown
+/bin/machine           = unknown
+/usr/bin/oslevel       = unknown
+/bin/universe          = unknown
+
+PATH: /root/bin
+PATH: /root/bin/admin-stuff
+PATH: /usr/local/sbin
+PATH: /usr/local/bin
+PATH: /usr/sbin
+PATH: /usr/bin
+PATH: /sbin
+PATH: /bin
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+configure:1839: checking for a BSD-compatible install
+configure:1907: result: /usr/bin/install -c
+configure:1918: checking whether build environment is sane
+configure:1978: result: yes
+configure:2119: checking for a thread-safe mkdir -p
+configure:2158: result: /bin/mkdir -p
+configure:2171: checking for gawk
+configure:2187: found /usr/bin/gawk
+configure:2198: result: gawk
+configure:2209: checking whether make sets $(MAKE)
+configure:2231: result: yes
+configure:2328: checking for style of include used by make
+configure:2356: result: GNU
+configure:2426: checking for gcc
+configure:2442: found /usr/bin/gcc
+configure:2453: result: gcc
+configure:2685: checking for C compiler version
+configure:2693: gcc --version >&5
+gcc (Debian 4.9.2-10) 4.9.2
+Copyright (C) 2014 Free Software Foundation, Inc.
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+configure:2697: $? = 0
+configure:2704: gcc -v >&5
+Using built-in specs.
+COLLECT_GCC=gcc
+COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.9/lto-wrapper
+Target: x86_64-linux-gnu
+Configured with: ../src/configure -v --with-pkgversion='Debian 4.9.2-10' --with-bugurl=file:///usr/share/doc/gcc-4.9/README.Bugs --enable-languages=c,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.9 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.9 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-4.9-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc --enable-multiarch --with-arch-32=i586 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
+Thread model: posix
+gcc version 4.9.2 (Debian 4.9.2-10) 
+configure:2708: $? = 0
+configure:2715: gcc -V >&5
+gcc: error: unrecognized command line option '-V'
+gcc: fatal error: no input files
+compilation terminated.
+configure:2719: $? = 4
+configure:2742: checking for C compiler default output file name
+configure:2764: gcc    conftest.c  >&5
+configure:2768: $? = 0
+configure:2806: result: a.out
+configure:2825: checking whether the C compiler works
+configure:2835: ./a.out
+configure:2839: $? = 0
+configure:2858: result: yes
+configure:2865: checking whether we are cross compiling
+configure:2867: result: no
+configure:2870: checking for suffix of executables
+configure:2877: gcc -o conftest    conftest.c  >&5
+configure:2881: $? = 0
+configure:2907: result: 
+configure:2913: checking for suffix of object files
+configure:2939: gcc -c   conftest.c >&5
+configure:2943: $? = 0
+configure:2968: result: o
+configure:2972: checking whether we are using the GNU C compiler
+configure:3001: gcc -c   conftest.c >&5
+configure:3008: $? = 0
+configure:3025: result: yes
+configure:3034: checking whether gcc accepts -g
+configure:3064: gcc -c -g  conftest.c >&5
+configure:3071: $? = 0
+configure:3172: result: yes
+configure:3189: checking for gcc option to accept ISO C89
+configure:3263: gcc  -c -g -O2  conftest.c >&5
+configure:3270: $? = 0
+configure:3293: result: none needed
+configure:3313: checking dependency style of gcc
+configure:3423: result: gcc3
+configure:3438: checking for gcc option to accept ISO C99
+configure:3597: gcc  -c -g -O2  conftest.c >&5
+conftest.c:60:29: error: expected ';', ',' or ')' before 'text'
+ test_restrict (ccp restrict text)
+                             ^
+conftest.c: In function 'main':
+conftest.c:114:18: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'newvar'
+   char *restrict newvar = "Another string";
+                  ^
+conftest.c:114:18: error: 'newvar' undeclared (first use in this function)
+conftest.c:114:18: note: each undeclared identifier is reported only once for each function it appears in
+conftest.c:124:3: error: 'for' loop initial declarations are only allowed in C99 or C11 mode
+   for (int i = 0; i < ia->datasize; ++i)
+   ^
+conftest.c:124:3: note: use option -std=c99, -std=gnu99, -std=c11 or -std=gnu11 to compile your code
+configure:3604: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| #include <stdarg.h>
+| #include <stdbool.h>
+| #include <stdlib.h>
+| #include <wchar.h>
+| #include <stdio.h>
+| 
+| // Check varargs macros.  These examples are taken from C99 6.10.3.5.
+| #define debug(...) fprintf (stderr, __VA_ARGS__)
+| #define showlist(...) puts (#__VA_ARGS__)
+| #define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+| static void
+| test_varargs_macros (void)
+| {
+|   int x = 1234;
+|   int y = 5678;
+|   debug ("Flag");
+|   debug ("X = %d\n", x);
+|   showlist (The first, second, and third items.);
+|   report (x>y, "x is %d but y is %d", x, y);
+| }
+| 
+| // Check long long types.
+| #define BIG64 18446744073709551615ull
+| #define BIG32 4294967295ul
+| #define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+| #if !BIG_OK
+|   your preprocessor is broken;
+| #endif
+| #if BIG_OK
+| #else
+|   your preprocessor is broken;
+| #endif
+| static long long int bignum = -9223372036854775807LL;
+| static unsigned long long int ubignum = BIG64;
+| 
+| struct incomplete_array
+| {
+|   int datasize;
+|   double data[];
+| };
+| 
+| struct named_init {
+|   int number;
+|   const wchar_t *name;
+|   double average;
+| };
+| 
+| typedef const char *ccp;
+| 
+| static inline int
+| test_restrict (ccp restrict text)
+| {
+|   // See if C++-style comments work.
+|   // Iterate through items via the restricted pointer.
+|   // Also check for declarations in for loops.
+|   for (unsigned int i = 0; *(text+i) != '\0'; ++i)
+|     continue;
+|   return 0;
+| }
+| 
+| // Check varargs and va_copy.
+| static void
+| test_varargs (const char *format, ...)
+| {
+|   va_list args;
+|   va_start (args, format);
+|   va_list args_copy;
+|   va_copy (args_copy, args);
+| 
+|   const char *str;
+|   int number;
+|   float fnumber;
+| 
+|   while (*format)
+|     {
+|       switch (*format++)
+| 	{
+| 	case 's': // string
+| 	  str = va_arg (args_copy, const char *);
+| 	  break;
+| 	case 'd': // int
+| 	  number = va_arg (args_copy, int);
+| 	  break;
+| 	case 'f': // float
+| 	  fnumber = va_arg (args_copy, double);
+| 	  break;
+| 	default:
+| 	  break;
+| 	}
+|     }
+|   va_end (args_copy);
+|   va_end (args);
+| }
+| 
+| int
+| main ()
+| {
+| 
+|   // Check bool.
+|   _Bool success = false;
+| 
+|   // Check restrict.
+|   if (test_restrict ("String literal") == 0)
+|     success = true;
+|   char *restrict newvar = "Another string";
+| 
+|   // Check varargs.
+|   test_varargs ("s, d' f .", "string", 65, 34.234);
+|   test_varargs_macros ();
+| 
+|   // Check flexible array members.
+|   struct incomplete_array *ia =
+|     malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+|   ia->datasize = 10;
+|   for (int i = 0; i < ia->datasize; ++i)
+|     ia->data[i] = i * 1.234;
+| 
+|   // Check named initializers.
+|   struct named_init ni = {
+|     .number = 34,
+|     .name = L"Test wide string",
+|     .average = 543.34343,
+|   };
+| 
+|   ni.number = 58;
+| 
+|   int dynamic_array[ni.number];
+|   dynamic_array[ni.number - 1] = 543;
+| 
+|   // work around unused variable warnings
+|   return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
+| 	  || dynamic_array[ni.number - 1] != 543);
+| 
+|   ;
+|   return 0;
+| }
+configure:3597: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+configure:3604: $? = 0
+configure:3634: result: -std=gnu99
+configure:3647: checking build system type
+configure:3665: result: x86_64-unknown-linux-gnu
+configure:3687: checking host system type
+configure:3702: result: x86_64-unknown-linux-gnu
+configure:3738: checking for struct sockaddr.sa_len
+configure:3770: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:12: error: 'struct sockaddr' has no member named 'sa_len'
+ if (ac_aggr.sa_len)
+            ^
+configure:3777: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <sys/socket.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr ac_aggr;
+| if (ac_aggr.sa_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3814: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:19: error: 'struct sockaddr' has no member named 'sa_len'
+ if (sizeof ac_aggr.sa_len)
+                   ^
+configure:3821: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <sys/socket.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr ac_aggr;
+| if (sizeof ac_aggr.sa_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3839: result: no
+configure:3850: checking for struct sockaddr_in.sin_len
+configure:3882: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:12: error: 'struct sockaddr_in' has no member named 'sin_len'
+ if (ac_aggr.sin_len)
+            ^
+configure:3889: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <netinet/in.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr_in ac_aggr;
+| if (ac_aggr.sin_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3926: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:19: error: 'struct sockaddr_in' has no member named 'sin_len'
+ if (sizeof ac_aggr.sin_len)
+                   ^
+configure:3933: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <netinet/in.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr_in ac_aggr;
+| if (sizeof ac_aggr.sin_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3951: result: no
+configure:4089: creating ./config.status
+
+## ---------------------- ##
+## Running config.status. ##
+## ---------------------- ##
+
+This file was extended by igmpproxy config.status 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = 
+  CONFIG_HEADERS  = 
+  CONFIG_LINKS    = 
+  CONFIG_COMMANDS = 
+  $ ./config.status 
+
+on gw-flr
+
+config.status:776: creating Makefile
+config.status:776: creating doc/Makefile
+config.status:776: creating src/Makefile
+config.status:776: creating doc/igmpproxy.8
+config.status:776: creating doc/igmpproxy.conf.5
+config.status:776: creating config.h
+config.status:1062: linking src/os-linux.h to src/os.h
+config.status:1085: executing depfiles commands
+
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+
+ac_cv_build=x86_64-unknown-linux-gnu
+ac_cv_c_compiler_gnu=yes
+ac_cv_env_CC_set=
+ac_cv_env_CC_value=
+ac_cv_env_CFLAGS_set=
+ac_cv_env_CFLAGS_value=
+ac_cv_env_CPPFLAGS_set=
+ac_cv_env_CPPFLAGS_value=
+ac_cv_env_LDFLAGS_set=
+ac_cv_env_LDFLAGS_value=
+ac_cv_env_LIBS_set=
+ac_cv_env_LIBS_value=
+ac_cv_env_build_alias_set=
+ac_cv_env_build_alias_value=
+ac_cv_env_host_alias_set=
+ac_cv_env_host_alias_value=
+ac_cv_env_target_alias_set=
+ac_cv_env_target_alias_value=
+ac_cv_host=x86_64-unknown-linux-gnu
+ac_cv_member_struct_sockaddr_in_sin_len=no
+ac_cv_member_struct_sockaddr_sa_len=no
+ac_cv_objext=o
+ac_cv_path_install='/usr/bin/install -c'
+ac_cv_path_mkdir=/bin/mkdir
+ac_cv_prog_AWK=gawk
+ac_cv_prog_ac_ct_CC=gcc
+ac_cv_prog_cc_c89=
+ac_cv_prog_cc_c99=-std=gnu99
+ac_cv_prog_cc_g=yes
+ac_cv_prog_make_make_set=yes
+am_cv_CC_dependencies_compiler_type=gcc3
+
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+
+ACLOCAL='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run aclocal-1.11'
+AMDEPBACKSLASH='\'
+AMDEP_FALSE='#'
+AMDEP_TRUE=''
+AMTAR='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run tar'
+AUTOCONF='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoconf'
+AUTOHEADER='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoheader'
+AUTOMAKE='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run automake-1.11'
+AWK='gawk'
+CC='gcc -std=gnu99'
+CCDEPMODE='depmode=gcc3'
+CFLAGS='-g -O2'
+CPPFLAGS=''
+CYGPATH_W='echo'
+DEFS='-DHAVE_CONFIG_H'
+DEPDIR='.deps'
+ECHO_C=''
+ECHO_N='-n'
+ECHO_T=''
+EXEEXT=''
+INSTALL_DATA='${INSTALL} -m 644'
+INSTALL_PROGRAM='${INSTALL}'
+INSTALL_SCRIPT='${INSTALL}'
+INSTALL_STRIP_PROGRAM='$(install_sh) -c -s'
+LDFLAGS=''
+LIBOBJS=''
+LIBS=''
+LTLIBOBJS=''
+MAKEINFO='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run makeinfo'
+MKDIR_P='/bin/mkdir -p'
+OBJEXT='o'
+PACKAGE='igmpproxy'
+PACKAGE_BUGREPORT=''
+PACKAGE_NAME='igmpproxy'
+PACKAGE_STRING='igmpproxy 0.1'
+PACKAGE_TARNAME='igmpproxy'
+PACKAGE_VERSION='0.1'
+PATH_SEPARATOR=':'
+SET_MAKE=''
+SHELL='/bin/sh'
+STRIP=''
+VERSION='0.1'
+ac_ct_CC='gcc'
+am__EXEEXT_FALSE=''
+am__EXEEXT_TRUE='#'
+am__fastdepCC_FALSE='#'
+am__fastdepCC_TRUE=''
+am__include='include'
+am__isrc=''
+am__leading_dot='.'
+am__quote=''
+am__tar='${AMTAR} chof - "$$tardir"'
+am__untar='${AMTAR} xf -'
+bindir='${exec_prefix}/bin'
+build='x86_64-unknown-linux-gnu'
+build_alias=''
+build_cpu='x86_64'
+build_os='linux-gnu'
+build_vendor='unknown'
+datadir='${datarootdir}'
+datarootdir='${prefix}/share'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+dvidir='${docdir}'
+exec_prefix='${prefix}'
+host='x86_64-unknown-linux-gnu'
+host_alias=''
+host_cpu='x86_64'
+host_os='linux-gnu'
+host_vendor='unknown'
+htmldir='${docdir}'
+includedir='${prefix}/include'
+infodir='${datarootdir}/info'
+install_sh='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/install-sh'
+libdir='${exec_prefix}/lib'
+libexecdir='${exec_prefix}/libexec'
+localedir='${datarootdir}/locale'
+localstatedir='${prefix}/var'
+mandir='${datarootdir}/man'
+mkdir_p='/bin/mkdir -p'
+oldincludedir='/usr/include'
+pdfdir='${docdir}'
+prefix='/usr/local/igmpproxy-0.1'
+program_transform_name='s,x,x,'
+psdir='${docdir}'
+sbindir='${exec_prefix}/sbin'
+sharedstatedir='${prefix}/com'
+sysconfdir='${prefix}/etc'
+target_alias=''
+
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+
+#define PACKAGE_NAME "igmpproxy"
+#define PACKAGE_TARNAME "igmpproxy"
+#define PACKAGE_VERSION "0.1"
+#define PACKAGE_STRING "igmpproxy 0.1"
+#define PACKAGE_BUGREPORT ""
+#define PACKAGE "igmpproxy"
+#define VERSION "0.1"
+
+configure: exit 0
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.status b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.status
new file mode 100755
index 0000000..c7108d9
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.status
@@ -0,0 +1,1232 @@
+#! /bin/sh
+# Generated by configure.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=${CONFIG_SHELL-/bin/sh}
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+
+# Save the log message, to keep $[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+# Files that config.status was made for.
+config_files=" Makefile doc/Makefile src/Makefile doc/igmpproxy.8 doc/igmpproxy.conf.5"
+config_headers=" config.h"
+config_links=" src/os.h:src/os-linux.h"
+config_commands=" depfiles"
+
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTION]... [FILE]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration links:
+$config_links
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-autoconf@gnu.org>."
+
+ac_cs_version="\
+igmpproxy config.status 0.1
+configured by ./configure, generated by GNU Autoconf 2.63,
+  with options \"'--prefix=/usr/local/igmpproxy-0.1'\"
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='/usr/local/src/igmpproxy/igmpproxy-0.1'
+srcdir='.'
+INSTALL='/usr/bin/install -c'
+MKDIR_P='/bin/mkdir -p'
+AWK='gawk'
+test -n "$AWK" || AWK=awk
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_FILES="$CONFIG_FILES '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_HEADERS="$CONFIG_HEADERS '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    { $as_echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; };;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) { $as_echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; } ;;
+
+  *) ac_config_targets="$ac_config_targets $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+if $ac_cs_recheck; then
+  set X '/bin/sh' './configure'  '--prefix=/usr/local/igmpproxy-0.1' $ac_configure_extra_args --no-create --no-recursion
+  shift
+  $as_echo "running CONFIG_SHELL=/bin/sh $*" >&6
+  CONFIG_SHELL='/bin/sh'
+  export CONFIG_SHELL
+  exec "$@"
+fi
+
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="" ac_aux_dir="."
+
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+    "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+    "src/os.h") CONFIG_LINKS="$CONFIG_LINKS src/os.h:src/os-${os}.h" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+    "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+    "doc/igmpproxy.8") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.8" ;;
+    "doc/igmpproxy.conf.5") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.conf.5" ;;
+
+  *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_LINKS+set}" = set || CONFIG_LINKS=$config_links
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp=
+  trap 'exit_status=$?
+  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+  trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} ||
+{
+   $as_echo "$as_me: cannot create a temporary directory in ." >&2
+   { (exit 1); exit 1; }
+}
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr='
'
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+cat >>"$tmp/subs1.awk" <<\_ACAWK &&
+S["am__EXEEXT_FALSE"]=""
+S["am__EXEEXT_TRUE"]="#"
+S["LTLIBOBJS"]=""
+S["LIBOBJS"]=""
+S["host_os"]="linux-gnu"
+S["host_vendor"]="unknown"
+S["host_cpu"]="x86_64"
+S["host"]="x86_64-unknown-linux-gnu"
+S["build_os"]="linux-gnu"
+S["build_vendor"]="unknown"
+S["build_cpu"]="x86_64"
+S["build"]="x86_64-unknown-linux-gnu"
+S["am__fastdepCC_FALSE"]="#"
+S["am__fastdepCC_TRUE"]=""
+S["CCDEPMODE"]="depmode=gcc3"
+S["AMDEPBACKSLASH"]="\\"
+S["AMDEP_FALSE"]="#"
+S["AMDEP_TRUE"]=""
+S["am__quote"]=""
+S["am__include"]="include"
+S["DEPDIR"]=".deps"
+S["OBJEXT"]="o"
+S["EXEEXT"]=""
+S["ac_ct_CC"]="gcc"
+S["CPPFLAGS"]=""
+S["LDFLAGS"]=""
+S["CFLAGS"]="-g -O2"
+S["CC"]="gcc -std=gnu99"
+S["am__untar"]="${AMTAR} xf -"
+S["am__tar"]="${AMTAR} chof - \"$$tardir\""
+S["AMTAR"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run tar"
+S["am__leading_dot"]="."
+S["SET_MAKE"]=""
+S["AWK"]="gawk"
+S["mkdir_p"]="/bin/mkdir -p"
+S["MKDIR_P"]="/bin/mkdir -p"
+S["INSTALL_STRIP_PROGRAM"]="$(install_sh) -c -s"
+S["STRIP"]=""
+S["install_sh"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/install-sh"
+S["MAKEINFO"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run makeinfo"
+S["AUTOHEADER"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoheader"
+S["AUTOMAKE"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run automake-1.11"
+S["AUTOCONF"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoconf"
+S["ACLOCAL"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run aclocal-1.11"
+S["VERSION"]="0.1"
+S["PACKAGE"]="igmpproxy"
+S["CYGPATH_W"]="echo"
+S["am__isrc"]=""
+S["INSTALL_DATA"]="${INSTALL} -m 644"
+S["INSTALL_SCRIPT"]="${INSTALL}"
+S["INSTALL_PROGRAM"]="${INSTALL}"
+S["target_alias"]=""
+S["host_alias"]=""
+S["build_alias"]=""
+S["LIBS"]=""
+S["ECHO_T"]=""
+S["ECHO_N"]="-n"
+S["ECHO_C"]=""
+S["DEFS"]="-DHAVE_CONFIG_H"
+S["mandir"]="${datarootdir}/man"
+S["localedir"]="${datarootdir}/locale"
+S["libdir"]="${exec_prefix}/lib"
+S["psdir"]="${docdir}"
+S["pdfdir"]="${docdir}"
+S["dvidir"]="${docdir}"
+S["htmldir"]="${docdir}"
+S["infodir"]="${datarootdir}/info"
+S["docdir"]="${datarootdir}/doc/${PACKAGE_TARNAME}"
+S["oldincludedir"]="/usr/include"
+S["includedir"]="${prefix}/include"
+S["localstatedir"]="${prefix}/var"
+S["sharedstatedir"]="${prefix}/com"
+S["sysconfdir"]="${prefix}/etc"
+S["datadir"]="${datarootdir}"
+S["datarootdir"]="${prefix}/share"
+S["libexecdir"]="${exec_prefix}/libexec"
+S["sbindir"]="${exec_prefix}/sbin"
+S["bindir"]="${exec_prefix}/bin"
+S["program_transform_name"]="s,x,x,"
+S["prefix"]="/usr/local/igmpproxy-0.1"
+S["exec_prefix"]="${prefix}"
+S["PACKAGE_BUGREPORT"]=""
+S["PACKAGE_STRING"]="igmpproxy 0.1"
+S["PACKAGE_VERSION"]="0.1"
+S["PACKAGE_TARNAME"]="igmpproxy"
+S["PACKAGE_NAME"]="igmpproxy"
+S["PATH_SEPARATOR"]=":"
+S["SHELL"]="/bin/sh"
+_ACAWK
+cat >>"$tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+  || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5
+$as_echo "$as_me: error: could not setup config files machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+D["PACKAGE_NAME"]=" \"igmpproxy\""
+D["PACKAGE_TARNAME"]=" \"igmpproxy\""
+D["PACKAGE_VERSION"]=" \"0.1\""
+D["PACKAGE_STRING"]=" \"igmpproxy 0.1\""
+D["PACKAGE_BUGREPORT"]=" \"\""
+D["PACKAGE"]=" \"igmpproxy\""
+D["VERSION"]=" \"0.1\""
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+[_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ][_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]*([\t (]|$)/ {
+  line = $ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+  { { $as_echo "$as_me:$LINENO: error: could not setup config headers machinery" >&5
+$as_echo "$as_me: error: could not setup config headers machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS  :L $CONFIG_LINKS  :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: invalid tag $ac_tag" >&5
+$as_echo "$as_me: error: invalid tag $ac_tag" >&2;}
+   { (exit 1); exit 1; }; };;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
+$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;}
+   { (exit 1); exit 1; }; };;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      ac_file_inputs="$ac_file_inputs '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:$LINENO: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$tmp/stdin" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; } ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  { as_dir="$ac_dir"
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+  ac_MKDIR_P=$MKDIR_P
+  case $MKDIR_P in
+  [\\/$]* | ?:[\\/]* ) ;;
+  */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+  esac
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p
+'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+  ac_datarootdir_hack='
+  s&@datadir@&${datarootdir}&g
+  s&@docdir@&${datarootdir}/doc/${PACKAGE_TARNAME}&g
+  s&@infodir@&${datarootdir}/info&g
+  s&@localedir@&${datarootdir}/locale&g
+  s&@mandir@&${datarootdir}/man&g
+    s&\${datarootdir}&${prefix}/share&g' ;;
+esac
+ac_sed_extra="/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[	 ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[	 ]*$//
+}
+
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&2;}
+
+  rm -f "$tmp/stdin"
+  case $ac_file in
+  -) cat "$tmp/out" && rm -f "$tmp/out";;
+  *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+  esac \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+    } >"$tmp/config.h" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$tmp/config.h" "$ac_file" \
+	|| { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create -" >&5
+$as_echo "$as_me: error: could not create -" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$_am_arg" : 'X\(//\)[^/]' \| \
+	 X"$_am_arg" : 'X\(//\)$' \| \
+	 X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+  :L)
+  #
+  # CONFIG_LINK
+  #
+
+  if test "$ac_source" = "$ac_file" && test "$srcdir" = '.'; then
+    :
+  else
+    # Prefer the file from the source tree if names are identical.
+    if test "$ac_source" = "$ac_file" || test ! -r "$ac_source"; then
+      ac_source=$srcdir/$ac_source
+    fi
+
+    { $as_echo "$as_me:$LINENO: linking $ac_source to $ac_file" >&5
+$as_echo "$as_me: linking $ac_source to $ac_file" >&6;}
+
+    if test ! -r "$ac_source"; then
+      { { $as_echo "$as_me:$LINENO: error: $ac_source: file not found" >&5
+$as_echo "$as_me: error: $ac_source: file not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    rm -f "$ac_file"
+
+    # Try a relative symlink, then a hard link, then a copy.
+    case $srcdir in
+    [\\/$]* | ?:[\\/]* ) ac_rel_source=$ac_source ;;
+	*) ac_rel_source=$ac_top_build_prefix$ac_source ;;
+    esac
+    ln -s "$ac_rel_source" "$ac_file" 2>/dev/null ||
+      ln "$ac_source" "$ac_file" 2>/dev/null ||
+      cp -p "$ac_source" "$ac_file" ||
+      { { $as_echo "$as_me:$LINENO: error: cannot link or copy $ac_source to $ac_file" >&5
+$as_echo "$as_me: error: cannot link or copy $ac_source to $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+ ;;
+  :C)  { $as_echo "$as_me:$LINENO: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
+
+
+  case $ac_file$ac_mode in
+    "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$mf" : 'X\(//\)[^/]' \| \
+	 X"$mf" : 'X\(//\)$' \| \
+	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$file" : 'X\(//\)[^/]' \| \
+	 X"$file" : 'X\(//\)$' \| \
+	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      { as_dir=$dirpart/$fdir
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+ ;;
+
+  esac
+done # for ac_tag
+
+
+{ (exit 0); exit 0; }
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.sub b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.sub
new file mode 100755
index 0000000..3243784
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/config.sub
@@ -0,0 +1,1717 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-08-19'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>.  Submit a context
+# diff and a properly formatted GNU ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  kopensolaris*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray | -microblaze)
+		os=
+		basic_machine=$1
+		;;
+        -bluegene*)
+	        os=-cnk
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx | dvp \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| lm32 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep | metag \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64octeon | mips64octeonel \
+	| mips64orion | mips64orionel \
+	| mips64r5900 | mips64r5900el \
+	| mips64vr | mips64vrel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| moxie \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k | z80)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| lm32-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64octeon-* | mips64octeonel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64r5900-* | mips64r5900el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa*-* \
+	| ymp-* \
+	| z8k-* | z80-*)
+		;;
+	# Recognize the basic CPU types without company name, with glob match.
+	xtensa*)
+		basic_machine=$basic_machine-unknown
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aros)
+		basic_machine=i386-pc
+		os=-aros
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	blackfin)
+		basic_machine=bfin-unknown
+		os=-linux
+		;;
+	blackfin-*)
+		basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	bluegene*)
+		basic_machine=powerpc-ibm
+		os=-cnk
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+        cegcc)
+		basic_machine=arm-unknown
+		os=-cegcc
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16)
+		basic_machine=cr16-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	dicos)
+		basic_machine=i686-pc
+		os=-dicos
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m68knommu)
+		basic_machine=m68k-unknown
+		os=-linux
+		;;
+	m68knommu-*)
+		basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+        microblaze)
+		basic_machine=microblaze-xilinx
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mipsEE* | ee | ps2)
+		basic_machine=mips64r5900el-scei
+		case $os in
+		    -linux*)
+			;;
+		    *)
+			os=-elf
+			;;
+		esac
+		;;
+	iop)
+		basic_machine=mipsel-scei
+		os=-irx
+		;;
+	dvp)
+		basic_machine=dvp-scei
+		os=-elf
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	parisc)
+		basic_machine=hppa-unknown
+		os=-linux
+		;;
+	parisc-*)
+		basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tile*)
+		basic_machine=tile-unknown
+		os=-linux-gnu
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	z80-*-coff)
+		basic_machine=z80-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -kopensolaris* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* | -aros* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* | -cegcc* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -irx*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-dicos*)
+		os=-dicos
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-cnk*|-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/configure b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/configure
new file mode 100755
index 0000000..1314ebf
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/configure
@@ -0,0 +1,5469 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.63 for igmpproxy 0.1.
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+if test "x$CONFIG_SHELL" = x; then
+  if (eval ":") 2>/dev/null; then
+  as_have_required=yes
+else
+  as_have_required=no
+fi
+
+  if test $as_have_required = yes &&	 (eval ":
+(as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0) || { (exit 1); exit 1; }
+
+(
+  as_lineno_1=\$LINENO
+  as_lineno_2=\$LINENO
+  test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" &&
+  test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; }
+") 2> /dev/null; then
+  :
+else
+  as_candidate_shells=
+    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  case $as_dir in
+	 /*)
+	   for as_base in sh bash ksh sh5; do
+	     as_candidate_shells="$as_candidate_shells $as_dir/$as_base"
+	   done;;
+       esac
+done
+IFS=$as_save_IFS
+
+
+      for as_shell in $as_candidate_shells $SHELL; do
+	 # Try only shells that exist, to save several forks.
+	 if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		{ ("$as_shell") 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+_ASEOF
+}; then
+  CONFIG_SHELL=$as_shell
+	       as_have_required=yes
+	       if { "$as_shell" 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+(as_func_return () {
+  (exit $1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = "$1" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test $exitcode = 0) || { (exit 1); exit 1; }
+
+(
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; }
+
+_ASEOF
+}; then
+  break
+fi
+
+fi
+
+      done
+
+      if test "x$CONFIG_SHELL" != x; then
+  for as_var in BASH_ENV ENV
+	do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+	done
+	export CONFIG_SHELL
+	exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+fi
+
+
+    if test $as_have_required = no; then
+  echo This script requires a shell more modern than all the
+      echo shells that I found on your system.  Please install a
+      echo modern shell, or manually run the script under such a
+      echo shell if you do have one.
+      { (exit 1); exit 1; }
+fi
+
+
+fi
+
+fi
+
+
+
+(eval "as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0") || {
+  echo No shell found that supports shell functions.
+  echo Please tell bug-autoconf@gnu.org about your system,
+  echo including any error possibly output before this message.
+  echo This can help us improve future autoconf versions.
+  echo Configuration will now proceed without shell functions.
+}
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+
+exec 7<&0 </dev/null 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+# Identity of this package.
+PACKAGE_NAME='igmpproxy'
+PACKAGE_TARNAME='igmpproxy'
+PACKAGE_VERSION='0.1'
+PACKAGE_STRING='igmpproxy 0.1'
+PACKAGE_BUGREPORT=''
+
+ac_unique_file="src/igmpproxy.c"
+ac_subst_vars='am__EXEEXT_FALSE
+am__EXEEXT_TRUE
+LTLIBOBJS
+LIBOBJS
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+am__fastdepCC_FALSE
+am__fastdepCC_TRUE
+CCDEPMODE
+AMDEPBACKSLASH
+AMDEP_FALSE
+AMDEP_TRUE
+am__quote
+am__include
+DEPDIR
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+am__untar
+am__tar
+AMTAR
+am__leading_dot
+SET_MAKE
+AWK
+mkdir_p
+MKDIR_P
+INSTALL_STRIP_PROGRAM
+STRIP
+install_sh
+MAKEINFO
+AUTOHEADER
+AUTOMAKE
+AUTOCONF
+ACLOCAL
+VERSION
+PACKAGE
+CYGPATH_W
+am__isrc
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_dependency_tracking
+'
+      ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval $ac_prev=\$ac_option
+    ac_prev=
+    continue
+  fi
+
+  case $ac_option in
+  *=*)	ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *)	ac_optarg=yes ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
+    datadir=$ac_optarg ;;
+
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=no ;;
+
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
+  -enable-* | --enable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=\$ac_optarg ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst | --locals)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=\$ac_optarg ;;
+
+  -without-* | --without-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=no ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) { $as_echo "$as_me: error: unrecognized option: $ac_option
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; }
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid variable name: $ac_envvar" >&2
+   { (exit 1); exit 1; }; }
+    eval $ac_envvar=\$ac_optarg
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  { $as_echo "$as_me: error: missing argument to $ac_option" >&2
+   { (exit 1); exit 1; }; }
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+  case $enable_option_checking in
+    no) ;;
+    fatal) { $as_echo "$as_me: error: unrecognized options: $ac_unrecognized_opts" >&2
+   { (exit 1); exit 1; }; } ;;
+    *)     $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+  esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir
+do
+  eval ac_val=\$$ac_var
+  # Remove trailing slashes.
+  case $ac_val in
+    */ )
+      ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+      eval $ac_var=\$ac_val;;
+  esac
+  # Be sure to have absolute directory names.
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+  esac
+  { $as_echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+   { (exit 1); exit 1; }; }
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+    $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
+    If a cross compiler is detected then cross compile mode will be used." >&2
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  { $as_echo "$as_me: error: working directory cannot be determined" >&2
+   { (exit 1); exit 1; }; }
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  { $as_echo "$as_me: error: pwd does not report name of working directory" >&2
+   { (exit 1); exit 1; }; }
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_myself" : 'X\(//\)[^/]' \| \
+	 X"$as_myself" : 'X\(//\)$' \| \
+	 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r "$srcdir/$ac_unique_file"; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  { $as_echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
+   { (exit 1); exit 1; }; }
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || { $as_echo "$as_me: error: $ac_msg" >&2
+   { (exit 1); exit 1; }; }
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures igmpproxy 0.1 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR            user executables [EPREFIX/bin]
+  --sbindir=DIR           system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR        program executables [EPREFIX/libexec]
+  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --libdir=DIR            object code libraries [EPREFIX/lib]
+  --includedir=DIR        C header files [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR           info documentation [DATAROOTDIR/info]
+  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR            man documentation [DATAROOTDIR/man]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/igmpproxy]
+  --htmldir=DIR           html documentation [DOCDIR]
+  --dvidir=DIR            dvi documentation [DOCDIR]
+  --pdfdir=DIR            pdf documentation [DOCDIR]
+  --psdir=DIR             ps documentation [DOCDIR]
+_ACEOF
+
+  cat <<\_ACEOF
+
+Program names:
+  --program-prefix=PREFIX            prepend PREFIX to installed program names
+  --program-suffix=SUFFIX            append SUFFIX to installed program names
+  --program-transform-name=PROGRAM   run sed PROGRAM on installed program names
+
+System types:
+  --build=BUILD     configure for building on BUILD [guessed]
+  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of igmpproxy 0.1:";;
+   esac
+  cat <<\_ACEOF
+
+Optional Features:
+  --disable-option-checking  ignore unrecognized --enable/--with options
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors
+
+Some influential environment variables:
+  CC          C compiler command
+  CFLAGS      C compiler flags
+  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
+              nonstandard directory <lib dir>
+  LIBS        libraries to pass to the linker, e.g. -l<library>
+  CPPFLAGS    C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
+              you have headers in a nonstandard directory <include dir>
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" ||
+      { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+      continue
+    ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+  cat <<\_ACEOF
+igmpproxy configure 0.1
+generated by GNU Autoconf 2.63
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+  exit
+fi
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  $as_echo "PATH: $as_dir"
+done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *\'*)
+      ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
+    2)
+      ac_configure_args1="$ac_configure_args1 '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      ac_configure_args="$ac_configure_args '$ac_arg'"
+      ;;
+    esac
+  done
+done
+$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
+$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    cat <<\_ASBOX
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+_ASBOX
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) $as_unset $ac_var ;;
+      esac ;;
+    esac
+  done
+  (set) 2>&1 |
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      sed -n \
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
+    *)
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+)
+    echo
+
+    cat <<\_ASBOX
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+_ASBOX
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      $as_echo "$ac_var='\''$ac_val'\''"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      cat <<\_ASBOX
+## ------------------- ##
+## File substitutions. ##
+## ------------------- ##
+_ASBOX
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	$as_echo "$ac_var='\''$ac_val'\''"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      cat <<\_ASBOX
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+_ASBOX
+      echo
+      cat confdefs.h
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      $as_echo "$as_me: caught signal $ac_signal"
+    $as_echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+  ac_site_file1=$CONFIG_SITE
+elif test "x$prefix" != xNONE; then
+  ac_site_file1=$prefix/share/config.site
+  ac_site_file2=$prefix/etc/config.site
+else
+  ac_site_file1=$ac_default_prefix/share/config.site
+  ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+  test "x$ac_site_file" = xNONE && continue
+  if test -r "$ac_site_file"; then
+    { $as_echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file"
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special
+  # files actually), so we avoid doing that.
+  if test -f "$cache_file"; then
+    { $as_echo "$as_me:$LINENO: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . "$cache_file";;
+      *)                      . "./$cache_file";;
+    esac
+  fi
+else
+  { $as_echo "$as_me:$LINENO: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { $as_echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { $as_echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	# differences in whitespace do not lead to failure.
+	ac_old_val_w=`echo x $ac_old_val`
+	ac_new_val_w=`echo x $ac_new_val`
+	if test "$ac_old_val_w" != "$ac_new_val_w"; then
+	  { $as_echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	  ac_cache_corrupted=:
+	else
+	  { $as_echo "$as_me:$LINENO: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+	  eval $ac_var=\$ac_old_val
+	fi
+	{ $as_echo "$as_me:$LINENO:   former value:  \`$ac_old_val'" >&5
+$as_echo "$as_me:   former value:  \`$ac_old_val'" >&2;}
+	{ $as_echo "$as_me:$LINENO:   current value: \`$ac_new_val'" >&5
+$as_echo "$as_me:   current value: \`$ac_new_val'" >&2;}
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+  { $as_echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  { { $as_echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
+$as_echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+am__api_version='1.11'
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+  if test -f "$ac_dir/install-sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install-sh -c"
+    break
+  elif test -f "$ac_dir/install.sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install.sh -c"
+    break
+  elif test -f "$ac_dir/shtool"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/shtool install -c"
+    break
+  fi
+done
+if test -z "$ac_aux_dir"; then
+  { { $as_echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5
+$as_echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"  # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"  # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
+
+
+# Find a good install program.  We prefer a C program (faster),
+# so one script is as good as another.  But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if test "${ac_cv_path_install+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in
+  ./ | .// | /cC/* | \
+  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+  ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
+  /usr/ucb/* ) ;;
+  *)
+    # OSF1 and SCO ODT 3.0 have their own names for install.
+    # Don't use installbsd from OSF since it installs stuff as root
+    # by default.
+    for ac_prog in ginstall scoinst install; do
+      for ac_exec_ext in '' $ac_executable_extensions; do
+	if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+	  if test $ac_prog = install &&
+	    grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # AIX install.  It has an incompatible calling convention.
+	    :
+	  elif test $ac_prog = install &&
+	    grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # program-specific install script used by HP pwplus--don't use.
+	    :
+	  else
+	    rm -rf conftest.one conftest.two conftest.dir
+	    echo one > conftest.one
+	    echo two > conftest.two
+	    mkdir conftest.dir
+	    if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+	      test -s conftest.one && test -s conftest.two &&
+	      test -s conftest.dir/conftest.one &&
+	      test -s conftest.dir/conftest.two
+	    then
+	      ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+	      break 3
+	    fi
+	  fi
+	fi
+      done
+    done
+    ;;
+esac
+
+done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+  if test "${ac_cv_path_install+set}" = set; then
+    INSTALL=$ac_cv_path_install
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for INSTALL within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    INSTALL=$ac_install_sh
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ $as_echo "$as_me:$LINENO: checking whether build environment is sane" >&5
+$as_echo_n "checking whether build environment is sane... " >&6; }
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[\\\"\#\$\&\'\`$am_lf]*)
+    { { $as_echo "$as_me:$LINENO: error: unsafe absolute working directory name" >&5
+$as_echo "$as_me: error: unsafe absolute working directory name" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+case $srcdir in
+  *[\\\"\#\$\&\'\`$am_lf\ \	]*)
+    { { $as_echo "$as_me:$LINENO: error: unsafe srcdir value: \`$srcdir'" >&5
+$as_echo "$as_me: error: unsafe srcdir value: \`$srcdir'" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+   if test "$*" = "X"; then
+      # -L didn't work.
+      set X `ls -t "$srcdir/configure" conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$*" != "X $srcdir/configure conftest.file" \
+      && test "$*" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      { { $as_echo "$as_me:$LINENO: error: ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" >&5
+$as_echo "$as_me: error: ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" >&2;}
+   { (exit 1); exit 1; }; }
+   fi
+
+   test "$2" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   { { $as_echo "$as_me:$LINENO: error: newly created file is older than distributed files!
+Check your system clock" >&5
+$as_echo "$as_me: error: newly created file is older than distributed files!
+Check your system clock" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+{ $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+test "$program_prefix" != NONE &&
+  program_transform_name="s&^&$program_prefix&;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+  program_transform_name="s&\$&$program_suffix&;$program_transform_name"
+# Double any \ or $.
+# By default was `s,x,x', remove it if useless.
+ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  { $as_echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5
+$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+if test x"${install_sh}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+  if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$STRIP"; then
+  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+  { $as_echo "$as_me:$LINENO: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+  ac_ct_STRIP=$STRIP
+  # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_STRIP"; then
+  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_STRIP="strip"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_STRIP" = x; then
+    STRIP=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    STRIP=$ac_ct_STRIP
+  fi
+else
+  STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+
+{ $as_echo "$as_me:$LINENO: checking for a thread-safe mkdir -p" >&5
+$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+if test -z "$MKDIR_P"; then
+  if test "${ac_cv_path_mkdir+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_prog in mkdir gmkdir; do
+	 for ac_exec_ext in '' $ac_executable_extensions; do
+	   { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
+	   case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
+	     'mkdir (GNU coreutils) '* | \
+	     'mkdir (coreutils) '* | \
+	     'mkdir (fileutils) '4.1*)
+	       ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+	       break 3;;
+	   esac
+	 done
+       done
+done
+IFS=$as_save_IFS
+
+fi
+
+  if test "${ac_cv_path_mkdir+set}" = set; then
+    MKDIR_P="$ac_cv_path_mkdir -p"
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for MKDIR_P within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    test -d ./--version && rmdir ./--version
+    MKDIR_P="$ac_install_sh -d"
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: $MKDIR_P" >&5
+$as_echo "$MKDIR_P" >&6; }
+
+mkdir_p="$MKDIR_P"
+case $mkdir_p in
+  [\\/$]* | ?:[\\/]*) ;;
+  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+
+for ac_prog in gawk mawk nawk awk
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AWK+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$AWK"; then
+  ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_AWK="$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+  { $as_echo "$as_me:$LINENO: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$AWK" && break
+done
+
+{ $as_echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+	@echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+  *@@@%%%=?*=@@@%%%*)
+    eval ac_cv_prog_make_${ac_make}_set=yes;;
+  *)
+    eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+  { $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+  SET_MAKE=
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+  SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  am__isrc=' -I$(srcdir)'
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    { { $as_echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5
+$as_echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE='igmpproxy'
+ VERSION='0.1'
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+# Always define AMTAR for backward compatibility.
+
+AMTAR=${AMTAR-"${am_missing_run}tar"}
+
+am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+
+
+
+
+
+
+ac_config_headers="$ac_config_headers config.h"
+
+DEPDIR="${am__leading_dot}deps"
+
+ac_config_commands="$ac_config_commands depfiles"
+
+
+am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+{ $as_echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5
+$as_echo_n "checking for style of include used by $am_make... " >&6; }
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+
+
+{ $as_echo "$as_me:$LINENO: result: $_am_result" >&5
+$as_echo "$_am_result" >&6; }
+rm -f confinc confmf
+
+# Check whether --enable-dependency-tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then
+  enableval=$enable_dependency_tracking;
+fi
+
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+ if test "x$enable_dependency_tracking" != xno; then
+  AMDEP_TRUE=
+  AMDEP_FALSE='#'
+else
+  AMDEP_TRUE='#'
+  AMDEP_FALSE=
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}gcc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="gcc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+          if test -n "$ac_tool_prefix"; then
+    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}cc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  fi
+fi
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+       ac_prog_rejected=yes
+       continue
+     fi
+    ac_cv_prog_CC="cc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# != 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+  fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in cl.exe
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$CC" && break
+  done
+fi
+if test -z "$CC"; then
+  ac_ct_CC=$CC
+  for ac_prog in cl.exe
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CC" && break
+done
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:$LINENO: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+{ (ac_try="$ac_compiler --version >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler --version >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (ac_try="$ac_compiler -v >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler -v >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (ac_try="$ac_compiler -V >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler -V >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+  esac
+done
+rm -f $ac_rmfiles
+
+if { (ac_try="$ac_link_default"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link_default") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile.  We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+	;;
+    [ab].out )
+	# We found the default executable, but exeext='' is most
+	# certainly right.
+	break;;
+    *.* )
+        if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+	then :; else
+	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	fi
+	# We set ac_cv_exeext here because the later test for it is not
+	# safe: cross compilers may not add the suffix if given an `-o'
+	# argument, so we may need to know it at that point already.
+	# Even if this section looks crufty: it has the advantage of
+	# actually working.
+	break;;
+    * )
+	break;;
+  esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+  ac_file=''
+fi
+
+{ $as_echo "$as_me:$LINENO: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+if test -z "$ac_file"; then
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: C compiler cannot create executables
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: C compiler cannot create executables
+See \`config.log' for more details." >&2;}
+   { (exit 77); exit 77; }; }; }
+fi
+
+ac_exeext=$ac_cv_exeext
+
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:$LINENO: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
+# If not cross compiling, check that we can run a simple program.
+if test "$cross_compiling" != yes; then
+  if { ac_try='./$ac_file'
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+    cross_compiling=no
+  else
+    if test "$cross_compiling" = maybe; then
+	cross_compiling=yes
+    else
+	{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+    fi
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+{ $as_echo "$as_me:$LINENO: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+{ $as_echo "$as_me:$LINENO: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	  break;;
+    * ) break;;
+  esac
+done
+else
+  { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+fi
+
+rm -f conftest$ac_cv_exeext
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+{ $as_echo "$as_me:$LINENO: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if test "${ac_cv_objext+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  for ac_file in conftest.o conftest.obj conftest.*; do
+  test -f "$ac_file" || continue;
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+       break;;
+  esac
+done
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+fi
+
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if test "${ac_cv_c_compiler_gnu+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_compiler_gnu=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_compiler_gnu=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+  GCC=yes
+else
+  GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if test "${ac_cv_prog_cc_g+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_save_c_werror_flag=$ac_c_werror_flag
+   ac_c_werror_flag=yes
+   ac_cv_prog_cc_g=no
+   CFLAGS="-g"
+   cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	CFLAGS=""
+      cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  :
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_c_werror_flag=$ac_save_c_werror_flag
+	 CFLAGS="-g"
+	 cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+     char **p;
+     int i;
+{
+  return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+  char *s;
+  va_list v;
+  va_start (v,p);
+  s = g (p, va_arg (v,int));
+  va_end (v);
+  return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
+   function prototypes and stuff, but not '\xHH' hex character constants.
+   These don't provoke an error unfortunately, instead are silently treated
+   as 'x'.  The following induces an error, until -std is added to get
+   proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
+   array size at least.  It's necessary to write '\x00'==0 to get something
+   that's true only with -std.  */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+   inside strings and character constants.  */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+	-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+  CC="$ac_save_CC $ac_arg"
+  rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_c89=$ac_arg
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+  x)
+    { $as_echo "$as_me:$LINENO: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:$LINENO: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c89"
+    { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CC"   am_compiler_list=
+
+{ $as_echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_CC_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+  fi
+  am__universal=false
+  case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_CC_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+ if
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+  am__fastdepCC_TRUE=
+  am__fastdepCC_FALSE='#'
+else
+  am__fastdepCC_TRUE='#'
+  am__fastdepCC_FALSE=
+fi
+
+
+   { $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C99" >&5
+$as_echo_n "checking for $CC option to accept ISO C99... " >&6; }
+if test "${ac_cv_prog_cc_c99+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c99=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <wchar.h>
+#include <stdio.h>
+
+// Check varargs macros.  These examples are taken from C99 6.10.3.5.
+#define debug(...) fprintf (stderr, __VA_ARGS__)
+#define showlist(...) puts (#__VA_ARGS__)
+#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+static void
+test_varargs_macros (void)
+{
+  int x = 1234;
+  int y = 5678;
+  debug ("Flag");
+  debug ("X = %d\n", x);
+  showlist (The first, second, and third items.);
+  report (x>y, "x is %d but y is %d", x, y);
+}
+
+// Check long long types.
+#define BIG64 18446744073709551615ull
+#define BIG32 4294967295ul
+#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+#if !BIG_OK
+  your preprocessor is broken;
+#endif
+#if BIG_OK
+#else
+  your preprocessor is broken;
+#endif
+static long long int bignum = -9223372036854775807LL;
+static unsigned long long int ubignum = BIG64;
+
+struct incomplete_array
+{
+  int datasize;
+  double data[];
+};
+
+struct named_init {
+  int number;
+  const wchar_t *name;
+  double average;
+};
+
+typedef const char *ccp;
+
+static inline int
+test_restrict (ccp restrict text)
+{
+  // See if C++-style comments work.
+  // Iterate through items via the restricted pointer.
+  // Also check for declarations in for loops.
+  for (unsigned int i = 0; *(text+i) != '\0'; ++i)
+    continue;
+  return 0;
+}
+
+// Check varargs and va_copy.
+static void
+test_varargs (const char *format, ...)
+{
+  va_list args;
+  va_start (args, format);
+  va_list args_copy;
+  va_copy (args_copy, args);
+
+  const char *str;
+  int number;
+  float fnumber;
+
+  while (*format)
+    {
+      switch (*format++)
+	{
+	case 's': // string
+	  str = va_arg (args_copy, const char *);
+	  break;
+	case 'd': // int
+	  number = va_arg (args_copy, int);
+	  break;
+	case 'f': // float
+	  fnumber = va_arg (args_copy, double);
+	  break;
+	default:
+	  break;
+	}
+    }
+  va_end (args_copy);
+  va_end (args);
+}
+
+int
+main ()
+{
+
+  // Check bool.
+  _Bool success = false;
+
+  // Check restrict.
+  if (test_restrict ("String literal") == 0)
+    success = true;
+  char *restrict newvar = "Another string";
+
+  // Check varargs.
+  test_varargs ("s, d' f .", "string", 65, 34.234);
+  test_varargs_macros ();
+
+  // Check flexible array members.
+  struct incomplete_array *ia =
+    malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+  ia->datasize = 10;
+  for (int i = 0; i < ia->datasize; ++i)
+    ia->data[i] = i * 1.234;
+
+  // Check named initializers.
+  struct named_init ni = {
+    .number = 34,
+    .name = L"Test wide string",
+    .average = 543.34343,
+  };
+
+  ni.number = 58;
+
+  int dynamic_array[ni.number];
+  dynamic_array[ni.number - 1] = 543;
+
+  // work around unused variable warnings
+  return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
+	  || dynamic_array[ni.number - 1] != 543);
+
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -xc99=all -qlanglvl=extc99
+do
+  CC="$ac_save_CC $ac_arg"
+  rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_c99=$ac_arg
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c99" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c99" in
+  x)
+    { $as_echo "$as_me:$LINENO: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:$LINENO: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c99"
+    { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c99" >&5
+$as_echo "$ac_cv_prog_cc_c99" >&6; } ;;
+esac
+
+
+
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+  { { $as_echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5
+$as_echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;}
+   { (exit 1); exit 1; }; }
+
+{ $as_echo "$as_me:$LINENO: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if test "${ac_cv_build+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+  ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+  { { $as_echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
+$as_echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
+   { (exit 1); exit 1; }; }
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+  { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5
+$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical build" >&5
+$as_echo "$as_me: error: invalid value of canonical build" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:$LINENO: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if test "${ac_cv_host+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test "x$host_alias" = x; then
+  ac_cv_host=$ac_cv_build
+else
+  ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+    { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5
+$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical host" >&5
+$as_echo "$as_me: error: invalid value of canonical host" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+case $host_os in
+	linux*) os=linux;;
+	freebsd*) os=freebsd;;
+	netbsd*) os=netbsd;;
+	openbsd*) os=openbsd;;
+	dragonfly*) os=dragonfly;;
+	*) { { $as_echo "$as_me:$LINENO: error: OS $host_os is not supported" >&5
+$as_echo "$as_me: error: OS $host_os is not supported" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+ac_config_links="$ac_config_links src/os.h:src/os-${os}.h"
+
+
+
+{ $as_echo "$as_me:$LINENO: checking for struct sockaddr.sa_len" >&5
+$as_echo_n "checking for struct sockaddr.sa_len... " >&6; }
+if test "${ac_cv_member_struct_sockaddr_sa_len+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+
+int
+main ()
+{
+static struct sockaddr ac_aggr;
+if (ac_aggr.sa_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_sa_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+
+int
+main ()
+{
+static struct sockaddr ac_aggr;
+if (sizeof ac_aggr.sa_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_sa_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_member_struct_sockaddr_sa_len=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_sa_len" >&5
+$as_echo "$ac_cv_member_struct_sockaddr_sa_len" >&6; }
+if test "x$ac_cv_member_struct_sockaddr_sa_len" = x""yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_SA_LEN 1
+_ACEOF
+
+
+fi
+
+{ $as_echo "$as_me:$LINENO: checking for struct sockaddr_in.sin_len" >&5
+$as_echo_n "checking for struct sockaddr_in.sin_len... " >&6; }
+if test "${ac_cv_member_struct_sockaddr_in_sin_len+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+
+int
+main ()
+{
+static struct sockaddr_in ac_aggr;
+if (ac_aggr.sin_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_in_sin_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+
+int
+main ()
+{
+static struct sockaddr_in ac_aggr;
+if (sizeof ac_aggr.sin_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_in_sin_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_member_struct_sockaddr_in_sin_len=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_in_sin_len" >&5
+$as_echo "$ac_cv_member_struct_sockaddr_in_sin_len" >&6; }
+if test "x$ac_cv_member_struct_sockaddr_in_sin_len" = x""yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_IN_SIN_LEN 1
+_ACEOF
+
+
+fi
+
+
+ac_config_files="$ac_config_files Makefile doc/Makefile src/Makefile doc/igmpproxy.8 doc/igmpproxy.conf.5"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+  for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) $as_unset $ac_var ;;
+      esac ;;
+    esac
+  done
+
+  (set) 2>&1 |
+    case $as_nl`(ac_space=' '; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      # `set' does not quote correctly, so add quotes (double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \).
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;; #(
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+) |
+  sed '
+     /^ac_cv_env_/b end
+     t clear
+     :clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+     t end
+     s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+  if test -w "$cache_file"; then
+    test "x$cache_file" != "x/dev/null" &&
+      { $as_echo "$as_me:$LINENO: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+    cat confcache >$cache_file
+  else
+    { $as_echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+  ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
+  #    will be set to the directory where LIBOBJS objects are built.
+  ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+  ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+ if test -n "$EXEEXT"; then
+  am__EXEEXT_TRUE=
+  am__EXEEXT_FALSE='#'
+else
+  am__EXEEXT_TRUE='#'
+  am__EXEEXT_FALSE=
+fi
+
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+  { { $as_echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+$as_echo "$as_me: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+  { { $as_echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+$as_echo "$as_me: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+: ${CONFIG_STATUS=./config.status}
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+cat >$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=\${CONFIG_SHELL-$SHELL}
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+
+# Save the log message, to keep $[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+config_links="$ac_config_links"
+config_commands="$ac_config_commands"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTION]... [FILE]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration links:
+$config_links
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-autoconf@gnu.org>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_version="\\
+igmpproxy config.status 0.1
+configured by $0, generated by GNU Autoconf 2.63,
+  with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+MKDIR_P='$MKDIR_P'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_FILES="$CONFIG_FILES '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_HEADERS="$CONFIG_HEADERS '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    { $as_echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; };;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) { $as_echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; } ;;
+
+  *) ac_config_targets="$ac_config_targets $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+  set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+  shift
+  \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+  CONFIG_SHELL='$SHELL'
+  export CONFIG_SHELL
+  exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+    "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+    "src/os.h") CONFIG_LINKS="$CONFIG_LINKS src/os.h:src/os-${os}.h" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+    "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+    "doc/igmpproxy.8") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.8" ;;
+    "doc/igmpproxy.conf.5") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.conf.5" ;;
+
+  *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_LINKS+set}" = set || CONFIG_LINKS=$config_links
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp=
+  trap 'exit_status=$?
+  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+  trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} ||
+{
+   $as_echo "$as_me: cannot create a temporary directory in ." >&2
+   { (exit 1); exit 1; }
+}
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr='
'
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+  echo "cat >conf$$subs.awk <<_ACEOF" &&
+  echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+  echo "_ACEOF"
+} >conf$$subs.sh ||
+  { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  . ./conf$$subs.sh ||
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+
+  ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+  if test $ac_delim_n = $ac_delim_num; then
+    break
+  elif $ac_last_try; then
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\).*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\).*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+  N
+  s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+  || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5
+$as_echo "$as_me: error: could not setup config files machinery" >&2;}
+   { (exit 1); exit 1; }; }
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove $(srcdir),
+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[	 ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[	 ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+  ac_t=`sed -n "/$ac_delim/p" confdefs.h`
+  if test -z "$ac_t"; then
+    break
+  elif $ac_last_try; then
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_HEADERS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_HEADERS" >&2;}
+   { (exit 1); exit 1; }; }
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any.  Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[	 ]*#[	 ]*define[	 ][	 ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+  line = \$ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+  { { $as_echo "$as_me:$LINENO: error: could not setup config headers machinery" >&5
+$as_echo "$as_me: error: could not setup config headers machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS  :L $CONFIG_LINKS  :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: invalid tag $ac_tag" >&5
+$as_echo "$as_me: error: invalid tag $ac_tag" >&2;}
+   { (exit 1); exit 1; }; };;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
+$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;}
+   { (exit 1); exit 1; }; };;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      ac_file_inputs="$ac_file_inputs '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:$LINENO: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$tmp/stdin" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; } ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  { as_dir="$ac_dir"
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+  ac_MKDIR_P=$MKDIR_P
+  case $MKDIR_P in
+  [\\/$]* | ?:[\\/]* ) ;;
+  */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+  esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p
+'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  ac_datarootdir_hack='
+  s&@datadir@&$datadir&g
+  s&@docdir@&$docdir&g
+  s&@infodir@&$infodir&g
+  s&@localedir@&$localedir&g
+  s&@mandir@&$mandir&g
+    s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&2;}
+
+  rm -f "$tmp/stdin"
+  case $ac_file in
+  -) cat "$tmp/out" && rm -f "$tmp/out";;
+  *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+  esac \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+    } >"$tmp/config.h" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$tmp/config.h" "$ac_file" \
+	|| { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create -" >&5
+$as_echo "$as_me: error: could not create -" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$_am_arg" : 'X\(//\)[^/]' \| \
+	 X"$_am_arg" : 'X\(//\)$' \| \
+	 X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+  :L)
+  #
+  # CONFIG_LINK
+  #
+
+  if test "$ac_source" = "$ac_file" && test "$srcdir" = '.'; then
+    :
+  else
+    # Prefer the file from the source tree if names are identical.
+    if test "$ac_source" = "$ac_file" || test ! -r "$ac_source"; then
+      ac_source=$srcdir/$ac_source
+    fi
+
+    { $as_echo "$as_me:$LINENO: linking $ac_source to $ac_file" >&5
+$as_echo "$as_me: linking $ac_source to $ac_file" >&6;}
+
+    if test ! -r "$ac_source"; then
+      { { $as_echo "$as_me:$LINENO: error: $ac_source: file not found" >&5
+$as_echo "$as_me: error: $ac_source: file not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    rm -f "$ac_file"
+
+    # Try a relative symlink, then a hard link, then a copy.
+    case $srcdir in
+    [\\/$]* | ?:[\\/]* ) ac_rel_source=$ac_source ;;
+	*) ac_rel_source=$ac_top_build_prefix$ac_source ;;
+    esac
+    ln -s "$ac_rel_source" "$ac_file" 2>/dev/null ||
+      ln "$ac_source" "$ac_file" 2>/dev/null ||
+      cp -p "$ac_source" "$ac_file" ||
+      { { $as_echo "$as_me:$LINENO: error: cannot link or copy $ac_source to $ac_file" >&5
+$as_echo "$as_me: error: cannot link or copy $ac_source to $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+ ;;
+  :C)  { $as_echo "$as_me:$LINENO: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
+
+
+  case $ac_file$ac_mode in
+    "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$mf" : 'X\(//\)[^/]' \| \
+	 X"$mf" : 'X\(//\)$' \| \
+	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$file" : 'X\(//\)[^/]' \| \
+	 X"$file" : 'X\(//\)$' \| \
+	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      { as_dir=$dirpart/$fdir
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+ ;;
+
+  esac
+done # for ac_tag
+
+
+{ (exit 0); exit 0; }
+_ACEOF
+chmod +x $CONFIG_STATUS
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+  { { $as_echo "$as_me:$LINENO: error: write failure creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: write failure creating $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || { (exit 1); exit 1; }
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+  { $as_echo "$as_me:$LINENO: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/configure.ac b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/configure.ac
new file mode 100644
index 0000000..85beb08
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/configure.ac
@@ -0,0 +1,35 @@
+AC_PREREQ([2.63])
+AC_INIT([igmpproxy], [0.1])
+AM_INIT_AUTOMAKE
+AC_CONFIG_SRCDIR([src/igmpproxy.c])
+AC_CONFIG_HEADERS([config.h])
+AC_PROG_CC_C99
+
+AC_CANONICAL_HOST
+case $host_os in
+	linux*) os=linux;;
+	freebsd*) os=freebsd;;
+	netbsd*) os=netbsd;;
+	openbsd*) os=openbsd;;
+	dragonfly*) os=dragonfly;;
+	*) AC_MSG_ERROR([OS $host_os is not supported]);;
+esac
+AC_CONFIG_LINKS([src/os.h:src/os-${os}.h])
+
+AC_CHECK_MEMBERS([struct sockaddr.sa_len], [], [], [[
+#include <sys/types.h>
+#include <sys/socket.h>
+]])
+AC_CHECK_MEMBERS([struct sockaddr_in.sin_len], [], [], [[
+#include <sys/types.h>
+#include <netinet/in.h>
+]])
+
+AC_CONFIG_FILES([
+	Makefile
+	doc/Makefile
+	src/Makefile
+	doc/igmpproxy.8
+	doc/igmpproxy.conf.5
+])
+AC_OUTPUT
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/depcomp b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/depcomp
new file mode 100755
index 0000000..df8eea7
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/depcomp
@@ -0,0 +1,630 @@
+#! /bin/sh
+# depcomp - compile a program generating dependencies as side-effects
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free
+# Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
+
+case $1 in
+  '')
+     echo "$0: No command.  Try \`$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: depcomp [--help] [--version] PROGRAM [ARGS]
+
+Run PROGRAMS ARGS to compile a file, generating dependencies
+as side-effects.
+
+Environment variables:
+  depmode     Dependency tracking mode.
+  source      Source file read by `PROGRAMS ARGS'.
+  object      Object file output by `PROGRAMS ARGS'.
+  DEPDIR      directory where to store dependencies.
+  depfile     Dependency file to output.
+  tmpdepfile  Temporary file to use when outputing dependencies.
+  libtool     Whether libtool is used (yes/no).
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "depcomp $scriptversion"
+    exit $?
+    ;;
+esac
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+  echo "depcomp: Variables source, object and depmode must be set" 1>&2
+  exit 1
+fi
+
+# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
+depfile=${depfile-`echo "$object" |
+  sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Some modes work just like other modes, but use different flags.  We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write.  Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+  # HP compiler uses -M and no extra arg.
+  gccflag=-M
+  depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+   # This is just like dashmstdout with a different argument.
+   dashmflag=-xM
+   depmode=dashmstdout
+fi
+
+cygpath_u="cygpath -u -f -"
+if test "$depmode" = msvcmsys; then
+   # This is just like msvisualcpp but w/o cygpath translation.
+   # Just convert the backslash-escaped backslashes to single forward
+   # slashes to satisfy depend.m4
+   cygpath_u="sed s,\\\\\\\\,/,g"
+   depmode=msvisualcpp
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want.  Yay!  Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff.  Hmm.
+## Unfortunately, FreeBSD c89 acceptance of flags depends upon
+## the command line argument order; so add the flags where they
+## appear in depend2.am.  Note that the slowdown incurred here
+## affects only configure: in makefiles, %FASTDEP% shortcuts this.
+  for arg
+  do
+    case $arg in
+    -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
+    *)  set fnord "$@" "$arg" ;;
+    esac
+    shift # fnord
+    shift # $arg
+  done
+  "$@"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  mv "$tmpdepfile" "$depfile"
+  ;;
+
+gcc)
+## There are various ways to get dependency output from gcc.  Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+##   up in a subdir.  Having to rename by hand is ugly.
+##   (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+##   -MM, not -M (despite what the docs say).
+## - Using -M directly means running the compiler twice (even worse
+##   than renaming).
+  if test -z "$gccflag"; then
+    gccflag=-MD,
+  fi
+  "$@" -Wp,"$gccflag$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+## The second -e expression handles DOS-style file names with drive letters.
+  sed -e 's/^[^:]*: / /' \
+      -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the `deleted header file' problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header).  We avoid this by adding
+## dummy dependencies for each header file.  Too bad gcc doesn't do
+## this for us directly.
+  tr ' ' '
+' < "$tmpdepfile" |
+## Some versions of gcc put a space before the `:'.  On the theory
+## that the space means something, we add a space to the output as
+## well.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+sgi)
+  if test "$libtool" = yes; then
+    "$@" "-Wp,-MDupdate,$tmpdepfile"
+  else
+    "$@" -MDupdate "$tmpdepfile"
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+
+  if test -f "$tmpdepfile"; then  # yes, the sourcefile depend on other files
+    echo "$object : \\" > "$depfile"
+
+    # Clip off the initial element (the dependent).  Don't try to be
+    # clever and replace this with sed code, as IRIX sed won't handle
+    # lines with more than a fixed number of characters (4096 in
+    # IRIX 6.2 sed, 8192 in IRIX 6.5).  We also remove comment lines;
+    # the IRIX cc adds comments like `#:fec' to the end of the
+    # dependency line.
+    tr ' ' '
+' < "$tmpdepfile" \
+    | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
+    tr '
+' ' ' >> "$depfile"
+    echo >> "$depfile"
+
+    # The second pass generates a dummy entry for each header file.
+    tr ' ' '
+' < "$tmpdepfile" \
+   | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+   >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+aix)
+  # The C for AIX Compiler uses -M and outputs the dependencies
+  # in a .u file.  In older versions, this file always lives in the
+  # current directory.  Also, the AIX compiler puts `$object:' at the
+  # start of each line; $object doesn't have directory information.
+  # Version 6 uses the directory in both cases.
+  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+  test "x$dir" = "x$object" && dir=
+  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$base.u
+    tmpdepfile3=$dir.libs/$base.u
+    "$@" -Wc,-M
+  else
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$dir$base.u
+    tmpdepfile3=$dir$base.u
+    "$@" -M
+  fi
+  stat=$?
+
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+    exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  if test -f "$tmpdepfile"; then
+    # Each line is of the form `foo.o: dependent.h'.
+    # Do two passes, one to just change these to
+    # `$object: dependent.h' and one to simply `dependent.h:'.
+    sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+    # That's a tab and a space in the [].
+    sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+icc)
+  # Intel's C compiler understands `-MD -MF file'.  However on
+  #    icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+  # ICC 7.0 will fill foo.d with something like
+  #    foo.o: sub/foo.c
+  #    foo.o: sub/foo.h
+  # which is wrong.  We want:
+  #    sub/foo.o: sub/foo.c
+  #    sub/foo.o: sub/foo.h
+  #    sub/foo.c:
+  #    sub/foo.h:
+  # ICC 7.1 will output
+  #    foo.o: sub/foo.c sub/foo.h
+  # and will wrap long lines using \ :
+  #    foo.o: sub/foo.c ... \
+  #     sub/foo.h ... \
+  #     ...
+
+  "$@" -MD -MF "$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  # Each line is of the form `foo.o: dependent.h',
+  # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+  # Do two passes, one to just change these to
+  # `$object: dependent.h' and one to simply `dependent.h:'.
+  sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process this invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
+    sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp2)
+  # The "hp" stanza above does not work with aCC (C++) and HP's ia64
+  # compilers, which have integrated preprocessors.  The correct option
+  # to use with these is +Maked; it writes dependencies to a file named
+  # 'foo.d', which lands next to the object file, wherever that
+  # happens to be.
+  # Much of this is similar to the tru64 case; see comments there.
+  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+  test "x$dir" = "x$object" && dir=
+  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir.libs/$base.d
+    "$@" -Wc,+Maked
+  else
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir$base.d
+    "$@" +Maked
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+     rm -f "$tmpdepfile1" "$tmpdepfile2"
+     exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  if test -f "$tmpdepfile"; then
+    sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
+    # Add `dependent.h:' lines.
+    sed -ne '2,${
+	       s/^ *//
+	       s/ \\*$//
+	       s/$/:/
+	       p
+	     }' "$tmpdepfile" >> "$depfile"
+  else
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile" "$tmpdepfile2"
+  ;;
+
+tru64)
+   # The Tru64 compiler uses -MD to generate dependencies as a side
+   # effect.  `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+   # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+   # dependencies in `foo.d' instead, so we check for that too.
+   # Subdirectories are respected.
+   dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+   test "x$dir" = "x$object" && dir=
+   base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+
+   if test "$libtool" = yes; then
+      # With Tru64 cc, shared objects can also be used to make a
+      # static library.  This mechanism is used in libtool 1.4 series to
+      # handle both shared and static libraries in a single compilation.
+      # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
+      #
+      # With libtool 1.5 this exception was removed, and libtool now
+      # generates 2 separate objects for the 2 libraries.  These two
+      # compilations output dependencies in $dir.libs/$base.o.d and
+      # in $dir$base.o.d.  We have to check for both files, because
+      # one of the two compilations can be disabled.  We should prefer
+      # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
+      # automatically cleaned when .libs/ is deleted, while ignoring
+      # the former would cause a distcleancheck panic.
+      tmpdepfile1=$dir.libs/$base.lo.d   # libtool 1.4
+      tmpdepfile2=$dir$base.o.d          # libtool 1.5
+      tmpdepfile3=$dir.libs/$base.o.d    # libtool 1.5
+      tmpdepfile4=$dir.libs/$base.d      # Compaq CCC V6.2-504
+      "$@" -Wc,-MD
+   else
+      tmpdepfile1=$dir$base.o.d
+      tmpdepfile2=$dir$base.d
+      tmpdepfile3=$dir$base.d
+      tmpdepfile4=$dir$base.d
+      "$@" -MD
+   fi
+
+   stat=$?
+   if test $stat -eq 0; then :
+   else
+      rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+      exit $stat
+   fi
+
+   for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+   do
+     test -f "$tmpdepfile" && break
+   done
+   if test -f "$tmpdepfile"; then
+      sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+      # That's a tab and a space in the [].
+      sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+   else
+      echo "#dummy" > "$depfile"
+   fi
+   rm -f "$tmpdepfile"
+   ;;
+
+#nosideeffect)
+  # This comment above is used by automake to tell side-effect
+  # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout, regardless of -o.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  test -z "$dashmflag" && dashmflag=-M
+  # Require at least two characters before searching for `:'
+  # in the target name.  This is to cope with DOS-style filenames:
+  # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+  "$@" $dashmflag |
+    sed 's:^[  ]*[^: ][^:][^:]*\:[    ]*:'"$object"'\: :' > "$tmpdepfile"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  tr ' ' '
+' < "$tmpdepfile" | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+dashXmstdout)
+  # This case only exists to satisfy depend.m4.  It is never actually
+  # run, as this mode is specially recognized in the preamble.
+  exit 1
+  ;;
+
+makedepend)
+  "$@" || exit $?
+  # Remove any Libtool call
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+  # X makedepend
+  shift
+  cleared=no eat=no
+  for arg
+  do
+    case $cleared in
+    no)
+      set ""; shift
+      cleared=yes ;;
+    esac
+    if test $eat = yes; then
+      eat=no
+      continue
+    fi
+    case "$arg" in
+    -D*|-I*)
+      set fnord "$@" "$arg"; shift ;;
+    # Strip any option that makedepend may not understand.  Remove
+    # the object too, otherwise makedepend will parse it as a source file.
+    -arch)
+      eat=yes ;;
+    -*|$object)
+      ;;
+    *)
+      set fnord "$@" "$arg"; shift ;;
+    esac
+  done
+  obj_suffix=`echo "$object" | sed 's/^.*\././'`
+  touch "$tmpdepfile"
+  ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  sed '1,2d' "$tmpdepfile" | tr ' ' '
+' | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile" "$tmpdepfile".bak
+  ;;
+
+cpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  "$@" -E |
+    sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+       -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
+    sed '$ s: \\$::' > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  cat < "$tmpdepfile" >> "$depfile"
+  sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvisualcpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  IFS=" "
+  for arg
+  do
+    case "$arg" in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+	set fnord "$@"
+	shift
+	shift
+	;;
+    *)
+	set fnord "$@" "$arg"
+	shift
+	shift
+	;;
+    esac
+  done
+  "$@" -E 2>/dev/null |
+  sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::	\1 \\:p' >> "$depfile"
+  echo "	" >> "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvcmsys)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+none)
+  exec "$@"
+  ;;
+
+*)
+  echo "Unknown depmode $depmode" 1>&2
+  exit 1
+  ;;
+esac
+
+exit 0
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/Makefile b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/Makefile
new file mode 100644
index 0000000..1dc1972
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/Makefile
@@ -0,0 +1,447 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# doc/Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = x86_64-unknown-linux-gnu
+host_triplet = x86_64-unknown-linux-gnu
+subdir = doc
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/igmpproxy.8.in $(srcdir)/igmpproxy.conf.5.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = igmpproxy.8 igmpproxy.conf.5
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+man5dir = $(mandir)/man5
+am__installdirs = "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1/doc
+abs_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1/doc
+abs_top_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = x86_64-unknown-linux-gnu
+build_alias = 
+build_cpu = x86_64
+build_os = linux-gnu
+build_vendor = unknown
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = x86_64-unknown-linux-gnu
+host_alias = 
+host_cpu = x86_64
+host_os = linux-gnu
+host_vendor = unknown
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = ../
+top_builddir = ..
+top_srcdir = ..
+man_MANS = igmpproxy.8 igmpproxy.conf.5
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu doc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+igmpproxy.8: $(top_builddir)/config.status $(srcdir)/igmpproxy.8.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+igmpproxy.conf.5: $(top_builddir)/config.status $(srcdir)/igmpproxy.conf.5.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-man5: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man5:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
+install-man8: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+	@list='$(MANS)'; if test -n "$$list"; then \
+	  list=`for p in $$list; do \
+	    if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	    if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+	  if test -n "$$list" && \
+	    grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+	    echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+	    grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/         /' >&2; \
+	    echo "       to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+	    echo "       typically \`make maintainer-clean' will remove them" >&2; \
+	    exit 1; \
+	  else :; fi; \
+	else :; fi
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(MANS)
+installdirs:
+	for dir in "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic distclean \
+	distclean-generic distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
+	pdf-am ps ps-am uninstall uninstall-am uninstall-man \
+	uninstall-man5 uninstall-man8
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am
new file mode 100644
index 0000000..1d4eb13
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am
@@ -0,0 +1 @@
+man_MANS = igmpproxy.8 igmpproxy.conf.5
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in
new file mode 100644
index 0000000..8a0c300
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in
@@ -0,0 +1,447 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = doc
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/igmpproxy.8.in $(srcdir)/igmpproxy.conf.5.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = igmpproxy.8 igmpproxy.conf.5
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+man5dir = $(mandir)/man5
+am__installdirs = "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+man_MANS = igmpproxy.8 igmpproxy.conf.5
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu doc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+igmpproxy.8: $(top_builddir)/config.status $(srcdir)/igmpproxy.8.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+igmpproxy.conf.5: $(top_builddir)/config.status $(srcdir)/igmpproxy.conf.5.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-man5: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man5:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
+install-man8: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+	@list='$(MANS)'; if test -n "$$list"; then \
+	  list=`for p in $$list; do \
+	    if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	    if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+	  if test -n "$$list" && \
+	    grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+	    echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+	    grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/         /' >&2; \
+	    echo "       to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+	    echo "       typically \`make maintainer-clean' will remove them" >&2; \
+	    exit 1; \
+	  else :; fi; \
+	else :; fi
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(MANS)
+installdirs:
+	for dir in "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic distclean \
+	distclean-generic distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
+	pdf-am ps ps-am uninstall uninstall-am uninstall-man \
+	uninstall-man5 uninstall-man8
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8 b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8
new file mode 100644
index 0000000..10faec5
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8
@@ -0,0 +1,81 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy 8 "" "igmpproxy 0.1"
+.SH NAME
+igmpproxy \- Multicast router utilizing IGMP forwarding
+
+.SH SYNOPSIS
+.B igmpproxy [-h] [-d] [-v [-v]]
+.I config-file
+
+
+.SH DESCRIPTION
+.B igmpproxy
+is a simple multicast routing daemon which uses IGMP forwarding to
+dynamically route multicast traffic. Routing is done by defining an
+"upstream" interface on which the daemon act as a normal Multicast
+client, and one or more "downstream" interfaces that serves clients
+on the destination networks. This is useful in situations where other
+dynamic multicast routers (like 'mrouted' or 'pimd') cannot be used.
+
+Since 
+.B igmpproxy
+only uses IGMP signalling, the daemon is only suited for situations
+where multicast traffic comes from only one neighbouring network.
+In more advanced cases, 'mrouted' or 'pimd' is probably more suited.
+The daemon is not designed for cascading, and probably won't scale
+very well.
+
+Currently only IGMPv1 and v2 is supported on downstream interfaces.
+On the upstream interface the kernel IGMP client implementation is used,
+and supported IGMP versions is therefore limited to that supported by the
+kernel.
+
+
+.SH OPTIONS
+.IP -h
+Display help.
+.IP -v
+Verbose logging. Set logging level to INFO instead of WARNING used by default. 
+.IP -vv
+More verbose logging. Set logging level to DEBUG.
+.IP -d
+Output log messages to STDERR instead of to
+.BR syslog (3).
+
+
+.SH LIMITS
+The current version compiles and runs fine with the Linux kernel version 2.4. The known limits are:
+
+.B Multicast routes:
+more then 200
+
+.B Multicast group membership:
+max. 20
+.SH FILES
+.TP
+.B /proc/net/ip_mr_cache 
+- contains the active multicast routes
+.TP
+.B /proc/net/ip_mr_vif 
+- contains the 'virtual' interfaces used by the active multicast routing daemon
+.TP
+.B /proc/sys/net/ipv4/conf/<ifname>/force_igmp_version 
+- can be set to control what IGMP version the kernel should use on the upstream interface.
+Ex.: 'echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version' will force the kernel to
+use IGMPv2 on eth0 (provided this is the upstream interface).
+
+
+.SH SEE ALSO
+.BR igmpproxy.conf (5),
+.BR mrouted,
+.BR pimd,
+.BR smcroute
+
+.SH BUGS
+Currently none (but there probably will be :-/ )
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>.
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in
new file mode 100644
index 0000000..9d18e42
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in
@@ -0,0 +1,81 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy 8 "" "@PACKAGE_STRING@"
+.SH NAME
+igmpproxy \- Multicast router utilizing IGMP forwarding
+
+.SH SYNOPSIS
+.B igmpproxy [-h] [-d] [-v [-v]]
+.I config-file
+
+
+.SH DESCRIPTION
+.B igmpproxy
+is a simple multicast routing daemon which uses IGMP forwarding to
+dynamically route multicast traffic. Routing is done by defining an
+"upstream" interface on which the daemon act as a normal Multicast
+client, and one or more "downstream" interfaces that serves clients
+on the destination networks. This is useful in situations where other
+dynamic multicast routers (like 'mrouted' or 'pimd') cannot be used.
+
+Since 
+.B igmpproxy
+only uses IGMP signalling, the daemon is only suited for situations
+where multicast traffic comes from only one neighbouring network.
+In more advanced cases, 'mrouted' or 'pimd' is probably more suited.
+The daemon is not designed for cascading, and probably won't scale
+very well.
+
+Currently only IGMPv1 and v2 is supported on downstream interfaces.
+On the upstream interface the kernel IGMP client implementation is used,
+and supported IGMP versions is therefore limited to that supported by the
+kernel.
+
+
+.SH OPTIONS
+.IP -h
+Display help.
+.IP -v
+Verbose logging. Set logging level to INFO instead of WARNING used by default. 
+.IP -vv
+More verbose logging. Set logging level to DEBUG.
+.IP -d
+Output log messages to STDERR instead of to
+.BR syslog (3).
+
+
+.SH LIMITS
+The current version compiles and runs fine with the Linux kernel version 2.4. The known limits are:
+
+.B Multicast routes:
+more then 200
+
+.B Multicast group membership:
+max. 20
+.SH FILES
+.TP
+.B /proc/net/ip_mr_cache 
+- contains the active multicast routes
+.TP
+.B /proc/net/ip_mr_vif 
+- contains the 'virtual' interfaces used by the active multicast routing daemon
+.TP
+.B /proc/sys/net/ipv4/conf/<ifname>/force_igmp_version 
+- can be set to control what IGMP version the kernel should use on the upstream interface.
+Ex.: 'echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version' will force the kernel to
+use IGMPv2 on eth0 (provided this is the upstream interface).
+
+
+.SH SEE ALSO
+.BR igmpproxy.conf (5),
+.BR mrouted,
+.BR pimd,
+.BR smcroute
+
+.SH BUGS
+Currently none (but there probably will be :-/ )
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>.
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5 b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5
new file mode 100644
index 0000000..176de46
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5
@@ -0,0 +1,146 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy.conf 5 "" "igmpproxy 0.1"
+.SH NAME
+igmpproxy.conf \- Configuration file for
+.BR igmpproxy (8)
+multicast daemon
+
+.SH DESCRIPTION
+.B igmpproxy.conf
+contains the configuration for the 
+.B igmpproxy
+multicast daemon. It defines which network interfaces should be
+used by the routing daemon. Each interface must be give one of the following roles:
+.B upstream
+,
+.B downstream
+or
+.B disabled
+.
+
+The
+.B upstream
+network interface is the outgoing interface which is responsible for communicating
+to availible multicast data sources. There can only be one upstream interface.
+
+.B Downstream
+network interfaces are the distribution interfaces to the destination networks, 
+where multicast clients can join groups and receive multicast data. One or more
+downstream interfaces must be configured.
+
+On
+.B disabled
+network interfaces all IGMP or multicast traffic is ignored altogether. If multiple
+IP addresses is used on one single interface (ae. eth0:1 ...), all interface
+aliases not in use should be configured as disabled.
+
+Any line in the configuration file starting with
+.B #
+is treated as a comment. Keywords and parameters can be distributed over many lines.
+The configuration file has two main keywords:
+
+.B quickleave
+.RS 
+Enables quickleave mode. In this mode the daemon will send a Leave IGMP message
+upstream as soon as it recieves a Leave message for any downstream interface.
+The daemon will then ask for Membership reports on the downstream interfaces, 
+and if a report is recieved the group is joined again upstream. Normally this
+is not noticed at all by clients on the downstream networks. If it's vital
+that the daemon should act exactly as a real multicast client on the upstream
+interface, this function should not be used. Disabling this function increases
+the risk of bandwidth saturation.
+.RE
+
+
+.B phyint 
+.I interface
+.I role 
+[ ratelimit 
+.I limit
+] [ threshold 
+.I ttl
+] [ altnet 
+.I networkaddr ... 
+]
+.RS
+Defines the state and settings of a network interface.
+.RE
+
+.SH PHYINT OPTIONS
+
+.B interface
+.RS
+The name of the interface the settings are for. This option is required for
+phyint settings.
+.RE
+
+.B role
+.RS
+The role of the interface. This should be either
+.B upstream
+(only one interface),
+.B downstream
+(one or more interfaces) or
+.B disabled
+. This option is required.
+.RE
+
+.B ratelimit
+.I limit
+.RS
+Defines a ratelimit for the network interface. If ratelimit is set to 0 (default),
+no ratelimit will be applied. This setting is optional.
+.RE
+
+.B threshold
+.I ttl
+.RS
+Defines the TTL threshold for the network interface. Packets with a lower TTL than the 
+threshols value will be ignored. This setting is optional, and by default the threshold is 1.
+.RE
+
+.B altnet
+.I networkaddr
+...
+.RS
+Defines alternate sources for multicasting and IGMP data. The network address must be on the 
+following format 'a.b.c.d/n'. By default the router will accept data from sources on the same
+network as configured on an interface. If the multicast source lies on a remote network, one
+must define from where traffic should be accepted. 
+
+This is especially useful for the upstream interface, since the source for multicast
+traffic is often from a remote location. Any number of altnet parameters can be specified.
+.RE
+
+
+.SH EXAMPLE
+## Enable quickleave
+quickleave
+.br
+## Define settings for eth0 (upstream)
+.br
+phyint eth0 upstream 
+       altnet 10.0.0.0/8
+       
+## Disable alternate IP on eth0 (eth0:0)
+.br
+phyint eth0:0 disabled
+
+## Define settings for eth1 (downstream)
+.br
+phyint eth1 downstream ratelimit 0 threshold 1
+
+## Define settings for eth2 (also downstream)
+.br
+phyint eth2 downstream
+
+
+.SH SEE ALSO
+.BR igmpproxy (8)
+
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in
new file mode 100644
index 0000000..a4ea7d0
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in
@@ -0,0 +1,146 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy.conf 5 "" "@PACKAGE_STRING@"
+.SH NAME
+igmpproxy.conf \- Configuration file for
+.BR igmpproxy (8)
+multicast daemon
+
+.SH DESCRIPTION
+.B igmpproxy.conf
+contains the configuration for the 
+.B igmpproxy
+multicast daemon. It defines which network interfaces should be
+used by the routing daemon. Each interface must be give one of the following roles:
+.B upstream
+,
+.B downstream
+or
+.B disabled
+.
+
+The
+.B upstream
+network interface is the outgoing interface which is responsible for communicating
+to availible multicast data sources. There can only be one upstream interface.
+
+.B Downstream
+network interfaces are the distribution interfaces to the destination networks, 
+where multicast clients can join groups and receive multicast data. One or more
+downstream interfaces must be configured.
+
+On
+.B disabled
+network interfaces all IGMP or multicast traffic is ignored altogether. If multiple
+IP addresses is used on one single interface (ae. eth0:1 ...), all interface
+aliases not in use should be configured as disabled.
+
+Any line in the configuration file starting with
+.B #
+is treated as a comment. Keywords and parameters can be distributed over many lines.
+The configuration file has two main keywords:
+
+.B quickleave
+.RS 
+Enables quickleave mode. In this mode the daemon will send a Leave IGMP message
+upstream as soon as it recieves a Leave message for any downstream interface.
+The daemon will then ask for Membership reports on the downstream interfaces, 
+and if a report is recieved the group is joined again upstream. Normally this
+is not noticed at all by clients on the downstream networks. If it's vital
+that the daemon should act exactly as a real multicast client on the upstream
+interface, this function should not be used. Disabling this function increases
+the risk of bandwidth saturation.
+.RE
+
+
+.B phyint 
+.I interface
+.I role 
+[ ratelimit 
+.I limit
+] [ threshold 
+.I ttl
+] [ altnet 
+.I networkaddr ... 
+]
+.RS
+Defines the state and settings of a network interface.
+.RE
+
+.SH PHYINT OPTIONS
+
+.B interface
+.RS
+The name of the interface the settings are for. This option is required for
+phyint settings.
+.RE
+
+.B role
+.RS
+The role of the interface. This should be either
+.B upstream
+(only one interface),
+.B downstream
+(one or more interfaces) or
+.B disabled
+. This option is required.
+.RE
+
+.B ratelimit
+.I limit
+.RS
+Defines a ratelimit for the network interface. If ratelimit is set to 0 (default),
+no ratelimit will be applied. This setting is optional.
+.RE
+
+.B threshold
+.I ttl
+.RS
+Defines the TTL threshold for the network interface. Packets with a lower TTL than the 
+threshols value will be ignored. This setting is optional, and by default the threshold is 1.
+.RE
+
+.B altnet
+.I networkaddr
+...
+.RS
+Defines alternate sources for multicasting and IGMP data. The network address must be on the 
+following format 'a.b.c.d/n'. By default the router will accept data from sources on the same
+network as configured on an interface. If the multicast source lies on a remote network, one
+must define from where traffic should be accepted. 
+
+This is especially useful for the upstream interface, since the source for multicast
+traffic is often from a remote location. Any number of altnet parameters can be specified.
+.RE
+
+
+.SH EXAMPLE
+## Enable quickleave
+quickleave
+.br
+## Define settings for eth0 (upstream)
+.br
+phyint eth0 upstream 
+       altnet 10.0.0.0/8
+       
+## Disable alternate IP on eth0 (eth0:0)
+.br
+phyint eth0:0 disabled
+
+## Define settings for eth1 (downstream)
+.br
+phyint eth1 downstream ratelimit 0 threshold 1
+
+## Define settings for eth2 (also downstream)
+.br
+phyint eth2 downstream
+
+
+.SH SEE ALSO
+.BR igmpproxy (8)
+
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf
new file mode 100644
index 0000000..197ca30
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf
@@ -0,0 +1,46 @@
+########################################################
+#
+#   Example configuration file for the IgmpProxy
+#   --------------------------------------------
+#
+#   The configuration file must define one upstream
+#   interface, and one or more downstream interfaces.
+#
+#   If multicast traffic originates outside the
+#   upstream subnet, the "altnet" option can be
+#   used in order to define legal multicast sources.
+#   (Se example...)
+#
+#   The "quickleave" should be used to avoid saturation
+#   of the upstream link. The option should only
+#   be used if it's absolutely nessecary to
+#   accurately imitate just one Client.
+#
+########################################################
+
+##------------------------------------------------------
+## Enable Quickleave mode (Sends Leave instantly)
+##------------------------------------------------------
+quickleave
+
+
+##------------------------------------------------------
+## Configuration for eth0 (Upstream Interface)
+##------------------------------------------------------
+phyint eth0 upstream  ratelimit 0  threshold 1
+        altnet 10.0.0.0/8 
+        altnet 192.168.0.0/24
+
+
+##------------------------------------------------------
+## Configuration for eth1 (Downstream Interface)
+##------------------------------------------------------
+phyint eth1 downstream  ratelimit 0  threshold 1
+
+
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+phyint eth2 disabled
+
+
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/install-sh b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/install-sh
new file mode 100755
index 0000000..6781b98
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/install-sh
@@ -0,0 +1,520 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2009-04-28.21; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/missing b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/missing
new file mode 100755
index 0000000..28055d2
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/missing
@@ -0,0 +1,376 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
+# 2008, 2009 Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+  echo 1>&2 "Try \`$0 --help' for more information"
+  exit 1
+fi
+
+run=:
+sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
+sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+  configure_ac=configure.ac
+else
+  configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case $1 in
+--run)
+  # Try to run requested program, and just exit if it succeeds.
+  run=
+  shift
+  "$@" && exit 0
+  # Exit code 63 means version mismatch.  This often happens
+  # when the user try to use an ancient version of a tool on
+  # a file that requires a minimum version.  In this case we
+  # we should proceed has if the program had been absent, or
+  # if --run hadn't been passed.
+  if test $? = 63; then
+    run=:
+    msg="probably too old"
+  fi
+  ;;
+
+  -h|--h|--he|--hel|--help)
+    echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+  -h, --help      display this help and exit
+  -v, --version   output version information and exit
+  --run           try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+  aclocal      touch file \`aclocal.m4'
+  autoconf     touch file \`configure'
+  autoheader   touch file \`config.h.in'
+  autom4te     touch the output file, or create a stub one
+  automake     touch all \`Makefile.in' files
+  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
+  flex         create \`lex.yy.c', if possible, from existing .c
+  help2man     touch the output file
+  lex          create \`lex.yy.c', if possible, from existing .c
+  makeinfo     touch the output file
+  tar          try tar, gnutar, gtar, then tar without non-portable flags
+  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
+\`g' are ignored when checking the name.
+
+Send bug reports to <bug-automake@gnu.org>."
+    exit $?
+    ;;
+
+  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+    echo "missing $scriptversion (GNU Automake)"
+    exit $?
+    ;;
+
+  -*)
+    echo 1>&2 "$0: Unknown \`$1' option"
+    echo 1>&2 "Try \`$0 --help' for more information"
+    exit 1
+    ;;
+
+esac
+
+# normalize program name to check for.
+program=`echo "$1" | sed '
+  s/^gnu-//; t
+  s/^gnu//; t
+  s/^g//; t'`
+
+# Now exit if we have it, but it failed.  Also exit now if we
+# don't have it and --version was passed (most likely to detect
+# the program).  This is about non-GNU programs, so use $1 not
+# $program.
+case $1 in
+  lex*|yacc*)
+    # Not GNU programs, they don't have --version.
+    ;;
+
+  tar*)
+    if test -n "$run"; then
+       echo 1>&2 "ERROR: \`tar' requires --run"
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       exit 1
+    fi
+    ;;
+
+  *)
+    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+       # We have it, but it failed.
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       # Could not run --version or --help.  This is probably someone
+       # running `$TOOL --version' or `$TOOL --help' to check whether
+       # $TOOL exists and not knowing $TOOL uses missing.
+       exit 1
+    fi
+    ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case $program in
+  aclocal*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acinclude.m4' or \`${configure_ac}'.  You might want
+         to install the \`Automake' and \`Perl' packages.  Grab them from
+         any GNU archive site."
+    touch aclocal.m4
+    ;;
+
+  autoconf*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`${configure_ac}'.  You might want to install the
+         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
+         archive site."
+    touch configure
+    ;;
+
+  autoheader*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acconfig.h' or \`${configure_ac}'.  You might want
+         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
+         from any GNU archive site."
+    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+    test -z "$files" && files="config.h"
+    touch_files=
+    for f in $files; do
+      case $f in
+      *:*) touch_files="$touch_files "`echo "$f" |
+				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+      *) touch_files="$touch_files $f.in";;
+      esac
+    done
+    touch $touch_files
+    ;;
+
+  automake*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+         You might want to install the \`Automake' and \`Perl' packages.
+         Grab them from any GNU archive site."
+    find . -type f -name Makefile.am -print |
+	   sed 's/\.am$/.in/' |
+	   while read f; do touch "$f"; done
+    ;;
+
+  autom4te*)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.
+         You can get \`$1' as part of \`Autoconf' from any GNU
+         archive site."
+
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo "#! /bin/sh"
+	echo "# Created by GNU Automake missing as a replacement of"
+	echo "#  $ $@"
+	echo "exit 0"
+	chmod +x $file
+	exit 1
+    fi
+    ;;
+
+  bison*|yacc*)
+    echo 1>&2 "\
+WARNING: \`$1' $msg.  You should only need it if
+         you modified a \`.y' file.  You may need the \`Bison' package
+         in order for those modifications to take effect.  You can get
+         \`Bison' from any GNU archive site."
+    rm -f y.tab.c y.tab.h
+    if test $# -ne 1; then
+        eval LASTARG="\${$#}"
+	case $LASTARG in
+	*.y)
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" y.tab.c
+	    fi
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" y.tab.h
+	    fi
+	  ;;
+	esac
+    fi
+    if test ! -f y.tab.h; then
+	echo >y.tab.h
+    fi
+    if test ! -f y.tab.c; then
+	echo 'main() { return 0; }' >y.tab.c
+    fi
+    ;;
+
+  lex*|flex*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.l' file.  You may need the \`Flex' package
+         in order for those modifications to take effect.  You can get
+         \`Flex' from any GNU archive site."
+    rm -f lex.yy.c
+    if test $# -ne 1; then
+        eval LASTARG="\${$#}"
+	case $LASTARG in
+	*.l)
+	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" lex.yy.c
+	    fi
+	  ;;
+	esac
+    fi
+    if test ! -f lex.yy.c; then
+	echo 'main() { return 0; }' >lex.yy.c
+    fi
+    ;;
+
+  help2man*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+	 you modified a dependency of a manual page.  You may need the
+	 \`Help2man' package in order for those modifications to take
+	 effect.  You can get \`Help2man' from any GNU archive site."
+
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo ".ab help2man is required to generate this page"
+	exit $?
+    fi
+    ;;
+
+  makeinfo*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.texi' or \`.texinfo' file, or any other file
+         indirectly affecting the aspect of the manual.  The spurious
+         call might also be the consequence of using a buggy \`make' (AIX,
+         DU, IRIX).  You might want to install the \`Texinfo' package or
+         the \`GNU make' package.  Grab either from any GNU archive site."
+    # The file to touch is that specified with -o ...
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -z "$file"; then
+      # ... or it is the one specified with @setfilename ...
+      infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+      file=`sed -n '
+	/^@setfilename/{
+	  s/.* \([^ ]*\) *$/\1/
+	  p
+	  q
+	}' $infile`
+      # ... or it is derived from the source name (dir/f.texi becomes f.info)
+      test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
+    fi
+    # If the file does not exist, the user really needs makeinfo;
+    # let's fail without touching anything.
+    test -f $file || exit 1
+    touch $file
+    ;;
+
+  tar*)
+    shift
+
+    # We have already tried tar in the generic part.
+    # Look for gnutar/gtar before invocation to avoid ugly error
+    # messages.
+    if (gnutar --version > /dev/null 2>&1); then
+       gnutar "$@" && exit 0
+    fi
+    if (gtar --version > /dev/null 2>&1); then
+       gtar "$@" && exit 0
+    fi
+    firstarg="$1"
+    if shift; then
+	case $firstarg in
+	*o*)
+	    firstarg=`echo "$firstarg" | sed s/o//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+	case $firstarg in
+	*h*)
+	    firstarg=`echo "$firstarg" | sed s/h//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+    fi
+
+    echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+         You may want to install GNU tar or Free paxutils, or check the
+         command line arguments."
+    exit 1
+    ;;
+
+  *)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.  Check the \`README' file,
+         it often tells you about the needed prerequisites for installing
+         this package.  You may also peek at any GNU archive site, in case
+         some other package would contain this missing \`$1' program."
+    exit 1
+    ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po
new file mode 100644
index 0000000..f25b465
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po
@@ -0,0 +1,342 @@
+callout.o: callout.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po
new file mode 100644
index 0000000..14eebbf
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po
@@ -0,0 +1,342 @@
+config.o: config.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po
new file mode 100644
index 0000000..bec4868
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po
@@ -0,0 +1,342 @@
+confread.o: confread.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po
new file mode 100644
index 0000000..2805060
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po
@@ -0,0 +1,342 @@
+ifvc.o: ifvc.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po
new file mode 100644
index 0000000..605a16f
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po
@@ -0,0 +1,342 @@
+igmp.o: igmp.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po
new file mode 100644
index 0000000..dee8930
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po
@@ -0,0 +1,342 @@
+igmpproxy.o: igmpproxy.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po
new file mode 100644
index 0000000..8e46880
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po
@@ -0,0 +1,342 @@
+kern.o: kern.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po
new file mode 100644
index 0000000..d2e5a5d
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po
@@ -0,0 +1,341 @@
+lib.o: lib.c /usr/include/stdc-predef.h igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po
new file mode 100644
index 0000000..ca312cc
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po
@@ -0,0 +1,342 @@
+mcgroup.o: mcgroup.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po
new file mode 100644
index 0000000..8c785bf
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po
@@ -0,0 +1,342 @@
+mroute-api.o: mroute-api.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po
new file mode 100644
index 0000000..56ed8c4
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po
@@ -0,0 +1,342 @@
+request.o: request.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po
new file mode 100644
index 0000000..52e1d35
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po
@@ -0,0 +1,342 @@
+rttable.o: rttable.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po
new file mode 100644
index 0000000..9dc9e92
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po
@@ -0,0 +1,342 @@
+syslog.o: syslog.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po
new file mode 100644
index 0000000..2f83ab9
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po
@@ -0,0 +1,342 @@
+udpsock.o: udpsock.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/Makefile b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/Makefile
new file mode 100644
index 0000000..3cce137
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/Makefile
@@ -0,0 +1,493 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# src/Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = x86_64-unknown-linux-gnu
+host_triplet = x86_64-unknown-linux-gnu
+sbin_PROGRAMS = igmpproxy$(EXEEXT)
+subdir = src
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = os.h
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am_igmpproxy_OBJECTS = callout.$(OBJEXT) config.$(OBJEXT) \
+	confread.$(OBJEXT) ifvc.$(OBJEXT) igmp.$(OBJEXT) \
+	igmpproxy.$(OBJEXT) kern.$(OBJEXT) lib.$(OBJEXT) \
+	mcgroup.$(OBJEXT) mroute-api.$(OBJEXT) request.$(OBJEXT) \
+	rttable.$(OBJEXT) syslog.$(OBJEXT) udpsock.$(OBJEXT)
+igmpproxy_OBJECTS = $(am_igmpproxy_OBJECTS)
+igmpproxy_LDADD = $(LDADD)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(igmpproxy_SOURCES)
+DIST_SOURCES = $(igmpproxy_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1/src
+abs_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1/src
+abs_top_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = x86_64-unknown-linux-gnu
+build_alias = 
+build_cpu = x86_64
+build_os = linux-gnu
+build_vendor = unknown
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = x86_64-unknown-linux-gnu
+host_alias = 
+host_cpu = x86_64
+host_os = linux-gnu
+host_vendor = unknown
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = ../
+top_builddir = ..
+top_srcdir = ..
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p; \
+	  then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' `; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
+igmpproxy$(EXEEXT): $(igmpproxy_OBJECTS) $(igmpproxy_DEPENDENCIES) 
+	@rm -f igmpproxy$(EXEEXT)
+	$(LINK) $(igmpproxy_OBJECTS) $(igmpproxy_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+include ./$(DEPDIR)/callout.Po
+include ./$(DEPDIR)/config.Po
+include ./$(DEPDIR)/confread.Po
+include ./$(DEPDIR)/ifvc.Po
+include ./$(DEPDIR)/igmp.Po
+include ./$(DEPDIR)/igmpproxy.Po
+include ./$(DEPDIR)/kern.Po
+include ./$(DEPDIR)/lib.Po
+include ./$(DEPDIR)/mcgroup.Po
+include ./$(DEPDIR)/mroute-api.Po
+include ./$(DEPDIR)/request.Po
+include ./$(DEPDIR)/rttable.Po
+include ./$(DEPDIR)/syslog.Po
+include ./$(DEPDIR)/udpsock.Po
+
+.c.o:
+	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+#	source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(COMPILE) -c $<
+
+.c.obj:
+	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+#	source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+	for dir in "$(DESTDIR)$(sbindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-sbinPROGRAMS ctags distclean distclean-compile \
+	distclean-generic distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-sbinPROGRAMS install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-sbinPROGRAMS
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/Makefile.am b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/Makefile.am
new file mode 100644
index 0000000..fb63ff3
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/Makefile.am
@@ -0,0 +1,22 @@
+sbin_PROGRAMS = igmpproxy
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/Makefile.in b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/Makefile.in
new file mode 100644
index 0000000..ab670af
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/Makefile.in
@@ -0,0 +1,493 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+sbin_PROGRAMS = igmpproxy$(EXEEXT)
+subdir = src
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = os.h
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am_igmpproxy_OBJECTS = callout.$(OBJEXT) config.$(OBJEXT) \
+	confread.$(OBJEXT) ifvc.$(OBJEXT) igmp.$(OBJEXT) \
+	igmpproxy.$(OBJEXT) kern.$(OBJEXT) lib.$(OBJEXT) \
+	mcgroup.$(OBJEXT) mroute-api.$(OBJEXT) request.$(OBJEXT) \
+	rttable.$(OBJEXT) syslog.$(OBJEXT) udpsock.$(OBJEXT)
+igmpproxy_OBJECTS = $(am_igmpproxy_OBJECTS)
+igmpproxy_LDADD = $(LDADD)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(igmpproxy_SOURCES)
+DIST_SOURCES = $(igmpproxy_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p; \
+	  then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' `; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
+igmpproxy$(EXEEXT): $(igmpproxy_OBJECTS) $(igmpproxy_DEPENDENCIES) 
+	@rm -f igmpproxy$(EXEEXT)
+	$(LINK) $(igmpproxy_OBJECTS) $(igmpproxy_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callout.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/config.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/confread.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ifvc.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/igmp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/igmpproxy.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kern.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mcgroup.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mroute-api.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/request.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rttable.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/syslog.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/udpsock.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+	for dir in "$(DESTDIR)$(sbindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-sbinPROGRAMS ctags distclean distclean-compile \
+	distclean-generic distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-sbinPROGRAMS install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-sbinPROGRAMS
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/callout.c b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/callout.c
new file mode 100644
index 0000000..4edfe5e
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/callout.c
@@ -0,0 +1,255 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+
+#include "igmpproxy.h"
+
+/* the code below implements a callout queue */
+static int id = 0;
+static struct timeOutQueue  *queue = 0; /* pointer to the beginning of timeout queue */
+
+struct timeOutQueue {
+    struct timeOutQueue    *next;   // Next event in queue
+    int                     id;  
+    timer_f                 func;   // function to call
+    void                    *data;  // Data for function
+    int                     time;   // Time offset for next event
+};
+
+// Method for dumping the Queue to the log.
+static void debugQueue(void);
+
+/**
+*   Initializes the callout queue
+*/
+void callout_init() {
+    queue = NULL;
+}
+
+/**
+*   Clears all scheduled timeouts...
+*/
+void free_all_callouts() {
+    struct timeOutQueue *p;
+
+    while (queue) {
+        p = queue;
+        queue = queue->next;
+        free(p);
+    }
+}
+
+
+/**
+ * elapsed_time seconds have passed; perform all the events that should
+ * happen.
+ */
+void age_callout_queue(int elapsed_time) {
+    struct timeOutQueue *ptr;
+    int i = 0;
+
+    for (ptr = queue; ptr; ptr = queue, i++) {
+        if (ptr->time > elapsed_time) {
+            ptr->time -= elapsed_time;
+            return;
+        } else {
+            elapsed_time -= ptr->time;
+            queue = queue->next;
+            my_log(LOG_DEBUG, 0, "About to call timeout %d (#%d)", ptr->id, i);
+
+            if (ptr->func)
+                ptr->func(ptr->data);
+            free(ptr);
+        }
+    }
+}
+
+/**
+ * Return in how many seconds age_callout_queue() would like to be called.
+ * Return -1 if there are no events pending.
+ */
+int timer_nextTimer() {
+    if (queue) {
+        if (queue->time < 0) {
+            my_log(LOG_WARNING, 0, "timer_nextTimer top of queue says %d", 
+                queue->time);
+            return 0;
+        }
+        return queue->time;
+    }
+    return -1;
+}
+
+/**
+ *  Inserts a timer in queue.
+ *  @param delay - Number of seconds the timeout should happen in.
+ *  @param action - The function to call on timeout.
+ *  @param data - Pointer to the function data to supply...
+ */
+int timer_setTimer(int delay, timer_f action, void *data) {
+    struct     timeOutQueue  *ptr, *node, *prev;
+    int i = 0;
+
+    /* create a node */ 
+    node = (struct timeOutQueue *)malloc(sizeof(struct timeOutQueue));
+    if (node == 0) {
+        my_log(LOG_WARNING, 0, "Malloc Failed in timer_settimer\n");
+        return -1;
+    }
+    node->func = action; 
+    node->data = data;
+    node->time = delay; 
+    node->next = 0; 
+    node->id   = ++id;
+
+    prev = ptr = queue;
+
+    /* insert node in the queue */
+
+    /* if the queue is empty, insert the node and return */
+    if (!queue) {
+        queue = node;
+    }
+    else {
+        /* chase the pointer looking for the right place */
+        while (ptr) {
+            if (delay < ptr->time) {
+                // We found the correct node
+                node->next = ptr;
+                if (ptr == queue) {
+                    queue = node;
+                }
+                else {
+                    prev->next = node;
+                }
+                ptr->time -= node->time;
+		my_log(LOG_DEBUG, 0,
+			"Created timeout %d (#%d) - delay %d secs",
+			node->id, i, node->time);
+		debugQueue();
+                return node->id;
+            } else {
+                // Continur to check nodes.
+                delay -= ptr->time; node->time = delay;
+                prev = ptr;
+                ptr = ptr->next;
+            }
+            i++;
+        }
+        prev->next = node;
+    }
+    my_log(LOG_DEBUG, 0, "Created timeout %d (#%d) - delay %d secs", 
+            node->id, i, node->time);
+    debugQueue();
+
+    return node->id;
+}
+
+/**
+*   returns the time until the timer is scheduled 
+*/
+int timer_leftTimer(int timer_id) {
+    struct timeOutQueue *ptr;
+    int left = 0;
+
+    if (!timer_id)
+        return -1;
+
+    for (ptr = queue; ptr; ptr = ptr->next) {
+        left += ptr->time;
+        if (ptr->id == timer_id) {
+            return left;
+        }
+    }
+    return -1;
+}
+
+/**
+*   clears the associated timer.  Returns 1 if succeeded. 
+*/
+int timer_clearTimer(int  timer_id) {
+    struct timeOutQueue  *ptr, *prev;
+    int i = 0;
+
+    if (!timer_id)
+        return 0;
+
+    prev = ptr = queue;
+
+    /*
+     * find the right node, delete it. the subsequent node's time
+     * gets bumped up
+     */
+
+    debugQueue();
+    while (ptr) {
+        if (ptr->id == timer_id) {
+            /* got the right node */
+
+            /* unlink it from the queue */
+            if (ptr == queue)
+                queue = queue->next;
+            else
+                prev->next = ptr->next;
+
+            /* increment next node if any */
+            if (ptr->next != 0)
+                (ptr->next)->time += ptr->time;
+
+            if (ptr->data)
+                free(ptr->data);
+            my_log(LOG_DEBUG, 0, "deleted timer %d (#%d)", ptr->id, i);
+            free(ptr);
+            debugQueue();
+            return 1;
+        }
+        prev = ptr;
+        ptr = ptr->next;
+        i++;
+    }
+    // If we get here, the timer was not deleted.
+    my_log(LOG_DEBUG, 0, "failed to delete timer %d (#%d)", timer_id, i);
+    debugQueue();
+    return 0;
+}
+
+/**
+ * debugging utility
+ */
+static void debugQueue() {
+    struct timeOutQueue  *ptr;
+
+    for (ptr = queue; ptr; ptr = ptr->next) {
+            my_log(LOG_DEBUG, 0, "(Id:%d, Time:%d) ", ptr->id, ptr->time);
+    }
+}
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/callout.o b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/callout.o
new file mode 100644
index 0000000..f7ee6ef
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/callout.o differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/config.c b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/config.c
new file mode 100644
index 0000000..5a96ce0
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/config.c
@@ -0,0 +1,361 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   config.c - Contains functions to load and parse config
+*              file, and functions to configure the daemon.              
+*/
+
+#include "igmpproxy.h"
+                                      
+// Structure to keep configuration for VIFs...    
+struct vifconfig {
+    char*               name;
+    short               state;
+    int                 ratelimit;
+    int                 threshold;
+
+    // Keep allowed nets for VIF.
+    struct SubnetList*  allowednets;
+    
+    // Next config in list...
+    struct vifconfig*   next;
+};
+                 
+// Structure to keep vif configuration
+struct vifconfig*   vifconf;
+
+// Keeps common settings...
+static struct Config commonConfig;
+
+// Prototypes...
+struct vifconfig *parsePhyintToken();
+struct SubnetList *parseSubnetAddress(char *addrstr);
+
+
+/**
+*   Initializes common config..
+*/
+void initCommonConfig() {
+    commonConfig.robustnessValue = DEFAULT_ROBUSTNESS;
+    commonConfig.queryInterval = INTERVAL_QUERY;
+    commonConfig.queryResponseInterval = INTERVAL_QUERY_RESPONSE;
+
+    // The defaults are calculated from other settings.
+    commonConfig.startupQueryInterval = (unsigned int)(INTERVAL_QUERY / 4);
+    commonConfig.startupQueryCount = DEFAULT_ROBUSTNESS;
+
+    // Default values for leave intervals...
+    commonConfig.lastMemberQueryInterval = INTERVAL_QUERY_RESPONSE;
+    commonConfig.lastMemberQueryCount    = DEFAULT_ROBUSTNESS;
+
+    // If 1, a leave message is sent upstream on leave messages from downstream.
+    commonConfig.fastUpstreamLeave = 0;
+
+}
+
+/**
+*   Returns a pointer to the common config...
+*/
+struct Config *getCommonConfig() {
+    return &commonConfig;
+}
+
+/**
+*   Loads the configuration from file, and stores the config in 
+*   respective holders...
+*/                 
+int loadConfig(char *configFile) {
+    struct vifconfig  *tmpPtr;
+    struct vifconfig  **currPtr = &vifconf;
+    char *token;
+    
+    // Initialize common config
+    initCommonConfig();
+
+    // Test config file reader...
+    if(!openConfigFile(configFile)) {
+        my_log(LOG_ERR, 0, "Unable to open configfile from %s", configFile);
+    }
+
+    // Get first token...
+    token = nextConfigToken();
+    if(token == NULL) {
+        my_log(LOG_ERR, 0, "Config file was empty.");
+    }
+
+    // Loop until all configuration is read.
+    while ( token != NULL ) {
+        // Check token...
+        if(strcmp("phyint", token)==0) {
+            // Got a phyint token... Call phyint parser
+            my_log(LOG_DEBUG, 0, "Config: Got a phyint token.");
+            tmpPtr = parsePhyintToken();
+            if(tmpPtr == NULL) {
+                // Unparsable token... Exit...
+                closeConfigFile();
+                my_log(LOG_WARNING, 0, "Unknown token '%s' in configfile", token);
+                return 0;
+            } else {
+
+                my_log(LOG_DEBUG, 0, "IF name : %s", tmpPtr->name);
+                my_log(LOG_DEBUG, 0, "Next ptr : %x", tmpPtr->next);
+                my_log(LOG_DEBUG, 0, "Ratelimit : %d", tmpPtr->ratelimit);
+                my_log(LOG_DEBUG, 0, "Threshold : %d", tmpPtr->threshold);
+                my_log(LOG_DEBUG, 0, "State : %d", tmpPtr->state);
+                my_log(LOG_DEBUG, 0, "Allowednet ptr : %x", tmpPtr->allowednets);
+
+                // Insert config, and move temppointer to next location...
+                *currPtr = tmpPtr;
+                currPtr = &tmpPtr->next;
+            }
+        } 
+        else if(strcmp("quickleave", token)==0) {
+            // Got a quickleave token....
+            my_log(LOG_DEBUG, 0, "Config: Quick leave mode enabled.");
+            commonConfig.fastUpstreamLeave = 1;
+            
+            // Read next token...
+            token = nextConfigToken();
+            continue;
+        } else {
+            // Unparsable token... Exit...
+            closeConfigFile();
+            my_log(LOG_WARNING, 0, "Unknown token '%s' in configfile", token);
+            return 0;
+        }
+        // Get token that was not recognized by phyint parser.
+        token = getCurrentConfigToken();
+    }
+
+    // Close the configfile...
+    closeConfigFile();
+
+    return 1;
+}
+
+/**
+*   Appends extra VIF configuration from config file.
+*/
+void configureVifs() {
+    unsigned Ix;
+    struct IfDesc *Dp;
+    struct vifconfig *confPtr;
+
+    // If no config is availible, just return...
+    if(vifconf == NULL) {
+        return;
+    }
+
+    // Loop through all VIFs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+
+            // Now try to find a matching config...
+            for( confPtr = vifconf; confPtr; confPtr = confPtr->next) {
+
+                // I the VIF names match...
+                if(strcmp(Dp->Name, confPtr->name)==0) {
+                    struct SubnetList *vifLast;
+
+                    my_log(LOG_DEBUG, 0, "Found config for %s", Dp->Name);
+
+
+                    // Set the VIF state 
+                    Dp->state = confPtr->state;
+                    
+                    Dp->threshold = confPtr->threshold;
+                    Dp->ratelimit = confPtr->ratelimit;
+
+                    // Go to last allowed net on VIF...
+                    for(vifLast = Dp->allowednets; vifLast->next; vifLast = vifLast->next);
+                        
+                    // Insert the configured nets...
+                    vifLast->next = confPtr->allowednets;
+
+                    break;
+                }
+            }
+        }
+    }
+}
+
+
+/**
+*   Internal function to parse phyint config
+*/
+struct vifconfig *parsePhyintToken() {
+    struct vifconfig  *tmpPtr;
+    struct SubnetList **anetPtr;
+    char *token;
+    short parseError = 0;
+
+    // First token should be the interface name....
+    token = nextConfigToken();
+
+    // Sanitycheck the name...
+    if(token == NULL) return NULL;
+    if(strlen(token) >= IF_NAMESIZE) return NULL;
+    my_log(LOG_DEBUG, 0, "Config: IF: Config for interface %s.", token);
+
+    // Allocate memory for configuration...
+    tmpPtr = (struct vifconfig*)malloc(sizeof(struct vifconfig));
+    if(tmpPtr == NULL) {
+        my_log(LOG_ERR, 0, "Out of memory.");
+    }
+
+    // Set default values...
+    tmpPtr->next = NULL;    // Important to avoid seg fault...
+    tmpPtr->ratelimit = 0;
+    tmpPtr->threshold = 1;
+    tmpPtr->state = IF_STATE_DOWNSTREAM;
+    tmpPtr->allowednets = NULL;
+
+    // Make a copy of the token to store the IF name
+    tmpPtr->name = strdup( token );
+    if(tmpPtr->name == NULL) {
+        my_log(LOG_ERR, 0, "Out of memory.");
+    }
+
+    // Set the altnet pointer to the allowednets pointer.
+    anetPtr = &tmpPtr->allowednets;
+
+    // Parse the rest of the config..
+    token = nextConfigToken();
+    while(token != NULL) {
+        if(strcmp("altnet", token)==0) {
+            // Altnet...
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got altnet token %s.",token);
+
+            *anetPtr = parseSubnetAddress(token);
+            if(*anetPtr == NULL) {
+                parseError = 1;
+                my_log(LOG_WARNING, 0, "Unable to parse subnet address.");
+                break;
+            } else {
+                anetPtr = &(*anetPtr)->next;
+            }
+        }
+        else if(strcmp("upstream", token)==0) {
+            // Upstream
+            my_log(LOG_DEBUG, 0, "Config: IF: Got upstream token.");
+            tmpPtr->state = IF_STATE_UPSTREAM;
+        }
+        else if(strcmp("downstream", token)==0) {
+            // Downstream
+            my_log(LOG_DEBUG, 0, "Config: IF: Got downstream token.");
+            tmpPtr->state = IF_STATE_DOWNSTREAM;
+        }
+        else if(strcmp("disabled", token)==0) {
+            // Disabled
+            my_log(LOG_DEBUG, 0, "Config: IF: Got disabled token.");
+            tmpPtr->state = IF_STATE_DISABLED;
+        }
+        else if(strcmp("ratelimit", token)==0) {
+            // Ratelimit
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got ratelimit token '%s'.", token);
+            tmpPtr->ratelimit = atoi( token );
+            if(tmpPtr->ratelimit < 0) {
+                my_log(LOG_WARNING, 0, "Ratelimit must be 0 or more.");
+                parseError = 1;
+                break;
+            }
+        }
+        else if(strcmp("threshold", token)==0) {
+            // Threshold
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got threshold token '%s'.", token);
+            tmpPtr->threshold = atoi( token );
+            if(tmpPtr->threshold <= 0 || tmpPtr->threshold > 255) {
+                my_log(LOG_WARNING, 0, "Threshold must be between 1 and 255.");
+                parseError = 1;
+                break;
+            }
+        }
+        else {
+            // Unknown token. Break...
+            break;
+        }
+        token = nextConfigToken();
+    }
+
+    // Clean up after a parseerror...
+    if(parseError) {
+        free(tmpPtr);
+        tmpPtr = NULL;
+    }
+
+    return tmpPtr;
+}
+
+/**
+*   Parses a subnet address string on the format
+*   a.b.c.d/n into a SubnetList entry.
+*/
+struct SubnetList *parseSubnetAddress(char *addrstr) {
+    struct SubnetList *tmpSubnet;
+    char        *tmpStr;
+    uint32_t      addr = 0x00000000;
+    uint32_t      mask = 0xFFFFFFFF;
+
+    // First get the network part of the address...
+    tmpStr = strtok(addrstr, "/");
+    addr = inet_addr(tmpStr);
+
+    tmpStr = strtok(NULL, "/");
+    if(tmpStr != NULL) {
+        int bitcnt = atoi(tmpStr);
+        if(bitcnt <= 0 || bitcnt > 32) {
+            my_log(LOG_WARNING, 0, "The bits part of the address is invalid : %d.",tmpStr);
+            return NULL;
+        }
+
+        mask <<= (32 - bitcnt);
+    }
+
+    if(addr == -1 || addr == 0) {
+        my_log(LOG_WARNING, 0, "Unable to parse address token '%s'.", addrstr);
+        return NULL;
+    }
+
+    tmpSubnet = (struct SubnetList*) malloc(sizeof(struct SubnetList));
+    tmpSubnet->subnet_addr = addr;
+    tmpSubnet->subnet_mask = ntohl(mask);
+    tmpSubnet->next = NULL;
+
+    my_log(LOG_DEBUG, 0, "Config: IF: Altnet: Parsed altnet to %s.",
+	    inetFmts(tmpSubnet->subnet_addr, tmpSubnet->subnet_mask,s1));
+
+    return tmpSubnet;
+}
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/config.o b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/config.o
new file mode 100644
index 0000000..95ddb6d
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/config.o differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/confread.c b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/confread.c
new file mode 100644
index 0000000..6e267dc
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/confread.c
@@ -0,0 +1,213 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   confread.c
+*
+*   Generic config file reader. Used to open a config file,
+*   and read the tokens from it. The parser is really simple,
+*   and does no backlogging. This means that no form of
+*   text escaping and qouting is currently supported.
+*   '#' chars are read as comments, and the comment lasts until 
+*   a newline or EOF
+*
+*/
+
+#include "igmpproxy.h"
+
+#define     READ_BUFFER_SIZE    512   // Inputbuffer size...
+        
+#ifndef MAX_TOKEN_LENGTH
+  #define MAX_TOKEN_LENGTH  30     // Default max token length
+#endif
+                                     
+FILE            *confFilePtr;       // File handle pointer
+char            *iBuffer;           // Inputbuffer for reading...
+unsigned int    bufPtr;             // Buffer position pointer.
+unsigned int    readSize;           // Number of bytes in buffer after last read...
+char    cToken[MAX_TOKEN_LENGTH];   // Token buffer...
+short   validToken;
+
+/**
+*   Opens config file specified by filename.
+*/    
+int openConfigFile(char *filename) {
+
+    // Set the buffer to null initially...
+    iBuffer = NULL;
+
+    // Open the file for reading...
+    confFilePtr = fopen(filename, "r");
+    
+    // On error, return false
+    if(confFilePtr == NULL) {
+        return 0;
+    }
+    
+    // Allocate memory for inputbuffer...
+    iBuffer = (char*) malloc( sizeof(char) * READ_BUFFER_SIZE );
+    
+    if(iBuffer == NULL) {
+        closeConfigFile();
+        return 0;
+    }
+    
+    // Reset bufferpointer and readsize
+    bufPtr = 0;
+    readSize = 0;
+
+    return 1;
+}
+
+/**
+*   Closes the currently open config file.
+*/
+void closeConfigFile() {
+    // Close the file.
+    if(confFilePtr!=NULL) {
+        fclose(confFilePtr);
+    }
+    // Free input buffer memory...
+    if(iBuffer != NULL) {
+        free(iBuffer);
+    }
+}
+
+/**
+*   Returns the next token from the configfile. The function
+*   return NULL if there are no more tokens in the file.    
+*/
+char *nextConfigToken() {
+
+    validToken = 0;
+
+    // If no file or buffer, return NULL
+    if(confFilePtr == NULL || iBuffer == NULL) {
+        return NULL;
+    }
+
+    {
+        unsigned int tokenPtr       = 0;
+        unsigned short finished     = 0;
+        unsigned short commentFound = 0;
+
+        // Outer buffer fill loop...
+        while ( !finished ) {
+            // If readpointer is at the end of the buffer, we should read next chunk...
+            if(bufPtr == readSize) {
+                // Fill up the buffer...
+                readSize = fread (iBuffer, sizeof(char), READ_BUFFER_SIZE, confFilePtr);
+                bufPtr = 0;
+
+                // If the readsize is 0, we should just return...
+                if(readSize == 0) {
+                    return NULL;
+                }
+            }
+
+            // Inner char loop...
+            while ( bufPtr < readSize && !finished ) {
+
+                //printf("Char %s", iBuffer[bufPtr]);
+
+                // Break loop on \0
+                if(iBuffer[bufPtr] == '\0') {
+                    break;
+                }
+
+                if( commentFound ) {
+                    if( iBuffer[bufPtr] == '\n' ) {
+                        commentFound = 0;
+                    }
+                } else {
+
+                    // Check current char...
+                    switch(iBuffer[bufPtr]) {
+                    case '#':
+                        // Found a comment start...
+                        commentFound = 1;
+                        break;
+
+                    case '\n':
+                    case '\r':
+                    case '\t':
+                    case ' ':
+                        // Newline, CR, Tab and space are end of token, or ignored.
+                        if(tokenPtr > 0) {
+                            cToken[tokenPtr] = '\0';    // EOL
+                            finished = 1;
+                        }
+                        break;
+
+                    default:
+                        // Append char to token...
+                        cToken[tokenPtr++] = iBuffer[bufPtr];
+                        break;
+                    }
+                
+                }
+
+                // Check end of token buffer !!!
+                if(tokenPtr == MAX_TOKEN_LENGTH - 1) {
+                    // Prevent buffer overrun...
+                    cToken[tokenPtr] = '\0';
+                    finished = 1;
+                }
+
+                // Next char...
+                bufPtr++;
+            }
+            // If the readsize is less than buffersize, we assume EOF.
+            if(readSize < READ_BUFFER_SIZE && bufPtr == readSize) {
+                if (tokenPtr > 0)
+                    finished = 1;
+                else
+                    return NULL;
+            }
+        }
+        if(tokenPtr>0) {
+            validToken = 1;
+            return cToken;
+        }
+    }
+    return NULL;
+}
+
+
+/**
+*   Returns the currently active token, or null
+*   if no tokens are availible.
+*/
+char *getCurrentConfigToken() {
+    return validToken ? cToken : NULL;
+}
+
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/confread.o b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/confread.o
new file mode 100644
index 0000000..9c1e7bc
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/confread.o differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/ifvc.c b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/ifvc.c
new file mode 100644
index 0000000..545b3b4
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/ifvc.c
@@ -0,0 +1,255 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+struct IfDesc IfDescVc[ MAX_IF ], *IfDescEp = IfDescVc;
+
+/*
+** Builds up a vector with the interface of the machine. Calls to the other functions of 
+** the module will fail if they are called before the vector is build.
+**          
+*/
+void buildIfVc() {
+    struct ifreq IfVc[ sizeof( IfDescVc ) / sizeof( IfDescVc[ 0 ] )  ];
+    struct ifreq *IfEp;
+
+    int Sock;
+
+    if ( (Sock = socket( AF_INET, SOCK_DGRAM, 0 )) < 0 )
+        my_log( LOG_ERR, errno, "RAW socket open" );
+
+    /* get If vector
+     */
+    {
+        struct ifconf IoCtlReq;
+
+        IoCtlReq.ifc_buf = (void *)IfVc;
+        IoCtlReq.ifc_len = sizeof( IfVc );
+
+        if ( ioctl( Sock, SIOCGIFCONF, &IoCtlReq ) < 0 )
+            my_log( LOG_ERR, errno, "ioctl SIOCGIFCONF" );
+
+        IfEp = (void *)((char *)IfVc + IoCtlReq.ifc_len);
+    }
+
+    /* loop over interfaces and copy interface info to IfDescVc
+     */
+    {
+        struct ifreq  *IfPt, *IfNext;
+
+        // Temp keepers of interface params...
+        uint32_t addr, subnet, mask;
+
+        for ( IfPt = IfVc; IfPt < IfEp; IfPt = IfNext ) {
+            struct ifreq IfReq;
+            char FmtBu[ 32 ];
+
+	    IfNext = (struct ifreq *)((char *)&IfPt->ifr_addr +
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+				    IfPt->ifr_addr.sa_len
+#else
+				    sizeof(struct sockaddr_in)
+#endif
+		    );
+	    if (IfNext < IfPt + 1)
+		    IfNext = IfPt + 1;
+
+            strncpy( IfDescEp->Name, IfPt->ifr_name, sizeof( IfDescEp->Name ) );
+
+            // Currently don't set any allowed nets...
+            //IfDescEp->allowednets = NULL;
+
+            // Set the index to -1 by default.
+            IfDescEp->index = -1;
+
+            /* don't retrieve more info for non-IP interfaces
+             */
+            if ( IfPt->ifr_addr.sa_family != AF_INET ) {
+                IfDescEp->InAdr.s_addr = 0;  /* mark as non-IP interface */
+                IfDescEp++;
+                continue;
+            }
+
+            // Get the interface adress...
+            IfDescEp->InAdr = ((struct sockaddr_in *)&IfPt->ifr_addr)->sin_addr;
+            addr = IfDescEp->InAdr.s_addr;
+
+            memcpy( IfReq.ifr_name, IfDescEp->Name, sizeof( IfReq.ifr_name ) );
+            IfReq.ifr_addr.sa_family = AF_INET;
+            ((struct sockaddr_in *)&IfReq.ifr_addr)->sin_addr.s_addr = addr;
+
+            // Get the subnet mask...
+            if (ioctl(Sock, SIOCGIFNETMASK, &IfReq ) < 0)
+                my_log(LOG_ERR, errno, "ioctl SIOCGIFNETMASK for %s", IfReq.ifr_name);
+            mask = ((struct sockaddr_in *)&IfReq.ifr_addr)->sin_addr.s_addr;
+            subnet = addr & mask;
+
+            /* get if flags
+            **
+            ** typical flags:
+            ** lo    0x0049 -> Running, Loopback, Up
+            ** ethx  0x1043 -> Multicast, Running, Broadcast, Up
+            ** ipppx 0x0091 -> NoArp, PointToPoint, Up 
+            ** grex  0x00C1 -> NoArp, Running, Up
+            ** ipipx 0x00C1 -> NoArp, Running, Up
+            */
+            if ( ioctl( Sock, SIOCGIFFLAGS, &IfReq ) < 0 )
+                my_log( LOG_ERR, errno, "ioctl SIOCGIFFLAGS" );
+
+            IfDescEp->Flags = IfReq.ifr_flags;
+
+            // Insert the verified subnet as an allowed net...
+            IfDescEp->allowednets = (struct SubnetList *)malloc(sizeof(struct SubnetList));
+            if(IfDescEp->allowednets == NULL) my_log(LOG_ERR, 0, "Out of memory !");
+            
+            // Create the network address for the IF..
+            IfDescEp->allowednets->next = NULL;
+            IfDescEp->allowednets->subnet_mask = mask;
+            IfDescEp->allowednets->subnet_addr = subnet;
+
+            // Set the default params for the IF...
+            IfDescEp->state         = IF_STATE_DOWNSTREAM;
+            IfDescEp->robustness    = DEFAULT_ROBUSTNESS;
+            IfDescEp->threshold     = DEFAULT_THRESHOLD;   /* ttl limit */
+            IfDescEp->ratelimit     = DEFAULT_RATELIMIT; 
+            
+
+            // Debug log the result...
+            my_log( LOG_DEBUG, 0, "buildIfVc: Interface %s Addr: %s, Flags: 0x%04x, Network: %s",
+                 IfDescEp->Name,
+                 fmtInAdr( FmtBu, IfDescEp->InAdr ),
+                 IfDescEp->Flags,
+                 inetFmts(subnet,mask, s1));
+
+            IfDescEp++;
+        } 
+    }
+
+    close( Sock );
+}
+
+/*
+** Returns a pointer to the IfDesc of the interface 'IfName'
+**
+** returns: - pointer to the IfDesc of the requested interface
+**          - NULL if no interface 'IfName' exists
+**          
+*/
+struct IfDesc *getIfByName( const char *IfName ) {
+    struct IfDesc *Dp;
+
+    for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ )
+        if ( ! strcmp( IfName, Dp->Name ) )
+            return Dp;
+
+    return NULL;
+}
+
+/*
+** Returns a pointer to the IfDesc of the interface 'Ix'
+**
+** returns: - pointer to the IfDesc of the requested interface
+**          - NULL if no interface 'Ix' exists
+**          
+*/
+struct IfDesc *getIfByIx( unsigned Ix ) {
+    struct IfDesc *Dp = &IfDescVc[ Ix ];
+    return Dp < IfDescEp ? Dp : NULL;
+}
+
+/**
+*   Returns a pointer to the IfDesc whose subnet matches
+*   the supplied IP adress. The IP must match a interfaces
+*   subnet, or any configured allowed subnet on a interface.
+*/
+struct IfDesc *getIfByAddress( uint32_t ipaddr ) {
+
+    struct IfDesc       *Dp;
+    struct SubnetList   *currsubnet;
+    struct IfDesc       *res = NULL;
+    uint32_t            last_subnet_mask = 0;
+
+    for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ ) {
+        // Loop through all registered allowed nets of the VIF...
+        for(currsubnet = Dp->allowednets; currsubnet != NULL; currsubnet = currsubnet->next) {
+            // Check if the ip falls in under the subnet....
+            if(currsubnet->subnet_mask > last_subnet_mask && (ipaddr & currsubnet->subnet_mask) == currsubnet->subnet_addr) {
+                res = Dp;
+                last_subnet_mask = currsubnet->subnet_mask;
+            }
+        }
+    }
+    return res;
+}
+
+
+/**
+*   Returns a pointer to the IfDesc whose subnet matches
+*   the supplied IP adress. The IP must match a interfaces
+*   subnet, or any configured allowed subnet on a interface.
+*/
+struct IfDesc *getIfByVifIndex( unsigned vifindex ) {
+    struct IfDesc       *Dp;
+    if(vifindex>0) {
+        for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ ) {
+            if(Dp->index == vifindex) {
+                return Dp;
+            }
+        }
+    }
+    return NULL;
+}
+
+
+/**
+*   Function that checks if a given ipaddress is a valid
+*   address for the supplied VIF.
+*/
+int isAdressValidForIf( struct IfDesc* intrface, uint32_t ipaddr ) {
+    struct SubnetList   *currsubnet;
+    
+    if(intrface == NULL) {
+        return 0;
+    }
+    // Loop through all registered allowed nets of the VIF...
+    for(currsubnet = intrface->allowednets; currsubnet != NULL; currsubnet = currsubnet->next) {
+        // Check if the ip falls in under the subnet....
+        if((ipaddr & currsubnet->subnet_mask) == currsubnet->subnet_addr) {
+            return 1;
+        }
+    }
+    return 0;
+}
+
+
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/ifvc.o b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/ifvc.o
new file mode 100644
index 0000000..94969db
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/ifvc.o differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmp.c b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmp.c
new file mode 100644
index 0000000..a0cd27d
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmp.c
@@ -0,0 +1,281 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmp.h - Recieves IGMP requests, and handle them 
+*            appropriately...
+*/
+
+#include "igmpproxy.h"
+ 
+// Globals                  
+uint32_t     allhosts_group;          /* All hosts addr in net order */
+uint32_t     allrouters_group;          /* All hosts addr in net order */
+              
+extern int MRouterFD;
+
+/*
+ * Open and initialize the igmp socket, and fill in the non-changing
+ * IP header fields in the output packet buffer.
+ */
+void initIgmp() {
+    struct ip *ip;
+
+    recv_buf = malloc(RECV_BUF_SIZE);
+    send_buf = malloc(RECV_BUF_SIZE);
+
+    k_hdr_include(true);    /* include IP header when sending */
+    k_set_rcvbuf(256*1024,48*1024); /* lots of input buffering        */
+    k_set_ttl(1);       /* restrict multicasts to one hop */
+    k_set_loop(false);      /* disable multicast loopback     */
+
+    ip         = (struct ip *)send_buf;
+    memset(ip, 0, sizeof(struct ip));
+    /*
+     * Fields zeroed that aren't filled in later:
+     * - IP ID (let the kernel fill it in)
+     * - Offset (we don't send fragments)
+     * - Checksum (let the kernel fill it in)
+     */
+    ip->ip_v   = IPVERSION;
+    ip->ip_hl  = sizeof(struct ip) >> 2;
+    ip->ip_tos = 0xc0;      /* Internet Control */
+    ip->ip_ttl = MAXTTL;    /* applies to unicasts only */
+    ip->ip_p   = IPPROTO_IGMP;
+
+    allhosts_group   = htonl(INADDR_ALLHOSTS_GROUP);
+    allrouters_group = htonl(INADDR_ALLRTRS_GROUP);
+}
+
+/**
+*   Finds the textual name of the supplied IGMP request.
+*/
+char *igmpPacketKind(u_int type, u_int code) {
+    static char unknown[20];
+
+    switch (type) {
+    case IGMP_MEMBERSHIP_QUERY:     return  "Membership query  ";
+    case IGMP_V1_MEMBERSHIP_REPORT:  return "V1 member report  ";
+    case IGMP_V2_MEMBERSHIP_REPORT:  return "V2 member report  ";
+    case IGMP_V2_LEAVE_GROUP:        return "Leave message     ";
+    
+    default:
+        sprintf(unknown, "unk: 0x%02x/0x%02x    ", type, code);
+        return unknown;
+    }
+}
+
+
+/**
+ * Process a newly received IGMP packet that is sitting in the input
+ * packet buffer.
+ */
+void acceptIgmp(int recvlen) {
+    register uint32_t src, dst, group;
+    struct ip *ip;
+    struct igmp *igmp;
+    int ipdatalen, iphdrlen, igmpdatalen;
+
+    if (recvlen < sizeof(struct ip)) {
+        my_log(LOG_WARNING, 0,
+            "received packet too short (%u bytes) for IP header", recvlen);
+        return;
+    }
+
+    ip        = (struct ip *)recv_buf;
+    src       = ip->ip_src.s_addr;
+    dst       = ip->ip_dst.s_addr;
+
+    /* 
+     * this is most likely a message from the kernel indicating that
+     * a new src grp pair message has arrived and so, it would be 
+     * necessary to install a route into the kernel for this.
+     */
+    if (ip->ip_p == 0) {
+        if (src == 0 || dst == 0) {
+            my_log(LOG_WARNING, 0, "kernel request not accurate");
+        }
+        else {
+            struct IfDesc *checkVIF;
+            
+            // Check if the source address matches a valid address on upstream vif.
+            checkVIF = getIfByIx( upStreamVif );
+            if(checkVIF == 0) {
+                my_log(LOG_ERR, 0, "Upstream VIF was null.");
+                return;
+            } 
+            else if(src == checkVIF->InAdr.s_addr) {
+                my_log(LOG_NOTICE, 0, "Route activation request from %s for %s is from myself. Ignoring.",
+                    inetFmt(src, s1), inetFmt(dst, s2));
+                return;
+            }
+            else if(!isAdressValidForIf(checkVIF, src)) {
+                my_log(LOG_WARNING, 0, "The source address %s for group %s, is not in any valid net for upstream VIF.",
+                    inetFmt(src, s1), inetFmt(dst, s2));
+                return;
+            }
+            
+            // Activate the route.
+            my_log(LOG_DEBUG, 0, "Route activate request from %s to %s",
+		    inetFmt(src,s1), inetFmt(dst,s2));
+            activateRoute(dst, src);
+            
+
+        }
+        return;
+    }
+
+    iphdrlen  = ip->ip_hl << 2;
+    ipdatalen = ip_data_len(ip);
+
+    if (iphdrlen + ipdatalen != recvlen) {
+        my_log(LOG_WARNING, 0,
+            "received packet from %s shorter (%u bytes) than hdr+data length (%u+%u)",
+            inetFmt(src, s1), recvlen, iphdrlen, ipdatalen);
+        return;
+    }
+
+    igmp        = (struct igmp *)(recv_buf + iphdrlen);
+    group       = igmp->igmp_group.s_addr;
+    igmpdatalen = ipdatalen - IGMP_MINLEN;
+    if (igmpdatalen < 0) {
+        my_log(LOG_WARNING, 0,
+            "received IP data field too short (%u bytes) for IGMP, from %s",
+            ipdatalen, inetFmt(src, s1));
+        return;
+    }
+
+    my_log(LOG_NOTICE, 0, "RECV %s from %-15s to %s",
+        igmpPacketKind(igmp->igmp_type, igmp->igmp_code),
+        inetFmt(src, s1), inetFmt(dst, s2) );
+
+    switch (igmp->igmp_type) {
+    case IGMP_V1_MEMBERSHIP_REPORT:
+    case IGMP_V2_MEMBERSHIP_REPORT:
+        acceptGroupReport(src, group, igmp->igmp_type);
+        return;
+    
+    case IGMP_V2_LEAVE_GROUP:
+        acceptLeaveMessage(src, group);
+        return;
+    
+    case IGMP_MEMBERSHIP_QUERY:
+        return;
+
+    default:
+        my_log(LOG_INFO, 0,
+            "ignoring unknown IGMP message type %x from %s to %s",
+            igmp->igmp_type, inetFmt(src, s1),
+            inetFmt(dst, s2));
+        return;
+    }
+}
+
+
+/*
+ * Construct an IGMP message in the output packet buffer.  The caller may
+ * have already placed data in that buffer, of length 'datalen'.
+ */
+void buildIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, int datalen) {
+    struct ip *ip;
+    struct igmp *igmp;
+    extern int curttl;
+
+    ip                      = (struct ip *)send_buf;
+    ip->ip_src.s_addr       = src;
+    ip->ip_dst.s_addr       = dst;
+    ip_set_len(ip, MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen);
+
+    if (IN_MULTICAST(ntohl(dst))) {
+        ip->ip_ttl = curttl;
+    } else {
+        ip->ip_ttl = MAXTTL;
+    }
+
+    igmp                    = (struct igmp *)(send_buf + MIN_IP_HEADER_LEN);
+    igmp->igmp_type         = type;
+    igmp->igmp_code         = code;
+    igmp->igmp_group.s_addr = group;
+    igmp->igmp_cksum        = 0;
+    igmp->igmp_cksum        = inetChksum((u_short *)igmp,
+                                         IGMP_MINLEN + datalen);
+}
+
+/* 
+ * Call build_igmp() to build an IGMP message in the output packet buffer.
+ * Then send the message from the interface with IP address 'src' to
+ * destination 'dst'.
+ */
+void sendIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, int datalen) {
+    struct sockaddr_in sdst;
+    int setloop = 0, setigmpsource = 0;
+
+    buildIgmp(src, dst, type, code, group, datalen);
+
+    if (IN_MULTICAST(ntohl(dst))) {
+        k_set_if(src);
+        setigmpsource = 1;
+        if (type != IGMP_DVMRP || dst == allhosts_group) {
+            setloop = 1;
+            k_set_loop(true);
+        }
+    }
+
+    memset(&sdst, 0, sizeof(sdst));
+    sdst.sin_family = AF_INET;
+#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
+    sdst.sin_len = sizeof(sdst);
+#endif
+    sdst.sin_addr.s_addr = dst;
+    if (sendto(MRouterFD, send_buf,
+               MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen, 0,
+               (struct sockaddr *)&sdst, sizeof(sdst)) < 0) {
+        if (errno == ENETDOWN)
+            my_log(LOG_ERR, errno, "Sender VIF was down.");
+        else
+            my_log(LOG_INFO, errno,
+                "sendto to %s on %s",
+                inetFmt(dst, s1), inetFmt(src, s2));
+    }
+
+    if(setigmpsource) {
+        if (setloop) {
+            k_set_loop(false);
+        }
+        // Restore original...
+        k_set_if(INADDR_ANY);
+    }
+
+    my_log(LOG_DEBUG, 0, "SENT %s from %-15s to %s",
+	    igmpPacketKind(type, code), src == INADDR_ANY ? "INADDR_ANY" :
+	    inetFmt(src, s1), inetFmt(dst, s2));
+}
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmp.o b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmp.o
new file mode 100644
index 0000000..f5ab4d9
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmp.o differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy
new file mode 100755
index 0000000..33d002d
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c
new file mode 100644
index 0000000..1ece15a
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c
@@ -0,0 +1,357 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmpproxy.c - The main file for the IGMP proxy application.
+*
+*   February 2005 - Johnny Egeland
+*/
+
+#include "igmpproxy.h"
+
+static const char Usage[] = 
+"Usage: igmpproxy [-h] [-d] [-v [-v]] <configfile>\n"
+"\n" 
+"   -h   Display this help screen\n"
+"   -d   Run in debug mode. Output all messages on stderr\n"
+"   -v   Be verbose. Give twice to see even debug messages.\n"
+"\n"
+PACKAGE_STRING "\n"
+;
+
+// Local function Prototypes
+static void signalHandler(int);
+int     igmpProxyInit();
+void    igmpProxyCleanUp();
+void    igmpProxyRun();
+
+// Global vars...
+static int sighandled = 0;
+#define	GOT_SIGINT	0x01
+#define	GOT_SIGHUP	0x02
+#define	GOT_SIGUSR1	0x04
+#define	GOT_SIGUSR2	0x08
+
+// The upstream VIF index
+int         upStreamVif;   
+
+/**
+*   Program main method. Is invoked when the program is started
+*   on commandline. The number of commandline arguments, and a
+*   pointer to the arguments are recieved on the line...
+*/    
+int main( int ArgCn, char *ArgVc[] ) {
+
+    // Parse the commandline options and setup basic settings..
+    for (int c; (c = getopt(ArgCn, ArgVc, "vdh")) != -1;) {
+        switch (c) {
+        case 'd':
+            Log2Stderr = true;
+            break;
+        case 'v':
+            if (LogLevel == LOG_INFO)
+                LogLevel = LOG_DEBUG;
+            else
+                LogLevel = LOG_INFO;
+            break;
+        case 'h':
+            fputs(Usage, stderr);
+            exit(0);
+            break;
+        default:
+            exit(1);
+            break;
+        }
+    }
+
+    if (optind != ArgCn - 1) {
+	fputs("You must specify the configuration file.\n", stderr);
+	exit(1);
+    }
+    char *configFilePath = ArgVc[optind];
+
+    // Chech that we are root
+    if (geteuid() != 0) {
+       fprintf(stderr, "igmpproxy: must be root\n");
+       exit(1);
+    }
+
+    openlog("igmpproxy", LOG_PID, LOG_USER);
+
+    // Write debug notice with file path...
+    my_log(LOG_DEBUG, 0, "Searching for config file at '%s'" , configFilePath);
+
+    do {
+
+        // Loads the config file...
+        if( ! loadConfig( configFilePath ) ) {
+            my_log(LOG_ERR, 0, "Unable to load config file...");
+            break;
+        }
+    
+        // Initializes the deamon.
+        if ( !igmpProxyInit() ) {
+            my_log(LOG_ERR, 0, "Unable to initialize IGMPproxy.");
+            break;
+        }
+
+        // Go to the main loop.
+        igmpProxyRun();
+    
+        // Clean up
+        igmpProxyCleanUp();
+
+    } while ( false );
+
+    // Inform that we are exiting.
+    my_log(LOG_INFO, 0, "Shutdown complete....");
+
+    exit(0);
+}
+
+
+
+/**
+*   Handles the initial startup of the daemon.
+*/
+int igmpProxyInit() {
+    struct sigaction sa;
+    int Err;
+
+
+    sa.sa_handler = signalHandler;
+    sa.sa_flags = 0;    /* Interrupt system calls */
+    sigemptyset(&sa.sa_mask);
+    sigaction(SIGTERM, &sa, NULL);
+    sigaction(SIGINT, &sa, NULL);
+
+    // Loads configuration for Physical interfaces...
+    buildIfVc();    
+    
+    // Configures IF states and settings
+    configureVifs();
+
+    switch ( Err = enableMRouter() ) {
+    case 0: break;
+    case EADDRINUSE: my_log( LOG_ERR, EADDRINUSE, "MC-Router API already in use" ); break;
+    default: my_log( LOG_ERR, Err, "MRT_INIT failed" );
+    }
+
+    /* create VIFs for all IP, non-loop interfaces
+     */
+    {
+        unsigned Ix;
+        struct IfDesc *Dp;
+        int     vifcount = 0;
+        upStreamVif = -1;
+
+        for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+
+            if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+                if(Dp->state == IF_STATE_UPSTREAM) {
+                    if(upStreamVif == -1) {
+                        upStreamVif = Ix;
+                    } else {
+                        my_log(LOG_ERR, 0, "Vif #%d was already upstream. Cannot set VIF #%d as upstream as well.",
+                            upStreamVif, Ix);
+                    }
+                }
+
+                addVIF( Dp );
+                vifcount++;
+            }
+        }
+
+        // If there is only one VIF, or no defined upstream VIF, we send an error.
+        if(vifcount < 2 || upStreamVif < 0) {
+            my_log(LOG_ERR, 0, "There must be at least 2 Vif's where one is upstream.");
+        }
+    }  
+    
+    // Initialize IGMP
+    initIgmp();
+    // Initialize Routing table
+    initRouteTable();
+    // Initialize timer
+    callout_init();
+
+
+    return 1;
+}
+
+/**
+*   Clean up all on exit...
+*/
+void igmpProxyCleanUp() {
+
+    my_log( LOG_DEBUG, 0, "clean handler called" );
+    
+    free_all_callouts();    // No more timeouts.
+    clearAllRoutes();       // Remove all routes.
+    disableMRouter();       // Disable the multirout API
+
+}
+
+/**
+*   Main daemon loop.
+*/
+void igmpProxyRun() {
+    // Get the config.
+    //struct Config *config = getCommonConfig();
+    // Set some needed values.
+    register int recvlen;
+    int     MaxFD, Rt, secs;
+    fd_set  ReadFDS;
+    socklen_t dummy = 0;
+    struct  timeval  curtime, lasttime, difftime, tv; 
+    // The timeout is a pointer in order to set it to NULL if nessecary.
+    struct  timeval  *timeout = &tv;
+
+    // Initialize timer vars
+    difftime.tv_usec = 0;
+    gettimeofday(&curtime, NULL);
+    lasttime = curtime;
+
+    // First thing we send a membership query in downstream VIF's...
+    sendGeneralMembershipQuery();
+
+    // Loop until the end...
+    for (;;) {
+
+        // Process signaling...
+        if (sighandled) {
+            if (sighandled & GOT_SIGINT) {
+                sighandled &= ~GOT_SIGINT;
+                my_log(LOG_NOTICE, 0, "Got a interupt signal. Exiting.");
+                break;
+            }
+        }
+
+        // Prepare timeout...
+        secs = timer_nextTimer();
+        if(secs == -1) {
+            timeout = NULL;
+        } else {
+            timeout->tv_usec = 0;
+            timeout->tv_sec = secs;
+        }
+
+        // Prepare for select.
+        MaxFD = MRouterFD;
+
+        FD_ZERO( &ReadFDS );
+        FD_SET( MRouterFD, &ReadFDS );
+
+        // wait for input
+        Rt = select( MaxFD +1, &ReadFDS, NULL, NULL, timeout );
+
+        // log and ignore failures
+        if( Rt < 0 ) {
+            my_log( LOG_WARNING, errno, "select() failure" );
+            continue;
+        }
+        else if( Rt > 0 ) {
+
+            // Read IGMP request, and handle it...
+            if( FD_ISSET( MRouterFD, &ReadFDS ) ) {
+    
+                recvlen = recvfrom(MRouterFD, recv_buf, RECV_BUF_SIZE,
+                                   0, NULL, &dummy);
+                if (recvlen < 0) {
+                    if (errno != EINTR) my_log(LOG_ERR, errno, "recvfrom");
+                    continue;
+                }
+                
+
+                acceptIgmp(recvlen);
+            }
+        }
+
+        // At this point, we can handle timeouts...
+        do {
+            /*
+             * If the select timed out, then there's no other
+             * activity to account for and we don't need to
+             * call gettimeofday.
+             */
+            if (Rt == 0) {
+                curtime.tv_sec = lasttime.tv_sec + secs;
+                curtime.tv_usec = lasttime.tv_usec;
+                Rt = -1; /* don't do this next time through the loop */
+            } else {
+                gettimeofday(&curtime, NULL);
+            }
+            difftime.tv_sec = curtime.tv_sec - lasttime.tv_sec;
+            difftime.tv_usec += curtime.tv_usec - lasttime.tv_usec;
+            while (difftime.tv_usec > 1000000) {
+                difftime.tv_sec++;
+                difftime.tv_usec -= 1000000;
+            }
+            if (difftime.tv_usec < 0) {
+                difftime.tv_sec--;
+                difftime.tv_usec += 1000000;
+            }
+            lasttime = curtime;
+            if (secs == 0 || difftime.tv_sec > 0)
+                age_callout_queue(difftime.tv_sec);
+            secs = -1;
+        } while (difftime.tv_sec > 0);
+
+    }
+
+}
+
+/*
+ * Signal handler.  Take note of the fact that the signal arrived
+ * so that the main loop can take care of it.
+ */
+static void signalHandler(int sig) {
+    switch (sig) {
+    case SIGINT:
+    case SIGTERM:
+        sighandled |= GOT_SIGINT;
+        break;
+        /* XXX: Not in use.
+        case SIGHUP:
+            sighandled |= GOT_SIGHUP;
+            break;
+    
+        case SIGUSR1:
+            sighandled |= GOT_SIGUSR1;
+            break;
+    
+        case SIGUSR2:
+            sighandled |= GOT_SIGUSR2;
+            break;
+        */
+    }
+}
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h
new file mode 100644
index 0000000..4dabd1c
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h
@@ -0,0 +1,279 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmpproxy.h - Header file for common includes.
+*/
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <signal.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <stdbool.h>
+
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/time.h>
+#include <sys/ioctl.h>
+#include <sys/param.h>
+
+#include <net/if.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include "os.h"
+#include "config.h"
+
+/*
+ * Limit on length of route data
+ */
+#define MAX_IP_PACKET_LEN	576
+#define MIN_IP_HEADER_LEN	20
+#define MAX_IP_HEADER_LEN	60
+
+#define MAX_MC_VIFS    32     // !!! check this const in the specific includes
+
+// Useful macros..          
+#define VCMC( Vc )  (sizeof( Vc ) / sizeof( (Vc)[ 0 ] ))
+#define VCEP( Vc )  (&(Vc)[ VCMC( Vc ) ])
+
+// Bit manipulation macros...
+#define BIT_ZERO(X)      ((X) = 0)
+#define BIT_SET(X,n)     ((X) |= 1 << (n))
+#define BIT_CLR(X,n)     ((X) &= ~(1 << (n)))
+#define BIT_TST(X,n)     ((X) & 1 << (n))
+
+
+//#################################################################################
+//  Globals
+//#################################################################################
+
+/*
+ * External declarations for global variables and functions.
+ */
+#define RECV_BUF_SIZE 8192
+extern char     *recv_buf;
+extern char     *send_buf;
+
+extern char     s1[];
+extern char     s2[];
+extern char		s3[];
+extern char		s4[];
+
+
+
+//#################################################################################
+//  Lib function prototypes.
+//#################################################################################
+
+/* syslog.c
+ */
+extern bool Log2Stderr;           // Log to stderr instead of to syslog
+extern int  LogLevel;             // Log threshold, LOG_WARNING .... LOG_DEBUG 
+
+void my_log( int Serverity, int Errno, const char *FmtSt, ... );
+
+/* ifvc.c
+ */
+#define MAX_IF         40     // max. number of interfaces recognized 
+
+// Interface states
+#define IF_STATE_DISABLED      0   // Interface should be ignored.
+#define IF_STATE_UPSTREAM      1   // Interface is the upstream interface
+#define IF_STATE_DOWNSTREAM    2   // Interface is a downstream interface
+
+// Multicast default values...
+#define DEFAULT_ROBUSTNESS     2
+#define DEFAULT_THRESHOLD      1
+#define DEFAULT_RATELIMIT      0
+
+// Define timer constants (in seconds...)
+#define INTERVAL_QUERY          125
+#define INTERVAL_QUERY_RESPONSE  10
+//#define INTERVAL_QUERY_RESPONSE  10
+
+#define ROUTESTATE_NOTJOINED            0   // The group corresponding to route is not joined
+#define ROUTESTATE_JOINED               1   // The group corresponding to route is joined
+#define ROUTESTATE_CHECK_LAST_MEMBER    2   // The router is checking for hosts
+
+
+
+// Linked list of networks... 
+struct SubnetList {
+    uint32_t              subnet_addr;
+    uint32_t              subnet_mask;
+    struct SubnetList*  next;
+};
+
+struct IfDesc {
+    char                Name[IF_NAMESIZE];
+    struct in_addr      InAdr;          /* == 0 for non IP interfaces */            
+    short               Flags;
+    short               state;
+    struct SubnetList*  allowednets;
+    unsigned int        robustness;
+    unsigned char       threshold;   /* ttl limit */
+    unsigned int        ratelimit; 
+    unsigned int        index;
+};
+
+// Keeps common configuration settings 
+struct Config {
+    unsigned int        robustnessValue;
+    unsigned int        queryInterval;
+    unsigned int        queryResponseInterval;
+    // Used on startup..
+    unsigned int        startupQueryInterval;
+    unsigned int        startupQueryCount;
+    // Last member probe...
+    unsigned int        lastMemberQueryInterval;
+    unsigned int        lastMemberQueryCount;
+    // Set if upstream leave messages should be sent instantly..
+    unsigned short      fastUpstreamLeave;
+};
+
+// Defines the Index of the upstream VIF...
+extern int upStreamVif;
+
+/* ifvc.c
+ */
+void buildIfVc( void );
+struct IfDesc *getIfByName( const char *IfName );
+struct IfDesc *getIfByIx( unsigned Ix );
+struct IfDesc *getIfByAddress( uint32_t Ix );
+int isAdressValidForIf(struct IfDesc* intrface, uint32_t ipaddr);
+
+/* mroute-api.c
+ */
+struct MRouteDesc {
+    struct in_addr  OriginAdr, McAdr;
+    short           InVif;
+    uint8_t           TtlVc[ MAX_MC_VIFS ];
+};
+
+// IGMP socket as interface for the mrouted API
+// - receives the IGMP messages
+extern int MRouterFD;
+
+int enableMRouter( void );
+void disableMRouter( void );
+void addVIF( struct IfDesc *Dp );
+int addMRoute( struct MRouteDesc * Dp );
+int delMRoute( struct MRouteDesc * Dp );
+int getVifIx( struct IfDesc *IfDp );
+
+/* config.c
+ */
+int loadConfig(char *configFile);
+void configureVifs();
+struct Config *getCommonConfig();
+
+/* igmp.c
+*/
+extern uint32_t allhosts_group;
+extern uint32_t allrouters_group;
+void initIgmp(void);
+void acceptIgmp(int);
+void sendIgmp (uint32_t, uint32_t, int, int, uint32_t,int);
+
+/* lib.c
+ */
+char   *fmtInAdr( char *St, struct in_addr InAdr );
+char   *inetFmt(uint32_t addr, char *s);
+char   *inetFmts(uint32_t addr, uint32_t mask, char *s);
+uint16_t inetChksum(uint16_t *addr, int len);
+
+/* kern.c
+ */
+void k_set_rcvbuf(int bufsize, int minsize);
+void k_hdr_include(int hdrincl);
+void k_set_ttl(int t);
+void k_set_loop(int l);
+void k_set_if(uint32_t ifa);
+/*
+void k_join(uint32_t grp, uint32_t ifa);
+void k_leave(uint32_t grp, uint32_t ifa);
+*/
+
+/* udpsock.c
+ */
+int openUdpSocket( uint32_t PeerInAdr, uint16_t PeerPort );
+
+/* mcgroup.c
+ */
+int joinMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr );
+int leaveMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr );
+
+
+/* rttable.c
+ */
+void initRouteTable();
+void clearAllRoutes();
+int insertRoute(uint32_t group, int ifx);
+int activateRoute(uint32_t group, uint32_t originAddr);
+void ageActiveRoutes();
+void setRouteLastMemberMode(uint32_t group);
+int lastMemberGroupAge(uint32_t group);
+
+/* request.c
+ */
+void acceptGroupReport(uint32_t src, uint32_t group, uint8_t type);
+void acceptLeaveMessage(uint32_t src, uint32_t group);
+void sendGeneralMembershipQuery();
+
+/* callout.c 
+*/
+typedef void (*timer_f)(void *);
+
+void callout_init();
+void free_all_callouts();
+void age_callout_queue(int);
+int timer_nextTimer();
+int timer_setTimer(int, timer_f, void *);
+int timer_clearTimer(int);
+int timer_leftTimer(int);
+
+/* confread.c
+ */
+#define MAX_TOKEN_LENGTH    30
+
+int openConfigFile(char *filename);
+void closeConfigFile();
+char* nextConfigToken();
+char* getCurrentConfigToken();
+
+
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o
new file mode 100644
index 0000000..d232582
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/kern.c b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/kern.c
new file mode 100644
index 0000000..2055636
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/kern.c
@@ -0,0 +1,140 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+
+#include "igmpproxy.h"
+
+int curttl = 0;
+
+void k_set_rcvbuf(int bufsize, int minsize) {
+    int delta = bufsize / 2;
+    int iter = 0;
+
+    /*
+     * Set the socket buffer.  If we can't set it as large as we
+     * want, search around to try to find the highest acceptable
+     * value.  The highest acceptable value being smaller than
+     * minsize is a fatal error.
+     */
+    if (setsockopt(MRouterFD, SOL_SOCKET, SO_RCVBUF,
+                   (char *)&bufsize, sizeof(bufsize)) < 0) {
+        bufsize -= delta;
+        while (1) {
+            iter++;
+            if (delta > 1)
+                delta /= 2;
+
+            if (setsockopt(MRouterFD, SOL_SOCKET, SO_RCVBUF,
+                           (char *)&bufsize, sizeof(bufsize)) < 0) {
+                bufsize -= delta;
+            } else {
+                if (delta < 1024)
+                    break;
+                bufsize += delta;
+            }
+        }
+        if (bufsize < minsize) {
+            my_log(LOG_ERR, 0, "OS-allowed buffer size %u < app min %u",
+                bufsize, minsize);
+            /*NOTREACHED*/
+        }
+    }
+    my_log(LOG_DEBUG, 0, "Got %d byte buffer size in %d iterations", bufsize, iter);
+}
+
+
+void k_hdr_include(int hdrincl) {
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_HDRINCL,
+                   (char *)&hdrincl, sizeof(hdrincl)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_HDRINCL %u", hdrincl);
+}
+
+
+void k_set_ttl(int t) {
+#ifndef RAW_OUTPUT_IS_RAW
+    u_char ttl;
+
+    ttl = t;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_TTL,
+                   (char *)&ttl, sizeof(ttl)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_TTL %u", ttl);
+#endif
+    curttl = t;
+}
+
+
+void k_set_loop(int l) {
+    u_char loop;
+
+    loop = l;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_LOOP,
+                   (char *)&loop, sizeof(loop)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_LOOP %u", loop);
+}
+
+void k_set_if(uint32_t ifa) {
+    struct in_addr adr;
+
+    adr.s_addr = ifa;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_IF,
+                   (char *)&adr, sizeof(adr)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_IF %s",
+            inetFmt(ifa, s1));
+}
+
+/*
+void k_join(uint32_t grp, uint32_t ifa) {
+    struct ip_mreq mreq;
+
+    mreq.imr_multiaddr.s_addr = grp;
+    mreq.imr_interface.s_addr = ifa;
+
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_ADD_MEMBERSHIP,
+                   (char *)&mreq, sizeof(mreq)) < 0)
+        my_log(LOG_WARNING, errno, "can't join group %s on interface %s",
+            inetFmt(grp, s1), inetFmt(ifa, s2));
+}
+
+
+void k_leave(uint32_t grp, uint32_t ifa) {
+    struct ip_mreq mreq;
+
+    mreq.imr_multiaddr.s_addr = grp;
+    mreq.imr_interface.s_addr = ifa;
+
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_DROP_MEMBERSHIP,
+                   (char *)&mreq, sizeof(mreq)) < 0)
+        my_log(LOG_WARNING, errno, "can't leave group %s on interface %s",
+            inetFmt(grp, s1), inetFmt(ifa, s2));
+}
+*/
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/kern.o b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/kern.o
new file mode 100644
index 0000000..4f69834
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/kern.o differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/lib.c b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/lib.c
new file mode 100644
index 0000000..70a730a
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/lib.c
@@ -0,0 +1,148 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+/*
+ * Exported variables.
+ */
+char s1[19];        /* buffers to hold the string representations  */
+char s2[19];        /* of IP addresses, to be passed to inet_fmt() */
+char s3[19];        /* or inet_fmts().                             */
+char s4[19];
+            
+/*
+** Formats 'InAdr' into a dotted decimal string. 
+**
+** returns: - pointer to 'St'
+**          
+*/
+char *fmtInAdr( char *St, struct in_addr InAdr ) {
+    sprintf( St, "%u.%u.%u.%u", 
+             ((uint8_t *)&InAdr.s_addr)[ 0 ],
+             ((uint8_t *)&InAdr.s_addr)[ 1 ],
+             ((uint8_t *)&InAdr.s_addr)[ 2 ],
+             ((uint8_t *)&InAdr.s_addr)[ 3 ] );
+
+    return St;
+}
+
+/*
+ * Convert an IP address in u_long (network) format into a printable string.
+ */
+char *inetFmt(uint32_t addr, char *s) {
+    register u_char *a;
+
+    a = (u_char *)&addr;
+    sprintf(s, "%u.%u.%u.%u", a[0], a[1], a[2], a[3]);
+    return(s);
+}
+
+
+/*
+ * Convert an IP subnet number in u_long (network) format into a printable
+ * string including the netmask as a number of bits.
+ */
+char *inetFmts(uint32_t addr, uint32_t mask, char *s) {
+    register u_char *a, *m;
+    int bits;
+
+    if ((addr == 0) && (mask == 0)) {
+        sprintf(s, "default");
+        return(s);
+    }
+    a = (u_char *)&addr;
+    m = (u_char *)&mask;
+    bits = 33 - ffs(ntohl(mask));
+
+    if (m[3] != 0) sprintf(s, "%u.%u.%u.%u/%d", a[0], a[1], a[2], a[3],
+                           bits);
+    else if (m[2] != 0) sprintf(s, "%u.%u.%u/%d",    a[0], a[1], a[2], bits);
+    else if (m[1] != 0) sprintf(s, "%u.%u/%d",       a[0], a[1], bits);
+    else                sprintf(s, "%u/%d",          a[0], bits);
+
+    return(s);
+}
+
+/*
+ * inet_cksum extracted from:
+ *			P I N G . C
+ *
+ * Author -
+ *	Mike Muuss
+ *	U. S. Army Ballistic Research Laboratory
+ *	December, 1983
+ * Modified at Uc Berkeley
+ *
+ * (ping.c) Status -
+ *	Public Domain.  Distribution Unlimited.
+ *
+ *			I N _ C K S U M
+ *
+ * Checksum routine for Internet Protocol family headers (C Version)
+ *
+ */
+uint16_t inetChksum(uint16_t *addr, int len) {
+    register int nleft = len;
+    register uint16_t *w = addr;
+    uint16_t answer = 0;
+    register int32_t sum = 0;
+
+    /*
+     *  Our algorithm is simple, using a 32 bit accumulator (sum),
+     *  we add sequential 16 bit words to it, and at the end, fold
+     *  back all the carry bits from the top 16 bits into the lower
+     *  16 bits.
+     */
+    while (nleft > 1) {
+        sum += *w++;
+        nleft -= 2;
+    }
+
+    /* mop up an odd byte, if necessary */
+    if (nleft == 1) {
+        *(uint8_t *) (&answer) = *(uint8_t *)w ;
+        sum += answer;
+    }
+
+    /*
+     * add back carry outs from top 16 bits to low 16 bits
+     */
+    sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
+    sum += (sum >> 16);         /* add carry */
+    answer = ~sum;              /* truncate to 16 bits */
+    return(answer);
+}
+
+
+
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/lib.o b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/lib.o
new file mode 100644
index 0000000..786e63b
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/lib.o differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c
new file mode 100644
index 0000000..e657c22
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c
@@ -0,0 +1,86 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   mcgroup contains functions for joining and leaving multicast groups.
+*
+*/
+
+#include "igmpproxy.h"
+       
+
+/**
+*   Common function for joining or leaving a MCast group.
+*/
+static int joinleave( int Cmd, int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    struct ip_mreq CtlReq;
+    const char *CmdSt = Cmd == 'j' ? "join" : "leave";
+    
+    memset(&CtlReq, 0, sizeof(CtlReq));
+    CtlReq.imr_multiaddr.s_addr = mcastaddr;
+    CtlReq.imr_interface.s_addr = IfDp->InAdr.s_addr;
+    
+    {
+        my_log( LOG_NOTICE, 0, "%sMcGroup: %s on %s", CmdSt, 
+            inetFmt( mcastaddr, s1 ), IfDp ? IfDp->Name : "<any>" );
+    }
+    
+    if( setsockopt( UdpSock, IPPROTO_IP, 
+          Cmd == 'j' ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP, 
+          (void *)&CtlReq, sizeof( CtlReq ) ) ) 
+    {
+        my_log( LOG_WARNING, errno, "MRT_%s_MEMBERSHIP failed", Cmd == 'j' ? "ADD" : "DROP" );
+        return 1;
+    }
+    
+    return 0;
+}
+
+/**
+*   Joins the MC group with the address 'McAdr' on the interface 'IfName'. 
+*   The join is bound to the UDP socket 'UdpSock', so if this socket is 
+*   closed the membership is dropped.
+*          
+*   @return 0 if the function succeeds, 1 if parameters are wrong or the join fails
+*/
+int joinMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    return joinleave( 'j', UdpSock, IfDp, mcastaddr );
+}
+
+/**
+*   Leaves the MC group with the address 'McAdr' on the interface 'IfName'. 
+*          
+*   @return 0 if the function succeeds, 1 if parameters are wrong or the join fails
+*/
+int leaveMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    return joinleave( 'l', UdpSock, IfDp, mcastaddr );
+}
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o
new file mode 100644
index 0000000..8b00338
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c
new file mode 100644
index 0000000..7c2be3e
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c
@@ -0,0 +1,242 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   mroute-api.c
+*
+*   This module contains the interface routines to the Linux mrouted API
+*/
+
+
+#include "igmpproxy.h"
+
+// MAX_MC_VIFS from mclab.h must have same value as MAXVIFS from mroute.h
+#if MAX_MC_VIFS != MAXVIFS
+# error "constants don't match, correct mclab.h"
+#endif
+     
+// need an IGMP socket as interface for the mrouted API
+// - receives the IGMP messages
+int         MRouterFD;        /* socket for all network I/O  */
+char        *recv_buf;           /* input packet buffer         */
+char        *send_buf;           /* output packet buffer        */
+
+
+// my internal virtual interfaces descriptor vector  
+static struct VifDesc {
+    struct IfDesc *IfDp;
+} VifDescVc[ MAXVIFS ];
+
+
+
+/*
+** Initialises the mrouted API and locks it by this exclusively.
+**     
+** returns: - 0 if the functions succeeds     
+**          - the errno value for non-fatal failure condition
+*/
+int enableMRouter()
+{
+    int Va = 1;
+
+    if ( (MRouterFD  = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP)) < 0 )
+        my_log( LOG_ERR, errno, "IGMP socket open" );
+
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_INIT, 
+                     (void *)&Va, sizeof( Va ) ) )
+        return errno;
+
+    return 0;
+}
+
+/*
+** Diables the mrouted API and relases by this the lock.
+**          
+*/
+void disableMRouter()
+{
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_DONE, NULL, 0 ) 
+         || close( MRouterFD )
+       ) {
+        MRouterFD = 0;
+        my_log( LOG_ERR, errno, "MRT_DONE/close" );
+    }
+
+    MRouterFD = 0;
+}
+
+/*
+** Adds the interface '*IfDp' as virtual interface to the mrouted API
+** 
+*/
+void addVIF( struct IfDesc *IfDp )
+{
+    struct vifctl VifCtl;
+    struct VifDesc *VifDp;
+
+    /* search free VifDesc
+     */
+    for ( VifDp = VifDescVc; VifDp < VCEP( VifDescVc ); VifDp++ ) {
+        if ( ! VifDp->IfDp )
+            break;
+    }
+
+    /* no more space
+     */
+    if ( VifDp >= VCEP( VifDescVc ) )
+        my_log( LOG_ERR, ENOMEM, "addVIF, out of VIF space" );
+
+    VifDp->IfDp = IfDp;
+
+    VifCtl.vifc_vifi  = VifDp - VifDescVc; 
+    VifCtl.vifc_flags = 0;        /* no tunnel, no source routing, register ? */
+    VifCtl.vifc_threshold  = VifDp->IfDp->threshold;    // Packet TTL must be at least 1 to pass them
+    VifCtl.vifc_rate_limit = VifDp->IfDp->ratelimit;    // Ratelimit
+
+    VifCtl.vifc_lcl_addr.s_addr = VifDp->IfDp->InAdr.s_addr;
+    VifCtl.vifc_rmt_addr.s_addr = INADDR_ANY;
+
+    // Set the index...
+    VifDp->IfDp->index = VifCtl.vifc_vifi;
+
+    my_log( LOG_NOTICE, 0, "adding VIF, Ix %d Fl 0x%x IP 0x%08x %s, Threshold: %d, Ratelimit: %d", 
+         VifCtl.vifc_vifi, VifCtl.vifc_flags,  VifCtl.vifc_lcl_addr.s_addr, VifDp->IfDp->Name,
+         VifCtl.vifc_threshold, VifCtl.vifc_rate_limit);
+
+    struct SubnetList *currSubnet;
+    for(currSubnet = IfDp->allowednets; currSubnet; currSubnet = currSubnet->next) {
+	my_log(LOG_DEBUG, 0, "        Network for [%s] : %s",
+	    IfDp->Name,
+	    inetFmts(currSubnet->subnet_addr, currSubnet->subnet_mask, s1));
+    }
+
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_ADD_VIF, 
+                     (char *)&VifCtl, sizeof( VifCtl ) ) )
+        my_log( LOG_ERR, errno, "MRT_ADD_VIF" );
+
+}
+
+/*
+** Adds the multicast routed '*Dp' to the kernel routes
+**
+** returns: - 0 if the function succeeds
+**          - the errno value for non-fatal failure condition
+*/
+int addMRoute( struct MRouteDesc *Dp )
+{
+    struct mfcctl CtlReq;
+    int rc;
+
+    CtlReq.mfcc_origin    = Dp->OriginAdr;
+    CtlReq.mfcc_mcastgrp  = Dp->McAdr;
+    CtlReq.mfcc_parent    = Dp->InVif;
+
+    /* copy the TTL vector
+     */
+
+    memcpy( CtlReq.mfcc_ttls, Dp->TtlVc, sizeof( CtlReq.mfcc_ttls ) );
+
+    {
+        char FmtBuO[ 32 ], FmtBuM[ 32 ];
+
+        my_log( LOG_NOTICE, 0, "Adding MFC: %s -> %s, InpVIf: %d", 
+             fmtInAdr( FmtBuO, CtlReq.mfcc_origin ), 
+             fmtInAdr( FmtBuM, CtlReq.mfcc_mcastgrp ),
+             (int)CtlReq.mfcc_parent
+           );
+    }
+
+    rc = setsockopt( MRouterFD, IPPROTO_IP, MRT_ADD_MFC,
+		    (void *)&CtlReq, sizeof( CtlReq ) );
+    if (rc)
+        my_log( LOG_WARNING, errno, "MRT_ADD_MFC" );
+
+    return rc;
+}
+
+/*
+** Removes the multicast routed '*Dp' from the kernel routes
+**
+** returns: - 0 if the function succeeds
+**          - the errno value for non-fatal failure condition
+*/
+int delMRoute( struct MRouteDesc *Dp )
+{
+    struct mfcctl CtlReq;
+    int rc;
+
+    CtlReq.mfcc_origin    = Dp->OriginAdr;
+    CtlReq.mfcc_mcastgrp  = Dp->McAdr;
+    CtlReq.mfcc_parent    = Dp->InVif;
+
+    /* clear the TTL vector
+     */
+    memset( CtlReq.mfcc_ttls, 0, sizeof( CtlReq.mfcc_ttls ) );
+
+    {
+        char FmtBuO[ 32 ], FmtBuM[ 32 ];
+
+        my_log( LOG_NOTICE, 0, "Removing MFC: %s -> %s, InpVIf: %d", 
+             fmtInAdr( FmtBuO, CtlReq.mfcc_origin ), 
+             fmtInAdr( FmtBuM, CtlReq.mfcc_mcastgrp ),
+             (int)CtlReq.mfcc_parent
+           );
+    }
+
+    rc = setsockopt( MRouterFD, IPPROTO_IP, MRT_DEL_MFC,
+		    (void *)&CtlReq, sizeof( CtlReq ) );
+    if (rc)
+        my_log( LOG_WARNING, errno, "MRT_DEL_MFC" );
+
+    return rc;
+}
+
+/*
+** Returns for the virtual interface index for '*IfDp'
+**
+** returns: - the vitrual interface index if the interface is registered
+**          - -1 if no virtual interface exists for the interface 
+**          
+*/
+int getVifIx( struct IfDesc *IfDp )
+{
+    struct VifDesc *Dp;
+
+    for ( Dp = VifDescVc; Dp < VCEP( VifDescVc ); Dp++ )
+        if ( Dp->IfDp == IfDp )
+            return Dp - VifDescVc;
+
+    return -1;
+}
+
+
+
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o
new file mode 100644
index 0000000..8ea168c
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h
new file mode 100644
index 0000000..735401c
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h
@@ -0,0 +1,14 @@
+#include <net/route.h>
+#include <net/ip_mroute/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h
new file mode 100644
index 0000000..ca01cc5
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h
@@ -0,0 +1,23 @@
+#include <net/route.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#if __FreeBSD_version >= 800069 && defined BURN_BRIDGES \
+	|| __FreeBSD_version >= 800098
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+#endif
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os-linux.h b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os-linux.h
new file mode 100644
index 0000000..7504b1f
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os-linux.h
@@ -0,0 +1,15 @@
+#define _LINUX_IN_H
+#include <linux/types.h>
+#include <linux/mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ntohs(ip->ip_len) - (ip->ip_hl << 2);
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = htons(len);
+}
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h
new file mode 100644
index 0000000..17bd5fa
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h
@@ -0,0 +1,19 @@
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h
new file mode 100644
index 0000000..873e5fb
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h
@@ -0,0 +1,21 @@
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+
+#define INADDR_ALLRTRS_GROUP INADDR_ALLROUTERS_GROUP
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ntohs(ip->ip_len) - (ip->ip_hl << 2);
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = htons(len);
+}
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os.h b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os.h
new file mode 120000
index 0000000..142e404
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/os.h
@@ -0,0 +1 @@
+../src/os-linux.h
\ No newline at end of file
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/request.c b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/request.c
new file mode 100644
index 0000000..e3589f6
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/request.c
@@ -0,0 +1,222 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   request.c 
+*
+*   Functions for recieveing and processing IGMP requests.
+*
+*/
+
+#include "igmpproxy.h"
+
+// Prototypes...
+void sendGroupSpecificMemberQuery(void *argument);  
+    
+typedef struct {
+    uint32_t      group;
+    uint32_t      vifAddr;
+    short       started;
+} GroupVifDesc;
+
+
+/**
+*   Handles incoming membership reports, and
+*   appends them to the routing table.
+*/
+void acceptGroupReport(uint32_t src, uint32_t group, uint8_t type) {
+    struct IfDesc  *sourceVif;
+
+    // Sanitycheck the group adress...
+    if(!IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group.",
+            inetFmt(group, s1));
+        return;
+    }
+
+    // Find the interface on which the report was recieved.
+    sourceVif = getIfByAddress( src );
+    if(sourceVif == NULL) {
+        my_log(LOG_WARNING, 0, "No interfaces found for source %s",
+            inetFmt(src,s1));
+        return;
+    }
+
+    if(sourceVif->InAdr.s_addr == src) {
+        my_log(LOG_NOTICE, 0, "The IGMP message was from myself. Ignoring.");
+        return;
+    }
+
+    // We have a IF so check that it's an downstream IF.
+    if(sourceVif->state == IF_STATE_DOWNSTREAM) {
+
+        my_log(LOG_DEBUG, 0, "Should insert group %s (from: %s) to route table. Vif Ix : %d",
+            inetFmt(group,s1), inetFmt(src,s2), sourceVif->index);
+
+        // The membership report was OK... Insert it into the route table..
+        insertRoute(group, sourceVif->index);
+
+
+    } else {
+        // Log the state of the interface the report was recieved on.
+        my_log(LOG_INFO, 0, "Mebership report was recieved on %s. Ignoring.",
+            sourceVif->state==IF_STATE_UPSTREAM?"the upstream interface":"a disabled interface");
+    }
+
+}
+
+/**
+*   Recieves and handles a group leave message.
+*/
+void acceptLeaveMessage(uint32_t src, uint32_t group) {
+    struct IfDesc   *sourceVif;
+    
+    my_log(LOG_DEBUG, 0,
+	    "Got leave message from %s to %s. Starting last member detection.",
+	    inetFmt(src, s1), inetFmt(group, s2));
+
+    // Sanitycheck the group adress...
+    if(!IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group.",
+            inetFmt(group, s1));
+        return;
+    }
+
+    // Find the interface on which the report was recieved.
+    sourceVif = getIfByAddress( src );
+    if(sourceVif == NULL) {
+        my_log(LOG_WARNING, 0, "No interfaces found for source %s",
+            inetFmt(src,s1));
+        return;
+    }
+
+    // We have a IF so check that it's an downstream IF.
+    if(sourceVif->state == IF_STATE_DOWNSTREAM) {
+
+        GroupVifDesc   *gvDesc;
+        gvDesc = (GroupVifDesc*) malloc(sizeof(GroupVifDesc));
+
+        // Tell the route table that we are checking for remaining members...
+        setRouteLastMemberMode(group);
+
+        // Call the group spesific membership querier...
+        gvDesc->group = group;
+        gvDesc->vifAddr = sourceVif->InAdr.s_addr;
+        gvDesc->started = 0;
+
+        sendGroupSpecificMemberQuery(gvDesc);
+
+    } else {
+        // just ignore the leave request...
+        my_log(LOG_DEBUG, 0, "The found if for %s was not downstream. Ignoring leave request.", inetFmt(src, s1));
+    }
+}
+
+/**
+*   Sends a group specific member report query until the 
+*   group times out...
+*/
+void sendGroupSpecificMemberQuery(void *argument) {
+    struct  Config  *conf = getCommonConfig();
+
+    // Cast argument to correct type...
+    GroupVifDesc   *gvDesc = (GroupVifDesc*) argument;
+
+    if(gvDesc->started) {
+        // If aging returns false, we don't do any further action...
+        if(!lastMemberGroupAge(gvDesc->group)) {
+            return;
+        }
+    } else {
+        gvDesc->started = 1;
+    }
+
+    // Send a group specific membership query...
+    sendIgmp(gvDesc->vifAddr, gvDesc->group, 
+             IGMP_MEMBERSHIP_QUERY,
+             conf->lastMemberQueryInterval * IGMP_TIMER_SCALE, 
+             gvDesc->group, 0);
+
+    my_log(LOG_DEBUG, 0, "Sent membership query from %s to %s. Delay: %d",
+        inetFmt(gvDesc->vifAddr,s1), inetFmt(gvDesc->group,s2),
+        conf->lastMemberQueryInterval);
+
+    // Set timeout for next round...
+    timer_setTimer(conf->lastMemberQueryInterval, sendGroupSpecificMemberQuery, gvDesc);
+
+}
+
+
+/**
+*   Sends a general membership query on downstream VIFs
+*/
+void sendGeneralMembershipQuery() {
+    struct  Config  *conf = getCommonConfig();
+    struct  IfDesc  *Dp;
+    int             Ix;
+
+    // Loop through all downstream vifs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+            if(Dp->state == IF_STATE_DOWNSTREAM) {
+                // Send the membership query...
+                sendIgmp(Dp->InAdr.s_addr, allhosts_group, 
+                         IGMP_MEMBERSHIP_QUERY,
+                         conf->queryResponseInterval * IGMP_TIMER_SCALE, 0, 0);
+                
+                my_log(LOG_DEBUG, 0,
+			"Sent membership query from %s to %s. Delay: %d",
+			inetFmt(Dp->InAdr.s_addr,s1),
+			inetFmt(allhosts_group,s2),
+			conf->queryResponseInterval);
+            }
+        }
+    }
+
+    // Install timer for aging active routes.
+    timer_setTimer(conf->queryResponseInterval, ageActiveRoutes, NULL);
+
+    // Install timer for next general query...
+    if(conf->startupQueryCount>0) {
+        // Use quick timer...
+        timer_setTimer(conf->startupQueryInterval, sendGeneralMembershipQuery, NULL);
+        // Decrease startup counter...
+        conf->startupQueryCount--;
+    } 
+    else {
+        // Use slow timer...
+        timer_setTimer(conf->queryInterval, sendGeneralMembershipQuery, NULL);
+    }
+
+
+}
+ 
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/request.o b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/request.o
new file mode 100644
index 0000000..bff7c33
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/request.o differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/rttable.c b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/rttable.c
new file mode 100644
index 0000000..f0701a8
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/rttable.c
@@ -0,0 +1,662 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   rttable.c 
+*
+*   Updates the routingtable according to 
+*     recieved request.
+*/
+
+#include "igmpproxy.h"
+    
+/**
+*   Routing table structure definition. Double linked list...
+*/
+struct RouteTable {
+    struct RouteTable   *nextroute;     // Pointer to the next group in line.
+    struct RouteTable   *prevroute;     // Pointer to the previous group in line.
+    uint32_t              group;          // The group to route
+    uint32_t              originAddr;     // The origin adress (only set on activated routes)
+    uint32_t              vifBits;        // Bits representing recieving VIFs.
+
+    // Keeps the upstream membership state...
+    short               upstrState;     // Upstream membership state.
+
+    // These parameters contain aging details.
+    uint32_t              ageVifBits;     // Bits representing aging VIFs.
+    int                 ageValue;       // Downcounter for death.          
+    int                 ageActivity;    // Records any acitivity that notes there are still listeners.
+};
+
+                 
+// Keeper for the routing table...
+static struct RouteTable   *routing_table;
+
+// Prototypes
+void logRouteTable(char *header);
+int  internAgeRoute(struct RouteTable*  croute);
+int internUpdateKernelRoute(struct RouteTable *route, int activate);
+
+// Socket for sending join or leave requests.
+int mcGroupSock = 0;
+
+
+/**
+*   Function for retrieving the Multicast Group socket.
+*/
+int getMcGroupSock() {
+    if( ! mcGroupSock ) {
+        mcGroupSock = openUdpSocket( INADDR_ANY, 0 );;
+    }
+    return mcGroupSock;
+}
+ 
+/**
+*   Initializes the routing table.
+*/
+void initRouteTable() {
+    unsigned Ix;
+    struct IfDesc *Dp;
+
+    // Clear routing table...
+    routing_table = NULL;
+
+    // Join the all routers group on downstream vifs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        // If this is a downstream vif, we should join the All routers group...
+        if( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) && Dp->state == IF_STATE_DOWNSTREAM) {
+            my_log(LOG_DEBUG, 0, "Joining all-routers group %s on vif %s",
+                         inetFmt(allrouters_group,s1),inetFmt(Dp->InAdr.s_addr,s2));
+            
+            //k_join(allrouters_group, Dp->InAdr.s_addr);
+            joinMcGroup( getMcGroupSock(), Dp, allrouters_group );
+        }
+    }
+}
+
+/**
+*   Internal function to send join or leave requests for
+*   a specified route upstream...
+*/
+void sendJoinLeaveUpstream(struct RouteTable* route, int join) {
+    struct IfDesc*      upstrIf;
+    
+    // Get the upstream VIF...
+    upstrIf = getIfByIx( upStreamVif );
+    if(upstrIf == NULL) {
+        my_log(LOG_ERR, 0 ,"FATAL: Unable to get Upstream IF.");
+    }
+
+    // Send join or leave request...
+    if(join) {
+
+        // Only join a group if there are listeners downstream...
+        if(route->vifBits > 0) {
+            my_log(LOG_DEBUG, 0, "Joining group %s upstream on IF address %s",
+                         inetFmt(route->group, s1), 
+                         inetFmt(upstrIf->InAdr.s_addr, s2));
+
+            //k_join(route->group, upstrIf->InAdr.s_addr);
+            joinMcGroup( getMcGroupSock(), upstrIf, route->group );
+
+            route->upstrState = ROUTESTATE_JOINED;
+        } else {
+            my_log(LOG_DEBUG, 0, "No downstream listeners for group %s. No join sent.",
+                inetFmt(route->group, s1));
+        }
+
+    } else {
+        // Only leave if group is not left already...
+        if(route->upstrState != ROUTESTATE_NOTJOINED) {
+            my_log(LOG_DEBUG, 0, "Leaving group %s upstream on IF address %s",
+                         inetFmt(route->group, s1), 
+                         inetFmt(upstrIf->InAdr.s_addr, s2));
+            
+            //k_leave(route->group, upstrIf->InAdr.s_addr);
+            leaveMcGroup( getMcGroupSock(), upstrIf, route->group );
+
+            route->upstrState = ROUTESTATE_NOTJOINED;
+        }
+    }
+}
+
+/**
+*   Clear all routes from routing table, and alerts Leaves upstream.
+*/
+void clearAllRoutes() {
+    struct RouteTable   *croute, *remainroute;
+
+    // Loop through all routes...
+    for(croute = routing_table; croute; croute = remainroute) {
+
+        remainroute = croute->nextroute;
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_DEBUG, 0, "Removing route entry for %s",
+                     inetFmt(croute->group, s1));
+
+        // Uninstall current route
+        if(!internUpdateKernelRoute(croute, 0)) {
+            my_log(LOG_WARNING, 0, "The removal from Kernel failed.");
+        }
+
+        // Send Leave message upstream.
+        sendJoinLeaveUpstream(croute, 0);
+
+        // Clear memory, and set pointer to next route...
+        free(croute);
+    }
+    routing_table = NULL;
+
+    // Send a notice that the routing table is empty...
+    my_log(LOG_NOTICE, 0, "All routes removed. Routing table is empty.");
+}
+                 
+/**
+*   Private access function to find a route from a given 
+*   Route Descriptor.
+*/
+struct RouteTable *findRoute(uint32_t group) {
+    struct RouteTable*  croute;
+
+    for(croute = routing_table; croute; croute = croute->nextroute) {
+        if(croute->group == group) {
+            return croute;
+        }
+    }
+
+    return NULL;
+}
+
+/**
+*   Adds a specified route to the routingtable.
+*   If the route already exists, the existing route 
+*   is updated...
+*/
+int insertRoute(uint32_t group, int ifx) {
+    
+    struct Config *conf = getCommonConfig();
+    struct RouteTable*  croute;
+
+    // Sanitycheck the group adress...
+    if( ! IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group. Table insert failed.",
+            inetFmt(group, s1));
+        return 0;
+    }
+
+    // Santiycheck the VIF index...
+    //if(ifx < 0 || ifx >= MAX_MC_VIFS) {
+    if(ifx >= MAX_MC_VIFS) {
+        my_log(LOG_WARNING, 0, "The VIF Ix %d is out of range (0-%d). Table insert failed.",ifx,MAX_MC_VIFS);
+        return 0;
+    }
+
+    // Try to find an existing route for this group...
+    croute = findRoute(group);
+    if(croute==NULL) {
+        struct RouteTable*  newroute;
+
+        my_log(LOG_DEBUG, 0, "No existing route for %s. Create new.",
+                     inetFmt(group, s1));
+
+
+        // Create and initialize the new route table entry..
+        newroute = (struct RouteTable*)malloc(sizeof(struct RouteTable));
+        // Insert the route desc and clear all pointers...
+        newroute->group      = group;
+        newroute->originAddr = 0;
+        newroute->nextroute  = NULL;
+        newroute->prevroute  = NULL;
+
+        // The group is not joined initially.
+        newroute->upstrState = ROUTESTATE_NOTJOINED;
+
+        // The route is not active yet, so the age is unimportant.
+        newroute->ageValue    = conf->robustnessValue;
+        newroute->ageActivity = 0;
+        
+        BIT_ZERO(newroute->ageVifBits);     // Initially we assume no listeners.
+
+        // Set the listener flag...
+        BIT_ZERO(newroute->vifBits);    // Initially no listeners...
+        if(ifx >= 0) {
+            BIT_SET(newroute->vifBits, ifx);
+        }
+
+        // Check if there is a table already....
+        if(routing_table == NULL) {
+            // No location set, so insert in on the table top.
+            routing_table = newroute;
+            my_log(LOG_DEBUG, 0, "No routes in table. Insert at beginning.");
+        } else {
+
+            my_log(LOG_DEBUG, 0, "Found existing routes. Find insert location.");
+
+            // Check if the route could be inserted at the beginning...
+            if(routing_table->group > group) {
+                my_log(LOG_DEBUG, 0, "Inserting at beginning, before route %s",inetFmt(routing_table->group,s1));
+
+                // Insert at beginning...
+                newroute->nextroute = routing_table;
+                newroute->prevroute = NULL;
+                routing_table = newroute;
+
+                // If the route has a next node, the previous pointer must be updated.
+                if(newroute->nextroute != NULL) {
+                    newroute->nextroute->prevroute = newroute;
+                }
+
+            } else {
+
+                // Find the location which is closest to the route.
+                for( croute = routing_table; croute->nextroute != NULL; croute = croute->nextroute ) {
+                    // Find insert position.
+                    if(croute->nextroute->group > group) {
+                        break;
+                    }
+                }
+
+                my_log(LOG_DEBUG, 0, "Inserting after route %s",inetFmt(croute->group,s1));
+                
+                // Insert after current...
+                newroute->nextroute = croute->nextroute;
+                newroute->prevroute = croute;
+                if(croute->nextroute != NULL) {
+                    croute->nextroute->prevroute = newroute; 
+                }
+                croute->nextroute = newroute;
+            }
+        }
+
+        // Set the new route as the current...
+        croute = newroute;
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_INFO, 0, "Inserted route table entry for %s on VIF #%d",
+            inetFmt(croute->group, s1),ifx);
+
+    } else if(ifx >= 0) {
+
+        // The route exists already, so just update it.
+        BIT_SET(croute->vifBits, ifx);
+        
+        // Register the VIF activity for the aging routine
+        BIT_SET(croute->ageVifBits, ifx);
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_INFO, 0, "Updated route entry for %s on VIF #%d",
+            inetFmt(croute->group, s1), ifx);
+
+        // If the route is active, it must be reloaded into the Kernel..
+        if(croute->originAddr != 0) {
+
+            // Update route in kernel...
+            if(!internUpdateKernelRoute(croute, 1)) {
+                my_log(LOG_WARNING, 0, "The insertion into Kernel failed.");
+                return 0;
+            }
+        }
+    }
+
+    // Send join message upstream, if the route has no joined flag...
+    if(croute->upstrState != ROUTESTATE_JOINED) {
+        // Send Join request upstream
+        sendJoinLeaveUpstream(croute, 1);
+    }
+
+    logRouteTable("Insert Route");
+
+    return 1;
+}
+
+/**
+*   Activates a passive group. If the group is already
+*   activated, it's reinstalled in the kernel. If
+*   the route is activated, no originAddr is needed.
+*/
+int activateRoute(uint32_t group, uint32_t originAddr) {
+    struct RouteTable*  croute;
+    int result = 0;
+
+    // Find the requested route.
+    croute = findRoute(group);
+    if(croute == NULL) {
+        my_log(LOG_DEBUG, 0,
+		"No table entry for %s [From: %s]. Inserting route.",
+		inetFmt(group, s1),inetFmt(originAddr, s2));
+
+        // Insert route, but no interfaces have yet requested it downstream.
+        insertRoute(group, -1);
+
+        // Retrieve the route from table...
+        croute = findRoute(group);
+    }
+
+    if(croute != NULL) {
+        // If the origin address is set, update the route data.
+        if(originAddr > 0) {
+            if(croute->originAddr > 0 && croute->originAddr!=originAddr) {
+                my_log(LOG_WARNING, 0, "The origin for route %s changed from %s to %s",
+                    inetFmt(croute->group, s1),
+                    inetFmt(croute->originAddr, s2),
+                    inetFmt(originAddr, s3));
+            }
+            croute->originAddr = originAddr;
+        }
+
+        // Only update kernel table if there are listeners !
+        if(croute->vifBits > 0) {
+            result = internUpdateKernelRoute(croute, 1);
+        }
+    }
+    logRouteTable("Activate Route");
+
+    return result;
+}
+
+
+/**
+*   This function loops through all routes, and updates the age 
+*   of any active routes.
+*/
+void ageActiveRoutes() {
+    struct RouteTable   *croute, *nroute;
+    
+    my_log(LOG_DEBUG, 0, "Aging routes in table.");
+
+    // Scan all routes...
+    for( croute = routing_table; croute != NULL; croute = nroute ) {
+        
+        // Keep the next route (since current route may be removed)...
+        nroute = croute->nextroute;
+
+        // Run the aging round algorithm.
+        if(croute->upstrState != ROUTESTATE_CHECK_LAST_MEMBER) {
+            // Only age routes if Last member probe is not active...
+            internAgeRoute(croute);
+        }
+    }
+    logRouteTable("Age active routes");
+}
+
+/**
+*   Should be called when a leave message is recieved, to
+*   mark a route for the last member probe state.
+*/
+void setRouteLastMemberMode(uint32_t group) {
+    struct Config       *conf = getCommonConfig();
+    struct RouteTable   *croute;
+
+    croute = findRoute(group);
+    if(croute!=NULL) {
+        // Check for fast leave mode...
+        if(croute->upstrState == ROUTESTATE_JOINED && conf->fastUpstreamLeave) {
+            // Send a leave message right away..
+            sendJoinLeaveUpstream(croute, 0);
+        }
+        // Set the routingstate to Last member check...
+        croute->upstrState = ROUTESTATE_CHECK_LAST_MEMBER;
+        // Set the count value for expiring... (-1 since first aging)
+        croute->ageValue = conf->lastMemberQueryCount;
+    }
+}
+
+
+/**
+*   Ages groups in the last member check state. If the
+*   route is not found, or not in this state, 0 is returned.
+*/
+int lastMemberGroupAge(uint32_t group) {
+    struct RouteTable   *croute;
+
+    croute = findRoute(group);
+    if(croute!=NULL) {
+        if(croute->upstrState == ROUTESTATE_CHECK_LAST_MEMBER) {
+            return !internAgeRoute(croute);
+        } else {
+            return 0;
+        }
+    }
+    return 0;
+}
+
+/**
+*   Remove a specified route. Returns 1 on success,
+*   and 0 if route was not found.
+*/
+int removeRoute(struct RouteTable*  croute) {
+    struct Config       *conf = getCommonConfig();
+    int result = 1;
+    
+    // If croute is null, no routes was found.
+    if(croute==NULL) {
+        return 0;
+    }
+
+    // Log the cleanup in debugmode...
+    my_log(LOG_DEBUG, 0, "Removed route entry for %s from table.",
+                 inetFmt(croute->group, s1));
+
+    //BIT_ZERO(croute->vifBits);
+
+    // Uninstall current route from kernel
+    if(!internUpdateKernelRoute(croute, 0)) {
+        my_log(LOG_WARNING, 0, "The removal from Kernel failed.");
+        result = 0;
+    }
+
+    // Send Leave request upstream if group is joined
+    if(croute->upstrState == ROUTESTATE_JOINED || 
+       (croute->upstrState == ROUTESTATE_CHECK_LAST_MEMBER && !conf->fastUpstreamLeave)) 
+    {
+        sendJoinLeaveUpstream(croute, 0);
+    }
+
+    // Update pointers...
+    if(croute->prevroute == NULL) {
+        // Topmost node...
+        if(croute->nextroute != NULL) {
+            croute->nextroute->prevroute = NULL;
+        }
+        routing_table = croute->nextroute;
+
+    } else {
+        croute->prevroute->nextroute = croute->nextroute;
+        if(croute->nextroute != NULL) {
+            croute->nextroute->prevroute = croute->prevroute;
+        }
+    }
+    // Free the memory, and set the route to NULL...
+    free(croute);
+    croute = NULL;
+
+    logRouteTable("Remove route");
+
+    return result;
+}
+
+
+/**
+*   Ages a specific route
+*/
+int internAgeRoute(struct RouteTable*  croute) {
+    struct Config *conf = getCommonConfig();
+    int result = 0;
+
+    // Drop age by 1.
+    croute->ageValue--;
+
+    // Check if there has been any activity...
+    if( croute->ageVifBits > 0 && croute->ageActivity == 0 ) {
+        // There was some activity, check if all registered vifs responded.
+        if(croute->vifBits == croute->ageVifBits) {
+            // Everything is in perfect order, so we just update the route age.
+            croute->ageValue = conf->robustnessValue;
+            //croute->ageActivity = 0;
+        } else {
+            // One or more VIF has not gotten any response.
+            croute->ageActivity++;
+
+            // Update the actual bits for the route...
+            croute->vifBits = croute->ageVifBits;
+        }
+    } 
+    // Check if there have been activity in aging process...
+    else if( croute->ageActivity > 0 ) {
+
+        // If the bits are different in this round, we must
+        if(croute->vifBits != croute->ageVifBits) {
+            // Or the bits together to insure we don't lose any listeners.
+            croute->vifBits |= croute->ageVifBits;
+
+            // Register changes in this round as well..
+            croute->ageActivity++;
+        }
+    }
+
+    // If the aging counter has reached zero, its time for updating...
+    if(croute->ageValue == 0) {
+        // Check for activity in the aging process,
+        if(croute->ageActivity>0) {
+            
+            my_log(LOG_DEBUG, 0, "Updating route after aging : %s",
+                         inetFmt(croute->group,s1));
+            
+            // Just update the routing settings in kernel...
+            internUpdateKernelRoute(croute, 1);
+    
+            // We append the activity counter to the age, and continue...
+            croute->ageValue = croute->ageActivity;
+            croute->ageActivity = 0;
+        } else {
+
+            my_log(LOG_DEBUG, 0, "Removing group %s. Died of old age.",
+                         inetFmt(croute->group,s1));
+
+            // No activity was registered within the timelimit, so remove the route.
+            removeRoute(croute);
+        }
+        // Tell that the route was updated...
+        result = 1;
+    }
+
+    // The aging vif bits must be reset for each round...
+    BIT_ZERO(croute->ageVifBits);
+
+    return result;
+}
+
+/**
+*   Updates the Kernel routing table. If activate is 1, the route
+*   is (re-)activated. If activate is false, the route is removed.
+*/
+int internUpdateKernelRoute(struct RouteTable *route, int activate) {
+    struct   MRouteDesc     mrDesc;
+    struct   IfDesc         *Dp;
+    unsigned                Ix;
+    
+    if(route->originAddr>0) {
+
+        // Build route descriptor from table entry...
+        // Set the source address and group address...
+        mrDesc.McAdr.s_addr     = route->group;
+        mrDesc.OriginAdr.s_addr = route->originAddr;
+    
+        // clear output interfaces 
+        memset( mrDesc.TtlVc, 0, sizeof( mrDesc.TtlVc ) );
+    
+        my_log(LOG_DEBUG, 0, "Vif bits : 0x%08x", route->vifBits);
+
+        // Set the TTL's for the route descriptor...
+        for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+            if(Dp->state == IF_STATE_UPSTREAM) {
+                mrDesc.InVif = Dp->index;
+            }
+            else if(BIT_TST(route->vifBits, Dp->index)) {
+                my_log(LOG_DEBUG, 0, "Setting TTL for Vif %d to %d", Dp->index, Dp->threshold);
+                mrDesc.TtlVc[ Dp->index ] = Dp->threshold;
+            }
+        }
+    
+        // Do the actual Kernel route update...
+        if(activate) {
+            // Add route in kernel...
+            addMRoute( &mrDesc );
+    
+        } else {
+            // Delete the route from Kernel...
+            delMRoute( &mrDesc );
+        }
+
+    } else {
+        my_log(LOG_NOTICE, 0, "Route is not active. No kernel updates done.");
+    }
+
+    return 1;
+}
+
+/**
+*   Debug function that writes the routing table entries
+*   to the log.
+*/
+void logRouteTable(char *header) {
+        struct RouteTable*  croute = routing_table;
+        unsigned            rcount = 0;
+    
+        my_log(LOG_DEBUG, 0, "");
+        my_log(LOG_DEBUG, 0, "Current routing table (%s):", header);
+        my_log(LOG_DEBUG, 0, "-----------------------------------------------------");
+        if(croute==NULL) {
+            my_log(LOG_DEBUG, 0, "No routes in table...");
+        } else {
+            do {
+                /*
+                my_log(LOG_DEBUG, 0, "#%d: Src: %s, Dst: %s, Age:%d, St: %s, Prev: 0x%08x, T: 0x%08x, Next: 0x%08x",
+                    rcount, inetFmt(croute->originAddr, s1), inetFmt(croute->group, s2),
+                    croute->ageValue,(croute->originAddr>0?"A":"I"),
+                    croute->prevroute, croute, croute->nextroute);
+                */
+                my_log(LOG_DEBUG, 0, "#%d: Src: %s, Dst: %s, Age:%d, St: %s, OutVifs: 0x%08x",
+                    rcount, inetFmt(croute->originAddr, s1), inetFmt(croute->group, s2),
+                    croute->ageValue,(croute->originAddr>0?"A":"I"),
+                    croute->vifBits);
+                  
+                croute = croute->nextroute; 
+        
+                rcount++;
+            } while ( croute != NULL );
+        }
+    
+        my_log(LOG_DEBUG, 0, "-----------------------------------------------------");
+}
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/rttable.o b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/rttable.o
new file mode 100644
index 0000000..df1f0b5
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/rttable.o differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/syslog.c b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/syslog.c
new file mode 100644
index 0000000..7c7166f
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/syslog.c
@@ -0,0 +1,62 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+int LogLevel = LOG_WARNING;
+bool Log2Stderr = false;
+
+void my_log( int Severity, int Errno, const char *FmtSt, ... )
+{
+    char LogMsg[ 128 ];
+
+    va_list ArgPt;
+    unsigned Ln;
+    va_start( ArgPt, FmtSt );
+    Ln = vsnprintf( LogMsg, sizeof( LogMsg ), FmtSt, ArgPt );
+    if( Errno > 0 )
+        snprintf( LogMsg + Ln, sizeof( LogMsg ) - Ln,
+                "; Errno(%d): %s", Errno, strerror(Errno) );
+    va_end( ArgPt );
+
+    if (Severity <= LogLevel) {
+        if (Log2Stderr)
+            fprintf(stderr, "%s\n", LogMsg);
+        else {
+            syslog(Severity, "%s", LogMsg);
+	}
+    }
+
+    if( Severity <= LOG_ERR )
+        exit( -1 );
+}
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/syslog.o b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/syslog.o
new file mode 100644
index 0000000..445b866
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/syslog.o differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/udpsock.c b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/udpsock.c
new file mode 100644
index 0000000..150130e
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/udpsock.c
@@ -0,0 +1,65 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   udpsock.c contains function for creating a UDP socket.
+*
+*/
+
+#include "igmpproxy.h"
+
+/**
+*  Creates and connects a simple UDP socket to the target 
+*  'PeerInAdr':'PeerPort'
+*
+*   @param PeerInAdr - The address to connect to
+*   @param PeerPort  - The port to connect to
+*           
+*/
+int openUdpSocket( uint32_t PeerInAdr, uint16_t PeerPort ) {
+    int Sock;
+    struct sockaddr_in SockAdr;
+    
+    if( (Sock = socket( AF_INET, SOCK_RAW, IPPROTO_IGMP )) < 0 )
+        my_log( LOG_ERR, errno, "UDP socket open" );
+    
+    memset( &SockAdr, 0, sizeof( SockAdr ) );
+    SockAdr.sin_family      = AF_INET;
+    SockAdr.sin_port        = htons(PeerPort);
+    SockAdr.sin_addr.s_addr = htonl(PeerInAdr);
+    
+    if( bind( Sock, (struct sockaddr *)&SockAdr, sizeof( SockAdr ) ) )
+        my_log( LOG_ERR, errno, "UDP socket bind" );
+    
+    return Sock;
+}
+
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/udpsock.o b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/udpsock.o
new file mode 100644
index 0000000..8f19c02
Binary files /dev/null and b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/src/udpsock.o differ
diff --git a/FLR-BRB/src/igmpproxy/igmpproxy-0.1/stamp-h1 b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/stamp-h1
new file mode 100644
index 0000000..4547fe1
--- /dev/null
+++ b/FLR-BRB/src/igmpproxy/igmpproxy-0.1/stamp-h1
@@ -0,0 +1 @@
+timestamp for config.h
diff --git a/FLR-BRB/src/ipt-gateway b/FLR-BRB/src/ipt-gateway
new file mode 160000
index 0000000..de0ebb6
--- /dev/null
+++ b/FLR-BRB/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
diff --git a/FLR-BRB/src/mailsystem b/FLR-BRB/src/mailsystem
new file mode 160000
index 0000000..03b820b
--- /dev/null
+++ b/FLR-BRB/src/mailsystem
@@ -0,0 +1 @@
+Subproject commit 03b820b8b869d6be229340a99ed5994dcd0edec9
diff --git a/FLR-BRB/src/openvpn b/FLR-BRB/src/openvpn
new file mode 160000
index 0000000..ebff5a5
--- /dev/null
+++ b/FLR-BRB/src/openvpn
@@ -0,0 +1 @@
+Subproject commit ebff5a557b537bcb8192d94f733c4df86594258d
diff --git a/Kanzlei-Kiel/README.txt b/Kanzlei-Kiel/README.txt
new file mode 100644
index 0000000..0c67d7e
--- /dev/null
+++ b/Kanzlei-Kiel/README.txt
@@ -0,0 +1,25 @@
+
+Notice:
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.Kanzlei-Kiel: ppp0 comes over eth2
+      interfaces.Kanzlei-Kiel: see above
+      default_isc-dhcp-server.Kanzlei-Kiel
+      ipt-firewall.Kanzlei-Kiel: LAN device (mostly ) = eth1
+                                second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/Kanzlei-Kiel/aiccu.conf.Kanzlei-Kiel b/Kanzlei-Kiel/aiccu.conf.Kanzlei-Kiel
new file mode 100644
index 0000000..ecbf384
--- /dev/null
+++ b/Kanzlei-Kiel/aiccu.conf.Kanzlei-Kiel
@@ -0,0 +1,79 @@
+# Under control from debconf, please use 'dpkg-reconfigure aiccu' to reconfigure
+# AICCU Configuration
+
+# Login information (defaults: none)
+username CKM11-SIXXS
+password zLkJIZF0
+
+# Protocol and server to use for setting up the tunnel (defaults: none)
+protocol tic
+server tic.sixxs.net
+
+# Interface names to use (default: aiccu)
+# ipv6_interface is the name of the interface that will be used as a tunnel interface.
+# On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels
+# or tunX (eg tun0) for AYIYA tunnels.
+ipv6_interface sixxs
+
+# The tunnel_id to use (default: none)
+# (only required when there are multiple tunnels in the list)
+tunnel_id T129038
+
+# Be verbose? (default: false)
+verbose false
+
+# Daemonize? (default: true)
+# Set to false if you want to see any output
+# When true output goes to syslog
+#
+# WARNING: never run AICCU from DaemonTools or a similar automated
+# 'restart' tool/script. When AICCU does not start, it has a reason
+# not to start which it gives on either the stdout or in the (sys)log
+# file. The TIC server *will* automatically disable accounts which
+# are detected to run in this mode.
+#
+daemonize true
+
+# Automatic Login and Tunnel activation?
+automatic true
+
+# Require TLS?
+# When set to true, if TLS is not supported on the server
+# the TIC transaction will fail.
+# When set to false, it will try a starttls, when that is
+# not supported it will continue.
+# In any case if AICCU is build with TLS support it will
+# try to do a 'starttls' to the TIC server to see if that
+# is supported.
+requiretls false
+
+# PID File
+#pidfile /var/run/aiccu.pid
+
+# Add a default route (default: true)
+#defaultroute true
+
+# Script to run after setting up the interfaces (default: none)
+#setupscript /usr/local/etc/aiccu-subnets.sh
+
+# Make heartbeats (default true)
+# In general you don't want to turn this off
+# Of course only applies to AYIYA and heartbeat tunnels not to static ones
+#makebeats true
+
+# Don't configure anything (default: false)
+#noconfigure true
+
+# Behind NAT (default: false)
+# Notify the user that a NAT-kind network is detected
+#behindnat true
+
+# Local IPv4 Override (default: none)
+# Overrides the IPv4 parameter received from TIC
+# This allows one to configure a NAT into "DMZ" mode and then
+# forwarding the proto-41 packets to an internal host.
+# 
+# This is only needed for static proto-41 tunnels!
+# AYIYA and heartbeat tunnels don't require this.
+#local_ipv4_override
+
diff --git a/Kanzlei-Kiel/bin/admin-stuff b/Kanzlei-Kiel/bin/admin-stuff
new file mode 160000
index 0000000..6c91fc0
--- /dev/null
+++ b/Kanzlei-Kiel/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
diff --git a/Kanzlei-Kiel/bin/clean_log_files.sh b/Kanzlei-Kiel/bin/clean_log_files.sh
new file mode 120000
index 0000000..4a65412
--- /dev/null
+++ b/Kanzlei-Kiel/bin/clean_log_files.sh
@@ -0,0 +1 @@
+admin-stuff/clean_log_files.sh
\ No newline at end of file
diff --git a/Kanzlei-Kiel/bin/manage-gw-config b/Kanzlei-Kiel/bin/manage-gw-config
new file mode 160000
index 0000000..2a96dfd
--- /dev/null
+++ b/Kanzlei-Kiel/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit 2a96dfdc8f50605a84059b07e64b8ae6b41b5688
diff --git a/Kanzlei-Kiel/bin/monitoring b/Kanzlei-Kiel/bin/monitoring
new file mode 160000
index 0000000..0611d0a
--- /dev/null
+++ b/Kanzlei-Kiel/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
diff --git a/Kanzlei-Kiel/bin/os-upgrade.sh b/Kanzlei-Kiel/bin/os-upgrade.sh
new file mode 120000
index 0000000..02ddc66
--- /dev/null
+++ b/Kanzlei-Kiel/bin/os-upgrade.sh
@@ -0,0 +1 @@
+admin-stuff/os-upgrade.sh
\ No newline at end of file
diff --git a/Kanzlei-Kiel/bin/test_email.sh b/Kanzlei-Kiel/bin/test_email.sh
new file mode 120000
index 0000000..86f3e17
--- /dev/null
+++ b/Kanzlei-Kiel/bin/test_email.sh
@@ -0,0 +1 @@
+admin-stuff/test_email.sh
\ No newline at end of file
diff --git a/Kanzlei-Kiel/bind/bind.keys b/Kanzlei-Kiel/bind/bind.keys
new file mode 100644
index 0000000..db22d4b
--- /dev/null
+++ b/Kanzlei-Kiel/bind/bind.keys
@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};
diff --git a/Kanzlei-Kiel/bind/bind.keys.dpkg-old b/Kanzlei-Kiel/bind/bind.keys.dpkg-old
new file mode 100644
index 0000000..b003c53
--- /dev/null
+++ b/Kanzlei-Kiel/bind/bind.keys.dpkg-old
@@ -0,0 +1,49 @@
+/* $Id: bind.keys,v 1.5.42.2 2011-01-04 19:14:48 each Exp $ */
+# The bind.keys file is used to override built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release (BIND
+# 9.7), the only trust anchor it sets is the one for the ISC DNSSEC
+# Lookaside Validation zone ("dlv.isc.org").  Trust anchors for any other
+# zones MUST be configured elsewhere; if they are configured here, they
+# will not be recognized or used by named.
+#
+# This file also contains a copy of the trust anchor for the DNS root zone
+# (".").  However, named does not use it; it is provided here for
+# informational purposes only.  To switch on DNSSEC validation at the
+# root, the root key below can be copied into named.conf.
+#
+# The built-in DLV trust anchor in this file is used directly by named.
+# However, it is not activated unless specifically switched on.  To use
+# the DLV key, set "dnssec-lookaside auto;" in the named.conf options.
+# Without this option being set, the key in this file is ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of January 2011.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+	# ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        # NOTE: This key is activated by setting "dnssec-lookaside auto;"
+        # in named.conf.
+	dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+		brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+		1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+		ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+		Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+		QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+		TDN0YUuWrBNh";
+
+	# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
+	# for current trust anchor information.
+        # NOTE: This key is activated by setting "dnssec-validation auto;"
+        # in named.conf.
+	. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+		FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+		bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+		X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+		W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+		Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+		QxA+Uk1ihz0=";
+};
diff --git a/Kanzlei-Kiel/bind/db.0 b/Kanzlei-Kiel/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/Kanzlei-Kiel/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/Kanzlei-Kiel/bind/db.127 b/Kanzlei-Kiel/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/Kanzlei-Kiel/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/Kanzlei-Kiel/bind/db.192.168.100.0 b/Kanzlei-Kiel/bind/db.192.168.100.0
new file mode 100644
index 0000000..850ae57
--- /dev/null
+++ b/Kanzlei-Kiel/bind/db.192.168.100.0
@@ -0,0 +1,80 @@
+;
+; BIND reverse data file for local kanzlei-kiel.netz zone
+;
+$TTL  43600
+@  IN SOA   kanzlei-kiel.netz. ckubu.oopen.de. (
+      2012020701     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns.kanzlei-kiel.netz.
+
+; ==========
+; - Server
+; ==========
+
+; Gateway/Firewall
+254         IN PTR    gw-kanzlei-kiel.kanzlei-kiel.netz.
+
+; (Caching ) Nameserver
+1           IN PTR    ns.kanzlei-kiel.netz.
+
+; File Server
+10          IN PTR    file-ah.kanzlei-kiel.netz.
+
+; IPMI - File Server
+11          IN PTR    file-ipmi.kanzlei-kiel.netz.
+
+; USV 
+;15          IN PTR    usv-kanzlei-kiel.kanzlei-kiel.netz.
+
+; Windows 7 Server
+20          IN PTR    file-win7.kanzlei-kiel.netz.
+25          IN PTR    win7-ah.kanzlei-kiel.netz.
+
+
+; ==========
+; - Accesspoints
+; ==========
+
+; UniFi AP-AC-LR
+50         IN PTR    unify-ap.kanzlei-kiel.netz.
+
+
+; ==========
+; - Drucker
+; ==========
+
+; Laserdrucker Kyocera FS-2020D
+19          IN PTR     kyocera-fs-2020d.kanzlei-kiel.netz.
+; Multifunktions Drucker Kyocera TASKalfa 3051ci
+100         IN PTR     kyocera-taskalfa-3051ci.kanzlei-kiel.netz.
+
+; Laserdrucker Kyocera FS-2100DN
+189         IN PTR     kyocera-fs-2100dn.kanzlei-kiel.netz.
+
+
+; ==========
+; - Buero PC's
+; ==========
+
+22           IN PTR    buerozwei.kanzlei-kiel.netz.
+77           IN PTR    dokumentenscannerrechner.kanzlei-kiel.netz.
+81           IN PTR    buero-doro.kanzlei-kiel.netz.
+88           IN PTR    axel.kanzlei-kiel.netz.
+99           IN PTR    zk.kanzlei-kiel.netz.
+101          IN PTR    shuttle.kanzlei-kiel.netz.
+121          IN PTR    buerooben.kanzlei-kiel.netz.
+184          IN PTR    laptop-doro.kanzlei-kiel.netz.
+
+; --- 
+; - ckubu 
+; ---
+
+;  Laptop (devil) LAN (eth0)
+90          IN PTR    devil.kanzlei-kiel.netz.
+91          IN PTR    devil-wlan.kanzlei-kiel.netz.
+
diff --git a/Kanzlei-Kiel/bind/db.192.168.101.0 b/Kanzlei-Kiel/bind/db.192.168.101.0
new file mode 100644
index 0000000..a774411
--- /dev/null
+++ b/Kanzlei-Kiel/bind/db.192.168.101.0
@@ -0,0 +1,14 @@
+;
+; BIND reverse data file for local kanzlei-kiel.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.kanzlei-kiel.netz. ckubu.oopen.de. (
+      2012020201     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns.kanzlei-kiel.netz.
+
diff --git a/Kanzlei-Kiel/bind/db.255 b/Kanzlei-Kiel/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/Kanzlei-Kiel/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/Kanzlei-Kiel/bind/db.empty b/Kanzlei-Kiel/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/Kanzlei-Kiel/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/Kanzlei-Kiel/bind/db.kanzlei-kiel.netz b/Kanzlei-Kiel/bind/db.kanzlei-kiel.netz
new file mode 100644
index 0000000..e28edf1
--- /dev/null
+++ b/Kanzlei-Kiel/bind/db.kanzlei-kiel.netz
@@ -0,0 +1,94 @@
+;
+; BIND data file for local kanzlei-kiel.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.kanzlei-kiel.netz. ckubu.oopen.de. (
+      2017013001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+            IN NS     ns.kanzlei-kiel.netz.
+
+
+; ==========
+; - Server
+; ==========
+
+; Gateway/Firewall
+gw-ah       IN A      192.168.100.254
+gate        IN CNAME  gw-ah
+gw          IN CNAME  gw-ah
+
+; (Caching ) Nameserver
+ns          IN A      192.168.100.1
+nscache     IN CNAME  ns
+
+; File Server
+file-ah    IN A      192.168.100.10
+file        IN CNAME  file-ah
+
+; IPMI - File Server
+file-ipmi   IN A      192.168.100.11
+
+; USV - APC Management Card
+;usv-ah     IN A      192.168.100.15
+;usv         IN CNAME  usv-ah
+
+; Windows 7 Server
+file-win7   IN A      192.168.100.20
+win7-ah     IN A      192.168.100.25
+
+
+; ==========
+; - Accesspoints
+; ==========
+
+; Controller for Unifi AP's
+unifi-ctl      IN A      192.168.100.254
+
+; UniFi AP-AC-LR
+unify-ap     IN A      192.168.100.50
+accesspoint  IN CNAME  unify-ap
+
+
+; ==========
+; - Drucker
+; ==========
+
+; Laserdrucker Kyocera FS-2020D
+kyocera-fs-2020d  IN A 192.168.100.29
+
+; Multifunktions Drucker Kyocera TASKalfa 3051ci
+kyocera-taskalfa-3051ci IN A  192.168.100.100
+kyocera-scanner   IN CNAME kyocera-taskalfa-3051ci
+
+; Laserdrucker Kyocera FS-2100DN
+kyocera-fs-2100dn  IN A 192.168.100.189
+
+ 
+; ==========
+; - Buero PC's
+; ==========
+
+buerozwei    IN A      192.168.100.22
+dokumentenscannerrechner IN A 192.168.100.77
+buero-doro   IN A      192.168.100.81
+axel         IN A      192.168.100.88
+zk           IN A      192.168.100.99
+shuttle      IN A      192.168.100.101
+buerooben    IN A      192.168.100.121
+laptop-doro  IN A      192.168.100.184
+
+; --- 
+; - ckubu 
+; ---
+
+;  Laptop (devil) LAN (eth0)
+devil       IN A      192.168.100.90
+;  Laptop (devil) WLAN (wlan0)
+devil-wlan  IN A      192.168.101.91
+
diff --git a/Kanzlei-Kiel/bind/db.local b/Kanzlei-Kiel/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/Kanzlei-Kiel/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/Kanzlei-Kiel/bind/db.root b/Kanzlei-Kiel/bind/db.root
new file mode 100644
index 0000000..f0b79d2
--- /dev/null
+++ b/Kanzlei-Kiel/bind/db.root
@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file
diff --git a/Kanzlei-Kiel/bind/named.conf b/Kanzlei-Kiel/bind/named.conf
new file mode 100644
index 0000000..880786a
--- /dev/null
+++ b/Kanzlei-Kiel/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/Kanzlei-Kiel/bind/named.conf.default-zones b/Kanzlei-Kiel/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/Kanzlei-Kiel/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/Kanzlei-Kiel/bind/named.conf.local b/Kanzlei-Kiel/bind/named.conf.local
new file mode 100644
index 0000000..b57b721
--- /dev/null
+++ b/Kanzlei-Kiel/bind/named.conf.local
@@ -0,0 +1,23 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+
+zone "kanzlei-kiel.netz" {
+   type master;
+   file "/etc/bind/db.kanzlei-kiel.netz";
+};
+
+zone "100.168.192.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.192.168.100.0";
+};
+
+zone "101.168.192.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.192.168.101.0";
+};
diff --git a/Kanzlei-Kiel/bind/named.conf.options b/Kanzlei-Kiel/bind/named.conf.options
new file mode 100644
index 0000000..79728e8
--- /dev/null
+++ b/Kanzlei-Kiel/bind/named.conf.options
@@ -0,0 +1,111 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	#forwarders {
+   #   // OpenDNS servers
+   #   208.67.222.222;
+   #   208.67.220.220;
+   #   // DNS-Cache des CCC
+   #   213.73.91.35;
+   #   // ISP DNS Servers (ARCOR)
+   #   // dns1.arcor-ip.de
+   #   145.253.2.11;
+   #   // dns2.arcor-ip.de
+   #   145.253.2.75;
+   #   // dns3.arcor-ip.de
+   #   145.253.2.171;
+   #   // dns4.arcor-ip.de
+   #   145.253.2.203;
+	#};
+
+   //========================================================================
+   // If BIND logs error messages about the root key being expired,
+   // you will need to update your keys.  See https://www.isc.org/bind-keys
+   //========================================================================
+   dnssec-validation auto;
+
+   auth-nxdomain no;    # conform to RFC1035
+
+   // Security options
+   listen-on port 53 { 
+      127.0.0.1; 
+      192.168.100.1; 
+      192.168.0.1; 
+      172.16.101.254; 
+   };
+
+   allow-query { 
+      127.0.0.1; 
+      192.168.0.0/16; 
+      172.16.0.0/12; 
+      10.0.0.0/8;
+   };
+
+   // caching name services
+   recursion yes;
+   allow-recursion { 
+      127.0.0.1; 
+      192.168.0.0/16; 
+      172.16.0.0/12; 
+      10.0.0.0/8;
+   };
+   allow-transfer { none; };
+
+
+	listen-on-v6 { 
+      ::1; 
+   };
+};
+
+logging {
+   channel simple_log {
+      file "/var/log/named/bind.log" versions 3 size 5m;
+      //severity warning;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category  yes;
+   };
+   channel queries_log {
+      file "/var/log/named/query.log" versions 10 size 5m;
+      severity debug;
+      //severity notice;
+      print-time yes;
+      print-severity yes;
+      print-category no;
+   };
+   channel log_zone_transfers {
+      file "/var/log/named/axfr.log" versions 5 size 2m;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   category resolver {
+      queries_log;
+   };
+   category queries {
+      queries_log;
+   };
+   category xfer-in {
+      log_zone_transfers;
+   };
+   category xfer-out {
+      log_zone_transfers;
+   };
+   category notify {
+      log_zone_transfers;
+   };
+   category default{
+      simple_log;
+   };
+};
diff --git a/Kanzlei-Kiel/bind/named.conf.options.ORIG b/Kanzlei-Kiel/bind/named.conf.options.ORIG
new file mode 100644
index 0000000..af79758
--- /dev/null
+++ b/Kanzlei-Kiel/bind/named.conf.options.ORIG
@@ -0,0 +1,20 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/Kanzlei-Kiel/bind/rndc.key b/Kanzlei-Kiel/bind/rndc.key
new file mode 100644
index 0000000..645888f
--- /dev/null
+++ b/Kanzlei-Kiel/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "Crr3gVbUdjx7tI6XWVqDAQ==";
+};
diff --git a/Kanzlei-Kiel/bind/zones.rfc1918 b/Kanzlei-Kiel/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/Kanzlei-Kiel/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/Kanzlei-Kiel/chap-secrets.Kanzlei-Kiel b/Kanzlei-Kiel/chap-secrets.Kanzlei-Kiel
new file mode 100644
index 0000000..e712702
--- /dev/null
+++ b/Kanzlei-Kiel/chap-secrets.Kanzlei-Kiel
@@ -0,0 +1,10 @@
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+
+
+## - Zugang Arcor/Vodafone Kanzlei Axel
+## - DSL
+"ar0284280107" * "39457541"
+
+## - VDSL
+"vodafone-vdsl.komplett/ab3391185321" * "jhecfmvk"
diff --git a/Kanzlei-Kiel/check_net-logrotate.Kanzlei-Kiel b/Kanzlei-Kiel/check_net-logrotate.Kanzlei-Kiel
new file mode 100644
index 0000000..f0a557b
--- /dev/null
+++ b/Kanzlei-Kiel/check_net-logrotate.Kanzlei-Kiel
@@ -0,0 +1,10 @@
+/var/log/check_net.log
+{
+   rotate 7
+   daily
+   missingok
+   notifempty
+   copytruncate
+   delaycompress
+   compress
+}
diff --git a/Kanzlei-Kiel/check_net.service.Kanzlei-Kiel b/Kanzlei-Kiel/check_net.service.Kanzlei-Kiel
new file mode 100644
index 0000000..0eff326
--- /dev/null
+++ b/Kanzlei-Kiel/check_net.service.Kanzlei-Kiel
@@ -0,0 +1,16 @@
+[Unit]
+Description=Configure Routing for Internet Connections;
+After=network.target
+After=rc-local.service
+
+[Service]
+ExecStart=/usr/local/sbin/check_net.sh
+ExecStartPre=rm -rf /tmp/check_net.sh.LOCK
+ExecStopPost=rm -rf /tmp/check_net.sh.LOCK
+KillMode=control-group
+SendSIGKILL=yes
+TimeoutStopSec=2
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/Kanzlei-Kiel/check_net/check_net.conf b/Kanzlei-Kiel/check_net/check_net.conf
new file mode 100644
index 0000000..f12a6c3
--- /dev/null
+++ b/Kanzlei-Kiel/check_net/check_net.conf
@@ -0,0 +1,133 @@
+# - Configuration file for scrupts check_net.sh and netconfig.sh
+# -
+
+LOGGING_CONSOLE=false
+DEBUG=false
+
+# - Where are your scripts located?
+# -
+check_script=/usr/local/sbin/check_net.sh
+netconfig_script=/usr/local/sbin/netconfig.sh
+
+log_file=/var/log/check_net.log
+
+
+# - Put in your DSL devices (refers to your network configuration)
+# - youe wish be congigured by that script
+# -
+# - Notice:
+# -    If not using multiple default gatways, declare the list in the order of your 
+# -    preferred default gatway devices
+# -
+# -    Example:
+# -       _INITIAL_DEVICE_LIST="eth0:192.168.63.254 ppp-light"
+# -
+_INITIAL_DEVICE_LIST="ppp-ah"
+
+# - Set to "false" uses "0.0.0.0" as remote gateway instead of the real address
+# -
+USE_REMOTE_GATEWAY_ADDRESS=true
+#USE_REMOTE_GATEWAY_ADDRESS=false
+
+# - Set default gw (roundrobin)
+# -
+# - !! SET_MULTIPLE_DEFAULT_GW=true does not work for now..
+# -
+SET_MULTIPLE_DEFAULT_GW=false
+#SET_MULTIPLE_DEFAULT_GW=true
+
+
+# - Set to false uses "0.0.0.0" as default gateway adress instaed of real remote address
+# -
+USE_DEFAULT_GW_ADDRESS=true
+#USE_DEFAULT_GW_ADDRESS=false
+
+
+# - Hostnames for ping test
+# -
+# - Note: The first two reachable hosts will be used for ping test. 
+# -
+# - Space separated list
+# -
+PING_TEST_HOSTS="oopen.de google.com heise.de debian.org ubuntu.com"
+
+
+admin_email=root
+from_address="check-inet-devices@`hostname -f`"
+company="Kanzlei Kiel"
+content_type='Content-Type: text/plain;\n charset="utf-8"'
+
+
+# - rule_local_ips
+# -
+# - Add rule(s) for routing local ip-address(es) through a given extern interface
+# -
+# - Space separated list of entries '<ext-interface>:<local-ip>'
+# -    rule_local_ips="<ext-interface>:<local-ip> [<ext-interface>:<local-ip>] [.."
+# -
+# - Example:
+# - ========
+# - local ip 192.168.10.1 through extern interface ppp-st and 
+# - local ip 192.168.10.13 through extern interface ppp-surf1
+# -     rule_local_ips="ppp-st:192.168.10.1 ppp-surf1:192.168.10.13"
+# -
+rule_local_ips=""
+
+# - rule_remote_ips
+# -
+# - Add rule(s) for routing remote ip-address(es) through a given extern interface
+# -
+# - Space separated list of entries '<ext-interface>:<remote-ip>'
+# -    rule_remote_ips="<ext-interface>:<remote-ip> [<ext-interface>:<remote-ip>] [.."
+# -
+# - Example:
+# - ========
+# - route remote ip-address  141.1.1.1 through extern interface ppp-ckubu and 
+# - also route ip-address 8.8.8.8 through through extern interface ppp-ckubu
+# -     rule_remote_ips="ppp-ckubu:141.1.1.1 ppp-ckubu:8.8.8.8"
+# - 
+rule_remote_ips=""
+
+# - rule_local_nets
+# -
+# - Add rule(s) for routing local networks through a given extern interface out
+# -
+# - Space separated list of entries '<extern-interface>:<local-net>'
+# -    rule_local_nets="<extern-interface>:<local-net> [<extern-interface>:<local-net>] [.."
+# -
+# -
+# - Example:
+# - ========
+# -     rule_local_nets="ppp-st:192.168.11.0/25 ppp-surf1:192.168.11.128/25"
+# -
+rule_local_nets=""
+
+
+
+## ====================================
+## - Don't make changes after this Line
+## ====================================
+
+# ---
+# - Add rule(s) for routing local ip-address(es)
+# ---
+declare -a rule_local_ip_arr
+for _str in $rule_local_ips ; do
+   rule_local_ip_arr+=("$_str")
+done
+
+# ---
+# - Add rule(s) for routing remote ip-address(es)
+# ---
+declare -a rule_remote_ip_arr
+for _str in $rule_remote_ips ; do
+   rule_remote_ip_arr+=("$_str")
+done
+
+# ---
+# - Add rule(s) for routing local networks
+# ---
+declare -a rule_local_net_arr
+for _str in $rule_local_nets ; do
+   rule_local_net_arr+=("$_str")
+done
diff --git a/Kanzlei-Kiel/cron_root.Kanzlei-Kiel b/Kanzlei-Kiel/cron_root.Kanzlei-Kiel
new file mode 100644
index 0000000..aa277d3
--- /dev/null
+++ b/Kanzlei-Kiel/cron_root.Kanzlei-Kiel
@@ -0,0 +1,57 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.7DKfVy/crontab installed on Fri Mar 16 11:09:15 2018)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+## check forwarding ( /proc/sys/net/ipv4/ip_forward contains "1" )
+## if not set this entry to "1"
+##
+0-59/2 * * * * /root/bin/monitoring/check_forwarding.sh
+
+# - Check if ssh service is running. restart service if needed
+# -
+*/10 * * * * /root/bin/monitoring/check_ssh.sh
+
+## check if pppd is running and internet access works. if
+## not restart it
+##
+#*/10 * * * * /root/bin/check_inet.sh
+
+## check if openvpn is running if not restart the service
+##
+0-59/20 * * * * /root/bin/monitoring/check_vpn.sh
+
+## check if DynDNS ip is correct, adjust if needed
+## -
+15 * * * * /root/bin/monitoring/check_dyndns.sh anw-kiel.homelinux.org
+
+## - reconnect to internet
+## -
+13 6 * * * /root/bin/admin-stuff/reconnect_inet.sh ppp-ah dsl-ah
+
+## - Copy gateway configuration
+## -
+09 3 * * * /root/bin/manage-gw-config/copy_gateway-config.sh Kanzlei-Kiel
+
diff --git a/Kanzlei-Kiel/ddclient.conf.Kanzlei-Kiel b/Kanzlei-Kiel/ddclient.conf.Kanzlei-Kiel
new file mode 100644
index 0000000..383505a
--- /dev/null
+++ b/Kanzlei-Kiel/ddclient.conf.Kanzlei-Kiel
@@ -0,0 +1,14 @@
+# Configuration file for ddclient generated by debconf
+#
+# /etc/ddclient.conf
+
+protocol=dyndns2
+use=web, web=checkip.dyndns.com, web-skip='IP Address'
+server=members.dyndns.org
+login=ckubu
+password=7213b4e6178a11e6ab1362f831f6741e
+anw-kiel.homelinux.org
+
+ssl=yes
+mail=argus@oopen.de
+mail-failure=root
diff --git a/Kanzlei-Kiel/default_isc-dhcp-server.Kanzlei-Kiel b/Kanzlei-Kiel/default_isc-dhcp-server.Kanzlei-Kiel
new file mode 100644
index 0000000..ddad962
--- /dev/null
+++ b/Kanzlei-Kiel/default_isc-dhcp-server.Kanzlei-Kiel
@@ -0,0 +1,22 @@
+# Defaults for isc-dhcp-server initscript
+# sourced by /etc/init.d/isc-dhcp-server
+# installed at /etc/default/isc-dhcp-server by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPD_CONF=/etc/dhcp/dhcpd.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPD_PID=/var/run/dhcpd.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+#INTERFACES=""
+INTERFACESv4="eth0 eth1"
diff --git a/Kanzlei-Kiel/dhcpd.conf.Kanzlei-Kiel b/Kanzlei-Kiel/dhcpd.conf.Kanzlei-Kiel
new file mode 100644
index 0000000..845c8c4
--- /dev/null
+++ b/Kanzlei-Kiel/dhcpd.conf.Kanzlei-Kiel
@@ -0,0 +1,226 @@
+#
+# Configuration file for ISC dhcpd for Debian
+#
+#
+
+
+# ==========
+# - Global  statements
+# ==========
+
+# option definitions common to all supported networks...
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.100.255;
+
+option domain-name "kanzlei-kiel.netz";
+option domain-name-servers nscache.kanzlei-kiel.netz;
+
+default-lease-time 86400;
+max-lease-time 259200;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# - DHCP failover primary
+# -
+failover peer "dhcp-failover" {
+   primary; # declare this to be the primary server
+   address 192.168.100.254;
+   port 647;
+   peer address 192.168.100.10;
+   peer port 647;
+   max-response-delay 30;
+   max-unacked-updates 10;
+   mclt 360;
+   split 128;
+   load balance max seconds 3;
+}
+
+
+## - DHCP failover secondary
+## -
+#failover peer "dhcp-failover" {
+#   secondary; # declare this to be the secondary server
+#   address 192.168.100.10;
+#   port 647;
+#   peer address 192.168.100.254;
+#   peer port 647;
+#   max-response-delay 30;
+#   max-unacked-updates 10;
+#   load balance max seconds 3;
+#}
+
+
+shared-network lan {
+
+   subnet 192.168.100.0 netmask 255.255.255.0 {
+
+      # --- 192.168.100.128/26 ---
+      # network address....: 192.168.100.128
+      # Broadcast address..: 192.168.100.191
+      # netmask............: 255.255.255.192
+      # network range......: 192.168.100.129 - 192.168.100.191
+      # Usable range.......: 192.168.100.128 - 192.168.100.190
+
+      option domain-name "kanzlei-kiel.netz";
+      option subnet-mask 255.255.255.0;
+      option broadcast-address 192.168.100.255;
+      option domain-name-servers 192.168.100.1;
+      option routers 192.168.100.254;
+      default-lease-time 86400;
+      max-lease-time 259200;
+      pool {
+         failover peer "dhcp-failover";
+         range 192.168.100.129 192.168.100.190;
+      }
+   }
+
+   # - No dynamic range for network 172.16.101.0
+   subnet 172.16.101.0 netmask 255.255.255.0 {
+      option domain-name "kanzlei-kiel.netz";
+      option subnet-mask 255.255.255.0;
+      option broadcast-address 172.16.101.255;
+      option domain-name-servers 172.16.101.254;
+      option routers 172.16.101.254;
+      default-lease-time 86400;
+      max-lease-time 259200;
+   }
+
+}
+
+
+subnet 192.168.101.0 netmask 255.255.255.0 {
+
+   # --- 192.168.100.128/26 ---
+   # network address....: 192.168.101.128
+   # Broadcast address..: 192.168.101.191
+   # netmask............: 255.255.255.192
+   # network range......: 192.168.101.129 - 192.168.101.191
+   # Usable range.......: 192.168.101.128 - 192.168.101.190
+
+   range 192.168.101.129 192.168.101.190;
+   option domain-name "kanzlei-kiel.netz";
+   option subnet-mask 255.255.255.0;
+   option broadcast-address 192.168.101.255;
+   option domain-name-servers 192.168.100.1;
+   option routers 192.168.101.254;
+   default-lease-time 86400;
+   max-lease-time 259200;
+
+}
+
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+# - No DHCP service on network 172.16.101.0
+subnet 172.16.100.0 netmask 255.255.255.0 {
+}
+
+# ==========
+# - Hosts statements
+# ==========
+
+# ---
+# - LAN
+# ---
+
+include "/etc/dhcp/hosts.lan.conf";
+
+
+# ---
+# - W-LAN
+# ---
+
+include "/etc/dhcp/hosts.w-lan.conf";
+
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/Kanzlei-Kiel/dhcpd6.conf.Kanzlei-Kiel b/Kanzlei-Kiel/dhcpd6.conf.Kanzlei-Kiel
new file mode 100644
index 0000000..0efe187
--- /dev/null
+++ b/Kanzlei-Kiel/dhcpd6.conf.Kanzlei-Kiel
@@ -0,0 +1,65 @@
+
+ddns-update-style none;
+
+default-lease-time 86400;
+max-lease-time 259200;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+subnet6 2001:6f8:107e:63::/64 {
+   # Range for clients
+   range6 2001:6f8:107e:63::a000 2001:6f8:107e:63::afff;
+
+   option dhcp6.name-servers 2001:6f8:107e:63::1;
+   option dhcp6.domain-search "local.netz";
+}
+
+
+subnet6 2001:6f8:107e:64::/64 {
+   # Range for clients
+   range6 2001:6f8:107e:64::a000 2001:6f8:107e:64::afff;
+
+   option dhcp6.name-servers 2001:6f8:107e:63::1;
+   option dhcp6.domain-search "local.netz";
+}
+
+## - LAN
+
+host devil {
+   host-identifier option dhcp6.client-id 0:1:0:1:19:9d:89:4e:5c:33:37:37:35:1:e9:3;
+   fixed-address6 2001:6f8:107e:63::90;
+}
+#host devil {
+#   hardware ethernet 5c:ff:35:01:e9:03;
+#   fixed-address6 2001:6f8:107e:63::90;
+#}
+
+host sol {
+   host-identifier option dhcp6.client-id 00:01:00:01:19:9d:60:28:1c:6f:65:97:4a:9d;
+   fixed-address6 2001:6f8:107e:63::40;
+}
+
+host luna {
+   host-identifier option dhcp6.client-id 0:4:6:d5:8d:ca:ef:18:64:e0:52:e:9c:99:d8:3a:e7:a6;
+   fixed-address6 2001:6f8:107e:63::20;
+}
+
+host so36-back {
+   host-identifier option dhcp6.client-id 00:01:00:01:19:c1:cc:58:00:25:90:d1:c4:e2;
+   fixed-address6 2001:6f8:107e:63::70;
+}
+
+
+## - WLAN
+
+## devil wireless device
+host devil1 {
+   host-identifier option dhcp6.client-id 0:1:0:1:19:9d:89:4e:0:24:37:37:d7:24:dc:6c;
+   fixed-address6 2001:6f8:107e:64::90;
+}
diff --git a/Kanzlei-Kiel/email_notice.Kanzlei-Kiel b/Kanzlei-Kiel/email_notice.Kanzlei-Kiel
new file mode 100755
index 0000000..a11e8d3
--- /dev/null
+++ b/Kanzlei-Kiel/email_notice.Kanzlei-Kiel
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
+
+
+file=/tmp/mail_ip-up$$
+admin_email=argus@oopen.de
+
+from_address=ip-up_gw-ah@oopen.de
+from_name="ip-up - Kanzlei Kiel"
+host=`hostname -f`
+
+echo "" > $file
+echo " *************************************************************" >> $file
+echo " *** This is an autogenerated mail from $host ***" >> $file
+echo "" >> $file
+echo " I brought up the ppp-daemon with the following" >> $file
+echo -e " parameters:\n" >> $file
+echo -e "\tInterface name...............: $PPP_IFACE" >> $file
+echo -e "\tThe tty......................: $PPP_TTY" >> $file
+echo -e "\tThe link speed...............: $PPP_SPEED" >> $file
+echo -e "\tLocal IP number..............: $PPP_LOCAL" >> $file
+echo -e "\tPeer  IP number..............: $PPP_REMOTE" >> $file
+if [ "$USEPEERDNS" ] && [ "$DNS1" ] ; then
+   echo -e "\tNameserver 1.................: $DNS1" >> $file
+   if [ "$DNS2" ] ; then
+      echo -e "\tNameserver 2.................: $DNS2" >> $file
+   fi
+fi
+
+
+echo -e "\tOptional \"ipparam\" value.....: $PPP_IPPARAM" >> $file
+echo "" >> $file
+echo -e "\tDate.........................: `date +\"%d.%m.%Y\"`" >> $file
+echo -e "\tTime.........................: `date +\"%H:%M:%S\"`" >> $file
+echo "" >> $file
+echo " **************************************************************" >> $file
+
+echo -e "To:${admin_email}\nSubject:$PPP_LOCAL\n`cat $file`" | /usr/sbin/sendmail -F "$from_name" -f $from_address $admin_email
+
+rm -f $file
+
diff --git a/Kanzlei-Kiel/generic.Kanzlei-Kiel b/Kanzlei-Kiel/generic.Kanzlei-Kiel
new file mode 100644
index 0000000..effff59
--- /dev/null
+++ b/Kanzlei-Kiel/generic.Kanzlei-Kiel
@@ -0,0 +1,3 @@
+root@gw-ah.kanzlei-kiel.netz      root_gw-ah@oopen.de
+cron@gw-ah.kanzlei-kiel.netz      cron_gw-ah@oopen.de
+@gw-ah.kanzlei-kiel.netz          other_gw-ah@oopen.de
diff --git a/Kanzlei-Kiel/generic.db.Kanzlei-Kiel b/Kanzlei-Kiel/generic.db.Kanzlei-Kiel
new file mode 100644
index 0000000..b872e0a
Binary files /dev/null and b/Kanzlei-Kiel/generic.db.Kanzlei-Kiel differ
diff --git a/Kanzlei-Kiel/hostname.Kanzlei-Kiel b/Kanzlei-Kiel/hostname.Kanzlei-Kiel
new file mode 100644
index 0000000..b1b1d30
--- /dev/null
+++ b/Kanzlei-Kiel/hostname.Kanzlei-Kiel
@@ -0,0 +1 @@
+gw-ah
diff --git a/Kanzlei-Kiel/hosts.Kanzlei-Kiel b/Kanzlei-Kiel/hosts.Kanzlei-Kiel
new file mode 100644
index 0000000..9ee2e20
--- /dev/null
+++ b/Kanzlei-Kiel/hosts.Kanzlei-Kiel
@@ -0,0 +1,10 @@
+127.0.0.1	localhost
+#127.0.1.1	gw-ah.local.netz	gw-ah
+192.168.100.254 gw-ah.kanzlei-kiel.netz gw-ah
+
+# The following lines are desirable for IPv6 capable hosts
+::1     ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/Kanzlei-Kiel/hosts.lan.conf.Kanzlei-Kiel b/Kanzlei-Kiel/hosts.lan.conf.Kanzlei-Kiel
new file mode 100644
index 0000000..ab51338
--- /dev/null
+++ b/Kanzlei-Kiel/hosts.lan.conf.Kanzlei-Kiel
@@ -0,0 +1,109 @@
+
+# ==========
+# - LAN
+# ==========
+
+# ---
+# - Server
+# ---
+
+# - Fileserver
+host file-ah {
+   hardware ethernet 00:25:90:52:C6:FE;
+   fixed-address file-ah.kanzlei-kiel.netz;
+}
+
+# - IPMI Fileserver
+host file-ipmi {
+   hardware ethernet 00:25:90:52:c6:37;
+   fixed-address file-ipmi.kanzlei-kiel.netz;
+}
+
+# - Windoes 7 Professional (KVM on Fileserver)
+host file-win7 {
+   #hardware ethernet 52:54:00:5C:79:DC;
+   hardware ethernet 52:54:00:b2:aa:2f;
+   fixed-address file-win7.kanzlei-kiel.netz;
+}
+host file-win7-clone {
+   #hardware ethernet 52:54:00:5C:79:DC;
+   hardware ethernet 52:54:00:89:88:ef;
+   fixed-address file-win7.kanzlei-kiel.netz;
+}
+
+# ---
+# - Drucker
+# ---
+
+# Laserdrucker Kyocera FS-2020D
+host kyocera-fs-2020d {
+   hardware ethernet 00:C0:EE:6B:46:C4 ;
+   fixed-address kyocera-fs-2020d.kanzlei-kiel.netz;
+}
+# Multifunktions Drucker Kyocera TASKalfa 3051ci
+host kyocera-taskalfa-3051ci {
+   hardware ethernet 00:C0:EE:19:79:FA ;
+   fixed-address kyocera-taskalfa-3051ci.kanzlei-kiel.netz;
+}
+# Laserdrucker Kyocera FS-2100DN
+host kyocera-fs-2100dn {
+   hardware ethernet 00:C0:EE:98:1D:DA ;
+   fixed-address kyocera-fs-2100dn.kanzlei-kiel.netz;
+}
+
+
+# ---
+# - Accesspoints
+# ---
+
+# - Accesspoint (UniFi AP-AC-LR)
+host unify-ap  {
+   hardware ethernet 44:d9:e7:f6:58:e5 ;
+   fixed-address unify-ap.kanzlei-kiel.netz;
+}
+
+
+# ---
+# - Buero PC's
+# ---
+
+host axel {
+   #hardware ethernet 00:1b:21:91:e9:2e;
+   hardware ethernet 94:de:80:04:8c:a8;
+   fixed-address axel.kanzlei-kiel.netz;
+}
+host zk {
+   hardware ethernet 00:15:f2:5e:58:af;
+   fixed-address zk.kanzlei-kiel.netz;
+}
+host shuttle {
+   hardware ethernet 80:ee:73:c5:e7:b7;
+   #hardware ethernet 80:ee:73:c5:e7:b8;
+   fixed-address shuttle.kanzlei-kiel.netz;
+}
+host dokumentenscannerrechner {
+   hardware ethernet 90:e6:ba:81:1c:dd;
+   fixed-address dokumentenscannerrechner.kanzlei-kiel.netz;
+}
+host buerozwei {
+   hardware ethernet  00:0b:6a:8f:ac:de;
+   fixed-address buerozwei.kanzlei-kiel.netz;
+}
+host buero-doro {
+   hardware ethernet 74:d4:35:54:c3:33 ;
+   fixed-address buero-doro.kanzlei-kiel.netz;
+}
+host buerooben {
+   hardware ethernet  00:24:21:a9:36:88;
+   fixed-address buerooben.kanzlei-kiel.netz;
+}
+host laptop-doro {
+   hardware ethernet c8:0a:a9:05:7f:c6 ;
+   fixed-address laptop-doro.kanzlei-kiel.netz;
+}
+
+# - ckubu laptop (devil) LAN (eth0)
+host devil {
+   hardware ethernet 5c:ff:35:01:e9:03;
+   fixed-address devil.kanzlei-kiel.netz;
+}
diff --git a/Kanzlei-Kiel/hosts.w-lan.conf.Kanzlei-Kiel b/Kanzlei-Kiel/hosts.w-lan.conf.Kanzlei-Kiel
new file mode 100644
index 0000000..1398704
--- /dev/null
+++ b/Kanzlei-Kiel/hosts.w-lan.conf.Kanzlei-Kiel
@@ -0,0 +1,11 @@
+
+# ==========
+# - W-LAN
+# ==========
+
+# - ckubu laptop (devil) WLAN (wlan0)
+host devil-wlan {
+   hardware ethernet 00:24:d7:24:dc:6c;
+   fixed-address devil-wlan.kanzlei-kiel.netz;
+}
+
diff --git a/Kanzlei-Kiel/igmpproxy.conf.Kanzlei-Kiel b/Kanzlei-Kiel/igmpproxy.conf.Kanzlei-Kiel
new file mode 100644
index 0000000..9f6e290
--- /dev/null
+++ b/Kanzlei-Kiel/igmpproxy.conf.Kanzlei-Kiel
@@ -0,0 +1,75 @@
+########################################################
+#
+#   Example configuration file for the IgmpProxy
+#   --------------------------------------------
+#
+#   The configuration file must define one upstream
+#   interface, and one or more downstream interfaces.
+#
+#   If multicast traffic originates outside the
+#   upstream subnet, the "altnet" option can be
+#   used in order to define legal multicast sources.
+#   (Se example...)
+#
+#   The "quickleave" should be used to avoid saturation
+#   of the upstream link. The option should only
+#   be used if it's absolutely nessecary to
+#   accurately imitate just one Client.
+#
+########################################################
+
+##------------------------------------------------------
+## Enable Quickleave mode (Sends Leave instantly)
+##------------------------------------------------------
+quickleave
+
+
+##------------------------------------------------------
+## Configuration for eth0 (Upstream Interface)
+##------------------------------------------------------
+#phyint eth0 upstream  ratelimit 0  threshold 1
+#        altnet 10.0.0.0/8 
+#        altnet 192.168.0.0/24
+##------------------------------------------------------
+## Configuration for ppp0 (Upstream Interface)
+##------------------------------------------------------
+#phyint ppp0 upstream  ratelimit 0  threshold 1
+phyint eth2.8 upstream  ratelimit 0  threshold 1
+        altnet 217.0.119.194/24
+        altnet 193.158.35.0/24;
+        altnet 239.35.100.6/24;
+        altnet 93.230.64.0/19;
+        altnet 192.168.63.0/24;
+        #
+        #altnet 192.168.63.5/32;
+        #altnet 192.168.63.40/32;
+
+
+##------------------------------------------------------
+## Configuration for eth1 (Downstream Interface)
+##------------------------------------------------------
+#phyint br0 downstream  ratelimit 0  threshold 1
+phyint eth1 downstream  ratelimit 0  threshold 1
+        # IP der TV-Box
+        altnet 192.168.63.0/24;
+        #altnet 192.168.63.5/32;
+        #altnet 192.168.63.40/32;
+
+
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+#phyint eth2 disabled
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+phyint eth0 disabled
+phyint eth2 disabled
+phyint eth2.7 disabled
+phyint eth1:0 disabled
+phyint eth1:wf disabled
+phyint ppp0 disabled
+phyint tun0 disabled
+phyint lo disabled
+
+
diff --git a/Kanzlei-Kiel/interfaces.Kanzlei-Kiel b/Kanzlei-Kiel/interfaces.Kanzlei-Kiel
new file mode 100644
index 0000000..e59430e
--- /dev/null
+++ b/Kanzlei-Kiel/interfaces.Kanzlei-Kiel
@@ -0,0 +1,71 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+#-----------------------------
+# lo - loopback interface
+#-----------------------------
+auto lo
+iface lo inet loopback
+
+
+#-----------------------------
+# eth0 - WLAN
+#-----------------------------
+
+auto eth0
+iface eth0 inet static
+   address 192.168.101.254
+   network 192.168.101.0
+   netmask 255.255.255.0
+   broadcast 192.168.101.255
+
+
+#-----------------------------
+# eth1 - LAN
+#-----------------------------
+
+auto eth1 eth1:0
+iface eth1 inet static
+   address 192.168.100.254
+   network 192.168.100.0
+   netmask 255.255.255.0
+   broadcast 192.168.100.255
+iface eth1:0 inet static
+   address 192.168.100.1
+   network 192.168.100.1
+   netmask 255.255.255.255
+   broadcast 192.168.100.1
+
+auto eth1:ap
+iface eth1:ap inet static
+   address 172.16.101.254
+   network 172.16.101.0
+   netmask 255.255.255.0
+   broadcast 172.16.101.255
+   # - Subnetworks accesspoints
+   # -
+   # - 172.16.101.1 - TP-Link WA801ND (Accesspoint)
+   # -
+   post-up /sbin/route add -net 172.16.102.0/24 gw 172.16.101.1
+
+
+
+#-----------------------------
+# eth2 - WAN
+#-----------------------------
+
+auto eth2
+iface eth2 inet static
+   address 172.16.100.1
+   network 172.16.100.0
+   netmask 255.255.255.0
+   broadcast 172.16.100.255
+   post-up vconfig add eth2 7
+   post-down vconfig rem eth2.7
+
+auto dsl-ah
+iface dsl-ah inet ppp
+   pre-up /sbin/ifconfig eth2 up # line maintained by pppoeconf
+   pre-up /sbin/ifconfig eth2.7 up # line maintained by pppoeconf
+   provider dsl-ah
+
diff --git a/Kanzlei-Kiel/ipt-firewall.service.Kanzlei-Kiel b/Kanzlei-Kiel/ipt-firewall.service.Kanzlei-Kiel
new file mode 100644
index 0000000..9842090
--- /dev/null
+++ b/Kanzlei-Kiel/ipt-firewall.service.Kanzlei-Kiel
@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+SyslogIdentifier="ipt-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/Kanzlei-Kiel/ipt-firewall/default_ports.conf b/Kanzlei-Kiel/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..a6ee932
--- /dev/null
+++ b/Kanzlei-Kiel/ipt-firewall/default_ports.conf
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/Kanzlei-Kiel/ipt-firewall/include_functions.conf b/Kanzlei-Kiel/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/Kanzlei-Kiel/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/Kanzlei-Kiel/ipt-firewall/interfaces_ipv4.conf b/Kanzlei-Kiel/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..160e178
--- /dev/null
+++ b/Kanzlei-Kiel/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1="ppp-ah"
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="eth0"
+local_if_2="eth1"
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/Kanzlei-Kiel/ipt-firewall/ipt-firewall-gateway.conf b/Kanzlei-Kiel/ipt-firewall/ipt-firewall-gateway.conf
new file mode 100644
index 0000000..ed4901b
--- /dev/null
+++ b/Kanzlei-Kiel/ipt-firewall/ipt-firewall-gateway.conf
@@ -0,0 +1,1627 @@
+#!/usr/bin/env bash
+
+## - Configuration file for firewall script IPv4
+## -    ipt-firewall-gateway
+## -    ipt-firewall-flush
+## -
+
+#######################################################################
+# -------------------------- Configuration -------------------------- #
+
+# =============
+# --- Define programs
+# =============
+
+ipt=/sbin/iptables
+tc=/sbin/tc
+
+
+# =============
+# -  Load Kernel Modules
+# =============
+
+/sbin/modprobe ip_tables > /dev/null 2>&1
+/sbin/modprobe iptable_nat > /dev/null 2>&1
+/sbin/modprobe iptable_filter > /dev/null 2>&1
+/sbin/modprobe iptable_mangle > /dev/null 2>&1
+/sbin/modprobe iptable_raw > /dev/null 2>&1
+
+/sbin/modprobe nf_conntrack > /dev/null 2>&1
+/sbin/modprobe nf_nat > /dev/null 2>&1
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+# - Load module for FTP Connection tracking and NAT
+# -
+/sbin/modprobe nf_conntrack_ftp > /dev/null 2>&1
+/sbin/modprobe nf_nat_ftp > /dev/null 2>&1
+
+# - Load modules for SIP VOIP
+# -
+/sbin/modprobe nf_conntrack_sip > /dev/null 2>&1
+/sbin/modprobe nf_nat_sip > /dev/null 2>&1
+
+
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=true
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
+
+
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1="ppp-ah"
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="eth0"
+local_if_2="eth1"
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
+
+
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_cups_port=631
+standard_print_port=9100
+standard_remote_console_port=5900
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - Here: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks="172.16.102.0/24"
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16:192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+separate_local_networks="172.16.102.0/24"
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+local_vpn_service=true
+
+# - Blank separated list of ports
+# -
+vpn_gw_ports="1194 1195"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+declare -A vpn_server_dmz_arr
+#vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+vpn_local_net_ports="1194"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - DHCP Server Gateway
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips="192.168.100.10"
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+local_ssh_service=true
+
+# - SSH Ports
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+local_http_service=false
+
+# - HTTP(S) Services only locale Networks
+# -
+# - Kyocera TASKaifa 3051ci:  192.168.100.100
+# - kyocera-fs-2100dn:        192.168.100.189
+# -
+# - Blank separated list of ipv4-addresses
+# -
+http_server_only_local_ips="192.168.100.100
+                            192.168.100.189
+                            172.16.101.1"
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+declare -A http_server_dmz_arr
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+declare -A http_ssl_server_dmz_arr
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+#local_mail_service=false
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+mail_user_ports="$standard_mailuser_ports"
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+# - Blank separated list of ipv4-addresses
+# -
+samba_server_local_ips="192.168.100.10"
+
+# - Samba Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A samba_server_dmz_arr
+#samba_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+# - Blank separated list of ipv4-addresses
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+snmp_port="161"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Comma separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port=1984
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+munin_local_server_ips=""
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+#munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips="192.168.100.0/24"
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - Notice:
+# -    The Accesspoint IP is not needed (i think so), because the 
+# -    AP uses port 8080 for cummunication with the controller, and
+# -    this port will be configured with the rules concerning the 
+# -    controllers.
+# -
+# - again: setting unifi_ap_local_ips is not needed
+#unifi_ap_local_ips="192.168.64.50"
+
+unifi_controller_gateway_ips="192.168.100.254"
+unify_controller_local_net_ips=""
+unify_controller_ports="8080,8443"
+
+provide_hotspot=true
+hotspot_ports="8880,8843"
+
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - Blank seoarated list
+# -
+ipmi_server_ips="192.168.100.11 172.16.100.15"
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_port=623
+ipmi_tcp_ports="623 3520"
+
+
+# =============
+# - Protocols Out for give src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+local_rsync_out=false
+rsync_out_ips=""
+rsync_ports="873"
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips=""
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Example:
+# -
+# -    172.16.101.1: Accesspoint TP-Link TL-WA801ND (büro zebra)
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+#masquerade_tcp_cons="192.168.63.0/24:192.168.64.55:80:${local_if_1}"
+masquerade_tcp_con="192.168.63.0/24:172.16.101.1:80:${local_if_1}
+                    10.0.100.0/24:172.16.101.1:80:${local_if_1}"
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22 $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+portforward_tcp=""
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094 $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=false
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=true
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=true
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+#blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14"
+blocked_ips=""
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
+
+# ----------------------- End: Configuration ----------------------- #
+######################################################################
+
+
+## ====================================
+## - Don't make changes after this Line
+## ====================================
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Gateway
+# ---
+declare -a gateway_address_arr
+read -a gateway_address_arr <<<$(ifconfig | grep "inet Ad" | awk '{print$2}' | cut -d':' -f2)
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
+
+# =============
+# --- Some functions
+# =============
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   echo -e "\033[75G[ \033[32mdone\033[m ]"
+}
+echo_ok() {
+   echo -e "\033[75G[ \033[32mok\033[m ]"
+}
+echo_warning() {
+   echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+}
+echo_failed(){
+   echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+}
+echo_skipped() {
+   echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]"
+}
+
+
+fatal (){
+   echo ""
+   echo -e "fatal Error: $*"
+   echo ""
+   echo -e "\t\033[31m\033[1mScript will be interrupted..\033[m\033[m"
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   echo ""
+}
+
+warn (){
+   echo ""
+   echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   echo ""
+}
+
+info (){
+   echo ""
+   echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/Kanzlei-Kiel/ipt-firewall/load_modules_ipv4.conf b/Kanzlei-Kiel/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/Kanzlei-Kiel/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/Kanzlei-Kiel/ipt-firewall/load_modules_ipv6.conf b/Kanzlei-Kiel/ipt-firewall/load_modules_ipv6.conf
new file mode 100644
index 0000000..2c55689
--- /dev/null
+++ b/Kanzlei-Kiel/ipt-firewall/load_modules_ipv6.conf
@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle
diff --git a/Kanzlei-Kiel/ipt-firewall/logging_ipv4.conf b/Kanzlei-Kiel/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..e653972
--- /dev/null
+++ b/Kanzlei-Kiel/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/Kanzlei-Kiel/ipt-firewall/logging_ipv6.conf b/Kanzlei-Kiel/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..a024215
--- /dev/null
+++ b/Kanzlei-Kiel/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/Kanzlei-Kiel/ipt-firewall/main_ipv4.conf b/Kanzlei-Kiel/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..ab65462
--- /dev/null
+++ b/Kanzlei-Kiel/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1348 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+read -a gateway_ipv4_address_arr <<<$(ifconfig | grep "inet Ad" | awk '{print$2}' | cut -d':' -f2)
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks="172.16.102.0/24"
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# - =====
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                    86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip=""
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks="172.16.102.0/24"
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips="192.168.100.10"
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - Kyocera TASKaifa 3051ci:  192.168.100.100
+# - kyocera-fs-2100dn:        192.168.100.189
+# -
+# - Blank separated list
+# -
+http_server_only_local_ips="192.168.100.100
+                            192.168.100.189
+                            172.16.101.1"
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - SMTP server (i.e. mail relay service) Gateway
+# -
+local_smtp_service=true
+
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+# - Blank separated list
+# -
+samba_server_local_ips="192.168.100.10"
+
+# - Samba Service DMZ
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips="192.168.100.0/24"
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=true
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - Blank seoarated list
+# -
+ipmi_server_ips="192.168.100.11 172.16.100.15"
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_port=623
+ipmi_tcp_ports="623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - Blank separated list
+# -
+printer_ips="192.168.100.100
+             192.168.100.189"
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips=""
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade (NAT) networks
+# -
+# -    nat_networks="<src-network>:<output-device> [<src-network>:<output-device>] [.."
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -    nat_network="172.16.1.0/24:${local_if_2}
+# -                 172.16.63.0/24:${ext_if_static_1}"
+# -
+# - 172.16.1.0/24    Rescue network (routers)
+# -
+nat_networks=""
+
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+# -    172.16.101.1: Accesspoint TP-Link TL-WA801ND (büro zebra)
+# -
+# - Blank separated list
+# -
+masquerade_tcp_cons="192.168.63.0/24:172.16.101.1:80:${local_if_1}
+                     10.0.100.0/24:172.16.101.1:80:${local_if_1}"
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# - Blank separated list
+# -
+portforward_tcp=""
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp="$vpn_ifs:49909:192.168.100.101:9"
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+allow_cisco_vpn_out=false
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=false
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=true
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=true
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips=""
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/Kanzlei-Kiel/ipt-firewall/post_decalrations.conf b/Kanzlei-Kiel/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..7d0e9bf
--- /dev/null
+++ b/Kanzlei-Kiel/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/Kanzlei-Kiel/mailname.Kanzlei-Kiel b/Kanzlei-Kiel/mailname.Kanzlei-Kiel
new file mode 100644
index 0000000..f341bba
--- /dev/null
+++ b/Kanzlei-Kiel/mailname.Kanzlei-Kiel
@@ -0,0 +1 @@
+gw-ah.kanzlei-kiel.netz
diff --git a/Kanzlei-Kiel/main.cf.Kanzlei-Kiel b/Kanzlei-Kiel/main.cf.Kanzlei-Kiel
new file mode 100644
index 0000000..3049622
--- /dev/null
+++ b/Kanzlei-Kiel/main.cf.Kanzlei-Kiel
@@ -0,0 +1,269 @@
+# ============ Basic settings ============
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+
+## - The Internet protocols Postfix will attempt to use when making 
+## - or accepting connections.
+## - DEFAULT: ipv4
+inet_protocols = ipv4
+
+#inet_interfaces = all
+inet_interfaces =
+   127.0.0.1
+   192.168.100.254
+
+myhostname = gw-ah.kanzlei-kiel.netz
+
+mydestination =
+   gw-ah.kanzlei-kiel.netz
+   localhost
+
+## - The list of "trusted" SMTP clients that have more 
+## - privileges than "strangers"
+## -
+mynetworks =
+   127.0.0.0/8
+   192.168.100.0/24
+   #192.168.100.254/32
+
+#smtp_bind_address = 192.168.100.254
+#smtp_bind_address6 = 
+
+
+## - The method to generate the default value for the mynetworks parameter.
+## -
+## -   mynetworks_style = host" when Postfix should "trust" only the local machine
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -                       clients in the same IP subnetworks as the local machine.
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -                      IP class A/B/C networks as the local machine.
+## -
+#mynetworks_style = host
+
+
+## - The maximal size of any local(8) individual mailbox or maildir file, 
+## - or zero (no limit). In fact, this limits the size of any file that is 
+## - written to upon local delivery, including files written by external 
+## - commands that are executed by the local(8) delivery agent. 
+## -
+mailbox_size_limit = 0
+
+## - The maximal size in bytes of a message, including envelope information.
+## -
+## - we user 50MB
+## -
+message_size_limit = 52480000
+
+## - The system-wide recipient address extension delimiter
+## -
+recipient_delimiter = +
+
+## - The alias databases that are used for local(8) delivery.
+## -
+alias_maps =
+   hash:/etc/aliases
+
+## - The alias databases for local(8) delivery that are updated 
+## - with "newaliases" or with "sendmail -bi". 
+## -
+alias_database =
+   hash:/etc/aliases
+
+
+## - The maximal time a message is queued before it is sent back as 
+## - undeliverable. Defaults to 5d (5 days)
+## - Specify 0 when mail delivery should be tried only once.
+## - 
+maximal_queue_lifetime = 3d
+bounce_queue_lifetime = $maximal_queue_lifetime
+
+## - delay_warning_time (default: 0h)
+## -
+## - The time after which the sender receives a copy of the message 
+## - headers of mail that is still queued. To enable this feature, 
+## - specify a non-zero time value (an integral value plus an optional 
+## - one-letter suffix that specifies the time unit). 
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
+## - The default time unit is h (hours). 
+delay_warning_time = 1d
+
+
+
+# ============ Relay parameters ============
+
+#relayhost =
+
+
+# ============ SASL authentication ============
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+
+
+
+# ============ TLS parameters ============
+
+## - Aktiviert TLS für den Mailempfang
+## -
+## - may:
+## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - SMTP server, otherwise use plaintext
+## -
+## - This overrides the obsolete parameters smtpd_use_tls and 
+## - smtpd_enforce_tls. This parameter is ignored with 
+## - "smtpd_tls_wrappermode = yes".
+#smtpd_use_tls=yes
+smtp_tls_security_level=encrypt
+
+## - Aktiviert TLS für den Mailversand
+## -
+## - may:
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - but do not require that clients use TLS encryption.
+# smtp_use_tls=yes
+smtpd_tls_security_level=may
+
+## -    0 Disable logging of TLS activity. 
+## -    1 Log TLS handshake and certificate information. 
+## -    2 Log levels during TLS negotiation. 
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
+
+smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
+smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
+## -
+smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
+## - also possible to use 2048 key with that parameter
+## -
+#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
+## -
+smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
+
+
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
+## - server certificates or intermediate CA certificates. These are loaded into 
+## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
+## - 
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - necessary "hash" links with, for example, "
+## - /bin/c_rehash /etc/postfix/certs". 
+## -
+## - !! Note !!
+## - To use this option in chroot mode, this directory (or a copy) must be inside 
+## - the chroot jail. 
+## -
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - queue directory (/var/spool/postfix)
+## -
+#smtpd_tls_CApath = /etc/postfix/certs
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP server 
+# 
+# List of TLS protocols that the Postfix SMTP server will exclude or  
+# include with opportunistic TLS encryption.  
+smtpd_tls_protocols = !SSLv2, !SSLv3
+# 
+# The SSL/TLS protocols accepted by the Postfix SMTP server  
+# with mandatory TLS encryption. 
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP client 
+#  
+# List of TLS protocols that the Postfix SMTP client will exclude or  
+# include with opportunistic TLS encryption.  
+smtp_tls_protocols = !SSLv2, !SSLv3
+# 
+# List of SSL/TLS protocols that the Postfix SMTP client will use  
+# with mandatory TLS encryption 
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
+## -    openssl > 1.0
+## -
+smtpd_tls_eecdh_grade = strong
+
+# standard list cryptographic algorithm
+tls_preempt_cipherlist = yes
+
+# Disable ciphers which are less than 256-bit:
+#
+#smtpd_tls_mandatory_ciphers = high
+#
+# opportunistic
+smtpd_tls_ciphers = high
+
+
+# Exclude ciphers
+#smtpd_tls_exclude_ciphers =
+#   RC4
+#   aNULL
+#   SEED-SHA
+#   EXP
+#   MD5
+smtpd_tls_exclude_ciphers =
+   aNULL
+   eNULL
+   EXPORT
+   DES
+   RC4
+   MD5
+   PSK
+   aECDH
+   EDH-DSS-DES-CBC3-SHA
+   EDH-RSA-DES-CDC3-SHA
+   KRB5-DE5, CBC3-SHA
+
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
diff --git a/Kanzlei-Kiel/openvpn/ccd/.wh..wh..opq b/Kanzlei-Kiel/openvpn/ccd/.wh..wh..opq
new file mode 100644
index 0000000..e69de29
diff --git a/Kanzlei-Kiel/openvpn/ccd/server-gw-ckubu/VPN-Kanzlei-Kiel-gw-ckubu b/Kanzlei-Kiel/openvpn/ccd/server-gw-ckubu/VPN-Kanzlei-Kiel-gw-ckubu
new file mode 100644
index 0000000..e0bc4e9
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/ccd/server-gw-ckubu/VPN-Kanzlei-Kiel-gw-ckubu
@@ -0,0 +1,7 @@
+ifconfig-push 10.1.100.2 255.255.255.0
+push "route 192.168.100.0 255.255.255.0 10.1.100.1"
+push "route 192.168.101.0 255.255.255.0 10.1.100.1"
+push "route 172.16.101.0 255.255.255.0 10.1.100.1"
+push "route 172.16.102.0 255.255.255.0 10.1.100.1"
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0
diff --git a/Kanzlei-Kiel/openvpn/ccd/server-home/VPN-Kanzlei-Kiel-axel b/Kanzlei-Kiel/openvpn/ccd/server-home/VPN-Kanzlei-Kiel-axel
new file mode 100644
index 0000000..7d662e9
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/ccd/server-home/VPN-Kanzlei-Kiel-axel
@@ -0,0 +1 @@
+ifconfig-push 10.0.100.3 255.255.255.0
diff --git a/Kanzlei-Kiel/openvpn/ccd/server-home/VPN-Kanzlei-Kiel-chris b/Kanzlei-Kiel/openvpn/ccd/server-home/VPN-Kanzlei-Kiel-chris
new file mode 100644
index 0000000..0d46b22
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/ccd/server-home/VPN-Kanzlei-Kiel-chris
@@ -0,0 +1 @@
+ifconfig-push 10.0.100.2 255.255.255.0
diff --git a/Kanzlei-Kiel/openvpn/crl.pem b/Kanzlei-Kiel/openvpn/crl.pem
new file mode 100644
index 0000000..c362686
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/crl.pem
@@ -0,0 +1,13 @@
+-----BEGIN X509 CRL-----
+MIIB+zCB5DANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwx
+GTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1
+LWFkbUBvb3Blbi5kZRcNMTgwMzE2MDkyMzQ4WhcNMjgwMzEzMDkyMzQ4WjANBgkq
+hkiG9w0BAQsFAAOCAQEAT3CEPPV+CZV4EIx8OjZG4sJIRVZDgf8x/eY43ZYgfrV1
+8sXKR9WX9LN9EFIUEu0PMhVGyW0yb2/PhsCUHQlVX08Wm9IQ3/DYNW6yw3WPsv9S
+FBFxeNhUCLAqPyEs+LsTjUpaeHRB9BbHztBE6HH5pDKrAg5+qOOEJdAEN8jonC+T
+kVV2J6itavpMjfoPYdFB+ykb9GN3V4NcQdj1EFGc6Gzl/fgDbCQOrem13ZA+3loW
+iOZvrZiKz4PDuHWP/kf8eMl7FoImamLNvBa7w5W8HoERNKqCWIeEF1q8tCfRod63
+sBWXrkKj3iN+NifH8SHTtRLg4X1GOiEgNNNqfnx9Yw==
+-----END X509 CRL-----
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/.wh..wh..opq b/Kanzlei-Kiel/openvpn/easy-rsa/.wh..wh..opq
new file mode 100644
index 0000000..e69de29
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/build-ca b/Kanzlei-Kiel/openvpn/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/build-dh b/Kanzlei-Kiel/openvpn/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/build-inter b/Kanzlei-Kiel/openvpn/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/build-key b/Kanzlei-Kiel/openvpn/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/build-key-pass b/Kanzlei-Kiel/openvpn/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/build-key-pkcs12 b/Kanzlei-Kiel/openvpn/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/build-key-server b/Kanzlei-Kiel/openvpn/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/build-req b/Kanzlei-Kiel/openvpn/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/build-req-pass b/Kanzlei-Kiel/openvpn/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/clean-all b/Kanzlei-Kiel/openvpn/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/inherit-inter b/Kanzlei-Kiel/openvpn/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/list-crl b/Kanzlei-Kiel/openvpn/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/openssl-0.9.6.cnf b/Kanzlei-Kiel/openvpn/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/openssl-0.9.8.cnf b/Kanzlei-Kiel/openvpn/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/openssl-1.0.0.cnf b/Kanzlei-Kiel/openvpn/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..5245ed7
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 3650			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/openssl.cnf b/Kanzlei-Kiel/openvpn/easy-rsa/openssl.cnf
new file mode 120000
index 0000000..9cc2ab3
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/openssl.cnf
@@ -0,0 +1 @@
+openssl-1.0.0.cnf
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/pkitool b/Kanzlei-Kiel/openvpn/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/revoke-full b/Kanzlei-Kiel/openvpn/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/sign-req b/Kanzlei-Kiel/openvpn/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/vars b/Kanzlei-Kiel/openvpn/easy-rsa/vars
new file mode 100644
index 0000000..49a3729
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/vars
@@ -0,0 +1,95 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="O.OPEN"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="ckubu-adm@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN Kanzlei Kiel"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-Kanzlei-Kiel"
+
+export KEY_ALTNAMES="VPN Kanzlei Kiel"
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/vars.2017-06-28-0107 b/Kanzlei-Kiel/openvpn/easy-rsa/vars.2017-06-28-0107
new file mode 100644
index 0000000..e60420c
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/vars.2017-06-28-0107
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/Kanzlei-Kiel/openvpn/easy-rsa/whichopensslcnf b/Kanzlei-Kiel/openvpn/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/ipp.txt b/Kanzlei-Kiel/openvpn/ipp.txt
new file mode 100644
index 0000000..e69de29
diff --git a/Kanzlei-Kiel/openvpn/keys-created.txt b/Kanzlei-Kiel/openvpn/keys-created.txt
new file mode 100644
index 0000000..d2cb5a2
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys-created.txt
@@ -0,0 +1,20 @@
+
+key...............: chris.key
+common name.......: VPN-Kanzlei-Kiel-chris
+password..........: dbddhkpuka.&EadGl15E.
+
+key...............: gw-ckubu.key
+common name.......: VPN-Kanzlei-Kiel-gw-ckubu
+password..........: uoziengeeyiephu5voh7eothu1Aex8ar
+
+key...............: axel.key
+common name.......: VPN-Kanzlei-Kiel-axel
+password..........: vP26M8Wj2S
+
+key...............: pc-hh.key
+common name.......: VPN-Kanzlei-Kiel-pc-hh
+password..........: CHtq9MsL93LW
+
+key...............: doro.key
+common name.......: VPN-Kanzlei-Kiel-doro
+password..........: 20_Doro_16-45
diff --git a/Kanzlei-Kiel/openvpn/keys/.wh..wh..opq b/Kanzlei-Kiel/openvpn/keys/.wh..wh..opq
new file mode 100644
index 0000000..e69de29
diff --git a/Kanzlei-Kiel/openvpn/keys/01.pem b/Kanzlei-Kiel/openvpn/keys/01.pem
new file mode 100644
index 0000000..4d0e185
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/01.pem
@@ -0,0 +1,101 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Jun 27 23:17:01 2017 GMT
+            Not After : Jun 27 23:17:01 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-server/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:de:09:04:84:23:f6:19:a5:df:53:2e:a4:02:8f:
+                    2b:b6:de:bb:82:19:e3:b9:f6:f4:0b:62:d4:51:a1:
+                    c9:be:85:67:82:de:9f:97:af:92:ad:b8:d7:4b:69:
+                    50:f6:61:d7:ce:03:0c:ee:46:2d:ab:b5:f6:44:a5:
+                    a2:7e:86:db:ad:8d:12:35:e8:49:c6:98:45:c1:10:
+                    3f:50:8e:2a:93:fd:e7:7a:4d:4f:e3:5c:2e:67:3f:
+                    8b:9d:d6:11:26:1f:00:ff:13:47:dd:86:8b:ed:6a:
+                    29:07:cf:c2:f0:a4:4d:c4:dc:68:db:a1:c1:43:55:
+                    13:45:5f:41:f3:f0:9c:0a:ea:26:29:c6:e3:fc:ee:
+                    9f:7c:86:f4:f0:c8:0c:5f:61:e1:b9:f1:bc:f6:02:
+                    71:6c:07:fe:18:30:b2:8c:dc:18:50:de:5e:96:24:
+                    04:94:14:ec:9a:50:a6:90:02:79:b2:1a:c8:79:da:
+                    fb:06:7e:ad:a8:79:ef:92:68:3c:46:4e:5e:b6:bf:
+                    f1:fa:bf:da:73:8b:c4:95:89:1a:e1:52:70:20:46:
+                    48:8c:47:01:c2:13:56:c9:44:e1:a7:55:14:e5:41:
+                    4d:ab:8f:d0:50:13:76:19:d9:f2:fd:8b:16:27:58:
+                    dd:4f:18:83:05:70:c1:97:d4:68:41:d4:2b:63:89:
+                    b5:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                9B:58:FA:12:97:7F:35:4F:5B:72:6D:C5:68:AD:B2:76:AD:B9:F0:95
+            X509v3 Authority Key Identifier: 
+                keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+                serial:FE:59:AD:5E:BE:90:05:3E
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         c2:b9:b2:70:fe:e4:4f:9b:21:85:14:f4:4a:b2:b0:32:ef:0f:
+         a3:15:95:a4:f6:78:84:5b:d6:75:e2:a1:b4:57:8a:23:66:2f:
+         72:5a:21:a9:4c:38:b6:cd:41:a5:b4:3e:11:d8:62:1f:8a:a1:
+         ba:13:55:1e:3b:7c:4d:22:2e:cf:54:81:e5:0d:3d:05:fd:3f:
+         9c:fb:24:cb:be:61:96:ec:e3:e9:c9:7c:da:97:e8:ba:a0:fd:
+         a8:47:97:43:88:8c:b6:03:81:d7:71:49:f9:9b:9d:33:5d:6f:
+         26:79:b6:7a:d2:27:ba:b5:7e:c8:62:8d:76:75:96:7a:25:86:
+         21:e5:8f:82:8a:06:47:4b:59:32:1d:dd:81:4d:b9:ac:ef:93:
+         a3:f1:f4:65:09:10:d8:af:04:14:c5:1e:58:b7:6e:95:ab:ba:
+         f5:e8:39:65:dc:87:d2:14:b4:e5:e5:af:2a:da:b2:c0:49:e2:
+         07:1d:ad:b5:c7:48:c4:81:36:f1:45:09:b9:1c:ed:87:9d:da:
+         70:c8:16:65:26:44:5e:f3:dd:a7:eb:39:2a:80:23:0d:e4:d9:
+         62:3a:19:e0:60:9c:21:cd:8e:ad:b6:59:36:f8:86:4e:7b:32:
+         e9:8d:de:e5:4b:fe:c4:c7:fb:35:c6:6d:78:f3:26:65:be:60:
+         be:34:fa:f0
+-----BEGIN CERTIFICATE-----
+MIIFhjCCBG6gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
+bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
+CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzE3MDFaFw0zNzA2Mjcy
+MzE3MDFaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
+EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
+aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1zZXJ2ZXIxGTAXBgNVBCkT
+EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
+bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN4JBIQj9hml31Mu
+pAKPK7beu4IZ47n29Ati1FGhyb6FZ4Len5evkq2410tpUPZh184DDO5GLau19kSl
+on6G262NEjXoScaYRcEQP1COKpP953pNT+NcLmc/i53WESYfAP8TR92Gi+1qKQfP
+wvCkTcTcaNuhwUNVE0VfQfPwnArqJinG4/zun3yG9PDIDF9h4bnxvPYCcWwH/hgw
+sozcGFDeXpYkBJQU7JpQppACebIayHna+wZ+rah575JoPEZOXra/8fq/2nOLxJWJ
+GuFScCBGSIxHAcITVslE4adVFOVBTauP0FATdhnZ8v2LFidY3U8YgwVwwZfUaEHU
+K2OJtQsCAwEAAaOCAZgwggGUMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZA
+MDQGCWCGSAGG+EIBDQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBSbWPoSl381T1tybcVorbJ2rbnwlTCB6QYDVR0jBIHh
+MIHegBROgh4UgeubyHEssSJokL/u2dT/1KGBuqSBtzCBtDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
+bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
+CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcN
+AQELBQADggEBAMK5snD+5E+bIYUU9EqysDLvD6MVlaT2eIRb1nXiobRXiiNmL3Ja
+IalMOLbNQaW0PhHYYh+KoboTVR47fE0iLs9UgeUNPQX9P5z7JMu+YZbs4+nJfNqX
+6Lqg/ahHl0OIjLYDgddxSfmbnTNdbyZ5tnrSJ7q1fshijXZ1lnolhiHlj4KKBkdL
+WTId3YFNuazvk6Px9GUJENivBBTFHli3bpWruvXoOWXch9IUtOXlryrassBJ4gcd
+rbXHSMSBNvFFCbkc7Yed2nDIFmUmRF7z3afrOSqAIw3k2WI6GeBgnCHNjq22WTb4
+hk57MumN3uVL/sTH+zXGbXjzJmW+YL40+vA=
+-----END CERTIFICATE-----
diff --git a/Kanzlei-Kiel/openvpn/keys/02.pem b/Kanzlei-Kiel/openvpn/keys/02.pem
new file mode 100644
index 0000000..5a91d6b
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/02.pem
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Jun 27 23:20:59 2017 GMT
+            Not After : Jun 27 23:20:59 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-chris/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ea:fb:89:96:31:df:91:67:0f:62:5d:89:76:b7:
+                    c1:e6:bd:5e:70:40:b7:6b:66:43:eb:51:0b:a8:8c:
+                    d2:40:dd:ed:99:20:6e:23:4d:dc:7e:aa:8e:36:24:
+                    3c:4e:fc:cf:8b:5f:ad:63:91:10:33:4c:f4:eb:91:
+                    b6:25:a6:8a:d7:c3:40:55:b2:aa:67:a1:37:cb:3b:
+                    53:07:af:cf:42:9a:c5:a0:91:ed:98:42:57:0f:44:
+                    ac:a5:92:e2:c6:56:cc:c1:4c:65:ab:f7:79:b5:9b:
+                    67:5c:e9:d7:19:7f:81:3e:c6:a7:d8:a6:42:e6:34:
+                    fd:ef:8b:e2:d7:3f:8c:71:0a:6a:c9:59:f6:c3:88:
+                    40:86:a7:f1:54:4f:6d:d1:95:41:50:36:df:b4:6a:
+                    58:ff:93:1e:c1:66:2d:37:33:ef:6c:f0:9a:2d:ba:
+                    29:46:fe:4b:73:8e:22:33:89:33:4d:45:ab:b8:dd:
+                    d4:d5:ae:a0:cc:f7:c4:d3:7c:24:02:46:92:7d:9d:
+                    a2:9c:27:be:12:11:45:33:30:f1:a3:ad:17:2e:94:
+                    06:54:7c:7c:20:65:1a:b2:d1:60:86:89:37:2d:d5:
+                    f3:4f:3e:00:f3:bb:81:ae:78:be:6c:4b:68:ac:d9:
+                    07:f0:aa:f7:c7:79:b3:d3:f2:32:8b:fd:80:0d:d5:
+                    bf:97
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E8:1E:7E:7E:48:9B:34:7E:27:93:17:EB:2E:4E:45:D5:AB:B9:A9:0F
+            X509v3 Authority Key Identifier: 
+                keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+                serial:FE:59:AD:5E:BE:90:05:3E
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         59:8d:36:12:7e:91:f2:0f:d2:74:5a:42:e2:56:0a:9d:16:72:
+         09:05:40:ea:75:1e:0a:0c:81:0f:b4:e6:82:47:cc:38:67:c5:
+         f4:76:94:78:b5:02:a1:98:7a:c4:5e:01:90:dd:f9:cd:7b:45:
+         6e:30:69:b2:9f:5d:b0:fe:e9:23:a6:3e:ae:dd:7d:dc:75:f8:
+         a2:08:f8:87:34:7b:50:ae:15:49:23:7a:d4:2a:70:c1:ad:04:
+         e5:af:cb:f4:c5:c9:37:42:fc:ef:00:53:a2:51:92:71:c7:58:
+         a6:9e:3e:0a:7f:f6:37:5c:c4:e8:b8:20:ae:52:71:b4:5b:34:
+         8f:26:4e:28:cf:dd:ac:72:4f:81:8e:b8:ce:68:ab:79:21:93:
+         27:1c:9f:71:fe:f3:00:07:cb:28:bc:91:20:c0:ae:37:0a:33:
+         cf:9e:25:c1:ce:42:a1:6e:32:07:d2:65:e5:b1:9d:1f:52:25:
+         0b:9a:af:08:fb:8a:7e:a5:a4:da:3b:fa:85:4a:9c:a8:0c:19:
+         5d:df:9c:4d:4c:78:1b:ab:03:48:da:ba:a1:cf:3f:a2:ad:9f:
+         3e:a8:d3:cb:22:74:0f:cf:17:1d:bb:40:63:4e:4b:ff:e6:94:
+         55:00:79:3a:5b:de:36:35:de:d1:61:fc:d8:d1:98:2d:5d:bc:
+         fe:b6:f1:8a
+-----BEGIN CERTIFICATE-----
+MIIFajCCBFKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
+bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
+CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzIwNTlaFw0zNzA2Mjcy
+MzIwNTlaMIG6MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
+EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
+aWNlczEfMB0GA1UEAxMWVlBOLUthbnpsZWktS2llbC1jaHJpczEZMBcGA1UEKRMQ
+VlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVu
+LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vuJljHfkWcPYl2J
+drfB5r1ecEC3a2ZD61ELqIzSQN3tmSBuI03cfqqONiQ8TvzPi1+tY5EQM0z065G2
+JaaK18NAVbKqZ6E3yztTB6/PQprFoJHtmEJXD0SspZLixlbMwUxlq/d5tZtnXOnX
+GX+BPsan2KZC5jT974vi1z+McQpqyVn2w4hAhqfxVE9t0ZVBUDbftGpY/5MewWYt
+NzPvbPCaLbopRv5Lc44iM4kzTUWruN3U1a6gzPfE03wkAkaSfZ2inCe+EhFFMzDx
+o60XLpQGVHx8IGUastFghok3LdXzTz4A87uBrni+bEtorNkH8Kr3x3mz0/Iyi/2A
+DdW/lwIDAQABo4IBfTCCAXkwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFz
+eS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBToHn5+SJs0fieT
+F+suTkXVq7mpDzCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/1KGB
+uqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMG
+QmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vydmlj
+ZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56
+bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAP5Z
+rV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
+CTAHggVjaHJpczANBgkqhkiG9w0BAQsFAAOCAQEAWY02En6R8g/SdFpC4lYKnRZy
+CQVA6nUeCgyBD7TmgkfMOGfF9HaUeLUCoZh6xF4BkN35zXtFbjBpsp9dsP7pI6Y+
+rt193HX4ogj4hzR7UK4VSSN61Cpwwa0E5a/L9MXJN0L87wBTolGSccdYpp4+Cn/2
+N1zE6LggrlJxtFs0jyZOKM/drHJPgY64zmireSGTJxyfcf7zAAfLKLyRIMCuNwoz
+z54lwc5CoW4yB9Jl5bGdH1IlC5qvCPuKfqWk2jv6hUqcqAwZXd+cTUx4G6sDSNq6
+oc8/oq2fPqjTyyJ0D88XHbtAY05L/+aUVQB5OlveNjXe0WH82NGYLV28/rbxig==
+-----END CERTIFICATE-----
diff --git a/Kanzlei-Kiel/openvpn/keys/03.pem b/Kanzlei-Kiel/openvpn/keys/03.pem
new file mode 100644
index 0000000..cded62e
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/03.pem
@@ -0,0 +1,99 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Jun 27 23:24:59 2017 GMT
+            Not After : Jun 27 23:24:59 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-gw-ckubu/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:cb:3a:12:41:57:f6:08:8a:9d:c8:f2:7d:de:eb:
+                    9a:0a:05:44:82:28:16:30:bf:be:20:50:93:61:6f:
+                    a4:ed:ae:61:dc:2a:4b:61:03:a8:c5:c1:86:c2:88:
+                    34:66:c7:49:3d:61:59:e9:d0:88:d3:ad:af:8d:92:
+                    c8:5a:ad:a6:4d:0b:38:41:b1:85:61:34:8e:94:56:
+                    55:d4:05:85:02:5e:6d:cc:3d:81:26:1d:93:04:0a:
+                    38:d5:c0:93:22:00:93:bd:dc:1f:9b:af:1f:78:1c:
+                    f1:2c:b0:11:7e:4e:cf:62:8b:ce:7e:e2:bc:b3:8e:
+                    af:a9:c6:cc:f3:40:a2:30:d6:a0:4d:9e:3f:54:5e:
+                    74:35:67:3b:c5:78:ef:f5:9e:b1:39:fc:ad:71:13:
+                    e9:84:cf:11:55:78:59:49:26:e9:1e:35:62:66:8b:
+                    d2:f8:d7:19:94:31:5f:28:6a:69:25:a1:f7:c7:23:
+                    82:d3:48:e9:58:2d:b9:a7:8d:41:6e:dd:3b:cd:27:
+                    16:bd:6c:4d:7b:35:62:fd:b7:5a:90:ce:bb:6d:31:
+                    c7:53:b0:df:aa:08:eb:69:d5:11:c6:66:58:8d:02:
+                    61:79:bb:a0:fd:fd:8d:5f:67:26:8b:a2:d6:09:e5:
+                    78:e2:f0:7a:2f:f4:98:ec:98:7a:a8:5f:f3:64:c1:
+                    82:65
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                19:56:3C:B0:C3:18:52:DE:13:D0:D0:A6:B9:FB:E2:71:73:EC:63:2B
+            X509v3 Authority Key Identifier: 
+                keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+                serial:FE:59:AD:5E:BE:90:05:3E
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         bb:0b:05:a8:4c:67:80:ce:29:fd:b2:8f:9a:e9:3b:e4:40:9d:
+         9d:96:27:46:0b:4e:cb:0e:48:9f:4e:78:b4:fe:5c:93:f2:54:
+         c6:55:c2:18:7a:b0:c9:6f:f5:8b:a5:e6:87:0a:0d:75:23:6f:
+         cd:a2:32:d6:89:39:ad:46:3c:27:e2:cd:5d:8a:6f:7b:6a:43:
+         65:60:9d:9c:22:a8:34:52:a7:29:f4:c4:ba:65:18:86:70:6d:
+         82:09:d5:b1:4b:7d:f4:1d:5d:9f:a3:89:36:6b:62:7b:01:ea:
+         41:76:4e:22:b2:8e:b9:b7:70:e1:9e:76:d8:f9:f7:0f:67:1f:
+         fc:cb:71:4a:af:aa:60:91:15:f4:df:52:2b:c6:1e:3e:63:87:
+         cd:86:1f:52:fb:73:9f:20:d3:77:20:41:c2:fc:b7:34:93:6e:
+         8f:6f:55:3f:9f:e9:17:1d:23:63:84:d1:55:94:bf:b8:9d:46:
+         f4:d9:bf:1c:09:99:b4:dc:d0:b1:65:d0:3b:d6:94:8a:fd:78:
+         c4:b3:d9:52:24:6d:88:56:f9:ff:bb:d9:c3:c8:0c:3d:b6:60:
+         ae:5d:2c:3a:79:2d:fc:3c:46:05:a1:9d:e7:ba:07:f7:f2:48:
+         88:1b:21:36:49:72:9a:e2:a9:6f:ca:84:89:f6:83:ea:0d:b1:
+         d1:95:1f:16
+-----BEGIN CERTIFICATE-----
+MIIFcDCCBFigAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
+bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
+CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzI0NTlaFw0zNzA2Mjcy
+MzI0NTlaMIG9MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
+EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
+aWNlczEiMCAGA1UEAxMZVlBOLUthbnpsZWktS2llbC1ndy1ja3VidTEZMBcGA1UE
+KRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9v
+cGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzoSQVf2CIqd
+yPJ93uuaCgVEgigWML++IFCTYW+k7a5h3CpLYQOoxcGGwog0ZsdJPWFZ6dCI062v
+jZLIWq2mTQs4QbGFYTSOlFZV1AWFAl5tzD2BJh2TBAo41cCTIgCTvdwfm68feBzx
+LLARfk7PYovOfuK8s46vqcbM80CiMNagTZ4/VF50NWc7xXjv9Z6xOfytcRPphM8R
+VXhZSSbpHjViZovS+NcZlDFfKGppJaH3xyOC00jpWC25p41Bbt07zScWvWxNezVi
+/bdakM67bTHHU7DfqgjradURxmZYjQJhebug/f2NX2cmi6LWCeV44vB6L/SY7Jh6
+qF/zZMGCZQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYe
+RWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQZVjywwxhS
+3hPQ0Ka5++Jxc+xjKzCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/
+1KGBuqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
+BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
+dmljZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBL
+YW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJ
+AP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNV
+HREEDDAKgghndy1ja3VidTANBgkqhkiG9w0BAQsFAAOCAQEAuwsFqExngM4p/bKP
+muk75ECdnZYnRgtOyw5In054tP5ck/JUxlXCGHqwyW/1i6XmhwoNdSNvzaIy1ok5
+rUY8J+LNXYpve2pDZWCdnCKoNFKnKfTEumUYhnBtggnVsUt99B1dn6OJNmtiewHq
+QXZOIrKOubdw4Z522Pn3D2cf/MtxSq+qYJEV9N9SK8YePmOHzYYfUvtznyDTdyBB
+wvy3NJNuj29VP5/pFx0jY4TRVZS/uJ1G9Nm/HAmZtNzQsWXQO9aUiv14xLPZUiRt
+iFb5/7vZw8gMPbZgrl0sOnkt/DxGBaGd57oH9/JIiBshNklymuKpb8qEifaD6g2x
+0ZUfFg==
+-----END CERTIFICATE-----
diff --git a/Kanzlei-Kiel/openvpn/keys/04.pem b/Kanzlei-Kiel/openvpn/keys/04.pem
new file mode 100644
index 0000000..ed0307d
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/04.pem
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Jun 27 23:26:40 2017 GMT
+            Not After : Jun 27 23:26:40 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-axel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:e5:35:af:6e:3a:87:14:35:5f:63:33:30:64:1b:
+                    98:ec:5a:5c:cf:ac:ea:fb:aa:12:f4:6d:8e:b0:b6:
+                    da:3f:71:e3:b6:63:54:de:86:ed:1d:f3:7f:d0:d9:
+                    39:3b:1b:ae:51:80:ba:41:04:a1:28:fc:75:b9:b5:
+                    db:c8:ae:cc:e3:0e:24:72:e7:7f:74:2a:2a:3a:f2:
+                    b7:92:54:82:5a:a5:25:8a:e2:5d:3b:5d:c7:36:cc:
+                    3f:40:7f:fe:ae:27:9e:b7:28:06:51:4c:da:e1:61:
+                    eb:a8:ce:1e:25:c1:d5:3e:37:74:a2:a0:ae:6a:3a:
+                    53:48:b1:72:f6:80:07:d9:37:a1:b9:50:6a:2a:96:
+                    e6:00:bc:1f:2b:bd:db:72:dc:a0:60:62:ce:90:7b:
+                    fe:3a:cc:be:1a:ec:90:70:16:70:69:ac:cb:59:3e:
+                    c0:54:a4:b1:7e:27:d3:18:78:ea:ea:b4:cf:87:3a:
+                    30:0b:64:04:fc:3f:e0:d2:a2:b5:71:51:40:63:0e:
+                    5b:74:b6:c5:ef:43:c1:b5:48:3d:a2:79:1b:16:6e:
+                    fe:75:aa:d8:e5:1b:b9:93:cf:c8:9b:13:91:27:6d:
+                    55:70:61:df:46:78:9f:d2:62:bc:6f:e5:a9:e0:85:
+                    c0:04:ba:62:ee:e5:6b:95:3f:31:5e:27:dc:54:68:
+                    86:b5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                17:D3:57:7D:98:66:AD:F3:AC:E5:29:BE:F0:74:F9:E4:74:36:FE:C1
+            X509v3 Authority Key Identifier: 
+                keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+                serial:FE:59:AD:5E:BE:90:05:3E
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:axel
+    Signature Algorithm: sha256WithRSAEncryption
+         6c:fd:9c:bd:77:25:a5:9e:e0:2c:09:80:76:88:aa:77:3c:63:
+         7d:71:d3:21:d5:66:2d:88:b7:48:50:04:c1:63:84:35:a1:cd:
+         7e:2e:eb:7f:0c:f0:69:c1:66:81:28:00:fa:62:43:7e:cc:34:
+         43:98:7a:4d:05:b1:07:f7:2d:1d:0f:71:0d:56:4d:4f:7c:fd:
+         06:50:e8:52:f0:ee:28:63:2c:0e:b6:4e:c4:72:90:59:e5:57:
+         47:36:64:f2:a9:66:d4:b1:e6:7d:53:82:27:0b:1d:cb:c0:a4:
+         54:40:1f:cf:1c:01:91:2c:7a:7e:a6:d9:61:fa:77:8d:36:75:
+         f0:30:1c:cb:c9:2b:fa:2b:fe:1f:2f:c6:7d:66:9b:b1:37:6f:
+         c0:e8:ac:eb:01:57:1a:1f:84:96:83:8f:ba:c4:8f:a8:c5:0e:
+         3f:f5:58:42:ba:cf:25:2b:ca:d4:13:d6:2d:2e:a9:a6:90:c3:
+         9d:32:f0:ee:dc:31:3f:ad:8e:a7:4c:bf:ad:f6:1b:b3:7e:27:
+         c6:68:b3:87:2b:62:0f:49:2b:70:db:67:d1:b8:8f:96:10:6a:
+         09:e7:ee:d7:ea:9a:24:b1:22:75:5a:7a:c5:3d:39:d5:6a:bc:
+         30:51:b3:f4:06:1c:fc:ed:a7:df:c8:56:c0:7c:8c:a5:2a:02:
+         94:39:2e:12
+-----BEGIN CERTIFICATE-----
+MIIFaDCCBFCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
+bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
+CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzI2NDBaFw0zNzA2Mjcy
+MzI2NDBaMIG5MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
+EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
+aWNlczEeMBwGA1UEAxMVVlBOLUthbnpsZWktS2llbC1heGVsMRkwFwYDVQQpExBW
+UE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
+ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlNa9uOocUNV9jMzBk
+G5jsWlzPrOr7qhL0bY6wtto/ceO2Y1Tehu0d83/Q2Tk7G65RgLpBBKEo/HW5tdvI
+rszjDiRy5390Kio68reSVIJapSWK4l07Xcc2zD9Af/6uJ563KAZRTNrhYeuozh4l
+wdU+N3SioK5qOlNIsXL2gAfZN6G5UGoqluYAvB8rvdty3KBgYs6Qe/46zL4a7JBw
+FnBprMtZPsBUpLF+J9MYeOrqtM+HOjALZAT8P+DSorVxUUBjDlt0tsXvQ8G1SD2i
+eRsWbv51qtjlG7mTz8ibE5EnbVVwYd9GeJ/SYrxv5anghcAEumLu5WuVPzFeJ9xU
+aIa1AgMBAAGjggF8MIIBeDAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
+LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBfTV32YZq3zrOUp
+vvB0+eR0Nv7BMIHpBgNVHSMEgeEwgd6AFE6CHhSB65vIcSyxImiQv+7Z1P/UoYG6
+pIG3MIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEZMBcGA1UEAxMQVlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnps
+ZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA/lmt
+Xr6QBT4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQI
+MAaCBGF4ZWwwDQYJKoZIhvcNAQELBQADggEBAGz9nL13JaWe4CwJgHaIqnc8Y31x
+0yHVZi2It0hQBMFjhDWhzX4u638M8GnBZoEoAPpiQ37MNEOYek0FsQf3LR0PcQ1W
+TU98/QZQ6FLw7ihjLA62TsRykFnlV0c2ZPKpZtSx5n1TgicLHcvApFRAH88cAZEs
+en6m2WH6d402dfAwHMvJK/or/h8vxn1mm7E3b8DorOsBVxofhJaDj7rEj6jFDj/1
+WEK6zyUrytQT1i0uqaaQw50y8O7cMT+tjqdMv632G7N+J8Zos4crYg9JK3DbZ9G4
+j5YQagnn7tfqmiSxInVaesU9OdVqvDBRs/QGHPztp9/IVsB8jKUqApQ5LhI=
+-----END CERTIFICATE-----
diff --git a/Kanzlei-Kiel/openvpn/keys/05.pem b/Kanzlei-Kiel/openvpn/keys/05.pem
new file mode 100644
index 0000000..721992a
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/05.pem
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Jun 27 23:34:37 2017 GMT
+            Not After : Jun 27 23:34:37 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-pc-hh/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a8:75:0a:f0:f5:5e:f2:5d:05:60:43:b9:b5:10:
+                    e4:0f:19:fc:2b:bb:59:d0:b9:59:6e:f0:f5:88:ec:
+                    5b:2d:6b:97:6e:2c:a1:c8:40:bd:03:23:0d:90:69:
+                    22:2c:4f:4c:a1:2a:e9:29:a7:8f:c7:0b:b8:f8:04:
+                    3e:2b:7c:1e:14:a8:4f:d7:32:1e:dc:cd:4f:31:f5:
+                    80:51:5a:1f:2e:f3:01:3a:c1:3a:8a:ab:ef:8e:41:
+                    e3:09:7f:9a:4c:a7:11:e2:c8:e1:5d:9c:6f:57:31:
+                    ad:ed:28:c7:70:8a:2b:c5:3f:bf:28:e5:aa:f8:41:
+                    22:fa:8b:4d:35:10:4a:0c:42:9f:83:6b:f2:05:6b:
+                    84:36:59:88:e9:f6:f0:43:64:e6:9a:9b:a3:37:26:
+                    a9:33:93:03:4f:71:16:d4:29:ce:c6:ea:e8:af:34:
+                    98:33:ec:1f:23:80:97:93:be:2a:97:f0:38:3f:a9:
+                    bc:40:60:73:24:c5:ef:25:bd:64:39:6e:b6:d6:75:
+                    a2:11:0a:d2:5e:5a:8b:2e:8c:f5:84:2e:bd:16:b1:
+                    16:f7:1e:9b:bd:04:00:27:e1:15:45:60:f9:86:58:
+                    70:39:eb:1e:4e:93:cf:0a:7b:39:44:33:50:74:83:
+                    a6:b6:30:43:c8:af:cc:0a:bf:66:ad:22:c8:3f:81:
+                    35:d7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                7C:B4:73:C3:8B:56:98:7E:8A:0C:20:58:7D:94:1B:B6:D8:56:83:C5
+            X509v3 Authority Key Identifier: 
+                keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+                serial:FE:59:AD:5E:BE:90:05:3E
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:pc-hh
+    Signature Algorithm: sha256WithRSAEncryption
+         a2:54:ef:2a:43:8d:28:8e:06:72:42:61:e2:a3:0c:1f:d9:a9:
+         7b:78:70:0c:9b:24:ad:8b:a6:db:27:4c:e9:d9:de:ad:fe:fd:
+         d4:dc:3b:ec:2c:dc:3d:29:7c:03:0c:da:1f:c3:f7:f4:63:e1:
+         c6:3a:a1:9a:a4:0d:34:06:58:ab:e2:62:3f:9b:9e:ae:77:56:
+         f0:1e:a3:00:dd:7e:20:7f:95:5f:5d:19:65:a8:4f:a7:1a:04:
+         84:c7:8f:a9:b8:c3:3b:f9:1c:d9:0b:2f:03:a6:fa:c9:cb:60:
+         92:d5:80:cf:d1:12:d6:0f:80:e7:23:2c:ed:f6:1e:50:1d:2d:
+         c2:5f:72:bb:fa:54:99:43:aa:e1:a4:78:cc:5a:32:be:1b:e8:
+         02:f5:ad:58:29:c9:a8:ca:f6:e4:e7:47:ad:9e:7f:83:42:4f:
+         cf:dd:ea:95:00:1b:bf:c7:00:92:b1:1e:d4:e3:ae:19:f3:5f:
+         00:5d:d4:46:ca:84:82:1e:db:c2:2d:07:ab:30:1c:7e:a4:79:
+         c7:9c:2d:6e:3c:22:d3:a2:cf:2b:ad:75:81:0b:3a:f6:c1:71:
+         9e:cb:39:14:17:c8:f2:a0:0e:ca:86:51:75:a6:35:c9:70:3b:
+         b7:45:e7:a3:81:35:99:77:94:26:42:a3:84:92:75:45:60:bb:
+         93:ec:6b:b7
+-----BEGIN CERTIFICATE-----
+MIIFajCCBFKgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
+bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
+CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzM0MzdaFw0zNzA2Mjcy
+MzM0MzdaMIG6MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
+EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
+aWNlczEfMB0GA1UEAxMWVlBOLUthbnpsZWktS2llbC1wYy1oaDEZMBcGA1UEKRMQ
+VlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVu
+LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHUK8PVe8l0FYEO5
+tRDkDxn8K7tZ0LlZbvD1iOxbLWuXbiyhyEC9AyMNkGkiLE9MoSrpKaePxwu4+AQ+
+K3weFKhP1zIe3M1PMfWAUVofLvMBOsE6iqvvjkHjCX+aTKcR4sjhXZxvVzGt7SjH
+cIorxT+/KOWq+EEi+otNNRBKDEKfg2vyBWuENlmI6fbwQ2TmmpujNyapM5MDT3EW
+1CnOxurorzSYM+wfI4CXk74ql/A4P6m8QGBzJMXvJb1kOW621nWiEQrSXlqLLoz1
+hC69FrEW9x6bvQQAJ+EVRWD5hlhwOeseTpPPCns5RDNQdIOmtjBDyK/MCr9mrSLI
+P4E11wIDAQABo4IBfTCCAXkwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFz
+eS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBR8tHPDi1aYfooM
+IFh9lBu22FaDxTCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/1KGB
+uqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMG
+QmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vydmlj
+ZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56
+bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAP5Z
+rV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
+CTAHggVwYy1oaDANBgkqhkiG9w0BAQsFAAOCAQEAolTvKkONKI4GckJh4qMMH9mp
+e3hwDJskrYum2ydM6dnerf791Nw77CzcPSl8AwzaH8P39GPhxjqhmqQNNAZYq+Ji
+P5uerndW8B6jAN1+IH+VX10ZZahPpxoEhMePqbjDO/kc2QsvA6b6yctgktWAz9ES
+1g+A5yMs7fYeUB0twl9yu/pUmUOq4aR4zFoyvhvoAvWtWCnJqMr25OdHrZ5/g0JP
+z93qlQAbv8cAkrEe1OOuGfNfAF3URsqEgh7bwi0HqzAcfqR5x5wtbjwi06LPK611
+gQs69sFxnss5FBfI8qAOyoZRdaY1yXA7t0Xno4E1mXeUJkKjhJJ1RWC7k+xrtw==
+-----END CERTIFICATE-----
diff --git a/Kanzlei-Kiel/openvpn/keys/06.pem b/Kanzlei-Kiel/openvpn/keys/06.pem
new file mode 100644
index 0000000..0c8ada7
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/06.pem
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Jun 27 23:42:32 2017 GMT
+            Not After : Jun 27 23:42:32 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-doro/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c6:3d:01:a9:e3:1e:54:11:53:26:ae:ab:33:8d:
+                    91:e4:f6:ba:08:3d:8c:37:14:83:84:97:83:e4:80:
+                    fd:04:b4:3a:f7:18:ce:d8:72:86:49:c9:f0:f4:7c:
+                    cf:66:cc:8a:3e:5e:18:12:6d:f9:2d:ac:56:17:15:
+                    0a:1c:94:62:17:f4:2e:b1:3f:81:c9:51:4f:0a:45:
+                    8e:b4:ce:0f:bf:cd:cb:c1:e8:21:7d:dc:0b:13:74:
+                    aa:5a:2f:29:3d:ec:63:13:2a:46:98:8c:ba:01:64:
+                    a6:46:83:d9:22:1d:dc:d5:f5:19:5f:0b:39:88:39:
+                    57:92:31:5a:8d:50:7e:a6:4a:ff:9e:57:77:c6:0f:
+                    65:95:1c:a6:7a:6f:9f:03:00:15:e6:50:7c:49:62:
+                    72:d8:0f:27:ea:84:f9:91:d5:b0:d2:86:23:78:bc:
+                    cb:d9:33:91:30:28:75:13:46:38:a1:ca:20:66:3b:
+                    28:58:3c:21:a9:e1:94:42:92:52:96:2d:51:16:bd:
+                    a2:d3:32:ab:95:b3:3a:92:95:b6:20:bc:d6:5d:dc:
+                    5f:a8:51:f0:d6:9e:22:ca:17:30:d1:c5:9e:f7:42:
+                    cc:d5:56:b7:e8:43:fd:b7:5d:8a:c6:40:9b:39:ba:
+                    61:42:6a:3e:3d:82:44:15:ad:43:a4:08:79:e0:61:
+                    b0:9b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                BE:2A:6F:2C:EF:0C:B1:1D:B2:48:5E:3A:68:14:9B:EF:BC:E5:E6:86
+            X509v3 Authority Key Identifier: 
+                keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+                serial:FE:59:AD:5E:BE:90:05:3E
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:doro
+    Signature Algorithm: sha256WithRSAEncryption
+         9a:3d:1f:11:18:ff:a9:0b:b0:38:95:4a:98:69:a9:76:65:10:
+         d0:5e:04:60:da:81:46:bc:44:dc:55:a3:59:4f:24:b7:27:ff:
+         c6:b5:28:10:59:b7:b9:5e:78:c4:32:d6:f2:4c:e6:aa:05:75:
+         68:e4:fa:8b:84:98:c1:65:1b:f5:f5:1a:a6:66:3e:a1:27:58:
+         8b:ad:e9:b1:6e:e9:e4:92:08:96:18:ac:c1:d6:48:33:45:18:
+         14:f9:75:75:3b:a1:2b:4f:23:4d:de:34:0b:6e:a0:95:25:fd:
+         8b:89:d9:d6:dc:47:b1:c5:35:d1:ac:8b:29:a8:95:f3:a4:c0:
+         54:a0:7e:15:97:de:6d:4a:27:98:af:e2:0c:4c:28:94:b8:ab:
+         15:2f:0b:29:32:13:2c:ae:46:c1:52:87:88:8c:43:a4:47:b5:
+         b3:85:68:57:de:5a:95:a8:c6:69:56:07:52:15:6b:88:67:27:
+         3a:23:36:57:8d:c9:e6:76:75:06:fd:00:e9:f8:d6:b0:d9:d0:
+         4e:4d:9c:4b:8a:1f:84:fd:86:19:52:d9:9c:0d:30:cf:65:c5:
+         df:d8:b8:90:9b:7e:01:cc:07:ae:94:16:15:df:40:22:68:70:
+         c1:4d:3c:f0:e5:93:2a:d8:8e:4e:bd:13:09:0f:eb:ba:c1:f0:
+         9b:ae:67:97
+-----BEGIN CERTIFICATE-----
+MIIFaDCCBFCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
+bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
+CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzQyMzJaFw0zNzA2Mjcy
+MzQyMzJaMIG5MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
+EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
+aWNlczEeMBwGA1UEAxMVVlBOLUthbnpsZWktS2llbC1kb3JvMRkwFwYDVQQpExBW
+UE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
+ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGPQGp4x5UEVMmrqsz
+jZHk9roIPYw3FIOEl4PkgP0EtDr3GM7YcoZJyfD0fM9mzIo+XhgSbfktrFYXFQoc
+lGIX9C6xP4HJUU8KRY60zg+/zcvB6CF93AsTdKpaLyk97GMTKkaYjLoBZKZGg9ki
+HdzV9RlfCzmIOVeSMVqNUH6mSv+eV3fGD2WVHKZ6b58DABXmUHxJYnLYDyfqhPmR
+1bDShiN4vMvZM5EwKHUTRjihyiBmOyhYPCGp4ZRCklKWLVEWvaLTMquVszqSlbYg
+vNZd3F+oUfDWniLKFzDRxZ73QszVVrfoQ/23XYrGQJs5umFCaj49gkQVrUOkCHng
+YbCbAgMBAAGjggF8MIIBeDAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
+LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFL4qbyzvDLEdskhe
+OmgUm++85eaGMIHpBgNVHSMEgeEwgd6AFE6CHhSB65vIcSyxImiQv+7Z1P/UoYG6
+pIG3MIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEZMBcGA1UEAxMQVlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnps
+ZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA/lmt
+Xr6QBT4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQI
+MAaCBGRvcm8wDQYJKoZIhvcNAQELBQADggEBAJo9HxEY/6kLsDiVSphpqXZlENBe
+BGDagUa8RNxVo1lPJLcn/8a1KBBZt7leeMQy1vJM5qoFdWjk+ouEmMFlG/X1GqZm
+PqEnWIut6bFu6eSSCJYYrMHWSDNFGBT5dXU7oStPI03eNAtuoJUl/YuJ2dbcR7HF
+NdGsiymolfOkwFSgfhWX3m1KJ5iv4gxMKJS4qxUvCykyEyyuRsFSh4iMQ6RHtbOF
+aFfeWpWoxmlWB1IVa4hnJzojNleNyeZ2dQb9AOn41rDZ0E5NnEuKH4T9hhlS2ZwN
+MM9lxd/YuJCbfgHMB66UFhXfQCJocMFNPPDlkyrYjk69EwkP67rB8JuuZ5c=
+-----END CERTIFICATE-----
diff --git a/Kanzlei-Kiel/openvpn/keys/axel.crt b/Kanzlei-Kiel/openvpn/keys/axel.crt
new file mode 100644
index 0000000..ed0307d
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/axel.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Jun 27 23:26:40 2017 GMT
+            Not After : Jun 27 23:26:40 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-axel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:e5:35:af:6e:3a:87:14:35:5f:63:33:30:64:1b:
+                    98:ec:5a:5c:cf:ac:ea:fb:aa:12:f4:6d:8e:b0:b6:
+                    da:3f:71:e3:b6:63:54:de:86:ed:1d:f3:7f:d0:d9:
+                    39:3b:1b:ae:51:80:ba:41:04:a1:28:fc:75:b9:b5:
+                    db:c8:ae:cc:e3:0e:24:72:e7:7f:74:2a:2a:3a:f2:
+                    b7:92:54:82:5a:a5:25:8a:e2:5d:3b:5d:c7:36:cc:
+                    3f:40:7f:fe:ae:27:9e:b7:28:06:51:4c:da:e1:61:
+                    eb:a8:ce:1e:25:c1:d5:3e:37:74:a2:a0:ae:6a:3a:
+                    53:48:b1:72:f6:80:07:d9:37:a1:b9:50:6a:2a:96:
+                    e6:00:bc:1f:2b:bd:db:72:dc:a0:60:62:ce:90:7b:
+                    fe:3a:cc:be:1a:ec:90:70:16:70:69:ac:cb:59:3e:
+                    c0:54:a4:b1:7e:27:d3:18:78:ea:ea:b4:cf:87:3a:
+                    30:0b:64:04:fc:3f:e0:d2:a2:b5:71:51:40:63:0e:
+                    5b:74:b6:c5:ef:43:c1:b5:48:3d:a2:79:1b:16:6e:
+                    fe:75:aa:d8:e5:1b:b9:93:cf:c8:9b:13:91:27:6d:
+                    55:70:61:df:46:78:9f:d2:62:bc:6f:e5:a9:e0:85:
+                    c0:04:ba:62:ee:e5:6b:95:3f:31:5e:27:dc:54:68:
+                    86:b5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                17:D3:57:7D:98:66:AD:F3:AC:E5:29:BE:F0:74:F9:E4:74:36:FE:C1
+            X509v3 Authority Key Identifier: 
+                keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+                serial:FE:59:AD:5E:BE:90:05:3E
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:axel
+    Signature Algorithm: sha256WithRSAEncryption
+         6c:fd:9c:bd:77:25:a5:9e:e0:2c:09:80:76:88:aa:77:3c:63:
+         7d:71:d3:21:d5:66:2d:88:b7:48:50:04:c1:63:84:35:a1:cd:
+         7e:2e:eb:7f:0c:f0:69:c1:66:81:28:00:fa:62:43:7e:cc:34:
+         43:98:7a:4d:05:b1:07:f7:2d:1d:0f:71:0d:56:4d:4f:7c:fd:
+         06:50:e8:52:f0:ee:28:63:2c:0e:b6:4e:c4:72:90:59:e5:57:
+         47:36:64:f2:a9:66:d4:b1:e6:7d:53:82:27:0b:1d:cb:c0:a4:
+         54:40:1f:cf:1c:01:91:2c:7a:7e:a6:d9:61:fa:77:8d:36:75:
+         f0:30:1c:cb:c9:2b:fa:2b:fe:1f:2f:c6:7d:66:9b:b1:37:6f:
+         c0:e8:ac:eb:01:57:1a:1f:84:96:83:8f:ba:c4:8f:a8:c5:0e:
+         3f:f5:58:42:ba:cf:25:2b:ca:d4:13:d6:2d:2e:a9:a6:90:c3:
+         9d:32:f0:ee:dc:31:3f:ad:8e:a7:4c:bf:ad:f6:1b:b3:7e:27:
+         c6:68:b3:87:2b:62:0f:49:2b:70:db:67:d1:b8:8f:96:10:6a:
+         09:e7:ee:d7:ea:9a:24:b1:22:75:5a:7a:c5:3d:39:d5:6a:bc:
+         30:51:b3:f4:06:1c:fc:ed:a7:df:c8:56:c0:7c:8c:a5:2a:02:
+         94:39:2e:12
+-----BEGIN CERTIFICATE-----
+MIIFaDCCBFCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
+bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
+CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzI2NDBaFw0zNzA2Mjcy
+MzI2NDBaMIG5MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
+EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
+aWNlczEeMBwGA1UEAxMVVlBOLUthbnpsZWktS2llbC1heGVsMRkwFwYDVQQpExBW
+UE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
+ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlNa9uOocUNV9jMzBk
+G5jsWlzPrOr7qhL0bY6wtto/ceO2Y1Tehu0d83/Q2Tk7G65RgLpBBKEo/HW5tdvI
+rszjDiRy5390Kio68reSVIJapSWK4l07Xcc2zD9Af/6uJ563KAZRTNrhYeuozh4l
+wdU+N3SioK5qOlNIsXL2gAfZN6G5UGoqluYAvB8rvdty3KBgYs6Qe/46zL4a7JBw
+FnBprMtZPsBUpLF+J9MYeOrqtM+HOjALZAT8P+DSorVxUUBjDlt0tsXvQ8G1SD2i
+eRsWbv51qtjlG7mTz8ibE5EnbVVwYd9GeJ/SYrxv5anghcAEumLu5WuVPzFeJ9xU
+aIa1AgMBAAGjggF8MIIBeDAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
+LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBfTV32YZq3zrOUp
+vvB0+eR0Nv7BMIHpBgNVHSMEgeEwgd6AFE6CHhSB65vIcSyxImiQv+7Z1P/UoYG6
+pIG3MIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEZMBcGA1UEAxMQVlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnps
+ZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA/lmt
+Xr6QBT4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQI
+MAaCBGF4ZWwwDQYJKoZIhvcNAQELBQADggEBAGz9nL13JaWe4CwJgHaIqnc8Y31x
+0yHVZi2It0hQBMFjhDWhzX4u638M8GnBZoEoAPpiQ37MNEOYek0FsQf3LR0PcQ1W
+TU98/QZQ6FLw7ihjLA62TsRykFnlV0c2ZPKpZtSx5n1TgicLHcvApFRAH88cAZEs
+en6m2WH6d402dfAwHMvJK/or/h8vxn1mm7E3b8DorOsBVxofhJaDj7rEj6jFDj/1
+WEK6zyUrytQT1i0uqaaQw50y8O7cMT+tjqdMv632G7N+J8Zos4crYg9JK3DbZ9G4
+j5YQagnn7tfqmiSxInVaesU9OdVqvDBRs/QGHPztp9/IVsB8jKUqApQ5LhI=
+-----END CERTIFICATE-----
diff --git a/Kanzlei-Kiel/openvpn/keys/axel.csr b/Kanzlei-Kiel/openvpn/keys/axel.csr
new file mode 100644
index 0000000..1080d3b
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/axel.csr
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC/zCCAecCAQAwgbkxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMR4wHAYDVQQDExVWUE4tS2FuemxlaS1LaWVsLWF4ZWwxGTAXBgNV
+BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
+b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOU1r246hxQ1
+X2MzMGQbmOxaXM+s6vuqEvRtjrC22j9x47ZjVN6G7R3zf9DZOTsbrlGAukEEoSj8
+dbm128iuzOMOJHLnf3QqKjryt5JUglqlJYriXTtdxzbMP0B//q4nnrcoBlFM2uFh
+66jOHiXB1T43dKKgrmo6U0ixcvaAB9k3oblQaiqW5gC8Hyu923LcoGBizpB7/jrM
+vhrskHAWcGmsy1k+wFSksX4n0xh46uq0z4c6MAtkBPw/4NKitXFRQGMOW3S2xe9D
+wbVIPaJ5GxZu/nWq2OUbuZPPyJsTkSdtVXBh30Z4n9JivG/lqeCFwAS6Yu7la5U/
+MV4n3FRohrUCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQANXKMonvUBAcWYPmIh
+tvhfIYy3ZfROFShhtI8VOXr2rO1dYbwOrYc06Z+d0/L04sWU88cnDMG8AUstytnE
+PITNWoG4n4WxSuMKoC+K3JQxtBbj/vME8Nd6Oq1Lk0GqYSVQYcnNc+8+8Vby0GVk
+4rFl7wh5+vzME6YWhja/0PNovWJejfef5MYkiK0zlb5ZwE5F/+SHrrmSlki4/1U6
+aNQHyx58+MMJYFOAUoTvpqS3ZjXfvo5YjEaffmMxefhRdUnRSs1bT33A4UeqcywS
+sWS7O2sbV/6GcxIE7SXadF75ZaSy+AWrSE1OBuhQzXWZGc10QQLgBnRFgxCMMtBi
+SVvl
+-----END CERTIFICATE REQUEST-----
diff --git a/Kanzlei-Kiel/openvpn/keys/axel.key b/Kanzlei-Kiel/openvpn/keys/axel.key
new file mode 100644
index 0000000..088d2d0
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/axel.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIeY8Z8uioO0MCAggA
+MBQGCCqGSIb3DQMHBAhVquS8Svup+ASCBMhFkAI+gaQfB7nswLZ/KAimvU7auAfz
+haUXnxIB5SKsyHT6ODhmNFM4KJmPo0dizYE10AsfMXxBdeAGLCLANNC/XX/jwRBM
+BiXrW/4QqoWHNCBrvSAtqXPy7DgHxOAP/JP+13nRQxBl13z+kK4cTpcZEMxxQJed
+awckJMHwQ5gyHfx5xcczCHZYCUwTeu3azyMJSCVS7NUGwmcUbXWNhb1guT3CikLz
+19/BNjcT+51S67hfr50jvVKJApkwd76bu2bCM4/J4rLY8Ds/nQF3inEu8TcKwwNY
+pI5cwtocvRwkCIiiqQokiHRRIR0TP/4NcG/WXMWLXAXSnKEAmrqwJpjUt5p8Ahcl
+0fEe/AQmllE6y3l1zFiG2JiHNjy/FV3ymjTGhiD6xykyy5jflznH6Lh0cIx8nbyC
+6e0dqV80t0rvQkqxRoeAJA2EvdjRI1udixXov7iLa/SbovXwpfMpWvk8NggTtgcx
+gTumYMsqriYGgYdr/wXj6EbKNAzcskxLvP8kJorhO5l7juBf8Sx2AFI4XpufvQBW
+Luq6VQMSz9JbvfGjlEpuSE6EnGoK98QO85J777Hnhyk5185wE8/2nCkVdafrKGVq
+eSpapLZtsG1BF9SXgHh299Q9tJEnuRIu1ftJlJVV+vGUd9upJLxYCSY8jHziQ153
+VXDXBP3/CuuKC37YHAgUd8Pi7s3SwDVFVry/ifxvwC47I28voVKFZz3/0QwCA6Xq
+URagl3jNKwtXn6KMi7E/3BICOYPIRcgNb6sJzYlclq7HMrKS3baWiScXEX9qGiLi
+5EHcyymSSej5cEXT2RxO55URG97mP5NWUXaJ8yvswHjxKksU3K7jvQTUtLcENA4K
+WYydPhszCXDkAvMkMHro0G8wYZPpBikRmfc8PF3jVssOkB66rKaCi1EK00lASOTY
+/x2Cyrl58wI3D35DJ8wp70jehwViQokUTAOaLF6D1GihkBD25sLNJSEL2HPlzPB3
+G0OyMVbGNlrYL/glaAlsQf2jhjwQ2qKv+e1yEps+sXZLtBbck5YVAHdoFSrWzQcN
+LTpIaA+MbsqqY4D8zFhn2WIH3l461ly49V2NIK8LIN8b00uHnoNEivJ6YexcDr9z
+EXKQmfINl9pnuBPjdUzB7Fw2CfIZjxUcRpX3HxfEz8tWIj/ORv9GLQ4+MnJX5AP4
+aKrStwi5CsPaovJ44/EINKUzo/IL324gudF2zMi5T6kAcSVU/+Z+0CBlZslh5Lu+
+f1aBcEwjz6IyX8BUE3UYGQUTOBV0X8bnLARHK/RHcSUYoi1Zz19gIthICTtXWq6R
+U3KbmNeoPxzgvLPbZohI8pb2RApctbaszLPeWaI4WQlkRcVO/N57Y9dPsM70fEZQ
+1tcFe+ph6JazYnL+Kg3Jb1PmqOQciqHn8D+sre4y7JfF/CmZeWDtRNwXtcDWH1/p
+vaIJJynHSSmN7nrZ0p/7kQ1GKK+d7AEzRU4yoq+D1aWLl5NoIFmpr/v1Vgf1qn1G
+aRVKRldfE1/n9MFBTY1X8NYz7XQhebCqieOYlj14OF11YtWIdV16IkaBZvT1QcJw
++Cr1OqFjwXgQnoBYdqSxwtr7lFEHsDWhi8F8UxcNdTaKjQHHGoZ2Ta98hf9wE6z+
++s4=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/Kanzlei-Kiel/openvpn/keys/ca.crt b/Kanzlei-Kiel/openvpn/keys/ca.crt
new file mode 100644
index 0000000..593b7d7
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/ca.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFDDCCA/SgAwIBAgIJAP5ZrV6+kAU+MA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQ
+VlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8G
+CSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMB4XDTE3MDYyNzIzMDc1NloX
+DTQ5MDYyNzIzMDc1NlowgbQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQp
+ExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29w
+ZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFxAf/gwUw+PD7
+xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
+k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
+A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
+w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
+0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
+68jXrrmvAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUToIeFIHrm8hxLLEiaJC/7tnU
+/9QwgekGA1UdIwSB4TCB3oAUToIeFIHrm8hxLLEiaJC/7tnU/9ShgbqkgbcwgbQx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYD
+VQQDExBWUE4tS2FuemxlaS1LaWVsMRkwFwYDVQQpExBWUE4gS2FuemxlaSBLaWVs
+MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQD+Wa1evpAFPjAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCxLfN8SL5ANfwfU0OKi0MH
+cXlk2czIC9pcfrMaVp6gWgUKEqmNAC7NOqv8rN+fHXmfQhQ58s7SDqEJgYlfpwyW
+mAIT6D72NN2z8t4iYhu48R1fV+Ml7g9LfCtSOpJXezpzylKvNKAQL7QYOYsfZN1N
+SCIDyf9Ub65GLDiWmi3nrOUBlYO0yFddJ3c1MtU3aUAucMZGGGwORtEswqVzMcw1
+ZbQppHcWiwJ4nFNmTC6d2nct1ELrv2ckaaPT+HazFHVtiqkQ2yoYQwoZhjZqOAPp
+uxIR5f7mS9PtugPSuvf4aftN+7DZq6otfTEmOoIoN0dznV60Jc8xTQkzHuNRjwVi
+-----END CERTIFICATE-----
diff --git a/Kanzlei-Kiel/openvpn/keys/ca.key b/Kanzlei-Kiel/openvpn/keys/ca.key
new file mode 100644
index 0000000..ff45969
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDFxAf/gwUw+PD7
+xYRGHHmYzbjP/hl+cx60qwGZYbyitlIGIZ/0EjzSxyvL47EAB0gBHWuSofYD2L1d
+k9mYKLbBCAk+VdV+O1rPuE3DSc/T01vEEhlqYGfm6iTgKTLeIWFaPE4k5rNgGM+F
+A0LZXdWnH6/xj7Vp55UWl/G7/rzptKY9XTdBuV8pqFl1Cvs0dLlFG8JMyrl0ozEf
+w8cI8dyLsTSZWBEOEAaQQmwOE8WEPXwAhgXDzsQfXdMsKJlfMgM1nOlflux0AftE
+0Hi+jgTV9uvcjssOetpyf7fmsjvLwsoEIrgZcYK9cUtpO/sAuvDIo/cgbV3SBNIP
+68jXrrmvAgMBAAECggEAO/aPMkLorQueDci6rYNuvw0JT09NLZD8K216Q6ZlyrQb
+NK63UArDlGk9d0mnXknW5DemaURgUpRB/oCYxlD58JdeLh9aZzbZ9wd71I2pzSFV
+vqJ6QE3Q0ywFWE5FlSJr4S9NxlSI6Mc9DKiLeVrBMDYkY8reB6lnA/24FvdLElTi
+MnTzgUdvOvqT6Jxnz6P4DDU4pjHo38OSX5kIwl2vGMonMRNsEUBPylV6TiStxVxt
+YebCgm6Hcd66gW4HqbIRj0OBcx21OGm/ZuMxD+7hsdod1aXVXyTT1qbvauW3Djc9
+uNs8LYv73tLME6aUjMgnrxRFoAjUxbuSVUlQnzxmWQKBgQDuVPzKBT6LMaudhSjY
+XYnef7K5EpO8xnmpmXN2S2/JX/wBV40KhhmjkRBELr3w5facgdacykdppOTM+ZDI
+SBE6JWb3Eueud6MDC0NmEDaHZG5FIPtBFuaE8WD8l90dkJJqdc21BuOYgPRwM0CF
+xvtqkm/uPnRtMMjRDLg7DV4cNQKBgQDUbS/EisId0nlhKQql4sKCPHjvhS/tG95x
+55a3h4JkGKM6gdpQ3usgWCMqGybViE8BbLlthR3Xq9NeV3u6/IpzA0nDrjUhvpjR
+Lkvl5dR5RdY2KculAk74vWp1JhTgjD7eF63nqPmtPL/qAf2RcqF83lQG+NjP36yg
+i7PLG1LS0wKBgH5+3SzcW7XFRzDz3Bn6i5JsdI+GLKOlNC2wJHhE0bAwIbEUpudP
+BYyrEdced/HEHIA06ZOOSRjpTAb+7rlehsY109CPWChhl0OmVr91G3wA8gX+21xQ
+q0kkVDW85L8sXInkvKm4XlQzHYnvqe9XDVojHwV0YJcTrYJHHgE5txmBAoGADwor
+955bYAEm1toxBs2nN9FQPqUPX5o5hZb/9L6DXNLhu6K18kPWIdQbqT+C4FtmPJOW
+DUr/ceWYcXWALRz0MHBrKI+M83arGyRL+1rqUCvBntQWtvgS30mJ4AFyOPO0/8Rt
+a5lrE/jZHZhGe6XCCTU0fcngj9cmQbeiYx7sHkECgYBLGhs6aUJBXoVB+zbcQYOY
+7vZCSvu9nwDJfuGz7tqWnQggK67zpg5/++sEwV+3sT2WxP8bNvfry+3PJm6kFilC
+nogMCihx7nJvstHTTAmf/Fqr7aFDqLU+HlBpf/cebBfPcV/PivVzWLkJnKodHrtF
+nt6p54bz6admeD3HllcUiA==
+-----END PRIVATE KEY-----
diff --git a/Kanzlei-Kiel/openvpn/keys/chris.crt b/Kanzlei-Kiel/openvpn/keys/chris.crt
new file mode 100644
index 0000000..5a91d6b
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/chris.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Jun 27 23:20:59 2017 GMT
+            Not After : Jun 27 23:20:59 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-chris/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ea:fb:89:96:31:df:91:67:0f:62:5d:89:76:b7:
+                    c1:e6:bd:5e:70:40:b7:6b:66:43:eb:51:0b:a8:8c:
+                    d2:40:dd:ed:99:20:6e:23:4d:dc:7e:aa:8e:36:24:
+                    3c:4e:fc:cf:8b:5f:ad:63:91:10:33:4c:f4:eb:91:
+                    b6:25:a6:8a:d7:c3:40:55:b2:aa:67:a1:37:cb:3b:
+                    53:07:af:cf:42:9a:c5:a0:91:ed:98:42:57:0f:44:
+                    ac:a5:92:e2:c6:56:cc:c1:4c:65:ab:f7:79:b5:9b:
+                    67:5c:e9:d7:19:7f:81:3e:c6:a7:d8:a6:42:e6:34:
+                    fd:ef:8b:e2:d7:3f:8c:71:0a:6a:c9:59:f6:c3:88:
+                    40:86:a7:f1:54:4f:6d:d1:95:41:50:36:df:b4:6a:
+                    58:ff:93:1e:c1:66:2d:37:33:ef:6c:f0:9a:2d:ba:
+                    29:46:fe:4b:73:8e:22:33:89:33:4d:45:ab:b8:dd:
+                    d4:d5:ae:a0:cc:f7:c4:d3:7c:24:02:46:92:7d:9d:
+                    a2:9c:27:be:12:11:45:33:30:f1:a3:ad:17:2e:94:
+                    06:54:7c:7c:20:65:1a:b2:d1:60:86:89:37:2d:d5:
+                    f3:4f:3e:00:f3:bb:81:ae:78:be:6c:4b:68:ac:d9:
+                    07:f0:aa:f7:c7:79:b3:d3:f2:32:8b:fd:80:0d:d5:
+                    bf:97
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E8:1E:7E:7E:48:9B:34:7E:27:93:17:EB:2E:4E:45:D5:AB:B9:A9:0F
+            X509v3 Authority Key Identifier: 
+                keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+                serial:FE:59:AD:5E:BE:90:05:3E
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         59:8d:36:12:7e:91:f2:0f:d2:74:5a:42:e2:56:0a:9d:16:72:
+         09:05:40:ea:75:1e:0a:0c:81:0f:b4:e6:82:47:cc:38:67:c5:
+         f4:76:94:78:b5:02:a1:98:7a:c4:5e:01:90:dd:f9:cd:7b:45:
+         6e:30:69:b2:9f:5d:b0:fe:e9:23:a6:3e:ae:dd:7d:dc:75:f8:
+         a2:08:f8:87:34:7b:50:ae:15:49:23:7a:d4:2a:70:c1:ad:04:
+         e5:af:cb:f4:c5:c9:37:42:fc:ef:00:53:a2:51:92:71:c7:58:
+         a6:9e:3e:0a:7f:f6:37:5c:c4:e8:b8:20:ae:52:71:b4:5b:34:
+         8f:26:4e:28:cf:dd:ac:72:4f:81:8e:b8:ce:68:ab:79:21:93:
+         27:1c:9f:71:fe:f3:00:07:cb:28:bc:91:20:c0:ae:37:0a:33:
+         cf:9e:25:c1:ce:42:a1:6e:32:07:d2:65:e5:b1:9d:1f:52:25:
+         0b:9a:af:08:fb:8a:7e:a5:a4:da:3b:fa:85:4a:9c:a8:0c:19:
+         5d:df:9c:4d:4c:78:1b:ab:03:48:da:ba:a1:cf:3f:a2:ad:9f:
+         3e:a8:d3:cb:22:74:0f:cf:17:1d:bb:40:63:4e:4b:ff:e6:94:
+         55:00:79:3a:5b:de:36:35:de:d1:61:fc:d8:d1:98:2d:5d:bc:
+         fe:b6:f1:8a
+-----BEGIN CERTIFICATE-----
+MIIFajCCBFKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
+bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
+CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzIwNTlaFw0zNzA2Mjcy
+MzIwNTlaMIG6MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
+EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
+aWNlczEfMB0GA1UEAxMWVlBOLUthbnpsZWktS2llbC1jaHJpczEZMBcGA1UEKRMQ
+VlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVu
+LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vuJljHfkWcPYl2J
+drfB5r1ecEC3a2ZD61ELqIzSQN3tmSBuI03cfqqONiQ8TvzPi1+tY5EQM0z065G2
+JaaK18NAVbKqZ6E3yztTB6/PQprFoJHtmEJXD0SspZLixlbMwUxlq/d5tZtnXOnX
+GX+BPsan2KZC5jT974vi1z+McQpqyVn2w4hAhqfxVE9t0ZVBUDbftGpY/5MewWYt
+NzPvbPCaLbopRv5Lc44iM4kzTUWruN3U1a6gzPfE03wkAkaSfZ2inCe+EhFFMzDx
+o60XLpQGVHx8IGUastFghok3LdXzTz4A87uBrni+bEtorNkH8Kr3x3mz0/Iyi/2A
+DdW/lwIDAQABo4IBfTCCAXkwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFz
+eS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBToHn5+SJs0fieT
+F+suTkXVq7mpDzCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/1KGB
+uqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMG
+QmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vydmlj
+ZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56
+bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAP5Z
+rV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
+CTAHggVjaHJpczANBgkqhkiG9w0BAQsFAAOCAQEAWY02En6R8g/SdFpC4lYKnRZy
+CQVA6nUeCgyBD7TmgkfMOGfF9HaUeLUCoZh6xF4BkN35zXtFbjBpsp9dsP7pI6Y+
+rt193HX4ogj4hzR7UK4VSSN61Cpwwa0E5a/L9MXJN0L87wBTolGSccdYpp4+Cn/2
+N1zE6LggrlJxtFs0jyZOKM/drHJPgY64zmireSGTJxyfcf7zAAfLKLyRIMCuNwoz
+z54lwc5CoW4yB9Jl5bGdH1IlC5qvCPuKfqWk2jv6hUqcqAwZXd+cTUx4G6sDSNq6
+oc8/oq2fPqjTyyJ0D88XHbtAY05L/+aUVQB5OlveNjXe0WH82NGYLV28/rbxig==
+-----END CERTIFICATE-----
diff --git a/Kanzlei-Kiel/openvpn/keys/chris.csr b/Kanzlei-Kiel/openvpn/keys/chris.csr
new file mode 100644
index 0000000..8a1d15d
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/chris.csr
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDADCCAegCAQAwgboxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMR8wHQYDVQQDExZWUE4tS2FuemxlaS1LaWVsLWNocmlzMRkwFwYD
+VQQpExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
+b29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDq+4mWMd+R
+Zw9iXYl2t8HmvV5wQLdrZkPrUQuojNJA3e2ZIG4jTdx+qo42JDxO/M+LX61jkRAz
+TPTrkbYlporXw0BVsqpnoTfLO1MHr89CmsWgke2YQlcPRKylkuLGVszBTGWr93m1
+m2dc6dcZf4E+xqfYpkLmNP3vi+LXP4xxCmrJWfbDiECGp/FUT23RlUFQNt+0alj/
+kx7BZi03M+9s8JotuilG/ktzjiIziTNNRau43dTVrqDM98TTfCQCRpJ9naKcJ74S
+EUUzMPGjrRculAZUfHwgZRqy0WCGiTct1fNPPgDzu4GueL5sS2is2QfwqvfHebPT
+8jKL/YAN1b+XAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAW1h/JnCGSfjUzN98
+IkkgXhZHVclV0mAPNqvJSVIOlmRORxbd1RyT01C29FT1p9cKrfuhP+FED1Zh+fgA
+mw0blY9HAhtZKnKoGPsDu3yLa0ETX5ErcOQ6o/FKfi2lemGlEMabPDRLSoKgr1eX
+dB/jBCaTUrqbInVWgq7E6pP1ZSuGmBRzc2gaygF0ZWcBQbESQOdltc4MZyHKy0Oj
+E7tF5HryZSNakxV36axkUJcBVe8O9ozL5leqP8KtHXWIht29H+3dIxzfyhaaj1/t
+c+cB7luBTvScnhDuuMTBSK9in9wpNMh7D2dUSuD8d7HFXGFwqVhS2ZMjOYjiNowu
+t8xzHA==
+-----END CERTIFICATE REQUEST-----
diff --git a/Kanzlei-Kiel/openvpn/keys/chris.key b/Kanzlei-Kiel/openvpn/keys/chris.key
new file mode 100644
index 0000000..ebf79bf
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/chris.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI7NQsu8b6oEkCAggA
+MBQGCCqGSIb3DQMHBAhW4mKMiCCRkwSCBMjbNU7viyJa22yM5e45+ppZXtM68JLl
+Ql9d9mej94TSMuKgIQIeQDSQshGYJDecRMHrPbpTW/GvBDOXY/OFV+QDrB/Cp18C
+QStR0Lg9RZ5XmJ7TncB1eIFNTbAJQkRbRWZfMTT1q5aNrNWVy88xajVoX9UlsAiZ
+A1vvkBmwXTSM8l3VoHWuH7nxWOEX7R16TOcG9EwjwSCMlVsW3rqgqiTb4GtlA0kf
+t3JOLCRwgjO4uFXCUob6t9O0FzwlsGapk4LIoHZivfj1oXL1d39ibIsC7sSTNjw7
+v3CSRUfd4iMOLqGNKKtuiqdVxv88SKjKD3Au4sqowjdk+2kTOq8oCgKUn3HaiEr/
+OW3ja8pF1dW5BGmv70D1Ujk1Wst4Cp4W3VHre+D2f/YJBYNEp+ADDVI7stYSyvln
+01CBJPUnVskn3SHGtv5NLpKAEkF2LY2qZn8GENO4pKduXq8PNuAh4dcctssJ+WQr
+rCQhy52SiEus6nvEzJFdyXQT0bwrFpILSbg8s9Fn3WNnVjU1uwySl+YEZ9/VJN81
+4aPAAP3ysVqN5eTeK17RXklAkl+faC/7B07hzpMmPxm8qqo8XfergzjYGZfLwM/q
+4NzN+2iBJbs04J/oWEDWRtcizgTwduu8nKGi2s73WyhVW9GoEgMevF71MRSPqtBK
+LNHYVjdk04+Dum3KueUn+Uwfg/mLIY1QOgSnFg2AD58BjPFh7gLm78ZczG4q7Nr/
+nnBUxpnYduQ/yAfRZPU50WI9+yvPBI9+7FweUH0vWlmsH42khTCd5Ijv02zGIbf+
+pMsm49JLPLhNpgmg2jtF1TwOL1C2t+0YMeHPHQVV9pBsSMOp8peKS9hR86xPlfrN
+qHc524TKpoiym/HR3KwQWhjrvjVUsbdRW5eVO7qFTm2OB9/BERU3sgbyXNvYGZQF
+ES/T75FrDRh+ZHZIoo3i5q2/j6pQHw60zXeQz/7i+7S9dk7WWAFkzzzybsiwAbk4
+6HwdYdsnHMZ5+kPnI69mKMj2ogNAlvFlknpCSSPiQFvgONN5j1slNUy7EEAfdhuJ
+QxqN26991iE3xVD+qX4Gveqom1xjQ7rP7W6QfSrtpGckqeIa+jdhtQTYkyIBhJak
+xlhjR5+PBO0VWOQSZOTSzVTL/71j5fK+GIblLaZ8wrSuO5N6BBpZucZ2HLBBPD45
+hAkpaidhdmB8S8+0fmV5+iO7SjWguHgmfxavSqSYad09St7SD26HTgEDnaO3CVRm
+AEoEMSt/YrS9bsLF/kHYRNOM2tSNGuARAfeNDKQuvRufKmTklJJ5anu7gXWlb5av
+zDGSa/5woyBDhYOWWpnkLpHbJCvMHkiPZ036sXI+4czz5Oe3GpAfqGsGhKA6evm9
+uI/xU+WF5ohdXPRhnzc6210EPpGLQFsq2WXbIuwu7Z7pylYICn3VjkA07gNLaNYu
+nLIzrj/o3PbMs+owEgBJ+4lSOSkqGehY1tHeGlZY+zAFTg+VfB7Jtt1hK52ijPqn
+mU+s1UXORlpl6zv9amyOrAenie0DBZff4IsnIfFbvlLCncSBCRpORDfdJmgeuJZS
+Hfdamp4l1BsMjgDlD5jL0uhoTaA3lBW9E2w2+LcO6fv5NTpmSj7SKp8qhdfrnTZf
+aMg=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/Kanzlei-Kiel/openvpn/keys/crl.pem b/Kanzlei-Kiel/openvpn/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/Kanzlei-Kiel/openvpn/keys/dh2048.pem b/Kanzlei-Kiel/openvpn/keys/dh2048.pem
new file mode 100644
index 0000000..4722f66
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/dh2048.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA65veL5KM+oaBkAiw3yXGFifQF5Ex5gIPVGhxN+cPWWjAEbV/n/jx
+BDmxQ9zBfA74z6o+zqifNJxKYPeIzHOcXrZo3rXdZ8OjzIRRKNpHHJ57EnRrgjAb
+wNCFqMOshZE6CgmFcBqC52jGrcE5LIiXI3fYSGdQpB6o+tOu7AMmRdWmuuWnlFN0
+IZvI6xFxmLoKNK8/EtjFb4BMnBd9MNV1s4t7dJEos4IQ9jKvx9am4NJRTKavmbmM
+t96DPguyce/CGeBdVGKA3XEPR1MeGLGtd6r9aZC3243vRU3R23cWmAQXFJn96QNm
+Zt2f5tNA/3ep87/kFKrin1mnRAe001h08wIBAg==
+-----END DH PARAMETERS-----
diff --git a/Kanzlei-Kiel/openvpn/keys/doro.crt b/Kanzlei-Kiel/openvpn/keys/doro.crt
new file mode 100644
index 0000000..0c8ada7
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/doro.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Jun 27 23:42:32 2017 GMT
+            Not After : Jun 27 23:42:32 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-doro/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c6:3d:01:a9:e3:1e:54:11:53:26:ae:ab:33:8d:
+                    91:e4:f6:ba:08:3d:8c:37:14:83:84:97:83:e4:80:
+                    fd:04:b4:3a:f7:18:ce:d8:72:86:49:c9:f0:f4:7c:
+                    cf:66:cc:8a:3e:5e:18:12:6d:f9:2d:ac:56:17:15:
+                    0a:1c:94:62:17:f4:2e:b1:3f:81:c9:51:4f:0a:45:
+                    8e:b4:ce:0f:bf:cd:cb:c1:e8:21:7d:dc:0b:13:74:
+                    aa:5a:2f:29:3d:ec:63:13:2a:46:98:8c:ba:01:64:
+                    a6:46:83:d9:22:1d:dc:d5:f5:19:5f:0b:39:88:39:
+                    57:92:31:5a:8d:50:7e:a6:4a:ff:9e:57:77:c6:0f:
+                    65:95:1c:a6:7a:6f:9f:03:00:15:e6:50:7c:49:62:
+                    72:d8:0f:27:ea:84:f9:91:d5:b0:d2:86:23:78:bc:
+                    cb:d9:33:91:30:28:75:13:46:38:a1:ca:20:66:3b:
+                    28:58:3c:21:a9:e1:94:42:92:52:96:2d:51:16:bd:
+                    a2:d3:32:ab:95:b3:3a:92:95:b6:20:bc:d6:5d:dc:
+                    5f:a8:51:f0:d6:9e:22:ca:17:30:d1:c5:9e:f7:42:
+                    cc:d5:56:b7:e8:43:fd:b7:5d:8a:c6:40:9b:39:ba:
+                    61:42:6a:3e:3d:82:44:15:ad:43:a4:08:79:e0:61:
+                    b0:9b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                BE:2A:6F:2C:EF:0C:B1:1D:B2:48:5E:3A:68:14:9B:EF:BC:E5:E6:86
+            X509v3 Authority Key Identifier: 
+                keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+                serial:FE:59:AD:5E:BE:90:05:3E
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:doro
+    Signature Algorithm: sha256WithRSAEncryption
+         9a:3d:1f:11:18:ff:a9:0b:b0:38:95:4a:98:69:a9:76:65:10:
+         d0:5e:04:60:da:81:46:bc:44:dc:55:a3:59:4f:24:b7:27:ff:
+         c6:b5:28:10:59:b7:b9:5e:78:c4:32:d6:f2:4c:e6:aa:05:75:
+         68:e4:fa:8b:84:98:c1:65:1b:f5:f5:1a:a6:66:3e:a1:27:58:
+         8b:ad:e9:b1:6e:e9:e4:92:08:96:18:ac:c1:d6:48:33:45:18:
+         14:f9:75:75:3b:a1:2b:4f:23:4d:de:34:0b:6e:a0:95:25:fd:
+         8b:89:d9:d6:dc:47:b1:c5:35:d1:ac:8b:29:a8:95:f3:a4:c0:
+         54:a0:7e:15:97:de:6d:4a:27:98:af:e2:0c:4c:28:94:b8:ab:
+         15:2f:0b:29:32:13:2c:ae:46:c1:52:87:88:8c:43:a4:47:b5:
+         b3:85:68:57:de:5a:95:a8:c6:69:56:07:52:15:6b:88:67:27:
+         3a:23:36:57:8d:c9:e6:76:75:06:fd:00:e9:f8:d6:b0:d9:d0:
+         4e:4d:9c:4b:8a:1f:84:fd:86:19:52:d9:9c:0d:30:cf:65:c5:
+         df:d8:b8:90:9b:7e:01:cc:07:ae:94:16:15:df:40:22:68:70:
+         c1:4d:3c:f0:e5:93:2a:d8:8e:4e:bd:13:09:0f:eb:ba:c1:f0:
+         9b:ae:67:97
+-----BEGIN CERTIFICATE-----
+MIIFaDCCBFCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
+bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
+CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzQyMzJaFw0zNzA2Mjcy
+MzQyMzJaMIG5MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
+EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
+aWNlczEeMBwGA1UEAxMVVlBOLUthbnpsZWktS2llbC1kb3JvMRkwFwYDVQQpExBW
+UE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4u
+ZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGPQGp4x5UEVMmrqsz
+jZHk9roIPYw3FIOEl4PkgP0EtDr3GM7YcoZJyfD0fM9mzIo+XhgSbfktrFYXFQoc
+lGIX9C6xP4HJUU8KRY60zg+/zcvB6CF93AsTdKpaLyk97GMTKkaYjLoBZKZGg9ki
+HdzV9RlfCzmIOVeSMVqNUH6mSv+eV3fGD2WVHKZ6b58DABXmUHxJYnLYDyfqhPmR
+1bDShiN4vMvZM5EwKHUTRjihyiBmOyhYPCGp4ZRCklKWLVEWvaLTMquVszqSlbYg
+vNZd3F+oUfDWniLKFzDRxZ73QszVVrfoQ/23XYrGQJs5umFCaj49gkQVrUOkCHng
+YbCbAgMBAAGjggF8MIIBeDAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
+LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFL4qbyzvDLEdskhe
+OmgUm++85eaGMIHpBgNVHSMEgeEwgd6AFE6CHhSB65vIcSyxImiQv+7Z1P/UoYG6
+pIG3MIG0MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEZMBcGA1UEAxMQVlBOLUthbnpsZWktS2llbDEZMBcGA1UEKRMQVlBOIEthbnps
+ZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA/lmt
+Xr6QBT4wEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQI
+MAaCBGRvcm8wDQYJKoZIhvcNAQELBQADggEBAJo9HxEY/6kLsDiVSphpqXZlENBe
+BGDagUa8RNxVo1lPJLcn/8a1KBBZt7leeMQy1vJM5qoFdWjk+ouEmMFlG/X1GqZm
+PqEnWIut6bFu6eSSCJYYrMHWSDNFGBT5dXU7oStPI03eNAtuoJUl/YuJ2dbcR7HF
+NdGsiymolfOkwFSgfhWX3m1KJ5iv4gxMKJS4qxUvCykyEyyuRsFSh4iMQ6RHtbOF
+aFfeWpWoxmlWB1IVa4hnJzojNleNyeZ2dQb9AOn41rDZ0E5NnEuKH4T9hhlS2ZwN
+MM9lxd/YuJCbfgHMB66UFhXfQCJocMFNPPDlkyrYjk69EwkP67rB8JuuZ5c=
+-----END CERTIFICATE-----
diff --git a/Kanzlei-Kiel/openvpn/keys/doro.csr b/Kanzlei-Kiel/openvpn/keys/doro.csr
new file mode 100644
index 0000000..97c251b
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/doro.csr
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC/zCCAecCAQAwgbkxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMR4wHAYDVQQDExVWUE4tS2FuemxlaS1LaWVsLWRvcm8xGTAXBgNV
+BCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBv
+b3Blbi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMY9AanjHlQR
+UyauqzONkeT2ugg9jDcUg4SXg+SA/QS0OvcYzthyhknJ8PR8z2bMij5eGBJt+S2s
+VhcVChyUYhf0LrE/gclRTwpFjrTOD7/Ny8HoIX3cCxN0qlovKT3sYxMqRpiMugFk
+pkaD2SId3NX1GV8LOYg5V5IxWo1QfqZK/55Xd8YPZZUcpnpvnwMAFeZQfElictgP
+J+qE+ZHVsNKGI3i8y9kzkTAodRNGOKHKIGY7KFg8IanhlEKSUpYtURa9otMyq5Wz
+OpKVtiC81l3cX6hR8NaeIsoXMNHFnvdCzNVWt+hD/bddisZAmzm6YUJqPj2CRBWt
+Q6QIeeBhsJsCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCemhex89Bim//Ou26k
+1Yi9FGq3F4nayTfXRshqdGV/PRL7VsCZX3pkrt1cdVvCBP7limZpp3od63CyOR+9
+bQemL8U5oIFygNQ2jGSw+2HqzcOVuhAr4w20udCf1VWdcD2LdjjPEvcgRldEBiTN
+5yEK7Ln0ZZfZxI0fRJngsNjtvzqeZyOIRb6Swt2jtwc97uc9OKo/ZrQCnEm23vyI
+rA1g0SzqwZBAtaUhVbPQte5SmuvYpqhpB8IHZVnO1V4y0EIEeZdpELiFB0t/a6qe
+hwstnn00ovcLUE0vFgwjKbZBhSfkziUzzCgVjfbECC/wIl+QQtl6iNYlK6bjKKy6
+tHe+
+-----END CERTIFICATE REQUEST-----
diff --git a/Kanzlei-Kiel/openvpn/keys/doro.key b/Kanzlei-Kiel/openvpn/keys/doro.key
new file mode 100644
index 0000000..9521da3
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/doro.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIvNHp38mi5asCAggA
+MBQGCCqGSIb3DQMHBAijnDzI3KVJNgSCBMj1yRY6UmdvI/CpJOZ6b2GsUFF6qAga
+w4BkahAck3p+VZDpYmXdO6t55U2vSty/SoiKWAUrFPnhtHqpo0g6Bo7JNysjmg0T
+elf/+QJpAOYcJfRpBdDx9ct5R2oieYtUXGwIXEwD5YAAWPRnrSqlVqEK6Q2yhIvg
+uqEkGQwIVh4S/32FLUleU6g/DrbgZUPhUlmuH78rJFAGMN+8OGXErY0vyHFJDQoy
+Xf10tUA/34193Bqij4UxnDuS7ysKUZcoqFq73NIr53+Hlvkl+1dfoo8yU4VFf/nQ
+Eh16pDpT4lIFI5IWXsjyAzM8ZpkX2siLHuGIl7lPYCo8biwY3Cc49csspdW1XET6
+1kGxQnX4HjqzKsQ8XNNvR4glFbEPd9fdF/wXudBmie2vljDi22vDXhnToMQYuGIc
+nabSSK7khaFu1X4kdFAiEtNnr0PkPPFVi5l08IPa86mMGIAcZ4x20yumpKsdakUM
+oCxEA2eUlWfQSMfwaMTSHDjAG27ouy0r69bwPcOXrvRMw6Z0H8rVRHxIYbys2JJj
+KWGoJAI2+fcGuEDKv5YUaOj72AttwfRPXOZwZveLrHuVxbWlFnYf9NdjGxbuxq+4
+3qfpSM++Kc559Pt16C6bar5u+gY3cRrXORBMUXOQ6Zs6Zwfw5mNNPneX15puEYc0
+72F3Qknxh72Sooi7VMJHkNFa2lvf2uciBURivTUy/YfpC+tXVyePtlRdSDyDnj2T
+Qg6no9L0kh/EMUmbOLVo7w9XLQ7Z9PRirEam8/JkoGVX8d03cfeMlri6xhhs/GKs
+4YwoMEA2TsH61Kk3j/BthjO9r/Sowa9aX2wgHxNblYUxOBmVIYBKVI6qMKjqH0ua
+geEo3yOYaIA3Nz8M38boyuhReMx3Tuy0SIHvQU4eVsoobWockC+njS9uDV5UBiUC
+AcGcdgBOZKSGNMjVSRpJHZQR66dPgGj3gbikmBIx6vjo5pXtN4TFBt216g6m5oDM
+tvm0yMB9HWceZstmk3Y0NzJ15bEVDy9uzWGPtKaZewO1kgf5GSArdrxwAB+s5SD5
+Qzo2s99OGOaO0oMGidQnuNgRqjpfTY/KMk6lBmJRQZ0+kUybZcoj40lYrFMVL0P/
+SoLQYJF8OHVZ0fqXM7v/e6lHqAc3NyyGktr0iMueHETPasyVCs55w77JEj0GleMB
+jueQ6G1jxkixlIma5kJKCzaileMzFewrWb72bS6zGcH+JSMqmISD7AMWDiuPXp7M
+rXZXgJ2N2Sp5azBYvfOGtYaiiDH8avGVem/MW5q0s3FtfT7JaycE20HLx69P5TFH
+ATRUtsoMU9QnnWwH6QN8S0tcB1pgRm3tJzoIWqYtau3EPwmll13GA+IqwaQHzlUj
+ftf6Wtc1R+khK5Eq5y7TUyfrwzDSF1duTtg/5mkrZ916Lnu+QPJ+TJ738eOB6fqZ
+1JW1UnxsizHpUMZWdPxQEjRWfRZpcjHK2D2CIipxLNfxo/W/85DG4MvACv71JErV
+CYL4Pc7Kuf9rXI6TzE9GPYUxMQrFWX3Hesb+fDAsKRCLJBoBqeS4eE8b2V8Mq5zV
+Uhd0TPZkk1VFDUFJBTyRW8skxjM/Vmi6fmIYW80hJUvLHtOJIQFg6+n7pnb/HPFn
+e7o=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/Kanzlei-Kiel/openvpn/keys/gw-ckubu.crt b/Kanzlei-Kiel/openvpn/keys/gw-ckubu.crt
new file mode 100644
index 0000000..cded62e
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/gw-ckubu.crt
@@ -0,0 +1,99 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Jun 27 23:24:59 2017 GMT
+            Not After : Jun 27 23:24:59 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-gw-ckubu/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:cb:3a:12:41:57:f6:08:8a:9d:c8:f2:7d:de:eb:
+                    9a:0a:05:44:82:28:16:30:bf:be:20:50:93:61:6f:
+                    a4:ed:ae:61:dc:2a:4b:61:03:a8:c5:c1:86:c2:88:
+                    34:66:c7:49:3d:61:59:e9:d0:88:d3:ad:af:8d:92:
+                    c8:5a:ad:a6:4d:0b:38:41:b1:85:61:34:8e:94:56:
+                    55:d4:05:85:02:5e:6d:cc:3d:81:26:1d:93:04:0a:
+                    38:d5:c0:93:22:00:93:bd:dc:1f:9b:af:1f:78:1c:
+                    f1:2c:b0:11:7e:4e:cf:62:8b:ce:7e:e2:bc:b3:8e:
+                    af:a9:c6:cc:f3:40:a2:30:d6:a0:4d:9e:3f:54:5e:
+                    74:35:67:3b:c5:78:ef:f5:9e:b1:39:fc:ad:71:13:
+                    e9:84:cf:11:55:78:59:49:26:e9:1e:35:62:66:8b:
+                    d2:f8:d7:19:94:31:5f:28:6a:69:25:a1:f7:c7:23:
+                    82:d3:48:e9:58:2d:b9:a7:8d:41:6e:dd:3b:cd:27:
+                    16:bd:6c:4d:7b:35:62:fd:b7:5a:90:ce:bb:6d:31:
+                    c7:53:b0:df:aa:08:eb:69:d5:11:c6:66:58:8d:02:
+                    61:79:bb:a0:fd:fd:8d:5f:67:26:8b:a2:d6:09:e5:
+                    78:e2:f0:7a:2f:f4:98:ec:98:7a:a8:5f:f3:64:c1:
+                    82:65
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                19:56:3C:B0:C3:18:52:DE:13:D0:D0:A6:B9:FB:E2:71:73:EC:63:2B
+            X509v3 Authority Key Identifier: 
+                keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+                serial:FE:59:AD:5E:BE:90:05:3E
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         bb:0b:05:a8:4c:67:80:ce:29:fd:b2:8f:9a:e9:3b:e4:40:9d:
+         9d:96:27:46:0b:4e:cb:0e:48:9f:4e:78:b4:fe:5c:93:f2:54:
+         c6:55:c2:18:7a:b0:c9:6f:f5:8b:a5:e6:87:0a:0d:75:23:6f:
+         cd:a2:32:d6:89:39:ad:46:3c:27:e2:cd:5d:8a:6f:7b:6a:43:
+         65:60:9d:9c:22:a8:34:52:a7:29:f4:c4:ba:65:18:86:70:6d:
+         82:09:d5:b1:4b:7d:f4:1d:5d:9f:a3:89:36:6b:62:7b:01:ea:
+         41:76:4e:22:b2:8e:b9:b7:70:e1:9e:76:d8:f9:f7:0f:67:1f:
+         fc:cb:71:4a:af:aa:60:91:15:f4:df:52:2b:c6:1e:3e:63:87:
+         cd:86:1f:52:fb:73:9f:20:d3:77:20:41:c2:fc:b7:34:93:6e:
+         8f:6f:55:3f:9f:e9:17:1d:23:63:84:d1:55:94:bf:b8:9d:46:
+         f4:d9:bf:1c:09:99:b4:dc:d0:b1:65:d0:3b:d6:94:8a:fd:78:
+         c4:b3:d9:52:24:6d:88:56:f9:ff:bb:d9:c3:c8:0c:3d:b6:60:
+         ae:5d:2c:3a:79:2d:fc:3c:46:05:a1:9d:e7:ba:07:f7:f2:48:
+         88:1b:21:36:49:72:9a:e2:a9:6f:ca:84:89:f6:83:ea:0d:b1:
+         d1:95:1f:16
+-----BEGIN CERTIFICATE-----
+MIIFcDCCBFigAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
+bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
+CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzI0NTlaFw0zNzA2Mjcy
+MzI0NTlaMIG9MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
+EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
+aWNlczEiMCAGA1UEAxMZVlBOLUthbnpsZWktS2llbC1ndy1ja3VidTEZMBcGA1UE
+KRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9v
+cGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzoSQVf2CIqd
+yPJ93uuaCgVEgigWML++IFCTYW+k7a5h3CpLYQOoxcGGwog0ZsdJPWFZ6dCI062v
+jZLIWq2mTQs4QbGFYTSOlFZV1AWFAl5tzD2BJh2TBAo41cCTIgCTvdwfm68feBzx
+LLARfk7PYovOfuK8s46vqcbM80CiMNagTZ4/VF50NWc7xXjv9Z6xOfytcRPphM8R
+VXhZSSbpHjViZovS+NcZlDFfKGppJaH3xyOC00jpWC25p41Bbt07zScWvWxNezVi
+/bdakM67bTHHU7DfqgjradURxmZYjQJhebug/f2NX2cmi6LWCeV44vB6L/SY7Jh6
+qF/zZMGCZQIDAQABo4IBgDCCAXwwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYe
+RWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQZVjywwxhS
+3hPQ0Ka5++Jxc+xjKzCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/
+1KGBuqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
+BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
+dmljZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBL
+YW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJ
+AP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNV
+HREEDDAKgghndy1ja3VidTANBgkqhkiG9w0BAQsFAAOCAQEAuwsFqExngM4p/bKP
+muk75ECdnZYnRgtOyw5In054tP5ck/JUxlXCGHqwyW/1i6XmhwoNdSNvzaIy1ok5
+rUY8J+LNXYpve2pDZWCdnCKoNFKnKfTEumUYhnBtggnVsUt99B1dn6OJNmtiewHq
+QXZOIrKOubdw4Z522Pn3D2cf/MtxSq+qYJEV9N9SK8YePmOHzYYfUvtznyDTdyBB
+wvy3NJNuj29VP5/pFx0jY4TRVZS/uJ1G9Nm/HAmZtNzQsWXQO9aUiv14xLPZUiRt
+iFb5/7vZw8gMPbZgrl0sOnkt/DxGBaGd57oH9/JIiBshNklymuKpb8qEifaD6g2x
+0ZUfFg==
+-----END CERTIFICATE-----
diff --git a/Kanzlei-Kiel/openvpn/keys/gw-ckubu.csr b/Kanzlei-Kiel/openvpn/keys/gw-ckubu.csr
new file mode 100644
index 0000000..2af6084
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/gw-ckubu.csr
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDAzCCAesCAQAwgb0xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMSIwIAYDVQQDExlWUE4tS2FuemxlaS1LaWVsLWd3LWNrdWJ1MRkw
+FwYDVQQpExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1h
+ZG1Ab29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLOhJB
+V/YIip3I8n3e65oKBUSCKBYwv74gUJNhb6TtrmHcKkthA6jFwYbCiDRmx0k9YVnp
+0IjTra+NksharaZNCzhBsYVhNI6UVlXUBYUCXm3MPYEmHZMECjjVwJMiAJO93B+b
+rx94HPEssBF+Ts9ii85+4ryzjq+pxszzQKIw1qBNnj9UXnQ1ZzvFeO/1nrE5/K1x
+E+mEzxFVeFlJJukeNWJmi9L41xmUMV8oamkloffHI4LTSOlYLbmnjUFu3TvNJxa9
+bE17NWL9t1qQzrttMcdTsN+qCOtp1RHGZliNAmF5u6D9/Y1fZyaLotYJ5Xji8Hov
+9JjsmHqoX/NkwYJlAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEANX/XLGR0DYwR
+3r9pIWy6Y1EzF5oS+eP2dz0abeUWHp39/lhc6CSGQROoFUk1klUR8f2E8At/qTR0
+OVBrutEZkQI77s7G9QItdpTV8yEoXeZd34h15fh78LRGfa94SCWHpCkZgD11Y60G
+Tcju1sbCdg7lZE6HUjwOED83sosBlcTgwCeoPwHprvbNWCt/zwACUezzaZpgnGEs
+h/MHvuHr/c4oqgoil3sE1gcS/MyZbXQUyZlVivdqQgx4EEkt1J5FpxZZb/185IxA
+/eZqVhf598agAcWrBA+Vg3WKegUiTYB3ZKHAQ4D025KThDAR3aK6LPo8prKmIp2D
+OTZYm+w1/w==
+-----END CERTIFICATE REQUEST-----
diff --git a/Kanzlei-Kiel/openvpn/keys/gw-ckubu.key b/Kanzlei-Kiel/openvpn/keys/gw-ckubu.key
new file mode 100644
index 0000000..6c2de6a
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/gw-ckubu.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIgzdhh+GFVpkCAggA
+MBQGCCqGSIb3DQMHBAhQnYHUELQpXASCBMicbtCdvVEgK+pV8reDVVuacqqeIwQV
+OIa/MCryNPukqS0P10WT6SLzIN2c/A3jVAmHbm+E5Zvk6bX5LmmAIClEulVnZsbV
+qeXz/jlbKBZAj4hYVmvUfKMQUj99Hnn6JdGfEgvYauQIzhwujHvAyV7kfXufEQxj
+kUrE5U97HPfbVj4f2kUNNcLU3gSX91ILoO5lGDUcTpceYQXO00EI0ftsdHp+qKgc
+7kJ/ntt779n72r99BaFMXZ5V/DSuQeNvKE98+PIRQF1ffDW/aJZq1B1MUJC83esO
+VC2Fxg3ZNRNTcyQXC2MzQ7ZLkQWdPOsElcZ1NDqrEXUQtbrVfNCjuFvPPNeorld0
+3uLFOytLv0OTc/AMDmEFGMap8XmWBK4g63Rhi3WIwxECYp6+s7uFu5VC54poD0Fm
+aerMKnVadW9FbH69Oe5+hfhRlJ6N/H5Wp5XMCl2ttzSFcZhiiufuTjaxUgAF2vLP
+xKtrQAIQkOZJabeGrJR8zzIN/FsziWh8xHbnl3aO6gXS5SDpIypBADEvc2aibEAC
+DhJkCasUTzETpZVdRfBD2CHXk0krg2HHo3HUyw8nb4aZg9EbbMiLK113hWDCr2z3
+evhJzaTdZUvJlgNGTcLOd1ZgLpwXIil4r54LsT4A1skZ7CNgO1zVzxo/sBZ9V5J/
+PMdhTmPeqFXwHp6cA0+Cr4r0oqEBbJ0OjjwtXA8RvbTDBkKi3Bq0YgudSoJ6mgt/
+SwlsiL+FFQWnhhgWMfXXS7qEzTgHgkBM7AgupJYo2VqU/pcLOxSvbLs35MMj2cij
+Bj12/78AqHDGEwlAhyD31ndTC4Lbpy/VcBcDi7RByXPgHH2R79qXuS1WQJD5Y2CT
+UvkCFLCz+zlxyMFzRhJ+rTXPiCQTwtrnMRYmZTR+YyPa/nJcXJ5OH7aq6ypuP50C
+IeeBci5fEuiBqEH1QPmUx/ByMXVhybxUnuN0V0u4TtJJOzQrXKDz3tulklVBFFp2
+MFTU+20jAMxVmVHz03fCORZSjKShubS8AJR823lXXlW0CtcwErRqjyJyxk4svnJ9
+bRENRA+5G329kCxGm04AO4po+NCf1w08wRTJsTE9GRzDKu3i27J5jf8SxfzbCX+5
+isjOyhEgnTkM3fMWRk9t4ZSsKIg+BqwtwYQJq1AI6Now3FhxfGt+0jfO43jBOa8u
+5LnTO9uZzJL1Go0LjsFS2kL6MGQ6wYtsG0Rl2KpUtuzZgph7BHbxUMYY1UUES8tp
+S1fC9u3NIb/E4179WHzle5wBbUEZtHXxbfWzIi9fwQSKgJ3LPsjaVEjPknpzy9Sv
+sfZKsef78D9XynCAyqP4GU1nvpLaZ8+SGPiuvXc1kjHgrUm06stmvXG4Tsxiv0Ag
+aORlceD+G4tUms67AkeBWTZ+wTKukN6dfgbZqQxSC6ut0JkkDdoMOdSAl2E88XXj
+/vJHw4YdaKsCuxcL7nVIX4fiL8E8Vr/haqmaj9xBvkXorqtpPHWiyn4+aW1ZVONe
+1+kioFYClC3faJTQA1oFPfUcq38HNtLtHHh4e/JtjnYH2WE4C3vZCkEnZ60KwVh2
+7S/Sc7lu5UEyCkiKudCfX59vWRpxrzBcLy6rlncqtpWtipQjBLU24mihofJvKRBO
+qAg=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/Kanzlei-Kiel/openvpn/keys/index.txt b/Kanzlei-Kiel/openvpn/keys/index.txt
new file mode 100644
index 0000000..0ea35da
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/index.txt
@@ -0,0 +1,6 @@
+V	370627231701Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-server/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+V	370627232059Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-chris/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+V	370627232459Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-gw-ckubu/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+V	370627232640Z		04	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-axel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+V	370627233437Z		05	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-pc-hh/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+V	370627234232Z		06	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-doro/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
diff --git a/Kanzlei-Kiel/openvpn/keys/index.txt.attr b/Kanzlei-Kiel/openvpn/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/Kanzlei-Kiel/openvpn/keys/index.txt.attr.old b/Kanzlei-Kiel/openvpn/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/Kanzlei-Kiel/openvpn/keys/index.txt.old b/Kanzlei-Kiel/openvpn/keys/index.txt.old
new file mode 100644
index 0000000..7c4ced3
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/index.txt.old
@@ -0,0 +1,5 @@
+V	370627231701Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-server/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+V	370627232059Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-chris/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+V	370627232459Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-gw-ckubu/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+V	370627232640Z		04	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-axel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+V	370627233437Z		05	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel-pc-hh/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
diff --git a/Kanzlei-Kiel/openvpn/keys/pc-hh.crt b/Kanzlei-Kiel/openvpn/keys/pc-hh.crt
new file mode 100644
index 0000000..721992a
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/pc-hh.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Jun 27 23:34:37 2017 GMT
+            Not After : Jun 27 23:34:37 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-pc-hh/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a8:75:0a:f0:f5:5e:f2:5d:05:60:43:b9:b5:10:
+                    e4:0f:19:fc:2b:bb:59:d0:b9:59:6e:f0:f5:88:ec:
+                    5b:2d:6b:97:6e:2c:a1:c8:40:bd:03:23:0d:90:69:
+                    22:2c:4f:4c:a1:2a:e9:29:a7:8f:c7:0b:b8:f8:04:
+                    3e:2b:7c:1e:14:a8:4f:d7:32:1e:dc:cd:4f:31:f5:
+                    80:51:5a:1f:2e:f3:01:3a:c1:3a:8a:ab:ef:8e:41:
+                    e3:09:7f:9a:4c:a7:11:e2:c8:e1:5d:9c:6f:57:31:
+                    ad:ed:28:c7:70:8a:2b:c5:3f:bf:28:e5:aa:f8:41:
+                    22:fa:8b:4d:35:10:4a:0c:42:9f:83:6b:f2:05:6b:
+                    84:36:59:88:e9:f6:f0:43:64:e6:9a:9b:a3:37:26:
+                    a9:33:93:03:4f:71:16:d4:29:ce:c6:ea:e8:af:34:
+                    98:33:ec:1f:23:80:97:93:be:2a:97:f0:38:3f:a9:
+                    bc:40:60:73:24:c5:ef:25:bd:64:39:6e:b6:d6:75:
+                    a2:11:0a:d2:5e:5a:8b:2e:8c:f5:84:2e:bd:16:b1:
+                    16:f7:1e:9b:bd:04:00:27:e1:15:45:60:f9:86:58:
+                    70:39:eb:1e:4e:93:cf:0a:7b:39:44:33:50:74:83:
+                    a6:b6:30:43:c8:af:cc:0a:bf:66:ad:22:c8:3f:81:
+                    35:d7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                7C:B4:73:C3:8B:56:98:7E:8A:0C:20:58:7D:94:1B:B6:D8:56:83:C5
+            X509v3 Authority Key Identifier: 
+                keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+                serial:FE:59:AD:5E:BE:90:05:3E
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:pc-hh
+    Signature Algorithm: sha256WithRSAEncryption
+         a2:54:ef:2a:43:8d:28:8e:06:72:42:61:e2:a3:0c:1f:d9:a9:
+         7b:78:70:0c:9b:24:ad:8b:a6:db:27:4c:e9:d9:de:ad:fe:fd:
+         d4:dc:3b:ec:2c:dc:3d:29:7c:03:0c:da:1f:c3:f7:f4:63:e1:
+         c6:3a:a1:9a:a4:0d:34:06:58:ab:e2:62:3f:9b:9e:ae:77:56:
+         f0:1e:a3:00:dd:7e:20:7f:95:5f:5d:19:65:a8:4f:a7:1a:04:
+         84:c7:8f:a9:b8:c3:3b:f9:1c:d9:0b:2f:03:a6:fa:c9:cb:60:
+         92:d5:80:cf:d1:12:d6:0f:80:e7:23:2c:ed:f6:1e:50:1d:2d:
+         c2:5f:72:bb:fa:54:99:43:aa:e1:a4:78:cc:5a:32:be:1b:e8:
+         02:f5:ad:58:29:c9:a8:ca:f6:e4:e7:47:ad:9e:7f:83:42:4f:
+         cf:dd:ea:95:00:1b:bf:c7:00:92:b1:1e:d4:e3:ae:19:f3:5f:
+         00:5d:d4:46:ca:84:82:1e:db:c2:2d:07:ab:30:1c:7e:a4:79:
+         c7:9c:2d:6e:3c:22:d3:a2:cf:2b:ad:75:81:0b:3a:f6:c1:71:
+         9e:cb:39:14:17:c8:f2:a0:0e:ca:86:51:75:a6:35:c9:70:3b:
+         b7:45:e7:a3:81:35:99:77:94:26:42:a3:84:92:75:45:60:bb:
+         93:ec:6b:b7
+-----BEGIN CERTIFICATE-----
+MIIFajCCBFKgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
+bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
+CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzM0MzdaFw0zNzA2Mjcy
+MzM0MzdaMIG6MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
+EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
+aWNlczEfMB0GA1UEAxMWVlBOLUthbnpsZWktS2llbC1wYy1oaDEZMBcGA1UEKRMQ
+VlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVu
+LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHUK8PVe8l0FYEO5
+tRDkDxn8K7tZ0LlZbvD1iOxbLWuXbiyhyEC9AyMNkGkiLE9MoSrpKaePxwu4+AQ+
+K3weFKhP1zIe3M1PMfWAUVofLvMBOsE6iqvvjkHjCX+aTKcR4sjhXZxvVzGt7SjH
+cIorxT+/KOWq+EEi+otNNRBKDEKfg2vyBWuENlmI6fbwQ2TmmpujNyapM5MDT3EW
+1CnOxurorzSYM+wfI4CXk74ql/A4P6m8QGBzJMXvJb1kOW621nWiEQrSXlqLLoz1
+hC69FrEW9x6bvQQAJ+EVRWD5hlhwOeseTpPPCns5RDNQdIOmtjBDyK/MCr9mrSLI
+P4E11wIDAQABo4IBfTCCAXkwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFz
+eS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBR8tHPDi1aYfooM
+IFh9lBu22FaDxTCB6QYDVR0jBIHhMIHegBROgh4UgeubyHEssSJokL/u2dT/1KGB
+uqSBtzCBtDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMG
+QmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vydmlj
+ZXMxGTAXBgNVBAMTEFZQTi1LYW56bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56
+bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAP5Z
+rV6+kAU+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
+CTAHggVwYy1oaDANBgkqhkiG9w0BAQsFAAOCAQEAolTvKkONKI4GckJh4qMMH9mp
+e3hwDJskrYum2ydM6dnerf791Nw77CzcPSl8AwzaH8P39GPhxjqhmqQNNAZYq+Ji
+P5uerndW8B6jAN1+IH+VX10ZZahPpxoEhMePqbjDO/kc2QsvA6b6yctgktWAz9ES
+1g+A5yMs7fYeUB0twl9yu/pUmUOq4aR4zFoyvhvoAvWtWCnJqMr25OdHrZ5/g0JP
+z93qlQAbv8cAkrEe1OOuGfNfAF3URsqEgh7bwi0HqzAcfqR5x5wtbjwi06LPK611
+gQs69sFxnss5FBfI8qAOyoZRdaY1yXA7t0Xno4E1mXeUJkKjhJJ1RWC7k+xrtw==
+-----END CERTIFICATE-----
diff --git a/Kanzlei-Kiel/openvpn/keys/pc-hh.csr b/Kanzlei-Kiel/openvpn/keys/pc-hh.csr
new file mode 100644
index 0000000..e7e339b
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/pc-hh.csr
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDADCCAegCAQAwgboxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMR8wHQYDVQQDExZWUE4tS2FuemxlaS1LaWVsLXBjLWhoMRkwFwYD
+VQQpExBWUE4gS2FuemxlaSBLaWVsMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
+b29wZW4uZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCodQrw9V7y
+XQVgQ7m1EOQPGfwru1nQuVlu8PWI7Fsta5duLKHIQL0DIw2QaSIsT0yhKukpp4/H
+C7j4BD4rfB4UqE/XMh7czU8x9YBRWh8u8wE6wTqKq++OQeMJf5pMpxHiyOFdnG9X
+Ma3tKMdwiivFP78o5ar4QSL6i001EEoMQp+Da/IFa4Q2WYjp9vBDZOaam6M3Jqkz
+kwNPcRbUKc7G6uivNJgz7B8jgJeTviqX8Dg/qbxAYHMkxe8lvWQ5brbWdaIRCtJe
+WosujPWELr0WsRb3Hpu9BAAn4RVFYPmGWHA56x5Ok88KezlEM1B0g6a2MEPIr8wK
+v2atIsg/gTXXAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAW4FTknRBM68NfbMf
+8aMh0tfvSo69el5G62J4c62Lmbeu9tGcdjDhFOloHkkKG2ZqYw1NjSn/YvWKodIn
+1JlGkVORZK+yXKTZcBpM2QmAr2S+/+TU9pyC6hNCsIPkelkTvJT01ro91/Q/WIHI
+J+ZLE/eIF7NYMlLdM5hZBqjKRPt6m01xcb59kW5StyuwXOP0YVfuAbN0qlOnsCI5
+yJKFOzJLXBnk1oVVx78hW0A5IuksbPWwnqcD5UVlMD7d7xWyOLsusgZYdVY+okug
+fVgQkep1b6u1jLvjjWaj2tWWLR0umhnYnd/zMaXtwoBw4+dpeTRtEc4vOTYN/R/X
+qTD0xg==
+-----END CERTIFICATE REQUEST-----
diff --git a/Kanzlei-Kiel/openvpn/keys/pc-hh.key b/Kanzlei-Kiel/openvpn/keys/pc-hh.key
new file mode 100644
index 0000000..80b5037
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/pc-hh.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIefX2XmGgePsCAggA
+MBQGCCqGSIb3DQMHBAizPSbL1LAAGwSCBMgzSc0NUQFg5MHzG3x32yPhfeSpB/vI
+voJVf+8AiWccB+eCqLuvOPJGXw+0LUXnyTmQ0oFu+Tg870FjwIr/nan76rBwFIGj
+5dTKAtY/Wz8FG0l7VkdSIorI7jLON5xsmmYH1WqB2pEGD2SNrw8rJEzb+Gq2EzHt
++jeAJzXkfUPjTqNpDhHLZbEof/egtm08VbSrblnnyd+vQqemFyhTTqjGtkSlTtrK
+LKS8e7m75AdW02Gl+2misibi0esHeVKBFW1OhXPtw9tmWIDNFAOX99BzVLiJNGxK
+SMitMZf6Z3toWoyiov0ijGkKg/MmLDfHsakGg46Pauu2e4C7/oNJnX3V+RAoqNfk
++nJ61AX/951mGDepgnnDTQaQMlOFWyfn0eIGbwTP6OTB5Mh5vRhqtYrZkWn27Nsb
+6ai3eR17D56H0IEQhGx6mXgzGJgkDvmd1UvFeDow/yy5uk6Ex1igYGGTXs6l52Lx
+RAb0jZBKEHp/x2d0q7b0tgr8t53FiWY5jLnqr+0SyYmEmtUdR8nMRB817l+L9qYx
+b9D0VGeIvYgDmrxRBaLB53psXjJpd2/GevEJxQ3MkHGf19pX8E20IeEdXTK00lrm
+m0ZZVwkb6ryF1vSKDXatDYBf3ZClRbwyveMcmCxvqJcJ6GPKduviJAcPIz3ZPIlG
+SxWxwH5fpAQN600hUFwFYRscLxywGavT+byawq8ErfnVHSH5Jvn9HWQjtbOdz7tx
+apy1/uLK3pCB03cGniFU6wRxJSxnZXob861cxtk9dbpHelQBIkiBQSDrKzFsGk7E
+UbDs9YtTnAq6OwonJcYuhpeappR4KrYIsUAC4SsLE6hPMv9+FQohnYL8LmtxhQdd
+2FWEdcRkIzInRDPceEXoS3aOUmbsn6fx5A6v0R96bAPu0fYXhQyJmVAa+fH7blgF
+8auDxPusYwiufjduA3GriPl33YiUz18ere7gbwU/dFEHbsONnOLykGsKmOvB+YzW
+zj07vW+xViEglA4IV0q57Q3vxnm3NjVvmT2gHZ7G9CRQsiLrDVYQl8FC7c6kf8vJ
+XaKHZW6xs0y5vlACrDj7oLHgSz2C3XA1bxgAUBMpqYpSe5MHtogbmMOsjBA4eAvF
+nNxXQiiJzXilupZFejmkdnSnyVcBbPGEuS2kplqj72NxEVK3UoQsdJUoZ5/JjqnM
+oWA32lsJDPhyFQ0yD/GvMwiM2CkfQ2j8HByNZhrPjCXFu2upeSuz7o7kukrFK694
+A38/WByvnuUXB1dAY/NEYNn28LAZTwmKlEFW6m3EpURgxU8WV2RftEvPLekg6gCq
+QleA4dQI0wZ65kAS8uF3iw+iPfhbH/aUJfR2lbM4W/lBUVuUKseCacRZZj5TXMu9
+KahEkcZlDMOkt/vlpT7OencH+yoXMQWfSe34KS7d5EtGxBjTy7PiSSPN6dZqeygo
+Lc7rnuNgXwGDtTZpIRyfbnwQoyRkLh+Jx9X3w/dzldGOd0e5R6hjoK0VqwGbYqpQ
+Q2faURn4pB3kmPIOa5i2hqd9GSb9HmZAtxe7+Aka7Yb0rfn9o6i9TCISnaq2NkPg
+wQZSKrboaydEmjWqzMn1LHlPXHI+OOpmgLPbENccx+Gj/VDN+qt+Rpdif1TJckMK
+5XM=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/Kanzlei-Kiel/openvpn/keys/serial b/Kanzlei-Kiel/openvpn/keys/serial
new file mode 100644
index 0000000..2c7456e
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/serial
@@ -0,0 +1 @@
+07
diff --git a/Kanzlei-Kiel/openvpn/keys/serial.old b/Kanzlei-Kiel/openvpn/keys/serial.old
new file mode 100644
index 0000000..cd672a5
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/serial.old
@@ -0,0 +1 @@
+06
diff --git a/Kanzlei-Kiel/openvpn/keys/server.crt b/Kanzlei-Kiel/openvpn/keys/server.crt
new file mode 100644
index 0000000..4d0e185
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/server.crt
@@ -0,0 +1,101 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Jun 27 23:17:01 2017 GMT
+            Not After : Jun 27 23:17:01 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-Kanzlei-Kiel-server/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:de:09:04:84:23:f6:19:a5:df:53:2e:a4:02:8f:
+                    2b:b6:de:bb:82:19:e3:b9:f6:f4:0b:62:d4:51:a1:
+                    c9:be:85:67:82:de:9f:97:af:92:ad:b8:d7:4b:69:
+                    50:f6:61:d7:ce:03:0c:ee:46:2d:ab:b5:f6:44:a5:
+                    a2:7e:86:db:ad:8d:12:35:e8:49:c6:98:45:c1:10:
+                    3f:50:8e:2a:93:fd:e7:7a:4d:4f:e3:5c:2e:67:3f:
+                    8b:9d:d6:11:26:1f:00:ff:13:47:dd:86:8b:ed:6a:
+                    29:07:cf:c2:f0:a4:4d:c4:dc:68:db:a1:c1:43:55:
+                    13:45:5f:41:f3:f0:9c:0a:ea:26:29:c6:e3:fc:ee:
+                    9f:7c:86:f4:f0:c8:0c:5f:61:e1:b9:f1:bc:f6:02:
+                    71:6c:07:fe:18:30:b2:8c:dc:18:50:de:5e:96:24:
+                    04:94:14:ec:9a:50:a6:90:02:79:b2:1a:c8:79:da:
+                    fb:06:7e:ad:a8:79:ef:92:68:3c:46:4e:5e:b6:bf:
+                    f1:fa:bf:da:73:8b:c4:95:89:1a:e1:52:70:20:46:
+                    48:8c:47:01:c2:13:56:c9:44:e1:a7:55:14:e5:41:
+                    4d:ab:8f:d0:50:13:76:19:d9:f2:fd:8b:16:27:58:
+                    dd:4f:18:83:05:70:c1:97:d4:68:41:d4:2b:63:89:
+                    b5:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                9B:58:FA:12:97:7F:35:4F:5B:72:6D:C5:68:AD:B2:76:AD:B9:F0:95
+            X509v3 Authority Key Identifier: 
+                keyid:4E:82:1E:14:81:EB:9B:C8:71:2C:B1:22:68:90:BF:EE:D9:D4:FF:D4
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-Kanzlei-Kiel/name=VPN Kanzlei Kiel/emailAddress=ckubu-adm@oopen.de
+                serial:FE:59:AD:5E:BE:90:05:3E
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         c2:b9:b2:70:fe:e4:4f:9b:21:85:14:f4:4a:b2:b0:32:ef:0f:
+         a3:15:95:a4:f6:78:84:5b:d6:75:e2:a1:b4:57:8a:23:66:2f:
+         72:5a:21:a9:4c:38:b6:cd:41:a5:b4:3e:11:d8:62:1f:8a:a1:
+         ba:13:55:1e:3b:7c:4d:22:2e:cf:54:81:e5:0d:3d:05:fd:3f:
+         9c:fb:24:cb:be:61:96:ec:e3:e9:c9:7c:da:97:e8:ba:a0:fd:
+         a8:47:97:43:88:8c:b6:03:81:d7:71:49:f9:9b:9d:33:5d:6f:
+         26:79:b6:7a:d2:27:ba:b5:7e:c8:62:8d:76:75:96:7a:25:86:
+         21:e5:8f:82:8a:06:47:4b:59:32:1d:dd:81:4d:b9:ac:ef:93:
+         a3:f1:f4:65:09:10:d8:af:04:14:c5:1e:58:b7:6e:95:ab:ba:
+         f5:e8:39:65:dc:87:d2:14:b4:e5:e5:af:2a:da:b2:c0:49:e2:
+         07:1d:ad:b5:c7:48:c4:81:36:f1:45:09:b9:1c:ed:87:9d:da:
+         70:c8:16:65:26:44:5e:f3:dd:a7:eb:39:2a:80:23:0d:e4:d9:
+         62:3a:19:e0:60:9c:21:cd:8e:ad:b6:59:36:f8:86:4e:7b:32:
+         e9:8d:de:e5:4b:fe:c4:c7:fb:35:c6:6d:78:f3:26:65:be:60:
+         be:34:fa:f0
+-----BEGIN CERTIFICATE-----
+MIIFhjCCBG6gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
+bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
+CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNzA2MjcyMzE3MDFaFw0zNzA2Mjcy
+MzE3MDFaMIG7MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
+EwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2
+aWNlczEgMB4GA1UEAxMXVlBOLUthbnpsZWktS2llbC1zZXJ2ZXIxGTAXBgNVBCkT
+EFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
+bi5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN4JBIQj9hml31Mu
+pAKPK7beu4IZ47n29Ati1FGhyb6FZ4Len5evkq2410tpUPZh184DDO5GLau19kSl
+on6G262NEjXoScaYRcEQP1COKpP953pNT+NcLmc/i53WESYfAP8TR92Gi+1qKQfP
+wvCkTcTcaNuhwUNVE0VfQfPwnArqJinG4/zun3yG9PDIDF9h4bnxvPYCcWwH/hgw
+sozcGFDeXpYkBJQU7JpQppACebIayHna+wZ+rah575JoPEZOXra/8fq/2nOLxJWJ
+GuFScCBGSIxHAcITVslE4adVFOVBTauP0FATdhnZ8v2LFidY3U8YgwVwwZfUaEHU
+K2OJtQsCAwEAAaOCAZgwggGUMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZA
+MDQGCWCGSAGG+EIBDQQnFiVFYXN5LVJTQSBHZW5lcmF0ZWQgU2VydmVyIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBSbWPoSl381T1tybcVorbJ2rbnwlTCB6QYDVR0jBIHh
+MIHegBROgh4UgeubyHEssSJokL/u2dT/1KGBuqSBtzCBtDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGTAXBgNVBAMTEFZQTi1LYW56
+bGVpLUtpZWwxGTAXBgNVBCkTEFZQTiBLYW56bGVpIEtpZWwxITAfBgkqhkiG9w0B
+CQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAP5ZrV6+kAU+MBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcN
+AQELBQADggEBAMK5snD+5E+bIYUU9EqysDLvD6MVlaT2eIRb1nXiobRXiiNmL3Ja
+IalMOLbNQaW0PhHYYh+KoboTVR47fE0iLs9UgeUNPQX9P5z7JMu+YZbs4+nJfNqX
+6Lqg/ahHl0OIjLYDgddxSfmbnTNdbyZ5tnrSJ7q1fshijXZ1lnolhiHlj4KKBkdL
+WTId3YFNuazvk6Px9GUJENivBBTFHli3bpWruvXoOWXch9IUtOXlryrassBJ4gcd
+rbXHSMSBNvFFCbkc7Yed2nDIFmUmRF7z3afrOSqAIw3k2WI6GeBgnCHNjq22WTb4
+hk57MumN3uVL/sTH+zXGbXjzJmW+YL40+vA=
+-----END CERTIFICATE-----
diff --git a/Kanzlei-Kiel/openvpn/keys/server.csr b/Kanzlei-Kiel/openvpn/keys/server.csr
new file mode 100644
index 0000000..3c570e9
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/server.csr
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDATCCAekCAQAwgbsxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMSAwHgYDVQQDExdWUE4tS2FuemxlaS1LaWVsLXNlcnZlcjEZMBcG
+A1UEKRMQVlBOIEthbnpsZWkgS2llbDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRt
+QG9vcGVuLmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3gkEhCP2
+GaXfUy6kAo8rtt67ghnjufb0C2LUUaHJvoVngt6fl6+SrbjXS2lQ9mHXzgMM7kYt
+q7X2RKWifobbrY0SNehJxphFwRA/UI4qk/3nek1P41wuZz+LndYRJh8A/xNH3YaL
+7WopB8/C8KRNxNxo26HBQ1UTRV9B8/CcCuomKcbj/O6ffIb08MgMX2HhufG89gJx
+bAf+GDCyjNwYUN5eliQElBTsmlCmkAJ5shrIedr7Bn6tqHnvkmg8Rk5etr/x+r/a
+c4vElYka4VJwIEZIjEcBwhNWyUThp1UU5UFNq4/QUBN2Gdny/YsWJ1jdTxiDBXDB
+l9RoQdQrY4m1CwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBADCfcpDZ863ubN9N
+htD/JOKgaBo+cAx2fvWwmwpJrKaXGJsbWtoySVSu0d4qEm3gbmJiLKlT6H+Ddowy
+r9RbzD9UlMBKX06g8LESO/HFNmtdTTQK2dBa8mAUFrZOoBPY1+tsrOFi+vAwkn2U
+bB58HIH9/Cj2Lcx/AqUrdZ1U7+F4JZ4T6LjVlGcFv3aJONIuB2klQaTJQI7LmLNJ
+p5OCTE7oTNyx05k4iLPs1Az5I1QHxfRwltI5kXuswNfuR2/EE3V8KXHPU8H8pzzq
+YlE5hbvQVnpQ6qVSCxm21F/X0hjIf9Y2ZKM2cJpUtxDm3Z0KX6M4aZko0QGJqpWu
+vyuog9s=
+-----END CERTIFICATE REQUEST-----
diff --git a/Kanzlei-Kiel/openvpn/keys/server.key b/Kanzlei-Kiel/openvpn/keys/server.key
new file mode 100644
index 0000000..6f06874
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDeCQSEI/YZpd9T
+LqQCjyu23ruCGeO59vQLYtRRocm+hWeC3p+Xr5KtuNdLaVD2YdfOAwzuRi2rtfZE
+paJ+htutjRI16EnGmEXBED9QjiqT/ed6TU/jXC5nP4ud1hEmHwD/E0fdhovtaikH
+z8LwpE3E3GjbocFDVRNFX0Hz8JwK6iYpxuP87p98hvTwyAxfYeG58bz2AnFsB/4Y
+MLKM3BhQ3l6WJASUFOyaUKaQAnmyGsh52vsGfq2oee+SaDxGTl62v/H6v9pzi8SV
+iRrhUnAgRkiMRwHCE1bJROGnVRTlQU2rj9BQE3YZ2fL9ixYnWN1PGIMFcMGX1GhB
+1CtjibULAgMBAAECggEAYRB8IvA9o9S5nnmjRWMlbxpLyoJa5W8qHNgljVI3Ccz0
+BWghSIR+kOdfZx4xQKRhXTREMN4JFSnE8RmfwcRewK4NKffUWLc0t0PNCgA8aNn0
+mai2peQkfQpwlJ2CfbHME7ZwEk3BWhawvTN8Owr43Himdm1uOWs1s3wDLwsejD4j
+0bmQIbXzjYr+5I15rNHUloji2KIZ1t9nqNfh89lv3zVtUKrzwZ9xMAoSfs6YBVAs
+ZtH0SUdI5n3BDOwPg55GK5cA6lgS0XRTIca1x8chDwSUeS9zt25dmq/78ND6eU9F
+sbHLURpMGoMVXMBaIkIOcD7J+lsFPQ/pIBPEnY9x4QKBgQD0OZ5715O9wm1Ixzv6
+Bf+OSoM0l3DE+7llwJdRRHhzEvNmLBl5cZM8OIfPtEeMT47wSPWRy7GB3IJVVceE
+b9DjrMbDfoygjzlotNS0qlvWZ7WluUOieyTNWtTQgZT+4Bt9AK7VUpxB7/GO89+Y
+DOCafn8F/p5Klp3y7qBjLB5ImQKBgQDovYRxaNWpPeAEaaD17o5446sjZ0OAky4H
+lgawXRtlZsJPOuCrFS6eNkH7JWt741Jo/Vp5H61lJXVmR7vJ31aPTkPpuVPUfzK9
+eDcXwd2FKwyFduzh8N1xa+LK0YjfFSBkKjaXNYerf3+iCILGXiCLa+LmXXgPUTpn
+9Sz8J7p9QwKBgDUXfYuAjt6WsLk8jp5IxYiCTEmXjm1UJ7amCn8hOmoRuZYBijwr
+Y42Y4HVXxKIM/Y7g3XmnZVxMuoygjDIPOML14XPIQ/v3hsxrWz43NqXCf+uZ/ckJ
+qjN2RoNZWDGcOH2RM3Cud8ehyMqB256rVfxf+W8tLe4bFhUkqPtGMQMpAoGAAy2r
+ZF0ZJeGJcKX8o78pRO9fA/HCEzxvUX00BC6RVDYuCyTzsoJsi46UIhjlueBl3Lcx
+CBxtosb7LnVmVCBvry9TcBqu0WUXTU0Z+4ITQ2FOH3h7Ta6bZ5QgmcJ4ywsf0R5e
+dnwtqSLpnE3fc1QPv7eudpTqMdNbJ9ZKUfs86b8CgYBCSdIW2SRFiBweuOYwmBqj
+ihzMpL2ScCP1K0c6VtpHkAk2/5mHlUodvcSthc55Ubj74R0diPIzo4r0ecs6YVZj
+MX2zE2S2rD4DHYji8To4JhFB/pzoje35WmFGWsaDJCdWqXjdb0cUS+6SIzT+un+X
+lADyyiRCgVkCgdfkDPdgnA==
+-----END PRIVATE KEY-----
diff --git a/Kanzlei-Kiel/openvpn/keys/ta.key b/Kanzlei-Kiel/openvpn/keys/ta.key
new file mode 100644
index 0000000..e0f4e74
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+36188fa3977457d267ecae99373870f5
+ef6e44a8899d4f5ccc831e9d2dbc31ac
+e171c7e8e49e0d2edd43c3834a2d0099
+236aa4924c80971b0a34310eb69b70e2
+fbe85a7395cc10bea13ad09efa46d738
+f594c332d26c068b289ba96bbb1f661d
+efb873b76137057a62b4e27b522cfce6
+aef7ea67ec2540b00b4782780352addf
+2f7722d1edd40a8f3de3b0295e2da07e
+b46d196a4cbfd85e47739dc320af6584
+eb960e2c5ba27bf2f56381f8eb3ceaf7
+cc72d829ab05aaca6fbb205b78606ff8
+cc58bc336adb644adfb0034f9974b7d9
+f2b1308249cd74ecb555a550af6af1ad
+b15a3f03ecef5f89fa70d2fada97a1b8
+6179b0d487a6e3196209d053597a7416
+-----END OpenVPN Static key V1-----
diff --git a/Kanzlei-Kiel/openvpn/server-gw-ckubu.conf b/Kanzlei-Kiel/openvpn/server-gw-ckubu.conf
new file mode 100644
index 0000000..1a34579
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/server-gw-ckubu.conf
@@ -0,0 +1,317 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\Program Files\OpenVPN\config\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1195
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+
+topology subnet
+route 192.168.63.0 255.255.255.0 10.1.100.1
+route 192.168.64.0 255.255.255.0 10.1.100.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca keys/ca.crt
+cert keys/server.crt
+key keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh keys/dh2048.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.1.100.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.100.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+
+client-config-dir /etc/openvpn/ccd/server-gw-ckubu
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+
+# - Do NOT push DNS settings in THIS configuration. We use
+# - this VPN tunnel as a static line, and the remote host
+# - should user his own dns settings.
+# -
+;push "dhcp-option DNS 192.168.100.1"
+;push "dhcp-option DOMAIN kanzlei-kiel.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+status /var/log/openvpn/status-server-gw-ckubu.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+log         /var/log/openvpn/server-gw-ckubu.log
+;log-append  openvpn.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+#crl-verify /etc/openvpn/keys/crl.pem
+crl-verify /etc/openvpn/crl.pem
diff --git a/Kanzlei-Kiel/openvpn/server-home.conf b/Kanzlei-Kiel/openvpn/server-home.conf
new file mode 100644
index 0000000..3ffb56d
--- /dev/null
+++ b/Kanzlei-Kiel/openvpn/server-home.conf
@@ -0,0 +1,312 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\Program Files\OpenVPN\config\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+
+topology subnet
+#route 192.168.63.0 255.255.255.0 10.1.72.1
+#route 192.168.64.0 255.255.255.0 10.1.72.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca keys/ca.crt
+cert keys/server.crt
+key keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh keys/dh2048.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.0.100.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.100.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+
+client-config-dir /etc/openvpn/ccd/server-home
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.100.1"
+push "dhcp-option DOMAIN kanzlei-kiel.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+status /var/log/openvpn/status-server-home.log
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+log         /var/log/openvpn/server-home.log
+;log-append  openvpn.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+#crl-verify /etc/openvpn/keys/crl.pem
+crl-verify /etc/openvpn/crl.pem
+
diff --git a/Kanzlei-Kiel/pap-secrets.Kanzlei-Kiel b/Kanzlei-Kiel/pap-secrets.Kanzlei-Kiel
new file mode 100644
index 0000000..662504b
--- /dev/null
+++ b/Kanzlei-Kiel/pap-secrets.Kanzlei-Kiel
@@ -0,0 +1,49 @@
+#
+# /etc/ppp/pap-secrets
+#
+# This is a pap-secrets file to be used with the AUTO_PPP function of
+# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
+# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
+# after a user has passed this file. Don't be disturbed therefore by the fact
+# that this file defines logins with any password for users. /etc/passwd
+# (again, /etc/shadow, too) will catch passwd mismatches.
+#
+# This file should block ALL users that should not be able to do AUTO_PPP.
+# AUTO_PPP bypasses the usual login program so it's necessary to list all
+# system userids with regular passwords here.
+#
+# ATTENTION: The definitions here can allow users to login without a
+# password if you don't use the login option of pppd! The mgetty Debian
+# package already provides this option; make sure you don't change that.
+
+# INBOUND connections
+
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+*	hostname	""	*
+
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd!
+guest	hostname	"*"	-
+master	hostname	"*"	-
+root	hostname	"*"	-
+support	hostname	"*"	-
+stats	hostname	"*"	-
+
+# OUTBOUND connections
+
+# Here you should add your userid password to connect to your providers via
+# PAP. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+
+#	*	password
+
+
+## - Zugang Arcor/Vodafone Kanzlei Axel
+## - DSL
+"ar0284280107" * "39457541"
+
+## - VDSL
+"vodafone-vdsl.komplett/ab3391185321" * "jhecfmvk"
diff --git a/Kanzlei-Kiel/peers/dsl-ah b/Kanzlei-Kiel/peers/dsl-ah
new file mode 100644
index 0000000..d14256d
--- /dev/null
+++ b/Kanzlei-Kiel/peers/dsl-ah
@@ -0,0 +1,24 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+ifname ppp-ah
+plugin rp-pppoe.so eth2.7
+## -  first line 
+## -
+
+## - Zugang Arcor/Vodafone Kanzlei Axel
+## - DSL
+#user "ar0284280107"
+## - VDSL
+user "vodafone-vdsl.komplett/ab3391185321"
diff --git a/Kanzlei-Kiel/peers/dsl-ckubu b/Kanzlei-Kiel/peers/dsl-ckubu
new file mode 100644
index 0000000..88e872b
--- /dev/null
+++ b/Kanzlei-Kiel/peers/dsl-ckubu
@@ -0,0 +1,17 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+ifname ppp-ckubu
+plugin rp-pppoe.so eth2.7
+user "0025591824365511139967620001@t-online.de"
diff --git a/Kanzlei-Kiel/peers/dsl-provider b/Kanzlei-Kiel/peers/dsl-provider
new file mode 100644
index 0000000..b91dcd9
--- /dev/null
+++ b/Kanzlei-Kiel/peers/dsl-provider
@@ -0,0 +1,23 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+plugin rp-pppoe.so eth2.7
+## -  first line 
+## -
+
+## - Zugang Arcor/Vodafone Kanzlei Axel
+## - DSL
+#user "ar0284280107"
+## - VDSL
+user "vodafone-vdsl.komplett/ab3391185321"
diff --git a/Kanzlei-Kiel/peers/provider b/Kanzlei-Kiel/peers/provider
new file mode 100644
index 0000000..e74d71a
--- /dev/null
+++ b/Kanzlei-Kiel/peers/provider
@@ -0,0 +1,35 @@
+# example configuration for a dialup connection authenticated with PAP or CHAP
+#
+# This is the default configuration used by pon(1) and poff(1).
+# See the manual page pppd(8) for information on all the options.
+
+# MUST CHANGE: replace myusername@realm with the PPP login name given to
+# your by your provider.
+# There should be a matching entry with the password in /etc/ppp/pap-secrets
+# and/or /etc/ppp/chap-secrets.
+user "myusername@realm"
+
+# MUST CHANGE: replace ******** with the phone number of your provider.
+# The /etc/chatscripts/pap chat script may be modified to change the
+# modem initialization string.
+connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
+
+# Serial device to which the modem is connected.
+/dev/modem
+
+# Speed of the serial line.
+115200
+
+# Assumes that your IP address is allocated dynamically by the ISP.
+noipdefault
+# Try to get the name server addresses from the ISP.
+usepeerdns
+# Use this connection as the default route.
+defaultroute
+
+# Makes pppd "dial again" when the connection is lost.
+persist
+
+# Do not ask the remote to authenticate.
+noauth
+
diff --git a/Kanzlei-Kiel/radvd.conf.Kanzlei-Kiel b/Kanzlei-Kiel/radvd.conf.Kanzlei-Kiel
new file mode 100644
index 0000000..8eea1dd
--- /dev/null
+++ b/Kanzlei-Kiel/radvd.conf.Kanzlei-Kiel
@@ -0,0 +1,29 @@
+interface eth1
+{
+   AdvManagedFlag on;
+   AdvSendAdvert on;
+   AdvLinkMTU 1280;
+   #AdvOtherConfigFlag on;
+
+   #prefix 2001:6f8:107e:63::/64
+   #{
+   #   AdvOnLink on;
+   #   AdvAutonomous on;
+   #   AdvRouterAddr on;
+   #};
+};
+
+interface br0
+{
+   AdvManagedFlag on;
+   AdvSendAdvert on;
+   AdvLinkMTU 1280;
+   #AdvOtherConfigFlag on;
+
+   #prefix 2001:6f8:107e:64::/64
+   #{
+   #   AdvOnLink on;
+   #   AdvAutonomous on;
+   #   AdvRouterAddr on;
+   #};
+};
diff --git a/Kanzlei-Kiel/rc.local.Kanzlei-Kiel b/Kanzlei-Kiel/rc.local.Kanzlei-Kiel
new file mode 100755
index 0000000..1640aa8
--- /dev/null
+++ b/Kanzlei-Kiel/rc.local.Kanzlei-Kiel
@@ -0,0 +1,18 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "#exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+# By default this script does nothing.
+
+if ! cat /proc/swaps | grep -q "/dev/sda5" ; then
+   swapon -p 1 /dev/sda5 > /dev/null 2>&1 || /bin/true
+fi
+
+exit 0
diff --git a/Kanzlei-Kiel/resolv.conf.Kanzlei-Kiel b/Kanzlei-Kiel/resolv.conf.Kanzlei-Kiel
new file mode 100644
index 0000000..256492c
--- /dev/null
+++ b/Kanzlei-Kiel/resolv.conf.Kanzlei-Kiel
@@ -0,0 +1,3 @@
+domain kanzlei-kiel.netz
+search kanzlei-kiel.netz
+nameserver 192.168.100.1
diff --git a/Kanzlei-Kiel/sasl_passwd.Kanzlei-Kiel b/Kanzlei-Kiel/sasl_passwd.Kanzlei-Kiel
new file mode 100644
index 0000000..497b253
--- /dev/null
+++ b/Kanzlei-Kiel/sasl_passwd.Kanzlei-Kiel
@@ -0,0 +1 @@
+[b.mx.oopen.de] kanzlei-kiel@b.mx.oopen.de:juaS8ohsa9
diff --git a/Kanzlei-Kiel/sasl_passwd.db.Kanzlei-Kiel b/Kanzlei-Kiel/sasl_passwd.db.Kanzlei-Kiel
new file mode 100644
index 0000000..7624350
Binary files /dev/null and b/Kanzlei-Kiel/sasl_passwd.db.Kanzlei-Kiel differ
diff --git a/Kanzlei-Kiel/sbin/check_net.sh b/Kanzlei-Kiel/sbin/check_net.sh
new file mode 100755
index 0000000..0ee4573
--- /dev/null
+++ b/Kanzlei-Kiel/sbin/check_net.sh
@@ -0,0 +1,623 @@
+#!/usr/bin/env bash
+
+## -------------------------------------------------------------------
+## --- All Configurations ill be done in /etc/check_net/check_net.conf
+## -------------------------------------------------------------------
+
+## - Load Configuration
+## -
+source /etc/check_net/check_net.conf
+
+
+## ------------------
+## --- Some functions
+## ------------------
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+fatal(){
+   echo ""
+   echo -e "[ \033[31m\033[1mError\033[m ]: $*"
+   echo ""
+   echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m"
+   echo ""
+
+   echo "" >> $log_file
+   echo "[ Error ]: $*" >> $log_file
+   echo "" >> $log_file
+   echo "           Script is canceled." >> $log_file
+   echo "" >> $log_file
+
+   exit 1
+}
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+set_ping_addresses () {
+
+   if $DEBUG ; then
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Try to set IP-Address(es) for ping test. This may take some time.." >> $log_file
+   fi
+
+   ping_test_ip=""
+   unset ping_ip_arr 
+   declare -i i=0
+   for _host in $PING_TEST_HOSTS ; do
+      while [ $i -lt 2 ]; do
+         if dig +short $_host > /dev/null 2>&1 ; then
+            ping_test_ip=`dig +short $_host | head -1`
+            if ping -q -c2 $ping_test_ip >/dev/null 2>&1 ; then
+               ping_ip_arr+=("$ping_test_ip")
+               let i++
+               break
+            fi
+         fi
+         break
+      done
+   done
+
+   if [ ${#ping_ip_arr[@]} -lt 1 ]; then
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Setting IP-Address(es) for ping test FAILED!" >> $log_file
+   else
+      if $DEBUG ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] IP-Addresses for ping tests set to ${ping_ip_arr[@]}" >> $log_file 
+      fi
+   fi
+}
+usage() { 
+   echo  
+   [ -n  "$1" ] && echo -e "[ \033[1;31mError\033[m ] : $1\n" 
+ 
+echo -e "   Usage:" 
+echo -e "          \033[1m`basename $0` [OPTIONS] <device1> <device2> ..\033[m" 
+echo "" 
+echo -e "   This script checks the status (online/offline) of the given devices. Afterward another"
+echo "      script called \033[1m`basename $netconfig_script`\033[m will be triggered to configure"
+echo "      the routing depending on the status of the devices."
+echo ""
+echo -e "   It is strongly recommend to put \033[1mall devices, which should have a connection to"
+echo -e "   the internet\033[m, on the command line."
+echo ""
+echo -e "   \033[1mNotice\033[m"
+echo -e "      On static line devices \033[1mappend \":<gateway>\"\033[m. This is very important,"
+echo -e "      otherwise this script will \033[1mNOT work as expected\033[m."
+echo -e "      Example:"
+echo -e "            \033[1m`basename $0` -l \"eth0 ppp-light\" eth0:172.16.0.1 ppp-light\033[m"
+echo ""
+echo -e "   The declaration of the device(s) is mandatory."
+echo ""
+echo -e "   Options:"
+echo ""
+echo -e "      \033[1m-h\033[m"
+echo -e "         Prints this help\033[m"
+echo ""   
+echo -e "      \033[1m-l <list of online devices>\033[m"
+echo -e "         List of all (internet) devices known as online."
+echo ""
+
+exit 1
+}
+
+
+if [[ $EUID -ne 0 ]]; then
+   fatal "This script must be run as root" 1>&2
+fi
+
+if [[ ! -f "$netconfig_script" ]]; then
+   fatal "Netconfig script \"$netconfig_script\" not found!"
+fi
+
+
+## -------------------------------------------------
+## --- If script is  already running, stop execution
+## -------------------------------------------------
+
+LOCK_DIR=/tmp/`basename $0`.LOCK
+if mkdir "$LOCK_DIR" 2> /dev/null ; then
+
+   ## - Remove lockdir when the script finishes, or when it receives a signal
+   trap 'rm -rf "$LOCK_DIR"' 0 2 15
+
+else
+
+   datum=`date +"%d.%m.%Y"`
+   msg="[ Error ]: A previos instance of script \"`basename $0`\" seems already be running.\n\n           Exiting now.."
+   echo -e "To:${admin_email}\n${content_type}\nSubject:DSL Script Error $company -- $datum\n\n${msg}\n" | /usr/sbin/sendmail -F "DSL Monitoring $company" -f $from_address $admin_email 2> /dev/null
+
+   if $LOGGING_CONSOLE ; then
+      echo ""
+      echo "[ Error ]: A previos instance script \"`basename $0`\" seems already be running."
+      echo ""
+      echo "           Exiting now.."
+      echo ""
+   fi
+   exit 1
+
+fi
+
+
+## -------------
+## --- Configure
+## -------------
+
+while getopts l:h opt ; do
+   case $opt in
+      h) usage ;;
+      l) ONLINE_DEVICE_LIST=$OPTARG
+         ;;
+   esac
+done
+
+shift `expr $OPTIND - 1`
+
+INITIAL_DEVICE_LIST="$@"
+if [[ -z "$INITIAL_DEVICE_LIST" ]]; then
+   INITIAL_DEVICE_LIST=$_INITIAL_DEVICE_LIST
+fi
+
+[[ -z "$INITIAL_DEVICE_LIST" ]] && usage "No device list given"
+      
+
+## - Define (non associative) array
+## -
+declare -a inet_devices_arr
+declare -a dsl_devices_arr
+declare -a static_devices_arr
+declare -a online_devices_arr
+declare -A static_gw_arr
+declare -A dsl_gw_available_arr
+
+for _device in $INITIAL_DEVICE_LIST ; do
+   if [[ "$_device" =~ : ]]; then
+      static_gateway="${_device##*:}"
+      _device="${_device%:*}"
+      static_gw_arr[$_device]="$static_gateway"
+
+      static_devices_arr+=("$_device")
+
+   else
+      dsl_devices_arr+=("$_device")
+   fi
+   inet_devices_arr+=("$_device")
+done
+
+for _online_device in $ONLINE_DEVICE_LIST ; do
+   online_devices_arr+=("$_online_device")
+done
+
+## - Define associative array
+## -
+declare -A remote_gw_arr
+declare -A filetime_PID_arr
+for inet_device in "${online_devices_arr[@]}" ; do
+
+   if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+      remote_gw_address="$(ip addr show $inet_device 2> /dev/null | grep peer | awk '{print$4}' | cut -d "/" -f1)"
+   else
+      remote_gw_address=${static_gw_arr[$inet_device]}
+   fi
+
+   remote_gw_arr[$inet_device]=$remote_gw_address
+   _pid_file=/var/run/${inet_device}.pid
+   if [ -f $_pid_file ]; then
+      filetime_PID_arr[$inet_device]=`stat -c %Y /var/run/${inet_device}.pid`
+   else
+      filetime_PID_arr[$inet_device]="NOT FOUND"
+   fi
+done
+
+declare -a ping_ip_arr;
+
+
+#echo "--"
+#for _key in "${!filetime_PID_arr[@]}" ; do
+#   echo "filetime_PID_arr[$_key]: ${filetime_PID_arr[$_key]}"
+#done
+#
+#for _key in "${!remote_gw_arr[@]}" ; do
+#   echo "remote_gw_arr[$_key]: ${remote_gw_arr[$_key]}"
+#done
+#
+#for _device in ${online_devices_arr[@]} ; do
+#   echo "$_device is online"
+#done
+#echo "--"
+#exit
+
+echo "" >> $log_file
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## ---" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## --- Starting script `basename $0`" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## ---" >> $log_file
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Devices configured..: ${inet_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Devices Online......: ${online_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] DSL Devices.........: ${dsl_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Static Devices......: ${static_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Remote Gateways.....: ${remote_gw_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## ---" >> $log_file
+
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## --- Initial Setup:" >> $log_file
+
+## - Initial: get ping addresses
+## -
+set_ping_addresses
+echo "" >> $log_file
+
+while true ; do
+
+   changed=false
+
+   for inet_device in "${inet_devices_arr[@]}" ; do
+
+      if $DEBUG ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] ## --- Device $inet_device" >> $log_file
+      fi
+
+      ## - Set interface name, routing tables name and, if available, remote gateway.
+      ## -
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+
+         ## - Is remote a remote gateway for this device knpn?
+         ## -
+         remote_gw_address="$(ip addr show $inet_device 2> /dev/null | grep peer | awk '{print$4}' | cut -d "/" -f1)"
+         iface_name="dsl-`echo $inet_device | cut -d '-' -f2`"
+         rt_name="dsl_`echo $inet_device | cut -d '-' -f2`"
+         if [[ -n "$remote_gw_address" ]]; then
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Add $remote_gw_address to array dsl_gw_available_arr for DSL line $inet_device" >> $log_file
+            fi
+            dsl_gw_available_arr[$inet_device]=$remote_gw_address
+         else
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] No remote gateway found for DSL line $inet_device" >> $log_file
+            fi
+            if [[ ${dsl_gw_available_arr[$inet_device]+_} ]]; then
+               if $DEBUG; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Unset dsl_gw_available_arr for DSL line $inet_device" >> $log_file
+               fi
+               unset ${dsl_gw_available_arr[$inet_device]}
+            fi
+         fi
+      else
+         remote_gw_address=${static_gw_arr[$inet_device]}
+         iface_name=$inet_device
+         rt_name="static_`echo $inet_device | cut -d '-' -f1`"
+      fi
+
+      
+      ## ---
+      ## ---  Check if routing through this connection works
+      ## ---
+
+      ## - Notice:
+      ## -    if no remote gateway is known (remote_gw_address is empty), then we don't
+      ## -    need to test here. 
+      ## -
+      device_is_online=false
+      if [[ -n "$remote_gw_address" ]]; then
+
+
+         ## - Check if routing through this dsl connection realy works
+         ## -
+         if [ ${#ping_ip_arr[@]} -lt 1 ]; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] No ip-address for ping-test is set. Skipping test.." >> $log_file
+         else
+            failed=true
+            for _key in ${!ping_ip_arr[@]} ; do
+               /sbin/ip rule add to ${ping_ip_arr[$_key]} table $rt_name
+               if ping -q -c2 ${ping_ip_arr[$_key]} >/dev/null 2>&1 ; then
+                  if $DEBUG ; then
+                     _local_gw=`curl -4 https://meine-ip.oopen.de 2> /dev/null` 
+                     if [ -n "$_local_gw" ]; then
+                        echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Using local gateway \"$_local_gw\" for ping test" >> $log_file
+                     fi
+                     echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Ping test (to ${ping_ip_arr[$_key]}) for device \"${inet_device}\" was successful." >> $log_file
+                  fi
+                  /sbin/ip rule del to ${ping_ip_arr[$_key]} table $rt_name
+                  failed=false
+                  device_is_online=true
+                  break
+               fi
+               /sbin/ip rule del to ${ping_ip_arr[$_key]} table $rt_name
+            done
+            if $failed ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Ping test for device \"${inet_device}\" failed" >> $log_file
+               #echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Status Devices \"$inet_device\" changed" >> $log_file
+               #echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Devices \"$inet_device\" is now OFFLINE" >> $log_file
+
+               ## - Remote gateway is not reachable. So empty variable "remote_gw_address"
+               #remote_gw_address=
+
+            fi # End: if $failed
+            
+         fi # End: if [ ${#ping_ip_arr[@]} -lt 1 ]; then
+
+      fi # End: if [[ -n "$remote_gw_address" ]]
+
+
+      ## ---
+      ## --- Now check, if something has changed
+      ## ---
+
+      if $device_is_online; then
+
+         if containsElement "$inet_device" ${online_devices_arr[@]} ; then
+
+            ## - <before>  <now>
+            ## -
+            ## -  online    online
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $inet_device is still online" >> $log_file
+            fi
+
+            ## - Check if remote gateway has changed
+            ## -
+            if [ "$remote_gw_address" != "${remote_gw_arr[$inet_device]}" ]; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ WARN  ] Remote Gateway on device \"$inet_device\" has changed: ${remote_gw_arr[$inet_device]} --> $remote_gw_address" >> $log_file
+               remote_gw_arr[$inet_device]=$remote_gw_address
+
+               _pid_file=/var/run/${inet_device}.pid
+               if [ -f $_pid_file ]; then
+                  filetime_PID_arr[$inet_device]=`stat -c %Y $_pid_file`
+               fi
+               changed=true
+            else
+               if $DEBUG ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Remote Gateway on device \"$inet_device\": still ${remote_gw_arr[$inet_device]}" >> $log_file
+               fi
+
+               ## - Test if pid-file's modify time hs changed
+               ## -
+               ## - Notice: that happens if your provider forces a reconnect (mostly one time a day
+               ## -         or in other words after 1440 minutes)
+               ## -
+               _pid_file=/var/run/${inet_device}.pid
+               if [ -f $_pid_file ]; then
+                  if [ "`stat -c %Y $_pid_file`" != "${filetime_PID_arr[$inet_device]}" ]; then
+                     echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Modify time for pid-file \"${inet_device}.pid\" has changed" >> $log_file
+                     filetime_PID_arr[$inet_device]=`stat -c %Y $_pid_file`
+                     changed=true
+                  fi
+               fi
+
+            fi
+
+         else
+            ## - <before>  <now>
+            ## -
+            ## -  offline   online
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Status Devices \"$inet_device\" changed" >> $log_file
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Devices \"$inet_device\" is now online" >> $log_file
+
+            ## - Add device to array online_devices_arr
+            ## -            
+            online_devices_arr+=("$inet_device")
+            ## - Add device to array remote_gw_arr
+            ## -
+            remote_gw_arr[$inet_device]=$remote_gw_address
+
+            _pid=/var/run/${inet_device}.pid
+            if [ -f "$_pid" ]; then
+               filetime_PID_arr[$inet_device]=`stat -c %Y /var/run/${inet_device}.pid`
+            fi
+            changed=true
+         fi # END: if containsElement "$inet_device" ${online_devices_arr[@]}
+
+      else # ELSE: if $device_is_online; then
+
+         if containsElement "$inet_device" ${online_devices_arr[@]} ; then
+
+            ## - <before>  <now>
+            ## -
+            ## -  online    offline
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Status Devices \"$inet_device\" changed" >> $log_file
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Devices \"$inet_device\" is now OFFLINE" >> $log_file
+
+            ## - In case of DSL Device, have a look at the ppp deamon
+            ## -
+            if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+               if ps -x | grep -E "/usr/sbin/pppd\s+call\s+$iface_name" > /dev/null 2>&1 ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] pppd for \"$iface_name\" is running: Waiting another period"  >> $log_file
+               else
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Trying to start pppd for \"$inet_device\".." >> $log_file
+                  /usr/sbin/pppd call $iface_name > /dev/null 2>&1
+               fi
+            fi
+
+            ## - Remove device from array online_devices_arr
+            ## - 
+            for _index in ${!online_devices_arr[@]} ; do
+               if [ "${online_devices_arr[$_index]}" = "$inet_device" ]; then
+                  unset online_devices_arr[$_index]
+                  break
+               fi
+            done
+            ## - Also remove device from remote_gw_arr
+            ## -
+            unset remote_gw_arr[$inet_device]
+
+            ## - In case of DSL Device, kill the concerning the ppp deamon
+            ## -
+            if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+               _pid=`ps -ax | grep -e "pppd call $iface_name" | grep -v grep | awk '{print$1}'`
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Kill ppp-daemon for $iface_name (pid $_pid)" >> $log_file
+
+               kill -9 $_pid
+            fi
+
+            changed=true
+         else
+            ## - <before>  <now>
+            ## -
+            ## -  offline   offline
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $inet_device is still offline" >> $log_file
+            fi
+
+            ## - In case of DSL Device, have a look at the ppp deamon
+            ## -
+            if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+               if ps -x | grep -E "/usr/sbin/pppd\s+call\s+$iface_name" > /dev/null 2>&1 ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] pppd for \"$iface_name\" is running: Waiting another period"  >> $log_file
+               else
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Trying to start pppd for \"$inet_device\".." >> $log_file
+                  /usr/sbin/pppd call $iface_name > /dev/null 2>&1
+               fi
+            fi
+
+         fi # END: if containsElement "$inet_device" ${online_devices_arr[@]}
+
+      fi # END: if $device_is_online; then
+
+   done # End: for inet_device in "${inet_devices_arr[@]}"
+
+
+   if $changed ; then
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Status Online Devices changed" >> $log_file
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Online Devices: ${online_devices_arr[@]}" >> $log_file
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Reconfigure Routing: invoking script \"$netconfig_script\".." >> $log_file
+      if [[ -z "${online_devices_arr[@]}" ]]; then
+         if $DEBUG ; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $netconfig_script $INITIAL_DEVICE_LIST" >> $log_file 
+         fi
+
+         $netconfig_script $INITIAL_DEVICE_LIST > /dev/null 2>&1
+      else
+         
+         _LIST=
+         for _device in ${online_devices_arr[@]} ; do
+            _LIST="$_LIST $_device"
+         done
+         _LIST=`echo "${_LIST}" | sed -e 's/^[ \t]*//'`
+         if $DEBUG ; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $netconfig_script -l \"$_LIST\" $INITIAL_DEVICE_LIST" >> $log_file 
+         fi
+         $netconfig_script -l "$_LIST" $INITIAL_DEVICE_LIST > /dev/null 2>&1
+      fi
+
+      datum=`date +"%d.%m.%Y"`
+      msg="[ `date +\"%H:%M:%S\"` ]: Status Online Devices changed..\n              Online Devices: ${online_devices_arr[@]}\n\n              Script \"$netconfig_script\" was invoked to reconfigure routing."
+      echo -e "To:${admin_email}\n${content_type}\nSubject:DSL Status changed $company -- $datum\n\n${msg}\n" | /usr/sbin/sendmail -F "DSL Monitoring $company" -f $from_address $admin_email 2> /dev/null
+   fi # END if $changed
+
+
+   ## - Set IP-adresses for Ping-Test at next run
+   ## -
+   if [[ ${#online_devices_arr[@]} -gt 0 ]]; then
+
+      ## - Try to set IP-Addresses for ping test
+      ## -
+      set_ping_addresses
+
+   elif [[ ${#dsl_gw_available_arr[@]} -gt 0 ]]; then
+
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Try to set default gateway to an existing DSL line .." >> $log_file
+
+      __set_default_gatway=false
+      default_gw_deleted=false
+
+      for _device in "${dsl_devices_arr[@]}" ; do
+
+         if $DEBUG ; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Device: $_device - Gateway: ${dsl_gw_available_arr[$_device]}" >> $log_file
+         fi
+
+         if [[ -n "${dsl_gw_available_arr[$_device]}" ]]; then
+
+            ## - Delete old default route
+            ## -
+            if ! $default_gw_deleted ; then
+               if $DEBUG ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route delete default" >> $log_file
+                  /sbin/ip route delete default >> $log_file 2>&1
+               else
+                  /sbin/ip route delete default > /dev/null 2>&1
+               fi
+               default_gw_deleted=true
+            fi
+            
+            ## - Try to set default gateway to this DSL connection
+            ## -
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route add default via ${dsl_gw_available_arr[$_device]} dev $_device" >> $log_file
+               /sbin/ip route add default via ${dsl_gw_available_arr[$_device]} dev $_device >> $log_file 2>&1
+            else
+               /sbin/ip route add default via ${dsl_gw_available_arr[$_device]} dev $_device > /dev/null 2>&1
+            fi
+            if [[ "$?" == "0" ]]; then
+               __set_default_gatway=true
+               break
+            fi
+         fi
+
+      done # END: for _device in "${inet_devices_arr[@]}"
+
+      if ! $__set_default_gatway ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] No default gateway (for DSL Device ${_device}) is set!"  >> $log_file
+      else
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Default gateway on DSL Device $_device is set to ${inet_devices_arr[$_device]}"  >> $log_file 
+
+
+         ## - Try to set IP-Addresses for ping test
+         ## -
+         set_ping_addresses
+      fi
+
+   elif [[  ${#static_devices_arr[@]} -gt 0 ]]; then
+
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Try to set default gateway to an existing static line .." >> $log_file
+
+      __set_default_gatway=false
+      default_gw_deleted=false
+
+      for _device in "${static_devices_arr[@]}" ; do
+
+            ## - Delete old default route
+            ## -
+            if ! $default_gw_deleted ; then
+               if $DEBUG ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route delete default" >> $log_file
+                  /sbin/ip route delete default >> $log_file 2>&1
+               else
+                  /sbin/ip route delete default > /dev/null 2>&1
+               fi
+               default_gw_deleted=true
+            fi
+
+            ## - Set new default route
+            ## -
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device" >> $log_file
+               /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device >> $log_file 2>&1
+            else
+               /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device > /dev/null 2>&1
+            fi
+
+            if [[ "$?" == 0 ]] ; then
+               __set_default_gatway=true
+               break
+            fi
+      done
+
+      if ! $__set_default_gatway ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] No default gateway is set!"  >> $log_file
+      else
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Default gateway is set to ${static_gw_arr[$_device]}"  >> $log_file
+
+         ## - Try to set IP-Addresses for ping test
+         ## -
+         set_ping_addresses
+
+      fi
+
+   fi # if [[ ${#online_devices_arr[@]} -gt 0 ]]
+
+   sleep 30
+
+done
+
+exit 0
diff --git a/Kanzlei-Kiel/sbin/ipt-firewall-gateway b/Kanzlei-Kiel/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..5be1a57
--- /dev/null
+++ b/Kanzlei-Kiel/sbin/ipt-firewall-gateway
@@ -0,0 +1,3947 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/Kanzlei-Kiel/sbin/netconfig.sh b/Kanzlei-Kiel/sbin/netconfig.sh
new file mode 100755
index 0000000..70e378d
--- /dev/null
+++ b/Kanzlei-Kiel/sbin/netconfig.sh
@@ -0,0 +1,993 @@
+#!/usr/bin/env bash
+
+## -------------------------------------------------------------------
+## --- All Configurations ill be done in /etc/check_net/check_net.conf
+## -------------------------------------------------------------------
+
+## - Load Configuration
+## -
+source /etc/check_net/check_net.conf
+
+
+## ------------------
+## --- Some functions
+## ------------------
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+fatal(){
+   echo ""
+   echo -e "[ \033[31m\033[1mError\033[m ]: $*"
+   echo ""
+   echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m"
+   echo ""
+
+   echo "" >> $log_file
+   echo "[ Error ]: $*" >> $log_file
+   echo "" >> $log_file
+   echo "           Script is canceled." >> $log_file
+   echo "" >> $log_file
+
+   exit 1
+}
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
+usage() {
+   echo 
+   [ -n  "$1" ] && echo -e "[ \033[1;31mError\033[m ] : $1\n"
+
+echo -e "   Usage:"
+echo -e "          \033[1m`basename $0` [OPTIONS] <device1> <device2> ..\033[m"
+echo ""
+echo -e "   This script configures the default route, especially if more than one"
+echo -e "   route to the internet exists. Also the routing tables are managed by this"
+echo -e "   script."
+echo ""
+echo -e "   The Parameter \033[1mdevice list\033[m contains all network devices, which should have"
+echo -e "   a connection to the Internet. Tha can be DSL lines as well as static lines."
+echo -e "   The declaration of the device list is mandatory."
+echo ""
+echo -e "   \033[1mNotice\033[m"
+echo -e "      Declare the device list in the order of your preferred default gatway devices."
+echo ""
+echo -e "   \033[1mNotice\033[m"
+echo -e "      On static line devices \033[1mappend \":<gateway>\033[m. This is very important,"
+echo -e "      otherwise this script will \033[1mNOT work as expected\033[m."
+echo ""
+echo -e "   If this script is invoked with option \033[1m-m\033[m, another script called \033[1m`basename $check_script`\033[m"
+echo -e "   will be triigered to monitor the devices and informs about changes (online/offline"
+echo -e "   status) of the given devices. If the status of a line has changed, this script"
+echo -e "   is reinvoked by the monitoring script \033[1m`basename $check_script`\033[m to reconfigure"
+echo -e "   the routing."
+echo ""
+echo -e "   Options:"
+echo ""
+echo -e "      \033[1m-h\033[m"
+echo -e "         Prints this help\033[m"
+echo ""   
+echo -e "      \033[1m-l <list of online devices>\033[m"
+echo -e "         List of all (internet) devices known as online. Usually, this option will"
+echo -e "         be used by triggering this script from check script \033[1m`basename $check_script`\033[m."
+echo ""   
+echo -e "      \033[1m-m\033[m"
+echo -e "          Activates monitoring of the given network devices."
+echo ""
+echo -e "   Example:"
+echo -e "      - Simply configure routing for devices \"$_INITIAL_DEVICE_LIST\""
+echo -e "            \033[1m`basename $0` $_INITIAL_DEVICE_LIST\033[m"
+echo ""
+echo -e "      - Configure routing for devices \"$_INITIAL_DEVICE_LIST\" and activate monitoring"
+echo -e "            \033[1m`basename $0` -m $_INITIAL_DEVICE_LIST\033[m"
+echo ""
+
+exit 1
+}
+
+if [[ ! -f "$check_script" ]] ; then 
+   fatal "Check script \033[1m$check_script\033[m not found!" 
+fi
+ 
+if [[ "`which sipcalc`" == "" ]]; then
+   fatal "\033[1msipcalc\033[m must be installed to run this script"
+fi
+
+if [[ $EUID -ne 0 ]]; then
+   fatal "This script must be run as root" 1>&2
+fi
+
+## ---
+## --- Configure
+## ---
+
+_monitoring=false
+ONLINE_DEVICE_LIST=
+while getopts hl:m opt ; do
+   case $opt in
+      h) usage
+         ;;
+      l) ONLINE_DEVICE_LIST=$OPTARG
+         ;;
+      m) _monitoring=true
+         ;;
+   esac
+done
+
+shift `expr $OPTIND - 1`
+
+INITIAL_DEVICE_LIST="$@"
+if [[ -z "$INITIAL_DEVICE_LIST" ]]; then
+   INITIAL_DEVICE_LIST=$_INITIAL_DEVICE_LIST
+fi
+
+[[ -z "$INITIAL_DEVICE_LIST" ]] && usage "No device list given"
+
+## - Define (non associative) array
+## -
+declare -a inet_devices_arr
+declare -a dsl_devices_arr
+declare -a static_devices_arr
+declare -a online_devices_arr
+declare -A static_gw_arr
+
+for _device in $INITIAL_DEVICE_LIST ; do
+   if [[ "$_device" =~ : ]]; then
+      static_gateway="${_device##*:}"
+      _device="${_device%:*}"
+      static_gw_arr[$_device]="$static_gateway"
+
+      static_devices_arr+=("$_device")
+
+   else
+      dsl_devices_arr+=("$_device")
+   fi
+   inet_devices_arr+=("$_device")
+done
+
+for _online_device in $ONLINE_DEVICE_LIST ; do
+   online_devices_arr+=("$_online_device")
+done
+
+
+#echo "All Devices:"
+#for _device in "${inet_devices_arr[@]}" ; do
+#   echo -e "\t$_device"
+#done
+#echo "Online Devices:"
+#for _device in "${online_devices_arr[@]}" ; do
+#   echo -e "\t$_device"
+#done
+#
+#for inet_device in "${inet_devices_arr[@]}" ; do
+#   if [ -n "$ONLINE_DEVICE_LIST" ]; then
+#      if ! containsElement "$inet_device" "${online_devices_arr[@]}" ; then
+#         echo "$inet_device is offline"
+#         continue
+#      fi
+#   fi
+#done
+#
+#echo ""
+#exit
+
+
+## - Define associative arrays
+## -
+declare -A default_gw_arr 
+declare -A gw_connection_arr
+
+declare -i number_rt_table=0
+
+
+## ---
+## --- Start
+## ---
+
+#echo "" >> $log_file
+#echo "" >> $log_file
+#echo "#############################" >> $log_file
+#echo "### ---" >> $log_file
+#echo "### --- [ `date +'%Y-%m-%d %H:%M'` ]: Starting Script `basename $0`.." >> $log_file
+#echo "### ---                       Devices all:    $INITIAL_DEVICE_LIST" >> $log_file
+#echo "### ---                       Devices online: $ONLINE_DEVICE_LIST" >> $log_file
+#echo "### ---" >> $log_file
+#echo "### ---" >> $log_file
+#echo "#############################" >> $log_file
+
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Starting Script `basename $0`.." >> $log_file
+echo "                              Devices all:    $INITIAL_DEVICE_LIST" >> $log_file
+echo "                              Devices online: $ONLINE_DEVICE_LIST" >> $log_file
+
+configured=false
+if $_monitoring ; then
+   max_attempts=20
+else
+   max_attempts=1
+fi
+declare -i _try_number=0
+declare -i prio=0
+
+while  ! $configured && [ $_try_number -lt $max_attempts ]  ; do
+
+   let _try_number++
+
+   if [ $_try_number -gt 1 ]; then
+      echo "" >> $log_file
+      echo "# --- sleeping 2 seconds before attempt number $_try_number" >> $log_file
+      sleep 2
+   fi
+
+   number_rt_table=0
+
+   #for inet_device in "${dsl_devices_arr[@]}" ; do
+   for inet_device in "${inet_devices_arr[@]}" ; do
+
+      ## - Create routing table name
+      ## - 
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then      
+         __name=`echo $inet_device | cut -d '-' -f2`
+         rt_name="dsl_$__name"
+      else
+         __name=`echo $inet_device | cut -d '-' -f1`
+         rt_name="static_$__name"
+      fi
+
+      if ! $_monitoring ; then
+
+         ## - Check if device was reported (from check script) as offline
+         ## -
+         _offline=false
+         if [ -n "$ONLINE_DEVICE_LIST" ]; then
+            if ! containsElement "$inet_device" "${online_devices_arr[@]}" ; then
+               _offline=true
+            fi
+         else
+            _offline=true
+         fi
+
+         ## - Cleanup routing tables
+         ## -
+         if $_offline ; then
+
+            if $LOGGING_CONSOLE ; then
+               echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" was reported to be down !"
+               echo -e "\t           So device \"$inet_device\" will be excluded from routing."
+            fi
+
+            echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" was reported to be down !" >> $log_file
+            echo -e "\t           So device \"$inet_device\" will be excluded from routing." >> $log_file
+
+            ## - Delete all existing entries of this routing table
+            ## -
+            echo "" >> $log_file
+            echo "## - Delete all existing entries of routing table \"$rt_name\"" >> $log_file
+            echo "## -" >> $log_file
+            echo "/sbin/ip route flush table $rt_name" >> $log_file
+            /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+            if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 ; then
+               ## - Delete all rules concerning table $rt_name
+               ## -
+               echo "" >> $log_file
+               echo "## - Delete all rules concerning routing table $rt_name" >> $log_file
+               echo "## -" >> $log_file
+               while read line ; do
+                  direction=`echo $line | awk '{print$2}'`
+                  ip=`echo $line | awk '{print$3}'`
+                  echo "/sbin/ip rule delete $direction $ip table $rt_name"  >> $log_file
+                  /sbin/ip rule delete $direction $ip table $rt_name
+               done < <(/sbin/ip rule | grep $rt_name)
+               echo "" >> $log_file
+            fi # End: if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 
+
+            continue
+
+         fi # End: if $_offline
+      fi # End: if ! $_monitoring ; then
+
+      let number_rt_table="$number_rt_table+100"
+      prio=0
+
+
+      ## - Add new routing table to /etc/iproute2/rt_tables
+      ## - if not yet exists
+      ## -
+      if ! grep $rt_name /etc/iproute2/rt_tables > /dev/null 2>&1 ; then
+
+         echo "" >> $log_file
+         echo "## - Add new routing table to /etc/iproute2/rt_tables" >> $log_file
+         echo "## -" >> $log_file
+         echo "echo \"$number_rt_table $rt_name\" >> /etc/iproute2/rt_tables" >> $log_file
+
+         echo -e "$number_rt_table\t$rt_name" >> /etc/iproute2/rt_tables
+      fi
+
+      ## - Is the device present and has local Address ?
+      ## -
+      local_gw_address="$(ip addr show $inet_device 2> /dev/null | grep inet | awk '{print$2}')"
+      if [ -z $local_gw_address ]; then
+         if $LOGGING_CONSOLE ; then
+            echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !"
+            echo -e "\t           No local address was found."
+         fi
+
+         echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !" >> $log_file
+         echo -e "\t           No local address was found." >> $log_file
+
+
+         ## - Cleanup routing tables
+         ## -
+         ## - Delete all existing entries of this routing table
+         ## -
+         echo "" >> $log_file
+         echo "## - Delete all existing entries of this routing table" >> $log_file
+         echo "## -" >> $log_file
+         echo "/sbin/ip route flush table $rt_name" >> $log_file
+         /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+         if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 ; then
+            ## - Delete all rules concerning table $rt_name
+            ## -
+            echo "" >> $log_file
+            echo "## - Delete all rules concerning routing table $rt_name" >> $log_file
+            echo "## -" >> $log_file
+            while read line ; do
+               direction=`echo $line | awk '{print$2}'`
+               ip=`echo $line | awk '{print$3}'`
+               echo "/sbin/ip rule delete $direction $ip table $rt_name"  >> $log_file
+               /sbin/ip rule delete $direction $ip table $rt_name
+            done < <(/sbin/ip rule | grep $rt_name)
+            echo "" >> $log_file
+         fi
+
+         continue
+      fi # End: if [ -z $local_gw_address ]
+
+      ## - Is the DSL-device known and has remote Address ?
+      ## -
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+         remote_gw_address="$(ip addr show $inet_device 2> /dev/null | grep peer | awk '{print$4}' | cut -d "/" -f1)"
+         remote_gw_net="$remote_gw_address/32"
+      else
+         net_address=`sipcalc $inet_device 2> /dev/null | grep -i -e "^network\s*address\s*-" | awk '{print$4}'`
+         remote_gw_address=${static_gw_arr[$inet_device]}
+         _netmask_bits=`sipcalc $inet_device 2> /dev/null | grep -i -e "Network\s*mask\s*(bits)" | awk '{print$5}'`
+         remote_gw_net="${net_address}/$_netmask_bits"
+      fi
+      if [ -z $remote_gw_address ]; then
+         if $LOGGING_CONSOLE ; then
+            echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !"
+            echo -e "\t           No remote gateway was found."
+         fi
+
+
+         echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !" >> $log_file
+         echo -e "\t           No remote gateway was found." >> $log_file
+
+         ## - Cleanup routing tables
+         ## -
+         ## - Delete all existing entries of this routing table
+         ## -
+         echo "" >> $log_file
+         echo "## - Delete all existing entries of this routing table" >> $log_file
+         echo "## -" >> $log_file
+         echo "/sbin/ip route flush table $rt_name" >> $log_file
+         /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+         if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 ; then
+            ## - Delete all rules concerning table $rt_name
+            ## -
+            echo "" >> $log_file
+            echo "## - Delete all rules concerning routing table $rt_name" >> $log_file
+            echo "## -" >> $log_file
+            while read line ; do
+               direction=`echo $line | awk '{print$2}'`
+               ip=`echo $line | awk '{print$3}'`
+               echo "/sbin/ip rule delete $direction $ip table $rt_name"  >> $log_file
+               /sbin/ip rule delete $direction $ip table $rt_name
+            done < <(/sbin/ip rule | grep $rt_name)
+            echo "" >> $log_file
+         fi
+
+         continue
+      fi
+
+      ## - Device already configured by that script?
+      ## -
+      if [ ${default_gw_arr[$inet_device]+_} ] ; then
+         continue
+      fi
+ 
+
+      # -
+      # - Ready to start configuration for that device
+      # - 
+      echo "" >> $log_file
+      echo "# ---" >> $log_file
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+         echo "# --- Routing Table for (DSL) network device \"$inet_device\" was created" >> $log_file
+      else
+         echo "# --- Routing Table for (static line) network device \"$inet_device\"" >> $log_file
+      fi
+      echo "# ---" >> $log_file
+
+      if $LOGGING_CONSOLE ; then
+         echo
+         echo
+         if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+            echo -e "\t--- DSL Connection at interface $inet_device"
+         else
+            echo -e "\t--- Static Connection at interface $inet_device"
+         fi
+         echo -e "\t---"
+         echo -e "\tRouting Table Name..: $rt_name"
+         echo
+         echo -e "\tInterface...........: $inet_device"
+         echo
+         echo -e "\tLocal GW address....: $local_gw_address"
+         echo -e "\tRemote GW address...: $remote_gw_address"
+         echo -e "\tRemote network......: $remote_gw_net"
+         echo
+      fi
+      echo "# --- Routing Table Name..: $rt_name" >> $log_file
+      echo "# --- " >> $log_file
+      echo "# --- Interface...........: $inet_device" >> $log_file
+      echo "# --- " >> $log_file
+      echo "# --- Local GW address....: $local_gw_address" >> $log_file
+      echo "# --- Remote GW address...: $remote_gw_address" >> $log_file
+      echo "# --- Remote network......: $remote_gw_net" >> $log_file
+      echo "# --- " >> $log_file
+
+      ## - Read routing table from output of "netstat -rn"
+      ## -
+      routing_table_main_arr=()
+      while read  _destination _gateway _genmask _flags _mss _window _irtt _iface; do 
+         if [ "$_destination" = "Destination" -o "$_destination" = "Kernel" \
+            -o "$_destination" = "Ziel" -o "$_destination" = "Kernel-IP-Routentabelle" ]; then 
+               continue 
+         fi  
+         routing_table_main_arr+=("$_destination $_gateway $_genmask $_iface")
+      done < <(netstat -rn)
+
+      ## - First delete all existing entries of this routing table
+      ## -
+      echo "" >> $log_file
+      echo "## - First delete all existing entries of this routing table" >> $log_file
+      echo "## -" >> $log_file
+      echo "/sbin/ip route flush table $rt_name" >> $log_file
+      /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+
+      ## - Add loopback device to routing table $rt_name
+      ## -
+      echo "" >> $log_file
+      echo "## - Add loopback device to routing table $rt_name " >> $log_file
+      echo "## -" >> $log_file
+      echo "/sbin/ip route add 127.0.0.0/8 dev lo table table $rt_name" >> $log_file
+      /sbin/ip route add 127.0.0.0/8 dev lo table $rt_name >> $log_file 2>&1
+
+
+      ## - Add routing tables of all (local) network interfaces
+      ## -
+      echo "" >> $log_file
+      echo "## - Add routing tables of all (local) network interfaces" >> $log_file
+      echo "## -" >> $log_file
+      for _entry in "${routing_table_main_arr[@]}" ; do
+         dest=`echo $_entry | cut -d " " -f1`
+         gateway=`echo $_entry | cut -d " " -f2`
+         genmask=`echo $_entry | cut -d " " -f3`
+         iface=`echo $_entry | cut -d " " -f4`
+
+         ## - We will set default route later..
+         ## -
+         if  [ "$dest" = "0.0.0.0" ]; then
+            continue
+         fi
+
+         ## - Is this a "ppp"-device ?
+         ## -
+         if [[ "$iface" =~ "ppp" ]]; then
+            continue
+         fi
+
+         if [ "$dest" = "$remote_gw_address" ]; then
+            continue
+         fi
+
+         if [ "$gateway" = "0.0.0.0" ]; then
+            echo "/sbin/ip route add ${dest}/$genmask dev $iface table $rt_name" >> $log_file
+            /sbin/ip route add ${dest}/$genmask dev $iface table $rt_name >> $log_file 2>&1
+         else
+            echo "/sbin/ip route add ${dest}/$genmask via $gateway table $rt_name" >> $log_file
+            /sbin/ip route add ${dest}/$genmask via $gateway table $rt_name >> $log_file 2>&1
+         fi
+      done
+
+      ## - Add this connection to the routing table
+      ## -
+      echo "" >> $log_file
+      echo "## - Add this connection to the routing table $rt_name" >> $log_file
+      echo "## -" >> $log_file
+
+      if $USE_REMOTE_GATEWAY_ADDRESS ; then
+         ## - Remote Network: $remote_gw_net
+         ## -
+         echo "/sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address table $rt_name" >> $log_file
+         /sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address table $rt_name >> $log_file 2>&1
+      else
+         ## - Remote Network: 0.0.0.0
+         ## -
+         echo "/sbin/ip route add 0.0.0.0 dev $inet_device src $local_gw_address table $rt_name" >> $log_file
+         /sbin/ip route add 0.0.0.0 dev $inet_device src $local_gw_address table $rt_name >> $log_file 2>&1
+      fi
+
+      if $SET_MULTIPLE_DEFAULT_GW ; then
+         if /sbin/ip route show table main | grep -e "^$remote_gw_address" | grep $inet_device  > /dev/null 2>&1 ; then
+            echo "" >> $log_file
+            echo "## - Delete route via (dsl remote) host $remote_gw_address" >> $log_file
+            echo "## -"
+            echo "/sbin/ip route delete $remote_gw_address dev $inet_device" >> $log_file
+            /sbin/ip route delete $remote_gw_address dev $inet_device >> $log_file 2>&1
+         fi
+
+         echo "" >> $log_file
+         echo "## - Add this connection also to the main routing table" >> $log_file
+         echo "## -" >> $log_file
+         echo "/sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address" >> $log_file
+         /sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address >> $log_file 2>&1
+      fi
+
+      ## - Remeber that route in order to add it to the routing table
+      ## - of other connections
+      ## -
+      gw_connection_arr[$inet_device]="$remote_gw_net $local_gw_address" 
+      
+
+      ## - Add the connections associated gateway as default gateway for this
+      ## - routing table
+      ## -
+      echo "" >> $log_file
+      echo "## - Add the connections associated gateway as default gateway for this" >> $log_file
+      echo "## - routing table" >> $log_file
+      echo "## -" >> $log_file
+
+      if $USE_REMOTE_GATEWAY_ADDRESS ; then
+         ## - Default Gatway: $remote_gw_address
+         ## -
+         #echo "/sbin/ip route add default via $remote_gw_address dev $inet_device table $rt_name" >> $log_file
+         #/sbin/ip route add default via $remote_gw_address dev $inet_device table $rt_name >> $log_file 2>&1
+         echo "/sbin/ip route add default via $remote_gw_address table $rt_name" >> $log_file
+         /sbin/ip route add default via $remote_gw_address table $rt_name >> $log_file 2>&1
+      else
+         ## - Default Gatway: 0.0.0.0
+         ## -
+         echo "/sbin/ip route add default via 0.0.0.0 dev $inet_device table $rt_name" >> $log_file
+         /sbin/ip route add default via 0.0.0.0 dev $inet_device table $rt_name >> $log_file 2>&1
+      fi
+
+
+      ## - Make sure that a reply goes out over the same connection as came in
+      ## - 
+      echo "" >> $log_file
+      echo "## - Make sure that a reply goes out over the same connection as came in" >> $log_file
+      echo "## -" >> $log_file
+
+      if ! /sbin/ip rule | grep "from $local_gw_address" > /dev/null 2>&1 ; then
+         let prio="$number_rt_table"
+         echo "/sbin/ip rule add from $local_gw_address table $rt_name prio $prio" >> $log_file
+         /sbin/ip rule add from $local_gw_address table $rt_name prio $prio >> $log_file 2>&1
+         #let prio="10+$prio"
+         #echo "/sbin/ip rule add to $local_gw_address table $rt_name prio $prio" >> $log_file
+         #/sbin/ip rule add to $local_gw_address table $rt_name prio $prio >> $log_file 2>&1
+      else
+         let prio="1010+$number_rt_table"
+         echo -e "#\t[ info ]: Rule already exists.." >> $log_file
+      fi
+
+
+      ## ---
+      ## --- Special Routing (local) IP-Address OUT
+      ## ---
+
+      if [[ ${#rule_local_ip_arr[@]} -gt 0 ]] ; then
+
+         let prio="1000+${number_rt_table}+10"
+
+         for _val in "${rule_local_ip_arr[@]}" ; do
+
+            IFS=':' read -a _val_arr <<< "${_val}"
+
+            if [[ "${_val_arr[0]}" = "$inet_device" ]]; then
+
+               echo "" >> $log_file
+               echo "## - Rule ${prio}: from ${_val_arr[1]} through ${_val_arr[0]}" >> $log_file
+               echo "## -" >> $log_file
+               if ! /sbin/ip rule | grep "from ${_val_arr[1]} " > /dev/null 2>&1 ; then
+                  echo "/sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio" >> $log_file
+                  /sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio >> $log_file 2>&1
+               else
+                  echo "# Rule already exists" >> $log_file
+               fi
+               prio="10+$prio"
+            fi
+         done
+      fi
+
+
+
+      ## ---
+      ## --- Special Routing (remote) Services
+      ## ---
+
+      if [[ ${#rule_remote_ip_arr[@]} -gt 0 ]] ; then
+
+         let prio="5000+${number_rt_table}+10"
+
+         for _val in "${rule_remote_ip_arr[@]}" ; do
+
+            IFS=':' read -a _val_arr <<< "${_val}"
+
+            if [[ "${_val_arr[0]}" = "$inet_device" ]]; then
+
+               echo "" >> $log_file
+               echo "## - Rule ${prio}: to ${_val_arr[1]} through ${_val_arr[0]}" >> $log_file
+               echo "## -" >> $log_file
+               if ! /sbin/ip rule | grep "to ${_val_arr[1]} " > /dev/null 2>&1 ; then
+                  echo "/sbin/ip rule add to ${_val_arr[1]} table $rt_name prio $prio" >> $log_file
+                  /sbin/ip rule add to ${_val_arr[1]} table $rt_name prio $prio >> $log_file 2>&1
+               else
+                  echo "# Rule already exists" >> $log_file
+               fi
+               prio="10+$prio"
+            fi
+         done
+      fi
+
+
+      ## ---
+      ## --- Special Routing Networks
+      ## ---
+
+      if [[ ${#rule_local_net_arr[@]} -gt 0 ]] ; then
+
+         let prio="10000+${number_rt_table}+10"
+
+         for _val in "${rule_local_net_arr[@]}" ; do
+
+            IFS=':' read -a _val_arr <<< "${_val}"
+
+            if [[ "${_val_arr[0]}" = "$inet_device" ]]; then
+
+               echo "" >> $log_file
+               echo "## - Rule ${prio}: from ${_val_arr[1]} through ${_val_arr[0]}" >> $log_file
+               echo "## -" >> $log_file
+               if ! /sbin/ip rule | grep "from ${_val_arr[1]} " > /dev/null 2>&1 ; then
+                  echo "/sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio" >> $log_file
+                  /sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio >> $log_file 2>&1
+               else
+                  echo "# Rule already exists" >> $log_file
+               fi
+               prio="10+$prio"
+            fi
+         done
+      fi
+
+
+      ## - Add this connection to the routing tables of other already configured dsl-connections
+      ## -
+      ## - Note:
+      ## -    Connections which will be configured later at this loop will
+      ## -    not have that connection in their routing tables. So you have 
+      ## -    to add missing routes at the end (after that loop has finisched).
+      ## -
+      ## -    _key is eqal to the ppp-device
+      ## -
+      for _key in "${!gw_connection_arr[@]}"; do
+
+         if containsElement "$_key" "${dsl_devices_arr[@]}" ; then      
+            __name=`echo $_key | cut -d '-' -f2`
+            _rt_name="dsl_$__name"
+         else
+            __name=`echo $_key | cut -d '-' -f1`
+            _rt_name="static_$__name"
+         fi
+         if [[ "$_rt_name" == "$rt_name" ]]; then
+            continue
+         fi
+
+         _local_gw_address=`echo ${gw_connection_arr[$_key]} | cut -d " " -f2`
+         _remote_gw_net=`echo ${gw_connection_arr[$_key]} | cut -d " " -f1`
+         echo "" >> $log_file
+         echo "## - Add this connection to the routing table \"$_rt_name\"" >> $log_file
+         echo "## -" >> $log_file
+
+         if $USE_REMOTE_GATEWAY_ADDRESS ; then
+            ## - Remote Network: $_remote_gw_net
+            ## -
+            if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw_net\s+dev\s+$_key" >/dev/null 2>&1 ; then
+               _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+               if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw\s+dev\s+$_key" >/dev/null 2>&1 ; then
+                  echo "/sbin/ip route add $_remote_gw_net dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+                  /sbin/ip route add $_remote_gw_net dev $_key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               else
+                  echo -e "#\t[ info ]: Connection through $_key is already part of table $_rt_name" >> $log_file
+               fi
+            fi
+         else
+            ## - Remote Network: 0.0.0.0
+            ## -
+            if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$_key" >/dev/null 2>&1 ; then
+               _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+               if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$_key" >/dev/null 2>&1 ; then
+                  echo "/sbin/ip route add 0.0.0.0 dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+                  /sbin/ip route add 0.0.0.0 dev $_key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               else
+                  echo -e "#\t[ info ]: Connection through $_key is already part of table $_rt_name" >> $log_file
+               fi
+            fi
+         fi
+      done 
+
+
+      ## - Add this gateway data to the array concerning all outgoing gatways 
+      ## -
+      #default_gw_arr[$inet_device]="$local_gw_address"
+      default_gw_arr[$inet_device]="$remote_gw_address"
+
+
+      if $SET_MULTIPLE_DEFAULT_GW ; then
+
+         default_gw_arg=""
+         for _key in "${!default_gw_arr[@]}"; do
+
+            if $USE_DEFAULT_GW_ADDRESS ; then
+               ## - Default Gateway: $remote_gw_address
+               ## -
+               default_gw_arg="$default_gw_arg nexthop via ${default_gw_arr[$_key]} dev $_key weight 1"
+            else
+               ## - Default Gateway: 0.0.0.0
+               ## -
+               default_gw_arg="$default_gw_arg nexthop via 0.0.0.0 dev $_key weight 1"
+            fi
+
+         done 
+         if [ -n "$default_gw_arg" ] ; then
+            echo "" >> $log_file
+            echo "## - Add multiple default gateways" >> $log_file
+            echo "## -" >> $log_file
+            echo "/sbin/ip route delete default" >> $log_file
+            /sbin/ip route delete default >> $log_file 2>&1
+            echo "/sbin/ip route add default scope global $default_gw_arg" >> $log_file
+            /sbin/ip route add default scope global $default_gw_arg >> $log_file 2>&1
+         else
+            echo "" >> $log_file
+            echo "## -" >> $log_file
+            echo "## - [ Warning]: No default gateway found!" >> $log_file
+            echo "## -" >> $log_file
+         fi
+
+      fi
+
+
+
+      ## - Notice:
+      ## - It is possible to first make a number of changes and then flush 
+      ## - the cache so that all of the changes will be implemented simultaneously. 
+      ## - This is actually convenient when working on an active router. 
+      ## -
+      echo "" >> $log_file
+      echo "## - Flush table cache" >> $log_file
+      echo "## -" >> $log_file
+      echo "/sbin/ip route flush table cache" >> $log_file
+      /sbin/ip route flush table cache >> $log_file 2>&1
+
+      echo "" >> $log_file
+
+      if [ ${#default_gw_arr[@]} -eq ${#inet_devices_arr[@]} ]; then
+         configured=true
+      fi
+
+   done
+
+done
+
+
+## - Some dsl-connections maybe not known to all routing tables. So add
+## - the missing routes to the appropriate tables..
+## -
+echo "" >> $log_file
+echo "" >> $log_file
+echo "## - Some dsl-connections maybe not known to all routing tables. So add" >> $log_file
+echo "## - the missing routes to the appropriate tables.." >> $log_file
+echo "## -" >> $log_file
+_changed=false
+
+if $USE_REMOTE_GATEWAY_ADDRESS ; then
+   ## - Remote Network: $_remote_gw_net
+   ## -
+   for _key in "${!gw_connection_arr[@]}"; do
+
+      if containsElement "$_key" "${dsl_devices_arr[@]}" ; then      
+         __name=`echo $_key | cut -d '-' -f2`
+         _rt_name="dsl_$__name"
+      else
+         __name=`echo $_key | cut -d '-' -f1`
+         _rt_name="static_$__name"
+      fi
+
+      echo "# Routing Table \"$_rt_name\"" >> $log_file
+      for __key in "${!gw_connection_arr[@]}"; do
+         _local_gw_address=`echo ${gw_connection_arr[$__key]} | cut -d " " -f2`
+         _remote_gw_net=`echo ${gw_connection_arr[$__key]} | cut -d " " -f1`
+         if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw_net\s+dev\s+$__key" >/dev/null 2>&1 ; then
+            _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+            if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw\s+dev\s+$__key" >/dev/null 2>&1 ; then
+               #echo "/sbin/ip route add $_remote_gw_net dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+               #/sbin/ip route add $_remote_gw_net dev $__key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               echo "/sbin/ip route add $_remote_gw dev $__key table $_rt_name" >> $log_file
+               /sbin/ip route add $_remote_gw dev $__key table $_rt_name >> $log_file 2>&1
+               _changed=true
+            else
+               echo -e "#\t[ info ]: Connection through $__key is already part of table $_rt_name" >> $log_file
+            fi
+         fi
+      done
+   done
+else
+   ## - Remote Network: 0.0.0.0
+   ## -
+   for _key in "${!gw_connection_arr[@]}"; do
+
+
+      if containsElement "$_key" "${dsl_devices_arr[@]}" ; then      
+         __name=`echo $_key | cut -d '-' -f2`
+         _rt_name="dsl_$__name"
+      else
+         __name=`echo $_key | cut -d '-' -f1`
+         _rt_name="static_$__name"
+      fi
+
+      echo "# Routing Table \"$_rt_name\"" >> $log_file
+      for __key in "${!gw_connection_arr[@]}"; do
+         _local_gw_address=`echo ${gw_connection_arr[$__key]} | cut -d " " -f2`
+         _remote_gw_net=`echo ${gw_connection_arr[$__key]} | cut -d " " -f1`
+         if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$__key" >/dev/null 2>&1 ; then
+            _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+            if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$__key" >/dev/null 2>&1 ; then
+               echo "/sbin/ip route add 0.0.0.0 dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+               /sbin/ip route add 0.0.0.0 dev $__key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               _changed=true
+            else
+               echo -e "#\t[ info ]: Connection through $__key is already part of table $_rt_name" >> $log_file
+            fi
+         fi
+      done
+   done
+fi
+
+
+## - If not using multiple default gatways, set the default gateway here
+## -
+if ! $SET_MULTIPLE_DEFAULT_GW ; then
+
+   __set_default_gatway=false
+
+   echo "" >> $log_file
+   echo "" >> $log_file
+   echo "## ---" >> $log_file
+   echo "## --- Add default gateway" >> $log_file
+   echo "## ---" >> $log_file
+
+   ## - Note: the first online device will become default route
+   ## -
+   for _device in "${inet_devices_arr[@]}" ; do
+      ## - Device online ?
+      if [ -n "${default_gw_arr[$_device]}" ]; then
+         echo "/sbin/ip route delete default" >> $log_file
+         /sbin/ip route delete default >> $log_file 2>&1
+         if $USE_REMOTE_GATEWAY_ADDRESS ; then
+            echo "/sbin/ip route add default via ${default_gw_arr[$_device]} dev $_device" >> $log_file
+            /sbin/ip route add default via ${default_gw_arr[$_device]} dev $_device >> $log_file 2>&1
+         else
+            echo "/sbin/ip route add default via 0.0.0.0 dev $_device" >> $log_file
+            /sbin/ip route add default via 0.0.0.0 dev $_device >> $log_file 2>&1
+         fi
+         __set_default_gatway=true
+         _changed=true
+         break
+      else
+         echo "" >> $log_file
+         echo -e "\t[ Warning ]: $_device is OFFLINE ! Trying next.."  >> $log_file
+      fi
+   done
+   if ! $__set_default_gatway ; then
+
+      echo "" >> $log_file
+      echo -e "\t[ Error ]: No connection is online!"  >> $log_file
+      echo -e "\t           Try to set default gateway from an existing static line .."  >> $log_file
+
+      ## - Notice:
+      ## -
+      ## - If no connection is available (the machine is fully offline), the check script will not 
+      ## - recognize, if the static line becomes online. A way to handle this is to let the
+      ## - default gateway active.
+      ## -
+      default_gw_deleted=false
+      for _device in "${inet_devices_arr[@]}" ; do
+         if containsElement "$_device" "${static_devices_arr[@]}" ; then
+
+            ## - Delete old default route
+            ## -
+            if ! $default_gw_deleted ; then
+               echo "" >> $log_file
+               echo "## - Delete existing default gatewy" >> $log_file
+               echo "## - " >> $log_file
+               echo "/sbin/ip route delete default" >> $log_file
+               /sbin/ip route delete default >> $log_file 2>&1
+               default_gw_deleted=true
+            fi
+
+            ## - Set new default route
+            ## -
+
+            echo "" >> $log_file
+            echo "## - Try to set default gateway to ${static_gw_arr[$_device]}.." >> $log_file
+            echo "## - " >> $log_file
+            echo "/sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device" >> $log_file
+            /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device >> $log_file 2>&1
+
+            if [[ "$?" == 0 ]] ; then
+               __set_default_gatway=true
+               break
+            fi
+         fi
+      done
+
+      if ! $__set_default_gatway ; then
+         echo "" >> $log_file
+         echo -e "\t[ Error ]: No default gateway is set!"  >> $log_file
+      fi
+   fi
+fi
+
+## - Flush the routing tables cache if somethimg has changed
+## -
+if $_changed ; then
+   echo "" >> $log_file
+   echo "" >> $log_file
+   echo "## - Some Routing tables has changed, so flush table cache" >> $log_file
+   echo "## -" >> $log_file
+   echo "/sbin/ip route flush table cache" >> $log_file
+   /sbin/ip route flush table cache >> $log_file 2>&1
+fi
+
+if $_monitoring ; then
+   echo "" >> $log_file
+   echo "" >> $log_file
+   echo "## - Starting monitoring script to check dsl connections.." >> $log_file
+   echo "## -" >> $log_file
+
+   if [[ -z "${!default_gw_arr[@]}" ]] ; then
+      echo "$check_script $INITIAL_DEVICE_LIST &"  >> $log_file 2>&1
+      $check_script $INITIAL_DEVICE_LIST &
+   else
+
+      _LIST=
+      for _device in ${!default_gw_arr[@]} ; do
+         _LIST="$_LIST $_device"
+      done
+      _LIST=`echo "${_LIST}" | sed -e 's/^[ \t]*//'`
+
+      echo "$check_script -l \"$_LIST\" $INITIAL_DEVICE_LIST &"  >> $log_file 2>&1
+      $check_script -l "$_LIST" $INITIAL_DEVICE_LIST &
+   fi
+fi
+
+echo "" >> $log_file
+echo "### -------------------------" >> $log_file
+
+exit 0
diff --git a/Kanzlei-Kiel/sbin/rebind b/Kanzlei-Kiel/sbin/rebind
new file mode 100755
index 0000000..c60e07b
--- /dev/null
+++ b/Kanzlei-Kiel/sbin/rebind
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+case "$1" in
+   on)
+      set -x
+      mount --bind /proc    /ro/proc
+      mount --bind /sys     /ro/sys
+      mount --bind /dev     /ro/dev
+      mount --bind /dev/pts /ro/dev/pts
+   ;;
+   off)
+      set -x
+      umount /ro/dev/pts
+      umount /ro/dev
+      umount /ro/sys
+      umount /ro/proc
+   ;;
+   *)
+      echo "Use: $0 (on|off)"
+esac
diff --git a/Kanzlei-Kiel/src/check_net b/Kanzlei-Kiel/src/check_net
new file mode 160000
index 0000000..6bde0e7
--- /dev/null
+++ b/Kanzlei-Kiel/src/check_net
@@ -0,0 +1 @@
+Subproject commit 6bde0e7c07c4d0ee8cc6f6aa37c49608fe924a5b
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1.tar.gz b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1.tar.gz
new file mode 100644
index 0000000..c429f21
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1.tar.gz differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/AUTHORS b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/AUTHORS
new file mode 100644
index 0000000..7023323
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/AUTHORS
@@ -0,0 +1,9 @@
+Authors and contributors, in alphabetical order: 
+
+Alexey Charkov <alchark@gmail.com>
+Christian Ruppert <idl0r@gentoo.org>
+Conrad Kostecki <ConiKost@gmx.de>
+Constantin Baranov <const@mimas.ru>
+Damjan Cvetko <zobo@users.sourceforge.net>
+Johnny Egeland <johnnyege@users.sourceforge.net>
+Martin Djernaes <djernaes@users.sourceforge.net>
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/COPYING b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/COPYING
new file mode 100644
index 0000000..3d11e36
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/COPYING
@@ -0,0 +1,28 @@
+igmpproxy - IGMP proxy based multicast router 
+Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+This software is derived work from the following software. The original
+source code has been modified from it's original state by the author
+of igmpproxy.
+
+smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+- Licensed under the GNU General Public License, version 2
+
+mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+Leland Stanford Junior University.
+- Original license can be found in the Stanford.txt file.
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/ChangeLog b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/ChangeLog
new file mode 100644
index 0000000..e8461bb
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/ChangeLog
@@ -0,0 +1,317 @@
+commit 0e8e7fde2d68f9ea9b5095c24231024be281393c
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Oct 5 21:31:42 2009 +0500
+
+    Release 0.1
+
+commit 68ba90446e02825073b779bd0628c4f34833665d
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu Oct 1 00:09:38 2009 +0500
+
+    Fix building on FreeBSD 8.0 (wrt #2870461)
+    
+    Several IGMP_* macroses was deprecated in r189347/v800069 and
+    removed in r193938/v800098. Redefine them if needed.
+
+commit 74c2e1aa414f33585562d6783a3290ac63ee6c69
+Author: Martin Djernaes <djernaes@users.sourceforge.net>
+Date:   Sun Sep 6 16:41:22 2009 +0500
+
+    Fix netmask detection on interfaces with multiple addresses
+    
+    When having multiple IP addresses on an interface the netmask retrieved for
+    each IP address is not correct. The reason is that ioctrl for
+    SIOCGIFNETMASK will just provide the first netmask when no IP address is
+    provided in the call.
+
+commit 64144607195b779396a49179518aade24707cbbc
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Sep 4 01:38:27 2009 +0500
+
+    Generate ChangeLog and AUTHORS by Git
+
+commit 94dd711318384e7b121924db0177a65b2fc38471
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Aug 16 19:45:04 2009 +0500
+
+    Release 0.1 beta5
+
+commit 3ac424f82ab9f281dd3a0bfccbc92352bd5512c0
+Author: Damjan Cvetko <zobo@users.sourceforge.net>
+Date:   Sun Aug 16 19:28:30 2009 +0500
+
+    Improve getIfByAddress() function (wrt #2835052)
+    
+    getIfByAddress does not find the best iterface in case of overlaping
+    networks. This patchs scans through all interfaces (and networks) and picks
+    the one with the longest subnet.
+
+commit 8ca5a29b56390020f27d4106643cd623cdb12bb2
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Aug 16 18:37:58 2009 +0500
+
+    Fix nextConfigToken() function (wrt #2838154)
+    
+    The nextConfigToken() returns NULL when EOF reached even if token
+    was read already. This results in loss of last token in file usually.
+    Let it return unterminated token if it is non-empty already.
+
+commit 954674bc4ec6a689b1de2f2a2766e993df1e2705
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:14:56 2009 +0500
+
+    Release 0.1 beta4
+
+commit a7908b855ecb6959ea08ef3b374ff2aca9939cf0
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:10:35 2009 +0500
+
+    Update README etc.
+
+commit 62fa19975ff4daa8e31a9b07bf33ddc8cd0129f8
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:06:44 2009 +0500
+
+    State licenses in the COPYING
+
+commit 3ac3ae462ca35ec7f1f22d968bf4fab0807d636f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 10 05:01:21 2009 +0500
+
+    Remove pointless backslashes in configure.ac
+
+commit 3c4118949b6a19b384b08e171a5294b0ea307e08
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 10 02:19:30 2009 +0500
+
+    Replace bzero() with memset()
+
+commit ee07cb5bfd2514503d0564d2aee0656203d9a91e
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 02:09:28 2009 +0500
+
+    Remove redundant #include
+
+commit 56e37ad6ba0c6aade86c1407ea55abb8b445d119
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 02:00:03 2009 +0500
+
+    Add DragonFly BSD support
+
+commit eccefd205c3fb326b6ae1b79676238fc349f8be8
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 01:57:07 2009 +0500
+
+    Add missed format argument in acceptLeaveMessage()
+
+commit 16c55bd5ab6a9608099252fa320ddbc0a05fca0a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Wed May 6 01:29:04 2009 +0500
+
+    Avoid inclusion if linux/in.h (wrt #2787118)
+    
+    The linux/in.h header conflicts with the netinet/in.h header in
+    certain Linux distributions. So let's ensure that linux/in.h will
+    never be included neither directly nor from linux/mroute.h.
+
+commit e01624e123c5a24310a4fb7f70ab6178278c3b7a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 22:00:33 2009 +0500
+
+    Release 0.1 beta3
+
+commit a3c84e48a1ff32812aac92ca0dba923ca7dd4ca0
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:53:56 2009 +0500
+
+    Show version in help message
+    
+    Also remove unused Version constant.
+
+commit f880a472f6b835d8139adc27908206a11a50846f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:43:01 2009 +0500
+
+    Remove IF_DEBUG macros
+    
+    IF_DEBUG macros hides my_log(LOG_DEBUG...) calls. Thus it is redundant.
+
+commit 6b1a4beb839f41ecc7468e2680f5d0eedbd49b35
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:29:16 2009 +0500
+
+    Break long lines in build scripts
+
+commit 55dcd57b8cfac25a4eeafae5a18ab85a07484418
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:19:19 2009 +0500
+
+    Remove hardcoded version strings from man pages
+
+commit e7880c542e38bae8efa16b148a431488456f5594
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:52:58 2009 +0500
+
+    Move mrouted-LICENSE out of doc directory
+
+commit 9fee127b13336776d2e6019db8c22ee7de9bf36f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:32:31 2009 +0500
+
+    Use strdup() instead of malloc() and strcpy()
+
+commit d34dee7ea0b03ba98806558a1eebf78061ce8878
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:30:44 2009 +0500
+
+    Eliminate message about IGMP_MEMBERSHIP_QUERY ignored
+
+commit 32de2bfbad537f6e60edddaefa6c240b2811c567
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:25:30 2009 +0500
+
+    Add OpenBSD support
+
+commit a85c620eccea244c80a34c3403b2ea7055616703
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 04:16:53 2009 +0500
+
+    Add NetBSD support
+
+commit d61d57c50b8b2399ff90e32da687686cf068680a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 05:07:12 2009 +0500
+
+    Remove outdated bug report email address
+
+commit 14edc6d6dab34e5e51bc12a61f45bae753235e98
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 04:49:38 2009 +0500
+
+    Improve OS checking mechanism
+    
+    Hide all OS-specific things in os-*.h headers and let autoconf select
+    proper header. Also add check for struct sockaddr_in.sin_len member.
+
+commit b23a4c9f9edd43a22759930ae969ee420c270456
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 04:48:23 2009 +0500
+
+    Do not close std* streams in non-debug mode
+
+commit 7256cb378db4b839f0138cc9422971f5fb353de1
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 21:16:47 2009 +0500
+
+    Clean up configure.ac and add check for sockaddr.sa_len member
+
+commit eb6f3eababbca43c517a1407e5af66ed384bf07d
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 20:04:32 2009 +0500
+
+    Install igmpproxy to sbin directory
+
+commit e22427f33150970f6bef3106ac018d7138dfbadb
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 20:03:46 2009 +0500
+
+    Add missing igmpproxy.h to list of sources
+
+commit 68fb7638f36c85c44b2a8a33e28af58c65de8a06
+Author: Christian Ruppert <idl0r@gentoo.org>
+Date:   Thu Apr 9 21:28:04 2009 +0500
+
+    Add missing 'h' to the getopt() optstring
+
+commit bae0b7b42ec948442945648878dbc8ef3ee1d2c5
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat Apr 4 00:38:37 2009 +0500
+
+    Rework logging
+    
+    Allow to control verbosity with -v option.
+    Don't write to syslog in debug mode.
+    Don't fork in background. Let start-stop-deamon do this.
+    
+    Also update man-pages and help messages.
+
+commit df0ffb7998cbbd3ab09c100f48dead6adb93aa2c
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat Apr 4 00:38:06 2009 +0500
+
+    Move igmpproxy.conf out of src directory
+
+commit 4c36c1ea8f9822f96031cff8f40ca3fc7cb93db3
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Mar 9 22:03:46 2009 +0400
+
+    Initial FreeBSD support
+    
+    Based on IGMPproxy port to FreeBSD made by
+    Pavel Korshunov and gygenot.
+
+commit fdc5cc59655a59f7f73af78d6606b5c45b9c1071
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 20:37:17 2009 +0400
+
+    Move to C99 and clean up the code
+    
+    Listen to compiler's warnings.
+    Use standard integer and boolean types.
+    Remove redundant version.h.
+
+commit b535f70ec3dfc73a767592739c8aa44583e7e833
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 17:53:24 2009 +0400
+
+    Rename defs.h to igmpproxy.h
+
+commit 2df90756d378de822d6ece6aa0a340cab6a489e4
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 16:17:20 2009 +0400
+
+    Add bootstrap script
+
+commit 3393d1cd7c0f13cc91fa3ec974eb2cd1409bb720
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Feb 27 22:28:03 2009 +0400
+
+    Remove stuff generated by autotools
+
+commit 576b42c7fc71757a33dbac0ebc388f8eebd81fe3
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Feb 23 00:36:39 2009 +0400
+
+    Fix logging to syslog
+    
+    Do not write textual representation of message severity
+    because syslog can do this itself. Also write only one
+    string at a time.
+
+commit 1223d5975a1da679d15120417365582a0054abc4
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Feb 23 00:22:20 2009 +0400
+
+    chmod -x on appropriate files
+
+commit 66145eee1d74c9edd23f3d72700911865b7a09bb
+Author: Conrad Kostecki <ConiKost@gmx.de>
+Date:   Mon Feb 23 00:18:48 2009 +0400
+
+    Remove banner
+
+commit 710d688641ca68d89a7b8958c7d84144d5fb1d9b
+Author: Alexey Charkov <alchark@gmail.com>
+Date:   Mon Feb 23 00:13:03 2009 +0400
+
+    Enable autotools
+    
+    I've packaged igmpproxy with GNU autotools, which will allow for a better
+    experience on Gentoo (CFLAGS, directory structure etc). Also, compile-time
+    warnings are fixed. As the project is dead, this is not even a fork :)
+
+commit f4c36aa73287b794e2c842564e82d2d4f3c1027f
+Author: Johnny Egeland <johnnyege@users.sourceforge.net>
+Date:   Mon Feb 23 00:10:48 2009 +0400
+
+    Initial import
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/GPL.txt b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/GPL.txt
new file mode 100644
index 0000000..97d8bc8
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/GPL.txt
@@ -0,0 +1,286 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+
+
+
+
+
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/INSTALL b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/INSTALL
new file mode 100644
index 0000000..2550dab
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/INSTALL
@@ -0,0 +1,302 @@
+Installation Instructions
+*************************
+
+Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
+2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+
+   This file is free documentation; the Free Software Foundation gives
+unlimited permission to copy, distribute and modify it.
+
+Basic Installation
+==================
+
+   Briefly, the shell commands `./configure; make; make install' should
+configure, build, and install this package.  The following
+more-detailed instructions are generic; see the `README' file for
+instructions specific to this package.
+
+   The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation.  It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions.  Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+   It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring.  Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.
+
+   If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release.  If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+   The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'.  You need `configure.ac' if
+you want to change it or regenerate `configure' using a newer version
+of `autoconf'.
+
+The simplest way to compile this package is:
+
+  1. `cd' to the directory containing the package's source code and type
+     `./configure' to configure the package for your system.
+
+     Running `configure' might take a while.  While running, it prints
+     some messages telling which features it is checking for.
+
+  2. Type `make' to compile the package.
+
+  3. Optionally, type `make check' to run any self-tests that come with
+     the package.
+
+  4. Type `make install' to install the programs and any data files and
+     documentation.
+
+  5. You can remove the program binaries and object files from the
+     source code directory by typing `make clean'.  To also remove the
+     files that `configure' created (so you can compile the package for
+     a different kind of computer), type `make distclean'.  There is
+     also a `make maintainer-clean' target, but that is intended mainly
+     for the package's developers.  If you use it, you may have to get
+     all sorts of other programs in order to regenerate files that came
+     with the distribution.
+
+  6. Often, you can also type `make uninstall' to remove the installed
+     files again.
+
+Compilers and Options
+=====================
+
+   Some systems require unusual options for compilation or linking that
+the `configure' script does not know about.  Run `./configure --help'
+for details on some of the pertinent environment variables.
+
+   You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment.  Here
+is an example:
+
+     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
+
+   *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+   You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory.  To do this, you can use GNU `make'.  `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script.  `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+   With a non-GNU `make', it is safer to compile the package for one
+architecture at a time in the source code directory.  After you have
+installed the package for one architecture, use `make distclean' before
+reconfiguring for another architecture.
+
+   On MacOS X 10.5 and later systems, you can create libraries and
+executables that work on multiple system types--known as "fat" or
+"universal" binaries--by specifying multiple `-arch' options to the
+compiler but only a single `-arch' option to the preprocessor.  Like
+this:
+
+     ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CPP="gcc -E" CXXCPP="g++ -E"
+
+   This is not guaranteed to produce working output in all cases, you
+may have to build one architecture at a time and combine the results
+using the `lipo' tool if you have problems.
+
+Installation Names
+==================
+
+   By default, `make install' installs the package's commands under
+`/usr/local/bin', include files under `/usr/local/include', etc.  You
+can specify an installation prefix other than `/usr/local' by giving
+`configure' the option `--prefix=PREFIX'.
+
+   You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files.  If you
+pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
+
+   In addition, if you use an unusual directory layout you can give
+options like `--bindir=DIR' to specify different values for particular
+kinds of files.  Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+   If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+   Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System).  The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+   For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Particular systems
+==================
+
+   On HP-UX, the default C compiler is not ANSI C compatible.  If GNU
+CC is not installed, it is recommended to use the following options in
+order to use an ANSI C compiler:
+
+     ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+
+and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+
+   On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+parse its `<wchar.h>' header file.  The option `-nodtk' can be used as
+a workaround.  If GNU CC is not installed, it is therefore recommended
+to try
+
+     ./configure CC="cc"
+
+and if that doesn't work, try
+
+     ./configure CC="cc -nodtk"
+
+   On Solaris, don't put `/usr/ucb' early in your `PATH'.  This
+directory contains several dysfunctional programs; working variants of
+these programs are available in `/usr/bin'.  So, if you need `/usr/ucb'
+in your `PATH', put it _after_ `/usr/bin'.
+
+   On Haiku, software installed for all users goes in `/boot/common',
+not `/usr/local'.  It is recommended to use the following options:
+
+     ./configure --prefix=/boot/common
+
+Specifying the System Type
+==========================
+
+   There may be some features `configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on.  Usually, assuming the package is built to be run on the
+_same_ architectures, `configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+`--build=TYPE' option.  TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
+     CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+     OS
+     KERNEL-OS
+
+   See the file `config.sub' for the possible values of each field.  If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+   If you are _building_ compiler tools for cross-compiling, you should
+use the option `--target=TYPE' to select the type of system they will
+produce code for.
+
+   If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
+
+Sharing Defaults
+================
+
+   If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists.  Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+   Variables not defined in a site shell script can be set in the
+environment passed to `configure'.  However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost.  In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'.  For example:
+
+     ./configure CC=/usr/local2/bin/gcc
+
+causes the specified `gcc' to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+an Autoconf bug.  Until the bug is fixed you can use this workaround:
+
+     CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
+
+`configure' Invocation
+======================
+
+   `configure' recognizes the following options to control how it
+operates.
+
+`--help'
+`-h'
+     Print a summary of all of the options to `configure', and exit.
+
+`--help=short'
+`--help=recursive'
+     Print a summary of the options unique to this package's
+     `configure', and exit.  The `short' variant lists options used
+     only in the top level, while the `recursive' variant lists options
+     also present in any nested packages.
+
+`--version'
+`-V'
+     Print the version of Autoconf used to generate the `configure'
+     script, and exit.
+
+`--cache-file=FILE'
+     Enable the cache: use and save the results of the tests in FILE,
+     traditionally `config.cache'.  FILE defaults to `/dev/null' to
+     disable caching.
+
+`--config-cache'
+`-C'
+     Alias for `--cache-file=config.cache'.
+
+`--quiet'
+`--silent'
+`-q'
+     Do not print messages saying which checks are being made.  To
+     suppress all normal output, redirect it to `/dev/null' (any error
+     messages will still be shown).
+
+`--srcdir=DIR'
+     Look for the package's source code in directory DIR.  Usually
+     `configure' can determine that directory automatically.
+
+`--prefix=DIR'
+     Use DIR as the installation prefix.  *Note Installation Names::
+     for more details, including other options available for fine-tuning
+     the installation locations.
+
+`--no-create'
+`-n'
+     Run the configure checks, but stop before creating any output
+     files.
+
+`configure' also accepts some other, not widely useful, options.  Run
+`configure --help' for more details.
+
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/Makefile b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/Makefile
new file mode 100644
index 0000000..1ea5f09
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/Makefile
@@ -0,0 +1,739 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = x86_64-unknown-linux-gnu
+host_triplet = x86_64-unknown-linux-gnu
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(dist_sysconf_DATA) \
+	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/config.h.in $(top_srcdir)/configure AUTHORS COPYING \
+	ChangeLog INSTALL NEWS config.guess config.sub depcomp \
+	install-sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(sysconfdir)"
+DATA = $(dist_sysconf_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+	$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+	distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d "$(distdir)" \
+    || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr "$(distdir)"; }; }
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1
+abs_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1
+abs_top_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = x86_64-unknown-linux-gnu
+build_alias = 
+build_cpu = x86_64
+build_os = linux-gnu
+build_vendor = unknown
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = x86_64-unknown-linux-gnu
+host_alias = 
+host_cpu = x86_64
+host_os = linux-gnu
+host_vendor = unknown
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = 
+top_builddir = .
+top_srcdir = .
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh:
+	@:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
+	      $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	$(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in:  $(am__configure_deps) 
+	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-dist_sysconfDATA: $(dist_sysconf_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(sysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sysconfdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \
+	done
+
+uninstall-dist_sysconfDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sysconfdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sysconfdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	test -d "$(distdir)" || mkdir "$(distdir)"
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+		am__skip_mode_fix=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+	-test -n "$(am__skip_mode_fix)" \
+	|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-lzma: distdir
+	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+	$(am__remove_distdir)
+
+dist-xz: distdir
+	tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lzma*) \
+	  unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+	*.tar.xz*) \
+	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	test -d $(distdir)/_build || exit 0; \
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && am__cwd=`pwd` \
+	  && $(am__cd) $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+	  && cd "$$am__cwd" \
+	  || exit 1
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+	@$(am__cd) '$(distuninstallcheck_dir)' \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(DATA) config.h
+installdirs: installdirs-recursive
+installdirs-am:
+	for dir in "$(DESTDIR)$(sysconfdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-dist_sysconfDATA
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-dist_sysconfDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+	ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am am--refresh check check-am clean clean-generic \
+	ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
+	dist-lzma dist-shar dist-tarZ dist-xz dist-zip distcheck \
+	distclean distclean-generic distclean-hdr distclean-tags \
+	distcleancheck distdir distuninstallcheck dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_sysconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	installdirs-am maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \
+	tags-recursive uninstall uninstall-am \
+	uninstall-dist_sysconfDATA
+
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/Makefile.am b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/Makefile.am
new file mode 100644
index 0000000..b569f48
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/Makefile.am
@@ -0,0 +1,10 @@
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/Makefile.in b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/Makefile.in
new file mode 100644
index 0000000..508f703
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/Makefile.in
@@ -0,0 +1,739 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(dist_sysconf_DATA) \
+	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/config.h.in $(top_srcdir)/configure AUTHORS COPYING \
+	ChangeLog INSTALL NEWS config.guess config.sub depcomp \
+	install-sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(sysconfdir)"
+DATA = $(dist_sysconf_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+	$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+	distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d "$(distdir)" \
+    || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr "$(distdir)"; }; }
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh:
+	@:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
+	      $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	$(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in:  $(am__configure_deps) 
+	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-dist_sysconfDATA: $(dist_sysconf_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(sysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sysconfdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \
+	done
+
+uninstall-dist_sysconfDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sysconfdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sysconfdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	test -d "$(distdir)" || mkdir "$(distdir)"
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+		am__skip_mode_fix=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+	-test -n "$(am__skip_mode_fix)" \
+	|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-lzma: distdir
+	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+	$(am__remove_distdir)
+
+dist-xz: distdir
+	tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lzma*) \
+	  unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+	*.tar.xz*) \
+	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	test -d $(distdir)/_build || exit 0; \
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && am__cwd=`pwd` \
+	  && $(am__cd) $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+	  && cd "$$am__cwd" \
+	  || exit 1
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+	@$(am__cd) '$(distuninstallcheck_dir)' \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(DATA) config.h
+installdirs: installdirs-recursive
+installdirs-am:
+	for dir in "$(DESTDIR)$(sysconfdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-dist_sysconfDATA
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-dist_sysconfDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+	ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am am--refresh check check-am clean clean-generic \
+	ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
+	dist-lzma dist-shar dist-tarZ dist-xz dist-zip distcheck \
+	distclean distclean-generic distclean-hdr distclean-tags \
+	distcleancheck distdir distuninstallcheck dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_sysconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	installdirs-am maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \
+	tags-recursive uninstall uninstall-am \
+	uninstall-dist_sysconfDATA
+
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/NEWS b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/NEWS
new file mode 100644
index 0000000..fa39cb9
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/NEWS
@@ -0,0 +1,4 @@
+New releases, the Git repository and the bug tracker are accessible
+at project homepage:
+
+	http://sourceforge.net/projects/igmpproxy/
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/README b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/README
new file mode 100644
index 0000000..01add8d
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/README
@@ -0,0 +1,10 @@
+IGMPproxy is a simple mulitcast router that only uses the IGMP protocol.
+
+Supported operating systems:
+ - Linux
+ - FreeBSD
+ - NetBSD
+ - OpenBSD
+ - DragonFly BSD
+
+This software is released under the GNU GPL license v2. See details in COPYING.
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/Stanford.txt b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/Stanford.txt
new file mode 100644
index 0000000..ef7da47
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/Stanford.txt
@@ -0,0 +1,48 @@
+
+The mrouted program is covered by the following license.  Use of the
+mrouted program represents acceptance of these terms and conditions.
+
+1. STANFORD grants to LICENSEE a nonexclusive and nontransferable license
+to use, copy and modify the computer software ``mrouted'' (hereinafter
+called the ``Program''), upon the terms and conditions hereinafter set
+out and until Licensee discontinues use of the Licensed Program.
+
+2. LICENSEE acknowledges that the Program is a research tool still in
+the development state, that it is being supplied ``as is,'' without any
+accompanying services from STANFORD, and that this license is entered
+into in order to encourage scientific collaboration aimed at further
+development and application of the Program.
+
+3. LICENSEE may copy the Program and may sublicense others to use object
+code copies of the Program or any derivative version of the Program.
+All copies must contain all copyright and other proprietary notices found
+in the Program as provided by STANFORD.  Title to copyright to the
+Program remains with STANFORD.
+
+4. LICENSEE may create derivative versions of the Program.  LICENSEE
+hereby grants STANFORD a royalty-free license to use, copy, modify,
+distribute and sublicense any such derivative works.  At the time
+LICENSEE provides a copy of a derivative version of the Program to a
+third party, LICENSEE shall provide STANFORD with one copy of the source
+code of the derivative version at no charge to STANFORD.
+
+5. STANFORD MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED.
+By way of example, but not limitation, STANFORD MAKES NO REPRESENTATION
+OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR
+THAT THE USE OF THE LICENSED PROGRAM WILL NOT INFRINGE ANY PATENTS,
+COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. STANFORD shall not be held liable
+for any liability nor for any direct, indirect or consequential damages
+with respect to any claim by LICENSEE or any third party on account of or
+arising from this Agreement or use of the Program.
+
+6. This agreement shall be construed, interpreted and applied in
+accordance with the State of California and any legal action arising
+out of this Agreement or use of the Program shall be filed in a court
+in the State of California.
+
+7. Nothing in this Agreement shall be construed as conferring rights to
+use in advertising, publicity or otherwise any trademark or the name
+of ``Stanford''.
+
+The mrouted program is COPYRIGHT 1989 by The Board of Trustees of
+Leland Stanford Junior University.
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/aclocal.m4 b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/aclocal.m4
new file mode 100644
index 0000000..9304f88
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/aclocal.m4
@@ -0,0 +1,951 @@
+# generated automatically by aclocal 1.11 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2007, 2008, 2009  Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.63],,
+[m4_warning([this file was generated for autoconf 2.63.
+You have another version of autoconf.  It may work, but is not guaranteed to.
+If you have problems, you may need to regenerate the build system entirely.
+To do so, use the procedure documented by the package, typically `autoreconf'.])])
+
+# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+# (This private macro should not be called outside this file.)
+AC_DEFUN([AM_AUTOMAKE_VERSION],
+[am__api_version='1.11'
+dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+dnl require some minimum version.  Point them to the right macro.
+m4_if([$1], [1.11], [],
+      [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+])
+
+# _AM_AUTOCONF_VERSION(VERSION)
+# -----------------------------
+# aclocal traces this macro to find the Autoconf version.
+# This is a private macro too.  Using m4_define simplifies
+# the logic in aclocal, which can simply ignore this definition.
+m4_define([_AM_AUTOCONF_VERSION], [])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+[AM_AUTOMAKE_VERSION([1.11])dnl
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+
+# AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'.  In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory.  The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run.  This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+#    fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+#    fails if $ac_aux_dir is absolute,
+#    fails when called from a subdirectory in a VPATH build with
+#          a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir.  In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir.  That would be:
+#   am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+#   MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH.  The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL                                            -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 9
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
+	[$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
+if $2; then
+  $1_TRUE=
+  $1_FALSE='#'
+else
+  $1_TRUE='#'
+  $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+  AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 10
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery.  Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC,   [depcc="$CC"   am_compiler_list=],
+       [$1], CXX,  [depcc="$CXX"  am_compiler_list=],
+       [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+       [$1], UPC,  [depcc="$UPC"  am_compiler_list=],
+       [$1], GCJ,  [depcc="$GCJ"  am_compiler_list='gcc3 gcc'],
+                   [depcc="$$1"   am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+               [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_$1_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+  fi
+  am__universal=false
+  m4_case([$1], [CC],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac],
+    [CXX],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac])
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_$1_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
+])
+
+# Generate code to set up dependency tracking.              -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 5
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[{
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`AS_DIRNAME("$mf")`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`AS_DIRNAME(["$file"])`
+      AS_MKDIR_P([$dirpart/$fdir])
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled.  FIXME.  This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+     [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+     [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Do all the work for Automake.                             -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2008, 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 16
+
+# This macro actually does too much.  Some checks are only needed if
+# your package does certain things.  But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out.  PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition.  After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.62])dnl
+dnl Autoconf wants to disallow AM_ names.  We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
+m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
+  [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+	      [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+			     [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+		  [_AM_DEPENDENCIES(CC)],
+		  [define([AC_PROG_CC],
+			  defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+		  [_AM_DEPENDENCIES(CXX)],
+		  [define([AC_PROG_CXX],
+			  defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_OBJC],
+		  [_AM_DEPENDENCIES(OBJC)],
+		  [define([AC_PROG_OBJC],
+			  defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
+])
+_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl
+dnl The `parallel-tests' driver may need to know about EXEEXT, so add the
+dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen.  This macro
+dnl is hooked onto _AC_COMPILER_EXEEXT early, see below.
+AC_CONFIG_COMMANDS_PRE(dnl
+[m4_provide_if([_AM_COMPILER_EXEEXT],
+  [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
+])
+
+dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion.  Do not
+dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
+dnl mangled by Autoconf and run in a shell conditional statement.
+m4_define([_AC_COMPILER_EXEEXT],
+m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated.  The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_arg=$1
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+if test x"${install_sh}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot.  For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Check to see how 'make' treats includes.	            -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2009  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 6
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([missing])dnl
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check for `mkdir -p'.
+AC_DEFUN([AM_PROG_MKDIR_P],
+[AC_PREREQ([2.60])dnl
+AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+dnl Automake 1.8 to 1.9.6 used to define mkdir_p.  We now use MKDIR_P,
+dnl while keeping a definition of mkdir_p for backward compatibility.
+dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
+dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
+dnl Makefile.ins that do not define MKDIR_P, so we do our own
+dnl adjustment using top_builddir (which is defined more often than
+dnl MKDIR_P).
+AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
+case $mkdir_p in
+  [[\\/$]]* | ?:[[\\/]]*) ;;
+  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+])
+
+# Helper functions for option handling.                     -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME.  Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Check to make sure that the build environment is sane.    -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[[\\\"\#\$\&\'\`$am_lf]]*)
+    AC_MSG_ERROR([unsafe absolute working directory name]);;
+esac
+case $srcdir in
+  *[[\\\"\#\$\&\'\`$am_lf\ \	]]*)
+    AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+   if test "$[*]" = "X"; then
+      # -L didn't work.
+      set X `ls -t "$srcdir/configure" conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$[*]" != "X $srcdir/configure conftest.file" \
+      && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      AC_MSG_ERROR([ls -t appears to fail.  Make sure there is not a broken
+alias in your environment])
+   fi
+
+   test "$[2]" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries.  This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+  AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Copyright (C) 2006, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
+# This macro is traced by Automake.
+AC_DEFUN([_AM_SUBST_NOTMAKE])
+
+# AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Public sister of _AM_SUBST_NOTMAKE.
+AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+
+# Check how to create a tarball.                            -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+#     tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+#     $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+     [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+     [m4_case([$1], [ustar],, [pax],,
+              [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+  case $_am_tool in
+  gnutar)
+    for _am_tar in tar gnutar gtar;
+    do
+      AM_RUN_LOG([$_am_tar --version]) && break
+    done
+    am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+    am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+    am__untar="$_am_tar -xf -"
+    ;;
+  plaintar)
+    # Must skip GNU tar: if it does not support --format= it doesn't create
+    # ustar tarball either.
+    (tar --version) >/dev/null 2>&1 && continue
+    am__tar='tar chf - "$$tardir"'
+    am__tar_='tar chf - "$tardir"'
+    am__untar='tar xf -'
+    ;;
+  pax)
+    am__tar='pax -L -x $1 -w "$$tardir"'
+    am__tar_='pax -L -x $1 -w "$tardir"'
+    am__untar='pax -r'
+    ;;
+  cpio)
+    am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+    am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+    am__untar='cpio -i -H $1 -d'
+    ;;
+  none)
+    am__tar=false
+    am__tar_=false
+    am__untar=false
+    ;;
+  esac
+
+  # If the value was cached, stop now.  We just wanted to have am__tar
+  # and am__untar set.
+  test -n "${am_cv_prog_tar_$1}" && break
+
+  # tar/untar a dummy directory, and stop if the command works
+  rm -rf conftest.dir
+  mkdir conftest.dir
+  echo GrepMe > conftest.dir/file
+  AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+  rm -rf conftest.dir
+  if test -s conftest.tar; then
+    AM_RUN_LOG([$am__untar <conftest.tar])
+    grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+  fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.guess b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.guess
new file mode 100755
index 0000000..12734a7
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.guess
@@ -0,0 +1,1554 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-08-19'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner.  Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+case "${UNAME_SYSTEM}" in
+Linux|GNU/*)
+	eval $set_cc_for_build
+	cat << EOF > $dummy.c
+	#include <features.h>
+	#ifdef __UCLIBC__
+	# ifdef __UCLIBC_CONFIG_VERSION__
+	LIBC=uclibc __UCLIBC_CONFIG_VERSION__
+	# else
+	LIBC=uclibc
+	# endif
+	#else
+	LIBC=gnu
+	#endif
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep LIBC= | sed -e 's: ::g'`
+	;;
+esac
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep -q __ELF__
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    s390x:SunOS:*:*)
+	echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+	eval $set_cc_for_build
+	SUN_ARCH="i386"
+	# If there is a compiler, see if it is configured for 64-bit objects.
+	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+	# This test works for both compilers.
+	if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+		(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+		grep IS_64BIT_ARCH >/dev/null
+	    then
+		SUN_ARCH="x86_64"
+	    fi
+	fi
+	echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[456])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep -q __LP64__
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86)
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd | genuineintel)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	    IA64)
+		echo ia64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    8664:Windows_NT:*)
+	echo x86_64-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	eval $set_cc_for_build
+	if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+	    | grep -q __ARM_EABI__
+	then
+	    echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	else
+	    echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
+	fi
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-${LIBC}
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-${LIBC}
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-${LIBC}
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    mips:Linux:*:* | mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef ${UNAME_MACHINE}
+	#undef ${UNAME_MACHINE}el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=${UNAME_MACHINE}el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=${UNAME_MACHINE}
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-${LIBC}
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-${LIBC}
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-${LIBC}
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep -q ld.so.1
+	if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    padre:Linux:*:*)
+	echo sparc-unknown-linux-${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
+	  PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
+	  *)    echo hppa-unknown-linux-${LIBC} ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-${LIBC}
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-${LIBC}
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-${LIBC}
+	exit ;;
+    xtensa*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-${LIBC}"
+		;;
+	esac
+	# This should get integrated into the C code below, but now we hack
+	if [ "$LIBC" != "gnu" ] ; then echo "$TENTATIVE" && exit 0 ; fi
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i586.
+	# Note: whatever this is, it MUST be the same as what config.sub
+	# prints for the "djgpp" host, or else GDB configury will decide that
+	# this is a cross-build.
+	echo i586-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+	OS_REL='.3'
+	test -r /etc/.relid \
+	    && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	    && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <Richard.M.Bartel@ccMail.Census.GOV>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    BePC:Haiku:*:*)	# Haiku running on Intel PC compatible.
+	echo i586-pc-haiku
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+    i*86:AROS:*:*)
+	echo ${UNAME_MACHINE}-pc-aros
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.h b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.h
new file mode 100644
index 0000000..f438e80
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.h
@@ -0,0 +1,29 @@
+/* config.h.  Generated from config.h.in by configure.  */
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if `sin_len' is member of `struct sockaddr_in'. */
+/* #undef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
+
+/* Define to 1 if `sa_len' is member of `struct sockaddr'. */
+/* #undef HAVE_STRUCT_SOCKADDR_SA_LEN */
+
+/* Name of package */
+#define PACKAGE "igmpproxy"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT ""
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "igmpproxy"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "igmpproxy 0.1"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "igmpproxy"
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "0.1"
+
+/* Version number of package */
+#define VERSION "0.1"
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.h.in b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.h.in
new file mode 100644
index 0000000..bb6a90d
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.h.in
@@ -0,0 +1,28 @@
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if `sin_len' is member of `struct sockaddr_in'. */
+#undef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
+
+/* Define to 1 if `sa_len' is member of `struct sockaddr'. */
+#undef HAVE_STRUCT_SOCKADDR_SA_LEN
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Version number of package */
+#undef VERSION
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.log b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.log
new file mode 100644
index 0000000..5bdd0cc
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.log
@@ -0,0 +1,573 @@
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by igmpproxy configure 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  $ ./configure --prefix=/usr/local/igmpproxy-0.1
+
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = gw-ah
+uname -m = x86_64
+uname -r = 3.16.0-4-amd64
+uname -s = Linux
+uname -v = #1 SMP Debian 3.16.7-ckt11-1+deb8u6 (2015-11-09)
+
+/usr/bin/uname -p = unknown
+/bin/uname -X     = unknown
+
+/bin/arch              = unknown
+/usr/bin/arch -k       = unknown
+/usr/convex/getsysinfo = unknown
+/usr/bin/hostinfo      = unknown
+/bin/machine           = unknown
+/usr/bin/oslevel       = unknown
+/bin/universe          = unknown
+
+PATH: /root/bin
+PATH: /usr/local/sbin
+PATH: /usr/local/bin
+PATH: /usr/sbin
+PATH: /usr/bin
+PATH: /sbin
+PATH: /bin
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+configure:1839: checking for a BSD-compatible install
+configure:1907: result: /usr/bin/install -c
+configure:1918: checking whether build environment is sane
+configure:1978: result: yes
+configure:2119: checking for a thread-safe mkdir -p
+configure:2158: result: /bin/mkdir -p
+configure:2171: checking for gawk
+configure:2187: found /usr/bin/gawk
+configure:2198: result: gawk
+configure:2209: checking whether make sets $(MAKE)
+configure:2231: result: yes
+configure:2328: checking for style of include used by make
+configure:2356: result: GNU
+configure:2426: checking for gcc
+configure:2442: found /usr/bin/gcc
+configure:2453: result: gcc
+configure:2685: checking for C compiler version
+configure:2693: gcc --version >&5
+gcc (Debian 4.9.2-10) 4.9.2
+Copyright (C) 2014 Free Software Foundation, Inc.
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+configure:2697: $? = 0
+configure:2704: gcc -v >&5
+Using built-in specs.
+COLLECT_GCC=gcc
+COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.9/lto-wrapper
+Target: x86_64-linux-gnu
+Configured with: ../src/configure -v --with-pkgversion='Debian 4.9.2-10' --with-bugurl=file:///usr/share/doc/gcc-4.9/README.Bugs --enable-languages=c,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.9 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.9 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-4.9-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc --enable-multiarch --with-arch-32=i586 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
+Thread model: posix
+gcc version 4.9.2 (Debian 4.9.2-10) 
+configure:2708: $? = 0
+configure:2715: gcc -V >&5
+gcc: error: unrecognized command line option '-V'
+gcc: fatal error: no input files
+compilation terminated.
+configure:2719: $? = 4
+configure:2742: checking for C compiler default output file name
+configure:2764: gcc    conftest.c  >&5
+configure:2768: $? = 0
+configure:2806: result: a.out
+configure:2825: checking whether the C compiler works
+configure:2835: ./a.out
+configure:2839: $? = 0
+configure:2858: result: yes
+configure:2865: checking whether we are cross compiling
+configure:2867: result: no
+configure:2870: checking for suffix of executables
+configure:2877: gcc -o conftest    conftest.c  >&5
+configure:2881: $? = 0
+configure:2907: result: 
+configure:2913: checking for suffix of object files
+configure:2939: gcc -c   conftest.c >&5
+configure:2943: $? = 0
+configure:2968: result: o
+configure:2972: checking whether we are using the GNU C compiler
+configure:3001: gcc -c   conftest.c >&5
+configure:3008: $? = 0
+configure:3025: result: yes
+configure:3034: checking whether gcc accepts -g
+configure:3064: gcc -c -g  conftest.c >&5
+configure:3071: $? = 0
+configure:3172: result: yes
+configure:3189: checking for gcc option to accept ISO C89
+configure:3263: gcc  -c -g -O2  conftest.c >&5
+configure:3270: $? = 0
+configure:3293: result: none needed
+configure:3313: checking dependency style of gcc
+configure:3423: result: gcc3
+configure:3438: checking for gcc option to accept ISO C99
+configure:3597: gcc  -c -g -O2  conftest.c >&5
+conftest.c:60:29: error: expected ';', ',' or ')' before 'text'
+ test_restrict (ccp restrict text)
+                             ^
+conftest.c: In function 'main':
+conftest.c:114:18: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'newvar'
+   char *restrict newvar = "Another string";
+                  ^
+conftest.c:114:18: error: 'newvar' undeclared (first use in this function)
+conftest.c:114:18: note: each undeclared identifier is reported only once for each function it appears in
+conftest.c:124:3: error: 'for' loop initial declarations are only allowed in C99 or C11 mode
+   for (int i = 0; i < ia->datasize; ++i)
+   ^
+conftest.c:124:3: note: use option -std=c99, -std=gnu99, -std=c11 or -std=gnu11 to compile your code
+configure:3604: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| #include <stdarg.h>
+| #include <stdbool.h>
+| #include <stdlib.h>
+| #include <wchar.h>
+| #include <stdio.h>
+| 
+| // Check varargs macros.  These examples are taken from C99 6.10.3.5.
+| #define debug(...) fprintf (stderr, __VA_ARGS__)
+| #define showlist(...) puts (#__VA_ARGS__)
+| #define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+| static void
+| test_varargs_macros (void)
+| {
+|   int x = 1234;
+|   int y = 5678;
+|   debug ("Flag");
+|   debug ("X = %d\n", x);
+|   showlist (The first, second, and third items.);
+|   report (x>y, "x is %d but y is %d", x, y);
+| }
+| 
+| // Check long long types.
+| #define BIG64 18446744073709551615ull
+| #define BIG32 4294967295ul
+| #define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+| #if !BIG_OK
+|   your preprocessor is broken;
+| #endif
+| #if BIG_OK
+| #else
+|   your preprocessor is broken;
+| #endif
+| static long long int bignum = -9223372036854775807LL;
+| static unsigned long long int ubignum = BIG64;
+| 
+| struct incomplete_array
+| {
+|   int datasize;
+|   double data[];
+| };
+| 
+| struct named_init {
+|   int number;
+|   const wchar_t *name;
+|   double average;
+| };
+| 
+| typedef const char *ccp;
+| 
+| static inline int
+| test_restrict (ccp restrict text)
+| {
+|   // See if C++-style comments work.
+|   // Iterate through items via the restricted pointer.
+|   // Also check for declarations in for loops.
+|   for (unsigned int i = 0; *(text+i) != '\0'; ++i)
+|     continue;
+|   return 0;
+| }
+| 
+| // Check varargs and va_copy.
+| static void
+| test_varargs (const char *format, ...)
+| {
+|   va_list args;
+|   va_start (args, format);
+|   va_list args_copy;
+|   va_copy (args_copy, args);
+| 
+|   const char *str;
+|   int number;
+|   float fnumber;
+| 
+|   while (*format)
+|     {
+|       switch (*format++)
+| 	{
+| 	case 's': // string
+| 	  str = va_arg (args_copy, const char *);
+| 	  break;
+| 	case 'd': // int
+| 	  number = va_arg (args_copy, int);
+| 	  break;
+| 	case 'f': // float
+| 	  fnumber = va_arg (args_copy, double);
+| 	  break;
+| 	default:
+| 	  break;
+| 	}
+|     }
+|   va_end (args_copy);
+|   va_end (args);
+| }
+| 
+| int
+| main ()
+| {
+| 
+|   // Check bool.
+|   _Bool success = false;
+| 
+|   // Check restrict.
+|   if (test_restrict ("String literal") == 0)
+|     success = true;
+|   char *restrict newvar = "Another string";
+| 
+|   // Check varargs.
+|   test_varargs ("s, d' f .", "string", 65, 34.234);
+|   test_varargs_macros ();
+| 
+|   // Check flexible array members.
+|   struct incomplete_array *ia =
+|     malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+|   ia->datasize = 10;
+|   for (int i = 0; i < ia->datasize; ++i)
+|     ia->data[i] = i * 1.234;
+| 
+|   // Check named initializers.
+|   struct named_init ni = {
+|     .number = 34,
+|     .name = L"Test wide string",
+|     .average = 543.34343,
+|   };
+| 
+|   ni.number = 58;
+| 
+|   int dynamic_array[ni.number];
+|   dynamic_array[ni.number - 1] = 543;
+| 
+|   // work around unused variable warnings
+|   return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
+| 	  || dynamic_array[ni.number - 1] != 543);
+| 
+|   ;
+|   return 0;
+| }
+configure:3597: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+configure:3604: $? = 0
+configure:3634: result: -std=gnu99
+configure:3647: checking build system type
+configure:3665: result: x86_64-unknown-linux-gnu
+configure:3687: checking host system type
+configure:3702: result: x86_64-unknown-linux-gnu
+configure:3738: checking for struct sockaddr.sa_len
+configure:3770: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:12: error: 'struct sockaddr' has no member named 'sa_len'
+ if (ac_aggr.sa_len)
+            ^
+configure:3777: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <sys/socket.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr ac_aggr;
+| if (ac_aggr.sa_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3814: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:19: error: 'struct sockaddr' has no member named 'sa_len'
+ if (sizeof ac_aggr.sa_len)
+                   ^
+configure:3821: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <sys/socket.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr ac_aggr;
+| if (sizeof ac_aggr.sa_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3839: result: no
+configure:3850: checking for struct sockaddr_in.sin_len
+configure:3882: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:12: error: 'struct sockaddr_in' has no member named 'sin_len'
+ if (ac_aggr.sin_len)
+            ^
+configure:3889: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <netinet/in.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr_in ac_aggr;
+| if (ac_aggr.sin_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3926: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:19: error: 'struct sockaddr_in' has no member named 'sin_len'
+ if (sizeof ac_aggr.sin_len)
+                   ^
+configure:3933: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <netinet/in.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr_in ac_aggr;
+| if (sizeof ac_aggr.sin_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3951: result: no
+configure:4089: creating ./config.status
+
+## ---------------------- ##
+## Running config.status. ##
+## ---------------------- ##
+
+This file was extended by igmpproxy config.status 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = 
+  CONFIG_HEADERS  = 
+  CONFIG_LINKS    = 
+  CONFIG_COMMANDS = 
+  $ ./config.status 
+
+on gw-ah
+
+config.status:776: creating Makefile
+config.status:776: creating doc/Makefile
+config.status:776: creating src/Makefile
+config.status:776: creating doc/igmpproxy.8
+config.status:776: creating doc/igmpproxy.conf.5
+config.status:776: creating config.h
+config.status:1062: linking src/os-linux.h to src/os.h
+config.status:1085: executing depfiles commands
+
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+
+ac_cv_build=x86_64-unknown-linux-gnu
+ac_cv_c_compiler_gnu=yes
+ac_cv_env_CC_set=
+ac_cv_env_CC_value=
+ac_cv_env_CFLAGS_set=
+ac_cv_env_CFLAGS_value=
+ac_cv_env_CPPFLAGS_set=
+ac_cv_env_CPPFLAGS_value=
+ac_cv_env_LDFLAGS_set=
+ac_cv_env_LDFLAGS_value=
+ac_cv_env_LIBS_set=
+ac_cv_env_LIBS_value=
+ac_cv_env_build_alias_set=
+ac_cv_env_build_alias_value=
+ac_cv_env_host_alias_set=
+ac_cv_env_host_alias_value=
+ac_cv_env_target_alias_set=
+ac_cv_env_target_alias_value=
+ac_cv_host=x86_64-unknown-linux-gnu
+ac_cv_member_struct_sockaddr_in_sin_len=no
+ac_cv_member_struct_sockaddr_sa_len=no
+ac_cv_objext=o
+ac_cv_path_install='/usr/bin/install -c'
+ac_cv_path_mkdir=/bin/mkdir
+ac_cv_prog_AWK=gawk
+ac_cv_prog_ac_ct_CC=gcc
+ac_cv_prog_cc_c89=
+ac_cv_prog_cc_c99=-std=gnu99
+ac_cv_prog_cc_g=yes
+ac_cv_prog_make_make_set=yes
+am_cv_CC_dependencies_compiler_type=gcc3
+
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+
+ACLOCAL='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run aclocal-1.11'
+AMDEPBACKSLASH='\'
+AMDEP_FALSE='#'
+AMDEP_TRUE=''
+AMTAR='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run tar'
+AUTOCONF='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoconf'
+AUTOHEADER='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoheader'
+AUTOMAKE='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run automake-1.11'
+AWK='gawk'
+CC='gcc -std=gnu99'
+CCDEPMODE='depmode=gcc3'
+CFLAGS='-g -O2'
+CPPFLAGS=''
+CYGPATH_W='echo'
+DEFS='-DHAVE_CONFIG_H'
+DEPDIR='.deps'
+ECHO_C=''
+ECHO_N='-n'
+ECHO_T=''
+EXEEXT=''
+INSTALL_DATA='${INSTALL} -m 644'
+INSTALL_PROGRAM='${INSTALL}'
+INSTALL_SCRIPT='${INSTALL}'
+INSTALL_STRIP_PROGRAM='$(install_sh) -c -s'
+LDFLAGS=''
+LIBOBJS=''
+LIBS=''
+LTLIBOBJS=''
+MAKEINFO='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run makeinfo'
+MKDIR_P='/bin/mkdir -p'
+OBJEXT='o'
+PACKAGE='igmpproxy'
+PACKAGE_BUGREPORT=''
+PACKAGE_NAME='igmpproxy'
+PACKAGE_STRING='igmpproxy 0.1'
+PACKAGE_TARNAME='igmpproxy'
+PACKAGE_VERSION='0.1'
+PATH_SEPARATOR=':'
+SET_MAKE=''
+SHELL='/bin/sh'
+STRIP=''
+VERSION='0.1'
+ac_ct_CC='gcc'
+am__EXEEXT_FALSE=''
+am__EXEEXT_TRUE='#'
+am__fastdepCC_FALSE='#'
+am__fastdepCC_TRUE=''
+am__include='include'
+am__isrc=''
+am__leading_dot='.'
+am__quote=''
+am__tar='${AMTAR} chof - "$$tardir"'
+am__untar='${AMTAR} xf -'
+bindir='${exec_prefix}/bin'
+build='x86_64-unknown-linux-gnu'
+build_alias=''
+build_cpu='x86_64'
+build_os='linux-gnu'
+build_vendor='unknown'
+datadir='${datarootdir}'
+datarootdir='${prefix}/share'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+dvidir='${docdir}'
+exec_prefix='${prefix}'
+host='x86_64-unknown-linux-gnu'
+host_alias=''
+host_cpu='x86_64'
+host_os='linux-gnu'
+host_vendor='unknown'
+htmldir='${docdir}'
+includedir='${prefix}/include'
+infodir='${datarootdir}/info'
+install_sh='${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/install-sh'
+libdir='${exec_prefix}/lib'
+libexecdir='${exec_prefix}/libexec'
+localedir='${datarootdir}/locale'
+localstatedir='${prefix}/var'
+mandir='${datarootdir}/man'
+mkdir_p='/bin/mkdir -p'
+oldincludedir='/usr/include'
+pdfdir='${docdir}'
+prefix='/usr/local/igmpproxy-0.1'
+program_transform_name='s,x,x,'
+psdir='${docdir}'
+sbindir='${exec_prefix}/sbin'
+sharedstatedir='${prefix}/com'
+sysconfdir='${prefix}/etc'
+target_alias=''
+
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+
+#define PACKAGE_NAME "igmpproxy"
+#define PACKAGE_TARNAME "igmpproxy"
+#define PACKAGE_VERSION "0.1"
+#define PACKAGE_STRING "igmpproxy 0.1"
+#define PACKAGE_BUGREPORT ""
+#define PACKAGE "igmpproxy"
+#define VERSION "0.1"
+
+configure: exit 0
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.status b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.status
new file mode 100755
index 0000000..c7108d9
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.status
@@ -0,0 +1,1232 @@
+#! /bin/sh
+# Generated by configure.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=${CONFIG_SHELL-/bin/sh}
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+
+# Save the log message, to keep $[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+# Files that config.status was made for.
+config_files=" Makefile doc/Makefile src/Makefile doc/igmpproxy.8 doc/igmpproxy.conf.5"
+config_headers=" config.h"
+config_links=" src/os.h:src/os-linux.h"
+config_commands=" depfiles"
+
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTION]... [FILE]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration links:
+$config_links
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-autoconf@gnu.org>."
+
+ac_cs_version="\
+igmpproxy config.status 0.1
+configured by ./configure, generated by GNU Autoconf 2.63,
+  with options \"'--prefix=/usr/local/igmpproxy-0.1'\"
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='/usr/local/src/igmpproxy/igmpproxy-0.1'
+srcdir='.'
+INSTALL='/usr/bin/install -c'
+MKDIR_P='/bin/mkdir -p'
+AWK='gawk'
+test -n "$AWK" || AWK=awk
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_FILES="$CONFIG_FILES '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_HEADERS="$CONFIG_HEADERS '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    { $as_echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; };;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) { $as_echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; } ;;
+
+  *) ac_config_targets="$ac_config_targets $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+if $ac_cs_recheck; then
+  set X '/bin/sh' './configure'  '--prefix=/usr/local/igmpproxy-0.1' $ac_configure_extra_args --no-create --no-recursion
+  shift
+  $as_echo "running CONFIG_SHELL=/bin/sh $*" >&6
+  CONFIG_SHELL='/bin/sh'
+  export CONFIG_SHELL
+  exec "$@"
+fi
+
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="" ac_aux_dir="."
+
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+    "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+    "src/os.h") CONFIG_LINKS="$CONFIG_LINKS src/os.h:src/os-${os}.h" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+    "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+    "doc/igmpproxy.8") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.8" ;;
+    "doc/igmpproxy.conf.5") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.conf.5" ;;
+
+  *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_LINKS+set}" = set || CONFIG_LINKS=$config_links
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp=
+  trap 'exit_status=$?
+  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+  trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} ||
+{
+   $as_echo "$as_me: cannot create a temporary directory in ." >&2
+   { (exit 1); exit 1; }
+}
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr='
'
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+cat >>"$tmp/subs1.awk" <<\_ACAWK &&
+S["am__EXEEXT_FALSE"]=""
+S["am__EXEEXT_TRUE"]="#"
+S["LTLIBOBJS"]=""
+S["LIBOBJS"]=""
+S["host_os"]="linux-gnu"
+S["host_vendor"]="unknown"
+S["host_cpu"]="x86_64"
+S["host"]="x86_64-unknown-linux-gnu"
+S["build_os"]="linux-gnu"
+S["build_vendor"]="unknown"
+S["build_cpu"]="x86_64"
+S["build"]="x86_64-unknown-linux-gnu"
+S["am__fastdepCC_FALSE"]="#"
+S["am__fastdepCC_TRUE"]=""
+S["CCDEPMODE"]="depmode=gcc3"
+S["AMDEPBACKSLASH"]="\\"
+S["AMDEP_FALSE"]="#"
+S["AMDEP_TRUE"]=""
+S["am__quote"]=""
+S["am__include"]="include"
+S["DEPDIR"]=".deps"
+S["OBJEXT"]="o"
+S["EXEEXT"]=""
+S["ac_ct_CC"]="gcc"
+S["CPPFLAGS"]=""
+S["LDFLAGS"]=""
+S["CFLAGS"]="-g -O2"
+S["CC"]="gcc -std=gnu99"
+S["am__untar"]="${AMTAR} xf -"
+S["am__tar"]="${AMTAR} chof - \"$$tardir\""
+S["AMTAR"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run tar"
+S["am__leading_dot"]="."
+S["SET_MAKE"]=""
+S["AWK"]="gawk"
+S["mkdir_p"]="/bin/mkdir -p"
+S["MKDIR_P"]="/bin/mkdir -p"
+S["INSTALL_STRIP_PROGRAM"]="$(install_sh) -c -s"
+S["STRIP"]=""
+S["install_sh"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/install-sh"
+S["MAKEINFO"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run makeinfo"
+S["AUTOHEADER"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoheader"
+S["AUTOMAKE"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run automake-1.11"
+S["AUTOCONF"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoconf"
+S["ACLOCAL"]="${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run aclocal-1.11"
+S["VERSION"]="0.1"
+S["PACKAGE"]="igmpproxy"
+S["CYGPATH_W"]="echo"
+S["am__isrc"]=""
+S["INSTALL_DATA"]="${INSTALL} -m 644"
+S["INSTALL_SCRIPT"]="${INSTALL}"
+S["INSTALL_PROGRAM"]="${INSTALL}"
+S["target_alias"]=""
+S["host_alias"]=""
+S["build_alias"]=""
+S["LIBS"]=""
+S["ECHO_T"]=""
+S["ECHO_N"]="-n"
+S["ECHO_C"]=""
+S["DEFS"]="-DHAVE_CONFIG_H"
+S["mandir"]="${datarootdir}/man"
+S["localedir"]="${datarootdir}/locale"
+S["libdir"]="${exec_prefix}/lib"
+S["psdir"]="${docdir}"
+S["pdfdir"]="${docdir}"
+S["dvidir"]="${docdir}"
+S["htmldir"]="${docdir}"
+S["infodir"]="${datarootdir}/info"
+S["docdir"]="${datarootdir}/doc/${PACKAGE_TARNAME}"
+S["oldincludedir"]="/usr/include"
+S["includedir"]="${prefix}/include"
+S["localstatedir"]="${prefix}/var"
+S["sharedstatedir"]="${prefix}/com"
+S["sysconfdir"]="${prefix}/etc"
+S["datadir"]="${datarootdir}"
+S["datarootdir"]="${prefix}/share"
+S["libexecdir"]="${exec_prefix}/libexec"
+S["sbindir"]="${exec_prefix}/sbin"
+S["bindir"]="${exec_prefix}/bin"
+S["program_transform_name"]="s,x,x,"
+S["prefix"]="/usr/local/igmpproxy-0.1"
+S["exec_prefix"]="${prefix}"
+S["PACKAGE_BUGREPORT"]=""
+S["PACKAGE_STRING"]="igmpproxy 0.1"
+S["PACKAGE_VERSION"]="0.1"
+S["PACKAGE_TARNAME"]="igmpproxy"
+S["PACKAGE_NAME"]="igmpproxy"
+S["PATH_SEPARATOR"]=":"
+S["SHELL"]="/bin/sh"
+_ACAWK
+cat >>"$tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+  || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5
+$as_echo "$as_me: error: could not setup config files machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+D["PACKAGE_NAME"]=" \"igmpproxy\""
+D["PACKAGE_TARNAME"]=" \"igmpproxy\""
+D["PACKAGE_VERSION"]=" \"0.1\""
+D["PACKAGE_STRING"]=" \"igmpproxy 0.1\""
+D["PACKAGE_BUGREPORT"]=" \"\""
+D["PACKAGE"]=" \"igmpproxy\""
+D["VERSION"]=" \"0.1\""
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+[_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ][_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]*([\t (]|$)/ {
+  line = $ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+  { { $as_echo "$as_me:$LINENO: error: could not setup config headers machinery" >&5
+$as_echo "$as_me: error: could not setup config headers machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS  :L $CONFIG_LINKS  :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: invalid tag $ac_tag" >&5
+$as_echo "$as_me: error: invalid tag $ac_tag" >&2;}
+   { (exit 1); exit 1; }; };;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
+$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;}
+   { (exit 1); exit 1; }; };;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      ac_file_inputs="$ac_file_inputs '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:$LINENO: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$tmp/stdin" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; } ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  { as_dir="$ac_dir"
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+  ac_MKDIR_P=$MKDIR_P
+  case $MKDIR_P in
+  [\\/$]* | ?:[\\/]* ) ;;
+  */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+  esac
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p
+'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+  ac_datarootdir_hack='
+  s&@datadir@&${datarootdir}&g
+  s&@docdir@&${datarootdir}/doc/${PACKAGE_TARNAME}&g
+  s&@infodir@&${datarootdir}/info&g
+  s&@localedir@&${datarootdir}/locale&g
+  s&@mandir@&${datarootdir}/man&g
+    s&\${datarootdir}&${prefix}/share&g' ;;
+esac
+ac_sed_extra="/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[	 ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[	 ]*$//
+}
+
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&2;}
+
+  rm -f "$tmp/stdin"
+  case $ac_file in
+  -) cat "$tmp/out" && rm -f "$tmp/out";;
+  *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+  esac \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+    } >"$tmp/config.h" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$tmp/config.h" "$ac_file" \
+	|| { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create -" >&5
+$as_echo "$as_me: error: could not create -" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$_am_arg" : 'X\(//\)[^/]' \| \
+	 X"$_am_arg" : 'X\(//\)$' \| \
+	 X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+  :L)
+  #
+  # CONFIG_LINK
+  #
+
+  if test "$ac_source" = "$ac_file" && test "$srcdir" = '.'; then
+    :
+  else
+    # Prefer the file from the source tree if names are identical.
+    if test "$ac_source" = "$ac_file" || test ! -r "$ac_source"; then
+      ac_source=$srcdir/$ac_source
+    fi
+
+    { $as_echo "$as_me:$LINENO: linking $ac_source to $ac_file" >&5
+$as_echo "$as_me: linking $ac_source to $ac_file" >&6;}
+
+    if test ! -r "$ac_source"; then
+      { { $as_echo "$as_me:$LINENO: error: $ac_source: file not found" >&5
+$as_echo "$as_me: error: $ac_source: file not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    rm -f "$ac_file"
+
+    # Try a relative symlink, then a hard link, then a copy.
+    case $srcdir in
+    [\\/$]* | ?:[\\/]* ) ac_rel_source=$ac_source ;;
+	*) ac_rel_source=$ac_top_build_prefix$ac_source ;;
+    esac
+    ln -s "$ac_rel_source" "$ac_file" 2>/dev/null ||
+      ln "$ac_source" "$ac_file" 2>/dev/null ||
+      cp -p "$ac_source" "$ac_file" ||
+      { { $as_echo "$as_me:$LINENO: error: cannot link or copy $ac_source to $ac_file" >&5
+$as_echo "$as_me: error: cannot link or copy $ac_source to $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+ ;;
+  :C)  { $as_echo "$as_me:$LINENO: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
+
+
+  case $ac_file$ac_mode in
+    "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$mf" : 'X\(//\)[^/]' \| \
+	 X"$mf" : 'X\(//\)$' \| \
+	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$file" : 'X\(//\)[^/]' \| \
+	 X"$file" : 'X\(//\)$' \| \
+	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      { as_dir=$dirpart/$fdir
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+ ;;
+
+  esac
+done # for ac_tag
+
+
+{ (exit 0); exit 0; }
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.sub b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.sub
new file mode 100755
index 0000000..3243784
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/config.sub
@@ -0,0 +1,1717 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-08-19'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>.  Submit a context
+# diff and a properly formatted GNU ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  kopensolaris*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray | -microblaze)
+		os=
+		basic_machine=$1
+		;;
+        -bluegene*)
+	        os=-cnk
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx | dvp \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| lm32 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep | metag \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64octeon | mips64octeonel \
+	| mips64orion | mips64orionel \
+	| mips64r5900 | mips64r5900el \
+	| mips64vr | mips64vrel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| moxie \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k | z80)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| lm32-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64octeon-* | mips64octeonel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64r5900-* | mips64r5900el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa*-* \
+	| ymp-* \
+	| z8k-* | z80-*)
+		;;
+	# Recognize the basic CPU types without company name, with glob match.
+	xtensa*)
+		basic_machine=$basic_machine-unknown
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aros)
+		basic_machine=i386-pc
+		os=-aros
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	blackfin)
+		basic_machine=bfin-unknown
+		os=-linux
+		;;
+	blackfin-*)
+		basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	bluegene*)
+		basic_machine=powerpc-ibm
+		os=-cnk
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+        cegcc)
+		basic_machine=arm-unknown
+		os=-cegcc
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16)
+		basic_machine=cr16-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	dicos)
+		basic_machine=i686-pc
+		os=-dicos
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m68knommu)
+		basic_machine=m68k-unknown
+		os=-linux
+		;;
+	m68knommu-*)
+		basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+        microblaze)
+		basic_machine=microblaze-xilinx
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mipsEE* | ee | ps2)
+		basic_machine=mips64r5900el-scei
+		case $os in
+		    -linux*)
+			;;
+		    *)
+			os=-elf
+			;;
+		esac
+		;;
+	iop)
+		basic_machine=mipsel-scei
+		os=-irx
+		;;
+	dvp)
+		basic_machine=dvp-scei
+		os=-elf
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	parisc)
+		basic_machine=hppa-unknown
+		os=-linux
+		;;
+	parisc-*)
+		basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tile*)
+		basic_machine=tile-unknown
+		os=-linux-gnu
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	z80-*-coff)
+		basic_machine=z80-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -kopensolaris* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* | -aros* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* | -cegcc* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -irx*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-dicos*)
+		os=-dicos
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-cnk*|-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/configure b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/configure
new file mode 100755
index 0000000..1314ebf
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/configure
@@ -0,0 +1,5469 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.63 for igmpproxy 0.1.
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+if test "x$CONFIG_SHELL" = x; then
+  if (eval ":") 2>/dev/null; then
+  as_have_required=yes
+else
+  as_have_required=no
+fi
+
+  if test $as_have_required = yes &&	 (eval ":
+(as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0) || { (exit 1); exit 1; }
+
+(
+  as_lineno_1=\$LINENO
+  as_lineno_2=\$LINENO
+  test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" &&
+  test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; }
+") 2> /dev/null; then
+  :
+else
+  as_candidate_shells=
+    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  case $as_dir in
+	 /*)
+	   for as_base in sh bash ksh sh5; do
+	     as_candidate_shells="$as_candidate_shells $as_dir/$as_base"
+	   done;;
+       esac
+done
+IFS=$as_save_IFS
+
+
+      for as_shell in $as_candidate_shells $SHELL; do
+	 # Try only shells that exist, to save several forks.
+	 if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		{ ("$as_shell") 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+_ASEOF
+}; then
+  CONFIG_SHELL=$as_shell
+	       as_have_required=yes
+	       if { "$as_shell" 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+(as_func_return () {
+  (exit $1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = "$1" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test $exitcode = 0) || { (exit 1); exit 1; }
+
+(
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; }
+
+_ASEOF
+}; then
+  break
+fi
+
+fi
+
+      done
+
+      if test "x$CONFIG_SHELL" != x; then
+  for as_var in BASH_ENV ENV
+	do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+	done
+	export CONFIG_SHELL
+	exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+fi
+
+
+    if test $as_have_required = no; then
+  echo This script requires a shell more modern than all the
+      echo shells that I found on your system.  Please install a
+      echo modern shell, or manually run the script under such a
+      echo shell if you do have one.
+      { (exit 1); exit 1; }
+fi
+
+
+fi
+
+fi
+
+
+
+(eval "as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0") || {
+  echo No shell found that supports shell functions.
+  echo Please tell bug-autoconf@gnu.org about your system,
+  echo including any error possibly output before this message.
+  echo This can help us improve future autoconf versions.
+  echo Configuration will now proceed without shell functions.
+}
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+
+exec 7<&0 </dev/null 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+# Identity of this package.
+PACKAGE_NAME='igmpproxy'
+PACKAGE_TARNAME='igmpproxy'
+PACKAGE_VERSION='0.1'
+PACKAGE_STRING='igmpproxy 0.1'
+PACKAGE_BUGREPORT=''
+
+ac_unique_file="src/igmpproxy.c"
+ac_subst_vars='am__EXEEXT_FALSE
+am__EXEEXT_TRUE
+LTLIBOBJS
+LIBOBJS
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+am__fastdepCC_FALSE
+am__fastdepCC_TRUE
+CCDEPMODE
+AMDEPBACKSLASH
+AMDEP_FALSE
+AMDEP_TRUE
+am__quote
+am__include
+DEPDIR
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+am__untar
+am__tar
+AMTAR
+am__leading_dot
+SET_MAKE
+AWK
+mkdir_p
+MKDIR_P
+INSTALL_STRIP_PROGRAM
+STRIP
+install_sh
+MAKEINFO
+AUTOHEADER
+AUTOMAKE
+AUTOCONF
+ACLOCAL
+VERSION
+PACKAGE
+CYGPATH_W
+am__isrc
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_dependency_tracking
+'
+      ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval $ac_prev=\$ac_option
+    ac_prev=
+    continue
+  fi
+
+  case $ac_option in
+  *=*)	ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *)	ac_optarg=yes ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
+    datadir=$ac_optarg ;;
+
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=no ;;
+
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
+  -enable-* | --enable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=\$ac_optarg ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst | --locals)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=\$ac_optarg ;;
+
+  -without-* | --without-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=no ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) { $as_echo "$as_me: error: unrecognized option: $ac_option
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; }
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid variable name: $ac_envvar" >&2
+   { (exit 1); exit 1; }; }
+    eval $ac_envvar=\$ac_optarg
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  { $as_echo "$as_me: error: missing argument to $ac_option" >&2
+   { (exit 1); exit 1; }; }
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+  case $enable_option_checking in
+    no) ;;
+    fatal) { $as_echo "$as_me: error: unrecognized options: $ac_unrecognized_opts" >&2
+   { (exit 1); exit 1; }; } ;;
+    *)     $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+  esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir
+do
+  eval ac_val=\$$ac_var
+  # Remove trailing slashes.
+  case $ac_val in
+    */ )
+      ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+      eval $ac_var=\$ac_val;;
+  esac
+  # Be sure to have absolute directory names.
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+  esac
+  { $as_echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+   { (exit 1); exit 1; }; }
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+    $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
+    If a cross compiler is detected then cross compile mode will be used." >&2
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  { $as_echo "$as_me: error: working directory cannot be determined" >&2
+   { (exit 1); exit 1; }; }
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  { $as_echo "$as_me: error: pwd does not report name of working directory" >&2
+   { (exit 1); exit 1; }; }
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_myself" : 'X\(//\)[^/]' \| \
+	 X"$as_myself" : 'X\(//\)$' \| \
+	 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r "$srcdir/$ac_unique_file"; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  { $as_echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
+   { (exit 1); exit 1; }; }
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || { $as_echo "$as_me: error: $ac_msg" >&2
+   { (exit 1); exit 1; }; }
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures igmpproxy 0.1 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR            user executables [EPREFIX/bin]
+  --sbindir=DIR           system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR        program executables [EPREFIX/libexec]
+  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --libdir=DIR            object code libraries [EPREFIX/lib]
+  --includedir=DIR        C header files [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR           info documentation [DATAROOTDIR/info]
+  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR            man documentation [DATAROOTDIR/man]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/igmpproxy]
+  --htmldir=DIR           html documentation [DOCDIR]
+  --dvidir=DIR            dvi documentation [DOCDIR]
+  --pdfdir=DIR            pdf documentation [DOCDIR]
+  --psdir=DIR             ps documentation [DOCDIR]
+_ACEOF
+
+  cat <<\_ACEOF
+
+Program names:
+  --program-prefix=PREFIX            prepend PREFIX to installed program names
+  --program-suffix=SUFFIX            append SUFFIX to installed program names
+  --program-transform-name=PROGRAM   run sed PROGRAM on installed program names
+
+System types:
+  --build=BUILD     configure for building on BUILD [guessed]
+  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of igmpproxy 0.1:";;
+   esac
+  cat <<\_ACEOF
+
+Optional Features:
+  --disable-option-checking  ignore unrecognized --enable/--with options
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors
+
+Some influential environment variables:
+  CC          C compiler command
+  CFLAGS      C compiler flags
+  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
+              nonstandard directory <lib dir>
+  LIBS        libraries to pass to the linker, e.g. -l<library>
+  CPPFLAGS    C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
+              you have headers in a nonstandard directory <include dir>
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" ||
+      { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+      continue
+    ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+  cat <<\_ACEOF
+igmpproxy configure 0.1
+generated by GNU Autoconf 2.63
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+  exit
+fi
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  $as_echo "PATH: $as_dir"
+done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *\'*)
+      ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
+    2)
+      ac_configure_args1="$ac_configure_args1 '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      ac_configure_args="$ac_configure_args '$ac_arg'"
+      ;;
+    esac
+  done
+done
+$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
+$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    cat <<\_ASBOX
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+_ASBOX
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) $as_unset $ac_var ;;
+      esac ;;
+    esac
+  done
+  (set) 2>&1 |
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      sed -n \
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
+    *)
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+)
+    echo
+
+    cat <<\_ASBOX
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+_ASBOX
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      $as_echo "$ac_var='\''$ac_val'\''"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      cat <<\_ASBOX
+## ------------------- ##
+## File substitutions. ##
+## ------------------- ##
+_ASBOX
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	$as_echo "$ac_var='\''$ac_val'\''"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      cat <<\_ASBOX
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+_ASBOX
+      echo
+      cat confdefs.h
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      $as_echo "$as_me: caught signal $ac_signal"
+    $as_echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+  ac_site_file1=$CONFIG_SITE
+elif test "x$prefix" != xNONE; then
+  ac_site_file1=$prefix/share/config.site
+  ac_site_file2=$prefix/etc/config.site
+else
+  ac_site_file1=$ac_default_prefix/share/config.site
+  ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+  test "x$ac_site_file" = xNONE && continue
+  if test -r "$ac_site_file"; then
+    { $as_echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file"
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special
+  # files actually), so we avoid doing that.
+  if test -f "$cache_file"; then
+    { $as_echo "$as_me:$LINENO: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . "$cache_file";;
+      *)                      . "./$cache_file";;
+    esac
+  fi
+else
+  { $as_echo "$as_me:$LINENO: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { $as_echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { $as_echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	# differences in whitespace do not lead to failure.
+	ac_old_val_w=`echo x $ac_old_val`
+	ac_new_val_w=`echo x $ac_new_val`
+	if test "$ac_old_val_w" != "$ac_new_val_w"; then
+	  { $as_echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	  ac_cache_corrupted=:
+	else
+	  { $as_echo "$as_me:$LINENO: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+	  eval $ac_var=\$ac_old_val
+	fi
+	{ $as_echo "$as_me:$LINENO:   former value:  \`$ac_old_val'" >&5
+$as_echo "$as_me:   former value:  \`$ac_old_val'" >&2;}
+	{ $as_echo "$as_me:$LINENO:   current value: \`$ac_new_val'" >&5
+$as_echo "$as_me:   current value: \`$ac_new_val'" >&2;}
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+  { $as_echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  { { $as_echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
+$as_echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+am__api_version='1.11'
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+  if test -f "$ac_dir/install-sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install-sh -c"
+    break
+  elif test -f "$ac_dir/install.sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install.sh -c"
+    break
+  elif test -f "$ac_dir/shtool"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/shtool install -c"
+    break
+  fi
+done
+if test -z "$ac_aux_dir"; then
+  { { $as_echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5
+$as_echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"  # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"  # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
+
+
+# Find a good install program.  We prefer a C program (faster),
+# so one script is as good as another.  But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if test "${ac_cv_path_install+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in
+  ./ | .// | /cC/* | \
+  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+  ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
+  /usr/ucb/* ) ;;
+  *)
+    # OSF1 and SCO ODT 3.0 have their own names for install.
+    # Don't use installbsd from OSF since it installs stuff as root
+    # by default.
+    for ac_prog in ginstall scoinst install; do
+      for ac_exec_ext in '' $ac_executable_extensions; do
+	if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+	  if test $ac_prog = install &&
+	    grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # AIX install.  It has an incompatible calling convention.
+	    :
+	  elif test $ac_prog = install &&
+	    grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # program-specific install script used by HP pwplus--don't use.
+	    :
+	  else
+	    rm -rf conftest.one conftest.two conftest.dir
+	    echo one > conftest.one
+	    echo two > conftest.two
+	    mkdir conftest.dir
+	    if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+	      test -s conftest.one && test -s conftest.two &&
+	      test -s conftest.dir/conftest.one &&
+	      test -s conftest.dir/conftest.two
+	    then
+	      ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+	      break 3
+	    fi
+	  fi
+	fi
+      done
+    done
+    ;;
+esac
+
+done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+  if test "${ac_cv_path_install+set}" = set; then
+    INSTALL=$ac_cv_path_install
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for INSTALL within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    INSTALL=$ac_install_sh
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ $as_echo "$as_me:$LINENO: checking whether build environment is sane" >&5
+$as_echo_n "checking whether build environment is sane... " >&6; }
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[\\\"\#\$\&\'\`$am_lf]*)
+    { { $as_echo "$as_me:$LINENO: error: unsafe absolute working directory name" >&5
+$as_echo "$as_me: error: unsafe absolute working directory name" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+case $srcdir in
+  *[\\\"\#\$\&\'\`$am_lf\ \	]*)
+    { { $as_echo "$as_me:$LINENO: error: unsafe srcdir value: \`$srcdir'" >&5
+$as_echo "$as_me: error: unsafe srcdir value: \`$srcdir'" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+   if test "$*" = "X"; then
+      # -L didn't work.
+      set X `ls -t "$srcdir/configure" conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$*" != "X $srcdir/configure conftest.file" \
+      && test "$*" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      { { $as_echo "$as_me:$LINENO: error: ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" >&5
+$as_echo "$as_me: error: ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" >&2;}
+   { (exit 1); exit 1; }; }
+   fi
+
+   test "$2" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   { { $as_echo "$as_me:$LINENO: error: newly created file is older than distributed files!
+Check your system clock" >&5
+$as_echo "$as_me: error: newly created file is older than distributed files!
+Check your system clock" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+{ $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+test "$program_prefix" != NONE &&
+  program_transform_name="s&^&$program_prefix&;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+  program_transform_name="s&\$&$program_suffix&;$program_transform_name"
+# Double any \ or $.
+# By default was `s,x,x', remove it if useless.
+ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  { $as_echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5
+$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+if test x"${install_sh}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+  if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$STRIP"; then
+  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+  { $as_echo "$as_me:$LINENO: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+  ac_ct_STRIP=$STRIP
+  # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_STRIP"; then
+  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_STRIP="strip"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_STRIP" = x; then
+    STRIP=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    STRIP=$ac_ct_STRIP
+  fi
+else
+  STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+
+{ $as_echo "$as_me:$LINENO: checking for a thread-safe mkdir -p" >&5
+$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+if test -z "$MKDIR_P"; then
+  if test "${ac_cv_path_mkdir+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_prog in mkdir gmkdir; do
+	 for ac_exec_ext in '' $ac_executable_extensions; do
+	   { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
+	   case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
+	     'mkdir (GNU coreutils) '* | \
+	     'mkdir (coreutils) '* | \
+	     'mkdir (fileutils) '4.1*)
+	       ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+	       break 3;;
+	   esac
+	 done
+       done
+done
+IFS=$as_save_IFS
+
+fi
+
+  if test "${ac_cv_path_mkdir+set}" = set; then
+    MKDIR_P="$ac_cv_path_mkdir -p"
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for MKDIR_P within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    test -d ./--version && rmdir ./--version
+    MKDIR_P="$ac_install_sh -d"
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: $MKDIR_P" >&5
+$as_echo "$MKDIR_P" >&6; }
+
+mkdir_p="$MKDIR_P"
+case $mkdir_p in
+  [\\/$]* | ?:[\\/]*) ;;
+  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+
+for ac_prog in gawk mawk nawk awk
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AWK+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$AWK"; then
+  ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_AWK="$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+  { $as_echo "$as_me:$LINENO: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$AWK" && break
+done
+
+{ $as_echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+	@echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+  *@@@%%%=?*=@@@%%%*)
+    eval ac_cv_prog_make_${ac_make}_set=yes;;
+  *)
+    eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+  { $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+  SET_MAKE=
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+  SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  am__isrc=' -I$(srcdir)'
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    { { $as_echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5
+$as_echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE='igmpproxy'
+ VERSION='0.1'
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+# Always define AMTAR for backward compatibility.
+
+AMTAR=${AMTAR-"${am_missing_run}tar"}
+
+am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+
+
+
+
+
+
+ac_config_headers="$ac_config_headers config.h"
+
+DEPDIR="${am__leading_dot}deps"
+
+ac_config_commands="$ac_config_commands depfiles"
+
+
+am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+{ $as_echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5
+$as_echo_n "checking for style of include used by $am_make... " >&6; }
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+
+
+{ $as_echo "$as_me:$LINENO: result: $_am_result" >&5
+$as_echo "$_am_result" >&6; }
+rm -f confinc confmf
+
+# Check whether --enable-dependency-tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then
+  enableval=$enable_dependency_tracking;
+fi
+
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+ if test "x$enable_dependency_tracking" != xno; then
+  AMDEP_TRUE=
+  AMDEP_FALSE='#'
+else
+  AMDEP_TRUE='#'
+  AMDEP_FALSE=
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}gcc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="gcc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+          if test -n "$ac_tool_prefix"; then
+    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}cc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  fi
+fi
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+       ac_prog_rejected=yes
+       continue
+     fi
+    ac_cv_prog_CC="cc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# != 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+  fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in cl.exe
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$CC" && break
+  done
+fi
+if test -z "$CC"; then
+  ac_ct_CC=$CC
+  for ac_prog in cl.exe
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CC" && break
+done
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:$LINENO: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+{ (ac_try="$ac_compiler --version >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler --version >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (ac_try="$ac_compiler -v >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler -v >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (ac_try="$ac_compiler -V >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler -V >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+  esac
+done
+rm -f $ac_rmfiles
+
+if { (ac_try="$ac_link_default"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link_default") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile.  We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+	;;
+    [ab].out )
+	# We found the default executable, but exeext='' is most
+	# certainly right.
+	break;;
+    *.* )
+        if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+	then :; else
+	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	fi
+	# We set ac_cv_exeext here because the later test for it is not
+	# safe: cross compilers may not add the suffix if given an `-o'
+	# argument, so we may need to know it at that point already.
+	# Even if this section looks crufty: it has the advantage of
+	# actually working.
+	break;;
+    * )
+	break;;
+  esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+  ac_file=''
+fi
+
+{ $as_echo "$as_me:$LINENO: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+if test -z "$ac_file"; then
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: C compiler cannot create executables
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: C compiler cannot create executables
+See \`config.log' for more details." >&2;}
+   { (exit 77); exit 77; }; }; }
+fi
+
+ac_exeext=$ac_cv_exeext
+
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:$LINENO: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
+# If not cross compiling, check that we can run a simple program.
+if test "$cross_compiling" != yes; then
+  if { ac_try='./$ac_file'
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+    cross_compiling=no
+  else
+    if test "$cross_compiling" = maybe; then
+	cross_compiling=yes
+    else
+	{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+    fi
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+{ $as_echo "$as_me:$LINENO: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+{ $as_echo "$as_me:$LINENO: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	  break;;
+    * ) break;;
+  esac
+done
+else
+  { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+fi
+
+rm -f conftest$ac_cv_exeext
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+{ $as_echo "$as_me:$LINENO: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if test "${ac_cv_objext+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  for ac_file in conftest.o conftest.obj conftest.*; do
+  test -f "$ac_file" || continue;
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+       break;;
+  esac
+done
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+fi
+
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if test "${ac_cv_c_compiler_gnu+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_compiler_gnu=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_compiler_gnu=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+  GCC=yes
+else
+  GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if test "${ac_cv_prog_cc_g+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_save_c_werror_flag=$ac_c_werror_flag
+   ac_c_werror_flag=yes
+   ac_cv_prog_cc_g=no
+   CFLAGS="-g"
+   cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	CFLAGS=""
+      cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  :
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_c_werror_flag=$ac_save_c_werror_flag
+	 CFLAGS="-g"
+	 cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+     char **p;
+     int i;
+{
+  return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+  char *s;
+  va_list v;
+  va_start (v,p);
+  s = g (p, va_arg (v,int));
+  va_end (v);
+  return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
+   function prototypes and stuff, but not '\xHH' hex character constants.
+   These don't provoke an error unfortunately, instead are silently treated
+   as 'x'.  The following induces an error, until -std is added to get
+   proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
+   array size at least.  It's necessary to write '\x00'==0 to get something
+   that's true only with -std.  */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+   inside strings and character constants.  */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+	-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+  CC="$ac_save_CC $ac_arg"
+  rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_c89=$ac_arg
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+  x)
+    { $as_echo "$as_me:$LINENO: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:$LINENO: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c89"
+    { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CC"   am_compiler_list=
+
+{ $as_echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_CC_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+  fi
+  am__universal=false
+  case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_CC_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+ if
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+  am__fastdepCC_TRUE=
+  am__fastdepCC_FALSE='#'
+else
+  am__fastdepCC_TRUE='#'
+  am__fastdepCC_FALSE=
+fi
+
+
+   { $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C99" >&5
+$as_echo_n "checking for $CC option to accept ISO C99... " >&6; }
+if test "${ac_cv_prog_cc_c99+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c99=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <wchar.h>
+#include <stdio.h>
+
+// Check varargs macros.  These examples are taken from C99 6.10.3.5.
+#define debug(...) fprintf (stderr, __VA_ARGS__)
+#define showlist(...) puts (#__VA_ARGS__)
+#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+static void
+test_varargs_macros (void)
+{
+  int x = 1234;
+  int y = 5678;
+  debug ("Flag");
+  debug ("X = %d\n", x);
+  showlist (The first, second, and third items.);
+  report (x>y, "x is %d but y is %d", x, y);
+}
+
+// Check long long types.
+#define BIG64 18446744073709551615ull
+#define BIG32 4294967295ul
+#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+#if !BIG_OK
+  your preprocessor is broken;
+#endif
+#if BIG_OK
+#else
+  your preprocessor is broken;
+#endif
+static long long int bignum = -9223372036854775807LL;
+static unsigned long long int ubignum = BIG64;
+
+struct incomplete_array
+{
+  int datasize;
+  double data[];
+};
+
+struct named_init {
+  int number;
+  const wchar_t *name;
+  double average;
+};
+
+typedef const char *ccp;
+
+static inline int
+test_restrict (ccp restrict text)
+{
+  // See if C++-style comments work.
+  // Iterate through items via the restricted pointer.
+  // Also check for declarations in for loops.
+  for (unsigned int i = 0; *(text+i) != '\0'; ++i)
+    continue;
+  return 0;
+}
+
+// Check varargs and va_copy.
+static void
+test_varargs (const char *format, ...)
+{
+  va_list args;
+  va_start (args, format);
+  va_list args_copy;
+  va_copy (args_copy, args);
+
+  const char *str;
+  int number;
+  float fnumber;
+
+  while (*format)
+    {
+      switch (*format++)
+	{
+	case 's': // string
+	  str = va_arg (args_copy, const char *);
+	  break;
+	case 'd': // int
+	  number = va_arg (args_copy, int);
+	  break;
+	case 'f': // float
+	  fnumber = va_arg (args_copy, double);
+	  break;
+	default:
+	  break;
+	}
+    }
+  va_end (args_copy);
+  va_end (args);
+}
+
+int
+main ()
+{
+
+  // Check bool.
+  _Bool success = false;
+
+  // Check restrict.
+  if (test_restrict ("String literal") == 0)
+    success = true;
+  char *restrict newvar = "Another string";
+
+  // Check varargs.
+  test_varargs ("s, d' f .", "string", 65, 34.234);
+  test_varargs_macros ();
+
+  // Check flexible array members.
+  struct incomplete_array *ia =
+    malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+  ia->datasize = 10;
+  for (int i = 0; i < ia->datasize; ++i)
+    ia->data[i] = i * 1.234;
+
+  // Check named initializers.
+  struct named_init ni = {
+    .number = 34,
+    .name = L"Test wide string",
+    .average = 543.34343,
+  };
+
+  ni.number = 58;
+
+  int dynamic_array[ni.number];
+  dynamic_array[ni.number - 1] = 543;
+
+  // work around unused variable warnings
+  return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
+	  || dynamic_array[ni.number - 1] != 543);
+
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -xc99=all -qlanglvl=extc99
+do
+  CC="$ac_save_CC $ac_arg"
+  rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_c99=$ac_arg
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c99" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c99" in
+  x)
+    { $as_echo "$as_me:$LINENO: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:$LINENO: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c99"
+    { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c99" >&5
+$as_echo "$ac_cv_prog_cc_c99" >&6; } ;;
+esac
+
+
+
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+  { { $as_echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5
+$as_echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;}
+   { (exit 1); exit 1; }; }
+
+{ $as_echo "$as_me:$LINENO: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if test "${ac_cv_build+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+  ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+  { { $as_echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
+$as_echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
+   { (exit 1); exit 1; }; }
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+  { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5
+$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical build" >&5
+$as_echo "$as_me: error: invalid value of canonical build" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:$LINENO: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if test "${ac_cv_host+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test "x$host_alias" = x; then
+  ac_cv_host=$ac_cv_build
+else
+  ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+    { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5
+$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical host" >&5
+$as_echo "$as_me: error: invalid value of canonical host" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+case $host_os in
+	linux*) os=linux;;
+	freebsd*) os=freebsd;;
+	netbsd*) os=netbsd;;
+	openbsd*) os=openbsd;;
+	dragonfly*) os=dragonfly;;
+	*) { { $as_echo "$as_me:$LINENO: error: OS $host_os is not supported" >&5
+$as_echo "$as_me: error: OS $host_os is not supported" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+ac_config_links="$ac_config_links src/os.h:src/os-${os}.h"
+
+
+
+{ $as_echo "$as_me:$LINENO: checking for struct sockaddr.sa_len" >&5
+$as_echo_n "checking for struct sockaddr.sa_len... " >&6; }
+if test "${ac_cv_member_struct_sockaddr_sa_len+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+
+int
+main ()
+{
+static struct sockaddr ac_aggr;
+if (ac_aggr.sa_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_sa_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+
+int
+main ()
+{
+static struct sockaddr ac_aggr;
+if (sizeof ac_aggr.sa_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_sa_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_member_struct_sockaddr_sa_len=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_sa_len" >&5
+$as_echo "$ac_cv_member_struct_sockaddr_sa_len" >&6; }
+if test "x$ac_cv_member_struct_sockaddr_sa_len" = x""yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_SA_LEN 1
+_ACEOF
+
+
+fi
+
+{ $as_echo "$as_me:$LINENO: checking for struct sockaddr_in.sin_len" >&5
+$as_echo_n "checking for struct sockaddr_in.sin_len... " >&6; }
+if test "${ac_cv_member_struct_sockaddr_in_sin_len+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+
+int
+main ()
+{
+static struct sockaddr_in ac_aggr;
+if (ac_aggr.sin_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_in_sin_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+
+int
+main ()
+{
+static struct sockaddr_in ac_aggr;
+if (sizeof ac_aggr.sin_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_in_sin_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_member_struct_sockaddr_in_sin_len=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_in_sin_len" >&5
+$as_echo "$ac_cv_member_struct_sockaddr_in_sin_len" >&6; }
+if test "x$ac_cv_member_struct_sockaddr_in_sin_len" = x""yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_IN_SIN_LEN 1
+_ACEOF
+
+
+fi
+
+
+ac_config_files="$ac_config_files Makefile doc/Makefile src/Makefile doc/igmpproxy.8 doc/igmpproxy.conf.5"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+  for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) $as_unset $ac_var ;;
+      esac ;;
+    esac
+  done
+
+  (set) 2>&1 |
+    case $as_nl`(ac_space=' '; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      # `set' does not quote correctly, so add quotes (double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \).
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;; #(
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+) |
+  sed '
+     /^ac_cv_env_/b end
+     t clear
+     :clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+     t end
+     s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+  if test -w "$cache_file"; then
+    test "x$cache_file" != "x/dev/null" &&
+      { $as_echo "$as_me:$LINENO: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+    cat confcache >$cache_file
+  else
+    { $as_echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+  ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
+  #    will be set to the directory where LIBOBJS objects are built.
+  ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+  ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+ if test -n "$EXEEXT"; then
+  am__EXEEXT_TRUE=
+  am__EXEEXT_FALSE='#'
+else
+  am__EXEEXT_TRUE='#'
+  am__EXEEXT_FALSE=
+fi
+
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+  { { $as_echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+$as_echo "$as_me: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+  { { $as_echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+$as_echo "$as_me: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+: ${CONFIG_STATUS=./config.status}
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+cat >$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=\${CONFIG_SHELL-$SHELL}
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+
+# Save the log message, to keep $[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+config_links="$ac_config_links"
+config_commands="$ac_config_commands"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTION]... [FILE]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration links:
+$config_links
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-autoconf@gnu.org>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_version="\\
+igmpproxy config.status 0.1
+configured by $0, generated by GNU Autoconf 2.63,
+  with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+MKDIR_P='$MKDIR_P'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_FILES="$CONFIG_FILES '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_HEADERS="$CONFIG_HEADERS '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    { $as_echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; };;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) { $as_echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; } ;;
+
+  *) ac_config_targets="$ac_config_targets $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+  set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+  shift
+  \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+  CONFIG_SHELL='$SHELL'
+  export CONFIG_SHELL
+  exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+    "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+    "src/os.h") CONFIG_LINKS="$CONFIG_LINKS src/os.h:src/os-${os}.h" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+    "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+    "doc/igmpproxy.8") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.8" ;;
+    "doc/igmpproxy.conf.5") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.conf.5" ;;
+
+  *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_LINKS+set}" = set || CONFIG_LINKS=$config_links
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp=
+  trap 'exit_status=$?
+  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+  trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} ||
+{
+   $as_echo "$as_me: cannot create a temporary directory in ." >&2
+   { (exit 1); exit 1; }
+}
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr='
'
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+  echo "cat >conf$$subs.awk <<_ACEOF" &&
+  echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+  echo "_ACEOF"
+} >conf$$subs.sh ||
+  { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  . ./conf$$subs.sh ||
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+
+  ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+  if test $ac_delim_n = $ac_delim_num; then
+    break
+  elif $ac_last_try; then
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\).*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\).*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+  N
+  s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+  || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5
+$as_echo "$as_me: error: could not setup config files machinery" >&2;}
+   { (exit 1); exit 1; }; }
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove $(srcdir),
+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[	 ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[	 ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+  ac_t=`sed -n "/$ac_delim/p" confdefs.h`
+  if test -z "$ac_t"; then
+    break
+  elif $ac_last_try; then
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_HEADERS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_HEADERS" >&2;}
+   { (exit 1); exit 1; }; }
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any.  Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[	 ]*#[	 ]*define[	 ][	 ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+  line = \$ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+  { { $as_echo "$as_me:$LINENO: error: could not setup config headers machinery" >&5
+$as_echo "$as_me: error: could not setup config headers machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS  :L $CONFIG_LINKS  :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: invalid tag $ac_tag" >&5
+$as_echo "$as_me: error: invalid tag $ac_tag" >&2;}
+   { (exit 1); exit 1; }; };;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
+$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;}
+   { (exit 1); exit 1; }; };;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      ac_file_inputs="$ac_file_inputs '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:$LINENO: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$tmp/stdin" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; } ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  { as_dir="$ac_dir"
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+  ac_MKDIR_P=$MKDIR_P
+  case $MKDIR_P in
+  [\\/$]* | ?:[\\/]* ) ;;
+  */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+  esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p
+'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  ac_datarootdir_hack='
+  s&@datadir@&$datadir&g
+  s&@docdir@&$docdir&g
+  s&@infodir@&$infodir&g
+  s&@localedir@&$localedir&g
+  s&@mandir@&$mandir&g
+    s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&2;}
+
+  rm -f "$tmp/stdin"
+  case $ac_file in
+  -) cat "$tmp/out" && rm -f "$tmp/out";;
+  *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+  esac \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+    } >"$tmp/config.h" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$tmp/config.h" "$ac_file" \
+	|| { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create -" >&5
+$as_echo "$as_me: error: could not create -" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$_am_arg" : 'X\(//\)[^/]' \| \
+	 X"$_am_arg" : 'X\(//\)$' \| \
+	 X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+  :L)
+  #
+  # CONFIG_LINK
+  #
+
+  if test "$ac_source" = "$ac_file" && test "$srcdir" = '.'; then
+    :
+  else
+    # Prefer the file from the source tree if names are identical.
+    if test "$ac_source" = "$ac_file" || test ! -r "$ac_source"; then
+      ac_source=$srcdir/$ac_source
+    fi
+
+    { $as_echo "$as_me:$LINENO: linking $ac_source to $ac_file" >&5
+$as_echo "$as_me: linking $ac_source to $ac_file" >&6;}
+
+    if test ! -r "$ac_source"; then
+      { { $as_echo "$as_me:$LINENO: error: $ac_source: file not found" >&5
+$as_echo "$as_me: error: $ac_source: file not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    rm -f "$ac_file"
+
+    # Try a relative symlink, then a hard link, then a copy.
+    case $srcdir in
+    [\\/$]* | ?:[\\/]* ) ac_rel_source=$ac_source ;;
+	*) ac_rel_source=$ac_top_build_prefix$ac_source ;;
+    esac
+    ln -s "$ac_rel_source" "$ac_file" 2>/dev/null ||
+      ln "$ac_source" "$ac_file" 2>/dev/null ||
+      cp -p "$ac_source" "$ac_file" ||
+      { { $as_echo "$as_me:$LINENO: error: cannot link or copy $ac_source to $ac_file" >&5
+$as_echo "$as_me: error: cannot link or copy $ac_source to $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+ ;;
+  :C)  { $as_echo "$as_me:$LINENO: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
+
+
+  case $ac_file$ac_mode in
+    "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$mf" : 'X\(//\)[^/]' \| \
+	 X"$mf" : 'X\(//\)$' \| \
+	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$file" : 'X\(//\)[^/]' \| \
+	 X"$file" : 'X\(//\)$' \| \
+	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      { as_dir=$dirpart/$fdir
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+ ;;
+
+  esac
+done # for ac_tag
+
+
+{ (exit 0); exit 0; }
+_ACEOF
+chmod +x $CONFIG_STATUS
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+  { { $as_echo "$as_me:$LINENO: error: write failure creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: write failure creating $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || { (exit 1); exit 1; }
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+  { $as_echo "$as_me:$LINENO: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/configure.ac b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/configure.ac
new file mode 100644
index 0000000..85beb08
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/configure.ac
@@ -0,0 +1,35 @@
+AC_PREREQ([2.63])
+AC_INIT([igmpproxy], [0.1])
+AM_INIT_AUTOMAKE
+AC_CONFIG_SRCDIR([src/igmpproxy.c])
+AC_CONFIG_HEADERS([config.h])
+AC_PROG_CC_C99
+
+AC_CANONICAL_HOST
+case $host_os in
+	linux*) os=linux;;
+	freebsd*) os=freebsd;;
+	netbsd*) os=netbsd;;
+	openbsd*) os=openbsd;;
+	dragonfly*) os=dragonfly;;
+	*) AC_MSG_ERROR([OS $host_os is not supported]);;
+esac
+AC_CONFIG_LINKS([src/os.h:src/os-${os}.h])
+
+AC_CHECK_MEMBERS([struct sockaddr.sa_len], [], [], [[
+#include <sys/types.h>
+#include <sys/socket.h>
+]])
+AC_CHECK_MEMBERS([struct sockaddr_in.sin_len], [], [], [[
+#include <sys/types.h>
+#include <netinet/in.h>
+]])
+
+AC_CONFIG_FILES([
+	Makefile
+	doc/Makefile
+	src/Makefile
+	doc/igmpproxy.8
+	doc/igmpproxy.conf.5
+])
+AC_OUTPUT
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/depcomp b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/depcomp
new file mode 100755
index 0000000..df8eea7
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/depcomp
@@ -0,0 +1,630 @@
+#! /bin/sh
+# depcomp - compile a program generating dependencies as side-effects
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free
+# Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
+
+case $1 in
+  '')
+     echo "$0: No command.  Try \`$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: depcomp [--help] [--version] PROGRAM [ARGS]
+
+Run PROGRAMS ARGS to compile a file, generating dependencies
+as side-effects.
+
+Environment variables:
+  depmode     Dependency tracking mode.
+  source      Source file read by `PROGRAMS ARGS'.
+  object      Object file output by `PROGRAMS ARGS'.
+  DEPDIR      directory where to store dependencies.
+  depfile     Dependency file to output.
+  tmpdepfile  Temporary file to use when outputing dependencies.
+  libtool     Whether libtool is used (yes/no).
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "depcomp $scriptversion"
+    exit $?
+    ;;
+esac
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+  echo "depcomp: Variables source, object and depmode must be set" 1>&2
+  exit 1
+fi
+
+# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
+depfile=${depfile-`echo "$object" |
+  sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Some modes work just like other modes, but use different flags.  We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write.  Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+  # HP compiler uses -M and no extra arg.
+  gccflag=-M
+  depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+   # This is just like dashmstdout with a different argument.
+   dashmflag=-xM
+   depmode=dashmstdout
+fi
+
+cygpath_u="cygpath -u -f -"
+if test "$depmode" = msvcmsys; then
+   # This is just like msvisualcpp but w/o cygpath translation.
+   # Just convert the backslash-escaped backslashes to single forward
+   # slashes to satisfy depend.m4
+   cygpath_u="sed s,\\\\\\\\,/,g"
+   depmode=msvisualcpp
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want.  Yay!  Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff.  Hmm.
+## Unfortunately, FreeBSD c89 acceptance of flags depends upon
+## the command line argument order; so add the flags where they
+## appear in depend2.am.  Note that the slowdown incurred here
+## affects only configure: in makefiles, %FASTDEP% shortcuts this.
+  for arg
+  do
+    case $arg in
+    -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
+    *)  set fnord "$@" "$arg" ;;
+    esac
+    shift # fnord
+    shift # $arg
+  done
+  "$@"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  mv "$tmpdepfile" "$depfile"
+  ;;
+
+gcc)
+## There are various ways to get dependency output from gcc.  Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+##   up in a subdir.  Having to rename by hand is ugly.
+##   (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+##   -MM, not -M (despite what the docs say).
+## - Using -M directly means running the compiler twice (even worse
+##   than renaming).
+  if test -z "$gccflag"; then
+    gccflag=-MD,
+  fi
+  "$@" -Wp,"$gccflag$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+## The second -e expression handles DOS-style file names with drive letters.
+  sed -e 's/^[^:]*: / /' \
+      -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the `deleted header file' problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header).  We avoid this by adding
+## dummy dependencies for each header file.  Too bad gcc doesn't do
+## this for us directly.
+  tr ' ' '
+' < "$tmpdepfile" |
+## Some versions of gcc put a space before the `:'.  On the theory
+## that the space means something, we add a space to the output as
+## well.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+sgi)
+  if test "$libtool" = yes; then
+    "$@" "-Wp,-MDupdate,$tmpdepfile"
+  else
+    "$@" -MDupdate "$tmpdepfile"
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+
+  if test -f "$tmpdepfile"; then  # yes, the sourcefile depend on other files
+    echo "$object : \\" > "$depfile"
+
+    # Clip off the initial element (the dependent).  Don't try to be
+    # clever and replace this with sed code, as IRIX sed won't handle
+    # lines with more than a fixed number of characters (4096 in
+    # IRIX 6.2 sed, 8192 in IRIX 6.5).  We also remove comment lines;
+    # the IRIX cc adds comments like `#:fec' to the end of the
+    # dependency line.
+    tr ' ' '
+' < "$tmpdepfile" \
+    | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
+    tr '
+' ' ' >> "$depfile"
+    echo >> "$depfile"
+
+    # The second pass generates a dummy entry for each header file.
+    tr ' ' '
+' < "$tmpdepfile" \
+   | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+   >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+aix)
+  # The C for AIX Compiler uses -M and outputs the dependencies
+  # in a .u file.  In older versions, this file always lives in the
+  # current directory.  Also, the AIX compiler puts `$object:' at the
+  # start of each line; $object doesn't have directory information.
+  # Version 6 uses the directory in both cases.
+  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+  test "x$dir" = "x$object" && dir=
+  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$base.u
+    tmpdepfile3=$dir.libs/$base.u
+    "$@" -Wc,-M
+  else
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$dir$base.u
+    tmpdepfile3=$dir$base.u
+    "$@" -M
+  fi
+  stat=$?
+
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+    exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  if test -f "$tmpdepfile"; then
+    # Each line is of the form `foo.o: dependent.h'.
+    # Do two passes, one to just change these to
+    # `$object: dependent.h' and one to simply `dependent.h:'.
+    sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+    # That's a tab and a space in the [].
+    sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+icc)
+  # Intel's C compiler understands `-MD -MF file'.  However on
+  #    icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+  # ICC 7.0 will fill foo.d with something like
+  #    foo.o: sub/foo.c
+  #    foo.o: sub/foo.h
+  # which is wrong.  We want:
+  #    sub/foo.o: sub/foo.c
+  #    sub/foo.o: sub/foo.h
+  #    sub/foo.c:
+  #    sub/foo.h:
+  # ICC 7.1 will output
+  #    foo.o: sub/foo.c sub/foo.h
+  # and will wrap long lines using \ :
+  #    foo.o: sub/foo.c ... \
+  #     sub/foo.h ... \
+  #     ...
+
+  "$@" -MD -MF "$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  # Each line is of the form `foo.o: dependent.h',
+  # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+  # Do two passes, one to just change these to
+  # `$object: dependent.h' and one to simply `dependent.h:'.
+  sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process this invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
+    sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp2)
+  # The "hp" stanza above does not work with aCC (C++) and HP's ia64
+  # compilers, which have integrated preprocessors.  The correct option
+  # to use with these is +Maked; it writes dependencies to a file named
+  # 'foo.d', which lands next to the object file, wherever that
+  # happens to be.
+  # Much of this is similar to the tru64 case; see comments there.
+  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+  test "x$dir" = "x$object" && dir=
+  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir.libs/$base.d
+    "$@" -Wc,+Maked
+  else
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir$base.d
+    "$@" +Maked
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+     rm -f "$tmpdepfile1" "$tmpdepfile2"
+     exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  if test -f "$tmpdepfile"; then
+    sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
+    # Add `dependent.h:' lines.
+    sed -ne '2,${
+	       s/^ *//
+	       s/ \\*$//
+	       s/$/:/
+	       p
+	     }' "$tmpdepfile" >> "$depfile"
+  else
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile" "$tmpdepfile2"
+  ;;
+
+tru64)
+   # The Tru64 compiler uses -MD to generate dependencies as a side
+   # effect.  `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+   # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+   # dependencies in `foo.d' instead, so we check for that too.
+   # Subdirectories are respected.
+   dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+   test "x$dir" = "x$object" && dir=
+   base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+
+   if test "$libtool" = yes; then
+      # With Tru64 cc, shared objects can also be used to make a
+      # static library.  This mechanism is used in libtool 1.4 series to
+      # handle both shared and static libraries in a single compilation.
+      # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
+      #
+      # With libtool 1.5 this exception was removed, and libtool now
+      # generates 2 separate objects for the 2 libraries.  These two
+      # compilations output dependencies in $dir.libs/$base.o.d and
+      # in $dir$base.o.d.  We have to check for both files, because
+      # one of the two compilations can be disabled.  We should prefer
+      # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
+      # automatically cleaned when .libs/ is deleted, while ignoring
+      # the former would cause a distcleancheck panic.
+      tmpdepfile1=$dir.libs/$base.lo.d   # libtool 1.4
+      tmpdepfile2=$dir$base.o.d          # libtool 1.5
+      tmpdepfile3=$dir.libs/$base.o.d    # libtool 1.5
+      tmpdepfile4=$dir.libs/$base.d      # Compaq CCC V6.2-504
+      "$@" -Wc,-MD
+   else
+      tmpdepfile1=$dir$base.o.d
+      tmpdepfile2=$dir$base.d
+      tmpdepfile3=$dir$base.d
+      tmpdepfile4=$dir$base.d
+      "$@" -MD
+   fi
+
+   stat=$?
+   if test $stat -eq 0; then :
+   else
+      rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+      exit $stat
+   fi
+
+   for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+   do
+     test -f "$tmpdepfile" && break
+   done
+   if test -f "$tmpdepfile"; then
+      sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+      # That's a tab and a space in the [].
+      sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+   else
+      echo "#dummy" > "$depfile"
+   fi
+   rm -f "$tmpdepfile"
+   ;;
+
+#nosideeffect)
+  # This comment above is used by automake to tell side-effect
+  # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout, regardless of -o.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  test -z "$dashmflag" && dashmflag=-M
+  # Require at least two characters before searching for `:'
+  # in the target name.  This is to cope with DOS-style filenames:
+  # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+  "$@" $dashmflag |
+    sed 's:^[  ]*[^: ][^:][^:]*\:[    ]*:'"$object"'\: :' > "$tmpdepfile"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  tr ' ' '
+' < "$tmpdepfile" | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+dashXmstdout)
+  # This case only exists to satisfy depend.m4.  It is never actually
+  # run, as this mode is specially recognized in the preamble.
+  exit 1
+  ;;
+
+makedepend)
+  "$@" || exit $?
+  # Remove any Libtool call
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+  # X makedepend
+  shift
+  cleared=no eat=no
+  for arg
+  do
+    case $cleared in
+    no)
+      set ""; shift
+      cleared=yes ;;
+    esac
+    if test $eat = yes; then
+      eat=no
+      continue
+    fi
+    case "$arg" in
+    -D*|-I*)
+      set fnord "$@" "$arg"; shift ;;
+    # Strip any option that makedepend may not understand.  Remove
+    # the object too, otherwise makedepend will parse it as a source file.
+    -arch)
+      eat=yes ;;
+    -*|$object)
+      ;;
+    *)
+      set fnord "$@" "$arg"; shift ;;
+    esac
+  done
+  obj_suffix=`echo "$object" | sed 's/^.*\././'`
+  touch "$tmpdepfile"
+  ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  sed '1,2d' "$tmpdepfile" | tr ' ' '
+' | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile" "$tmpdepfile".bak
+  ;;
+
+cpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  "$@" -E |
+    sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+       -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
+    sed '$ s: \\$::' > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  cat < "$tmpdepfile" >> "$depfile"
+  sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvisualcpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  IFS=" "
+  for arg
+  do
+    case "$arg" in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+	set fnord "$@"
+	shift
+	shift
+	;;
+    *)
+	set fnord "$@" "$arg"
+	shift
+	shift
+	;;
+    esac
+  done
+  "$@" -E 2>/dev/null |
+  sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::	\1 \\:p' >> "$depfile"
+  echo "	" >> "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvcmsys)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+none)
+  exec "$@"
+  ;;
+
+*)
+  echo "Unknown depmode $depmode" 1>&2
+  exit 1
+  ;;
+esac
+
+exit 0
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/Makefile b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/Makefile
new file mode 100644
index 0000000..1dc1972
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/Makefile
@@ -0,0 +1,447 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# doc/Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = x86_64-unknown-linux-gnu
+host_triplet = x86_64-unknown-linux-gnu
+subdir = doc
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/igmpproxy.8.in $(srcdir)/igmpproxy.conf.5.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = igmpproxy.8 igmpproxy.conf.5
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+man5dir = $(mandir)/man5
+am__installdirs = "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1/doc
+abs_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1/doc
+abs_top_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = x86_64-unknown-linux-gnu
+build_alias = 
+build_cpu = x86_64
+build_os = linux-gnu
+build_vendor = unknown
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = x86_64-unknown-linux-gnu
+host_alias = 
+host_cpu = x86_64
+host_os = linux-gnu
+host_vendor = unknown
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = ../
+top_builddir = ..
+top_srcdir = ..
+man_MANS = igmpproxy.8 igmpproxy.conf.5
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu doc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+igmpproxy.8: $(top_builddir)/config.status $(srcdir)/igmpproxy.8.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+igmpproxy.conf.5: $(top_builddir)/config.status $(srcdir)/igmpproxy.conf.5.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-man5: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man5:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
+install-man8: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+	@list='$(MANS)'; if test -n "$$list"; then \
+	  list=`for p in $$list; do \
+	    if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	    if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+	  if test -n "$$list" && \
+	    grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+	    echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+	    grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/         /' >&2; \
+	    echo "       to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+	    echo "       typically \`make maintainer-clean' will remove them" >&2; \
+	    exit 1; \
+	  else :; fi; \
+	else :; fi
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(MANS)
+installdirs:
+	for dir in "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic distclean \
+	distclean-generic distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
+	pdf-am ps ps-am uninstall uninstall-am uninstall-man \
+	uninstall-man5 uninstall-man8
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am
new file mode 100644
index 0000000..1d4eb13
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am
@@ -0,0 +1 @@
+man_MANS = igmpproxy.8 igmpproxy.conf.5
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in
new file mode 100644
index 0000000..8a0c300
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in
@@ -0,0 +1,447 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = doc
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/igmpproxy.8.in $(srcdir)/igmpproxy.conf.5.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = igmpproxy.8 igmpproxy.conf.5
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+man5dir = $(mandir)/man5
+am__installdirs = "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+man_MANS = igmpproxy.8 igmpproxy.conf.5
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu doc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+igmpproxy.8: $(top_builddir)/config.status $(srcdir)/igmpproxy.8.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+igmpproxy.conf.5: $(top_builddir)/config.status $(srcdir)/igmpproxy.conf.5.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-man5: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man5:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
+install-man8: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+	@list='$(MANS)'; if test -n "$$list"; then \
+	  list=`for p in $$list; do \
+	    if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	    if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+	  if test -n "$$list" && \
+	    grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+	    echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+	    grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/         /' >&2; \
+	    echo "       to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+	    echo "       typically \`make maintainer-clean' will remove them" >&2; \
+	    exit 1; \
+	  else :; fi; \
+	else :; fi
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(MANS)
+installdirs:
+	for dir in "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic distclean \
+	distclean-generic distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
+	pdf-am ps ps-am uninstall uninstall-am uninstall-man \
+	uninstall-man5 uninstall-man8
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8 b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8
new file mode 100644
index 0000000..10faec5
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8
@@ -0,0 +1,81 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy 8 "" "igmpproxy 0.1"
+.SH NAME
+igmpproxy \- Multicast router utilizing IGMP forwarding
+
+.SH SYNOPSIS
+.B igmpproxy [-h] [-d] [-v [-v]]
+.I config-file
+
+
+.SH DESCRIPTION
+.B igmpproxy
+is a simple multicast routing daemon which uses IGMP forwarding to
+dynamically route multicast traffic. Routing is done by defining an
+"upstream" interface on which the daemon act as a normal Multicast
+client, and one or more "downstream" interfaces that serves clients
+on the destination networks. This is useful in situations where other
+dynamic multicast routers (like 'mrouted' or 'pimd') cannot be used.
+
+Since 
+.B igmpproxy
+only uses IGMP signalling, the daemon is only suited for situations
+where multicast traffic comes from only one neighbouring network.
+In more advanced cases, 'mrouted' or 'pimd' is probably more suited.
+The daemon is not designed for cascading, and probably won't scale
+very well.
+
+Currently only IGMPv1 and v2 is supported on downstream interfaces.
+On the upstream interface the kernel IGMP client implementation is used,
+and supported IGMP versions is therefore limited to that supported by the
+kernel.
+
+
+.SH OPTIONS
+.IP -h
+Display help.
+.IP -v
+Verbose logging. Set logging level to INFO instead of WARNING used by default. 
+.IP -vv
+More verbose logging. Set logging level to DEBUG.
+.IP -d
+Output log messages to STDERR instead of to
+.BR syslog (3).
+
+
+.SH LIMITS
+The current version compiles and runs fine with the Linux kernel version 2.4. The known limits are:
+
+.B Multicast routes:
+more then 200
+
+.B Multicast group membership:
+max. 20
+.SH FILES
+.TP
+.B /proc/net/ip_mr_cache 
+- contains the active multicast routes
+.TP
+.B /proc/net/ip_mr_vif 
+- contains the 'virtual' interfaces used by the active multicast routing daemon
+.TP
+.B /proc/sys/net/ipv4/conf/<ifname>/force_igmp_version 
+- can be set to control what IGMP version the kernel should use on the upstream interface.
+Ex.: 'echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version' will force the kernel to
+use IGMPv2 on eth0 (provided this is the upstream interface).
+
+
+.SH SEE ALSO
+.BR igmpproxy.conf (5),
+.BR mrouted,
+.BR pimd,
+.BR smcroute
+
+.SH BUGS
+Currently none (but there probably will be :-/ )
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>.
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in
new file mode 100644
index 0000000..9d18e42
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in
@@ -0,0 +1,81 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy 8 "" "@PACKAGE_STRING@"
+.SH NAME
+igmpproxy \- Multicast router utilizing IGMP forwarding
+
+.SH SYNOPSIS
+.B igmpproxy [-h] [-d] [-v [-v]]
+.I config-file
+
+
+.SH DESCRIPTION
+.B igmpproxy
+is a simple multicast routing daemon which uses IGMP forwarding to
+dynamically route multicast traffic. Routing is done by defining an
+"upstream" interface on which the daemon act as a normal Multicast
+client, and one or more "downstream" interfaces that serves clients
+on the destination networks. This is useful in situations where other
+dynamic multicast routers (like 'mrouted' or 'pimd') cannot be used.
+
+Since 
+.B igmpproxy
+only uses IGMP signalling, the daemon is only suited for situations
+where multicast traffic comes from only one neighbouring network.
+In more advanced cases, 'mrouted' or 'pimd' is probably more suited.
+The daemon is not designed for cascading, and probably won't scale
+very well.
+
+Currently only IGMPv1 and v2 is supported on downstream interfaces.
+On the upstream interface the kernel IGMP client implementation is used,
+and supported IGMP versions is therefore limited to that supported by the
+kernel.
+
+
+.SH OPTIONS
+.IP -h
+Display help.
+.IP -v
+Verbose logging. Set logging level to INFO instead of WARNING used by default. 
+.IP -vv
+More verbose logging. Set logging level to DEBUG.
+.IP -d
+Output log messages to STDERR instead of to
+.BR syslog (3).
+
+
+.SH LIMITS
+The current version compiles and runs fine with the Linux kernel version 2.4. The known limits are:
+
+.B Multicast routes:
+more then 200
+
+.B Multicast group membership:
+max. 20
+.SH FILES
+.TP
+.B /proc/net/ip_mr_cache 
+- contains the active multicast routes
+.TP
+.B /proc/net/ip_mr_vif 
+- contains the 'virtual' interfaces used by the active multicast routing daemon
+.TP
+.B /proc/sys/net/ipv4/conf/<ifname>/force_igmp_version 
+- can be set to control what IGMP version the kernel should use on the upstream interface.
+Ex.: 'echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version' will force the kernel to
+use IGMPv2 on eth0 (provided this is the upstream interface).
+
+
+.SH SEE ALSO
+.BR igmpproxy.conf (5),
+.BR mrouted,
+.BR pimd,
+.BR smcroute
+
+.SH BUGS
+Currently none (but there probably will be :-/ )
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>.
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5 b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5
new file mode 100644
index 0000000..176de46
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5
@@ -0,0 +1,146 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy.conf 5 "" "igmpproxy 0.1"
+.SH NAME
+igmpproxy.conf \- Configuration file for
+.BR igmpproxy (8)
+multicast daemon
+
+.SH DESCRIPTION
+.B igmpproxy.conf
+contains the configuration for the 
+.B igmpproxy
+multicast daemon. It defines which network interfaces should be
+used by the routing daemon. Each interface must be give one of the following roles:
+.B upstream
+,
+.B downstream
+or
+.B disabled
+.
+
+The
+.B upstream
+network interface is the outgoing interface which is responsible for communicating
+to availible multicast data sources. There can only be one upstream interface.
+
+.B Downstream
+network interfaces are the distribution interfaces to the destination networks, 
+where multicast clients can join groups and receive multicast data. One or more
+downstream interfaces must be configured.
+
+On
+.B disabled
+network interfaces all IGMP or multicast traffic is ignored altogether. If multiple
+IP addresses is used on one single interface (ae. eth0:1 ...), all interface
+aliases not in use should be configured as disabled.
+
+Any line in the configuration file starting with
+.B #
+is treated as a comment. Keywords and parameters can be distributed over many lines.
+The configuration file has two main keywords:
+
+.B quickleave
+.RS 
+Enables quickleave mode. In this mode the daemon will send a Leave IGMP message
+upstream as soon as it recieves a Leave message for any downstream interface.
+The daemon will then ask for Membership reports on the downstream interfaces, 
+and if a report is recieved the group is joined again upstream. Normally this
+is not noticed at all by clients on the downstream networks. If it's vital
+that the daemon should act exactly as a real multicast client on the upstream
+interface, this function should not be used. Disabling this function increases
+the risk of bandwidth saturation.
+.RE
+
+
+.B phyint 
+.I interface
+.I role 
+[ ratelimit 
+.I limit
+] [ threshold 
+.I ttl
+] [ altnet 
+.I networkaddr ... 
+]
+.RS
+Defines the state and settings of a network interface.
+.RE
+
+.SH PHYINT OPTIONS
+
+.B interface
+.RS
+The name of the interface the settings are for. This option is required for
+phyint settings.
+.RE
+
+.B role
+.RS
+The role of the interface. This should be either
+.B upstream
+(only one interface),
+.B downstream
+(one or more interfaces) or
+.B disabled
+. This option is required.
+.RE
+
+.B ratelimit
+.I limit
+.RS
+Defines a ratelimit for the network interface. If ratelimit is set to 0 (default),
+no ratelimit will be applied. This setting is optional.
+.RE
+
+.B threshold
+.I ttl
+.RS
+Defines the TTL threshold for the network interface. Packets with a lower TTL than the 
+threshols value will be ignored. This setting is optional, and by default the threshold is 1.
+.RE
+
+.B altnet
+.I networkaddr
+...
+.RS
+Defines alternate sources for multicasting and IGMP data. The network address must be on the 
+following format 'a.b.c.d/n'. By default the router will accept data from sources on the same
+network as configured on an interface. If the multicast source lies on a remote network, one
+must define from where traffic should be accepted. 
+
+This is especially useful for the upstream interface, since the source for multicast
+traffic is often from a remote location. Any number of altnet parameters can be specified.
+.RE
+
+
+.SH EXAMPLE
+## Enable quickleave
+quickleave
+.br
+## Define settings for eth0 (upstream)
+.br
+phyint eth0 upstream 
+       altnet 10.0.0.0/8
+       
+## Disable alternate IP on eth0 (eth0:0)
+.br
+phyint eth0:0 disabled
+
+## Define settings for eth1 (downstream)
+.br
+phyint eth1 downstream ratelimit 0 threshold 1
+
+## Define settings for eth2 (also downstream)
+.br
+phyint eth2 downstream
+
+
+.SH SEE ALSO
+.BR igmpproxy (8)
+
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in
new file mode 100644
index 0000000..a4ea7d0
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in
@@ -0,0 +1,146 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy.conf 5 "" "@PACKAGE_STRING@"
+.SH NAME
+igmpproxy.conf \- Configuration file for
+.BR igmpproxy (8)
+multicast daemon
+
+.SH DESCRIPTION
+.B igmpproxy.conf
+contains the configuration for the 
+.B igmpproxy
+multicast daemon. It defines which network interfaces should be
+used by the routing daemon. Each interface must be give one of the following roles:
+.B upstream
+,
+.B downstream
+or
+.B disabled
+.
+
+The
+.B upstream
+network interface is the outgoing interface which is responsible for communicating
+to availible multicast data sources. There can only be one upstream interface.
+
+.B Downstream
+network interfaces are the distribution interfaces to the destination networks, 
+where multicast clients can join groups and receive multicast data. One or more
+downstream interfaces must be configured.
+
+On
+.B disabled
+network interfaces all IGMP or multicast traffic is ignored altogether. If multiple
+IP addresses is used on one single interface (ae. eth0:1 ...), all interface
+aliases not in use should be configured as disabled.
+
+Any line in the configuration file starting with
+.B #
+is treated as a comment. Keywords and parameters can be distributed over many lines.
+The configuration file has two main keywords:
+
+.B quickleave
+.RS 
+Enables quickleave mode. In this mode the daemon will send a Leave IGMP message
+upstream as soon as it recieves a Leave message for any downstream interface.
+The daemon will then ask for Membership reports on the downstream interfaces, 
+and if a report is recieved the group is joined again upstream. Normally this
+is not noticed at all by clients on the downstream networks. If it's vital
+that the daemon should act exactly as a real multicast client on the upstream
+interface, this function should not be used. Disabling this function increases
+the risk of bandwidth saturation.
+.RE
+
+
+.B phyint 
+.I interface
+.I role 
+[ ratelimit 
+.I limit
+] [ threshold 
+.I ttl
+] [ altnet 
+.I networkaddr ... 
+]
+.RS
+Defines the state and settings of a network interface.
+.RE
+
+.SH PHYINT OPTIONS
+
+.B interface
+.RS
+The name of the interface the settings are for. This option is required for
+phyint settings.
+.RE
+
+.B role
+.RS
+The role of the interface. This should be either
+.B upstream
+(only one interface),
+.B downstream
+(one or more interfaces) or
+.B disabled
+. This option is required.
+.RE
+
+.B ratelimit
+.I limit
+.RS
+Defines a ratelimit for the network interface. If ratelimit is set to 0 (default),
+no ratelimit will be applied. This setting is optional.
+.RE
+
+.B threshold
+.I ttl
+.RS
+Defines the TTL threshold for the network interface. Packets with a lower TTL than the 
+threshols value will be ignored. This setting is optional, and by default the threshold is 1.
+.RE
+
+.B altnet
+.I networkaddr
+...
+.RS
+Defines alternate sources for multicasting and IGMP data. The network address must be on the 
+following format 'a.b.c.d/n'. By default the router will accept data from sources on the same
+network as configured on an interface. If the multicast source lies on a remote network, one
+must define from where traffic should be accepted. 
+
+This is especially useful for the upstream interface, since the source for multicast
+traffic is often from a remote location. Any number of altnet parameters can be specified.
+.RE
+
+
+.SH EXAMPLE
+## Enable quickleave
+quickleave
+.br
+## Define settings for eth0 (upstream)
+.br
+phyint eth0 upstream 
+       altnet 10.0.0.0/8
+       
+## Disable alternate IP on eth0 (eth0:0)
+.br
+phyint eth0:0 disabled
+
+## Define settings for eth1 (downstream)
+.br
+phyint eth1 downstream ratelimit 0 threshold 1
+
+## Define settings for eth2 (also downstream)
+.br
+phyint eth2 downstream
+
+
+.SH SEE ALSO
+.BR igmpproxy (8)
+
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf
new file mode 100644
index 0000000..197ca30
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf
@@ -0,0 +1,46 @@
+########################################################
+#
+#   Example configuration file for the IgmpProxy
+#   --------------------------------------------
+#
+#   The configuration file must define one upstream
+#   interface, and one or more downstream interfaces.
+#
+#   If multicast traffic originates outside the
+#   upstream subnet, the "altnet" option can be
+#   used in order to define legal multicast sources.
+#   (Se example...)
+#
+#   The "quickleave" should be used to avoid saturation
+#   of the upstream link. The option should only
+#   be used if it's absolutely nessecary to
+#   accurately imitate just one Client.
+#
+########################################################
+
+##------------------------------------------------------
+## Enable Quickleave mode (Sends Leave instantly)
+##------------------------------------------------------
+quickleave
+
+
+##------------------------------------------------------
+## Configuration for eth0 (Upstream Interface)
+##------------------------------------------------------
+phyint eth0 upstream  ratelimit 0  threshold 1
+        altnet 10.0.0.0/8 
+        altnet 192.168.0.0/24
+
+
+##------------------------------------------------------
+## Configuration for eth1 (Downstream Interface)
+##------------------------------------------------------
+phyint eth1 downstream  ratelimit 0  threshold 1
+
+
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+phyint eth2 disabled
+
+
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/install-sh b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/install-sh
new file mode 100755
index 0000000..6781b98
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/install-sh
@@ -0,0 +1,520 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2009-04-28.21; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/missing b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/missing
new file mode 100755
index 0000000..28055d2
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/missing
@@ -0,0 +1,376 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
+# 2008, 2009 Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+  echo 1>&2 "Try \`$0 --help' for more information"
+  exit 1
+fi
+
+run=:
+sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
+sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+  configure_ac=configure.ac
+else
+  configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case $1 in
+--run)
+  # Try to run requested program, and just exit if it succeeds.
+  run=
+  shift
+  "$@" && exit 0
+  # Exit code 63 means version mismatch.  This often happens
+  # when the user try to use an ancient version of a tool on
+  # a file that requires a minimum version.  In this case we
+  # we should proceed has if the program had been absent, or
+  # if --run hadn't been passed.
+  if test $? = 63; then
+    run=:
+    msg="probably too old"
+  fi
+  ;;
+
+  -h|--h|--he|--hel|--help)
+    echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+  -h, --help      display this help and exit
+  -v, --version   output version information and exit
+  --run           try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+  aclocal      touch file \`aclocal.m4'
+  autoconf     touch file \`configure'
+  autoheader   touch file \`config.h.in'
+  autom4te     touch the output file, or create a stub one
+  automake     touch all \`Makefile.in' files
+  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
+  flex         create \`lex.yy.c', if possible, from existing .c
+  help2man     touch the output file
+  lex          create \`lex.yy.c', if possible, from existing .c
+  makeinfo     touch the output file
+  tar          try tar, gnutar, gtar, then tar without non-portable flags
+  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
+\`g' are ignored when checking the name.
+
+Send bug reports to <bug-automake@gnu.org>."
+    exit $?
+    ;;
+
+  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+    echo "missing $scriptversion (GNU Automake)"
+    exit $?
+    ;;
+
+  -*)
+    echo 1>&2 "$0: Unknown \`$1' option"
+    echo 1>&2 "Try \`$0 --help' for more information"
+    exit 1
+    ;;
+
+esac
+
+# normalize program name to check for.
+program=`echo "$1" | sed '
+  s/^gnu-//; t
+  s/^gnu//; t
+  s/^g//; t'`
+
+# Now exit if we have it, but it failed.  Also exit now if we
+# don't have it and --version was passed (most likely to detect
+# the program).  This is about non-GNU programs, so use $1 not
+# $program.
+case $1 in
+  lex*|yacc*)
+    # Not GNU programs, they don't have --version.
+    ;;
+
+  tar*)
+    if test -n "$run"; then
+       echo 1>&2 "ERROR: \`tar' requires --run"
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       exit 1
+    fi
+    ;;
+
+  *)
+    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+       # We have it, but it failed.
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       # Could not run --version or --help.  This is probably someone
+       # running `$TOOL --version' or `$TOOL --help' to check whether
+       # $TOOL exists and not knowing $TOOL uses missing.
+       exit 1
+    fi
+    ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case $program in
+  aclocal*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acinclude.m4' or \`${configure_ac}'.  You might want
+         to install the \`Automake' and \`Perl' packages.  Grab them from
+         any GNU archive site."
+    touch aclocal.m4
+    ;;
+
+  autoconf*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`${configure_ac}'.  You might want to install the
+         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
+         archive site."
+    touch configure
+    ;;
+
+  autoheader*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acconfig.h' or \`${configure_ac}'.  You might want
+         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
+         from any GNU archive site."
+    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+    test -z "$files" && files="config.h"
+    touch_files=
+    for f in $files; do
+      case $f in
+      *:*) touch_files="$touch_files "`echo "$f" |
+				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+      *) touch_files="$touch_files $f.in";;
+      esac
+    done
+    touch $touch_files
+    ;;
+
+  automake*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+         You might want to install the \`Automake' and \`Perl' packages.
+         Grab them from any GNU archive site."
+    find . -type f -name Makefile.am -print |
+	   sed 's/\.am$/.in/' |
+	   while read f; do touch "$f"; done
+    ;;
+
+  autom4te*)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.
+         You can get \`$1' as part of \`Autoconf' from any GNU
+         archive site."
+
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo "#! /bin/sh"
+	echo "# Created by GNU Automake missing as a replacement of"
+	echo "#  $ $@"
+	echo "exit 0"
+	chmod +x $file
+	exit 1
+    fi
+    ;;
+
+  bison*|yacc*)
+    echo 1>&2 "\
+WARNING: \`$1' $msg.  You should only need it if
+         you modified a \`.y' file.  You may need the \`Bison' package
+         in order for those modifications to take effect.  You can get
+         \`Bison' from any GNU archive site."
+    rm -f y.tab.c y.tab.h
+    if test $# -ne 1; then
+        eval LASTARG="\${$#}"
+	case $LASTARG in
+	*.y)
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" y.tab.c
+	    fi
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" y.tab.h
+	    fi
+	  ;;
+	esac
+    fi
+    if test ! -f y.tab.h; then
+	echo >y.tab.h
+    fi
+    if test ! -f y.tab.c; then
+	echo 'main() { return 0; }' >y.tab.c
+    fi
+    ;;
+
+  lex*|flex*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.l' file.  You may need the \`Flex' package
+         in order for those modifications to take effect.  You can get
+         \`Flex' from any GNU archive site."
+    rm -f lex.yy.c
+    if test $# -ne 1; then
+        eval LASTARG="\${$#}"
+	case $LASTARG in
+	*.l)
+	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" lex.yy.c
+	    fi
+	  ;;
+	esac
+    fi
+    if test ! -f lex.yy.c; then
+	echo 'main() { return 0; }' >lex.yy.c
+    fi
+    ;;
+
+  help2man*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+	 you modified a dependency of a manual page.  You may need the
+	 \`Help2man' package in order for those modifications to take
+	 effect.  You can get \`Help2man' from any GNU archive site."
+
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo ".ab help2man is required to generate this page"
+	exit $?
+    fi
+    ;;
+
+  makeinfo*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.texi' or \`.texinfo' file, or any other file
+         indirectly affecting the aspect of the manual.  The spurious
+         call might also be the consequence of using a buggy \`make' (AIX,
+         DU, IRIX).  You might want to install the \`Texinfo' package or
+         the \`GNU make' package.  Grab either from any GNU archive site."
+    # The file to touch is that specified with -o ...
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -z "$file"; then
+      # ... or it is the one specified with @setfilename ...
+      infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+      file=`sed -n '
+	/^@setfilename/{
+	  s/.* \([^ ]*\) *$/\1/
+	  p
+	  q
+	}' $infile`
+      # ... or it is derived from the source name (dir/f.texi becomes f.info)
+      test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
+    fi
+    # If the file does not exist, the user really needs makeinfo;
+    # let's fail without touching anything.
+    test -f $file || exit 1
+    touch $file
+    ;;
+
+  tar*)
+    shift
+
+    # We have already tried tar in the generic part.
+    # Look for gnutar/gtar before invocation to avoid ugly error
+    # messages.
+    if (gnutar --version > /dev/null 2>&1); then
+       gnutar "$@" && exit 0
+    fi
+    if (gtar --version > /dev/null 2>&1); then
+       gtar "$@" && exit 0
+    fi
+    firstarg="$1"
+    if shift; then
+	case $firstarg in
+	*o*)
+	    firstarg=`echo "$firstarg" | sed s/o//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+	case $firstarg in
+	*h*)
+	    firstarg=`echo "$firstarg" | sed s/h//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+    fi
+
+    echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+         You may want to install GNU tar or Free paxutils, or check the
+         command line arguments."
+    exit 1
+    ;;
+
+  *)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.  Check the \`README' file,
+         it often tells you about the needed prerequisites for installing
+         this package.  You may also peek at any GNU archive site, in case
+         some other package would contain this missing \`$1' program."
+    exit 1
+    ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po
new file mode 100644
index 0000000..f25b465
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po
@@ -0,0 +1,342 @@
+callout.o: callout.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po
new file mode 100644
index 0000000..14eebbf
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po
@@ -0,0 +1,342 @@
+config.o: config.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po
new file mode 100644
index 0000000..bec4868
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po
@@ -0,0 +1,342 @@
+confread.o: confread.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po
new file mode 100644
index 0000000..2805060
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po
@@ -0,0 +1,342 @@
+ifvc.o: ifvc.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po
new file mode 100644
index 0000000..605a16f
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po
@@ -0,0 +1,342 @@
+igmp.o: igmp.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po
new file mode 100644
index 0000000..dee8930
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po
@@ -0,0 +1,342 @@
+igmpproxy.o: igmpproxy.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po
new file mode 100644
index 0000000..8e46880
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po
@@ -0,0 +1,342 @@
+kern.o: kern.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po
new file mode 100644
index 0000000..d2e5a5d
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po
@@ -0,0 +1,341 @@
+lib.o: lib.c /usr/include/stdc-predef.h igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po
new file mode 100644
index 0000000..ca312cc
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po
@@ -0,0 +1,342 @@
+mcgroup.o: mcgroup.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po
new file mode 100644
index 0000000..8c785bf
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po
@@ -0,0 +1,342 @@
+mroute-api.o: mroute-api.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po
new file mode 100644
index 0000000..56ed8c4
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po
@@ -0,0 +1,342 @@
+request.o: request.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po
new file mode 100644
index 0000000..52e1d35
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po
@@ -0,0 +1,342 @@
+rttable.o: rttable.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po
new file mode 100644
index 0000000..9dc9e92
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po
@@ -0,0 +1,342 @@
+syslog.o: syslog.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po
new file mode 100644
index 0000000..2f83ab9
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po
@@ -0,0 +1,342 @@
+udpsock.o: udpsock.c /usr/include/stdc-predef.h igmpproxy.h \
+ /usr/include/errno.h /usr/include/features.h \
+ /usr/include/x86_64-linux-gnu/sys/cdefs.h \
+ /usr/include/x86_64-linux-gnu/bits/wordsize.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs.h \
+ /usr/include/x86_64-linux-gnu/gnu/stubs-64.h \
+ /usr/include/x86_64-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/x86_64-linux-gnu/asm/errno.h \
+ /usr/include/asm-generic/errno.h /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h \
+ /usr/include/x86_64-linux-gnu/bits/types.h \
+ /usr/include/x86_64-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/sys_errlist.h \
+ /usr/include/x86_64-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/x86_64-linux-gnu/bits/waitflags.h \
+ /usr/include/x86_64-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/endian.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap.h \
+ /usr/include/x86_64-linux-gnu/bits/byteswap-16.h \
+ /usr/include/x86_64-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/x86_64-linux-gnu/sys/select.h \
+ /usr/include/x86_64-linux-gnu/bits/select.h \
+ /usr/include/x86_64-linux-gnu/bits/sigset.h \
+ /usr/include/x86_64-linux-gnu/bits/time.h \
+ /usr/include/x86_64-linux-gnu/sys/sysmacros.h \
+ /usr/include/x86_64-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h \
+ /usr/include/x86_64-linux-gnu/bits/stdlib-float.h /usr/include/syslog.h \
+ /usr/include/x86_64-linux-gnu/sys/syslog.h \
+ /usr/include/x86_64-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/x86_64-linux-gnu/bits/signum.h \
+ /usr/include/x86_64-linux-gnu/bits/siginfo.h \
+ /usr/include/x86_64-linux-gnu/bits/sigaction.h \
+ /usr/include/x86_64-linux-gnu/bits/sigcontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigstack.h \
+ /usr/include/x86_64-linux-gnu/sys/ucontext.h \
+ /usr/include/x86_64-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/x86_64-linux-gnu/bits/posix_opt.h \
+ /usr/include/x86_64-linux-gnu/bits/environments.h \
+ /usr/include/x86_64-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/x86_64-linux-gnu/bits/string.h \
+ /usr/include/x86_64-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl.h \
+ /usr/include/x86_64-linux-gnu/bits/fcntl-linux.h \
+ /usr/include/x86_64-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h \
+ /usr/include/x86_64-linux-gnu/sys/socket.h \
+ /usr/include/x86_64-linux-gnu/sys/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/uio.h \
+ /usr/include/x86_64-linux-gnu/bits/socket.h \
+ /usr/include/x86_64-linux-gnu/bits/socket_type.h \
+ /usr/include/x86_64-linux-gnu/bits/sockaddr.h \
+ /usr/include/x86_64-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/x86_64-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h \
+ /usr/include/x86_64-linux-gnu/sys/un.h \
+ /usr/include/x86_64-linux-gnu/sys/time.h \
+ /usr/include/x86_64-linux-gnu/sys/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctls.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/x86_64-linux-gnu/asm/ioctl.h \
+ /usr/include/asm-generic/ioctl.h \
+ /usr/include/x86_64-linux-gnu/bits/ioctl-types.h \
+ /usr/include/x86_64-linux-gnu/sys/ttydefaults.h \
+ /usr/include/x86_64-linux-gnu/sys/param.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/x86_64-linux-gnu/bits/posix1_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/local_lim.h \
+ /usr/include/linux/limits.h \
+ /usr/include/x86_64-linux-gnu/bits/posix2_lim.h \
+ /usr/include/x86_64-linux-gnu/bits/param.h /usr/include/linux/param.h \
+ /usr/include/x86_64-linux-gnu/asm/param.h \
+ /usr/include/asm-generic/param.h /usr/include/net/if.h \
+ /usr/include/netinet/in.h \
+ /usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h /usr/include/stdint.h \
+ /usr/include/x86_64-linux-gnu/bits/wchar.h \
+ /usr/include/x86_64-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/types.h /usr/include/x86_64-linux-gnu/asm/types.h \
+ /usr/include/asm-generic/types.h /usr/include/asm-generic/int-ll64.h \
+ /usr/include/x86_64-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types.h \
+ /usr/include/x86_64-linux-gnu/asm/posix_types_64.h \
+ /usr/include/asm-generic/posix_types.h /usr/include/linux/mroute.h \
+ /usr/include/linux/sockios.h /usr/include/netinet/ip.h \
+ /usr/include/netinet/igmp.h ../config.h
+
+/usr/include/stdc-predef.h:
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/x86_64-linux-gnu/sys/cdefs.h:
+
+/usr/include/x86_64-linux-gnu/bits/wordsize.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs.h:
+
+/usr/include/x86_64-linux-gnu/gnu/stubs-64.h:
+
+/usr/include/x86_64-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/x86_64-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stddef.h:
+
+/usr/include/x86_64-linux-gnu/bits/types.h:
+
+/usr/include/x86_64-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitflags.h:
+
+/usr/include/x86_64-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/endian.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap.h:
+
+/usr/include/x86_64-linux-gnu/bits/byteswap-16.h:
+
+/usr/include/x86_64-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/select.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigset.h:
+
+/usr/include/x86_64-linux-gnu/bits/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/sysmacros.h:
+
+/usr/include/x86_64-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-bsearch.h:
+
+/usr/include/x86_64-linux-gnu/bits/stdlib-float.h:
+
+/usr/include/syslog.h:
+
+/usr/include/x86_64-linux-gnu/sys/syslog.h:
+
+/usr/include/x86_64-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/x86_64-linux-gnu/bits/signum.h:
+
+/usr/include/x86_64-linux-gnu/bits/siginfo.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigaction.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigcontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigstack.h:
+
+/usr/include/x86_64-linux-gnu/sys/ucontext.h:
+
+/usr/include/x86_64-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix_opt.h:
+
+/usr/include/x86_64-linux-gnu/bits/environments.h:
+
+/usr/include/x86_64-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/x86_64-linux-gnu/bits/string.h:
+
+/usr/include/x86_64-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl.h:
+
+/usr/include/x86_64-linux-gnu/bits/fcntl-linux.h:
+
+/usr/include/x86_64-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdbool.h:
+
+/usr/include/x86_64-linux-gnu/sys/socket.h:
+
+/usr/include/x86_64-linux-gnu/sys/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/uio.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket.h:
+
+/usr/include/x86_64-linux-gnu/bits/socket_type.h:
+
+/usr/include/x86_64-linux-gnu/bits/sockaddr.h:
+
+/usr/include/x86_64-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/x86_64-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/x86_64-linux-gnu/sys/un.h:
+
+/usr/include/x86_64-linux-gnu/sys/time.h:
+
+/usr/include/x86_64-linux-gnu/sys/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctls.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/x86_64-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/x86_64-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/x86_64-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/limits.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/x86_64-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/x86_64-linux-gnu/bits/param.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/x86_64-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/x86_64-linux-gnu/4.9/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/x86_64-linux-gnu/bits/wchar.h:
+
+/usr/include/x86_64-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/x86_64-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/x86_64-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types.h:
+
+/usr/include/x86_64-linux-gnu/asm/posix_types_64.h:
+
+/usr/include/asm-generic/posix_types.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/Makefile b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/Makefile
new file mode 100644
index 0000000..3cce137
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/Makefile
@@ -0,0 +1,493 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# src/Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = x86_64-unknown-linux-gnu
+host_triplet = x86_64-unknown-linux-gnu
+sbin_PROGRAMS = igmpproxy$(EXEEXT)
+subdir = src
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = os.h
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am_igmpproxy_OBJECTS = callout.$(OBJEXT) config.$(OBJEXT) \
+	confread.$(OBJEXT) ifvc.$(OBJEXT) igmp.$(OBJEXT) \
+	igmpproxy.$(OBJEXT) kern.$(OBJEXT) lib.$(OBJEXT) \
+	mcgroup.$(OBJEXT) mroute-api.$(OBJEXT) request.$(OBJEXT) \
+	rttable.$(OBJEXT) syslog.$(OBJEXT) udpsock.$(OBJEXT)
+igmpproxy_OBJECTS = $(am_igmpproxy_OBJECTS)
+igmpproxy_LDADD = $(LDADD)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(igmpproxy_SOURCES)
+DIST_SOURCES = $(igmpproxy_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1/src
+abs_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1/src
+abs_top_builddir = /usr/local/src/igmpproxy/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = x86_64-unknown-linux-gnu
+build_alias = 
+build_cpu = x86_64
+build_os = linux-gnu
+build_vendor = unknown
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = x86_64-unknown-linux-gnu
+host_alias = 
+host_cpu = x86_64
+host_os = linux-gnu
+host_vendor = unknown
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = ../
+top_builddir = ..
+top_srcdir = ..
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p; \
+	  then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' `; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
+igmpproxy$(EXEEXT): $(igmpproxy_OBJECTS) $(igmpproxy_DEPENDENCIES) 
+	@rm -f igmpproxy$(EXEEXT)
+	$(LINK) $(igmpproxy_OBJECTS) $(igmpproxy_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+include ./$(DEPDIR)/callout.Po
+include ./$(DEPDIR)/config.Po
+include ./$(DEPDIR)/confread.Po
+include ./$(DEPDIR)/ifvc.Po
+include ./$(DEPDIR)/igmp.Po
+include ./$(DEPDIR)/igmpproxy.Po
+include ./$(DEPDIR)/kern.Po
+include ./$(DEPDIR)/lib.Po
+include ./$(DEPDIR)/mcgroup.Po
+include ./$(DEPDIR)/mroute-api.Po
+include ./$(DEPDIR)/request.Po
+include ./$(DEPDIR)/rttable.Po
+include ./$(DEPDIR)/syslog.Po
+include ./$(DEPDIR)/udpsock.Po
+
+.c.o:
+	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+#	source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(COMPILE) -c $<
+
+.c.obj:
+	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+#	source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+	for dir in "$(DESTDIR)$(sbindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-sbinPROGRAMS ctags distclean distclean-compile \
+	distclean-generic distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-sbinPROGRAMS install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-sbinPROGRAMS
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/Makefile.am b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/Makefile.am
new file mode 100644
index 0000000..fb63ff3
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/Makefile.am
@@ -0,0 +1,22 @@
+sbin_PROGRAMS = igmpproxy
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/Makefile.in b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/Makefile.in
new file mode 100644
index 0000000..ab670af
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/Makefile.in
@@ -0,0 +1,493 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+sbin_PROGRAMS = igmpproxy$(EXEEXT)
+subdir = src
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = os.h
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am_igmpproxy_OBJECTS = callout.$(OBJEXT) config.$(OBJEXT) \
+	confread.$(OBJEXT) ifvc.$(OBJEXT) igmp.$(OBJEXT) \
+	igmpproxy.$(OBJEXT) kern.$(OBJEXT) lib.$(OBJEXT) \
+	mcgroup.$(OBJEXT) mroute-api.$(OBJEXT) request.$(OBJEXT) \
+	rttable.$(OBJEXT) syslog.$(OBJEXT) udpsock.$(OBJEXT)
+igmpproxy_OBJECTS = $(am_igmpproxy_OBJECTS)
+igmpproxy_LDADD = $(LDADD)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(igmpproxy_SOURCES)
+DIST_SOURCES = $(igmpproxy_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p; \
+	  then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' `; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
+igmpproxy$(EXEEXT): $(igmpproxy_OBJECTS) $(igmpproxy_DEPENDENCIES) 
+	@rm -f igmpproxy$(EXEEXT)
+	$(LINK) $(igmpproxy_OBJECTS) $(igmpproxy_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callout.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/config.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/confread.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ifvc.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/igmp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/igmpproxy.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kern.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mcgroup.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mroute-api.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/request.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rttable.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/syslog.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/udpsock.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+	for dir in "$(DESTDIR)$(sbindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-sbinPROGRAMS ctags distclean distclean-compile \
+	distclean-generic distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-sbinPROGRAMS install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-sbinPROGRAMS
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/callout.c b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/callout.c
new file mode 100644
index 0000000..4edfe5e
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/callout.c
@@ -0,0 +1,255 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+
+#include "igmpproxy.h"
+
+/* the code below implements a callout queue */
+static int id = 0;
+static struct timeOutQueue  *queue = 0; /* pointer to the beginning of timeout queue */
+
+struct timeOutQueue {
+    struct timeOutQueue    *next;   // Next event in queue
+    int                     id;  
+    timer_f                 func;   // function to call
+    void                    *data;  // Data for function
+    int                     time;   // Time offset for next event
+};
+
+// Method for dumping the Queue to the log.
+static void debugQueue(void);
+
+/**
+*   Initializes the callout queue
+*/
+void callout_init() {
+    queue = NULL;
+}
+
+/**
+*   Clears all scheduled timeouts...
+*/
+void free_all_callouts() {
+    struct timeOutQueue *p;
+
+    while (queue) {
+        p = queue;
+        queue = queue->next;
+        free(p);
+    }
+}
+
+
+/**
+ * elapsed_time seconds have passed; perform all the events that should
+ * happen.
+ */
+void age_callout_queue(int elapsed_time) {
+    struct timeOutQueue *ptr;
+    int i = 0;
+
+    for (ptr = queue; ptr; ptr = queue, i++) {
+        if (ptr->time > elapsed_time) {
+            ptr->time -= elapsed_time;
+            return;
+        } else {
+            elapsed_time -= ptr->time;
+            queue = queue->next;
+            my_log(LOG_DEBUG, 0, "About to call timeout %d (#%d)", ptr->id, i);
+
+            if (ptr->func)
+                ptr->func(ptr->data);
+            free(ptr);
+        }
+    }
+}
+
+/**
+ * Return in how many seconds age_callout_queue() would like to be called.
+ * Return -1 if there are no events pending.
+ */
+int timer_nextTimer() {
+    if (queue) {
+        if (queue->time < 0) {
+            my_log(LOG_WARNING, 0, "timer_nextTimer top of queue says %d", 
+                queue->time);
+            return 0;
+        }
+        return queue->time;
+    }
+    return -1;
+}
+
+/**
+ *  Inserts a timer in queue.
+ *  @param delay - Number of seconds the timeout should happen in.
+ *  @param action - The function to call on timeout.
+ *  @param data - Pointer to the function data to supply...
+ */
+int timer_setTimer(int delay, timer_f action, void *data) {
+    struct     timeOutQueue  *ptr, *node, *prev;
+    int i = 0;
+
+    /* create a node */ 
+    node = (struct timeOutQueue *)malloc(sizeof(struct timeOutQueue));
+    if (node == 0) {
+        my_log(LOG_WARNING, 0, "Malloc Failed in timer_settimer\n");
+        return -1;
+    }
+    node->func = action; 
+    node->data = data;
+    node->time = delay; 
+    node->next = 0; 
+    node->id   = ++id;
+
+    prev = ptr = queue;
+
+    /* insert node in the queue */
+
+    /* if the queue is empty, insert the node and return */
+    if (!queue) {
+        queue = node;
+    }
+    else {
+        /* chase the pointer looking for the right place */
+        while (ptr) {
+            if (delay < ptr->time) {
+                // We found the correct node
+                node->next = ptr;
+                if (ptr == queue) {
+                    queue = node;
+                }
+                else {
+                    prev->next = node;
+                }
+                ptr->time -= node->time;
+		my_log(LOG_DEBUG, 0,
+			"Created timeout %d (#%d) - delay %d secs",
+			node->id, i, node->time);
+		debugQueue();
+                return node->id;
+            } else {
+                // Continur to check nodes.
+                delay -= ptr->time; node->time = delay;
+                prev = ptr;
+                ptr = ptr->next;
+            }
+            i++;
+        }
+        prev->next = node;
+    }
+    my_log(LOG_DEBUG, 0, "Created timeout %d (#%d) - delay %d secs", 
+            node->id, i, node->time);
+    debugQueue();
+
+    return node->id;
+}
+
+/**
+*   returns the time until the timer is scheduled 
+*/
+int timer_leftTimer(int timer_id) {
+    struct timeOutQueue *ptr;
+    int left = 0;
+
+    if (!timer_id)
+        return -1;
+
+    for (ptr = queue; ptr; ptr = ptr->next) {
+        left += ptr->time;
+        if (ptr->id == timer_id) {
+            return left;
+        }
+    }
+    return -1;
+}
+
+/**
+*   clears the associated timer.  Returns 1 if succeeded. 
+*/
+int timer_clearTimer(int  timer_id) {
+    struct timeOutQueue  *ptr, *prev;
+    int i = 0;
+
+    if (!timer_id)
+        return 0;
+
+    prev = ptr = queue;
+
+    /*
+     * find the right node, delete it. the subsequent node's time
+     * gets bumped up
+     */
+
+    debugQueue();
+    while (ptr) {
+        if (ptr->id == timer_id) {
+            /* got the right node */
+
+            /* unlink it from the queue */
+            if (ptr == queue)
+                queue = queue->next;
+            else
+                prev->next = ptr->next;
+
+            /* increment next node if any */
+            if (ptr->next != 0)
+                (ptr->next)->time += ptr->time;
+
+            if (ptr->data)
+                free(ptr->data);
+            my_log(LOG_DEBUG, 0, "deleted timer %d (#%d)", ptr->id, i);
+            free(ptr);
+            debugQueue();
+            return 1;
+        }
+        prev = ptr;
+        ptr = ptr->next;
+        i++;
+    }
+    // If we get here, the timer was not deleted.
+    my_log(LOG_DEBUG, 0, "failed to delete timer %d (#%d)", timer_id, i);
+    debugQueue();
+    return 0;
+}
+
+/**
+ * debugging utility
+ */
+static void debugQueue() {
+    struct timeOutQueue  *ptr;
+
+    for (ptr = queue; ptr; ptr = ptr->next) {
+            my_log(LOG_DEBUG, 0, "(Id:%d, Time:%d) ", ptr->id, ptr->time);
+    }
+}
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/callout.o b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/callout.o
new file mode 100644
index 0000000..f7ee6ef
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/callout.o differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/config.c b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/config.c
new file mode 100644
index 0000000..5a96ce0
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/config.c
@@ -0,0 +1,361 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   config.c - Contains functions to load and parse config
+*              file, and functions to configure the daemon.              
+*/
+
+#include "igmpproxy.h"
+                                      
+// Structure to keep configuration for VIFs...    
+struct vifconfig {
+    char*               name;
+    short               state;
+    int                 ratelimit;
+    int                 threshold;
+
+    // Keep allowed nets for VIF.
+    struct SubnetList*  allowednets;
+    
+    // Next config in list...
+    struct vifconfig*   next;
+};
+                 
+// Structure to keep vif configuration
+struct vifconfig*   vifconf;
+
+// Keeps common settings...
+static struct Config commonConfig;
+
+// Prototypes...
+struct vifconfig *parsePhyintToken();
+struct SubnetList *parseSubnetAddress(char *addrstr);
+
+
+/**
+*   Initializes common config..
+*/
+void initCommonConfig() {
+    commonConfig.robustnessValue = DEFAULT_ROBUSTNESS;
+    commonConfig.queryInterval = INTERVAL_QUERY;
+    commonConfig.queryResponseInterval = INTERVAL_QUERY_RESPONSE;
+
+    // The defaults are calculated from other settings.
+    commonConfig.startupQueryInterval = (unsigned int)(INTERVAL_QUERY / 4);
+    commonConfig.startupQueryCount = DEFAULT_ROBUSTNESS;
+
+    // Default values for leave intervals...
+    commonConfig.lastMemberQueryInterval = INTERVAL_QUERY_RESPONSE;
+    commonConfig.lastMemberQueryCount    = DEFAULT_ROBUSTNESS;
+
+    // If 1, a leave message is sent upstream on leave messages from downstream.
+    commonConfig.fastUpstreamLeave = 0;
+
+}
+
+/**
+*   Returns a pointer to the common config...
+*/
+struct Config *getCommonConfig() {
+    return &commonConfig;
+}
+
+/**
+*   Loads the configuration from file, and stores the config in 
+*   respective holders...
+*/                 
+int loadConfig(char *configFile) {
+    struct vifconfig  *tmpPtr;
+    struct vifconfig  **currPtr = &vifconf;
+    char *token;
+    
+    // Initialize common config
+    initCommonConfig();
+
+    // Test config file reader...
+    if(!openConfigFile(configFile)) {
+        my_log(LOG_ERR, 0, "Unable to open configfile from %s", configFile);
+    }
+
+    // Get first token...
+    token = nextConfigToken();
+    if(token == NULL) {
+        my_log(LOG_ERR, 0, "Config file was empty.");
+    }
+
+    // Loop until all configuration is read.
+    while ( token != NULL ) {
+        // Check token...
+        if(strcmp("phyint", token)==0) {
+            // Got a phyint token... Call phyint parser
+            my_log(LOG_DEBUG, 0, "Config: Got a phyint token.");
+            tmpPtr = parsePhyintToken();
+            if(tmpPtr == NULL) {
+                // Unparsable token... Exit...
+                closeConfigFile();
+                my_log(LOG_WARNING, 0, "Unknown token '%s' in configfile", token);
+                return 0;
+            } else {
+
+                my_log(LOG_DEBUG, 0, "IF name : %s", tmpPtr->name);
+                my_log(LOG_DEBUG, 0, "Next ptr : %x", tmpPtr->next);
+                my_log(LOG_DEBUG, 0, "Ratelimit : %d", tmpPtr->ratelimit);
+                my_log(LOG_DEBUG, 0, "Threshold : %d", tmpPtr->threshold);
+                my_log(LOG_DEBUG, 0, "State : %d", tmpPtr->state);
+                my_log(LOG_DEBUG, 0, "Allowednet ptr : %x", tmpPtr->allowednets);
+
+                // Insert config, and move temppointer to next location...
+                *currPtr = tmpPtr;
+                currPtr = &tmpPtr->next;
+            }
+        } 
+        else if(strcmp("quickleave", token)==0) {
+            // Got a quickleave token....
+            my_log(LOG_DEBUG, 0, "Config: Quick leave mode enabled.");
+            commonConfig.fastUpstreamLeave = 1;
+            
+            // Read next token...
+            token = nextConfigToken();
+            continue;
+        } else {
+            // Unparsable token... Exit...
+            closeConfigFile();
+            my_log(LOG_WARNING, 0, "Unknown token '%s' in configfile", token);
+            return 0;
+        }
+        // Get token that was not recognized by phyint parser.
+        token = getCurrentConfigToken();
+    }
+
+    // Close the configfile...
+    closeConfigFile();
+
+    return 1;
+}
+
+/**
+*   Appends extra VIF configuration from config file.
+*/
+void configureVifs() {
+    unsigned Ix;
+    struct IfDesc *Dp;
+    struct vifconfig *confPtr;
+
+    // If no config is availible, just return...
+    if(vifconf == NULL) {
+        return;
+    }
+
+    // Loop through all VIFs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+
+            // Now try to find a matching config...
+            for( confPtr = vifconf; confPtr; confPtr = confPtr->next) {
+
+                // I the VIF names match...
+                if(strcmp(Dp->Name, confPtr->name)==0) {
+                    struct SubnetList *vifLast;
+
+                    my_log(LOG_DEBUG, 0, "Found config for %s", Dp->Name);
+
+
+                    // Set the VIF state 
+                    Dp->state = confPtr->state;
+                    
+                    Dp->threshold = confPtr->threshold;
+                    Dp->ratelimit = confPtr->ratelimit;
+
+                    // Go to last allowed net on VIF...
+                    for(vifLast = Dp->allowednets; vifLast->next; vifLast = vifLast->next);
+                        
+                    // Insert the configured nets...
+                    vifLast->next = confPtr->allowednets;
+
+                    break;
+                }
+            }
+        }
+    }
+}
+
+
+/**
+*   Internal function to parse phyint config
+*/
+struct vifconfig *parsePhyintToken() {
+    struct vifconfig  *tmpPtr;
+    struct SubnetList **anetPtr;
+    char *token;
+    short parseError = 0;
+
+    // First token should be the interface name....
+    token = nextConfigToken();
+
+    // Sanitycheck the name...
+    if(token == NULL) return NULL;
+    if(strlen(token) >= IF_NAMESIZE) return NULL;
+    my_log(LOG_DEBUG, 0, "Config: IF: Config for interface %s.", token);
+
+    // Allocate memory for configuration...
+    tmpPtr = (struct vifconfig*)malloc(sizeof(struct vifconfig));
+    if(tmpPtr == NULL) {
+        my_log(LOG_ERR, 0, "Out of memory.");
+    }
+
+    // Set default values...
+    tmpPtr->next = NULL;    // Important to avoid seg fault...
+    tmpPtr->ratelimit = 0;
+    tmpPtr->threshold = 1;
+    tmpPtr->state = IF_STATE_DOWNSTREAM;
+    tmpPtr->allowednets = NULL;
+
+    // Make a copy of the token to store the IF name
+    tmpPtr->name = strdup( token );
+    if(tmpPtr->name == NULL) {
+        my_log(LOG_ERR, 0, "Out of memory.");
+    }
+
+    // Set the altnet pointer to the allowednets pointer.
+    anetPtr = &tmpPtr->allowednets;
+
+    // Parse the rest of the config..
+    token = nextConfigToken();
+    while(token != NULL) {
+        if(strcmp("altnet", token)==0) {
+            // Altnet...
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got altnet token %s.",token);
+
+            *anetPtr = parseSubnetAddress(token);
+            if(*anetPtr == NULL) {
+                parseError = 1;
+                my_log(LOG_WARNING, 0, "Unable to parse subnet address.");
+                break;
+            } else {
+                anetPtr = &(*anetPtr)->next;
+            }
+        }
+        else if(strcmp("upstream", token)==0) {
+            // Upstream
+            my_log(LOG_DEBUG, 0, "Config: IF: Got upstream token.");
+            tmpPtr->state = IF_STATE_UPSTREAM;
+        }
+        else if(strcmp("downstream", token)==0) {
+            // Downstream
+            my_log(LOG_DEBUG, 0, "Config: IF: Got downstream token.");
+            tmpPtr->state = IF_STATE_DOWNSTREAM;
+        }
+        else if(strcmp("disabled", token)==0) {
+            // Disabled
+            my_log(LOG_DEBUG, 0, "Config: IF: Got disabled token.");
+            tmpPtr->state = IF_STATE_DISABLED;
+        }
+        else if(strcmp("ratelimit", token)==0) {
+            // Ratelimit
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got ratelimit token '%s'.", token);
+            tmpPtr->ratelimit = atoi( token );
+            if(tmpPtr->ratelimit < 0) {
+                my_log(LOG_WARNING, 0, "Ratelimit must be 0 or more.");
+                parseError = 1;
+                break;
+            }
+        }
+        else if(strcmp("threshold", token)==0) {
+            // Threshold
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got threshold token '%s'.", token);
+            tmpPtr->threshold = atoi( token );
+            if(tmpPtr->threshold <= 0 || tmpPtr->threshold > 255) {
+                my_log(LOG_WARNING, 0, "Threshold must be between 1 and 255.");
+                parseError = 1;
+                break;
+            }
+        }
+        else {
+            // Unknown token. Break...
+            break;
+        }
+        token = nextConfigToken();
+    }
+
+    // Clean up after a parseerror...
+    if(parseError) {
+        free(tmpPtr);
+        tmpPtr = NULL;
+    }
+
+    return tmpPtr;
+}
+
+/**
+*   Parses a subnet address string on the format
+*   a.b.c.d/n into a SubnetList entry.
+*/
+struct SubnetList *parseSubnetAddress(char *addrstr) {
+    struct SubnetList *tmpSubnet;
+    char        *tmpStr;
+    uint32_t      addr = 0x00000000;
+    uint32_t      mask = 0xFFFFFFFF;
+
+    // First get the network part of the address...
+    tmpStr = strtok(addrstr, "/");
+    addr = inet_addr(tmpStr);
+
+    tmpStr = strtok(NULL, "/");
+    if(tmpStr != NULL) {
+        int bitcnt = atoi(tmpStr);
+        if(bitcnt <= 0 || bitcnt > 32) {
+            my_log(LOG_WARNING, 0, "The bits part of the address is invalid : %d.",tmpStr);
+            return NULL;
+        }
+
+        mask <<= (32 - bitcnt);
+    }
+
+    if(addr == -1 || addr == 0) {
+        my_log(LOG_WARNING, 0, "Unable to parse address token '%s'.", addrstr);
+        return NULL;
+    }
+
+    tmpSubnet = (struct SubnetList*) malloc(sizeof(struct SubnetList));
+    tmpSubnet->subnet_addr = addr;
+    tmpSubnet->subnet_mask = ntohl(mask);
+    tmpSubnet->next = NULL;
+
+    my_log(LOG_DEBUG, 0, "Config: IF: Altnet: Parsed altnet to %s.",
+	    inetFmts(tmpSubnet->subnet_addr, tmpSubnet->subnet_mask,s1));
+
+    return tmpSubnet;
+}
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/config.o b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/config.o
new file mode 100644
index 0000000..95ddb6d
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/config.o differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/confread.c b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/confread.c
new file mode 100644
index 0000000..6e267dc
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/confread.c
@@ -0,0 +1,213 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   confread.c
+*
+*   Generic config file reader. Used to open a config file,
+*   and read the tokens from it. The parser is really simple,
+*   and does no backlogging. This means that no form of
+*   text escaping and qouting is currently supported.
+*   '#' chars are read as comments, and the comment lasts until 
+*   a newline or EOF
+*
+*/
+
+#include "igmpproxy.h"
+
+#define     READ_BUFFER_SIZE    512   // Inputbuffer size...
+        
+#ifndef MAX_TOKEN_LENGTH
+  #define MAX_TOKEN_LENGTH  30     // Default max token length
+#endif
+                                     
+FILE            *confFilePtr;       // File handle pointer
+char            *iBuffer;           // Inputbuffer for reading...
+unsigned int    bufPtr;             // Buffer position pointer.
+unsigned int    readSize;           // Number of bytes in buffer after last read...
+char    cToken[MAX_TOKEN_LENGTH];   // Token buffer...
+short   validToken;
+
+/**
+*   Opens config file specified by filename.
+*/    
+int openConfigFile(char *filename) {
+
+    // Set the buffer to null initially...
+    iBuffer = NULL;
+
+    // Open the file for reading...
+    confFilePtr = fopen(filename, "r");
+    
+    // On error, return false
+    if(confFilePtr == NULL) {
+        return 0;
+    }
+    
+    // Allocate memory for inputbuffer...
+    iBuffer = (char*) malloc( sizeof(char) * READ_BUFFER_SIZE );
+    
+    if(iBuffer == NULL) {
+        closeConfigFile();
+        return 0;
+    }
+    
+    // Reset bufferpointer and readsize
+    bufPtr = 0;
+    readSize = 0;
+
+    return 1;
+}
+
+/**
+*   Closes the currently open config file.
+*/
+void closeConfigFile() {
+    // Close the file.
+    if(confFilePtr!=NULL) {
+        fclose(confFilePtr);
+    }
+    // Free input buffer memory...
+    if(iBuffer != NULL) {
+        free(iBuffer);
+    }
+}
+
+/**
+*   Returns the next token from the configfile. The function
+*   return NULL if there are no more tokens in the file.    
+*/
+char *nextConfigToken() {
+
+    validToken = 0;
+
+    // If no file or buffer, return NULL
+    if(confFilePtr == NULL || iBuffer == NULL) {
+        return NULL;
+    }
+
+    {
+        unsigned int tokenPtr       = 0;
+        unsigned short finished     = 0;
+        unsigned short commentFound = 0;
+
+        // Outer buffer fill loop...
+        while ( !finished ) {
+            // If readpointer is at the end of the buffer, we should read next chunk...
+            if(bufPtr == readSize) {
+                // Fill up the buffer...
+                readSize = fread (iBuffer, sizeof(char), READ_BUFFER_SIZE, confFilePtr);
+                bufPtr = 0;
+
+                // If the readsize is 0, we should just return...
+                if(readSize == 0) {
+                    return NULL;
+                }
+            }
+
+            // Inner char loop...
+            while ( bufPtr < readSize && !finished ) {
+
+                //printf("Char %s", iBuffer[bufPtr]);
+
+                // Break loop on \0
+                if(iBuffer[bufPtr] == '\0') {
+                    break;
+                }
+
+                if( commentFound ) {
+                    if( iBuffer[bufPtr] == '\n' ) {
+                        commentFound = 0;
+                    }
+                } else {
+
+                    // Check current char...
+                    switch(iBuffer[bufPtr]) {
+                    case '#':
+                        // Found a comment start...
+                        commentFound = 1;
+                        break;
+
+                    case '\n':
+                    case '\r':
+                    case '\t':
+                    case ' ':
+                        // Newline, CR, Tab and space are end of token, or ignored.
+                        if(tokenPtr > 0) {
+                            cToken[tokenPtr] = '\0';    // EOL
+                            finished = 1;
+                        }
+                        break;
+
+                    default:
+                        // Append char to token...
+                        cToken[tokenPtr++] = iBuffer[bufPtr];
+                        break;
+                    }
+                
+                }
+
+                // Check end of token buffer !!!
+                if(tokenPtr == MAX_TOKEN_LENGTH - 1) {
+                    // Prevent buffer overrun...
+                    cToken[tokenPtr] = '\0';
+                    finished = 1;
+                }
+
+                // Next char...
+                bufPtr++;
+            }
+            // If the readsize is less than buffersize, we assume EOF.
+            if(readSize < READ_BUFFER_SIZE && bufPtr == readSize) {
+                if (tokenPtr > 0)
+                    finished = 1;
+                else
+                    return NULL;
+            }
+        }
+        if(tokenPtr>0) {
+            validToken = 1;
+            return cToken;
+        }
+    }
+    return NULL;
+}
+
+
+/**
+*   Returns the currently active token, or null
+*   if no tokens are availible.
+*/
+char *getCurrentConfigToken() {
+    return validToken ? cToken : NULL;
+}
+
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/confread.o b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/confread.o
new file mode 100644
index 0000000..9c1e7bc
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/confread.o differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/ifvc.c b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/ifvc.c
new file mode 100644
index 0000000..545b3b4
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/ifvc.c
@@ -0,0 +1,255 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+struct IfDesc IfDescVc[ MAX_IF ], *IfDescEp = IfDescVc;
+
+/*
+** Builds up a vector with the interface of the machine. Calls to the other functions of 
+** the module will fail if they are called before the vector is build.
+**          
+*/
+void buildIfVc() {
+    struct ifreq IfVc[ sizeof( IfDescVc ) / sizeof( IfDescVc[ 0 ] )  ];
+    struct ifreq *IfEp;
+
+    int Sock;
+
+    if ( (Sock = socket( AF_INET, SOCK_DGRAM, 0 )) < 0 )
+        my_log( LOG_ERR, errno, "RAW socket open" );
+
+    /* get If vector
+     */
+    {
+        struct ifconf IoCtlReq;
+
+        IoCtlReq.ifc_buf = (void *)IfVc;
+        IoCtlReq.ifc_len = sizeof( IfVc );
+
+        if ( ioctl( Sock, SIOCGIFCONF, &IoCtlReq ) < 0 )
+            my_log( LOG_ERR, errno, "ioctl SIOCGIFCONF" );
+
+        IfEp = (void *)((char *)IfVc + IoCtlReq.ifc_len);
+    }
+
+    /* loop over interfaces and copy interface info to IfDescVc
+     */
+    {
+        struct ifreq  *IfPt, *IfNext;
+
+        // Temp keepers of interface params...
+        uint32_t addr, subnet, mask;
+
+        for ( IfPt = IfVc; IfPt < IfEp; IfPt = IfNext ) {
+            struct ifreq IfReq;
+            char FmtBu[ 32 ];
+
+	    IfNext = (struct ifreq *)((char *)&IfPt->ifr_addr +
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+				    IfPt->ifr_addr.sa_len
+#else
+				    sizeof(struct sockaddr_in)
+#endif
+		    );
+	    if (IfNext < IfPt + 1)
+		    IfNext = IfPt + 1;
+
+            strncpy( IfDescEp->Name, IfPt->ifr_name, sizeof( IfDescEp->Name ) );
+
+            // Currently don't set any allowed nets...
+            //IfDescEp->allowednets = NULL;
+
+            // Set the index to -1 by default.
+            IfDescEp->index = -1;
+
+            /* don't retrieve more info for non-IP interfaces
+             */
+            if ( IfPt->ifr_addr.sa_family != AF_INET ) {
+                IfDescEp->InAdr.s_addr = 0;  /* mark as non-IP interface */
+                IfDescEp++;
+                continue;
+            }
+
+            // Get the interface adress...
+            IfDescEp->InAdr = ((struct sockaddr_in *)&IfPt->ifr_addr)->sin_addr;
+            addr = IfDescEp->InAdr.s_addr;
+
+            memcpy( IfReq.ifr_name, IfDescEp->Name, sizeof( IfReq.ifr_name ) );
+            IfReq.ifr_addr.sa_family = AF_INET;
+            ((struct sockaddr_in *)&IfReq.ifr_addr)->sin_addr.s_addr = addr;
+
+            // Get the subnet mask...
+            if (ioctl(Sock, SIOCGIFNETMASK, &IfReq ) < 0)
+                my_log(LOG_ERR, errno, "ioctl SIOCGIFNETMASK for %s", IfReq.ifr_name);
+            mask = ((struct sockaddr_in *)&IfReq.ifr_addr)->sin_addr.s_addr;
+            subnet = addr & mask;
+
+            /* get if flags
+            **
+            ** typical flags:
+            ** lo    0x0049 -> Running, Loopback, Up
+            ** ethx  0x1043 -> Multicast, Running, Broadcast, Up
+            ** ipppx 0x0091 -> NoArp, PointToPoint, Up 
+            ** grex  0x00C1 -> NoArp, Running, Up
+            ** ipipx 0x00C1 -> NoArp, Running, Up
+            */
+            if ( ioctl( Sock, SIOCGIFFLAGS, &IfReq ) < 0 )
+                my_log( LOG_ERR, errno, "ioctl SIOCGIFFLAGS" );
+
+            IfDescEp->Flags = IfReq.ifr_flags;
+
+            // Insert the verified subnet as an allowed net...
+            IfDescEp->allowednets = (struct SubnetList *)malloc(sizeof(struct SubnetList));
+            if(IfDescEp->allowednets == NULL) my_log(LOG_ERR, 0, "Out of memory !");
+            
+            // Create the network address for the IF..
+            IfDescEp->allowednets->next = NULL;
+            IfDescEp->allowednets->subnet_mask = mask;
+            IfDescEp->allowednets->subnet_addr = subnet;
+
+            // Set the default params for the IF...
+            IfDescEp->state         = IF_STATE_DOWNSTREAM;
+            IfDescEp->robustness    = DEFAULT_ROBUSTNESS;
+            IfDescEp->threshold     = DEFAULT_THRESHOLD;   /* ttl limit */
+            IfDescEp->ratelimit     = DEFAULT_RATELIMIT; 
+            
+
+            // Debug log the result...
+            my_log( LOG_DEBUG, 0, "buildIfVc: Interface %s Addr: %s, Flags: 0x%04x, Network: %s",
+                 IfDescEp->Name,
+                 fmtInAdr( FmtBu, IfDescEp->InAdr ),
+                 IfDescEp->Flags,
+                 inetFmts(subnet,mask, s1));
+
+            IfDescEp++;
+        } 
+    }
+
+    close( Sock );
+}
+
+/*
+** Returns a pointer to the IfDesc of the interface 'IfName'
+**
+** returns: - pointer to the IfDesc of the requested interface
+**          - NULL if no interface 'IfName' exists
+**          
+*/
+struct IfDesc *getIfByName( const char *IfName ) {
+    struct IfDesc *Dp;
+
+    for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ )
+        if ( ! strcmp( IfName, Dp->Name ) )
+            return Dp;
+
+    return NULL;
+}
+
+/*
+** Returns a pointer to the IfDesc of the interface 'Ix'
+**
+** returns: - pointer to the IfDesc of the requested interface
+**          - NULL if no interface 'Ix' exists
+**          
+*/
+struct IfDesc *getIfByIx( unsigned Ix ) {
+    struct IfDesc *Dp = &IfDescVc[ Ix ];
+    return Dp < IfDescEp ? Dp : NULL;
+}
+
+/**
+*   Returns a pointer to the IfDesc whose subnet matches
+*   the supplied IP adress. The IP must match a interfaces
+*   subnet, or any configured allowed subnet on a interface.
+*/
+struct IfDesc *getIfByAddress( uint32_t ipaddr ) {
+
+    struct IfDesc       *Dp;
+    struct SubnetList   *currsubnet;
+    struct IfDesc       *res = NULL;
+    uint32_t            last_subnet_mask = 0;
+
+    for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ ) {
+        // Loop through all registered allowed nets of the VIF...
+        for(currsubnet = Dp->allowednets; currsubnet != NULL; currsubnet = currsubnet->next) {
+            // Check if the ip falls in under the subnet....
+            if(currsubnet->subnet_mask > last_subnet_mask && (ipaddr & currsubnet->subnet_mask) == currsubnet->subnet_addr) {
+                res = Dp;
+                last_subnet_mask = currsubnet->subnet_mask;
+            }
+        }
+    }
+    return res;
+}
+
+
+/**
+*   Returns a pointer to the IfDesc whose subnet matches
+*   the supplied IP adress. The IP must match a interfaces
+*   subnet, or any configured allowed subnet on a interface.
+*/
+struct IfDesc *getIfByVifIndex( unsigned vifindex ) {
+    struct IfDesc       *Dp;
+    if(vifindex>0) {
+        for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ ) {
+            if(Dp->index == vifindex) {
+                return Dp;
+            }
+        }
+    }
+    return NULL;
+}
+
+
+/**
+*   Function that checks if a given ipaddress is a valid
+*   address for the supplied VIF.
+*/
+int isAdressValidForIf( struct IfDesc* intrface, uint32_t ipaddr ) {
+    struct SubnetList   *currsubnet;
+    
+    if(intrface == NULL) {
+        return 0;
+    }
+    // Loop through all registered allowed nets of the VIF...
+    for(currsubnet = intrface->allowednets; currsubnet != NULL; currsubnet = currsubnet->next) {
+        // Check if the ip falls in under the subnet....
+        if((ipaddr & currsubnet->subnet_mask) == currsubnet->subnet_addr) {
+            return 1;
+        }
+    }
+    return 0;
+}
+
+
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/ifvc.o b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/ifvc.o
new file mode 100644
index 0000000..94969db
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/ifvc.o differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmp.c b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmp.c
new file mode 100644
index 0000000..a0cd27d
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmp.c
@@ -0,0 +1,281 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmp.h - Recieves IGMP requests, and handle them 
+*            appropriately...
+*/
+
+#include "igmpproxy.h"
+ 
+// Globals                  
+uint32_t     allhosts_group;          /* All hosts addr in net order */
+uint32_t     allrouters_group;          /* All hosts addr in net order */
+              
+extern int MRouterFD;
+
+/*
+ * Open and initialize the igmp socket, and fill in the non-changing
+ * IP header fields in the output packet buffer.
+ */
+void initIgmp() {
+    struct ip *ip;
+
+    recv_buf = malloc(RECV_BUF_SIZE);
+    send_buf = malloc(RECV_BUF_SIZE);
+
+    k_hdr_include(true);    /* include IP header when sending */
+    k_set_rcvbuf(256*1024,48*1024); /* lots of input buffering        */
+    k_set_ttl(1);       /* restrict multicasts to one hop */
+    k_set_loop(false);      /* disable multicast loopback     */
+
+    ip         = (struct ip *)send_buf;
+    memset(ip, 0, sizeof(struct ip));
+    /*
+     * Fields zeroed that aren't filled in later:
+     * - IP ID (let the kernel fill it in)
+     * - Offset (we don't send fragments)
+     * - Checksum (let the kernel fill it in)
+     */
+    ip->ip_v   = IPVERSION;
+    ip->ip_hl  = sizeof(struct ip) >> 2;
+    ip->ip_tos = 0xc0;      /* Internet Control */
+    ip->ip_ttl = MAXTTL;    /* applies to unicasts only */
+    ip->ip_p   = IPPROTO_IGMP;
+
+    allhosts_group   = htonl(INADDR_ALLHOSTS_GROUP);
+    allrouters_group = htonl(INADDR_ALLRTRS_GROUP);
+}
+
+/**
+*   Finds the textual name of the supplied IGMP request.
+*/
+char *igmpPacketKind(u_int type, u_int code) {
+    static char unknown[20];
+
+    switch (type) {
+    case IGMP_MEMBERSHIP_QUERY:     return  "Membership query  ";
+    case IGMP_V1_MEMBERSHIP_REPORT:  return "V1 member report  ";
+    case IGMP_V2_MEMBERSHIP_REPORT:  return "V2 member report  ";
+    case IGMP_V2_LEAVE_GROUP:        return "Leave message     ";
+    
+    default:
+        sprintf(unknown, "unk: 0x%02x/0x%02x    ", type, code);
+        return unknown;
+    }
+}
+
+
+/**
+ * Process a newly received IGMP packet that is sitting in the input
+ * packet buffer.
+ */
+void acceptIgmp(int recvlen) {
+    register uint32_t src, dst, group;
+    struct ip *ip;
+    struct igmp *igmp;
+    int ipdatalen, iphdrlen, igmpdatalen;
+
+    if (recvlen < sizeof(struct ip)) {
+        my_log(LOG_WARNING, 0,
+            "received packet too short (%u bytes) for IP header", recvlen);
+        return;
+    }
+
+    ip        = (struct ip *)recv_buf;
+    src       = ip->ip_src.s_addr;
+    dst       = ip->ip_dst.s_addr;
+
+    /* 
+     * this is most likely a message from the kernel indicating that
+     * a new src grp pair message has arrived and so, it would be 
+     * necessary to install a route into the kernel for this.
+     */
+    if (ip->ip_p == 0) {
+        if (src == 0 || dst == 0) {
+            my_log(LOG_WARNING, 0, "kernel request not accurate");
+        }
+        else {
+            struct IfDesc *checkVIF;
+            
+            // Check if the source address matches a valid address on upstream vif.
+            checkVIF = getIfByIx( upStreamVif );
+            if(checkVIF == 0) {
+                my_log(LOG_ERR, 0, "Upstream VIF was null.");
+                return;
+            } 
+            else if(src == checkVIF->InAdr.s_addr) {
+                my_log(LOG_NOTICE, 0, "Route activation request from %s for %s is from myself. Ignoring.",
+                    inetFmt(src, s1), inetFmt(dst, s2));
+                return;
+            }
+            else if(!isAdressValidForIf(checkVIF, src)) {
+                my_log(LOG_WARNING, 0, "The source address %s for group %s, is not in any valid net for upstream VIF.",
+                    inetFmt(src, s1), inetFmt(dst, s2));
+                return;
+            }
+            
+            // Activate the route.
+            my_log(LOG_DEBUG, 0, "Route activate request from %s to %s",
+		    inetFmt(src,s1), inetFmt(dst,s2));
+            activateRoute(dst, src);
+            
+
+        }
+        return;
+    }
+
+    iphdrlen  = ip->ip_hl << 2;
+    ipdatalen = ip_data_len(ip);
+
+    if (iphdrlen + ipdatalen != recvlen) {
+        my_log(LOG_WARNING, 0,
+            "received packet from %s shorter (%u bytes) than hdr+data length (%u+%u)",
+            inetFmt(src, s1), recvlen, iphdrlen, ipdatalen);
+        return;
+    }
+
+    igmp        = (struct igmp *)(recv_buf + iphdrlen);
+    group       = igmp->igmp_group.s_addr;
+    igmpdatalen = ipdatalen - IGMP_MINLEN;
+    if (igmpdatalen < 0) {
+        my_log(LOG_WARNING, 0,
+            "received IP data field too short (%u bytes) for IGMP, from %s",
+            ipdatalen, inetFmt(src, s1));
+        return;
+    }
+
+    my_log(LOG_NOTICE, 0, "RECV %s from %-15s to %s",
+        igmpPacketKind(igmp->igmp_type, igmp->igmp_code),
+        inetFmt(src, s1), inetFmt(dst, s2) );
+
+    switch (igmp->igmp_type) {
+    case IGMP_V1_MEMBERSHIP_REPORT:
+    case IGMP_V2_MEMBERSHIP_REPORT:
+        acceptGroupReport(src, group, igmp->igmp_type);
+        return;
+    
+    case IGMP_V2_LEAVE_GROUP:
+        acceptLeaveMessage(src, group);
+        return;
+    
+    case IGMP_MEMBERSHIP_QUERY:
+        return;
+
+    default:
+        my_log(LOG_INFO, 0,
+            "ignoring unknown IGMP message type %x from %s to %s",
+            igmp->igmp_type, inetFmt(src, s1),
+            inetFmt(dst, s2));
+        return;
+    }
+}
+
+
+/*
+ * Construct an IGMP message in the output packet buffer.  The caller may
+ * have already placed data in that buffer, of length 'datalen'.
+ */
+void buildIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, int datalen) {
+    struct ip *ip;
+    struct igmp *igmp;
+    extern int curttl;
+
+    ip                      = (struct ip *)send_buf;
+    ip->ip_src.s_addr       = src;
+    ip->ip_dst.s_addr       = dst;
+    ip_set_len(ip, MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen);
+
+    if (IN_MULTICAST(ntohl(dst))) {
+        ip->ip_ttl = curttl;
+    } else {
+        ip->ip_ttl = MAXTTL;
+    }
+
+    igmp                    = (struct igmp *)(send_buf + MIN_IP_HEADER_LEN);
+    igmp->igmp_type         = type;
+    igmp->igmp_code         = code;
+    igmp->igmp_group.s_addr = group;
+    igmp->igmp_cksum        = 0;
+    igmp->igmp_cksum        = inetChksum((u_short *)igmp,
+                                         IGMP_MINLEN + datalen);
+}
+
+/* 
+ * Call build_igmp() to build an IGMP message in the output packet buffer.
+ * Then send the message from the interface with IP address 'src' to
+ * destination 'dst'.
+ */
+void sendIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, int datalen) {
+    struct sockaddr_in sdst;
+    int setloop = 0, setigmpsource = 0;
+
+    buildIgmp(src, dst, type, code, group, datalen);
+
+    if (IN_MULTICAST(ntohl(dst))) {
+        k_set_if(src);
+        setigmpsource = 1;
+        if (type != IGMP_DVMRP || dst == allhosts_group) {
+            setloop = 1;
+            k_set_loop(true);
+        }
+    }
+
+    memset(&sdst, 0, sizeof(sdst));
+    sdst.sin_family = AF_INET;
+#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
+    sdst.sin_len = sizeof(sdst);
+#endif
+    sdst.sin_addr.s_addr = dst;
+    if (sendto(MRouterFD, send_buf,
+               MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen, 0,
+               (struct sockaddr *)&sdst, sizeof(sdst)) < 0) {
+        if (errno == ENETDOWN)
+            my_log(LOG_ERR, errno, "Sender VIF was down.");
+        else
+            my_log(LOG_INFO, errno,
+                "sendto to %s on %s",
+                inetFmt(dst, s1), inetFmt(src, s2));
+    }
+
+    if(setigmpsource) {
+        if (setloop) {
+            k_set_loop(false);
+        }
+        // Restore original...
+        k_set_if(INADDR_ANY);
+    }
+
+    my_log(LOG_DEBUG, 0, "SENT %s from %-15s to %s",
+	    igmpPacketKind(type, code), src == INADDR_ANY ? "INADDR_ANY" :
+	    inetFmt(src, s1), inetFmt(dst, s2));
+}
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmp.o b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmp.o
new file mode 100644
index 0000000..f5ab4d9
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmp.o differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmpproxy b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmpproxy
new file mode 100755
index 0000000..33d002d
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmpproxy differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c
new file mode 100644
index 0000000..1ece15a
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c
@@ -0,0 +1,357 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmpproxy.c - The main file for the IGMP proxy application.
+*
+*   February 2005 - Johnny Egeland
+*/
+
+#include "igmpproxy.h"
+
+static const char Usage[] = 
+"Usage: igmpproxy [-h] [-d] [-v [-v]] <configfile>\n"
+"\n" 
+"   -h   Display this help screen\n"
+"   -d   Run in debug mode. Output all messages on stderr\n"
+"   -v   Be verbose. Give twice to see even debug messages.\n"
+"\n"
+PACKAGE_STRING "\n"
+;
+
+// Local function Prototypes
+static void signalHandler(int);
+int     igmpProxyInit();
+void    igmpProxyCleanUp();
+void    igmpProxyRun();
+
+// Global vars...
+static int sighandled = 0;
+#define	GOT_SIGINT	0x01
+#define	GOT_SIGHUP	0x02
+#define	GOT_SIGUSR1	0x04
+#define	GOT_SIGUSR2	0x08
+
+// The upstream VIF index
+int         upStreamVif;   
+
+/**
+*   Program main method. Is invoked when the program is started
+*   on commandline. The number of commandline arguments, and a
+*   pointer to the arguments are recieved on the line...
+*/    
+int main( int ArgCn, char *ArgVc[] ) {
+
+    // Parse the commandline options and setup basic settings..
+    for (int c; (c = getopt(ArgCn, ArgVc, "vdh")) != -1;) {
+        switch (c) {
+        case 'd':
+            Log2Stderr = true;
+            break;
+        case 'v':
+            if (LogLevel == LOG_INFO)
+                LogLevel = LOG_DEBUG;
+            else
+                LogLevel = LOG_INFO;
+            break;
+        case 'h':
+            fputs(Usage, stderr);
+            exit(0);
+            break;
+        default:
+            exit(1);
+            break;
+        }
+    }
+
+    if (optind != ArgCn - 1) {
+	fputs("You must specify the configuration file.\n", stderr);
+	exit(1);
+    }
+    char *configFilePath = ArgVc[optind];
+
+    // Chech that we are root
+    if (geteuid() != 0) {
+       fprintf(stderr, "igmpproxy: must be root\n");
+       exit(1);
+    }
+
+    openlog("igmpproxy", LOG_PID, LOG_USER);
+
+    // Write debug notice with file path...
+    my_log(LOG_DEBUG, 0, "Searching for config file at '%s'" , configFilePath);
+
+    do {
+
+        // Loads the config file...
+        if( ! loadConfig( configFilePath ) ) {
+            my_log(LOG_ERR, 0, "Unable to load config file...");
+            break;
+        }
+    
+        // Initializes the deamon.
+        if ( !igmpProxyInit() ) {
+            my_log(LOG_ERR, 0, "Unable to initialize IGMPproxy.");
+            break;
+        }
+
+        // Go to the main loop.
+        igmpProxyRun();
+    
+        // Clean up
+        igmpProxyCleanUp();
+
+    } while ( false );
+
+    // Inform that we are exiting.
+    my_log(LOG_INFO, 0, "Shutdown complete....");
+
+    exit(0);
+}
+
+
+
+/**
+*   Handles the initial startup of the daemon.
+*/
+int igmpProxyInit() {
+    struct sigaction sa;
+    int Err;
+
+
+    sa.sa_handler = signalHandler;
+    sa.sa_flags = 0;    /* Interrupt system calls */
+    sigemptyset(&sa.sa_mask);
+    sigaction(SIGTERM, &sa, NULL);
+    sigaction(SIGINT, &sa, NULL);
+
+    // Loads configuration for Physical interfaces...
+    buildIfVc();    
+    
+    // Configures IF states and settings
+    configureVifs();
+
+    switch ( Err = enableMRouter() ) {
+    case 0: break;
+    case EADDRINUSE: my_log( LOG_ERR, EADDRINUSE, "MC-Router API already in use" ); break;
+    default: my_log( LOG_ERR, Err, "MRT_INIT failed" );
+    }
+
+    /* create VIFs for all IP, non-loop interfaces
+     */
+    {
+        unsigned Ix;
+        struct IfDesc *Dp;
+        int     vifcount = 0;
+        upStreamVif = -1;
+
+        for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+
+            if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+                if(Dp->state == IF_STATE_UPSTREAM) {
+                    if(upStreamVif == -1) {
+                        upStreamVif = Ix;
+                    } else {
+                        my_log(LOG_ERR, 0, "Vif #%d was already upstream. Cannot set VIF #%d as upstream as well.",
+                            upStreamVif, Ix);
+                    }
+                }
+
+                addVIF( Dp );
+                vifcount++;
+            }
+        }
+
+        // If there is only one VIF, or no defined upstream VIF, we send an error.
+        if(vifcount < 2 || upStreamVif < 0) {
+            my_log(LOG_ERR, 0, "There must be at least 2 Vif's where one is upstream.");
+        }
+    }  
+    
+    // Initialize IGMP
+    initIgmp();
+    // Initialize Routing table
+    initRouteTable();
+    // Initialize timer
+    callout_init();
+
+
+    return 1;
+}
+
+/**
+*   Clean up all on exit...
+*/
+void igmpProxyCleanUp() {
+
+    my_log( LOG_DEBUG, 0, "clean handler called" );
+    
+    free_all_callouts();    // No more timeouts.
+    clearAllRoutes();       // Remove all routes.
+    disableMRouter();       // Disable the multirout API
+
+}
+
+/**
+*   Main daemon loop.
+*/
+void igmpProxyRun() {
+    // Get the config.
+    //struct Config *config = getCommonConfig();
+    // Set some needed values.
+    register int recvlen;
+    int     MaxFD, Rt, secs;
+    fd_set  ReadFDS;
+    socklen_t dummy = 0;
+    struct  timeval  curtime, lasttime, difftime, tv; 
+    // The timeout is a pointer in order to set it to NULL if nessecary.
+    struct  timeval  *timeout = &tv;
+
+    // Initialize timer vars
+    difftime.tv_usec = 0;
+    gettimeofday(&curtime, NULL);
+    lasttime = curtime;
+
+    // First thing we send a membership query in downstream VIF's...
+    sendGeneralMembershipQuery();
+
+    // Loop until the end...
+    for (;;) {
+
+        // Process signaling...
+        if (sighandled) {
+            if (sighandled & GOT_SIGINT) {
+                sighandled &= ~GOT_SIGINT;
+                my_log(LOG_NOTICE, 0, "Got a interupt signal. Exiting.");
+                break;
+            }
+        }
+
+        // Prepare timeout...
+        secs = timer_nextTimer();
+        if(secs == -1) {
+            timeout = NULL;
+        } else {
+            timeout->tv_usec = 0;
+            timeout->tv_sec = secs;
+        }
+
+        // Prepare for select.
+        MaxFD = MRouterFD;
+
+        FD_ZERO( &ReadFDS );
+        FD_SET( MRouterFD, &ReadFDS );
+
+        // wait for input
+        Rt = select( MaxFD +1, &ReadFDS, NULL, NULL, timeout );
+
+        // log and ignore failures
+        if( Rt < 0 ) {
+            my_log( LOG_WARNING, errno, "select() failure" );
+            continue;
+        }
+        else if( Rt > 0 ) {
+
+            // Read IGMP request, and handle it...
+            if( FD_ISSET( MRouterFD, &ReadFDS ) ) {
+    
+                recvlen = recvfrom(MRouterFD, recv_buf, RECV_BUF_SIZE,
+                                   0, NULL, &dummy);
+                if (recvlen < 0) {
+                    if (errno != EINTR) my_log(LOG_ERR, errno, "recvfrom");
+                    continue;
+                }
+                
+
+                acceptIgmp(recvlen);
+            }
+        }
+
+        // At this point, we can handle timeouts...
+        do {
+            /*
+             * If the select timed out, then there's no other
+             * activity to account for and we don't need to
+             * call gettimeofday.
+             */
+            if (Rt == 0) {
+                curtime.tv_sec = lasttime.tv_sec + secs;
+                curtime.tv_usec = lasttime.tv_usec;
+                Rt = -1; /* don't do this next time through the loop */
+            } else {
+                gettimeofday(&curtime, NULL);
+            }
+            difftime.tv_sec = curtime.tv_sec - lasttime.tv_sec;
+            difftime.tv_usec += curtime.tv_usec - lasttime.tv_usec;
+            while (difftime.tv_usec > 1000000) {
+                difftime.tv_sec++;
+                difftime.tv_usec -= 1000000;
+            }
+            if (difftime.tv_usec < 0) {
+                difftime.tv_sec--;
+                difftime.tv_usec += 1000000;
+            }
+            lasttime = curtime;
+            if (secs == 0 || difftime.tv_sec > 0)
+                age_callout_queue(difftime.tv_sec);
+            secs = -1;
+        } while (difftime.tv_sec > 0);
+
+    }
+
+}
+
+/*
+ * Signal handler.  Take note of the fact that the signal arrived
+ * so that the main loop can take care of it.
+ */
+static void signalHandler(int sig) {
+    switch (sig) {
+    case SIGINT:
+    case SIGTERM:
+        sighandled |= GOT_SIGINT;
+        break;
+        /* XXX: Not in use.
+        case SIGHUP:
+            sighandled |= GOT_SIGHUP;
+            break;
+    
+        case SIGUSR1:
+            sighandled |= GOT_SIGUSR1;
+            break;
+    
+        case SIGUSR2:
+            sighandled |= GOT_SIGUSR2;
+            break;
+        */
+    }
+}
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h
new file mode 100644
index 0000000..4dabd1c
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h
@@ -0,0 +1,279 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmpproxy.h - Header file for common includes.
+*/
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <signal.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <stdbool.h>
+
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/time.h>
+#include <sys/ioctl.h>
+#include <sys/param.h>
+
+#include <net/if.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include "os.h"
+#include "config.h"
+
+/*
+ * Limit on length of route data
+ */
+#define MAX_IP_PACKET_LEN	576
+#define MIN_IP_HEADER_LEN	20
+#define MAX_IP_HEADER_LEN	60
+
+#define MAX_MC_VIFS    32     // !!! check this const in the specific includes
+
+// Useful macros..          
+#define VCMC( Vc )  (sizeof( Vc ) / sizeof( (Vc)[ 0 ] ))
+#define VCEP( Vc )  (&(Vc)[ VCMC( Vc ) ])
+
+// Bit manipulation macros...
+#define BIT_ZERO(X)      ((X) = 0)
+#define BIT_SET(X,n)     ((X) |= 1 << (n))
+#define BIT_CLR(X,n)     ((X) &= ~(1 << (n)))
+#define BIT_TST(X,n)     ((X) & 1 << (n))
+
+
+//#################################################################################
+//  Globals
+//#################################################################################
+
+/*
+ * External declarations for global variables and functions.
+ */
+#define RECV_BUF_SIZE 8192
+extern char     *recv_buf;
+extern char     *send_buf;
+
+extern char     s1[];
+extern char     s2[];
+extern char		s3[];
+extern char		s4[];
+
+
+
+//#################################################################################
+//  Lib function prototypes.
+//#################################################################################
+
+/* syslog.c
+ */
+extern bool Log2Stderr;           // Log to stderr instead of to syslog
+extern int  LogLevel;             // Log threshold, LOG_WARNING .... LOG_DEBUG 
+
+void my_log( int Serverity, int Errno, const char *FmtSt, ... );
+
+/* ifvc.c
+ */
+#define MAX_IF         40     // max. number of interfaces recognized 
+
+// Interface states
+#define IF_STATE_DISABLED      0   // Interface should be ignored.
+#define IF_STATE_UPSTREAM      1   // Interface is the upstream interface
+#define IF_STATE_DOWNSTREAM    2   // Interface is a downstream interface
+
+// Multicast default values...
+#define DEFAULT_ROBUSTNESS     2
+#define DEFAULT_THRESHOLD      1
+#define DEFAULT_RATELIMIT      0
+
+// Define timer constants (in seconds...)
+#define INTERVAL_QUERY          125
+#define INTERVAL_QUERY_RESPONSE  10
+//#define INTERVAL_QUERY_RESPONSE  10
+
+#define ROUTESTATE_NOTJOINED            0   // The group corresponding to route is not joined
+#define ROUTESTATE_JOINED               1   // The group corresponding to route is joined
+#define ROUTESTATE_CHECK_LAST_MEMBER    2   // The router is checking for hosts
+
+
+
+// Linked list of networks... 
+struct SubnetList {
+    uint32_t              subnet_addr;
+    uint32_t              subnet_mask;
+    struct SubnetList*  next;
+};
+
+struct IfDesc {
+    char                Name[IF_NAMESIZE];
+    struct in_addr      InAdr;          /* == 0 for non IP interfaces */            
+    short               Flags;
+    short               state;
+    struct SubnetList*  allowednets;
+    unsigned int        robustness;
+    unsigned char       threshold;   /* ttl limit */
+    unsigned int        ratelimit; 
+    unsigned int        index;
+};
+
+// Keeps common configuration settings 
+struct Config {
+    unsigned int        robustnessValue;
+    unsigned int        queryInterval;
+    unsigned int        queryResponseInterval;
+    // Used on startup..
+    unsigned int        startupQueryInterval;
+    unsigned int        startupQueryCount;
+    // Last member probe...
+    unsigned int        lastMemberQueryInterval;
+    unsigned int        lastMemberQueryCount;
+    // Set if upstream leave messages should be sent instantly..
+    unsigned short      fastUpstreamLeave;
+};
+
+// Defines the Index of the upstream VIF...
+extern int upStreamVif;
+
+/* ifvc.c
+ */
+void buildIfVc( void );
+struct IfDesc *getIfByName( const char *IfName );
+struct IfDesc *getIfByIx( unsigned Ix );
+struct IfDesc *getIfByAddress( uint32_t Ix );
+int isAdressValidForIf(struct IfDesc* intrface, uint32_t ipaddr);
+
+/* mroute-api.c
+ */
+struct MRouteDesc {
+    struct in_addr  OriginAdr, McAdr;
+    short           InVif;
+    uint8_t           TtlVc[ MAX_MC_VIFS ];
+};
+
+// IGMP socket as interface for the mrouted API
+// - receives the IGMP messages
+extern int MRouterFD;
+
+int enableMRouter( void );
+void disableMRouter( void );
+void addVIF( struct IfDesc *Dp );
+int addMRoute( struct MRouteDesc * Dp );
+int delMRoute( struct MRouteDesc * Dp );
+int getVifIx( struct IfDesc *IfDp );
+
+/* config.c
+ */
+int loadConfig(char *configFile);
+void configureVifs();
+struct Config *getCommonConfig();
+
+/* igmp.c
+*/
+extern uint32_t allhosts_group;
+extern uint32_t allrouters_group;
+void initIgmp(void);
+void acceptIgmp(int);
+void sendIgmp (uint32_t, uint32_t, int, int, uint32_t,int);
+
+/* lib.c
+ */
+char   *fmtInAdr( char *St, struct in_addr InAdr );
+char   *inetFmt(uint32_t addr, char *s);
+char   *inetFmts(uint32_t addr, uint32_t mask, char *s);
+uint16_t inetChksum(uint16_t *addr, int len);
+
+/* kern.c
+ */
+void k_set_rcvbuf(int bufsize, int minsize);
+void k_hdr_include(int hdrincl);
+void k_set_ttl(int t);
+void k_set_loop(int l);
+void k_set_if(uint32_t ifa);
+/*
+void k_join(uint32_t grp, uint32_t ifa);
+void k_leave(uint32_t grp, uint32_t ifa);
+*/
+
+/* udpsock.c
+ */
+int openUdpSocket( uint32_t PeerInAdr, uint16_t PeerPort );
+
+/* mcgroup.c
+ */
+int joinMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr );
+int leaveMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr );
+
+
+/* rttable.c
+ */
+void initRouteTable();
+void clearAllRoutes();
+int insertRoute(uint32_t group, int ifx);
+int activateRoute(uint32_t group, uint32_t originAddr);
+void ageActiveRoutes();
+void setRouteLastMemberMode(uint32_t group);
+int lastMemberGroupAge(uint32_t group);
+
+/* request.c
+ */
+void acceptGroupReport(uint32_t src, uint32_t group, uint8_t type);
+void acceptLeaveMessage(uint32_t src, uint32_t group);
+void sendGeneralMembershipQuery();
+
+/* callout.c 
+*/
+typedef void (*timer_f)(void *);
+
+void callout_init();
+void free_all_callouts();
+void age_callout_queue(int);
+int timer_nextTimer();
+int timer_setTimer(int, timer_f, void *);
+int timer_clearTimer(int);
+int timer_leftTimer(int);
+
+/* confread.c
+ */
+#define MAX_TOKEN_LENGTH    30
+
+int openConfigFile(char *filename);
+void closeConfigFile();
+char* nextConfigToken();
+char* getCurrentConfigToken();
+
+
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o
new file mode 100644
index 0000000..d232582
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/kern.c b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/kern.c
new file mode 100644
index 0000000..2055636
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/kern.c
@@ -0,0 +1,140 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+
+#include "igmpproxy.h"
+
+int curttl = 0;
+
+void k_set_rcvbuf(int bufsize, int minsize) {
+    int delta = bufsize / 2;
+    int iter = 0;
+
+    /*
+     * Set the socket buffer.  If we can't set it as large as we
+     * want, search around to try to find the highest acceptable
+     * value.  The highest acceptable value being smaller than
+     * minsize is a fatal error.
+     */
+    if (setsockopt(MRouterFD, SOL_SOCKET, SO_RCVBUF,
+                   (char *)&bufsize, sizeof(bufsize)) < 0) {
+        bufsize -= delta;
+        while (1) {
+            iter++;
+            if (delta > 1)
+                delta /= 2;
+
+            if (setsockopt(MRouterFD, SOL_SOCKET, SO_RCVBUF,
+                           (char *)&bufsize, sizeof(bufsize)) < 0) {
+                bufsize -= delta;
+            } else {
+                if (delta < 1024)
+                    break;
+                bufsize += delta;
+            }
+        }
+        if (bufsize < minsize) {
+            my_log(LOG_ERR, 0, "OS-allowed buffer size %u < app min %u",
+                bufsize, minsize);
+            /*NOTREACHED*/
+        }
+    }
+    my_log(LOG_DEBUG, 0, "Got %d byte buffer size in %d iterations", bufsize, iter);
+}
+
+
+void k_hdr_include(int hdrincl) {
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_HDRINCL,
+                   (char *)&hdrincl, sizeof(hdrincl)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_HDRINCL %u", hdrincl);
+}
+
+
+void k_set_ttl(int t) {
+#ifndef RAW_OUTPUT_IS_RAW
+    u_char ttl;
+
+    ttl = t;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_TTL,
+                   (char *)&ttl, sizeof(ttl)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_TTL %u", ttl);
+#endif
+    curttl = t;
+}
+
+
+void k_set_loop(int l) {
+    u_char loop;
+
+    loop = l;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_LOOP,
+                   (char *)&loop, sizeof(loop)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_LOOP %u", loop);
+}
+
+void k_set_if(uint32_t ifa) {
+    struct in_addr adr;
+
+    adr.s_addr = ifa;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_IF,
+                   (char *)&adr, sizeof(adr)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_IF %s",
+            inetFmt(ifa, s1));
+}
+
+/*
+void k_join(uint32_t grp, uint32_t ifa) {
+    struct ip_mreq mreq;
+
+    mreq.imr_multiaddr.s_addr = grp;
+    mreq.imr_interface.s_addr = ifa;
+
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_ADD_MEMBERSHIP,
+                   (char *)&mreq, sizeof(mreq)) < 0)
+        my_log(LOG_WARNING, errno, "can't join group %s on interface %s",
+            inetFmt(grp, s1), inetFmt(ifa, s2));
+}
+
+
+void k_leave(uint32_t grp, uint32_t ifa) {
+    struct ip_mreq mreq;
+
+    mreq.imr_multiaddr.s_addr = grp;
+    mreq.imr_interface.s_addr = ifa;
+
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_DROP_MEMBERSHIP,
+                   (char *)&mreq, sizeof(mreq)) < 0)
+        my_log(LOG_WARNING, errno, "can't leave group %s on interface %s",
+            inetFmt(grp, s1), inetFmt(ifa, s2));
+}
+*/
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/kern.o b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/kern.o
new file mode 100644
index 0000000..4f69834
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/kern.o differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/lib.c b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/lib.c
new file mode 100644
index 0000000..70a730a
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/lib.c
@@ -0,0 +1,148 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+/*
+ * Exported variables.
+ */
+char s1[19];        /* buffers to hold the string representations  */
+char s2[19];        /* of IP addresses, to be passed to inet_fmt() */
+char s3[19];        /* or inet_fmts().                             */
+char s4[19];
+            
+/*
+** Formats 'InAdr' into a dotted decimal string. 
+**
+** returns: - pointer to 'St'
+**          
+*/
+char *fmtInAdr( char *St, struct in_addr InAdr ) {
+    sprintf( St, "%u.%u.%u.%u", 
+             ((uint8_t *)&InAdr.s_addr)[ 0 ],
+             ((uint8_t *)&InAdr.s_addr)[ 1 ],
+             ((uint8_t *)&InAdr.s_addr)[ 2 ],
+             ((uint8_t *)&InAdr.s_addr)[ 3 ] );
+
+    return St;
+}
+
+/*
+ * Convert an IP address in u_long (network) format into a printable string.
+ */
+char *inetFmt(uint32_t addr, char *s) {
+    register u_char *a;
+
+    a = (u_char *)&addr;
+    sprintf(s, "%u.%u.%u.%u", a[0], a[1], a[2], a[3]);
+    return(s);
+}
+
+
+/*
+ * Convert an IP subnet number in u_long (network) format into a printable
+ * string including the netmask as a number of bits.
+ */
+char *inetFmts(uint32_t addr, uint32_t mask, char *s) {
+    register u_char *a, *m;
+    int bits;
+
+    if ((addr == 0) && (mask == 0)) {
+        sprintf(s, "default");
+        return(s);
+    }
+    a = (u_char *)&addr;
+    m = (u_char *)&mask;
+    bits = 33 - ffs(ntohl(mask));
+
+    if (m[3] != 0) sprintf(s, "%u.%u.%u.%u/%d", a[0], a[1], a[2], a[3],
+                           bits);
+    else if (m[2] != 0) sprintf(s, "%u.%u.%u/%d",    a[0], a[1], a[2], bits);
+    else if (m[1] != 0) sprintf(s, "%u.%u/%d",       a[0], a[1], bits);
+    else                sprintf(s, "%u/%d",          a[0], bits);
+
+    return(s);
+}
+
+/*
+ * inet_cksum extracted from:
+ *			P I N G . C
+ *
+ * Author -
+ *	Mike Muuss
+ *	U. S. Army Ballistic Research Laboratory
+ *	December, 1983
+ * Modified at Uc Berkeley
+ *
+ * (ping.c) Status -
+ *	Public Domain.  Distribution Unlimited.
+ *
+ *			I N _ C K S U M
+ *
+ * Checksum routine for Internet Protocol family headers (C Version)
+ *
+ */
+uint16_t inetChksum(uint16_t *addr, int len) {
+    register int nleft = len;
+    register uint16_t *w = addr;
+    uint16_t answer = 0;
+    register int32_t sum = 0;
+
+    /*
+     *  Our algorithm is simple, using a 32 bit accumulator (sum),
+     *  we add sequential 16 bit words to it, and at the end, fold
+     *  back all the carry bits from the top 16 bits into the lower
+     *  16 bits.
+     */
+    while (nleft > 1) {
+        sum += *w++;
+        nleft -= 2;
+    }
+
+    /* mop up an odd byte, if necessary */
+    if (nleft == 1) {
+        *(uint8_t *) (&answer) = *(uint8_t *)w ;
+        sum += answer;
+    }
+
+    /*
+     * add back carry outs from top 16 bits to low 16 bits
+     */
+    sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
+    sum += (sum >> 16);         /* add carry */
+    answer = ~sum;              /* truncate to 16 bits */
+    return(answer);
+}
+
+
+
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/lib.o b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/lib.o
new file mode 100644
index 0000000..786e63b
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/lib.o differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c
new file mode 100644
index 0000000..e657c22
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c
@@ -0,0 +1,86 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   mcgroup contains functions for joining and leaving multicast groups.
+*
+*/
+
+#include "igmpproxy.h"
+       
+
+/**
+*   Common function for joining or leaving a MCast group.
+*/
+static int joinleave( int Cmd, int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    struct ip_mreq CtlReq;
+    const char *CmdSt = Cmd == 'j' ? "join" : "leave";
+    
+    memset(&CtlReq, 0, sizeof(CtlReq));
+    CtlReq.imr_multiaddr.s_addr = mcastaddr;
+    CtlReq.imr_interface.s_addr = IfDp->InAdr.s_addr;
+    
+    {
+        my_log( LOG_NOTICE, 0, "%sMcGroup: %s on %s", CmdSt, 
+            inetFmt( mcastaddr, s1 ), IfDp ? IfDp->Name : "<any>" );
+    }
+    
+    if( setsockopt( UdpSock, IPPROTO_IP, 
+          Cmd == 'j' ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP, 
+          (void *)&CtlReq, sizeof( CtlReq ) ) ) 
+    {
+        my_log( LOG_WARNING, errno, "MRT_%s_MEMBERSHIP failed", Cmd == 'j' ? "ADD" : "DROP" );
+        return 1;
+    }
+    
+    return 0;
+}
+
+/**
+*   Joins the MC group with the address 'McAdr' on the interface 'IfName'. 
+*   The join is bound to the UDP socket 'UdpSock', so if this socket is 
+*   closed the membership is dropped.
+*          
+*   @return 0 if the function succeeds, 1 if parameters are wrong or the join fails
+*/
+int joinMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    return joinleave( 'j', UdpSock, IfDp, mcastaddr );
+}
+
+/**
+*   Leaves the MC group with the address 'McAdr' on the interface 'IfName'. 
+*          
+*   @return 0 if the function succeeds, 1 if parameters are wrong or the join fails
+*/
+int leaveMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    return joinleave( 'l', UdpSock, IfDp, mcastaddr );
+}
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o
new file mode 100644
index 0000000..8b00338
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c
new file mode 100644
index 0000000..7c2be3e
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c
@@ -0,0 +1,242 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   mroute-api.c
+*
+*   This module contains the interface routines to the Linux mrouted API
+*/
+
+
+#include "igmpproxy.h"
+
+// MAX_MC_VIFS from mclab.h must have same value as MAXVIFS from mroute.h
+#if MAX_MC_VIFS != MAXVIFS
+# error "constants don't match, correct mclab.h"
+#endif
+     
+// need an IGMP socket as interface for the mrouted API
+// - receives the IGMP messages
+int         MRouterFD;        /* socket for all network I/O  */
+char        *recv_buf;           /* input packet buffer         */
+char        *send_buf;           /* output packet buffer        */
+
+
+// my internal virtual interfaces descriptor vector  
+static struct VifDesc {
+    struct IfDesc *IfDp;
+} VifDescVc[ MAXVIFS ];
+
+
+
+/*
+** Initialises the mrouted API and locks it by this exclusively.
+**     
+** returns: - 0 if the functions succeeds     
+**          - the errno value for non-fatal failure condition
+*/
+int enableMRouter()
+{
+    int Va = 1;
+
+    if ( (MRouterFD  = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP)) < 0 )
+        my_log( LOG_ERR, errno, "IGMP socket open" );
+
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_INIT, 
+                     (void *)&Va, sizeof( Va ) ) )
+        return errno;
+
+    return 0;
+}
+
+/*
+** Diables the mrouted API and relases by this the lock.
+**          
+*/
+void disableMRouter()
+{
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_DONE, NULL, 0 ) 
+         || close( MRouterFD )
+       ) {
+        MRouterFD = 0;
+        my_log( LOG_ERR, errno, "MRT_DONE/close" );
+    }
+
+    MRouterFD = 0;
+}
+
+/*
+** Adds the interface '*IfDp' as virtual interface to the mrouted API
+** 
+*/
+void addVIF( struct IfDesc *IfDp )
+{
+    struct vifctl VifCtl;
+    struct VifDesc *VifDp;
+
+    /* search free VifDesc
+     */
+    for ( VifDp = VifDescVc; VifDp < VCEP( VifDescVc ); VifDp++ ) {
+        if ( ! VifDp->IfDp )
+            break;
+    }
+
+    /* no more space
+     */
+    if ( VifDp >= VCEP( VifDescVc ) )
+        my_log( LOG_ERR, ENOMEM, "addVIF, out of VIF space" );
+
+    VifDp->IfDp = IfDp;
+
+    VifCtl.vifc_vifi  = VifDp - VifDescVc; 
+    VifCtl.vifc_flags = 0;        /* no tunnel, no source routing, register ? */
+    VifCtl.vifc_threshold  = VifDp->IfDp->threshold;    // Packet TTL must be at least 1 to pass them
+    VifCtl.vifc_rate_limit = VifDp->IfDp->ratelimit;    // Ratelimit
+
+    VifCtl.vifc_lcl_addr.s_addr = VifDp->IfDp->InAdr.s_addr;
+    VifCtl.vifc_rmt_addr.s_addr = INADDR_ANY;
+
+    // Set the index...
+    VifDp->IfDp->index = VifCtl.vifc_vifi;
+
+    my_log( LOG_NOTICE, 0, "adding VIF, Ix %d Fl 0x%x IP 0x%08x %s, Threshold: %d, Ratelimit: %d", 
+         VifCtl.vifc_vifi, VifCtl.vifc_flags,  VifCtl.vifc_lcl_addr.s_addr, VifDp->IfDp->Name,
+         VifCtl.vifc_threshold, VifCtl.vifc_rate_limit);
+
+    struct SubnetList *currSubnet;
+    for(currSubnet = IfDp->allowednets; currSubnet; currSubnet = currSubnet->next) {
+	my_log(LOG_DEBUG, 0, "        Network for [%s] : %s",
+	    IfDp->Name,
+	    inetFmts(currSubnet->subnet_addr, currSubnet->subnet_mask, s1));
+    }
+
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_ADD_VIF, 
+                     (char *)&VifCtl, sizeof( VifCtl ) ) )
+        my_log( LOG_ERR, errno, "MRT_ADD_VIF" );
+
+}
+
+/*
+** Adds the multicast routed '*Dp' to the kernel routes
+**
+** returns: - 0 if the function succeeds
+**          - the errno value for non-fatal failure condition
+*/
+int addMRoute( struct MRouteDesc *Dp )
+{
+    struct mfcctl CtlReq;
+    int rc;
+
+    CtlReq.mfcc_origin    = Dp->OriginAdr;
+    CtlReq.mfcc_mcastgrp  = Dp->McAdr;
+    CtlReq.mfcc_parent    = Dp->InVif;
+
+    /* copy the TTL vector
+     */
+
+    memcpy( CtlReq.mfcc_ttls, Dp->TtlVc, sizeof( CtlReq.mfcc_ttls ) );
+
+    {
+        char FmtBuO[ 32 ], FmtBuM[ 32 ];
+
+        my_log( LOG_NOTICE, 0, "Adding MFC: %s -> %s, InpVIf: %d", 
+             fmtInAdr( FmtBuO, CtlReq.mfcc_origin ), 
+             fmtInAdr( FmtBuM, CtlReq.mfcc_mcastgrp ),
+             (int)CtlReq.mfcc_parent
+           );
+    }
+
+    rc = setsockopt( MRouterFD, IPPROTO_IP, MRT_ADD_MFC,
+		    (void *)&CtlReq, sizeof( CtlReq ) );
+    if (rc)
+        my_log( LOG_WARNING, errno, "MRT_ADD_MFC" );
+
+    return rc;
+}
+
+/*
+** Removes the multicast routed '*Dp' from the kernel routes
+**
+** returns: - 0 if the function succeeds
+**          - the errno value for non-fatal failure condition
+*/
+int delMRoute( struct MRouteDesc *Dp )
+{
+    struct mfcctl CtlReq;
+    int rc;
+
+    CtlReq.mfcc_origin    = Dp->OriginAdr;
+    CtlReq.mfcc_mcastgrp  = Dp->McAdr;
+    CtlReq.mfcc_parent    = Dp->InVif;
+
+    /* clear the TTL vector
+     */
+    memset( CtlReq.mfcc_ttls, 0, sizeof( CtlReq.mfcc_ttls ) );
+
+    {
+        char FmtBuO[ 32 ], FmtBuM[ 32 ];
+
+        my_log( LOG_NOTICE, 0, "Removing MFC: %s -> %s, InpVIf: %d", 
+             fmtInAdr( FmtBuO, CtlReq.mfcc_origin ), 
+             fmtInAdr( FmtBuM, CtlReq.mfcc_mcastgrp ),
+             (int)CtlReq.mfcc_parent
+           );
+    }
+
+    rc = setsockopt( MRouterFD, IPPROTO_IP, MRT_DEL_MFC,
+		    (void *)&CtlReq, sizeof( CtlReq ) );
+    if (rc)
+        my_log( LOG_WARNING, errno, "MRT_DEL_MFC" );
+
+    return rc;
+}
+
+/*
+** Returns for the virtual interface index for '*IfDp'
+**
+** returns: - the vitrual interface index if the interface is registered
+**          - -1 if no virtual interface exists for the interface 
+**          
+*/
+int getVifIx( struct IfDesc *IfDp )
+{
+    struct VifDesc *Dp;
+
+    for ( Dp = VifDescVc; Dp < VCEP( VifDescVc ); Dp++ )
+        if ( Dp->IfDp == IfDp )
+            return Dp - VifDescVc;
+
+    return -1;
+}
+
+
+
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o
new file mode 100644
index 0000000..8ea168c
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h
new file mode 100644
index 0000000..735401c
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h
@@ -0,0 +1,14 @@
+#include <net/route.h>
+#include <net/ip_mroute/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h
new file mode 100644
index 0000000..ca01cc5
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h
@@ -0,0 +1,23 @@
+#include <net/route.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#if __FreeBSD_version >= 800069 && defined BURN_BRIDGES \
+	|| __FreeBSD_version >= 800098
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+#endif
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os-linux.h b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os-linux.h
new file mode 100644
index 0000000..7504b1f
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os-linux.h
@@ -0,0 +1,15 @@
+#define _LINUX_IN_H
+#include <linux/types.h>
+#include <linux/mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ntohs(ip->ip_len) - (ip->ip_hl << 2);
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = htons(len);
+}
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h
new file mode 100644
index 0000000..17bd5fa
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h
@@ -0,0 +1,19 @@
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h
new file mode 100644
index 0000000..873e5fb
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h
@@ -0,0 +1,21 @@
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+
+#define INADDR_ALLRTRS_GROUP INADDR_ALLROUTERS_GROUP
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ntohs(ip->ip_len) - (ip->ip_hl << 2);
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = htons(len);
+}
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os.h b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os.h
new file mode 120000
index 0000000..142e404
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/os.h
@@ -0,0 +1 @@
+../src/os-linux.h
\ No newline at end of file
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/request.c b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/request.c
new file mode 100644
index 0000000..e3589f6
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/request.c
@@ -0,0 +1,222 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   request.c 
+*
+*   Functions for recieveing and processing IGMP requests.
+*
+*/
+
+#include "igmpproxy.h"
+
+// Prototypes...
+void sendGroupSpecificMemberQuery(void *argument);  
+    
+typedef struct {
+    uint32_t      group;
+    uint32_t      vifAddr;
+    short       started;
+} GroupVifDesc;
+
+
+/**
+*   Handles incoming membership reports, and
+*   appends them to the routing table.
+*/
+void acceptGroupReport(uint32_t src, uint32_t group, uint8_t type) {
+    struct IfDesc  *sourceVif;
+
+    // Sanitycheck the group adress...
+    if(!IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group.",
+            inetFmt(group, s1));
+        return;
+    }
+
+    // Find the interface on which the report was recieved.
+    sourceVif = getIfByAddress( src );
+    if(sourceVif == NULL) {
+        my_log(LOG_WARNING, 0, "No interfaces found for source %s",
+            inetFmt(src,s1));
+        return;
+    }
+
+    if(sourceVif->InAdr.s_addr == src) {
+        my_log(LOG_NOTICE, 0, "The IGMP message was from myself. Ignoring.");
+        return;
+    }
+
+    // We have a IF so check that it's an downstream IF.
+    if(sourceVif->state == IF_STATE_DOWNSTREAM) {
+
+        my_log(LOG_DEBUG, 0, "Should insert group %s (from: %s) to route table. Vif Ix : %d",
+            inetFmt(group,s1), inetFmt(src,s2), sourceVif->index);
+
+        // The membership report was OK... Insert it into the route table..
+        insertRoute(group, sourceVif->index);
+
+
+    } else {
+        // Log the state of the interface the report was recieved on.
+        my_log(LOG_INFO, 0, "Mebership report was recieved on %s. Ignoring.",
+            sourceVif->state==IF_STATE_UPSTREAM?"the upstream interface":"a disabled interface");
+    }
+
+}
+
+/**
+*   Recieves and handles a group leave message.
+*/
+void acceptLeaveMessage(uint32_t src, uint32_t group) {
+    struct IfDesc   *sourceVif;
+    
+    my_log(LOG_DEBUG, 0,
+	    "Got leave message from %s to %s. Starting last member detection.",
+	    inetFmt(src, s1), inetFmt(group, s2));
+
+    // Sanitycheck the group adress...
+    if(!IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group.",
+            inetFmt(group, s1));
+        return;
+    }
+
+    // Find the interface on which the report was recieved.
+    sourceVif = getIfByAddress( src );
+    if(sourceVif == NULL) {
+        my_log(LOG_WARNING, 0, "No interfaces found for source %s",
+            inetFmt(src,s1));
+        return;
+    }
+
+    // We have a IF so check that it's an downstream IF.
+    if(sourceVif->state == IF_STATE_DOWNSTREAM) {
+
+        GroupVifDesc   *gvDesc;
+        gvDesc = (GroupVifDesc*) malloc(sizeof(GroupVifDesc));
+
+        // Tell the route table that we are checking for remaining members...
+        setRouteLastMemberMode(group);
+
+        // Call the group spesific membership querier...
+        gvDesc->group = group;
+        gvDesc->vifAddr = sourceVif->InAdr.s_addr;
+        gvDesc->started = 0;
+
+        sendGroupSpecificMemberQuery(gvDesc);
+
+    } else {
+        // just ignore the leave request...
+        my_log(LOG_DEBUG, 0, "The found if for %s was not downstream. Ignoring leave request.", inetFmt(src, s1));
+    }
+}
+
+/**
+*   Sends a group specific member report query until the 
+*   group times out...
+*/
+void sendGroupSpecificMemberQuery(void *argument) {
+    struct  Config  *conf = getCommonConfig();
+
+    // Cast argument to correct type...
+    GroupVifDesc   *gvDesc = (GroupVifDesc*) argument;
+
+    if(gvDesc->started) {
+        // If aging returns false, we don't do any further action...
+        if(!lastMemberGroupAge(gvDesc->group)) {
+            return;
+        }
+    } else {
+        gvDesc->started = 1;
+    }
+
+    // Send a group specific membership query...
+    sendIgmp(gvDesc->vifAddr, gvDesc->group, 
+             IGMP_MEMBERSHIP_QUERY,
+             conf->lastMemberQueryInterval * IGMP_TIMER_SCALE, 
+             gvDesc->group, 0);
+
+    my_log(LOG_DEBUG, 0, "Sent membership query from %s to %s. Delay: %d",
+        inetFmt(gvDesc->vifAddr,s1), inetFmt(gvDesc->group,s2),
+        conf->lastMemberQueryInterval);
+
+    // Set timeout for next round...
+    timer_setTimer(conf->lastMemberQueryInterval, sendGroupSpecificMemberQuery, gvDesc);
+
+}
+
+
+/**
+*   Sends a general membership query on downstream VIFs
+*/
+void sendGeneralMembershipQuery() {
+    struct  Config  *conf = getCommonConfig();
+    struct  IfDesc  *Dp;
+    int             Ix;
+
+    // Loop through all downstream vifs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+            if(Dp->state == IF_STATE_DOWNSTREAM) {
+                // Send the membership query...
+                sendIgmp(Dp->InAdr.s_addr, allhosts_group, 
+                         IGMP_MEMBERSHIP_QUERY,
+                         conf->queryResponseInterval * IGMP_TIMER_SCALE, 0, 0);
+                
+                my_log(LOG_DEBUG, 0,
+			"Sent membership query from %s to %s. Delay: %d",
+			inetFmt(Dp->InAdr.s_addr,s1),
+			inetFmt(allhosts_group,s2),
+			conf->queryResponseInterval);
+            }
+        }
+    }
+
+    // Install timer for aging active routes.
+    timer_setTimer(conf->queryResponseInterval, ageActiveRoutes, NULL);
+
+    // Install timer for next general query...
+    if(conf->startupQueryCount>0) {
+        // Use quick timer...
+        timer_setTimer(conf->startupQueryInterval, sendGeneralMembershipQuery, NULL);
+        // Decrease startup counter...
+        conf->startupQueryCount--;
+    } 
+    else {
+        // Use slow timer...
+        timer_setTimer(conf->queryInterval, sendGeneralMembershipQuery, NULL);
+    }
+
+
+}
+ 
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/request.o b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/request.o
new file mode 100644
index 0000000..bff7c33
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/request.o differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/rttable.c b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/rttable.c
new file mode 100644
index 0000000..f0701a8
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/rttable.c
@@ -0,0 +1,662 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   rttable.c 
+*
+*   Updates the routingtable according to 
+*     recieved request.
+*/
+
+#include "igmpproxy.h"
+    
+/**
+*   Routing table structure definition. Double linked list...
+*/
+struct RouteTable {
+    struct RouteTable   *nextroute;     // Pointer to the next group in line.
+    struct RouteTable   *prevroute;     // Pointer to the previous group in line.
+    uint32_t              group;          // The group to route
+    uint32_t              originAddr;     // The origin adress (only set on activated routes)
+    uint32_t              vifBits;        // Bits representing recieving VIFs.
+
+    // Keeps the upstream membership state...
+    short               upstrState;     // Upstream membership state.
+
+    // These parameters contain aging details.
+    uint32_t              ageVifBits;     // Bits representing aging VIFs.
+    int                 ageValue;       // Downcounter for death.          
+    int                 ageActivity;    // Records any acitivity that notes there are still listeners.
+};
+
+                 
+// Keeper for the routing table...
+static struct RouteTable   *routing_table;
+
+// Prototypes
+void logRouteTable(char *header);
+int  internAgeRoute(struct RouteTable*  croute);
+int internUpdateKernelRoute(struct RouteTable *route, int activate);
+
+// Socket for sending join or leave requests.
+int mcGroupSock = 0;
+
+
+/**
+*   Function for retrieving the Multicast Group socket.
+*/
+int getMcGroupSock() {
+    if( ! mcGroupSock ) {
+        mcGroupSock = openUdpSocket( INADDR_ANY, 0 );;
+    }
+    return mcGroupSock;
+}
+ 
+/**
+*   Initializes the routing table.
+*/
+void initRouteTable() {
+    unsigned Ix;
+    struct IfDesc *Dp;
+
+    // Clear routing table...
+    routing_table = NULL;
+
+    // Join the all routers group on downstream vifs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        // If this is a downstream vif, we should join the All routers group...
+        if( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) && Dp->state == IF_STATE_DOWNSTREAM) {
+            my_log(LOG_DEBUG, 0, "Joining all-routers group %s on vif %s",
+                         inetFmt(allrouters_group,s1),inetFmt(Dp->InAdr.s_addr,s2));
+            
+            //k_join(allrouters_group, Dp->InAdr.s_addr);
+            joinMcGroup( getMcGroupSock(), Dp, allrouters_group );
+        }
+    }
+}
+
+/**
+*   Internal function to send join or leave requests for
+*   a specified route upstream...
+*/
+void sendJoinLeaveUpstream(struct RouteTable* route, int join) {
+    struct IfDesc*      upstrIf;
+    
+    // Get the upstream VIF...
+    upstrIf = getIfByIx( upStreamVif );
+    if(upstrIf == NULL) {
+        my_log(LOG_ERR, 0 ,"FATAL: Unable to get Upstream IF.");
+    }
+
+    // Send join or leave request...
+    if(join) {
+
+        // Only join a group if there are listeners downstream...
+        if(route->vifBits > 0) {
+            my_log(LOG_DEBUG, 0, "Joining group %s upstream on IF address %s",
+                         inetFmt(route->group, s1), 
+                         inetFmt(upstrIf->InAdr.s_addr, s2));
+
+            //k_join(route->group, upstrIf->InAdr.s_addr);
+            joinMcGroup( getMcGroupSock(), upstrIf, route->group );
+
+            route->upstrState = ROUTESTATE_JOINED;
+        } else {
+            my_log(LOG_DEBUG, 0, "No downstream listeners for group %s. No join sent.",
+                inetFmt(route->group, s1));
+        }
+
+    } else {
+        // Only leave if group is not left already...
+        if(route->upstrState != ROUTESTATE_NOTJOINED) {
+            my_log(LOG_DEBUG, 0, "Leaving group %s upstream on IF address %s",
+                         inetFmt(route->group, s1), 
+                         inetFmt(upstrIf->InAdr.s_addr, s2));
+            
+            //k_leave(route->group, upstrIf->InAdr.s_addr);
+            leaveMcGroup( getMcGroupSock(), upstrIf, route->group );
+
+            route->upstrState = ROUTESTATE_NOTJOINED;
+        }
+    }
+}
+
+/**
+*   Clear all routes from routing table, and alerts Leaves upstream.
+*/
+void clearAllRoutes() {
+    struct RouteTable   *croute, *remainroute;
+
+    // Loop through all routes...
+    for(croute = routing_table; croute; croute = remainroute) {
+
+        remainroute = croute->nextroute;
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_DEBUG, 0, "Removing route entry for %s",
+                     inetFmt(croute->group, s1));
+
+        // Uninstall current route
+        if(!internUpdateKernelRoute(croute, 0)) {
+            my_log(LOG_WARNING, 0, "The removal from Kernel failed.");
+        }
+
+        // Send Leave message upstream.
+        sendJoinLeaveUpstream(croute, 0);
+
+        // Clear memory, and set pointer to next route...
+        free(croute);
+    }
+    routing_table = NULL;
+
+    // Send a notice that the routing table is empty...
+    my_log(LOG_NOTICE, 0, "All routes removed. Routing table is empty.");
+}
+                 
+/**
+*   Private access function to find a route from a given 
+*   Route Descriptor.
+*/
+struct RouteTable *findRoute(uint32_t group) {
+    struct RouteTable*  croute;
+
+    for(croute = routing_table; croute; croute = croute->nextroute) {
+        if(croute->group == group) {
+            return croute;
+        }
+    }
+
+    return NULL;
+}
+
+/**
+*   Adds a specified route to the routingtable.
+*   If the route already exists, the existing route 
+*   is updated...
+*/
+int insertRoute(uint32_t group, int ifx) {
+    
+    struct Config *conf = getCommonConfig();
+    struct RouteTable*  croute;
+
+    // Sanitycheck the group adress...
+    if( ! IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group. Table insert failed.",
+            inetFmt(group, s1));
+        return 0;
+    }
+
+    // Santiycheck the VIF index...
+    //if(ifx < 0 || ifx >= MAX_MC_VIFS) {
+    if(ifx >= MAX_MC_VIFS) {
+        my_log(LOG_WARNING, 0, "The VIF Ix %d is out of range (0-%d). Table insert failed.",ifx,MAX_MC_VIFS);
+        return 0;
+    }
+
+    // Try to find an existing route for this group...
+    croute = findRoute(group);
+    if(croute==NULL) {
+        struct RouteTable*  newroute;
+
+        my_log(LOG_DEBUG, 0, "No existing route for %s. Create new.",
+                     inetFmt(group, s1));
+
+
+        // Create and initialize the new route table entry..
+        newroute = (struct RouteTable*)malloc(sizeof(struct RouteTable));
+        // Insert the route desc and clear all pointers...
+        newroute->group      = group;
+        newroute->originAddr = 0;
+        newroute->nextroute  = NULL;
+        newroute->prevroute  = NULL;
+
+        // The group is not joined initially.
+        newroute->upstrState = ROUTESTATE_NOTJOINED;
+
+        // The route is not active yet, so the age is unimportant.
+        newroute->ageValue    = conf->robustnessValue;
+        newroute->ageActivity = 0;
+        
+        BIT_ZERO(newroute->ageVifBits);     // Initially we assume no listeners.
+
+        // Set the listener flag...
+        BIT_ZERO(newroute->vifBits);    // Initially no listeners...
+        if(ifx >= 0) {
+            BIT_SET(newroute->vifBits, ifx);
+        }
+
+        // Check if there is a table already....
+        if(routing_table == NULL) {
+            // No location set, so insert in on the table top.
+            routing_table = newroute;
+            my_log(LOG_DEBUG, 0, "No routes in table. Insert at beginning.");
+        } else {
+
+            my_log(LOG_DEBUG, 0, "Found existing routes. Find insert location.");
+
+            // Check if the route could be inserted at the beginning...
+            if(routing_table->group > group) {
+                my_log(LOG_DEBUG, 0, "Inserting at beginning, before route %s",inetFmt(routing_table->group,s1));
+
+                // Insert at beginning...
+                newroute->nextroute = routing_table;
+                newroute->prevroute = NULL;
+                routing_table = newroute;
+
+                // If the route has a next node, the previous pointer must be updated.
+                if(newroute->nextroute != NULL) {
+                    newroute->nextroute->prevroute = newroute;
+                }
+
+            } else {
+
+                // Find the location which is closest to the route.
+                for( croute = routing_table; croute->nextroute != NULL; croute = croute->nextroute ) {
+                    // Find insert position.
+                    if(croute->nextroute->group > group) {
+                        break;
+                    }
+                }
+
+                my_log(LOG_DEBUG, 0, "Inserting after route %s",inetFmt(croute->group,s1));
+                
+                // Insert after current...
+                newroute->nextroute = croute->nextroute;
+                newroute->prevroute = croute;
+                if(croute->nextroute != NULL) {
+                    croute->nextroute->prevroute = newroute; 
+                }
+                croute->nextroute = newroute;
+            }
+        }
+
+        // Set the new route as the current...
+        croute = newroute;
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_INFO, 0, "Inserted route table entry for %s on VIF #%d",
+            inetFmt(croute->group, s1),ifx);
+
+    } else if(ifx >= 0) {
+
+        // The route exists already, so just update it.
+        BIT_SET(croute->vifBits, ifx);
+        
+        // Register the VIF activity for the aging routine
+        BIT_SET(croute->ageVifBits, ifx);
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_INFO, 0, "Updated route entry for %s on VIF #%d",
+            inetFmt(croute->group, s1), ifx);
+
+        // If the route is active, it must be reloaded into the Kernel..
+        if(croute->originAddr != 0) {
+
+            // Update route in kernel...
+            if(!internUpdateKernelRoute(croute, 1)) {
+                my_log(LOG_WARNING, 0, "The insertion into Kernel failed.");
+                return 0;
+            }
+        }
+    }
+
+    // Send join message upstream, if the route has no joined flag...
+    if(croute->upstrState != ROUTESTATE_JOINED) {
+        // Send Join request upstream
+        sendJoinLeaveUpstream(croute, 1);
+    }
+
+    logRouteTable("Insert Route");
+
+    return 1;
+}
+
+/**
+*   Activates a passive group. If the group is already
+*   activated, it's reinstalled in the kernel. If
+*   the route is activated, no originAddr is needed.
+*/
+int activateRoute(uint32_t group, uint32_t originAddr) {
+    struct RouteTable*  croute;
+    int result = 0;
+
+    // Find the requested route.
+    croute = findRoute(group);
+    if(croute == NULL) {
+        my_log(LOG_DEBUG, 0,
+		"No table entry for %s [From: %s]. Inserting route.",
+		inetFmt(group, s1),inetFmt(originAddr, s2));
+
+        // Insert route, but no interfaces have yet requested it downstream.
+        insertRoute(group, -1);
+
+        // Retrieve the route from table...
+        croute = findRoute(group);
+    }
+
+    if(croute != NULL) {
+        // If the origin address is set, update the route data.
+        if(originAddr > 0) {
+            if(croute->originAddr > 0 && croute->originAddr!=originAddr) {
+                my_log(LOG_WARNING, 0, "The origin for route %s changed from %s to %s",
+                    inetFmt(croute->group, s1),
+                    inetFmt(croute->originAddr, s2),
+                    inetFmt(originAddr, s3));
+            }
+            croute->originAddr = originAddr;
+        }
+
+        // Only update kernel table if there are listeners !
+        if(croute->vifBits > 0) {
+            result = internUpdateKernelRoute(croute, 1);
+        }
+    }
+    logRouteTable("Activate Route");
+
+    return result;
+}
+
+
+/**
+*   This function loops through all routes, and updates the age 
+*   of any active routes.
+*/
+void ageActiveRoutes() {
+    struct RouteTable   *croute, *nroute;
+    
+    my_log(LOG_DEBUG, 0, "Aging routes in table.");
+
+    // Scan all routes...
+    for( croute = routing_table; croute != NULL; croute = nroute ) {
+        
+        // Keep the next route (since current route may be removed)...
+        nroute = croute->nextroute;
+
+        // Run the aging round algorithm.
+        if(croute->upstrState != ROUTESTATE_CHECK_LAST_MEMBER) {
+            // Only age routes if Last member probe is not active...
+            internAgeRoute(croute);
+        }
+    }
+    logRouteTable("Age active routes");
+}
+
+/**
+*   Should be called when a leave message is recieved, to
+*   mark a route for the last member probe state.
+*/
+void setRouteLastMemberMode(uint32_t group) {
+    struct Config       *conf = getCommonConfig();
+    struct RouteTable   *croute;
+
+    croute = findRoute(group);
+    if(croute!=NULL) {
+        // Check for fast leave mode...
+        if(croute->upstrState == ROUTESTATE_JOINED && conf->fastUpstreamLeave) {
+            // Send a leave message right away..
+            sendJoinLeaveUpstream(croute, 0);
+        }
+        // Set the routingstate to Last member check...
+        croute->upstrState = ROUTESTATE_CHECK_LAST_MEMBER;
+        // Set the count value for expiring... (-1 since first aging)
+        croute->ageValue = conf->lastMemberQueryCount;
+    }
+}
+
+
+/**
+*   Ages groups in the last member check state. If the
+*   route is not found, or not in this state, 0 is returned.
+*/
+int lastMemberGroupAge(uint32_t group) {
+    struct RouteTable   *croute;
+
+    croute = findRoute(group);
+    if(croute!=NULL) {
+        if(croute->upstrState == ROUTESTATE_CHECK_LAST_MEMBER) {
+            return !internAgeRoute(croute);
+        } else {
+            return 0;
+        }
+    }
+    return 0;
+}
+
+/**
+*   Remove a specified route. Returns 1 on success,
+*   and 0 if route was not found.
+*/
+int removeRoute(struct RouteTable*  croute) {
+    struct Config       *conf = getCommonConfig();
+    int result = 1;
+    
+    // If croute is null, no routes was found.
+    if(croute==NULL) {
+        return 0;
+    }
+
+    // Log the cleanup in debugmode...
+    my_log(LOG_DEBUG, 0, "Removed route entry for %s from table.",
+                 inetFmt(croute->group, s1));
+
+    //BIT_ZERO(croute->vifBits);
+
+    // Uninstall current route from kernel
+    if(!internUpdateKernelRoute(croute, 0)) {
+        my_log(LOG_WARNING, 0, "The removal from Kernel failed.");
+        result = 0;
+    }
+
+    // Send Leave request upstream if group is joined
+    if(croute->upstrState == ROUTESTATE_JOINED || 
+       (croute->upstrState == ROUTESTATE_CHECK_LAST_MEMBER && !conf->fastUpstreamLeave)) 
+    {
+        sendJoinLeaveUpstream(croute, 0);
+    }
+
+    // Update pointers...
+    if(croute->prevroute == NULL) {
+        // Topmost node...
+        if(croute->nextroute != NULL) {
+            croute->nextroute->prevroute = NULL;
+        }
+        routing_table = croute->nextroute;
+
+    } else {
+        croute->prevroute->nextroute = croute->nextroute;
+        if(croute->nextroute != NULL) {
+            croute->nextroute->prevroute = croute->prevroute;
+        }
+    }
+    // Free the memory, and set the route to NULL...
+    free(croute);
+    croute = NULL;
+
+    logRouteTable("Remove route");
+
+    return result;
+}
+
+
+/**
+*   Ages a specific route
+*/
+int internAgeRoute(struct RouteTable*  croute) {
+    struct Config *conf = getCommonConfig();
+    int result = 0;
+
+    // Drop age by 1.
+    croute->ageValue--;
+
+    // Check if there has been any activity...
+    if( croute->ageVifBits > 0 && croute->ageActivity == 0 ) {
+        // There was some activity, check if all registered vifs responded.
+        if(croute->vifBits == croute->ageVifBits) {
+            // Everything is in perfect order, so we just update the route age.
+            croute->ageValue = conf->robustnessValue;
+            //croute->ageActivity = 0;
+        } else {
+            // One or more VIF has not gotten any response.
+            croute->ageActivity++;
+
+            // Update the actual bits for the route...
+            croute->vifBits = croute->ageVifBits;
+        }
+    } 
+    // Check if there have been activity in aging process...
+    else if( croute->ageActivity > 0 ) {
+
+        // If the bits are different in this round, we must
+        if(croute->vifBits != croute->ageVifBits) {
+            // Or the bits together to insure we don't lose any listeners.
+            croute->vifBits |= croute->ageVifBits;
+
+            // Register changes in this round as well..
+            croute->ageActivity++;
+        }
+    }
+
+    // If the aging counter has reached zero, its time for updating...
+    if(croute->ageValue == 0) {
+        // Check for activity in the aging process,
+        if(croute->ageActivity>0) {
+            
+            my_log(LOG_DEBUG, 0, "Updating route after aging : %s",
+                         inetFmt(croute->group,s1));
+            
+            // Just update the routing settings in kernel...
+            internUpdateKernelRoute(croute, 1);
+    
+            // We append the activity counter to the age, and continue...
+            croute->ageValue = croute->ageActivity;
+            croute->ageActivity = 0;
+        } else {
+
+            my_log(LOG_DEBUG, 0, "Removing group %s. Died of old age.",
+                         inetFmt(croute->group,s1));
+
+            // No activity was registered within the timelimit, so remove the route.
+            removeRoute(croute);
+        }
+        // Tell that the route was updated...
+        result = 1;
+    }
+
+    // The aging vif bits must be reset for each round...
+    BIT_ZERO(croute->ageVifBits);
+
+    return result;
+}
+
+/**
+*   Updates the Kernel routing table. If activate is 1, the route
+*   is (re-)activated. If activate is false, the route is removed.
+*/
+int internUpdateKernelRoute(struct RouteTable *route, int activate) {
+    struct   MRouteDesc     mrDesc;
+    struct   IfDesc         *Dp;
+    unsigned                Ix;
+    
+    if(route->originAddr>0) {
+
+        // Build route descriptor from table entry...
+        // Set the source address and group address...
+        mrDesc.McAdr.s_addr     = route->group;
+        mrDesc.OriginAdr.s_addr = route->originAddr;
+    
+        // clear output interfaces 
+        memset( mrDesc.TtlVc, 0, sizeof( mrDesc.TtlVc ) );
+    
+        my_log(LOG_DEBUG, 0, "Vif bits : 0x%08x", route->vifBits);
+
+        // Set the TTL's for the route descriptor...
+        for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+            if(Dp->state == IF_STATE_UPSTREAM) {
+                mrDesc.InVif = Dp->index;
+            }
+            else if(BIT_TST(route->vifBits, Dp->index)) {
+                my_log(LOG_DEBUG, 0, "Setting TTL for Vif %d to %d", Dp->index, Dp->threshold);
+                mrDesc.TtlVc[ Dp->index ] = Dp->threshold;
+            }
+        }
+    
+        // Do the actual Kernel route update...
+        if(activate) {
+            // Add route in kernel...
+            addMRoute( &mrDesc );
+    
+        } else {
+            // Delete the route from Kernel...
+            delMRoute( &mrDesc );
+        }
+
+    } else {
+        my_log(LOG_NOTICE, 0, "Route is not active. No kernel updates done.");
+    }
+
+    return 1;
+}
+
+/**
+*   Debug function that writes the routing table entries
+*   to the log.
+*/
+void logRouteTable(char *header) {
+        struct RouteTable*  croute = routing_table;
+        unsigned            rcount = 0;
+    
+        my_log(LOG_DEBUG, 0, "");
+        my_log(LOG_DEBUG, 0, "Current routing table (%s):", header);
+        my_log(LOG_DEBUG, 0, "-----------------------------------------------------");
+        if(croute==NULL) {
+            my_log(LOG_DEBUG, 0, "No routes in table...");
+        } else {
+            do {
+                /*
+                my_log(LOG_DEBUG, 0, "#%d: Src: %s, Dst: %s, Age:%d, St: %s, Prev: 0x%08x, T: 0x%08x, Next: 0x%08x",
+                    rcount, inetFmt(croute->originAddr, s1), inetFmt(croute->group, s2),
+                    croute->ageValue,(croute->originAddr>0?"A":"I"),
+                    croute->prevroute, croute, croute->nextroute);
+                */
+                my_log(LOG_DEBUG, 0, "#%d: Src: %s, Dst: %s, Age:%d, St: %s, OutVifs: 0x%08x",
+                    rcount, inetFmt(croute->originAddr, s1), inetFmt(croute->group, s2),
+                    croute->ageValue,(croute->originAddr>0?"A":"I"),
+                    croute->vifBits);
+                  
+                croute = croute->nextroute; 
+        
+                rcount++;
+            } while ( croute != NULL );
+        }
+    
+        my_log(LOG_DEBUG, 0, "-----------------------------------------------------");
+}
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/rttable.o b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/rttable.o
new file mode 100644
index 0000000..df1f0b5
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/rttable.o differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/syslog.c b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/syslog.c
new file mode 100644
index 0000000..7c7166f
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/syslog.c
@@ -0,0 +1,62 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+int LogLevel = LOG_WARNING;
+bool Log2Stderr = false;
+
+void my_log( int Severity, int Errno, const char *FmtSt, ... )
+{
+    char LogMsg[ 128 ];
+
+    va_list ArgPt;
+    unsigned Ln;
+    va_start( ArgPt, FmtSt );
+    Ln = vsnprintf( LogMsg, sizeof( LogMsg ), FmtSt, ArgPt );
+    if( Errno > 0 )
+        snprintf( LogMsg + Ln, sizeof( LogMsg ) - Ln,
+                "; Errno(%d): %s", Errno, strerror(Errno) );
+    va_end( ArgPt );
+
+    if (Severity <= LogLevel) {
+        if (Log2Stderr)
+            fprintf(stderr, "%s\n", LogMsg);
+        else {
+            syslog(Severity, "%s", LogMsg);
+	}
+    }
+
+    if( Severity <= LOG_ERR )
+        exit( -1 );
+}
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/syslog.o b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/syslog.o
new file mode 100644
index 0000000..445b866
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/syslog.o differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/udpsock.c b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/udpsock.c
new file mode 100644
index 0000000..150130e
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/udpsock.c
@@ -0,0 +1,65 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   udpsock.c contains function for creating a UDP socket.
+*
+*/
+
+#include "igmpproxy.h"
+
+/**
+*  Creates and connects a simple UDP socket to the target 
+*  'PeerInAdr':'PeerPort'
+*
+*   @param PeerInAdr - The address to connect to
+*   @param PeerPort  - The port to connect to
+*           
+*/
+int openUdpSocket( uint32_t PeerInAdr, uint16_t PeerPort ) {
+    int Sock;
+    struct sockaddr_in SockAdr;
+    
+    if( (Sock = socket( AF_INET, SOCK_RAW, IPPROTO_IGMP )) < 0 )
+        my_log( LOG_ERR, errno, "UDP socket open" );
+    
+    memset( &SockAdr, 0, sizeof( SockAdr ) );
+    SockAdr.sin_family      = AF_INET;
+    SockAdr.sin_port        = htons(PeerPort);
+    SockAdr.sin_addr.s_addr = htonl(PeerInAdr);
+    
+    if( bind( Sock, (struct sockaddr *)&SockAdr, sizeof( SockAdr ) ) )
+        my_log( LOG_ERR, errno, "UDP socket bind" );
+    
+    return Sock;
+}
+
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/udpsock.o b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/udpsock.o
new file mode 100644
index 0000000..8f19c02
Binary files /dev/null and b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/src/udpsock.o differ
diff --git a/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/stamp-h1 b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/stamp-h1
new file mode 100644
index 0000000..4547fe1
--- /dev/null
+++ b/Kanzlei-Kiel/src/igmpproxy/igmpproxy-0.1/stamp-h1
@@ -0,0 +1 @@
+timestamp for config.h
diff --git a/Kanzlei-Kiel/src/ipt-gateway b/Kanzlei-Kiel/src/ipt-gateway
new file mode 160000
index 0000000..de0ebb6
--- /dev/null
+++ b/Kanzlei-Kiel/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
diff --git a/Kanzlei-Kiel/src/openvpn b/Kanzlei-Kiel/src/openvpn
new file mode 160000
index 0000000..ebff5a5
--- /dev/null
+++ b/Kanzlei-Kiel/src/openvpn
@@ -0,0 +1 @@
+Subproject commit ebff5a557b537bcb8192d94f733c4df86594258d
diff --git a/MBR/README.txt b/MBR/README.txt
new file mode 100644
index 0000000..c03c760
--- /dev/null
+++ b/MBR/README.txt
@@ -0,0 +1,25 @@
+
+Notice:
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.MBR: ppp0 comes over eth2
+      interfaces.MBR: see above
+      default_isc-dhcp-server.MBR
+      ipt-firewall.MBR: LAN device (mostly ) = eth1
+                                second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/MBR/bin/admin-stuff b/MBR/bin/admin-stuff
new file mode 160000
index 0000000..6c91fc0
--- /dev/null
+++ b/MBR/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
diff --git a/MBR/bin/manage-gw-config b/MBR/bin/manage-gw-config
new file mode 160000
index 0000000..2a96dfd
--- /dev/null
+++ b/MBR/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit 2a96dfdc8f50605a84059b07e64b8ae6b41b5688
diff --git a/MBR/bin/monitoring b/MBR/bin/monitoring
new file mode 160000
index 0000000..0611d0a
--- /dev/null
+++ b/MBR/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
diff --git a/MBR/bin/postfix b/MBR/bin/postfix
new file mode 160000
index 0000000..c1934d5
--- /dev/null
+++ b/MBR/bin/postfix
@@ -0,0 +1 @@
+Subproject commit c1934d5bdeee88e6f5b868c7d0bdb955539d34d4
diff --git a/MBR/bind/bind.keys b/MBR/bind/bind.keys
new file mode 100644
index 0000000..db22d4b
--- /dev/null
+++ b/MBR/bind/bind.keys
@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};
diff --git a/MBR/bind/db.0 b/MBR/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/MBR/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/MBR/bind/db.127 b/MBR/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/MBR/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/MBR/bind/db.192.168.112.0 b/MBR/bind/db.192.168.112.0
new file mode 100644
index 0000000..17dbd79
--- /dev/null
+++ b/MBR/bind/db.192.168.112.0
@@ -0,0 +1,92 @@
+;
+; BIND reverse data file for local mbr-bln.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.mbr-bln.netz. ckubu.oopen.de. (
+      2012122401     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns.mbr-bln.netz.
+
+; Gateway/Firewall
+254         IN PTR    gw-mbr.mbr-bln.netz.
+
+; (Caching ) Nameserver
+1           IN PTR    ns.mbr-bln.netz.
+
+; - Fileserver
+10           IN PTR    file-mbr.mbr-bln.netz.
+
+201          IN PTR    file-ipmi-alt.mbr-bln.netz.
+15           IN PTR    file-ipmi.mbr-bln.netz.
+
+
+; - KVM Windows 7
+20           IN PTR    file-win10.mbr-bln.netz.
+21           IN PTR    file-win7-alt.mbr-bln.netz.
+
+; Accesspoint - WAG54GX2
+; 52          IN PTR    linksys-wag54gx2.mbr-bln.netz. 
+
+
+; Laserdrucker Kyocera FS 3838DN
+;230         IN PTR    fs_3830dtn.mbr-bln.netz.
+
+; Multifunktionsgeraet (Triumph)
+5            IN PTR    drucker-triumph.mbr-bln.netz.
+6            IN PTR    drucker-samsung.mbr-bln.netz.
+7            IN PTR    canon-lpb712cx.mbr-bln.netz.
+
+35           IN PTR    camera.mbr-bln.netz.
+
+
+; - Office PCs
+101          IN PTR    pc101.mbr-bln.netz.
+102          IN PTR    pc102.mbr-bln.netz.
+103          IN PTR    pc103.mbr-bln.netz.
+104          IN PTR    pc104.mbr-bln.netz.
+105          IN PTR    pc105.mbr-bln.netz.
+106          IN PTR    pc106.mbr-bln.netz.
+107          IN PTR    pc107.mbr-bln.netz.
+108          IN PTR    pc108.mbr-bln.netz.
+109          IN PTR    pc109.mbr-bln.netz.
+110          IN PTR    pc110.mbr-bln.netz.
+111          IN PTR    pc111.mbr-bln.netz.
+112          IN PTR    pc112.mbr-bln.netz.
+113          IN PTR    pc113.mbr-bln.netz.
+114          IN PTR    pc114.mbr-bln.netz.
+115          IN PTR    pc115.mbr-bln.netz.
+116          IN PTR    pc116.mbr-bln.netz.
+117          IN PTR    pc117.mbr-bln.netz.
+118          IN PTR    pc118.mbr-bln.netz.
+119          IN PTR    pc119.mbr-bln.netz.
+120          IN PTR    pc120.mbr-bln.netz.
+121          IN PTR    pc121.mbr-bln.netz.
+122          IN PTR    pc122.mbr-bln.netz.
+123          IN PTR    pc123.mbr-bln.netz.
+124          IN PTR    pc124.mbr-bln.netz.
+125          IN PTR    pc125.mbr-bln.netz.
+126          IN PTR    pc126.mbr-bln.netz.
+127          IN PTR    pc127.mbr-bln.netz.
+128          IN PTR    pc128.mbr-bln.netz.
+129          IN PTR    pc129.mbr-bln.netz.
+130          IN PTR    pc130.mbr-bln.netz.
+131          IN PTR    pc131.mbr-bln.netz.
+132          IN PTR    pc132.mbr-bln.netz.
+133          IN PTR    pc133.mbr-bln.netz.
+134          IN PTR    pc134.mbr-bln.netz.
+135          IN PTR    pc135.mbr-bln.netz.
+136          IN PTR    pc136.mbr-bln.netz.
+137          IN PTR    pc137.mbr-bln.netz.
+138          IN PTR    pc138.mbr-bln.netz.
+
+; - Laptops
+151          IN PTR    lap151.mbr-bln.netz.
+
+; - ckubu
+90           IN PTR    devil.mbr-bln.netz.
+
diff --git a/MBR/bind/db.255 b/MBR/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/MBR/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/MBR/bind/db.empty b/MBR/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/MBR/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/MBR/bind/db.local b/MBR/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/MBR/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/MBR/bind/db.mbr-bln.netz b/MBR/bind/db.mbr-bln.netz
new file mode 100644
index 0000000..3af4409
--- /dev/null
+++ b/MBR/bind/db.mbr-bln.netz
@@ -0,0 +1,114 @@
+;
+; BIND data file for local mbr-bln.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.mbr-bln.netz. ckubu.oopen.de. (
+      2017122402     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+                IN NS     ns.mbr-bln.netz.
+
+; - Gateway/Firewall
+gw-mbr        IN A      192.168.112.254
+gate            IN CNAME  gw-mbr
+gw              IN CNAME  gw-mbr
+
+gw-ipmi        IN A     172.16.112.15     
+
+; - (Caching ) Nameserver
+ns              IN A      192.168.112.1
+nscache         IN CNAME  ns
+
+
+; - Fileserver
+file-mbr        IN A      192.168.112.10
+file            IN CNAME  file-mbr
+
+file-mbr-alt    IN A      192.168.112.210
+file-mbr-neu    IN A      192.168.112.10
+
+file-ipmi-alt   IN A      192.168.112.201
+file-ipmi       IN A      192.168.112.15
+
+
+; - KVM Windows 7
+file-win7-alt   IN A      192.168.112.21
+
+; - KVM Windows 10
+file-win10      IN A      192.168.112.20
+winserver       IN CNAME  file-win10
+
+; - Accesspoint - WAG54GX2
+;linksys_wag54gx2 IN A   192.168.112.52 
+;ap-nuclear       IN CNAME linksys-wag54gx2
+
+
+; - Laserdrucker Kyocera FS 3838DN
+;fs-3830dtn    IN A      192.168.112.230
+;drucker       IN CNAME  fs-3830dtn
+
+drucker-triumph IN A 192.168.112.5
+
+drucker-samsung IN A 192.168.112.6
+
+canon-lpb712cx  IN A 192.168.112.7
+canondb88b2     IN CNAME canon-lpb712cx
+
+camera          IN A 192.168.112.35
+
+; - Lancom 1781VAW
+lancom          IN A 172.16.112.254
+
+
+; - Office PCs
+pc101           IN A      192.168.112.101
+pc102           IN A      192.168.112.102
+pc103           IN A      192.168.112.103
+pc104           IN A      192.168.112.104
+pc105           IN A      192.168.112.105
+pc106           IN A      192.168.112.106
+pc107           IN A      192.168.112.107
+pc108           IN A      192.168.112.108
+pc109           IN A      192.168.112.109
+pc110           IN A      192.168.112.110
+pc111           IN A      192.168.112.111
+pc112           IN A      192.168.112.112
+pc113           IN A      192.168.112.113
+pc114           IN A      192.168.112.114
+pc115           IN A      192.168.112.115
+pc116           IN A      192.168.112.116
+pc117           IN A      192.168.112.117
+pc118           IN A      192.168.112.118
+pc119           IN A      192.168.112.119
+pc120           IN A      192.168.112.120
+pc121           IN A      192.168.112.121
+pc122           IN A      192.168.112.122
+pc123           IN A      192.168.112.123
+pc124           IN A      192.168.112.124
+pc125           IN A      192.168.112.125
+pc126           IN A      192.168.112.126
+pc127           IN A      192.168.112.127
+pc128           IN A      192.168.112.128
+pc129           IN A      192.168.112.129
+pc130           IN A      192.168.112.130
+pc131           IN A      192.168.112.131
+pc132           IN A      192.168.112.132
+pc133           IN A      192.168.112.133
+pc134           IN A      192.168.112.134
+pc135           IN A      192.168.112.135
+pc136           IN A      192.168.112.136
+pc137           IN A      192.168.112.137
+pc138           IN A      192.168.112.138
+
+
+; - Laptops
+lap151          IN A      192.168.112.151
+
+; - ckubu
+devil           IN A      192.168.112.90
+kvm-win7        IN A      192.168.112.41
diff --git a/MBR/bind/db.root b/MBR/bind/db.root
new file mode 100644
index 0000000..f0b79d2
--- /dev/null
+++ b/MBR/bind/db.root
@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file
diff --git a/MBR/bind/named.conf b/MBR/bind/named.conf
new file mode 100644
index 0000000..880786a
--- /dev/null
+++ b/MBR/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/MBR/bind/named.conf.default-zones b/MBR/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/MBR/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/MBR/bind/named.conf.local b/MBR/bind/named.conf.local
new file mode 100644
index 0000000..42c9083
--- /dev/null
+++ b/MBR/bind/named.conf.local
@@ -0,0 +1,23 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+zone "mbr-bln.netz" {
+   type master;
+   file "/etc/bind/db.mbr-bln.netz";
+};
+
+zone "112.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.112.0";
+};
+
+zone "mbr.netz" {
+   type slave;
+   file "/etc/bind/slave/db.mbr.netz";
+   masters { 192.168.112.10; };
+};
diff --git a/MBR/bind/named.conf.local.ORIG b/MBR/bind/named.conf.local.ORIG
new file mode 100644
index 0000000..7a57b10
--- /dev/null
+++ b/MBR/bind/named.conf.local.ORIG
@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
diff --git a/MBR/bind/named.conf.options b/MBR/bind/named.conf.options
new file mode 100644
index 0000000..f22413c
--- /dev/null
+++ b/MBR/bind/named.conf.options
@@ -0,0 +1,97 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	auth-nxdomain no;    # conform to RFC1035
+
+   // Security options
+   listen-on port 53 {
+      127.0.0.1;
+      192.168.112.1;
+   };
+
+   allow-query {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/8;
+      172.16.0/12;
+   };
+
+   // caching name services
+   recursion yes;
+   allow-recursion {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/16;
+      172.16.0/12;
+   };
+
+   allow-transfer { none; };
+
+	listen-on-v6 { any; };
+
+	check-names slave  ignore;
+};
+
+
+logging {
+   channel simple_log {
+      file "/var/log/named/bind.log" versions 3 size 5m;
+      //severity warning;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category  yes;
+   };
+   channel queries_log {
+      file "/var/log/named/query.log" versions 10 size 5m;
+      severity debug;
+      //severity notice;
+      print-time yes;
+      print-severity yes;
+      print-category no;
+   };
+   channel log_zone_transfers {
+      file "/var/log/named/axfr.log" versions 5 size 2m;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   category resolver {
+      queries_log;
+   };
+   category queries {
+      queries_log;
+   };
+   category xfer-in {
+      log_zone_transfers;
+   };
+   category xfer-out {
+      log_zone_transfers;
+   };
+   category notify {
+      log_zone_transfers;
+   };
+   category default{
+      simple_log;
+   };
+};
diff --git a/MBR/bind/named.conf.options.ORIG b/MBR/bind/named.conf.options.ORIG
new file mode 100644
index 0000000..b1bef51
--- /dev/null
+++ b/MBR/bind/named.conf.options.ORIG
@@ -0,0 +1,26 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/MBR/bind/rndc.key b/MBR/bind/rndc.key
new file mode 100644
index 0000000..9f7d616
--- /dev/null
+++ b/MBR/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "/tSHIKySQHHdATfB4yUyuQ==";
+};
diff --git a/MBR/bind/slave/db.mbr.netz b/MBR/bind/slave/db.mbr.netz
new file mode 100644
index 0000000..b6fdf4e
Binary files /dev/null and b/MBR/bind/slave/db.mbr.netz differ
diff --git a/MBR/bind/slave/db.mbr.netz.jnl b/MBR/bind/slave/db.mbr.netz.jnl
new file mode 100644
index 0000000..ca245fa
Binary files /dev/null and b/MBR/bind/slave/db.mbr.netz.jnl differ
diff --git a/MBR/bind/zones.rfc1918 b/MBR/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/MBR/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/MBR/cron_root.MBR b/MBR/cron_root.MBR
new file mode 100644
index 0000000..4e9dc38
--- /dev/null
+++ b/MBR/cron_root.MBR
@@ -0,0 +1,39 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.OeRUKo/crontab installed on Tue Dec 19 01:18:53 2017)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+PATH=/root/bin:/root/bin/admin-stuff:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# check forwarding ( /proc/sys/net/ipv4/ip_forward contains "1" )
+# if not set this entry to "1"
+#
+0-59/2 * * * * /root/bin/monitoring/check_forwarding.sh
+
+# check if openvpn is running if not restart the service
+#
+0-59/30 * * * * /root/bin/monitoring/check_vpn.sh
+
+# - Copy gateway configuration
+# -
+09 3 * * * /root/bin/manage-gw-config/copy_gateway-config.sh MBR
diff --git a/MBR/ddclient.conf.MBR b/MBR/ddclient.conf.MBR
new file mode 100644
index 0000000..7d14870
--- /dev/null
+++ b/MBR/ddclient.conf.MBR
@@ -0,0 +1,14 @@
+# Configuration file for ddclient generated by debconf
+#
+# /etc/ddclient.conf
+
+protocol=dyndns2
+use=web, web=checkip.dyndns.com, web-skip='IP Address'
+server=members.dyndns.org
+login=ckubu
+password='7213b4e6178a11e6ab1362f831f6741e'
+mbr-bln.homelinux.org
+
+ssl=yes
+mail=argus@oopen.de
+mail-failure=root
diff --git a/MBR/default_isc-dhcp-server.MBR b/MBR/default_isc-dhcp-server.MBR
new file mode 100644
index 0000000..643b2bc
--- /dev/null
+++ b/MBR/default_isc-dhcp-server.MBR
@@ -0,0 +1,18 @@
+# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
+#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPDv4_PID=/var/run/dhcpd.pid
+#DHCPDv6_PID=/var/run/dhcpd6.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="eth1"
+#INTERFACESv6=""
diff --git a/MBR/dhcpd.conf.MBR b/MBR/dhcpd.conf.MBR
new file mode 100644
index 0000000..5916a69
--- /dev/null
+++ b/MBR/dhcpd.conf.MBR
@@ -0,0 +1,404 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.112.255;
+
+
+#option domain-name "example.org";
+#option domain-name-servers ns1.example.org, ns2.example.org;
+
+option domain-name-servers nscache.mbr-bln.netz;
+option domain-name "mbr-bln.netz";
+
+option routers gw-mbr.mbr-bln.netz;
+
+
+default-lease-time 600;
+max-lease-time 7200;
+#default-lease-time 86400;
+#max-lease-time 259200;
+
+
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+subnet 192.168.112.0 netmask 255.255.255.0 {
+
+   range 192.168.112.161 192.168.112.190;
+
+   # --- 192.168.102.160/27 ---
+   # network address....: 192.168.112.160
+   # Broadcast address..: 192.168.112.191
+   # netmask............: 255.255.255.224
+   # network range......: 192.168.112.160 - 192.168.112.191
+   # Usable range.......: 192.168.112.161 - 192.168.112.190
+
+
+   option domain-name-servers file-mbr.mbr-bln.netz, nscache.mbr-bln.netz;
+   option domain-name "mbr-bln.netz";
+   option domain-search "mbr.netz", "mbr-bln.netz";
+
+   option subnet-mask 255.255.255.0;
+   option broadcast-address 192.168.112.255;
+   option routers gw-mbr.mbr-bln.netz;
+
+   default-lease-time 86400;
+   max-lease-time 259200;
+}
+
+## - group domain
+group {
+
+   default-lease-time 86400;
+   max-lease-time 259200;
+
+   host file-mbr {
+      hardware ethernet 00:25:90:7e:9d:68;
+      fixed-address file-mbr.mbr-bln.netz ;
+   }
+   host file-ipmi {
+      hardware ethernet ac:1f:6b:05:11:de ;
+      fixed-address file-ipmi.mbr-bln.netz ;
+   }
+   host file-ipmi-alt {
+      hardware ethernet 00:25:90:7e:9a:8b ;
+      fixed-address file-ipmi-alt.mbr-bln.netz ;
+   }
+   host file-win10 {
+      hardware ethernet 52:54:00:21:dd:d4;
+      fixed-address file-win10.mbr-bln.netz ;
+   }
+
+   host file-win7-alt {
+      hardware ethernet 52:54:00:a2:e3:93;
+      fixed-address file-win7-alt.mbr-bln.netz ;
+   }
+
+   host drucker-triumph {
+      hardware ethernet 00:c0:ee:1a:9b:f6;
+      fixed-address drucker-triumph.mbr-bln.netz ;
+   }
+
+   host drucker-samsung {
+      hardware ethernet 00:15:99:5e:3b:f3;
+      fixed-address drucker-samsung.mbr-bln.netz ;
+   }
+
+   host canon-lpb712cx {
+      hardware ethernet 60:12:8b:db:88:b2;
+      fixed-address canon-lpb712cx.mbr-bln.netz ;
+   }
+
+   host camera {
+      hardware ethernet 00:40:8c:99:eb:b1;
+      fixed-address camera.mbr-bln.netz ;
+   }
+
+   host pc101 {
+      hardware ethernet 54:04:a6:0a:73:25;
+      fixed-address pc101.mbr-bln.netz ;
+   }
+
+   host pc130 {
+      hardware ethernet 80:ee:73:b9:8e:9c;
+      fixed-address pc130.mbr-bln.netz ;
+   }
+   
+   host pc102 {
+      hardware ethernet 54:04:a6:0a:5f:a3;
+      fixed-address pc102.mbr-bln.netz ;
+   }
+   
+   host pc103 {
+      hardware ethernet 00:19:66:22:79:92;
+      fixed-address pc103.mbr-bln.netz ;
+   }
+   
+   host pc104 {
+      hardware ethernet 00:19:66:92:dd:34;
+      fixed-address pc104.mbr-bln.netz ;
+   }
+   
+   host pc105 {
+      hardware ethernet 54:04:a6:0a:5f:84;
+      fixed-address pc105.mbr-bln.netz ;
+   }
+   
+   host pc106 {
+      hardware ethernet 20:cf:30:5c:60:6a;
+      fixed-address pc106.mbr-bln.netz ;
+   }
+   
+   host pc107 {
+      hardware ethernet 54:04:a6:0a:72:d9;
+      fixed-address pc107.mbr-bln.netz ;
+   }
+  
+   host pc108 {
+      hardware ethernet 00:19:66:71:d7:84;
+      fixed-address pc108.mbr-bln.netz ;
+   }
+   
+   host pc109 {
+      hardware ethernet 00:1f:e2:54:0f:b9;
+      fixed-address pc109.mbr-bln.netz ;
+   }
+   
+   host pc110 {
+      hardware ethernet 00:25:11:59:2e:0f;
+      fixed-address pc110.mbr-bln.netz ;
+   }
+   
+   host pc111 {
+      hardware ethernet 00:19:66:2d:35:fb;
+      fixed-address pc111.mbr-bln.netz ;
+   }
+   
+   host pc112 {
+      hardware ethernet 00:19:66:6a:86:fc;
+      fixed-address pc112.mbr-bln.netz ;
+   }
+   
+   host pc113 {
+      hardware ethernet 00:19:66:42:1f:4e;
+      fixed-address pc113.mbr-bln.netz ;
+   }
+   
+   host pc114 {
+      hardware ethernet 00:19:66:92:80:9e;
+      fixed-address pc114.mbr-bln.netz ;
+   }
+   
+   host pc115 {
+      hardware ethernet 00:13:8f:88:4b:d3 ;
+      fixed-address pc115.mbr-bln.netz ;
+   }
+   
+   host pc116 {
+      hardware ethernet 54:04:a6:f2:17:8e ;
+      fixed-address pc116.mbr-bln.netz ;
+   }
+   
+   #host pc117 {
+   #   hardware ethernet ;
+   #   fixed-address pc117.mbr-bln.netz ;
+   #}
+   
+   host pc118 {
+      hardware ethernet 00:22:4D:88:4B:BE ;
+      fixed-address pc118.mbr-bln.netz ;
+   }
+   
+   host pc119 {
+      hardware ethernet 00:22:4D:88:4B:B2;
+      fixed-address pc119.mbr-bln.netz ;
+   }
+   
+   host pc120 {
+      hardware ethernet 00:22:4d:88:48:c7;
+      fixed-address pc120.mbr-bln.netz ;
+   }
+   
+   host pc121 {
+      hardware ethernet 00:22:4d:88:4b:33;
+      fixed-address pc121.mbr-bln.netz ;
+   }
+   
+   host pc122 {
+      hardware ethernet 00:22:4d:88:4b:dc ;
+      fixed-address pc122.mbr-bln.netz ;
+   }
+   
+   host pc123 {
+      hardware ethernet 00:22:4d:88:4b:d0 ;
+      fixed-address pc123.mbr-bln.netz ;
+   }
+   
+   host pc124 {
+      hardware ethernet 74:d4:35:8d:0d:8c ;
+      fixed-address pc124.mbr-bln.netz ;
+   }
+   
+   host pc125 {
+      hardware ethernet 20:25:64:0c:55:ca ;
+      fixed-address pc125.mbr-bln.netz ;
+   }
+   
+   host pc126 {
+      hardware ethernet 20:25:64:0c:55:6b ;
+      fixed-address pc126.mbr-bln.netz ;
+   }
+   
+   host pc127 {
+      hardware ethernet 74:d4:35:be:a4:5a ;
+      fixed-address pc127.mbr-bln.netz ;
+   }
+   
+   host pc128 {
+      hardware ethernet 80:ee:73:b5:e2:95 ;
+      fixed-address pc128.mbr-bln.netz ;
+   }
+   
+   host pc129 {
+      hardware ethernet 80:ee:73:b5:e4:50 ;
+      fixed-address pc129.mbr-bln.netz ;
+   }
+   
+   host pc131 {
+      hardware ethernet 80:ee:73:b7:d2:c3 ;
+      fixed-address pc131.mbr-bln.netz ;
+   }
+   
+   host pc132 {
+      hardware ethernet 80:ee:73:bd:ad:57 ;
+      fixed-address pc132.mbr-bln.netz ;
+   }
+   
+   host pc133 {
+      hardware ethernet 80:ee:73:c0:7f:fb ;
+      fixed-address pc133.mbr-bln.netz ;
+   }
+   
+   host pc134 {
+      hardware ethernet 80:ee:73:c5:e8:39 ;
+      fixed-address pc134.mbr-bln.netz ;
+   }
+   
+   host pc135 {
+      hardware ethernet 80:ee:73:c5:e6:5f ;
+      fixed-address pc135.mbr-bln.netz ;
+   }
+   
+   #host pc136 {
+   #   hardware ethernet ;
+   #   fixed-address pc136.mbr-bln.netz ;
+   #}
+   
+   host pc137 {
+      hardware ethernet 80:ee:73:c5:e7:4f ;
+      fixed-address pc137.mbr-bln.netz ;
+   }
+   
+   host pc138 {
+      hardware ethernet 80:ee:73:c9:91:d7 ;
+      #hardware ethernet 80:ee:73:c9:91:d8 ;
+      fixed-address pc138.mbr-bln.netz ;
+   }
+
+   host lap151 {
+      hardware ethernet f0:de:f1:67:d1:9d;
+      fixed-address lap151.mbr-bln.netz ;
+   }
+
+   host devil {
+      hardware ethernet 5c:ff:35:01:e9:03;
+      fixed-address devil.mbr-bln.netz ;
+   }
+   # kvm windows 7 on sol
+   host kvm-win7 {
+      hardware ethernet 52:54:00:e4:f9:81;
+      fixed-address kvm-win7.mbr-bln.netz ;
+   }
+}
+
+subnet 192.168.63.0 netmask 255.255.255.0 {
+}
+ 
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/MBR/dhcpd6.conf.MBR b/MBR/dhcpd6.conf.MBR
new file mode 100644
index 0000000..87786b4
--- /dev/null
+++ b/MBR/dhcpd6.conf.MBR
@@ -0,0 +1,102 @@
+# Server configuration file example for DHCPv6
+# From the file used for TAHI tests - addresses chosen
+# to match TAHI rather than example block.
+
+# IPv6 address valid lifetime
+#  (at the end the address is no longer usable by the client)
+#  (set to 30 days, the usual IPv6 default)
+default-lease-time 2592000;
+
+# IPv6 address preferred lifetime
+#  (at the end the address is deprecated, i.e., the client should use
+#   other addresses for new connections)
+#  (set to 7 days, the	usual IPv6 default)
+preferred-lifetime 604800;
+
+# T1, the delay before Renew
+#  (default is 1/2 preferred lifetime)
+#  (set to 1 hour)
+option dhcp-renewal-time 3600;
+
+# T2, the delay before Rebind (if Renews failed)
+#  (default is 3/4 preferred lifetime)
+#  (set to 2 hours)
+option dhcp-rebinding-time 7200;
+
+# Enable RFC 5007 support (same than for DHCPv4)
+allow leasequery;
+
+# Global definitions for name server address(es) and domain search list
+option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
+option dhcp6.domain-search "test.example.com","example.com";
+
+# Set preference to 255 (maximum) in order to avoid waiting for
+# additional servers when there is only one
+##option dhcp6.preference 255;
+
+# Server side command to enable rapid-commit (2 packet exchange)
+##option dhcp6.rapid-commit;
+
+# The delay before information-request refresh
+#  (minimum is 10 minutes, maximum one day, default is to not refresh)
+#  (set to 6 hours)
+option dhcp6.info-refresh-time 21600;
+
+# Static definition (must be global)
+#host myclient {
+#	# The entry is looked up by this
+#	host-identifier option
+#		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
+#
+#	# A fixed address
+#	fixed-address6 3ffe:501:ffff:100::1234;
+#
+#	# A fixed prefix
+#	fixed-prefix6 3ffe:501:ffff:101::/64;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
+#
+#	# For debug (to see when the entry statements are executed)
+#	#  (log "sol" when a matching Solicitation is received)
+#	##if packet(0,1) = 1 { log(debug,"sol"); }
+#}
+#
+#host otherclient {
+#        # This host entry is hopefully matched if the client supplies a DUID-LL
+#        # or DUID-LLT containing this MAC address.
+#        hardware ethernet 01:00:80:a2:55:67;
+#
+#        fixed-address6 3ffe:501:ffff:100::4321;
+#}
+
+# The subnet where the server is attached
+#  (i.e., the server has an address in this subnet)
+#subnet6 3ffe:501:ffff:100::/64 {
+#	# Two addresses available to clients
+#	#  (the third client should get NoAddrsAvail)
+#	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
+#
+#	# Use the whole /64 prefix for temporary addresses
+#	#  (i.e., direct application of RFC 4941)
+#	range6 3ffe:501:ffff:100:: temporary;
+#
+#	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
+#	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
+#}
+
+# A second subnet behind a relay agent
+#subnet6 3ffe:501:ffff:101::/64 {
+#	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
+#
+#}
+
+# A third subnet behind a relay agent chain
+#subnet6 3ffe:501:ffff:102::/64 {
+#	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
+#}
diff --git a/MBR/hostname.MBR b/MBR/hostname.MBR
new file mode 100644
index 0000000..d90e02f
--- /dev/null
+++ b/MBR/hostname.MBR
@@ -0,0 +1 @@
+gw-mbr
diff --git a/MBR/hosts.MBR b/MBR/hosts.MBR
new file mode 100644
index 0000000..3446101
--- /dev/null
+++ b/MBR/hosts.MBR
@@ -0,0 +1,7 @@
+127.0.0.1	localhost
+127.0.1.1	gw-mbr.mbr.netz	gw-mbr
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/MBR/interfaces.MBR b/MBR/interfaces.MBR
new file mode 100644
index 0000000..a6ebc46
--- /dev/null
+++ b/MBR/interfaces.MBR
@@ -0,0 +1,49 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+#-----------------------------
+# eth2 - WAN
+#-----------------------------
+
+auto eth2
+iface eth2 inet static
+   address 172.16.112.1
+   network 172.16.112.0
+   netmask 255.255.255.0
+   broadcast 172.16.112.255
+   gateway 172.16.112.254
+
+
+#-----------------------------
+# eth1 - LAN + WLAN
+#-----------------------------
+
+auto eth1 eth1:ns
+iface eth1 inet static
+   address 192.168.112.254
+   network 192.168.112.0
+   netmask 255.255.255.0
+   broadcast 192.168.112.255
+iface eth1:ns inet static
+   address 192.168.112.1
+   network 192.168.112.0
+   netmask 255.255.255.0
+   broadcast 192.168.112.255
+
+## - wlan
+iface eth1:1 inet static
+   address 192.168.113.254
+   network 192.168.113.0
+   netmask 255.255.255.0
+   broadcast 192.168.113.255
+
+
+# The primary network interface
+#allow-hotplug enp0s20f2
+#iface enp0s20f2 inet dhcp
diff --git a/MBR/ipt-firewall.service.MBR b/MBR/ipt-firewall.service.MBR
new file mode 100644
index 0000000..9842090
--- /dev/null
+++ b/MBR/ipt-firewall.service.MBR
@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+SyslogIdentifier="ipt-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/MBR/ipt-firewall/default_ports.conf b/MBR/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..a6ee932
--- /dev/null
+++ b/MBR/ipt-firewall/default_ports.conf
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/MBR/ipt-firewall/include_functions.conf b/MBR/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/MBR/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/MBR/ipt-firewall/interfaces_ipv4.conf b/MBR/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..0619130
--- /dev/null
+++ b/MBR/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="eth1"
+local_if_2=""
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/MBR/ipt-firewall/load_modules_ipv4.conf b/MBR/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/MBR/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/MBR/ipt-firewall/load_modules_ipv6.conf b/MBR/ipt-firewall/load_modules_ipv6.conf
new file mode 100644
index 0000000..2c55689
--- /dev/null
+++ b/MBR/ipt-firewall/load_modules_ipv6.conf
@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle
diff --git a/MBR/ipt-firewall/logging_ipv4.conf b/MBR/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..e653972
--- /dev/null
+++ b/MBR/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/MBR/ipt-firewall/logging_ipv6.conf b/MBR/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..a024215
--- /dev/null
+++ b/MBR/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/MBR/ipt-firewall/main_ipv4.conf b/MBR/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..5763282
--- /dev/null
+++ b/MBR/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1374 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+
+_ips="$(ip a | grep "inet " | awk '{print$2}' | cut -d'/' -f1)"
+for _ip in $_ips ; do
+   gateway_ipv4_address_arr+=("$_ip")
+done
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# - =====
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                      86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip=""
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks="192.168.113.0/24"
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - Ist this Gateway DHCP Client?
+# - 
+# - local_dhcp_client_interfaces="<interface1> [<interface> [.."
+# -
+# - Example:
+# -    dhcp_client_interfaces="$ext_if_static_1"
+# -
+dhcp_client_interfaces=""
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips="192.168.112.10"
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - 192.168.112.35      Camera
+# -
+# - Blank separated list
+# -
+http_server_only_local_ips="192.168.112.35 192.168.112.7"
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - SMTP server (i.e. mail relay service) Gateway
+# -
+local_smtp_service=false
+
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+# - 192.168.112.10: file-mbr.mbr-bln.netz (Samba)
+# - 192.168.112.20: file-win7.mbr-bln.netz (Windows 7 Domain Controller)
+# -
+samba_server_local_ips="192.168.112.10 192.168.112.20"
+
+# - Samba Service DMZ
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+# - Blank separated list of ip's
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips="192.168.112.0/24"
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=false
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - 172.16.112.15:    IPMI Gateway
+# - 192.168.112.15:   IPMI Fileserver
+# - 192.168.112.201:  IPMI Fileserver - ALT
+# - Blank seoarated list
+# -
+ipmi_server_ips="172.16.112.15 192.168.112.15 192.168.112.201"
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_ports="623 5900"
+ipmi_tcp_ports="80 443 623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - 192.168.112.5       Drucker Triumph (Stand-Copiergerät)
+# - 192.168.112.6       Samsung Drucker
+# - 192.168.112.7       Canon LPB712Cx
+# -
+# - Blank separated list
+# -
+printer_ips="192.168.112.5 192.168.112.6 192.168.112.7 169.254.152.131"
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips=""
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade (NAT) networks
+# -
+# -    nat_networks="<src-network>:<output-device> [<src-network>:<output-device>] [.."
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -    nat_network="172.16.1.0/24:${local_if_2}
+# -                 172.16.63.0/24:${ext_if_static_1}"
+# -
+# - 172.16.1.0/24    Rescue network (routers)
+# -
+nat_networks="
+   169.254.0.0/16:${local_if_1}"
+
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+# -    192.168.64.55: Repeater TP-Link TL-WA850RE
+# -
+# - Blank separated list
+# -
+masquerade_tcp_cons="
+   192.168.0.0/16:172.16.112.254:80:${ext_if_static_1}
+   192.168.0.0/16:172.16.112.254:4433:${ext_if_static_1}
+   10.0.0.0/8:172.16.112.254:80:${ext_if_static_1}
+   10.0.0.0/8:172.16.112.254:4433:${ext_if_static_1}"
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations (blank separated list) are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# - Blank separated list
+# -
+portforward_tcp=""
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations (blank separated list) are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+allow_cisco_vpn_out=true
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=false
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=false
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=false
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14"
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/MBR/ipt-firewall/post_decalrations.conf b/MBR/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..7d0e9bf
--- /dev/null
+++ b/MBR/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/MBR/mailname.MBR b/MBR/mailname.MBR
new file mode 100644
index 0000000..60a5f3a
--- /dev/null
+++ b/MBR/mailname.MBR
@@ -0,0 +1 @@
+gw-mbr.mbr-bln.netz
diff --git a/MBR/main.cf.MBR b/MBR/main.cf.MBR
new file mode 100644
index 0000000..6a3c49f
--- /dev/null
+++ b/MBR/main.cf.MBR
@@ -0,0 +1,268 @@
+# ============ Basic settings ============
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+
+## - The Internet protocols Postfix will attempt to use when making 
+## - or accepting connections.
+## - DEFAULT: ipv4
+inet_protocols = ipv4
+
+#inet_interfaces = all
+inet_interfaces =
+   127.0.0.1
+   #172.16.112.2
+
+myhostname = gw-mbr.mbr-bln.netz
+
+mydestination = 
+   gw-mbr.mbr-bln.netz
+   localhost
+
+## - The list of "trusted" SMTP clients that have more 
+## - privileges than "strangers"
+## -
+mynetworks = 
+   127.0.0.0/8
+   #172.16.112.2/32
+
+#smtp_bind_address = 172.16.112.2
+#smtp_bind_address6 = 
+
+
+## - The method to generate the default value for the mynetworks parameter.
+## -
+## -   mynetworks_style = host" when Postfix should "trust" only the local machine
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -                       clients in the same IP subnetworks as the local machine.
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -                      IP class A/B/C networks as the local machine.
+## -
+#mynetworks_style = host
+
+
+## - The maximal size of any local(8) individual mailbox or maildir file, 
+## - or zero (no limit). In fact, this limits the size of any file that is 
+## - written to upon local delivery, including files written by external 
+## - commands that are executed by the local(8) delivery agent. 
+## -
+mailbox_size_limit = 0
+
+## - The maximal size in bytes of a message, including envelope information.
+## -
+## - we user 50MB
+## -
+message_size_limit = 52480000
+
+## - The system-wide recipient address extension delimiter
+## -
+recipient_delimiter = +
+
+## - The alias databases that are used for local(8) delivery.
+## -
+alias_maps =
+   hash:/etc/aliases
+
+## - The alias databases for local(8) delivery that are updated 
+## - with "newaliases" or with "sendmail -bi". 
+## -
+alias_database =
+   hash:/etc/aliases
+
+
+## - The maximal time a message is queued before it is sent back as 
+## - undeliverable. Defaults to 5d (5 days)
+## - Specify 0 when mail delivery should be tried only once.
+## - 
+maximal_queue_lifetime = 3d
+bounce_queue_lifetime = $maximal_queue_lifetime
+
+## - delay_warning_time (default: 0h)
+## -
+## - The time after which the sender receives a copy of the message 
+## - headers of mail that is still queued. To enable this feature, 
+## - specify a non-zero time value (an integral value plus an optional 
+## - one-letter suffix that specifies the time unit). 
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
+## - The default time unit is h (hours). 
+delay_warning_time = 1d
+
+
+
+# ============ Relay parameters ============
+
+#relayhost =
+
+
+# ============ SASL authentication ============
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+
+
+
+# ============ TLS parameters ============
+
+## - Aktiviert TLS für den Mailempfang
+## -
+## - may:
+## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - SMTP server, otherwise use plaintext
+## -
+## - This overrides the obsolete parameters smtpd_use_tls and 
+## - smtpd_enforce_tls. This parameter is ignored with 
+## - "smtpd_tls_wrappermode = yes".
+#smtpd_use_tls=yes
+smtp_tls_security_level=encrypt
+
+## - Aktiviert TLS für den Mailversand
+## -
+## - may:
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - but do not require that clients use TLS encryption.
+# smtp_use_tls=yes
+smtpd_tls_security_level=may
+
+## -    0 Disable logging of TLS activity. 
+## -    1 Log TLS handshake and certificate information. 
+## -    2 Log levels during TLS negotiation. 
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
+
+smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
+smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024
+## -
+#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
+## - also possible to use 2048 key with that parameter
+## -
+smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512
+## -
+smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
+
+
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
+## - server certificates or intermediate CA certificates. These are loaded into 
+## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
+## - 
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - necessary "hash" links with, for example, "
+## - /bin/c_rehash /etc/postfix/certs". 
+## -
+## - !! Note !!
+## - To use this option in chroot mode, this directory (or a copy) must be inside 
+## - the chroot jail. 
+## -
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - queue directory (/var/spool/postfix)
+## -
+#smtpd_tls_CApath = /etc/postfix/certs
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP server 
+# 
+# List of TLS protocols that the Postfix SMTP server will exclude or  
+# include with opportunistic TLS encryption.  
+smtpd_tls_protocols = !SSLv2, !SSLv3
+# 
+# The SSL/TLS protocols accepted by the Postfix SMTP server  
+# with mandatory TLS encryption. 
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP client 
+#  
+# List of TLS protocols that the Postfix SMTP client will exclude or  
+# include with opportunistic TLS encryption.  
+smtp_tls_protocols = !SSLv2, !SSLv3
+# 
+# List of SSL/TLS protocols that the Postfix SMTP client will use  
+# with mandatory TLS encryption 
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
+## -    openssl > 1.0
+## -
+smtpd_tls_eecdh_grade = strong
+
+# standard list cryptographic algorithm
+tls_preempt_cipherlist = yes
+
+# Disable ciphers which are less than 256-bit:
+#
+#smtpd_tls_mandatory_ciphers = high
+#
+# opportunistic
+smtpd_tls_ciphers = high
+
+
+# Exclude ciphers
+#smtpd_tls_exclude_ciphers =
+#   RC4
+#   aNULL
+#   SEED-SHA
+#   EXP
+#   MD5
+smtpd_tls_exclude_ciphers =
+   aNULL
+   eNULL
+   EXPORT
+   DES
+   RC4
+   MD5
+   PSK
+   aECDH
+   EDH-DSS-DES-CBC3-SHA
+   EDH-RSA-DES-CDC3-SHA
+   KRB5-DE5, CBC3-SHA
+
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
diff --git a/MBR/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-MBR-gw-ckubu b/MBR/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-MBR-gw-ckubu
new file mode 100644
index 0000000..1addbe1
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-MBR-gw-ckubu
@@ -0,0 +1,3 @@
+ifconfig-push 10.1.112.2 255.255.255.0
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0
diff --git a/MBR/openvpn/gw-ckubu/crl.pem b/MBR/openvpn/gw-ckubu/crl.pem
new file mode 100644
index 0000000..2031d64
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/crl.pem
@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC6TCB0jANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIxEDAOBgNVBCkT
+B1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZRcNMTcx
+MjE4MjEyODQ3WhcNNDkxMjE4MjEyODQ3WjANBgkqhkiG9w0BAQsFAAOCAgEAqs9Y
+cggwWSmE4gncdcp/UuPs08KMIi7lfGzvVSzH/45V64nWuPOBApcKNSx8rQPDLGmz
+VRfEUh1L8rgVJ0q4f9xrjHETbf9jrT25q2hZTjNjApieOmu0OEaJiDjXer2EOuzo
+QkTstBnJtWzDDD6UiALFuVunlgOYx7H9ZuFYBk4de9xd3xj7KtvWNDwqhBk233K4
+oirbLkBjO2yS6fZcK5jg+EMHbTQrNUz5MPNrFBzxmrfphtXKFx5ZiuT4TZbGv+/c
+1fC0mVhaqd1wcH9YjrEHRmYq3XjvLBIWv28r5+SdoXf4ZvAbDgHasQbXlT5VsE/7
+TfHnRYVxvidrMChf2OX9ZE4mHNR5n254xYRJxcndn7YL9MmV2YT3zBpiXiRIjA32
+kwqC7KyHS0nmO2c0qNXb2zylqYmrXJscxHHb05dmEs0UnZm8EOw854PG+Nx+HZA2
+jlvd55Qvud4CuaGu3lzOcFbaoJmLwslibhVzSD9fbOx3bhkuHy9pxEQOvZVRa16V
+bn7GhJBBYt8PspAGnSImIzwkYkhG6mBsq+IXCI/YAh3KMd6JgqmypgjbYMeWrRVy
+kyUp8tZ4E4XZmhMu93T1sUsf+Mjg569zv/9l/rX+O3ka2U+hH+/CmBQ3D5Jv9k7M
+NDLwskSg0I9LHqoZ5NAyhdXG6k2GQuLRA4PLS78=
+-----END X509 CRL-----
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/build-ca b/MBR/openvpn/gw-ckubu/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/build-dh b/MBR/openvpn/gw-ckubu/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/build-inter b/MBR/openvpn/gw-ckubu/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/build-key b/MBR/openvpn/gw-ckubu/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/build-key-pass b/MBR/openvpn/gw-ckubu/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12 b/MBR/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/build-key-server b/MBR/openvpn/gw-ckubu/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/build-req b/MBR/openvpn/gw-ckubu/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/build-req-pass b/MBR/openvpn/gw-ckubu/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/clean-all b/MBR/openvpn/gw-ckubu/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/inherit-inter b/MBR/openvpn/gw-ckubu/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/list-crl b/MBR/openvpn/gw-ckubu/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf b/MBR/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf b/MBR/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf b/MBR/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..30689ad
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG b/MBR/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
new file mode 100644
index 0000000..c301e44
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/openssl.cnf b/MBR/openvpn/gw-ckubu/easy-rsa/openssl.cnf
new file mode 120000
index 0000000..929baa7
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/openssl.cnf
@@ -0,0 +1 @@
+/etc/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/pkitool b/MBR/openvpn/gw-ckubu/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/revoke-full b/MBR/openvpn/gw-ckubu/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/sign-req b/MBR/openvpn/gw-ckubu/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/vars b/MBR/openvpn/gw-ckubu/easy-rsa/vars
new file mode 100644
index 0000000..88d365e
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/vars
@@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/gw-ckubu"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="O.OPEN"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="ckubu-adm@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN MBR"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-MBR"
+
+export KEY_ALTNAMES="VPN MBR"
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/vars.2017-12-18-2133 b/MBR/openvpn/gw-ckubu/easy-rsa/vars.2017-12-18-2133
new file mode 100644
index 0000000..e60420c
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/vars.2017-12-18-2133
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/MBR/openvpn/gw-ckubu/easy-rsa/whichopensslcnf b/MBR/openvpn/gw-ckubu/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/gw-ckubu.conf b/MBR/openvpn/gw-ckubu/gw-ckubu.conf
new file mode 100644
index 0000000..bea27bb
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/gw-ckubu.conf
@@ -0,0 +1,258 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-mbr.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIG1jCCBL6gAwIBAgIJANEahjl9dpJcMA0GCSqGSIb3DQEBCwUAMIGiMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUt
+YWRtQG9vcGVuLmRlMB4XDTE3MTIxODIwMzc1MVoXDTQ5MTIxODIwMzc1MVowgaIx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYD
+VQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJj
+a3VidS1hZG1Ab29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCxgVOFpm61twgXerJYeVjTi7Kv4R/aOxh9UCXqjJN6cfR2Dhj5CX07fIf7Ed0S
+8s+xBrwl3PZXACiz3CkTP7Zygw4TtYyUuTvvjzfcJfE+hv7SeYxOU/YYVlznGbqC
+o8R9uNJYKeKEJnX2oo9RnR3Q10d03twKFlm50Rv8L4Oi502Qo5gaeLMP2D81rz4o
+UcEVWU1PtnblkV7ARQOR0QF77ea3UwM5pnBxD0UnsaH4tJc7MwDSUxaDaiUZ9ecE
+sJ0+ZaTrsgB//kbF3iB0cjBs1/Qfz8vgQMVpOax6lckZZ4WKwdo3iOckglvjh6NU
+SED6H8ru2p6bmfyqjMMzpj4AQw+BYFQhDuXQpx9d5vyxS+fjW1qDVGG84Ahaj6pf
+XdznK5BXygnyItcD5Q4ZHQdz1GqCL1LdcNXiurWbSvUYLlIpotMxePEmncv006hx
+YvbLzjvsAGfsbs2gnx9IxCi+sPiFacWvpYolVdd8l67kDAihG8iokTR3wpHM6Xe6
+vD49xDnd86rRSn30dDgxsWSI8lyh15akAhzS2dUk/8aX7lIcpFNTPBJHppXalrsx
+4wuXAR/78v2eiLpdORBerzIYjgyzcpsZZZe85BrkhKi3mgu1tJZMH1yhRKvgUhnu
+K1HF8AgBi63YTvari6R1HiTtKXZqaxlJ4d3/OwIjvcxa5QIDAQABo4IBCzCCAQcw
+HQYDVR0OBBYEFGHocrkyEFyjv6enWR014LS1UYD7MIHXBgNVHSMEgc8wgcyAFGHo
+crkyEFyjv6enWR014LS1UYD7oYGopIGlMIGiMQswCQYDVQQGEwJERTEPMA0GA1UE
+CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcG
+A1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UE
+KRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA
+0RqGOX12klwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAdTsZUi6m
+BS0MqhTwPmCF2bjFOwFs+oHpEIRKwBQXSFJfOysFl6RPgn9PlmsGmNmn/2gH7GTN
+YMjPjnlArRZTVhcULG7IsabXCAgWIXcxwYciCmtFAse15kda/EUohP2yG4EIJURK
+cUCK/fer3Blh63t+K0/Dq9eWJ4bVrfLoYp+Fl+ciomQhQXz9pZrgGSvDZLGg0upi
+zGPsrEJHT+zPcJfQunZHXGF36eq5uWMuB83WYhvE8rNwz4OIDhLlongt2Lf/gWP7
+rpVlDzNarOc2tl800C3/UePtAhEr4Nr3UYcbV7Nb063o0nGklxIr3FE5jMkzOj3p
+q8Lyd+wHqPG18ysXaSbyCAjXSOQ4OjIOz1tPC3QabycNkrV4QGN6KlJypfJ16P7t
+2ui2HB1bfX9wbwXOHxjDlx7mssaaygI3+RVB5yjJGJs286AO+YInWul6T3kPAZNn
+EXhjZz8fOjRsaKR4dVZfI6/zzyg7vv++iNQ2/yNe11Bcjo5jwpuKZyFmmFpj9xoL
+0uCOJnnHrhqIfy/LVTH+b9K3UQDgBHd3InFKt/Uy1rMNyBbH0tcnj2PZGct7Mg2G
+vIgjygOKrYJytFrVtHFw2xKGIW40ohy7JzXTPjTFUj2q5GtVcGLIBiryOlTz3bsv
+s4eV4pJgMrNqR14qsRN3HvAvf4DLigpuYR8=
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHOjCCBSKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
+EDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
+bi5kZTAeFw0xNzEyMTgyMzMzMzBaFw0zNzEyMTgyMzMzMzBaMIGrMQswCQYDVQQG
+EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
+Bk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQVlBO
+LU1CUi1ndy1ja3VidTEQMA4GA1UEKRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYS
+Y2t1YnUtYWRtQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEAx/Q0+5i0lCTsMpXtQfxqi/OWcGOgWG50lqapVshmCOXKh5JT5bWRYqpumOYB
+T2VLprpWnurVCkksKO5U/rMISRxmKckThTgyG9GJLkw9we8gXxXGHfdfSo1mnY48
+9J3+pp7r+C3OSVGceBv1IGvkVRRAS2jL5IKi8TBE3YSbvPQ0Bm9CHAWXtDKE85a0
+ocj++z26WvmuCnl5mYbs39LwKbusYOzEQN+ffuTU24PKQk5R32YqxOiCxQr9kgi8
+m9CUtO3BVgF8hJBUXVc2tiDu/3QhpcafDi/nf4rLr7mlJs808BTwU8gw2aP+vnqe
+yTrKcv+wTl1D2lyhy3WVErctPJG9tijr0B/2cnAdeqf8Xh+fBysZNdV6m8u4jA3l
+oht6JnFqbRtpmUh9YQEfGm4WJ3F/BJopPvZRa5+DZYKFYySdFjtxiJmXO1E9dT1F
+2/fBUVQBdgOqHYLccySPVYDy5CFGu0VuKdl/bCqB+KNzlQi3DF0R64DGMJfF8NsW
+14+SmmdwytcYyE0LEQU4vL9Nit+pZbKbrMU3nXgMoArAiKRShS4ceJOl2koNOAmr
+ZezesJ7f0L5IArjlk7HzhxTNWq63AG/NtRMQtJzkdlihV4OVE0Guya/N8SknZXPp
+TZnWLCn7Vq3FiPRHw0ieLD6bUvYuqEk4JWW/brwZMKBEpeECAwEAAaOCAW4wggFq
+MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUyCmYxdwfXdP9ZsTs9RHh/GYg+XwwgdcGA1Ud
+IwSBzzCBzIAUYehyuTIQXKO/p6dZHTXgtLVRgPuhgaikgaUwgaIxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+Ty5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4t
+TUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
+b29wZW4uZGWCCQDRGoY5fXaSXDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
+BAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAKaX
+0hCwrna+rQvUBQ+RKIYBjThRjNu0cSm6OZIgVqhdhqOKe3CU2SwpzIiEUv2vgN9w
+aa38VffKa9J94bYqxBVCNTQvV6hK3dVbsmiVFRXVWkGwtOl0DPb+UPooX7qtdWY8
++6jvUXz6rhOZl0KFrX1Udl06VwZrG5+O0ioZnBpTEqTy+nNHG+QffThY4RMxk4fu
+9B63i0bW3dCHV/Us9fsJnxN+TqslLmRnRyVmdFqB69t3jv9Ru1OncC6bF7eHBOmX
+P8E91Atr115FVVjZXeZ7+NDpN97oqMX9Bf2OCXu/HjEQIW/zvoFScWkf8FPLjKV2
+/ms4X7H5ZDxNumkaJB3DRDPyKrkvJZQ8HqhcMKo7qPFLnBGORad/fto+SAJoBE2v
+Ie2h67vU4Wr3qQILebkCqLkYYdE9W02CAZcZ+2O0BZCtrs1HbGDIIt5CfqkrxulE
+8opGS53U8A+CXuUcOdPRrdz10/7o76chJfEciOQ1UaHShtNe5g04/SDn1UQuWltv
+YhcAZmrOUbzIY8FWFLJ0XwCMFc1m0rABskQGEDjb3UL66cgOIrUg1lDlKGZpi51c
+4eqTfuR1dk+wtwWgNU78UrIgPDw1TitA/aDRaugymPUnVeM6/CRqNSrlEU+QmIVf
+2VSZXxkvk0sFPh/1h5Hk86tezdb6ucm+3ow3HcCd
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIoJKekP1ZYoMCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHiPXCkPcmkMBIIJSBkqxukBibbl
+LdkzjsRmpDCFmPbmEzu/YKmXCMqSbgnEp0Ny2/05sWH2x7DDfZHC8IkzSZb6nqz3
+G5AenJ6wZhPhtVEHFJaiVkJv0pIGXpGvqVsXimDSBWMnIwBFUfzrKSOu7Dhiw7Cx
+1KdGgfoISh/BTLF2UAJjRqIL/Hw0nlqungeXV46twKFW83fBwxJBMj5HwfHtkTqN
+yXOoRLOFJHwYAn6qqBw7n/pJyb4XzOqmmPqC8S96WPQwTCUDlJCSg6AGpobEfxQx
+KFreSVCyQadyFSO3C8jGIOsP+55j7sk/GwABYx9iZ+hPiH1uBhhDNzLpnDbLsrgf
+chvpMoftpmgZxxd6bFbWdhZGhWKSGivmujfaAQySc8+w9ejjpCiHg9oEBsm78whh
+UcxXNrbfVpj4ivZm6K+BoM710imeQu22t/SNeO7S6Mko9Weu/8vlg3976H8E58PG
+NwseCQRyVKmIC1i8EuKbYt4Fr66YTkuv+OGdqmvTPRe8aMQOgEFU3NaoQ5rHBfma
+24NZoy/Hk1QXYSkCIc6izJdv07u44ZK2X0LGGiETin8lmCmyrph+iP51Hl2np8gk
+5PiHAVcnhuSrBP9nVOZ6XFbBFYwItTdtlkpSfJBYlNnEHK2gA6wIF8dQhQE3VXS7
+H9F3MdaJx7qVRy7qDwEG/ONBDX/QrU9cTom07TP1T7IHbqfF6koZE8fOEnwFPwpE
+4sFuaRfrPdBDaE6jww0NLdAHC8eSdNgrHHVEUnwWosAldapfmj3JNONc+tJPYo4r
+usMPPL+THX9UA9D7hxZ5wHz4fqyTlkK2bE0aK0euEaAe7tQ8+teYYEiO+OkRNQI4
+yyHAX8b1jCaCOOMTeSHdV3gFhh8wmRsZqa4i1a4lWqeQlXKA9/Iq5Uk0ujNOSYMG
+ttMyS7b38IvDCog9G1XYiSqH8DE/IzSi9tUbfUtqRX9jqUp9ZGlY0h8R/5I9oDKa
+4IQRYAjktsJDi1dxYffQpWX0XeDZdlT6drhZv3OZHfTzX7pAI8TbEcu48tuI/JpB
+zzI9/+yxF2hDNlecWYi8BP5vt5u58oiO+IEReFC1sPVssJSQisOJp1qNQCwgvNxu
+/1heDohlurh5Ra3XtFddDVg5r92A9yuM5LZFGNA4VDZe8WzFOv9adKrZARBiWqBH
+CG2KwL8o/psC37BT0SRCQd8iOHTlfMUIPd9j7WxfM1DcxywEcLCwtBjMXidVVIB+
+YG58huH2AdEgm01f7UeJrd0RBCV4Lx58nNnnkBoTQXzP5KqpAHmSndsOy8dAUf4F
+lk0zC1LARseF3r9eeFxNeMC+diQHzLOGLQNhyojlhA2/9FO546lOH3TLlBNgQ41w
+CfhTRa5aU+w+OmYjkPEnhde4NzzSXEbFMjGQvt0rrn+6jFMQ/kDLSoJEHBEa+Anf
+VAbVZThhy8JhkRrKpEht3sLUd/mR57Vrk47xZnV8uGBW0Ii28rRYdImHV3CGUys+
+S6r5o5zLa1yRhz2hGQE8kpnu5HiF4Pz7svBp8FEiRLTxvTQ9D5MgdlXUHr5Ujaco
+ivlm4WvXoNyji2FbWDVgscvfbOQgNnaQ5uY5g3rxC2PTCwNbTCGNLxYJbJ4zzkp+
+NHS9xuV39AggXJpFpb6vl30NU4pQCLDTYpembdhNmIfgGo4DS1bMSWZyz9I1OkOa
+rNtVWidyTgZd3I3v5r5weD30gb+D/aaCxSEa4CCp1e7Wbdjwb9tuj6bJsRlnAn/K
+ucDfQzTlImshtBjtWG2C+dpRyTVLpo/49kQmHhXvr/OpDWv5tggrvEZ87gEvCgOA
+KkPNFET5itNA3KkVX6fi9Lg4g94hwEqAUnKHFvhatMC6DYYXF2hnZLIAaXjCAysz
+ubxOMEeyEYEBpGnWuWgK6uv+IgwYdA9+vca69upH19J9sxvdhUluRo4ghoH2Ufuz
+gz1P852iCvVGsGgUgWsyRgEqylP726YxNyxBot8EZ8uUXVaUFs540nJRY85Sli4f
+17WzMYKTgV+790XFUgYlV8K9wVL2qCcCPwlUS/sjLIUACnuiDucMT/3J9zQcssY6
+3ka8UhMzaFGys0FQl1WwcXZ+gWtQJcF7R1nB8PCbUFt06+adyJaSrE4UTQAZYMM5
+NS06CVaVBxhZDukAq9Rw/W1mnfkJTb9IHy3n/5RJqNzf0PXDe4CbXKqRDWx4aPbr
+bklCRDCujoECsnYuTEdNbRawubCrt0uAAAudJkHQsDHJcjs1Uxr26duRhElsolJX
+bkSOiarjckoGZG2k05aBkZq9HcOMNMHiGsia9/3TmEIWkuOxY+EVB/FHUdjeJA1F
+1pI4phDz3rGYJOcWwMtW47P7vemKi7UXzfgCVW0wS/pxI5+PGUxq3NrxLz0TMdxa
+lKAH18quz3tRaqlGNQ2d9NVEn17589JLS72OFROnK0tUBQevaVwP4MHwu5g/lz8h
+C72U86jx1ps1N32y3SV5T/U0rch1PT9v8PO4kD3ojoMAjxXSe4Iv6gXaJSKmORdD
+WHb7W2Tq7IWHRjUWWl0wVsqLyEfu9LAPTw688P17UWvK4fDQDvr0dOyMRSYNBTiU
+YudmGZh0lphuEXnMmPgD5l06EmKbXzSIWwg1iMlOKQzENxTR5fr9ozvpe1KDqAGK
+Fcd/QRNydHOJcLShwhX2ZTfVMMzoE3t5hizS7cbo3j+OYKJ30P4GFbXrEIj+c6Jd
+FOT30UZWZ1lK+jFscJcKCZMDFvHVDk63pOLCdxxQlmovuaCjsdGXRh1mvtYyV+wE
+kDCbCdjjlf5Qj8TwxNmKA9Rg5dlTIOSFALGM50YX3Iq/rwJahBOpirKXNcQ8/qoG
+0sF+4jQyNQSMu6Y+9RKGBwPESZa05M9N0xbcAz+wFlOKBRXzioMRNoG5rOew1mTj
+wgxpNTidqvnVE36gw0hYy1K8+jyYwFwdh+t++p+VQ3kctc1QPVgomouC8DY7UCNg
+5wFFqm/lru87YJcsgrso6/fHvaTkA3toS5olRrmhq68hjISk1XArDm1vDo/hcvFX
+L4MLrR/LpUCccUFV26NaNJuQdvpzBiGTwyetK1+rC5QtvNvfTQL/1WeKpbOpJCkl
+2FqU9ZXvhJH4N3zxGf9LRkg/tQjYKLfDbvjZZzDnk66fJMK19FkuCm2uqeRQZHiQ
+j3AScnn8S7SPYjaNkOxAmQ==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+79d91376ee2c248cb615cd6291bf2954
+a8e96540005b24814cf8b156c133033a
+8d46114db5bb435551604fcb18c56b09
+09750d641767657cebf8151735230e61
+b2a9631cd7490ab824333b74e60e4cc0
+c3fce42e7518bd6519347f7e111b9f61
+be2682407cd8186c2c9b03987a6d0fd0
+52599e30c6e2214cd9734f442e4d9a34
+62e1dc096e13a894538798a94b2e2d54
+f1c5bd884fe95aefdd919a96cdbf8f1d
+c60a65e7b59990a11324fa1960b8cb3f
+ac2fc846d6860e50f7b35f83eb6b791b
+d59707320a80e639b2226c2d16830757
+f7d29d94fd8c5fe1ab8c939e394d2126
+bd880494edfa929b03b894c6984890c2
+8e1ab55c781b17828ec1d4126a9736e2
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/MBR/openvpn/gw-ckubu/ipp.txt b/MBR/openvpn/gw-ckubu/ipp.txt
new file mode 100644
index 0000000..e3ef045
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/ipp.txt
@@ -0,0 +1 @@
+VPN-MBR-gw-ckubu,10.1.112.2
diff --git a/MBR/openvpn/gw-ckubu/keys-created.txt b/MBR/openvpn/gw-ckubu/keys-created.txt
new file mode 100644
index 0000000..d92854a
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys-created.txt
@@ -0,0 +1,4 @@
+
+key...............: gw-ckubu.key
+common name.......: VPN-MBR-gw-ckubu
+password..........: eicoomeisi0eengoh1eev2cioQuuor2f
diff --git a/MBR/openvpn/gw-ckubu/keys/01.pem b/MBR/openvpn/gw-ckubu/keys/01.pem
new file mode 100644
index 0000000..6a935d3
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/01.pem
@@ -0,0 +1,142 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Dec 18 21:28:40 2017 GMT
+            Not After : Dec 18 21:28:40 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:a3:59:da:38:7c:2f:ba:c5:c8:b7:64:9d:8b:7b:
+                    f2:f5:f8:60:6e:4b:1b:1e:d0:ce:50:7e:82:ed:d6:
+                    db:f7:d4:29:38:b1:8a:df:14:9f:ed:72:c2:5e:86:
+                    c5:ae:5a:09:0f:74:62:b6:c9:f8:42:95:4f:70:d6:
+                    bc:cf:62:c8:02:97:b0:20:ec:2d:eb:68:09:82:22:
+                    af:6b:f9:9e:ce:63:f9:3a:d1:a9:33:0a:d0:16:95:
+                    33:ee:df:f3:88:97:51:32:88:c8:f3:e7:36:ba:8e:
+                    40:2d:ab:6e:c9:b7:13:d4:59:46:5f:62:61:fd:21:
+                    86:03:45:40:2a:96:6d:f7:87:dc:72:f1:3a:2b:71:
+                    67:86:6a:ef:69:74:a6:de:a0:dc:ed:ad:c7:7f:9a:
+                    cb:b3:06:61:1a:34:45:57:19:d1:37:e0:2d:36:c3:
+                    94:91:5c:02:ce:40:c2:f8:a4:43:8c:f7:5e:a1:b1:
+                    00:19:13:cd:06:85:e0:d7:f8:7d:bb:b6:e5:e4:d7:
+                    7e:82:dc:96:5c:fa:7e:88:a3:42:be:43:78:c8:b3:
+                    40:0f:61:05:55:9f:d0:56:54:19:db:85:48:05:ce:
+                    6d:b2:49:df:b6:54:7d:39:f4:47:b5:98:3b:d5:73:
+                    1b:15:f5:de:b7:af:a9:06:06:de:03:59:84:db:23:
+                    70:87:eb:16:de:80:f1:3f:ac:b0:93:04:69:87:99:
+                    d1:d4:a7:f0:ac:2d:42:73:d5:5a:fb:1d:f4:d6:e9:
+                    20:cb:1f:13:15:5a:b7:1e:ec:d0:e0:d4:5d:0b:61:
+                    66:01:40:6f:e6:86:38:95:e7:a4:ff:0a:8c:c9:1d:
+                    36:e6:56:59:84:15:a4:3f:72:17:ca:61:f8:74:98:
+                    4a:af:c6:55:d9:54:99:bb:fb:40:8b:d4:8c:ab:3d:
+                    de:f3:9e:9d:3d:a4:27:cd:8b:17:12:8e:b7:32:5c:
+                    c0:61:fa:9f:5a:9d:d7:9c:f9:6b:c7:da:a6:50:25:
+                    80:b5:37:88:cf:f0:0c:62:5c:e2:8c:04:b2:e1:a6:
+                    4a:ca:8e:93:a9:fb:e1:72:89:08:23:9e:08:c9:10:
+                    7c:fb:ce:a9:12:e0:1f:f9:1b:a8:b7:d7:ea:84:d3:
+                    9c:f3:5f:97:6a:1d:44:03:42:e9:86:1a:f9:14:3e:
+                    58:67:06:4b:ae:c7:4c:77:4a:80:29:5e:7b:a7:b8:
+                    08:65:e7:b9:aa:e4:eb:45:93:68:28:9f:3f:0f:42:
+                    40:23:ca:4c:9d:5c:4d:b1:55:df:d7:41:2e:31:46:
+                    1e:60:05:75:33:8a:2c:bf:b1:08:c5:b2:31:51:55:
+                    6c:73:ef:a2:8b:e8:aa:fa:bc:4a:81:20:e4:96:30:
+                    f9:09:3f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                5E:7E:C5:2F:CA:5E:62:27:A2:07:89:20:A0:8A:D0:EB:05:55:95:26
+            X509v3 Authority Key Identifier: 
+                keyid:61:E8:72:B9:32:10:5C:A3:BF:A7:A7:59:1D:35:E0:B4:B5:51:80:FB
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+                serial:D1:1A:86:39:7D:76:92:5C
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         53:de:ad:c7:5d:b2:c0:6c:2e:45:50:21:7f:d8:ff:68:61:8e:
+         11:bc:13:d0:67:5b:ed:c6:48:46:74:9a:89:6b:2a:1b:8a:01:
+         c9:3b:5b:3e:1f:d2:24:1e:a0:59:ea:f5:99:d7:35:8d:13:55:
+         58:ea:8c:2d:8f:7e:8a:c1:0f:a1:0d:ea:ce:46:a9:e1:4f:00:
+         b8:94:f6:d4:fd:44:83:41:13:9a:98:3a:e2:d2:a2:09:1a:61:
+         44:39:84:9a:6e:4b:67:ab:18:93:e8:1e:cf:bd:15:2a:a8:76:
+         ae:d7:36:56:77:3f:88:0d:40:18:6d:e1:d5:a8:e0:17:fe:96:
+         58:cf:aa:2f:63:a9:f6:bd:c7:61:6d:ea:5f:72:92:8e:08:a9:
+         60:a3:48:66:91:e8:4b:0d:dc:92:10:b2:57:68:71:9d:f0:86:
+         36:31:95:3b:f5:ce:fe:fe:96:91:df:90:c4:0f:90:0c:cf:97:
+         73:38:7b:27:21:43:29:b6:13:5e:11:b3:7b:10:10:ac:3e:9c:
+         ee:88:cc:e1:c1:a2:40:0a:2b:78:82:85:ba:c1:a6:b9:e7:23:
+         af:13:ee:16:ba:e6:c9:6e:cd:5f:1c:44:c8:c1:e1:48:e7:0f:
+         d4:29:a2:c5:80:f3:0d:48:b8:cb:6c:8c:3c:b6:04:c6:a1:41:
+         2f:99:dd:d3:f6:bf:15:54:e0:a9:79:32:83:21:59:0a:2f:55:
+         7f:26:c9:28:33:17:24:32:19:a9:d4:41:d1:e2:c1:cf:13:76:
+         fd:d0:76:14:69:cc:bd:a0:66:5c:8e:8c:f8:23:76:8d:0a:c0:
+         a5:27:9c:36:21:16:26:18:90:31:97:91:61:4e:47:4f:ed:47:
+         54:b7:8f:ec:d5:44:cb:f5:c8:35:b1:11:90:8a:2a:d9:ab:97:
+         1b:26:1a:41:ef:f1:a8:4a:3d:bf:76:d4:e3:31:26:c2:cd:09:
+         9b:05:0b:8f:6e:ba:15:76:89:2a:38:1c:b2:9e:64:ba:3d:1c:
+         a4:fe:4b:a2:63:3d:80:07:f7:19:df:db:03:51:7d:ed:16:72:
+         4e:ce:46:76:47:5a:64:b1:7b:32:4a:53:cc:1a:93:7c:6e:ce:
+         e4:00:90:86:47:26:9a:51:7b:61:7e:78:05:c2:35:c0:2a:bc:
+         89:56:e2:4f:67:7f:96:1a:47:9c:99:d4:a2:34:87:b5:e3:c6:
+         34:45:4f:51:29:49:64:81:de:3b:d8:0c:df:9a:69:c1:e6:4c:
+         72:5f:a0:84:5e:b3:1d:ca:2b:01:79:a6:70:cb:f8:4b:3c:69:
+         d1:55:c8:6a:56:cc:6a:9e:24:5f:a6:6d:99:39:6e:bb:d9:09:
+         a9:70:8d:5f:e2:b4:01:da
+-----BEGIN CERTIFICATE-----
+MIIHUDCCBTigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
+EDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
+bi5kZTAeFw0xNzEyMTgyMTI4NDBaFw0zNzEyMTgyMTI4NDBaMIGpMQswCQYDVQQG
+EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
+Bk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEXMBUGA1UEAxMOVlBO
+LU1CUi1zZXJ2ZXIxEDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNr
+dWJ1LWFkbUBvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AKNZ2jh8L7rFyLdknYt78vX4YG5LGx7QzlB+gu3W2/fUKTixit8Un+1ywl6Gxa5a
+CQ90YrbJ+EKVT3DWvM9iyAKXsCDsLetoCYIir2v5ns5j+TrRqTMK0BaVM+7f84iX
+UTKIyPPnNrqOQC2rbsm3E9RZRl9iYf0hhgNFQCqWbfeH3HLxOitxZ4Zq72l0pt6g
+3O2tx3+ay7MGYRo0RVcZ0TfgLTbDlJFcAs5AwvikQ4z3XqGxABkTzQaF4Nf4fbu2
+5eTXfoLcllz6foijQr5DeMizQA9hBVWf0FZUGduFSAXObbJJ37ZUfTn0R7WYO9Vz
+GxX13revqQYG3gNZhNsjcIfrFt6A8T+ssJMEaYeZ0dSn8KwtQnPVWvsd9NbpIMsf
+ExVatx7s0ODUXQthZgFAb+aGOJXnpP8KjMkdNuZWWYQVpD9yF8ph+HSYSq/GVdlU
+mbv7QIvUjKs93vOenT2kJ82LFxKOtzJcwGH6n1qd15z5a8faplAlgLU3iM/wDGJc
+4owEsuGmSsqOk6n74XKJCCOeCMkQfPvOqRLgH/kbqLfX6oTTnPNfl2odRANC6YYa
++RQ+WGcGS67HTHdKgClee6e4CGXnuark60WTaCifPw9CQCPKTJ1cTbFV39dBLjFG
+HmAFdTOKLL+xCMWyMVFVbHPvoovoqvq8SoEg5JYw+Qk/AgMBAAGjggGGMIIBgjAJ
+BgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFz
+eS1SU0EgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUXn7F
+L8peYieiB4kgoIrQ6wVVlSYwgdcGA1UdIwSBzzCBzIAUYehyuTIQXKO/p6dZHTXg
+tLVRgPuhgaikgaUwgaIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEw
+HwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQDRGoY5fXaSXDATBgNV
+HSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVy
+MA0GCSqGSIb3DQEBCwUAA4ICAQBT3q3HXbLAbC5FUCF/2P9oYY4RvBPQZ1vtxkhG
+dJqJayobigHJO1s+H9IkHqBZ6vWZ1zWNE1VY6owtj36KwQ+hDerORqnhTwC4lPbU
+/USDQROamDri0qIJGmFEOYSabktnqxiT6B7PvRUqqHau1zZWdz+IDUAYbeHVqOAX
+/pZYz6ovY6n2vcdhbepfcpKOCKlgo0hmkehLDdySELJXaHGd8IY2MZU79c7+/paR
+35DED5AMz5dzOHsnIUMpthNeEbN7EBCsPpzuiMzhwaJACit4goW6waa55yOvE+4W
+uubJbs1fHETIweFI5w/UKaLFgPMNSLjLbIw8tgTGoUEvmd3T9r8VVOCpeTKDIVkK
+L1V/JskoMxckMhmp1EHR4sHPE3b90HYUacy9oGZcjoz4I3aNCsClJ5w2IRYmGJAx
+l5FhTkdP7UdUt4/s1UTL9cg1sRGQiirZq5cbJhpB7/GoSj2/dtTjMSbCzQmbBQuP
+broVdokqOByynmS6PRyk/kuiYz2AB/cZ39sDUX3tFnJOzkZ2R1pksXsySlPMGpN8
+bs7kAJCGRyaaUXthfngFwjXAKryJVuJPZ3+WGkecmdSiNIe148Y0RU9RKUlkgd47
+2AzfmmnB5kxyX6CEXrMdyisBeaZwy/hLPGnRVchqVsxqniRfpm2ZOW672QmpcI1f
+4rQB2g==
+-----END CERTIFICATE-----
diff --git a/MBR/openvpn/gw-ckubu/keys/02.pem b/MBR/openvpn/gw-ckubu/keys/02.pem
new file mode 100644
index 0000000..78c43bd
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/02.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Dec 18 23:33:30 2017 GMT
+            Not After : Dec 18 23:33:30 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-gw-ckubu/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c7:f4:34:fb:98:b4:94:24:ec:32:95:ed:41:fc:
+                    6a:8b:f3:96:70:63:a0:58:6e:74:96:a6:a9:56:c8:
+                    66:08:e5:ca:87:92:53:e5:b5:91:62:aa:6e:98:e6:
+                    01:4f:65:4b:a6:ba:56:9e:ea:d5:0a:49:2c:28:ee:
+                    54:fe:b3:08:49:1c:66:29:c9:13:85:38:32:1b:d1:
+                    89:2e:4c:3d:c1:ef:20:5f:15:c6:1d:f7:5f:4a:8d:
+                    66:9d:8e:3c:f4:9d:fe:a6:9e:eb:f8:2d:ce:49:51:
+                    9c:78:1b:f5:20:6b:e4:55:14:40:4b:68:cb:e4:82:
+                    a2:f1:30:44:dd:84:9b:bc:f4:34:06:6f:42:1c:05:
+                    97:b4:32:84:f3:96:b4:a1:c8:fe:fb:3d:ba:5a:f9:
+                    ae:0a:79:79:99:86:ec:df:d2:f0:29:bb:ac:60:ec:
+                    c4:40:df:9f:7e:e4:d4:db:83:ca:42:4e:51:df:66:
+                    2a:c4:e8:82:c5:0a:fd:92:08:bc:9b:d0:94:b4:ed:
+                    c1:56:01:7c:84:90:54:5d:57:36:b6:20:ee:ff:74:
+                    21:a5:c6:9f:0e:2f:e7:7f:8a:cb:af:b9:a5:26:cf:
+                    34:f0:14:f0:53:c8:30:d9:a3:fe:be:7a:9e:c9:3a:
+                    ca:72:ff:b0:4e:5d:43:da:5c:a1:cb:75:95:12:b7:
+                    2d:3c:91:bd:b6:28:eb:d0:1f:f6:72:70:1d:7a:a7:
+                    fc:5e:1f:9f:07:2b:19:35:d5:7a:9b:cb:b8:8c:0d:
+                    e5:a2:1b:7a:26:71:6a:6d:1b:69:99:48:7d:61:01:
+                    1f:1a:6e:16:27:71:7f:04:9a:29:3e:f6:51:6b:9f:
+                    83:65:82:85:63:24:9d:16:3b:71:88:99:97:3b:51:
+                    3d:75:3d:45:db:f7:c1:51:54:01:76:03:aa:1d:82:
+                    dc:73:24:8f:55:80:f2:e4:21:46:bb:45:6e:29:d9:
+                    7f:6c:2a:81:f8:a3:73:95:08:b7:0c:5d:11:eb:80:
+                    c6:30:97:c5:f0:db:16:d7:8f:92:9a:67:70:ca:d7:
+                    18:c8:4d:0b:11:05:38:bc:bf:4d:8a:df:a9:65:b2:
+                    9b:ac:c5:37:9d:78:0c:a0:0a:c0:88:a4:52:85:2e:
+                    1c:78:93:a5:da:4a:0d:38:09:ab:65:ec:de:b0:9e:
+                    df:d0:be:48:02:b8:e5:93:b1:f3:87:14:cd:5a:ae:
+                    b7:00:6f:cd:b5:13:10:b4:9c:e4:76:58:a1:57:83:
+                    95:13:41:ae:c9:af:cd:f1:29:27:65:73:e9:4d:99:
+                    d6:2c:29:fb:56:ad:c5:88:f4:47:c3:48:9e:2c:3e:
+                    9b:52:f6:2e:a8:49:38:25:65:bf:6e:bc:19:30:a0:
+                    44:a5:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                C8:29:98:C5:DC:1F:5D:D3:FD:66:C4:EC:F5:11:E1:FC:66:20:F9:7C
+            X509v3 Authority Key Identifier: 
+                keyid:61:E8:72:B9:32:10:5C:A3:BF:A7:A7:59:1D:35:E0:B4:B5:51:80:FB
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+                serial:D1:1A:86:39:7D:76:92:5C
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         a6:97:d2:10:b0:ae:76:be:ad:0b:d4:05:0f:91:28:86:01:8d:
+         38:51:8c:db:b4:71:29:ba:39:92:20:56:a8:5d:86:a3:8a:7b:
+         70:94:d9:2c:29:cc:88:84:52:fd:af:80:df:70:69:ad:fc:55:
+         f7:ca:6b:d2:7d:e1:b6:2a:c4:15:42:35:34:2f:57:a8:4a:dd:
+         d5:5b:b2:68:95:15:15:d5:5a:41:b0:b4:e9:74:0c:f6:fe:50:
+         fa:28:5f:ba:ad:75:66:3c:fb:a8:ef:51:7c:fa:ae:13:99:97:
+         42:85:ad:7d:54:76:5d:3a:57:06:6b:1b:9f:8e:d2:2a:19:9c:
+         1a:53:12:a4:f2:fa:73:47:1b:e4:1f:7d:38:58:e1:13:31:93:
+         87:ee:f4:1e:b7:8b:46:d6:dd:d0:87:57:f5:2c:f5:fb:09:9f:
+         13:7e:4e:ab:25:2e:64:67:47:25:66:74:5a:81:eb:db:77:8e:
+         ff:51:bb:53:a7:70:2e:9b:17:b7:87:04:e9:97:3f:c1:3d:d4:
+         0b:6b:d7:5e:45:55:58:d9:5d:e6:7b:f8:d0:e9:37:de:e8:a8:
+         c5:fd:05:fd:8e:09:7b:bf:1e:31:10:21:6f:f3:be:81:52:71:
+         69:1f:f0:53:cb:8c:a5:76:fe:6b:38:5f:b1:f9:64:3c:4d:ba:
+         69:1a:24:1d:c3:44:33:f2:2a:b9:2f:25:94:3c:1e:a8:5c:30:
+         aa:3b:a8:f1:4b:9c:11:8e:45:a7:7f:7e:da:3e:48:02:68:04:
+         4d:af:21:ed:a1:eb:bb:d4:e1:6a:f7:a9:02:0b:79:b9:02:a8:
+         b9:18:61:d1:3d:5b:4d:82:01:97:19:fb:63:b4:05:90:ad:ae:
+         cd:47:6c:60:c8:22:de:42:7e:a9:2b:c6:e9:44:f2:8a:46:4b:
+         9d:d4:f0:0f:82:5e:e5:1c:39:d3:d1:ad:dc:f5:d3:fe:e8:ef:
+         a7:21:25:f1:1c:88:e4:35:51:a1:d2:86:d3:5e:e6:0d:38:fd:
+         20:e7:d5:44:2e:5a:5b:6f:62:17:00:66:6a:ce:51:bc:c8:63:
+         c1:56:14:b2:74:5f:00:8c:15:cd:66:d2:b0:01:b2:44:06:10:
+         38:db:dd:42:fa:e9:c8:0e:22:b5:20:d6:50:e5:28:66:69:8b:
+         9d:5c:e1:ea:93:7e:e4:75:76:4f:b0:b7:05:a0:35:4e:fc:52:
+         b2:20:3c:3c:35:4e:2b:40:fd:a0:d1:6a:e8:32:98:f5:27:55:
+         e3:3a:fc:24:6a:35:2a:e5:11:4f:90:98:85:5f:d9:54:99:5f:
+         19:2f:93:4b:05:3e:1f:f5:87:91:e4:f3:ab:5e:cd:d6:fa:b9:
+         c9:be:de:8c:37:1d:c0:9d
+-----BEGIN CERTIFICATE-----
+MIIHOjCCBSKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
+EDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
+bi5kZTAeFw0xNzEyMTgyMzMzMzBaFw0zNzEyMTgyMzMzMzBaMIGrMQswCQYDVQQG
+EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
+Bk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQVlBO
+LU1CUi1ndy1ja3VidTEQMA4GA1UEKRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYS
+Y2t1YnUtYWRtQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEAx/Q0+5i0lCTsMpXtQfxqi/OWcGOgWG50lqapVshmCOXKh5JT5bWRYqpumOYB
+T2VLprpWnurVCkksKO5U/rMISRxmKckThTgyG9GJLkw9we8gXxXGHfdfSo1mnY48
+9J3+pp7r+C3OSVGceBv1IGvkVRRAS2jL5IKi8TBE3YSbvPQ0Bm9CHAWXtDKE85a0
+ocj++z26WvmuCnl5mYbs39LwKbusYOzEQN+ffuTU24PKQk5R32YqxOiCxQr9kgi8
+m9CUtO3BVgF8hJBUXVc2tiDu/3QhpcafDi/nf4rLr7mlJs808BTwU8gw2aP+vnqe
+yTrKcv+wTl1D2lyhy3WVErctPJG9tijr0B/2cnAdeqf8Xh+fBysZNdV6m8u4jA3l
+oht6JnFqbRtpmUh9YQEfGm4WJ3F/BJopPvZRa5+DZYKFYySdFjtxiJmXO1E9dT1F
+2/fBUVQBdgOqHYLccySPVYDy5CFGu0VuKdl/bCqB+KNzlQi3DF0R64DGMJfF8NsW
+14+SmmdwytcYyE0LEQU4vL9Nit+pZbKbrMU3nXgMoArAiKRShS4ceJOl2koNOAmr
+ZezesJ7f0L5IArjlk7HzhxTNWq63AG/NtRMQtJzkdlihV4OVE0Guya/N8SknZXPp
+TZnWLCn7Vq3FiPRHw0ieLD6bUvYuqEk4JWW/brwZMKBEpeECAwEAAaOCAW4wggFq
+MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUyCmYxdwfXdP9ZsTs9RHh/GYg+XwwgdcGA1Ud
+IwSBzzCBzIAUYehyuTIQXKO/p6dZHTXgtLVRgPuhgaikgaUwgaIxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+Ty5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4t
+TUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
+b29wZW4uZGWCCQDRGoY5fXaSXDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
+BAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAKaX
+0hCwrna+rQvUBQ+RKIYBjThRjNu0cSm6OZIgVqhdhqOKe3CU2SwpzIiEUv2vgN9w
+aa38VffKa9J94bYqxBVCNTQvV6hK3dVbsmiVFRXVWkGwtOl0DPb+UPooX7qtdWY8
++6jvUXz6rhOZl0KFrX1Udl06VwZrG5+O0ioZnBpTEqTy+nNHG+QffThY4RMxk4fu
+9B63i0bW3dCHV/Us9fsJnxN+TqslLmRnRyVmdFqB69t3jv9Ru1OncC6bF7eHBOmX
+P8E91Atr115FVVjZXeZ7+NDpN97oqMX9Bf2OCXu/HjEQIW/zvoFScWkf8FPLjKV2
+/ms4X7H5ZDxNumkaJB3DRDPyKrkvJZQ8HqhcMKo7qPFLnBGORad/fto+SAJoBE2v
+Ie2h67vU4Wr3qQILebkCqLkYYdE9W02CAZcZ+2O0BZCtrs1HbGDIIt5CfqkrxulE
+8opGS53U8A+CXuUcOdPRrdz10/7o76chJfEciOQ1UaHShtNe5g04/SDn1UQuWltv
+YhcAZmrOUbzIY8FWFLJ0XwCMFc1m0rABskQGEDjb3UL66cgOIrUg1lDlKGZpi51c
+4eqTfuR1dk+wtwWgNU78UrIgPDw1TitA/aDRaugymPUnVeM6/CRqNSrlEU+QmIVf
+2VSZXxkvk0sFPh/1h5Hk86tezdb6ucm+3ow3HcCd
+-----END CERTIFICATE-----
diff --git a/MBR/openvpn/gw-ckubu/keys/ca.crt b/MBR/openvpn/gw-ckubu/keys/ca.crt
new file mode 100644
index 0000000..7a708cc
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/ca.crt
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIG1jCCBL6gAwIBAgIJANEahjl9dpJcMA0GCSqGSIb3DQEBCwUAMIGiMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUt
+YWRtQG9vcGVuLmRlMB4XDTE3MTIxODIwMzc1MVoXDTQ5MTIxODIwMzc1MVowgaIx
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYD
+VQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJj
+a3VidS1hZG1Ab29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCxgVOFpm61twgXerJYeVjTi7Kv4R/aOxh9UCXqjJN6cfR2Dhj5CX07fIf7Ed0S
+8s+xBrwl3PZXACiz3CkTP7Zygw4TtYyUuTvvjzfcJfE+hv7SeYxOU/YYVlznGbqC
+o8R9uNJYKeKEJnX2oo9RnR3Q10d03twKFlm50Rv8L4Oi502Qo5gaeLMP2D81rz4o
+UcEVWU1PtnblkV7ARQOR0QF77ea3UwM5pnBxD0UnsaH4tJc7MwDSUxaDaiUZ9ecE
+sJ0+ZaTrsgB//kbF3iB0cjBs1/Qfz8vgQMVpOax6lckZZ4WKwdo3iOckglvjh6NU
+SED6H8ru2p6bmfyqjMMzpj4AQw+BYFQhDuXQpx9d5vyxS+fjW1qDVGG84Ahaj6pf
+XdznK5BXygnyItcD5Q4ZHQdz1GqCL1LdcNXiurWbSvUYLlIpotMxePEmncv006hx
+YvbLzjvsAGfsbs2gnx9IxCi+sPiFacWvpYolVdd8l67kDAihG8iokTR3wpHM6Xe6
+vD49xDnd86rRSn30dDgxsWSI8lyh15akAhzS2dUk/8aX7lIcpFNTPBJHppXalrsx
+4wuXAR/78v2eiLpdORBerzIYjgyzcpsZZZe85BrkhKi3mgu1tJZMH1yhRKvgUhnu
+K1HF8AgBi63YTvari6R1HiTtKXZqaxlJ4d3/OwIjvcxa5QIDAQABo4IBCzCCAQcw
+HQYDVR0OBBYEFGHocrkyEFyjv6enWR014LS1UYD7MIHXBgNVHSMEgc8wgcyAFGHo
+crkyEFyjv6enWR014LS1UYD7oYGopIGlMIGiMQswCQYDVQQGEwJERTEPMA0GA1UE
+CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcG
+A1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UE
+KRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlggkA
+0RqGOX12klwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAdTsZUi6m
+BS0MqhTwPmCF2bjFOwFs+oHpEIRKwBQXSFJfOysFl6RPgn9PlmsGmNmn/2gH7GTN
+YMjPjnlArRZTVhcULG7IsabXCAgWIXcxwYciCmtFAse15kda/EUohP2yG4EIJURK
+cUCK/fer3Blh63t+K0/Dq9eWJ4bVrfLoYp+Fl+ciomQhQXz9pZrgGSvDZLGg0upi
+zGPsrEJHT+zPcJfQunZHXGF36eq5uWMuB83WYhvE8rNwz4OIDhLlongt2Lf/gWP7
+rpVlDzNarOc2tl800C3/UePtAhEr4Nr3UYcbV7Nb063o0nGklxIr3FE5jMkzOj3p
+q8Lyd+wHqPG18ysXaSbyCAjXSOQ4OjIOz1tPC3QabycNkrV4QGN6KlJypfJ16P7t
+2ui2HB1bfX9wbwXOHxjDlx7mssaaygI3+RVB5yjJGJs286AO+YInWul6T3kPAZNn
+EXhjZz8fOjRsaKR4dVZfI6/zzyg7vv++iNQ2/yNe11Bcjo5jwpuKZyFmmFpj9xoL
+0uCOJnnHrhqIfy/LVTH+b9K3UQDgBHd3InFKt/Uy1rMNyBbH0tcnj2PZGct7Mg2G
+vIgjygOKrYJytFrVtHFw2xKGIW40ohy7JzXTPjTFUj2q5GtVcGLIBiryOlTz3bsv
+s4eV4pJgMrNqR14qsRN3HvAvf4DLigpuYR8=
+-----END CERTIFICATE-----
diff --git a/MBR/openvpn/gw-ckubu/keys/ca.key b/MBR/openvpn/gw-ckubu/keys/ca.key
new file mode 100644
index 0000000..1bfb512
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCxgVOFpm61twgX
+erJYeVjTi7Kv4R/aOxh9UCXqjJN6cfR2Dhj5CX07fIf7Ed0S8s+xBrwl3PZXACiz
+3CkTP7Zygw4TtYyUuTvvjzfcJfE+hv7SeYxOU/YYVlznGbqCo8R9uNJYKeKEJnX2
+oo9RnR3Q10d03twKFlm50Rv8L4Oi502Qo5gaeLMP2D81rz4oUcEVWU1PtnblkV7A
+RQOR0QF77ea3UwM5pnBxD0UnsaH4tJc7MwDSUxaDaiUZ9ecEsJ0+ZaTrsgB//kbF
+3iB0cjBs1/Qfz8vgQMVpOax6lckZZ4WKwdo3iOckglvjh6NUSED6H8ru2p6bmfyq
+jMMzpj4AQw+BYFQhDuXQpx9d5vyxS+fjW1qDVGG84Ahaj6pfXdznK5BXygnyItcD
+5Q4ZHQdz1GqCL1LdcNXiurWbSvUYLlIpotMxePEmncv006hxYvbLzjvsAGfsbs2g
+nx9IxCi+sPiFacWvpYolVdd8l67kDAihG8iokTR3wpHM6Xe6vD49xDnd86rRSn30
+dDgxsWSI8lyh15akAhzS2dUk/8aX7lIcpFNTPBJHppXalrsx4wuXAR/78v2eiLpd
+ORBerzIYjgyzcpsZZZe85BrkhKi3mgu1tJZMH1yhRKvgUhnuK1HF8AgBi63YTvar
+i6R1HiTtKXZqaxlJ4d3/OwIjvcxa5QIDAQABAoICAA0cmXfQ4HKpz340gQIKDKar
+tgpJ3dl37gorpnFZ6vbrffxOdEfJDKgdPcos+qCQsQjJj5JYbRXmHBuVEq+qUCbL
+SXnpOjYuLKA4ew7W+qf8vsv7UILkrtQDZR9pBh7qS/Rhd6Atj97lHGeYgG+t5Grt
+zAh1Adn45q3UJXYOaHHbFh6uBulFqyxrc9faVwQRberOyugteUDh6RbYwje+MZbe
+7uDxz9YtVjbzws74zxcY9+bWkKP4oTwZ1h3BzUvKZAMc7P7ACktqE/4/tzQCz1Lq
+7MyAw/WPs0Vfjj8L22v1+qZSRXU+tpw6yODYvxbVs38GZC4alga2bDSI605gZEnv
+KE9H0WoyC8alkne5cTVSrag1UDoHHpxZi0eWdSGIqSEv3vyhqCqrfk+Q0zhxfNwK
+8YbiVyqaey5bc3oDf1zWtPkJM8fPs+zupfse8veGyA183WLcaRDNr5HiW8vilPj5
+7cNnSwmBIDhEzk7oJi5eClXSFFwhllkNk+0Reo0qFsouSnBa6NTbVOsRU6PQ7hfx
+2myZ92i4Ky4Vi/1NhIGIjgNSTdbfN26URQ/3DPNzTQGCAnFv6BHx9X9P+KJXK/uZ
+YfSxcVqcWSOTiASReYo248BIBfAji/QUwPAsSXJuvse011Z3VfLpetf8ILbWvzN4
+8J9ksAI2xSOFQLZKdp2NAoIBAQDbwnJeLzm3pjlGSE8fUsSVxmAqlwIHHpAl9ckJ
+mGYsCD0laZVLtXTWt/+paplyA4c3a6s9dLjUe+MzCt7P67lB1bssCLQfeugwIYaV
+D9AW8o0mydgNan9+QR58FlO3Nkxxnj846Xicay+KroxQ9eMfPZzG4oG/GvAIDGwb
+Eq/6xlh6IDcfpKmjp8EVVIhW4eLm4KCazS3ABrSeIrgj3XbQfjFpaFPpVR7EWl36
+tiH+ZWVRhB+RkFC4zsByk7/gLbAI2k88mtTHll6zDIA7m8Ne+I+zH4FaWM8smFhP
+6NRvLr8j0ZIGSVjQBs3KXcFT3JQkJQp7ycqekXVwji4i+LpTAoIBAQDOxwiM0N/B
+HnNmfgrRjmK/zy6HTtSE6bofyJR/vUHq/LQf17peWOoKO04Z9uD8VM4caPtwrNw8
+AzpakVQX+CqewpDvACnt96oeMHHlpQg3yQDJdIZlUuyA19WkB7pihF69Rw+CHbFy
+r/DSRLd1CtZKaMUrRYn6AAHjnHQIozJiEoHeItGk2ABnp7JTlo10bVgMGXZZgEpV
++aeHQszP+DKrhY4JM2IM3b7fLyclkcDtdNAQztCs3LvAZxOg5ApTyTFl96LNPXMC
+mXWiuGajlAe4q6ZqDWPxKoy6lJ6GNFdU9Bi+nqYqQWyltk5yf5rOPyJ+CqeFJ+Tc
+Nsnc1+4Ij57nAoIBAQC3/oKxFss1VygHD02nxS2w1Qn5PrvE6DL6hWIP9Zg975v6
+cf89By1PBXk6CHV2/zs8DJqv9sU1qpBcURKidROD6oYu5Q6ieM5kVf2PWlD4lZXW
+zxJkkTEzrSPv8uWetQil7D+0z81a8Wc5rtDujCDgLD7SSh0lu1ES/AubUzciOOUl
+Q0nD5aLe0fqYeFE6pR/L/HCbi4RtjW+2Iw2XgboT8ERAo8f1yX3cGmkrG0k07QI6
+kOu5fWIIiZqZk9kHwljr4JSNAnl6rgyVzraisdSO9H+kEpHD6i1zgg4WwbLzb+k6
+/SFMwCZq7fdpIrxWEY27AYRYhmhuAQ2Z8oDwaN3fAoIBADSswUHWB9oTXsRyQWFG
+y2MfbTPs4fiF7fMgzquH093/yAcAlqpoLh6zIt88Y+4D0ImuOLdoYaYsEFZ4BRsi
+DgFpgTBRM106pSyRnMIqe2BypO+s7nurVzIvSW5CxblJDTVcf9feppCXv1phRPbc
+7t//tpKiYVa9X73S4kA9Cp2vJ0QmTI+Ysum075mZlaleHXrflaWRJ96k/YdYfgJQ
+sN++4wL3AvhSGMiUI33Pln0nL8XIWaJfjLijyX1H+lWDwEDAh8mO6Nh1rWDpZsQu
+9pSVrYwAo0ARXc4+A/AeL00l7ZPJqHzFM983BN7oINB/htLi9e/WzNdIYb4Ph8TI
+iWsCggEBAMXGvUHK0W/AMOas0R+bGd1IzPn/Isra6nlNHC0NuiwsaZfT4XUS6BTO
+YNl30OPIsUoDhkH1Bm/N3BJSWimHC8lha181idM8MSe7wdMsKHtGjwgpvWfnWXOK
+tuvQTABwLTYbdEeruvLdyHuFy5tTDWCViAOPW812FY1CP/NmBJuNK7fi9i3ovKIJ
+SmQ92M6Pe8JJZLPOj9DO0wB74P8Gm+SGNsgpQUhHQB/V2By2PHwzyv7A2zsNvrel
+5Jr5N4xjDQrFoE7Gt0WHrDD7GGy287DKFYF90Mlqnsx/bPneBCq/QHnsnr8HSAxO
+P7s/MNBA2IUkoHc5DhptsFFVdl6MyOs=
+-----END PRIVATE KEY-----
diff --git a/MBR/openvpn/gw-ckubu/keys/crl.pem b/MBR/openvpn/gw-ckubu/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/MBR/openvpn/gw-ckubu/keys/dh4096.pem b/MBR/openvpn/gw-ckubu/keys/dh4096.pem
new file mode 100644
index 0000000..839f128
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/dh4096.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAzVro9WhEWdfKVpdJX04JR6fLe1n3lCDVA8a6/tQekZFcTAaapHMU
+GT1wsDE0wWauJooT1BbsedDYkHD7ah8pAupqPEKBKOLjCGK3v4cinajL+HKVbZ9/
+bCidCSXywCx4OGhihtXVsTta4FEkBUF08LCNoUC1wYKIsYVYB+FTiO0kvn5j6T10
+p7yuUDmnIcqAaVoMwy+M2n8mOenPW1Flf2PtPnpaQ2noxvxUWyQ2KO2lZmv6WvDV
+dnyKbqfYXZgFcH4B4ZudJYdDNDaTw3J2RxhotR7GeCjyvM3wC5CNsJeJpvXOt5uq
+xriepBqrvpsRvCmJFcLmeqR+n/wJbeNZmqsyJ8t3UtkQlqAxjApI6XTgmjMK4P77
+lbMySxfS3HMPyp8ZGwJMHSUHUee9WYpSpWwq4OUO2y8utuLQ8Sj3W7CKtXETzCNV
+aQwhfHGPjmt/6HLJDqtoRJs1pqOLeP3w9/5mQWYBWnXfVjqTU5l0LvTFwzFGmGDX
+7lReW1kIxFjEbPsyZahj5jbcr4qKfjihrn6TZnn4RsVBmTmz2sJZNkWG+RE3R59T
+rO17CUtXhtl6hsfYWpfQM2ljCBfzA45y5e8d0kUIWyQo4o2OAhiNF/rbSY+eTWWv
+kQHnPRB5K3pDm2SF92EVP0XaV3MBSlSHAgVCz3XT7HhLJTAvQf0hASMCAQI=
+-----END DH PARAMETERS-----
diff --git a/MBR/openvpn/gw-ckubu/keys/gw-ckubu.crt b/MBR/openvpn/gw-ckubu/keys/gw-ckubu.crt
new file mode 100644
index 0000000..78c43bd
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/gw-ckubu.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Dec 18 23:33:30 2017 GMT
+            Not After : Dec 18 23:33:30 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-gw-ckubu/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c7:f4:34:fb:98:b4:94:24:ec:32:95:ed:41:fc:
+                    6a:8b:f3:96:70:63:a0:58:6e:74:96:a6:a9:56:c8:
+                    66:08:e5:ca:87:92:53:e5:b5:91:62:aa:6e:98:e6:
+                    01:4f:65:4b:a6:ba:56:9e:ea:d5:0a:49:2c:28:ee:
+                    54:fe:b3:08:49:1c:66:29:c9:13:85:38:32:1b:d1:
+                    89:2e:4c:3d:c1:ef:20:5f:15:c6:1d:f7:5f:4a:8d:
+                    66:9d:8e:3c:f4:9d:fe:a6:9e:eb:f8:2d:ce:49:51:
+                    9c:78:1b:f5:20:6b:e4:55:14:40:4b:68:cb:e4:82:
+                    a2:f1:30:44:dd:84:9b:bc:f4:34:06:6f:42:1c:05:
+                    97:b4:32:84:f3:96:b4:a1:c8:fe:fb:3d:ba:5a:f9:
+                    ae:0a:79:79:99:86:ec:df:d2:f0:29:bb:ac:60:ec:
+                    c4:40:df:9f:7e:e4:d4:db:83:ca:42:4e:51:df:66:
+                    2a:c4:e8:82:c5:0a:fd:92:08:bc:9b:d0:94:b4:ed:
+                    c1:56:01:7c:84:90:54:5d:57:36:b6:20:ee:ff:74:
+                    21:a5:c6:9f:0e:2f:e7:7f:8a:cb:af:b9:a5:26:cf:
+                    34:f0:14:f0:53:c8:30:d9:a3:fe:be:7a:9e:c9:3a:
+                    ca:72:ff:b0:4e:5d:43:da:5c:a1:cb:75:95:12:b7:
+                    2d:3c:91:bd:b6:28:eb:d0:1f:f6:72:70:1d:7a:a7:
+                    fc:5e:1f:9f:07:2b:19:35:d5:7a:9b:cb:b8:8c:0d:
+                    e5:a2:1b:7a:26:71:6a:6d:1b:69:99:48:7d:61:01:
+                    1f:1a:6e:16:27:71:7f:04:9a:29:3e:f6:51:6b:9f:
+                    83:65:82:85:63:24:9d:16:3b:71:88:99:97:3b:51:
+                    3d:75:3d:45:db:f7:c1:51:54:01:76:03:aa:1d:82:
+                    dc:73:24:8f:55:80:f2:e4:21:46:bb:45:6e:29:d9:
+                    7f:6c:2a:81:f8:a3:73:95:08:b7:0c:5d:11:eb:80:
+                    c6:30:97:c5:f0:db:16:d7:8f:92:9a:67:70:ca:d7:
+                    18:c8:4d:0b:11:05:38:bc:bf:4d:8a:df:a9:65:b2:
+                    9b:ac:c5:37:9d:78:0c:a0:0a:c0:88:a4:52:85:2e:
+                    1c:78:93:a5:da:4a:0d:38:09:ab:65:ec:de:b0:9e:
+                    df:d0:be:48:02:b8:e5:93:b1:f3:87:14:cd:5a:ae:
+                    b7:00:6f:cd:b5:13:10:b4:9c:e4:76:58:a1:57:83:
+                    95:13:41:ae:c9:af:cd:f1:29:27:65:73:e9:4d:99:
+                    d6:2c:29:fb:56:ad:c5:88:f4:47:c3:48:9e:2c:3e:
+                    9b:52:f6:2e:a8:49:38:25:65:bf:6e:bc:19:30:a0:
+                    44:a5:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                C8:29:98:C5:DC:1F:5D:D3:FD:66:C4:EC:F5:11:E1:FC:66:20:F9:7C
+            X509v3 Authority Key Identifier: 
+                keyid:61:E8:72:B9:32:10:5C:A3:BF:A7:A7:59:1D:35:E0:B4:B5:51:80:FB
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+                serial:D1:1A:86:39:7D:76:92:5C
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         a6:97:d2:10:b0:ae:76:be:ad:0b:d4:05:0f:91:28:86:01:8d:
+         38:51:8c:db:b4:71:29:ba:39:92:20:56:a8:5d:86:a3:8a:7b:
+         70:94:d9:2c:29:cc:88:84:52:fd:af:80:df:70:69:ad:fc:55:
+         f7:ca:6b:d2:7d:e1:b6:2a:c4:15:42:35:34:2f:57:a8:4a:dd:
+         d5:5b:b2:68:95:15:15:d5:5a:41:b0:b4:e9:74:0c:f6:fe:50:
+         fa:28:5f:ba:ad:75:66:3c:fb:a8:ef:51:7c:fa:ae:13:99:97:
+         42:85:ad:7d:54:76:5d:3a:57:06:6b:1b:9f:8e:d2:2a:19:9c:
+         1a:53:12:a4:f2:fa:73:47:1b:e4:1f:7d:38:58:e1:13:31:93:
+         87:ee:f4:1e:b7:8b:46:d6:dd:d0:87:57:f5:2c:f5:fb:09:9f:
+         13:7e:4e:ab:25:2e:64:67:47:25:66:74:5a:81:eb:db:77:8e:
+         ff:51:bb:53:a7:70:2e:9b:17:b7:87:04:e9:97:3f:c1:3d:d4:
+         0b:6b:d7:5e:45:55:58:d9:5d:e6:7b:f8:d0:e9:37:de:e8:a8:
+         c5:fd:05:fd:8e:09:7b:bf:1e:31:10:21:6f:f3:be:81:52:71:
+         69:1f:f0:53:cb:8c:a5:76:fe:6b:38:5f:b1:f9:64:3c:4d:ba:
+         69:1a:24:1d:c3:44:33:f2:2a:b9:2f:25:94:3c:1e:a8:5c:30:
+         aa:3b:a8:f1:4b:9c:11:8e:45:a7:7f:7e:da:3e:48:02:68:04:
+         4d:af:21:ed:a1:eb:bb:d4:e1:6a:f7:a9:02:0b:79:b9:02:a8:
+         b9:18:61:d1:3d:5b:4d:82:01:97:19:fb:63:b4:05:90:ad:ae:
+         cd:47:6c:60:c8:22:de:42:7e:a9:2b:c6:e9:44:f2:8a:46:4b:
+         9d:d4:f0:0f:82:5e:e5:1c:39:d3:d1:ad:dc:f5:d3:fe:e8:ef:
+         a7:21:25:f1:1c:88:e4:35:51:a1:d2:86:d3:5e:e6:0d:38:fd:
+         20:e7:d5:44:2e:5a:5b:6f:62:17:00:66:6a:ce:51:bc:c8:63:
+         c1:56:14:b2:74:5f:00:8c:15:cd:66:d2:b0:01:b2:44:06:10:
+         38:db:dd:42:fa:e9:c8:0e:22:b5:20:d6:50:e5:28:66:69:8b:
+         9d:5c:e1:ea:93:7e:e4:75:76:4f:b0:b7:05:a0:35:4e:fc:52:
+         b2:20:3c:3c:35:4e:2b:40:fd:a0:d1:6a:e8:32:98:f5:27:55:
+         e3:3a:fc:24:6a:35:2a:e5:11:4f:90:98:85:5f:d9:54:99:5f:
+         19:2f:93:4b:05:3e:1f:f5:87:91:e4:f3:ab:5e:cd:d6:fa:b9:
+         c9:be:de:8c:37:1d:c0:9d
+-----BEGIN CERTIFICATE-----
+MIIHOjCCBSKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
+EDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
+bi5kZTAeFw0xNzEyMTgyMzMzMzBaFw0zNzEyMTgyMzMzMzBaMIGrMQswCQYDVQQG
+EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
+Bk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQVlBO
+LU1CUi1ndy1ja3VidTEQMA4GA1UEKRMHVlBOIE1CUjEhMB8GCSqGSIb3DQEJARYS
+Y2t1YnUtYWRtQG9vcGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEAx/Q0+5i0lCTsMpXtQfxqi/OWcGOgWG50lqapVshmCOXKh5JT5bWRYqpumOYB
+T2VLprpWnurVCkksKO5U/rMISRxmKckThTgyG9GJLkw9we8gXxXGHfdfSo1mnY48
+9J3+pp7r+C3OSVGceBv1IGvkVRRAS2jL5IKi8TBE3YSbvPQ0Bm9CHAWXtDKE85a0
+ocj++z26WvmuCnl5mYbs39LwKbusYOzEQN+ffuTU24PKQk5R32YqxOiCxQr9kgi8
+m9CUtO3BVgF8hJBUXVc2tiDu/3QhpcafDi/nf4rLr7mlJs808BTwU8gw2aP+vnqe
+yTrKcv+wTl1D2lyhy3WVErctPJG9tijr0B/2cnAdeqf8Xh+fBysZNdV6m8u4jA3l
+oht6JnFqbRtpmUh9YQEfGm4WJ3F/BJopPvZRa5+DZYKFYySdFjtxiJmXO1E9dT1F
+2/fBUVQBdgOqHYLccySPVYDy5CFGu0VuKdl/bCqB+KNzlQi3DF0R64DGMJfF8NsW
+14+SmmdwytcYyE0LEQU4vL9Nit+pZbKbrMU3nXgMoArAiKRShS4ceJOl2koNOAmr
+ZezesJ7f0L5IArjlk7HzhxTNWq63AG/NtRMQtJzkdlihV4OVE0Guya/N8SknZXPp
+TZnWLCn7Vq3FiPRHw0ieLD6bUvYuqEk4JWW/brwZMKBEpeECAwEAAaOCAW4wggFq
+MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUyCmYxdwfXdP9ZsTs9RHh/GYg+XwwgdcGA1Ud
+IwSBzzCBzIAUYehyuTIQXKO/p6dZHTXgtLVRgPuhgaikgaUwgaIxCzAJBgNVBAYT
+AkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMG
+Ty5PUEVOMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4t
+TUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
+b29wZW4uZGWCCQDRGoY5fXaSXDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
+BAMCB4AwEwYDVR0RBAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAKaX
+0hCwrna+rQvUBQ+RKIYBjThRjNu0cSm6OZIgVqhdhqOKe3CU2SwpzIiEUv2vgN9w
+aa38VffKa9J94bYqxBVCNTQvV6hK3dVbsmiVFRXVWkGwtOl0DPb+UPooX7qtdWY8
++6jvUXz6rhOZl0KFrX1Udl06VwZrG5+O0ioZnBpTEqTy+nNHG+QffThY4RMxk4fu
+9B63i0bW3dCHV/Us9fsJnxN+TqslLmRnRyVmdFqB69t3jv9Ru1OncC6bF7eHBOmX
+P8E91Atr115FVVjZXeZ7+NDpN97oqMX9Bf2OCXu/HjEQIW/zvoFScWkf8FPLjKV2
+/ms4X7H5ZDxNumkaJB3DRDPyKrkvJZQ8HqhcMKo7qPFLnBGORad/fto+SAJoBE2v
+Ie2h67vU4Wr3qQILebkCqLkYYdE9W02CAZcZ+2O0BZCtrs1HbGDIIt5CfqkrxulE
+8opGS53U8A+CXuUcOdPRrdz10/7o76chJfEciOQ1UaHShtNe5g04/SDn1UQuWltv
+YhcAZmrOUbzIY8FWFLJ0XwCMFc1m0rABskQGEDjb3UL66cgOIrUg1lDlKGZpi51c
+4eqTfuR1dk+wtwWgNU78UrIgPDw1TitA/aDRaugymPUnVeM6/CRqNSrlEU+QmIVf
+2VSZXxkvk0sFPh/1h5Hk86tezdb6ucm+3ow3HcCd
+-----END CERTIFICATE-----
diff --git a/MBR/openvpn/gw-ckubu/keys/gw-ckubu.csr b/MBR/openvpn/gw-ckubu/keys/gw-ckubu.csr
new file mode 100644
index 0000000..36fe639
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/gw-ckubu.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE8TCCAtkCAQAwgasxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tTUJSLWd3LWNrdWJ1MRAwDgYDVQQpEwdW
+UE4gTUJSMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDH9DT7mLSUJOwyle1B/GqL85ZwY6BY
+bnSWpqlWyGYI5cqHklPltZFiqm6Y5gFPZUumulae6tUKSSwo7lT+swhJHGYpyROF
+ODIb0YkuTD3B7yBfFcYd919KjWadjjz0nf6mnuv4Lc5JUZx4G/Uga+RVFEBLaMvk
+gqLxMETdhJu89DQGb0IcBZe0MoTzlrShyP77Pbpa+a4KeXmZhuzf0vApu6xg7MRA
+359+5NTbg8pCTlHfZirE6ILFCv2SCLyb0JS07cFWAXyEkFRdVza2IO7/dCGlxp8O
+L+d/isuvuaUmzzTwFPBTyDDZo/6+ep7JOspy/7BOXUPaXKHLdZUSty08kb22KOvQ
+H/ZycB16p/xeH58HKxk11Xqby7iMDeWiG3omcWptG2mZSH1hAR8abhYncX8Emik+
+9lFrn4NlgoVjJJ0WO3GImZc7UT11PUXb98FRVAF2A6odgtxzJI9VgPLkIUa7RW4p
+2X9sKoH4o3OVCLcMXRHrgMYwl8Xw2xbXj5KaZ3DK1xjITQsRBTi8v02K36llspus
+xTedeAygCsCIpFKFLhx4k6XaSg04Catl7N6wnt/QvkgCuOWTsfOHFM1arrcAb821
+ExC0nOR2WKFXg5UTQa7Jr83xKSdlc+lNmdYsKftWrcWI9EfDSJ4sPptS9i6oSTgl
+Zb9uvBkwoESl4QIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBALdkkMFEO7T9cpl8
+tBREOTaOoy75nx3gMG/5f0HAOuOEo2fmiWgZLhpZqZxfAxffGzy6RN+41wOVkI2b
+S102jY5hh2Qtfd09TSpniCGfLqWCLL4jzQgVrYPhSQi4bAEsf/QTspSv5IJliAdv
+u4aQl0hrEPyiVqUohUtrEsjRR3aw7FRfU1q+GHcmoL6bOZrxt4wVbLaegsW99wx6
+ID53SnMKZyQX40JNcT0WM/WAVh9GsOTij2Qj9beaASw7oOVHq1fjIqTojWOAa0Q9
+5q+RWZUEACu3hIUWWwvLrsrr+hZ7fIL188QCFaQOV9FlKUk1S/F/qJpmjWzOf3CB
+RAtl+24W7ZC22BgvBiWQA8ZKVSJ/JJaTO/z8pNtO6JP44hIkk8Rsm1psRfNUdNJw
+zZhg57IYUFdqMcgLBtTqH6ViERQMNYKX3SfxMAgT3AAG0hSZ0eQeTD6TFaXUg1z3
+//OCTtyPCHcxX7/LGG2ZdmbKGapzDE2AMSXAYdK6ZZtLE1w8IJNrddRjqR8h9wSq
+AFOZPAJAAZz2umieuVy9kzKiQ2ySYfTPLt7zz+Dek6ATpsk58R2ka+rAfleL9JWV
+pcTprTypWbBasH3YaPfBu83ZeA9zAOTftstDFzTG7CkRBlzQzIKN6P82SdagdX0H
+B0S7gu4aEINauI/XSITQvOIB1EUH
+-----END CERTIFICATE REQUEST-----
diff --git a/MBR/openvpn/gw-ckubu/keys/gw-ckubu.key b/MBR/openvpn/gw-ckubu/keys/gw-ckubu.key
new file mode 100644
index 0000000..eb903c1
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/gw-ckubu.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIoJKekP1ZYoMCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHiPXCkPcmkMBIIJSBkqxukBibbl
+LdkzjsRmpDCFmPbmEzu/YKmXCMqSbgnEp0Ny2/05sWH2x7DDfZHC8IkzSZb6nqz3
+G5AenJ6wZhPhtVEHFJaiVkJv0pIGXpGvqVsXimDSBWMnIwBFUfzrKSOu7Dhiw7Cx
+1KdGgfoISh/BTLF2UAJjRqIL/Hw0nlqungeXV46twKFW83fBwxJBMj5HwfHtkTqN
+yXOoRLOFJHwYAn6qqBw7n/pJyb4XzOqmmPqC8S96WPQwTCUDlJCSg6AGpobEfxQx
+KFreSVCyQadyFSO3C8jGIOsP+55j7sk/GwABYx9iZ+hPiH1uBhhDNzLpnDbLsrgf
+chvpMoftpmgZxxd6bFbWdhZGhWKSGivmujfaAQySc8+w9ejjpCiHg9oEBsm78whh
+UcxXNrbfVpj4ivZm6K+BoM710imeQu22t/SNeO7S6Mko9Weu/8vlg3976H8E58PG
+NwseCQRyVKmIC1i8EuKbYt4Fr66YTkuv+OGdqmvTPRe8aMQOgEFU3NaoQ5rHBfma
+24NZoy/Hk1QXYSkCIc6izJdv07u44ZK2X0LGGiETin8lmCmyrph+iP51Hl2np8gk
+5PiHAVcnhuSrBP9nVOZ6XFbBFYwItTdtlkpSfJBYlNnEHK2gA6wIF8dQhQE3VXS7
+H9F3MdaJx7qVRy7qDwEG/ONBDX/QrU9cTom07TP1T7IHbqfF6koZE8fOEnwFPwpE
+4sFuaRfrPdBDaE6jww0NLdAHC8eSdNgrHHVEUnwWosAldapfmj3JNONc+tJPYo4r
+usMPPL+THX9UA9D7hxZ5wHz4fqyTlkK2bE0aK0euEaAe7tQ8+teYYEiO+OkRNQI4
+yyHAX8b1jCaCOOMTeSHdV3gFhh8wmRsZqa4i1a4lWqeQlXKA9/Iq5Uk0ujNOSYMG
+ttMyS7b38IvDCog9G1XYiSqH8DE/IzSi9tUbfUtqRX9jqUp9ZGlY0h8R/5I9oDKa
+4IQRYAjktsJDi1dxYffQpWX0XeDZdlT6drhZv3OZHfTzX7pAI8TbEcu48tuI/JpB
+zzI9/+yxF2hDNlecWYi8BP5vt5u58oiO+IEReFC1sPVssJSQisOJp1qNQCwgvNxu
+/1heDohlurh5Ra3XtFddDVg5r92A9yuM5LZFGNA4VDZe8WzFOv9adKrZARBiWqBH
+CG2KwL8o/psC37BT0SRCQd8iOHTlfMUIPd9j7WxfM1DcxywEcLCwtBjMXidVVIB+
+YG58huH2AdEgm01f7UeJrd0RBCV4Lx58nNnnkBoTQXzP5KqpAHmSndsOy8dAUf4F
+lk0zC1LARseF3r9eeFxNeMC+diQHzLOGLQNhyojlhA2/9FO546lOH3TLlBNgQ41w
+CfhTRa5aU+w+OmYjkPEnhde4NzzSXEbFMjGQvt0rrn+6jFMQ/kDLSoJEHBEa+Anf
+VAbVZThhy8JhkRrKpEht3sLUd/mR57Vrk47xZnV8uGBW0Ii28rRYdImHV3CGUys+
+S6r5o5zLa1yRhz2hGQE8kpnu5HiF4Pz7svBp8FEiRLTxvTQ9D5MgdlXUHr5Ujaco
+ivlm4WvXoNyji2FbWDVgscvfbOQgNnaQ5uY5g3rxC2PTCwNbTCGNLxYJbJ4zzkp+
+NHS9xuV39AggXJpFpb6vl30NU4pQCLDTYpembdhNmIfgGo4DS1bMSWZyz9I1OkOa
+rNtVWidyTgZd3I3v5r5weD30gb+D/aaCxSEa4CCp1e7Wbdjwb9tuj6bJsRlnAn/K
+ucDfQzTlImshtBjtWG2C+dpRyTVLpo/49kQmHhXvr/OpDWv5tggrvEZ87gEvCgOA
+KkPNFET5itNA3KkVX6fi9Lg4g94hwEqAUnKHFvhatMC6DYYXF2hnZLIAaXjCAysz
+ubxOMEeyEYEBpGnWuWgK6uv+IgwYdA9+vca69upH19J9sxvdhUluRo4ghoH2Ufuz
+gz1P852iCvVGsGgUgWsyRgEqylP726YxNyxBot8EZ8uUXVaUFs540nJRY85Sli4f
+17WzMYKTgV+790XFUgYlV8K9wVL2qCcCPwlUS/sjLIUACnuiDucMT/3J9zQcssY6
+3ka8UhMzaFGys0FQl1WwcXZ+gWtQJcF7R1nB8PCbUFt06+adyJaSrE4UTQAZYMM5
+NS06CVaVBxhZDukAq9Rw/W1mnfkJTb9IHy3n/5RJqNzf0PXDe4CbXKqRDWx4aPbr
+bklCRDCujoECsnYuTEdNbRawubCrt0uAAAudJkHQsDHJcjs1Uxr26duRhElsolJX
+bkSOiarjckoGZG2k05aBkZq9HcOMNMHiGsia9/3TmEIWkuOxY+EVB/FHUdjeJA1F
+1pI4phDz3rGYJOcWwMtW47P7vemKi7UXzfgCVW0wS/pxI5+PGUxq3NrxLz0TMdxa
+lKAH18quz3tRaqlGNQ2d9NVEn17589JLS72OFROnK0tUBQevaVwP4MHwu5g/lz8h
+C72U86jx1ps1N32y3SV5T/U0rch1PT9v8PO4kD3ojoMAjxXSe4Iv6gXaJSKmORdD
+WHb7W2Tq7IWHRjUWWl0wVsqLyEfu9LAPTw688P17UWvK4fDQDvr0dOyMRSYNBTiU
+YudmGZh0lphuEXnMmPgD5l06EmKbXzSIWwg1iMlOKQzENxTR5fr9ozvpe1KDqAGK
+Fcd/QRNydHOJcLShwhX2ZTfVMMzoE3t5hizS7cbo3j+OYKJ30P4GFbXrEIj+c6Jd
+FOT30UZWZ1lK+jFscJcKCZMDFvHVDk63pOLCdxxQlmovuaCjsdGXRh1mvtYyV+wE
+kDCbCdjjlf5Qj8TwxNmKA9Rg5dlTIOSFALGM50YX3Iq/rwJahBOpirKXNcQ8/qoG
+0sF+4jQyNQSMu6Y+9RKGBwPESZa05M9N0xbcAz+wFlOKBRXzioMRNoG5rOew1mTj
+wgxpNTidqvnVE36gw0hYy1K8+jyYwFwdh+t++p+VQ3kctc1QPVgomouC8DY7UCNg
+5wFFqm/lru87YJcsgrso6/fHvaTkA3toS5olRrmhq68hjISk1XArDm1vDo/hcvFX
+L4MLrR/LpUCccUFV26NaNJuQdvpzBiGTwyetK1+rC5QtvNvfTQL/1WeKpbOpJCkl
+2FqU9ZXvhJH4N3zxGf9LRkg/tQjYKLfDbvjZZzDnk66fJMK19FkuCm2uqeRQZHiQ
+j3AScnn8S7SPYjaNkOxAmQ==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/MBR/openvpn/gw-ckubu/keys/index.txt b/MBR/openvpn/gw-ckubu/keys/index.txt
new file mode 100644
index 0000000..a418a35
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/index.txt
@@ -0,0 +1,2 @@
+V	371218212840Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+V	371218233330Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR-gw-ckubu/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
diff --git a/MBR/openvpn/gw-ckubu/keys/index.txt.attr b/MBR/openvpn/gw-ckubu/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/MBR/openvpn/gw-ckubu/keys/index.txt.attr.old b/MBR/openvpn/gw-ckubu/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/MBR/openvpn/gw-ckubu/keys/index.txt.old b/MBR/openvpn/gw-ckubu/keys/index.txt.old
new file mode 100644
index 0000000..72a6bf6
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/index.txt.old
@@ -0,0 +1 @@
+V	371218212840Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
diff --git a/MBR/openvpn/gw-ckubu/keys/serial b/MBR/openvpn/gw-ckubu/keys/serial
new file mode 100644
index 0000000..75016ea
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/serial
@@ -0,0 +1 @@
+03
diff --git a/MBR/openvpn/gw-ckubu/keys/serial.old b/MBR/openvpn/gw-ckubu/keys/serial.old
new file mode 100644
index 0000000..9e22bcb
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/serial.old
@@ -0,0 +1 @@
+02
diff --git a/MBR/openvpn/gw-ckubu/keys/server.crt b/MBR/openvpn/gw-ckubu/keys/server.crt
new file mode 100644
index 0000000..6a935d3
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/server.crt
@@ -0,0 +1,142 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Dec 18 21:28:40 2017 GMT
+            Not After : Dec 18 21:28:40 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:a3:59:da:38:7c:2f:ba:c5:c8:b7:64:9d:8b:7b:
+                    f2:f5:f8:60:6e:4b:1b:1e:d0:ce:50:7e:82:ed:d6:
+                    db:f7:d4:29:38:b1:8a:df:14:9f:ed:72:c2:5e:86:
+                    c5:ae:5a:09:0f:74:62:b6:c9:f8:42:95:4f:70:d6:
+                    bc:cf:62:c8:02:97:b0:20:ec:2d:eb:68:09:82:22:
+                    af:6b:f9:9e:ce:63:f9:3a:d1:a9:33:0a:d0:16:95:
+                    33:ee:df:f3:88:97:51:32:88:c8:f3:e7:36:ba:8e:
+                    40:2d:ab:6e:c9:b7:13:d4:59:46:5f:62:61:fd:21:
+                    86:03:45:40:2a:96:6d:f7:87:dc:72:f1:3a:2b:71:
+                    67:86:6a:ef:69:74:a6:de:a0:dc:ed:ad:c7:7f:9a:
+                    cb:b3:06:61:1a:34:45:57:19:d1:37:e0:2d:36:c3:
+                    94:91:5c:02:ce:40:c2:f8:a4:43:8c:f7:5e:a1:b1:
+                    00:19:13:cd:06:85:e0:d7:f8:7d:bb:b6:e5:e4:d7:
+                    7e:82:dc:96:5c:fa:7e:88:a3:42:be:43:78:c8:b3:
+                    40:0f:61:05:55:9f:d0:56:54:19:db:85:48:05:ce:
+                    6d:b2:49:df:b6:54:7d:39:f4:47:b5:98:3b:d5:73:
+                    1b:15:f5:de:b7:af:a9:06:06:de:03:59:84:db:23:
+                    70:87:eb:16:de:80:f1:3f:ac:b0:93:04:69:87:99:
+                    d1:d4:a7:f0:ac:2d:42:73:d5:5a:fb:1d:f4:d6:e9:
+                    20:cb:1f:13:15:5a:b7:1e:ec:d0:e0:d4:5d:0b:61:
+                    66:01:40:6f:e6:86:38:95:e7:a4:ff:0a:8c:c9:1d:
+                    36:e6:56:59:84:15:a4:3f:72:17:ca:61:f8:74:98:
+                    4a:af:c6:55:d9:54:99:bb:fb:40:8b:d4:8c:ab:3d:
+                    de:f3:9e:9d:3d:a4:27:cd:8b:17:12:8e:b7:32:5c:
+                    c0:61:fa:9f:5a:9d:d7:9c:f9:6b:c7:da:a6:50:25:
+                    80:b5:37:88:cf:f0:0c:62:5c:e2:8c:04:b2:e1:a6:
+                    4a:ca:8e:93:a9:fb:e1:72:89:08:23:9e:08:c9:10:
+                    7c:fb:ce:a9:12:e0:1f:f9:1b:a8:b7:d7:ea:84:d3:
+                    9c:f3:5f:97:6a:1d:44:03:42:e9:86:1a:f9:14:3e:
+                    58:67:06:4b:ae:c7:4c:77:4a:80:29:5e:7b:a7:b8:
+                    08:65:e7:b9:aa:e4:eb:45:93:68:28:9f:3f:0f:42:
+                    40:23:ca:4c:9d:5c:4d:b1:55:df:d7:41:2e:31:46:
+                    1e:60:05:75:33:8a:2c:bf:b1:08:c5:b2:31:51:55:
+                    6c:73:ef:a2:8b:e8:aa:fa:bc:4a:81:20:e4:96:30:
+                    f9:09:3f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                5E:7E:C5:2F:CA:5E:62:27:A2:07:89:20:A0:8A:D0:EB:05:55:95:26
+            X509v3 Authority Key Identifier: 
+                keyid:61:E8:72:B9:32:10:5C:A3:BF:A7:A7:59:1D:35:E0:B4:B5:51:80:FB
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+                serial:D1:1A:86:39:7D:76:92:5C
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         53:de:ad:c7:5d:b2:c0:6c:2e:45:50:21:7f:d8:ff:68:61:8e:
+         11:bc:13:d0:67:5b:ed:c6:48:46:74:9a:89:6b:2a:1b:8a:01:
+         c9:3b:5b:3e:1f:d2:24:1e:a0:59:ea:f5:99:d7:35:8d:13:55:
+         58:ea:8c:2d:8f:7e:8a:c1:0f:a1:0d:ea:ce:46:a9:e1:4f:00:
+         b8:94:f6:d4:fd:44:83:41:13:9a:98:3a:e2:d2:a2:09:1a:61:
+         44:39:84:9a:6e:4b:67:ab:18:93:e8:1e:cf:bd:15:2a:a8:76:
+         ae:d7:36:56:77:3f:88:0d:40:18:6d:e1:d5:a8:e0:17:fe:96:
+         58:cf:aa:2f:63:a9:f6:bd:c7:61:6d:ea:5f:72:92:8e:08:a9:
+         60:a3:48:66:91:e8:4b:0d:dc:92:10:b2:57:68:71:9d:f0:86:
+         36:31:95:3b:f5:ce:fe:fe:96:91:df:90:c4:0f:90:0c:cf:97:
+         73:38:7b:27:21:43:29:b6:13:5e:11:b3:7b:10:10:ac:3e:9c:
+         ee:88:cc:e1:c1:a2:40:0a:2b:78:82:85:ba:c1:a6:b9:e7:23:
+         af:13:ee:16:ba:e6:c9:6e:cd:5f:1c:44:c8:c1:e1:48:e7:0f:
+         d4:29:a2:c5:80:f3:0d:48:b8:cb:6c:8c:3c:b6:04:c6:a1:41:
+         2f:99:dd:d3:f6:bf:15:54:e0:a9:79:32:83:21:59:0a:2f:55:
+         7f:26:c9:28:33:17:24:32:19:a9:d4:41:d1:e2:c1:cf:13:76:
+         fd:d0:76:14:69:cc:bd:a0:66:5c:8e:8c:f8:23:76:8d:0a:c0:
+         a5:27:9c:36:21:16:26:18:90:31:97:91:61:4e:47:4f:ed:47:
+         54:b7:8f:ec:d5:44:cb:f5:c8:35:b1:11:90:8a:2a:d9:ab:97:
+         1b:26:1a:41:ef:f1:a8:4a:3d:bf:76:d4:e3:31:26:c2:cd:09:
+         9b:05:0b:8f:6e:ba:15:76:89:2a:38:1c:b2:9e:64:ba:3d:1c:
+         a4:fe:4b:a2:63:3d:80:07:f7:19:df:db:03:51:7d:ed:16:72:
+         4e:ce:46:76:47:5a:64:b1:7b:32:4a:53:cc:1a:93:7c:6e:ce:
+         e4:00:90:86:47:26:9a:51:7b:61:7e:78:05:c2:35:c0:2a:bc:
+         89:56:e2:4f:67:7f:96:1a:47:9c:99:d4:a2:34:87:b5:e3:c6:
+         34:45:4f:51:29:49:64:81:de:3b:d8:0c:df:9a:69:c1:e6:4c:
+         72:5f:a0:84:5e:b3:1d:ca:2b:01:79:a6:70:cb:f8:4b:3c:69:
+         d1:55:c8:6a:56:cc:6a:9e:24:5f:a6:6d:99:39:6e:bb:d9:09:
+         a9:70:8d:5f:e2:b4:01:da
+-----BEGIN CERTIFICATE-----
+MIIHUDCCBTigAwIBAgIBATANBgkqhkiG9w0BAQsFADCBojELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
+EDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
+bi5kZTAeFw0xNzEyMTgyMTI4NDBaFw0zNzEyMTgyMTI4NDBaMIGpMQswCQYDVQQG
+EwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoT
+Bk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEXMBUGA1UEAxMOVlBO
+LU1CUi1zZXJ2ZXIxEDAOBgNVBCkTB1ZQTiBNQlIxITAfBgkqhkiG9w0BCQEWEmNr
+dWJ1LWFkbUBvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AKNZ2jh8L7rFyLdknYt78vX4YG5LGx7QzlB+gu3W2/fUKTixit8Un+1ywl6Gxa5a
+CQ90YrbJ+EKVT3DWvM9iyAKXsCDsLetoCYIir2v5ns5j+TrRqTMK0BaVM+7f84iX
+UTKIyPPnNrqOQC2rbsm3E9RZRl9iYf0hhgNFQCqWbfeH3HLxOitxZ4Zq72l0pt6g
+3O2tx3+ay7MGYRo0RVcZ0TfgLTbDlJFcAs5AwvikQ4z3XqGxABkTzQaF4Nf4fbu2
+5eTXfoLcllz6foijQr5DeMizQA9hBVWf0FZUGduFSAXObbJJ37ZUfTn0R7WYO9Vz
+GxX13revqQYG3gNZhNsjcIfrFt6A8T+ssJMEaYeZ0dSn8KwtQnPVWvsd9NbpIMsf
+ExVatx7s0ODUXQthZgFAb+aGOJXnpP8KjMkdNuZWWYQVpD9yF8ph+HSYSq/GVdlU
+mbv7QIvUjKs93vOenT2kJ82LFxKOtzJcwGH6n1qd15z5a8faplAlgLU3iM/wDGJc
+4owEsuGmSsqOk6n74XKJCCOeCMkQfPvOqRLgH/kbqLfX6oTTnPNfl2odRANC6YYa
++RQ+WGcGS67HTHdKgClee6e4CGXnuark60WTaCifPw9CQCPKTJ1cTbFV39dBLjFG
+HmAFdTOKLL+xCMWyMVFVbHPvoovoqvq8SoEg5JYw+Qk/AgMBAAGjggGGMIIBgjAJ
+BgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFz
+eS1SU0EgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUXn7F
+L8peYieiB4kgoIrQ6wVVlSYwgdcGA1UdIwSBzzCBzIAUYehyuTIQXKO/p6dZHTXg
+tLVRgPuhgaikgaUwgaIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJSMSEw
+HwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGWCCQDRGoY5fXaSXDATBgNV
+HSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVy
+MA0GCSqGSIb3DQEBCwUAA4ICAQBT3q3HXbLAbC5FUCF/2P9oYY4RvBPQZ1vtxkhG
+dJqJayobigHJO1s+H9IkHqBZ6vWZ1zWNE1VY6owtj36KwQ+hDerORqnhTwC4lPbU
+/USDQROamDri0qIJGmFEOYSabktnqxiT6B7PvRUqqHau1zZWdz+IDUAYbeHVqOAX
+/pZYz6ovY6n2vcdhbepfcpKOCKlgo0hmkehLDdySELJXaHGd8IY2MZU79c7+/paR
+35DED5AMz5dzOHsnIUMpthNeEbN7EBCsPpzuiMzhwaJACit4goW6waa55yOvE+4W
+uubJbs1fHETIweFI5w/UKaLFgPMNSLjLbIw8tgTGoUEvmd3T9r8VVOCpeTKDIVkK
+L1V/JskoMxckMhmp1EHR4sHPE3b90HYUacy9oGZcjoz4I3aNCsClJ5w2IRYmGJAx
+l5FhTkdP7UdUt4/s1UTL9cg1sRGQiirZq5cbJhpB7/GoSj2/dtTjMSbCzQmbBQuP
+broVdokqOByynmS6PRyk/kuiYz2AB/cZ39sDUX3tFnJOzkZ2R1pksXsySlPMGpN8
+bs7kAJCGRyaaUXthfngFwjXAKryJVuJPZ3+WGkecmdSiNIe148Y0RU9RKUlkgd47
+2AzfmmnB5kxyX6CEXrMdyisBeaZwy/hLPGnRVchqVsxqniRfpm2ZOW672QmpcI1f
+4rQB2g==
+-----END CERTIFICATE-----
diff --git a/MBR/openvpn/gw-ckubu/keys/server.csr b/MBR/openvpn/gw-ckubu/keys/server.csr
new file mode 100644
index 0000000..12d24e4
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/server.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE7zCCAtcCAQAwgakxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tTUJSLXNlcnZlcjEQMA4GA1UEKRMHVlBO
+IE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1naOHwvusXIt2Sdi3vy9fhgbksbHtDO
+UH6C7dbb99QpOLGK3xSf7XLCXobFrloJD3Ritsn4QpVPcNa8z2LIApewIOwt62gJ
+giKva/mezmP5OtGpMwrQFpUz7t/ziJdRMojI8+c2uo5ALatuybcT1FlGX2Jh/SGG
+A0VAKpZt94fccvE6K3FnhmrvaXSm3qDc7a3Hf5rLswZhGjRFVxnRN+AtNsOUkVwC
+zkDC+KRDjPdeobEAGRPNBoXg1/h9u7bl5Nd+gtyWXPp+iKNCvkN4yLNAD2EFVZ/Q
+VlQZ24VIBc5tsknftlR9OfRHtZg71XMbFfXet6+pBgbeA1mE2yNwh+sW3oDxP6yw
+kwRph5nR1KfwrC1Cc9Va+x301ukgyx8TFVq3HuzQ4NRdC2FmAUBv5oY4leek/wqM
+yR025lZZhBWkP3IXymH4dJhKr8ZV2VSZu/tAi9SMqz3e856dPaQnzYsXEo63MlzA
+YfqfWp3XnPlrx9qmUCWAtTeIz/AMYlzijASy4aZKyo6TqfvhcokII54IyRB8+86p
+EuAf+Ruot9fqhNOc81+Xah1EA0Lphhr5FD5YZwZLrsdMd0qAKV57p7gIZee5quTr
+RZNoKJ8/D0JAI8pMnVxNsVXf10EuMUYeYAV1M4osv7EIxbIxUVVsc++ii+iq+rxK
+gSDkljD5CT8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQCH/TKtCCVzFeCwvYAr
+qUbQOobUW9V37cMvziQpHJSUXsWR0Y8VImlbEecCKRg0YpzzH0UKaprO+EFqXSfM
+TOiuSIwaeJ/+kOF15mDQnbkCmvK+Dr6AN1DcC8H0SzutaUGMt5jiwIln/54o4/wp
+B0NFhxkWg96+Mz3V6IvZUGfuRfaTPL9QYqqzQupdw9rJizVDCLf2JzR/bMfFcLwe
+R+SNJRq21Cs9BBbUF9UOfw2gLS+SCFdIyeOFEYJ+nmdAWRVn9PEz+yKdKr9Q73DW
+sDK2+M4E0FWUsUw4mDWOJL+Hrc97Vd2xSDmKubuPlK2re8LTiNoXX+xXEfPAL/k/
+eJMNKeAm0fXkGqZylDxQyYETGUkxGQS5BOMODh9xRRO/Qazfz0Ym5kRDttIXhDbs
++o1e4f3Lvov9xPLOtEZ5EZF0QDHnrm6dv9lp95VHfC8Qnhf0cblLctU8Fdwk3oQn
+zHG8NtlBcSg12GGi8IzNNtUWWI+wOn7SlIjydOCt9WwdrVktWLwyhozCN4AemPgi
+MRjCDApvyj2Q1iSjIZJLBO6rvYjONX33XO4+zVe+uSAxRI5ywXCE5waG1q86svIG
+857jQqfkpXGB885uPUDXx+sGMbipXHtNaR6Vq1Jk7RtW1eSh9zmDxav1pnbaWfT9
+KF1CczRh3eC7miYzpj9lRzRKEg==
+-----END CERTIFICATE REQUEST-----
diff --git a/MBR/openvpn/gw-ckubu/keys/server.key b/MBR/openvpn/gw-ckubu/keys/server.key
new file mode 100644
index 0000000..73cf0bb
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/server.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCjWdo4fC+6xci3
+ZJ2Le/L1+GBuSxse0M5QfoLt1tv31Ck4sYrfFJ/tcsJehsWuWgkPdGK2yfhClU9w
+1rzPYsgCl7Ag7C3raAmCIq9r+Z7OY/k60akzCtAWlTPu3/OIl1EyiMjz5za6jkAt
+q27JtxPUWUZfYmH9IYYDRUAqlm33h9xy8TorcWeGau9pdKbeoNztrcd/msuzBmEa
+NEVXGdE34C02w5SRXALOQML4pEOM916hsQAZE80GheDX+H27tuXk136C3JZc+n6I
+o0K+Q3jIs0APYQVVn9BWVBnbhUgFzm2ySd+2VH059Ee1mDvVcxsV9d63r6kGBt4D
+WYTbI3CH6xbegPE/rLCTBGmHmdHUp/CsLUJz1Vr7HfTW6SDLHxMVWrce7NDg1F0L
+YWYBQG/mhjiV56T/CozJHTbmVlmEFaQ/chfKYfh0mEqvxlXZVJm7+0CL1IyrPd7z
+np09pCfNixcSjrcyXMBh+p9andec+WvH2qZQJYC1N4jP8AxiXOKMBLLhpkrKjpOp
+++FyiQgjngjJEHz7zqkS4B/5G6i31+qE05zzX5dqHUQDQumGGvkUPlhnBkuux0x3
+SoApXnunuAhl57mq5OtFk2gonz8PQkAjykydXE2xVd/XQS4xRh5gBXUziiy/sQjF
+sjFRVWxz76KL6Kr6vEqBIOSWMPkJPwIDAQABAoICAQCep7WoqQ2epV1GqmXORSv8
+tSnL1gzYSEwqqEW4hbgOJDWJR/+unhSbBpw8PUAhEHe+V/dMvCvxV53Z5edqsfG7
+euLphxsuilS53cBt6fvRUA6Qj3R8C+OCG5ZeS4v4vadyoqIzKv3gAivZb6liJ/wN
+gkw0dpTfy8Ciyo8BDixuf7mgtiUebr3zM0enMFKm5qzN+LxMduej0O1dCynR6FRp
+pcWkbB+Pc0OSWhpEbx7g+p4iA40pzi6TSFLS0RolyQXO13Kb3W35jp55TcCUlWnp
+3Re6GCybNmaegn6+1NvYL+Ahi1jKeZNLR7SibuKmdW74TF7uH6HWJbNao4bDZM90
+1qQmGtPS6njBaOb3tqm3LIyGfdxI30glzMVIkC0ckdsN0Tv8EzWvX9wa4Gez/Mjd
+9BUVC81mvwnOiNUIkFmvFGrqLPQT2TAO8Ut4R3uBMml6mY6khCciR/oq+wmXpqZf
+xoixb+6kleiBrVELnskyDHLHIpCNMM3HG/+opAXotbCi9Qq/ivIlUtANOgP74XBB
+Ql32zojB6+RwF1ubw4BhFvbhSjyIF+ZgMFlAyUTfPdO7ReS+SnHueIzgiaD86Je2
+FvXq+p9mu/I9pugwNYk8MJ/8HpeQzdfxmDMa7ERTQF8b+iI9gu4Gd1M+XvTKK8yO
+/LSFkoHij7gdxbVCmcC+EQKCAQEAzhGW6cz3HX6K2J2HWDRPN7v9xPW+/c0PbTES
+sfsF9OoFbcRR/H80D6eABCdTuJ3z3TPs8qmHzIElV5vySTncnWo6bOb+Cvd75/3l
+5k05Sqcl4JO79WR0uhAcEVx9d+7zHT4ZXN57okog0Mx/szJE+IaOwOygQIXFCZAw
+vCaK/QUTiblklVhuywhR/+zIYQLd25SYeQM8/ncL6ezwc8QxiaZRsA1bw00pOl8m
+cOBoNaBm0R8dl/q3n7p7UXpKGJ7tZQ17xhw410wddXGpKPaqLfKaD5dq+18S7chN
+bpFjCsS1liylQnPEmz9XcspUUsSqHwuIAI9/IL1SgVlcO1k2twKCAQEAyu59NY6S
+n62ZLbzmkg3BIP5WpmrVt85guKnHvZ4wJhypB9GkvnlHfjy11iNS7/o4IxqfX5tK
+Rtzxu2ZRgBogYXu80DTSIEywf/bYJALY2/i8UsIWSUs/yekHNI/QBY5sabgjtvnd
+CrmIcUrRXIg26NRho4/aboGJTHUYHZYutq+8byCkeiNnPgPL7r5FKb7S4NNdeiFV
+CYNDgsVNaH0DVph+69wPv4b4ZfyrzwIxdYtZB9NxISD+YkNZfWDiKpBQlpIQ+9pO
+WrERQrHWUGVFwxcA217CMFBCJ2LmAlBs5r344xgu1Hi4AxUkclyo6XvpStvZ83mk
+HeldLBwfbnx5uQKCAQBSDp0KsuzAWPCPO4N2szXMWta9xKHuTObUs1LffrcrhLju
+sdt38WtYxHlsrgBfpr5CGnhDVRDXdaHaFiZP1HOuV2u2i/EjitNTWT5gC+ZBfPfP
+SuTw3bTBlsKmgy8PQB6dSWouGgYfZOdWXeiIAf+G+4YC+vcBWoNQwJM3iR2VjZzv
+Hd0Yv2M3BDQq9i4Au3R/CNgCcDCsn9klqI1DfB/B0XH76gXdam99aABVuHamzB3F
+Ll/JcjQGreqHUmwJC9g6gjkEdZ6I1S1x4/XZcwfnThDdHo2iVYSjHT0AR3KqChTJ
+HTQdlx32OC3pbvpPDzMzM5NPrdSQw/MDwQLCO09XAoIBADh0UHDt0OyLJuoKezp2
+iRvcpc52Oi6AQ3gcA21E7LAtmPiL4gD7TGBaE1wXR6NrQOLDLUMzuF4uaTFxLYst
+uYRlIAnsJ+jEbPWsfkTGZf4MHJgJVpndTUmmglKlD4H8NTzT9VuZ91xccRDTd5r+
+aggrzV3rTyEe+EtE6AiTFzvLd+iSdC9mWfpuo/UvCZ6rb48MPh0T2MxksAtZSEeh
+P6R/mA+VkOv/aGs297UHLys8MPB0aiyFOT+s7OBsa37b1w+MYx0thk7Eo8CiKLUE
+93tmkt50ZiF6smyynrpWFXW7s9m5iI2jZ82zvAf0rykFR8mDkAaj+Hw5x6nVyQi7
+qEECggEAN/vPu/WKtXI9Q5GtyjpoMmPSsATXkWGQnKJisVwfezg6a8juDkbKZH3T
+Pxb9pGCKEqTQZVWRYOCR+HYzFijNZJTHMKR230QZl/j9yHCuu/VOnxEBI92hWckv
+FEKochdlS0NYMpGuIC6lV355N0bqso08Ko6P2T+9CyFbicLCDzp/xb/pnJdMJdDn
+Wbtui6gUOu+XL7Aul7AsdGv67hQlk4aUKqR4e8rx1mqZUmBt+9cydiog+kQIz1I7
+dCMkGcQ23QTnHYQRbUIP5DEpsC6irHIUlOqrS5vMIWDY1Qa5dL6y9VRlFCpOGfVj
+GAooHZf3VKr732fct7cALGhigjIPpA==
+-----END PRIVATE KEY-----
diff --git a/MBR/openvpn/gw-ckubu/keys/ta.key b/MBR/openvpn/gw-ckubu/keys/ta.key
new file mode 100644
index 0000000..1d5a2a0
--- /dev/null
+++ b/MBR/openvpn/gw-ckubu/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+79d91376ee2c248cb615cd6291bf2954
+a8e96540005b24814cf8b156c133033a
+8d46114db5bb435551604fcb18c56b09
+09750d641767657cebf8151735230e61
+b2a9631cd7490ab824333b74e60e4cc0
+c3fce42e7518bd6519347f7e111b9f61
+be2682407cd8186c2c9b03987a6d0fd0
+52599e30c6e2214cd9734f442e4d9a34
+62e1dc096e13a894538798a94b2e2d54
+f1c5bd884fe95aefdd919a96cdbf8f1d
+c60a65e7b59990a11324fa1960b8cb3f
+ac2fc846d6860e50f7b35f83eb6b791b
+d59707320a80e639b2226c2d16830757
+f7d29d94fd8c5fe1ab8c939e394d2126
+bd880494edfa929b03b894c6984890c2
+8e1ab55c781b17828ec1d4126a9736e2
+-----END OpenVPN Static key V1-----
diff --git a/MBR/openvpn/home/chris.conf b/MBR/openvpn/home/chris.conf
new file mode 100644
index 0000000..eb8fd82
--- /dev/null
+++ b/MBR/openvpn/home/chris.conf
@@ -0,0 +1,260 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-mbr.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIHDzCCBPegAwIBAgIJAJVCoWERyZjAMA0GCSqGSIb3DQEBCwUAMIG1MQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3DQEJARYlY2t1YnUt
+YWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5vb3Blbi5kZTAeFw0xNzEyMTgyMDE0MDJa
+Fw00OTEyMTgyMDE0MDJaMIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGlu
+MQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0
+d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1C
+UjE0MDIGCSqGSIb3DQEJARYlY2t1YnUtYWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5v
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANUaZu29kklR
+KZaXQ2SgHjDribwcLM+XeBDZsrKXIkwYmOHXxX1BcDXhWYeQyJ1n7gyRHZzcSC9u
+1NNnYvGMdpcuz9dwXZgBC5zspmyXIRaynlo9xtb44ug7CNoMuLReZB6cLWTbkd47
+eQsQOXu+tIy5DvjDxybZaCudLUKfZ3sty64sydqUJZ8cXo1ucdGreB4RLWiI29Dt
+ziLtJ0fvkmMLmfvh/RQqWqKYqHQRlMZCZnCghP3oCCZztfylB2iHsp4MZf42rXA4
+Q9idVDD8PMu7opzzjgrbUjlJk/Hs6NcM2bjbsCp8/rj/akH6M14W8IJYpuHkgAmU
+bCOnPTCcWVjpgF6R5ASXRfbegyNf05BrXQRHtW3Xh94aRrvDzh25aObHnV+P6pnv
+8ek1vMSGk9FC1vBomHftqIL6sa+JOevWgK0jFYNungpBezfqDRpf0c/h8OGviN1r
+m9s/D6Dc1eSf9vFlPN5faxb+V3xurC3e7/Lh9ZNXqBW4HYd1Da9BQM5vRY/H8ffj
+szIrhJ/pTEVKChmBOqvfTuoLHBbiT+XUQcW7C3hKk06rBD9CSIywaC+ctHAtXvEA
+Y+0q77VQus1TPcSeGHXShzvv5lEXoMygd786OKF/3ZtT+3YDbk1AeZx49o76hMmP
+cWHCRmoWy8t2rHFYshMmPkl7EYlLA/C3AgMBAAGjggEeMIIBGjAdBgNVHQ4EFgQU
+D8mVsJqjS31KjAa4+MfmGhkqJDowgeoGA1UdIwSB4jCB34AUD8mVsJqjS31KjAa4
++MfmGhkqJDqhgbukgbgwgbUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJS
+MTQwMgYJKoZIhvcNAQkBFiVja3VidS1hZG0ub29wZW4uZGVAY2t1YnUtYWRtLm9v
+cGVuLmRlggkAlUKhYRHJmMAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AgEAV2wqjTAKpWww3jHS/tAMxd6JAjCp1MPV00dHXoez3kHwTw2KlnO0WwtYS4KU
+s3+qtOBY35++42hH4U7KCKpjW0w5sTBjw+ql13xh0CueKMvs6T6kVGIBPiyosEE2
+VLYeyZf47A/BQSAwNeLKIMxflTBVwqqeaO6bPu6xlfEAwNSmvj/uxKf0mHYCjNSc
+Q2KBABU0A+AjvsvuSMec64tvWQA9ty6YZfo/qSRnUkCqISme9IFOWKyuSNGUgbfX
+xFK8zcOUqLwvz8OlNHBcLiI4+ue2fy1TrLVyMkJFhllfuGTHpYqDqGJHAl5AocJx
+eppXLhUR5xmVXQjn50HTj5GukxZbX+6eUxIpRvydAJ3emU/3g6vS1MygHDGTPb9b
+Ovk0mrGS+wlHsx9kmrO3Ge/BULuX/M0qvqWk4w29f5CZy4vcI3l4uhnrFlmp21b7
++EGQQw2+CNyP5CsD+BQlx+5FhthuH+nU85mZkLRIebgNep5O09remcYNka80XFfs
+OLXve4/ByQW8iXuxyIlEqv56Bz/H70yug8MI000pZ/DL44+0GnMz7ULP0nAHp3Yd
+sU6nFG7fH5cvbw0CMniC+0LBuNzxgUwnoiqj95fvqbseM0LK6YxmblFnD7tCZh4W
+Ns4Mjg+3sAI9gmpcFMUU1l+TMV48Xo2FRYwYtW/nz7CIzh0=
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHWjCCBUKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
+EDAOBgNVBCkTB1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Bl
+bi5kZUBja3VidS1hZG0ub29wZW4uZGUwHhcNMTcxMjE4MjM0MTI3WhcNMzcxMjE4
+MjM0MTI3WjCBqDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
+BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
+dmljZXMxFjAUBgNVBAMTDVZQTi1NQlItY2hyaXMxEDAOBgNVBCkTB1ZQTiBNQlIx
+ITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMQtPb0fscWy9ex2AICZnA2ybIHVfEPbsUp24FUd
+t6hZ9mIF7cqWKD00ujBUcdRBc9K/vq3wdjwTC9pyRmsFfnI4+EE3Sa8wNBtYA/K8
+gIPte2jRlDiRswRjHyQAM7ICzUz1UcfqmI8gm9xz1iEi6FWNDdcPXqwEmWIIcn1T
+Px9QqnT0c7J+MNs7G1uaaqlFitlKgTpMAyCi+9My+N0eXxmMT/l5OyMyyCttnRkz
+y2I2I/dhoyNfNk0fE4lGwpzZUz+gWXZgxTNDZ+XaEcl84kyx/G1SWMQOe9W21tgW
+DtkrXuyVy3qjzc2csSZxoA/ahmqxb+1pEngk1wvuF2y5/wSa4G+SjgSy0z6keygS
+YbQ9IIx9ZKzHMxgoy30aEoSIYJ3LKpIZfu860M+LMuhzlKdlADj5MpEL3iOaxCUl
+Jcq8j+VDogmJ1+xZauC0w+1bOi2+0z2Gp16s74zVFVCJqrN5JWFP40Z7pgVPb8Ji
+foglEyoi+jAsaZ87q4rVHJCi/LKev8EGj20PAFacS2yCzubtLUyA4DJ/4aFIl4MH
+3mO5oMPs9hQ06LbzYIjDbh8bUTczFnPhkZa7PHAnE5jwF36/aiP9iprTtMBEvJJ6
+sKjlC/vPPk2y79Mc2WbyNlp2qAiEtminnZi7qY/495ePNv5WmG6UYQINwVfs2vxb
+FCFNAgMBAAGjggF+MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
+LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPb8U3JvkgcXvtSE
+py6Qtz8e6/k0MIHqBgNVHSMEgeIwgd+AFA/JlbCao0t9SowGuPjH5hoZKiQ6oYG7
+pIG4MIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3
+DQEJARYlY2t1YnUtYWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5vb3Blbi5kZYIJAJVC
+oWERyZjAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
+CTAHggVjaHJpczANBgkqhkiG9w0BAQsFAAOCAgEAR+vl8ToNdA0KId+ifagINHpz
+OMfFlBkkFVLhZGcoQp+HJV5I97zSt41Ybozrwo6Jnjv3wX/vYzqTl/oUrT9gjAhB
+qMy9CEgMzyxBMl6ys2YqdBiRDC6sSkSY0q0BuZ8wHmvvzymlrwjNXIkdk1bbYtzx
+9P417K63FSoTmIB8eVNUIoX4xusM80NCAR+1jnSyFoN6CrrnQA5L13GvyPZl7HMY
+7gANKpUcPkqo0vnltIih4qbDESVlUIwSLocO6e9QLfmEh6n5onJqSORdrRaj3XdY
+vXKQmlu3i0AXhVkQXQ3mdZbjYyYfSXO31uuuAhTR0Ji+p/znHF7Fxc4otmamhFcv
+lRuAu4ai5qPsjHMsHMIb6eKKVWTHQ8iDKcOteaJk1x5KqTuKq6aBcmIxIFbZTpR1
+rQfQs/9GjdIyJwHVHFAgymHiXjxmx06ZTXdrAMJpnpcMZD0iIrE08UMi3/jTtE4z
+PE65tITvaFLtnl1cr3fFNXS0vDkmRQ7ejA5NsggghVU+vWQ8UPKRab7hoWXylVvD
+GLQRglmQbM5VQgKLSlDrWFbD6fnI2kWSZmtxK2Mu7ab+HpflWRKTt7xUNlhPWUKz
+1I6NVweL4WZ+0l6Y2ETxlUzqCylBrKtqQ44lGsPvJ+j2bwM5OIjKeElWMb2dzZJL
+Q3Ox4pNDPk+BEHQrxl0=
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIxiEqdBH+tBACAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHYLwIQAaxwVBIIJSDIjWSU9/Kok
+bbatj//bCab//36qcLRn2ZF3xT5bUevvX6PMDhI9X6d612AVAd7V20/nloX6jmYE
+5bmAWiUjDtJNynXcdxe4RtyVfViECX+vGCQwz1MhN24GzGIyCm7V0/nJU6Stqoh5
+DQ+RSqpBrjcFZAWNvFYfRKG0K5QCPG3DirP02ndbqZZY+phklAwunZGaf0Ao3n2P
+Iqr+/sF7D6MjcS3jFqWYyCtHrqCK+3OyQLoWcsJKK5boYq6ywcPF/9qZJoCAQX4r
+tbQ+2hEvL1hVte8l+ZtM331irHdmJ8A3UJNp2zR8SBQoO61lKZ0gNcfQzfnBEJpS
+Xymds+2jtcgwGYCNp3fpZk8cn3ejRGEu1Z/2KSXVlDqA4VF+tlQbcHHaQawdL5/i
+Gu4tbbxt9ZfBjKn1N7GhOnheF/xK6jxaip5fP+GsU48Qhko7ng4ckGlM3dHEDkhY
+005X3pwqNM5+nW73yl6Qhdj7AAq0Rjsxa3crqkDkJ+XFWq7E6Wo+g9xhous+I0lZ
+LGE/GaJ8A0Hg/A35b9cCDDToxoSZm8MxZh6rBQeRlMddQ0Bki/WKqg3os9FLEY/a
+T++sWWuoPw2Ei0TkKJcNStMhM/0cIY/WduOMx1zg3drApQYM4CU4lt1L8nyAzhoP
+QJs0oZreY5Pt0VA9wfvg3ULlXlk0pMsIP58ci8MQ2veyTmmBEqe9TE7UiJuQrmD5
+yQFfg56bcibeRJ7l6HCdgpL41s4NvNf/sPvUMx7rNkVOqgXtO5qAMhF1ODLe51BS
+t990Ht6atPWEypKoxoja83OIAyn/78HLVyCf229ysQTM/YKF85H9ut+TOE9NgmLS
+/7CJntWBf0wzLKzHLVhjnT1XWWvmyGQkci04+82gSwZiURPgNowTUNGozL0bNRQR
+aRGlY/DT23vO3NmBz+sz92RUVBkAeJ5ujW8GozlVp8elhdgFnPbrNPVRW16XryyV
+Ql/hS56GqswtJXHHMkRx4xLUujKDvkzNUboJZvZLj1pTBEH5irJFYvdHOfd/oZKx
+197DIDcL72ESQHKAesogpDc8erl5AFYnEdRg54mR1lcgDzEbK4r1pQdE///H3XSU
+90VlO7DOHR5tzp26njZTo8hokXVzxd2MEd8O/2tWCj55mZP8A8Fp+uWu+YBtV4KT
+es3j9udI1cAMQiKL/jMOoH78+IRn2Cdw7WlLLCq3hduPJFCwH+S/WFFcDWDhCRcN
+ko5CYLvHjb32PakjYgRBelTRGSBl75lUiNrRep5apCMuREvLNP3A+pmmwCs5H+fu
+OKrOVHJ0pUHt8439DDeSozT3JKm+ngowuPO6JG77e1gSZ8rSHySoUBI4sGXEDcpp
+6+PzATzDJr9ZLYg7UumjIQ08YX14yHPEjl64SHQZQpcE8T8XfSEESi2dBjCcQ14Q
+G2a/40MFNn1a9XnMIAdw3DfPV6bTIi/LJaCCU//OFhuiPyONXuMtdCRkoA9tKHlZ
+fGZ70AlLG82yJ+2BLLuvxmapmq0OFZQm+nobw0c7lZP8PWCekK6QYVREkDvn42DD
+snO5gItiQIgLfW6zqq6kEXn3thBSFEFuizGprhLhnEJs+zDJ50CTs4I2QquGBdVn
+Crtyp83Kf9TnaDs0VK0u/bYXjyDx82IZEIERf05La8wS3RprC7fAqAqTQ2BF2u57
+2/6B7QvD8nFxYQszU1KUsaTfzRyVziAXC/t5XmMrOtZsWbimKd/o6rt0EsmNXl5R
+S/GLJSqhIODLzpf1LclapRzA4JqXHpZ1JG2mr8ohKawouLvvXU39yHMOrnVaWL/S
+75ZzcbKwNfnXe6lh8o7g6Ryq+5wRQpTBdEquzrPZod6uiM0Y6QgCOeDwTfpgpdXt
+6JF7x75oPEW+Q5ZFvEuopzXCslIbHyycgFmlGNrYn6T0vQ5r3mYjPAtm14S0Yl0D
+Dw1ykmqcLFAb6YQUKoSEJG8wPnrR6mYE1643ZQJtbgo5Grgrxd8a3+TJNhU0h4oP
+1aMEG0DJFtBV6TSUojZYDwQ+pmWTp2wWyECUUkoFUeHU2oGUzEmUfj6DK3Ewh8mQ
+zjUtiYN6yq68u0Y51MOIe2UrP/PjGO+EM7fmQc3oR/hA80+8LHXInEeMc3B6iLH1
+MwkrslbSSaynD8bAoO9rQyvWCrwSJwjdGWYd/bPpEXILDkDhqD+E/7cJkSU2CJp9
+SWrFm34IStVMGOkqRn0X4Q4Ml+RilgQy/0Nr7CQeODjHJJC6LdqePj8AMphZtWNo
+QjI0ysctUJ9AZfy+xfdyxT/66kmisQFeRrYe9t9C1AEz7wQhTXTc/nPB0071JL+h
+pcTVywqRPwLD+Dy4qpGc1Ocb355ieIJGi72rVieYCK5clohPeex/iM3Ay+yuhVfM
+h/MS2oKaJi5M1HzOfNI/DLlEDtGHmbla12W9wWJGyQ+HKtNO2uFHgE1aRY3Exyev
+E9jUDO7KUBwKutQVpvLiX0w8ftAx6QPu/7VZ8jVar9P2kIfijtIghBcPP+/Xb2/R
++OxXjwZrpJSanR8KVMxk1Gtp9dFrry2mtpMpPDqIat7Gj+/YBMov05M7Tk1arrYM
+N29MylzYEaJj4+2apMzo3/TW53ld3mc4idVLNavAcCq+t6DZWdbUTkpUpNTMBEmC
+ZZ+BOyQMqekM9Lo4My0XvairkmHSmRnQJND0MEc+C547z8vRFHYGo7WGFeaZXEo1
+KHH+s1BFMEZFkJZPbuPuSXf+tNEfXjofMIBTUMMLv4MR1OwstDCDo95J6PvMr3/j
+8mMJ6F85kkGpj5QfxP5liQhWrMiXJMEAaoZ84eGefeDMWWmiEANl+soCS/MKRYx4
+DBWreg5EvXuC9wQM55UOe/DBRmK61WjOXmTuSAf3uxa4R3TjsJPny5U84s44Dq9B
+1jN1hHKFLhAppgWqnGDfkp7cmsf5v600Fcn41lE4QMeDTrQMcYUseRv64uDQQI64
++mOaQ/5x26QFBFi7cyc/LkJwLfbQ7+OXgwYRlG1Z78Tx4vx/b3LfTltmSR+93hLW
+x5k/sc/xt9nEUwYvqo5fv1pRU0FOJEuHueIz6ZBCjZPcYflm3Yiwzmip5CHf9Tvw
+ycysCQUiTfM+oENgq9i6tFbCaOx80R+W6ckRgmXiCmDd6pKnfzZuIa/ODD7zQBh6
+AiaXP+oXUEJe7qU8un0wyQ==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+c1bb483e19d6c90def9e3b3054725c26
+83dad3473e46c324617f10954a9ef0c0
+04d3e53c787043db4b2f0c0f55d38928
+13ccfe3325bdc2a12294ee4a6eee14e1
+301e57912bdb03502032b97dd30fa67a
+6f7f2af6759ed4a6f7d32e863417c38f
+d0d29d7c1c2aea2b60c273878919c815
+220984a3a5e996a8ad9e01bc5595b87c
+2e60411d8d44f0769ed53afff6259395
+112f2218b859ce5ae46542be229ec2aa
+ab78338e1db08e5765571faf096fb5d3
+ebf22fc761cd3a70ef97c4cb20dd1778
+830a8b2b1463e8101825003181e8e188
+74dd61d43462ef4f8271c68c5aebdb07
+a4300e941ab9bfbdb5f34f23442222b8
+7c5b89d7e9ff18e1367af366abf53c3d
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/MBR/openvpn/home/crl.pem b/MBR/openvpn/home/crl.pem
new file mode 100644
index 0000000..d0880b1
--- /dev/null
+++ b/MBR/openvpn/home/crl.pem
@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC/DCB5TANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIxEDAOBgNVBCkT
+B1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Blbi5kZUBja3Vi
+dS1hZG0ub29wZW4uZGUXDTE3MTIxODIwMzA0NFoXDTQ5MTIxODIwMzA0NFowDQYJ
+KoZIhvcNAQELBQADggIBAGlcvnSenmJb68Gw3hLOwZiarTM3jDTvwTvPay3lYUbg
+Y9bg1U8ctmfdX89jE1aC1eeD+yxuqy8YebYeHrxXDckQu0mEfXfbqzIXlSAFXqta
+KahSofCNCGxBKw71Oa2vZLkZIE2jcmfyGRiZHUqe2RZPGFhz9Brq4yDfkBEwgz0J
+Dpej5JKfMsrt1D1bFaATL5OmW/jDSVl9b9vQtBlfXo6LwkRezxuk3e39qctYHmc0
+OEk0987lNw9FHfPJ3gBh1hHNui5/yCrKYZbrxInBiTDQIecr4MrV4d+xOyZmotZP
+P1XPKtsiHKmvTM824iG7AlaKONmL3E7D4cnKoQGTfTShIAjHeRHvOr3MmKL1RcEk
+0xrZXhQ3UjgWC89swD/Jnhoe6stgbzd5FLNxr9CTG02YtsBuTWybasccQCK1NlOK
+A4Q+EDuW/gBa8F2n1VrSSxCY9Qx9nCJA+T1XolPDz2tc4lk8iV7KQD9vSnxbABcx
+O9k510sqqHQ9w9DWsLp4NEOBIjNUvaki4YD6pUbFxeuNA0NK4swN6u38b5/qNM/S
+E7ycFJReHDShp7ldYo0tPBgmC3vA85x5bHB7zMRYGTMFI2BAN9i+Y/fOjqa5VbLP
+oNgjoQG/0odzM45YrR9J89dj4C3u9lVmoPi5+OEpLBToIf4cy9R7a/dlFNkZTIJT
+-----END X509 CRL-----
diff --git a/MBR/openvpn/home/easy-rsa/build-ca b/MBR/openvpn/home/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/build-dh b/MBR/openvpn/home/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/build-inter b/MBR/openvpn/home/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/build-key b/MBR/openvpn/home/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/build-key-pass b/MBR/openvpn/home/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/build-key-pkcs12 b/MBR/openvpn/home/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/build-key-server b/MBR/openvpn/home/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/build-req b/MBR/openvpn/home/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/build-req-pass b/MBR/openvpn/home/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/clean-all b/MBR/openvpn/home/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/inherit-inter b/MBR/openvpn/home/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/list-crl b/MBR/openvpn/home/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/openssl-0.9.6.cnf b/MBR/openvpn/home/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/MBR/openvpn/home/easy-rsa/openssl-0.9.8.cnf b/MBR/openvpn/home/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/MBR/openvpn/home/easy-rsa/openssl-1.0.0.cnf b/MBR/openvpn/home/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..30689ad
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/MBR/openvpn/home/easy-rsa/openssl-1.0.0.cnf.ORIG b/MBR/openvpn/home/easy-rsa/openssl-1.0.0.cnf.ORIG
new file mode 100644
index 0000000..c301e44
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/openssl-1.0.0.cnf.ORIG
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/MBR/openvpn/home/easy-rsa/openssl.cnf b/MBR/openvpn/home/easy-rsa/openssl.cnf
new file mode 120000
index 0000000..e3d3769
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/openssl.cnf
@@ -0,0 +1 @@
+/etc/openvpn/home/easy-rsa/openssl-1.0.0.cnf
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/pkitool b/MBR/openvpn/home/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/revoke-full b/MBR/openvpn/home/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/sign-req b/MBR/openvpn/home/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/MBR/openvpn/home/easy-rsa/vars b/MBR/openvpn/home/easy-rsa/vars
new file mode 100644
index 0000000..313405a
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/vars
@@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/home"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="O.OPEN"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="ckubu-adm@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN MBR"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-MBR"
+
+export KEY_ALTNAMES="VPN MBR"
diff --git a/MBR/openvpn/home/easy-rsa/vars.2017-12-18-2109 b/MBR/openvpn/home/easy-rsa/vars.2017-12-18-2109
new file mode 100644
index 0000000..e60420c
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/vars.2017-12-18-2109
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/MBR/openvpn/home/easy-rsa/whichopensslcnf b/MBR/openvpn/home/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/MBR/openvpn/home/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/MBR/openvpn/home/ipp.txt b/MBR/openvpn/home/ipp.txt
new file mode 100644
index 0000000..30b5c78
--- /dev/null
+++ b/MBR/openvpn/home/ipp.txt
@@ -0,0 +1 @@
+VPN-MBR-chris,10.0.112.2
diff --git a/MBR/openvpn/home/keys-created.txt b/MBR/openvpn/home/keys-created.txt
new file mode 100644
index 0000000..9964967
--- /dev/null
+++ b/MBR/openvpn/home/keys-created.txt
@@ -0,0 +1,4 @@
+
+key...............: chris.key
+common name.......: VPN-MBR-chris
+password..........: dbddhkpuka.&EadGl15E.
diff --git a/MBR/openvpn/home/keys/01.pem b/MBR/openvpn/home/keys/01.pem
new file mode 100644
index 0000000..a9eee83
--- /dev/null
+++ b/MBR/openvpn/home/keys/01.pem
@@ -0,0 +1,142 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
+        Validity
+            Not Before: Dec 18 20:30:34 2017 GMT
+            Not After : Dec 18 20:30:34 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c6:39:a5:51:7a:27:28:98:2e:bc:42:05:63:21:
+                    36:af:e2:1d:dd:25:17:98:6e:56:af:71:9d:3d:34:
+                    8a:b5:00:76:ea:24:9b:34:66:95:b2:a5:08:96:f6:
+                    48:ae:b6:a1:03:1f:54:90:19:d4:a3:62:74:28:ce:
+                    ed:32:d2:e1:c5:81:7e:e2:fe:bc:b5:ee:3d:8f:50:
+                    1e:0d:ad:19:d4:e2:bb:2e:5d:dc:ef:99:82:04:12:
+                    31:ee:da:fa:b8:6a:dd:1f:3d:fd:ab:ec:88:46:a2:
+                    e1:ae:1d:14:97:ce:a0:fc:18:f8:e0:b1:dd:37:a0:
+                    77:e7:e4:12:93:a0:a7:7b:96:f4:ef:97:ce:93:0f:
+                    6a:0e:b8:f7:0c:f7:7a:e0:e5:ac:5f:9c:bb:1d:0d:
+                    25:e6:ca:d9:72:c0:97:20:86:e8:d0:1b:9a:66:f7:
+                    e7:47:f5:8a:b9:65:5a:cc:a1:16:f5:1b:b0:7f:8f:
+                    76:77:01:57:78:0a:59:47:54:76:cc:f2:7b:d0:16:
+                    aa:56:b5:92:41:d2:2f:6d:67:6c:5d:b8:9a:39:54:
+                    2c:fa:d9:f5:8c:43:59:9f:a7:2f:74:42:94:0c:8f:
+                    56:fd:38:3e:3d:20:48:73:8f:b5:6d:73:8b:3d:61:
+                    7f:64:a3:fe:bd:6b:eb:9f:0b:ea:93:c2:12:0d:19:
+                    43:30:c4:f3:34:63:6e:9c:52:e1:f1:c3:b0:be:66:
+                    d2:81:16:33:a9:a0:35:23:da:3b:b6:d7:3d:77:a8:
+                    a8:f7:79:67:ea:30:9c:55:3c:85:91:ae:3a:e8:6b:
+                    23:e5:54:ef:70:11:32:9b:8d:cf:f4:a3:c3:a8:54:
+                    ab:d3:6c:73:7a:c1:84:f0:a4:95:0c:8c:77:1d:a6:
+                    a3:21:3e:4f:69:3d:d7:91:7d:ba:e0:41:ec:56:ed:
+                    4e:b5:e5:ed:16:ca:df:bf:72:81:b0:0b:b8:73:f8:
+                    59:8d:db:fe:46:be:35:d6:f6:f4:ac:4a:ca:49:a8:
+                    d6:d4:c4:ec:4f:b2:61:4c:16:0d:20:9b:0d:92:96:
+                    3f:a3:73:7d:a1:7c:30:a9:34:1f:95:3d:38:72:48:
+                    04:b1:2a:8e:30:4b:ba:00:7f:d8:0c:a3:d3:ea:59:
+                    6b:86:f1:03:5c:01:a4:d7:14:4b:1e:4a:be:18:c1:
+                    24:64:26:52:56:5f:16:9e:c7:86:f3:9d:3b:50:cc:
+                    74:e6:4c:f8:00:3c:0b:51:33:31:dd:6e:7d:44:93:
+                    c3:3a:37:5f:17:78:7b:5f:41:21:25:d3:8c:ed:87:
+                    31:1e:6f:14:e3:14:a2:68:67:52:6e:f4:6d:de:44:
+                    63:d5:95:17:5c:a1:db:ff:de:2a:ee:4d:2c:be:c7:
+                    df:8f:db
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                28:1E:56:DA:FB:5A:AE:0A:7D:40:8B:44:68:5C:AA:1E:30:D0:52:74
+            X509v3 Authority Key Identifier: 
+                keyid:0F:C9:95:B0:9A:A3:4B:7D:4A:8C:06:B8:F8:C7:E6:1A:19:2A:24:3A
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
+                serial:95:42:A1:61:11:C9:98:C0
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         8d:75:14:4f:4e:81:35:96:11:3c:25:05:fa:4f:8a:71:f7:45:
+         2a:37:31:63:ee:6f:5e:18:98:0a:bd:cd:60:dc:01:2d:18:24:
+         f7:3f:f3:ce:fd:cc:1e:4d:bb:51:10:1d:b7:0a:fd:f6:bb:fd:
+         b7:79:cd:e0:36:2f:6e:9d:cb:3a:00:a7:ca:bf:49:34:3f:ed:
+         e3:da:c9:27:0f:38:67:e1:33:49:69:53:f1:44:4c:99:92:67:
+         e0:f3:d1:17:62:ea:3b:c9:30:14:07:f2:92:f9:87:30:62:51:
+         80:48:0c:e2:12:f7:88:84:71:e0:1c:cb:f2:f4:1d:a2:06:fa:
+         11:f6:31:7e:21:94:7b:7e:c7:2b:b8:96:e9:88:96:9c:f1:e8:
+         d7:2f:2d:93:c4:d5:8d:a7:15:54:28:a7:23:07:08:01:16:ee:
+         f1:d4:e2:5d:e5:7a:40:c0:15:44:70:6f:da:98:c7:20:24:c6:
+         50:f7:f6:13:1f:f2:d7:11:ac:8d:ca:04:1b:61:01:b3:0a:49:
+         4f:53:00:9a:4a:36:38:57:b6:c0:d9:bf:22:0d:2d:e3:da:7f:
+         f2:bb:7a:cd:ec:52:7c:38:68:b6:33:3b:f8:e4:12:6d:ef:90:
+         6d:b6:99:21:7b:30:a0:53:c0:09:f5:02:8c:88:ab:11:99:d1:
+         a1:b0:c5:eb:4b:f5:12:11:d6:b9:ee:62:25:b4:a2:bf:7e:37:
+         a8:4d:f1:5b:8e:f4:f8:02:9e:12:7c:4a:37:f4:f0:27:ea:94:
+         68:38:43:d7:d7:a9:3e:ef:f0:23:e9:a9:83:1c:c6:cb:0d:21:
+         15:b3:02:bd:0b:b7:44:ee:af:ac:3d:0f:72:4f:5d:43:1e:13:
+         96:fc:79:54:9e:f5:3d:56:21:1a:a3:52:89:e7:89:e1:5a:e2:
+         f2:ae:8e:b2:a3:fe:18:f9:7e:0d:35:75:a7:82:3c:51:fa:c9:
+         05:73:e1:ae:4a:76:d0:3c:36:e4:3c:24:3a:58:24:e0:7c:dc:
+         ec:3f:0b:b7:fa:68:53:03:b2:21:28:c6:57:4a:85:8f:19:91:
+         f2:6e:31:c3:1f:12:fd:67:72:d3:d3:3b:0b:2f:cc:c8:3a:c9:
+         ac:13:c5:51:eb:a5:7a:87:e3:4d:21:ba:c9:41:29:0c:78:5d:
+         5b:04:96:d3:0b:2e:75:db:2a:9d:fe:57:1c:7e:03:10:6b:30:
+         e9:c3:d7:6a:95:4b:65:48:4c:2f:62:d6:9d:36:02:a3:05:a0:
+         b4:f0:fa:c4:74:10:32:06:d5:a8:d7:be:b6:8e:b4:7d:b7:3f:
+         3e:01:45:50:25:e8:7d:51:da:5e:22:17:8d:1a:5f:4a:a4:7e:
+         e9:53:58:cd:30:11:0a:af
+-----BEGIN CERTIFICATE-----
+MIIHdjCCBV6gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
+EDAOBgNVBCkTB1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Bl
+bi5kZUBja3VidS1hZG0ub29wZW4uZGUwHhcNMTcxMjE4MjAzMDM0WhcNMzcxMjE4
+MjAzMDM0WjCBqTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
+BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
+dmljZXMxFzAVBgNVBAMTDlZQTi1NQlItc2VydmVyMRAwDgYDVQQpEwdWUE4gTUJS
+MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQDGOaVReicomC68QgVjITav4h3dJReYblavcZ09
+NIq1AHbqJJs0ZpWypQiW9kiutqEDH1SQGdSjYnQozu0y0uHFgX7i/ry17j2PUB4N
+rRnU4rsuXdzvmYIEEjHu2vq4at0fPf2r7IhGouGuHRSXzqD8GPjgsd03oHfn5BKT
+oKd7lvTvl86TD2oOuPcM93rg5axfnLsdDSXmytlywJcghujQG5pm9+dH9Yq5ZVrM
+oRb1G7B/j3Z3AVd4CllHVHbM8nvQFqpWtZJB0i9tZ2xduJo5VCz62fWMQ1mfpy90
+QpQMj1b9OD49IEhzj7Vtc4s9YX9ko/69a+ufC+qTwhINGUMwxPM0Y26cUuHxw7C+
+ZtKBFjOpoDUj2ju21z13qKj3eWfqMJxVPIWRrjroayPlVO9wETKbjc/0o8OoVKvT
+bHN6wYTwpJUMjHcdpqMhPk9pPdeRfbrgQexW7U615e0Wyt+/coGwC7hz+FmN2/5G
+vjXW9vSsSspJqNbUxOxPsmFMFg0gmw2Slj+jc32hfDCpNB+VPThySASxKo4wS7oA
+f9gMo9PqWWuG8QNcAaTXFEseSr4YwSRkJlJWXxaex4bznTtQzHTmTPgAPAtRMzHd
+bn1Ek8M6N18XeHtfQSEl04zthzEebxTjFKJoZ1Ju9G3eRGPVlRdcodv/3iruTSy+
+x9+P2wIDAQABo4IBmTCCAZUwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAw
+NAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlm
+aWNhdGUwHQYDVR0OBBYEFCgeVtr7Wq4KfUCLRGhcqh4w0FJ0MIHqBgNVHSMEgeIw
+gd+AFA/JlbCao0t9SowGuPjH5hoZKiQ6oYG7pIG4MIG1MQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BF
+TjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQ
+MA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3DQEJARYlY2t1YnUtYWRtLm9vcGVu
+LmRlQGNrdWJ1LWFkbS5vb3Blbi5kZYIJAJVCoWERyZjAMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcN
+AQELBQADggIBAI11FE9OgTWWETwlBfpPinH3RSo3MWPub14YmAq9zWDcAS0YJPc/
+8879zB5Nu1EQHbcK/fa7/bd5zeA2L26dyzoAp8q/STQ/7ePayScPOGfhM0lpU/FE
+TJmSZ+Dz0Rdi6jvJMBQH8pL5hzBiUYBIDOIS94iEceAcy/L0HaIG+hH2MX4hlHt+
+xyu4lumIlpzx6NcvLZPE1Y2nFVQopyMHCAEW7vHU4l3lekDAFURwb9qYxyAkxlD3
+9hMf8tcRrI3KBBthAbMKSU9TAJpKNjhXtsDZvyINLePaf/K7es3sUnw4aLYzO/jk
+Em3vkG22mSF7MKBTwAn1AoyIqxGZ0aGwxetL9RIR1rnuYiW0or9+N6hN8VuO9PgC
+nhJ8Sjf08CfqlGg4Q9fXqT7v8CPpqYMcxssNIRWzAr0Lt0Tur6w9D3JPXUMeE5b8
+eVSe9T1WIRqjUonnieFa4vKujrKj/hj5fg01daeCPFH6yQVz4a5KdtA8NuQ8JDpY
+JOB83Ow/C7f6aFMDsiEoxldKhY8ZkfJuMcMfEv1nctPTOwsvzMg6yawTxVHrpXqH
+400huslBKQx4XVsEltMLLnXbKp3+Vxx+AxBrMOnD12qVS2VITC9i1p02AqMFoLTw
++sR0EDIG1ajXvraOtH23Pz4BRVAl6H1R2l4iF40aX0qkfulTWM0wEQqv
+-----END CERTIFICATE-----
diff --git a/MBR/openvpn/home/keys/02.pem b/MBR/openvpn/home/keys/02.pem
new file mode 100644
index 0000000..ac3aef3
--- /dev/null
+++ b/MBR/openvpn/home/keys/02.pem
@@ -0,0 +1,140 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
+        Validity
+            Not Before: Dec 18 23:41:27 2017 GMT
+            Not After : Dec 18 23:41:27 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-chris/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c4:2d:3d:bd:1f:b1:c5:b2:f5:ec:76:00:80:99:
+                    9c:0d:b2:6c:81:d5:7c:43:db:b1:4a:76:e0:55:1d:
+                    b7:a8:59:f6:62:05:ed:ca:96:28:3d:34:ba:30:54:
+                    71:d4:41:73:d2:bf:be:ad:f0:76:3c:13:0b:da:72:
+                    46:6b:05:7e:72:38:f8:41:37:49:af:30:34:1b:58:
+                    03:f2:bc:80:83:ed:7b:68:d1:94:38:91:b3:04:63:
+                    1f:24:00:33:b2:02:cd:4c:f5:51:c7:ea:98:8f:20:
+                    9b:dc:73:d6:21:22:e8:55:8d:0d:d7:0f:5e:ac:04:
+                    99:62:08:72:7d:53:3f:1f:50:aa:74:f4:73:b2:7e:
+                    30:db:3b:1b:5b:9a:6a:a9:45:8a:d9:4a:81:3a:4c:
+                    03:20:a2:fb:d3:32:f8:dd:1e:5f:19:8c:4f:f9:79:
+                    3b:23:32:c8:2b:6d:9d:19:33:cb:62:36:23:f7:61:
+                    a3:23:5f:36:4d:1f:13:89:46:c2:9c:d9:53:3f:a0:
+                    59:76:60:c5:33:43:67:e5:da:11:c9:7c:e2:4c:b1:
+                    fc:6d:52:58:c4:0e:7b:d5:b6:d6:d8:16:0e:d9:2b:
+                    5e:ec:95:cb:7a:a3:cd:cd:9c:b1:26:71:a0:0f:da:
+                    86:6a:b1:6f:ed:69:12:78:24:d7:0b:ee:17:6c:b9:
+                    ff:04:9a:e0:6f:92:8e:04:b2:d3:3e:a4:7b:28:12:
+                    61:b4:3d:20:8c:7d:64:ac:c7:33:18:28:cb:7d:1a:
+                    12:84:88:60:9d:cb:2a:92:19:7e:ef:3a:d0:cf:8b:
+                    32:e8:73:94:a7:65:00:38:f9:32:91:0b:de:23:9a:
+                    c4:25:25:25:ca:bc:8f:e5:43:a2:09:89:d7:ec:59:
+                    6a:e0:b4:c3:ed:5b:3a:2d:be:d3:3d:86:a7:5e:ac:
+                    ef:8c:d5:15:50:89:aa:b3:79:25:61:4f:e3:46:7b:
+                    a6:05:4f:6f:c2:62:7e:88:25:13:2a:22:fa:30:2c:
+                    69:9f:3b:ab:8a:d5:1c:90:a2:fc:b2:9e:bf:c1:06:
+                    8f:6d:0f:00:56:9c:4b:6c:82:ce:e6:ed:2d:4c:80:
+                    e0:32:7f:e1:a1:48:97:83:07:de:63:b9:a0:c3:ec:
+                    f6:14:34:e8:b6:f3:60:88:c3:6e:1f:1b:51:37:33:
+                    16:73:e1:91:96:bb:3c:70:27:13:98:f0:17:7e:bf:
+                    6a:23:fd:8a:9a:d3:b4:c0:44:bc:92:7a:b0:a8:e5:
+                    0b:fb:cf:3e:4d:b2:ef:d3:1c:d9:66:f2:36:5a:76:
+                    a8:08:84:b6:68:a7:9d:98:bb:a9:8f:f8:f7:97:8f:
+                    36:fe:56:98:6e:94:61:02:0d:c1:57:ec:da:fc:5b:
+                    14:21:4d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                F6:FC:53:72:6F:92:07:17:BE:D4:84:A7:2E:90:B7:3F:1E:EB:F9:34
+            X509v3 Authority Key Identifier: 
+                keyid:0F:C9:95:B0:9A:A3:4B:7D:4A:8C:06:B8:F8:C7:E6:1A:19:2A:24:3A
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
+                serial:95:42:A1:61:11:C9:98:C0
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         47:eb:e5:f1:3a:0d:74:0d:0a:21:df:a2:7d:a8:08:34:7a:73:
+         38:c7:c5:94:19:24:15:52:e1:64:67:28:42:9f:87:25:5e:48:
+         f7:bc:d2:b7:8d:58:6e:8c:eb:c2:8e:89:9e:3b:f7:c1:7f:ef:
+         63:3a:93:97:fa:14:ad:3f:60:8c:08:41:a8:cc:bd:08:48:0c:
+         cf:2c:41:32:5e:b2:b3:66:2a:74:18:91:0c:2e:ac:4a:44:98:
+         d2:ad:01:b9:9f:30:1e:6b:ef:cf:29:a5:af:08:cd:5c:89:1d:
+         93:56:db:62:dc:f1:f4:fe:35:ec:ae:b7:15:2a:13:98:80:7c:
+         79:53:54:22:85:f8:c6:eb:0c:f3:43:42:01:1f:b5:8e:74:b2:
+         16:83:7a:0a:ba:e7:40:0e:4b:d7:71:af:c8:f6:65:ec:73:18:
+         ee:00:0d:2a:95:1c:3e:4a:a8:d2:f9:e5:b4:88:a1:e2:a6:c3:
+         11:25:65:50:8c:12:2e:87:0e:e9:ef:50:2d:f9:84:87:a9:f9:
+         a2:72:6a:48:e4:5d:ad:16:a3:dd:77:58:bd:72:90:9a:5b:b7:
+         8b:40:17:85:59:10:5d:0d:e6:75:96:e3:63:26:1f:49:73:b7:
+         d6:eb:ae:02:14:d1:d0:98:be:a7:fc:e7:1c:5e:c5:c5:ce:28:
+         b6:66:a6:84:57:2f:95:1b:80:bb:86:a2:e6:a3:ec:8c:73:2c:
+         1c:c2:1b:e9:e2:8a:55:64:c7:43:c8:83:29:c3:ad:79:a2:64:
+         d7:1e:4a:a9:3b:8a:ab:a6:81:72:62:31:20:56:d9:4e:94:75:
+         ad:07:d0:b3:ff:46:8d:d2:32:27:01:d5:1c:50:20:ca:61:e2:
+         5e:3c:66:c7:4e:99:4d:77:6b:00:c2:69:9e:97:0c:64:3d:22:
+         22:b1:34:f1:43:22:df:f8:d3:b4:4e:33:3c:4e:b9:b4:84:ef:
+         68:52:ed:9e:5d:5c:af:77:c5:35:74:b4:bc:39:26:45:0e:de:
+         8c:0e:4d:b2:08:20:85:55:3e:bd:64:3c:50:f2:91:69:be:e1:
+         a1:65:f2:95:5b:c3:18:b4:11:82:59:90:6c:ce:55:42:02:8b:
+         4a:50:eb:58:56:c3:e9:f9:c8:da:45:92:66:6b:71:2b:63:2e:
+         ed:a6:fe:1e:97:e5:59:12:93:b7:bc:54:36:58:4f:59:42:b3:
+         d4:8e:8d:57:07:8b:e1:66:7e:d2:5e:98:d8:44:f1:95:4c:ea:
+         0b:29:41:ac:ab:6a:43:8e:25:1a:c3:ef:27:e8:f6:6f:03:39:
+         38:88:ca:78:49:56:31:bd:9d:cd:92:4b:43:73:b1:e2:93:43:
+         3e:4f:81:10:74:2b:c6:5d
+-----BEGIN CERTIFICATE-----
+MIIHWjCCBUKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
+EDAOBgNVBCkTB1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Bl
+bi5kZUBja3VidS1hZG0ub29wZW4uZGUwHhcNMTcxMjE4MjM0MTI3WhcNMzcxMjE4
+MjM0MTI3WjCBqDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
+BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
+dmljZXMxFjAUBgNVBAMTDVZQTi1NQlItY2hyaXMxEDAOBgNVBCkTB1ZQTiBNQlIx
+ITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMQtPb0fscWy9ex2AICZnA2ybIHVfEPbsUp24FUd
+t6hZ9mIF7cqWKD00ujBUcdRBc9K/vq3wdjwTC9pyRmsFfnI4+EE3Sa8wNBtYA/K8
+gIPte2jRlDiRswRjHyQAM7ICzUz1UcfqmI8gm9xz1iEi6FWNDdcPXqwEmWIIcn1T
+Px9QqnT0c7J+MNs7G1uaaqlFitlKgTpMAyCi+9My+N0eXxmMT/l5OyMyyCttnRkz
+y2I2I/dhoyNfNk0fE4lGwpzZUz+gWXZgxTNDZ+XaEcl84kyx/G1SWMQOe9W21tgW
+DtkrXuyVy3qjzc2csSZxoA/ahmqxb+1pEngk1wvuF2y5/wSa4G+SjgSy0z6keygS
+YbQ9IIx9ZKzHMxgoy30aEoSIYJ3LKpIZfu860M+LMuhzlKdlADj5MpEL3iOaxCUl
+Jcq8j+VDogmJ1+xZauC0w+1bOi2+0z2Gp16s74zVFVCJqrN5JWFP40Z7pgVPb8Ji
+foglEyoi+jAsaZ87q4rVHJCi/LKev8EGj20PAFacS2yCzubtLUyA4DJ/4aFIl4MH
+3mO5oMPs9hQ06LbzYIjDbh8bUTczFnPhkZa7PHAnE5jwF36/aiP9iprTtMBEvJJ6
+sKjlC/vPPk2y79Mc2WbyNlp2qAiEtminnZi7qY/495ePNv5WmG6UYQINwVfs2vxb
+FCFNAgMBAAGjggF+MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
+LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPb8U3JvkgcXvtSE
+py6Qtz8e6/k0MIHqBgNVHSMEgeIwgd+AFA/JlbCao0t9SowGuPjH5hoZKiQ6oYG7
+pIG4MIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3
+DQEJARYlY2t1YnUtYWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5vb3Blbi5kZYIJAJVC
+oWERyZjAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
+CTAHggVjaHJpczANBgkqhkiG9w0BAQsFAAOCAgEAR+vl8ToNdA0KId+ifagINHpz
+OMfFlBkkFVLhZGcoQp+HJV5I97zSt41Ybozrwo6Jnjv3wX/vYzqTl/oUrT9gjAhB
+qMy9CEgMzyxBMl6ys2YqdBiRDC6sSkSY0q0BuZ8wHmvvzymlrwjNXIkdk1bbYtzx
+9P417K63FSoTmIB8eVNUIoX4xusM80NCAR+1jnSyFoN6CrrnQA5L13GvyPZl7HMY
+7gANKpUcPkqo0vnltIih4qbDESVlUIwSLocO6e9QLfmEh6n5onJqSORdrRaj3XdY
+vXKQmlu3i0AXhVkQXQ3mdZbjYyYfSXO31uuuAhTR0Ji+p/znHF7Fxc4otmamhFcv
+lRuAu4ai5qPsjHMsHMIb6eKKVWTHQ8iDKcOteaJk1x5KqTuKq6aBcmIxIFbZTpR1
+rQfQs/9GjdIyJwHVHFAgymHiXjxmx06ZTXdrAMJpnpcMZD0iIrE08UMi3/jTtE4z
+PE65tITvaFLtnl1cr3fFNXS0vDkmRQ7ejA5NsggghVU+vWQ8UPKRab7hoWXylVvD
+GLQRglmQbM5VQgKLSlDrWFbD6fnI2kWSZmtxK2Mu7ab+HpflWRKTt7xUNlhPWUKz
+1I6NVweL4WZ+0l6Y2ETxlUzqCylBrKtqQ44lGsPvJ+j2bwM5OIjKeElWMb2dzZJL
+Q3Ox4pNDPk+BEHQrxl0=
+-----END CERTIFICATE-----
diff --git a/MBR/openvpn/home/keys/ca.crt b/MBR/openvpn/home/keys/ca.crt
new file mode 100644
index 0000000..dade6a3
--- /dev/null
+++ b/MBR/openvpn/home/keys/ca.crt
@@ -0,0 +1,40 @@
+-----BEGIN CERTIFICATE-----
+MIIHDzCCBPegAwIBAgIJAJVCoWERyZjAMA0GCSqGSIb3DQEBCwUAMIG1MQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3DQEJARYlY2t1YnUt
+YWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5vb3Blbi5kZTAeFw0xNzEyMTgyMDE0MDJa
+Fw00OTEyMTgyMDE0MDJaMIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGlu
+MQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0
+d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1C
+UjE0MDIGCSqGSIb3DQEJARYlY2t1YnUtYWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5v
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANUaZu29kklR
+KZaXQ2SgHjDribwcLM+XeBDZsrKXIkwYmOHXxX1BcDXhWYeQyJ1n7gyRHZzcSC9u
+1NNnYvGMdpcuz9dwXZgBC5zspmyXIRaynlo9xtb44ug7CNoMuLReZB6cLWTbkd47
+eQsQOXu+tIy5DvjDxybZaCudLUKfZ3sty64sydqUJZ8cXo1ucdGreB4RLWiI29Dt
+ziLtJ0fvkmMLmfvh/RQqWqKYqHQRlMZCZnCghP3oCCZztfylB2iHsp4MZf42rXA4
+Q9idVDD8PMu7opzzjgrbUjlJk/Hs6NcM2bjbsCp8/rj/akH6M14W8IJYpuHkgAmU
+bCOnPTCcWVjpgF6R5ASXRfbegyNf05BrXQRHtW3Xh94aRrvDzh25aObHnV+P6pnv
+8ek1vMSGk9FC1vBomHftqIL6sa+JOevWgK0jFYNungpBezfqDRpf0c/h8OGviN1r
+m9s/D6Dc1eSf9vFlPN5faxb+V3xurC3e7/Lh9ZNXqBW4HYd1Da9BQM5vRY/H8ffj
+szIrhJ/pTEVKChmBOqvfTuoLHBbiT+XUQcW7C3hKk06rBD9CSIywaC+ctHAtXvEA
+Y+0q77VQus1TPcSeGHXShzvv5lEXoMygd786OKF/3ZtT+3YDbk1AeZx49o76hMmP
+cWHCRmoWy8t2rHFYshMmPkl7EYlLA/C3AgMBAAGjggEeMIIBGjAdBgNVHQ4EFgQU
+D8mVsJqjS31KjAa4+MfmGhkqJDowgeoGA1UdIwSB4jCB34AUD8mVsJqjS31KjAa4
++MfmGhkqJDqhgbukgbgwgbUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMRAwDgYDVQQDEwdWUE4tTUJSMRAwDgYDVQQpEwdWUE4gTUJS
+MTQwMgYJKoZIhvcNAQkBFiVja3VidS1hZG0ub29wZW4uZGVAY2t1YnUtYWRtLm9v
+cGVuLmRlggkAlUKhYRHJmMAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AgEAV2wqjTAKpWww3jHS/tAMxd6JAjCp1MPV00dHXoez3kHwTw2KlnO0WwtYS4KU
+s3+qtOBY35++42hH4U7KCKpjW0w5sTBjw+ql13xh0CueKMvs6T6kVGIBPiyosEE2
+VLYeyZf47A/BQSAwNeLKIMxflTBVwqqeaO6bPu6xlfEAwNSmvj/uxKf0mHYCjNSc
+Q2KBABU0A+AjvsvuSMec64tvWQA9ty6YZfo/qSRnUkCqISme9IFOWKyuSNGUgbfX
+xFK8zcOUqLwvz8OlNHBcLiI4+ue2fy1TrLVyMkJFhllfuGTHpYqDqGJHAl5AocJx
+eppXLhUR5xmVXQjn50HTj5GukxZbX+6eUxIpRvydAJ3emU/3g6vS1MygHDGTPb9b
+Ovk0mrGS+wlHsx9kmrO3Ge/BULuX/M0qvqWk4w29f5CZy4vcI3l4uhnrFlmp21b7
++EGQQw2+CNyP5CsD+BQlx+5FhthuH+nU85mZkLRIebgNep5O09remcYNka80XFfs
+OLXve4/ByQW8iXuxyIlEqv56Bz/H70yug8MI000pZ/DL44+0GnMz7ULP0nAHp3Yd
+sU6nFG7fH5cvbw0CMniC+0LBuNzxgUwnoiqj95fvqbseM0LK6YxmblFnD7tCZh4W
+Ns4Mjg+3sAI9gmpcFMUU1l+TMV48Xo2FRYwYtW/nz7CIzh0=
+-----END CERTIFICATE-----
diff --git a/MBR/openvpn/home/keys/ca.key b/MBR/openvpn/home/keys/ca.key
new file mode 100644
index 0000000..12106f6
--- /dev/null
+++ b/MBR/openvpn/home/keys/ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDVGmbtvZJJUSmW
+l0NkoB4w64m8HCzPl3gQ2bKylyJMGJjh18V9QXA14VmHkMidZ+4MkR2c3EgvbtTT
+Z2LxjHaXLs/XcF2YAQuc7KZslyEWsp5aPcbW+OLoOwjaDLi0XmQenC1k25HeO3kL
+EDl7vrSMuQ74w8cm2WgrnS1Cn2d7LcuuLMnalCWfHF6NbnHRq3geES1oiNvQ7c4i
+7SdH75JjC5n74f0UKlqimKh0EZTGQmZwoIT96Agmc7X8pQdoh7KeDGX+Nq1wOEPY
+nVQw/DzLu6Kc844K21I5SZPx7OjXDNm427AqfP64/2pB+jNeFvCCWKbh5IAJlGwj
+pz0wnFlY6YBekeQEl0X23oMjX9OQa10ER7Vt14feGka7w84duWjmx51fj+qZ7/Hp
+NbzEhpPRQtbwaJh37aiC+rGviTnr1oCtIxWDbp4KQXs36g0aX9HP4fDhr4jda5vb
+Pw+g3NXkn/bxZTzeX2sW/ld8bqwt3u/y4fWTV6gVuB2HdQ2vQUDOb0WPx/H347My
+K4Sf6UxFSgoZgTqr307qCxwW4k/l1EHFuwt4SpNOqwQ/QkiMsGgvnLRwLV7xAGPt
+Ku+1ULrNUz3Enhh10oc77+ZRF6DMoHe/Ojihf92bU/t2A25NQHmcePaO+oTJj3Fh
+wkZqFsvLdqxxWLITJj5JexGJSwPwtwIDAQABAoICAQCD1bGXoo+9i9iOsUWgGu6S
+lSTAmy2dv7cntYY3tgghy5XJIhOrSbCBpMgedhOmTYWXgK8xO5XswkQoBO3RQXSc
+UvmB7qH4R61Hh5/tzhFKWXZdnZpFo/O8d8kiHHyoGT0XMsdiffPf6CsaDQ+C3pgT
+9uisPXIXNqibUsGNVdBPBCXduxelgcFEjehw1sLTU6Eb+MR+xyw2NOgx80U525xU
+afj5OvW2Y/1uWcLdC4Neo/V799JOwh1IrI0Jn47VvB1kaYcvnePuaOCQQcS0CVgT
+MiGHt6VIUiasCjjckhP59pk7I634mxt6l4jFCGR+8PIZsX6MgTA0vP2pkOzqBc+/
+cAudJRzTc8vdQJLjSNMqFabYO/jXkuUzFeIcANR5B5o2Ypw0IN4kJrFqIRQP9+F9
+HbjTiiDz1Ss9ITy2oK7LQEIj6/8/19PuAMG3BIGth0E3NlGURofyhcnm07yK8ij3
+8uVNQNTuP0DpFQSK0tuYXYFTZrxzzCaFmLyuNruSwe+UVBEZWoNuvia8FCaQcpcy
+4RQhWZcfgzA5ZPWj72FoMbJL/Z07mfVnBf2mRnTy9fqdGlH7DGXIk86JPqxL3cf9
+cC3zMjciKbezLFSZgpFjEJHSM+AO5ryuvRGvijv6+AwArlTROIgXOsN1aUeFy3fy
+pkEcya0cWzKbjv7J8eWeAQKCAQEA+f0mB/AzXlHKj7uLEuGlCg4+Qht/j99BNPY1
+GKLfSJ/MuCJkjLQ2J/3JAqlFpxBRpyS+cgfDXl4jMEdwhm8bMqi7VSfiG1d4sb8w
+oPMIwuGJ4c95pUMGAtZWuQlgbIRNUiOQYne78OfH1b5liwWYE9Xw9VdQTnlfE299
+s4yak5aGYxbSJlJu4hiGPINHnFF10ufcIbd0Fsebo+ci4vwfFhLAD41682CBbwdu
+mBK01bMdMF1i01OzcSaq3JzCSH6epUSFkxhxaYe4KqnHQDSjFz/SalP3SsH64FkW
+xSSeN66t6o5sXpIdGSCSD7UG4J2qlWcGi8nYHYyQQ4m9M4HuGQKCAQEA2joyXyfK
+pt/cN3EXntYecZEpNjAiVdKaGRutca6d1Xzw3KXfwQasfUKeKcsNpgVJDyGecks2
+VuyBqBrkGpmkF/Bd0CF7mQ+S2F++GnlS0ch6lmbYbk/853sVNS6rorS8GoWWhBHR
+r3pdxRozooymzy62Tk+yt2MiizT3C2S7yos6FT2bnP8MIMlh0BMYspBLXz9R5VGO
+f+R5TnYo5z/TjbnYtr+zCoNqDktV/ktNYTA0CKIUoscEN5rT5vB7wf9lFL8IsJ4Y
+aG5CR7aKgOAaxhs3VVWYLpGxDzYxzq6tSp4fSV8LsWhe2yxW/fPkzyXbLu+6V0AV
+zc12h5Qqv7gPTwKCAQAsJg7vW/ZWc+9oDuDyxrLU4csQ9bZDfFQRvGGIJkt0kfQf
+mMNVLgZabbFwLODGLlWdRRn1HXXdVpa0UgmHVFvjSHU9BrwhxALmsTMvWXx0nkwx
+euiqzPlkyuGp8AP9ZigZl3pKSYcBdo2OK//W23gOGLxjN7ZRBZJK5me2q+AorG6z
+VTZr2icG+vnJ+g1Nh/1c7+GqerGfzESqX4mDuK7swQb2ODA8hxCUwSVA6hzRmL5Q
+6k0nsSKBmyiVqYGON/5ghYdpgOmWj4dw0WcE6cbbtkO8z3Ne2n8p29HvoxXmE41X
+XSu6T+efpmblKz05sd6MYBOB4HWwUkCwDMVDMXERAoIBAQChDCPSX35JqplM/RQO
+bzwmWZdNWzZrmbGJaAiXBeOLAtqKK4u2WuN+yWQJucVHyUzCcvAIrwLaIU4KLlY6
+XzpfRE8nYx5gtcKMFhQoW3LISKhXSGze8/7TId1j0x5tQ+4xsHaE3tWdJ7P92rlS
+c3RDH9kAcAaXGf0LOLo8WUnRTvA9bqrhsMNViui5cu5eEOje0M7yaj68mXMAeWj0
+SAEq7YVGULCjyJnDFMvQj+f6GmW8HUkXW8H7+zH4k27xmzYQmm6iUPn4T65wWAFc
+3IZFvx4VxsY5T+GYNUmKmxReJdU3A4KQmVKvcsh8P7qTOP/JYrdk3nF44PFhWvI1
+bHM3AoIBAQCVFkb5bJD9EhE+8SALxaDav0q8+R1y6P9EhxtgolXkCn4yVvB9FJMN
+8fEq3jblmU7jAjJPToDufif/1OgZWDP9uauY9bguvi8xP07by+8avCg+z1y2nHvY
+iIW92BfzIJ/84dDaXCzMM4ONxwVyZvrQJat8ca/aAKtl5PIMfVQX7bI7wNpvrvRl
+McyQzkObtRL6Goz704BiuzO+4NIcrMNYC3gtkDErcQQQdMRP1SwbpR8htfR+fj6D
+DQ5RNbS5ocAhIpXZc0kNT0a4oW0trlUbVrx6YMOqaxvqbaxJKMHzWQyWsyimeFVC
+V+fp94QkDInOyrcavMH+SC1EDT5jgxgZ
+-----END PRIVATE KEY-----
diff --git a/MBR/openvpn/home/keys/chris.crt b/MBR/openvpn/home/keys/chris.crt
new file mode 100644
index 0000000..ac3aef3
--- /dev/null
+++ b/MBR/openvpn/home/keys/chris.crt
@@ -0,0 +1,140 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
+        Validity
+            Not Before: Dec 18 23:41:27 2017 GMT
+            Not After : Dec 18 23:41:27 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-chris/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c4:2d:3d:bd:1f:b1:c5:b2:f5:ec:76:00:80:99:
+                    9c:0d:b2:6c:81:d5:7c:43:db:b1:4a:76:e0:55:1d:
+                    b7:a8:59:f6:62:05:ed:ca:96:28:3d:34:ba:30:54:
+                    71:d4:41:73:d2:bf:be:ad:f0:76:3c:13:0b:da:72:
+                    46:6b:05:7e:72:38:f8:41:37:49:af:30:34:1b:58:
+                    03:f2:bc:80:83:ed:7b:68:d1:94:38:91:b3:04:63:
+                    1f:24:00:33:b2:02:cd:4c:f5:51:c7:ea:98:8f:20:
+                    9b:dc:73:d6:21:22:e8:55:8d:0d:d7:0f:5e:ac:04:
+                    99:62:08:72:7d:53:3f:1f:50:aa:74:f4:73:b2:7e:
+                    30:db:3b:1b:5b:9a:6a:a9:45:8a:d9:4a:81:3a:4c:
+                    03:20:a2:fb:d3:32:f8:dd:1e:5f:19:8c:4f:f9:79:
+                    3b:23:32:c8:2b:6d:9d:19:33:cb:62:36:23:f7:61:
+                    a3:23:5f:36:4d:1f:13:89:46:c2:9c:d9:53:3f:a0:
+                    59:76:60:c5:33:43:67:e5:da:11:c9:7c:e2:4c:b1:
+                    fc:6d:52:58:c4:0e:7b:d5:b6:d6:d8:16:0e:d9:2b:
+                    5e:ec:95:cb:7a:a3:cd:cd:9c:b1:26:71:a0:0f:da:
+                    86:6a:b1:6f:ed:69:12:78:24:d7:0b:ee:17:6c:b9:
+                    ff:04:9a:e0:6f:92:8e:04:b2:d3:3e:a4:7b:28:12:
+                    61:b4:3d:20:8c:7d:64:ac:c7:33:18:28:cb:7d:1a:
+                    12:84:88:60:9d:cb:2a:92:19:7e:ef:3a:d0:cf:8b:
+                    32:e8:73:94:a7:65:00:38:f9:32:91:0b:de:23:9a:
+                    c4:25:25:25:ca:bc:8f:e5:43:a2:09:89:d7:ec:59:
+                    6a:e0:b4:c3:ed:5b:3a:2d:be:d3:3d:86:a7:5e:ac:
+                    ef:8c:d5:15:50:89:aa:b3:79:25:61:4f:e3:46:7b:
+                    a6:05:4f:6f:c2:62:7e:88:25:13:2a:22:fa:30:2c:
+                    69:9f:3b:ab:8a:d5:1c:90:a2:fc:b2:9e:bf:c1:06:
+                    8f:6d:0f:00:56:9c:4b:6c:82:ce:e6:ed:2d:4c:80:
+                    e0:32:7f:e1:a1:48:97:83:07:de:63:b9:a0:c3:ec:
+                    f6:14:34:e8:b6:f3:60:88:c3:6e:1f:1b:51:37:33:
+                    16:73:e1:91:96:bb:3c:70:27:13:98:f0:17:7e:bf:
+                    6a:23:fd:8a:9a:d3:b4:c0:44:bc:92:7a:b0:a8:e5:
+                    0b:fb:cf:3e:4d:b2:ef:d3:1c:d9:66:f2:36:5a:76:
+                    a8:08:84:b6:68:a7:9d:98:bb:a9:8f:f8:f7:97:8f:
+                    36:fe:56:98:6e:94:61:02:0d:c1:57:ec:da:fc:5b:
+                    14:21:4d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                F6:FC:53:72:6F:92:07:17:BE:D4:84:A7:2E:90:B7:3F:1E:EB:F9:34
+            X509v3 Authority Key Identifier: 
+                keyid:0F:C9:95:B0:9A:A3:4B:7D:4A:8C:06:B8:F8:C7:E6:1A:19:2A:24:3A
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
+                serial:95:42:A1:61:11:C9:98:C0
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         47:eb:e5:f1:3a:0d:74:0d:0a:21:df:a2:7d:a8:08:34:7a:73:
+         38:c7:c5:94:19:24:15:52:e1:64:67:28:42:9f:87:25:5e:48:
+         f7:bc:d2:b7:8d:58:6e:8c:eb:c2:8e:89:9e:3b:f7:c1:7f:ef:
+         63:3a:93:97:fa:14:ad:3f:60:8c:08:41:a8:cc:bd:08:48:0c:
+         cf:2c:41:32:5e:b2:b3:66:2a:74:18:91:0c:2e:ac:4a:44:98:
+         d2:ad:01:b9:9f:30:1e:6b:ef:cf:29:a5:af:08:cd:5c:89:1d:
+         93:56:db:62:dc:f1:f4:fe:35:ec:ae:b7:15:2a:13:98:80:7c:
+         79:53:54:22:85:f8:c6:eb:0c:f3:43:42:01:1f:b5:8e:74:b2:
+         16:83:7a:0a:ba:e7:40:0e:4b:d7:71:af:c8:f6:65:ec:73:18:
+         ee:00:0d:2a:95:1c:3e:4a:a8:d2:f9:e5:b4:88:a1:e2:a6:c3:
+         11:25:65:50:8c:12:2e:87:0e:e9:ef:50:2d:f9:84:87:a9:f9:
+         a2:72:6a:48:e4:5d:ad:16:a3:dd:77:58:bd:72:90:9a:5b:b7:
+         8b:40:17:85:59:10:5d:0d:e6:75:96:e3:63:26:1f:49:73:b7:
+         d6:eb:ae:02:14:d1:d0:98:be:a7:fc:e7:1c:5e:c5:c5:ce:28:
+         b6:66:a6:84:57:2f:95:1b:80:bb:86:a2:e6:a3:ec:8c:73:2c:
+         1c:c2:1b:e9:e2:8a:55:64:c7:43:c8:83:29:c3:ad:79:a2:64:
+         d7:1e:4a:a9:3b:8a:ab:a6:81:72:62:31:20:56:d9:4e:94:75:
+         ad:07:d0:b3:ff:46:8d:d2:32:27:01:d5:1c:50:20:ca:61:e2:
+         5e:3c:66:c7:4e:99:4d:77:6b:00:c2:69:9e:97:0c:64:3d:22:
+         22:b1:34:f1:43:22:df:f8:d3:b4:4e:33:3c:4e:b9:b4:84:ef:
+         68:52:ed:9e:5d:5c:af:77:c5:35:74:b4:bc:39:26:45:0e:de:
+         8c:0e:4d:b2:08:20:85:55:3e:bd:64:3c:50:f2:91:69:be:e1:
+         a1:65:f2:95:5b:c3:18:b4:11:82:59:90:6c:ce:55:42:02:8b:
+         4a:50:eb:58:56:c3:e9:f9:c8:da:45:92:66:6b:71:2b:63:2e:
+         ed:a6:fe:1e:97:e5:59:12:93:b7:bc:54:36:58:4f:59:42:b3:
+         d4:8e:8d:57:07:8b:e1:66:7e:d2:5e:98:d8:44:f1:95:4c:ea:
+         0b:29:41:ac:ab:6a:43:8e:25:1a:c3:ef:27:e8:f6:6f:03:39:
+         38:88:ca:78:49:56:31:bd:9d:cd:92:4b:43:73:b1:e2:93:43:
+         3e:4f:81:10:74:2b:c6:5d
+-----BEGIN CERTIFICATE-----
+MIIHWjCCBUKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
+EDAOBgNVBCkTB1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Bl
+bi5kZUBja3VidS1hZG0ub29wZW4uZGUwHhcNMTcxMjE4MjM0MTI3WhcNMzcxMjE4
+MjM0MTI3WjCBqDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
+BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
+dmljZXMxFjAUBgNVBAMTDVZQTi1NQlItY2hyaXMxEDAOBgNVBCkTB1ZQTiBNQlIx
+ITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAMQtPb0fscWy9ex2AICZnA2ybIHVfEPbsUp24FUd
+t6hZ9mIF7cqWKD00ujBUcdRBc9K/vq3wdjwTC9pyRmsFfnI4+EE3Sa8wNBtYA/K8
+gIPte2jRlDiRswRjHyQAM7ICzUz1UcfqmI8gm9xz1iEi6FWNDdcPXqwEmWIIcn1T
+Px9QqnT0c7J+MNs7G1uaaqlFitlKgTpMAyCi+9My+N0eXxmMT/l5OyMyyCttnRkz
+y2I2I/dhoyNfNk0fE4lGwpzZUz+gWXZgxTNDZ+XaEcl84kyx/G1SWMQOe9W21tgW
+DtkrXuyVy3qjzc2csSZxoA/ahmqxb+1pEngk1wvuF2y5/wSa4G+SjgSy0z6keygS
+YbQ9IIx9ZKzHMxgoy30aEoSIYJ3LKpIZfu860M+LMuhzlKdlADj5MpEL3iOaxCUl
+Jcq8j+VDogmJ1+xZauC0w+1bOi2+0z2Gp16s74zVFVCJqrN5JWFP40Z7pgVPb8Ji
+foglEyoi+jAsaZ87q4rVHJCi/LKev8EGj20PAFacS2yCzubtLUyA4DJ/4aFIl4MH
+3mO5oMPs9hQ06LbzYIjDbh8bUTczFnPhkZa7PHAnE5jwF36/aiP9iprTtMBEvJJ6
+sKjlC/vPPk2y79Mc2WbyNlp2qAiEtminnZi7qY/495ePNv5WmG6UYQINwVfs2vxb
+FCFNAgMBAAGjggF+MIIBejAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5
+LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPb8U3JvkgcXvtSE
+py6Qtz8e6/k0MIHqBgNVHSMEgeIwgd+AFA/JlbCao0t9SowGuPjH5hoZKiQ6oYG7
+pIG4MIG1MQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEQMA4GA1UEAxMHVlBOLU1CUjEQMA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3
+DQEJARYlY2t1YnUtYWRtLm9vcGVuLmRlQGNrdWJ1LWFkbS5vb3Blbi5kZYIJAJVC
+oWERyZjAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
+CTAHggVjaHJpczANBgkqhkiG9w0BAQsFAAOCAgEAR+vl8ToNdA0KId+ifagINHpz
+OMfFlBkkFVLhZGcoQp+HJV5I97zSt41Ybozrwo6Jnjv3wX/vYzqTl/oUrT9gjAhB
+qMy9CEgMzyxBMl6ys2YqdBiRDC6sSkSY0q0BuZ8wHmvvzymlrwjNXIkdk1bbYtzx
+9P417K63FSoTmIB8eVNUIoX4xusM80NCAR+1jnSyFoN6CrrnQA5L13GvyPZl7HMY
+7gANKpUcPkqo0vnltIih4qbDESVlUIwSLocO6e9QLfmEh6n5onJqSORdrRaj3XdY
+vXKQmlu3i0AXhVkQXQ3mdZbjYyYfSXO31uuuAhTR0Ji+p/znHF7Fxc4otmamhFcv
+lRuAu4ai5qPsjHMsHMIb6eKKVWTHQ8iDKcOteaJk1x5KqTuKq6aBcmIxIFbZTpR1
+rQfQs/9GjdIyJwHVHFAgymHiXjxmx06ZTXdrAMJpnpcMZD0iIrE08UMi3/jTtE4z
+PE65tITvaFLtnl1cr3fFNXS0vDkmRQ7ejA5NsggghVU+vWQ8UPKRab7hoWXylVvD
+GLQRglmQbM5VQgKLSlDrWFbD6fnI2kWSZmtxK2Mu7ab+HpflWRKTt7xUNlhPWUKz
+1I6NVweL4WZ+0l6Y2ETxlUzqCylBrKtqQ44lGsPvJ+j2bwM5OIjKeElWMb2dzZJL
+Q3Ox4pNDPk+BEHQrxl0=
+-----END CERTIFICATE-----
diff --git a/MBR/openvpn/home/keys/chris.csr b/MBR/openvpn/home/keys/chris.csr
new file mode 100644
index 0000000..c9ed2ba
--- /dev/null
+++ b/MBR/openvpn/home/keys/chris.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE7jCCAtYCAQAwgagxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tTUJSLWNocmlzMRAwDgYDVQQpEwdWUE4g
+TUJSMSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQDELT29H7HFsvXsdgCAmZwNsmyB1XxD27FK
+duBVHbeoWfZiBe3Klig9NLowVHHUQXPSv76t8HY8EwvackZrBX5yOPhBN0mvMDQb
+WAPyvICD7Xto0ZQ4kbMEYx8kADOyAs1M9VHH6piPIJvcc9YhIuhVjQ3XD16sBJli
+CHJ9Uz8fUKp09HOyfjDbOxtbmmqpRYrZSoE6TAMgovvTMvjdHl8ZjE/5eTsjMsgr
+bZ0ZM8tiNiP3YaMjXzZNHxOJRsKc2VM/oFl2YMUzQ2fl2hHJfOJMsfxtUljEDnvV
+ttbYFg7ZK17slct6o83NnLEmcaAP2oZqsW/taRJ4JNcL7hdsuf8EmuBvko4EstM+
+pHsoEmG0PSCMfWSsxzMYKMt9GhKEiGCdyyqSGX7vOtDPizLoc5SnZQA4+TKRC94j
+msQlJSXKvI/lQ6IJidfsWWrgtMPtWzotvtM9hqderO+M1RVQiaqzeSVhT+NGe6YF
+T2/CYn6IJRMqIvowLGmfO6uK1RyQovyynr/BBo9tDwBWnEtsgs7m7S1MgOAyf+Gh
+SJeDB95juaDD7PYUNOi282CIw24fG1E3MxZz4ZGWuzxwJxOY8Bd+v2oj/Yqa07TA
+RLySerCo5Qv7zz5Nsu/THNlm8jZadqgIhLZop52Yu6mP+PeXjzb+VphulGECDcFX
+7Nr8WxQhTQIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAGb0Q69hSYu0oZTe78/l
+w5RJbfRrdVgnVB3G89tb8UhU02BJgESoRf5etbz8yhmRmLCRZZLfOxaHoIrVjnw5
+3Davc9Tkm2jOvEOeGClL8xJRgeCyfnPox7+wkOh9D484JpkA82C3TVekY2ofL9w+
+Wvm9hoK+y6ZNVDAOZHANgaQfSYBkHH1SJhLjKDxEKxAqsyL7hz4fsHaS0o248xG4
+8o3RtitLzFdHpHQAkxBhvi2FVRVp61Sm7G7sRJrxsp80wuKGDeueYb9bGGvqQi+0
+TAETvW0ty2Kqd3PYy2EaRZDjq7o0Te/wtaPWnFOZ68PIY3Gc2vTO9+6rut5GPDb0
+ijz/lLX7tkFo7n4KDTSIGfGmsagTKdZSI3+sMnRkU0WLi3bydpvP+mYKviWDVBU/
+NprTa2drZ6xscR1yKwhf+2z6PREkifl13TkxlKEbpzBuDAw1NrV1NosBHjS3Pzgt
+Fljnka8h2ygPT2n9GpSvCn0TmUmH9F5OSJEZf+su1sfCPbzIZd+JsmhRU4cek/dV
+M8CoBKbZC/DCp/hHloDbHoZPzAycW57DqLYXBI2crSwd9e/gz3innj5GzYSUEHdY
+jbxVVYtbAEAEWxjN/6+wDyozxhtY/N5a+WDNcp7s8WK17TjoP/d+lyoJgRWt/duY
+q0syjofcpL5SshO9sRWrNcT1
+-----END CERTIFICATE REQUEST-----
diff --git a/MBR/openvpn/home/keys/chris.key b/MBR/openvpn/home/keys/chris.key
new file mode 100644
index 0000000..62f3961
--- /dev/null
+++ b/MBR/openvpn/home/keys/chris.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIxiEqdBH+tBACAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHYLwIQAaxwVBIIJSDIjWSU9/Kok
+bbatj//bCab//36qcLRn2ZF3xT5bUevvX6PMDhI9X6d612AVAd7V20/nloX6jmYE
+5bmAWiUjDtJNynXcdxe4RtyVfViECX+vGCQwz1MhN24GzGIyCm7V0/nJU6Stqoh5
+DQ+RSqpBrjcFZAWNvFYfRKG0K5QCPG3DirP02ndbqZZY+phklAwunZGaf0Ao3n2P
+Iqr+/sF7D6MjcS3jFqWYyCtHrqCK+3OyQLoWcsJKK5boYq6ywcPF/9qZJoCAQX4r
+tbQ+2hEvL1hVte8l+ZtM331irHdmJ8A3UJNp2zR8SBQoO61lKZ0gNcfQzfnBEJpS
+Xymds+2jtcgwGYCNp3fpZk8cn3ejRGEu1Z/2KSXVlDqA4VF+tlQbcHHaQawdL5/i
+Gu4tbbxt9ZfBjKn1N7GhOnheF/xK6jxaip5fP+GsU48Qhko7ng4ckGlM3dHEDkhY
+005X3pwqNM5+nW73yl6Qhdj7AAq0Rjsxa3crqkDkJ+XFWq7E6Wo+g9xhous+I0lZ
+LGE/GaJ8A0Hg/A35b9cCDDToxoSZm8MxZh6rBQeRlMddQ0Bki/WKqg3os9FLEY/a
+T++sWWuoPw2Ei0TkKJcNStMhM/0cIY/WduOMx1zg3drApQYM4CU4lt1L8nyAzhoP
+QJs0oZreY5Pt0VA9wfvg3ULlXlk0pMsIP58ci8MQ2veyTmmBEqe9TE7UiJuQrmD5
+yQFfg56bcibeRJ7l6HCdgpL41s4NvNf/sPvUMx7rNkVOqgXtO5qAMhF1ODLe51BS
+t990Ht6atPWEypKoxoja83OIAyn/78HLVyCf229ysQTM/YKF85H9ut+TOE9NgmLS
+/7CJntWBf0wzLKzHLVhjnT1XWWvmyGQkci04+82gSwZiURPgNowTUNGozL0bNRQR
+aRGlY/DT23vO3NmBz+sz92RUVBkAeJ5ujW8GozlVp8elhdgFnPbrNPVRW16XryyV
+Ql/hS56GqswtJXHHMkRx4xLUujKDvkzNUboJZvZLj1pTBEH5irJFYvdHOfd/oZKx
+197DIDcL72ESQHKAesogpDc8erl5AFYnEdRg54mR1lcgDzEbK4r1pQdE///H3XSU
+90VlO7DOHR5tzp26njZTo8hokXVzxd2MEd8O/2tWCj55mZP8A8Fp+uWu+YBtV4KT
+es3j9udI1cAMQiKL/jMOoH78+IRn2Cdw7WlLLCq3hduPJFCwH+S/WFFcDWDhCRcN
+ko5CYLvHjb32PakjYgRBelTRGSBl75lUiNrRep5apCMuREvLNP3A+pmmwCs5H+fu
+OKrOVHJ0pUHt8439DDeSozT3JKm+ngowuPO6JG77e1gSZ8rSHySoUBI4sGXEDcpp
+6+PzATzDJr9ZLYg7UumjIQ08YX14yHPEjl64SHQZQpcE8T8XfSEESi2dBjCcQ14Q
+G2a/40MFNn1a9XnMIAdw3DfPV6bTIi/LJaCCU//OFhuiPyONXuMtdCRkoA9tKHlZ
+fGZ70AlLG82yJ+2BLLuvxmapmq0OFZQm+nobw0c7lZP8PWCekK6QYVREkDvn42DD
+snO5gItiQIgLfW6zqq6kEXn3thBSFEFuizGprhLhnEJs+zDJ50CTs4I2QquGBdVn
+Crtyp83Kf9TnaDs0VK0u/bYXjyDx82IZEIERf05La8wS3RprC7fAqAqTQ2BF2u57
+2/6B7QvD8nFxYQszU1KUsaTfzRyVziAXC/t5XmMrOtZsWbimKd/o6rt0EsmNXl5R
+S/GLJSqhIODLzpf1LclapRzA4JqXHpZ1JG2mr8ohKawouLvvXU39yHMOrnVaWL/S
+75ZzcbKwNfnXe6lh8o7g6Ryq+5wRQpTBdEquzrPZod6uiM0Y6QgCOeDwTfpgpdXt
+6JF7x75oPEW+Q5ZFvEuopzXCslIbHyycgFmlGNrYn6T0vQ5r3mYjPAtm14S0Yl0D
+Dw1ykmqcLFAb6YQUKoSEJG8wPnrR6mYE1643ZQJtbgo5Grgrxd8a3+TJNhU0h4oP
+1aMEG0DJFtBV6TSUojZYDwQ+pmWTp2wWyECUUkoFUeHU2oGUzEmUfj6DK3Ewh8mQ
+zjUtiYN6yq68u0Y51MOIe2UrP/PjGO+EM7fmQc3oR/hA80+8LHXInEeMc3B6iLH1
+MwkrslbSSaynD8bAoO9rQyvWCrwSJwjdGWYd/bPpEXILDkDhqD+E/7cJkSU2CJp9
+SWrFm34IStVMGOkqRn0X4Q4Ml+RilgQy/0Nr7CQeODjHJJC6LdqePj8AMphZtWNo
+QjI0ysctUJ9AZfy+xfdyxT/66kmisQFeRrYe9t9C1AEz7wQhTXTc/nPB0071JL+h
+pcTVywqRPwLD+Dy4qpGc1Ocb355ieIJGi72rVieYCK5clohPeex/iM3Ay+yuhVfM
+h/MS2oKaJi5M1HzOfNI/DLlEDtGHmbla12W9wWJGyQ+HKtNO2uFHgE1aRY3Exyev
+E9jUDO7KUBwKutQVpvLiX0w8ftAx6QPu/7VZ8jVar9P2kIfijtIghBcPP+/Xb2/R
++OxXjwZrpJSanR8KVMxk1Gtp9dFrry2mtpMpPDqIat7Gj+/YBMov05M7Tk1arrYM
+N29MylzYEaJj4+2apMzo3/TW53ld3mc4idVLNavAcCq+t6DZWdbUTkpUpNTMBEmC
+ZZ+BOyQMqekM9Lo4My0XvairkmHSmRnQJND0MEc+C547z8vRFHYGo7WGFeaZXEo1
+KHH+s1BFMEZFkJZPbuPuSXf+tNEfXjofMIBTUMMLv4MR1OwstDCDo95J6PvMr3/j
+8mMJ6F85kkGpj5QfxP5liQhWrMiXJMEAaoZ84eGefeDMWWmiEANl+soCS/MKRYx4
+DBWreg5EvXuC9wQM55UOe/DBRmK61WjOXmTuSAf3uxa4R3TjsJPny5U84s44Dq9B
+1jN1hHKFLhAppgWqnGDfkp7cmsf5v600Fcn41lE4QMeDTrQMcYUseRv64uDQQI64
++mOaQ/5x26QFBFi7cyc/LkJwLfbQ7+OXgwYRlG1Z78Tx4vx/b3LfTltmSR+93hLW
+x5k/sc/xt9nEUwYvqo5fv1pRU0FOJEuHueIz6ZBCjZPcYflm3Yiwzmip5CHf9Tvw
+ycysCQUiTfM+oENgq9i6tFbCaOx80R+W6ckRgmXiCmDd6pKnfzZuIa/ODD7zQBh6
+AiaXP+oXUEJe7qU8un0wyQ==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/MBR/openvpn/home/keys/crl.pem b/MBR/openvpn/home/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/MBR/openvpn/home/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/MBR/openvpn/home/keys/dh4096.pem b/MBR/openvpn/home/keys/dh4096.pem
new file mode 100644
index 0000000..3a0f17b
--- /dev/null
+++ b/MBR/openvpn/home/keys/dh4096.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAoJC1F6ZpKKOI4Dd15mboakcnTA30LZRo4xGgJE6CWMkaxQQcfYef
+vDH779iXoBVNc16lcnikszrK6UMDOS0ncB9wG3zyjgNVQJGqAK8T+iUT4JEBKjX9
+SdpmkreDgshe8ETHVu0KNjihw5IpH3Skh4BrM+iD40QRuEaVvIAXp3e9qDqHEOMY
+wMIBI7DpUu/eJjCXzR7vAayNo+7UH1mlOn9+pkA8Ylbrxo2xACZpxappyVv2C+y3
+E0mNYNWgQJykHuIYema6UhfR29QzCc9va70dr1MjVSrKIDPR/L5CYwyRk1bZaJ7f
+OH+IEkWHUaSubym+1HVgnFhw1cnPjn5ZoqmrpHjl5yi+HxcBqc4LqkLrveRQ0Uh7
+lXUSAN6uc9ECctcd/9IFvKpn4Q/g2vDKwpn4nvL0od5rmfZJGGXPZ5matH11Vsds
+M/qYepk9IBavMlh5AUNph2v232OoP62oQkfxxijZqfDLSOyTIagwlXkukU+/NmHl
+2K2EC3eTF+hh0uojfV7yqkyDCBEmCovmFB8nQZcUk9NC0Y90Bz1VxLv0DatkM4Kg
+QRGZKJGPKqDgjnjzTInKsNQtLnV+5Kbc5fQFJNYBtLfp3d2tFv/XmZ6s1VModtrv
+aqYSbEKSSjD8+DX0Q5e6loRAC91eCbnGyfcXyO7TFORKfKSfHBCjXrsCAQI=
+-----END DH PARAMETERS-----
diff --git a/MBR/openvpn/home/keys/index.txt b/MBR/openvpn/home/keys/index.txt
new file mode 100644
index 0000000..2be6a9d
--- /dev/null
+++ b/MBR/openvpn/home/keys/index.txt
@@ -0,0 +1,2 @@
+V	371218203034Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+V	371218234127Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR-chris/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
diff --git a/MBR/openvpn/home/keys/index.txt.attr b/MBR/openvpn/home/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/MBR/openvpn/home/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/MBR/openvpn/home/keys/index.txt.attr.old b/MBR/openvpn/home/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/MBR/openvpn/home/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/MBR/openvpn/home/keys/index.txt.old b/MBR/openvpn/home/keys/index.txt.old
new file mode 100644
index 0000000..87ef988
--- /dev/null
+++ b/MBR/openvpn/home/keys/index.txt.old
@@ -0,0 +1 @@
+V	371218203034Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
diff --git a/MBR/openvpn/home/keys/serial b/MBR/openvpn/home/keys/serial
new file mode 100644
index 0000000..75016ea
--- /dev/null
+++ b/MBR/openvpn/home/keys/serial
@@ -0,0 +1 @@
+03
diff --git a/MBR/openvpn/home/keys/serial.old b/MBR/openvpn/home/keys/serial.old
new file mode 100644
index 0000000..9e22bcb
--- /dev/null
+++ b/MBR/openvpn/home/keys/serial.old
@@ -0,0 +1 @@
+02
diff --git a/MBR/openvpn/home/keys/server.crt b/MBR/openvpn/home/keys/server.crt
new file mode 100644
index 0000000..a9eee83
--- /dev/null
+++ b/MBR/openvpn/home/keys/server.crt
@@ -0,0 +1,142 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
+        Validity
+            Not Before: Dec 18 20:30:34 2017 GMT
+            Not After : Dec 18 20:30:34 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-MBR-server/name=VPN MBR/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c6:39:a5:51:7a:27:28:98:2e:bc:42:05:63:21:
+                    36:af:e2:1d:dd:25:17:98:6e:56:af:71:9d:3d:34:
+                    8a:b5:00:76:ea:24:9b:34:66:95:b2:a5:08:96:f6:
+                    48:ae:b6:a1:03:1f:54:90:19:d4:a3:62:74:28:ce:
+                    ed:32:d2:e1:c5:81:7e:e2:fe:bc:b5:ee:3d:8f:50:
+                    1e:0d:ad:19:d4:e2:bb:2e:5d:dc:ef:99:82:04:12:
+                    31:ee:da:fa:b8:6a:dd:1f:3d:fd:ab:ec:88:46:a2:
+                    e1:ae:1d:14:97:ce:a0:fc:18:f8:e0:b1:dd:37:a0:
+                    77:e7:e4:12:93:a0:a7:7b:96:f4:ef:97:ce:93:0f:
+                    6a:0e:b8:f7:0c:f7:7a:e0:e5:ac:5f:9c:bb:1d:0d:
+                    25:e6:ca:d9:72:c0:97:20:86:e8:d0:1b:9a:66:f7:
+                    e7:47:f5:8a:b9:65:5a:cc:a1:16:f5:1b:b0:7f:8f:
+                    76:77:01:57:78:0a:59:47:54:76:cc:f2:7b:d0:16:
+                    aa:56:b5:92:41:d2:2f:6d:67:6c:5d:b8:9a:39:54:
+                    2c:fa:d9:f5:8c:43:59:9f:a7:2f:74:42:94:0c:8f:
+                    56:fd:38:3e:3d:20:48:73:8f:b5:6d:73:8b:3d:61:
+                    7f:64:a3:fe:bd:6b:eb:9f:0b:ea:93:c2:12:0d:19:
+                    43:30:c4:f3:34:63:6e:9c:52:e1:f1:c3:b0:be:66:
+                    d2:81:16:33:a9:a0:35:23:da:3b:b6:d7:3d:77:a8:
+                    a8:f7:79:67:ea:30:9c:55:3c:85:91:ae:3a:e8:6b:
+                    23:e5:54:ef:70:11:32:9b:8d:cf:f4:a3:c3:a8:54:
+                    ab:d3:6c:73:7a:c1:84:f0:a4:95:0c:8c:77:1d:a6:
+                    a3:21:3e:4f:69:3d:d7:91:7d:ba:e0:41:ec:56:ed:
+                    4e:b5:e5:ed:16:ca:df:bf:72:81:b0:0b:b8:73:f8:
+                    59:8d:db:fe:46:be:35:d6:f6:f4:ac:4a:ca:49:a8:
+                    d6:d4:c4:ec:4f:b2:61:4c:16:0d:20:9b:0d:92:96:
+                    3f:a3:73:7d:a1:7c:30:a9:34:1f:95:3d:38:72:48:
+                    04:b1:2a:8e:30:4b:ba:00:7f:d8:0c:a3:d3:ea:59:
+                    6b:86:f1:03:5c:01:a4:d7:14:4b:1e:4a:be:18:c1:
+                    24:64:26:52:56:5f:16:9e:c7:86:f3:9d:3b:50:cc:
+                    74:e6:4c:f8:00:3c:0b:51:33:31:dd:6e:7d:44:93:
+                    c3:3a:37:5f:17:78:7b:5f:41:21:25:d3:8c:ed:87:
+                    31:1e:6f:14:e3:14:a2:68:67:52:6e:f4:6d:de:44:
+                    63:d5:95:17:5c:a1:db:ff:de:2a:ee:4d:2c:be:c7:
+                    df:8f:db
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                28:1E:56:DA:FB:5A:AE:0A:7D:40:8B:44:68:5C:AA:1E:30:D0:52:74
+            X509v3 Authority Key Identifier: 
+                keyid:0F:C9:95:B0:9A:A3:4B:7D:4A:8C:06:B8:F8:C7:E6:1A:19:2A:24:3A
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-MBR/name=VPN MBR/emailAddress=ckubu-adm.oopen.de@ckubu-adm.oopen.de
+                serial:95:42:A1:61:11:C9:98:C0
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         8d:75:14:4f:4e:81:35:96:11:3c:25:05:fa:4f:8a:71:f7:45:
+         2a:37:31:63:ee:6f:5e:18:98:0a:bd:cd:60:dc:01:2d:18:24:
+         f7:3f:f3:ce:fd:cc:1e:4d:bb:51:10:1d:b7:0a:fd:f6:bb:fd:
+         b7:79:cd:e0:36:2f:6e:9d:cb:3a:00:a7:ca:bf:49:34:3f:ed:
+         e3:da:c9:27:0f:38:67:e1:33:49:69:53:f1:44:4c:99:92:67:
+         e0:f3:d1:17:62:ea:3b:c9:30:14:07:f2:92:f9:87:30:62:51:
+         80:48:0c:e2:12:f7:88:84:71:e0:1c:cb:f2:f4:1d:a2:06:fa:
+         11:f6:31:7e:21:94:7b:7e:c7:2b:b8:96:e9:88:96:9c:f1:e8:
+         d7:2f:2d:93:c4:d5:8d:a7:15:54:28:a7:23:07:08:01:16:ee:
+         f1:d4:e2:5d:e5:7a:40:c0:15:44:70:6f:da:98:c7:20:24:c6:
+         50:f7:f6:13:1f:f2:d7:11:ac:8d:ca:04:1b:61:01:b3:0a:49:
+         4f:53:00:9a:4a:36:38:57:b6:c0:d9:bf:22:0d:2d:e3:da:7f:
+         f2:bb:7a:cd:ec:52:7c:38:68:b6:33:3b:f8:e4:12:6d:ef:90:
+         6d:b6:99:21:7b:30:a0:53:c0:09:f5:02:8c:88:ab:11:99:d1:
+         a1:b0:c5:eb:4b:f5:12:11:d6:b9:ee:62:25:b4:a2:bf:7e:37:
+         a8:4d:f1:5b:8e:f4:f8:02:9e:12:7c:4a:37:f4:f0:27:ea:94:
+         68:38:43:d7:d7:a9:3e:ef:f0:23:e9:a9:83:1c:c6:cb:0d:21:
+         15:b3:02:bd:0b:b7:44:ee:af:ac:3d:0f:72:4f:5d:43:1e:13:
+         96:fc:79:54:9e:f5:3d:56:21:1a:a3:52:89:e7:89:e1:5a:e2:
+         f2:ae:8e:b2:a3:fe:18:f9:7e:0d:35:75:a7:82:3c:51:fa:c9:
+         05:73:e1:ae:4a:76:d0:3c:36:e4:3c:24:3a:58:24:e0:7c:dc:
+         ec:3f:0b:b7:fa:68:53:03:b2:21:28:c6:57:4a:85:8f:19:91:
+         f2:6e:31:c3:1f:12:fd:67:72:d3:d3:3b:0b:2f:cc:c8:3a:c9:
+         ac:13:c5:51:eb:a5:7a:87:e3:4d:21:ba:c9:41:29:0c:78:5d:
+         5b:04:96:d3:0b:2e:75:db:2a:9d:fe:57:1c:7e:03:10:6b:30:
+         e9:c3:d7:6a:95:4b:65:48:4c:2f:62:d6:9d:36:02:a3:05:a0:
+         b4:f0:fa:c4:74:10:32:06:d5:a8:d7:be:b6:8e:b4:7d:b7:3f:
+         3e:01:45:50:25:e8:7d:51:da:5e:22:17:8d:1a:5f:4a:a4:7e:
+         e9:53:58:cd:30:11:0a:af
+-----BEGIN CERTIFICATE-----
+MIIHdjCCBV6gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBtTELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1NQlIx
+EDAOBgNVBCkTB1ZQTiBNQlIxNDAyBgkqhkiG9w0BCQEWJWNrdWJ1LWFkbS5vb3Bl
+bi5kZUBja3VidS1hZG0ub29wZW4uZGUwHhcNMTcxMjE4MjAzMDM0WhcNMzcxMjE4
+MjAzMDM0WjCBqTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UE
+BxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2Vy
+dmljZXMxFzAVBgNVBAMTDlZQTi1NQlItc2VydmVyMRAwDgYDVQQpEwdWUE4gTUJS
+MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQDGOaVReicomC68QgVjITav4h3dJReYblavcZ09
+NIq1AHbqJJs0ZpWypQiW9kiutqEDH1SQGdSjYnQozu0y0uHFgX7i/ry17j2PUB4N
+rRnU4rsuXdzvmYIEEjHu2vq4at0fPf2r7IhGouGuHRSXzqD8GPjgsd03oHfn5BKT
+oKd7lvTvl86TD2oOuPcM93rg5axfnLsdDSXmytlywJcghujQG5pm9+dH9Yq5ZVrM
+oRb1G7B/j3Z3AVd4CllHVHbM8nvQFqpWtZJB0i9tZ2xduJo5VCz62fWMQ1mfpy90
+QpQMj1b9OD49IEhzj7Vtc4s9YX9ko/69a+ufC+qTwhINGUMwxPM0Y26cUuHxw7C+
+ZtKBFjOpoDUj2ju21z13qKj3eWfqMJxVPIWRrjroayPlVO9wETKbjc/0o8OoVKvT
+bHN6wYTwpJUMjHcdpqMhPk9pPdeRfbrgQexW7U615e0Wyt+/coGwC7hz+FmN2/5G
+vjXW9vSsSspJqNbUxOxPsmFMFg0gmw2Slj+jc32hfDCpNB+VPThySASxKo4wS7oA
+f9gMo9PqWWuG8QNcAaTXFEseSr4YwSRkJlJWXxaex4bznTtQzHTmTPgAPAtRMzHd
+bn1Ek8M6N18XeHtfQSEl04zthzEebxTjFKJoZ1Ju9G3eRGPVlRdcodv/3iruTSy+
+x9+P2wIDAQABo4IBmTCCAZUwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAw
+NAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlm
+aWNhdGUwHQYDVR0OBBYEFCgeVtr7Wq4KfUCLRGhcqh4w0FJ0MIHqBgNVHSMEgeIw
+gd+AFA/JlbCao0t9SowGuPjH5hoZKiQ6oYG7pIG4MIG1MQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BF
+TjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLU1CUjEQ
+MA4GA1UEKRMHVlBOIE1CUjE0MDIGCSqGSIb3DQEJARYlY2t1YnUtYWRtLm9vcGVu
+LmRlQGNrdWJ1LWFkbS5vb3Blbi5kZYIJAJVCoWERyZjAMBMGA1UdJQQMMAoGCCsG
+AQUFBwMBMAsGA1UdDwQEAwIFoDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcN
+AQELBQADggIBAI11FE9OgTWWETwlBfpPinH3RSo3MWPub14YmAq9zWDcAS0YJPc/
+8879zB5Nu1EQHbcK/fa7/bd5zeA2L26dyzoAp8q/STQ/7ePayScPOGfhM0lpU/FE
+TJmSZ+Dz0Rdi6jvJMBQH8pL5hzBiUYBIDOIS94iEceAcy/L0HaIG+hH2MX4hlHt+
+xyu4lumIlpzx6NcvLZPE1Y2nFVQopyMHCAEW7vHU4l3lekDAFURwb9qYxyAkxlD3
+9hMf8tcRrI3KBBthAbMKSU9TAJpKNjhXtsDZvyINLePaf/K7es3sUnw4aLYzO/jk
+Em3vkG22mSF7MKBTwAn1AoyIqxGZ0aGwxetL9RIR1rnuYiW0or9+N6hN8VuO9PgC
+nhJ8Sjf08CfqlGg4Q9fXqT7v8CPpqYMcxssNIRWzAr0Lt0Tur6w9D3JPXUMeE5b8
+eVSe9T1WIRqjUonnieFa4vKujrKj/hj5fg01daeCPFH6yQVz4a5KdtA8NuQ8JDpY
+JOB83Ow/C7f6aFMDsiEoxldKhY8ZkfJuMcMfEv1nctPTOwsvzMg6yawTxVHrpXqH
+400huslBKQx4XVsEltMLLnXbKp3+Vxx+AxBrMOnD12qVS2VITC9i1p02AqMFoLTw
++sR0EDIG1ajXvraOtH23Pz4BRVAl6H1R2l4iF40aX0qkfulTWM0wEQqv
+-----END CERTIFICATE-----
diff --git a/MBR/openvpn/home/keys/server.csr b/MBR/openvpn/home/keys/server.csr
new file mode 100644
index 0000000..6a63e05
--- /dev/null
+++ b/MBR/openvpn/home/keys/server.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE7zCCAtcCAQAwgakxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tTUJSLXNlcnZlcjEQMA4GA1UEKRMHVlBO
+IE1CUjEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxjmlUXonKJguvEIFYyE2r+Id3SUXmG5W
+r3GdPTSKtQB26iSbNGaVsqUIlvZIrrahAx9UkBnUo2J0KM7tMtLhxYF+4v68te49
+j1AeDa0Z1OK7Ll3c75mCBBIx7tr6uGrdHz39q+yIRqLhrh0Ul86g/Bj44LHdN6B3
+5+QSk6Cne5b075fOkw9qDrj3DPd64OWsX5y7HQ0l5srZcsCXIIbo0BuaZvfnR/WK
+uWVazKEW9Ruwf492dwFXeApZR1R2zPJ70BaqVrWSQdIvbWdsXbiaOVQs+tn1jENZ
+n6cvdEKUDI9W/Tg+PSBIc4+1bXOLPWF/ZKP+vWvrnwvqk8ISDRlDMMTzNGNunFLh
+8cOwvmbSgRYzqaA1I9o7ttc9d6io93ln6jCcVTyFka466Gsj5VTvcBEym43P9KPD
+qFSr02xzesGE8KSVDIx3HaajIT5PaT3XkX264EHsVu1OteXtFsrfv3KBsAu4c/hZ
+jdv+Rr411vb0rErKSajW1MTsT7JhTBYNIJsNkpY/o3N9oXwwqTQflT04ckgEsSqO
+MEu6AH/YDKPT6llrhvEDXAGk1xRLHkq+GMEkZCZSVl8WnseG8507UMx05kz4ADwL
+UTMx3W59RJPDOjdfF3h7X0EhJdOM7YcxHm8U4xSiaGdSbvRt3kRj1ZUXXKHb/94q
+7k0svsffj9sCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQBiG/MjEDzsPZ/ZI6j6
+ZPug5lbGTS0T2ZpOvRRMqE4rMaCSrTmS61Zw5VXsVIKNVuJN20B1NGo46lrSPYt8
+Om7k3QaxHxGTrRs0bsAtfInvzh6j7n0P80hliyTHyT3NzK7zP9gkcq2wCk/b6X/6
+Dvjm8nNZz3PfUmpXNVSaHSILvvvbtCf/nxYzXRktG7OQJCgUx0KQdDigwIx4rREE
+bwzJt5E7ybt/NglZw3B2QoLsMGh89L8J37iICOanbf1JHeMgW+svepskm9J28xvE
+QP1gq/htnYHmCaD5xMqgSbMFZgrV4ipixrcxdvz7Ek/4+uc42nrZfnf3j3qFKqej
+UZtpmochzN1PkdKkxrpVKSTh97zsXCwtbIcLxEAd9RdUloIUNrQAvzSgTIT2tjF3
+aqrt4YUbxxvMERgwINxye4FQYBQQvnaucrzLNow9YZf9Owzf02fNigBnz/Hbk726
+OVcqww0z7KJs4VkFhTGkATsAyKRe8gDuGshpQpPB3x5hr/cW2Z5mKbIrHKDK1jov
+6jsADFZTr8r7CrNo3aDqxjFn5a9iRo1w348aQq/cqBYHrKPddcrQrPH+4m6h19QJ
+Vn7i+iz8ZdvMhnE8sl4g/ZoMYEvuKn5eT8yzbL0Xf9mhDNcTuSgqEu+1u/eW04Uy
+gXfX67DLAAmQ26mUM6dcMYSutA==
+-----END CERTIFICATE REQUEST-----
diff --git a/MBR/openvpn/home/keys/server.key b/MBR/openvpn/home/keys/server.key
new file mode 100644
index 0000000..42f0e4e
--- /dev/null
+++ b/MBR/openvpn/home/keys/server.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDGOaVReicomC68
+QgVjITav4h3dJReYblavcZ09NIq1AHbqJJs0ZpWypQiW9kiutqEDH1SQGdSjYnQo
+zu0y0uHFgX7i/ry17j2PUB4NrRnU4rsuXdzvmYIEEjHu2vq4at0fPf2r7IhGouGu
+HRSXzqD8GPjgsd03oHfn5BKToKd7lvTvl86TD2oOuPcM93rg5axfnLsdDSXmytly
+wJcghujQG5pm9+dH9Yq5ZVrMoRb1G7B/j3Z3AVd4CllHVHbM8nvQFqpWtZJB0i9t
+Z2xduJo5VCz62fWMQ1mfpy90QpQMj1b9OD49IEhzj7Vtc4s9YX9ko/69a+ufC+qT
+whINGUMwxPM0Y26cUuHxw7C+ZtKBFjOpoDUj2ju21z13qKj3eWfqMJxVPIWRrjro
+ayPlVO9wETKbjc/0o8OoVKvTbHN6wYTwpJUMjHcdpqMhPk9pPdeRfbrgQexW7U61
+5e0Wyt+/coGwC7hz+FmN2/5GvjXW9vSsSspJqNbUxOxPsmFMFg0gmw2Slj+jc32h
+fDCpNB+VPThySASxKo4wS7oAf9gMo9PqWWuG8QNcAaTXFEseSr4YwSRkJlJWXxae
+x4bznTtQzHTmTPgAPAtRMzHdbn1Ek8M6N18XeHtfQSEl04zthzEebxTjFKJoZ1Ju
+9G3eRGPVlRdcodv/3iruTSy+x9+P2wIDAQABAoICADVHYz7uFT5dARrKqAYH9Fn7
+7cj14kyvQ49uezPrPmj+EfhHFIxWEmBs6U0iL1D+d3KOZj1BJB0yJkSdsbWaZuKe
+Nsuuamx/933gq+NDJpFIy8Tfp7WizgZoGZG4u/D7kCmIkPk33z0VJJGW8WUIPc7k
+q2hBhlMgR3pFnBSf9sRKQ9VuOTDf0MLaRlTu49E1Ckq8prJdSVWqKh4k07oDaOoe
+sTaB5WE7Byljq68akUAaTCtNFStRagAyz+JTOodFma/Jl8ksjn4wj1zZko/yQUmt
+bVWTZeNoatt1pVSbXI2vrVLsXhYx6idddgdQKhm6bfJP/fVN34vlOQyz+gQZSSyG
+MMXC9sKscUL9291zWjPZOzX4xskSXQD+QLZ2cKB8FHvYjCe/AzyrVTy0NO8PlrVX
+n1eRZJV8hi1zM1HRj0Oh7DzY10EKD0pRW3i/H+pBh9JhuwuEJPz0C3vVo+qR0W50
+Q4wlaR/E3Z2pRIiiP3PPnBYBiZNGmhmVlCGqfyZ1IaQLT3orUKqLnwQn8UcMwocg
+XJ6NnvmNKEMJq7hr1RY2chLpjf8CLsTg4fulrTFylkEk+jaCBKAhv7VPWnkBw3g6
+UZtgTbLQpzjzzsgdsEBlI4wqi7Y6xPZ3+Vd33RsRmHqHtEK0AkiyUN0LK/o5nb5Z
+erjVufPngHwGZ4pZ13RRAoIBAQDxW+2ERneA2J4l+9Y5I5mE3XSnVer0bXF9Z+Kd
+gJaUDmspEjWodcbN2+qzOzGrLVWhM9zJtEtHKYMG/+Ll27S7b4Lc7gInqz5Y9DpE
+UCS+8jWpk2/uiNEgLU22TXzXVeiVqCfeVgLzsTiNaQC3D9uOG6r4iQSEY88Y2qYd
+2A/TVpDHRBzoU6tK8xPAbeDJYumUUU7vi06/6Mz1YIJMtEDzm5VWhWnDGxmObiND
+B0ZiNye9YOBTNIojgqvh5v36t1FTDeVGn9wtBf5dC/fGwnbU5lfmsTgGR9sL5Tbt
+Dj4Hn3wzVyFuBCT8Pu+YZxD7rLXoyUamkIZxupDOXIjjDoqTAoIBAQDSP+PkC/+g
+nEOgvwR4nupO5ASE4xcbK4n46uROAi/K/LBpkKiyB3SDPpip3Fv991bCaq30g/eX
+d0gAvKb9fJgJ1cq3vME3Fcgvu85dB8dFtQmbbN/Kp4HGcF3sg2swEZL/aMsAPauS
+c3u77VSx6SGaAADCjt1nG2ZK62hnoa5A/y5XFez7/uwqFo3OhEpxmk0ukTSMnHNC
+LJYaL6pbk/YS1lhNGybIeDzf2bKWSsnUNtbO5tow+8nJJZku9jyytotJEVm8ZiJt
+BSeoiFhfVcwzCn+4sbLDsyvkM1K9VDEbypn9jqnTxcwuJTj9ZsXDBq2g+5O60I8Z
+rpaRfqAcRwqZAoIBABIejJ45jA8oM/c2CMcRXR0UYwWM9a6T6Mk5W1HnrWZADttu
+eojDDsG1mNELyJbJOHx5oEGkP2KAQ03rN+V5sP/BR1m+pHrF6FBVRWqLeba8CDtK
+zkRiERERVZwyBQVFdciGbzfJzT7uNwimsV8M2ba5bQRrhONLeuiqwX3MEqQTA5ty
+CZmHbnyZ8wmnNhDoVBDGad6h3q+Zkol5TU7k2Vtweq2cJmx3RFvk+NC3YxlMerdE
+5pJYh2ZTEQRMixSfXoOVr3i115mpsYbatyc8wh8Ji9/Nvh76lf82ngD96Lo5xuEz
+0VapCP3G28XdNvEt7hojwiIPB4jSMLzNRZmGJfECggEAT0JqpNOpIGEIVZbtFpPB
+/M+UrIv3b/Sv5LiYLJhCcCFmV8WC8upAkCGO56n8u/b8K/qPbXg6ZE1BRZXY1gKc
+RkjkTPPJWvzJJMWF/CgshSjEYGVg0ELpd2dw4PKB+/MEGWjl7kdRYLpMUQIdRZx/
+YFDT+IRnDrGTlHa+OyMGT9ZjH81SM4VcfllWSB4y+jSTGBUBXGi2QqIQS/rgG/nh
+cCSB0T+FFVnOiQzGeEXlZCzwObtpUcH5xex4nO2S4ERUqczyqUVPgQ3Kb4xG1FnB
+yxQQJg5HN+NZjoOSk3EjujhcaOvZNc6BNHwvycdukiD4X5G3lVt+Ns5MULkNntth
+MQKCAQEAt2ZKJKPToeHR+xmFCch57tn0RU41bJFiTZLRq9ukWM3fA6ZAdGlin+o6
+1GNGWjUO0WBM2FChXSgSn/8PygNdvpVmAynNBdyfHYC1rNIivJIUF49XQIYoeWXO
++zV4nKx3iMAAvdcGp8q+ArBWi6mgggX5pGIh707IlK5HPBqzR939Q46eOQ+DCzgY
+IrRReX5n3QibZSOm5SxnKXWi59xOHjNIh7Q4yAAdN7BZV5v1ZEPVuMZQ3gNf6cbz
+/TCiyGhDtya6ATEqvrGQotUvyhv/SU9QImBY2LZtCEMIywi1vSKaUQo6k8aVKpzj
+SNWtOv+BRPbSTymad6j1nxTu83Ij4A==
+-----END PRIVATE KEY-----
diff --git a/MBR/openvpn/home/keys/ta.key b/MBR/openvpn/home/keys/ta.key
new file mode 100644
index 0000000..e8cb822
--- /dev/null
+++ b/MBR/openvpn/home/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+c1bb483e19d6c90def9e3b3054725c26
+83dad3473e46c324617f10954a9ef0c0
+04d3e53c787043db4b2f0c0f55d38928
+13ccfe3325bdc2a12294ee4a6eee14e1
+301e57912bdb03502032b97dd30fa67a
+6f7f2af6759ed4a6f7d32e863417c38f
+d0d29d7c1c2aea2b60c273878919c815
+220984a3a5e996a8ad9e01bc5595b87c
+2e60411d8d44f0769ed53afff6259395
+112f2218b859ce5ae46542be229ec2aa
+ab78338e1db08e5765571faf096fb5d3
+ebf22fc761cd3a70ef97c4cb20dd1778
+830a8b2b1463e8101825003181e8e188
+74dd61d43462ef4f8271c68c5aebdb07
+a4300e941ab9bfbdb5f34f23442222b8
+7c5b89d7e9ff18e1367af366abf53c3d
+-----END OpenVPN Static key V1-----
diff --git a/MBR/openvpn/server-gw-ckubu.conf b/MBR/openvpn/server-gw-ckubu.conf
new file mode 100644
index 0000000..774b51a
--- /dev/null
+++ b/MBR/openvpn/server-gw-ckubu.conf
@@ -0,0 +1,319 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1195
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+route 192.168.63.0 255.255.255.0 10.1.112.1
+route 192.168.64.0 255.255.255.0 10.1.112.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Enable TUN IPv6 module
+;tun-ipv6
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca /etc/openvpn/gw-ckubu/keys/ca.crt
+cert /etc/openvpn/gw-ckubu/keys/server.crt
+key /etc/openvpn/gw-ckubu/keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh /etc/openvpn/gw-ckubu/keys/dh4096.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+;server 10.8.0.0 255.255.255.0
+;server-ipv6 2a01:30:1fff:fd00::/64
+server 10.1.112.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/gw-ckubu/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 172.16.112.0 255.255.255.0"
+push "route 192.168.112.0 255.255.255.0"
+push "route 192.168.113.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir /etc/openvpn/gw-ckubu/ccd/server-gw-ckubu
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.112.1"
+push "dhcp-option DOMAIN mbr-bln.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth /etc/openvpn/gw-ckubu/keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-gw-ckubu.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-gw-ckubu.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 1
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/gw-ckubu/crl.pem
diff --git a/MBR/openvpn/server-home.conf b/MBR/openvpn/server-home.conf
new file mode 100644
index 0000000..71f0340
--- /dev/null
+++ b/MBR/openvpn/server-home.conf
@@ -0,0 +1,316 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Enable TUN IPv6 module
+;tun-ipv6
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca /etc/openvpn/home/keys/ca.crt
+cert /etc/openvpn/home/keys/server.crt
+key /etc/openvpn/home/keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh /etc/openvpn/home/keys/dh4096.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+;server 10.8.0.0 255.255.255.0
+;server-ipv6 2a01:30:1fff:fd00::/64
+server 10.0.112.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/home/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.112.0 255.255.255.0"
+push "route 192.168.113.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir /etc/openvpn/home/ccd/server-home
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.112.1"
+push "dhcp-option DOMAIN mbr-bln.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth /etc/openvpn/home/keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-home.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-home.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 1
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/home/crl.pem
diff --git a/MBR/openvpn/update-resolv-conf b/MBR/openvpn/update-resolv-conf
new file mode 100755
index 0000000..fc2f031
--- /dev/null
+++ b/MBR/openvpn/update-resolv-conf
@@ -0,0 +1,58 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+# 
+# Example envs set from openvpn:
+#
+#     foreign_option_1='dhcp-option DNS 193.43.27.132'
+#     foreign_option_2='dhcp-option DNS 193.43.27.133'
+#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+[ -x /sbin/resolvconf ] || exit 0
+[ "$script_type" ] || exit 0
+[ "$dev" ] || exit 0
+
+split_into_parts()
+{
+	part1="$1"
+	part2="$2"
+	part3="$3"
+}
+
+case "$script_type" in
+  up)
+	NMSRVRS=""
+	SRCHS=""
+	for optionvarname in ${!foreign_option_*} ; do
+		option="${!optionvarname}"
+		echo "$option"
+		split_into_parts $option
+		if [ "$part1" = "dhcp-option" ] ; then
+			if [ "$part2" = "DNS" ] ; then
+				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
+			elif [ "$part2" = "DOMAIN" ] ; then
+				SRCHS="${SRCHS:+$SRCHS }$part3"
+			fi
+		fi
+	done
+	R=""
+	[ "$SRCHS" ] && R="search $SRCHS
+"
+	for NS in $NMSRVRS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
+	;;
+  down)
+	/sbin/resolvconf -d "${dev}.openvpn"
+	;;
+esac
+
diff --git a/MBR/resolv.conf.MBR b/MBR/resolv.conf.MBR
new file mode 100644
index 0000000..716c469
--- /dev/null
+++ b/MBR/resolv.conf.MBR
@@ -0,0 +1,3 @@
+domain mbr-bln.netz
+search mbr-bln.netz mbr.netz
+nameserver 127.0.0.1
diff --git a/MBR/sasl_passwd.MBR b/MBR/sasl_passwd.MBR
new file mode 100644
index 0000000..630033b
--- /dev/null
+++ b/MBR/sasl_passwd.MBR
@@ -0,0 +1 @@
+[b.mx.oopen.de] mbr-bln@b.mx.oopen.de:IeNgoovi7rik
diff --git a/MBR/sasl_passwd.db.MBR b/MBR/sasl_passwd.db.MBR
new file mode 100644
index 0000000..a576862
Binary files /dev/null and b/MBR/sasl_passwd.db.MBR differ
diff --git a/MBR/sbin/ip6t-firewall-gateway b/MBR/sbin/ip6t-firewall-gateway
new file mode 100755
index 0000000..3df216f
--- /dev/null
+++ b/MBR/sbin/ip6t-firewall-gateway
@@ -0,0 +1,3414 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ip6t-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv6 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv6.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv6.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv6.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv6.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ip6t=$(which ip6tables)
+
+if [[ -z "$ip6t" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IPv6)..\033[m"
+else
+   echo "Starting firewall iptables (IPv4).."
+fi
+echo
+
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+# ---
+# - Enable/Disable ip forwarding between interfaces
+# ---
+if $kernel_forward_between_interfaces ; then
+   echononl "\tActivate Forwarding.."
+   echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+else
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
+fi
+
+echo_done
+
+
+# -------------
+# --- Adjust Kernel Parameters
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+
+   # ---
+   # - Deactivate Source Routed Packets
+   # ---
+   for asr in /proc/sys/net/ipv6/conf/*/accept_source_route; do
+      if $kernel_deactivate_source_route ; then
+         echo 0 > $asr
+      fi
+   done
+
+
+   # ---
+   # -  Deactivate sending ICMP redirects
+   # ---
+   if $kernel_dont_accept_redirects ; then
+      echo "0" > /proc/sys/net/ipv6/conf/all/accept_redirects
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+
+fi 
+
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv6).."
+
+# - default policies
+# -
+$ip6t -P INPUT ACCEPT
+$ip6t -P OUTPUT ACCEPT
+$ip6t -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ip6t -F
+$ip6t -F INPUT
+$ip6t -F OUTPUT
+$ip6t -F FORWARD
+$ip6t -F -t mangle
+$ip6t -F -t nat
+$ip6t -F -t raw
+$ip6t -X
+$ip6t -Z
+
+#$ip6t -t nat -A POSTROUTING -o $ext_if_static_1 -j MASQUERADE
+$ip6t -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+echo_done # Flushing firewall iptable (IPv6)..
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ip6t -A INPUT -s $_ip -j LOG --log-prefix "$_ip IN: " --log-level $log_level
+      $ip6t -A OUTPUT -d $_ip -j LOG --log-prefix "$_ip OUT: " --log-level $log_level
+      $ip6t -A FORWARD -s $_ip -j LOG --log-prefix "$_ip FORWARD FROM: " --log-level $log_level
+      $ip6t -A FORWARD -d $_ip -j LOG --log-prefix "$_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP IPv6 traffic.."
+if $permit_all_icmp_traffic ; then
+   $ip6t -A INPUT -p ipv6-icmp -j ACCEPT
+   $ip6t -A OUTPUT -p ipv6-icmp -j ACCEPT
+   $ip6t -A FORWARD -p ipv6-icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ip6t -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ip6t -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ip6t -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -j ACCEPT
+         $ip6t -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ip6t -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ip6t -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ip6t -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ip6t -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -i $_if -j DROP
+      $ip6t -A FORWARD -o $_if -j DROP
+   fi
+   $ip6t -A INPUT -i $_if -j DROP
+   $ip6t -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -d $_ip -j ACCEPT
+         $ip6t -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ip6t -N syn-flood
+   $ip6t -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ip6t -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ip6t -A syn-flood -j DROP
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   if $log_new_not_sync || $log_all  ; then
+      $ip6t -A INPUT -p tcp ! --syn -m state --state NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      $ip6t -A OUTPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      fi
+   fi
+   $ip6t -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
+   $ip6t -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP
+   fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   if $log_invalid_state || $log_all  ; then
+      $ip6t -A INPUT -m state --state INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -m state --state INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+      fi
+   fi
+   $ip6t -A INPUT -m state --state INVALID -j DROP
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -m state --state INVALID -j DROP
+   fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # - Refuse spoofed packets pretending to be from your IP address.
+   if $log_spoofed || $log_all ; then
+      for _ip in ${ext_ip_arr[@]} ; do
+         $ip6t -A INPUT -s $_ip -d $_ip -j LOG --log-prefix "$log_prefix Spoofed (own ip): " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -s $_ip -d $_ip -j LOG --log-prefix "$log_prefix Spoofed (own ip): " --log-level $log_level
+         fi
+      done
+   fi
+   for _ip in ${ext_ip_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -s $_ip -d $_ip -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ipi6t -A FORWARD -s $_ip -d $_ip -j DROP
+      fi
+   done
+
+
+   # - private Adressen auf externen interface verwerfen
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ip6t -A INPUT -i $_dev -s $ula_block -j LOG --log-prefix "$log_prefix Private (ula_block): " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix (loopback): " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -s $ula_block -j LOG --log-prefix "$log_prefix Private (ula_block): " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix (loopback): " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -s $ula_block -j DROP
+      $ip6t -A INPUT -i $_dev -s $loopback -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -s $ula_block -j DROP
+         $ip6t -A FORWARD -i $_dev -s $loopback -j DROP
+      fi
+
+      # Don't allow spoofing from that server
+      $ip6t -A OUTPUT -o $_dev -s $ula_block -j DROP
+      $ip6t -A OUTPUT -o $_dev -s $loopback -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -s $ula_block -j DROP
+         $ip6t -A FORWARD -o $_dev -s $loopback -j DROP
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ip6t -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ip6t -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ip6t -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ip6t -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ip6t -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ip6t -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ip6t -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ip6t -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ip6t -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ip6t -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_forward_between_interfaces ; then
+         if $block_ident ; then
+            $ip6t -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ip6t -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ip6t -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ip6t -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_forward_between_interfaces ; then
+      if $block_ident ; then
+         $ip6t -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ip6t -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ip6t -A INPUT -i lo -j ACCEPT
+$ip6t -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ip6t -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ip6t -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_forward_between_interfaces ; then
+   $ip6t -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ip6t -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ip6t -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv6_address_arr[@]}" ; then
+            $ip6t -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         $ip6t -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ip6t -A FORWARD -p ${_val_arr[3]} -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+echononl "\tSeparate local networks.."
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+echononl "\tSeparate local interfaces.."
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            [[ "$_dev_1" = "$_dev_2" ]] && continue
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+            $ip6t -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+         done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_forward_between_interfaces ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+
+
+# ---
+# - IPv4 over IPv6
+# ---
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 546 -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp --dport 547 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP Service (local network only)"
+
+if $local_dhcp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type echo-request -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
+
+      $ip6t -A INPUT -p udp -i $_dev --sport 546 --dport 547 -j ACCEPT
+      $ip6t -A OUTPUT -p udp -o $_dev --sport 547 --dport 546 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ip6t -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ip6t -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ip6t -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_forward_between_interfaces=true)
+   if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ip6t -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ip6t -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ip6t -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ip6t -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ip6t -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_forward_between_interfaces ; then
+
+            $ip6t -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_forward_between_interfaces ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ip6t -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ip6t -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -t filter -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ip6t -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $standard_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $standard_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ip6t -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_forward_between_interfaces ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then 
+         $ip6t -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+      $ip6t -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ip6t -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_forward_between_interfaces && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_forward_between_interfaces && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ip6t -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tDruck Port 9100 only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ip6t -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces $$ ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ip6t -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ip6t -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv6_address_arr[@]}" ; then
+         $ip6t -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ip6t -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_forward_between_interfaces \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_forward_between_interfaces ; then
+
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces ; then
+
+         # - From extern
+         $ip6t -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ip6t -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ip6t -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv6_address_arr[@]}" ; then
+         $ip6t -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_forward_between_interfaces ; then
+         $ip6t -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ip6t -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=',' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      if [[ "${_val_arr[1]}" = "${_val_arr[3]}" ]] ; then
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination ${_val_arr[2]}
+      else
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination [${_val_arr[2]}]:${_val_arr[3]}
+      fi
+
+      # - Allow Packets
+      # -
+      $ip6t -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=',' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      if [[ "${_val_arr[1]}" = "${_val_arr[3]}" ]] ; then
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination ${_val_arr[2]}
+      else
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination [${_val_arr[2]}]:${_val_arr[3]}
+      fi
+
+      # - Allow Packets
+      # -
+      $ip6t -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ip6t -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ip6t -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ip6t -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+# ---
+# - ICMP is configured above..
+# ---
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_forward_between_interfaces ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ip6t -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ip6t -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ip6t -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ip6t -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ip6t -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ip6t -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ip6t -A INPUT -j DROP
+$ip6t -A OUTPUT -j DROP
+$ip6t -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/MBR/sbin/ipt-firewall-gateway b/MBR/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..5be1a57
--- /dev/null
+++ b/MBR/sbin/ipt-firewall-gateway
@@ -0,0 +1,3947 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/MBR/src/ipt-gateway b/MBR/src/ipt-gateway
new file mode 160000
index 0000000..de0ebb6
--- /dev/null
+++ b/MBR/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
diff --git a/MBR/src/openvpn b/MBR/src/openvpn
new file mode 160000
index 0000000..ebff5a5
--- /dev/null
+++ b/MBR/src/openvpn
@@ -0,0 +1 @@
+Subproject commit ebff5a557b537bcb8192d94f733c4df86594258d
diff --git a/MBR/src/postfix b/MBR/src/postfix
new file mode 160000
index 0000000..37b16e3
--- /dev/null
+++ b/MBR/src/postfix
@@ -0,0 +1 @@
+Subproject commit 37b16e39d82f50b5dce79b83810d10a37a83a741
diff --git a/NONE-CKUBU/README.txt b/NONE-CKUBU/README.txt
new file mode 100644
index 0000000..2f1b32c
--- /dev/null
+++ b/NONE-CKUBU/README.txt
@@ -0,0 +1,25 @@
+
+Notice:
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.NONE-CKUBU: ppp0 comes over eth2
+      interfaces.NONE-CKUBU: see above
+      default_isc-dhcp-server.NONE-CKUBU
+      ipt-firewall.NONE-CKUBU: LAN device (mostly ) = eth1
+                                second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/NONE-CKUBU/aiccu.NONE-CKUBU b/NONE-CKUBU/aiccu.NONE-CKUBU
new file mode 100644
index 0000000..5482d8f
--- /dev/null
+++ b/NONE-CKUBU/aiccu.NONE-CKUBU
@@ -0,0 +1,11 @@
+# This is a configuration file for /etc/init.d/aiccu; it allows you to
+# perform common modifications to the behavior of the aiccu daemon
+# startup without editing the init script (and thus getting prompted
+# by dpkg on upgrades).  We all love dpkg prompts.
+
+# Arguments to pass to aiccu daemon.
+DAEMON_ARGS=""
+
+# Run aiccu at startup ?
+AICCU_ENABLED=Yes
+
diff --git a/NONE-CKUBU/aiccu.conf.NONE-CKUBU b/NONE-CKUBU/aiccu.conf.NONE-CKUBU
new file mode 100644
index 0000000..c1c27a7
--- /dev/null
+++ b/NONE-CKUBU/aiccu.conf.NONE-CKUBU
@@ -0,0 +1,79 @@
+# Under control from debconf, please use 'dpkg-reconfigure aiccu' to reconfigure
+# AICCU Configuration
+
+# Login information (defaults: none)
+username CKM11-SIXXS
+password zLkJIZF0
+
+# Protocol and server to use for setting up the tunnel (defaults: none)
+protocol tic
+server tic.sixxs.net
+
+# Interface names to use (default: aiccu)
+# ipv6_interface is the name of the interface that will be used as a tunnel interface.
+# On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels
+# or tunX (eg tun0) for AYIYA tunnels.
+ipv6_interface sixxs
+
+# The tunnel_id to use (default: none)
+# (only required when there are multiple tunnels in the list)
+tunnel_id T129038
+
+# Be verbose? (default: false)
+#verbose false
+
+# Daemonize? (default: true)
+# Set to false if you want to see any output
+# When true output goes to syslog
+#
+# WARNING: never run AICCU from DaemonTools or a similar automated
+# 'restart' tool/script. When AICCU does not start, it has a reason
+# not to start which it gives on either the stdout or in the (sys)log
+# file. The TIC server *will* automatically disable accounts which
+# are detected to run in this mode.
+#
+daemonize true
+
+# Automatic Login and Tunnel activation?
+automatic true
+
+# Require TLS?
+# When set to true, if TLS is not supported on the server
+# the TIC transaction will fail.
+# When set to false, it will try a starttls, when that is
+# not supported it will continue.
+# In any case if AICCU is build with TLS support it will
+# try to do a 'starttls' to the TIC server to see if that
+# is supported.
+requiretls false
+
+# PID File
+#pidfile /var/run/aiccu.pid
+
+# Add a default route (default: true)
+#defaultroute true
+
+# Script to run after setting up the interfaces (default: none)
+#setupscript /usr/local/etc/aiccu-subnets.sh
+
+# Make heartbeats (default true)
+# In general you don't want to turn this off
+# Of course only applies to AYIYA and heartbeat tunnels not to static ones
+#makebeats true
+
+# Don't configure anything (default: false)
+#noconfigure true
+
+# Behind NAT (default: false)
+# Notify the user that a NAT-kind network is detected
+#behindnat true
+
+# Local IPv4 Override (default: none)
+# Overrides the IPv4 parameter received from TIC
+# This allows one to configure a NAT into "DMZ" mode and then
+# forwarding the proto-41 packets to an internal host.
+# 
+# This is only needed for static proto-41 tunnels!
+# AYIYA and heartbeat tunnels don't require this.
+#local_ipv4_override
+
diff --git a/NONE-CKUBU/bin/admin-stuff b/NONE-CKUBU/bin/admin-stuff
new file mode 160000
index 0000000..6c91fc0
--- /dev/null
+++ b/NONE-CKUBU/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
diff --git a/NONE-CKUBU/bin/clean_log_files.sh b/NONE-CKUBU/bin/clean_log_files.sh
new file mode 120000
index 0000000..4a65412
--- /dev/null
+++ b/NONE-CKUBU/bin/clean_log_files.sh
@@ -0,0 +1 @@
+admin-stuff/clean_log_files.sh
\ No newline at end of file
diff --git a/NONE-CKUBU/bin/manage-gw-config b/NONE-CKUBU/bin/manage-gw-config
new file mode 160000
index 0000000..820fdbf
--- /dev/null
+++ b/NONE-CKUBU/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit 820fdbff49e4b1aeaed45134812a2427ed856b98
diff --git a/NONE-CKUBU/bin/monitoring b/NONE-CKUBU/bin/monitoring
new file mode 160000
index 0000000..0611d0a
--- /dev/null
+++ b/NONE-CKUBU/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
diff --git a/NONE-CKUBU/bin/os-upgrade.sh b/NONE-CKUBU/bin/os-upgrade.sh
new file mode 120000
index 0000000..02ddc66
--- /dev/null
+++ b/NONE-CKUBU/bin/os-upgrade.sh
@@ -0,0 +1 @@
+admin-stuff/os-upgrade.sh
\ No newline at end of file
diff --git a/NONE-CKUBU/bin/test_email.sh b/NONE-CKUBU/bin/test_email.sh
new file mode 120000
index 0000000..86f3e17
--- /dev/null
+++ b/NONE-CKUBU/bin/test_email.sh
@@ -0,0 +1 @@
+admin-stuff/test_email.sh
\ No newline at end of file
diff --git a/NONE-CKUBU/bind/bind.keys b/NONE-CKUBU/bind/bind.keys
new file mode 100644
index 0000000..db22d4b
--- /dev/null
+++ b/NONE-CKUBU/bind/bind.keys
@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};
diff --git a/NONE-CKUBU/bind/bind.keys.dpkg-old b/NONE-CKUBU/bind/bind.keys.dpkg-old
new file mode 100644
index 0000000..b003c53
--- /dev/null
+++ b/NONE-CKUBU/bind/bind.keys.dpkg-old
@@ -0,0 +1,49 @@
+/* $Id: bind.keys,v 1.5.42.2 2011-01-04 19:14:48 each Exp $ */
+# The bind.keys file is used to override built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release (BIND
+# 9.7), the only trust anchor it sets is the one for the ISC DNSSEC
+# Lookaside Validation zone ("dlv.isc.org").  Trust anchors for any other
+# zones MUST be configured elsewhere; if they are configured here, they
+# will not be recognized or used by named.
+#
+# This file also contains a copy of the trust anchor for the DNS root zone
+# (".").  However, named does not use it; it is provided here for
+# informational purposes only.  To switch on DNSSEC validation at the
+# root, the root key below can be copied into named.conf.
+#
+# The built-in DLV trust anchor in this file is used directly by named.
+# However, it is not activated unless specifically switched on.  To use
+# the DLV key, set "dnssec-lookaside auto;" in the named.conf options.
+# Without this option being set, the key in this file is ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of January 2011.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+	# ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        # NOTE: This key is activated by setting "dnssec-lookaside auto;"
+        # in named.conf.
+	dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+		brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+		1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+		ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+		Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+		QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+		TDN0YUuWrBNh";
+
+	# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
+	# for current trust anchor information.
+        # NOTE: This key is activated by setting "dnssec-validation auto;"
+        # in named.conf.
+	. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+		FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+		bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+		X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+		W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+		Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+		QxA+Uk1ihz0=";
+};
diff --git a/NONE-CKUBU/bind/db.0 b/NONE-CKUBU/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/NONE-CKUBU/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/NONE-CKUBU/bind/db.127 b/NONE-CKUBU/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/NONE-CKUBU/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/NONE-CKUBU/bind/db.255 b/NONE-CKUBU/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/NONE-CKUBU/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/NONE-CKUBU/bind/db.empty b/NONE-CKUBU/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/NONE-CKUBU/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/NONE-CKUBU/bind/db.local b/NONE-CKUBU/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/NONE-CKUBU/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/NONE-CKUBU/bind/db.root b/NONE-CKUBU/bind/db.root
new file mode 100644
index 0000000..f0b79d2
--- /dev/null
+++ b/NONE-CKUBU/bind/db.root
@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file
diff --git a/NONE-CKUBU/bind/db.root.dpkg-old b/NONE-CKUBU/bind/db.root.dpkg-old
new file mode 100644
index 0000000..d081faa
--- /dev/null
+++ b/NONE-CKUBU/bind/db.root.dpkg-old
@@ -0,0 +1,87 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    Jun 17, 2010
+;       related version of root zone:   2010061700
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FE::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35
+; End of File
diff --git a/NONE-CKUBU/bind/named.conf b/NONE-CKUBU/bind/named.conf
new file mode 100644
index 0000000..880786a
--- /dev/null
+++ b/NONE-CKUBU/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/NONE-CKUBU/bind/named.conf.default-zones b/NONE-CKUBU/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/NONE-CKUBU/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/NONE-CKUBU/bind/named.conf.local b/NONE-CKUBU/bind/named.conf.local
new file mode 100644
index 0000000..a00e259
--- /dev/null
+++ b/NONE-CKUBU/bind/named.conf.local
@@ -0,0 +1,9 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+
diff --git a/NONE-CKUBU/bind/named.conf.local.INSTALL b/NONE-CKUBU/bind/named.conf.local.INSTALL
new file mode 100644
index 0000000..7a57b10
--- /dev/null
+++ b/NONE-CKUBU/bind/named.conf.local.INSTALL
@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
diff --git a/NONE-CKUBU/bind/named.conf.options b/NONE-CKUBU/bind/named.conf.options
new file mode 100644
index 0000000..19773dd
--- /dev/null
+++ b/NONE-CKUBU/bind/named.conf.options
@@ -0,0 +1,86 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+   //========================================================================
+   // If BIND logs error messages about the root key being expired,
+   // you will need to update your keys.  See https://www.isc.org/bind-keys
+   //========================================================================
+   dnssec-validation auto;
+
+   auth-nxdomain no;    # conform to RFC1035
+
+   listen-on port 53 {
+      127.0.0.1;
+   };
+
+   allow-query {
+      127.0.0.1;
+   };
+
+   allow-recursion {
+      127.0.0.1;
+   };
+
+   allow-transfer { none; };
+
+	listen-on-v6 {
+      ::1; 
+   };
+};
+
+logging {
+   channel simple_log {
+      file "/var/log/named/bind.log" versions 3 size 5m;
+      //severity warning;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category  yes;
+   };
+   channel queries_log {
+      file "/var/log/named/query.log" versions 10 size 5m;
+      severity debug;
+      //severity notice;
+      print-time yes;
+      print-severity yes;
+      print-category no;
+   };
+   channel log_zone_transfers {
+      file "/var/log/named/axfr.log" versions 5 size 2m;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   category resolver {
+      queries_log;
+   };
+   category queries {
+      queries_log;
+   };
+   category xfer-in {
+      log_zone_transfers;
+   };
+   category xfer-out {
+      log_zone_transfers;
+   };
+   category notify {
+      log_zone_transfers;
+   };
+   category default{
+      simple_log;
+   };
+};
diff --git a/NONE-CKUBU/bind/named.conf.options.INSTALL b/NONE-CKUBU/bind/named.conf.options.INSTALL
new file mode 100644
index 0000000..af79758
--- /dev/null
+++ b/NONE-CKUBU/bind/named.conf.options.INSTALL
@@ -0,0 +1,20 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/NONE-CKUBU/bind/rndc.key b/NONE-CKUBU/bind/rndc.key
new file mode 100644
index 0000000..48256d5
--- /dev/null
+++ b/NONE-CKUBU/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "p8uEoosC6vrcRj73ribYKg==";
+};
diff --git a/NONE-CKUBU/bind/zones.rfc1918 b/NONE-CKUBU/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/NONE-CKUBU/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/NONE-CKUBU/chap-secrets.NONE-CKUBU b/NONE-CKUBU/chap-secrets.NONE-CKUBU
new file mode 100644
index 0000000..cb6eeef
--- /dev/null
+++ b/NONE-CKUBU/chap-secrets.NONE-CKUBU
@@ -0,0 +1,51 @@
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+
+
+## - Aktionsbuendnis
+"feste-ip9/1TBGC27CYX92@t-online-com.de" * "7FbmJz7L"
+
+## - Anwaltskanzlei - Karl-Marx_Strasse (anw-km)
+"0017005041965502052728690001@t-online.de" * "62812971"
+
+## - Anwaltskanzlei - Urbanstrasse (anw-urb)
+"0019673090265502751343110001@t-online.de" * "85593499"
+
+## - B3 Bornim
+"t-online-com/8TB0LIXKXV82@t-online-com.de" * "38460707"
+
+## - Fluechlingsrat BRB
+"0022044435885511150351780001@t-online.de" * "27475004"
+
+## - Jonas
+"0023866648325511093506040001@t-online.de" * "13635448"
+
+## - Kanzlei Kiel
+## - DSL
+"ar0284280107" * "39457541"
+## - VDSL
+"ab3391185321" * "jhecfmvk"
+
+## - MBR Berlin
+## - DSL
+"0019507524965100021004430001@t-online.de" * "76695918"
+## - VDSL
+"0029741693695511193970180001@t-online.de" * "84616024"
+
+## - Opferperspektive
+"feste-ip3/6TB9UZGGP1GK@t-online-com.de" * "53506202"
+
+## - ReachOut Berlin
+## - first (primary) line
+"ar2667509237" * "93925410"
+## - second line
+"ar1435496252" * "93925410"
+
+## - Sprachenatelier Berlin
+"0021920376975502683262730001@t-online.de" * "52167784"
+
+## - Warenform
+"feste-ip4/7TB02K2HZ4Q3@t-online-com.de" * "EadGl15E"
+
+## - ckubu
+"0025591824365511139967620001@t-online.de" * "67982653"
diff --git a/NONE-CKUBU/cron_root.NONE-CKUBU b/NONE-CKUBU/cron_root.NONE-CKUBU
new file mode 100644
index 0000000..6f59d3b
--- /dev/null
+++ b/NONE-CKUBU/cron_root.NONE-CKUBU
@@ -0,0 +1,35 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.WiXOQE/crontab installed on Sun May  6 17:52:10 2018)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+
+PATH=/root/bin/admin-stuff:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+@reboot systemctl stop isc-dhcp-server
+@reboot systemctl stop ipt-firewall
+
+
+# - Copy gateway configuration
+# -
+13 4 * * * /root/bin/manage-gw-config/copy_gateway-config.sh NONE-CKUBU
diff --git a/NONE-CKUBU/ddclient.conf.NONE-CKUBU b/NONE-CKUBU/ddclient.conf.NONE-CKUBU
new file mode 100644
index 0000000..8a35e9b
--- /dev/null
+++ b/NONE-CKUBU/ddclient.conf.NONE-CKUBU
@@ -0,0 +1,11 @@
+# Configuration file for ddclient generated by debconf
+#
+# /etc/ddclient.conf
+
+protocol=dyndns2
+use=if, if=ppp0
+server=members.dyndns.org
+login=ckubu
+password='ckubu100'
+mail=argus@oopen.de
+ckubu.homelinux.org
diff --git a/NONE-CKUBU/default_isc-dhcp-server.NONE-CKUBU b/NONE-CKUBU/default_isc-dhcp-server.NONE-CKUBU
new file mode 100644
index 0000000..3fb715c
--- /dev/null
+++ b/NONE-CKUBU/default_isc-dhcp-server.NONE-CKUBU
@@ -0,0 +1,21 @@
+# Defaults for isc-dhcp-server initscript
+# sourced by /etc/init.d/isc-dhcp-server
+# installed at /etc/default/isc-dhcp-server by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPD_CONF=/etc/dhcp/dhcpd.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPD_PID=/var/run/dhcpd.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="eth1"
diff --git a/NONE-CKUBU/dhcpd.conf.NONE-CKUBU b/NONE-CKUBU/dhcpd.conf.NONE-CKUBU
new file mode 100644
index 0000000..860dc6d
--- /dev/null
+++ b/NONE-CKUBU/dhcpd.conf.NONE-CKUBU
@@ -0,0 +1,109 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+option domain-name "example.org";
+option domain-name-servers ns1.example.org, ns2.example.org;
+
+default-lease-time 600;
+max-lease-time 7200;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+subnet 192.168.63.0 netmask 255.255.255.0 {
+}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.example.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/NONE-CKUBU/dhcpd6.conf.NONE-CKUBU b/NONE-CKUBU/dhcpd6.conf.NONE-CKUBU
new file mode 100644
index 0000000..87786b4
--- /dev/null
+++ b/NONE-CKUBU/dhcpd6.conf.NONE-CKUBU
@@ -0,0 +1,102 @@
+# Server configuration file example for DHCPv6
+# From the file used for TAHI tests - addresses chosen
+# to match TAHI rather than example block.
+
+# IPv6 address valid lifetime
+#  (at the end the address is no longer usable by the client)
+#  (set to 30 days, the usual IPv6 default)
+default-lease-time 2592000;
+
+# IPv6 address preferred lifetime
+#  (at the end the address is deprecated, i.e., the client should use
+#   other addresses for new connections)
+#  (set to 7 days, the	usual IPv6 default)
+preferred-lifetime 604800;
+
+# T1, the delay before Renew
+#  (default is 1/2 preferred lifetime)
+#  (set to 1 hour)
+option dhcp-renewal-time 3600;
+
+# T2, the delay before Rebind (if Renews failed)
+#  (default is 3/4 preferred lifetime)
+#  (set to 2 hours)
+option dhcp-rebinding-time 7200;
+
+# Enable RFC 5007 support (same than for DHCPv4)
+allow leasequery;
+
+# Global definitions for name server address(es) and domain search list
+option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
+option dhcp6.domain-search "test.example.com","example.com";
+
+# Set preference to 255 (maximum) in order to avoid waiting for
+# additional servers when there is only one
+##option dhcp6.preference 255;
+
+# Server side command to enable rapid-commit (2 packet exchange)
+##option dhcp6.rapid-commit;
+
+# The delay before information-request refresh
+#  (minimum is 10 minutes, maximum one day, default is to not refresh)
+#  (set to 6 hours)
+option dhcp6.info-refresh-time 21600;
+
+# Static definition (must be global)
+#host myclient {
+#	# The entry is looked up by this
+#	host-identifier option
+#		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
+#
+#	# A fixed address
+#	fixed-address6 3ffe:501:ffff:100::1234;
+#
+#	# A fixed prefix
+#	fixed-prefix6 3ffe:501:ffff:101::/64;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
+#
+#	# For debug (to see when the entry statements are executed)
+#	#  (log "sol" when a matching Solicitation is received)
+#	##if packet(0,1) = 1 { log(debug,"sol"); }
+#}
+#
+#host otherclient {
+#        # This host entry is hopefully matched if the client supplies a DUID-LL
+#        # or DUID-LLT containing this MAC address.
+#        hardware ethernet 01:00:80:a2:55:67;
+#
+#        fixed-address6 3ffe:501:ffff:100::4321;
+#}
+
+# The subnet where the server is attached
+#  (i.e., the server has an address in this subnet)
+#subnet6 3ffe:501:ffff:100::/64 {
+#	# Two addresses available to clients
+#	#  (the third client should get NoAddrsAvail)
+#	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
+#
+#	# Use the whole /64 prefix for temporary addresses
+#	#  (i.e., direct application of RFC 4941)
+#	range6 3ffe:501:ffff:100:: temporary;
+#
+#	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
+#	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
+#}
+
+# A second subnet behind a relay agent
+#subnet6 3ffe:501:ffff:101::/64 {
+#	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
+#
+#}
+
+# A third subnet behind a relay agent chain
+#subnet6 3ffe:501:ffff:102::/64 {
+#	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
+#}
diff --git a/NONE-CKUBU/email_notice.NONE-CKUBU b/NONE-CKUBU/email_notice.NONE-CKUBU
new file mode 100755
index 0000000..86fde2e
--- /dev/null
+++ b/NONE-CKUBU/email_notice.NONE-CKUBU
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
+
+
+file=/tmp/mail_ip-up$$
+admin_email=argus@oopen.de
+
+from_address=ip-up_`hostname`@oopen.de
+from_name="ip-up - ckubu local net"
+host=`hostname -f`
+
+echo "" > $file
+echo " *************************************************************" >> $file
+echo " *** This is an autogenerated mail from $host ***" >> $file
+echo "" >> $file
+echo " I brought up the ppp-daemon with the following" >> $file
+echo -e " parameters:\n" >> $file
+echo -e "\tInterface name...............: $PPP_IFACE" >> $file
+echo -e "\tThe tty......................: $PPP_TTY" >> $file
+echo -e "\tThe link speed...............: $PPP_SPEED" >> $file
+echo -e "\tLocal IP number..............: $PPP_LOCAL" >> $file
+echo -e "\tPeer  IP number..............: $PPP_REMOTE" >> $file
+if [ "$USEPEERDNS" ] && [ "$DNS1" ] ; then
+   echo -e "\tNameserver 1.................: $DNS1" >> $file
+   if [ "$DNS2" ] ; then
+      echo -e "\tNameserver 2.................: $DNS2" >> $file
+   fi
+fi
+
+
+echo -e "\tOptional \"ipparam\" value.....: $PPP_IPPARAM" >> $file
+echo "" >> $file
+echo -e "\tDate.........................: `date +\"%d.%m.%Y\"`" >> $file
+echo -e "\tTime.........................: `date +\"%H:%M:%S\"`" >> $file
+echo "" >> $file
+echo " **************************************************************" >> $file
+
+echo -e "To:${admin_email}\nSubject:$PPP_LOCAL\n`cat $file`" | /usr/sbin/sendmail -F "$from_name" -f $from_address $admin_email
+
+rm -f $file
+
diff --git a/NONE-CKUBU/generic.NONE-CKUBU b/NONE-CKUBU/generic.NONE-CKUBU
new file mode 100644
index 0000000..c53773a
--- /dev/null
+++ b/NONE-CKUBU/generic.NONE-CKUBU
@@ -0,0 +1,3 @@
+root@gw-replacement.local.netz      root_gw-replacement@oopen.de
+cron@gw-replacement.local.netz      cron_gw-replacement@oopen.de
+@gw-replacement.local.netz          other_gw-replacement@oopen.de
diff --git a/NONE-CKUBU/generic.db.NONE-CKUBU b/NONE-CKUBU/generic.db.NONE-CKUBU
new file mode 100644
index 0000000..6198ad3
Binary files /dev/null and b/NONE-CKUBU/generic.db.NONE-CKUBU differ
diff --git a/NONE-CKUBU/hostapd.conf.NONE-CKUBU b/NONE-CKUBU/hostapd.conf.NONE-CKUBU
new file mode 100644
index 0000000..1f008d9
--- /dev/null
+++ b/NONE-CKUBU/hostapd.conf.NONE-CKUBU
@@ -0,0 +1,138 @@
+# if you want to bridge the onboard eth0 and the 
+# wireless (USB) adapter's wlan0, this should work
+interface=wlan0
+bridge=br0
+
+# this is the driver that must be used for ath9k 
+# and other similar chipset devices
+driver=nl80211
+
+# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g,
+# Default: IEEE 802.11b
+# !! Note:
+#    the n-speeds get layered on top of 802.11g, so
+#    use hw_mode=g also for 802.11n
+hw_mode=g
+#hw_mode=a
+
+# ieee80211n: Whether IEEE 802.11n (HT) is enabled
+# 0 = disabled (default)
+# 1 = enabled
+# !! Note: 
+#    You will also need to enable WMM for full HT functionality.
+ieee80211n=1
+wmm_enabled=1
+
+# Channel number (IEEE 802.11)
+# (default: 0, i.e., not set)
+# Please note that some drivers do not use this value from hostapd and the
+# channel will need to be configured separately with iwconfig.
+## - 2.4 Ghz : hw_mode=g (ht_capab=[HT40+].. channel 1-9) 
+## -                     (ht_capab=[HT40-].. channel 5-11(13) )
+## -   5 Ghz : hw_mode=a (ht_capab=[HT40+].. channel 36,44 ) 
+## -                     (ht_capab=[HT40-].. channel 40)
+channel=7
+#channel=44
+
+# these have to be set in agreement w/ channel and 
+# some other values... read hostapd.conf docs
+#
+## - D-LINK DWA-552 (2.4 Ghz)
+## - MicroTIK RouterBOARD R52n-M (Dualband: 2.4 / 5 Ghz)
+## - MicroTIK RouterBOARD R52Hn (Dualband: 2.4 / 5 Ghz)
+## -
+ht_capab=[HT40-][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
+## -
+## - SR71-E Hi-Power (802.11a/b/g/n miniPCI-E Module)
+## -
+## -    5 Ghz -->channel 36
+## -
+#ht_capab=[HT40+][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
+#ht_capab=[SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
+## -
+## - D-LINK DWA-556 (PCIe) (2,4 / 5  Ghz)
+## -
+#ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40]
+## -
+## - Linksys WMP600N (Dualband: 2.4 / 5 Ghz)
+## -
+#ht_capab=[HT40+][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC12]
+
+
+#   adjust to fit your location
+country_code=DE
+
+
+# SSID to be used in IEEE 802.11 management frames
+ssid=WLAN-OOPEN
+
+# makes the SSID visible and broadcasted
+ignore_broadcast_ssid=0
+
+# IEEE 802.11 specifies two authentication algorithms. hostapd can be
+# configured to allow both of these or only one. Open system authentication
+# should be used with IEEE 802.1X.
+# Bit fields of allowed authentication algorithms:
+# bit 0 = Open System Authentication
+# bit 1 = Shared Key Authentication (requires WEP)
+#auth_algs=3
+auth_algs=1
+
+# bit0 = WPA
+# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
+wpa=3
+
+# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
+# entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be
+# added to enable SHA256-based stronger algorithms.
+# (dot11RSNAConfigAuthenticationSuitesTable)
+wpa_key_mgmt=WPA-PSK
+
+# WPA pre-shared keys for WPA-PSK.
+wpa_passphrase=WoAuchImmer
+
+# Set of accepted cipher suites (encryption algorithms) for pairwise keys
+# (unicast packets). This is a space separated list of algorithms:
+# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
+# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
+# Group cipher suite (encryption algorithm for broadcast and multicast frames)
+# is automatically selected based on this configuration. If only CCMP is
+# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
+# TKIP will be used as the group cipher.
+# (dot11RSNAConfigPairwiseCiphersTable)
+# Pairwise cipher for WPA (v1) (default: TKIP)
+wpa_pairwise=TKIP CCMP
+
+# Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value)
+rsn_pairwise=CCMP
+
+# Time interval for rekeying GTK (broadcast/multicast encryption keys) in
+# seconds. (dot11RSNAConfigGroupRekeyTime)
+wpa_group_rekey=600
+
+# Station MAC address -based authentication
+# Please note that this kind of access control requires a driver that uses
+# hostapd to take care of management frame processing and as such, this can be
+# used with driver=hostap or driver=nl80211, but not with driver=madwifi.
+# 0 = accept unless in deny list
+# 1 = deny unless in accept list
+# 2 = use external RADIUS server (accept/deny lists are searched first)
+macaddr_acl=0
+
+# Interface for separate control program. If this is specified, hostapd
+# will create this directory and a UNIX domain socket for listening to requests
+# from external programs (CLI/GUI, etc.) for status information and
+# configuration. The socket file will be named based on the interface name, so
+# multiple hostapd processes/interfaces can be run at the same time if more
+# than one interface is used.
+# /var/run/hostapd is the recommended directory for sockets and by default,
+# hostapd_cli will use it when trying to connect with hostapd.
+ctrl_interface=/var/run/hostapd
+
+
+#  debugging output - uncomment them to activate; issue  hostapd -d /etc/hostapd/hostapd.conf
+#  to get debugging info in visible/real-time form
+#logger_syslog=-1
+#logger_syslog_level=2
+#logger_stdout=-1
+#logger_stdout_level=2
diff --git a/NONE-CKUBU/hostname.NONE-CKUBU b/NONE-CKUBU/hostname.NONE-CKUBU
new file mode 100644
index 0000000..895b6b0
--- /dev/null
+++ b/NONE-CKUBU/hostname.NONE-CKUBU
@@ -0,0 +1 @@
+gw-replacement
diff --git a/NONE-CKUBU/hosts.NONE-CKUBU b/NONE-CKUBU/hosts.NONE-CKUBU
new file mode 100644
index 0000000..d0047ee
--- /dev/null
+++ b/NONE-CKUBU/hosts.NONE-CKUBU
@@ -0,0 +1,9 @@
+127.0.0.1	localhost
+127.0.1.1	gw-replacement.local.netz	gw-replacement
+
+# The following lines are desirable for IPv6 capable hosts
+::1     ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/NONE-CKUBU/igmpproxy.conf.NONE-CKUBU b/NONE-CKUBU/igmpproxy.conf.NONE-CKUBU
new file mode 100644
index 0000000..9f6e290
--- /dev/null
+++ b/NONE-CKUBU/igmpproxy.conf.NONE-CKUBU
@@ -0,0 +1,75 @@
+########################################################
+#
+#   Example configuration file for the IgmpProxy
+#   --------------------------------------------
+#
+#   The configuration file must define one upstream
+#   interface, and one or more downstream interfaces.
+#
+#   If multicast traffic originates outside the
+#   upstream subnet, the "altnet" option can be
+#   used in order to define legal multicast sources.
+#   (Se example...)
+#
+#   The "quickleave" should be used to avoid saturation
+#   of the upstream link. The option should only
+#   be used if it's absolutely nessecary to
+#   accurately imitate just one Client.
+#
+########################################################
+
+##------------------------------------------------------
+## Enable Quickleave mode (Sends Leave instantly)
+##------------------------------------------------------
+quickleave
+
+
+##------------------------------------------------------
+## Configuration for eth0 (Upstream Interface)
+##------------------------------------------------------
+#phyint eth0 upstream  ratelimit 0  threshold 1
+#        altnet 10.0.0.0/8 
+#        altnet 192.168.0.0/24
+##------------------------------------------------------
+## Configuration for ppp0 (Upstream Interface)
+##------------------------------------------------------
+#phyint ppp0 upstream  ratelimit 0  threshold 1
+phyint eth2.8 upstream  ratelimit 0  threshold 1
+        altnet 217.0.119.194/24
+        altnet 193.158.35.0/24;
+        altnet 239.35.100.6/24;
+        altnet 93.230.64.0/19;
+        altnet 192.168.63.0/24;
+        #
+        #altnet 192.168.63.5/32;
+        #altnet 192.168.63.40/32;
+
+
+##------------------------------------------------------
+## Configuration for eth1 (Downstream Interface)
+##------------------------------------------------------
+#phyint br0 downstream  ratelimit 0  threshold 1
+phyint eth1 downstream  ratelimit 0  threshold 1
+        # IP der TV-Box
+        altnet 192.168.63.0/24;
+        #altnet 192.168.63.5/32;
+        #altnet 192.168.63.40/32;
+
+
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+#phyint eth2 disabled
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+phyint eth0 disabled
+phyint eth2 disabled
+phyint eth2.7 disabled
+phyint eth1:0 disabled
+phyint eth1:wf disabled
+phyint ppp0 disabled
+phyint tun0 disabled
+phyint lo disabled
+
+
diff --git a/NONE-CKUBU/interfaces.NONE-CKUBU b/NONE-CKUBU/interfaces.NONE-CKUBU
new file mode 100644
index 0000000..59e8900
--- /dev/null
+++ b/NONE-CKUBU/interfaces.NONE-CKUBU
@@ -0,0 +1,16 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+auto eth1
+iface eth1 inet static
+   address 192.168.63.253
+   network 192.168.63.0
+   netmask 255.255.255.0
+   broadcast 192.168.63.255
+   gateway 192.168.63.254
+
+
diff --git a/NONE-CKUBU/ipt-firewall.service.NONE-CKUBU b/NONE-CKUBU/ipt-firewall.service.NONE-CKUBU
new file mode 100644
index 0000000..9842090
--- /dev/null
+++ b/NONE-CKUBU/ipt-firewall.service.NONE-CKUBU
@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+SyslogIdentifier="ipt-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/NONE-CKUBU/ipt-firewall/ban_ipv4.list.sample b/NONE-CKUBU/ipt-firewall/ban_ipv4.list.sample
new file mode 100644
index 0000000..10b7da3
--- /dev/null
+++ b/NONE-CKUBU/ipt-firewall/ban_ipv4.list.sample
@@ -0,0 +1,22 @@
+# - IPv4 addresses listet here will be completly banned by the firewall
+# -
+# -    - Line beginning with '#' will be ignored.
+# -    - Blank lines will be ignored
+# -    - Only the first entry (until space sign or end of line) of each line will be considered.
+# -
+# - Valid values are:
+# -    complete IPv4 adresses like 1.2.3.4 (will be converted to 1.2.3.0/32)
+# -    partial IPv4 addresses like 1.2.3 (will be converted to 1.2.3.0/24)
+# -    network/nn CIDR notation like 1.2.3.0/27
+# -    network/netmask notaions like 1.2.3.0/255.255.255.0
+# -    network/partial_netmask  like 1.2.3.4/255
+# -
+# - Note: 
+# -    - wrong addresses like 1.2.3.256 or 1.2.3.4/33 will be ignored
+# -
+# - Example:
+# -    79.171.81.0/24
+# -    79.171.81.0/255.255.255.0
+# -    79.171.81.0/255.255.255
+# -    79.171.81
+
diff --git a/NONE-CKUBU/ipt-firewall/default_ports.conf b/NONE-CKUBU/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..a6ee932
--- /dev/null
+++ b/NONE-CKUBU/ipt-firewall/default_ports.conf
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/NONE-CKUBU/ipt-firewall/include_functions.conf b/NONE-CKUBU/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/NONE-CKUBU/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/NONE-CKUBU/ipt-firewall/interfaces_ipv4.conf b/NONE-CKUBU/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..948810e
--- /dev/null
+++ b/NONE-CKUBU/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth1"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1=""
+local_if_2=""
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/NONE-CKUBU/ipt-firewall/load_modules_ipv4.conf b/NONE-CKUBU/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/NONE-CKUBU/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/NONE-CKUBU/ipt-firewall/load_modules_ipv6.conf b/NONE-CKUBU/ipt-firewall/load_modules_ipv6.conf
new file mode 100644
index 0000000..2c55689
--- /dev/null
+++ b/NONE-CKUBU/ipt-firewall/load_modules_ipv6.conf
@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle
diff --git a/NONE-CKUBU/ipt-firewall/logging_ipv4.conf b/NONE-CKUBU/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..e653972
--- /dev/null
+++ b/NONE-CKUBU/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/NONE-CKUBU/ipt-firewall/logging_ipv6.conf b/NONE-CKUBU/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..a024215
--- /dev/null
+++ b/NONE-CKUBU/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/NONE-CKUBU/ipt-firewall/main_ipv4.conf b/NONE-CKUBU/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..561bd7f
--- /dev/null
+++ b/NONE-CKUBU/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1357 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+
+_ips="$(ip a | grep "inet " | awk '{print$2}' | cut -d'/' -f1)"
+for _ip in $_ips ; do
+   gateway_ipv4_address_arr+=("$_ip")
+   done
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# - =====
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                      86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip=""
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks=""
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195 1196"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - Ist this Gateway DHCP Client?
+# - 
+# - local_dhcp_client_interfaces="<interface1> [<interface> [.."
+# -
+# - Example:
+# -    dhcp_client_interfaces="$ext_if_static_1"
+# -
+dhcp_client_interfaces=""
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - Blank separated list
+# -
+http_server_only_local_ips=""
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - SMTP server (i.e. mail relay service) Gateway
+# -
+local_smtp_service=false
+
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+samba_server_local_ips=""
+
+# - Samba Service DMZ
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+# - Blank separated list of ip's
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips=""
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=false
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - Blank seoarated list
+# -
+ipmi_server_ips=""
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_ports="623 5900"
+ipmi_tcp_ports="80 443 623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - Blank separated list
+# -
+printer_ips=""
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips=""
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade (NAT) networks
+# -
+# -    nat_networks="<src-network>:<output-device> [<src-network>:<output-device>] [.."
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -    nat_network="172.16.1.0/24:${local_if_2}
+# -                 172.16.63.0/24:${ext_if_static_1}"
+# -
+# - 172.16.1.0/24    Rescue network (routers)
+# -
+nat_networks=""
+
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+# -    192.168.64.55: Repeater TP-Link TL-WA850RE
+# -
+# - Blank separated list
+# -
+masquerade_tcp_cons=""
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# - Blank separated list
+# -
+portforward_tcp=""
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+llow_cisco_vpn_out=true
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=false
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=true
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=false
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14"
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/NONE-CKUBU/ipt-firewall/post_decalrations.conf b/NONE-CKUBU/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..7d0e9bf
--- /dev/null
+++ b/NONE-CKUBU/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/NONE-CKUBU/isc-dhcp6-server.NONE-CKUBU b/NONE-CKUBU/isc-dhcp6-server.NONE-CKUBU
new file mode 100755
index 0000000..071e1f8
--- /dev/null
+++ b/NONE-CKUBU/isc-dhcp6-server.NONE-CKUBU
@@ -0,0 +1,116 @@
+#!/bin/sh
+#
+#
+
+### BEGIN INIT INFO
+# Provides:          isc-dhcp6-server
+# Required-Start:    $remote_fs $network $syslog
+# Required-Stop:     $remote_fs $network $syslog
+# Should-Start:      $local_fs slapd $named
+# Should-Stop:       $local_fs slapd
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: DHCPv6 server
+# Description:       Dynamic Host Configuration Protocol Server
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+OPTIONS="-6"
+
+test -f /usr/sbin/dhcpd || exit 0
+
+DHCPD_DEFAULT="${DHCPD_DEFAULT:-/etc/default/isc-dhcp6-server}"
+
+# It is not safe to start if we don't have a default configuration...
+if [ ! -f "$DHCPD_DEFAULT" ]; then
+	echo "$DHCPD_DEFAULT does not exist! - Aborting..."
+	if [ "$DHCPD_DEFAULT" = "/etc/default/isc-dhcp-server" ]; then
+		echo "Run 'dpkg-reconfigure isc-dhcp-server' to fix the problem."
+	fi
+	exit 0
+fi
+
+. /lib/lsb/init-functions
+
+# Read init script configuration
+[ -f "$DHCPD_DEFAULT" ] && . "$DHCPD_DEFAULT"
+
+NAME=dhcpd6
+DESC="ISC DHCPv6 server"
+# fallback to default config file
+DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpd6.conf}
+# try to read pid file name from config file, with fallback to /var/run/dhcpd.pid
+if [ -z "$DHCPD_PID" ]; then
+	DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"(.*)"[ \t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1)
+fi
+DHCPD_PID="${DHCPD_PID:-/var/run/dhcpd6.pid}"
+
+test_config()
+{
+	if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 2>&1; then
+		echo "dhcpd self-test failed. Please fix $DHCPD_CONF."
+		echo "The error was: "
+		/usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF"
+		exit 1
+	fi
+}
+
+# single arg is -v for messages, -q for none
+check_status()
+{
+    if [ ! -r "$DHCPD_PID" ]; then
+	test "$1" != -v || echo "$NAME is not running."
+	return 3
+    fi
+    if read pid < "$DHCPD_PID" && ps -p "$pid" > /dev/null 2>&1; then
+	test "$1" != -v || echo "$NAME is running."
+	return 0
+    else
+	test "$1" != -v || echo "$NAME is not running but $DHCPD_PID exists."
+	return 1
+    fi
+}
+
+case "$1" in
+	start)
+		test_config
+		log_daemon_msg "Starting $DESC" "$NAME"
+		start-stop-daemon --start --quiet --pidfile "$DHCPD_PID" \
+			--exec /usr/sbin/dhcpd -- \
+			-q $OPTIONS -cf "$DHCPD_CONF" -pf "$DHCPD_PID" $INTERFACES
+		sleep 2
+
+		if check_status -q; then
+			log_end_msg 0
+		else
+			log_failure_msg "check syslog for diagnostics."
+			log_end_msg 1
+			exit 1
+		fi
+		;;
+	stop)
+		log_daemon_msg "Stopping $DESC" "$NAME"
+		start-stop-daemon --stop --quiet --pidfile "$DHCPD_PID"
+		log_end_msg $?
+		rm -f "$DHCPD_PID"
+		;;
+	restart | force-reload)
+		test_config
+		$0 stop
+		sleep 2
+		$0 start
+		if [ "$?" != "0" ]; then
+			exit 1
+		fi
+		;;
+	status)
+		echo -n "Status of $DESC: "
+		check_status -v
+		exit "$?"
+		;;
+	*)
+		echo "Usage: $0 {start|stop|restart|force-reload|status}"
+		exit 1 
+esac
+
+exit 0
diff --git a/NONE-CKUBU/mailname.NONE-CKUBU b/NONE-CKUBU/mailname.NONE-CKUBU
new file mode 100644
index 0000000..dae701f
--- /dev/null
+++ b/NONE-CKUBU/mailname.NONE-CKUBU
@@ -0,0 +1 @@
+gw-replacement.local.netz
diff --git a/NONE-CKUBU/main.cf.NONE-CKUBU b/NONE-CKUBU/main.cf.NONE-CKUBU
new file mode 100644
index 0000000..8003a63
--- /dev/null
+++ b/NONE-CKUBU/main.cf.NONE-CKUBU
@@ -0,0 +1,70 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = gw-replacement.local.netz
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+
+myorigin = /etc/mailname
+mydestination = gw-replacement.local.netz, 
+                localhost
+
+mynetworks = 127.0.0.0/8,
+             #[::ffff:127.0.0.0]/104 
+             #[::1]/128
+             192.168.63.253/32
+mailbox_command = procmail -a "$EXTENSION"
+mailbox_size_limit = 0
+recipient_delimiter = +
+#inet_interfaces = all
+
+inet_protocols = ipv4
+inet_interfaces = 127.0.0.1,
+                  #[::ffff:127.0.0.0]/104,
+                  #[::1]/128,
+                  192.168.63.253
+
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
diff --git a/NONE-CKUBU/openvpn/update-resolv-conf b/NONE-CKUBU/openvpn/update-resolv-conf
new file mode 100755
index 0000000..8306380
--- /dev/null
+++ b/NONE-CKUBU/openvpn/update-resolv-conf
@@ -0,0 +1,54 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk> 
+# and Chris Hanson
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+#
+# 05/2006 chlauber@bnc.ch
+# 
+# Example envs set from openvpn:
+# foreign_option_1='dhcp-option DNS 193.43.27.132'
+# foreign_option_2='dhcp-option DNS 193.43.27.133'
+# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+
+[ -x /sbin/resolvconf ] || exit 0
+
+case $script_type in
+
+up)
+	for optionname in ${!foreign_option_*} ; do
+		option="${!optionname}"
+		echo $option
+		part1=$(echo "$option" | cut -d " " -f 1)
+		if [ "$part1" == "dhcp-option" ] ; then
+			part2=$(echo "$option" | cut -d " " -f 2)
+			part3=$(echo "$option" | cut -d " " -f 3)
+			if [ "$part2" == "DNS" ] ; then
+				IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
+			fi
+			if [ "$part2" == "DOMAIN" ] ; then
+				IF_DNS_SEARCH="$part3"
+			fi
+		fi
+	done
+	R=""
+	if [ "$IF_DNS_SEARCH" ] ; then
+        	R="${R}search $IF_DNS_SEARCH
+"
+	fi
+	for NS in $IF_DNS_NAMESERVERS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.inet"
+	;;
+down)
+	/sbin/resolvconf -d "${dev}.inet"
+	;;
+esac
+
diff --git a/NONE-CKUBU/pap-secrets.NONE-CKUBU b/NONE-CKUBU/pap-secrets.NONE-CKUBU
new file mode 100644
index 0000000..85a05a1
--- /dev/null
+++ b/NONE-CKUBU/pap-secrets.NONE-CKUBU
@@ -0,0 +1,89 @@
+#
+# /etc/ppp/pap-secrets
+#
+# This is a pap-secrets file to be used with the AUTO_PPP function of
+# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
+# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
+# after a user has passed this file. Don't be disturbed therefore by the fact
+# that this file defines logins with any password for users. /etc/passwd
+# (again, /etc/shadow, too) will catch passwd mismatches.
+#
+# This file should block ALL users that should not be able to do AUTO_PPP.
+# AUTO_PPP bypasses the usual login program so it's necessary to list all
+# system userids with regular passwords here.
+#
+# ATTENTION: The definitions here can allow users to login without a
+# password if you don't use the login option of pppd! The mgetty Debian
+# package already provides this option; make sure you don't change that.
+
+# INBOUND connections
+
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+*	hostname	""	*
+
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd!
+guest	hostname	"*"	-
+master	hostname	"*"	-
+root	hostname	"*"	-
+support	hostname	"*"	-
+stats	hostname	"*"	-
+
+# OUTBOUND connections
+
+# Here you should add your userid password to connect to your providers via
+# PAP. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+
+#	*	password
+
+## - Aktionsbuendnis
+"feste-ip9/1TBGC27CYX92@t-online-com.de" * "7FbmJz7L"
+
+## - Anwaltskanzlei - Karl-Marx_Strasse (anw-km)
+"0017005041965502052728690001@t-online.de" * "62812971"
+
+## - Anwaltskanzlei - Urbanstrasse (anw-urb)
+"0019673090265502751343110001@t-online.de" * "85593499"
+
+## - B3 Bornim
+"t-online-com/8TB0LIXKXV82@t-online-com.de" * "38460707"
+
+## - Fluechlingsrat BRB
+"0022044435885511150351780001@t-online.de" * "27475004"
+
+## - Jonas
+"0023866648325511093506040001@t-online.de" * "13635448"
+
+## - Kanzlei Kiel
+## - DSL
+"ar0284280107" * "39457541"
+## - VDSL
+"ab3391185321" * "jhecfmvk"
+
+## - MBR Berlin
+## - DSL
+"0019507524965100021004430001@t-online.de" * "76695918"
+## - VDSL
+"0029741693695511193970180001@t-online.de" * "84616024"
+
+## - Opferperspektive
+"feste-ip3/6TB9UZGGP1GK@t-online-com.de" * "53506202"
+
+## - Sprachenatelier Berlin
+"0021920376975502683262730001@t-online.de" * "52167784"
+
+## - ReachOut Berlin
+## - first (primary) line
+"ar2667509237" * "93925410"
+## - second line
+"ar1435496252" * "93925410"
+
+## - Warenform
+"feste-ip4/7TB02K2HZ4Q3@t-online-com.de" * "EadGl15E"
+
+## - ckubu
+"0025591824365511139967620001@t-online.de" * "67982653"
diff --git a/NONE-CKUBU/peers/dsl-provider b/NONE-CKUBU/peers/dsl-provider
new file mode 100644
index 0000000..1cb87df
--- /dev/null
+++ b/NONE-CKUBU/peers/dsl-provider
@@ -0,0 +1,19 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+plugin rp-pppoe.so eth2.7
+#user "feste-ip7/9TB3EGVM46Z6@t-online-com.de"
+## - second line kanzlei undine
+#user "0012047971635502977079530001@t-online.de"
+user "0025591824365511139967620001@t-online.de"
diff --git a/NONE-CKUBU/peers/provider b/NONE-CKUBU/peers/provider
new file mode 100644
index 0000000..e74d71a
--- /dev/null
+++ b/NONE-CKUBU/peers/provider
@@ -0,0 +1,35 @@
+# example configuration for a dialup connection authenticated with PAP or CHAP
+#
+# This is the default configuration used by pon(1) and poff(1).
+# See the manual page pppd(8) for information on all the options.
+
+# MUST CHANGE: replace myusername@realm with the PPP login name given to
+# your by your provider.
+# There should be a matching entry with the password in /etc/ppp/pap-secrets
+# and/or /etc/ppp/chap-secrets.
+user "myusername@realm"
+
+# MUST CHANGE: replace ******** with the phone number of your provider.
+# The /etc/chatscripts/pap chat script may be modified to change the
+# modem initialization string.
+connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
+
+# Serial device to which the modem is connected.
+/dev/modem
+
+# Speed of the serial line.
+115200
+
+# Assumes that your IP address is allocated dynamically by the ISP.
+noipdefault
+# Try to get the name server addresses from the ISP.
+usepeerdns
+# Use this connection as the default route.
+defaultroute
+
+# Makes pppd "dial again" when the connection is lost.
+persist
+
+# Do not ask the remote to authenticate.
+noauth
+
diff --git a/NONE-CKUBU/radvd.conf.NONE-CKUBU b/NONE-CKUBU/radvd.conf.NONE-CKUBU
new file mode 100644
index 0000000..8eea1dd
--- /dev/null
+++ b/NONE-CKUBU/radvd.conf.NONE-CKUBU
@@ -0,0 +1,29 @@
+interface eth1
+{
+   AdvManagedFlag on;
+   AdvSendAdvert on;
+   AdvLinkMTU 1280;
+   #AdvOtherConfigFlag on;
+
+   #prefix 2001:6f8:107e:63::/64
+   #{
+   #   AdvOnLink on;
+   #   AdvAutonomous on;
+   #   AdvRouterAddr on;
+   #};
+};
+
+interface br0
+{
+   AdvManagedFlag on;
+   AdvSendAdvert on;
+   AdvLinkMTU 1280;
+   #AdvOtherConfigFlag on;
+
+   #prefix 2001:6f8:107e:64::/64
+   #{
+   #   AdvOnLink on;
+   #   AdvAutonomous on;
+   #   AdvRouterAddr on;
+   #};
+};
diff --git a/NONE-CKUBU/rc.local.NONE-CKUBU b/NONE-CKUBU/rc.local.NONE-CKUBU
new file mode 100755
index 0000000..88131ff
--- /dev/null
+++ b/NONE-CKUBU/rc.local.NONE-CKUBU
@@ -0,0 +1,18 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+# By default this script does nothing.
+
+#if ! cat /proc/swaps | grep -q "/dev/sda2" ; then
+#   swapon -p 1 /dev/sda2 > /dev/null 2>&1 || /bin/true
+#fi
+
+exit 0
diff --git a/NONE-CKUBU/resolv.conf.NONE-CKUBU b/NONE-CKUBU/resolv.conf.NONE-CKUBU
new file mode 100644
index 0000000..2b703fd
--- /dev/null
+++ b/NONE-CKUBU/resolv.conf.NONE-CKUBU
@@ -0,0 +1,3 @@
+domain local.netz
+search local.netz
+nameserver 127.0.0.1
diff --git a/NONE-CKUBU/sasl_passwd.NONE-CKUBU b/NONE-CKUBU/sasl_passwd.NONE-CKUBU
new file mode 100644
index 0000000..c93d772
--- /dev/null
+++ b/NONE-CKUBU/sasl_passwd.NONE-CKUBU
@@ -0,0 +1 @@
+[b.mx.oopen.de] ckubu@b.mx.oopen.de:3q4b2SqCcbqNZwdp
diff --git a/NONE-CKUBU/sasl_passwd.db.NONE-CKUBU b/NONE-CKUBU/sasl_passwd.db.NONE-CKUBU
new file mode 100644
index 0000000..23751fb
Binary files /dev/null and b/NONE-CKUBU/sasl_passwd.db.NONE-CKUBU differ
diff --git a/NONE-CKUBU/sbin/disk-action b/NONE-CKUBU/sbin/disk-action
new file mode 100755
index 0000000..079f1e7
--- /dev/null
+++ b/NONE-CKUBU/sbin/disk-action
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+BASENAME="${0##*/}"
+ACTION="$1"
+MOUNT_POINT="$2"
+
+transmission_try_start() {
+    . /etc/default/transmission-daemon
+    if [ $(expr "${BASE_DIR}/" : "${MOUNT_POINT}/") -gt 0 ]; then
+	sed -r 's/^ENABLE_DAEMON=.*$/ENABLE_DAEMON=1/' < /etc/default/transmission-daemon > /tmp/.transmission-daemon.$$
+	cat /tmp/.transmission-daemon.$$ > /etc/default/transmission-daemon
+	rm  /tmp/.transmission-daemon.$$
+	if [ "$(pidof transmission-daemon)" != "" ]; then
+	    killall -9 transmission-daemon 2>&1 >/dev/null
+	    sleep 1
+	fi
+	xMASK=$(umask); umask 0000
+	[ ! -d "${BASE_DIR}"     ] && mkdir -p "${BASE_DIR}"
+	[ ! -d "${CONFIG_DIR}"   ] && mkdir -p "${CONFIG_DIR}"
+	[ ! -d "${DOWNLOAD_DIR}" ] && mkdir -p "${DOWNLOAD_DIR}"
+	[ ! -d "${WATCH_DIR}"    ] && mkdir -p "${WATCH_DIR}"
+	[ ! -f "${CONFIG_DIR}/settings.json" ] && cp "/var/lib/transmission/settings.json.template" "${CONFIG_DIR}/settings.json" 
+	umask ${xMASK}
+	/etc/init.d/transmission-daemon start 2>&1 >/dev/null
+    fi
+}
+
+transmission_try_stop() {
+    . /etc/default/transmission-daemon
+    if [ $(expr "${BASE_DIR}/" : "${MOUNT_POINT}/") -gt 0 ]; then
+	sed -r 's/^ENABLE_DAEMON=.*$/ENABLE_DAEMON=0/' < /etc/default/transmission-daemon > /tmp/.transmission-daemon.$$
+	cat /tmp/.transmission-daemon.$$ > /etc/default/transmission-daemon
+	rm  /tmp/.transmission-daemon.$$
+	if [ "$(pidof transmission-daemon)" != "" ]; then
+	    killall -9 transmission-daemon 2>&1 >/dev/null
+	fi
+    fi
+}
+
+logger -t $BASENAME "$@ --> BEGIN"
+
+case "$1" in
+    add)
+	transmission_try_start
+    ;;
+    remove)
+	transmission_try_stop
+    ;;
+    *)
+	echo "Use: $0 (add|remove) /mount/point"
+esac
+
+logger -t $BASENAME "$@ --> END"
diff --git a/NONE-CKUBU/sbin/ipt-firewall-gateway b/NONE-CKUBU/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..223a537
--- /dev/null
+++ b/NONE-CKUBU/sbin/ipt-firewall-gateway
@@ -0,0 +1,4132 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      # - ?? - Don't know which rule is the right one
+      # -
+      #$ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -s ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+
+# ---
+# - Block IPs/Netwoks reading from file 'ban_ipv4.list'"
+# ---
+
+echononl "\tBlock IPs/Netwoks reading from file 'ban_ipv4.list' .."
+
+if [[ -f "${ipt_conf_dir}/ban_ipv4.list" ]] ; then
+
+   declare -a octets
+   declare -i index
+
+   while IFS='' read -r _line || [[ -n $_line ]] ; do
+
+      is_valid_ipv4=true
+      is_valid_mask=true
+      ipv4=""
+      mask=""
+      
+      # Ignore comment lines
+      #
+      [[ $_line =~ ^[[:space:]]{0,}# ]] && continue
+
+      # Ignore blank lines
+      #
+      [[ $_line =~ ^[[:space:]]*$ ]] && continue
+
+      # Remove leading whitespace characters
+      #
+      _line="${_line#"${_line%%[![:space:]]*}"}"
+
+
+      # Catch IPv4 Address
+      #
+      given_ipv4="$(echo  $_line | cut -d ' ' -f1)"
+
+
+      # Splitt Ipv4 address from possible given CIDR number
+      #
+      IFS='/' read -ra _addr <<< "$given_ipv4"
+      _ipv4="${_addr[0]}"
+
+      if [[ -n "${_addr[1]}" ]] ; then
+         _mask="${_addr[1]}"
+         test_netmask=false
+
+         # Is 'mask' a valid CIDR number? If not, test agains a valid netmask
+         #
+         if $(test -z "${_mask##*[!0-9]*}" > /dev/null 2>&1) ; then
+
+            # Its not a vaild mask number, but naybe a valit netmask.
+            # 
+            test_netmask=true
+         else
+            if [[ $_mask -gt 32 ]]; then
+
+               # Its not a vaild cidr number, but naybe a valit netmask.
+               # 
+               test_netmask=true
+            else
+
+               # OK, we have a vaild cidr number between '0' and '32'
+               #
+               mask=$_mask
+            fi
+         fi
+
+         # Test if given '_mask' is a valid netmask.
+         #
+         if $test_netmask ; then
+            octets=( ${_mask//\./ } )
+
+            # Complete netmask if necessary
+            #
+            while [[ ${#octets[@]} -lt 4 ]]; do
+               octets+=(0)
+            done
+
+            [[ ${#octets[@]} -gt 4 ]] && is_valid_mask=false
+
+            index=0
+            for octet in ${octets[@]} ; do
+               if [[ ${octet} =~ ^[0-9]{1,3}$ ]] ; then
+                  if [[ $octet -gt 255 ]] ; then
+                     is_valid_mask=false
+                  fi
+                  if [[ $index -gt 0 ]] ; then
+                     mask="${mask}.${octet}"
+                  else
+                     mask="${octet}"
+                  fi
+                  
+               else
+                  is_valid_mask=false
+               fi
+
+               ((index++))
+            done
+         fi
+
+         adjust_mask=false
+      else
+         mask=32
+         adjust_mask=true
+      fi
+
+      # Splitt given address into their octets
+      #
+      octets=( ${_ipv4//\./ } )
+
+      # Complete IPv4 address if necessary
+      #
+      while [[ ${#octets[@]} -lt 4 ]]; do
+         octets+=(0)
+
+         # Only adjust CIDR number if not given
+         #
+         if $adjust_mask ; then
+            mask="$(expr $mask - 8)"
+         fi
+      done
+
+      # Pre-check if given IPv4 Address seems to be a valid address
+      #
+      [[ ${#octets[@]} -gt 4 ]] && is_valid_ipv4=false
+
+      # Check if given IPv4 Address is a valid address
+      #
+      if $is_valid_ipv4 ; then
+         index=0
+         for octet in ${octets[@]} ; do
+            if [[ ${octet} =~ ^[0-9]{1,3}$ ]] ; then
+               if [[ $octet -gt 255 ]] ; then
+                  is_valid_ipv4=false
+               fi
+               if [[ $index -gt 0 ]] ; then
+                  ipv4="${ipv4}.${octet}"
+               else
+                  ipv4="${octet}"
+               fi
+               
+            else
+               is_valid_ipv4=false
+            fi
+
+            ((index++))
+         done
+      fi
+
+      if $is_valid_ipv4 && $is_valid_mask; then
+
+         _ip="${ipv4}/${mask}"
+
+         for _dev in ${ext_if_arr[@]} ; do
+            if $log_blocked_ip || $log_all ; then
+               $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+               if $kernel_activate_forwarding ; then
+                  $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+               fi
+            fi
+            $ipt -A INPUT -i $_dev -s $_ip -j DROP
+            if $kernel_activate_forwarding ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+            fi
+         done
+
+
+      else
+         msg="$msg '${given_ipv4}'"
+      fi
+
+   done < "${ipt_conf_dir}/ban_ipv4.list"
+   echo_done
+
+   if [[ -n "$msg" ]]; then
+      warn "Ignored:$msg"
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ipt -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/NONE-CKUBU/sbin/ipt-firewall-gateway.ALT b/NONE-CKUBU/sbin/ipt-firewall-gateway.ALT
new file mode 100755
index 0000000..429d815
--- /dev/null
+++ b/NONE-CKUBU/sbin/ipt-firewall-gateway.ALT
@@ -0,0 +1,3713 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   #$ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      #$ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Accesspoints
+# ---
+
+echononl "\t\tUbiquiti Unifi Accesspoints"
+if [[ ${#unifi_controller_gateway_ip_arr[@]} -gt 0 ]] || [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] ; then
+      if [[ ${#unifi_controller_gateway_ip_arr[@]} -gt 0 ]] ; then
+
+         for _ip_ctl in ${unifi_controller_gateway_ip_arr[@]} ; do
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A INPUT -i $_dev -p tcp -d $_ip_ctl -m multiport --dports $unify_controller_ports -m conntrack --ctstate NEW -j ACCEPT
+               if $provide_hotspot ; then
+                  $ipt -A INPUT -i $_dev -p tcp -d $_ip_ctl -m multiport --dports $hotspot_ports -m conntrack --ctstate NEW -j ACCEPT
+               fi
+            done
+
+         done
+      fi
+
+      if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] ; then
+         for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_controller_ports -m conntrack --ctstate NEW -j ACCEPT
+               if $provide_hotspot ; then
+                  $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl -m multiport --dports $hotspot_ports -m conntrack --ctstate NEW -j ACCEPT
+               fi
+            done
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if $kernel_activate_forwarding && $local_alias_interfaces ; then
+               $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_controller_ports --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_controller_ports --tcp-flag ACK ACK -j ACCEPT
+               if $provide_hotspot ; then
+                  $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $hotspot_ports --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $hotspot_ports --tcp-flag ACK ACK -j ACCEPT
+               fi
+            fi
+
+         done
+      fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/NONE-CKUBU/sbin/rebind b/NONE-CKUBU/sbin/rebind
new file mode 100755
index 0000000..0661cae
--- /dev/null
+++ b/NONE-CKUBU/sbin/rebind
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+case "$1" in
+	on)
+		set -x
+		mount --bind /proc    /ro/proc
+		mount --bind /sys     /ro/sys
+		mount --bind /dev     /ro/dev
+		mount --bind /dev/pts /ro/dev/pts
+	;;
+	off)
+		set -x
+		umount /ro/dev/pts
+		umount /ro/dev
+		umount /ro/sys
+		umount /ro/proc
+	;;
+	*)
+		echo "Use: $0 (on|off)"
+esac
diff --git a/NONE-CKUBU/sbin/synctime b/NONE-CKUBU/sbin/synctime
new file mode 100755
index 0000000..b623feb
--- /dev/null
+++ b/NONE-CKUBU/sbin/synctime
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+NOW=$(date +%s)
+INTERVAL=$[ 8 * 60 * 60 ]  # 8 hs
+CONTROL=/tmp/.lastSyncTime
+
+sync_time() {
+    ntpdate-debian -s  || exit 1
+    hwclock --systohc  || exit 1
+    touch ${CONTROL}
+}
+
+[ ! -f ${CONTROL} ] && sync_time && exit 0
+
+SYNCRONIZED=$(stat -c %Y ${CONTROL})
+SECONDS=$[ ${NOW} - ${SYNCRONIZED} ]
+
+[ ${SECONDS} -gt ${INTERVAL} ] && sync_time && exit 0
+[ ${SECONDS} -lt 0           ] && sync_time && exit 0
+
+exit 0
diff --git a/NONE-CKUBU/sbin/tmpsize b/NONE-CKUBU/sbin/tmpsize
new file mode 100755
index 0000000..40cfab3
--- /dev/null
+++ b/NONE-CKUBU/sbin/tmpsize
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+mount -t tmpfs | cut -d' ' -f3 | \
+while read MOUNT_POINT; do
+    mount -o remount,size=30M ${MOUNT_POINT}
+done
diff --git a/NONE-CKUBU/sbin/usb-leds-on-off b/NONE-CKUBU/sbin/usb-leds-on-off
new file mode 100755
index 0000000..0deba49
--- /dev/null
+++ b/NONE-CKUBU/sbin/usb-leds-on-off
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+[ -e "/sys/class/leds/alix:${2}/brightness"  ] && {
+	/bin/echo ${1} > "/sys/class/leds/alix:${2}/brightness"
+}
diff --git a/NONE-CKUBU/src/check_net b/NONE-CKUBU/src/check_net
new file mode 160000
index 0000000..6bde0e7
--- /dev/null
+++ b/NONE-CKUBU/src/check_net
@@ -0,0 +1 @@
+Subproject commit 6bde0e7c07c4d0ee8cc6f6aa37c49608fe924a5b
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1.tar.gz b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1.tar.gz
new file mode 100644
index 0000000..c429f21
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1.tar.gz differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/AUTHORS b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/AUTHORS
new file mode 100644
index 0000000..7023323
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/AUTHORS
@@ -0,0 +1,9 @@
+Authors and contributors, in alphabetical order: 
+
+Alexey Charkov <alchark@gmail.com>
+Christian Ruppert <idl0r@gentoo.org>
+Conrad Kostecki <ConiKost@gmx.de>
+Constantin Baranov <const@mimas.ru>
+Damjan Cvetko <zobo@users.sourceforge.net>
+Johnny Egeland <johnnyege@users.sourceforge.net>
+Martin Djernaes <djernaes@users.sourceforge.net>
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/COPYING b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/COPYING
new file mode 100644
index 0000000..3d11e36
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/COPYING
@@ -0,0 +1,28 @@
+igmpproxy - IGMP proxy based multicast router 
+Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+This software is derived work from the following software. The original
+source code has been modified from it's original state by the author
+of igmpproxy.
+
+smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+- Licensed under the GNU General Public License, version 2
+
+mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+Leland Stanford Junior University.
+- Original license can be found in the Stanford.txt file.
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/ChangeLog b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/ChangeLog
new file mode 100644
index 0000000..e8461bb
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/ChangeLog
@@ -0,0 +1,317 @@
+commit 0e8e7fde2d68f9ea9b5095c24231024be281393c
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Oct 5 21:31:42 2009 +0500
+
+    Release 0.1
+
+commit 68ba90446e02825073b779bd0628c4f34833665d
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu Oct 1 00:09:38 2009 +0500
+
+    Fix building on FreeBSD 8.0 (wrt #2870461)
+    
+    Several IGMP_* macroses was deprecated in r189347/v800069 and
+    removed in r193938/v800098. Redefine them if needed.
+
+commit 74c2e1aa414f33585562d6783a3290ac63ee6c69
+Author: Martin Djernaes <djernaes@users.sourceforge.net>
+Date:   Sun Sep 6 16:41:22 2009 +0500
+
+    Fix netmask detection on interfaces with multiple addresses
+    
+    When having multiple IP addresses on an interface the netmask retrieved for
+    each IP address is not correct. The reason is that ioctrl for
+    SIOCGIFNETMASK will just provide the first netmask when no IP address is
+    provided in the call.
+
+commit 64144607195b779396a49179518aade24707cbbc
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Sep 4 01:38:27 2009 +0500
+
+    Generate ChangeLog and AUTHORS by Git
+
+commit 94dd711318384e7b121924db0177a65b2fc38471
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Aug 16 19:45:04 2009 +0500
+
+    Release 0.1 beta5
+
+commit 3ac424f82ab9f281dd3a0bfccbc92352bd5512c0
+Author: Damjan Cvetko <zobo@users.sourceforge.net>
+Date:   Sun Aug 16 19:28:30 2009 +0500
+
+    Improve getIfByAddress() function (wrt #2835052)
+    
+    getIfByAddress does not find the best iterface in case of overlaping
+    networks. This patchs scans through all interfaces (and networks) and picks
+    the one with the longest subnet.
+
+commit 8ca5a29b56390020f27d4106643cd623cdb12bb2
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Aug 16 18:37:58 2009 +0500
+
+    Fix nextConfigToken() function (wrt #2838154)
+    
+    The nextConfigToken() returns NULL when EOF reached even if token
+    was read already. This results in loss of last token in file usually.
+    Let it return unterminated token if it is non-empty already.
+
+commit 954674bc4ec6a689b1de2f2a2766e993df1e2705
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:14:56 2009 +0500
+
+    Release 0.1 beta4
+
+commit a7908b855ecb6959ea08ef3b374ff2aca9939cf0
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:10:35 2009 +0500
+
+    Update README etc.
+
+commit 62fa19975ff4daa8e31a9b07bf33ddc8cd0129f8
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:06:44 2009 +0500
+
+    State licenses in the COPYING
+
+commit 3ac3ae462ca35ec7f1f22d968bf4fab0807d636f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 10 05:01:21 2009 +0500
+
+    Remove pointless backslashes in configure.ac
+
+commit 3c4118949b6a19b384b08e171a5294b0ea307e08
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 10 02:19:30 2009 +0500
+
+    Replace bzero() with memset()
+
+commit ee07cb5bfd2514503d0564d2aee0656203d9a91e
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 02:09:28 2009 +0500
+
+    Remove redundant #include
+
+commit 56e37ad6ba0c6aade86c1407ea55abb8b445d119
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 02:00:03 2009 +0500
+
+    Add DragonFly BSD support
+
+commit eccefd205c3fb326b6ae1b79676238fc349f8be8
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 01:57:07 2009 +0500
+
+    Add missed format argument in acceptLeaveMessage()
+
+commit 16c55bd5ab6a9608099252fa320ddbc0a05fca0a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Wed May 6 01:29:04 2009 +0500
+
+    Avoid inclusion if linux/in.h (wrt #2787118)
+    
+    The linux/in.h header conflicts with the netinet/in.h header in
+    certain Linux distributions. So let's ensure that linux/in.h will
+    never be included neither directly nor from linux/mroute.h.
+
+commit e01624e123c5a24310a4fb7f70ab6178278c3b7a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 22:00:33 2009 +0500
+
+    Release 0.1 beta3
+
+commit a3c84e48a1ff32812aac92ca0dba923ca7dd4ca0
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:53:56 2009 +0500
+
+    Show version in help message
+    
+    Also remove unused Version constant.
+
+commit f880a472f6b835d8139adc27908206a11a50846f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:43:01 2009 +0500
+
+    Remove IF_DEBUG macros
+    
+    IF_DEBUG macros hides my_log(LOG_DEBUG...) calls. Thus it is redundant.
+
+commit 6b1a4beb839f41ecc7468e2680f5d0eedbd49b35
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:29:16 2009 +0500
+
+    Break long lines in build scripts
+
+commit 55dcd57b8cfac25a4eeafae5a18ab85a07484418
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:19:19 2009 +0500
+
+    Remove hardcoded version strings from man pages
+
+commit e7880c542e38bae8efa16b148a431488456f5594
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:52:58 2009 +0500
+
+    Move mrouted-LICENSE out of doc directory
+
+commit 9fee127b13336776d2e6019db8c22ee7de9bf36f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:32:31 2009 +0500
+
+    Use strdup() instead of malloc() and strcpy()
+
+commit d34dee7ea0b03ba98806558a1eebf78061ce8878
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:30:44 2009 +0500
+
+    Eliminate message about IGMP_MEMBERSHIP_QUERY ignored
+
+commit 32de2bfbad537f6e60edddaefa6c240b2811c567
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:25:30 2009 +0500
+
+    Add OpenBSD support
+
+commit a85c620eccea244c80a34c3403b2ea7055616703
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 04:16:53 2009 +0500
+
+    Add NetBSD support
+
+commit d61d57c50b8b2399ff90e32da687686cf068680a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 05:07:12 2009 +0500
+
+    Remove outdated bug report email address
+
+commit 14edc6d6dab34e5e51bc12a61f45bae753235e98
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 04:49:38 2009 +0500
+
+    Improve OS checking mechanism
+    
+    Hide all OS-specific things in os-*.h headers and let autoconf select
+    proper header. Also add check for struct sockaddr_in.sin_len member.
+
+commit b23a4c9f9edd43a22759930ae969ee420c270456
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 04:48:23 2009 +0500
+
+    Do not close std* streams in non-debug mode
+
+commit 7256cb378db4b839f0138cc9422971f5fb353de1
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 21:16:47 2009 +0500
+
+    Clean up configure.ac and add check for sockaddr.sa_len member
+
+commit eb6f3eababbca43c517a1407e5af66ed384bf07d
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 20:04:32 2009 +0500
+
+    Install igmpproxy to sbin directory
+
+commit e22427f33150970f6bef3106ac018d7138dfbadb
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 20:03:46 2009 +0500
+
+    Add missing igmpproxy.h to list of sources
+
+commit 68fb7638f36c85c44b2a8a33e28af58c65de8a06
+Author: Christian Ruppert <idl0r@gentoo.org>
+Date:   Thu Apr 9 21:28:04 2009 +0500
+
+    Add missing 'h' to the getopt() optstring
+
+commit bae0b7b42ec948442945648878dbc8ef3ee1d2c5
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat Apr 4 00:38:37 2009 +0500
+
+    Rework logging
+    
+    Allow to control verbosity with -v option.
+    Don't write to syslog in debug mode.
+    Don't fork in background. Let start-stop-deamon do this.
+    
+    Also update man-pages and help messages.
+
+commit df0ffb7998cbbd3ab09c100f48dead6adb93aa2c
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat Apr 4 00:38:06 2009 +0500
+
+    Move igmpproxy.conf out of src directory
+
+commit 4c36c1ea8f9822f96031cff8f40ca3fc7cb93db3
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Mar 9 22:03:46 2009 +0400
+
+    Initial FreeBSD support
+    
+    Based on IGMPproxy port to FreeBSD made by
+    Pavel Korshunov and gygenot.
+
+commit fdc5cc59655a59f7f73af78d6606b5c45b9c1071
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 20:37:17 2009 +0400
+
+    Move to C99 and clean up the code
+    
+    Listen to compiler's warnings.
+    Use standard integer and boolean types.
+    Remove redundant version.h.
+
+commit b535f70ec3dfc73a767592739c8aa44583e7e833
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 17:53:24 2009 +0400
+
+    Rename defs.h to igmpproxy.h
+
+commit 2df90756d378de822d6ece6aa0a340cab6a489e4
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 16:17:20 2009 +0400
+
+    Add bootstrap script
+
+commit 3393d1cd7c0f13cc91fa3ec974eb2cd1409bb720
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Feb 27 22:28:03 2009 +0400
+
+    Remove stuff generated by autotools
+
+commit 576b42c7fc71757a33dbac0ebc388f8eebd81fe3
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Feb 23 00:36:39 2009 +0400
+
+    Fix logging to syslog
+    
+    Do not write textual representation of message severity
+    because syslog can do this itself. Also write only one
+    string at a time.
+
+commit 1223d5975a1da679d15120417365582a0054abc4
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Feb 23 00:22:20 2009 +0400
+
+    chmod -x on appropriate files
+
+commit 66145eee1d74c9edd23f3d72700911865b7a09bb
+Author: Conrad Kostecki <ConiKost@gmx.de>
+Date:   Mon Feb 23 00:18:48 2009 +0400
+
+    Remove banner
+
+commit 710d688641ca68d89a7b8958c7d84144d5fb1d9b
+Author: Alexey Charkov <alchark@gmail.com>
+Date:   Mon Feb 23 00:13:03 2009 +0400
+
+    Enable autotools
+    
+    I've packaged igmpproxy with GNU autotools, which will allow for a better
+    experience on Gentoo (CFLAGS, directory structure etc). Also, compile-time
+    warnings are fixed. As the project is dead, this is not even a fork :)
+
+commit f4c36aa73287b794e2c842564e82d2d4f3c1027f
+Author: Johnny Egeland <johnnyege@users.sourceforge.net>
+Date:   Mon Feb 23 00:10:48 2009 +0400
+
+    Initial import
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/GPL.txt b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/GPL.txt
new file mode 100644
index 0000000..97d8bc8
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/GPL.txt
@@ -0,0 +1,286 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+
+
+
+
+
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/INSTALL b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/INSTALL
new file mode 100644
index 0000000..2550dab
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/INSTALL
@@ -0,0 +1,302 @@
+Installation Instructions
+*************************
+
+Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
+2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+
+   This file is free documentation; the Free Software Foundation gives
+unlimited permission to copy, distribute and modify it.
+
+Basic Installation
+==================
+
+   Briefly, the shell commands `./configure; make; make install' should
+configure, build, and install this package.  The following
+more-detailed instructions are generic; see the `README' file for
+instructions specific to this package.
+
+   The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation.  It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions.  Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+   It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring.  Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.
+
+   If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release.  If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+   The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'.  You need `configure.ac' if
+you want to change it or regenerate `configure' using a newer version
+of `autoconf'.
+
+The simplest way to compile this package is:
+
+  1. `cd' to the directory containing the package's source code and type
+     `./configure' to configure the package for your system.
+
+     Running `configure' might take a while.  While running, it prints
+     some messages telling which features it is checking for.
+
+  2. Type `make' to compile the package.
+
+  3. Optionally, type `make check' to run any self-tests that come with
+     the package.
+
+  4. Type `make install' to install the programs and any data files and
+     documentation.
+
+  5. You can remove the program binaries and object files from the
+     source code directory by typing `make clean'.  To also remove the
+     files that `configure' created (so you can compile the package for
+     a different kind of computer), type `make distclean'.  There is
+     also a `make maintainer-clean' target, but that is intended mainly
+     for the package's developers.  If you use it, you may have to get
+     all sorts of other programs in order to regenerate files that came
+     with the distribution.
+
+  6. Often, you can also type `make uninstall' to remove the installed
+     files again.
+
+Compilers and Options
+=====================
+
+   Some systems require unusual options for compilation or linking that
+the `configure' script does not know about.  Run `./configure --help'
+for details on some of the pertinent environment variables.
+
+   You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment.  Here
+is an example:
+
+     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
+
+   *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+   You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory.  To do this, you can use GNU `make'.  `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script.  `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+   With a non-GNU `make', it is safer to compile the package for one
+architecture at a time in the source code directory.  After you have
+installed the package for one architecture, use `make distclean' before
+reconfiguring for another architecture.
+
+   On MacOS X 10.5 and later systems, you can create libraries and
+executables that work on multiple system types--known as "fat" or
+"universal" binaries--by specifying multiple `-arch' options to the
+compiler but only a single `-arch' option to the preprocessor.  Like
+this:
+
+     ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CPP="gcc -E" CXXCPP="g++ -E"
+
+   This is not guaranteed to produce working output in all cases, you
+may have to build one architecture at a time and combine the results
+using the `lipo' tool if you have problems.
+
+Installation Names
+==================
+
+   By default, `make install' installs the package's commands under
+`/usr/local/bin', include files under `/usr/local/include', etc.  You
+can specify an installation prefix other than `/usr/local' by giving
+`configure' the option `--prefix=PREFIX'.
+
+   You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files.  If you
+pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
+
+   In addition, if you use an unusual directory layout you can give
+options like `--bindir=DIR' to specify different values for particular
+kinds of files.  Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+   If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+   Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System).  The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+   For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Particular systems
+==================
+
+   On HP-UX, the default C compiler is not ANSI C compatible.  If GNU
+CC is not installed, it is recommended to use the following options in
+order to use an ANSI C compiler:
+
+     ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+
+and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+
+   On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+parse its `<wchar.h>' header file.  The option `-nodtk' can be used as
+a workaround.  If GNU CC is not installed, it is therefore recommended
+to try
+
+     ./configure CC="cc"
+
+and if that doesn't work, try
+
+     ./configure CC="cc -nodtk"
+
+   On Solaris, don't put `/usr/ucb' early in your `PATH'.  This
+directory contains several dysfunctional programs; working variants of
+these programs are available in `/usr/bin'.  So, if you need `/usr/ucb'
+in your `PATH', put it _after_ `/usr/bin'.
+
+   On Haiku, software installed for all users goes in `/boot/common',
+not `/usr/local'.  It is recommended to use the following options:
+
+     ./configure --prefix=/boot/common
+
+Specifying the System Type
+==========================
+
+   There may be some features `configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on.  Usually, assuming the package is built to be run on the
+_same_ architectures, `configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+`--build=TYPE' option.  TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
+     CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+     OS
+     KERNEL-OS
+
+   See the file `config.sub' for the possible values of each field.  If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+   If you are _building_ compiler tools for cross-compiling, you should
+use the option `--target=TYPE' to select the type of system they will
+produce code for.
+
+   If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
+
+Sharing Defaults
+================
+
+   If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists.  Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+   Variables not defined in a site shell script can be set in the
+environment passed to `configure'.  However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost.  In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'.  For example:
+
+     ./configure CC=/usr/local2/bin/gcc
+
+causes the specified `gcc' to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+an Autoconf bug.  Until the bug is fixed you can use this workaround:
+
+     CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
+
+`configure' Invocation
+======================
+
+   `configure' recognizes the following options to control how it
+operates.
+
+`--help'
+`-h'
+     Print a summary of all of the options to `configure', and exit.
+
+`--help=short'
+`--help=recursive'
+     Print a summary of the options unique to this package's
+     `configure', and exit.  The `short' variant lists options used
+     only in the top level, while the `recursive' variant lists options
+     also present in any nested packages.
+
+`--version'
+`-V'
+     Print the version of Autoconf used to generate the `configure'
+     script, and exit.
+
+`--cache-file=FILE'
+     Enable the cache: use and save the results of the tests in FILE,
+     traditionally `config.cache'.  FILE defaults to `/dev/null' to
+     disable caching.
+
+`--config-cache'
+`-C'
+     Alias for `--cache-file=config.cache'.
+
+`--quiet'
+`--silent'
+`-q'
+     Do not print messages saying which checks are being made.  To
+     suppress all normal output, redirect it to `/dev/null' (any error
+     messages will still be shown).
+
+`--srcdir=DIR'
+     Look for the package's source code in directory DIR.  Usually
+     `configure' can determine that directory automatically.
+
+`--prefix=DIR'
+     Use DIR as the installation prefix.  *Note Installation Names::
+     for more details, including other options available for fine-tuning
+     the installation locations.
+
+`--no-create'
+`-n'
+     Run the configure checks, but stop before creating any output
+     files.
+
+`configure' also accepts some other, not widely useful, options.  Run
+`configure --help' for more details.
+
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/Makefile b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/Makefile
new file mode 100644
index 0000000..ab42594
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/Makefile
@@ -0,0 +1,739 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = i586-pc-linux-gnu
+host_triplet = i586-pc-linux-gnu
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(dist_sysconf_DATA) \
+	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/config.h.in $(top_srcdir)/configure AUTHORS COPYING \
+	ChangeLog INSTALL NEWS config.guess config.sub depcomp \
+	install-sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(sysconfdir)"
+DATA = $(dist_sysconf_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+	$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+	distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d "$(distdir)" \
+    || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr "$(distdir)"; }; }
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy-0.1
+abs_srcdir = /usr/local/src/igmpproxy-0.1
+abs_top_builddir = /usr/local/src/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = i586-pc-linux-gnu
+build_alias = 
+build_cpu = i586
+build_os = linux-gnu
+build_vendor = pc
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = i586-pc-linux-gnu
+host_alias = 
+host_cpu = i586
+host_os = linux-gnu
+host_vendor = pc
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = 
+top_builddir = .
+top_srcdir = .
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh:
+	@:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
+	      $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	$(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in:  $(am__configure_deps) 
+	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-dist_sysconfDATA: $(dist_sysconf_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(sysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sysconfdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \
+	done
+
+uninstall-dist_sysconfDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sysconfdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sysconfdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	test -d "$(distdir)" || mkdir "$(distdir)"
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+		am__skip_mode_fix=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+	-test -n "$(am__skip_mode_fix)" \
+	|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-lzma: distdir
+	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+	$(am__remove_distdir)
+
+dist-xz: distdir
+	tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lzma*) \
+	  unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+	*.tar.xz*) \
+	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	test -d $(distdir)/_build || exit 0; \
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && am__cwd=`pwd` \
+	  && $(am__cd) $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+	  && cd "$$am__cwd" \
+	  || exit 1
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+	@$(am__cd) '$(distuninstallcheck_dir)' \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(DATA) config.h
+installdirs: installdirs-recursive
+installdirs-am:
+	for dir in "$(DESTDIR)$(sysconfdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-dist_sysconfDATA
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-dist_sysconfDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+	ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am am--refresh check check-am clean clean-generic \
+	ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
+	dist-lzma dist-shar dist-tarZ dist-xz dist-zip distcheck \
+	distclean distclean-generic distclean-hdr distclean-tags \
+	distcleancheck distdir distuninstallcheck dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_sysconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	installdirs-am maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \
+	tags-recursive uninstall uninstall-am \
+	uninstall-dist_sysconfDATA
+
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/Makefile.am b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/Makefile.am
new file mode 100644
index 0000000..b569f48
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/Makefile.am
@@ -0,0 +1,10 @@
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/Makefile.in b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/Makefile.in
new file mode 100644
index 0000000..508f703
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/Makefile.in
@@ -0,0 +1,739 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(dist_sysconf_DATA) \
+	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/config.h.in $(top_srcdir)/configure AUTHORS COPYING \
+	ChangeLog INSTALL NEWS config.guess config.sub depcomp \
+	install-sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(sysconfdir)"
+DATA = $(dist_sysconf_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+	$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+	distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d "$(distdir)" \
+    || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr "$(distdir)"; }; }
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh:
+	@:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
+	      $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	$(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in:  $(am__configure_deps) 
+	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-dist_sysconfDATA: $(dist_sysconf_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(sysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sysconfdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \
+	done
+
+uninstall-dist_sysconfDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sysconfdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sysconfdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	test -d "$(distdir)" || mkdir "$(distdir)"
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+		am__skip_mode_fix=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+	-test -n "$(am__skip_mode_fix)" \
+	|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-lzma: distdir
+	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+	$(am__remove_distdir)
+
+dist-xz: distdir
+	tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lzma*) \
+	  unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+	*.tar.xz*) \
+	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	test -d $(distdir)/_build || exit 0; \
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && am__cwd=`pwd` \
+	  && $(am__cd) $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+	  && cd "$$am__cwd" \
+	  || exit 1
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+	@$(am__cd) '$(distuninstallcheck_dir)' \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(DATA) config.h
+installdirs: installdirs-recursive
+installdirs-am:
+	for dir in "$(DESTDIR)$(sysconfdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-dist_sysconfDATA
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-dist_sysconfDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+	ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am am--refresh check check-am clean clean-generic \
+	ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
+	dist-lzma dist-shar dist-tarZ dist-xz dist-zip distcheck \
+	distclean distclean-generic distclean-hdr distclean-tags \
+	distcleancheck distdir distuninstallcheck dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_sysconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	installdirs-am maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \
+	tags-recursive uninstall uninstall-am \
+	uninstall-dist_sysconfDATA
+
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/NEWS b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/NEWS
new file mode 100644
index 0000000..fa39cb9
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/NEWS
@@ -0,0 +1,4 @@
+New releases, the Git repository and the bug tracker are accessible
+at project homepage:
+
+	http://sourceforge.net/projects/igmpproxy/
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/README b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/README
new file mode 100644
index 0000000..01add8d
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/README
@@ -0,0 +1,10 @@
+IGMPproxy is a simple mulitcast router that only uses the IGMP protocol.
+
+Supported operating systems:
+ - Linux
+ - FreeBSD
+ - NetBSD
+ - OpenBSD
+ - DragonFly BSD
+
+This software is released under the GNU GPL license v2. See details in COPYING.
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/Stanford.txt b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/Stanford.txt
new file mode 100644
index 0000000..ef7da47
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/Stanford.txt
@@ -0,0 +1,48 @@
+
+The mrouted program is covered by the following license.  Use of the
+mrouted program represents acceptance of these terms and conditions.
+
+1. STANFORD grants to LICENSEE a nonexclusive and nontransferable license
+to use, copy and modify the computer software ``mrouted'' (hereinafter
+called the ``Program''), upon the terms and conditions hereinafter set
+out and until Licensee discontinues use of the Licensed Program.
+
+2. LICENSEE acknowledges that the Program is a research tool still in
+the development state, that it is being supplied ``as is,'' without any
+accompanying services from STANFORD, and that this license is entered
+into in order to encourage scientific collaboration aimed at further
+development and application of the Program.
+
+3. LICENSEE may copy the Program and may sublicense others to use object
+code copies of the Program or any derivative version of the Program.
+All copies must contain all copyright and other proprietary notices found
+in the Program as provided by STANFORD.  Title to copyright to the
+Program remains with STANFORD.
+
+4. LICENSEE may create derivative versions of the Program.  LICENSEE
+hereby grants STANFORD a royalty-free license to use, copy, modify,
+distribute and sublicense any such derivative works.  At the time
+LICENSEE provides a copy of a derivative version of the Program to a
+third party, LICENSEE shall provide STANFORD with one copy of the source
+code of the derivative version at no charge to STANFORD.
+
+5. STANFORD MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED.
+By way of example, but not limitation, STANFORD MAKES NO REPRESENTATION
+OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR
+THAT THE USE OF THE LICENSED PROGRAM WILL NOT INFRINGE ANY PATENTS,
+COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. STANFORD shall not be held liable
+for any liability nor for any direct, indirect or consequential damages
+with respect to any claim by LICENSEE or any third party on account of or
+arising from this Agreement or use of the Program.
+
+6. This agreement shall be construed, interpreted and applied in
+accordance with the State of California and any legal action arising
+out of this Agreement or use of the Program shall be filed in a court
+in the State of California.
+
+7. Nothing in this Agreement shall be construed as conferring rights to
+use in advertising, publicity or otherwise any trademark or the name
+of ``Stanford''.
+
+The mrouted program is COPYRIGHT 1989 by The Board of Trustees of
+Leland Stanford Junior University.
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/aclocal.m4 b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/aclocal.m4
new file mode 100644
index 0000000..9304f88
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/aclocal.m4
@@ -0,0 +1,951 @@
+# generated automatically by aclocal 1.11 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2007, 2008, 2009  Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.63],,
+[m4_warning([this file was generated for autoconf 2.63.
+You have another version of autoconf.  It may work, but is not guaranteed to.
+If you have problems, you may need to regenerate the build system entirely.
+To do so, use the procedure documented by the package, typically `autoreconf'.])])
+
+# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+# (This private macro should not be called outside this file.)
+AC_DEFUN([AM_AUTOMAKE_VERSION],
+[am__api_version='1.11'
+dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+dnl require some minimum version.  Point them to the right macro.
+m4_if([$1], [1.11], [],
+      [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+])
+
+# _AM_AUTOCONF_VERSION(VERSION)
+# -----------------------------
+# aclocal traces this macro to find the Autoconf version.
+# This is a private macro too.  Using m4_define simplifies
+# the logic in aclocal, which can simply ignore this definition.
+m4_define([_AM_AUTOCONF_VERSION], [])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+[AM_AUTOMAKE_VERSION([1.11])dnl
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+
+# AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'.  In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory.  The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run.  This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+#    fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+#    fails if $ac_aux_dir is absolute,
+#    fails when called from a subdirectory in a VPATH build with
+#          a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir.  In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir.  That would be:
+#   am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+#   MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH.  The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL                                            -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 9
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
+	[$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
+if $2; then
+  $1_TRUE=
+  $1_FALSE='#'
+else
+  $1_TRUE='#'
+  $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+  AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 10
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery.  Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC,   [depcc="$CC"   am_compiler_list=],
+       [$1], CXX,  [depcc="$CXX"  am_compiler_list=],
+       [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+       [$1], UPC,  [depcc="$UPC"  am_compiler_list=],
+       [$1], GCJ,  [depcc="$GCJ"  am_compiler_list='gcc3 gcc'],
+                   [depcc="$$1"   am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+               [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_$1_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+  fi
+  am__universal=false
+  m4_case([$1], [CC],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac],
+    [CXX],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac])
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_$1_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
+])
+
+# Generate code to set up dependency tracking.              -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 5
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[{
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`AS_DIRNAME("$mf")`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`AS_DIRNAME(["$file"])`
+      AS_MKDIR_P([$dirpart/$fdir])
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled.  FIXME.  This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+     [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+     [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Do all the work for Automake.                             -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2008, 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 16
+
+# This macro actually does too much.  Some checks are only needed if
+# your package does certain things.  But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out.  PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition.  After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.62])dnl
+dnl Autoconf wants to disallow AM_ names.  We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
+m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
+  [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+	      [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+			     [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+		  [_AM_DEPENDENCIES(CC)],
+		  [define([AC_PROG_CC],
+			  defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+		  [_AM_DEPENDENCIES(CXX)],
+		  [define([AC_PROG_CXX],
+			  defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_OBJC],
+		  [_AM_DEPENDENCIES(OBJC)],
+		  [define([AC_PROG_OBJC],
+			  defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
+])
+_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl
+dnl The `parallel-tests' driver may need to know about EXEEXT, so add the
+dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen.  This macro
+dnl is hooked onto _AC_COMPILER_EXEEXT early, see below.
+AC_CONFIG_COMMANDS_PRE(dnl
+[m4_provide_if([_AM_COMPILER_EXEEXT],
+  [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
+])
+
+dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion.  Do not
+dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
+dnl mangled by Autoconf and run in a shell conditional statement.
+m4_define([_AC_COMPILER_EXEEXT],
+m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated.  The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_arg=$1
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+if test x"${install_sh}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot.  For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Check to see how 'make' treats includes.	            -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2009  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 6
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([missing])dnl
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check for `mkdir -p'.
+AC_DEFUN([AM_PROG_MKDIR_P],
+[AC_PREREQ([2.60])dnl
+AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+dnl Automake 1.8 to 1.9.6 used to define mkdir_p.  We now use MKDIR_P,
+dnl while keeping a definition of mkdir_p for backward compatibility.
+dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
+dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
+dnl Makefile.ins that do not define MKDIR_P, so we do our own
+dnl adjustment using top_builddir (which is defined more often than
+dnl MKDIR_P).
+AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
+case $mkdir_p in
+  [[\\/$]]* | ?:[[\\/]]*) ;;
+  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+])
+
+# Helper functions for option handling.                     -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME.  Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Check to make sure that the build environment is sane.    -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[[\\\"\#\$\&\'\`$am_lf]]*)
+    AC_MSG_ERROR([unsafe absolute working directory name]);;
+esac
+case $srcdir in
+  *[[\\\"\#\$\&\'\`$am_lf\ \	]]*)
+    AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+   if test "$[*]" = "X"; then
+      # -L didn't work.
+      set X `ls -t "$srcdir/configure" conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$[*]" != "X $srcdir/configure conftest.file" \
+      && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      AC_MSG_ERROR([ls -t appears to fail.  Make sure there is not a broken
+alias in your environment])
+   fi
+
+   test "$[2]" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries.  This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+  AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Copyright (C) 2006, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
+# This macro is traced by Automake.
+AC_DEFUN([_AM_SUBST_NOTMAKE])
+
+# AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Public sister of _AM_SUBST_NOTMAKE.
+AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+
+# Check how to create a tarball.                            -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+#     tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+#     $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+     [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+     [m4_case([$1], [ustar],, [pax],,
+              [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+  case $_am_tool in
+  gnutar)
+    for _am_tar in tar gnutar gtar;
+    do
+      AM_RUN_LOG([$_am_tar --version]) && break
+    done
+    am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+    am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+    am__untar="$_am_tar -xf -"
+    ;;
+  plaintar)
+    # Must skip GNU tar: if it does not support --format= it doesn't create
+    # ustar tarball either.
+    (tar --version) >/dev/null 2>&1 && continue
+    am__tar='tar chf - "$$tardir"'
+    am__tar_='tar chf - "$tardir"'
+    am__untar='tar xf -'
+    ;;
+  pax)
+    am__tar='pax -L -x $1 -w "$$tardir"'
+    am__tar_='pax -L -x $1 -w "$tardir"'
+    am__untar='pax -r'
+    ;;
+  cpio)
+    am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+    am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+    am__untar='cpio -i -H $1 -d'
+    ;;
+  none)
+    am__tar=false
+    am__tar_=false
+    am__untar=false
+    ;;
+  esac
+
+  # If the value was cached, stop now.  We just wanted to have am__tar
+  # and am__untar set.
+  test -n "${am_cv_prog_tar_$1}" && break
+
+  # tar/untar a dummy directory, and stop if the command works
+  rm -rf conftest.dir
+  mkdir conftest.dir
+  echo GrepMe > conftest.dir/file
+  AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+  rm -rf conftest.dir
+  if test -s conftest.tar; then
+    AM_RUN_LOG([$am__untar <conftest.tar])
+    grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+  fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.guess b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.guess
new file mode 100755
index 0000000..12734a7
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.guess
@@ -0,0 +1,1554 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-08-19'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner.  Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+case "${UNAME_SYSTEM}" in
+Linux|GNU/*)
+	eval $set_cc_for_build
+	cat << EOF > $dummy.c
+	#include <features.h>
+	#ifdef __UCLIBC__
+	# ifdef __UCLIBC_CONFIG_VERSION__
+	LIBC=uclibc __UCLIBC_CONFIG_VERSION__
+	# else
+	LIBC=uclibc
+	# endif
+	#else
+	LIBC=gnu
+	#endif
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep LIBC= | sed -e 's: ::g'`
+	;;
+esac
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep -q __ELF__
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    s390x:SunOS:*:*)
+	echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+	eval $set_cc_for_build
+	SUN_ARCH="i386"
+	# If there is a compiler, see if it is configured for 64-bit objects.
+	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+	# This test works for both compilers.
+	if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+		(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+		grep IS_64BIT_ARCH >/dev/null
+	    then
+		SUN_ARCH="x86_64"
+	    fi
+	fi
+	echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[456])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep -q __LP64__
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86)
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd | genuineintel)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	    IA64)
+		echo ia64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    8664:Windows_NT:*)
+	echo x86_64-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	eval $set_cc_for_build
+	if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+	    | grep -q __ARM_EABI__
+	then
+	    echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	else
+	    echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
+	fi
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-${LIBC}
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-${LIBC}
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-${LIBC}
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    mips:Linux:*:* | mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef ${UNAME_MACHINE}
+	#undef ${UNAME_MACHINE}el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=${UNAME_MACHINE}el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=${UNAME_MACHINE}
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-${LIBC}
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-${LIBC}
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-${LIBC}
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep -q ld.so.1
+	if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    padre:Linux:*:*)
+	echo sparc-unknown-linux-${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
+	  PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
+	  *)    echo hppa-unknown-linux-${LIBC} ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-${LIBC}
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-${LIBC}
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-${LIBC}
+	exit ;;
+    xtensa*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-${LIBC}"
+		;;
+	esac
+	# This should get integrated into the C code below, but now we hack
+	if [ "$LIBC" != "gnu" ] ; then echo "$TENTATIVE" && exit 0 ; fi
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i586.
+	# Note: whatever this is, it MUST be the same as what config.sub
+	# prints for the "djgpp" host, or else GDB configury will decide that
+	# this is a cross-build.
+	echo i586-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+	OS_REL='.3'
+	test -r /etc/.relid \
+	    && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	    && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <Richard.M.Bartel@ccMail.Census.GOV>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    BePC:Haiku:*:*)	# Haiku running on Intel PC compatible.
+	echo i586-pc-haiku
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+    i*86:AROS:*:*)
+	echo ${UNAME_MACHINE}-pc-aros
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.h b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.h
new file mode 100644
index 0000000..f438e80
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.h
@@ -0,0 +1,29 @@
+/* config.h.  Generated from config.h.in by configure.  */
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if `sin_len' is member of `struct sockaddr_in'. */
+/* #undef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
+
+/* Define to 1 if `sa_len' is member of `struct sockaddr'. */
+/* #undef HAVE_STRUCT_SOCKADDR_SA_LEN */
+
+/* Name of package */
+#define PACKAGE "igmpproxy"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT ""
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "igmpproxy"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "igmpproxy 0.1"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "igmpproxy"
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "0.1"
+
+/* Version number of package */
+#define VERSION "0.1"
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.h.in b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.h.in
new file mode 100644
index 0000000..bb6a90d
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.h.in
@@ -0,0 +1,28 @@
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if `sin_len' is member of `struct sockaddr_in'. */
+#undef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
+
+/* Define to 1 if `sa_len' is member of `struct sockaddr'. */
+#undef HAVE_STRUCT_SOCKADDR_SA_LEN
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Version number of package */
+#undef VERSION
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.log b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.log
new file mode 100644
index 0000000..11ca199
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.log
@@ -0,0 +1,559 @@
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by igmpproxy configure 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  $ ./configure --prefix=/usr/local/igmpproxy-0.1
+
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = gw-flr
+uname -m = i586
+uname -r = 3.2.0-4-486
+uname -s = Linux
+uname -v = #1 Debian 3.2.41-2
+
+/usr/bin/uname -p = unknown
+/bin/uname -X     = unknown
+
+/bin/arch              = unknown
+/usr/bin/arch -k       = unknown
+/usr/convex/getsysinfo = unknown
+/usr/bin/hostinfo      = unknown
+/bin/machine           = unknown
+/usr/bin/oslevel       = unknown
+/bin/universe          = unknown
+
+PATH: /root/bin
+PATH: /usr/local/sbin
+PATH: /usr/local/bin
+PATH: /usr/sbin
+PATH: /usr/bin
+PATH: /sbin
+PATH: /bin
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+configure:1839: checking for a BSD-compatible install
+configure:1907: result: /usr/bin/install -c
+configure:1918: checking whether build environment is sane
+configure:1978: result: yes
+configure:2119: checking for a thread-safe mkdir -p
+configure:2158: result: /bin/mkdir -p
+configure:2171: checking for gawk
+configure:2187: found /usr/bin/gawk
+configure:2198: result: gawk
+configure:2209: checking whether make sets $(MAKE)
+configure:2231: result: yes
+configure:2328: checking for style of include used by make
+configure:2356: result: GNU
+configure:2426: checking for gcc
+configure:2442: found /usr/bin/gcc
+configure:2453: result: gcc
+configure:2685: checking for C compiler version
+configure:2693: gcc --version >&5
+gcc (Debian 4.7.2-5) 4.7.2
+Copyright (C) 2012 Free Software Foundation, Inc.
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+configure:2697: $? = 0
+configure:2704: gcc -v >&5
+Using built-in specs.
+COLLECT_GCC=gcc
+COLLECT_LTO_WRAPPER=/usr/lib/gcc/i486-linux-gnu/4.7/lto-wrapper
+Target: i486-linux-gnu
+Configured with: ../src/configure -v --with-pkgversion='Debian 4.7.2-5' --with-bugurl=file:///usr/share/doc/gcc-4.7/README.Bugs --enable-languages=c,c++,go,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.7 --enable-shared --enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.7 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --enable-plugin --enable-objc-gc --enable-targets=all --with-arch-32=i586 --with-tune=generic --enable-checking=release --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu
+Thread model: posix
+gcc version 4.7.2 (Debian 4.7.2-5) 
+configure:2708: $? = 0
+configure:2715: gcc -V >&5
+gcc: error: unrecognized command line option '-V'
+gcc: fatal error: no input files
+compilation terminated.
+configure:2719: $? = 4
+configure:2742: checking for C compiler default output file name
+configure:2764: gcc    conftest.c  >&5
+configure:2768: $? = 0
+configure:2806: result: a.out
+configure:2825: checking whether the C compiler works
+configure:2835: ./a.out
+configure:2839: $? = 0
+configure:2858: result: yes
+configure:2865: checking whether we are cross compiling
+configure:2867: result: no
+configure:2870: checking for suffix of executables
+configure:2877: gcc -o conftest    conftest.c  >&5
+configure:2881: $? = 0
+configure:2907: result: 
+configure:2913: checking for suffix of object files
+configure:2939: gcc -c   conftest.c >&5
+configure:2943: $? = 0
+configure:2968: result: o
+configure:2972: checking whether we are using the GNU C compiler
+configure:3001: gcc -c   conftest.c >&5
+configure:3008: $? = 0
+configure:3025: result: yes
+configure:3034: checking whether gcc accepts -g
+configure:3064: gcc -c -g  conftest.c >&5
+configure:3071: $? = 0
+configure:3172: result: yes
+configure:3189: checking for gcc option to accept ISO C89
+configure:3263: gcc  -c -g -O2  conftest.c >&5
+configure:3270: $? = 0
+configure:3293: result: none needed
+configure:3313: checking dependency style of gcc
+configure:3423: result: gcc3
+configure:3438: checking for gcc option to accept ISO C99
+configure:3597: gcc  -c -g -O2  conftest.c >&5
+conftest.c:60:29: error: expected ';', ',' or ')' before 'text'
+conftest.c: In function 'main':
+conftest.c:114:18: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'newvar'
+conftest.c:114:18: error: 'newvar' undeclared (first use in this function)
+conftest.c:114:18: note: each undeclared identifier is reported only once for each function it appears in
+conftest.c:124:3: error: 'for' loop initial declarations are only allowed in C99 mode
+conftest.c:124:3: note: use option -std=c99 or -std=gnu99 to compile your code
+configure:3604: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| #include <stdarg.h>
+| #include <stdbool.h>
+| #include <stdlib.h>
+| #include <wchar.h>
+| #include <stdio.h>
+| 
+| // Check varargs macros.  These examples are taken from C99 6.10.3.5.
+| #define debug(...) fprintf (stderr, __VA_ARGS__)
+| #define showlist(...) puts (#__VA_ARGS__)
+| #define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+| static void
+| test_varargs_macros (void)
+| {
+|   int x = 1234;
+|   int y = 5678;
+|   debug ("Flag");
+|   debug ("X = %d\n", x);
+|   showlist (The first, second, and third items.);
+|   report (x>y, "x is %d but y is %d", x, y);
+| }
+| 
+| // Check long long types.
+| #define BIG64 18446744073709551615ull
+| #define BIG32 4294967295ul
+| #define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+| #if !BIG_OK
+|   your preprocessor is broken;
+| #endif
+| #if BIG_OK
+| #else
+|   your preprocessor is broken;
+| #endif
+| static long long int bignum = -9223372036854775807LL;
+| static unsigned long long int ubignum = BIG64;
+| 
+| struct incomplete_array
+| {
+|   int datasize;
+|   double data[];
+| };
+| 
+| struct named_init {
+|   int number;
+|   const wchar_t *name;
+|   double average;
+| };
+| 
+| typedef const char *ccp;
+| 
+| static inline int
+| test_restrict (ccp restrict text)
+| {
+|   // See if C++-style comments work.
+|   // Iterate through items via the restricted pointer.
+|   // Also check for declarations in for loops.
+|   for (unsigned int i = 0; *(text+i) != '\0'; ++i)
+|     continue;
+|   return 0;
+| }
+| 
+| // Check varargs and va_copy.
+| static void
+| test_varargs (const char *format, ...)
+| {
+|   va_list args;
+|   va_start (args, format);
+|   va_list args_copy;
+|   va_copy (args_copy, args);
+| 
+|   const char *str;
+|   int number;
+|   float fnumber;
+| 
+|   while (*format)
+|     {
+|       switch (*format++)
+| 	{
+| 	case 's': // string
+| 	  str = va_arg (args_copy, const char *);
+| 	  break;
+| 	case 'd': // int
+| 	  number = va_arg (args_copy, int);
+| 	  break;
+| 	case 'f': // float
+| 	  fnumber = va_arg (args_copy, double);
+| 	  break;
+| 	default:
+| 	  break;
+| 	}
+|     }
+|   va_end (args_copy);
+|   va_end (args);
+| }
+| 
+| int
+| main ()
+| {
+| 
+|   // Check bool.
+|   _Bool success = false;
+| 
+|   // Check restrict.
+|   if (test_restrict ("String literal") == 0)
+|     success = true;
+|   char *restrict newvar = "Another string";
+| 
+|   // Check varargs.
+|   test_varargs ("s, d' f .", "string", 65, 34.234);
+|   test_varargs_macros ();
+| 
+|   // Check flexible array members.
+|   struct incomplete_array *ia =
+|     malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+|   ia->datasize = 10;
+|   for (int i = 0; i < ia->datasize; ++i)
+|     ia->data[i] = i * 1.234;
+| 
+|   // Check named initializers.
+|   struct named_init ni = {
+|     .number = 34,
+|     .name = L"Test wide string",
+|     .average = 543.34343,
+|   };
+| 
+|   ni.number = 58;
+| 
+|   int dynamic_array[ni.number];
+|   dynamic_array[ni.number - 1] = 543;
+| 
+|   // work around unused variable warnings
+|   return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
+| 	  || dynamic_array[ni.number - 1] != 543);
+| 
+|   ;
+|   return 0;
+| }
+configure:3597: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+configure:3604: $? = 0
+configure:3634: result: -std=gnu99
+configure:3647: checking build system type
+configure:3665: result: i586-pc-linux-gnu
+configure:3687: checking host system type
+configure:3702: result: i586-pc-linux-gnu
+configure:3738: checking for struct sockaddr.sa_len
+configure:3770: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:12: error: 'struct sockaddr' has no member named 'sa_len'
+configure:3777: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <sys/socket.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr ac_aggr;
+| if (ac_aggr.sa_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3814: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:19: error: 'struct sockaddr' has no member named 'sa_len'
+configure:3821: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <sys/socket.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr ac_aggr;
+| if (sizeof ac_aggr.sa_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3839: result: no
+configure:3850: checking for struct sockaddr_in.sin_len
+configure:3882: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:12: error: 'struct sockaddr_in' has no member named 'sin_len'
+configure:3889: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <netinet/in.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr_in ac_aggr;
+| if (ac_aggr.sin_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3926: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:19: error: 'struct sockaddr_in' has no member named 'sin_len'
+configure:3933: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <netinet/in.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr_in ac_aggr;
+| if (sizeof ac_aggr.sin_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3951: result: no
+configure:4089: creating ./config.status
+
+## ---------------------- ##
+## Running config.status. ##
+## ---------------------- ##
+
+This file was extended by igmpproxy config.status 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = 
+  CONFIG_HEADERS  = 
+  CONFIG_LINKS    = 
+  CONFIG_COMMANDS = 
+  $ ./config.status 
+
+on gw-flr
+
+config.status:776: creating Makefile
+config.status:776: creating doc/Makefile
+config.status:776: creating src/Makefile
+config.status:776: creating doc/igmpproxy.8
+config.status:776: creating doc/igmpproxy.conf.5
+config.status:776: creating config.h
+config.status:1062: linking src/os-linux.h to src/os.h
+config.status:1085: executing depfiles commands
+
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+
+ac_cv_build=i586-pc-linux-gnu
+ac_cv_c_compiler_gnu=yes
+ac_cv_env_CC_set=
+ac_cv_env_CC_value=
+ac_cv_env_CFLAGS_set=
+ac_cv_env_CFLAGS_value=
+ac_cv_env_CPPFLAGS_set=
+ac_cv_env_CPPFLAGS_value=
+ac_cv_env_LDFLAGS_set=
+ac_cv_env_LDFLAGS_value=
+ac_cv_env_LIBS_set=
+ac_cv_env_LIBS_value=
+ac_cv_env_build_alias_set=
+ac_cv_env_build_alias_value=
+ac_cv_env_host_alias_set=
+ac_cv_env_host_alias_value=
+ac_cv_env_target_alias_set=
+ac_cv_env_target_alias_value=
+ac_cv_host=i586-pc-linux-gnu
+ac_cv_member_struct_sockaddr_in_sin_len=no
+ac_cv_member_struct_sockaddr_sa_len=no
+ac_cv_objext=o
+ac_cv_path_install='/usr/bin/install -c'
+ac_cv_path_mkdir=/bin/mkdir
+ac_cv_prog_AWK=gawk
+ac_cv_prog_ac_ct_CC=gcc
+ac_cv_prog_cc_c89=
+ac_cv_prog_cc_c99=-std=gnu99
+ac_cv_prog_cc_g=yes
+ac_cv_prog_make_make_set=yes
+am_cv_CC_dependencies_compiler_type=gcc3
+
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+
+ACLOCAL='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run aclocal-1.11'
+AMDEPBACKSLASH='\'
+AMDEP_FALSE='#'
+AMDEP_TRUE=''
+AMTAR='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run tar'
+AUTOCONF='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoconf'
+AUTOHEADER='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoheader'
+AUTOMAKE='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run automake-1.11'
+AWK='gawk'
+CC='gcc -std=gnu99'
+CCDEPMODE='depmode=gcc3'
+CFLAGS='-g -O2'
+CPPFLAGS=''
+CYGPATH_W='echo'
+DEFS='-DHAVE_CONFIG_H'
+DEPDIR='.deps'
+ECHO_C=''
+ECHO_N='-n'
+ECHO_T=''
+EXEEXT=''
+INSTALL_DATA='${INSTALL} -m 644'
+INSTALL_PROGRAM='${INSTALL}'
+INSTALL_SCRIPT='${INSTALL}'
+INSTALL_STRIP_PROGRAM='$(install_sh) -c -s'
+LDFLAGS=''
+LIBOBJS=''
+LIBS=''
+LTLIBOBJS=''
+MAKEINFO='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run makeinfo'
+MKDIR_P='/bin/mkdir -p'
+OBJEXT='o'
+PACKAGE='igmpproxy'
+PACKAGE_BUGREPORT=''
+PACKAGE_NAME='igmpproxy'
+PACKAGE_STRING='igmpproxy 0.1'
+PACKAGE_TARNAME='igmpproxy'
+PACKAGE_VERSION='0.1'
+PATH_SEPARATOR=':'
+SET_MAKE=''
+SHELL='/bin/sh'
+STRIP=''
+VERSION='0.1'
+ac_ct_CC='gcc'
+am__EXEEXT_FALSE=''
+am__EXEEXT_TRUE='#'
+am__fastdepCC_FALSE='#'
+am__fastdepCC_TRUE=''
+am__include='include'
+am__isrc=''
+am__leading_dot='.'
+am__quote=''
+am__tar='${AMTAR} chof - "$$tardir"'
+am__untar='${AMTAR} xf -'
+bindir='${exec_prefix}/bin'
+build='i586-pc-linux-gnu'
+build_alias=''
+build_cpu='i586'
+build_os='linux-gnu'
+build_vendor='pc'
+datadir='${datarootdir}'
+datarootdir='${prefix}/share'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+dvidir='${docdir}'
+exec_prefix='${prefix}'
+host='i586-pc-linux-gnu'
+host_alias=''
+host_cpu='i586'
+host_os='linux-gnu'
+host_vendor='pc'
+htmldir='${docdir}'
+includedir='${prefix}/include'
+infodir='${datarootdir}/info'
+install_sh='${SHELL} /usr/local/src/igmpproxy-0.1/install-sh'
+libdir='${exec_prefix}/lib'
+libexecdir='${exec_prefix}/libexec'
+localedir='${datarootdir}/locale'
+localstatedir='${prefix}/var'
+mandir='${datarootdir}/man'
+mkdir_p='/bin/mkdir -p'
+oldincludedir='/usr/include'
+pdfdir='${docdir}'
+prefix='/usr/local/igmpproxy-0.1'
+program_transform_name='s,x,x,'
+psdir='${docdir}'
+sbindir='${exec_prefix}/sbin'
+sharedstatedir='${prefix}/com'
+sysconfdir='${prefix}/etc'
+target_alias=''
+
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+
+#define PACKAGE_NAME "igmpproxy"
+#define PACKAGE_TARNAME "igmpproxy"
+#define PACKAGE_VERSION "0.1"
+#define PACKAGE_STRING "igmpproxy 0.1"
+#define PACKAGE_BUGREPORT ""
+#define PACKAGE "igmpproxy"
+#define VERSION "0.1"
+
+configure: exit 0
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.status b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.status
new file mode 100755
index 0000000..e2e807e
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.status
@@ -0,0 +1,1232 @@
+#! /bin/sh
+# Generated by configure.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=${CONFIG_SHELL-/bin/sh}
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+
+# Save the log message, to keep $[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+# Files that config.status was made for.
+config_files=" Makefile doc/Makefile src/Makefile doc/igmpproxy.8 doc/igmpproxy.conf.5"
+config_headers=" config.h"
+config_links=" src/os.h:src/os-linux.h"
+config_commands=" depfiles"
+
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTION]... [FILE]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration links:
+$config_links
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-autoconf@gnu.org>."
+
+ac_cs_version="\
+igmpproxy config.status 0.1
+configured by ./configure, generated by GNU Autoconf 2.63,
+  with options \"'--prefix=/usr/local/igmpproxy-0.1'\"
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='/usr/local/src/igmpproxy-0.1'
+srcdir='.'
+INSTALL='/usr/bin/install -c'
+MKDIR_P='/bin/mkdir -p'
+AWK='gawk'
+test -n "$AWK" || AWK=awk
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_FILES="$CONFIG_FILES '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_HEADERS="$CONFIG_HEADERS '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    { $as_echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; };;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) { $as_echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; } ;;
+
+  *) ac_config_targets="$ac_config_targets $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+if $ac_cs_recheck; then
+  set X '/bin/sh' './configure'  '--prefix=/usr/local/igmpproxy-0.1' $ac_configure_extra_args --no-create --no-recursion
+  shift
+  $as_echo "running CONFIG_SHELL=/bin/sh $*" >&6
+  CONFIG_SHELL='/bin/sh'
+  export CONFIG_SHELL
+  exec "$@"
+fi
+
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="" ac_aux_dir="."
+
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+    "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+    "src/os.h") CONFIG_LINKS="$CONFIG_LINKS src/os.h:src/os-${os}.h" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+    "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+    "doc/igmpproxy.8") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.8" ;;
+    "doc/igmpproxy.conf.5") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.conf.5" ;;
+
+  *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_LINKS+set}" = set || CONFIG_LINKS=$config_links
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp=
+  trap 'exit_status=$?
+  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+  trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} ||
+{
+   $as_echo "$as_me: cannot create a temporary directory in ." >&2
+   { (exit 1); exit 1; }
+}
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr='
'
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+cat >>"$tmp/subs1.awk" <<\_ACAWK &&
+S["am__EXEEXT_FALSE"]=""
+S["am__EXEEXT_TRUE"]="#"
+S["LTLIBOBJS"]=""
+S["LIBOBJS"]=""
+S["host_os"]="linux-gnu"
+S["host_vendor"]="pc"
+S["host_cpu"]="i586"
+S["host"]="i586-pc-linux-gnu"
+S["build_os"]="linux-gnu"
+S["build_vendor"]="pc"
+S["build_cpu"]="i586"
+S["build"]="i586-pc-linux-gnu"
+S["am__fastdepCC_FALSE"]="#"
+S["am__fastdepCC_TRUE"]=""
+S["CCDEPMODE"]="depmode=gcc3"
+S["AMDEPBACKSLASH"]="\\"
+S["AMDEP_FALSE"]="#"
+S["AMDEP_TRUE"]=""
+S["am__quote"]=""
+S["am__include"]="include"
+S["DEPDIR"]=".deps"
+S["OBJEXT"]="o"
+S["EXEEXT"]=""
+S["ac_ct_CC"]="gcc"
+S["CPPFLAGS"]=""
+S["LDFLAGS"]=""
+S["CFLAGS"]="-g -O2"
+S["CC"]="gcc -std=gnu99"
+S["am__untar"]="${AMTAR} xf -"
+S["am__tar"]="${AMTAR} chof - \"$$tardir\""
+S["AMTAR"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run tar"
+S["am__leading_dot"]="."
+S["SET_MAKE"]=""
+S["AWK"]="gawk"
+S["mkdir_p"]="/bin/mkdir -p"
+S["MKDIR_P"]="/bin/mkdir -p"
+S["INSTALL_STRIP_PROGRAM"]="$(install_sh) -c -s"
+S["STRIP"]=""
+S["install_sh"]="${SHELL} /usr/local/src/igmpproxy-0.1/install-sh"
+S["MAKEINFO"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run makeinfo"
+S["AUTOHEADER"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoheader"
+S["AUTOMAKE"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run automake-1.11"
+S["AUTOCONF"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoconf"
+S["ACLOCAL"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run aclocal-1.11"
+S["VERSION"]="0.1"
+S["PACKAGE"]="igmpproxy"
+S["CYGPATH_W"]="echo"
+S["am__isrc"]=""
+S["INSTALL_DATA"]="${INSTALL} -m 644"
+S["INSTALL_SCRIPT"]="${INSTALL}"
+S["INSTALL_PROGRAM"]="${INSTALL}"
+S["target_alias"]=""
+S["host_alias"]=""
+S["build_alias"]=""
+S["LIBS"]=""
+S["ECHO_T"]=""
+S["ECHO_N"]="-n"
+S["ECHO_C"]=""
+S["DEFS"]="-DHAVE_CONFIG_H"
+S["mandir"]="${datarootdir}/man"
+S["localedir"]="${datarootdir}/locale"
+S["libdir"]="${exec_prefix}/lib"
+S["psdir"]="${docdir}"
+S["pdfdir"]="${docdir}"
+S["dvidir"]="${docdir}"
+S["htmldir"]="${docdir}"
+S["infodir"]="${datarootdir}/info"
+S["docdir"]="${datarootdir}/doc/${PACKAGE_TARNAME}"
+S["oldincludedir"]="/usr/include"
+S["includedir"]="${prefix}/include"
+S["localstatedir"]="${prefix}/var"
+S["sharedstatedir"]="${prefix}/com"
+S["sysconfdir"]="${prefix}/etc"
+S["datadir"]="${datarootdir}"
+S["datarootdir"]="${prefix}/share"
+S["libexecdir"]="${exec_prefix}/libexec"
+S["sbindir"]="${exec_prefix}/sbin"
+S["bindir"]="${exec_prefix}/bin"
+S["program_transform_name"]="s,x,x,"
+S["prefix"]="/usr/local/igmpproxy-0.1"
+S["exec_prefix"]="${prefix}"
+S["PACKAGE_BUGREPORT"]=""
+S["PACKAGE_STRING"]="igmpproxy 0.1"
+S["PACKAGE_VERSION"]="0.1"
+S["PACKAGE_TARNAME"]="igmpproxy"
+S["PACKAGE_NAME"]="igmpproxy"
+S["PATH_SEPARATOR"]=":"
+S["SHELL"]="/bin/sh"
+_ACAWK
+cat >>"$tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+  || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5
+$as_echo "$as_me: error: could not setup config files machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+D["PACKAGE_NAME"]=" \"igmpproxy\""
+D["PACKAGE_TARNAME"]=" \"igmpproxy\""
+D["PACKAGE_VERSION"]=" \"0.1\""
+D["PACKAGE_STRING"]=" \"igmpproxy 0.1\""
+D["PACKAGE_BUGREPORT"]=" \"\""
+D["PACKAGE"]=" \"igmpproxy\""
+D["VERSION"]=" \"0.1\""
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+[_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ][_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]*([\t (]|$)/ {
+  line = $ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+  { { $as_echo "$as_me:$LINENO: error: could not setup config headers machinery" >&5
+$as_echo "$as_me: error: could not setup config headers machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS  :L $CONFIG_LINKS  :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: invalid tag $ac_tag" >&5
+$as_echo "$as_me: error: invalid tag $ac_tag" >&2;}
+   { (exit 1); exit 1; }; };;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
+$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;}
+   { (exit 1); exit 1; }; };;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      ac_file_inputs="$ac_file_inputs '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:$LINENO: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$tmp/stdin" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; } ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  { as_dir="$ac_dir"
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+  ac_MKDIR_P=$MKDIR_P
+  case $MKDIR_P in
+  [\\/$]* | ?:[\\/]* ) ;;
+  */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+  esac
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p
+'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+  ac_datarootdir_hack='
+  s&@datadir@&${datarootdir}&g
+  s&@docdir@&${datarootdir}/doc/${PACKAGE_TARNAME}&g
+  s&@infodir@&${datarootdir}/info&g
+  s&@localedir@&${datarootdir}/locale&g
+  s&@mandir@&${datarootdir}/man&g
+    s&\${datarootdir}&${prefix}/share&g' ;;
+esac
+ac_sed_extra="/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[	 ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[	 ]*$//
+}
+
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&2;}
+
+  rm -f "$tmp/stdin"
+  case $ac_file in
+  -) cat "$tmp/out" && rm -f "$tmp/out";;
+  *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+  esac \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+    } >"$tmp/config.h" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$tmp/config.h" "$ac_file" \
+	|| { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create -" >&5
+$as_echo "$as_me: error: could not create -" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$_am_arg" : 'X\(//\)[^/]' \| \
+	 X"$_am_arg" : 'X\(//\)$' \| \
+	 X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+  :L)
+  #
+  # CONFIG_LINK
+  #
+
+  if test "$ac_source" = "$ac_file" && test "$srcdir" = '.'; then
+    :
+  else
+    # Prefer the file from the source tree if names are identical.
+    if test "$ac_source" = "$ac_file" || test ! -r "$ac_source"; then
+      ac_source=$srcdir/$ac_source
+    fi
+
+    { $as_echo "$as_me:$LINENO: linking $ac_source to $ac_file" >&5
+$as_echo "$as_me: linking $ac_source to $ac_file" >&6;}
+
+    if test ! -r "$ac_source"; then
+      { { $as_echo "$as_me:$LINENO: error: $ac_source: file not found" >&5
+$as_echo "$as_me: error: $ac_source: file not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    rm -f "$ac_file"
+
+    # Try a relative symlink, then a hard link, then a copy.
+    case $srcdir in
+    [\\/$]* | ?:[\\/]* ) ac_rel_source=$ac_source ;;
+	*) ac_rel_source=$ac_top_build_prefix$ac_source ;;
+    esac
+    ln -s "$ac_rel_source" "$ac_file" 2>/dev/null ||
+      ln "$ac_source" "$ac_file" 2>/dev/null ||
+      cp -p "$ac_source" "$ac_file" ||
+      { { $as_echo "$as_me:$LINENO: error: cannot link or copy $ac_source to $ac_file" >&5
+$as_echo "$as_me: error: cannot link or copy $ac_source to $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+ ;;
+  :C)  { $as_echo "$as_me:$LINENO: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
+
+
+  case $ac_file$ac_mode in
+    "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$mf" : 'X\(//\)[^/]' \| \
+	 X"$mf" : 'X\(//\)$' \| \
+	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$file" : 'X\(//\)[^/]' \| \
+	 X"$file" : 'X\(//\)$' \| \
+	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      { as_dir=$dirpart/$fdir
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+ ;;
+
+  esac
+done # for ac_tag
+
+
+{ (exit 0); exit 0; }
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.sub b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.sub
new file mode 100755
index 0000000..3243784
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/config.sub
@@ -0,0 +1,1717 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-08-19'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>.  Submit a context
+# diff and a properly formatted GNU ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  kopensolaris*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray | -microblaze)
+		os=
+		basic_machine=$1
+		;;
+        -bluegene*)
+	        os=-cnk
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx | dvp \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| lm32 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep | metag \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64octeon | mips64octeonel \
+	| mips64orion | mips64orionel \
+	| mips64r5900 | mips64r5900el \
+	| mips64vr | mips64vrel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| moxie \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k | z80)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| lm32-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64octeon-* | mips64octeonel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64r5900-* | mips64r5900el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa*-* \
+	| ymp-* \
+	| z8k-* | z80-*)
+		;;
+	# Recognize the basic CPU types without company name, with glob match.
+	xtensa*)
+		basic_machine=$basic_machine-unknown
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aros)
+		basic_machine=i386-pc
+		os=-aros
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	blackfin)
+		basic_machine=bfin-unknown
+		os=-linux
+		;;
+	blackfin-*)
+		basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	bluegene*)
+		basic_machine=powerpc-ibm
+		os=-cnk
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+        cegcc)
+		basic_machine=arm-unknown
+		os=-cegcc
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16)
+		basic_machine=cr16-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	dicos)
+		basic_machine=i686-pc
+		os=-dicos
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m68knommu)
+		basic_machine=m68k-unknown
+		os=-linux
+		;;
+	m68knommu-*)
+		basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+        microblaze)
+		basic_machine=microblaze-xilinx
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mipsEE* | ee | ps2)
+		basic_machine=mips64r5900el-scei
+		case $os in
+		    -linux*)
+			;;
+		    *)
+			os=-elf
+			;;
+		esac
+		;;
+	iop)
+		basic_machine=mipsel-scei
+		os=-irx
+		;;
+	dvp)
+		basic_machine=dvp-scei
+		os=-elf
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	parisc)
+		basic_machine=hppa-unknown
+		os=-linux
+		;;
+	parisc-*)
+		basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tile*)
+		basic_machine=tile-unknown
+		os=-linux-gnu
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	z80-*-coff)
+		basic_machine=z80-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -kopensolaris* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* | -aros* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* | -cegcc* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -irx*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-dicos*)
+		os=-dicos
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-cnk*|-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/configure b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/configure
new file mode 100755
index 0000000..1314ebf
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/configure
@@ -0,0 +1,5469 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.63 for igmpproxy 0.1.
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+if test "x$CONFIG_SHELL" = x; then
+  if (eval ":") 2>/dev/null; then
+  as_have_required=yes
+else
+  as_have_required=no
+fi
+
+  if test $as_have_required = yes &&	 (eval ":
+(as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0) || { (exit 1); exit 1; }
+
+(
+  as_lineno_1=\$LINENO
+  as_lineno_2=\$LINENO
+  test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" &&
+  test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; }
+") 2> /dev/null; then
+  :
+else
+  as_candidate_shells=
+    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  case $as_dir in
+	 /*)
+	   for as_base in sh bash ksh sh5; do
+	     as_candidate_shells="$as_candidate_shells $as_dir/$as_base"
+	   done;;
+       esac
+done
+IFS=$as_save_IFS
+
+
+      for as_shell in $as_candidate_shells $SHELL; do
+	 # Try only shells that exist, to save several forks.
+	 if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		{ ("$as_shell") 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+_ASEOF
+}; then
+  CONFIG_SHELL=$as_shell
+	       as_have_required=yes
+	       if { "$as_shell" 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+(as_func_return () {
+  (exit $1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = "$1" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test $exitcode = 0) || { (exit 1); exit 1; }
+
+(
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; }
+
+_ASEOF
+}; then
+  break
+fi
+
+fi
+
+      done
+
+      if test "x$CONFIG_SHELL" != x; then
+  for as_var in BASH_ENV ENV
+	do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+	done
+	export CONFIG_SHELL
+	exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+fi
+
+
+    if test $as_have_required = no; then
+  echo This script requires a shell more modern than all the
+      echo shells that I found on your system.  Please install a
+      echo modern shell, or manually run the script under such a
+      echo shell if you do have one.
+      { (exit 1); exit 1; }
+fi
+
+
+fi
+
+fi
+
+
+
+(eval "as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0") || {
+  echo No shell found that supports shell functions.
+  echo Please tell bug-autoconf@gnu.org about your system,
+  echo including any error possibly output before this message.
+  echo This can help us improve future autoconf versions.
+  echo Configuration will now proceed without shell functions.
+}
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+
+exec 7<&0 </dev/null 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+# Identity of this package.
+PACKAGE_NAME='igmpproxy'
+PACKAGE_TARNAME='igmpproxy'
+PACKAGE_VERSION='0.1'
+PACKAGE_STRING='igmpproxy 0.1'
+PACKAGE_BUGREPORT=''
+
+ac_unique_file="src/igmpproxy.c"
+ac_subst_vars='am__EXEEXT_FALSE
+am__EXEEXT_TRUE
+LTLIBOBJS
+LIBOBJS
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+am__fastdepCC_FALSE
+am__fastdepCC_TRUE
+CCDEPMODE
+AMDEPBACKSLASH
+AMDEP_FALSE
+AMDEP_TRUE
+am__quote
+am__include
+DEPDIR
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+am__untar
+am__tar
+AMTAR
+am__leading_dot
+SET_MAKE
+AWK
+mkdir_p
+MKDIR_P
+INSTALL_STRIP_PROGRAM
+STRIP
+install_sh
+MAKEINFO
+AUTOHEADER
+AUTOMAKE
+AUTOCONF
+ACLOCAL
+VERSION
+PACKAGE
+CYGPATH_W
+am__isrc
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_dependency_tracking
+'
+      ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval $ac_prev=\$ac_option
+    ac_prev=
+    continue
+  fi
+
+  case $ac_option in
+  *=*)	ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *)	ac_optarg=yes ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
+    datadir=$ac_optarg ;;
+
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=no ;;
+
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
+  -enable-* | --enable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=\$ac_optarg ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst | --locals)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=\$ac_optarg ;;
+
+  -without-* | --without-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=no ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) { $as_echo "$as_me: error: unrecognized option: $ac_option
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; }
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid variable name: $ac_envvar" >&2
+   { (exit 1); exit 1; }; }
+    eval $ac_envvar=\$ac_optarg
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  { $as_echo "$as_me: error: missing argument to $ac_option" >&2
+   { (exit 1); exit 1; }; }
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+  case $enable_option_checking in
+    no) ;;
+    fatal) { $as_echo "$as_me: error: unrecognized options: $ac_unrecognized_opts" >&2
+   { (exit 1); exit 1; }; } ;;
+    *)     $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+  esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir
+do
+  eval ac_val=\$$ac_var
+  # Remove trailing slashes.
+  case $ac_val in
+    */ )
+      ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+      eval $ac_var=\$ac_val;;
+  esac
+  # Be sure to have absolute directory names.
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+  esac
+  { $as_echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+   { (exit 1); exit 1; }; }
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+    $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
+    If a cross compiler is detected then cross compile mode will be used." >&2
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  { $as_echo "$as_me: error: working directory cannot be determined" >&2
+   { (exit 1); exit 1; }; }
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  { $as_echo "$as_me: error: pwd does not report name of working directory" >&2
+   { (exit 1); exit 1; }; }
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_myself" : 'X\(//\)[^/]' \| \
+	 X"$as_myself" : 'X\(//\)$' \| \
+	 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r "$srcdir/$ac_unique_file"; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  { $as_echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
+   { (exit 1); exit 1; }; }
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || { $as_echo "$as_me: error: $ac_msg" >&2
+   { (exit 1); exit 1; }; }
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures igmpproxy 0.1 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR            user executables [EPREFIX/bin]
+  --sbindir=DIR           system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR        program executables [EPREFIX/libexec]
+  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --libdir=DIR            object code libraries [EPREFIX/lib]
+  --includedir=DIR        C header files [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR           info documentation [DATAROOTDIR/info]
+  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR            man documentation [DATAROOTDIR/man]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/igmpproxy]
+  --htmldir=DIR           html documentation [DOCDIR]
+  --dvidir=DIR            dvi documentation [DOCDIR]
+  --pdfdir=DIR            pdf documentation [DOCDIR]
+  --psdir=DIR             ps documentation [DOCDIR]
+_ACEOF
+
+  cat <<\_ACEOF
+
+Program names:
+  --program-prefix=PREFIX            prepend PREFIX to installed program names
+  --program-suffix=SUFFIX            append SUFFIX to installed program names
+  --program-transform-name=PROGRAM   run sed PROGRAM on installed program names
+
+System types:
+  --build=BUILD     configure for building on BUILD [guessed]
+  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of igmpproxy 0.1:";;
+   esac
+  cat <<\_ACEOF
+
+Optional Features:
+  --disable-option-checking  ignore unrecognized --enable/--with options
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors
+
+Some influential environment variables:
+  CC          C compiler command
+  CFLAGS      C compiler flags
+  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
+              nonstandard directory <lib dir>
+  LIBS        libraries to pass to the linker, e.g. -l<library>
+  CPPFLAGS    C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
+              you have headers in a nonstandard directory <include dir>
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" ||
+      { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+      continue
+    ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+  cat <<\_ACEOF
+igmpproxy configure 0.1
+generated by GNU Autoconf 2.63
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+  exit
+fi
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  $as_echo "PATH: $as_dir"
+done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *\'*)
+      ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
+    2)
+      ac_configure_args1="$ac_configure_args1 '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      ac_configure_args="$ac_configure_args '$ac_arg'"
+      ;;
+    esac
+  done
+done
+$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
+$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    cat <<\_ASBOX
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+_ASBOX
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) $as_unset $ac_var ;;
+      esac ;;
+    esac
+  done
+  (set) 2>&1 |
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      sed -n \
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
+    *)
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+)
+    echo
+
+    cat <<\_ASBOX
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+_ASBOX
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      $as_echo "$ac_var='\''$ac_val'\''"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      cat <<\_ASBOX
+## ------------------- ##
+## File substitutions. ##
+## ------------------- ##
+_ASBOX
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	$as_echo "$ac_var='\''$ac_val'\''"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      cat <<\_ASBOX
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+_ASBOX
+      echo
+      cat confdefs.h
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      $as_echo "$as_me: caught signal $ac_signal"
+    $as_echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+  ac_site_file1=$CONFIG_SITE
+elif test "x$prefix" != xNONE; then
+  ac_site_file1=$prefix/share/config.site
+  ac_site_file2=$prefix/etc/config.site
+else
+  ac_site_file1=$ac_default_prefix/share/config.site
+  ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+  test "x$ac_site_file" = xNONE && continue
+  if test -r "$ac_site_file"; then
+    { $as_echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file"
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special
+  # files actually), so we avoid doing that.
+  if test -f "$cache_file"; then
+    { $as_echo "$as_me:$LINENO: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . "$cache_file";;
+      *)                      . "./$cache_file";;
+    esac
+  fi
+else
+  { $as_echo "$as_me:$LINENO: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { $as_echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { $as_echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	# differences in whitespace do not lead to failure.
+	ac_old_val_w=`echo x $ac_old_val`
+	ac_new_val_w=`echo x $ac_new_val`
+	if test "$ac_old_val_w" != "$ac_new_val_w"; then
+	  { $as_echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	  ac_cache_corrupted=:
+	else
+	  { $as_echo "$as_me:$LINENO: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+	  eval $ac_var=\$ac_old_val
+	fi
+	{ $as_echo "$as_me:$LINENO:   former value:  \`$ac_old_val'" >&5
+$as_echo "$as_me:   former value:  \`$ac_old_val'" >&2;}
+	{ $as_echo "$as_me:$LINENO:   current value: \`$ac_new_val'" >&5
+$as_echo "$as_me:   current value: \`$ac_new_val'" >&2;}
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+  { $as_echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  { { $as_echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
+$as_echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+am__api_version='1.11'
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+  if test -f "$ac_dir/install-sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install-sh -c"
+    break
+  elif test -f "$ac_dir/install.sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install.sh -c"
+    break
+  elif test -f "$ac_dir/shtool"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/shtool install -c"
+    break
+  fi
+done
+if test -z "$ac_aux_dir"; then
+  { { $as_echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5
+$as_echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"  # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"  # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
+
+
+# Find a good install program.  We prefer a C program (faster),
+# so one script is as good as another.  But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if test "${ac_cv_path_install+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in
+  ./ | .// | /cC/* | \
+  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+  ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
+  /usr/ucb/* ) ;;
+  *)
+    # OSF1 and SCO ODT 3.0 have their own names for install.
+    # Don't use installbsd from OSF since it installs stuff as root
+    # by default.
+    for ac_prog in ginstall scoinst install; do
+      for ac_exec_ext in '' $ac_executable_extensions; do
+	if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+	  if test $ac_prog = install &&
+	    grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # AIX install.  It has an incompatible calling convention.
+	    :
+	  elif test $ac_prog = install &&
+	    grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # program-specific install script used by HP pwplus--don't use.
+	    :
+	  else
+	    rm -rf conftest.one conftest.two conftest.dir
+	    echo one > conftest.one
+	    echo two > conftest.two
+	    mkdir conftest.dir
+	    if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+	      test -s conftest.one && test -s conftest.two &&
+	      test -s conftest.dir/conftest.one &&
+	      test -s conftest.dir/conftest.two
+	    then
+	      ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+	      break 3
+	    fi
+	  fi
+	fi
+      done
+    done
+    ;;
+esac
+
+done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+  if test "${ac_cv_path_install+set}" = set; then
+    INSTALL=$ac_cv_path_install
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for INSTALL within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    INSTALL=$ac_install_sh
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ $as_echo "$as_me:$LINENO: checking whether build environment is sane" >&5
+$as_echo_n "checking whether build environment is sane... " >&6; }
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[\\\"\#\$\&\'\`$am_lf]*)
+    { { $as_echo "$as_me:$LINENO: error: unsafe absolute working directory name" >&5
+$as_echo "$as_me: error: unsafe absolute working directory name" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+case $srcdir in
+  *[\\\"\#\$\&\'\`$am_lf\ \	]*)
+    { { $as_echo "$as_me:$LINENO: error: unsafe srcdir value: \`$srcdir'" >&5
+$as_echo "$as_me: error: unsafe srcdir value: \`$srcdir'" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+   if test "$*" = "X"; then
+      # -L didn't work.
+      set X `ls -t "$srcdir/configure" conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$*" != "X $srcdir/configure conftest.file" \
+      && test "$*" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      { { $as_echo "$as_me:$LINENO: error: ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" >&5
+$as_echo "$as_me: error: ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" >&2;}
+   { (exit 1); exit 1; }; }
+   fi
+
+   test "$2" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   { { $as_echo "$as_me:$LINENO: error: newly created file is older than distributed files!
+Check your system clock" >&5
+$as_echo "$as_me: error: newly created file is older than distributed files!
+Check your system clock" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+{ $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+test "$program_prefix" != NONE &&
+  program_transform_name="s&^&$program_prefix&;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+  program_transform_name="s&\$&$program_suffix&;$program_transform_name"
+# Double any \ or $.
+# By default was `s,x,x', remove it if useless.
+ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  { $as_echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5
+$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+if test x"${install_sh}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+  if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$STRIP"; then
+  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+  { $as_echo "$as_me:$LINENO: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+  ac_ct_STRIP=$STRIP
+  # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_STRIP"; then
+  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_STRIP="strip"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_STRIP" = x; then
+    STRIP=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    STRIP=$ac_ct_STRIP
+  fi
+else
+  STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+
+{ $as_echo "$as_me:$LINENO: checking for a thread-safe mkdir -p" >&5
+$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+if test -z "$MKDIR_P"; then
+  if test "${ac_cv_path_mkdir+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_prog in mkdir gmkdir; do
+	 for ac_exec_ext in '' $ac_executable_extensions; do
+	   { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
+	   case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
+	     'mkdir (GNU coreutils) '* | \
+	     'mkdir (coreutils) '* | \
+	     'mkdir (fileutils) '4.1*)
+	       ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+	       break 3;;
+	   esac
+	 done
+       done
+done
+IFS=$as_save_IFS
+
+fi
+
+  if test "${ac_cv_path_mkdir+set}" = set; then
+    MKDIR_P="$ac_cv_path_mkdir -p"
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for MKDIR_P within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    test -d ./--version && rmdir ./--version
+    MKDIR_P="$ac_install_sh -d"
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: $MKDIR_P" >&5
+$as_echo "$MKDIR_P" >&6; }
+
+mkdir_p="$MKDIR_P"
+case $mkdir_p in
+  [\\/$]* | ?:[\\/]*) ;;
+  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+
+for ac_prog in gawk mawk nawk awk
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AWK+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$AWK"; then
+  ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_AWK="$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+  { $as_echo "$as_me:$LINENO: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$AWK" && break
+done
+
+{ $as_echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+	@echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+  *@@@%%%=?*=@@@%%%*)
+    eval ac_cv_prog_make_${ac_make}_set=yes;;
+  *)
+    eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+  { $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+  SET_MAKE=
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+  SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  am__isrc=' -I$(srcdir)'
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    { { $as_echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5
+$as_echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE='igmpproxy'
+ VERSION='0.1'
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+# Always define AMTAR for backward compatibility.
+
+AMTAR=${AMTAR-"${am_missing_run}tar"}
+
+am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+
+
+
+
+
+
+ac_config_headers="$ac_config_headers config.h"
+
+DEPDIR="${am__leading_dot}deps"
+
+ac_config_commands="$ac_config_commands depfiles"
+
+
+am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+{ $as_echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5
+$as_echo_n "checking for style of include used by $am_make... " >&6; }
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+
+
+{ $as_echo "$as_me:$LINENO: result: $_am_result" >&5
+$as_echo "$_am_result" >&6; }
+rm -f confinc confmf
+
+# Check whether --enable-dependency-tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then
+  enableval=$enable_dependency_tracking;
+fi
+
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+ if test "x$enable_dependency_tracking" != xno; then
+  AMDEP_TRUE=
+  AMDEP_FALSE='#'
+else
+  AMDEP_TRUE='#'
+  AMDEP_FALSE=
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}gcc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="gcc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+          if test -n "$ac_tool_prefix"; then
+    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}cc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  fi
+fi
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+       ac_prog_rejected=yes
+       continue
+     fi
+    ac_cv_prog_CC="cc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# != 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+  fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in cl.exe
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$CC" && break
+  done
+fi
+if test -z "$CC"; then
+  ac_ct_CC=$CC
+  for ac_prog in cl.exe
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CC" && break
+done
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:$LINENO: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+{ (ac_try="$ac_compiler --version >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler --version >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (ac_try="$ac_compiler -v >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler -v >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (ac_try="$ac_compiler -V >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler -V >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+  esac
+done
+rm -f $ac_rmfiles
+
+if { (ac_try="$ac_link_default"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link_default") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile.  We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+	;;
+    [ab].out )
+	# We found the default executable, but exeext='' is most
+	# certainly right.
+	break;;
+    *.* )
+        if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+	then :; else
+	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	fi
+	# We set ac_cv_exeext here because the later test for it is not
+	# safe: cross compilers may not add the suffix if given an `-o'
+	# argument, so we may need to know it at that point already.
+	# Even if this section looks crufty: it has the advantage of
+	# actually working.
+	break;;
+    * )
+	break;;
+  esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+  ac_file=''
+fi
+
+{ $as_echo "$as_me:$LINENO: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+if test -z "$ac_file"; then
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: C compiler cannot create executables
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: C compiler cannot create executables
+See \`config.log' for more details." >&2;}
+   { (exit 77); exit 77; }; }; }
+fi
+
+ac_exeext=$ac_cv_exeext
+
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:$LINENO: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
+# If not cross compiling, check that we can run a simple program.
+if test "$cross_compiling" != yes; then
+  if { ac_try='./$ac_file'
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+    cross_compiling=no
+  else
+    if test "$cross_compiling" = maybe; then
+	cross_compiling=yes
+    else
+	{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+    fi
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+{ $as_echo "$as_me:$LINENO: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+{ $as_echo "$as_me:$LINENO: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	  break;;
+    * ) break;;
+  esac
+done
+else
+  { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+fi
+
+rm -f conftest$ac_cv_exeext
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+{ $as_echo "$as_me:$LINENO: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if test "${ac_cv_objext+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  for ac_file in conftest.o conftest.obj conftest.*; do
+  test -f "$ac_file" || continue;
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+       break;;
+  esac
+done
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+fi
+
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if test "${ac_cv_c_compiler_gnu+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_compiler_gnu=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_compiler_gnu=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+  GCC=yes
+else
+  GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if test "${ac_cv_prog_cc_g+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_save_c_werror_flag=$ac_c_werror_flag
+   ac_c_werror_flag=yes
+   ac_cv_prog_cc_g=no
+   CFLAGS="-g"
+   cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	CFLAGS=""
+      cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  :
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_c_werror_flag=$ac_save_c_werror_flag
+	 CFLAGS="-g"
+	 cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+     char **p;
+     int i;
+{
+  return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+  char *s;
+  va_list v;
+  va_start (v,p);
+  s = g (p, va_arg (v,int));
+  va_end (v);
+  return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
+   function prototypes and stuff, but not '\xHH' hex character constants.
+   These don't provoke an error unfortunately, instead are silently treated
+   as 'x'.  The following induces an error, until -std is added to get
+   proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
+   array size at least.  It's necessary to write '\x00'==0 to get something
+   that's true only with -std.  */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+   inside strings and character constants.  */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+	-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+  CC="$ac_save_CC $ac_arg"
+  rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_c89=$ac_arg
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+  x)
+    { $as_echo "$as_me:$LINENO: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:$LINENO: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c89"
+    { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CC"   am_compiler_list=
+
+{ $as_echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_CC_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+  fi
+  am__universal=false
+  case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_CC_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+ if
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+  am__fastdepCC_TRUE=
+  am__fastdepCC_FALSE='#'
+else
+  am__fastdepCC_TRUE='#'
+  am__fastdepCC_FALSE=
+fi
+
+
+   { $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C99" >&5
+$as_echo_n "checking for $CC option to accept ISO C99... " >&6; }
+if test "${ac_cv_prog_cc_c99+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c99=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <wchar.h>
+#include <stdio.h>
+
+// Check varargs macros.  These examples are taken from C99 6.10.3.5.
+#define debug(...) fprintf (stderr, __VA_ARGS__)
+#define showlist(...) puts (#__VA_ARGS__)
+#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+static void
+test_varargs_macros (void)
+{
+  int x = 1234;
+  int y = 5678;
+  debug ("Flag");
+  debug ("X = %d\n", x);
+  showlist (The first, second, and third items.);
+  report (x>y, "x is %d but y is %d", x, y);
+}
+
+// Check long long types.
+#define BIG64 18446744073709551615ull
+#define BIG32 4294967295ul
+#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+#if !BIG_OK
+  your preprocessor is broken;
+#endif
+#if BIG_OK
+#else
+  your preprocessor is broken;
+#endif
+static long long int bignum = -9223372036854775807LL;
+static unsigned long long int ubignum = BIG64;
+
+struct incomplete_array
+{
+  int datasize;
+  double data[];
+};
+
+struct named_init {
+  int number;
+  const wchar_t *name;
+  double average;
+};
+
+typedef const char *ccp;
+
+static inline int
+test_restrict (ccp restrict text)
+{
+  // See if C++-style comments work.
+  // Iterate through items via the restricted pointer.
+  // Also check for declarations in for loops.
+  for (unsigned int i = 0; *(text+i) != '\0'; ++i)
+    continue;
+  return 0;
+}
+
+// Check varargs and va_copy.
+static void
+test_varargs (const char *format, ...)
+{
+  va_list args;
+  va_start (args, format);
+  va_list args_copy;
+  va_copy (args_copy, args);
+
+  const char *str;
+  int number;
+  float fnumber;
+
+  while (*format)
+    {
+      switch (*format++)
+	{
+	case 's': // string
+	  str = va_arg (args_copy, const char *);
+	  break;
+	case 'd': // int
+	  number = va_arg (args_copy, int);
+	  break;
+	case 'f': // float
+	  fnumber = va_arg (args_copy, double);
+	  break;
+	default:
+	  break;
+	}
+    }
+  va_end (args_copy);
+  va_end (args);
+}
+
+int
+main ()
+{
+
+  // Check bool.
+  _Bool success = false;
+
+  // Check restrict.
+  if (test_restrict ("String literal") == 0)
+    success = true;
+  char *restrict newvar = "Another string";
+
+  // Check varargs.
+  test_varargs ("s, d' f .", "string", 65, 34.234);
+  test_varargs_macros ();
+
+  // Check flexible array members.
+  struct incomplete_array *ia =
+    malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+  ia->datasize = 10;
+  for (int i = 0; i < ia->datasize; ++i)
+    ia->data[i] = i * 1.234;
+
+  // Check named initializers.
+  struct named_init ni = {
+    .number = 34,
+    .name = L"Test wide string",
+    .average = 543.34343,
+  };
+
+  ni.number = 58;
+
+  int dynamic_array[ni.number];
+  dynamic_array[ni.number - 1] = 543;
+
+  // work around unused variable warnings
+  return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
+	  || dynamic_array[ni.number - 1] != 543);
+
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -xc99=all -qlanglvl=extc99
+do
+  CC="$ac_save_CC $ac_arg"
+  rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_c99=$ac_arg
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c99" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c99" in
+  x)
+    { $as_echo "$as_me:$LINENO: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:$LINENO: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c99"
+    { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c99" >&5
+$as_echo "$ac_cv_prog_cc_c99" >&6; } ;;
+esac
+
+
+
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+  { { $as_echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5
+$as_echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;}
+   { (exit 1); exit 1; }; }
+
+{ $as_echo "$as_me:$LINENO: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if test "${ac_cv_build+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+  ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+  { { $as_echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
+$as_echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
+   { (exit 1); exit 1; }; }
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+  { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5
+$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical build" >&5
+$as_echo "$as_me: error: invalid value of canonical build" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:$LINENO: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if test "${ac_cv_host+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test "x$host_alias" = x; then
+  ac_cv_host=$ac_cv_build
+else
+  ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+    { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5
+$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical host" >&5
+$as_echo "$as_me: error: invalid value of canonical host" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+case $host_os in
+	linux*) os=linux;;
+	freebsd*) os=freebsd;;
+	netbsd*) os=netbsd;;
+	openbsd*) os=openbsd;;
+	dragonfly*) os=dragonfly;;
+	*) { { $as_echo "$as_me:$LINENO: error: OS $host_os is not supported" >&5
+$as_echo "$as_me: error: OS $host_os is not supported" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+ac_config_links="$ac_config_links src/os.h:src/os-${os}.h"
+
+
+
+{ $as_echo "$as_me:$LINENO: checking for struct sockaddr.sa_len" >&5
+$as_echo_n "checking for struct sockaddr.sa_len... " >&6; }
+if test "${ac_cv_member_struct_sockaddr_sa_len+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+
+int
+main ()
+{
+static struct sockaddr ac_aggr;
+if (ac_aggr.sa_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_sa_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+
+int
+main ()
+{
+static struct sockaddr ac_aggr;
+if (sizeof ac_aggr.sa_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_sa_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_member_struct_sockaddr_sa_len=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_sa_len" >&5
+$as_echo "$ac_cv_member_struct_sockaddr_sa_len" >&6; }
+if test "x$ac_cv_member_struct_sockaddr_sa_len" = x""yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_SA_LEN 1
+_ACEOF
+
+
+fi
+
+{ $as_echo "$as_me:$LINENO: checking for struct sockaddr_in.sin_len" >&5
+$as_echo_n "checking for struct sockaddr_in.sin_len... " >&6; }
+if test "${ac_cv_member_struct_sockaddr_in_sin_len+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+
+int
+main ()
+{
+static struct sockaddr_in ac_aggr;
+if (ac_aggr.sin_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_in_sin_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+
+int
+main ()
+{
+static struct sockaddr_in ac_aggr;
+if (sizeof ac_aggr.sin_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_in_sin_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_member_struct_sockaddr_in_sin_len=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_in_sin_len" >&5
+$as_echo "$ac_cv_member_struct_sockaddr_in_sin_len" >&6; }
+if test "x$ac_cv_member_struct_sockaddr_in_sin_len" = x""yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_IN_SIN_LEN 1
+_ACEOF
+
+
+fi
+
+
+ac_config_files="$ac_config_files Makefile doc/Makefile src/Makefile doc/igmpproxy.8 doc/igmpproxy.conf.5"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+  for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) $as_unset $ac_var ;;
+      esac ;;
+    esac
+  done
+
+  (set) 2>&1 |
+    case $as_nl`(ac_space=' '; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      # `set' does not quote correctly, so add quotes (double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \).
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;; #(
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+) |
+  sed '
+     /^ac_cv_env_/b end
+     t clear
+     :clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+     t end
+     s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+  if test -w "$cache_file"; then
+    test "x$cache_file" != "x/dev/null" &&
+      { $as_echo "$as_me:$LINENO: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+    cat confcache >$cache_file
+  else
+    { $as_echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+  ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
+  #    will be set to the directory where LIBOBJS objects are built.
+  ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+  ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+ if test -n "$EXEEXT"; then
+  am__EXEEXT_TRUE=
+  am__EXEEXT_FALSE='#'
+else
+  am__EXEEXT_TRUE='#'
+  am__EXEEXT_FALSE=
+fi
+
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+  { { $as_echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+$as_echo "$as_me: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+  { { $as_echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+$as_echo "$as_me: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+: ${CONFIG_STATUS=./config.status}
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+cat >$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=\${CONFIG_SHELL-$SHELL}
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+
+# Save the log message, to keep $[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+config_links="$ac_config_links"
+config_commands="$ac_config_commands"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTION]... [FILE]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration links:
+$config_links
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-autoconf@gnu.org>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_version="\\
+igmpproxy config.status 0.1
+configured by $0, generated by GNU Autoconf 2.63,
+  with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+MKDIR_P='$MKDIR_P'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_FILES="$CONFIG_FILES '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_HEADERS="$CONFIG_HEADERS '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    { $as_echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; };;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) { $as_echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; } ;;
+
+  *) ac_config_targets="$ac_config_targets $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+  set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+  shift
+  \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+  CONFIG_SHELL='$SHELL'
+  export CONFIG_SHELL
+  exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+    "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+    "src/os.h") CONFIG_LINKS="$CONFIG_LINKS src/os.h:src/os-${os}.h" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+    "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+    "doc/igmpproxy.8") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.8" ;;
+    "doc/igmpproxy.conf.5") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.conf.5" ;;
+
+  *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_LINKS+set}" = set || CONFIG_LINKS=$config_links
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp=
+  trap 'exit_status=$?
+  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+  trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} ||
+{
+   $as_echo "$as_me: cannot create a temporary directory in ." >&2
+   { (exit 1); exit 1; }
+}
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr='
'
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+  echo "cat >conf$$subs.awk <<_ACEOF" &&
+  echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+  echo "_ACEOF"
+} >conf$$subs.sh ||
+  { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  . ./conf$$subs.sh ||
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+
+  ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+  if test $ac_delim_n = $ac_delim_num; then
+    break
+  elif $ac_last_try; then
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\).*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\).*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+  N
+  s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+  || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5
+$as_echo "$as_me: error: could not setup config files machinery" >&2;}
+   { (exit 1); exit 1; }; }
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove $(srcdir),
+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[	 ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[	 ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+  ac_t=`sed -n "/$ac_delim/p" confdefs.h`
+  if test -z "$ac_t"; then
+    break
+  elif $ac_last_try; then
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_HEADERS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_HEADERS" >&2;}
+   { (exit 1); exit 1; }; }
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any.  Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[	 ]*#[	 ]*define[	 ][	 ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+  line = \$ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+  { { $as_echo "$as_me:$LINENO: error: could not setup config headers machinery" >&5
+$as_echo "$as_me: error: could not setup config headers machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS  :L $CONFIG_LINKS  :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: invalid tag $ac_tag" >&5
+$as_echo "$as_me: error: invalid tag $ac_tag" >&2;}
+   { (exit 1); exit 1; }; };;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
+$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;}
+   { (exit 1); exit 1; }; };;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      ac_file_inputs="$ac_file_inputs '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:$LINENO: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$tmp/stdin" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; } ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  { as_dir="$ac_dir"
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+  ac_MKDIR_P=$MKDIR_P
+  case $MKDIR_P in
+  [\\/$]* | ?:[\\/]* ) ;;
+  */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+  esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p
+'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  ac_datarootdir_hack='
+  s&@datadir@&$datadir&g
+  s&@docdir@&$docdir&g
+  s&@infodir@&$infodir&g
+  s&@localedir@&$localedir&g
+  s&@mandir@&$mandir&g
+    s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&2;}
+
+  rm -f "$tmp/stdin"
+  case $ac_file in
+  -) cat "$tmp/out" && rm -f "$tmp/out";;
+  *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+  esac \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+    } >"$tmp/config.h" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$tmp/config.h" "$ac_file" \
+	|| { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create -" >&5
+$as_echo "$as_me: error: could not create -" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$_am_arg" : 'X\(//\)[^/]' \| \
+	 X"$_am_arg" : 'X\(//\)$' \| \
+	 X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+  :L)
+  #
+  # CONFIG_LINK
+  #
+
+  if test "$ac_source" = "$ac_file" && test "$srcdir" = '.'; then
+    :
+  else
+    # Prefer the file from the source tree if names are identical.
+    if test "$ac_source" = "$ac_file" || test ! -r "$ac_source"; then
+      ac_source=$srcdir/$ac_source
+    fi
+
+    { $as_echo "$as_me:$LINENO: linking $ac_source to $ac_file" >&5
+$as_echo "$as_me: linking $ac_source to $ac_file" >&6;}
+
+    if test ! -r "$ac_source"; then
+      { { $as_echo "$as_me:$LINENO: error: $ac_source: file not found" >&5
+$as_echo "$as_me: error: $ac_source: file not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    rm -f "$ac_file"
+
+    # Try a relative symlink, then a hard link, then a copy.
+    case $srcdir in
+    [\\/$]* | ?:[\\/]* ) ac_rel_source=$ac_source ;;
+	*) ac_rel_source=$ac_top_build_prefix$ac_source ;;
+    esac
+    ln -s "$ac_rel_source" "$ac_file" 2>/dev/null ||
+      ln "$ac_source" "$ac_file" 2>/dev/null ||
+      cp -p "$ac_source" "$ac_file" ||
+      { { $as_echo "$as_me:$LINENO: error: cannot link or copy $ac_source to $ac_file" >&5
+$as_echo "$as_me: error: cannot link or copy $ac_source to $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+ ;;
+  :C)  { $as_echo "$as_me:$LINENO: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
+
+
+  case $ac_file$ac_mode in
+    "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$mf" : 'X\(//\)[^/]' \| \
+	 X"$mf" : 'X\(//\)$' \| \
+	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$file" : 'X\(//\)[^/]' \| \
+	 X"$file" : 'X\(//\)$' \| \
+	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      { as_dir=$dirpart/$fdir
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+ ;;
+
+  esac
+done # for ac_tag
+
+
+{ (exit 0); exit 0; }
+_ACEOF
+chmod +x $CONFIG_STATUS
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+  { { $as_echo "$as_me:$LINENO: error: write failure creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: write failure creating $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || { (exit 1); exit 1; }
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+  { $as_echo "$as_me:$LINENO: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/configure.ac b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/configure.ac
new file mode 100644
index 0000000..85beb08
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/configure.ac
@@ -0,0 +1,35 @@
+AC_PREREQ([2.63])
+AC_INIT([igmpproxy], [0.1])
+AM_INIT_AUTOMAKE
+AC_CONFIG_SRCDIR([src/igmpproxy.c])
+AC_CONFIG_HEADERS([config.h])
+AC_PROG_CC_C99
+
+AC_CANONICAL_HOST
+case $host_os in
+	linux*) os=linux;;
+	freebsd*) os=freebsd;;
+	netbsd*) os=netbsd;;
+	openbsd*) os=openbsd;;
+	dragonfly*) os=dragonfly;;
+	*) AC_MSG_ERROR([OS $host_os is not supported]);;
+esac
+AC_CONFIG_LINKS([src/os.h:src/os-${os}.h])
+
+AC_CHECK_MEMBERS([struct sockaddr.sa_len], [], [], [[
+#include <sys/types.h>
+#include <sys/socket.h>
+]])
+AC_CHECK_MEMBERS([struct sockaddr_in.sin_len], [], [], [[
+#include <sys/types.h>
+#include <netinet/in.h>
+]])
+
+AC_CONFIG_FILES([
+	Makefile
+	doc/Makefile
+	src/Makefile
+	doc/igmpproxy.8
+	doc/igmpproxy.conf.5
+])
+AC_OUTPUT
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/depcomp b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/depcomp
new file mode 100755
index 0000000..df8eea7
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/depcomp
@@ -0,0 +1,630 @@
+#! /bin/sh
+# depcomp - compile a program generating dependencies as side-effects
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free
+# Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
+
+case $1 in
+  '')
+     echo "$0: No command.  Try \`$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: depcomp [--help] [--version] PROGRAM [ARGS]
+
+Run PROGRAMS ARGS to compile a file, generating dependencies
+as side-effects.
+
+Environment variables:
+  depmode     Dependency tracking mode.
+  source      Source file read by `PROGRAMS ARGS'.
+  object      Object file output by `PROGRAMS ARGS'.
+  DEPDIR      directory where to store dependencies.
+  depfile     Dependency file to output.
+  tmpdepfile  Temporary file to use when outputing dependencies.
+  libtool     Whether libtool is used (yes/no).
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "depcomp $scriptversion"
+    exit $?
+    ;;
+esac
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+  echo "depcomp: Variables source, object and depmode must be set" 1>&2
+  exit 1
+fi
+
+# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
+depfile=${depfile-`echo "$object" |
+  sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Some modes work just like other modes, but use different flags.  We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write.  Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+  # HP compiler uses -M and no extra arg.
+  gccflag=-M
+  depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+   # This is just like dashmstdout with a different argument.
+   dashmflag=-xM
+   depmode=dashmstdout
+fi
+
+cygpath_u="cygpath -u -f -"
+if test "$depmode" = msvcmsys; then
+   # This is just like msvisualcpp but w/o cygpath translation.
+   # Just convert the backslash-escaped backslashes to single forward
+   # slashes to satisfy depend.m4
+   cygpath_u="sed s,\\\\\\\\,/,g"
+   depmode=msvisualcpp
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want.  Yay!  Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff.  Hmm.
+## Unfortunately, FreeBSD c89 acceptance of flags depends upon
+## the command line argument order; so add the flags where they
+## appear in depend2.am.  Note that the slowdown incurred here
+## affects only configure: in makefiles, %FASTDEP% shortcuts this.
+  for arg
+  do
+    case $arg in
+    -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
+    *)  set fnord "$@" "$arg" ;;
+    esac
+    shift # fnord
+    shift # $arg
+  done
+  "$@"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  mv "$tmpdepfile" "$depfile"
+  ;;
+
+gcc)
+## There are various ways to get dependency output from gcc.  Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+##   up in a subdir.  Having to rename by hand is ugly.
+##   (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+##   -MM, not -M (despite what the docs say).
+## - Using -M directly means running the compiler twice (even worse
+##   than renaming).
+  if test -z "$gccflag"; then
+    gccflag=-MD,
+  fi
+  "$@" -Wp,"$gccflag$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+## The second -e expression handles DOS-style file names with drive letters.
+  sed -e 's/^[^:]*: / /' \
+      -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the `deleted header file' problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header).  We avoid this by adding
+## dummy dependencies for each header file.  Too bad gcc doesn't do
+## this for us directly.
+  tr ' ' '
+' < "$tmpdepfile" |
+## Some versions of gcc put a space before the `:'.  On the theory
+## that the space means something, we add a space to the output as
+## well.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+sgi)
+  if test "$libtool" = yes; then
+    "$@" "-Wp,-MDupdate,$tmpdepfile"
+  else
+    "$@" -MDupdate "$tmpdepfile"
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+
+  if test -f "$tmpdepfile"; then  # yes, the sourcefile depend on other files
+    echo "$object : \\" > "$depfile"
+
+    # Clip off the initial element (the dependent).  Don't try to be
+    # clever and replace this with sed code, as IRIX sed won't handle
+    # lines with more than a fixed number of characters (4096 in
+    # IRIX 6.2 sed, 8192 in IRIX 6.5).  We also remove comment lines;
+    # the IRIX cc adds comments like `#:fec' to the end of the
+    # dependency line.
+    tr ' ' '
+' < "$tmpdepfile" \
+    | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
+    tr '
+' ' ' >> "$depfile"
+    echo >> "$depfile"
+
+    # The second pass generates a dummy entry for each header file.
+    tr ' ' '
+' < "$tmpdepfile" \
+   | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+   >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+aix)
+  # The C for AIX Compiler uses -M and outputs the dependencies
+  # in a .u file.  In older versions, this file always lives in the
+  # current directory.  Also, the AIX compiler puts `$object:' at the
+  # start of each line; $object doesn't have directory information.
+  # Version 6 uses the directory in both cases.
+  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+  test "x$dir" = "x$object" && dir=
+  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$base.u
+    tmpdepfile3=$dir.libs/$base.u
+    "$@" -Wc,-M
+  else
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$dir$base.u
+    tmpdepfile3=$dir$base.u
+    "$@" -M
+  fi
+  stat=$?
+
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+    exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  if test -f "$tmpdepfile"; then
+    # Each line is of the form `foo.o: dependent.h'.
+    # Do two passes, one to just change these to
+    # `$object: dependent.h' and one to simply `dependent.h:'.
+    sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+    # That's a tab and a space in the [].
+    sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+icc)
+  # Intel's C compiler understands `-MD -MF file'.  However on
+  #    icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+  # ICC 7.0 will fill foo.d with something like
+  #    foo.o: sub/foo.c
+  #    foo.o: sub/foo.h
+  # which is wrong.  We want:
+  #    sub/foo.o: sub/foo.c
+  #    sub/foo.o: sub/foo.h
+  #    sub/foo.c:
+  #    sub/foo.h:
+  # ICC 7.1 will output
+  #    foo.o: sub/foo.c sub/foo.h
+  # and will wrap long lines using \ :
+  #    foo.o: sub/foo.c ... \
+  #     sub/foo.h ... \
+  #     ...
+
+  "$@" -MD -MF "$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  # Each line is of the form `foo.o: dependent.h',
+  # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+  # Do two passes, one to just change these to
+  # `$object: dependent.h' and one to simply `dependent.h:'.
+  sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process this invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
+    sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp2)
+  # The "hp" stanza above does not work with aCC (C++) and HP's ia64
+  # compilers, which have integrated preprocessors.  The correct option
+  # to use with these is +Maked; it writes dependencies to a file named
+  # 'foo.d', which lands next to the object file, wherever that
+  # happens to be.
+  # Much of this is similar to the tru64 case; see comments there.
+  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+  test "x$dir" = "x$object" && dir=
+  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir.libs/$base.d
+    "$@" -Wc,+Maked
+  else
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir$base.d
+    "$@" +Maked
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+     rm -f "$tmpdepfile1" "$tmpdepfile2"
+     exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  if test -f "$tmpdepfile"; then
+    sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
+    # Add `dependent.h:' lines.
+    sed -ne '2,${
+	       s/^ *//
+	       s/ \\*$//
+	       s/$/:/
+	       p
+	     }' "$tmpdepfile" >> "$depfile"
+  else
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile" "$tmpdepfile2"
+  ;;
+
+tru64)
+   # The Tru64 compiler uses -MD to generate dependencies as a side
+   # effect.  `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+   # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+   # dependencies in `foo.d' instead, so we check for that too.
+   # Subdirectories are respected.
+   dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+   test "x$dir" = "x$object" && dir=
+   base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+
+   if test "$libtool" = yes; then
+      # With Tru64 cc, shared objects can also be used to make a
+      # static library.  This mechanism is used in libtool 1.4 series to
+      # handle both shared and static libraries in a single compilation.
+      # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
+      #
+      # With libtool 1.5 this exception was removed, and libtool now
+      # generates 2 separate objects for the 2 libraries.  These two
+      # compilations output dependencies in $dir.libs/$base.o.d and
+      # in $dir$base.o.d.  We have to check for both files, because
+      # one of the two compilations can be disabled.  We should prefer
+      # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
+      # automatically cleaned when .libs/ is deleted, while ignoring
+      # the former would cause a distcleancheck panic.
+      tmpdepfile1=$dir.libs/$base.lo.d   # libtool 1.4
+      tmpdepfile2=$dir$base.o.d          # libtool 1.5
+      tmpdepfile3=$dir.libs/$base.o.d    # libtool 1.5
+      tmpdepfile4=$dir.libs/$base.d      # Compaq CCC V6.2-504
+      "$@" -Wc,-MD
+   else
+      tmpdepfile1=$dir$base.o.d
+      tmpdepfile2=$dir$base.d
+      tmpdepfile3=$dir$base.d
+      tmpdepfile4=$dir$base.d
+      "$@" -MD
+   fi
+
+   stat=$?
+   if test $stat -eq 0; then :
+   else
+      rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+      exit $stat
+   fi
+
+   for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+   do
+     test -f "$tmpdepfile" && break
+   done
+   if test -f "$tmpdepfile"; then
+      sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+      # That's a tab and a space in the [].
+      sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+   else
+      echo "#dummy" > "$depfile"
+   fi
+   rm -f "$tmpdepfile"
+   ;;
+
+#nosideeffect)
+  # This comment above is used by automake to tell side-effect
+  # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout, regardless of -o.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  test -z "$dashmflag" && dashmflag=-M
+  # Require at least two characters before searching for `:'
+  # in the target name.  This is to cope with DOS-style filenames:
+  # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+  "$@" $dashmflag |
+    sed 's:^[  ]*[^: ][^:][^:]*\:[    ]*:'"$object"'\: :' > "$tmpdepfile"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  tr ' ' '
+' < "$tmpdepfile" | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+dashXmstdout)
+  # This case only exists to satisfy depend.m4.  It is never actually
+  # run, as this mode is specially recognized in the preamble.
+  exit 1
+  ;;
+
+makedepend)
+  "$@" || exit $?
+  # Remove any Libtool call
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+  # X makedepend
+  shift
+  cleared=no eat=no
+  for arg
+  do
+    case $cleared in
+    no)
+      set ""; shift
+      cleared=yes ;;
+    esac
+    if test $eat = yes; then
+      eat=no
+      continue
+    fi
+    case "$arg" in
+    -D*|-I*)
+      set fnord "$@" "$arg"; shift ;;
+    # Strip any option that makedepend may not understand.  Remove
+    # the object too, otherwise makedepend will parse it as a source file.
+    -arch)
+      eat=yes ;;
+    -*|$object)
+      ;;
+    *)
+      set fnord "$@" "$arg"; shift ;;
+    esac
+  done
+  obj_suffix=`echo "$object" | sed 's/^.*\././'`
+  touch "$tmpdepfile"
+  ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  sed '1,2d' "$tmpdepfile" | tr ' ' '
+' | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile" "$tmpdepfile".bak
+  ;;
+
+cpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  "$@" -E |
+    sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+       -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
+    sed '$ s: \\$::' > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  cat < "$tmpdepfile" >> "$depfile"
+  sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvisualcpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  IFS=" "
+  for arg
+  do
+    case "$arg" in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+	set fnord "$@"
+	shift
+	shift
+	;;
+    *)
+	set fnord "$@" "$arg"
+	shift
+	shift
+	;;
+    esac
+  done
+  "$@" -E 2>/dev/null |
+  sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::	\1 \\:p' >> "$depfile"
+  echo "	" >> "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvcmsys)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+none)
+  exec "$@"
+  ;;
+
+*)
+  echo "Unknown depmode $depmode" 1>&2
+  exit 1
+  ;;
+esac
+
+exit 0
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/Makefile b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/Makefile
new file mode 100644
index 0000000..27b6736
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/Makefile
@@ -0,0 +1,447 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# doc/Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = i586-pc-linux-gnu
+host_triplet = i586-pc-linux-gnu
+subdir = doc
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/igmpproxy.8.in $(srcdir)/igmpproxy.conf.5.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = igmpproxy.8 igmpproxy.conf.5
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+man5dir = $(mandir)/man5
+am__installdirs = "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy-0.1/doc
+abs_srcdir = /usr/local/src/igmpproxy-0.1/doc
+abs_top_builddir = /usr/local/src/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = i586-pc-linux-gnu
+build_alias = 
+build_cpu = i586
+build_os = linux-gnu
+build_vendor = pc
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = i586-pc-linux-gnu
+host_alias = 
+host_cpu = i586
+host_os = linux-gnu
+host_vendor = pc
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = ../
+top_builddir = ..
+top_srcdir = ..
+man_MANS = igmpproxy.8 igmpproxy.conf.5
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu doc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+igmpproxy.8: $(top_builddir)/config.status $(srcdir)/igmpproxy.8.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+igmpproxy.conf.5: $(top_builddir)/config.status $(srcdir)/igmpproxy.conf.5.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-man5: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man5:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
+install-man8: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+	@list='$(MANS)'; if test -n "$$list"; then \
+	  list=`for p in $$list; do \
+	    if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	    if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+	  if test -n "$$list" && \
+	    grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+	    echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+	    grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/         /' >&2; \
+	    echo "       to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+	    echo "       typically \`make maintainer-clean' will remove them" >&2; \
+	    exit 1; \
+	  else :; fi; \
+	else :; fi
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(MANS)
+installdirs:
+	for dir in "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic distclean \
+	distclean-generic distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
+	pdf-am ps ps-am uninstall uninstall-am uninstall-man \
+	uninstall-man5 uninstall-man8
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am
new file mode 100644
index 0000000..1d4eb13
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am
@@ -0,0 +1 @@
+man_MANS = igmpproxy.8 igmpproxy.conf.5
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in
new file mode 100644
index 0000000..8a0c300
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in
@@ -0,0 +1,447 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = doc
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/igmpproxy.8.in $(srcdir)/igmpproxy.conf.5.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = igmpproxy.8 igmpproxy.conf.5
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+man5dir = $(mandir)/man5
+am__installdirs = "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+man_MANS = igmpproxy.8 igmpproxy.conf.5
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu doc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+igmpproxy.8: $(top_builddir)/config.status $(srcdir)/igmpproxy.8.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+igmpproxy.conf.5: $(top_builddir)/config.status $(srcdir)/igmpproxy.conf.5.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-man5: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man5:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
+install-man8: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+	@list='$(MANS)'; if test -n "$$list"; then \
+	  list=`for p in $$list; do \
+	    if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	    if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+	  if test -n "$$list" && \
+	    grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+	    echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+	    grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/         /' >&2; \
+	    echo "       to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+	    echo "       typically \`make maintainer-clean' will remove them" >&2; \
+	    exit 1; \
+	  else :; fi; \
+	else :; fi
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(MANS)
+installdirs:
+	for dir in "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic distclean \
+	distclean-generic distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
+	pdf-am ps ps-am uninstall uninstall-am uninstall-man \
+	uninstall-man5 uninstall-man8
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8 b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8
new file mode 100644
index 0000000..10faec5
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8
@@ -0,0 +1,81 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy 8 "" "igmpproxy 0.1"
+.SH NAME
+igmpproxy \- Multicast router utilizing IGMP forwarding
+
+.SH SYNOPSIS
+.B igmpproxy [-h] [-d] [-v [-v]]
+.I config-file
+
+
+.SH DESCRIPTION
+.B igmpproxy
+is a simple multicast routing daemon which uses IGMP forwarding to
+dynamically route multicast traffic. Routing is done by defining an
+"upstream" interface on which the daemon act as a normal Multicast
+client, and one or more "downstream" interfaces that serves clients
+on the destination networks. This is useful in situations where other
+dynamic multicast routers (like 'mrouted' or 'pimd') cannot be used.
+
+Since 
+.B igmpproxy
+only uses IGMP signalling, the daemon is only suited for situations
+where multicast traffic comes from only one neighbouring network.
+In more advanced cases, 'mrouted' or 'pimd' is probably more suited.
+The daemon is not designed for cascading, and probably won't scale
+very well.
+
+Currently only IGMPv1 and v2 is supported on downstream interfaces.
+On the upstream interface the kernel IGMP client implementation is used,
+and supported IGMP versions is therefore limited to that supported by the
+kernel.
+
+
+.SH OPTIONS
+.IP -h
+Display help.
+.IP -v
+Verbose logging. Set logging level to INFO instead of WARNING used by default. 
+.IP -vv
+More verbose logging. Set logging level to DEBUG.
+.IP -d
+Output log messages to STDERR instead of to
+.BR syslog (3).
+
+
+.SH LIMITS
+The current version compiles and runs fine with the Linux kernel version 2.4. The known limits are:
+
+.B Multicast routes:
+more then 200
+
+.B Multicast group membership:
+max. 20
+.SH FILES
+.TP
+.B /proc/net/ip_mr_cache 
+- contains the active multicast routes
+.TP
+.B /proc/net/ip_mr_vif 
+- contains the 'virtual' interfaces used by the active multicast routing daemon
+.TP
+.B /proc/sys/net/ipv4/conf/<ifname>/force_igmp_version 
+- can be set to control what IGMP version the kernel should use on the upstream interface.
+Ex.: 'echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version' will force the kernel to
+use IGMPv2 on eth0 (provided this is the upstream interface).
+
+
+.SH SEE ALSO
+.BR igmpproxy.conf (5),
+.BR mrouted,
+.BR pimd,
+.BR smcroute
+
+.SH BUGS
+Currently none (but there probably will be :-/ )
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>.
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in
new file mode 100644
index 0000000..9d18e42
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in
@@ -0,0 +1,81 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy 8 "" "@PACKAGE_STRING@"
+.SH NAME
+igmpproxy \- Multicast router utilizing IGMP forwarding
+
+.SH SYNOPSIS
+.B igmpproxy [-h] [-d] [-v [-v]]
+.I config-file
+
+
+.SH DESCRIPTION
+.B igmpproxy
+is a simple multicast routing daemon which uses IGMP forwarding to
+dynamically route multicast traffic. Routing is done by defining an
+"upstream" interface on which the daemon act as a normal Multicast
+client, and one or more "downstream" interfaces that serves clients
+on the destination networks. This is useful in situations where other
+dynamic multicast routers (like 'mrouted' or 'pimd') cannot be used.
+
+Since 
+.B igmpproxy
+only uses IGMP signalling, the daemon is only suited for situations
+where multicast traffic comes from only one neighbouring network.
+In more advanced cases, 'mrouted' or 'pimd' is probably more suited.
+The daemon is not designed for cascading, and probably won't scale
+very well.
+
+Currently only IGMPv1 and v2 is supported on downstream interfaces.
+On the upstream interface the kernel IGMP client implementation is used,
+and supported IGMP versions is therefore limited to that supported by the
+kernel.
+
+
+.SH OPTIONS
+.IP -h
+Display help.
+.IP -v
+Verbose logging. Set logging level to INFO instead of WARNING used by default. 
+.IP -vv
+More verbose logging. Set logging level to DEBUG.
+.IP -d
+Output log messages to STDERR instead of to
+.BR syslog (3).
+
+
+.SH LIMITS
+The current version compiles and runs fine with the Linux kernel version 2.4. The known limits are:
+
+.B Multicast routes:
+more then 200
+
+.B Multicast group membership:
+max. 20
+.SH FILES
+.TP
+.B /proc/net/ip_mr_cache 
+- contains the active multicast routes
+.TP
+.B /proc/net/ip_mr_vif 
+- contains the 'virtual' interfaces used by the active multicast routing daemon
+.TP
+.B /proc/sys/net/ipv4/conf/<ifname>/force_igmp_version 
+- can be set to control what IGMP version the kernel should use on the upstream interface.
+Ex.: 'echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version' will force the kernel to
+use IGMPv2 on eth0 (provided this is the upstream interface).
+
+
+.SH SEE ALSO
+.BR igmpproxy.conf (5),
+.BR mrouted,
+.BR pimd,
+.BR smcroute
+
+.SH BUGS
+Currently none (but there probably will be :-/ )
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>.
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5 b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5
new file mode 100644
index 0000000..176de46
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5
@@ -0,0 +1,146 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy.conf 5 "" "igmpproxy 0.1"
+.SH NAME
+igmpproxy.conf \- Configuration file for
+.BR igmpproxy (8)
+multicast daemon
+
+.SH DESCRIPTION
+.B igmpproxy.conf
+contains the configuration for the 
+.B igmpproxy
+multicast daemon. It defines which network interfaces should be
+used by the routing daemon. Each interface must be give one of the following roles:
+.B upstream
+,
+.B downstream
+or
+.B disabled
+.
+
+The
+.B upstream
+network interface is the outgoing interface which is responsible for communicating
+to availible multicast data sources. There can only be one upstream interface.
+
+.B Downstream
+network interfaces are the distribution interfaces to the destination networks, 
+where multicast clients can join groups and receive multicast data. One or more
+downstream interfaces must be configured.
+
+On
+.B disabled
+network interfaces all IGMP or multicast traffic is ignored altogether. If multiple
+IP addresses is used on one single interface (ae. eth0:1 ...), all interface
+aliases not in use should be configured as disabled.
+
+Any line in the configuration file starting with
+.B #
+is treated as a comment. Keywords and parameters can be distributed over many lines.
+The configuration file has two main keywords:
+
+.B quickleave
+.RS 
+Enables quickleave mode. In this mode the daemon will send a Leave IGMP message
+upstream as soon as it recieves a Leave message for any downstream interface.
+The daemon will then ask for Membership reports on the downstream interfaces, 
+and if a report is recieved the group is joined again upstream. Normally this
+is not noticed at all by clients on the downstream networks. If it's vital
+that the daemon should act exactly as a real multicast client on the upstream
+interface, this function should not be used. Disabling this function increases
+the risk of bandwidth saturation.
+.RE
+
+
+.B phyint 
+.I interface
+.I role 
+[ ratelimit 
+.I limit
+] [ threshold 
+.I ttl
+] [ altnet 
+.I networkaddr ... 
+]
+.RS
+Defines the state and settings of a network interface.
+.RE
+
+.SH PHYINT OPTIONS
+
+.B interface
+.RS
+The name of the interface the settings are for. This option is required for
+phyint settings.
+.RE
+
+.B role
+.RS
+The role of the interface. This should be either
+.B upstream
+(only one interface),
+.B downstream
+(one or more interfaces) or
+.B disabled
+. This option is required.
+.RE
+
+.B ratelimit
+.I limit
+.RS
+Defines a ratelimit for the network interface. If ratelimit is set to 0 (default),
+no ratelimit will be applied. This setting is optional.
+.RE
+
+.B threshold
+.I ttl
+.RS
+Defines the TTL threshold for the network interface. Packets with a lower TTL than the 
+threshols value will be ignored. This setting is optional, and by default the threshold is 1.
+.RE
+
+.B altnet
+.I networkaddr
+...
+.RS
+Defines alternate sources for multicasting and IGMP data. The network address must be on the 
+following format 'a.b.c.d/n'. By default the router will accept data from sources on the same
+network as configured on an interface. If the multicast source lies on a remote network, one
+must define from where traffic should be accepted. 
+
+This is especially useful for the upstream interface, since the source for multicast
+traffic is often from a remote location. Any number of altnet parameters can be specified.
+.RE
+
+
+.SH EXAMPLE
+## Enable quickleave
+quickleave
+.br
+## Define settings for eth0 (upstream)
+.br
+phyint eth0 upstream 
+       altnet 10.0.0.0/8
+       
+## Disable alternate IP on eth0 (eth0:0)
+.br
+phyint eth0:0 disabled
+
+## Define settings for eth1 (downstream)
+.br
+phyint eth1 downstream ratelimit 0 threshold 1
+
+## Define settings for eth2 (also downstream)
+.br
+phyint eth2 downstream
+
+
+.SH SEE ALSO
+.BR igmpproxy (8)
+
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in
new file mode 100644
index 0000000..a4ea7d0
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in
@@ -0,0 +1,146 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy.conf 5 "" "@PACKAGE_STRING@"
+.SH NAME
+igmpproxy.conf \- Configuration file for
+.BR igmpproxy (8)
+multicast daemon
+
+.SH DESCRIPTION
+.B igmpproxy.conf
+contains the configuration for the 
+.B igmpproxy
+multicast daemon. It defines which network interfaces should be
+used by the routing daemon. Each interface must be give one of the following roles:
+.B upstream
+,
+.B downstream
+or
+.B disabled
+.
+
+The
+.B upstream
+network interface is the outgoing interface which is responsible for communicating
+to availible multicast data sources. There can only be one upstream interface.
+
+.B Downstream
+network interfaces are the distribution interfaces to the destination networks, 
+where multicast clients can join groups and receive multicast data. One or more
+downstream interfaces must be configured.
+
+On
+.B disabled
+network interfaces all IGMP or multicast traffic is ignored altogether. If multiple
+IP addresses is used on one single interface (ae. eth0:1 ...), all interface
+aliases not in use should be configured as disabled.
+
+Any line in the configuration file starting with
+.B #
+is treated as a comment. Keywords and parameters can be distributed over many lines.
+The configuration file has two main keywords:
+
+.B quickleave
+.RS 
+Enables quickleave mode. In this mode the daemon will send a Leave IGMP message
+upstream as soon as it recieves a Leave message for any downstream interface.
+The daemon will then ask for Membership reports on the downstream interfaces, 
+and if a report is recieved the group is joined again upstream. Normally this
+is not noticed at all by clients on the downstream networks. If it's vital
+that the daemon should act exactly as a real multicast client on the upstream
+interface, this function should not be used. Disabling this function increases
+the risk of bandwidth saturation.
+.RE
+
+
+.B phyint 
+.I interface
+.I role 
+[ ratelimit 
+.I limit
+] [ threshold 
+.I ttl
+] [ altnet 
+.I networkaddr ... 
+]
+.RS
+Defines the state and settings of a network interface.
+.RE
+
+.SH PHYINT OPTIONS
+
+.B interface
+.RS
+The name of the interface the settings are for. This option is required for
+phyint settings.
+.RE
+
+.B role
+.RS
+The role of the interface. This should be either
+.B upstream
+(only one interface),
+.B downstream
+(one or more interfaces) or
+.B disabled
+. This option is required.
+.RE
+
+.B ratelimit
+.I limit
+.RS
+Defines a ratelimit for the network interface. If ratelimit is set to 0 (default),
+no ratelimit will be applied. This setting is optional.
+.RE
+
+.B threshold
+.I ttl
+.RS
+Defines the TTL threshold for the network interface. Packets with a lower TTL than the 
+threshols value will be ignored. This setting is optional, and by default the threshold is 1.
+.RE
+
+.B altnet
+.I networkaddr
+...
+.RS
+Defines alternate sources for multicasting and IGMP data. The network address must be on the 
+following format 'a.b.c.d/n'. By default the router will accept data from sources on the same
+network as configured on an interface. If the multicast source lies on a remote network, one
+must define from where traffic should be accepted. 
+
+This is especially useful for the upstream interface, since the source for multicast
+traffic is often from a remote location. Any number of altnet parameters can be specified.
+.RE
+
+
+.SH EXAMPLE
+## Enable quickleave
+quickleave
+.br
+## Define settings for eth0 (upstream)
+.br
+phyint eth0 upstream 
+       altnet 10.0.0.0/8
+       
+## Disable alternate IP on eth0 (eth0:0)
+.br
+phyint eth0:0 disabled
+
+## Define settings for eth1 (downstream)
+.br
+phyint eth1 downstream ratelimit 0 threshold 1
+
+## Define settings for eth2 (also downstream)
+.br
+phyint eth2 downstream
+
+
+.SH SEE ALSO
+.BR igmpproxy (8)
+
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf
new file mode 100644
index 0000000..197ca30
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf
@@ -0,0 +1,46 @@
+########################################################
+#
+#   Example configuration file for the IgmpProxy
+#   --------------------------------------------
+#
+#   The configuration file must define one upstream
+#   interface, and one or more downstream interfaces.
+#
+#   If multicast traffic originates outside the
+#   upstream subnet, the "altnet" option can be
+#   used in order to define legal multicast sources.
+#   (Se example...)
+#
+#   The "quickleave" should be used to avoid saturation
+#   of the upstream link. The option should only
+#   be used if it's absolutely nessecary to
+#   accurately imitate just one Client.
+#
+########################################################
+
+##------------------------------------------------------
+## Enable Quickleave mode (Sends Leave instantly)
+##------------------------------------------------------
+quickleave
+
+
+##------------------------------------------------------
+## Configuration for eth0 (Upstream Interface)
+##------------------------------------------------------
+phyint eth0 upstream  ratelimit 0  threshold 1
+        altnet 10.0.0.0/8 
+        altnet 192.168.0.0/24
+
+
+##------------------------------------------------------
+## Configuration for eth1 (Downstream Interface)
+##------------------------------------------------------
+phyint eth1 downstream  ratelimit 0  threshold 1
+
+
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+phyint eth2 disabled
+
+
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/install-sh b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/install-sh
new file mode 100755
index 0000000..6781b98
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/install-sh
@@ -0,0 +1,520 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2009-04-28.21; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/missing b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/missing
new file mode 100755
index 0000000..28055d2
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/missing
@@ -0,0 +1,376 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
+# 2008, 2009 Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+  echo 1>&2 "Try \`$0 --help' for more information"
+  exit 1
+fi
+
+run=:
+sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
+sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+  configure_ac=configure.ac
+else
+  configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case $1 in
+--run)
+  # Try to run requested program, and just exit if it succeeds.
+  run=
+  shift
+  "$@" && exit 0
+  # Exit code 63 means version mismatch.  This often happens
+  # when the user try to use an ancient version of a tool on
+  # a file that requires a minimum version.  In this case we
+  # we should proceed has if the program had been absent, or
+  # if --run hadn't been passed.
+  if test $? = 63; then
+    run=:
+    msg="probably too old"
+  fi
+  ;;
+
+  -h|--h|--he|--hel|--help)
+    echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+  -h, --help      display this help and exit
+  -v, --version   output version information and exit
+  --run           try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+  aclocal      touch file \`aclocal.m4'
+  autoconf     touch file \`configure'
+  autoheader   touch file \`config.h.in'
+  autom4te     touch the output file, or create a stub one
+  automake     touch all \`Makefile.in' files
+  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
+  flex         create \`lex.yy.c', if possible, from existing .c
+  help2man     touch the output file
+  lex          create \`lex.yy.c', if possible, from existing .c
+  makeinfo     touch the output file
+  tar          try tar, gnutar, gtar, then tar without non-portable flags
+  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
+\`g' are ignored when checking the name.
+
+Send bug reports to <bug-automake@gnu.org>."
+    exit $?
+    ;;
+
+  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+    echo "missing $scriptversion (GNU Automake)"
+    exit $?
+    ;;
+
+  -*)
+    echo 1>&2 "$0: Unknown \`$1' option"
+    echo 1>&2 "Try \`$0 --help' for more information"
+    exit 1
+    ;;
+
+esac
+
+# normalize program name to check for.
+program=`echo "$1" | sed '
+  s/^gnu-//; t
+  s/^gnu//; t
+  s/^g//; t'`
+
+# Now exit if we have it, but it failed.  Also exit now if we
+# don't have it and --version was passed (most likely to detect
+# the program).  This is about non-GNU programs, so use $1 not
+# $program.
+case $1 in
+  lex*|yacc*)
+    # Not GNU programs, they don't have --version.
+    ;;
+
+  tar*)
+    if test -n "$run"; then
+       echo 1>&2 "ERROR: \`tar' requires --run"
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       exit 1
+    fi
+    ;;
+
+  *)
+    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+       # We have it, but it failed.
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       # Could not run --version or --help.  This is probably someone
+       # running `$TOOL --version' or `$TOOL --help' to check whether
+       # $TOOL exists and not knowing $TOOL uses missing.
+       exit 1
+    fi
+    ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case $program in
+  aclocal*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acinclude.m4' or \`${configure_ac}'.  You might want
+         to install the \`Automake' and \`Perl' packages.  Grab them from
+         any GNU archive site."
+    touch aclocal.m4
+    ;;
+
+  autoconf*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`${configure_ac}'.  You might want to install the
+         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
+         archive site."
+    touch configure
+    ;;
+
+  autoheader*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acconfig.h' or \`${configure_ac}'.  You might want
+         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
+         from any GNU archive site."
+    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+    test -z "$files" && files="config.h"
+    touch_files=
+    for f in $files; do
+      case $f in
+      *:*) touch_files="$touch_files "`echo "$f" |
+				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+      *) touch_files="$touch_files $f.in";;
+      esac
+    done
+    touch $touch_files
+    ;;
+
+  automake*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+         You might want to install the \`Automake' and \`Perl' packages.
+         Grab them from any GNU archive site."
+    find . -type f -name Makefile.am -print |
+	   sed 's/\.am$/.in/' |
+	   while read f; do touch "$f"; done
+    ;;
+
+  autom4te*)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.
+         You can get \`$1' as part of \`Autoconf' from any GNU
+         archive site."
+
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo "#! /bin/sh"
+	echo "# Created by GNU Automake missing as a replacement of"
+	echo "#  $ $@"
+	echo "exit 0"
+	chmod +x $file
+	exit 1
+    fi
+    ;;
+
+  bison*|yacc*)
+    echo 1>&2 "\
+WARNING: \`$1' $msg.  You should only need it if
+         you modified a \`.y' file.  You may need the \`Bison' package
+         in order for those modifications to take effect.  You can get
+         \`Bison' from any GNU archive site."
+    rm -f y.tab.c y.tab.h
+    if test $# -ne 1; then
+        eval LASTARG="\${$#}"
+	case $LASTARG in
+	*.y)
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" y.tab.c
+	    fi
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" y.tab.h
+	    fi
+	  ;;
+	esac
+    fi
+    if test ! -f y.tab.h; then
+	echo >y.tab.h
+    fi
+    if test ! -f y.tab.c; then
+	echo 'main() { return 0; }' >y.tab.c
+    fi
+    ;;
+
+  lex*|flex*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.l' file.  You may need the \`Flex' package
+         in order for those modifications to take effect.  You can get
+         \`Flex' from any GNU archive site."
+    rm -f lex.yy.c
+    if test $# -ne 1; then
+        eval LASTARG="\${$#}"
+	case $LASTARG in
+	*.l)
+	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" lex.yy.c
+	    fi
+	  ;;
+	esac
+    fi
+    if test ! -f lex.yy.c; then
+	echo 'main() { return 0; }' >lex.yy.c
+    fi
+    ;;
+
+  help2man*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+	 you modified a dependency of a manual page.  You may need the
+	 \`Help2man' package in order for those modifications to take
+	 effect.  You can get \`Help2man' from any GNU archive site."
+
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo ".ab help2man is required to generate this page"
+	exit $?
+    fi
+    ;;
+
+  makeinfo*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.texi' or \`.texinfo' file, or any other file
+         indirectly affecting the aspect of the manual.  The spurious
+         call might also be the consequence of using a buggy \`make' (AIX,
+         DU, IRIX).  You might want to install the \`Texinfo' package or
+         the \`GNU make' package.  Grab either from any GNU archive site."
+    # The file to touch is that specified with -o ...
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -z "$file"; then
+      # ... or it is the one specified with @setfilename ...
+      infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+      file=`sed -n '
+	/^@setfilename/{
+	  s/.* \([^ ]*\) *$/\1/
+	  p
+	  q
+	}' $infile`
+      # ... or it is derived from the source name (dir/f.texi becomes f.info)
+      test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
+    fi
+    # If the file does not exist, the user really needs makeinfo;
+    # let's fail without touching anything.
+    test -f $file || exit 1
+    touch $file
+    ;;
+
+  tar*)
+    shift
+
+    # We have already tried tar in the generic part.
+    # Look for gnutar/gtar before invocation to avoid ugly error
+    # messages.
+    if (gnutar --version > /dev/null 2>&1); then
+       gnutar "$@" && exit 0
+    fi
+    if (gtar --version > /dev/null 2>&1); then
+       gtar "$@" && exit 0
+    fi
+    firstarg="$1"
+    if shift; then
+	case $firstarg in
+	*o*)
+	    firstarg=`echo "$firstarg" | sed s/o//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+	case $firstarg in
+	*h*)
+	    firstarg=`echo "$firstarg" | sed s/h//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+    fi
+
+    echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+         You may want to install GNU tar or Free paxutils, or check the
+         command line arguments."
+    exit 1
+    ;;
+
+  *)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.  Check the \`README' file,
+         it often tells you about the needed prerequisites for installing
+         this package.  You may also peek at any GNU archive site, in case
+         some other package would contain this missing \`$1' program."
+    exit 1
+    ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po
new file mode 100644
index 0000000..cc79cb5
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po
@@ -0,0 +1,320 @@
+callout.o: callout.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po
new file mode 100644
index 0000000..54f5dd6
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po
@@ -0,0 +1,320 @@
+config.o: config.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po
new file mode 100644
index 0000000..7d81b02
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po
@@ -0,0 +1,320 @@
+confread.o: confread.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po
new file mode 100644
index 0000000..836dafa
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po
@@ -0,0 +1,320 @@
+ifvc.o: ifvc.c igmpproxy.h /usr/include/errno.h /usr/include/features.h \
+ /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po
new file mode 100644
index 0000000..a29d6fc
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po
@@ -0,0 +1,320 @@
+igmp.o: igmp.c igmpproxy.h /usr/include/errno.h /usr/include/features.h \
+ /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po
new file mode 100644
index 0000000..589a7b5
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po
@@ -0,0 +1,320 @@
+igmpproxy.o: igmpproxy.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po
new file mode 100644
index 0000000..b092adf
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po
@@ -0,0 +1,320 @@
+kern.o: kern.c igmpproxy.h /usr/include/errno.h /usr/include/features.h \
+ /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po
new file mode 100644
index 0000000..139d0e9
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po
@@ -0,0 +1,320 @@
+lib.o: lib.c igmpproxy.h /usr/include/errno.h /usr/include/features.h \
+ /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po
new file mode 100644
index 0000000..b9f6109
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po
@@ -0,0 +1,320 @@
+mcgroup.o: mcgroup.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po
new file mode 100644
index 0000000..bd9baa2
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po
@@ -0,0 +1,320 @@
+mroute-api.o: mroute-api.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po
new file mode 100644
index 0000000..08e93a8
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po
@@ -0,0 +1,320 @@
+request.o: request.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po
new file mode 100644
index 0000000..c1ccab5
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po
@@ -0,0 +1,320 @@
+rttable.o: rttable.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po
new file mode 100644
index 0000000..293c2e7
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po
@@ -0,0 +1,320 @@
+syslog.o: syslog.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po
new file mode 100644
index 0000000..770c0e2
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po
@@ -0,0 +1,320 @@
+udpsock.o: udpsock.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/Makefile b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/Makefile
new file mode 100644
index 0000000..1118be8
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/Makefile
@@ -0,0 +1,493 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# src/Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = i586-pc-linux-gnu
+host_triplet = i586-pc-linux-gnu
+sbin_PROGRAMS = igmpproxy$(EXEEXT)
+subdir = src
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = os.h
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am_igmpproxy_OBJECTS = callout.$(OBJEXT) config.$(OBJEXT) \
+	confread.$(OBJEXT) ifvc.$(OBJEXT) igmp.$(OBJEXT) \
+	igmpproxy.$(OBJEXT) kern.$(OBJEXT) lib.$(OBJEXT) \
+	mcgroup.$(OBJEXT) mroute-api.$(OBJEXT) request.$(OBJEXT) \
+	rttable.$(OBJEXT) syslog.$(OBJEXT) udpsock.$(OBJEXT)
+igmpproxy_OBJECTS = $(am_igmpproxy_OBJECTS)
+igmpproxy_LDADD = $(LDADD)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(igmpproxy_SOURCES)
+DIST_SOURCES = $(igmpproxy_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy-0.1/src
+abs_srcdir = /usr/local/src/igmpproxy-0.1/src
+abs_top_builddir = /usr/local/src/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = i586-pc-linux-gnu
+build_alias = 
+build_cpu = i586
+build_os = linux-gnu
+build_vendor = pc
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = i586-pc-linux-gnu
+host_alias = 
+host_cpu = i586
+host_os = linux-gnu
+host_vendor = pc
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = ../
+top_builddir = ..
+top_srcdir = ..
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p; \
+	  then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' `; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
+igmpproxy$(EXEEXT): $(igmpproxy_OBJECTS) $(igmpproxy_DEPENDENCIES) 
+	@rm -f igmpproxy$(EXEEXT)
+	$(LINK) $(igmpproxy_OBJECTS) $(igmpproxy_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+include ./$(DEPDIR)/callout.Po
+include ./$(DEPDIR)/config.Po
+include ./$(DEPDIR)/confread.Po
+include ./$(DEPDIR)/ifvc.Po
+include ./$(DEPDIR)/igmp.Po
+include ./$(DEPDIR)/igmpproxy.Po
+include ./$(DEPDIR)/kern.Po
+include ./$(DEPDIR)/lib.Po
+include ./$(DEPDIR)/mcgroup.Po
+include ./$(DEPDIR)/mroute-api.Po
+include ./$(DEPDIR)/request.Po
+include ./$(DEPDIR)/rttable.Po
+include ./$(DEPDIR)/syslog.Po
+include ./$(DEPDIR)/udpsock.Po
+
+.c.o:
+	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+#	source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(COMPILE) -c $<
+
+.c.obj:
+	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+#	source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+	for dir in "$(DESTDIR)$(sbindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-sbinPROGRAMS ctags distclean distclean-compile \
+	distclean-generic distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-sbinPROGRAMS install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-sbinPROGRAMS
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/Makefile.am b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/Makefile.am
new file mode 100644
index 0000000..fb63ff3
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/Makefile.am
@@ -0,0 +1,22 @@
+sbin_PROGRAMS = igmpproxy
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/Makefile.in b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/Makefile.in
new file mode 100644
index 0000000..ab670af
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/Makefile.in
@@ -0,0 +1,493 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+sbin_PROGRAMS = igmpproxy$(EXEEXT)
+subdir = src
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = os.h
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am_igmpproxy_OBJECTS = callout.$(OBJEXT) config.$(OBJEXT) \
+	confread.$(OBJEXT) ifvc.$(OBJEXT) igmp.$(OBJEXT) \
+	igmpproxy.$(OBJEXT) kern.$(OBJEXT) lib.$(OBJEXT) \
+	mcgroup.$(OBJEXT) mroute-api.$(OBJEXT) request.$(OBJEXT) \
+	rttable.$(OBJEXT) syslog.$(OBJEXT) udpsock.$(OBJEXT)
+igmpproxy_OBJECTS = $(am_igmpproxy_OBJECTS)
+igmpproxy_LDADD = $(LDADD)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(igmpproxy_SOURCES)
+DIST_SOURCES = $(igmpproxy_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p; \
+	  then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' `; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
+igmpproxy$(EXEEXT): $(igmpproxy_OBJECTS) $(igmpproxy_DEPENDENCIES) 
+	@rm -f igmpproxy$(EXEEXT)
+	$(LINK) $(igmpproxy_OBJECTS) $(igmpproxy_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callout.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/config.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/confread.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ifvc.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/igmp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/igmpproxy.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kern.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mcgroup.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mroute-api.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/request.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rttable.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/syslog.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/udpsock.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+	for dir in "$(DESTDIR)$(sbindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-sbinPROGRAMS ctags distclean distclean-compile \
+	distclean-generic distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-sbinPROGRAMS install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-sbinPROGRAMS
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/callout.c b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/callout.c
new file mode 100644
index 0000000..4edfe5e
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/callout.c
@@ -0,0 +1,255 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+
+#include "igmpproxy.h"
+
+/* the code below implements a callout queue */
+static int id = 0;
+static struct timeOutQueue  *queue = 0; /* pointer to the beginning of timeout queue */
+
+struct timeOutQueue {
+    struct timeOutQueue    *next;   // Next event in queue
+    int                     id;  
+    timer_f                 func;   // function to call
+    void                    *data;  // Data for function
+    int                     time;   // Time offset for next event
+};
+
+// Method for dumping the Queue to the log.
+static void debugQueue(void);
+
+/**
+*   Initializes the callout queue
+*/
+void callout_init() {
+    queue = NULL;
+}
+
+/**
+*   Clears all scheduled timeouts...
+*/
+void free_all_callouts() {
+    struct timeOutQueue *p;
+
+    while (queue) {
+        p = queue;
+        queue = queue->next;
+        free(p);
+    }
+}
+
+
+/**
+ * elapsed_time seconds have passed; perform all the events that should
+ * happen.
+ */
+void age_callout_queue(int elapsed_time) {
+    struct timeOutQueue *ptr;
+    int i = 0;
+
+    for (ptr = queue; ptr; ptr = queue, i++) {
+        if (ptr->time > elapsed_time) {
+            ptr->time -= elapsed_time;
+            return;
+        } else {
+            elapsed_time -= ptr->time;
+            queue = queue->next;
+            my_log(LOG_DEBUG, 0, "About to call timeout %d (#%d)", ptr->id, i);
+
+            if (ptr->func)
+                ptr->func(ptr->data);
+            free(ptr);
+        }
+    }
+}
+
+/**
+ * Return in how many seconds age_callout_queue() would like to be called.
+ * Return -1 if there are no events pending.
+ */
+int timer_nextTimer() {
+    if (queue) {
+        if (queue->time < 0) {
+            my_log(LOG_WARNING, 0, "timer_nextTimer top of queue says %d", 
+                queue->time);
+            return 0;
+        }
+        return queue->time;
+    }
+    return -1;
+}
+
+/**
+ *  Inserts a timer in queue.
+ *  @param delay - Number of seconds the timeout should happen in.
+ *  @param action - The function to call on timeout.
+ *  @param data - Pointer to the function data to supply...
+ */
+int timer_setTimer(int delay, timer_f action, void *data) {
+    struct     timeOutQueue  *ptr, *node, *prev;
+    int i = 0;
+
+    /* create a node */ 
+    node = (struct timeOutQueue *)malloc(sizeof(struct timeOutQueue));
+    if (node == 0) {
+        my_log(LOG_WARNING, 0, "Malloc Failed in timer_settimer\n");
+        return -1;
+    }
+    node->func = action; 
+    node->data = data;
+    node->time = delay; 
+    node->next = 0; 
+    node->id   = ++id;
+
+    prev = ptr = queue;
+
+    /* insert node in the queue */
+
+    /* if the queue is empty, insert the node and return */
+    if (!queue) {
+        queue = node;
+    }
+    else {
+        /* chase the pointer looking for the right place */
+        while (ptr) {
+            if (delay < ptr->time) {
+                // We found the correct node
+                node->next = ptr;
+                if (ptr == queue) {
+                    queue = node;
+                }
+                else {
+                    prev->next = node;
+                }
+                ptr->time -= node->time;
+		my_log(LOG_DEBUG, 0,
+			"Created timeout %d (#%d) - delay %d secs",
+			node->id, i, node->time);
+		debugQueue();
+                return node->id;
+            } else {
+                // Continur to check nodes.
+                delay -= ptr->time; node->time = delay;
+                prev = ptr;
+                ptr = ptr->next;
+            }
+            i++;
+        }
+        prev->next = node;
+    }
+    my_log(LOG_DEBUG, 0, "Created timeout %d (#%d) - delay %d secs", 
+            node->id, i, node->time);
+    debugQueue();
+
+    return node->id;
+}
+
+/**
+*   returns the time until the timer is scheduled 
+*/
+int timer_leftTimer(int timer_id) {
+    struct timeOutQueue *ptr;
+    int left = 0;
+
+    if (!timer_id)
+        return -1;
+
+    for (ptr = queue; ptr; ptr = ptr->next) {
+        left += ptr->time;
+        if (ptr->id == timer_id) {
+            return left;
+        }
+    }
+    return -1;
+}
+
+/**
+*   clears the associated timer.  Returns 1 if succeeded. 
+*/
+int timer_clearTimer(int  timer_id) {
+    struct timeOutQueue  *ptr, *prev;
+    int i = 0;
+
+    if (!timer_id)
+        return 0;
+
+    prev = ptr = queue;
+
+    /*
+     * find the right node, delete it. the subsequent node's time
+     * gets bumped up
+     */
+
+    debugQueue();
+    while (ptr) {
+        if (ptr->id == timer_id) {
+            /* got the right node */
+
+            /* unlink it from the queue */
+            if (ptr == queue)
+                queue = queue->next;
+            else
+                prev->next = ptr->next;
+
+            /* increment next node if any */
+            if (ptr->next != 0)
+                (ptr->next)->time += ptr->time;
+
+            if (ptr->data)
+                free(ptr->data);
+            my_log(LOG_DEBUG, 0, "deleted timer %d (#%d)", ptr->id, i);
+            free(ptr);
+            debugQueue();
+            return 1;
+        }
+        prev = ptr;
+        ptr = ptr->next;
+        i++;
+    }
+    // If we get here, the timer was not deleted.
+    my_log(LOG_DEBUG, 0, "failed to delete timer %d (#%d)", timer_id, i);
+    debugQueue();
+    return 0;
+}
+
+/**
+ * debugging utility
+ */
+static void debugQueue() {
+    struct timeOutQueue  *ptr;
+
+    for (ptr = queue; ptr; ptr = ptr->next) {
+            my_log(LOG_DEBUG, 0, "(Id:%d, Time:%d) ", ptr->id, ptr->time);
+    }
+}
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/callout.o b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/callout.o
new file mode 100644
index 0000000..d593331
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/callout.o differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/config.c b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/config.c
new file mode 100644
index 0000000..5a96ce0
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/config.c
@@ -0,0 +1,361 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   config.c - Contains functions to load and parse config
+*              file, and functions to configure the daemon.              
+*/
+
+#include "igmpproxy.h"
+                                      
+// Structure to keep configuration for VIFs...    
+struct vifconfig {
+    char*               name;
+    short               state;
+    int                 ratelimit;
+    int                 threshold;
+
+    // Keep allowed nets for VIF.
+    struct SubnetList*  allowednets;
+    
+    // Next config in list...
+    struct vifconfig*   next;
+};
+                 
+// Structure to keep vif configuration
+struct vifconfig*   vifconf;
+
+// Keeps common settings...
+static struct Config commonConfig;
+
+// Prototypes...
+struct vifconfig *parsePhyintToken();
+struct SubnetList *parseSubnetAddress(char *addrstr);
+
+
+/**
+*   Initializes common config..
+*/
+void initCommonConfig() {
+    commonConfig.robustnessValue = DEFAULT_ROBUSTNESS;
+    commonConfig.queryInterval = INTERVAL_QUERY;
+    commonConfig.queryResponseInterval = INTERVAL_QUERY_RESPONSE;
+
+    // The defaults are calculated from other settings.
+    commonConfig.startupQueryInterval = (unsigned int)(INTERVAL_QUERY / 4);
+    commonConfig.startupQueryCount = DEFAULT_ROBUSTNESS;
+
+    // Default values for leave intervals...
+    commonConfig.lastMemberQueryInterval = INTERVAL_QUERY_RESPONSE;
+    commonConfig.lastMemberQueryCount    = DEFAULT_ROBUSTNESS;
+
+    // If 1, a leave message is sent upstream on leave messages from downstream.
+    commonConfig.fastUpstreamLeave = 0;
+
+}
+
+/**
+*   Returns a pointer to the common config...
+*/
+struct Config *getCommonConfig() {
+    return &commonConfig;
+}
+
+/**
+*   Loads the configuration from file, and stores the config in 
+*   respective holders...
+*/                 
+int loadConfig(char *configFile) {
+    struct vifconfig  *tmpPtr;
+    struct vifconfig  **currPtr = &vifconf;
+    char *token;
+    
+    // Initialize common config
+    initCommonConfig();
+
+    // Test config file reader...
+    if(!openConfigFile(configFile)) {
+        my_log(LOG_ERR, 0, "Unable to open configfile from %s", configFile);
+    }
+
+    // Get first token...
+    token = nextConfigToken();
+    if(token == NULL) {
+        my_log(LOG_ERR, 0, "Config file was empty.");
+    }
+
+    // Loop until all configuration is read.
+    while ( token != NULL ) {
+        // Check token...
+        if(strcmp("phyint", token)==0) {
+            // Got a phyint token... Call phyint parser
+            my_log(LOG_DEBUG, 0, "Config: Got a phyint token.");
+            tmpPtr = parsePhyintToken();
+            if(tmpPtr == NULL) {
+                // Unparsable token... Exit...
+                closeConfigFile();
+                my_log(LOG_WARNING, 0, "Unknown token '%s' in configfile", token);
+                return 0;
+            } else {
+
+                my_log(LOG_DEBUG, 0, "IF name : %s", tmpPtr->name);
+                my_log(LOG_DEBUG, 0, "Next ptr : %x", tmpPtr->next);
+                my_log(LOG_DEBUG, 0, "Ratelimit : %d", tmpPtr->ratelimit);
+                my_log(LOG_DEBUG, 0, "Threshold : %d", tmpPtr->threshold);
+                my_log(LOG_DEBUG, 0, "State : %d", tmpPtr->state);
+                my_log(LOG_DEBUG, 0, "Allowednet ptr : %x", tmpPtr->allowednets);
+
+                // Insert config, and move temppointer to next location...
+                *currPtr = tmpPtr;
+                currPtr = &tmpPtr->next;
+            }
+        } 
+        else if(strcmp("quickleave", token)==0) {
+            // Got a quickleave token....
+            my_log(LOG_DEBUG, 0, "Config: Quick leave mode enabled.");
+            commonConfig.fastUpstreamLeave = 1;
+            
+            // Read next token...
+            token = nextConfigToken();
+            continue;
+        } else {
+            // Unparsable token... Exit...
+            closeConfigFile();
+            my_log(LOG_WARNING, 0, "Unknown token '%s' in configfile", token);
+            return 0;
+        }
+        // Get token that was not recognized by phyint parser.
+        token = getCurrentConfigToken();
+    }
+
+    // Close the configfile...
+    closeConfigFile();
+
+    return 1;
+}
+
+/**
+*   Appends extra VIF configuration from config file.
+*/
+void configureVifs() {
+    unsigned Ix;
+    struct IfDesc *Dp;
+    struct vifconfig *confPtr;
+
+    // If no config is availible, just return...
+    if(vifconf == NULL) {
+        return;
+    }
+
+    // Loop through all VIFs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+
+            // Now try to find a matching config...
+            for( confPtr = vifconf; confPtr; confPtr = confPtr->next) {
+
+                // I the VIF names match...
+                if(strcmp(Dp->Name, confPtr->name)==0) {
+                    struct SubnetList *vifLast;
+
+                    my_log(LOG_DEBUG, 0, "Found config for %s", Dp->Name);
+
+
+                    // Set the VIF state 
+                    Dp->state = confPtr->state;
+                    
+                    Dp->threshold = confPtr->threshold;
+                    Dp->ratelimit = confPtr->ratelimit;
+
+                    // Go to last allowed net on VIF...
+                    for(vifLast = Dp->allowednets; vifLast->next; vifLast = vifLast->next);
+                        
+                    // Insert the configured nets...
+                    vifLast->next = confPtr->allowednets;
+
+                    break;
+                }
+            }
+        }
+    }
+}
+
+
+/**
+*   Internal function to parse phyint config
+*/
+struct vifconfig *parsePhyintToken() {
+    struct vifconfig  *tmpPtr;
+    struct SubnetList **anetPtr;
+    char *token;
+    short parseError = 0;
+
+    // First token should be the interface name....
+    token = nextConfigToken();
+
+    // Sanitycheck the name...
+    if(token == NULL) return NULL;
+    if(strlen(token) >= IF_NAMESIZE) return NULL;
+    my_log(LOG_DEBUG, 0, "Config: IF: Config for interface %s.", token);
+
+    // Allocate memory for configuration...
+    tmpPtr = (struct vifconfig*)malloc(sizeof(struct vifconfig));
+    if(tmpPtr == NULL) {
+        my_log(LOG_ERR, 0, "Out of memory.");
+    }
+
+    // Set default values...
+    tmpPtr->next = NULL;    // Important to avoid seg fault...
+    tmpPtr->ratelimit = 0;
+    tmpPtr->threshold = 1;
+    tmpPtr->state = IF_STATE_DOWNSTREAM;
+    tmpPtr->allowednets = NULL;
+
+    // Make a copy of the token to store the IF name
+    tmpPtr->name = strdup( token );
+    if(tmpPtr->name == NULL) {
+        my_log(LOG_ERR, 0, "Out of memory.");
+    }
+
+    // Set the altnet pointer to the allowednets pointer.
+    anetPtr = &tmpPtr->allowednets;
+
+    // Parse the rest of the config..
+    token = nextConfigToken();
+    while(token != NULL) {
+        if(strcmp("altnet", token)==0) {
+            // Altnet...
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got altnet token %s.",token);
+
+            *anetPtr = parseSubnetAddress(token);
+            if(*anetPtr == NULL) {
+                parseError = 1;
+                my_log(LOG_WARNING, 0, "Unable to parse subnet address.");
+                break;
+            } else {
+                anetPtr = &(*anetPtr)->next;
+            }
+        }
+        else if(strcmp("upstream", token)==0) {
+            // Upstream
+            my_log(LOG_DEBUG, 0, "Config: IF: Got upstream token.");
+            tmpPtr->state = IF_STATE_UPSTREAM;
+        }
+        else if(strcmp("downstream", token)==0) {
+            // Downstream
+            my_log(LOG_DEBUG, 0, "Config: IF: Got downstream token.");
+            tmpPtr->state = IF_STATE_DOWNSTREAM;
+        }
+        else if(strcmp("disabled", token)==0) {
+            // Disabled
+            my_log(LOG_DEBUG, 0, "Config: IF: Got disabled token.");
+            tmpPtr->state = IF_STATE_DISABLED;
+        }
+        else if(strcmp("ratelimit", token)==0) {
+            // Ratelimit
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got ratelimit token '%s'.", token);
+            tmpPtr->ratelimit = atoi( token );
+            if(tmpPtr->ratelimit < 0) {
+                my_log(LOG_WARNING, 0, "Ratelimit must be 0 or more.");
+                parseError = 1;
+                break;
+            }
+        }
+        else if(strcmp("threshold", token)==0) {
+            // Threshold
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got threshold token '%s'.", token);
+            tmpPtr->threshold = atoi( token );
+            if(tmpPtr->threshold <= 0 || tmpPtr->threshold > 255) {
+                my_log(LOG_WARNING, 0, "Threshold must be between 1 and 255.");
+                parseError = 1;
+                break;
+            }
+        }
+        else {
+            // Unknown token. Break...
+            break;
+        }
+        token = nextConfigToken();
+    }
+
+    // Clean up after a parseerror...
+    if(parseError) {
+        free(tmpPtr);
+        tmpPtr = NULL;
+    }
+
+    return tmpPtr;
+}
+
+/**
+*   Parses a subnet address string on the format
+*   a.b.c.d/n into a SubnetList entry.
+*/
+struct SubnetList *parseSubnetAddress(char *addrstr) {
+    struct SubnetList *tmpSubnet;
+    char        *tmpStr;
+    uint32_t      addr = 0x00000000;
+    uint32_t      mask = 0xFFFFFFFF;
+
+    // First get the network part of the address...
+    tmpStr = strtok(addrstr, "/");
+    addr = inet_addr(tmpStr);
+
+    tmpStr = strtok(NULL, "/");
+    if(tmpStr != NULL) {
+        int bitcnt = atoi(tmpStr);
+        if(bitcnt <= 0 || bitcnt > 32) {
+            my_log(LOG_WARNING, 0, "The bits part of the address is invalid : %d.",tmpStr);
+            return NULL;
+        }
+
+        mask <<= (32 - bitcnt);
+    }
+
+    if(addr == -1 || addr == 0) {
+        my_log(LOG_WARNING, 0, "Unable to parse address token '%s'.", addrstr);
+        return NULL;
+    }
+
+    tmpSubnet = (struct SubnetList*) malloc(sizeof(struct SubnetList));
+    tmpSubnet->subnet_addr = addr;
+    tmpSubnet->subnet_mask = ntohl(mask);
+    tmpSubnet->next = NULL;
+
+    my_log(LOG_DEBUG, 0, "Config: IF: Altnet: Parsed altnet to %s.",
+	    inetFmts(tmpSubnet->subnet_addr, tmpSubnet->subnet_mask,s1));
+
+    return tmpSubnet;
+}
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/config.o b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/config.o
new file mode 100644
index 0000000..82093f4
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/config.o differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/confread.c b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/confread.c
new file mode 100644
index 0000000..6e267dc
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/confread.c
@@ -0,0 +1,213 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   confread.c
+*
+*   Generic config file reader. Used to open a config file,
+*   and read the tokens from it. The parser is really simple,
+*   and does no backlogging. This means that no form of
+*   text escaping and qouting is currently supported.
+*   '#' chars are read as comments, and the comment lasts until 
+*   a newline or EOF
+*
+*/
+
+#include "igmpproxy.h"
+
+#define     READ_BUFFER_SIZE    512   // Inputbuffer size...
+        
+#ifndef MAX_TOKEN_LENGTH
+  #define MAX_TOKEN_LENGTH  30     // Default max token length
+#endif
+                                     
+FILE            *confFilePtr;       // File handle pointer
+char            *iBuffer;           // Inputbuffer for reading...
+unsigned int    bufPtr;             // Buffer position pointer.
+unsigned int    readSize;           // Number of bytes in buffer after last read...
+char    cToken[MAX_TOKEN_LENGTH];   // Token buffer...
+short   validToken;
+
+/**
+*   Opens config file specified by filename.
+*/    
+int openConfigFile(char *filename) {
+
+    // Set the buffer to null initially...
+    iBuffer = NULL;
+
+    // Open the file for reading...
+    confFilePtr = fopen(filename, "r");
+    
+    // On error, return false
+    if(confFilePtr == NULL) {
+        return 0;
+    }
+    
+    // Allocate memory for inputbuffer...
+    iBuffer = (char*) malloc( sizeof(char) * READ_BUFFER_SIZE );
+    
+    if(iBuffer == NULL) {
+        closeConfigFile();
+        return 0;
+    }
+    
+    // Reset bufferpointer and readsize
+    bufPtr = 0;
+    readSize = 0;
+
+    return 1;
+}
+
+/**
+*   Closes the currently open config file.
+*/
+void closeConfigFile() {
+    // Close the file.
+    if(confFilePtr!=NULL) {
+        fclose(confFilePtr);
+    }
+    // Free input buffer memory...
+    if(iBuffer != NULL) {
+        free(iBuffer);
+    }
+}
+
+/**
+*   Returns the next token from the configfile. The function
+*   return NULL if there are no more tokens in the file.    
+*/
+char *nextConfigToken() {
+
+    validToken = 0;
+
+    // If no file or buffer, return NULL
+    if(confFilePtr == NULL || iBuffer == NULL) {
+        return NULL;
+    }
+
+    {
+        unsigned int tokenPtr       = 0;
+        unsigned short finished     = 0;
+        unsigned short commentFound = 0;
+
+        // Outer buffer fill loop...
+        while ( !finished ) {
+            // If readpointer is at the end of the buffer, we should read next chunk...
+            if(bufPtr == readSize) {
+                // Fill up the buffer...
+                readSize = fread (iBuffer, sizeof(char), READ_BUFFER_SIZE, confFilePtr);
+                bufPtr = 0;
+
+                // If the readsize is 0, we should just return...
+                if(readSize == 0) {
+                    return NULL;
+                }
+            }
+
+            // Inner char loop...
+            while ( bufPtr < readSize && !finished ) {
+
+                //printf("Char %s", iBuffer[bufPtr]);
+
+                // Break loop on \0
+                if(iBuffer[bufPtr] == '\0') {
+                    break;
+                }
+
+                if( commentFound ) {
+                    if( iBuffer[bufPtr] == '\n' ) {
+                        commentFound = 0;
+                    }
+                } else {
+
+                    // Check current char...
+                    switch(iBuffer[bufPtr]) {
+                    case '#':
+                        // Found a comment start...
+                        commentFound = 1;
+                        break;
+
+                    case '\n':
+                    case '\r':
+                    case '\t':
+                    case ' ':
+                        // Newline, CR, Tab and space are end of token, or ignored.
+                        if(tokenPtr > 0) {
+                            cToken[tokenPtr] = '\0';    // EOL
+                            finished = 1;
+                        }
+                        break;
+
+                    default:
+                        // Append char to token...
+                        cToken[tokenPtr++] = iBuffer[bufPtr];
+                        break;
+                    }
+                
+                }
+
+                // Check end of token buffer !!!
+                if(tokenPtr == MAX_TOKEN_LENGTH - 1) {
+                    // Prevent buffer overrun...
+                    cToken[tokenPtr] = '\0';
+                    finished = 1;
+                }
+
+                // Next char...
+                bufPtr++;
+            }
+            // If the readsize is less than buffersize, we assume EOF.
+            if(readSize < READ_BUFFER_SIZE && bufPtr == readSize) {
+                if (tokenPtr > 0)
+                    finished = 1;
+                else
+                    return NULL;
+            }
+        }
+        if(tokenPtr>0) {
+            validToken = 1;
+            return cToken;
+        }
+    }
+    return NULL;
+}
+
+
+/**
+*   Returns the currently active token, or null
+*   if no tokens are availible.
+*/
+char *getCurrentConfigToken() {
+    return validToken ? cToken : NULL;
+}
+
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/confread.o b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/confread.o
new file mode 100644
index 0000000..8c5ac54
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/confread.o differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/ifvc.c b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/ifvc.c
new file mode 100644
index 0000000..545b3b4
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/ifvc.c
@@ -0,0 +1,255 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+struct IfDesc IfDescVc[ MAX_IF ], *IfDescEp = IfDescVc;
+
+/*
+** Builds up a vector with the interface of the machine. Calls to the other functions of 
+** the module will fail if they are called before the vector is build.
+**          
+*/
+void buildIfVc() {
+    struct ifreq IfVc[ sizeof( IfDescVc ) / sizeof( IfDescVc[ 0 ] )  ];
+    struct ifreq *IfEp;
+
+    int Sock;
+
+    if ( (Sock = socket( AF_INET, SOCK_DGRAM, 0 )) < 0 )
+        my_log( LOG_ERR, errno, "RAW socket open" );
+
+    /* get If vector
+     */
+    {
+        struct ifconf IoCtlReq;
+
+        IoCtlReq.ifc_buf = (void *)IfVc;
+        IoCtlReq.ifc_len = sizeof( IfVc );
+
+        if ( ioctl( Sock, SIOCGIFCONF, &IoCtlReq ) < 0 )
+            my_log( LOG_ERR, errno, "ioctl SIOCGIFCONF" );
+
+        IfEp = (void *)((char *)IfVc + IoCtlReq.ifc_len);
+    }
+
+    /* loop over interfaces and copy interface info to IfDescVc
+     */
+    {
+        struct ifreq  *IfPt, *IfNext;
+
+        // Temp keepers of interface params...
+        uint32_t addr, subnet, mask;
+
+        for ( IfPt = IfVc; IfPt < IfEp; IfPt = IfNext ) {
+            struct ifreq IfReq;
+            char FmtBu[ 32 ];
+
+	    IfNext = (struct ifreq *)((char *)&IfPt->ifr_addr +
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+				    IfPt->ifr_addr.sa_len
+#else
+				    sizeof(struct sockaddr_in)
+#endif
+		    );
+	    if (IfNext < IfPt + 1)
+		    IfNext = IfPt + 1;
+
+            strncpy( IfDescEp->Name, IfPt->ifr_name, sizeof( IfDescEp->Name ) );
+
+            // Currently don't set any allowed nets...
+            //IfDescEp->allowednets = NULL;
+
+            // Set the index to -1 by default.
+            IfDescEp->index = -1;
+
+            /* don't retrieve more info for non-IP interfaces
+             */
+            if ( IfPt->ifr_addr.sa_family != AF_INET ) {
+                IfDescEp->InAdr.s_addr = 0;  /* mark as non-IP interface */
+                IfDescEp++;
+                continue;
+            }
+
+            // Get the interface adress...
+            IfDescEp->InAdr = ((struct sockaddr_in *)&IfPt->ifr_addr)->sin_addr;
+            addr = IfDescEp->InAdr.s_addr;
+
+            memcpy( IfReq.ifr_name, IfDescEp->Name, sizeof( IfReq.ifr_name ) );
+            IfReq.ifr_addr.sa_family = AF_INET;
+            ((struct sockaddr_in *)&IfReq.ifr_addr)->sin_addr.s_addr = addr;
+
+            // Get the subnet mask...
+            if (ioctl(Sock, SIOCGIFNETMASK, &IfReq ) < 0)
+                my_log(LOG_ERR, errno, "ioctl SIOCGIFNETMASK for %s", IfReq.ifr_name);
+            mask = ((struct sockaddr_in *)&IfReq.ifr_addr)->sin_addr.s_addr;
+            subnet = addr & mask;
+
+            /* get if flags
+            **
+            ** typical flags:
+            ** lo    0x0049 -> Running, Loopback, Up
+            ** ethx  0x1043 -> Multicast, Running, Broadcast, Up
+            ** ipppx 0x0091 -> NoArp, PointToPoint, Up 
+            ** grex  0x00C1 -> NoArp, Running, Up
+            ** ipipx 0x00C1 -> NoArp, Running, Up
+            */
+            if ( ioctl( Sock, SIOCGIFFLAGS, &IfReq ) < 0 )
+                my_log( LOG_ERR, errno, "ioctl SIOCGIFFLAGS" );
+
+            IfDescEp->Flags = IfReq.ifr_flags;
+
+            // Insert the verified subnet as an allowed net...
+            IfDescEp->allowednets = (struct SubnetList *)malloc(sizeof(struct SubnetList));
+            if(IfDescEp->allowednets == NULL) my_log(LOG_ERR, 0, "Out of memory !");
+            
+            // Create the network address for the IF..
+            IfDescEp->allowednets->next = NULL;
+            IfDescEp->allowednets->subnet_mask = mask;
+            IfDescEp->allowednets->subnet_addr = subnet;
+
+            // Set the default params for the IF...
+            IfDescEp->state         = IF_STATE_DOWNSTREAM;
+            IfDescEp->robustness    = DEFAULT_ROBUSTNESS;
+            IfDescEp->threshold     = DEFAULT_THRESHOLD;   /* ttl limit */
+            IfDescEp->ratelimit     = DEFAULT_RATELIMIT; 
+            
+
+            // Debug log the result...
+            my_log( LOG_DEBUG, 0, "buildIfVc: Interface %s Addr: %s, Flags: 0x%04x, Network: %s",
+                 IfDescEp->Name,
+                 fmtInAdr( FmtBu, IfDescEp->InAdr ),
+                 IfDescEp->Flags,
+                 inetFmts(subnet,mask, s1));
+
+            IfDescEp++;
+        } 
+    }
+
+    close( Sock );
+}
+
+/*
+** Returns a pointer to the IfDesc of the interface 'IfName'
+**
+** returns: - pointer to the IfDesc of the requested interface
+**          - NULL if no interface 'IfName' exists
+**          
+*/
+struct IfDesc *getIfByName( const char *IfName ) {
+    struct IfDesc *Dp;
+
+    for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ )
+        if ( ! strcmp( IfName, Dp->Name ) )
+            return Dp;
+
+    return NULL;
+}
+
+/*
+** Returns a pointer to the IfDesc of the interface 'Ix'
+**
+** returns: - pointer to the IfDesc of the requested interface
+**          - NULL if no interface 'Ix' exists
+**          
+*/
+struct IfDesc *getIfByIx( unsigned Ix ) {
+    struct IfDesc *Dp = &IfDescVc[ Ix ];
+    return Dp < IfDescEp ? Dp : NULL;
+}
+
+/**
+*   Returns a pointer to the IfDesc whose subnet matches
+*   the supplied IP adress. The IP must match a interfaces
+*   subnet, or any configured allowed subnet on a interface.
+*/
+struct IfDesc *getIfByAddress( uint32_t ipaddr ) {
+
+    struct IfDesc       *Dp;
+    struct SubnetList   *currsubnet;
+    struct IfDesc       *res = NULL;
+    uint32_t            last_subnet_mask = 0;
+
+    for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ ) {
+        // Loop through all registered allowed nets of the VIF...
+        for(currsubnet = Dp->allowednets; currsubnet != NULL; currsubnet = currsubnet->next) {
+            // Check if the ip falls in under the subnet....
+            if(currsubnet->subnet_mask > last_subnet_mask && (ipaddr & currsubnet->subnet_mask) == currsubnet->subnet_addr) {
+                res = Dp;
+                last_subnet_mask = currsubnet->subnet_mask;
+            }
+        }
+    }
+    return res;
+}
+
+
+/**
+*   Returns a pointer to the IfDesc whose subnet matches
+*   the supplied IP adress. The IP must match a interfaces
+*   subnet, or any configured allowed subnet on a interface.
+*/
+struct IfDesc *getIfByVifIndex( unsigned vifindex ) {
+    struct IfDesc       *Dp;
+    if(vifindex>0) {
+        for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ ) {
+            if(Dp->index == vifindex) {
+                return Dp;
+            }
+        }
+    }
+    return NULL;
+}
+
+
+/**
+*   Function that checks if a given ipaddress is a valid
+*   address for the supplied VIF.
+*/
+int isAdressValidForIf( struct IfDesc* intrface, uint32_t ipaddr ) {
+    struct SubnetList   *currsubnet;
+    
+    if(intrface == NULL) {
+        return 0;
+    }
+    // Loop through all registered allowed nets of the VIF...
+    for(currsubnet = intrface->allowednets; currsubnet != NULL; currsubnet = currsubnet->next) {
+        // Check if the ip falls in under the subnet....
+        if((ipaddr & currsubnet->subnet_mask) == currsubnet->subnet_addr) {
+            return 1;
+        }
+    }
+    return 0;
+}
+
+
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/ifvc.o b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/ifvc.o
new file mode 100644
index 0000000..33bd40e
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/ifvc.o differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmp.c b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmp.c
new file mode 100644
index 0000000..a0cd27d
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmp.c
@@ -0,0 +1,281 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmp.h - Recieves IGMP requests, and handle them 
+*            appropriately...
+*/
+
+#include "igmpproxy.h"
+ 
+// Globals                  
+uint32_t     allhosts_group;          /* All hosts addr in net order */
+uint32_t     allrouters_group;          /* All hosts addr in net order */
+              
+extern int MRouterFD;
+
+/*
+ * Open and initialize the igmp socket, and fill in the non-changing
+ * IP header fields in the output packet buffer.
+ */
+void initIgmp() {
+    struct ip *ip;
+
+    recv_buf = malloc(RECV_BUF_SIZE);
+    send_buf = malloc(RECV_BUF_SIZE);
+
+    k_hdr_include(true);    /* include IP header when sending */
+    k_set_rcvbuf(256*1024,48*1024); /* lots of input buffering        */
+    k_set_ttl(1);       /* restrict multicasts to one hop */
+    k_set_loop(false);      /* disable multicast loopback     */
+
+    ip         = (struct ip *)send_buf;
+    memset(ip, 0, sizeof(struct ip));
+    /*
+     * Fields zeroed that aren't filled in later:
+     * - IP ID (let the kernel fill it in)
+     * - Offset (we don't send fragments)
+     * - Checksum (let the kernel fill it in)
+     */
+    ip->ip_v   = IPVERSION;
+    ip->ip_hl  = sizeof(struct ip) >> 2;
+    ip->ip_tos = 0xc0;      /* Internet Control */
+    ip->ip_ttl = MAXTTL;    /* applies to unicasts only */
+    ip->ip_p   = IPPROTO_IGMP;
+
+    allhosts_group   = htonl(INADDR_ALLHOSTS_GROUP);
+    allrouters_group = htonl(INADDR_ALLRTRS_GROUP);
+}
+
+/**
+*   Finds the textual name of the supplied IGMP request.
+*/
+char *igmpPacketKind(u_int type, u_int code) {
+    static char unknown[20];
+
+    switch (type) {
+    case IGMP_MEMBERSHIP_QUERY:     return  "Membership query  ";
+    case IGMP_V1_MEMBERSHIP_REPORT:  return "V1 member report  ";
+    case IGMP_V2_MEMBERSHIP_REPORT:  return "V2 member report  ";
+    case IGMP_V2_LEAVE_GROUP:        return "Leave message     ";
+    
+    default:
+        sprintf(unknown, "unk: 0x%02x/0x%02x    ", type, code);
+        return unknown;
+    }
+}
+
+
+/**
+ * Process a newly received IGMP packet that is sitting in the input
+ * packet buffer.
+ */
+void acceptIgmp(int recvlen) {
+    register uint32_t src, dst, group;
+    struct ip *ip;
+    struct igmp *igmp;
+    int ipdatalen, iphdrlen, igmpdatalen;
+
+    if (recvlen < sizeof(struct ip)) {
+        my_log(LOG_WARNING, 0,
+            "received packet too short (%u bytes) for IP header", recvlen);
+        return;
+    }
+
+    ip        = (struct ip *)recv_buf;
+    src       = ip->ip_src.s_addr;
+    dst       = ip->ip_dst.s_addr;
+
+    /* 
+     * this is most likely a message from the kernel indicating that
+     * a new src grp pair message has arrived and so, it would be 
+     * necessary to install a route into the kernel for this.
+     */
+    if (ip->ip_p == 0) {
+        if (src == 0 || dst == 0) {
+            my_log(LOG_WARNING, 0, "kernel request not accurate");
+        }
+        else {
+            struct IfDesc *checkVIF;
+            
+            // Check if the source address matches a valid address on upstream vif.
+            checkVIF = getIfByIx( upStreamVif );
+            if(checkVIF == 0) {
+                my_log(LOG_ERR, 0, "Upstream VIF was null.");
+                return;
+            } 
+            else if(src == checkVIF->InAdr.s_addr) {
+                my_log(LOG_NOTICE, 0, "Route activation request from %s for %s is from myself. Ignoring.",
+                    inetFmt(src, s1), inetFmt(dst, s2));
+                return;
+            }
+            else if(!isAdressValidForIf(checkVIF, src)) {
+                my_log(LOG_WARNING, 0, "The source address %s for group %s, is not in any valid net for upstream VIF.",
+                    inetFmt(src, s1), inetFmt(dst, s2));
+                return;
+            }
+            
+            // Activate the route.
+            my_log(LOG_DEBUG, 0, "Route activate request from %s to %s",
+		    inetFmt(src,s1), inetFmt(dst,s2));
+            activateRoute(dst, src);
+            
+
+        }
+        return;
+    }
+
+    iphdrlen  = ip->ip_hl << 2;
+    ipdatalen = ip_data_len(ip);
+
+    if (iphdrlen + ipdatalen != recvlen) {
+        my_log(LOG_WARNING, 0,
+            "received packet from %s shorter (%u bytes) than hdr+data length (%u+%u)",
+            inetFmt(src, s1), recvlen, iphdrlen, ipdatalen);
+        return;
+    }
+
+    igmp        = (struct igmp *)(recv_buf + iphdrlen);
+    group       = igmp->igmp_group.s_addr;
+    igmpdatalen = ipdatalen - IGMP_MINLEN;
+    if (igmpdatalen < 0) {
+        my_log(LOG_WARNING, 0,
+            "received IP data field too short (%u bytes) for IGMP, from %s",
+            ipdatalen, inetFmt(src, s1));
+        return;
+    }
+
+    my_log(LOG_NOTICE, 0, "RECV %s from %-15s to %s",
+        igmpPacketKind(igmp->igmp_type, igmp->igmp_code),
+        inetFmt(src, s1), inetFmt(dst, s2) );
+
+    switch (igmp->igmp_type) {
+    case IGMP_V1_MEMBERSHIP_REPORT:
+    case IGMP_V2_MEMBERSHIP_REPORT:
+        acceptGroupReport(src, group, igmp->igmp_type);
+        return;
+    
+    case IGMP_V2_LEAVE_GROUP:
+        acceptLeaveMessage(src, group);
+        return;
+    
+    case IGMP_MEMBERSHIP_QUERY:
+        return;
+
+    default:
+        my_log(LOG_INFO, 0,
+            "ignoring unknown IGMP message type %x from %s to %s",
+            igmp->igmp_type, inetFmt(src, s1),
+            inetFmt(dst, s2));
+        return;
+    }
+}
+
+
+/*
+ * Construct an IGMP message in the output packet buffer.  The caller may
+ * have already placed data in that buffer, of length 'datalen'.
+ */
+void buildIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, int datalen) {
+    struct ip *ip;
+    struct igmp *igmp;
+    extern int curttl;
+
+    ip                      = (struct ip *)send_buf;
+    ip->ip_src.s_addr       = src;
+    ip->ip_dst.s_addr       = dst;
+    ip_set_len(ip, MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen);
+
+    if (IN_MULTICAST(ntohl(dst))) {
+        ip->ip_ttl = curttl;
+    } else {
+        ip->ip_ttl = MAXTTL;
+    }
+
+    igmp                    = (struct igmp *)(send_buf + MIN_IP_HEADER_LEN);
+    igmp->igmp_type         = type;
+    igmp->igmp_code         = code;
+    igmp->igmp_group.s_addr = group;
+    igmp->igmp_cksum        = 0;
+    igmp->igmp_cksum        = inetChksum((u_short *)igmp,
+                                         IGMP_MINLEN + datalen);
+}
+
+/* 
+ * Call build_igmp() to build an IGMP message in the output packet buffer.
+ * Then send the message from the interface with IP address 'src' to
+ * destination 'dst'.
+ */
+void sendIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, int datalen) {
+    struct sockaddr_in sdst;
+    int setloop = 0, setigmpsource = 0;
+
+    buildIgmp(src, dst, type, code, group, datalen);
+
+    if (IN_MULTICAST(ntohl(dst))) {
+        k_set_if(src);
+        setigmpsource = 1;
+        if (type != IGMP_DVMRP || dst == allhosts_group) {
+            setloop = 1;
+            k_set_loop(true);
+        }
+    }
+
+    memset(&sdst, 0, sizeof(sdst));
+    sdst.sin_family = AF_INET;
+#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
+    sdst.sin_len = sizeof(sdst);
+#endif
+    sdst.sin_addr.s_addr = dst;
+    if (sendto(MRouterFD, send_buf,
+               MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen, 0,
+               (struct sockaddr *)&sdst, sizeof(sdst)) < 0) {
+        if (errno == ENETDOWN)
+            my_log(LOG_ERR, errno, "Sender VIF was down.");
+        else
+            my_log(LOG_INFO, errno,
+                "sendto to %s on %s",
+                inetFmt(dst, s1), inetFmt(src, s2));
+    }
+
+    if(setigmpsource) {
+        if (setloop) {
+            k_set_loop(false);
+        }
+        // Restore original...
+        k_set_if(INADDR_ANY);
+    }
+
+    my_log(LOG_DEBUG, 0, "SENT %s from %-15s to %s",
+	    igmpPacketKind(type, code), src == INADDR_ANY ? "INADDR_ANY" :
+	    inetFmt(src, s1), inetFmt(dst, s2));
+}
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmp.o b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmp.o
new file mode 100644
index 0000000..3320ba5
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmp.o differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmpproxy b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmpproxy
new file mode 100755
index 0000000..c81fa83
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmpproxy differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c
new file mode 100644
index 0000000..1ece15a
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c
@@ -0,0 +1,357 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmpproxy.c - The main file for the IGMP proxy application.
+*
+*   February 2005 - Johnny Egeland
+*/
+
+#include "igmpproxy.h"
+
+static const char Usage[] = 
+"Usage: igmpproxy [-h] [-d] [-v [-v]] <configfile>\n"
+"\n" 
+"   -h   Display this help screen\n"
+"   -d   Run in debug mode. Output all messages on stderr\n"
+"   -v   Be verbose. Give twice to see even debug messages.\n"
+"\n"
+PACKAGE_STRING "\n"
+;
+
+// Local function Prototypes
+static void signalHandler(int);
+int     igmpProxyInit();
+void    igmpProxyCleanUp();
+void    igmpProxyRun();
+
+// Global vars...
+static int sighandled = 0;
+#define	GOT_SIGINT	0x01
+#define	GOT_SIGHUP	0x02
+#define	GOT_SIGUSR1	0x04
+#define	GOT_SIGUSR2	0x08
+
+// The upstream VIF index
+int         upStreamVif;   
+
+/**
+*   Program main method. Is invoked when the program is started
+*   on commandline. The number of commandline arguments, and a
+*   pointer to the arguments are recieved on the line...
+*/    
+int main( int ArgCn, char *ArgVc[] ) {
+
+    // Parse the commandline options and setup basic settings..
+    for (int c; (c = getopt(ArgCn, ArgVc, "vdh")) != -1;) {
+        switch (c) {
+        case 'd':
+            Log2Stderr = true;
+            break;
+        case 'v':
+            if (LogLevel == LOG_INFO)
+                LogLevel = LOG_DEBUG;
+            else
+                LogLevel = LOG_INFO;
+            break;
+        case 'h':
+            fputs(Usage, stderr);
+            exit(0);
+            break;
+        default:
+            exit(1);
+            break;
+        }
+    }
+
+    if (optind != ArgCn - 1) {
+	fputs("You must specify the configuration file.\n", stderr);
+	exit(1);
+    }
+    char *configFilePath = ArgVc[optind];
+
+    // Chech that we are root
+    if (geteuid() != 0) {
+       fprintf(stderr, "igmpproxy: must be root\n");
+       exit(1);
+    }
+
+    openlog("igmpproxy", LOG_PID, LOG_USER);
+
+    // Write debug notice with file path...
+    my_log(LOG_DEBUG, 0, "Searching for config file at '%s'" , configFilePath);
+
+    do {
+
+        // Loads the config file...
+        if( ! loadConfig( configFilePath ) ) {
+            my_log(LOG_ERR, 0, "Unable to load config file...");
+            break;
+        }
+    
+        // Initializes the deamon.
+        if ( !igmpProxyInit() ) {
+            my_log(LOG_ERR, 0, "Unable to initialize IGMPproxy.");
+            break;
+        }
+
+        // Go to the main loop.
+        igmpProxyRun();
+    
+        // Clean up
+        igmpProxyCleanUp();
+
+    } while ( false );
+
+    // Inform that we are exiting.
+    my_log(LOG_INFO, 0, "Shutdown complete....");
+
+    exit(0);
+}
+
+
+
+/**
+*   Handles the initial startup of the daemon.
+*/
+int igmpProxyInit() {
+    struct sigaction sa;
+    int Err;
+
+
+    sa.sa_handler = signalHandler;
+    sa.sa_flags = 0;    /* Interrupt system calls */
+    sigemptyset(&sa.sa_mask);
+    sigaction(SIGTERM, &sa, NULL);
+    sigaction(SIGINT, &sa, NULL);
+
+    // Loads configuration for Physical interfaces...
+    buildIfVc();    
+    
+    // Configures IF states and settings
+    configureVifs();
+
+    switch ( Err = enableMRouter() ) {
+    case 0: break;
+    case EADDRINUSE: my_log( LOG_ERR, EADDRINUSE, "MC-Router API already in use" ); break;
+    default: my_log( LOG_ERR, Err, "MRT_INIT failed" );
+    }
+
+    /* create VIFs for all IP, non-loop interfaces
+     */
+    {
+        unsigned Ix;
+        struct IfDesc *Dp;
+        int     vifcount = 0;
+        upStreamVif = -1;
+
+        for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+
+            if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+                if(Dp->state == IF_STATE_UPSTREAM) {
+                    if(upStreamVif == -1) {
+                        upStreamVif = Ix;
+                    } else {
+                        my_log(LOG_ERR, 0, "Vif #%d was already upstream. Cannot set VIF #%d as upstream as well.",
+                            upStreamVif, Ix);
+                    }
+                }
+
+                addVIF( Dp );
+                vifcount++;
+            }
+        }
+
+        // If there is only one VIF, or no defined upstream VIF, we send an error.
+        if(vifcount < 2 || upStreamVif < 0) {
+            my_log(LOG_ERR, 0, "There must be at least 2 Vif's where one is upstream.");
+        }
+    }  
+    
+    // Initialize IGMP
+    initIgmp();
+    // Initialize Routing table
+    initRouteTable();
+    // Initialize timer
+    callout_init();
+
+
+    return 1;
+}
+
+/**
+*   Clean up all on exit...
+*/
+void igmpProxyCleanUp() {
+
+    my_log( LOG_DEBUG, 0, "clean handler called" );
+    
+    free_all_callouts();    // No more timeouts.
+    clearAllRoutes();       // Remove all routes.
+    disableMRouter();       // Disable the multirout API
+
+}
+
+/**
+*   Main daemon loop.
+*/
+void igmpProxyRun() {
+    // Get the config.
+    //struct Config *config = getCommonConfig();
+    // Set some needed values.
+    register int recvlen;
+    int     MaxFD, Rt, secs;
+    fd_set  ReadFDS;
+    socklen_t dummy = 0;
+    struct  timeval  curtime, lasttime, difftime, tv; 
+    // The timeout is a pointer in order to set it to NULL if nessecary.
+    struct  timeval  *timeout = &tv;
+
+    // Initialize timer vars
+    difftime.tv_usec = 0;
+    gettimeofday(&curtime, NULL);
+    lasttime = curtime;
+
+    // First thing we send a membership query in downstream VIF's...
+    sendGeneralMembershipQuery();
+
+    // Loop until the end...
+    for (;;) {
+
+        // Process signaling...
+        if (sighandled) {
+            if (sighandled & GOT_SIGINT) {
+                sighandled &= ~GOT_SIGINT;
+                my_log(LOG_NOTICE, 0, "Got a interupt signal. Exiting.");
+                break;
+            }
+        }
+
+        // Prepare timeout...
+        secs = timer_nextTimer();
+        if(secs == -1) {
+            timeout = NULL;
+        } else {
+            timeout->tv_usec = 0;
+            timeout->tv_sec = secs;
+        }
+
+        // Prepare for select.
+        MaxFD = MRouterFD;
+
+        FD_ZERO( &ReadFDS );
+        FD_SET( MRouterFD, &ReadFDS );
+
+        // wait for input
+        Rt = select( MaxFD +1, &ReadFDS, NULL, NULL, timeout );
+
+        // log and ignore failures
+        if( Rt < 0 ) {
+            my_log( LOG_WARNING, errno, "select() failure" );
+            continue;
+        }
+        else if( Rt > 0 ) {
+
+            // Read IGMP request, and handle it...
+            if( FD_ISSET( MRouterFD, &ReadFDS ) ) {
+    
+                recvlen = recvfrom(MRouterFD, recv_buf, RECV_BUF_SIZE,
+                                   0, NULL, &dummy);
+                if (recvlen < 0) {
+                    if (errno != EINTR) my_log(LOG_ERR, errno, "recvfrom");
+                    continue;
+                }
+                
+
+                acceptIgmp(recvlen);
+            }
+        }
+
+        // At this point, we can handle timeouts...
+        do {
+            /*
+             * If the select timed out, then there's no other
+             * activity to account for and we don't need to
+             * call gettimeofday.
+             */
+            if (Rt == 0) {
+                curtime.tv_sec = lasttime.tv_sec + secs;
+                curtime.tv_usec = lasttime.tv_usec;
+                Rt = -1; /* don't do this next time through the loop */
+            } else {
+                gettimeofday(&curtime, NULL);
+            }
+            difftime.tv_sec = curtime.tv_sec - lasttime.tv_sec;
+            difftime.tv_usec += curtime.tv_usec - lasttime.tv_usec;
+            while (difftime.tv_usec > 1000000) {
+                difftime.tv_sec++;
+                difftime.tv_usec -= 1000000;
+            }
+            if (difftime.tv_usec < 0) {
+                difftime.tv_sec--;
+                difftime.tv_usec += 1000000;
+            }
+            lasttime = curtime;
+            if (secs == 0 || difftime.tv_sec > 0)
+                age_callout_queue(difftime.tv_sec);
+            secs = -1;
+        } while (difftime.tv_sec > 0);
+
+    }
+
+}
+
+/*
+ * Signal handler.  Take note of the fact that the signal arrived
+ * so that the main loop can take care of it.
+ */
+static void signalHandler(int sig) {
+    switch (sig) {
+    case SIGINT:
+    case SIGTERM:
+        sighandled |= GOT_SIGINT;
+        break;
+        /* XXX: Not in use.
+        case SIGHUP:
+            sighandled |= GOT_SIGHUP;
+            break;
+    
+        case SIGUSR1:
+            sighandled |= GOT_SIGUSR1;
+            break;
+    
+        case SIGUSR2:
+            sighandled |= GOT_SIGUSR2;
+            break;
+        */
+    }
+}
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h
new file mode 100644
index 0000000..4dabd1c
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h
@@ -0,0 +1,279 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmpproxy.h - Header file for common includes.
+*/
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <signal.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <stdbool.h>
+
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/time.h>
+#include <sys/ioctl.h>
+#include <sys/param.h>
+
+#include <net/if.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include "os.h"
+#include "config.h"
+
+/*
+ * Limit on length of route data
+ */
+#define MAX_IP_PACKET_LEN	576
+#define MIN_IP_HEADER_LEN	20
+#define MAX_IP_HEADER_LEN	60
+
+#define MAX_MC_VIFS    32     // !!! check this const in the specific includes
+
+// Useful macros..          
+#define VCMC( Vc )  (sizeof( Vc ) / sizeof( (Vc)[ 0 ] ))
+#define VCEP( Vc )  (&(Vc)[ VCMC( Vc ) ])
+
+// Bit manipulation macros...
+#define BIT_ZERO(X)      ((X) = 0)
+#define BIT_SET(X,n)     ((X) |= 1 << (n))
+#define BIT_CLR(X,n)     ((X) &= ~(1 << (n)))
+#define BIT_TST(X,n)     ((X) & 1 << (n))
+
+
+//#################################################################################
+//  Globals
+//#################################################################################
+
+/*
+ * External declarations for global variables and functions.
+ */
+#define RECV_BUF_SIZE 8192
+extern char     *recv_buf;
+extern char     *send_buf;
+
+extern char     s1[];
+extern char     s2[];
+extern char		s3[];
+extern char		s4[];
+
+
+
+//#################################################################################
+//  Lib function prototypes.
+//#################################################################################
+
+/* syslog.c
+ */
+extern bool Log2Stderr;           // Log to stderr instead of to syslog
+extern int  LogLevel;             // Log threshold, LOG_WARNING .... LOG_DEBUG 
+
+void my_log( int Serverity, int Errno, const char *FmtSt, ... );
+
+/* ifvc.c
+ */
+#define MAX_IF         40     // max. number of interfaces recognized 
+
+// Interface states
+#define IF_STATE_DISABLED      0   // Interface should be ignored.
+#define IF_STATE_UPSTREAM      1   // Interface is the upstream interface
+#define IF_STATE_DOWNSTREAM    2   // Interface is a downstream interface
+
+// Multicast default values...
+#define DEFAULT_ROBUSTNESS     2
+#define DEFAULT_THRESHOLD      1
+#define DEFAULT_RATELIMIT      0
+
+// Define timer constants (in seconds...)
+#define INTERVAL_QUERY          125
+#define INTERVAL_QUERY_RESPONSE  10
+//#define INTERVAL_QUERY_RESPONSE  10
+
+#define ROUTESTATE_NOTJOINED            0   // The group corresponding to route is not joined
+#define ROUTESTATE_JOINED               1   // The group corresponding to route is joined
+#define ROUTESTATE_CHECK_LAST_MEMBER    2   // The router is checking for hosts
+
+
+
+// Linked list of networks... 
+struct SubnetList {
+    uint32_t              subnet_addr;
+    uint32_t              subnet_mask;
+    struct SubnetList*  next;
+};
+
+struct IfDesc {
+    char                Name[IF_NAMESIZE];
+    struct in_addr      InAdr;          /* == 0 for non IP interfaces */            
+    short               Flags;
+    short               state;
+    struct SubnetList*  allowednets;
+    unsigned int        robustness;
+    unsigned char       threshold;   /* ttl limit */
+    unsigned int        ratelimit; 
+    unsigned int        index;
+};
+
+// Keeps common configuration settings 
+struct Config {
+    unsigned int        robustnessValue;
+    unsigned int        queryInterval;
+    unsigned int        queryResponseInterval;
+    // Used on startup..
+    unsigned int        startupQueryInterval;
+    unsigned int        startupQueryCount;
+    // Last member probe...
+    unsigned int        lastMemberQueryInterval;
+    unsigned int        lastMemberQueryCount;
+    // Set if upstream leave messages should be sent instantly..
+    unsigned short      fastUpstreamLeave;
+};
+
+// Defines the Index of the upstream VIF...
+extern int upStreamVif;
+
+/* ifvc.c
+ */
+void buildIfVc( void );
+struct IfDesc *getIfByName( const char *IfName );
+struct IfDesc *getIfByIx( unsigned Ix );
+struct IfDesc *getIfByAddress( uint32_t Ix );
+int isAdressValidForIf(struct IfDesc* intrface, uint32_t ipaddr);
+
+/* mroute-api.c
+ */
+struct MRouteDesc {
+    struct in_addr  OriginAdr, McAdr;
+    short           InVif;
+    uint8_t           TtlVc[ MAX_MC_VIFS ];
+};
+
+// IGMP socket as interface for the mrouted API
+// - receives the IGMP messages
+extern int MRouterFD;
+
+int enableMRouter( void );
+void disableMRouter( void );
+void addVIF( struct IfDesc *Dp );
+int addMRoute( struct MRouteDesc * Dp );
+int delMRoute( struct MRouteDesc * Dp );
+int getVifIx( struct IfDesc *IfDp );
+
+/* config.c
+ */
+int loadConfig(char *configFile);
+void configureVifs();
+struct Config *getCommonConfig();
+
+/* igmp.c
+*/
+extern uint32_t allhosts_group;
+extern uint32_t allrouters_group;
+void initIgmp(void);
+void acceptIgmp(int);
+void sendIgmp (uint32_t, uint32_t, int, int, uint32_t,int);
+
+/* lib.c
+ */
+char   *fmtInAdr( char *St, struct in_addr InAdr );
+char   *inetFmt(uint32_t addr, char *s);
+char   *inetFmts(uint32_t addr, uint32_t mask, char *s);
+uint16_t inetChksum(uint16_t *addr, int len);
+
+/* kern.c
+ */
+void k_set_rcvbuf(int bufsize, int minsize);
+void k_hdr_include(int hdrincl);
+void k_set_ttl(int t);
+void k_set_loop(int l);
+void k_set_if(uint32_t ifa);
+/*
+void k_join(uint32_t grp, uint32_t ifa);
+void k_leave(uint32_t grp, uint32_t ifa);
+*/
+
+/* udpsock.c
+ */
+int openUdpSocket( uint32_t PeerInAdr, uint16_t PeerPort );
+
+/* mcgroup.c
+ */
+int joinMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr );
+int leaveMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr );
+
+
+/* rttable.c
+ */
+void initRouteTable();
+void clearAllRoutes();
+int insertRoute(uint32_t group, int ifx);
+int activateRoute(uint32_t group, uint32_t originAddr);
+void ageActiveRoutes();
+void setRouteLastMemberMode(uint32_t group);
+int lastMemberGroupAge(uint32_t group);
+
+/* request.c
+ */
+void acceptGroupReport(uint32_t src, uint32_t group, uint8_t type);
+void acceptLeaveMessage(uint32_t src, uint32_t group);
+void sendGeneralMembershipQuery();
+
+/* callout.c 
+*/
+typedef void (*timer_f)(void *);
+
+void callout_init();
+void free_all_callouts();
+void age_callout_queue(int);
+int timer_nextTimer();
+int timer_setTimer(int, timer_f, void *);
+int timer_clearTimer(int);
+int timer_leftTimer(int);
+
+/* confread.c
+ */
+#define MAX_TOKEN_LENGTH    30
+
+int openConfigFile(char *filename);
+void closeConfigFile();
+char* nextConfigToken();
+char* getCurrentConfigToken();
+
+
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o
new file mode 100644
index 0000000..f7f42f4
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/kern.c b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/kern.c
new file mode 100644
index 0000000..2055636
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/kern.c
@@ -0,0 +1,140 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+
+#include "igmpproxy.h"
+
+int curttl = 0;
+
+void k_set_rcvbuf(int bufsize, int minsize) {
+    int delta = bufsize / 2;
+    int iter = 0;
+
+    /*
+     * Set the socket buffer.  If we can't set it as large as we
+     * want, search around to try to find the highest acceptable
+     * value.  The highest acceptable value being smaller than
+     * minsize is a fatal error.
+     */
+    if (setsockopt(MRouterFD, SOL_SOCKET, SO_RCVBUF,
+                   (char *)&bufsize, sizeof(bufsize)) < 0) {
+        bufsize -= delta;
+        while (1) {
+            iter++;
+            if (delta > 1)
+                delta /= 2;
+
+            if (setsockopt(MRouterFD, SOL_SOCKET, SO_RCVBUF,
+                           (char *)&bufsize, sizeof(bufsize)) < 0) {
+                bufsize -= delta;
+            } else {
+                if (delta < 1024)
+                    break;
+                bufsize += delta;
+            }
+        }
+        if (bufsize < minsize) {
+            my_log(LOG_ERR, 0, "OS-allowed buffer size %u < app min %u",
+                bufsize, minsize);
+            /*NOTREACHED*/
+        }
+    }
+    my_log(LOG_DEBUG, 0, "Got %d byte buffer size in %d iterations", bufsize, iter);
+}
+
+
+void k_hdr_include(int hdrincl) {
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_HDRINCL,
+                   (char *)&hdrincl, sizeof(hdrincl)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_HDRINCL %u", hdrincl);
+}
+
+
+void k_set_ttl(int t) {
+#ifndef RAW_OUTPUT_IS_RAW
+    u_char ttl;
+
+    ttl = t;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_TTL,
+                   (char *)&ttl, sizeof(ttl)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_TTL %u", ttl);
+#endif
+    curttl = t;
+}
+
+
+void k_set_loop(int l) {
+    u_char loop;
+
+    loop = l;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_LOOP,
+                   (char *)&loop, sizeof(loop)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_LOOP %u", loop);
+}
+
+void k_set_if(uint32_t ifa) {
+    struct in_addr adr;
+
+    adr.s_addr = ifa;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_IF,
+                   (char *)&adr, sizeof(adr)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_IF %s",
+            inetFmt(ifa, s1));
+}
+
+/*
+void k_join(uint32_t grp, uint32_t ifa) {
+    struct ip_mreq mreq;
+
+    mreq.imr_multiaddr.s_addr = grp;
+    mreq.imr_interface.s_addr = ifa;
+
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_ADD_MEMBERSHIP,
+                   (char *)&mreq, sizeof(mreq)) < 0)
+        my_log(LOG_WARNING, errno, "can't join group %s on interface %s",
+            inetFmt(grp, s1), inetFmt(ifa, s2));
+}
+
+
+void k_leave(uint32_t grp, uint32_t ifa) {
+    struct ip_mreq mreq;
+
+    mreq.imr_multiaddr.s_addr = grp;
+    mreq.imr_interface.s_addr = ifa;
+
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_DROP_MEMBERSHIP,
+                   (char *)&mreq, sizeof(mreq)) < 0)
+        my_log(LOG_WARNING, errno, "can't leave group %s on interface %s",
+            inetFmt(grp, s1), inetFmt(ifa, s2));
+}
+*/
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/kern.o b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/kern.o
new file mode 100644
index 0000000..09f1de3
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/kern.o differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/lib.c b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/lib.c
new file mode 100644
index 0000000..70a730a
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/lib.c
@@ -0,0 +1,148 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+/*
+ * Exported variables.
+ */
+char s1[19];        /* buffers to hold the string representations  */
+char s2[19];        /* of IP addresses, to be passed to inet_fmt() */
+char s3[19];        /* or inet_fmts().                             */
+char s4[19];
+            
+/*
+** Formats 'InAdr' into a dotted decimal string. 
+**
+** returns: - pointer to 'St'
+**          
+*/
+char *fmtInAdr( char *St, struct in_addr InAdr ) {
+    sprintf( St, "%u.%u.%u.%u", 
+             ((uint8_t *)&InAdr.s_addr)[ 0 ],
+             ((uint8_t *)&InAdr.s_addr)[ 1 ],
+             ((uint8_t *)&InAdr.s_addr)[ 2 ],
+             ((uint8_t *)&InAdr.s_addr)[ 3 ] );
+
+    return St;
+}
+
+/*
+ * Convert an IP address in u_long (network) format into a printable string.
+ */
+char *inetFmt(uint32_t addr, char *s) {
+    register u_char *a;
+
+    a = (u_char *)&addr;
+    sprintf(s, "%u.%u.%u.%u", a[0], a[1], a[2], a[3]);
+    return(s);
+}
+
+
+/*
+ * Convert an IP subnet number in u_long (network) format into a printable
+ * string including the netmask as a number of bits.
+ */
+char *inetFmts(uint32_t addr, uint32_t mask, char *s) {
+    register u_char *a, *m;
+    int bits;
+
+    if ((addr == 0) && (mask == 0)) {
+        sprintf(s, "default");
+        return(s);
+    }
+    a = (u_char *)&addr;
+    m = (u_char *)&mask;
+    bits = 33 - ffs(ntohl(mask));
+
+    if (m[3] != 0) sprintf(s, "%u.%u.%u.%u/%d", a[0], a[1], a[2], a[3],
+                           bits);
+    else if (m[2] != 0) sprintf(s, "%u.%u.%u/%d",    a[0], a[1], a[2], bits);
+    else if (m[1] != 0) sprintf(s, "%u.%u/%d",       a[0], a[1], bits);
+    else                sprintf(s, "%u/%d",          a[0], bits);
+
+    return(s);
+}
+
+/*
+ * inet_cksum extracted from:
+ *			P I N G . C
+ *
+ * Author -
+ *	Mike Muuss
+ *	U. S. Army Ballistic Research Laboratory
+ *	December, 1983
+ * Modified at Uc Berkeley
+ *
+ * (ping.c) Status -
+ *	Public Domain.  Distribution Unlimited.
+ *
+ *			I N _ C K S U M
+ *
+ * Checksum routine for Internet Protocol family headers (C Version)
+ *
+ */
+uint16_t inetChksum(uint16_t *addr, int len) {
+    register int nleft = len;
+    register uint16_t *w = addr;
+    uint16_t answer = 0;
+    register int32_t sum = 0;
+
+    /*
+     *  Our algorithm is simple, using a 32 bit accumulator (sum),
+     *  we add sequential 16 bit words to it, and at the end, fold
+     *  back all the carry bits from the top 16 bits into the lower
+     *  16 bits.
+     */
+    while (nleft > 1) {
+        sum += *w++;
+        nleft -= 2;
+    }
+
+    /* mop up an odd byte, if necessary */
+    if (nleft == 1) {
+        *(uint8_t *) (&answer) = *(uint8_t *)w ;
+        sum += answer;
+    }
+
+    /*
+     * add back carry outs from top 16 bits to low 16 bits
+     */
+    sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
+    sum += (sum >> 16);         /* add carry */
+    answer = ~sum;              /* truncate to 16 bits */
+    return(answer);
+}
+
+
+
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/lib.o b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/lib.o
new file mode 100644
index 0000000..22f3c01
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/lib.o differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c
new file mode 100644
index 0000000..e657c22
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c
@@ -0,0 +1,86 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   mcgroup contains functions for joining and leaving multicast groups.
+*
+*/
+
+#include "igmpproxy.h"
+       
+
+/**
+*   Common function for joining or leaving a MCast group.
+*/
+static int joinleave( int Cmd, int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    struct ip_mreq CtlReq;
+    const char *CmdSt = Cmd == 'j' ? "join" : "leave";
+    
+    memset(&CtlReq, 0, sizeof(CtlReq));
+    CtlReq.imr_multiaddr.s_addr = mcastaddr;
+    CtlReq.imr_interface.s_addr = IfDp->InAdr.s_addr;
+    
+    {
+        my_log( LOG_NOTICE, 0, "%sMcGroup: %s on %s", CmdSt, 
+            inetFmt( mcastaddr, s1 ), IfDp ? IfDp->Name : "<any>" );
+    }
+    
+    if( setsockopt( UdpSock, IPPROTO_IP, 
+          Cmd == 'j' ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP, 
+          (void *)&CtlReq, sizeof( CtlReq ) ) ) 
+    {
+        my_log( LOG_WARNING, errno, "MRT_%s_MEMBERSHIP failed", Cmd == 'j' ? "ADD" : "DROP" );
+        return 1;
+    }
+    
+    return 0;
+}
+
+/**
+*   Joins the MC group with the address 'McAdr' on the interface 'IfName'. 
+*   The join is bound to the UDP socket 'UdpSock', so if this socket is 
+*   closed the membership is dropped.
+*          
+*   @return 0 if the function succeeds, 1 if parameters are wrong or the join fails
+*/
+int joinMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    return joinleave( 'j', UdpSock, IfDp, mcastaddr );
+}
+
+/**
+*   Leaves the MC group with the address 'McAdr' on the interface 'IfName'. 
+*          
+*   @return 0 if the function succeeds, 1 if parameters are wrong or the join fails
+*/
+int leaveMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    return joinleave( 'l', UdpSock, IfDp, mcastaddr );
+}
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o
new file mode 100644
index 0000000..2fdb2f9
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c
new file mode 100644
index 0000000..7c2be3e
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c
@@ -0,0 +1,242 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   mroute-api.c
+*
+*   This module contains the interface routines to the Linux mrouted API
+*/
+
+
+#include "igmpproxy.h"
+
+// MAX_MC_VIFS from mclab.h must have same value as MAXVIFS from mroute.h
+#if MAX_MC_VIFS != MAXVIFS
+# error "constants don't match, correct mclab.h"
+#endif
+     
+// need an IGMP socket as interface for the mrouted API
+// - receives the IGMP messages
+int         MRouterFD;        /* socket for all network I/O  */
+char        *recv_buf;           /* input packet buffer         */
+char        *send_buf;           /* output packet buffer        */
+
+
+// my internal virtual interfaces descriptor vector  
+static struct VifDesc {
+    struct IfDesc *IfDp;
+} VifDescVc[ MAXVIFS ];
+
+
+
+/*
+** Initialises the mrouted API and locks it by this exclusively.
+**     
+** returns: - 0 if the functions succeeds     
+**          - the errno value for non-fatal failure condition
+*/
+int enableMRouter()
+{
+    int Va = 1;
+
+    if ( (MRouterFD  = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP)) < 0 )
+        my_log( LOG_ERR, errno, "IGMP socket open" );
+
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_INIT, 
+                     (void *)&Va, sizeof( Va ) ) )
+        return errno;
+
+    return 0;
+}
+
+/*
+** Diables the mrouted API and relases by this the lock.
+**          
+*/
+void disableMRouter()
+{
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_DONE, NULL, 0 ) 
+         || close( MRouterFD )
+       ) {
+        MRouterFD = 0;
+        my_log( LOG_ERR, errno, "MRT_DONE/close" );
+    }
+
+    MRouterFD = 0;
+}
+
+/*
+** Adds the interface '*IfDp' as virtual interface to the mrouted API
+** 
+*/
+void addVIF( struct IfDesc *IfDp )
+{
+    struct vifctl VifCtl;
+    struct VifDesc *VifDp;
+
+    /* search free VifDesc
+     */
+    for ( VifDp = VifDescVc; VifDp < VCEP( VifDescVc ); VifDp++ ) {
+        if ( ! VifDp->IfDp )
+            break;
+    }
+
+    /* no more space
+     */
+    if ( VifDp >= VCEP( VifDescVc ) )
+        my_log( LOG_ERR, ENOMEM, "addVIF, out of VIF space" );
+
+    VifDp->IfDp = IfDp;
+
+    VifCtl.vifc_vifi  = VifDp - VifDescVc; 
+    VifCtl.vifc_flags = 0;        /* no tunnel, no source routing, register ? */
+    VifCtl.vifc_threshold  = VifDp->IfDp->threshold;    // Packet TTL must be at least 1 to pass them
+    VifCtl.vifc_rate_limit = VifDp->IfDp->ratelimit;    // Ratelimit
+
+    VifCtl.vifc_lcl_addr.s_addr = VifDp->IfDp->InAdr.s_addr;
+    VifCtl.vifc_rmt_addr.s_addr = INADDR_ANY;
+
+    // Set the index...
+    VifDp->IfDp->index = VifCtl.vifc_vifi;
+
+    my_log( LOG_NOTICE, 0, "adding VIF, Ix %d Fl 0x%x IP 0x%08x %s, Threshold: %d, Ratelimit: %d", 
+         VifCtl.vifc_vifi, VifCtl.vifc_flags,  VifCtl.vifc_lcl_addr.s_addr, VifDp->IfDp->Name,
+         VifCtl.vifc_threshold, VifCtl.vifc_rate_limit);
+
+    struct SubnetList *currSubnet;
+    for(currSubnet = IfDp->allowednets; currSubnet; currSubnet = currSubnet->next) {
+	my_log(LOG_DEBUG, 0, "        Network for [%s] : %s",
+	    IfDp->Name,
+	    inetFmts(currSubnet->subnet_addr, currSubnet->subnet_mask, s1));
+    }
+
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_ADD_VIF, 
+                     (char *)&VifCtl, sizeof( VifCtl ) ) )
+        my_log( LOG_ERR, errno, "MRT_ADD_VIF" );
+
+}
+
+/*
+** Adds the multicast routed '*Dp' to the kernel routes
+**
+** returns: - 0 if the function succeeds
+**          - the errno value for non-fatal failure condition
+*/
+int addMRoute( struct MRouteDesc *Dp )
+{
+    struct mfcctl CtlReq;
+    int rc;
+
+    CtlReq.mfcc_origin    = Dp->OriginAdr;
+    CtlReq.mfcc_mcastgrp  = Dp->McAdr;
+    CtlReq.mfcc_parent    = Dp->InVif;
+
+    /* copy the TTL vector
+     */
+
+    memcpy( CtlReq.mfcc_ttls, Dp->TtlVc, sizeof( CtlReq.mfcc_ttls ) );
+
+    {
+        char FmtBuO[ 32 ], FmtBuM[ 32 ];
+
+        my_log( LOG_NOTICE, 0, "Adding MFC: %s -> %s, InpVIf: %d", 
+             fmtInAdr( FmtBuO, CtlReq.mfcc_origin ), 
+             fmtInAdr( FmtBuM, CtlReq.mfcc_mcastgrp ),
+             (int)CtlReq.mfcc_parent
+           );
+    }
+
+    rc = setsockopt( MRouterFD, IPPROTO_IP, MRT_ADD_MFC,
+		    (void *)&CtlReq, sizeof( CtlReq ) );
+    if (rc)
+        my_log( LOG_WARNING, errno, "MRT_ADD_MFC" );
+
+    return rc;
+}
+
+/*
+** Removes the multicast routed '*Dp' from the kernel routes
+**
+** returns: - 0 if the function succeeds
+**          - the errno value for non-fatal failure condition
+*/
+int delMRoute( struct MRouteDesc *Dp )
+{
+    struct mfcctl CtlReq;
+    int rc;
+
+    CtlReq.mfcc_origin    = Dp->OriginAdr;
+    CtlReq.mfcc_mcastgrp  = Dp->McAdr;
+    CtlReq.mfcc_parent    = Dp->InVif;
+
+    /* clear the TTL vector
+     */
+    memset( CtlReq.mfcc_ttls, 0, sizeof( CtlReq.mfcc_ttls ) );
+
+    {
+        char FmtBuO[ 32 ], FmtBuM[ 32 ];
+
+        my_log( LOG_NOTICE, 0, "Removing MFC: %s -> %s, InpVIf: %d", 
+             fmtInAdr( FmtBuO, CtlReq.mfcc_origin ), 
+             fmtInAdr( FmtBuM, CtlReq.mfcc_mcastgrp ),
+             (int)CtlReq.mfcc_parent
+           );
+    }
+
+    rc = setsockopt( MRouterFD, IPPROTO_IP, MRT_DEL_MFC,
+		    (void *)&CtlReq, sizeof( CtlReq ) );
+    if (rc)
+        my_log( LOG_WARNING, errno, "MRT_DEL_MFC" );
+
+    return rc;
+}
+
+/*
+** Returns for the virtual interface index for '*IfDp'
+**
+** returns: - the vitrual interface index if the interface is registered
+**          - -1 if no virtual interface exists for the interface 
+**          
+*/
+int getVifIx( struct IfDesc *IfDp )
+{
+    struct VifDesc *Dp;
+
+    for ( Dp = VifDescVc; Dp < VCEP( VifDescVc ); Dp++ )
+        if ( Dp->IfDp == IfDp )
+            return Dp - VifDescVc;
+
+    return -1;
+}
+
+
+
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o
new file mode 100644
index 0000000..d9b483e
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h
new file mode 100644
index 0000000..735401c
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h
@@ -0,0 +1,14 @@
+#include <net/route.h>
+#include <net/ip_mroute/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h
new file mode 100644
index 0000000..ca01cc5
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h
@@ -0,0 +1,23 @@
+#include <net/route.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#if __FreeBSD_version >= 800069 && defined BURN_BRIDGES \
+	|| __FreeBSD_version >= 800098
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+#endif
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os-linux.h b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os-linux.h
new file mode 100644
index 0000000..7504b1f
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os-linux.h
@@ -0,0 +1,15 @@
+#define _LINUX_IN_H
+#include <linux/types.h>
+#include <linux/mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ntohs(ip->ip_len) - (ip->ip_hl << 2);
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = htons(len);
+}
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h
new file mode 100644
index 0000000..17bd5fa
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h
@@ -0,0 +1,19 @@
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h
new file mode 100644
index 0000000..873e5fb
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h
@@ -0,0 +1,21 @@
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+
+#define INADDR_ALLRTRS_GROUP INADDR_ALLROUTERS_GROUP
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ntohs(ip->ip_len) - (ip->ip_hl << 2);
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = htons(len);
+}
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os.h b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os.h
new file mode 120000
index 0000000..142e404
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/os.h
@@ -0,0 +1 @@
+../src/os-linux.h
\ No newline at end of file
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/request.c b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/request.c
new file mode 100644
index 0000000..e3589f6
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/request.c
@@ -0,0 +1,222 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   request.c 
+*
+*   Functions for recieveing and processing IGMP requests.
+*
+*/
+
+#include "igmpproxy.h"
+
+// Prototypes...
+void sendGroupSpecificMemberQuery(void *argument);  
+    
+typedef struct {
+    uint32_t      group;
+    uint32_t      vifAddr;
+    short       started;
+} GroupVifDesc;
+
+
+/**
+*   Handles incoming membership reports, and
+*   appends them to the routing table.
+*/
+void acceptGroupReport(uint32_t src, uint32_t group, uint8_t type) {
+    struct IfDesc  *sourceVif;
+
+    // Sanitycheck the group adress...
+    if(!IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group.",
+            inetFmt(group, s1));
+        return;
+    }
+
+    // Find the interface on which the report was recieved.
+    sourceVif = getIfByAddress( src );
+    if(sourceVif == NULL) {
+        my_log(LOG_WARNING, 0, "No interfaces found for source %s",
+            inetFmt(src,s1));
+        return;
+    }
+
+    if(sourceVif->InAdr.s_addr == src) {
+        my_log(LOG_NOTICE, 0, "The IGMP message was from myself. Ignoring.");
+        return;
+    }
+
+    // We have a IF so check that it's an downstream IF.
+    if(sourceVif->state == IF_STATE_DOWNSTREAM) {
+
+        my_log(LOG_DEBUG, 0, "Should insert group %s (from: %s) to route table. Vif Ix : %d",
+            inetFmt(group,s1), inetFmt(src,s2), sourceVif->index);
+
+        // The membership report was OK... Insert it into the route table..
+        insertRoute(group, sourceVif->index);
+
+
+    } else {
+        // Log the state of the interface the report was recieved on.
+        my_log(LOG_INFO, 0, "Mebership report was recieved on %s. Ignoring.",
+            sourceVif->state==IF_STATE_UPSTREAM?"the upstream interface":"a disabled interface");
+    }
+
+}
+
+/**
+*   Recieves and handles a group leave message.
+*/
+void acceptLeaveMessage(uint32_t src, uint32_t group) {
+    struct IfDesc   *sourceVif;
+    
+    my_log(LOG_DEBUG, 0,
+	    "Got leave message from %s to %s. Starting last member detection.",
+	    inetFmt(src, s1), inetFmt(group, s2));
+
+    // Sanitycheck the group adress...
+    if(!IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group.",
+            inetFmt(group, s1));
+        return;
+    }
+
+    // Find the interface on which the report was recieved.
+    sourceVif = getIfByAddress( src );
+    if(sourceVif == NULL) {
+        my_log(LOG_WARNING, 0, "No interfaces found for source %s",
+            inetFmt(src,s1));
+        return;
+    }
+
+    // We have a IF so check that it's an downstream IF.
+    if(sourceVif->state == IF_STATE_DOWNSTREAM) {
+
+        GroupVifDesc   *gvDesc;
+        gvDesc = (GroupVifDesc*) malloc(sizeof(GroupVifDesc));
+
+        // Tell the route table that we are checking for remaining members...
+        setRouteLastMemberMode(group);
+
+        // Call the group spesific membership querier...
+        gvDesc->group = group;
+        gvDesc->vifAddr = sourceVif->InAdr.s_addr;
+        gvDesc->started = 0;
+
+        sendGroupSpecificMemberQuery(gvDesc);
+
+    } else {
+        // just ignore the leave request...
+        my_log(LOG_DEBUG, 0, "The found if for %s was not downstream. Ignoring leave request.", inetFmt(src, s1));
+    }
+}
+
+/**
+*   Sends a group specific member report query until the 
+*   group times out...
+*/
+void sendGroupSpecificMemberQuery(void *argument) {
+    struct  Config  *conf = getCommonConfig();
+
+    // Cast argument to correct type...
+    GroupVifDesc   *gvDesc = (GroupVifDesc*) argument;
+
+    if(gvDesc->started) {
+        // If aging returns false, we don't do any further action...
+        if(!lastMemberGroupAge(gvDesc->group)) {
+            return;
+        }
+    } else {
+        gvDesc->started = 1;
+    }
+
+    // Send a group specific membership query...
+    sendIgmp(gvDesc->vifAddr, gvDesc->group, 
+             IGMP_MEMBERSHIP_QUERY,
+             conf->lastMemberQueryInterval * IGMP_TIMER_SCALE, 
+             gvDesc->group, 0);
+
+    my_log(LOG_DEBUG, 0, "Sent membership query from %s to %s. Delay: %d",
+        inetFmt(gvDesc->vifAddr,s1), inetFmt(gvDesc->group,s2),
+        conf->lastMemberQueryInterval);
+
+    // Set timeout for next round...
+    timer_setTimer(conf->lastMemberQueryInterval, sendGroupSpecificMemberQuery, gvDesc);
+
+}
+
+
+/**
+*   Sends a general membership query on downstream VIFs
+*/
+void sendGeneralMembershipQuery() {
+    struct  Config  *conf = getCommonConfig();
+    struct  IfDesc  *Dp;
+    int             Ix;
+
+    // Loop through all downstream vifs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+            if(Dp->state == IF_STATE_DOWNSTREAM) {
+                // Send the membership query...
+                sendIgmp(Dp->InAdr.s_addr, allhosts_group, 
+                         IGMP_MEMBERSHIP_QUERY,
+                         conf->queryResponseInterval * IGMP_TIMER_SCALE, 0, 0);
+                
+                my_log(LOG_DEBUG, 0,
+			"Sent membership query from %s to %s. Delay: %d",
+			inetFmt(Dp->InAdr.s_addr,s1),
+			inetFmt(allhosts_group,s2),
+			conf->queryResponseInterval);
+            }
+        }
+    }
+
+    // Install timer for aging active routes.
+    timer_setTimer(conf->queryResponseInterval, ageActiveRoutes, NULL);
+
+    // Install timer for next general query...
+    if(conf->startupQueryCount>0) {
+        // Use quick timer...
+        timer_setTimer(conf->startupQueryInterval, sendGeneralMembershipQuery, NULL);
+        // Decrease startup counter...
+        conf->startupQueryCount--;
+    } 
+    else {
+        // Use slow timer...
+        timer_setTimer(conf->queryInterval, sendGeneralMembershipQuery, NULL);
+    }
+
+
+}
+ 
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/request.o b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/request.o
new file mode 100644
index 0000000..8c28a70
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/request.o differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/rttable.c b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/rttable.c
new file mode 100644
index 0000000..f0701a8
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/rttable.c
@@ -0,0 +1,662 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   rttable.c 
+*
+*   Updates the routingtable according to 
+*     recieved request.
+*/
+
+#include "igmpproxy.h"
+    
+/**
+*   Routing table structure definition. Double linked list...
+*/
+struct RouteTable {
+    struct RouteTable   *nextroute;     // Pointer to the next group in line.
+    struct RouteTable   *prevroute;     // Pointer to the previous group in line.
+    uint32_t              group;          // The group to route
+    uint32_t              originAddr;     // The origin adress (only set on activated routes)
+    uint32_t              vifBits;        // Bits representing recieving VIFs.
+
+    // Keeps the upstream membership state...
+    short               upstrState;     // Upstream membership state.
+
+    // These parameters contain aging details.
+    uint32_t              ageVifBits;     // Bits representing aging VIFs.
+    int                 ageValue;       // Downcounter for death.          
+    int                 ageActivity;    // Records any acitivity that notes there are still listeners.
+};
+
+                 
+// Keeper for the routing table...
+static struct RouteTable   *routing_table;
+
+// Prototypes
+void logRouteTable(char *header);
+int  internAgeRoute(struct RouteTable*  croute);
+int internUpdateKernelRoute(struct RouteTable *route, int activate);
+
+// Socket for sending join or leave requests.
+int mcGroupSock = 0;
+
+
+/**
+*   Function for retrieving the Multicast Group socket.
+*/
+int getMcGroupSock() {
+    if( ! mcGroupSock ) {
+        mcGroupSock = openUdpSocket( INADDR_ANY, 0 );;
+    }
+    return mcGroupSock;
+}
+ 
+/**
+*   Initializes the routing table.
+*/
+void initRouteTable() {
+    unsigned Ix;
+    struct IfDesc *Dp;
+
+    // Clear routing table...
+    routing_table = NULL;
+
+    // Join the all routers group on downstream vifs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        // If this is a downstream vif, we should join the All routers group...
+        if( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) && Dp->state == IF_STATE_DOWNSTREAM) {
+            my_log(LOG_DEBUG, 0, "Joining all-routers group %s on vif %s",
+                         inetFmt(allrouters_group,s1),inetFmt(Dp->InAdr.s_addr,s2));
+            
+            //k_join(allrouters_group, Dp->InAdr.s_addr);
+            joinMcGroup( getMcGroupSock(), Dp, allrouters_group );
+        }
+    }
+}
+
+/**
+*   Internal function to send join or leave requests for
+*   a specified route upstream...
+*/
+void sendJoinLeaveUpstream(struct RouteTable* route, int join) {
+    struct IfDesc*      upstrIf;
+    
+    // Get the upstream VIF...
+    upstrIf = getIfByIx( upStreamVif );
+    if(upstrIf == NULL) {
+        my_log(LOG_ERR, 0 ,"FATAL: Unable to get Upstream IF.");
+    }
+
+    // Send join or leave request...
+    if(join) {
+
+        // Only join a group if there are listeners downstream...
+        if(route->vifBits > 0) {
+            my_log(LOG_DEBUG, 0, "Joining group %s upstream on IF address %s",
+                         inetFmt(route->group, s1), 
+                         inetFmt(upstrIf->InAdr.s_addr, s2));
+
+            //k_join(route->group, upstrIf->InAdr.s_addr);
+            joinMcGroup( getMcGroupSock(), upstrIf, route->group );
+
+            route->upstrState = ROUTESTATE_JOINED;
+        } else {
+            my_log(LOG_DEBUG, 0, "No downstream listeners for group %s. No join sent.",
+                inetFmt(route->group, s1));
+        }
+
+    } else {
+        // Only leave if group is not left already...
+        if(route->upstrState != ROUTESTATE_NOTJOINED) {
+            my_log(LOG_DEBUG, 0, "Leaving group %s upstream on IF address %s",
+                         inetFmt(route->group, s1), 
+                         inetFmt(upstrIf->InAdr.s_addr, s2));
+            
+            //k_leave(route->group, upstrIf->InAdr.s_addr);
+            leaveMcGroup( getMcGroupSock(), upstrIf, route->group );
+
+            route->upstrState = ROUTESTATE_NOTJOINED;
+        }
+    }
+}
+
+/**
+*   Clear all routes from routing table, and alerts Leaves upstream.
+*/
+void clearAllRoutes() {
+    struct RouteTable   *croute, *remainroute;
+
+    // Loop through all routes...
+    for(croute = routing_table; croute; croute = remainroute) {
+
+        remainroute = croute->nextroute;
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_DEBUG, 0, "Removing route entry for %s",
+                     inetFmt(croute->group, s1));
+
+        // Uninstall current route
+        if(!internUpdateKernelRoute(croute, 0)) {
+            my_log(LOG_WARNING, 0, "The removal from Kernel failed.");
+        }
+
+        // Send Leave message upstream.
+        sendJoinLeaveUpstream(croute, 0);
+
+        // Clear memory, and set pointer to next route...
+        free(croute);
+    }
+    routing_table = NULL;
+
+    // Send a notice that the routing table is empty...
+    my_log(LOG_NOTICE, 0, "All routes removed. Routing table is empty.");
+}
+                 
+/**
+*   Private access function to find a route from a given 
+*   Route Descriptor.
+*/
+struct RouteTable *findRoute(uint32_t group) {
+    struct RouteTable*  croute;
+
+    for(croute = routing_table; croute; croute = croute->nextroute) {
+        if(croute->group == group) {
+            return croute;
+        }
+    }
+
+    return NULL;
+}
+
+/**
+*   Adds a specified route to the routingtable.
+*   If the route already exists, the existing route 
+*   is updated...
+*/
+int insertRoute(uint32_t group, int ifx) {
+    
+    struct Config *conf = getCommonConfig();
+    struct RouteTable*  croute;
+
+    // Sanitycheck the group adress...
+    if( ! IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group. Table insert failed.",
+            inetFmt(group, s1));
+        return 0;
+    }
+
+    // Santiycheck the VIF index...
+    //if(ifx < 0 || ifx >= MAX_MC_VIFS) {
+    if(ifx >= MAX_MC_VIFS) {
+        my_log(LOG_WARNING, 0, "The VIF Ix %d is out of range (0-%d). Table insert failed.",ifx,MAX_MC_VIFS);
+        return 0;
+    }
+
+    // Try to find an existing route for this group...
+    croute = findRoute(group);
+    if(croute==NULL) {
+        struct RouteTable*  newroute;
+
+        my_log(LOG_DEBUG, 0, "No existing route for %s. Create new.",
+                     inetFmt(group, s1));
+
+
+        // Create and initialize the new route table entry..
+        newroute = (struct RouteTable*)malloc(sizeof(struct RouteTable));
+        // Insert the route desc and clear all pointers...
+        newroute->group      = group;
+        newroute->originAddr = 0;
+        newroute->nextroute  = NULL;
+        newroute->prevroute  = NULL;
+
+        // The group is not joined initially.
+        newroute->upstrState = ROUTESTATE_NOTJOINED;
+
+        // The route is not active yet, so the age is unimportant.
+        newroute->ageValue    = conf->robustnessValue;
+        newroute->ageActivity = 0;
+        
+        BIT_ZERO(newroute->ageVifBits);     // Initially we assume no listeners.
+
+        // Set the listener flag...
+        BIT_ZERO(newroute->vifBits);    // Initially no listeners...
+        if(ifx >= 0) {
+            BIT_SET(newroute->vifBits, ifx);
+        }
+
+        // Check if there is a table already....
+        if(routing_table == NULL) {
+            // No location set, so insert in on the table top.
+            routing_table = newroute;
+            my_log(LOG_DEBUG, 0, "No routes in table. Insert at beginning.");
+        } else {
+
+            my_log(LOG_DEBUG, 0, "Found existing routes. Find insert location.");
+
+            // Check if the route could be inserted at the beginning...
+            if(routing_table->group > group) {
+                my_log(LOG_DEBUG, 0, "Inserting at beginning, before route %s",inetFmt(routing_table->group,s1));
+
+                // Insert at beginning...
+                newroute->nextroute = routing_table;
+                newroute->prevroute = NULL;
+                routing_table = newroute;
+
+                // If the route has a next node, the previous pointer must be updated.
+                if(newroute->nextroute != NULL) {
+                    newroute->nextroute->prevroute = newroute;
+                }
+
+            } else {
+
+                // Find the location which is closest to the route.
+                for( croute = routing_table; croute->nextroute != NULL; croute = croute->nextroute ) {
+                    // Find insert position.
+                    if(croute->nextroute->group > group) {
+                        break;
+                    }
+                }
+
+                my_log(LOG_DEBUG, 0, "Inserting after route %s",inetFmt(croute->group,s1));
+                
+                // Insert after current...
+                newroute->nextroute = croute->nextroute;
+                newroute->prevroute = croute;
+                if(croute->nextroute != NULL) {
+                    croute->nextroute->prevroute = newroute; 
+                }
+                croute->nextroute = newroute;
+            }
+        }
+
+        // Set the new route as the current...
+        croute = newroute;
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_INFO, 0, "Inserted route table entry for %s on VIF #%d",
+            inetFmt(croute->group, s1),ifx);
+
+    } else if(ifx >= 0) {
+
+        // The route exists already, so just update it.
+        BIT_SET(croute->vifBits, ifx);
+        
+        // Register the VIF activity for the aging routine
+        BIT_SET(croute->ageVifBits, ifx);
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_INFO, 0, "Updated route entry for %s on VIF #%d",
+            inetFmt(croute->group, s1), ifx);
+
+        // If the route is active, it must be reloaded into the Kernel..
+        if(croute->originAddr != 0) {
+
+            // Update route in kernel...
+            if(!internUpdateKernelRoute(croute, 1)) {
+                my_log(LOG_WARNING, 0, "The insertion into Kernel failed.");
+                return 0;
+            }
+        }
+    }
+
+    // Send join message upstream, if the route has no joined flag...
+    if(croute->upstrState != ROUTESTATE_JOINED) {
+        // Send Join request upstream
+        sendJoinLeaveUpstream(croute, 1);
+    }
+
+    logRouteTable("Insert Route");
+
+    return 1;
+}
+
+/**
+*   Activates a passive group. If the group is already
+*   activated, it's reinstalled in the kernel. If
+*   the route is activated, no originAddr is needed.
+*/
+int activateRoute(uint32_t group, uint32_t originAddr) {
+    struct RouteTable*  croute;
+    int result = 0;
+
+    // Find the requested route.
+    croute = findRoute(group);
+    if(croute == NULL) {
+        my_log(LOG_DEBUG, 0,
+		"No table entry for %s [From: %s]. Inserting route.",
+		inetFmt(group, s1),inetFmt(originAddr, s2));
+
+        // Insert route, but no interfaces have yet requested it downstream.
+        insertRoute(group, -1);
+
+        // Retrieve the route from table...
+        croute = findRoute(group);
+    }
+
+    if(croute != NULL) {
+        // If the origin address is set, update the route data.
+        if(originAddr > 0) {
+            if(croute->originAddr > 0 && croute->originAddr!=originAddr) {
+                my_log(LOG_WARNING, 0, "The origin for route %s changed from %s to %s",
+                    inetFmt(croute->group, s1),
+                    inetFmt(croute->originAddr, s2),
+                    inetFmt(originAddr, s3));
+            }
+            croute->originAddr = originAddr;
+        }
+
+        // Only update kernel table if there are listeners !
+        if(croute->vifBits > 0) {
+            result = internUpdateKernelRoute(croute, 1);
+        }
+    }
+    logRouteTable("Activate Route");
+
+    return result;
+}
+
+
+/**
+*   This function loops through all routes, and updates the age 
+*   of any active routes.
+*/
+void ageActiveRoutes() {
+    struct RouteTable   *croute, *nroute;
+    
+    my_log(LOG_DEBUG, 0, "Aging routes in table.");
+
+    // Scan all routes...
+    for( croute = routing_table; croute != NULL; croute = nroute ) {
+        
+        // Keep the next route (since current route may be removed)...
+        nroute = croute->nextroute;
+
+        // Run the aging round algorithm.
+        if(croute->upstrState != ROUTESTATE_CHECK_LAST_MEMBER) {
+            // Only age routes if Last member probe is not active...
+            internAgeRoute(croute);
+        }
+    }
+    logRouteTable("Age active routes");
+}
+
+/**
+*   Should be called when a leave message is recieved, to
+*   mark a route for the last member probe state.
+*/
+void setRouteLastMemberMode(uint32_t group) {
+    struct Config       *conf = getCommonConfig();
+    struct RouteTable   *croute;
+
+    croute = findRoute(group);
+    if(croute!=NULL) {
+        // Check for fast leave mode...
+        if(croute->upstrState == ROUTESTATE_JOINED && conf->fastUpstreamLeave) {
+            // Send a leave message right away..
+            sendJoinLeaveUpstream(croute, 0);
+        }
+        // Set the routingstate to Last member check...
+        croute->upstrState = ROUTESTATE_CHECK_LAST_MEMBER;
+        // Set the count value for expiring... (-1 since first aging)
+        croute->ageValue = conf->lastMemberQueryCount;
+    }
+}
+
+
+/**
+*   Ages groups in the last member check state. If the
+*   route is not found, or not in this state, 0 is returned.
+*/
+int lastMemberGroupAge(uint32_t group) {
+    struct RouteTable   *croute;
+
+    croute = findRoute(group);
+    if(croute!=NULL) {
+        if(croute->upstrState == ROUTESTATE_CHECK_LAST_MEMBER) {
+            return !internAgeRoute(croute);
+        } else {
+            return 0;
+        }
+    }
+    return 0;
+}
+
+/**
+*   Remove a specified route. Returns 1 on success,
+*   and 0 if route was not found.
+*/
+int removeRoute(struct RouteTable*  croute) {
+    struct Config       *conf = getCommonConfig();
+    int result = 1;
+    
+    // If croute is null, no routes was found.
+    if(croute==NULL) {
+        return 0;
+    }
+
+    // Log the cleanup in debugmode...
+    my_log(LOG_DEBUG, 0, "Removed route entry for %s from table.",
+                 inetFmt(croute->group, s1));
+
+    //BIT_ZERO(croute->vifBits);
+
+    // Uninstall current route from kernel
+    if(!internUpdateKernelRoute(croute, 0)) {
+        my_log(LOG_WARNING, 0, "The removal from Kernel failed.");
+        result = 0;
+    }
+
+    // Send Leave request upstream if group is joined
+    if(croute->upstrState == ROUTESTATE_JOINED || 
+       (croute->upstrState == ROUTESTATE_CHECK_LAST_MEMBER && !conf->fastUpstreamLeave)) 
+    {
+        sendJoinLeaveUpstream(croute, 0);
+    }
+
+    // Update pointers...
+    if(croute->prevroute == NULL) {
+        // Topmost node...
+        if(croute->nextroute != NULL) {
+            croute->nextroute->prevroute = NULL;
+        }
+        routing_table = croute->nextroute;
+
+    } else {
+        croute->prevroute->nextroute = croute->nextroute;
+        if(croute->nextroute != NULL) {
+            croute->nextroute->prevroute = croute->prevroute;
+        }
+    }
+    // Free the memory, and set the route to NULL...
+    free(croute);
+    croute = NULL;
+
+    logRouteTable("Remove route");
+
+    return result;
+}
+
+
+/**
+*   Ages a specific route
+*/
+int internAgeRoute(struct RouteTable*  croute) {
+    struct Config *conf = getCommonConfig();
+    int result = 0;
+
+    // Drop age by 1.
+    croute->ageValue--;
+
+    // Check if there has been any activity...
+    if( croute->ageVifBits > 0 && croute->ageActivity == 0 ) {
+        // There was some activity, check if all registered vifs responded.
+        if(croute->vifBits == croute->ageVifBits) {
+            // Everything is in perfect order, so we just update the route age.
+            croute->ageValue = conf->robustnessValue;
+            //croute->ageActivity = 0;
+        } else {
+            // One or more VIF has not gotten any response.
+            croute->ageActivity++;
+
+            // Update the actual bits for the route...
+            croute->vifBits = croute->ageVifBits;
+        }
+    } 
+    // Check if there have been activity in aging process...
+    else if( croute->ageActivity > 0 ) {
+
+        // If the bits are different in this round, we must
+        if(croute->vifBits != croute->ageVifBits) {
+            // Or the bits together to insure we don't lose any listeners.
+            croute->vifBits |= croute->ageVifBits;
+
+            // Register changes in this round as well..
+            croute->ageActivity++;
+        }
+    }
+
+    // If the aging counter has reached zero, its time for updating...
+    if(croute->ageValue == 0) {
+        // Check for activity in the aging process,
+        if(croute->ageActivity>0) {
+            
+            my_log(LOG_DEBUG, 0, "Updating route after aging : %s",
+                         inetFmt(croute->group,s1));
+            
+            // Just update the routing settings in kernel...
+            internUpdateKernelRoute(croute, 1);
+    
+            // We append the activity counter to the age, and continue...
+            croute->ageValue = croute->ageActivity;
+            croute->ageActivity = 0;
+        } else {
+
+            my_log(LOG_DEBUG, 0, "Removing group %s. Died of old age.",
+                         inetFmt(croute->group,s1));
+
+            // No activity was registered within the timelimit, so remove the route.
+            removeRoute(croute);
+        }
+        // Tell that the route was updated...
+        result = 1;
+    }
+
+    // The aging vif bits must be reset for each round...
+    BIT_ZERO(croute->ageVifBits);
+
+    return result;
+}
+
+/**
+*   Updates the Kernel routing table. If activate is 1, the route
+*   is (re-)activated. If activate is false, the route is removed.
+*/
+int internUpdateKernelRoute(struct RouteTable *route, int activate) {
+    struct   MRouteDesc     mrDesc;
+    struct   IfDesc         *Dp;
+    unsigned                Ix;
+    
+    if(route->originAddr>0) {
+
+        // Build route descriptor from table entry...
+        // Set the source address and group address...
+        mrDesc.McAdr.s_addr     = route->group;
+        mrDesc.OriginAdr.s_addr = route->originAddr;
+    
+        // clear output interfaces 
+        memset( mrDesc.TtlVc, 0, sizeof( mrDesc.TtlVc ) );
+    
+        my_log(LOG_DEBUG, 0, "Vif bits : 0x%08x", route->vifBits);
+
+        // Set the TTL's for the route descriptor...
+        for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+            if(Dp->state == IF_STATE_UPSTREAM) {
+                mrDesc.InVif = Dp->index;
+            }
+            else if(BIT_TST(route->vifBits, Dp->index)) {
+                my_log(LOG_DEBUG, 0, "Setting TTL for Vif %d to %d", Dp->index, Dp->threshold);
+                mrDesc.TtlVc[ Dp->index ] = Dp->threshold;
+            }
+        }
+    
+        // Do the actual Kernel route update...
+        if(activate) {
+            // Add route in kernel...
+            addMRoute( &mrDesc );
+    
+        } else {
+            // Delete the route from Kernel...
+            delMRoute( &mrDesc );
+        }
+
+    } else {
+        my_log(LOG_NOTICE, 0, "Route is not active. No kernel updates done.");
+    }
+
+    return 1;
+}
+
+/**
+*   Debug function that writes the routing table entries
+*   to the log.
+*/
+void logRouteTable(char *header) {
+        struct RouteTable*  croute = routing_table;
+        unsigned            rcount = 0;
+    
+        my_log(LOG_DEBUG, 0, "");
+        my_log(LOG_DEBUG, 0, "Current routing table (%s):", header);
+        my_log(LOG_DEBUG, 0, "-----------------------------------------------------");
+        if(croute==NULL) {
+            my_log(LOG_DEBUG, 0, "No routes in table...");
+        } else {
+            do {
+                /*
+                my_log(LOG_DEBUG, 0, "#%d: Src: %s, Dst: %s, Age:%d, St: %s, Prev: 0x%08x, T: 0x%08x, Next: 0x%08x",
+                    rcount, inetFmt(croute->originAddr, s1), inetFmt(croute->group, s2),
+                    croute->ageValue,(croute->originAddr>0?"A":"I"),
+                    croute->prevroute, croute, croute->nextroute);
+                */
+                my_log(LOG_DEBUG, 0, "#%d: Src: %s, Dst: %s, Age:%d, St: %s, OutVifs: 0x%08x",
+                    rcount, inetFmt(croute->originAddr, s1), inetFmt(croute->group, s2),
+                    croute->ageValue,(croute->originAddr>0?"A":"I"),
+                    croute->vifBits);
+                  
+                croute = croute->nextroute; 
+        
+                rcount++;
+            } while ( croute != NULL );
+        }
+    
+        my_log(LOG_DEBUG, 0, "-----------------------------------------------------");
+}
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/rttable.o b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/rttable.o
new file mode 100644
index 0000000..467cfe8
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/rttable.o differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/syslog.c b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/syslog.c
new file mode 100644
index 0000000..7c7166f
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/syslog.c
@@ -0,0 +1,62 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+int LogLevel = LOG_WARNING;
+bool Log2Stderr = false;
+
+void my_log( int Severity, int Errno, const char *FmtSt, ... )
+{
+    char LogMsg[ 128 ];
+
+    va_list ArgPt;
+    unsigned Ln;
+    va_start( ArgPt, FmtSt );
+    Ln = vsnprintf( LogMsg, sizeof( LogMsg ), FmtSt, ArgPt );
+    if( Errno > 0 )
+        snprintf( LogMsg + Ln, sizeof( LogMsg ) - Ln,
+                "; Errno(%d): %s", Errno, strerror(Errno) );
+    va_end( ArgPt );
+
+    if (Severity <= LogLevel) {
+        if (Log2Stderr)
+            fprintf(stderr, "%s\n", LogMsg);
+        else {
+            syslog(Severity, "%s", LogMsg);
+	}
+    }
+
+    if( Severity <= LOG_ERR )
+        exit( -1 );
+}
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/syslog.o b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/syslog.o
new file mode 100644
index 0000000..1a9d31d
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/syslog.o differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/udpsock.c b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/udpsock.c
new file mode 100644
index 0000000..150130e
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/udpsock.c
@@ -0,0 +1,65 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   udpsock.c contains function for creating a UDP socket.
+*
+*/
+
+#include "igmpproxy.h"
+
+/**
+*  Creates and connects a simple UDP socket to the target 
+*  'PeerInAdr':'PeerPort'
+*
+*   @param PeerInAdr - The address to connect to
+*   @param PeerPort  - The port to connect to
+*           
+*/
+int openUdpSocket( uint32_t PeerInAdr, uint16_t PeerPort ) {
+    int Sock;
+    struct sockaddr_in SockAdr;
+    
+    if( (Sock = socket( AF_INET, SOCK_RAW, IPPROTO_IGMP )) < 0 )
+        my_log( LOG_ERR, errno, "UDP socket open" );
+    
+    memset( &SockAdr, 0, sizeof( SockAdr ) );
+    SockAdr.sin_family      = AF_INET;
+    SockAdr.sin_port        = htons(PeerPort);
+    SockAdr.sin_addr.s_addr = htonl(PeerInAdr);
+    
+    if( bind( Sock, (struct sockaddr *)&SockAdr, sizeof( SockAdr ) ) )
+        my_log( LOG_ERR, errno, "UDP socket bind" );
+    
+    return Sock;
+}
+
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/udpsock.o b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/udpsock.o
new file mode 100644
index 0000000..c3d35d9
Binary files /dev/null and b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/src/udpsock.o differ
diff --git a/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/stamp-h1 b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/stamp-h1
new file mode 100644
index 0000000..4547fe1
--- /dev/null
+++ b/NONE-CKUBU/src/igmpproxy/igmpproxy-0.1/stamp-h1
@@ -0,0 +1 @@
+timestamp for config.h
diff --git a/NONE-CKUBU/src/ipt-gateway b/NONE-CKUBU/src/ipt-gateway
new file mode 160000
index 0000000..de0ebb6
--- /dev/null
+++ b/NONE-CKUBU/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
diff --git a/NONE-CKUBU/src/ipw2100-fw/LICENSE b/NONE-CKUBU/src/ipw2100-fw/LICENSE
new file mode 100644
index 0000000..a3e83f5
--- /dev/null
+++ b/NONE-CKUBU/src/ipw2100-fw/LICENSE
@@ -0,0 +1,207 @@
+                             TERMS AND CONDITIONS
+    IMPORTANT - PLEASE READ BEFORE INSTALLING OR USING THIS INTEL(C) SOFTWARE
+
+Do not use or load this firmware (the "Software") until you have carefully read
+the following terms and conditions. By loading or using the Software, you agree
+to the terms of this Agreement. If you do not wish to so agree, do not install
+or use the Software.
+
+LICENSEES:
+
+Please note: 
+
+* If you are an End-User, only Exhibit A, the SOFTWARE LICENSE AGREEMENT,
+  applies.
+* If you are an Original Equipment Manufacturer (OEM), Independent Hardware
+  Vendor (IHV), or Independent Software Vendor (ISV), this complete Agreement
+  applies 
+
+--------------------------------------------------------------------------------
+
+For OEMs, IHVs, and ISVs:
+
+LICENSE. This Software is licensed for use only in conjunction with Intel
+component products. Use of the Software in conjunction with non-Intel component
+products is not licensed hereunder. Subject to the terms of this Agreement,
+Intel grants to you a nonexclusive, nontransferable, worldwide, fully paid-up
+license under Intel's copyrights to: (i) copy the Software internally for your
+own development and maintenance purposes; (ii) copy and distribute the Software
+to your end-users, but only under a license agreement with terms at least as
+restrictive as those contained in Intel's Final, Single User License Agreement,
+attached as Exhibit A; and (iii) modify, copy and distribute the end-user
+documentation which may accompany the Software, but only in association with
+the Software.  
+
+If you are not the final manufacturer or vendor of a computer system or software
+program incorporating the Software, then you may transfer a copy of the
+Software, including any related documentation (modified or unmodified) to your
+recipient for use in accordance with the terms of this Agreement, provided such
+recipient agrees to be fully bound by the terms hereof. You shall not otherwise
+assign, sublicense, lease, or in any other way transfer or disclose Software to
+any third party. You may not, nor may you assist any other person or entity to
+modify, translate, convert to another programming language, decompile, reverse
+engineer, or disassemble any portion of the Software or otherwise attempt to
+derive source code from any object code modules of the Software or any internal
+data files generated by the Software. Your rights to redistribute the Software
+shall be contingent upon your installation of this Agreement in its entirety in
+the same directory as the Software.
+
+CONFIDENTIALITY. If you wish to have a third party consultant or subcontractor
+("Contractor") perform work on your behalf which involves access to or use of
+Software, you shall obtain a written confidentiality agreement from the
+Contractor which contains provisions with respect to access to or use of the
+Software no less restrictive than those set forth in this Agreement and
+excluding any distribution rights, and use for any other purpose. Except as 
+expressly provided herein, you shall not disclose the terms or existence of 
+this Agreement or use Intel's name in any publications, advertisements, or 
+other announcements without Intel's prior written consent. You do not have any 
+rights to use any Intel trademarks or logos.
+
+OWNERSHIP OF SOFTWARE AND COPYRIGHTS. Software and accompanying materials, if
+any, are owned by Intel or its suppliers and licensors and may be protected by
+copyright, trademark, patent and trade secret law and international treaties. 
+Any rights, express or implied, in the intellectual property embodied in the
+foregoing, other than those specified in this Agreement, are reserved by Intel
+and its suppliers and licensors or otherwise as set forth in any applicable
+open source license agreement. You will keep the Software free of liens,
+attachments, and other encumbrances.  You agree not to remove any proprietary
+notices and/or any labels from the Software and accompanying materials without
+prior written approval by Intel
+
+LIMITATION OF LIABILITY. IN NO EVENT SHALL INTEL OR ITS SUPPLIERS AND LICENSORS
+BE LIABLE FOR ANY DAMAGES WHATSOEVER FROM ANY CAUSE OF ACTION OF ANY KIND
+(INCLUDING, WITHOUT LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, OR LOST
+INFORMATION) ARISING OUT OF THE USE, MODIFICATION, OR INABILITY TO USE THE
+INTEL SOFTWARE, OR OTHERWISE, NOR FOR PUNITIVE, INCIDENTAL, CONSEQUENTIAL, OR
+SPECIAL DAMAGES OF ANY KIND, EVEN IF INTEL OR ITS SUPPLIERS AND LICENSORS HAS
+BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.   SOME JURISDICTIONS PROHIBIT
+EXCLUSION OR LIMITATION OF LIABILITY FOR IMPLIED WARRANTIES, CONSEQUENTIAL OR
+INCIDENTAL DAMAGES, SO CERTAIN LIMITATIONS MAY NOT APPLY.  YOU MAY ALSO HAVE
+OTHER LEGAL RIGHTS THAT VARY BETWEEN JURISDICTIONS. 
+
+EXCLUSION OF WARRANTIES.  THE SOFTWARE IS PROVIDED "AS IS" AND POSSIBLY WITH
+FAULTS. UNLESS EXPRESSLY AGREED OTHERWISE, INTEL AND ITS SUPPLIERS AND
+LICENSORS DISCLAIM ANY AND ALL WARRANTIES AND GUARANTEES, EXPRESS, IMPLIED OR
+OTHERWISE, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE.  Intel does not warrant
+or assume responsibility for the accuracy or completeness of any information,
+text, graphics, links or other items contained within the Software.  You assume
+all liability, financial or otherwise, associated with Your use or disposition
+of the Software.
+		
+APPLICABLE LAW. Claims arising under this Agreement shall be governed by the
+laws of State of California], excluding its principles of conflict of laws and
+the United Nations Convention on Contracts for the Sale of Goods.  
+
+WAIVER AND AMENDMENT. No modification, amendment or waiver of any provision of
+this Agreement shall be effective unless in writing and signed by an officer of
+Intel.  No failure or delay in exercising any right, power, or remedy under
+this Agreement shall operate as a waiver of any such right, power or remedy. 
+Without limiting the foregoing, terms and conditions on any purchase orders or
+similar materials submitted by you to Intel, and any terms contained in Intel’s
+standard acknowledgment form that are in conflict with these terms, shall be of
+no force or effect.
+
+SEVERABILITY.  If any provision of this Agreement is held by a court of
+competent jurisdiction to be contrary to law, such provision shall be changed
+and interpreted so as to best accomplish the objectives of the original
+provision to the fullest extent allowed by law and the remaining provisions of
+this Agreement shall remain in full force and effect.
+
+EXPORT RESTRICTIONS.  Each party acknowledges that the Software is subject to
+applicable import and export regulations of the United States and of the
+countries in which each party transacts business, specifically including U.S.
+Export Administration Act and Export Administration Regulations.  Each party
+shall comply with such laws and regulations, as well as all other laws and
+regulations applicable to the Software.  Without limiting the generality of the
+foregoing, each party agrees that it will not export, re-export, transfer or
+divert any of the Software or the direct programs thereof to any restricted
+place or party in accordance with U.S. export regulations.  Note that Software
+containing encryption may be subject to additional restrictions.
+
+GOVERNMENT RESTRICTED RIGHTS. The Software is provided with "RESTRICTED RIGHTS."
+Use, duplication, or disclosure by the Government is subject to restrictions as
+set forth in FAR52.227-14 and DFAR252.227-7013 et seq. or their successors. Use
+of the Software by the Government constitutes acknowledgment of Intel's
+proprietary rights therein. Contractor or Manufacturer is Intel Corporation,
+2200 Mission College Blvd., Santa Clara, CA  95052.
+
+TERMINATION OF THE AGREEMENT. Intel may terminate this Agreement if you violate
+its terms. Upon termination, you will immediately destroy the Software or
+return all copies of the Software to Intel.
+
+--------------------------------------------------------------------------------
+
+EXHIBIT "A"
+
+SOFTWARE LICENSE AGREEMENT (Final, Single User)
+
+IMPORTANT - READ BEFORE COPYING, INSTALLING OR USING.
+
+Do not use or load this firmware image (the "Software") until you have carefully
+read the following terms and conditions. By loading or using the Software, you
+agree to the terms of this Agreement. If you do not wish to so agree, do not
+install or use the Software.
+
+LICENSE. You may copy and use the Software, subject to these conditions: 
+1. This Software is licensed for use only in conjunction with Intel component
+   products. Use of the Software in conjunction with non-Intel component 
+   products is not licensed hereunder. 
+2. You may not copy, modify, rent, sell, distribute or transfer any part of the
+   Software except as provided in this Agreement, and you agree to prevent
+   unauthorized copying of the Software. 
+3. You may not reverse engineer, decompile, or disassemble the Software. 
+4. You may not sublicense the Software. 
+5. The Software may contain the software or other property of third party
+   suppliers. 
+
+OWNERSHIP OF SOFTWARE AND COPYRIGHTS. Title to all copies of the Software
+remains with Intel or its suppliers. The Software is copyrighted and protected
+by the laws of the United States and other countries, and international treaty
+provisions. You may not remove any copyright notices from the Software. Intel
+may make changes to the Software, or items referenced therein, at any time
+without notice, but is not obligated to support or update the Software. Except
+as otherwise expressly provided, Intel grants no express or implied right under
+Intel patents, copyrights, trademarks, or other intellectual property rights.
+You may transfer the Software only if a copy of this license accompanies the 
+Software and the recipient agrees to be fully bound by these terms.
+
+EXCLUSION OF OTHER WARRANTIES EXCEPT AS PROVIDED ABOVE, THE SOFTWARE IS PROVIDED
+"AS IS" WITHOUT ANY EXPRESS OR IMPLIED WARRANTY OF ANY KIND INCLUDING
+WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR
+PURPOSE. Intel does not warrant or assume responsibility for the accuracy or
+completeness of any information, text, graphics, links or other items contained
+within the Software.
+
+LIMITATION OF LIABILITY. IN NO EVENT SHALL INTEL OR ITS SUPPLIERS BE LIABLE FOR
+ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, LOST PROFITS, BUSINESS
+INTERRUPTION, OR LOST INFORMATION) ARISING OUT OF THE USE OF OR INABILITY TO
+USE THE SOFTWARE, EVEN IF INTEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES. SOME JURISDICTIONS PROHIBIT EXCLUSION OR LIMITATION OF LIABILITY FOR
+IMPLIED WARRANTIES OR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE
+LIMITATION MAY NOT APPLY TO YOU. YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT VARY
+BETWEEN JURISDICTIONS.
+
+TERMINATION OF THIS AGREEMENT. Intel may terminate this Agreement at any time if
+you violate its terms. Upon termination, you will immediately destroy the
+Software.
+
+APPLICABLE LAWS. Claims arising under this Agreement shall be governed by the
+laws of California, excluding its principles of conflict of laws and the United
+Nations Convention on Contracts for the Sale of Goods. You may not export the
+Software in violation of applicable export laws and regulations. Intel is not
+obligated under any other agreements unless they are in writing and signed by
+an authorized representative 
+of Intel.
+
+GOVERNMENT RESTRICTED RIGHTS. The Software is provided with "RESTRICTED RIGHTS."
+Use, duplication, or disclosure by the Government is subject to restrictions as
+set forth in FAR52.227-14 and DFAR252.227-7013 et seq. or their successors. Use
+of the Software by the Government constitutes acknowledgment of Intel's
+proprietary rights therein. Contractor or Manufacturer is Intel Corporation,
+2200 Mission College Blvd., Santa Clara, CA 95052.
+
+
+
+		
+
diff --git a/NONE-CKUBU/src/ipw2100-fw/ipw2100-1.3-i.fw b/NONE-CKUBU/src/ipw2100-fw/ipw2100-1.3-i.fw
new file mode 100644
index 0000000..85c9ca5
Binary files /dev/null and b/NONE-CKUBU/src/ipw2100-fw/ipw2100-1.3-i.fw differ
diff --git a/NONE-CKUBU/src/ipw2100-fw/ipw2100-1.3-p.fw b/NONE-CKUBU/src/ipw2100-fw/ipw2100-1.3-p.fw
new file mode 100644
index 0000000..6fda4c3
Binary files /dev/null and b/NONE-CKUBU/src/ipw2100-fw/ipw2100-1.3-p.fw differ
diff --git a/NONE-CKUBU/src/ipw2100-fw/ipw2100-1.3.fw b/NONE-CKUBU/src/ipw2100-fw/ipw2100-1.3.fw
new file mode 100644
index 0000000..be2a69c
Binary files /dev/null and b/NONE-CKUBU/src/ipw2100-fw/ipw2100-1.3.fw differ
diff --git a/NONE-CKUBU/src/ipw2100-fw/ipw2100-fw-1.3.tgz b/NONE-CKUBU/src/ipw2100-fw/ipw2100-fw-1.3.tgz
new file mode 100644
index 0000000..ad30eee
Binary files /dev/null and b/NONE-CKUBU/src/ipw2100-fw/ipw2100-fw-1.3.tgz differ
diff --git a/NONE-CKUBU/src/mailsystem b/NONE-CKUBU/src/mailsystem
new file mode 160000
index 0000000..03b820b
--- /dev/null
+++ b/NONE-CKUBU/src/mailsystem
@@ -0,0 +1 @@
+Subproject commit 03b820b8b869d6be229340a99ed5994dcd0edec9
diff --git a/NONE-WF/README.txt b/NONE-WF/README.txt
new file mode 100644
index 0000000..14c3a7e
--- /dev/null
+++ b/NONE-WF/README.txt
@@ -0,0 +1,28 @@
+
+-------
+Notice:
+-------
+
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.NONE-WF: ppp0 comes over eth2
+      interfaces.NONE-WF: see above
+      default_isc-dhcp-server.NONE-WF
+      ipt-firewall.NONE-WF: LAN device (mostly ) = eth1
+      second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/NONE-WF/aiccu.NONE-WF b/NONE-WF/aiccu.NONE-WF
new file mode 100644
index 0000000..5482d8f
--- /dev/null
+++ b/NONE-WF/aiccu.NONE-WF
@@ -0,0 +1,11 @@
+# This is a configuration file for /etc/init.d/aiccu; it allows you to
+# perform common modifications to the behavior of the aiccu daemon
+# startup without editing the init script (and thus getting prompted
+# by dpkg on upgrades).  We all love dpkg prompts.
+
+# Arguments to pass to aiccu daemon.
+DAEMON_ARGS=""
+
+# Run aiccu at startup ?
+AICCU_ENABLED=Yes
+
diff --git a/NONE-WF/aiccu.conf.NONE-WF b/NONE-WF/aiccu.conf.NONE-WF
new file mode 100644
index 0000000..c1c27a7
--- /dev/null
+++ b/NONE-WF/aiccu.conf.NONE-WF
@@ -0,0 +1,79 @@
+# Under control from debconf, please use 'dpkg-reconfigure aiccu' to reconfigure
+# AICCU Configuration
+
+# Login information (defaults: none)
+username CKM11-SIXXS
+password zLkJIZF0
+
+# Protocol and server to use for setting up the tunnel (defaults: none)
+protocol tic
+server tic.sixxs.net
+
+# Interface names to use (default: aiccu)
+# ipv6_interface is the name of the interface that will be used as a tunnel interface.
+# On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels
+# or tunX (eg tun0) for AYIYA tunnels.
+ipv6_interface sixxs
+
+# The tunnel_id to use (default: none)
+# (only required when there are multiple tunnels in the list)
+tunnel_id T129038
+
+# Be verbose? (default: false)
+#verbose false
+
+# Daemonize? (default: true)
+# Set to false if you want to see any output
+# When true output goes to syslog
+#
+# WARNING: never run AICCU from DaemonTools or a similar automated
+# 'restart' tool/script. When AICCU does not start, it has a reason
+# not to start which it gives on either the stdout or in the (sys)log
+# file. The TIC server *will* automatically disable accounts which
+# are detected to run in this mode.
+#
+daemonize true
+
+# Automatic Login and Tunnel activation?
+automatic true
+
+# Require TLS?
+# When set to true, if TLS is not supported on the server
+# the TIC transaction will fail.
+# When set to false, it will try a starttls, when that is
+# not supported it will continue.
+# In any case if AICCU is build with TLS support it will
+# try to do a 'starttls' to the TIC server to see if that
+# is supported.
+requiretls false
+
+# PID File
+#pidfile /var/run/aiccu.pid
+
+# Add a default route (default: true)
+#defaultroute true
+
+# Script to run after setting up the interfaces (default: none)
+#setupscript /usr/local/etc/aiccu-subnets.sh
+
+# Make heartbeats (default true)
+# In general you don't want to turn this off
+# Of course only applies to AYIYA and heartbeat tunnels not to static ones
+#makebeats true
+
+# Don't configure anything (default: false)
+#noconfigure true
+
+# Behind NAT (default: false)
+# Notify the user that a NAT-kind network is detected
+#behindnat true
+
+# Local IPv4 Override (default: none)
+# Overrides the IPv4 parameter received from TIC
+# This allows one to configure a NAT into "DMZ" mode and then
+# forwarding the proto-41 packets to an internal host.
+# 
+# This is only needed for static proto-41 tunnels!
+# AYIYA and heartbeat tunnels don't require this.
+#local_ipv4_override
+
diff --git a/NONE-WF/bin/admin-stuff b/NONE-WF/bin/admin-stuff
new file mode 160000
index 0000000..6c91fc0
--- /dev/null
+++ b/NONE-WF/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
diff --git a/NONE-WF/bin/clean_log_files.sh b/NONE-WF/bin/clean_log_files.sh
new file mode 120000
index 0000000..4a65412
--- /dev/null
+++ b/NONE-WF/bin/clean_log_files.sh
@@ -0,0 +1 @@
+admin-stuff/clean_log_files.sh
\ No newline at end of file
diff --git a/NONE-WF/bin/manage-gw-config b/NONE-WF/bin/manage-gw-config
new file mode 160000
index 0000000..05fbd45
--- /dev/null
+++ b/NONE-WF/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit 05fbd45b232a2435e76577f40c9ced2fd08a4b3e
diff --git a/NONE-WF/bin/monitoring b/NONE-WF/bin/monitoring
new file mode 160000
index 0000000..0611d0a
--- /dev/null
+++ b/NONE-WF/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
diff --git a/NONE-WF/bin/os-upgrade.sh b/NONE-WF/bin/os-upgrade.sh
new file mode 120000
index 0000000..02ddc66
--- /dev/null
+++ b/NONE-WF/bin/os-upgrade.sh
@@ -0,0 +1 @@
+admin-stuff/os-upgrade.sh
\ No newline at end of file
diff --git a/NONE-WF/bin/test_email.sh b/NONE-WF/bin/test_email.sh
new file mode 120000
index 0000000..86f3e17
--- /dev/null
+++ b/NONE-WF/bin/test_email.sh
@@ -0,0 +1 @@
+admin-stuff/test_email.sh
\ No newline at end of file
diff --git a/NONE-WF/bind/bind.keys b/NONE-WF/bind/bind.keys
new file mode 100644
index 0000000..db22d4b
--- /dev/null
+++ b/NONE-WF/bind/bind.keys
@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};
diff --git a/NONE-WF/bind/bind.keys.dpkg-old b/NONE-WF/bind/bind.keys.dpkg-old
new file mode 100644
index 0000000..b003c53
--- /dev/null
+++ b/NONE-WF/bind/bind.keys.dpkg-old
@@ -0,0 +1,49 @@
+/* $Id: bind.keys,v 1.5.42.2 2011-01-04 19:14:48 each Exp $ */
+# The bind.keys file is used to override built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release (BIND
+# 9.7), the only trust anchor it sets is the one for the ISC DNSSEC
+# Lookaside Validation zone ("dlv.isc.org").  Trust anchors for any other
+# zones MUST be configured elsewhere; if they are configured here, they
+# will not be recognized or used by named.
+#
+# This file also contains a copy of the trust anchor for the DNS root zone
+# (".").  However, named does not use it; it is provided here for
+# informational purposes only.  To switch on DNSSEC validation at the
+# root, the root key below can be copied into named.conf.
+#
+# The built-in DLV trust anchor in this file is used directly by named.
+# However, it is not activated unless specifically switched on.  To use
+# the DLV key, set "dnssec-lookaside auto;" in the named.conf options.
+# Without this option being set, the key in this file is ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of January 2011.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+	# ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        # NOTE: This key is activated by setting "dnssec-lookaside auto;"
+        # in named.conf.
+	dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+		brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+		1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+		ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+		Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+		QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+		TDN0YUuWrBNh";
+
+	# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
+	# for current trust anchor information.
+        # NOTE: This key is activated by setting "dnssec-validation auto;"
+        # in named.conf.
+	. initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+		FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+		bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+		X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+		W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+		Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+		QxA+Uk1ihz0=";
+};
diff --git a/NONE-WF/bind/db.0 b/NONE-WF/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/NONE-WF/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/NONE-WF/bind/db.127 b/NONE-WF/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/NONE-WF/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/NONE-WF/bind/db.255 b/NONE-WF/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/NONE-WF/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/NONE-WF/bind/db.empty b/NONE-WF/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/NONE-WF/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/NONE-WF/bind/db.local b/NONE-WF/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/NONE-WF/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/NONE-WF/bind/db.root b/NONE-WF/bind/db.root
new file mode 100644
index 0000000..f0b79d2
--- /dev/null
+++ b/NONE-WF/bind/db.root
@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file
diff --git a/NONE-WF/bind/db.root.dpkg-old b/NONE-WF/bind/db.root.dpkg-old
new file mode 100644
index 0000000..d081faa
--- /dev/null
+++ b/NONE-WF/bind/db.root.dpkg-old
@@ -0,0 +1,87 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    Jun 17, 2010
+;       related version of root zone:   2010061700
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FE::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35
+; End of File
diff --git a/NONE-WF/bind/named.conf b/NONE-WF/bind/named.conf
new file mode 100644
index 0000000..880786a
--- /dev/null
+++ b/NONE-WF/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/NONE-WF/bind/named.conf.default-zones b/NONE-WF/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/NONE-WF/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/NONE-WF/bind/named.conf.local b/NONE-WF/bind/named.conf.local
new file mode 100644
index 0000000..a00e259
--- /dev/null
+++ b/NONE-WF/bind/named.conf.local
@@ -0,0 +1,9 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+
diff --git a/NONE-WF/bind/named.conf.local.INSTALL b/NONE-WF/bind/named.conf.local.INSTALL
new file mode 100644
index 0000000..7a57b10
--- /dev/null
+++ b/NONE-WF/bind/named.conf.local.INSTALL
@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
diff --git a/NONE-WF/bind/named.conf.options b/NONE-WF/bind/named.conf.options
new file mode 100644
index 0000000..19773dd
--- /dev/null
+++ b/NONE-WF/bind/named.conf.options
@@ -0,0 +1,86 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+   //========================================================================
+   // If BIND logs error messages about the root key being expired,
+   // you will need to update your keys.  See https://www.isc.org/bind-keys
+   //========================================================================
+   dnssec-validation auto;
+
+   auth-nxdomain no;    # conform to RFC1035
+
+   listen-on port 53 {
+      127.0.0.1;
+   };
+
+   allow-query {
+      127.0.0.1;
+   };
+
+   allow-recursion {
+      127.0.0.1;
+   };
+
+   allow-transfer { none; };
+
+	listen-on-v6 {
+      ::1; 
+   };
+};
+
+logging {
+   channel simple_log {
+      file "/var/log/named/bind.log" versions 3 size 5m;
+      //severity warning;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category  yes;
+   };
+   channel queries_log {
+      file "/var/log/named/query.log" versions 10 size 5m;
+      severity debug;
+      //severity notice;
+      print-time yes;
+      print-severity yes;
+      print-category no;
+   };
+   channel log_zone_transfers {
+      file "/var/log/named/axfr.log" versions 5 size 2m;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   category resolver {
+      queries_log;
+   };
+   category queries {
+      queries_log;
+   };
+   category xfer-in {
+      log_zone_transfers;
+   };
+   category xfer-out {
+      log_zone_transfers;
+   };
+   category notify {
+      log_zone_transfers;
+   };
+   category default{
+      simple_log;
+   };
+};
diff --git a/NONE-WF/bind/named.conf.options.INSTALL b/NONE-WF/bind/named.conf.options.INSTALL
new file mode 100644
index 0000000..af79758
--- /dev/null
+++ b/NONE-WF/bind/named.conf.options.INSTALL
@@ -0,0 +1,20 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/NONE-WF/bind/rndc.key b/NONE-WF/bind/rndc.key
new file mode 100644
index 0000000..48256d5
--- /dev/null
+++ b/NONE-WF/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "p8uEoosC6vrcRj73ribYKg==";
+};
diff --git a/NONE-WF/bind/zones.rfc1918 b/NONE-WF/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/NONE-WF/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/NONE-WF/chap-secrets.NONE-WF b/NONE-WF/chap-secrets.NONE-WF
new file mode 100644
index 0000000..cb6eeef
--- /dev/null
+++ b/NONE-WF/chap-secrets.NONE-WF
@@ -0,0 +1,51 @@
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+
+
+## - Aktionsbuendnis
+"feste-ip9/1TBGC27CYX92@t-online-com.de" * "7FbmJz7L"
+
+## - Anwaltskanzlei - Karl-Marx_Strasse (anw-km)
+"0017005041965502052728690001@t-online.de" * "62812971"
+
+## - Anwaltskanzlei - Urbanstrasse (anw-urb)
+"0019673090265502751343110001@t-online.de" * "85593499"
+
+## - B3 Bornim
+"t-online-com/8TB0LIXKXV82@t-online-com.de" * "38460707"
+
+## - Fluechlingsrat BRB
+"0022044435885511150351780001@t-online.de" * "27475004"
+
+## - Jonas
+"0023866648325511093506040001@t-online.de" * "13635448"
+
+## - Kanzlei Kiel
+## - DSL
+"ar0284280107" * "39457541"
+## - VDSL
+"ab3391185321" * "jhecfmvk"
+
+## - MBR Berlin
+## - DSL
+"0019507524965100021004430001@t-online.de" * "76695918"
+## - VDSL
+"0029741693695511193970180001@t-online.de" * "84616024"
+
+## - Opferperspektive
+"feste-ip3/6TB9UZGGP1GK@t-online-com.de" * "53506202"
+
+## - ReachOut Berlin
+## - first (primary) line
+"ar2667509237" * "93925410"
+## - second line
+"ar1435496252" * "93925410"
+
+## - Sprachenatelier Berlin
+"0021920376975502683262730001@t-online.de" * "52167784"
+
+## - Warenform
+"feste-ip4/7TB02K2HZ4Q3@t-online-com.de" * "EadGl15E"
+
+## - ckubu
+"0025591824365511139967620001@t-online.de" * "67982653"
diff --git a/NONE-WF/cron_root.NONE-WF b/NONE-WF/cron_root.NONE-WF
new file mode 100644
index 0000000..71da20c
--- /dev/null
+++ b/NONE-WF/cron_root.NONE-WF
@@ -0,0 +1,36 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.WiXOQE/crontab installed on Sun May  6 17:52:10 2018)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+
+PATH=/root/bin/admin-stuff:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+@reboot swapon -p 1 /dev/sda2 > /dev/null
+@reboot systemctl stop isc-dhcp-server
+@reboot systemctl stop ipt-firewall
+
+
+# - Copy gateway configuration
+# -
+13 4 * * * /root/bin/manage-gw-config/copy_gateway-config.sh NONE-WF
diff --git a/NONE-WF/ddclient.conf.NONE-WF b/NONE-WF/ddclient.conf.NONE-WF
new file mode 100644
index 0000000..8a35e9b
--- /dev/null
+++ b/NONE-WF/ddclient.conf.NONE-WF
@@ -0,0 +1,11 @@
+# Configuration file for ddclient generated by debconf
+#
+# /etc/ddclient.conf
+
+protocol=dyndns2
+use=if, if=ppp0
+server=members.dyndns.org
+login=ckubu
+password='ckubu100'
+mail=argus@oopen.de
+ckubu.homelinux.org
diff --git a/NONE-WF/default_isc-dhcp-server.NONE-WF b/NONE-WF/default_isc-dhcp-server.NONE-WF
new file mode 100644
index 0000000..3fb715c
--- /dev/null
+++ b/NONE-WF/default_isc-dhcp-server.NONE-WF
@@ -0,0 +1,21 @@
+# Defaults for isc-dhcp-server initscript
+# sourced by /etc/init.d/isc-dhcp-server
+# installed at /etc/default/isc-dhcp-server by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPD_CONF=/etc/dhcp/dhcpd.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPD_PID=/var/run/dhcpd.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="eth1"
diff --git a/NONE-WF/dhcpd.conf.NONE-WF b/NONE-WF/dhcpd.conf.NONE-WF
new file mode 100644
index 0000000..860dc6d
--- /dev/null
+++ b/NONE-WF/dhcpd.conf.NONE-WF
@@ -0,0 +1,109 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+option domain-name "example.org";
+option domain-name-servers ns1.example.org, ns2.example.org;
+
+default-lease-time 600;
+max-lease-time 7200;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+subnet 192.168.63.0 netmask 255.255.255.0 {
+}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.example.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/NONE-WF/dhcpd6.conf.NONE-WF b/NONE-WF/dhcpd6.conf.NONE-WF
new file mode 100644
index 0000000..87786b4
--- /dev/null
+++ b/NONE-WF/dhcpd6.conf.NONE-WF
@@ -0,0 +1,102 @@
+# Server configuration file example for DHCPv6
+# From the file used for TAHI tests - addresses chosen
+# to match TAHI rather than example block.
+
+# IPv6 address valid lifetime
+#  (at the end the address is no longer usable by the client)
+#  (set to 30 days, the usual IPv6 default)
+default-lease-time 2592000;
+
+# IPv6 address preferred lifetime
+#  (at the end the address is deprecated, i.e., the client should use
+#   other addresses for new connections)
+#  (set to 7 days, the	usual IPv6 default)
+preferred-lifetime 604800;
+
+# T1, the delay before Renew
+#  (default is 1/2 preferred lifetime)
+#  (set to 1 hour)
+option dhcp-renewal-time 3600;
+
+# T2, the delay before Rebind (if Renews failed)
+#  (default is 3/4 preferred lifetime)
+#  (set to 2 hours)
+option dhcp-rebinding-time 7200;
+
+# Enable RFC 5007 support (same than for DHCPv4)
+allow leasequery;
+
+# Global definitions for name server address(es) and domain search list
+option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
+option dhcp6.domain-search "test.example.com","example.com";
+
+# Set preference to 255 (maximum) in order to avoid waiting for
+# additional servers when there is only one
+##option dhcp6.preference 255;
+
+# Server side command to enable rapid-commit (2 packet exchange)
+##option dhcp6.rapid-commit;
+
+# The delay before information-request refresh
+#  (minimum is 10 minutes, maximum one day, default is to not refresh)
+#  (set to 6 hours)
+option dhcp6.info-refresh-time 21600;
+
+# Static definition (must be global)
+#host myclient {
+#	# The entry is looked up by this
+#	host-identifier option
+#		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
+#
+#	# A fixed address
+#	fixed-address6 3ffe:501:ffff:100::1234;
+#
+#	# A fixed prefix
+#	fixed-prefix6 3ffe:501:ffff:101::/64;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
+#
+#	# For debug (to see when the entry statements are executed)
+#	#  (log "sol" when a matching Solicitation is received)
+#	##if packet(0,1) = 1 { log(debug,"sol"); }
+#}
+#
+#host otherclient {
+#        # This host entry is hopefully matched if the client supplies a DUID-LL
+#        # or DUID-LLT containing this MAC address.
+#        hardware ethernet 01:00:80:a2:55:67;
+#
+#        fixed-address6 3ffe:501:ffff:100::4321;
+#}
+
+# The subnet where the server is attached
+#  (i.e., the server has an address in this subnet)
+#subnet6 3ffe:501:ffff:100::/64 {
+#	# Two addresses available to clients
+#	#  (the third client should get NoAddrsAvail)
+#	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
+#
+#	# Use the whole /64 prefix for temporary addresses
+#	#  (i.e., direct application of RFC 4941)
+#	range6 3ffe:501:ffff:100:: temporary;
+#
+#	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
+#	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
+#}
+
+# A second subnet behind a relay agent
+#subnet6 3ffe:501:ffff:101::/64 {
+#	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
+#
+#}
+
+# A third subnet behind a relay agent chain
+#subnet6 3ffe:501:ffff:102::/64 {
+#	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
+#}
diff --git a/NONE-WF/email_notice.NONE-WF b/NONE-WF/email_notice.NONE-WF
new file mode 100755
index 0000000..86fde2e
--- /dev/null
+++ b/NONE-WF/email_notice.NONE-WF
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
+
+
+file=/tmp/mail_ip-up$$
+admin_email=argus@oopen.de
+
+from_address=ip-up_`hostname`@oopen.de
+from_name="ip-up - ckubu local net"
+host=`hostname -f`
+
+echo "" > $file
+echo " *************************************************************" >> $file
+echo " *** This is an autogenerated mail from $host ***" >> $file
+echo "" >> $file
+echo " I brought up the ppp-daemon with the following" >> $file
+echo -e " parameters:\n" >> $file
+echo -e "\tInterface name...............: $PPP_IFACE" >> $file
+echo -e "\tThe tty......................: $PPP_TTY" >> $file
+echo -e "\tThe link speed...............: $PPP_SPEED" >> $file
+echo -e "\tLocal IP number..............: $PPP_LOCAL" >> $file
+echo -e "\tPeer  IP number..............: $PPP_REMOTE" >> $file
+if [ "$USEPEERDNS" ] && [ "$DNS1" ] ; then
+   echo -e "\tNameserver 1.................: $DNS1" >> $file
+   if [ "$DNS2" ] ; then
+      echo -e "\tNameserver 2.................: $DNS2" >> $file
+   fi
+fi
+
+
+echo -e "\tOptional \"ipparam\" value.....: $PPP_IPPARAM" >> $file
+echo "" >> $file
+echo -e "\tDate.........................: `date +\"%d.%m.%Y\"`" >> $file
+echo -e "\tTime.........................: `date +\"%H:%M:%S\"`" >> $file
+echo "" >> $file
+echo " **************************************************************" >> $file
+
+echo -e "To:${admin_email}\nSubject:$PPP_LOCAL\n`cat $file`" | /usr/sbin/sendmail -F "$from_name" -f $from_address $admin_email
+
+rm -f $file
+
diff --git a/NONE-WF/generic.NONE-WF b/NONE-WF/generic.NONE-WF
new file mode 100644
index 0000000..c53773a
--- /dev/null
+++ b/NONE-WF/generic.NONE-WF
@@ -0,0 +1,3 @@
+root@gw-replacement.local.netz      root_gw-replacement@oopen.de
+cron@gw-replacement.local.netz      cron_gw-replacement@oopen.de
+@gw-replacement.local.netz          other_gw-replacement@oopen.de
diff --git a/NONE-WF/generic.db.NONE-WF b/NONE-WF/generic.db.NONE-WF
new file mode 100644
index 0000000..6198ad3
Binary files /dev/null and b/NONE-WF/generic.db.NONE-WF differ
diff --git a/NONE-WF/hostapd.conf.NONE-WF b/NONE-WF/hostapd.conf.NONE-WF
new file mode 100644
index 0000000..1f008d9
--- /dev/null
+++ b/NONE-WF/hostapd.conf.NONE-WF
@@ -0,0 +1,138 @@
+# if you want to bridge the onboard eth0 and the 
+# wireless (USB) adapter's wlan0, this should work
+interface=wlan0
+bridge=br0
+
+# this is the driver that must be used for ath9k 
+# and other similar chipset devices
+driver=nl80211
+
+# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g,
+# Default: IEEE 802.11b
+# !! Note:
+#    the n-speeds get layered on top of 802.11g, so
+#    use hw_mode=g also for 802.11n
+hw_mode=g
+#hw_mode=a
+
+# ieee80211n: Whether IEEE 802.11n (HT) is enabled
+# 0 = disabled (default)
+# 1 = enabled
+# !! Note: 
+#    You will also need to enable WMM for full HT functionality.
+ieee80211n=1
+wmm_enabled=1
+
+# Channel number (IEEE 802.11)
+# (default: 0, i.e., not set)
+# Please note that some drivers do not use this value from hostapd and the
+# channel will need to be configured separately with iwconfig.
+## - 2.4 Ghz : hw_mode=g (ht_capab=[HT40+].. channel 1-9) 
+## -                     (ht_capab=[HT40-].. channel 5-11(13) )
+## -   5 Ghz : hw_mode=a (ht_capab=[HT40+].. channel 36,44 ) 
+## -                     (ht_capab=[HT40-].. channel 40)
+channel=7
+#channel=44
+
+# these have to be set in agreement w/ channel and 
+# some other values... read hostapd.conf docs
+#
+## - D-LINK DWA-552 (2.4 Ghz)
+## - MicroTIK RouterBOARD R52n-M (Dualband: 2.4 / 5 Ghz)
+## - MicroTIK RouterBOARD R52Hn (Dualband: 2.4 / 5 Ghz)
+## -
+ht_capab=[HT40-][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
+## -
+## - SR71-E Hi-Power (802.11a/b/g/n miniPCI-E Module)
+## -
+## -    5 Ghz -->channel 36
+## -
+#ht_capab=[HT40+][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
+#ht_capab=[SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
+## -
+## - D-LINK DWA-556 (PCIe) (2,4 / 5  Ghz)
+## -
+#ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40]
+## -
+## - Linksys WMP600N (Dualband: 2.4 / 5 Ghz)
+## -
+#ht_capab=[HT40+][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC12]
+
+
+#   adjust to fit your location
+country_code=DE
+
+
+# SSID to be used in IEEE 802.11 management frames
+ssid=WLAN-OOPEN
+
+# makes the SSID visible and broadcasted
+ignore_broadcast_ssid=0
+
+# IEEE 802.11 specifies two authentication algorithms. hostapd can be
+# configured to allow both of these or only one. Open system authentication
+# should be used with IEEE 802.1X.
+# Bit fields of allowed authentication algorithms:
+# bit 0 = Open System Authentication
+# bit 1 = Shared Key Authentication (requires WEP)
+#auth_algs=3
+auth_algs=1
+
+# bit0 = WPA
+# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
+wpa=3
+
+# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
+# entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be
+# added to enable SHA256-based stronger algorithms.
+# (dot11RSNAConfigAuthenticationSuitesTable)
+wpa_key_mgmt=WPA-PSK
+
+# WPA pre-shared keys for WPA-PSK.
+wpa_passphrase=WoAuchImmer
+
+# Set of accepted cipher suites (encryption algorithms) for pairwise keys
+# (unicast packets). This is a space separated list of algorithms:
+# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
+# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
+# Group cipher suite (encryption algorithm for broadcast and multicast frames)
+# is automatically selected based on this configuration. If only CCMP is
+# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
+# TKIP will be used as the group cipher.
+# (dot11RSNAConfigPairwiseCiphersTable)
+# Pairwise cipher for WPA (v1) (default: TKIP)
+wpa_pairwise=TKIP CCMP
+
+# Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value)
+rsn_pairwise=CCMP
+
+# Time interval for rekeying GTK (broadcast/multicast encryption keys) in
+# seconds. (dot11RSNAConfigGroupRekeyTime)
+wpa_group_rekey=600
+
+# Station MAC address -based authentication
+# Please note that this kind of access control requires a driver that uses
+# hostapd to take care of management frame processing and as such, this can be
+# used with driver=hostap or driver=nl80211, but not with driver=madwifi.
+# 0 = accept unless in deny list
+# 1 = deny unless in accept list
+# 2 = use external RADIUS server (accept/deny lists are searched first)
+macaddr_acl=0
+
+# Interface for separate control program. If this is specified, hostapd
+# will create this directory and a UNIX domain socket for listening to requests
+# from external programs (CLI/GUI, etc.) for status information and
+# configuration. The socket file will be named based on the interface name, so
+# multiple hostapd processes/interfaces can be run at the same time if more
+# than one interface is used.
+# /var/run/hostapd is the recommended directory for sockets and by default,
+# hostapd_cli will use it when trying to connect with hostapd.
+ctrl_interface=/var/run/hostapd
+
+
+#  debugging output - uncomment them to activate; issue  hostapd -d /etc/hostapd/hostapd.conf
+#  to get debugging info in visible/real-time form
+#logger_syslog=-1
+#logger_syslog_level=2
+#logger_stdout=-1
+#logger_stdout_level=2
diff --git a/NONE-WF/hostname.NONE-WF b/NONE-WF/hostname.NONE-WF
new file mode 100644
index 0000000..895b6b0
--- /dev/null
+++ b/NONE-WF/hostname.NONE-WF
@@ -0,0 +1 @@
+gw-replacement
diff --git a/NONE-WF/hosts.NONE-WF b/NONE-WF/hosts.NONE-WF
new file mode 100644
index 0000000..d402a8d
--- /dev/null
+++ b/NONE-WF/hosts.NONE-WF
@@ -0,0 +1,9 @@
+127.0.0.1	localhost
+127.0.1.1	gw-replacement.wf.netz	gw-replacement
+
+# The following lines are desirable for IPv6 capable hosts
+::1     ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/NONE-WF/igmpproxy.conf.NONE-WF b/NONE-WF/igmpproxy.conf.NONE-WF
new file mode 100644
index 0000000..9f6e290
--- /dev/null
+++ b/NONE-WF/igmpproxy.conf.NONE-WF
@@ -0,0 +1,75 @@
+########################################################
+#
+#   Example configuration file for the IgmpProxy
+#   --------------------------------------------
+#
+#   The configuration file must define one upstream
+#   interface, and one or more downstream interfaces.
+#
+#   If multicast traffic originates outside the
+#   upstream subnet, the "altnet" option can be
+#   used in order to define legal multicast sources.
+#   (Se example...)
+#
+#   The "quickleave" should be used to avoid saturation
+#   of the upstream link. The option should only
+#   be used if it's absolutely nessecary to
+#   accurately imitate just one Client.
+#
+########################################################
+
+##------------------------------------------------------
+## Enable Quickleave mode (Sends Leave instantly)
+##------------------------------------------------------
+quickleave
+
+
+##------------------------------------------------------
+## Configuration for eth0 (Upstream Interface)
+##------------------------------------------------------
+#phyint eth0 upstream  ratelimit 0  threshold 1
+#        altnet 10.0.0.0/8 
+#        altnet 192.168.0.0/24
+##------------------------------------------------------
+## Configuration for ppp0 (Upstream Interface)
+##------------------------------------------------------
+#phyint ppp0 upstream  ratelimit 0  threshold 1
+phyint eth2.8 upstream  ratelimit 0  threshold 1
+        altnet 217.0.119.194/24
+        altnet 193.158.35.0/24;
+        altnet 239.35.100.6/24;
+        altnet 93.230.64.0/19;
+        altnet 192.168.63.0/24;
+        #
+        #altnet 192.168.63.5/32;
+        #altnet 192.168.63.40/32;
+
+
+##------------------------------------------------------
+## Configuration for eth1 (Downstream Interface)
+##------------------------------------------------------
+#phyint br0 downstream  ratelimit 0  threshold 1
+phyint eth1 downstream  ratelimit 0  threshold 1
+        # IP der TV-Box
+        altnet 192.168.63.0/24;
+        #altnet 192.168.63.5/32;
+        #altnet 192.168.63.40/32;
+
+
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+#phyint eth2 disabled
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+phyint eth0 disabled
+phyint eth2 disabled
+phyint eth2.7 disabled
+phyint eth1:0 disabled
+phyint eth1:wf disabled
+phyint ppp0 disabled
+phyint tun0 disabled
+phyint lo disabled
+
+
diff --git a/NONE-WF/interfaces.NONE-WF b/NONE-WF/interfaces.NONE-WF
new file mode 100644
index 0000000..3905c6e
--- /dev/null
+++ b/NONE-WF/interfaces.NONE-WF
@@ -0,0 +1,16 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+auto eth1
+iface eth1 inet static
+   address 192.168.52.253
+   network 192.168.52.0
+   netmask 255.255.255.0
+   broadcast 192.168.52.255
+   gateway 192.168.52.254
+
+
diff --git a/NONE-WF/ipt-firewall.service.NONE-WF b/NONE-WF/ipt-firewall.service.NONE-WF
new file mode 100644
index 0000000..9842090
--- /dev/null
+++ b/NONE-WF/ipt-firewall.service.NONE-WF
@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+SyslogIdentifier="ipt-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/NONE-WF/ipt-firewall/ban_ipv4.list.sample b/NONE-WF/ipt-firewall/ban_ipv4.list.sample
new file mode 100644
index 0000000..10b7da3
--- /dev/null
+++ b/NONE-WF/ipt-firewall/ban_ipv4.list.sample
@@ -0,0 +1,22 @@
+# - IPv4 addresses listet here will be completly banned by the firewall
+# -
+# -    - Line beginning with '#' will be ignored.
+# -    - Blank lines will be ignored
+# -    - Only the first entry (until space sign or end of line) of each line will be considered.
+# -
+# - Valid values are:
+# -    complete IPv4 adresses like 1.2.3.4 (will be converted to 1.2.3.0/32)
+# -    partial IPv4 addresses like 1.2.3 (will be converted to 1.2.3.0/24)
+# -    network/nn CIDR notation like 1.2.3.0/27
+# -    network/netmask notaions like 1.2.3.0/255.255.255.0
+# -    network/partial_netmask  like 1.2.3.4/255
+# -
+# - Note: 
+# -    - wrong addresses like 1.2.3.256 or 1.2.3.4/33 will be ignored
+# -
+# - Example:
+# -    79.171.81.0/24
+# -    79.171.81.0/255.255.255.0
+# -    79.171.81.0/255.255.255
+# -    79.171.81
+
diff --git a/NONE-WF/ipt-firewall/default_ports.conf b/NONE-WF/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..a6ee932
--- /dev/null
+++ b/NONE-WF/ipt-firewall/default_ports.conf
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/NONE-WF/ipt-firewall/include_functions.conf b/NONE-WF/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/NONE-WF/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/NONE-WF/ipt-firewall/interfaces_ipv4.conf b/NONE-WF/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..948810e
--- /dev/null
+++ b/NONE-WF/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth1"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1=""
+local_if_2=""
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/NONE-WF/ipt-firewall/load_modules_ipv4.conf b/NONE-WF/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/NONE-WF/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/NONE-WF/ipt-firewall/load_modules_ipv6.conf b/NONE-WF/ipt-firewall/load_modules_ipv6.conf
new file mode 100644
index 0000000..2c55689
--- /dev/null
+++ b/NONE-WF/ipt-firewall/load_modules_ipv6.conf
@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle
diff --git a/NONE-WF/ipt-firewall/logging_ipv4.conf b/NONE-WF/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..e653972
--- /dev/null
+++ b/NONE-WF/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/NONE-WF/ipt-firewall/logging_ipv6.conf b/NONE-WF/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..a024215
--- /dev/null
+++ b/NONE-WF/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/NONE-WF/ipt-firewall/main_ipv4.conf b/NONE-WF/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..561bd7f
--- /dev/null
+++ b/NONE-WF/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1357 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+
+_ips="$(ip a | grep "inet " | awk '{print$2}' | cut -d'/' -f1)"
+for _ip in $_ips ; do
+   gateway_ipv4_address_arr+=("$_ip")
+   done
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# - =====
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                      86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip=""
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks=""
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195 1196"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - Ist this Gateway DHCP Client?
+# - 
+# - local_dhcp_client_interfaces="<interface1> [<interface> [.."
+# -
+# - Example:
+# -    dhcp_client_interfaces="$ext_if_static_1"
+# -
+dhcp_client_interfaces=""
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - Blank separated list
+# -
+http_server_only_local_ips=""
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - SMTP server (i.e. mail relay service) Gateway
+# -
+local_smtp_service=false
+
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+samba_server_local_ips=""
+
+# - Samba Service DMZ
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+# - Blank separated list of ip's
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips=""
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=false
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - Blank seoarated list
+# -
+ipmi_server_ips=""
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_ports="623 5900"
+ipmi_tcp_ports="80 443 623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - Blank separated list
+# -
+printer_ips=""
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips=""
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade (NAT) networks
+# -
+# -    nat_networks="<src-network>:<output-device> [<src-network>:<output-device>] [.."
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -    nat_network="172.16.1.0/24:${local_if_2}
+# -                 172.16.63.0/24:${ext_if_static_1}"
+# -
+# - 172.16.1.0/24    Rescue network (routers)
+# -
+nat_networks=""
+
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+# -    192.168.64.55: Repeater TP-Link TL-WA850RE
+# -
+# - Blank separated list
+# -
+masquerade_tcp_cons=""
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# - Blank separated list
+# -
+portforward_tcp=""
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+llow_cisco_vpn_out=true
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=false
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=true
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=false
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14"
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/NONE-WF/ipt-firewall/post_decalrations.conf b/NONE-WF/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..7d0e9bf
--- /dev/null
+++ b/NONE-WF/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/NONE-WF/isc-dhcp6-server.NONE-WF b/NONE-WF/isc-dhcp6-server.NONE-WF
new file mode 100755
index 0000000..071e1f8
--- /dev/null
+++ b/NONE-WF/isc-dhcp6-server.NONE-WF
@@ -0,0 +1,116 @@
+#!/bin/sh
+#
+#
+
+### BEGIN INIT INFO
+# Provides:          isc-dhcp6-server
+# Required-Start:    $remote_fs $network $syslog
+# Required-Stop:     $remote_fs $network $syslog
+# Should-Start:      $local_fs slapd $named
+# Should-Stop:       $local_fs slapd
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: DHCPv6 server
+# Description:       Dynamic Host Configuration Protocol Server
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+OPTIONS="-6"
+
+test -f /usr/sbin/dhcpd || exit 0
+
+DHCPD_DEFAULT="${DHCPD_DEFAULT:-/etc/default/isc-dhcp6-server}"
+
+# It is not safe to start if we don't have a default configuration...
+if [ ! -f "$DHCPD_DEFAULT" ]; then
+	echo "$DHCPD_DEFAULT does not exist! - Aborting..."
+	if [ "$DHCPD_DEFAULT" = "/etc/default/isc-dhcp-server" ]; then
+		echo "Run 'dpkg-reconfigure isc-dhcp-server' to fix the problem."
+	fi
+	exit 0
+fi
+
+. /lib/lsb/init-functions
+
+# Read init script configuration
+[ -f "$DHCPD_DEFAULT" ] && . "$DHCPD_DEFAULT"
+
+NAME=dhcpd6
+DESC="ISC DHCPv6 server"
+# fallback to default config file
+DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpd6.conf}
+# try to read pid file name from config file, with fallback to /var/run/dhcpd.pid
+if [ -z "$DHCPD_PID" ]; then
+	DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"(.*)"[ \t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1)
+fi
+DHCPD_PID="${DHCPD_PID:-/var/run/dhcpd6.pid}"
+
+test_config()
+{
+	if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 2>&1; then
+		echo "dhcpd self-test failed. Please fix $DHCPD_CONF."
+		echo "The error was: "
+		/usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF"
+		exit 1
+	fi
+}
+
+# single arg is -v for messages, -q for none
+check_status()
+{
+    if [ ! -r "$DHCPD_PID" ]; then
+	test "$1" != -v || echo "$NAME is not running."
+	return 3
+    fi
+    if read pid < "$DHCPD_PID" && ps -p "$pid" > /dev/null 2>&1; then
+	test "$1" != -v || echo "$NAME is running."
+	return 0
+    else
+	test "$1" != -v || echo "$NAME is not running but $DHCPD_PID exists."
+	return 1
+    fi
+}
+
+case "$1" in
+	start)
+		test_config
+		log_daemon_msg "Starting $DESC" "$NAME"
+		start-stop-daemon --start --quiet --pidfile "$DHCPD_PID" \
+			--exec /usr/sbin/dhcpd -- \
+			-q $OPTIONS -cf "$DHCPD_CONF" -pf "$DHCPD_PID" $INTERFACES
+		sleep 2
+
+		if check_status -q; then
+			log_end_msg 0
+		else
+			log_failure_msg "check syslog for diagnostics."
+			log_end_msg 1
+			exit 1
+		fi
+		;;
+	stop)
+		log_daemon_msg "Stopping $DESC" "$NAME"
+		start-stop-daemon --stop --quiet --pidfile "$DHCPD_PID"
+		log_end_msg $?
+		rm -f "$DHCPD_PID"
+		;;
+	restart | force-reload)
+		test_config
+		$0 stop
+		sleep 2
+		$0 start
+		if [ "$?" != "0" ]; then
+			exit 1
+		fi
+		;;
+	status)
+		echo -n "Status of $DESC: "
+		check_status -v
+		exit "$?"
+		;;
+	*)
+		echo "Usage: $0 {start|stop|restart|force-reload|status}"
+		exit 1 
+esac
+
+exit 0
diff --git a/NONE-WF/mailname.NONE-WF b/NONE-WF/mailname.NONE-WF
new file mode 100644
index 0000000..dae701f
--- /dev/null
+++ b/NONE-WF/mailname.NONE-WF
@@ -0,0 +1 @@
+gw-replacement.local.netz
diff --git a/NONE-WF/main.cf.NONE-WF b/NONE-WF/main.cf.NONE-WF
new file mode 100644
index 0000000..8003a63
--- /dev/null
+++ b/NONE-WF/main.cf.NONE-WF
@@ -0,0 +1,70 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = gw-replacement.local.netz
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+
+myorigin = /etc/mailname
+mydestination = gw-replacement.local.netz, 
+                localhost
+
+mynetworks = 127.0.0.0/8,
+             #[::ffff:127.0.0.0]/104 
+             #[::1]/128
+             192.168.63.253/32
+mailbox_command = procmail -a "$EXTENSION"
+mailbox_size_limit = 0
+recipient_delimiter = +
+#inet_interfaces = all
+
+inet_protocols = ipv4
+inet_interfaces = 127.0.0.1,
+                  #[::ffff:127.0.0.0]/104,
+                  #[::1]/128,
+                  192.168.63.253
+
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
diff --git a/NONE-WF/openvpn/update-resolv-conf b/NONE-WF/openvpn/update-resolv-conf
new file mode 100755
index 0000000..8306380
--- /dev/null
+++ b/NONE-WF/openvpn/update-resolv-conf
@@ -0,0 +1,54 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk> 
+# and Chris Hanson
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+#
+# 05/2006 chlauber@bnc.ch
+# 
+# Example envs set from openvpn:
+# foreign_option_1='dhcp-option DNS 193.43.27.132'
+# foreign_option_2='dhcp-option DNS 193.43.27.133'
+# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+
+[ -x /sbin/resolvconf ] || exit 0
+
+case $script_type in
+
+up)
+	for optionname in ${!foreign_option_*} ; do
+		option="${!optionname}"
+		echo $option
+		part1=$(echo "$option" | cut -d " " -f 1)
+		if [ "$part1" == "dhcp-option" ] ; then
+			part2=$(echo "$option" | cut -d " " -f 2)
+			part3=$(echo "$option" | cut -d " " -f 3)
+			if [ "$part2" == "DNS" ] ; then
+				IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
+			fi
+			if [ "$part2" == "DOMAIN" ] ; then
+				IF_DNS_SEARCH="$part3"
+			fi
+		fi
+	done
+	R=""
+	if [ "$IF_DNS_SEARCH" ] ; then
+        	R="${R}search $IF_DNS_SEARCH
+"
+	fi
+	for NS in $IF_DNS_NAMESERVERS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.inet"
+	;;
+down)
+	/sbin/resolvconf -d "${dev}.inet"
+	;;
+esac
+
diff --git a/NONE-WF/pap-secrets.NONE-WF b/NONE-WF/pap-secrets.NONE-WF
new file mode 100644
index 0000000..85a05a1
--- /dev/null
+++ b/NONE-WF/pap-secrets.NONE-WF
@@ -0,0 +1,89 @@
+#
+# /etc/ppp/pap-secrets
+#
+# This is a pap-secrets file to be used with the AUTO_PPP function of
+# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
+# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
+# after a user has passed this file. Don't be disturbed therefore by the fact
+# that this file defines logins with any password for users. /etc/passwd
+# (again, /etc/shadow, too) will catch passwd mismatches.
+#
+# This file should block ALL users that should not be able to do AUTO_PPP.
+# AUTO_PPP bypasses the usual login program so it's necessary to list all
+# system userids with regular passwords here.
+#
+# ATTENTION: The definitions here can allow users to login without a
+# password if you don't use the login option of pppd! The mgetty Debian
+# package already provides this option; make sure you don't change that.
+
+# INBOUND connections
+
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+*	hostname	""	*
+
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd!
+guest	hostname	"*"	-
+master	hostname	"*"	-
+root	hostname	"*"	-
+support	hostname	"*"	-
+stats	hostname	"*"	-
+
+# OUTBOUND connections
+
+# Here you should add your userid password to connect to your providers via
+# PAP. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+
+#	*	password
+
+## - Aktionsbuendnis
+"feste-ip9/1TBGC27CYX92@t-online-com.de" * "7FbmJz7L"
+
+## - Anwaltskanzlei - Karl-Marx_Strasse (anw-km)
+"0017005041965502052728690001@t-online.de" * "62812971"
+
+## - Anwaltskanzlei - Urbanstrasse (anw-urb)
+"0019673090265502751343110001@t-online.de" * "85593499"
+
+## - B3 Bornim
+"t-online-com/8TB0LIXKXV82@t-online-com.de" * "38460707"
+
+## - Fluechlingsrat BRB
+"0022044435885511150351780001@t-online.de" * "27475004"
+
+## - Jonas
+"0023866648325511093506040001@t-online.de" * "13635448"
+
+## - Kanzlei Kiel
+## - DSL
+"ar0284280107" * "39457541"
+## - VDSL
+"ab3391185321" * "jhecfmvk"
+
+## - MBR Berlin
+## - DSL
+"0019507524965100021004430001@t-online.de" * "76695918"
+## - VDSL
+"0029741693695511193970180001@t-online.de" * "84616024"
+
+## - Opferperspektive
+"feste-ip3/6TB9UZGGP1GK@t-online-com.de" * "53506202"
+
+## - Sprachenatelier Berlin
+"0021920376975502683262730001@t-online.de" * "52167784"
+
+## - ReachOut Berlin
+## - first (primary) line
+"ar2667509237" * "93925410"
+## - second line
+"ar1435496252" * "93925410"
+
+## - Warenform
+"feste-ip4/7TB02K2HZ4Q3@t-online-com.de" * "EadGl15E"
+
+## - ckubu
+"0025591824365511139967620001@t-online.de" * "67982653"
diff --git a/NONE-WF/peers/dsl-provider b/NONE-WF/peers/dsl-provider
new file mode 100644
index 0000000..1cb87df
--- /dev/null
+++ b/NONE-WF/peers/dsl-provider
@@ -0,0 +1,19 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+plugin rp-pppoe.so eth2.7
+#user "feste-ip7/9TB3EGVM46Z6@t-online-com.de"
+## - second line kanzlei undine
+#user "0012047971635502977079530001@t-online.de"
+user "0025591824365511139967620001@t-online.de"
diff --git a/NONE-WF/peers/provider b/NONE-WF/peers/provider
new file mode 100644
index 0000000..e74d71a
--- /dev/null
+++ b/NONE-WF/peers/provider
@@ -0,0 +1,35 @@
+# example configuration for a dialup connection authenticated with PAP or CHAP
+#
+# This is the default configuration used by pon(1) and poff(1).
+# See the manual page pppd(8) for information on all the options.
+
+# MUST CHANGE: replace myusername@realm with the PPP login name given to
+# your by your provider.
+# There should be a matching entry with the password in /etc/ppp/pap-secrets
+# and/or /etc/ppp/chap-secrets.
+user "myusername@realm"
+
+# MUST CHANGE: replace ******** with the phone number of your provider.
+# The /etc/chatscripts/pap chat script may be modified to change the
+# modem initialization string.
+connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
+
+# Serial device to which the modem is connected.
+/dev/modem
+
+# Speed of the serial line.
+115200
+
+# Assumes that your IP address is allocated dynamically by the ISP.
+noipdefault
+# Try to get the name server addresses from the ISP.
+usepeerdns
+# Use this connection as the default route.
+defaultroute
+
+# Makes pppd "dial again" when the connection is lost.
+persist
+
+# Do not ask the remote to authenticate.
+noauth
+
diff --git a/NONE-WF/radvd.conf.NONE-WF b/NONE-WF/radvd.conf.NONE-WF
new file mode 100644
index 0000000..8eea1dd
--- /dev/null
+++ b/NONE-WF/radvd.conf.NONE-WF
@@ -0,0 +1,29 @@
+interface eth1
+{
+   AdvManagedFlag on;
+   AdvSendAdvert on;
+   AdvLinkMTU 1280;
+   #AdvOtherConfigFlag on;
+
+   #prefix 2001:6f8:107e:63::/64
+   #{
+   #   AdvOnLink on;
+   #   AdvAutonomous on;
+   #   AdvRouterAddr on;
+   #};
+};
+
+interface br0
+{
+   AdvManagedFlag on;
+   AdvSendAdvert on;
+   AdvLinkMTU 1280;
+   #AdvOtherConfigFlag on;
+
+   #prefix 2001:6f8:107e:64::/64
+   #{
+   #   AdvOnLink on;
+   #   AdvAutonomous on;
+   #   AdvRouterAddr on;
+   #};
+};
diff --git a/NONE-WF/rc.local.NONE-WF b/NONE-WF/rc.local.NONE-WF
new file mode 100755
index 0000000..88131ff
--- /dev/null
+++ b/NONE-WF/rc.local.NONE-WF
@@ -0,0 +1,18 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+# By default this script does nothing.
+
+#if ! cat /proc/swaps | grep -q "/dev/sda2" ; then
+#   swapon -p 1 /dev/sda2 > /dev/null 2>&1 || /bin/true
+#fi
+
+exit 0
diff --git a/NONE-WF/resolv.conf.NONE-WF b/NONE-WF/resolv.conf.NONE-WF
new file mode 100644
index 0000000..ce07abe
--- /dev/null
+++ b/NONE-WF/resolv.conf.NONE-WF
@@ -0,0 +1,3 @@
+domain wf.netz
+search wf.netz
+nameserver 127.0.0.1
diff --git a/NONE-WF/sasl_passwd.NONE-WF b/NONE-WF/sasl_passwd.NONE-WF
new file mode 100644
index 0000000..c93d772
--- /dev/null
+++ b/NONE-WF/sasl_passwd.NONE-WF
@@ -0,0 +1 @@
+[b.mx.oopen.de] ckubu@b.mx.oopen.de:3q4b2SqCcbqNZwdp
diff --git a/NONE-WF/sasl_passwd.db.NONE-WF b/NONE-WF/sasl_passwd.db.NONE-WF
new file mode 100644
index 0000000..23751fb
Binary files /dev/null and b/NONE-WF/sasl_passwd.db.NONE-WF differ
diff --git a/NONE-WF/sbin/disk-action b/NONE-WF/sbin/disk-action
new file mode 100755
index 0000000..079f1e7
--- /dev/null
+++ b/NONE-WF/sbin/disk-action
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+BASENAME="${0##*/}"
+ACTION="$1"
+MOUNT_POINT="$2"
+
+transmission_try_start() {
+    . /etc/default/transmission-daemon
+    if [ $(expr "${BASE_DIR}/" : "${MOUNT_POINT}/") -gt 0 ]; then
+	sed -r 's/^ENABLE_DAEMON=.*$/ENABLE_DAEMON=1/' < /etc/default/transmission-daemon > /tmp/.transmission-daemon.$$
+	cat /tmp/.transmission-daemon.$$ > /etc/default/transmission-daemon
+	rm  /tmp/.transmission-daemon.$$
+	if [ "$(pidof transmission-daemon)" != "" ]; then
+	    killall -9 transmission-daemon 2>&1 >/dev/null
+	    sleep 1
+	fi
+	xMASK=$(umask); umask 0000
+	[ ! -d "${BASE_DIR}"     ] && mkdir -p "${BASE_DIR}"
+	[ ! -d "${CONFIG_DIR}"   ] && mkdir -p "${CONFIG_DIR}"
+	[ ! -d "${DOWNLOAD_DIR}" ] && mkdir -p "${DOWNLOAD_DIR}"
+	[ ! -d "${WATCH_DIR}"    ] && mkdir -p "${WATCH_DIR}"
+	[ ! -f "${CONFIG_DIR}/settings.json" ] && cp "/var/lib/transmission/settings.json.template" "${CONFIG_DIR}/settings.json" 
+	umask ${xMASK}
+	/etc/init.d/transmission-daemon start 2>&1 >/dev/null
+    fi
+}
+
+transmission_try_stop() {
+    . /etc/default/transmission-daemon
+    if [ $(expr "${BASE_DIR}/" : "${MOUNT_POINT}/") -gt 0 ]; then
+	sed -r 's/^ENABLE_DAEMON=.*$/ENABLE_DAEMON=0/' < /etc/default/transmission-daemon > /tmp/.transmission-daemon.$$
+	cat /tmp/.transmission-daemon.$$ > /etc/default/transmission-daemon
+	rm  /tmp/.transmission-daemon.$$
+	if [ "$(pidof transmission-daemon)" != "" ]; then
+	    killall -9 transmission-daemon 2>&1 >/dev/null
+	fi
+    fi
+}
+
+logger -t $BASENAME "$@ --> BEGIN"
+
+case "$1" in
+    add)
+	transmission_try_start
+    ;;
+    remove)
+	transmission_try_stop
+    ;;
+    *)
+	echo "Use: $0 (add|remove) /mount/point"
+esac
+
+logger -t $BASENAME "$@ --> END"
diff --git a/NONE-WF/sbin/ipt-firewall-gateway b/NONE-WF/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..223a537
--- /dev/null
+++ b/NONE-WF/sbin/ipt-firewall-gateway
@@ -0,0 +1,4132 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      # - ?? - Don't know which rule is the right one
+      # -
+      #$ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -s ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+
+# ---
+# - Block IPs/Netwoks reading from file 'ban_ipv4.list'"
+# ---
+
+echononl "\tBlock IPs/Netwoks reading from file 'ban_ipv4.list' .."
+
+if [[ -f "${ipt_conf_dir}/ban_ipv4.list" ]] ; then
+
+   declare -a octets
+   declare -i index
+
+   while IFS='' read -r _line || [[ -n $_line ]] ; do
+
+      is_valid_ipv4=true
+      is_valid_mask=true
+      ipv4=""
+      mask=""
+      
+      # Ignore comment lines
+      #
+      [[ $_line =~ ^[[:space:]]{0,}# ]] && continue
+
+      # Ignore blank lines
+      #
+      [[ $_line =~ ^[[:space:]]*$ ]] && continue
+
+      # Remove leading whitespace characters
+      #
+      _line="${_line#"${_line%%[![:space:]]*}"}"
+
+
+      # Catch IPv4 Address
+      #
+      given_ipv4="$(echo  $_line | cut -d ' ' -f1)"
+
+
+      # Splitt Ipv4 address from possible given CIDR number
+      #
+      IFS='/' read -ra _addr <<< "$given_ipv4"
+      _ipv4="${_addr[0]}"
+
+      if [[ -n "${_addr[1]}" ]] ; then
+         _mask="${_addr[1]}"
+         test_netmask=false
+
+         # Is 'mask' a valid CIDR number? If not, test agains a valid netmask
+         #
+         if $(test -z "${_mask##*[!0-9]*}" > /dev/null 2>&1) ; then
+
+            # Its not a vaild mask number, but naybe a valit netmask.
+            # 
+            test_netmask=true
+         else
+            if [[ $_mask -gt 32 ]]; then
+
+               # Its not a vaild cidr number, but naybe a valit netmask.
+               # 
+               test_netmask=true
+            else
+
+               # OK, we have a vaild cidr number between '0' and '32'
+               #
+               mask=$_mask
+            fi
+         fi
+
+         # Test if given '_mask' is a valid netmask.
+         #
+         if $test_netmask ; then
+            octets=( ${_mask//\./ } )
+
+            # Complete netmask if necessary
+            #
+            while [[ ${#octets[@]} -lt 4 ]]; do
+               octets+=(0)
+            done
+
+            [[ ${#octets[@]} -gt 4 ]] && is_valid_mask=false
+
+            index=0
+            for octet in ${octets[@]} ; do
+               if [[ ${octet} =~ ^[0-9]{1,3}$ ]] ; then
+                  if [[ $octet -gt 255 ]] ; then
+                     is_valid_mask=false
+                  fi
+                  if [[ $index -gt 0 ]] ; then
+                     mask="${mask}.${octet}"
+                  else
+                     mask="${octet}"
+                  fi
+                  
+               else
+                  is_valid_mask=false
+               fi
+
+               ((index++))
+            done
+         fi
+
+         adjust_mask=false
+      else
+         mask=32
+         adjust_mask=true
+      fi
+
+      # Splitt given address into their octets
+      #
+      octets=( ${_ipv4//\./ } )
+
+      # Complete IPv4 address if necessary
+      #
+      while [[ ${#octets[@]} -lt 4 ]]; do
+         octets+=(0)
+
+         # Only adjust CIDR number if not given
+         #
+         if $adjust_mask ; then
+            mask="$(expr $mask - 8)"
+         fi
+      done
+
+      # Pre-check if given IPv4 Address seems to be a valid address
+      #
+      [[ ${#octets[@]} -gt 4 ]] && is_valid_ipv4=false
+
+      # Check if given IPv4 Address is a valid address
+      #
+      if $is_valid_ipv4 ; then
+         index=0
+         for octet in ${octets[@]} ; do
+            if [[ ${octet} =~ ^[0-9]{1,3}$ ]] ; then
+               if [[ $octet -gt 255 ]] ; then
+                  is_valid_ipv4=false
+               fi
+               if [[ $index -gt 0 ]] ; then
+                  ipv4="${ipv4}.${octet}"
+               else
+                  ipv4="${octet}"
+               fi
+               
+            else
+               is_valid_ipv4=false
+            fi
+
+            ((index++))
+         done
+      fi
+
+      if $is_valid_ipv4 && $is_valid_mask; then
+
+         _ip="${ipv4}/${mask}"
+
+         for _dev in ${ext_if_arr[@]} ; do
+            if $log_blocked_ip || $log_all ; then
+               $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+               if $kernel_activate_forwarding ; then
+                  $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+               fi
+            fi
+            $ipt -A INPUT -i $_dev -s $_ip -j DROP
+            if $kernel_activate_forwarding ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+            fi
+         done
+
+
+      else
+         msg="$msg '${given_ipv4}'"
+      fi
+
+   done < "${ipt_conf_dir}/ban_ipv4.list"
+   echo_done
+
+   if [[ -n "$msg" ]]; then
+      warn "Ignored:$msg"
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ipt -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/NONE-WF/sbin/ipt-firewall-gateway.ALT b/NONE-WF/sbin/ipt-firewall-gateway.ALT
new file mode 100755
index 0000000..429d815
--- /dev/null
+++ b/NONE-WF/sbin/ipt-firewall-gateway.ALT
@@ -0,0 +1,3713 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   #$ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      #$ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Accesspoints
+# ---
+
+echononl "\t\tUbiquiti Unifi Accesspoints"
+if [[ ${#unifi_controller_gateway_ip_arr[@]} -gt 0 ]] || [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] ; then
+      if [[ ${#unifi_controller_gateway_ip_arr[@]} -gt 0 ]] ; then
+
+         for _ip_ctl in ${unifi_controller_gateway_ip_arr[@]} ; do
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A INPUT -i $_dev -p tcp -d $_ip_ctl -m multiport --dports $unify_controller_ports -m conntrack --ctstate NEW -j ACCEPT
+               if $provide_hotspot ; then
+                  $ipt -A INPUT -i $_dev -p tcp -d $_ip_ctl -m multiport --dports $hotspot_ports -m conntrack --ctstate NEW -j ACCEPT
+               fi
+            done
+
+         done
+      fi
+
+      if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] ; then
+         for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_controller_ports -m conntrack --ctstate NEW -j ACCEPT
+               if $provide_hotspot ; then
+                  $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl -m multiport --dports $hotspot_ports -m conntrack --ctstate NEW -j ACCEPT
+               fi
+            done
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if $kernel_activate_forwarding && $local_alias_interfaces ; then
+               $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_controller_ports --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_controller_ports --tcp-flag ACK ACK -j ACCEPT
+               if $provide_hotspot ; then
+                  $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $hotspot_ports --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $hotspot_ports --tcp-flag ACK ACK -j ACCEPT
+               fi
+            fi
+
+         done
+      fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/NONE-WF/sbin/rebind b/NONE-WF/sbin/rebind
new file mode 100755
index 0000000..0661cae
--- /dev/null
+++ b/NONE-WF/sbin/rebind
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+case "$1" in
+	on)
+		set -x
+		mount --bind /proc    /ro/proc
+		mount --bind /sys     /ro/sys
+		mount --bind /dev     /ro/dev
+		mount --bind /dev/pts /ro/dev/pts
+	;;
+	off)
+		set -x
+		umount /ro/dev/pts
+		umount /ro/dev
+		umount /ro/sys
+		umount /ro/proc
+	;;
+	*)
+		echo "Use: $0 (on|off)"
+esac
diff --git a/NONE-WF/sbin/synctime b/NONE-WF/sbin/synctime
new file mode 100755
index 0000000..b623feb
--- /dev/null
+++ b/NONE-WF/sbin/synctime
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+NOW=$(date +%s)
+INTERVAL=$[ 8 * 60 * 60 ]  # 8 hs
+CONTROL=/tmp/.lastSyncTime
+
+sync_time() {
+    ntpdate-debian -s  || exit 1
+    hwclock --systohc  || exit 1
+    touch ${CONTROL}
+}
+
+[ ! -f ${CONTROL} ] && sync_time && exit 0
+
+SYNCRONIZED=$(stat -c %Y ${CONTROL})
+SECONDS=$[ ${NOW} - ${SYNCRONIZED} ]
+
+[ ${SECONDS} -gt ${INTERVAL} ] && sync_time && exit 0
+[ ${SECONDS} -lt 0           ] && sync_time && exit 0
+
+exit 0
diff --git a/NONE-WF/sbin/tmpsize b/NONE-WF/sbin/tmpsize
new file mode 100755
index 0000000..40cfab3
--- /dev/null
+++ b/NONE-WF/sbin/tmpsize
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+mount -t tmpfs | cut -d' ' -f3 | \
+while read MOUNT_POINT; do
+    mount -o remount,size=30M ${MOUNT_POINT}
+done
diff --git a/NONE-WF/sbin/usb-leds-on-off b/NONE-WF/sbin/usb-leds-on-off
new file mode 100755
index 0000000..0deba49
--- /dev/null
+++ b/NONE-WF/sbin/usb-leds-on-off
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+[ -e "/sys/class/leds/alix:${2}/brightness"  ] && {
+	/bin/echo ${1} > "/sys/class/leds/alix:${2}/brightness"
+}
diff --git a/NONE-WF/src/check_net b/NONE-WF/src/check_net
new file mode 160000
index 0000000..6bde0e7
--- /dev/null
+++ b/NONE-WF/src/check_net
@@ -0,0 +1 @@
+Subproject commit 6bde0e7c07c4d0ee8cc6f6aa37c49608fe924a5b
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1.tar.gz b/NONE-WF/src/igmpproxy/igmpproxy-0.1.tar.gz
new file mode 100644
index 0000000..c429f21
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1.tar.gz differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/AUTHORS b/NONE-WF/src/igmpproxy/igmpproxy-0.1/AUTHORS
new file mode 100644
index 0000000..7023323
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/AUTHORS
@@ -0,0 +1,9 @@
+Authors and contributors, in alphabetical order: 
+
+Alexey Charkov <alchark@gmail.com>
+Christian Ruppert <idl0r@gentoo.org>
+Conrad Kostecki <ConiKost@gmx.de>
+Constantin Baranov <const@mimas.ru>
+Damjan Cvetko <zobo@users.sourceforge.net>
+Johnny Egeland <johnnyege@users.sourceforge.net>
+Martin Djernaes <djernaes@users.sourceforge.net>
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/COPYING b/NONE-WF/src/igmpproxy/igmpproxy-0.1/COPYING
new file mode 100644
index 0000000..3d11e36
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/COPYING
@@ -0,0 +1,28 @@
+igmpproxy - IGMP proxy based multicast router 
+Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+
+This software is derived work from the following software. The original
+source code has been modified from it's original state by the author
+of igmpproxy.
+
+smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+- Licensed under the GNU General Public License, version 2
+
+mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+Leland Stanford Junior University.
+- Original license can be found in the Stanford.txt file.
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/ChangeLog b/NONE-WF/src/igmpproxy/igmpproxy-0.1/ChangeLog
new file mode 100644
index 0000000..e8461bb
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/ChangeLog
@@ -0,0 +1,317 @@
+commit 0e8e7fde2d68f9ea9b5095c24231024be281393c
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Oct 5 21:31:42 2009 +0500
+
+    Release 0.1
+
+commit 68ba90446e02825073b779bd0628c4f34833665d
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu Oct 1 00:09:38 2009 +0500
+
+    Fix building on FreeBSD 8.0 (wrt #2870461)
+    
+    Several IGMP_* macroses was deprecated in r189347/v800069 and
+    removed in r193938/v800098. Redefine them if needed.
+
+commit 74c2e1aa414f33585562d6783a3290ac63ee6c69
+Author: Martin Djernaes <djernaes@users.sourceforge.net>
+Date:   Sun Sep 6 16:41:22 2009 +0500
+
+    Fix netmask detection on interfaces with multiple addresses
+    
+    When having multiple IP addresses on an interface the netmask retrieved for
+    each IP address is not correct. The reason is that ioctrl for
+    SIOCGIFNETMASK will just provide the first netmask when no IP address is
+    provided in the call.
+
+commit 64144607195b779396a49179518aade24707cbbc
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Sep 4 01:38:27 2009 +0500
+
+    Generate ChangeLog and AUTHORS by Git
+
+commit 94dd711318384e7b121924db0177a65b2fc38471
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Aug 16 19:45:04 2009 +0500
+
+    Release 0.1 beta5
+
+commit 3ac424f82ab9f281dd3a0bfccbc92352bd5512c0
+Author: Damjan Cvetko <zobo@users.sourceforge.net>
+Date:   Sun Aug 16 19:28:30 2009 +0500
+
+    Improve getIfByAddress() function (wrt #2835052)
+    
+    getIfByAddress does not find the best iterface in case of overlaping
+    networks. This patchs scans through all interfaces (and networks) and picks
+    the one with the longest subnet.
+
+commit 8ca5a29b56390020f27d4106643cd623cdb12bb2
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Aug 16 18:37:58 2009 +0500
+
+    Fix nextConfigToken() function (wrt #2838154)
+    
+    The nextConfigToken() returns NULL when EOF reached even if token
+    was read already. This results in loss of last token in file usually.
+    Let it return unterminated token if it is non-empty already.
+
+commit 954674bc4ec6a689b1de2f2a2766e993df1e2705
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:14:56 2009 +0500
+
+    Release 0.1 beta4
+
+commit a7908b855ecb6959ea08ef3b374ff2aca9939cf0
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:10:35 2009 +0500
+
+    Update README etc.
+
+commit 62fa19975ff4daa8e31a9b07bf33ddc8cd0129f8
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Thu May 14 01:06:44 2009 +0500
+
+    State licenses in the COPYING
+
+commit 3ac3ae462ca35ec7f1f22d968bf4fab0807d636f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 10 05:01:21 2009 +0500
+
+    Remove pointless backslashes in configure.ac
+
+commit 3c4118949b6a19b384b08e171a5294b0ea307e08
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 10 02:19:30 2009 +0500
+
+    Replace bzero() with memset()
+
+commit ee07cb5bfd2514503d0564d2aee0656203d9a91e
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 02:09:28 2009 +0500
+
+    Remove redundant #include
+
+commit 56e37ad6ba0c6aade86c1407ea55abb8b445d119
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 02:00:03 2009 +0500
+
+    Add DragonFly BSD support
+
+commit eccefd205c3fb326b6ae1b79676238fc349f8be8
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 9 01:57:07 2009 +0500
+
+    Add missed format argument in acceptLeaveMessage()
+
+commit 16c55bd5ab6a9608099252fa320ddbc0a05fca0a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Wed May 6 01:29:04 2009 +0500
+
+    Avoid inclusion if linux/in.h (wrt #2787118)
+    
+    The linux/in.h header conflicts with the netinet/in.h header in
+    certain Linux distributions. So let's ensure that linux/in.h will
+    never be included neither directly nor from linux/mroute.h.
+
+commit e01624e123c5a24310a4fb7f70ab6178278c3b7a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 22:00:33 2009 +0500
+
+    Release 0.1 beta3
+
+commit a3c84e48a1ff32812aac92ca0dba923ca7dd4ca0
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:53:56 2009 +0500
+
+    Show version in help message
+    
+    Also remove unused Version constant.
+
+commit f880a472f6b835d8139adc27908206a11a50846f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:43:01 2009 +0500
+
+    Remove IF_DEBUG macros
+    
+    IF_DEBUG macros hides my_log(LOG_DEBUG...) calls. Thus it is redundant.
+
+commit 6b1a4beb839f41ecc7468e2680f5d0eedbd49b35
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:29:16 2009 +0500
+
+    Break long lines in build scripts
+
+commit 55dcd57b8cfac25a4eeafae5a18ab85a07484418
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 21:19:19 2009 +0500
+
+    Remove hardcoded version strings from man pages
+
+commit e7880c542e38bae8efa16b148a431488456f5594
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:52:58 2009 +0500
+
+    Move mrouted-LICENSE out of doc directory
+
+commit 9fee127b13336776d2e6019db8c22ee7de9bf36f
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:32:31 2009 +0500
+
+    Use strdup() instead of malloc() and strcpy()
+
+commit d34dee7ea0b03ba98806558a1eebf78061ce8878
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:30:44 2009 +0500
+
+    Eliminate message about IGMP_MEMBERSHIP_QUERY ignored
+
+commit 32de2bfbad537f6e60edddaefa6c240b2811c567
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 20:25:30 2009 +0500
+
+    Add OpenBSD support
+
+commit a85c620eccea244c80a34c3403b2ea7055616703
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun May 3 04:16:53 2009 +0500
+
+    Add NetBSD support
+
+commit d61d57c50b8b2399ff90e32da687686cf068680a
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 05:07:12 2009 +0500
+
+    Remove outdated bug report email address
+
+commit 14edc6d6dab34e5e51bc12a61f45bae753235e98
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 04:49:38 2009 +0500
+
+    Improve OS checking mechanism
+    
+    Hide all OS-specific things in os-*.h headers and let autoconf select
+    proper header. Also add check for struct sockaddr_in.sin_len member.
+
+commit b23a4c9f9edd43a22759930ae969ee420c270456
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat May 2 04:48:23 2009 +0500
+
+    Do not close std* streams in non-debug mode
+
+commit 7256cb378db4b839f0138cc9422971f5fb353de1
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 21:16:47 2009 +0500
+
+    Clean up configure.ac and add check for sockaddr.sa_len member
+
+commit eb6f3eababbca43c517a1407e5af66ed384bf07d
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 20:04:32 2009 +0500
+
+    Install igmpproxy to sbin directory
+
+commit e22427f33150970f6bef3106ac018d7138dfbadb
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Apr 17 20:03:46 2009 +0500
+
+    Add missing igmpproxy.h to list of sources
+
+commit 68fb7638f36c85c44b2a8a33e28af58c65de8a06
+Author: Christian Ruppert <idl0r@gentoo.org>
+Date:   Thu Apr 9 21:28:04 2009 +0500
+
+    Add missing 'h' to the getopt() optstring
+
+commit bae0b7b42ec948442945648878dbc8ef3ee1d2c5
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat Apr 4 00:38:37 2009 +0500
+
+    Rework logging
+    
+    Allow to control verbosity with -v option.
+    Don't write to syslog in debug mode.
+    Don't fork in background. Let start-stop-deamon do this.
+    
+    Also update man-pages and help messages.
+
+commit df0ffb7998cbbd3ab09c100f48dead6adb93aa2c
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sat Apr 4 00:38:06 2009 +0500
+
+    Move igmpproxy.conf out of src directory
+
+commit 4c36c1ea8f9822f96031cff8f40ca3fc7cb93db3
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Mar 9 22:03:46 2009 +0400
+
+    Initial FreeBSD support
+    
+    Based on IGMPproxy port to FreeBSD made by
+    Pavel Korshunov and gygenot.
+
+commit fdc5cc59655a59f7f73af78d6606b5c45b9c1071
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 20:37:17 2009 +0400
+
+    Move to C99 and clean up the code
+    
+    Listen to compiler's warnings.
+    Use standard integer and boolean types.
+    Remove redundant version.h.
+
+commit b535f70ec3dfc73a767592739c8aa44583e7e833
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 17:53:24 2009 +0400
+
+    Rename defs.h to igmpproxy.h
+
+commit 2df90756d378de822d6ece6aa0a340cab6a489e4
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Sun Mar 8 16:17:20 2009 +0400
+
+    Add bootstrap script
+
+commit 3393d1cd7c0f13cc91fa3ec974eb2cd1409bb720
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Fri Feb 27 22:28:03 2009 +0400
+
+    Remove stuff generated by autotools
+
+commit 576b42c7fc71757a33dbac0ebc388f8eebd81fe3
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Feb 23 00:36:39 2009 +0400
+
+    Fix logging to syslog
+    
+    Do not write textual representation of message severity
+    because syslog can do this itself. Also write only one
+    string at a time.
+
+commit 1223d5975a1da679d15120417365582a0054abc4
+Author: Constantin Baranov <const@mimas.ru>
+Date:   Mon Feb 23 00:22:20 2009 +0400
+
+    chmod -x on appropriate files
+
+commit 66145eee1d74c9edd23f3d72700911865b7a09bb
+Author: Conrad Kostecki <ConiKost@gmx.de>
+Date:   Mon Feb 23 00:18:48 2009 +0400
+
+    Remove banner
+
+commit 710d688641ca68d89a7b8958c7d84144d5fb1d9b
+Author: Alexey Charkov <alchark@gmail.com>
+Date:   Mon Feb 23 00:13:03 2009 +0400
+
+    Enable autotools
+    
+    I've packaged igmpproxy with GNU autotools, which will allow for a better
+    experience on Gentoo (CFLAGS, directory structure etc). Also, compile-time
+    warnings are fixed. As the project is dead, this is not even a fork :)
+
+commit f4c36aa73287b794e2c842564e82d2d4f3c1027f
+Author: Johnny Egeland <johnnyege@users.sourceforge.net>
+Date:   Mon Feb 23 00:10:48 2009 +0400
+
+    Initial import
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/GPL.txt b/NONE-WF/src/igmpproxy/igmpproxy-0.1/GPL.txt
new file mode 100644
index 0000000..97d8bc8
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/GPL.txt
@@ -0,0 +1,286 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+
+
+
+
+
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/INSTALL b/NONE-WF/src/igmpproxy/igmpproxy-0.1/INSTALL
new file mode 100644
index 0000000..2550dab
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/INSTALL
@@ -0,0 +1,302 @@
+Installation Instructions
+*************************
+
+Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
+2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+
+   This file is free documentation; the Free Software Foundation gives
+unlimited permission to copy, distribute and modify it.
+
+Basic Installation
+==================
+
+   Briefly, the shell commands `./configure; make; make install' should
+configure, build, and install this package.  The following
+more-detailed instructions are generic; see the `README' file for
+instructions specific to this package.
+
+   The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation.  It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions.  Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+   It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring.  Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.
+
+   If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release.  If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+   The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'.  You need `configure.ac' if
+you want to change it or regenerate `configure' using a newer version
+of `autoconf'.
+
+The simplest way to compile this package is:
+
+  1. `cd' to the directory containing the package's source code and type
+     `./configure' to configure the package for your system.
+
+     Running `configure' might take a while.  While running, it prints
+     some messages telling which features it is checking for.
+
+  2. Type `make' to compile the package.
+
+  3. Optionally, type `make check' to run any self-tests that come with
+     the package.
+
+  4. Type `make install' to install the programs and any data files and
+     documentation.
+
+  5. You can remove the program binaries and object files from the
+     source code directory by typing `make clean'.  To also remove the
+     files that `configure' created (so you can compile the package for
+     a different kind of computer), type `make distclean'.  There is
+     also a `make maintainer-clean' target, but that is intended mainly
+     for the package's developers.  If you use it, you may have to get
+     all sorts of other programs in order to regenerate files that came
+     with the distribution.
+
+  6. Often, you can also type `make uninstall' to remove the installed
+     files again.
+
+Compilers and Options
+=====================
+
+   Some systems require unusual options for compilation or linking that
+the `configure' script does not know about.  Run `./configure --help'
+for details on some of the pertinent environment variables.
+
+   You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment.  Here
+is an example:
+
+     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
+
+   *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+   You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory.  To do this, you can use GNU `make'.  `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script.  `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+   With a non-GNU `make', it is safer to compile the package for one
+architecture at a time in the source code directory.  After you have
+installed the package for one architecture, use `make distclean' before
+reconfiguring for another architecture.
+
+   On MacOS X 10.5 and later systems, you can create libraries and
+executables that work on multiple system types--known as "fat" or
+"universal" binaries--by specifying multiple `-arch' options to the
+compiler but only a single `-arch' option to the preprocessor.  Like
+this:
+
+     ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CPP="gcc -E" CXXCPP="g++ -E"
+
+   This is not guaranteed to produce working output in all cases, you
+may have to build one architecture at a time and combine the results
+using the `lipo' tool if you have problems.
+
+Installation Names
+==================
+
+   By default, `make install' installs the package's commands under
+`/usr/local/bin', include files under `/usr/local/include', etc.  You
+can specify an installation prefix other than `/usr/local' by giving
+`configure' the option `--prefix=PREFIX'.
+
+   You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files.  If you
+pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
+
+   In addition, if you use an unusual directory layout you can give
+options like `--bindir=DIR' to specify different values for particular
+kinds of files.  Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+   If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+   Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System).  The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+   For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Particular systems
+==================
+
+   On HP-UX, the default C compiler is not ANSI C compatible.  If GNU
+CC is not installed, it is recommended to use the following options in
+order to use an ANSI C compiler:
+
+     ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+
+and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+
+   On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+parse its `<wchar.h>' header file.  The option `-nodtk' can be used as
+a workaround.  If GNU CC is not installed, it is therefore recommended
+to try
+
+     ./configure CC="cc"
+
+and if that doesn't work, try
+
+     ./configure CC="cc -nodtk"
+
+   On Solaris, don't put `/usr/ucb' early in your `PATH'.  This
+directory contains several dysfunctional programs; working variants of
+these programs are available in `/usr/bin'.  So, if you need `/usr/ucb'
+in your `PATH', put it _after_ `/usr/bin'.
+
+   On Haiku, software installed for all users goes in `/boot/common',
+not `/usr/local'.  It is recommended to use the following options:
+
+     ./configure --prefix=/boot/common
+
+Specifying the System Type
+==========================
+
+   There may be some features `configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on.  Usually, assuming the package is built to be run on the
+_same_ architectures, `configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+`--build=TYPE' option.  TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
+     CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+     OS
+     KERNEL-OS
+
+   See the file `config.sub' for the possible values of each field.  If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+   If you are _building_ compiler tools for cross-compiling, you should
+use the option `--target=TYPE' to select the type of system they will
+produce code for.
+
+   If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
+
+Sharing Defaults
+================
+
+   If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists.  Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+   Variables not defined in a site shell script can be set in the
+environment passed to `configure'.  However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost.  In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'.  For example:
+
+     ./configure CC=/usr/local2/bin/gcc
+
+causes the specified `gcc' to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+an Autoconf bug.  Until the bug is fixed you can use this workaround:
+
+     CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
+
+`configure' Invocation
+======================
+
+   `configure' recognizes the following options to control how it
+operates.
+
+`--help'
+`-h'
+     Print a summary of all of the options to `configure', and exit.
+
+`--help=short'
+`--help=recursive'
+     Print a summary of the options unique to this package's
+     `configure', and exit.  The `short' variant lists options used
+     only in the top level, while the `recursive' variant lists options
+     also present in any nested packages.
+
+`--version'
+`-V'
+     Print the version of Autoconf used to generate the `configure'
+     script, and exit.
+
+`--cache-file=FILE'
+     Enable the cache: use and save the results of the tests in FILE,
+     traditionally `config.cache'.  FILE defaults to `/dev/null' to
+     disable caching.
+
+`--config-cache'
+`-C'
+     Alias for `--cache-file=config.cache'.
+
+`--quiet'
+`--silent'
+`-q'
+     Do not print messages saying which checks are being made.  To
+     suppress all normal output, redirect it to `/dev/null' (any error
+     messages will still be shown).
+
+`--srcdir=DIR'
+     Look for the package's source code in directory DIR.  Usually
+     `configure' can determine that directory automatically.
+
+`--prefix=DIR'
+     Use DIR as the installation prefix.  *Note Installation Names::
+     for more details, including other options available for fine-tuning
+     the installation locations.
+
+`--no-create'
+`-n'
+     Run the configure checks, but stop before creating any output
+     files.
+
+`configure' also accepts some other, not widely useful, options.  Run
+`configure --help' for more details.
+
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/Makefile b/NONE-WF/src/igmpproxy/igmpproxy-0.1/Makefile
new file mode 100644
index 0000000..ab42594
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/Makefile
@@ -0,0 +1,739 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = i586-pc-linux-gnu
+host_triplet = i586-pc-linux-gnu
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(dist_sysconf_DATA) \
+	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/config.h.in $(top_srcdir)/configure AUTHORS COPYING \
+	ChangeLog INSTALL NEWS config.guess config.sub depcomp \
+	install-sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(sysconfdir)"
+DATA = $(dist_sysconf_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+	$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+	distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d "$(distdir)" \
+    || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr "$(distdir)"; }; }
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy-0.1
+abs_srcdir = /usr/local/src/igmpproxy-0.1
+abs_top_builddir = /usr/local/src/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = i586-pc-linux-gnu
+build_alias = 
+build_cpu = i586
+build_os = linux-gnu
+build_vendor = pc
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = i586-pc-linux-gnu
+host_alias = 
+host_cpu = i586
+host_os = linux-gnu
+host_vendor = pc
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = 
+top_builddir = .
+top_srcdir = .
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh:
+	@:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
+	      $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	$(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in:  $(am__configure_deps) 
+	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-dist_sysconfDATA: $(dist_sysconf_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(sysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sysconfdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \
+	done
+
+uninstall-dist_sysconfDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sysconfdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sysconfdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	test -d "$(distdir)" || mkdir "$(distdir)"
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+		am__skip_mode_fix=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+	-test -n "$(am__skip_mode_fix)" \
+	|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-lzma: distdir
+	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+	$(am__remove_distdir)
+
+dist-xz: distdir
+	tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lzma*) \
+	  unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+	*.tar.xz*) \
+	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	test -d $(distdir)/_build || exit 0; \
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && am__cwd=`pwd` \
+	  && $(am__cd) $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+	  && cd "$$am__cwd" \
+	  || exit 1
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+	@$(am__cd) '$(distuninstallcheck_dir)' \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(DATA) config.h
+installdirs: installdirs-recursive
+installdirs-am:
+	for dir in "$(DESTDIR)$(sysconfdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-dist_sysconfDATA
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-dist_sysconfDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+	ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am am--refresh check check-am clean clean-generic \
+	ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
+	dist-lzma dist-shar dist-tarZ dist-xz dist-zip distcheck \
+	distclean distclean-generic distclean-hdr distclean-tags \
+	distcleancheck distdir distuninstallcheck dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_sysconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	installdirs-am maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \
+	tags-recursive uninstall uninstall-am \
+	uninstall-dist_sysconfDATA
+
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/Makefile.am b/NONE-WF/src/igmpproxy/igmpproxy-0.1/Makefile.am
new file mode 100644
index 0000000..b569f48
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/Makefile.am
@@ -0,0 +1,10 @@
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/Makefile.in b/NONE-WF/src/igmpproxy/igmpproxy-0.1/Makefile.in
new file mode 100644
index 0000000..508f703
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/Makefile.in
@@ -0,0 +1,739 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(dist_sysconf_DATA) \
+	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/config.h.in $(top_srcdir)/configure AUTHORS COPYING \
+	ChangeLog INSTALL NEWS config.guess config.sub depcomp \
+	install-sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(sysconfdir)"
+DATA = $(dist_sysconf_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+	$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+	distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d "$(distdir)" \
+    || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr "$(distdir)"; }; }
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUBDIRS = doc src
+EXTRA_DIST = GPL.txt Stanford.txt
+dist_sysconf_DATA = igmpproxy.conf
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh:
+	@:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
+	      $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	$(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in:  $(am__configure_deps) 
+	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-dist_sysconfDATA: $(dist_sysconf_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(sysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sysconfdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \
+	done
+
+uninstall-dist_sysconfDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sysconfdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sysconfdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	test -d "$(distdir)" || mkdir "$(distdir)"
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+		am__skip_mode_fix=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+	-test -n "$(am__skip_mode_fix)" \
+	|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-lzma: distdir
+	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+	$(am__remove_distdir)
+
+dist-xz: distdir
+	tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lzma*) \
+	  unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+	*.tar.xz*) \
+	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	test -d $(distdir)/_build || exit 0; \
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && am__cwd=`pwd` \
+	  && $(am__cd) $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+	  && cd "$$am__cwd" \
+	  || exit 1
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+	@$(am__cd) '$(distuninstallcheck_dir)' \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(DATA) config.h
+installdirs: installdirs-recursive
+installdirs-am:
+	for dir in "$(DESTDIR)$(sysconfdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-dist_sysconfDATA
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-dist_sysconfDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+	ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am am--refresh check check-am clean clean-generic \
+	ctags ctags-recursive dist dist-all dist-bzip2 dist-gzip \
+	dist-lzma dist-shar dist-tarZ dist-xz dist-zip distcheck \
+	distclean distclean-generic distclean-hdr distclean-tags \
+	distcleancheck distdir distuninstallcheck dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dist_sysconfDATA install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	installdirs-am maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags \
+	tags-recursive uninstall uninstall-am \
+	uninstall-dist_sysconfDATA
+
+
+ChangeLog:
+	git --git-dir=$(srcdir)/.git log > $@
+
+AUTHORS: ChangeLog
+	( echo "Authors and contributors, in alphabetical order: "; echo; \
+	sed -r "s/^Author: (.*)/\1/;t;d" $< | sort -u ) > $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/NEWS b/NONE-WF/src/igmpproxy/igmpproxy-0.1/NEWS
new file mode 100644
index 0000000..fa39cb9
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/NEWS
@@ -0,0 +1,4 @@
+New releases, the Git repository and the bug tracker are accessible
+at project homepage:
+
+	http://sourceforge.net/projects/igmpproxy/
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/README b/NONE-WF/src/igmpproxy/igmpproxy-0.1/README
new file mode 100644
index 0000000..01add8d
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/README
@@ -0,0 +1,10 @@
+IGMPproxy is a simple mulitcast router that only uses the IGMP protocol.
+
+Supported operating systems:
+ - Linux
+ - FreeBSD
+ - NetBSD
+ - OpenBSD
+ - DragonFly BSD
+
+This software is released under the GNU GPL license v2. See details in COPYING.
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/Stanford.txt b/NONE-WF/src/igmpproxy/igmpproxy-0.1/Stanford.txt
new file mode 100644
index 0000000..ef7da47
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/Stanford.txt
@@ -0,0 +1,48 @@
+
+The mrouted program is covered by the following license.  Use of the
+mrouted program represents acceptance of these terms and conditions.
+
+1. STANFORD grants to LICENSEE a nonexclusive and nontransferable license
+to use, copy and modify the computer software ``mrouted'' (hereinafter
+called the ``Program''), upon the terms and conditions hereinafter set
+out and until Licensee discontinues use of the Licensed Program.
+
+2. LICENSEE acknowledges that the Program is a research tool still in
+the development state, that it is being supplied ``as is,'' without any
+accompanying services from STANFORD, and that this license is entered
+into in order to encourage scientific collaboration aimed at further
+development and application of the Program.
+
+3. LICENSEE may copy the Program and may sublicense others to use object
+code copies of the Program or any derivative version of the Program.
+All copies must contain all copyright and other proprietary notices found
+in the Program as provided by STANFORD.  Title to copyright to the
+Program remains with STANFORD.
+
+4. LICENSEE may create derivative versions of the Program.  LICENSEE
+hereby grants STANFORD a royalty-free license to use, copy, modify,
+distribute and sublicense any such derivative works.  At the time
+LICENSEE provides a copy of a derivative version of the Program to a
+third party, LICENSEE shall provide STANFORD with one copy of the source
+code of the derivative version at no charge to STANFORD.
+
+5. STANFORD MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED.
+By way of example, but not limitation, STANFORD MAKES NO REPRESENTATION
+OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR
+THAT THE USE OF THE LICENSED PROGRAM WILL NOT INFRINGE ANY PATENTS,
+COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. STANFORD shall not be held liable
+for any liability nor for any direct, indirect or consequential damages
+with respect to any claim by LICENSEE or any third party on account of or
+arising from this Agreement or use of the Program.
+
+6. This agreement shall be construed, interpreted and applied in
+accordance with the State of California and any legal action arising
+out of this Agreement or use of the Program shall be filed in a court
+in the State of California.
+
+7. Nothing in this Agreement shall be construed as conferring rights to
+use in advertising, publicity or otherwise any trademark or the name
+of ``Stanford''.
+
+The mrouted program is COPYRIGHT 1989 by The Board of Trustees of
+Leland Stanford Junior University.
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/aclocal.m4 b/NONE-WF/src/igmpproxy/igmpproxy-0.1/aclocal.m4
new file mode 100644
index 0000000..9304f88
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/aclocal.m4
@@ -0,0 +1,951 @@
+# generated automatically by aclocal 1.11 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2007, 2008, 2009  Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.63],,
+[m4_warning([this file was generated for autoconf 2.63.
+You have another version of autoconf.  It may work, but is not guaranteed to.
+If you have problems, you may need to regenerate the build system entirely.
+To do so, use the procedure documented by the package, typically `autoreconf'.])])
+
+# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+# (This private macro should not be called outside this file.)
+AC_DEFUN([AM_AUTOMAKE_VERSION],
+[am__api_version='1.11'
+dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+dnl require some minimum version.  Point them to the right macro.
+m4_if([$1], [1.11], [],
+      [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+])
+
+# _AM_AUTOCONF_VERSION(VERSION)
+# -----------------------------
+# aclocal traces this macro to find the Autoconf version.
+# This is a private macro too.  Using m4_define simplifies
+# the logic in aclocal, which can simply ignore this definition.
+m4_define([_AM_AUTOCONF_VERSION], [])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+[AM_AUTOMAKE_VERSION([1.11])dnl
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+
+# AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'.  In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory.  The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run.  This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+#    fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+#    fails if $ac_aux_dir is absolute,
+#    fails when called from a subdirectory in a VPATH build with
+#          a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir.  In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir.  That would be:
+#   am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+#   MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH.  The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL                                            -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 9
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
+	[$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
+if $2; then
+  $1_TRUE=
+  $1_FALSE='#'
+else
+  $1_TRUE='#'
+  $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+  AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 10
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery.  Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC,   [depcc="$CC"   am_compiler_list=],
+       [$1], CXX,  [depcc="$CXX"  am_compiler_list=],
+       [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+       [$1], UPC,  [depcc="$UPC"  am_compiler_list=],
+       [$1], GCJ,  [depcc="$GCJ"  am_compiler_list='gcc3 gcc'],
+                   [depcc="$$1"   am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+               [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_$1_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+  fi
+  am__universal=false
+  m4_case([$1], [CC],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac],
+    [CXX],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac])
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_$1_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
+])
+
+# Generate code to set up dependency tracking.              -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 5
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[{
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`AS_DIRNAME("$mf")`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`AS_DIRNAME(["$file"])`
+      AS_MKDIR_P([$dirpart/$fdir])
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled.  FIXME.  This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+     [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+     [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Do all the work for Automake.                             -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2008, 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 16
+
+# This macro actually does too much.  Some checks are only needed if
+# your package does certain things.  But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out.  PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition.  After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.62])dnl
+dnl Autoconf wants to disallow AM_ names.  We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
+m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
+  [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+	      [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+			     [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+		  [_AM_DEPENDENCIES(CC)],
+		  [define([AC_PROG_CC],
+			  defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+		  [_AM_DEPENDENCIES(CXX)],
+		  [define([AC_PROG_CXX],
+			  defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_OBJC],
+		  [_AM_DEPENDENCIES(OBJC)],
+		  [define([AC_PROG_OBJC],
+			  defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
+])
+_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl
+dnl The `parallel-tests' driver may need to know about EXEEXT, so add the
+dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen.  This macro
+dnl is hooked onto _AC_COMPILER_EXEEXT early, see below.
+AC_CONFIG_COMMANDS_PRE(dnl
+[m4_provide_if([_AM_COMPILER_EXEEXT],
+  [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
+])
+
+dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion.  Do not
+dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
+dnl mangled by Autoconf and run in a shell conditional statement.
+m4_define([_AC_COMPILER_EXEEXT],
+m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated.  The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_arg=$1
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+if test x"${install_sh}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot.  For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Check to see how 'make' treats includes.	            -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2009  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 6
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([missing])dnl
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check for `mkdir -p'.
+AC_DEFUN([AM_PROG_MKDIR_P],
+[AC_PREREQ([2.60])dnl
+AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+dnl Automake 1.8 to 1.9.6 used to define mkdir_p.  We now use MKDIR_P,
+dnl while keeping a definition of mkdir_p for backward compatibility.
+dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
+dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
+dnl Makefile.ins that do not define MKDIR_P, so we do our own
+dnl adjustment using top_builddir (which is defined more often than
+dnl MKDIR_P).
+AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
+case $mkdir_p in
+  [[\\/$]]* | ?:[[\\/]]*) ;;
+  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+])
+
+# Helper functions for option handling.                     -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME.  Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Check to make sure that the build environment is sane.    -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[[\\\"\#\$\&\'\`$am_lf]]*)
+    AC_MSG_ERROR([unsafe absolute working directory name]);;
+esac
+case $srcdir in
+  *[[\\\"\#\$\&\'\`$am_lf\ \	]]*)
+    AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+   if test "$[*]" = "X"; then
+      # -L didn't work.
+      set X `ls -t "$srcdir/configure" conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$[*]" != "X $srcdir/configure conftest.file" \
+      && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      AC_MSG_ERROR([ls -t appears to fail.  Make sure there is not a broken
+alias in your environment])
+   fi
+
+   test "$[2]" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries.  This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+  AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Copyright (C) 2006, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
+# This macro is traced by Automake.
+AC_DEFUN([_AM_SUBST_NOTMAKE])
+
+# AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Public sister of _AM_SUBST_NOTMAKE.
+AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+
+# Check how to create a tarball.                            -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+#     tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+#     $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+     [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+     [m4_case([$1], [ustar],, [pax],,
+              [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+  case $_am_tool in
+  gnutar)
+    for _am_tar in tar gnutar gtar;
+    do
+      AM_RUN_LOG([$_am_tar --version]) && break
+    done
+    am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+    am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+    am__untar="$_am_tar -xf -"
+    ;;
+  plaintar)
+    # Must skip GNU tar: if it does not support --format= it doesn't create
+    # ustar tarball either.
+    (tar --version) >/dev/null 2>&1 && continue
+    am__tar='tar chf - "$$tardir"'
+    am__tar_='tar chf - "$tardir"'
+    am__untar='tar xf -'
+    ;;
+  pax)
+    am__tar='pax -L -x $1 -w "$$tardir"'
+    am__tar_='pax -L -x $1 -w "$tardir"'
+    am__untar='pax -r'
+    ;;
+  cpio)
+    am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+    am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+    am__untar='cpio -i -H $1 -d'
+    ;;
+  none)
+    am__tar=false
+    am__tar_=false
+    am__untar=false
+    ;;
+  esac
+
+  # If the value was cached, stop now.  We just wanted to have am__tar
+  # and am__untar set.
+  test -n "${am_cv_prog_tar_$1}" && break
+
+  # tar/untar a dummy directory, and stop if the command works
+  rm -rf conftest.dir
+  mkdir conftest.dir
+  echo GrepMe > conftest.dir/file
+  AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+  rm -rf conftest.dir
+  if test -s conftest.tar; then
+    AM_RUN_LOG([$am__untar <conftest.tar])
+    grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+  fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.guess b/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.guess
new file mode 100755
index 0000000..12734a7
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.guess
@@ -0,0 +1,1554 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-08-19'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner.  Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+case "${UNAME_SYSTEM}" in
+Linux|GNU/*)
+	eval $set_cc_for_build
+	cat << EOF > $dummy.c
+	#include <features.h>
+	#ifdef __UCLIBC__
+	# ifdef __UCLIBC_CONFIG_VERSION__
+	LIBC=uclibc __UCLIBC_CONFIG_VERSION__
+	# else
+	LIBC=uclibc
+	# endif
+	#else
+	LIBC=gnu
+	#endif
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep LIBC= | sed -e 's: ::g'`
+	;;
+esac
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep -q __ELF__
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    s390x:SunOS:*:*)
+	echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+	eval $set_cc_for_build
+	SUN_ARCH="i386"
+	# If there is a compiler, see if it is configured for 64-bit objects.
+	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+	# This test works for both compilers.
+	if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+		(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+		grep IS_64BIT_ARCH >/dev/null
+	    then
+		SUN_ARCH="x86_64"
+	    fi
+	fi
+	echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[456])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep -q __LP64__
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86)
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd | genuineintel)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	    IA64)
+		echo ia64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    8664:Windows_NT:*)
+	echo x86_64-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    arm*:Linux:*:*)
+	eval $set_cc_for_build
+	if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+	    | grep -q __ARM_EABI__
+	then
+	    echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	else
+	    echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
+	fi
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-${LIBC}
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-${LIBC}
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-${LIBC}
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    mips:Linux:*:* | mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef ${UNAME_MACHINE}
+	#undef ${UNAME_MACHINE}el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=${UNAME_MACHINE}el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=${UNAME_MACHINE}
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^CPU/{
+		s: ::g
+		p
+	    }'`"
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-${LIBC}
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-${LIBC}
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-${LIBC}
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep -q ld.so.1
+	if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    padre:Linux:*:*)
+	echo sparc-unknown-linux-${LIBC}
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
+	  PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
+	  *)    echo hppa-unknown-linux-${LIBC} ;;
+	esac
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-${LIBC}
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-${LIBC}
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-${LIBC}
+	exit ;;
+    xtensa*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
+	exit ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Set LC_ALL=C to ensure ld outputs messages in English.
+	ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-${LIBC}"
+		;;
+	esac
+	# This should get integrated into the C code below, but now we hack
+	if [ "$LIBC" != "gnu" ] ; then echo "$TENTATIVE" && exit 0 ; fi
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
+	    /^LIBC/{
+		s: ::g
+		p
+	    }'`"
+	test x"${LIBC}" != x && {
+		echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+		exit
+	}
+	test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i586.
+	# Note: whatever this is, it MUST be the same as what config.sub
+	# prints for the "djgpp" host, or else GDB configury will decide that
+	# this is a cross-build.
+	echo i586-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+	OS_REL='.3'
+	test -r /etc/.relid \
+	    && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	    && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <Richard.M.Bartel@ccMail.Census.GOV>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    BePC:Haiku:*:*)	# Haiku running on Intel PC compatible.
+	echo i586-pc-haiku
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+    i*86:AROS:*:*)
+	echo ${UNAME_MACHINE}-pc-aros
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.h b/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.h
new file mode 100644
index 0000000..f438e80
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.h
@@ -0,0 +1,29 @@
+/* config.h.  Generated from config.h.in by configure.  */
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if `sin_len' is member of `struct sockaddr_in'. */
+/* #undef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN */
+
+/* Define to 1 if `sa_len' is member of `struct sockaddr'. */
+/* #undef HAVE_STRUCT_SOCKADDR_SA_LEN */
+
+/* Name of package */
+#define PACKAGE "igmpproxy"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT ""
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "igmpproxy"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "igmpproxy 0.1"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "igmpproxy"
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "0.1"
+
+/* Version number of package */
+#define VERSION "0.1"
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.h.in b/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.h.in
new file mode 100644
index 0000000..bb6a90d
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.h.in
@@ -0,0 +1,28 @@
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if `sin_len' is member of `struct sockaddr_in'. */
+#undef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
+
+/* Define to 1 if `sa_len' is member of `struct sockaddr'. */
+#undef HAVE_STRUCT_SOCKADDR_SA_LEN
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Version number of package */
+#undef VERSION
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.log b/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.log
new file mode 100644
index 0000000..11ca199
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.log
@@ -0,0 +1,559 @@
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by igmpproxy configure 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  $ ./configure --prefix=/usr/local/igmpproxy-0.1
+
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = gw-flr
+uname -m = i586
+uname -r = 3.2.0-4-486
+uname -s = Linux
+uname -v = #1 Debian 3.2.41-2
+
+/usr/bin/uname -p = unknown
+/bin/uname -X     = unknown
+
+/bin/arch              = unknown
+/usr/bin/arch -k       = unknown
+/usr/convex/getsysinfo = unknown
+/usr/bin/hostinfo      = unknown
+/bin/machine           = unknown
+/usr/bin/oslevel       = unknown
+/bin/universe          = unknown
+
+PATH: /root/bin
+PATH: /usr/local/sbin
+PATH: /usr/local/bin
+PATH: /usr/sbin
+PATH: /usr/bin
+PATH: /sbin
+PATH: /bin
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+configure:1839: checking for a BSD-compatible install
+configure:1907: result: /usr/bin/install -c
+configure:1918: checking whether build environment is sane
+configure:1978: result: yes
+configure:2119: checking for a thread-safe mkdir -p
+configure:2158: result: /bin/mkdir -p
+configure:2171: checking for gawk
+configure:2187: found /usr/bin/gawk
+configure:2198: result: gawk
+configure:2209: checking whether make sets $(MAKE)
+configure:2231: result: yes
+configure:2328: checking for style of include used by make
+configure:2356: result: GNU
+configure:2426: checking for gcc
+configure:2442: found /usr/bin/gcc
+configure:2453: result: gcc
+configure:2685: checking for C compiler version
+configure:2693: gcc --version >&5
+gcc (Debian 4.7.2-5) 4.7.2
+Copyright (C) 2012 Free Software Foundation, Inc.
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+configure:2697: $? = 0
+configure:2704: gcc -v >&5
+Using built-in specs.
+COLLECT_GCC=gcc
+COLLECT_LTO_WRAPPER=/usr/lib/gcc/i486-linux-gnu/4.7/lto-wrapper
+Target: i486-linux-gnu
+Configured with: ../src/configure -v --with-pkgversion='Debian 4.7.2-5' --with-bugurl=file:///usr/share/doc/gcc-4.7/README.Bugs --enable-languages=c,c++,go,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.7 --enable-shared --enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.7 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --enable-plugin --enable-objc-gc --enable-targets=all --with-arch-32=i586 --with-tune=generic --enable-checking=release --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu
+Thread model: posix
+gcc version 4.7.2 (Debian 4.7.2-5) 
+configure:2708: $? = 0
+configure:2715: gcc -V >&5
+gcc: error: unrecognized command line option '-V'
+gcc: fatal error: no input files
+compilation terminated.
+configure:2719: $? = 4
+configure:2742: checking for C compiler default output file name
+configure:2764: gcc    conftest.c  >&5
+configure:2768: $? = 0
+configure:2806: result: a.out
+configure:2825: checking whether the C compiler works
+configure:2835: ./a.out
+configure:2839: $? = 0
+configure:2858: result: yes
+configure:2865: checking whether we are cross compiling
+configure:2867: result: no
+configure:2870: checking for suffix of executables
+configure:2877: gcc -o conftest    conftest.c  >&5
+configure:2881: $? = 0
+configure:2907: result: 
+configure:2913: checking for suffix of object files
+configure:2939: gcc -c   conftest.c >&5
+configure:2943: $? = 0
+configure:2968: result: o
+configure:2972: checking whether we are using the GNU C compiler
+configure:3001: gcc -c   conftest.c >&5
+configure:3008: $? = 0
+configure:3025: result: yes
+configure:3034: checking whether gcc accepts -g
+configure:3064: gcc -c -g  conftest.c >&5
+configure:3071: $? = 0
+configure:3172: result: yes
+configure:3189: checking for gcc option to accept ISO C89
+configure:3263: gcc  -c -g -O2  conftest.c >&5
+configure:3270: $? = 0
+configure:3293: result: none needed
+configure:3313: checking dependency style of gcc
+configure:3423: result: gcc3
+configure:3438: checking for gcc option to accept ISO C99
+configure:3597: gcc  -c -g -O2  conftest.c >&5
+conftest.c:60:29: error: expected ';', ',' or ')' before 'text'
+conftest.c: In function 'main':
+conftest.c:114:18: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'newvar'
+conftest.c:114:18: error: 'newvar' undeclared (first use in this function)
+conftest.c:114:18: note: each undeclared identifier is reported only once for each function it appears in
+conftest.c:124:3: error: 'for' loop initial declarations are only allowed in C99 mode
+conftest.c:124:3: note: use option -std=c99 or -std=gnu99 to compile your code
+configure:3604: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| #include <stdarg.h>
+| #include <stdbool.h>
+| #include <stdlib.h>
+| #include <wchar.h>
+| #include <stdio.h>
+| 
+| // Check varargs macros.  These examples are taken from C99 6.10.3.5.
+| #define debug(...) fprintf (stderr, __VA_ARGS__)
+| #define showlist(...) puts (#__VA_ARGS__)
+| #define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+| static void
+| test_varargs_macros (void)
+| {
+|   int x = 1234;
+|   int y = 5678;
+|   debug ("Flag");
+|   debug ("X = %d\n", x);
+|   showlist (The first, second, and third items.);
+|   report (x>y, "x is %d but y is %d", x, y);
+| }
+| 
+| // Check long long types.
+| #define BIG64 18446744073709551615ull
+| #define BIG32 4294967295ul
+| #define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+| #if !BIG_OK
+|   your preprocessor is broken;
+| #endif
+| #if BIG_OK
+| #else
+|   your preprocessor is broken;
+| #endif
+| static long long int bignum = -9223372036854775807LL;
+| static unsigned long long int ubignum = BIG64;
+| 
+| struct incomplete_array
+| {
+|   int datasize;
+|   double data[];
+| };
+| 
+| struct named_init {
+|   int number;
+|   const wchar_t *name;
+|   double average;
+| };
+| 
+| typedef const char *ccp;
+| 
+| static inline int
+| test_restrict (ccp restrict text)
+| {
+|   // See if C++-style comments work.
+|   // Iterate through items via the restricted pointer.
+|   // Also check for declarations in for loops.
+|   for (unsigned int i = 0; *(text+i) != '\0'; ++i)
+|     continue;
+|   return 0;
+| }
+| 
+| // Check varargs and va_copy.
+| static void
+| test_varargs (const char *format, ...)
+| {
+|   va_list args;
+|   va_start (args, format);
+|   va_list args_copy;
+|   va_copy (args_copy, args);
+| 
+|   const char *str;
+|   int number;
+|   float fnumber;
+| 
+|   while (*format)
+|     {
+|       switch (*format++)
+| 	{
+| 	case 's': // string
+| 	  str = va_arg (args_copy, const char *);
+| 	  break;
+| 	case 'd': // int
+| 	  number = va_arg (args_copy, int);
+| 	  break;
+| 	case 'f': // float
+| 	  fnumber = va_arg (args_copy, double);
+| 	  break;
+| 	default:
+| 	  break;
+| 	}
+|     }
+|   va_end (args_copy);
+|   va_end (args);
+| }
+| 
+| int
+| main ()
+| {
+| 
+|   // Check bool.
+|   _Bool success = false;
+| 
+|   // Check restrict.
+|   if (test_restrict ("String literal") == 0)
+|     success = true;
+|   char *restrict newvar = "Another string";
+| 
+|   // Check varargs.
+|   test_varargs ("s, d' f .", "string", 65, 34.234);
+|   test_varargs_macros ();
+| 
+|   // Check flexible array members.
+|   struct incomplete_array *ia =
+|     malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+|   ia->datasize = 10;
+|   for (int i = 0; i < ia->datasize; ++i)
+|     ia->data[i] = i * 1.234;
+| 
+|   // Check named initializers.
+|   struct named_init ni = {
+|     .number = 34,
+|     .name = L"Test wide string",
+|     .average = 543.34343,
+|   };
+| 
+|   ni.number = 58;
+| 
+|   int dynamic_array[ni.number];
+|   dynamic_array[ni.number - 1] = 543;
+| 
+|   // work around unused variable warnings
+|   return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
+| 	  || dynamic_array[ni.number - 1] != 543);
+| 
+|   ;
+|   return 0;
+| }
+configure:3597: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+configure:3604: $? = 0
+configure:3634: result: -std=gnu99
+configure:3647: checking build system type
+configure:3665: result: i586-pc-linux-gnu
+configure:3687: checking host system type
+configure:3702: result: i586-pc-linux-gnu
+configure:3738: checking for struct sockaddr.sa_len
+configure:3770: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:12: error: 'struct sockaddr' has no member named 'sa_len'
+configure:3777: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <sys/socket.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr ac_aggr;
+| if (ac_aggr.sa_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3814: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:19: error: 'struct sockaddr' has no member named 'sa_len'
+configure:3821: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <sys/socket.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr ac_aggr;
+| if (sizeof ac_aggr.sa_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3839: result: no
+configure:3850: checking for struct sockaddr_in.sin_len
+configure:3882: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:12: error: 'struct sockaddr_in' has no member named 'sin_len'
+configure:3889: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <netinet/in.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr_in ac_aggr;
+| if (ac_aggr.sin_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3926: gcc -std=gnu99 -c -g -O2  conftest.c >&5
+conftest.c: In function 'main':
+conftest.c:19:19: error: 'struct sockaddr_in' has no member named 'sin_len'
+configure:3933: $? = 1
+configure: failed program was:
+| /* confdefs.h.  */
+| #define PACKAGE_NAME "igmpproxy"
+| #define PACKAGE_TARNAME "igmpproxy"
+| #define PACKAGE_VERSION "0.1"
+| #define PACKAGE_STRING "igmpproxy 0.1"
+| #define PACKAGE_BUGREPORT ""
+| #define PACKAGE "igmpproxy"
+| #define VERSION "0.1"
+| /* end confdefs.h.  */
+| 
+| #include <sys/types.h>
+| #include <netinet/in.h>
+| 
+| 
+| int
+| main ()
+| {
+| static struct sockaddr_in ac_aggr;
+| if (sizeof ac_aggr.sin_len)
+| return 0;
+|   ;
+|   return 0;
+| }
+configure:3951: result: no
+configure:4089: creating ./config.status
+
+## ---------------------- ##
+## Running config.status. ##
+## ---------------------- ##
+
+This file was extended by igmpproxy config.status 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = 
+  CONFIG_HEADERS  = 
+  CONFIG_LINKS    = 
+  CONFIG_COMMANDS = 
+  $ ./config.status 
+
+on gw-flr
+
+config.status:776: creating Makefile
+config.status:776: creating doc/Makefile
+config.status:776: creating src/Makefile
+config.status:776: creating doc/igmpproxy.8
+config.status:776: creating doc/igmpproxy.conf.5
+config.status:776: creating config.h
+config.status:1062: linking src/os-linux.h to src/os.h
+config.status:1085: executing depfiles commands
+
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+
+ac_cv_build=i586-pc-linux-gnu
+ac_cv_c_compiler_gnu=yes
+ac_cv_env_CC_set=
+ac_cv_env_CC_value=
+ac_cv_env_CFLAGS_set=
+ac_cv_env_CFLAGS_value=
+ac_cv_env_CPPFLAGS_set=
+ac_cv_env_CPPFLAGS_value=
+ac_cv_env_LDFLAGS_set=
+ac_cv_env_LDFLAGS_value=
+ac_cv_env_LIBS_set=
+ac_cv_env_LIBS_value=
+ac_cv_env_build_alias_set=
+ac_cv_env_build_alias_value=
+ac_cv_env_host_alias_set=
+ac_cv_env_host_alias_value=
+ac_cv_env_target_alias_set=
+ac_cv_env_target_alias_value=
+ac_cv_host=i586-pc-linux-gnu
+ac_cv_member_struct_sockaddr_in_sin_len=no
+ac_cv_member_struct_sockaddr_sa_len=no
+ac_cv_objext=o
+ac_cv_path_install='/usr/bin/install -c'
+ac_cv_path_mkdir=/bin/mkdir
+ac_cv_prog_AWK=gawk
+ac_cv_prog_ac_ct_CC=gcc
+ac_cv_prog_cc_c89=
+ac_cv_prog_cc_c99=-std=gnu99
+ac_cv_prog_cc_g=yes
+ac_cv_prog_make_make_set=yes
+am_cv_CC_dependencies_compiler_type=gcc3
+
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+
+ACLOCAL='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run aclocal-1.11'
+AMDEPBACKSLASH='\'
+AMDEP_FALSE='#'
+AMDEP_TRUE=''
+AMTAR='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run tar'
+AUTOCONF='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoconf'
+AUTOHEADER='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoheader'
+AUTOMAKE='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run automake-1.11'
+AWK='gawk'
+CC='gcc -std=gnu99'
+CCDEPMODE='depmode=gcc3'
+CFLAGS='-g -O2'
+CPPFLAGS=''
+CYGPATH_W='echo'
+DEFS='-DHAVE_CONFIG_H'
+DEPDIR='.deps'
+ECHO_C=''
+ECHO_N='-n'
+ECHO_T=''
+EXEEXT=''
+INSTALL_DATA='${INSTALL} -m 644'
+INSTALL_PROGRAM='${INSTALL}'
+INSTALL_SCRIPT='${INSTALL}'
+INSTALL_STRIP_PROGRAM='$(install_sh) -c -s'
+LDFLAGS=''
+LIBOBJS=''
+LIBS=''
+LTLIBOBJS=''
+MAKEINFO='${SHELL} /usr/local/src/igmpproxy-0.1/missing --run makeinfo'
+MKDIR_P='/bin/mkdir -p'
+OBJEXT='o'
+PACKAGE='igmpproxy'
+PACKAGE_BUGREPORT=''
+PACKAGE_NAME='igmpproxy'
+PACKAGE_STRING='igmpproxy 0.1'
+PACKAGE_TARNAME='igmpproxy'
+PACKAGE_VERSION='0.1'
+PATH_SEPARATOR=':'
+SET_MAKE=''
+SHELL='/bin/sh'
+STRIP=''
+VERSION='0.1'
+ac_ct_CC='gcc'
+am__EXEEXT_FALSE=''
+am__EXEEXT_TRUE='#'
+am__fastdepCC_FALSE='#'
+am__fastdepCC_TRUE=''
+am__include='include'
+am__isrc=''
+am__leading_dot='.'
+am__quote=''
+am__tar='${AMTAR} chof - "$$tardir"'
+am__untar='${AMTAR} xf -'
+bindir='${exec_prefix}/bin'
+build='i586-pc-linux-gnu'
+build_alias=''
+build_cpu='i586'
+build_os='linux-gnu'
+build_vendor='pc'
+datadir='${datarootdir}'
+datarootdir='${prefix}/share'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+dvidir='${docdir}'
+exec_prefix='${prefix}'
+host='i586-pc-linux-gnu'
+host_alias=''
+host_cpu='i586'
+host_os='linux-gnu'
+host_vendor='pc'
+htmldir='${docdir}'
+includedir='${prefix}/include'
+infodir='${datarootdir}/info'
+install_sh='${SHELL} /usr/local/src/igmpproxy-0.1/install-sh'
+libdir='${exec_prefix}/lib'
+libexecdir='${exec_prefix}/libexec'
+localedir='${datarootdir}/locale'
+localstatedir='${prefix}/var'
+mandir='${datarootdir}/man'
+mkdir_p='/bin/mkdir -p'
+oldincludedir='/usr/include'
+pdfdir='${docdir}'
+prefix='/usr/local/igmpproxy-0.1'
+program_transform_name='s,x,x,'
+psdir='${docdir}'
+sbindir='${exec_prefix}/sbin'
+sharedstatedir='${prefix}/com'
+sysconfdir='${prefix}/etc'
+target_alias=''
+
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+
+#define PACKAGE_NAME "igmpproxy"
+#define PACKAGE_TARNAME "igmpproxy"
+#define PACKAGE_VERSION "0.1"
+#define PACKAGE_STRING "igmpproxy 0.1"
+#define PACKAGE_BUGREPORT ""
+#define PACKAGE "igmpproxy"
+#define VERSION "0.1"
+
+configure: exit 0
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.status b/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.status
new file mode 100755
index 0000000..e2e807e
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.status
@@ -0,0 +1,1232 @@
+#! /bin/sh
+# Generated by configure.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=${CONFIG_SHELL-/bin/sh}
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+
+# Save the log message, to keep $[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+# Files that config.status was made for.
+config_files=" Makefile doc/Makefile src/Makefile doc/igmpproxy.8 doc/igmpproxy.conf.5"
+config_headers=" config.h"
+config_links=" src/os.h:src/os-linux.h"
+config_commands=" depfiles"
+
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTION]... [FILE]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration links:
+$config_links
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-autoconf@gnu.org>."
+
+ac_cs_version="\
+igmpproxy config.status 0.1
+configured by ./configure, generated by GNU Autoconf 2.63,
+  with options \"'--prefix=/usr/local/igmpproxy-0.1'\"
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='/usr/local/src/igmpproxy-0.1'
+srcdir='.'
+INSTALL='/usr/bin/install -c'
+MKDIR_P='/bin/mkdir -p'
+AWK='gawk'
+test -n "$AWK" || AWK=awk
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_FILES="$CONFIG_FILES '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_HEADERS="$CONFIG_HEADERS '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    { $as_echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; };;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) { $as_echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; } ;;
+
+  *) ac_config_targets="$ac_config_targets $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+if $ac_cs_recheck; then
+  set X '/bin/sh' './configure'  '--prefix=/usr/local/igmpproxy-0.1' $ac_configure_extra_args --no-create --no-recursion
+  shift
+  $as_echo "running CONFIG_SHELL=/bin/sh $*" >&6
+  CONFIG_SHELL='/bin/sh'
+  export CONFIG_SHELL
+  exec "$@"
+fi
+
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="" ac_aux_dir="."
+
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+    "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+    "src/os.h") CONFIG_LINKS="$CONFIG_LINKS src/os.h:src/os-${os}.h" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+    "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+    "doc/igmpproxy.8") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.8" ;;
+    "doc/igmpproxy.conf.5") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.conf.5" ;;
+
+  *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_LINKS+set}" = set || CONFIG_LINKS=$config_links
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp=
+  trap 'exit_status=$?
+  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+  trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} ||
+{
+   $as_echo "$as_me: cannot create a temporary directory in ." >&2
+   { (exit 1); exit 1; }
+}
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr='
'
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+cat >>"$tmp/subs1.awk" <<\_ACAWK &&
+S["am__EXEEXT_FALSE"]=""
+S["am__EXEEXT_TRUE"]="#"
+S["LTLIBOBJS"]=""
+S["LIBOBJS"]=""
+S["host_os"]="linux-gnu"
+S["host_vendor"]="pc"
+S["host_cpu"]="i586"
+S["host"]="i586-pc-linux-gnu"
+S["build_os"]="linux-gnu"
+S["build_vendor"]="pc"
+S["build_cpu"]="i586"
+S["build"]="i586-pc-linux-gnu"
+S["am__fastdepCC_FALSE"]="#"
+S["am__fastdepCC_TRUE"]=""
+S["CCDEPMODE"]="depmode=gcc3"
+S["AMDEPBACKSLASH"]="\\"
+S["AMDEP_FALSE"]="#"
+S["AMDEP_TRUE"]=""
+S["am__quote"]=""
+S["am__include"]="include"
+S["DEPDIR"]=".deps"
+S["OBJEXT"]="o"
+S["EXEEXT"]=""
+S["ac_ct_CC"]="gcc"
+S["CPPFLAGS"]=""
+S["LDFLAGS"]=""
+S["CFLAGS"]="-g -O2"
+S["CC"]="gcc -std=gnu99"
+S["am__untar"]="${AMTAR} xf -"
+S["am__tar"]="${AMTAR} chof - \"$$tardir\""
+S["AMTAR"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run tar"
+S["am__leading_dot"]="."
+S["SET_MAKE"]=""
+S["AWK"]="gawk"
+S["mkdir_p"]="/bin/mkdir -p"
+S["MKDIR_P"]="/bin/mkdir -p"
+S["INSTALL_STRIP_PROGRAM"]="$(install_sh) -c -s"
+S["STRIP"]=""
+S["install_sh"]="${SHELL} /usr/local/src/igmpproxy-0.1/install-sh"
+S["MAKEINFO"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run makeinfo"
+S["AUTOHEADER"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoheader"
+S["AUTOMAKE"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run automake-1.11"
+S["AUTOCONF"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoconf"
+S["ACLOCAL"]="${SHELL} /usr/local/src/igmpproxy-0.1/missing --run aclocal-1.11"
+S["VERSION"]="0.1"
+S["PACKAGE"]="igmpproxy"
+S["CYGPATH_W"]="echo"
+S["am__isrc"]=""
+S["INSTALL_DATA"]="${INSTALL} -m 644"
+S["INSTALL_SCRIPT"]="${INSTALL}"
+S["INSTALL_PROGRAM"]="${INSTALL}"
+S["target_alias"]=""
+S["host_alias"]=""
+S["build_alias"]=""
+S["LIBS"]=""
+S["ECHO_T"]=""
+S["ECHO_N"]="-n"
+S["ECHO_C"]=""
+S["DEFS"]="-DHAVE_CONFIG_H"
+S["mandir"]="${datarootdir}/man"
+S["localedir"]="${datarootdir}/locale"
+S["libdir"]="${exec_prefix}/lib"
+S["psdir"]="${docdir}"
+S["pdfdir"]="${docdir}"
+S["dvidir"]="${docdir}"
+S["htmldir"]="${docdir}"
+S["infodir"]="${datarootdir}/info"
+S["docdir"]="${datarootdir}/doc/${PACKAGE_TARNAME}"
+S["oldincludedir"]="/usr/include"
+S["includedir"]="${prefix}/include"
+S["localstatedir"]="${prefix}/var"
+S["sharedstatedir"]="${prefix}/com"
+S["sysconfdir"]="${prefix}/etc"
+S["datadir"]="${datarootdir}"
+S["datarootdir"]="${prefix}/share"
+S["libexecdir"]="${exec_prefix}/libexec"
+S["sbindir"]="${exec_prefix}/sbin"
+S["bindir"]="${exec_prefix}/bin"
+S["program_transform_name"]="s,x,x,"
+S["prefix"]="/usr/local/igmpproxy-0.1"
+S["exec_prefix"]="${prefix}"
+S["PACKAGE_BUGREPORT"]=""
+S["PACKAGE_STRING"]="igmpproxy 0.1"
+S["PACKAGE_VERSION"]="0.1"
+S["PACKAGE_TARNAME"]="igmpproxy"
+S["PACKAGE_NAME"]="igmpproxy"
+S["PATH_SEPARATOR"]=":"
+S["SHELL"]="/bin/sh"
+_ACAWK
+cat >>"$tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+  || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5
+$as_echo "$as_me: error: could not setup config files machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+D["PACKAGE_NAME"]=" \"igmpproxy\""
+D["PACKAGE_TARNAME"]=" \"igmpproxy\""
+D["PACKAGE_VERSION"]=" \"0.1\""
+D["PACKAGE_STRING"]=" \"igmpproxy 0.1\""
+D["PACKAGE_BUGREPORT"]=" \"\""
+D["PACKAGE"]=" \"igmpproxy\""
+D["VERSION"]=" \"0.1\""
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+[_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ][_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]*([\t (]|$)/ {
+  line = $ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+  { { $as_echo "$as_me:$LINENO: error: could not setup config headers machinery" >&5
+$as_echo "$as_me: error: could not setup config headers machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS  :L $CONFIG_LINKS  :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: invalid tag $ac_tag" >&5
+$as_echo "$as_me: error: invalid tag $ac_tag" >&2;}
+   { (exit 1); exit 1; }; };;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
+$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;}
+   { (exit 1); exit 1; }; };;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      ac_file_inputs="$ac_file_inputs '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:$LINENO: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$tmp/stdin" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; } ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  { as_dir="$ac_dir"
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+  ac_MKDIR_P=$MKDIR_P
+  case $MKDIR_P in
+  [\\/$]* | ?:[\\/]* ) ;;
+  */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+  esac
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p
+'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+  ac_datarootdir_hack='
+  s&@datadir@&${datarootdir}&g
+  s&@docdir@&${datarootdir}/doc/${PACKAGE_TARNAME}&g
+  s&@infodir@&${datarootdir}/info&g
+  s&@localedir@&${datarootdir}/locale&g
+  s&@mandir@&${datarootdir}/man&g
+    s&\${datarootdir}&${prefix}/share&g' ;;
+esac
+ac_sed_extra="/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[	 ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[	 ]*$//
+}
+
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&2;}
+
+  rm -f "$tmp/stdin"
+  case $ac_file in
+  -) cat "$tmp/out" && rm -f "$tmp/out";;
+  *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+  esac \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+    } >"$tmp/config.h" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$tmp/config.h" "$ac_file" \
+	|| { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create -" >&5
+$as_echo "$as_me: error: could not create -" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$_am_arg" : 'X\(//\)[^/]' \| \
+	 X"$_am_arg" : 'X\(//\)$' \| \
+	 X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+  :L)
+  #
+  # CONFIG_LINK
+  #
+
+  if test "$ac_source" = "$ac_file" && test "$srcdir" = '.'; then
+    :
+  else
+    # Prefer the file from the source tree if names are identical.
+    if test "$ac_source" = "$ac_file" || test ! -r "$ac_source"; then
+      ac_source=$srcdir/$ac_source
+    fi
+
+    { $as_echo "$as_me:$LINENO: linking $ac_source to $ac_file" >&5
+$as_echo "$as_me: linking $ac_source to $ac_file" >&6;}
+
+    if test ! -r "$ac_source"; then
+      { { $as_echo "$as_me:$LINENO: error: $ac_source: file not found" >&5
+$as_echo "$as_me: error: $ac_source: file not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    rm -f "$ac_file"
+
+    # Try a relative symlink, then a hard link, then a copy.
+    case $srcdir in
+    [\\/$]* | ?:[\\/]* ) ac_rel_source=$ac_source ;;
+	*) ac_rel_source=$ac_top_build_prefix$ac_source ;;
+    esac
+    ln -s "$ac_rel_source" "$ac_file" 2>/dev/null ||
+      ln "$ac_source" "$ac_file" 2>/dev/null ||
+      cp -p "$ac_source" "$ac_file" ||
+      { { $as_echo "$as_me:$LINENO: error: cannot link or copy $ac_source to $ac_file" >&5
+$as_echo "$as_me: error: cannot link or copy $ac_source to $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+ ;;
+  :C)  { $as_echo "$as_me:$LINENO: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
+
+
+  case $ac_file$ac_mode in
+    "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$mf" : 'X\(//\)[^/]' \| \
+	 X"$mf" : 'X\(//\)$' \| \
+	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$file" : 'X\(//\)[^/]' \| \
+	 X"$file" : 'X\(//\)$' \| \
+	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      { as_dir=$dirpart/$fdir
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+ ;;
+
+  esac
+done # for ac_tag
+
+
+{ (exit 0); exit 0; }
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.sub b/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.sub
new file mode 100755
index 0000000..3243784
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/config.sub
@@ -0,0 +1,1717 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-08-19'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>.  Submit a context
+# diff and a properly formatted GNU ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  kopensolaris*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray | -microblaze)
+		os=
+		basic_machine=$1
+		;;
+        -bluegene*)
+	        os=-cnk
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx | dvp \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| lm32 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep | metag \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64octeon | mips64octeonel \
+	| mips64orion | mips64orionel \
+	| mips64r5900 | mips64r5900el \
+	| mips64vr | mips64vrel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| moxie \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k | z80)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| lm32-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64octeon-* | mips64octeonel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64r5900-* | mips64r5900el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \
+	| tron-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa*-* \
+	| ymp-* \
+	| z8k-* | z80-*)
+		;;
+	# Recognize the basic CPU types without company name, with glob match.
+	xtensa*)
+		basic_machine=$basic_machine-unknown
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aros)
+		basic_machine=i386-pc
+		os=-aros
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	blackfin)
+		basic_machine=bfin-unknown
+		os=-linux
+		;;
+	blackfin-*)
+		basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	bluegene*)
+		basic_machine=powerpc-ibm
+		os=-cnk
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+        cegcc)
+		basic_machine=arm-unknown
+		os=-cegcc
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16)
+		basic_machine=cr16-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	dicos)
+		basic_machine=i686-pc
+		os=-dicos
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m68knommu)
+		basic_machine=m68k-unknown
+		os=-linux
+		;;
+	m68knommu-*)
+		basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+        microblaze)
+		basic_machine=microblaze-xilinx
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mipsEE* | ee | ps2)
+		basic_machine=mips64r5900el-scei
+		case $os in
+		    -linux*)
+			;;
+		    *)
+			os=-elf
+			;;
+		esac
+		;;
+	iop)
+		basic_machine=mipsel-scei
+		os=-irx
+		;;
+	dvp)
+		basic_machine=dvp-scei
+		os=-elf
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	parisc)
+		basic_machine=hppa-unknown
+		os=-linux
+		;;
+	parisc-*)
+		basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tile*)
+		basic_machine=tile-unknown
+		os=-linux-gnu
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	z80-*-coff)
+		basic_machine=z80-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -kopensolaris* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* | -aros* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* | -cegcc* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -irx*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-dicos*)
+		os=-dicos
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-cnk*|-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/configure b/NONE-WF/src/igmpproxy/igmpproxy-0.1/configure
new file mode 100755
index 0000000..1314ebf
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/configure
@@ -0,0 +1,5469 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.63 for igmpproxy 0.1.
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+if test "x$CONFIG_SHELL" = x; then
+  if (eval ":") 2>/dev/null; then
+  as_have_required=yes
+else
+  as_have_required=no
+fi
+
+  if test $as_have_required = yes &&	 (eval ":
+(as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0) || { (exit 1); exit 1; }
+
+(
+  as_lineno_1=\$LINENO
+  as_lineno_2=\$LINENO
+  test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" &&
+  test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; }
+") 2> /dev/null; then
+  :
+else
+  as_candidate_shells=
+    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  case $as_dir in
+	 /*)
+	   for as_base in sh bash ksh sh5; do
+	     as_candidate_shells="$as_candidate_shells $as_dir/$as_base"
+	   done;;
+       esac
+done
+IFS=$as_save_IFS
+
+
+      for as_shell in $as_candidate_shells $SHELL; do
+	 # Try only shells that exist, to save several forks.
+	 if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		{ ("$as_shell") 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+_ASEOF
+}; then
+  CONFIG_SHELL=$as_shell
+	       as_have_required=yes
+	       if { "$as_shell" 2> /dev/null <<\_ASEOF
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+:
+(as_func_return () {
+  (exit $1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = "$1" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test $exitcode = 0) || { (exit 1); exit 1; }
+
+(
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; }
+
+_ASEOF
+}; then
+  break
+fi
+
+fi
+
+      done
+
+      if test "x$CONFIG_SHELL" != x; then
+  for as_var in BASH_ENV ENV
+	do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+	done
+	export CONFIG_SHELL
+	exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+fi
+
+
+    if test $as_have_required = no; then
+  echo This script requires a shell more modern than all the
+      echo shells that I found on your system.  Please install a
+      echo modern shell, or manually run the script under such a
+      echo shell if you do have one.
+      { (exit 1); exit 1; }
+fi
+
+
+fi
+
+fi
+
+
+
+(eval "as_func_return () {
+  (exit \$1)
+}
+as_func_success () {
+  as_func_return 0
+}
+as_func_failure () {
+  as_func_return 1
+}
+as_func_ret_success () {
+  return 0
+}
+as_func_ret_failure () {
+  return 1
+}
+
+exitcode=0
+if as_func_success; then
+  :
+else
+  exitcode=1
+  echo as_func_success failed.
+fi
+
+if as_func_failure; then
+  exitcode=1
+  echo as_func_failure succeeded.
+fi
+
+if as_func_ret_success; then
+  :
+else
+  exitcode=1
+  echo as_func_ret_success failed.
+fi
+
+if as_func_ret_failure; then
+  exitcode=1
+  echo as_func_ret_failure succeeded.
+fi
+
+if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
+  :
+else
+  exitcode=1
+  echo positional parameters were not saved.
+fi
+
+test \$exitcode = 0") || {
+  echo No shell found that supports shell functions.
+  echo Please tell bug-autoconf@gnu.org about your system,
+  echo including any error possibly output before this message.
+  echo This can help us improve future autoconf versions.
+  echo Configuration will now proceed without shell functions.
+}
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+
+exec 7<&0 </dev/null 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+# Identity of this package.
+PACKAGE_NAME='igmpproxy'
+PACKAGE_TARNAME='igmpproxy'
+PACKAGE_VERSION='0.1'
+PACKAGE_STRING='igmpproxy 0.1'
+PACKAGE_BUGREPORT=''
+
+ac_unique_file="src/igmpproxy.c"
+ac_subst_vars='am__EXEEXT_FALSE
+am__EXEEXT_TRUE
+LTLIBOBJS
+LIBOBJS
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+am__fastdepCC_FALSE
+am__fastdepCC_TRUE
+CCDEPMODE
+AMDEPBACKSLASH
+AMDEP_FALSE
+AMDEP_TRUE
+am__quote
+am__include
+DEPDIR
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+am__untar
+am__tar
+AMTAR
+am__leading_dot
+SET_MAKE
+AWK
+mkdir_p
+MKDIR_P
+INSTALL_STRIP_PROGRAM
+STRIP
+install_sh
+MAKEINFO
+AUTOHEADER
+AUTOMAKE
+AUTOCONF
+ACLOCAL
+VERSION
+PACKAGE
+CYGPATH_W
+am__isrc
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_dependency_tracking
+'
+      ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval $ac_prev=\$ac_option
+    ac_prev=
+    continue
+  fi
+
+  case $ac_option in
+  *=*)	ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *)	ac_optarg=yes ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
+    datadir=$ac_optarg ;;
+
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=no ;;
+
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
+  -enable-* | --enable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid feature name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=\$ac_optarg ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst | --locals)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=\$ac_optarg ;;
+
+  -without-* | --without-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid package name: $ac_useropt" >&2
+   { (exit 1); exit 1; }; }
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=no ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) { $as_echo "$as_me: error: unrecognized option: $ac_option
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; }
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
+      { $as_echo "$as_me: error: invalid variable name: $ac_envvar" >&2
+   { (exit 1); exit 1; }; }
+    eval $ac_envvar=\$ac_optarg
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  { $as_echo "$as_me: error: missing argument to $ac_option" >&2
+   { (exit 1); exit 1; }; }
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+  case $enable_option_checking in
+    no) ;;
+    fatal) { $as_echo "$as_me: error: unrecognized options: $ac_unrecognized_opts" >&2
+   { (exit 1); exit 1; }; } ;;
+    *)     $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+  esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir
+do
+  eval ac_val=\$$ac_var
+  # Remove trailing slashes.
+  case $ac_val in
+    */ )
+      ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+      eval $ac_var=\$ac_val;;
+  esac
+  # Be sure to have absolute directory names.
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+  esac
+  { $as_echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+   { (exit 1); exit 1; }; }
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+    $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
+    If a cross compiler is detected then cross compile mode will be used." >&2
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  { $as_echo "$as_me: error: working directory cannot be determined" >&2
+   { (exit 1); exit 1; }; }
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  { $as_echo "$as_me: error: pwd does not report name of working directory" >&2
+   { (exit 1); exit 1; }; }
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_myself" : 'X\(//\)[^/]' \| \
+	 X"$as_myself" : 'X\(//\)$' \| \
+	 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r "$srcdir/$ac_unique_file"; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  { $as_echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
+   { (exit 1); exit 1; }; }
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || { $as_echo "$as_me: error: $ac_msg" >&2
+   { (exit 1); exit 1; }; }
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures igmpproxy 0.1 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR            user executables [EPREFIX/bin]
+  --sbindir=DIR           system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR        program executables [EPREFIX/libexec]
+  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --libdir=DIR            object code libraries [EPREFIX/lib]
+  --includedir=DIR        C header files [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR           info documentation [DATAROOTDIR/info]
+  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR            man documentation [DATAROOTDIR/man]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/igmpproxy]
+  --htmldir=DIR           html documentation [DOCDIR]
+  --dvidir=DIR            dvi documentation [DOCDIR]
+  --pdfdir=DIR            pdf documentation [DOCDIR]
+  --psdir=DIR             ps documentation [DOCDIR]
+_ACEOF
+
+  cat <<\_ACEOF
+
+Program names:
+  --program-prefix=PREFIX            prepend PREFIX to installed program names
+  --program-suffix=SUFFIX            append SUFFIX to installed program names
+  --program-transform-name=PROGRAM   run sed PROGRAM on installed program names
+
+System types:
+  --build=BUILD     configure for building on BUILD [guessed]
+  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of igmpproxy 0.1:";;
+   esac
+  cat <<\_ACEOF
+
+Optional Features:
+  --disable-option-checking  ignore unrecognized --enable/--with options
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors
+
+Some influential environment variables:
+  CC          C compiler command
+  CFLAGS      C compiler flags
+  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
+              nonstandard directory <lib dir>
+  LIBS        libraries to pass to the linker, e.g. -l<library>
+  CPPFLAGS    C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
+              you have headers in a nonstandard directory <include dir>
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" ||
+      { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+      continue
+    ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+  cat <<\_ACEOF
+igmpproxy configure 0.1
+generated by GNU Autoconf 2.63
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+  exit
+fi
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  $as_echo "PATH: $as_dir"
+done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *\'*)
+      ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
+    2)
+      ac_configure_args1="$ac_configure_args1 '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      ac_configure_args="$ac_configure_args '$ac_arg'"
+      ;;
+    esac
+  done
+done
+$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
+$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    cat <<\_ASBOX
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+_ASBOX
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) $as_unset $ac_var ;;
+      esac ;;
+    esac
+  done
+  (set) 2>&1 |
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      sed -n \
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
+    *)
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+)
+    echo
+
+    cat <<\_ASBOX
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+_ASBOX
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      $as_echo "$ac_var='\''$ac_val'\''"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      cat <<\_ASBOX
+## ------------------- ##
+## File substitutions. ##
+## ------------------- ##
+_ASBOX
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	$as_echo "$ac_var='\''$ac_val'\''"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      cat <<\_ASBOX
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+_ASBOX
+      echo
+      cat confdefs.h
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      $as_echo "$as_me: caught signal $ac_signal"
+    $as_echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+  ac_site_file1=$CONFIG_SITE
+elif test "x$prefix" != xNONE; then
+  ac_site_file1=$prefix/share/config.site
+  ac_site_file2=$prefix/etc/config.site
+else
+  ac_site_file1=$ac_default_prefix/share/config.site
+  ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+  test "x$ac_site_file" = xNONE && continue
+  if test -r "$ac_site_file"; then
+    { $as_echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file"
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special
+  # files actually), so we avoid doing that.
+  if test -f "$cache_file"; then
+    { $as_echo "$as_me:$LINENO: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . "$cache_file";;
+      *)                      . "./$cache_file";;
+    esac
+  fi
+else
+  { $as_echo "$as_me:$LINENO: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { $as_echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { $as_echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	# differences in whitespace do not lead to failure.
+	ac_old_val_w=`echo x $ac_old_val`
+	ac_new_val_w=`echo x $ac_new_val`
+	if test "$ac_old_val_w" != "$ac_new_val_w"; then
+	  { $as_echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	  ac_cache_corrupted=:
+	else
+	  { $as_echo "$as_me:$LINENO: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+	  eval $ac_var=\$ac_old_val
+	fi
+	{ $as_echo "$as_me:$LINENO:   former value:  \`$ac_old_val'" >&5
+$as_echo "$as_me:   former value:  \`$ac_old_val'" >&2;}
+	{ $as_echo "$as_me:$LINENO:   current value: \`$ac_new_val'" >&5
+$as_echo "$as_me:   current value: \`$ac_new_val'" >&2;}
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+  { $as_echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  { { $as_echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
+$as_echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+am__api_version='1.11'
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+  if test -f "$ac_dir/install-sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install-sh -c"
+    break
+  elif test -f "$ac_dir/install.sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install.sh -c"
+    break
+  elif test -f "$ac_dir/shtool"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/shtool install -c"
+    break
+  fi
+done
+if test -z "$ac_aux_dir"; then
+  { { $as_echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&5
+$as_echo "$as_me: error: cannot find install-sh or install.sh in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"  # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"  # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
+
+
+# Find a good install program.  We prefer a C program (faster),
+# so one script is as good as another.  But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if test "${ac_cv_path_install+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in
+  ./ | .// | /cC/* | \
+  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+  ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
+  /usr/ucb/* ) ;;
+  *)
+    # OSF1 and SCO ODT 3.0 have their own names for install.
+    # Don't use installbsd from OSF since it installs stuff as root
+    # by default.
+    for ac_prog in ginstall scoinst install; do
+      for ac_exec_ext in '' $ac_executable_extensions; do
+	if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+	  if test $ac_prog = install &&
+	    grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # AIX install.  It has an incompatible calling convention.
+	    :
+	  elif test $ac_prog = install &&
+	    grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # program-specific install script used by HP pwplus--don't use.
+	    :
+	  else
+	    rm -rf conftest.one conftest.two conftest.dir
+	    echo one > conftest.one
+	    echo two > conftest.two
+	    mkdir conftest.dir
+	    if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+	      test -s conftest.one && test -s conftest.two &&
+	      test -s conftest.dir/conftest.one &&
+	      test -s conftest.dir/conftest.two
+	    then
+	      ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+	      break 3
+	    fi
+	  fi
+	fi
+      done
+    done
+    ;;
+esac
+
+done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+  if test "${ac_cv_path_install+set}" = set; then
+    INSTALL=$ac_cv_path_install
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for INSTALL within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    INSTALL=$ac_install_sh
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ $as_echo "$as_me:$LINENO: checking whether build environment is sane" >&5
+$as_echo_n "checking whether build environment is sane... " >&6; }
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[\\\"\#\$\&\'\`$am_lf]*)
+    { { $as_echo "$as_me:$LINENO: error: unsafe absolute working directory name" >&5
+$as_echo "$as_me: error: unsafe absolute working directory name" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+case $srcdir in
+  *[\\\"\#\$\&\'\`$am_lf\ \	]*)
+    { { $as_echo "$as_me:$LINENO: error: unsafe srcdir value: \`$srcdir'" >&5
+$as_echo "$as_me: error: unsafe srcdir value: \`$srcdir'" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+   if test "$*" = "X"; then
+      # -L didn't work.
+      set X `ls -t "$srcdir/configure" conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$*" != "X $srcdir/configure conftest.file" \
+      && test "$*" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      { { $as_echo "$as_me:$LINENO: error: ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" >&5
+$as_echo "$as_me: error: ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" >&2;}
+   { (exit 1); exit 1; }; }
+   fi
+
+   test "$2" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   { { $as_echo "$as_me:$LINENO: error: newly created file is older than distributed files!
+Check your system clock" >&5
+$as_echo "$as_me: error: newly created file is older than distributed files!
+Check your system clock" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+{ $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+test "$program_prefix" != NONE &&
+  program_transform_name="s&^&$program_prefix&;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+  program_transform_name="s&\$&$program_suffix&;$program_transform_name"
+# Double any \ or $.
+# By default was `s,x,x', remove it if useless.
+ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  { $as_echo "$as_me:$LINENO: WARNING: \`missing' script is too old or missing" >&5
+$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+if test x"${install_sh}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+  if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$STRIP"; then
+  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+  { $as_echo "$as_me:$LINENO: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+  ac_ct_STRIP=$STRIP
+  # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_STRIP"; then
+  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_STRIP="strip"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_STRIP" = x; then
+    STRIP=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    STRIP=$ac_ct_STRIP
+  fi
+else
+  STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+
+{ $as_echo "$as_me:$LINENO: checking for a thread-safe mkdir -p" >&5
+$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+if test -z "$MKDIR_P"; then
+  if test "${ac_cv_path_mkdir+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_prog in mkdir gmkdir; do
+	 for ac_exec_ext in '' $ac_executable_extensions; do
+	   { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
+	   case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
+	     'mkdir (GNU coreutils) '* | \
+	     'mkdir (coreutils) '* | \
+	     'mkdir (fileutils) '4.1*)
+	       ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+	       break 3;;
+	   esac
+	 done
+       done
+done
+IFS=$as_save_IFS
+
+fi
+
+  if test "${ac_cv_path_mkdir+set}" = set; then
+    MKDIR_P="$ac_cv_path_mkdir -p"
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for MKDIR_P within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    test -d ./--version && rmdir ./--version
+    MKDIR_P="$ac_install_sh -d"
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: $MKDIR_P" >&5
+$as_echo "$MKDIR_P" >&6; }
+
+mkdir_p="$MKDIR_P"
+case $mkdir_p in
+  [\\/$]* | ?:[\\/]*) ;;
+  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+
+for ac_prog in gawk mawk nawk awk
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AWK+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$AWK"; then
+  ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_AWK="$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+  { $as_echo "$as_me:$LINENO: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$AWK" && break
+done
+
+{ $as_echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+	@echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+  *@@@%%%=?*=@@@%%%*)
+    eval ac_cv_prog_make_${ac_make}_set=yes;;
+  *)
+    eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+  { $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+  SET_MAKE=
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+  SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  am__isrc=' -I$(srcdir)'
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    { { $as_echo "$as_me:$LINENO: error: source directory already configured; run \"make distclean\" there first" >&5
+$as_echo "$as_me: error: source directory already configured; run \"make distclean\" there first" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE='igmpproxy'
+ VERSION='0.1'
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+# Always define AMTAR for backward compatibility.
+
+AMTAR=${AMTAR-"${am_missing_run}tar"}
+
+am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+
+
+
+
+
+
+ac_config_headers="$ac_config_headers config.h"
+
+DEPDIR="${am__leading_dot}deps"
+
+ac_config_commands="$ac_config_commands depfiles"
+
+
+am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+{ $as_echo "$as_me:$LINENO: checking for style of include used by $am_make" >&5
+$as_echo_n "checking for style of include used by $am_make... " >&6; }
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+
+
+{ $as_echo "$as_me:$LINENO: result: $_am_result" >&5
+$as_echo "$_am_result" >&6; }
+rm -f confinc confmf
+
+# Check whether --enable-dependency-tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then
+  enableval=$enable_dependency_tracking;
+fi
+
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+ if test "x$enable_dependency_tracking" != xno; then
+  AMDEP_TRUE=
+  AMDEP_FALSE='#'
+else
+  AMDEP_TRUE='#'
+  AMDEP_FALSE=
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}gcc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="gcc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+          if test -n "$ac_tool_prefix"; then
+    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}cc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  fi
+fi
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+       ac_prog_rejected=yes
+       continue
+     fi
+    ac_cv_prog_CC="cc"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# != 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+  fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in cl.exe
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:$LINENO: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$CC" && break
+  done
+fi
+if test -z "$CC"; then
+  ac_ct_CC=$CC
+  for ac_prog in cl.exe
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="$ac_prog"
+    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CC" && break
+done
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:$LINENO: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:$LINENO: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+{ (ac_try="$ac_compiler --version >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler --version >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (ac_try="$ac_compiler -v >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler -v >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (ac_try="$ac_compiler -V >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compiler -V >&5") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+  esac
+done
+rm -f $ac_rmfiles
+
+if { (ac_try="$ac_link_default"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link_default") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile.  We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+	;;
+    [ab].out )
+	# We found the default executable, but exeext='' is most
+	# certainly right.
+	break;;
+    *.* )
+        if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+	then :; else
+	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	fi
+	# We set ac_cv_exeext here because the later test for it is not
+	# safe: cross compilers may not add the suffix if given an `-o'
+	# argument, so we may need to know it at that point already.
+	# Even if this section looks crufty: it has the advantage of
+	# actually working.
+	break;;
+    * )
+	break;;
+  esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+  ac_file=''
+fi
+
+{ $as_echo "$as_me:$LINENO: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+if test -z "$ac_file"; then
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: C compiler cannot create executables
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: C compiler cannot create executables
+See \`config.log' for more details." >&2;}
+   { (exit 77); exit 77; }; }; }
+fi
+
+ac_exeext=$ac_cv_exeext
+
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:$LINENO: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
+# If not cross compiling, check that we can run a simple program.
+if test "$cross_compiling" != yes; then
+  if { ac_try='./$ac_file'
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+    cross_compiling=no
+  else
+    if test "$cross_compiling" = maybe; then
+	cross_compiling=yes
+    else
+	{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+    fi
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+{ $as_echo "$as_me:$LINENO: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+{ $as_echo "$as_me:$LINENO: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	  break;;
+    * ) break;;
+  esac
+done
+else
+  { { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+fi
+
+rm -f conftest$ac_cv_exeext
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+{ $as_echo "$as_me:$LINENO: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if test "${ac_cv_objext+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  for ac_file in conftest.o conftest.obj conftest.*; do
+  test -f "$ac_file" || continue;
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+       break;;
+  esac
+done
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:$LINENO: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { $as_echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&5
+$as_echo "$as_me: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }; }
+fi
+
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if test "${ac_cv_c_compiler_gnu+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_compiler_gnu=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_compiler_gnu=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+  GCC=yes
+else
+  GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if test "${ac_cv_prog_cc_g+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_save_c_werror_flag=$ac_c_werror_flag
+   ac_c_werror_flag=yes
+   ac_cv_prog_cc_g=no
+   CFLAGS="-g"
+   cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	CFLAGS=""
+      cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  :
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_c_werror_flag=$ac_save_c_werror_flag
+	 CFLAGS="-g"
+	 cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_g=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+{ $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+     char **p;
+     int i;
+{
+  return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+  char *s;
+  va_list v;
+  va_start (v,p);
+  s = g (p, va_arg (v,int));
+  va_end (v);
+  return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
+   function prototypes and stuff, but not '\xHH' hex character constants.
+   These don't provoke an error unfortunately, instead are silently treated
+   as 'x'.  The following induces an error, until -std is added to get
+   proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
+   array size at least.  It's necessary to write '\x00'==0 to get something
+   that's true only with -std.  */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+   inside strings and character constants.  */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+	-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+  CC="$ac_save_CC $ac_arg"
+  rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_c89=$ac_arg
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+  x)
+    { $as_echo "$as_me:$LINENO: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:$LINENO: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c89"
+    { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CC"   am_compiler_list=
+
+{ $as_echo "$as_me:$LINENO: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_CC_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+  fi
+  am__universal=false
+  case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_CC_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $am_cv_CC_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+ if
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+  am__fastdepCC_TRUE=
+  am__fastdepCC_FALSE='#'
+else
+  am__fastdepCC_TRUE='#'
+  am__fastdepCC_FALSE=
+fi
+
+
+   { $as_echo "$as_me:$LINENO: checking for $CC option to accept ISO C99" >&5
+$as_echo_n "checking for $CC option to accept ISO C99... " >&6; }
+if test "${ac_cv_prog_cc_c99+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c99=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <wchar.h>
+#include <stdio.h>
+
+// Check varargs macros.  These examples are taken from C99 6.10.3.5.
+#define debug(...) fprintf (stderr, __VA_ARGS__)
+#define showlist(...) puts (#__VA_ARGS__)
+#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+static void
+test_varargs_macros (void)
+{
+  int x = 1234;
+  int y = 5678;
+  debug ("Flag");
+  debug ("X = %d\n", x);
+  showlist (The first, second, and third items.);
+  report (x>y, "x is %d but y is %d", x, y);
+}
+
+// Check long long types.
+#define BIG64 18446744073709551615ull
+#define BIG32 4294967295ul
+#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+#if !BIG_OK
+  your preprocessor is broken;
+#endif
+#if BIG_OK
+#else
+  your preprocessor is broken;
+#endif
+static long long int bignum = -9223372036854775807LL;
+static unsigned long long int ubignum = BIG64;
+
+struct incomplete_array
+{
+  int datasize;
+  double data[];
+};
+
+struct named_init {
+  int number;
+  const wchar_t *name;
+  double average;
+};
+
+typedef const char *ccp;
+
+static inline int
+test_restrict (ccp restrict text)
+{
+  // See if C++-style comments work.
+  // Iterate through items via the restricted pointer.
+  // Also check for declarations in for loops.
+  for (unsigned int i = 0; *(text+i) != '\0'; ++i)
+    continue;
+  return 0;
+}
+
+// Check varargs and va_copy.
+static void
+test_varargs (const char *format, ...)
+{
+  va_list args;
+  va_start (args, format);
+  va_list args_copy;
+  va_copy (args_copy, args);
+
+  const char *str;
+  int number;
+  float fnumber;
+
+  while (*format)
+    {
+      switch (*format++)
+	{
+	case 's': // string
+	  str = va_arg (args_copy, const char *);
+	  break;
+	case 'd': // int
+	  number = va_arg (args_copy, int);
+	  break;
+	case 'f': // float
+	  fnumber = va_arg (args_copy, double);
+	  break;
+	default:
+	  break;
+	}
+    }
+  va_end (args_copy);
+  va_end (args);
+}
+
+int
+main ()
+{
+
+  // Check bool.
+  _Bool success = false;
+
+  // Check restrict.
+  if (test_restrict ("String literal") == 0)
+    success = true;
+  char *restrict newvar = "Another string";
+
+  // Check varargs.
+  test_varargs ("s, d' f .", "string", 65, 34.234);
+  test_varargs_macros ();
+
+  // Check flexible array members.
+  struct incomplete_array *ia =
+    malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+  ia->datasize = 10;
+  for (int i = 0; i < ia->datasize; ++i)
+    ia->data[i] = i * 1.234;
+
+  // Check named initializers.
+  struct named_init ni = {
+    .number = 34,
+    .name = L"Test wide string",
+    .average = 543.34343,
+  };
+
+  ni.number = 58;
+
+  int dynamic_array[ni.number];
+  dynamic_array[ni.number - 1] = 543;
+
+  // work around unused variable warnings
+  return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
+	  || dynamic_array[ni.number - 1] != 543);
+
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -xc99=all -qlanglvl=extc99
+do
+  CC="$ac_save_CC $ac_arg"
+  rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_prog_cc_c99=$ac_arg
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c99" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c99" in
+  x)
+    { $as_echo "$as_me:$LINENO: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:$LINENO: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c99"
+    { $as_echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c99" >&5
+$as_echo "$ac_cv_prog_cc_c99" >&6; } ;;
+esac
+
+
+
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+  { { $as_echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5
+$as_echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;}
+   { (exit 1); exit 1; }; }
+
+{ $as_echo "$as_me:$LINENO: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if test "${ac_cv_build+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+  ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+  { { $as_echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
+$as_echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
+   { (exit 1); exit 1; }; }
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+  { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5
+$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical build" >&5
+$as_echo "$as_me: error: invalid value of canonical build" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:$LINENO: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if test "${ac_cv_host+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  if test "x$host_alias" = x; then
+  ac_cv_host=$ac_cv_build
+else
+  ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+    { { $as_echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5
+$as_echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) { { $as_echo "$as_me:$LINENO: error: invalid value of canonical host" >&5
+$as_echo "$as_me: error: invalid value of canonical host" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+case $host_os in
+	linux*) os=linux;;
+	freebsd*) os=freebsd;;
+	netbsd*) os=netbsd;;
+	openbsd*) os=openbsd;;
+	dragonfly*) os=dragonfly;;
+	*) { { $as_echo "$as_me:$LINENO: error: OS $host_os is not supported" >&5
+$as_echo "$as_me: error: OS $host_os is not supported" >&2;}
+   { (exit 1); exit 1; }; };;
+esac
+ac_config_links="$ac_config_links src/os.h:src/os-${os}.h"
+
+
+
+{ $as_echo "$as_me:$LINENO: checking for struct sockaddr.sa_len" >&5
+$as_echo_n "checking for struct sockaddr.sa_len... " >&6; }
+if test "${ac_cv_member_struct_sockaddr_sa_len+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+
+int
+main ()
+{
+static struct sockaddr ac_aggr;
+if (ac_aggr.sa_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_sa_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+
+int
+main ()
+{
+static struct sockaddr ac_aggr;
+if (sizeof ac_aggr.sa_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_sa_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_member_struct_sockaddr_sa_len=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_sa_len" >&5
+$as_echo "$ac_cv_member_struct_sockaddr_sa_len" >&6; }
+if test "x$ac_cv_member_struct_sockaddr_sa_len" = x""yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_SA_LEN 1
+_ACEOF
+
+
+fi
+
+{ $as_echo "$as_me:$LINENO: checking for struct sockaddr_in.sin_len" >&5
+$as_echo_n "checking for struct sockaddr_in.sin_len... " >&6; }
+if test "${ac_cv_member_struct_sockaddr_in_sin_len+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+
+int
+main ()
+{
+static struct sockaddr_in ac_aggr;
+if (ac_aggr.sin_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_in_sin_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <netinet/in.h>
+
+
+int
+main ()
+{
+static struct sockaddr_in ac_aggr;
+if (sizeof ac_aggr.sin_len)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_sockaddr_in_sin_len=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_member_struct_sockaddr_in_sin_len=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_member_struct_sockaddr_in_sin_len" >&5
+$as_echo "$ac_cv_member_struct_sockaddr_in_sin_len" >&6; }
+if test "x$ac_cv_member_struct_sockaddr_in_sin_len" = x""yes; then
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_IN_SIN_LEN 1
+_ACEOF
+
+
+fi
+
+
+ac_config_files="$ac_config_files Makefile doc/Makefile src/Makefile doc/igmpproxy.8 doc/igmpproxy.conf.5"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+  for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:$LINENO: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) $as_unset $ac_var ;;
+      esac ;;
+    esac
+  done
+
+  (set) 2>&1 |
+    case $as_nl`(ac_space=' '; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      # `set' does not quote correctly, so add quotes (double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \).
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;; #(
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+) |
+  sed '
+     /^ac_cv_env_/b end
+     t clear
+     :clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+     t end
+     s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+  if test -w "$cache_file"; then
+    test "x$cache_file" != "x/dev/null" &&
+      { $as_echo "$as_me:$LINENO: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+    cat confcache >$cache_file
+  else
+    { $as_echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+  ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
+  #    will be set to the directory where LIBOBJS objects are built.
+  ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+  ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+ if test -n "$EXEEXT"; then
+  am__EXEEXT_TRUE=
+  am__EXEEXT_FALSE='#'
+else
+  am__EXEEXT_TRUE='#'
+  am__EXEEXT_FALSE=
+fi
+
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+  { { $as_echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+$as_echo "$as_me: error: conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+  { { $as_echo "$as_me:$LINENO: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+$as_echo "$as_me: error: conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+: ${CONFIG_STATUS=./config.status}
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+cat >$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=\${CONFIG_SHELL-$SHELL}
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in
+  *posix*) set -o posix ;;
+esac
+
+fi
+
+
+
+
+# PATH needs CR
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+if (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  { (exit 1); exit 1; }
+fi
+
+# Work around bugs in pre-3.0 UWIN ksh.
+for as_var in ENV MAIL MAILPATH
+do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# CDPATH.
+$as_unset CDPATH
+
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line after each line using $LINENO; the second 'sed'
+  # does the real work.  The second script uses 'N' to pair each
+  # line-number line with the line containing $LINENO, and appends
+  # trailing '-' during substitution so that $LINENO is not a special
+  # case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # scripts with optimization help from Paolo Bonzini.  Blame Lee
+  # E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in
+-n*)
+  case `echo 'x\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  *)   ECHO_C='\c';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+
+# Save the log message, to keep $[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by igmpproxy $as_me 0.1, which was
+generated by GNU Autoconf 2.63.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+config_links="$ac_config_links"
+config_commands="$ac_config_commands"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTION]... [FILE]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration links:
+$config_links
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-autoconf@gnu.org>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_version="\\
+igmpproxy config.status 0.1
+configured by $0, generated by GNU Autoconf 2.63,
+  with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+MKDIR_P='$MKDIR_P'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_FILES="$CONFIG_FILES '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    CONFIG_HEADERS="$CONFIG_HEADERS '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    { $as_echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; };;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) { $as_echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; } ;;
+
+  *) ac_config_targets="$ac_config_targets $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+  set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+  shift
+  \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+  CONFIG_SHELL='$SHELL'
+  export CONFIG_SHELL
+  exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+    "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+    "src/os.h") CONFIG_LINKS="$CONFIG_LINKS src/os.h:src/os-${os}.h" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+    "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+    "doc/igmpproxy.8") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.8" ;;
+    "doc/igmpproxy.conf.5") CONFIG_FILES="$CONFIG_FILES doc/igmpproxy.conf.5" ;;
+
+  *) { { $as_echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+$as_echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_LINKS+set}" = set || CONFIG_LINKS=$config_links
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp=
+  trap 'exit_status=$?
+  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+  trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} ||
+{
+   $as_echo "$as_me: cannot create a temporary directory in ." >&2
+   { (exit 1); exit 1; }
+}
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr='
'
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+  echo "cat >conf$$subs.awk <<_ACEOF" &&
+  echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+  echo "_ACEOF"
+} >conf$$subs.sh ||
+  { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  . ./conf$$subs.sh ||
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+
+  ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+  if test $ac_delim_n = $ac_delim_num; then
+    break
+  elif $ac_last_try; then
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\).*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\).*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+  N
+  s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+  || { { $as_echo "$as_me:$LINENO: error: could not setup config files machinery" >&5
+$as_echo "$as_me: error: could not setup config files machinery" >&2;}
+   { (exit 1); exit 1; }; }
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove $(srcdir),
+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[	 ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[	 ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+  ac_t=`sed -n "/$ac_delim/p" confdefs.h`
+  if test -z "$ac_t"; then
+    break
+  elif $ac_last_try; then
+    { { $as_echo "$as_me:$LINENO: error: could not make $CONFIG_HEADERS" >&5
+$as_echo "$as_me: error: could not make $CONFIG_HEADERS" >&2;}
+   { (exit 1); exit 1; }; }
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any.  Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[	 ]*#[	 ]*define[	 ][	 ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+  line = \$ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+  { { $as_echo "$as_me:$LINENO: error: could not setup config headers machinery" >&5
+$as_echo "$as_me: error: could not setup config headers machinery" >&2;}
+   { (exit 1); exit 1; }; }
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS  :L $CONFIG_LINKS  :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) { { $as_echo "$as_me:$LINENO: error: invalid tag $ac_tag" >&5
+$as_echo "$as_me: error: invalid tag $ac_tag" >&2;}
+   { (exit 1); exit 1; }; };;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   { { $as_echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
+$as_echo "$as_me: error: cannot find input file: $ac_f" >&2;}
+   { (exit 1); exit 1; }; };;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      ac_file_inputs="$ac_file_inputs '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:$LINENO: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$tmp/stdin" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; } ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  { as_dir="$ac_dir"
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+  ac_MKDIR_P=$MKDIR_P
+  case $MKDIR_P in
+  [\\/$]* | ?:[\\/]* ) ;;
+  */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+  esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p
+'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  ac_datarootdir_hack='
+  s&@datadir@&$datadir&g
+  s&@docdir@&$docdir&g
+  s&@infodir@&$infodir&g
+  s&@localedir@&$localedir&g
+  s&@mandir@&$mandir&g
+    s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&2;}
+
+  rm -f "$tmp/stdin"
+  case $ac_file in
+  -) cat "$tmp/out" && rm -f "$tmp/out";;
+  *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+  esac \
+  || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+    } >"$tmp/config.h" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$tmp/config.h" "$ac_file" \
+	|| { { $as_echo "$as_me:$LINENO: error: could not create $ac_file" >&5
+$as_echo "$as_me: error: could not create $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+      || { { $as_echo "$as_me:$LINENO: error: could not create -" >&5
+$as_echo "$as_me: error: could not create -" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$_am_arg" : 'X\(//\)[^/]' \| \
+	 X"$_am_arg" : 'X\(//\)$' \| \
+	 X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+  :L)
+  #
+  # CONFIG_LINK
+  #
+
+  if test "$ac_source" = "$ac_file" && test "$srcdir" = '.'; then
+    :
+  else
+    # Prefer the file from the source tree if names are identical.
+    if test "$ac_source" = "$ac_file" || test ! -r "$ac_source"; then
+      ac_source=$srcdir/$ac_source
+    fi
+
+    { $as_echo "$as_me:$LINENO: linking $ac_source to $ac_file" >&5
+$as_echo "$as_me: linking $ac_source to $ac_file" >&6;}
+
+    if test ! -r "$ac_source"; then
+      { { $as_echo "$as_me:$LINENO: error: $ac_source: file not found" >&5
+$as_echo "$as_me: error: $ac_source: file not found" >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+    rm -f "$ac_file"
+
+    # Try a relative symlink, then a hard link, then a copy.
+    case $srcdir in
+    [\\/$]* | ?:[\\/]* ) ac_rel_source=$ac_source ;;
+	*) ac_rel_source=$ac_top_build_prefix$ac_source ;;
+    esac
+    ln -s "$ac_rel_source" "$ac_file" 2>/dev/null ||
+      ln "$ac_source" "$ac_file" 2>/dev/null ||
+      cp -p "$ac_source" "$ac_file" ||
+      { { $as_echo "$as_me:$LINENO: error: cannot link or copy $ac_source to $ac_file" >&5
+$as_echo "$as_me: error: cannot link or copy $ac_source to $ac_file" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+ ;;
+  :C)  { $as_echo "$as_me:$LINENO: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
+
+
+  case $ac_file$ac_mode in
+    "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$mf" : 'X\(//\)[^/]' \| \
+	 X"$mf" : 'X\(//\)$' \| \
+	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$file" : 'X\(//\)[^/]' \| \
+	 X"$file" : 'X\(//\)$' \| \
+	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      { as_dir=$dirpart/$fdir
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || { { $as_echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
+$as_echo "$as_me: error: cannot create directory $as_dir" >&2;}
+   { (exit 1); exit 1; }; }; }
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+ ;;
+
+  esac
+done # for ac_tag
+
+
+{ (exit 0); exit 0; }
+_ACEOF
+chmod +x $CONFIG_STATUS
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+  { { $as_echo "$as_me:$LINENO: error: write failure creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: error: write failure creating $CONFIG_STATUS" >&2;}
+   { (exit 1); exit 1; }; }
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || { (exit 1); exit 1; }
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+  { $as_echo "$as_me:$LINENO: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/configure.ac b/NONE-WF/src/igmpproxy/igmpproxy-0.1/configure.ac
new file mode 100644
index 0000000..85beb08
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/configure.ac
@@ -0,0 +1,35 @@
+AC_PREREQ([2.63])
+AC_INIT([igmpproxy], [0.1])
+AM_INIT_AUTOMAKE
+AC_CONFIG_SRCDIR([src/igmpproxy.c])
+AC_CONFIG_HEADERS([config.h])
+AC_PROG_CC_C99
+
+AC_CANONICAL_HOST
+case $host_os in
+	linux*) os=linux;;
+	freebsd*) os=freebsd;;
+	netbsd*) os=netbsd;;
+	openbsd*) os=openbsd;;
+	dragonfly*) os=dragonfly;;
+	*) AC_MSG_ERROR([OS $host_os is not supported]);;
+esac
+AC_CONFIG_LINKS([src/os.h:src/os-${os}.h])
+
+AC_CHECK_MEMBERS([struct sockaddr.sa_len], [], [], [[
+#include <sys/types.h>
+#include <sys/socket.h>
+]])
+AC_CHECK_MEMBERS([struct sockaddr_in.sin_len], [], [], [[
+#include <sys/types.h>
+#include <netinet/in.h>
+]])
+
+AC_CONFIG_FILES([
+	Makefile
+	doc/Makefile
+	src/Makefile
+	doc/igmpproxy.8
+	doc/igmpproxy.conf.5
+])
+AC_OUTPUT
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/depcomp b/NONE-WF/src/igmpproxy/igmpproxy-0.1/depcomp
new file mode 100755
index 0000000..df8eea7
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/depcomp
@@ -0,0 +1,630 @@
+#! /bin/sh
+# depcomp - compile a program generating dependencies as side-effects
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free
+# Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
+
+case $1 in
+  '')
+     echo "$0: No command.  Try \`$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: depcomp [--help] [--version] PROGRAM [ARGS]
+
+Run PROGRAMS ARGS to compile a file, generating dependencies
+as side-effects.
+
+Environment variables:
+  depmode     Dependency tracking mode.
+  source      Source file read by `PROGRAMS ARGS'.
+  object      Object file output by `PROGRAMS ARGS'.
+  DEPDIR      directory where to store dependencies.
+  depfile     Dependency file to output.
+  tmpdepfile  Temporary file to use when outputing dependencies.
+  libtool     Whether libtool is used (yes/no).
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "depcomp $scriptversion"
+    exit $?
+    ;;
+esac
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+  echo "depcomp: Variables source, object and depmode must be set" 1>&2
+  exit 1
+fi
+
+# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
+depfile=${depfile-`echo "$object" |
+  sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Some modes work just like other modes, but use different flags.  We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write.  Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+  # HP compiler uses -M and no extra arg.
+  gccflag=-M
+  depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+   # This is just like dashmstdout with a different argument.
+   dashmflag=-xM
+   depmode=dashmstdout
+fi
+
+cygpath_u="cygpath -u -f -"
+if test "$depmode" = msvcmsys; then
+   # This is just like msvisualcpp but w/o cygpath translation.
+   # Just convert the backslash-escaped backslashes to single forward
+   # slashes to satisfy depend.m4
+   cygpath_u="sed s,\\\\\\\\,/,g"
+   depmode=msvisualcpp
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want.  Yay!  Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff.  Hmm.
+## Unfortunately, FreeBSD c89 acceptance of flags depends upon
+## the command line argument order; so add the flags where they
+## appear in depend2.am.  Note that the slowdown incurred here
+## affects only configure: in makefiles, %FASTDEP% shortcuts this.
+  for arg
+  do
+    case $arg in
+    -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
+    *)  set fnord "$@" "$arg" ;;
+    esac
+    shift # fnord
+    shift # $arg
+  done
+  "$@"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  mv "$tmpdepfile" "$depfile"
+  ;;
+
+gcc)
+## There are various ways to get dependency output from gcc.  Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+##   up in a subdir.  Having to rename by hand is ugly.
+##   (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+##   -MM, not -M (despite what the docs say).
+## - Using -M directly means running the compiler twice (even worse
+##   than renaming).
+  if test -z "$gccflag"; then
+    gccflag=-MD,
+  fi
+  "$@" -Wp,"$gccflag$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+## The second -e expression handles DOS-style file names with drive letters.
+  sed -e 's/^[^:]*: / /' \
+      -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the `deleted header file' problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header).  We avoid this by adding
+## dummy dependencies for each header file.  Too bad gcc doesn't do
+## this for us directly.
+  tr ' ' '
+' < "$tmpdepfile" |
+## Some versions of gcc put a space before the `:'.  On the theory
+## that the space means something, we add a space to the output as
+## well.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+sgi)
+  if test "$libtool" = yes; then
+    "$@" "-Wp,-MDupdate,$tmpdepfile"
+  else
+    "$@" -MDupdate "$tmpdepfile"
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+
+  if test -f "$tmpdepfile"; then  # yes, the sourcefile depend on other files
+    echo "$object : \\" > "$depfile"
+
+    # Clip off the initial element (the dependent).  Don't try to be
+    # clever and replace this with sed code, as IRIX sed won't handle
+    # lines with more than a fixed number of characters (4096 in
+    # IRIX 6.2 sed, 8192 in IRIX 6.5).  We also remove comment lines;
+    # the IRIX cc adds comments like `#:fec' to the end of the
+    # dependency line.
+    tr ' ' '
+' < "$tmpdepfile" \
+    | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
+    tr '
+' ' ' >> "$depfile"
+    echo >> "$depfile"
+
+    # The second pass generates a dummy entry for each header file.
+    tr ' ' '
+' < "$tmpdepfile" \
+   | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+   >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+aix)
+  # The C for AIX Compiler uses -M and outputs the dependencies
+  # in a .u file.  In older versions, this file always lives in the
+  # current directory.  Also, the AIX compiler puts `$object:' at the
+  # start of each line; $object doesn't have directory information.
+  # Version 6 uses the directory in both cases.
+  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+  test "x$dir" = "x$object" && dir=
+  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$base.u
+    tmpdepfile3=$dir.libs/$base.u
+    "$@" -Wc,-M
+  else
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$dir$base.u
+    tmpdepfile3=$dir$base.u
+    "$@" -M
+  fi
+  stat=$?
+
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+    exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  if test -f "$tmpdepfile"; then
+    # Each line is of the form `foo.o: dependent.h'.
+    # Do two passes, one to just change these to
+    # `$object: dependent.h' and one to simply `dependent.h:'.
+    sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+    # That's a tab and a space in the [].
+    sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+icc)
+  # Intel's C compiler understands `-MD -MF file'.  However on
+  #    icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+  # ICC 7.0 will fill foo.d with something like
+  #    foo.o: sub/foo.c
+  #    foo.o: sub/foo.h
+  # which is wrong.  We want:
+  #    sub/foo.o: sub/foo.c
+  #    sub/foo.o: sub/foo.h
+  #    sub/foo.c:
+  #    sub/foo.h:
+  # ICC 7.1 will output
+  #    foo.o: sub/foo.c sub/foo.h
+  # and will wrap long lines using \ :
+  #    foo.o: sub/foo.c ... \
+  #     sub/foo.h ... \
+  #     ...
+
+  "$@" -MD -MF "$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  # Each line is of the form `foo.o: dependent.h',
+  # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+  # Do two passes, one to just change these to
+  # `$object: dependent.h' and one to simply `dependent.h:'.
+  sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process this invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
+    sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp2)
+  # The "hp" stanza above does not work with aCC (C++) and HP's ia64
+  # compilers, which have integrated preprocessors.  The correct option
+  # to use with these is +Maked; it writes dependencies to a file named
+  # 'foo.d', which lands next to the object file, wherever that
+  # happens to be.
+  # Much of this is similar to the tru64 case; see comments there.
+  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+  test "x$dir" = "x$object" && dir=
+  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir.libs/$base.d
+    "$@" -Wc,+Maked
+  else
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir$base.d
+    "$@" +Maked
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+     rm -f "$tmpdepfile1" "$tmpdepfile2"
+     exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  if test -f "$tmpdepfile"; then
+    sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
+    # Add `dependent.h:' lines.
+    sed -ne '2,${
+	       s/^ *//
+	       s/ \\*$//
+	       s/$/:/
+	       p
+	     }' "$tmpdepfile" >> "$depfile"
+  else
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile" "$tmpdepfile2"
+  ;;
+
+tru64)
+   # The Tru64 compiler uses -MD to generate dependencies as a side
+   # effect.  `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+   # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+   # dependencies in `foo.d' instead, so we check for that too.
+   # Subdirectories are respected.
+   dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+   test "x$dir" = "x$object" && dir=
+   base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+
+   if test "$libtool" = yes; then
+      # With Tru64 cc, shared objects can also be used to make a
+      # static library.  This mechanism is used in libtool 1.4 series to
+      # handle both shared and static libraries in a single compilation.
+      # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
+      #
+      # With libtool 1.5 this exception was removed, and libtool now
+      # generates 2 separate objects for the 2 libraries.  These two
+      # compilations output dependencies in $dir.libs/$base.o.d and
+      # in $dir$base.o.d.  We have to check for both files, because
+      # one of the two compilations can be disabled.  We should prefer
+      # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
+      # automatically cleaned when .libs/ is deleted, while ignoring
+      # the former would cause a distcleancheck panic.
+      tmpdepfile1=$dir.libs/$base.lo.d   # libtool 1.4
+      tmpdepfile2=$dir$base.o.d          # libtool 1.5
+      tmpdepfile3=$dir.libs/$base.o.d    # libtool 1.5
+      tmpdepfile4=$dir.libs/$base.d      # Compaq CCC V6.2-504
+      "$@" -Wc,-MD
+   else
+      tmpdepfile1=$dir$base.o.d
+      tmpdepfile2=$dir$base.d
+      tmpdepfile3=$dir$base.d
+      tmpdepfile4=$dir$base.d
+      "$@" -MD
+   fi
+
+   stat=$?
+   if test $stat -eq 0; then :
+   else
+      rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+      exit $stat
+   fi
+
+   for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+   do
+     test -f "$tmpdepfile" && break
+   done
+   if test -f "$tmpdepfile"; then
+      sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+      # That's a tab and a space in the [].
+      sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+   else
+      echo "#dummy" > "$depfile"
+   fi
+   rm -f "$tmpdepfile"
+   ;;
+
+#nosideeffect)
+  # This comment above is used by automake to tell side-effect
+  # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout, regardless of -o.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  test -z "$dashmflag" && dashmflag=-M
+  # Require at least two characters before searching for `:'
+  # in the target name.  This is to cope with DOS-style filenames:
+  # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+  "$@" $dashmflag |
+    sed 's:^[  ]*[^: ][^:][^:]*\:[    ]*:'"$object"'\: :' > "$tmpdepfile"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  tr ' ' '
+' < "$tmpdepfile" | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+dashXmstdout)
+  # This case only exists to satisfy depend.m4.  It is never actually
+  # run, as this mode is specially recognized in the preamble.
+  exit 1
+  ;;
+
+makedepend)
+  "$@" || exit $?
+  # Remove any Libtool call
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+  # X makedepend
+  shift
+  cleared=no eat=no
+  for arg
+  do
+    case $cleared in
+    no)
+      set ""; shift
+      cleared=yes ;;
+    esac
+    if test $eat = yes; then
+      eat=no
+      continue
+    fi
+    case "$arg" in
+    -D*|-I*)
+      set fnord "$@" "$arg"; shift ;;
+    # Strip any option that makedepend may not understand.  Remove
+    # the object too, otherwise makedepend will parse it as a source file.
+    -arch)
+      eat=yes ;;
+    -*|$object)
+      ;;
+    *)
+      set fnord "$@" "$arg"; shift ;;
+    esac
+  done
+  obj_suffix=`echo "$object" | sed 's/^.*\././'`
+  touch "$tmpdepfile"
+  ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  sed '1,2d' "$tmpdepfile" | tr ' ' '
+' | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile" "$tmpdepfile".bak
+  ;;
+
+cpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  "$@" -E |
+    sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+       -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
+    sed '$ s: \\$::' > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  cat < "$tmpdepfile" >> "$depfile"
+  sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvisualcpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  IFS=" "
+  for arg
+  do
+    case "$arg" in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+	set fnord "$@"
+	shift
+	shift
+	;;
+    *)
+	set fnord "$@" "$arg"
+	shift
+	shift
+	;;
+    esac
+  done
+  "$@" -E 2>/dev/null |
+  sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::	\1 \\:p' >> "$depfile"
+  echo "	" >> "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvcmsys)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+none)
+  exec "$@"
+  ;;
+
+*)
+  echo "Unknown depmode $depmode" 1>&2
+  exit 1
+  ;;
+esac
+
+exit 0
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/Makefile b/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/Makefile
new file mode 100644
index 0000000..27b6736
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/Makefile
@@ -0,0 +1,447 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# doc/Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = i586-pc-linux-gnu
+host_triplet = i586-pc-linux-gnu
+subdir = doc
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/igmpproxy.8.in $(srcdir)/igmpproxy.conf.5.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = igmpproxy.8 igmpproxy.conf.5
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+man5dir = $(mandir)/man5
+am__installdirs = "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy-0.1/doc
+abs_srcdir = /usr/local/src/igmpproxy-0.1/doc
+abs_top_builddir = /usr/local/src/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = i586-pc-linux-gnu
+build_alias = 
+build_cpu = i586
+build_os = linux-gnu
+build_vendor = pc
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = i586-pc-linux-gnu
+host_alias = 
+host_cpu = i586
+host_os = linux-gnu
+host_vendor = pc
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = ../
+top_builddir = ..
+top_srcdir = ..
+man_MANS = igmpproxy.8 igmpproxy.conf.5
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu doc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+igmpproxy.8: $(top_builddir)/config.status $(srcdir)/igmpproxy.8.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+igmpproxy.conf.5: $(top_builddir)/config.status $(srcdir)/igmpproxy.conf.5.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-man5: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man5:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
+install-man8: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+	@list='$(MANS)'; if test -n "$$list"; then \
+	  list=`for p in $$list; do \
+	    if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	    if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+	  if test -n "$$list" && \
+	    grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+	    echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+	    grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/         /' >&2; \
+	    echo "       to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+	    echo "       typically \`make maintainer-clean' will remove them" >&2; \
+	    exit 1; \
+	  else :; fi; \
+	else :; fi
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(MANS)
+installdirs:
+	for dir in "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic distclean \
+	distclean-generic distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
+	pdf-am ps ps-am uninstall uninstall-am uninstall-man \
+	uninstall-man5 uninstall-man8
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am b/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am
new file mode 100644
index 0000000..1d4eb13
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/Makefile.am
@@ -0,0 +1 @@
+man_MANS = igmpproxy.8 igmpproxy.conf.5
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in b/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in
new file mode 100644
index 0000000..8a0c300
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/Makefile.in
@@ -0,0 +1,447 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = doc
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/igmpproxy.8.in $(srcdir)/igmpproxy.conf.5.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = igmpproxy.8 igmpproxy.conf.5
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+man5dir = $(mandir)/man5
+am__installdirs = "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+man_MANS = igmpproxy.8 igmpproxy.conf.5
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu doc/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+igmpproxy.8: $(top_builddir)/config.status $(srcdir)/igmpproxy.8.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+igmpproxy.conf.5: $(top_builddir)/config.status $(srcdir)/igmpproxy.conf.5.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+install-man5: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man5:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man5dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.5[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
+install-man8: $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | while read p; do \
+	  if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; echo "$$p"; \
+	done | \
+	sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+	sed 'N;N;s,\n, ,g' | { \
+	list=; while read file base inst; do \
+	  if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+	    echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	    $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+	  fi; \
+	done; \
+	for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+	while read files; do \
+	  test -z "$$files" || { \
+	    echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+	    $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+	done; }
+
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list=''; test -n "$(man8dir)" || exit 0; \
+	files=`{ for i in $$list; do echo "$$i"; done; \
+	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+	  sed -n '/\.8[a-z]*$$/p'; \
+	} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+	      -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+	test -z "$$files" || { \
+	  echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
+	  cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+	@list='$(MANS)'; if test -n "$$list"; then \
+	  list=`for p in $$list; do \
+	    if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+	    if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+	  if test -n "$$list" && \
+	    grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+	    echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+	    grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/         /' >&2; \
+	    echo "       to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+	    echo "       typically \`make maintainer-clean' will remove them" >&2; \
+	    exit 1; \
+	  else :; fi; \
+	else :; fi
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(MANS)
+installdirs:
+	for dir in "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic distclean \
+	distclean-generic distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-man5 install-man8 install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
+	pdf-am ps ps-am uninstall uninstall-am uninstall-man \
+	uninstall-man5 uninstall-man8
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8 b/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8
new file mode 100644
index 0000000..10faec5
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8
@@ -0,0 +1,81 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy 8 "" "igmpproxy 0.1"
+.SH NAME
+igmpproxy \- Multicast router utilizing IGMP forwarding
+
+.SH SYNOPSIS
+.B igmpproxy [-h] [-d] [-v [-v]]
+.I config-file
+
+
+.SH DESCRIPTION
+.B igmpproxy
+is a simple multicast routing daemon which uses IGMP forwarding to
+dynamically route multicast traffic. Routing is done by defining an
+"upstream" interface on which the daemon act as a normal Multicast
+client, and one or more "downstream" interfaces that serves clients
+on the destination networks. This is useful in situations where other
+dynamic multicast routers (like 'mrouted' or 'pimd') cannot be used.
+
+Since 
+.B igmpproxy
+only uses IGMP signalling, the daemon is only suited for situations
+where multicast traffic comes from only one neighbouring network.
+In more advanced cases, 'mrouted' or 'pimd' is probably more suited.
+The daemon is not designed for cascading, and probably won't scale
+very well.
+
+Currently only IGMPv1 and v2 is supported on downstream interfaces.
+On the upstream interface the kernel IGMP client implementation is used,
+and supported IGMP versions is therefore limited to that supported by the
+kernel.
+
+
+.SH OPTIONS
+.IP -h
+Display help.
+.IP -v
+Verbose logging. Set logging level to INFO instead of WARNING used by default. 
+.IP -vv
+More verbose logging. Set logging level to DEBUG.
+.IP -d
+Output log messages to STDERR instead of to
+.BR syslog (3).
+
+
+.SH LIMITS
+The current version compiles and runs fine with the Linux kernel version 2.4. The known limits are:
+
+.B Multicast routes:
+more then 200
+
+.B Multicast group membership:
+max. 20
+.SH FILES
+.TP
+.B /proc/net/ip_mr_cache 
+- contains the active multicast routes
+.TP
+.B /proc/net/ip_mr_vif 
+- contains the 'virtual' interfaces used by the active multicast routing daemon
+.TP
+.B /proc/sys/net/ipv4/conf/<ifname>/force_igmp_version 
+- can be set to control what IGMP version the kernel should use on the upstream interface.
+Ex.: 'echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version' will force the kernel to
+use IGMPv2 on eth0 (provided this is the upstream interface).
+
+
+.SH SEE ALSO
+.BR igmpproxy.conf (5),
+.BR mrouted,
+.BR pimd,
+.BR smcroute
+
+.SH BUGS
+Currently none (but there probably will be :-/ )
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>.
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in b/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in
new file mode 100644
index 0000000..9d18e42
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.8.in
@@ -0,0 +1,81 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy 8 "" "@PACKAGE_STRING@"
+.SH NAME
+igmpproxy \- Multicast router utilizing IGMP forwarding
+
+.SH SYNOPSIS
+.B igmpproxy [-h] [-d] [-v [-v]]
+.I config-file
+
+
+.SH DESCRIPTION
+.B igmpproxy
+is a simple multicast routing daemon which uses IGMP forwarding to
+dynamically route multicast traffic. Routing is done by defining an
+"upstream" interface on which the daemon act as a normal Multicast
+client, and one or more "downstream" interfaces that serves clients
+on the destination networks. This is useful in situations where other
+dynamic multicast routers (like 'mrouted' or 'pimd') cannot be used.
+
+Since 
+.B igmpproxy
+only uses IGMP signalling, the daemon is only suited for situations
+where multicast traffic comes from only one neighbouring network.
+In more advanced cases, 'mrouted' or 'pimd' is probably more suited.
+The daemon is not designed for cascading, and probably won't scale
+very well.
+
+Currently only IGMPv1 and v2 is supported on downstream interfaces.
+On the upstream interface the kernel IGMP client implementation is used,
+and supported IGMP versions is therefore limited to that supported by the
+kernel.
+
+
+.SH OPTIONS
+.IP -h
+Display help.
+.IP -v
+Verbose logging. Set logging level to INFO instead of WARNING used by default. 
+.IP -vv
+More verbose logging. Set logging level to DEBUG.
+.IP -d
+Output log messages to STDERR instead of to
+.BR syslog (3).
+
+
+.SH LIMITS
+The current version compiles and runs fine with the Linux kernel version 2.4. The known limits are:
+
+.B Multicast routes:
+more then 200
+
+.B Multicast group membership:
+max. 20
+.SH FILES
+.TP
+.B /proc/net/ip_mr_cache 
+- contains the active multicast routes
+.TP
+.B /proc/net/ip_mr_vif 
+- contains the 'virtual' interfaces used by the active multicast routing daemon
+.TP
+.B /proc/sys/net/ipv4/conf/<ifname>/force_igmp_version 
+- can be set to control what IGMP version the kernel should use on the upstream interface.
+Ex.: 'echo 2 > /proc/sys/net/ipv4/conf/eth0/force_igmp_version' will force the kernel to
+use IGMPv2 on eth0 (provided this is the upstream interface).
+
+
+.SH SEE ALSO
+.BR igmpproxy.conf (5),
+.BR mrouted,
+.BR pimd,
+.BR smcroute
+
+.SH BUGS
+Currently none (but there probably will be :-/ )
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>.
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5 b/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5
new file mode 100644
index 0000000..176de46
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5
@@ -0,0 +1,146 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy.conf 5 "" "igmpproxy 0.1"
+.SH NAME
+igmpproxy.conf \- Configuration file for
+.BR igmpproxy (8)
+multicast daemon
+
+.SH DESCRIPTION
+.B igmpproxy.conf
+contains the configuration for the 
+.B igmpproxy
+multicast daemon. It defines which network interfaces should be
+used by the routing daemon. Each interface must be give one of the following roles:
+.B upstream
+,
+.B downstream
+or
+.B disabled
+.
+
+The
+.B upstream
+network interface is the outgoing interface which is responsible for communicating
+to availible multicast data sources. There can only be one upstream interface.
+
+.B Downstream
+network interfaces are the distribution interfaces to the destination networks, 
+where multicast clients can join groups and receive multicast data. One or more
+downstream interfaces must be configured.
+
+On
+.B disabled
+network interfaces all IGMP or multicast traffic is ignored altogether. If multiple
+IP addresses is used on one single interface (ae. eth0:1 ...), all interface
+aliases not in use should be configured as disabled.
+
+Any line in the configuration file starting with
+.B #
+is treated as a comment. Keywords and parameters can be distributed over many lines.
+The configuration file has two main keywords:
+
+.B quickleave
+.RS 
+Enables quickleave mode. In this mode the daemon will send a Leave IGMP message
+upstream as soon as it recieves a Leave message for any downstream interface.
+The daemon will then ask for Membership reports on the downstream interfaces, 
+and if a report is recieved the group is joined again upstream. Normally this
+is not noticed at all by clients on the downstream networks. If it's vital
+that the daemon should act exactly as a real multicast client on the upstream
+interface, this function should not be used. Disabling this function increases
+the risk of bandwidth saturation.
+.RE
+
+
+.B phyint 
+.I interface
+.I role 
+[ ratelimit 
+.I limit
+] [ threshold 
+.I ttl
+] [ altnet 
+.I networkaddr ... 
+]
+.RS
+Defines the state and settings of a network interface.
+.RE
+
+.SH PHYINT OPTIONS
+
+.B interface
+.RS
+The name of the interface the settings are for. This option is required for
+phyint settings.
+.RE
+
+.B role
+.RS
+The role of the interface. This should be either
+.B upstream
+(only one interface),
+.B downstream
+(one or more interfaces) or
+.B disabled
+. This option is required.
+.RE
+
+.B ratelimit
+.I limit
+.RS
+Defines a ratelimit for the network interface. If ratelimit is set to 0 (default),
+no ratelimit will be applied. This setting is optional.
+.RE
+
+.B threshold
+.I ttl
+.RS
+Defines the TTL threshold for the network interface. Packets with a lower TTL than the 
+threshols value will be ignored. This setting is optional, and by default the threshold is 1.
+.RE
+
+.B altnet
+.I networkaddr
+...
+.RS
+Defines alternate sources for multicasting and IGMP data. The network address must be on the 
+following format 'a.b.c.d/n'. By default the router will accept data from sources on the same
+network as configured on an interface. If the multicast source lies on a remote network, one
+must define from where traffic should be accepted. 
+
+This is especially useful for the upstream interface, since the source for multicast
+traffic is often from a remote location. Any number of altnet parameters can be specified.
+.RE
+
+
+.SH EXAMPLE
+## Enable quickleave
+quickleave
+.br
+## Define settings for eth0 (upstream)
+.br
+phyint eth0 upstream 
+       altnet 10.0.0.0/8
+       
+## Disable alternate IP on eth0 (eth0:0)
+.br
+phyint eth0:0 disabled
+
+## Define settings for eth1 (downstream)
+.br
+phyint eth1 downstream ratelimit 0 threshold 1
+
+## Define settings for eth2 (also downstream)
+.br
+phyint eth2 downstream
+
+
+.SH SEE ALSO
+.BR igmpproxy (8)
+
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in b/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in
new file mode 100644
index 0000000..a4ea7d0
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/doc/igmpproxy.conf.5.in
@@ -0,0 +1,146 @@
+.\" .br - line break (nothing else on the line)
+.\" .B  - bold
+.\" .I  - green or kursive (on HTML)
+.\" .TP - paragraph ? (header line, followed by indented lines)
+.\"
+.TH igmpproxy.conf 5 "" "@PACKAGE_STRING@"
+.SH NAME
+igmpproxy.conf \- Configuration file for
+.BR igmpproxy (8)
+multicast daemon
+
+.SH DESCRIPTION
+.B igmpproxy.conf
+contains the configuration for the 
+.B igmpproxy
+multicast daemon. It defines which network interfaces should be
+used by the routing daemon. Each interface must be give one of the following roles:
+.B upstream
+,
+.B downstream
+or
+.B disabled
+.
+
+The
+.B upstream
+network interface is the outgoing interface which is responsible for communicating
+to availible multicast data sources. There can only be one upstream interface.
+
+.B Downstream
+network interfaces are the distribution interfaces to the destination networks, 
+where multicast clients can join groups and receive multicast data. One or more
+downstream interfaces must be configured.
+
+On
+.B disabled
+network interfaces all IGMP or multicast traffic is ignored altogether. If multiple
+IP addresses is used on one single interface (ae. eth0:1 ...), all interface
+aliases not in use should be configured as disabled.
+
+Any line in the configuration file starting with
+.B #
+is treated as a comment. Keywords and parameters can be distributed over many lines.
+The configuration file has two main keywords:
+
+.B quickleave
+.RS 
+Enables quickleave mode. In this mode the daemon will send a Leave IGMP message
+upstream as soon as it recieves a Leave message for any downstream interface.
+The daemon will then ask for Membership reports on the downstream interfaces, 
+and if a report is recieved the group is joined again upstream. Normally this
+is not noticed at all by clients on the downstream networks. If it's vital
+that the daemon should act exactly as a real multicast client on the upstream
+interface, this function should not be used. Disabling this function increases
+the risk of bandwidth saturation.
+.RE
+
+
+.B phyint 
+.I interface
+.I role 
+[ ratelimit 
+.I limit
+] [ threshold 
+.I ttl
+] [ altnet 
+.I networkaddr ... 
+]
+.RS
+Defines the state and settings of a network interface.
+.RE
+
+.SH PHYINT OPTIONS
+
+.B interface
+.RS
+The name of the interface the settings are for. This option is required for
+phyint settings.
+.RE
+
+.B role
+.RS
+The role of the interface. This should be either
+.B upstream
+(only one interface),
+.B downstream
+(one or more interfaces) or
+.B disabled
+. This option is required.
+.RE
+
+.B ratelimit
+.I limit
+.RS
+Defines a ratelimit for the network interface. If ratelimit is set to 0 (default),
+no ratelimit will be applied. This setting is optional.
+.RE
+
+.B threshold
+.I ttl
+.RS
+Defines the TTL threshold for the network interface. Packets with a lower TTL than the 
+threshols value will be ignored. This setting is optional, and by default the threshold is 1.
+.RE
+
+.B altnet
+.I networkaddr
+...
+.RS
+Defines alternate sources for multicasting and IGMP data. The network address must be on the 
+following format 'a.b.c.d/n'. By default the router will accept data from sources on the same
+network as configured on an interface. If the multicast source lies on a remote network, one
+must define from where traffic should be accepted. 
+
+This is especially useful for the upstream interface, since the source for multicast
+traffic is often from a remote location. Any number of altnet parameters can be specified.
+.RE
+
+
+.SH EXAMPLE
+## Enable quickleave
+quickleave
+.br
+## Define settings for eth0 (upstream)
+.br
+phyint eth0 upstream 
+       altnet 10.0.0.0/8
+       
+## Disable alternate IP on eth0 (eth0:0)
+.br
+phyint eth0:0 disabled
+
+## Define settings for eth1 (downstream)
+.br
+phyint eth1 downstream ratelimit 0 threshold 1
+
+## Define settings for eth2 (also downstream)
+.br
+phyint eth2 downstream
+
+
+.SH SEE ALSO
+.BR igmpproxy (8)
+
+.SH AUTHOR
+Originally written by Johnny Egeland <johnny@rlo.org>
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf b/NONE-WF/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf
new file mode 100644
index 0000000..197ca30
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/igmpproxy.conf
@@ -0,0 +1,46 @@
+########################################################
+#
+#   Example configuration file for the IgmpProxy
+#   --------------------------------------------
+#
+#   The configuration file must define one upstream
+#   interface, and one or more downstream interfaces.
+#
+#   If multicast traffic originates outside the
+#   upstream subnet, the "altnet" option can be
+#   used in order to define legal multicast sources.
+#   (Se example...)
+#
+#   The "quickleave" should be used to avoid saturation
+#   of the upstream link. The option should only
+#   be used if it's absolutely nessecary to
+#   accurately imitate just one Client.
+#
+########################################################
+
+##------------------------------------------------------
+## Enable Quickleave mode (Sends Leave instantly)
+##------------------------------------------------------
+quickleave
+
+
+##------------------------------------------------------
+## Configuration for eth0 (Upstream Interface)
+##------------------------------------------------------
+phyint eth0 upstream  ratelimit 0  threshold 1
+        altnet 10.0.0.0/8 
+        altnet 192.168.0.0/24
+
+
+##------------------------------------------------------
+## Configuration for eth1 (Downstream Interface)
+##------------------------------------------------------
+phyint eth1 downstream  ratelimit 0  threshold 1
+
+
+##------------------------------------------------------
+## Configuration for eth2 (Disabled Interface)
+##------------------------------------------------------
+phyint eth2 disabled
+
+
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/install-sh b/NONE-WF/src/igmpproxy/igmpproxy-0.1/install-sh
new file mode 100755
index 0000000..6781b98
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/install-sh
@@ -0,0 +1,520 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2009-04-28.21; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/missing b/NONE-WF/src/igmpproxy/igmpproxy-0.1/missing
new file mode 100755
index 0000000..28055d2
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/missing
@@ -0,0 +1,376 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
+# 2008, 2009 Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+  echo 1>&2 "Try \`$0 --help' for more information"
+  exit 1
+fi
+
+run=:
+sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
+sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+  configure_ac=configure.ac
+else
+  configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case $1 in
+--run)
+  # Try to run requested program, and just exit if it succeeds.
+  run=
+  shift
+  "$@" && exit 0
+  # Exit code 63 means version mismatch.  This often happens
+  # when the user try to use an ancient version of a tool on
+  # a file that requires a minimum version.  In this case we
+  # we should proceed has if the program had been absent, or
+  # if --run hadn't been passed.
+  if test $? = 63; then
+    run=:
+    msg="probably too old"
+  fi
+  ;;
+
+  -h|--h|--he|--hel|--help)
+    echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+  -h, --help      display this help and exit
+  -v, --version   output version information and exit
+  --run           try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+  aclocal      touch file \`aclocal.m4'
+  autoconf     touch file \`configure'
+  autoheader   touch file \`config.h.in'
+  autom4te     touch the output file, or create a stub one
+  automake     touch all \`Makefile.in' files
+  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
+  flex         create \`lex.yy.c', if possible, from existing .c
+  help2man     touch the output file
+  lex          create \`lex.yy.c', if possible, from existing .c
+  makeinfo     touch the output file
+  tar          try tar, gnutar, gtar, then tar without non-portable flags
+  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
+\`g' are ignored when checking the name.
+
+Send bug reports to <bug-automake@gnu.org>."
+    exit $?
+    ;;
+
+  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+    echo "missing $scriptversion (GNU Automake)"
+    exit $?
+    ;;
+
+  -*)
+    echo 1>&2 "$0: Unknown \`$1' option"
+    echo 1>&2 "Try \`$0 --help' for more information"
+    exit 1
+    ;;
+
+esac
+
+# normalize program name to check for.
+program=`echo "$1" | sed '
+  s/^gnu-//; t
+  s/^gnu//; t
+  s/^g//; t'`
+
+# Now exit if we have it, but it failed.  Also exit now if we
+# don't have it and --version was passed (most likely to detect
+# the program).  This is about non-GNU programs, so use $1 not
+# $program.
+case $1 in
+  lex*|yacc*)
+    # Not GNU programs, they don't have --version.
+    ;;
+
+  tar*)
+    if test -n "$run"; then
+       echo 1>&2 "ERROR: \`tar' requires --run"
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       exit 1
+    fi
+    ;;
+
+  *)
+    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+       # We have it, but it failed.
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       # Could not run --version or --help.  This is probably someone
+       # running `$TOOL --version' or `$TOOL --help' to check whether
+       # $TOOL exists and not knowing $TOOL uses missing.
+       exit 1
+    fi
+    ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case $program in
+  aclocal*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acinclude.m4' or \`${configure_ac}'.  You might want
+         to install the \`Automake' and \`Perl' packages.  Grab them from
+         any GNU archive site."
+    touch aclocal.m4
+    ;;
+
+  autoconf*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`${configure_ac}'.  You might want to install the
+         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
+         archive site."
+    touch configure
+    ;;
+
+  autoheader*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acconfig.h' or \`${configure_ac}'.  You might want
+         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
+         from any GNU archive site."
+    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+    test -z "$files" && files="config.h"
+    touch_files=
+    for f in $files; do
+      case $f in
+      *:*) touch_files="$touch_files "`echo "$f" |
+				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+      *) touch_files="$touch_files $f.in";;
+      esac
+    done
+    touch $touch_files
+    ;;
+
+  automake*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+         You might want to install the \`Automake' and \`Perl' packages.
+         Grab them from any GNU archive site."
+    find . -type f -name Makefile.am -print |
+	   sed 's/\.am$/.in/' |
+	   while read f; do touch "$f"; done
+    ;;
+
+  autom4te*)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.
+         You can get \`$1' as part of \`Autoconf' from any GNU
+         archive site."
+
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo "#! /bin/sh"
+	echo "# Created by GNU Automake missing as a replacement of"
+	echo "#  $ $@"
+	echo "exit 0"
+	chmod +x $file
+	exit 1
+    fi
+    ;;
+
+  bison*|yacc*)
+    echo 1>&2 "\
+WARNING: \`$1' $msg.  You should only need it if
+         you modified a \`.y' file.  You may need the \`Bison' package
+         in order for those modifications to take effect.  You can get
+         \`Bison' from any GNU archive site."
+    rm -f y.tab.c y.tab.h
+    if test $# -ne 1; then
+        eval LASTARG="\${$#}"
+	case $LASTARG in
+	*.y)
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" y.tab.c
+	    fi
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" y.tab.h
+	    fi
+	  ;;
+	esac
+    fi
+    if test ! -f y.tab.h; then
+	echo >y.tab.h
+    fi
+    if test ! -f y.tab.c; then
+	echo 'main() { return 0; }' >y.tab.c
+    fi
+    ;;
+
+  lex*|flex*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.l' file.  You may need the \`Flex' package
+         in order for those modifications to take effect.  You can get
+         \`Flex' from any GNU archive site."
+    rm -f lex.yy.c
+    if test $# -ne 1; then
+        eval LASTARG="\${$#}"
+	case $LASTARG in
+	*.l)
+	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" lex.yy.c
+	    fi
+	  ;;
+	esac
+    fi
+    if test ! -f lex.yy.c; then
+	echo 'main() { return 0; }' >lex.yy.c
+    fi
+    ;;
+
+  help2man*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+	 you modified a dependency of a manual page.  You may need the
+	 \`Help2man' package in order for those modifications to take
+	 effect.  You can get \`Help2man' from any GNU archive site."
+
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo ".ab help2man is required to generate this page"
+	exit $?
+    fi
+    ;;
+
+  makeinfo*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.texi' or \`.texinfo' file, or any other file
+         indirectly affecting the aspect of the manual.  The spurious
+         call might also be the consequence of using a buggy \`make' (AIX,
+         DU, IRIX).  You might want to install the \`Texinfo' package or
+         the \`GNU make' package.  Grab either from any GNU archive site."
+    # The file to touch is that specified with -o ...
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -z "$file"; then
+      # ... or it is the one specified with @setfilename ...
+      infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+      file=`sed -n '
+	/^@setfilename/{
+	  s/.* \([^ ]*\) *$/\1/
+	  p
+	  q
+	}' $infile`
+      # ... or it is derived from the source name (dir/f.texi becomes f.info)
+      test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
+    fi
+    # If the file does not exist, the user really needs makeinfo;
+    # let's fail without touching anything.
+    test -f $file || exit 1
+    touch $file
+    ;;
+
+  tar*)
+    shift
+
+    # We have already tried tar in the generic part.
+    # Look for gnutar/gtar before invocation to avoid ugly error
+    # messages.
+    if (gnutar --version > /dev/null 2>&1); then
+       gnutar "$@" && exit 0
+    fi
+    if (gtar --version > /dev/null 2>&1); then
+       gtar "$@" && exit 0
+    fi
+    firstarg="$1"
+    if shift; then
+	case $firstarg in
+	*o*)
+	    firstarg=`echo "$firstarg" | sed s/o//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+	case $firstarg in
+	*h*)
+	    firstarg=`echo "$firstarg" | sed s/h//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+    fi
+
+    echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+         You may want to install GNU tar or Free paxutils, or check the
+         command line arguments."
+    exit 1
+    ;;
+
+  *)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.  Check the \`README' file,
+         it often tells you about the needed prerequisites for installing
+         this package.  You may also peek at any GNU archive site, in case
+         some other package would contain this missing \`$1' program."
+    exit 1
+    ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po
new file mode 100644
index 0000000..cc79cb5
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/callout.Po
@@ -0,0 +1,320 @@
+callout.o: callout.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po
new file mode 100644
index 0000000..54f5dd6
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/config.Po
@@ -0,0 +1,320 @@
+config.o: config.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po
new file mode 100644
index 0000000..7d81b02
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/confread.Po
@@ -0,0 +1,320 @@
+confread.o: confread.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po
new file mode 100644
index 0000000..836dafa
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/ifvc.Po
@@ -0,0 +1,320 @@
+ifvc.o: ifvc.c igmpproxy.h /usr/include/errno.h /usr/include/features.h \
+ /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po
new file mode 100644
index 0000000..a29d6fc
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/igmp.Po
@@ -0,0 +1,320 @@
+igmp.o: igmp.c igmpproxy.h /usr/include/errno.h /usr/include/features.h \
+ /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po
new file mode 100644
index 0000000..589a7b5
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/igmpproxy.Po
@@ -0,0 +1,320 @@
+igmpproxy.o: igmpproxy.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po
new file mode 100644
index 0000000..b092adf
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/kern.Po
@@ -0,0 +1,320 @@
+kern.o: kern.c igmpproxy.h /usr/include/errno.h /usr/include/features.h \
+ /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po
new file mode 100644
index 0000000..139d0e9
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/lib.Po
@@ -0,0 +1,320 @@
+lib.o: lib.c igmpproxy.h /usr/include/errno.h /usr/include/features.h \
+ /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po
new file mode 100644
index 0000000..b9f6109
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/mcgroup.Po
@@ -0,0 +1,320 @@
+mcgroup.o: mcgroup.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po
new file mode 100644
index 0000000..bd9baa2
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/mroute-api.Po
@@ -0,0 +1,320 @@
+mroute-api.o: mroute-api.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po
new file mode 100644
index 0000000..08e93a8
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/request.Po
@@ -0,0 +1,320 @@
+request.o: request.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po
new file mode 100644
index 0000000..c1ccab5
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/rttable.Po
@@ -0,0 +1,320 @@
+rttable.o: rttable.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po
new file mode 100644
index 0000000..293c2e7
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/syslog.Po
@@ -0,0 +1,320 @@
+syslog.o: syslog.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po
new file mode 100644
index 0000000..770c0e2
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/.deps/udpsock.Po
@@ -0,0 +1,320 @@
+udpsock.o: udpsock.c igmpproxy.h /usr/include/errno.h \
+ /usr/include/features.h /usr/include/i386-linux-gnu/bits/predefs.h \
+ /usr/include/i386-linux-gnu/sys/cdefs.h \
+ /usr/include/i386-linux-gnu/bits/wordsize.h \
+ /usr/include/i386-linux-gnu/gnu/stubs.h \
+ /usr/include/i386-linux-gnu/gnu/stubs-32.h \
+ /usr/include/i386-linux-gnu/bits/errno.h /usr/include/linux/errno.h \
+ /usr/include/i386-linux-gnu/asm/errno.h /usr/include/asm-generic/errno.h \
+ /usr/include/asm-generic/errno-base.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h /usr/include/stdio.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h \
+ /usr/include/i386-linux-gnu/bits/types.h \
+ /usr/include/i386-linux-gnu/bits/typesizes.h /usr/include/libio.h \
+ /usr/include/_G_config.h /usr/include/wchar.h \
+ /usr/include/i386-linux-gnu/bits/stdio_lim.h \
+ /usr/include/i386-linux-gnu/bits/sys_errlist.h \
+ /usr/include/i386-linux-gnu/bits/stdio.h /usr/include/stdlib.h \
+ /usr/include/i386-linux-gnu/bits/waitflags.h \
+ /usr/include/i386-linux-gnu/bits/waitstatus.h /usr/include/endian.h \
+ /usr/include/i386-linux-gnu/bits/endian.h \
+ /usr/include/i386-linux-gnu/bits/byteswap.h \
+ /usr/include/i386-linux-gnu/sys/types.h /usr/include/time.h \
+ /usr/include/i386-linux-gnu/sys/select.h \
+ /usr/include/i386-linux-gnu/bits/select.h \
+ /usr/include/i386-linux-gnu/bits/sigset.h \
+ /usr/include/i386-linux-gnu/bits/time.h \
+ /usr/include/i386-linux-gnu/sys/sysmacros.h \
+ /usr/include/i386-linux-gnu/bits/pthreadtypes.h /usr/include/alloca.h \
+ /usr/include/syslog.h /usr/include/i386-linux-gnu/sys/syslog.h \
+ /usr/include/i386-linux-gnu/bits/syslog-path.h /usr/include/signal.h \
+ /usr/include/i386-linux-gnu/bits/signum.h \
+ /usr/include/i386-linux-gnu/bits/siginfo.h \
+ /usr/include/i386-linux-gnu/bits/sigaction.h \
+ /usr/include/i386-linux-gnu/bits/sigcontext.h \
+ /usr/include/i386-linux-gnu/asm/sigcontext.h /usr/include/linux/types.h \
+ /usr/include/i386-linux-gnu/asm/types.h /usr/include/asm-generic/types.h \
+ /usr/include/asm-generic/int-ll64.h \
+ /usr/include/i386-linux-gnu/asm/bitsperlong.h \
+ /usr/include/asm-generic/bitsperlong.h /usr/include/linux/posix_types.h \
+ /usr/include/linux/stddef.h \
+ /usr/include/i386-linux-gnu/asm/posix_types.h \
+ /usr/include/i386-linux-gnu/asm/posix_types_32.h \
+ /usr/include/i386-linux-gnu/bits/sigstack.h \
+ /usr/include/i386-linux-gnu/sys/ucontext.h \
+ /usr/include/i386-linux-gnu/bits/sigthread.h /usr/include/unistd.h \
+ /usr/include/i386-linux-gnu/bits/posix_opt.h \
+ /usr/include/i386-linux-gnu/bits/environments.h \
+ /usr/include/i386-linux-gnu/bits/confname.h /usr/include/getopt.h \
+ /usr/include/string.h /usr/include/xlocale.h \
+ /usr/include/i386-linux-gnu/bits/string.h \
+ /usr/include/i386-linux-gnu/bits/string2.h /usr/include/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/fcntl.h \
+ /usr/include/i386-linux-gnu/bits/stat.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h \
+ /usr/include/i386-linux-gnu/sys/socket.h \
+ /usr/include/i386-linux-gnu/sys/uio.h \
+ /usr/include/i386-linux-gnu/bits/uio.h \
+ /usr/include/i386-linux-gnu/bits/socket.h \
+ /usr/include/i386-linux-gnu/bits/sockaddr.h \
+ /usr/include/i386-linux-gnu/asm/socket.h \
+ /usr/include/asm-generic/socket.h \
+ /usr/include/i386-linux-gnu/asm/sockios.h \
+ /usr/include/asm-generic/sockios.h /usr/include/i386-linux-gnu/sys/un.h \
+ /usr/include/i386-linux-gnu/sys/time.h \
+ /usr/include/i386-linux-gnu/sys/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctls.h \
+ /usr/include/i386-linux-gnu/asm/ioctls.h \
+ /usr/include/asm-generic/ioctls.h /usr/include/linux/ioctl.h \
+ /usr/include/i386-linux-gnu/asm/ioctl.h /usr/include/asm-generic/ioctl.h \
+ /usr/include/i386-linux-gnu/bits/ioctl-types.h \
+ /usr/include/i386-linux-gnu/sys/ttydefaults.h \
+ /usr/include/i386-linux-gnu/sys/param.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h \
+ /usr/include/limits.h /usr/include/i386-linux-gnu/bits/posix1_lim.h \
+ /usr/include/i386-linux-gnu/bits/local_lim.h /usr/include/linux/limits.h \
+ /usr/include/i386-linux-gnu/bits/posix2_lim.h /usr/include/linux/param.h \
+ /usr/include/i386-linux-gnu/asm/param.h /usr/include/asm-generic/param.h \
+ /usr/include/net/if.h /usr/include/netinet/in.h \
+ /usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h /usr/include/stdint.h \
+ /usr/include/i386-linux-gnu/bits/wchar.h \
+ /usr/include/i386-linux-gnu/bits/in.h /usr/include/arpa/inet.h os.h \
+ /usr/include/linux/mroute.h /usr/include/linux/sockios.h \
+ /usr/include/netinet/ip.h /usr/include/netinet/igmp.h ../config.h
+
+igmpproxy.h:
+
+/usr/include/errno.h:
+
+/usr/include/features.h:
+
+/usr/include/i386-linux-gnu/bits/predefs.h:
+
+/usr/include/i386-linux-gnu/sys/cdefs.h:
+
+/usr/include/i386-linux-gnu/bits/wordsize.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs.h:
+
+/usr/include/i386-linux-gnu/gnu/stubs-32.h:
+
+/usr/include/i386-linux-gnu/bits/errno.h:
+
+/usr/include/linux/errno.h:
+
+/usr/include/i386-linux-gnu/asm/errno.h:
+
+/usr/include/asm-generic/errno.h:
+
+/usr/include/asm-generic/errno-base.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdarg.h:
+
+/usr/include/stdio.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stddef.h:
+
+/usr/include/i386-linux-gnu/bits/types.h:
+
+/usr/include/i386-linux-gnu/bits/typesizes.h:
+
+/usr/include/libio.h:
+
+/usr/include/_G_config.h:
+
+/usr/include/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/stdio_lim.h:
+
+/usr/include/i386-linux-gnu/bits/sys_errlist.h:
+
+/usr/include/i386-linux-gnu/bits/stdio.h:
+
+/usr/include/stdlib.h:
+
+/usr/include/i386-linux-gnu/bits/waitflags.h:
+
+/usr/include/i386-linux-gnu/bits/waitstatus.h:
+
+/usr/include/endian.h:
+
+/usr/include/i386-linux-gnu/bits/endian.h:
+
+/usr/include/i386-linux-gnu/bits/byteswap.h:
+
+/usr/include/i386-linux-gnu/sys/types.h:
+
+/usr/include/time.h:
+
+/usr/include/i386-linux-gnu/sys/select.h:
+
+/usr/include/i386-linux-gnu/bits/select.h:
+
+/usr/include/i386-linux-gnu/bits/sigset.h:
+
+/usr/include/i386-linux-gnu/bits/time.h:
+
+/usr/include/i386-linux-gnu/sys/sysmacros.h:
+
+/usr/include/i386-linux-gnu/bits/pthreadtypes.h:
+
+/usr/include/alloca.h:
+
+/usr/include/syslog.h:
+
+/usr/include/i386-linux-gnu/sys/syslog.h:
+
+/usr/include/i386-linux-gnu/bits/syslog-path.h:
+
+/usr/include/signal.h:
+
+/usr/include/i386-linux-gnu/bits/signum.h:
+
+/usr/include/i386-linux-gnu/bits/siginfo.h:
+
+/usr/include/i386-linux-gnu/bits/sigaction.h:
+
+/usr/include/i386-linux-gnu/bits/sigcontext.h:
+
+/usr/include/i386-linux-gnu/asm/sigcontext.h:
+
+/usr/include/linux/types.h:
+
+/usr/include/i386-linux-gnu/asm/types.h:
+
+/usr/include/asm-generic/types.h:
+
+/usr/include/asm-generic/int-ll64.h:
+
+/usr/include/i386-linux-gnu/asm/bitsperlong.h:
+
+/usr/include/asm-generic/bitsperlong.h:
+
+/usr/include/linux/posix_types.h:
+
+/usr/include/linux/stddef.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types.h:
+
+/usr/include/i386-linux-gnu/asm/posix_types_32.h:
+
+/usr/include/i386-linux-gnu/bits/sigstack.h:
+
+/usr/include/i386-linux-gnu/sys/ucontext.h:
+
+/usr/include/i386-linux-gnu/bits/sigthread.h:
+
+/usr/include/unistd.h:
+
+/usr/include/i386-linux-gnu/bits/posix_opt.h:
+
+/usr/include/i386-linux-gnu/bits/environments.h:
+
+/usr/include/i386-linux-gnu/bits/confname.h:
+
+/usr/include/getopt.h:
+
+/usr/include/string.h:
+
+/usr/include/xlocale.h:
+
+/usr/include/i386-linux-gnu/bits/string.h:
+
+/usr/include/i386-linux-gnu/bits/string2.h:
+
+/usr/include/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/fcntl.h:
+
+/usr/include/i386-linux-gnu/bits/stat.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdbool.h:
+
+/usr/include/i386-linux-gnu/sys/socket.h:
+
+/usr/include/i386-linux-gnu/sys/uio.h:
+
+/usr/include/i386-linux-gnu/bits/uio.h:
+
+/usr/include/i386-linux-gnu/bits/socket.h:
+
+/usr/include/i386-linux-gnu/bits/sockaddr.h:
+
+/usr/include/i386-linux-gnu/asm/socket.h:
+
+/usr/include/asm-generic/socket.h:
+
+/usr/include/i386-linux-gnu/asm/sockios.h:
+
+/usr/include/asm-generic/sockios.h:
+
+/usr/include/i386-linux-gnu/sys/un.h:
+
+/usr/include/i386-linux-gnu/sys/time.h:
+
+/usr/include/i386-linux-gnu/sys/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctls.h:
+
+/usr/include/i386-linux-gnu/asm/ioctls.h:
+
+/usr/include/asm-generic/ioctls.h:
+
+/usr/include/linux/ioctl.h:
+
+/usr/include/i386-linux-gnu/asm/ioctl.h:
+
+/usr/include/asm-generic/ioctl.h:
+
+/usr/include/i386-linux-gnu/bits/ioctl-types.h:
+
+/usr/include/i386-linux-gnu/sys/ttydefaults.h:
+
+/usr/include/i386-linux-gnu/sys/param.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/limits.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include-fixed/syslimits.h:
+
+/usr/include/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix1_lim.h:
+
+/usr/include/i386-linux-gnu/bits/local_lim.h:
+
+/usr/include/linux/limits.h:
+
+/usr/include/i386-linux-gnu/bits/posix2_lim.h:
+
+/usr/include/linux/param.h:
+
+/usr/include/i386-linux-gnu/asm/param.h:
+
+/usr/include/asm-generic/param.h:
+
+/usr/include/net/if.h:
+
+/usr/include/netinet/in.h:
+
+/usr/lib/gcc/i486-linux-gnu/4.7/include/stdint.h:
+
+/usr/include/stdint.h:
+
+/usr/include/i386-linux-gnu/bits/wchar.h:
+
+/usr/include/i386-linux-gnu/bits/in.h:
+
+/usr/include/arpa/inet.h:
+
+os.h:
+
+/usr/include/linux/mroute.h:
+
+/usr/include/linux/sockios.h:
+
+/usr/include/netinet/ip.h:
+
+/usr/include/netinet/igmp.h:
+
+../config.h:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/Makefile b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/Makefile
new file mode 100644
index 0000000..1118be8
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/Makefile
@@ -0,0 +1,493 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# src/Makefile.  Generated from Makefile.in by configure.
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+
+
+
+pkgdatadir = $(datadir)/igmpproxy
+pkgincludedir = $(includedir)/igmpproxy
+pkglibdir = $(libdir)/igmpproxy
+pkglibexecdir = $(libexecdir)/igmpproxy
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = i586-pc-linux-gnu
+host_triplet = i586-pc-linux-gnu
+sbin_PROGRAMS = igmpproxy$(EXEEXT)
+subdir = src
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = os.h
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am_igmpproxy_OBJECTS = callout.$(OBJEXT) config.$(OBJEXT) \
+	confread.$(OBJEXT) ifvc.$(OBJEXT) igmp.$(OBJEXT) \
+	igmpproxy.$(OBJEXT) kern.$(OBJEXT) lib.$(OBJEXT) \
+	mcgroup.$(OBJEXT) mroute-api.$(OBJEXT) request.$(OBJEXT) \
+	rttable.$(OBJEXT) syslog.$(OBJEXT) udpsock.$(OBJEXT)
+igmpproxy_OBJECTS = $(am_igmpproxy_OBJECTS)
+igmpproxy_LDADD = $(LDADD)
+DEFAULT_INCLUDES = -I. -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(igmpproxy_SOURCES)
+DIST_SOURCES = $(igmpproxy_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run aclocal-1.11
+AMTAR = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run tar
+AUTOCONF = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoconf
+AUTOHEADER = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run autoheader
+AUTOMAKE = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run automake-1.11
+AWK = gawk
+CC = gcc -std=gnu99
+CCDEPMODE = depmode=gcc3
+CFLAGS = -g -O2
+CPPFLAGS = 
+CYGPATH_W = echo
+DEFS = -DHAVE_CONFIG_H
+DEPDIR = .deps
+ECHO_C = 
+ECHO_N = -n
+ECHO_T = 
+EXEEXT = 
+INSTALL = /usr/bin/install -c
+INSTALL_DATA = ${INSTALL} -m 644
+INSTALL_PROGRAM = ${INSTALL}
+INSTALL_SCRIPT = ${INSTALL}
+INSTALL_STRIP_PROGRAM = $(install_sh) -c -s
+LDFLAGS = 
+LIBOBJS = 
+LIBS = 
+LTLIBOBJS = 
+MAKEINFO = ${SHELL} /usr/local/src/igmpproxy-0.1/missing --run makeinfo
+MKDIR_P = /bin/mkdir -p
+OBJEXT = o
+PACKAGE = igmpproxy
+PACKAGE_BUGREPORT = 
+PACKAGE_NAME = igmpproxy
+PACKAGE_STRING = igmpproxy 0.1
+PACKAGE_TARNAME = igmpproxy
+PACKAGE_VERSION = 0.1
+PATH_SEPARATOR = :
+SET_MAKE = 
+SHELL = /bin/sh
+STRIP = 
+VERSION = 0.1
+abs_builddir = /usr/local/src/igmpproxy-0.1/src
+abs_srcdir = /usr/local/src/igmpproxy-0.1/src
+abs_top_builddir = /usr/local/src/igmpproxy-0.1
+abs_top_srcdir = /usr/local/src/igmpproxy-0.1
+ac_ct_CC = gcc
+am__include = include
+am__leading_dot = .
+am__quote = 
+am__tar = ${AMTAR} chof - "$$tardir"
+am__untar = ${AMTAR} xf -
+bindir = ${exec_prefix}/bin
+build = i586-pc-linux-gnu
+build_alias = 
+build_cpu = i586
+build_os = linux-gnu
+build_vendor = pc
+builddir = .
+datadir = ${datarootdir}
+datarootdir = ${prefix}/share
+docdir = ${datarootdir}/doc/${PACKAGE_TARNAME}
+dvidir = ${docdir}
+exec_prefix = ${prefix}
+host = i586-pc-linux-gnu
+host_alias = 
+host_cpu = i586
+host_os = linux-gnu
+host_vendor = pc
+htmldir = ${docdir}
+includedir = ${prefix}/include
+infodir = ${datarootdir}/info
+install_sh = ${SHELL} /usr/local/src/igmpproxy-0.1/install-sh
+libdir = ${exec_prefix}/lib
+libexecdir = ${exec_prefix}/libexec
+localedir = ${datarootdir}/locale
+localstatedir = ${prefix}/var
+mandir = ${datarootdir}/man
+mkdir_p = /bin/mkdir -p
+oldincludedir = /usr/include
+pdfdir = ${docdir}
+prefix = /usr/local/igmpproxy-0.1
+program_transform_name = s,x,x,
+psdir = ${docdir}
+sbindir = ${exec_prefix}/sbin
+sharedstatedir = ${prefix}/com
+srcdir = .
+sysconfdir = ${prefix}/etc
+target_alias = 
+top_build_prefix = ../
+top_builddir = ..
+top_srcdir = ..
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p; \
+	  then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' `; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
+igmpproxy$(EXEEXT): $(igmpproxy_OBJECTS) $(igmpproxy_DEPENDENCIES) 
+	@rm -f igmpproxy$(EXEEXT)
+	$(LINK) $(igmpproxy_OBJECTS) $(igmpproxy_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+include ./$(DEPDIR)/callout.Po
+include ./$(DEPDIR)/config.Po
+include ./$(DEPDIR)/confread.Po
+include ./$(DEPDIR)/ifvc.Po
+include ./$(DEPDIR)/igmp.Po
+include ./$(DEPDIR)/igmpproxy.Po
+include ./$(DEPDIR)/kern.Po
+include ./$(DEPDIR)/lib.Po
+include ./$(DEPDIR)/mcgroup.Po
+include ./$(DEPDIR)/mroute-api.Po
+include ./$(DEPDIR)/request.Po
+include ./$(DEPDIR)/rttable.Po
+include ./$(DEPDIR)/syslog.Po
+include ./$(DEPDIR)/udpsock.Po
+
+.c.o:
+	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+#	source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(COMPILE) -c $<
+
+.c.obj:
+	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+#	source='$<' object='$@' libtool=no \
+#	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) \
+#	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+	for dir in "$(DESTDIR)$(sbindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-sbinPROGRAMS ctags distclean distclean-compile \
+	distclean-generic distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-sbinPROGRAMS install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-sbinPROGRAMS
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/Makefile.am b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/Makefile.am
new file mode 100644
index 0000000..fb63ff3
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/Makefile.am
@@ -0,0 +1,22 @@
+sbin_PROGRAMS = igmpproxy
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/Makefile.in b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/Makefile.in
new file mode 100644
index 0000000..ab670af
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/Makefile.in
@@ -0,0 +1,493 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+sbin_PROGRAMS = igmpproxy$(EXEEXT)
+subdir = src
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = os.h
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am_igmpproxy_OBJECTS = callout.$(OBJEXT) config.$(OBJEXT) \
+	confread.$(OBJEXT) ifvc.$(OBJEXT) igmp.$(OBJEXT) \
+	igmpproxy.$(OBJEXT) kern.$(OBJEXT) lib.$(OBJEXT) \
+	mcgroup.$(OBJEXT) mroute-api.$(OBJEXT) request.$(OBJEXT) \
+	rttable.$(OBJEXT) syslog.$(OBJEXT) udpsock.$(OBJEXT)
+igmpproxy_OBJECTS = $(am_igmpproxy_OBJECTS)
+igmpproxy_LDADD = $(LDADD)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(igmpproxy_SOURCES)
+DIST_SOURCES = $(igmpproxy_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EXEEXT = @EXEEXT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+igmpproxy_SOURCES = \
+	callout.c \
+	config.c \
+	confread.c \
+	ifvc.c \
+	igmp.c \
+	igmpproxy.c \
+	igmpproxy.h \
+	kern.c \
+	lib.c \
+	mcgroup.c \
+	mroute-api.c \
+	os-dragonfly.h \
+	os-freebsd.h \
+	os-linux.h \
+	os-netbsd.h \
+	os-openbsd.h \
+	request.c \
+	rttable.c \
+	syslog.c \
+	udpsock.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)"
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p; \
+	  then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	      echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+	      $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-sbinPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' `; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+	-test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
+igmpproxy$(EXEEXT): $(igmpproxy_OBJECTS) $(igmpproxy_DEPENDENCIES) 
+	@rm -f igmpproxy$(EXEEXT)
+	$(LINK) $(igmpproxy_OBJECTS) $(igmpproxy_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callout.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/config.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/confread.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ifvc.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/igmp.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/igmpproxy.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kern.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mcgroup.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mroute-api.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/request.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rttable.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/syslog.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/udpsock.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+	for dir in "$(DESTDIR)$(sbindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-sbinPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-sbinPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-sbinPROGRAMS ctags distclean distclean-compile \
+	distclean-generic distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-sbinPROGRAMS install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
+	uninstall-am uninstall-sbinPROGRAMS
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/callout.c b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/callout.c
new file mode 100644
index 0000000..4edfe5e
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/callout.c
@@ -0,0 +1,255 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+
+#include "igmpproxy.h"
+
+/* the code below implements a callout queue */
+static int id = 0;
+static struct timeOutQueue  *queue = 0; /* pointer to the beginning of timeout queue */
+
+struct timeOutQueue {
+    struct timeOutQueue    *next;   // Next event in queue
+    int                     id;  
+    timer_f                 func;   // function to call
+    void                    *data;  // Data for function
+    int                     time;   // Time offset for next event
+};
+
+// Method for dumping the Queue to the log.
+static void debugQueue(void);
+
+/**
+*   Initializes the callout queue
+*/
+void callout_init() {
+    queue = NULL;
+}
+
+/**
+*   Clears all scheduled timeouts...
+*/
+void free_all_callouts() {
+    struct timeOutQueue *p;
+
+    while (queue) {
+        p = queue;
+        queue = queue->next;
+        free(p);
+    }
+}
+
+
+/**
+ * elapsed_time seconds have passed; perform all the events that should
+ * happen.
+ */
+void age_callout_queue(int elapsed_time) {
+    struct timeOutQueue *ptr;
+    int i = 0;
+
+    for (ptr = queue; ptr; ptr = queue, i++) {
+        if (ptr->time > elapsed_time) {
+            ptr->time -= elapsed_time;
+            return;
+        } else {
+            elapsed_time -= ptr->time;
+            queue = queue->next;
+            my_log(LOG_DEBUG, 0, "About to call timeout %d (#%d)", ptr->id, i);
+
+            if (ptr->func)
+                ptr->func(ptr->data);
+            free(ptr);
+        }
+    }
+}
+
+/**
+ * Return in how many seconds age_callout_queue() would like to be called.
+ * Return -1 if there are no events pending.
+ */
+int timer_nextTimer() {
+    if (queue) {
+        if (queue->time < 0) {
+            my_log(LOG_WARNING, 0, "timer_nextTimer top of queue says %d", 
+                queue->time);
+            return 0;
+        }
+        return queue->time;
+    }
+    return -1;
+}
+
+/**
+ *  Inserts a timer in queue.
+ *  @param delay - Number of seconds the timeout should happen in.
+ *  @param action - The function to call on timeout.
+ *  @param data - Pointer to the function data to supply...
+ */
+int timer_setTimer(int delay, timer_f action, void *data) {
+    struct     timeOutQueue  *ptr, *node, *prev;
+    int i = 0;
+
+    /* create a node */ 
+    node = (struct timeOutQueue *)malloc(sizeof(struct timeOutQueue));
+    if (node == 0) {
+        my_log(LOG_WARNING, 0, "Malloc Failed in timer_settimer\n");
+        return -1;
+    }
+    node->func = action; 
+    node->data = data;
+    node->time = delay; 
+    node->next = 0; 
+    node->id   = ++id;
+
+    prev = ptr = queue;
+
+    /* insert node in the queue */
+
+    /* if the queue is empty, insert the node and return */
+    if (!queue) {
+        queue = node;
+    }
+    else {
+        /* chase the pointer looking for the right place */
+        while (ptr) {
+            if (delay < ptr->time) {
+                // We found the correct node
+                node->next = ptr;
+                if (ptr == queue) {
+                    queue = node;
+                }
+                else {
+                    prev->next = node;
+                }
+                ptr->time -= node->time;
+		my_log(LOG_DEBUG, 0,
+			"Created timeout %d (#%d) - delay %d secs",
+			node->id, i, node->time);
+		debugQueue();
+                return node->id;
+            } else {
+                // Continur to check nodes.
+                delay -= ptr->time; node->time = delay;
+                prev = ptr;
+                ptr = ptr->next;
+            }
+            i++;
+        }
+        prev->next = node;
+    }
+    my_log(LOG_DEBUG, 0, "Created timeout %d (#%d) - delay %d secs", 
+            node->id, i, node->time);
+    debugQueue();
+
+    return node->id;
+}
+
+/**
+*   returns the time until the timer is scheduled 
+*/
+int timer_leftTimer(int timer_id) {
+    struct timeOutQueue *ptr;
+    int left = 0;
+
+    if (!timer_id)
+        return -1;
+
+    for (ptr = queue; ptr; ptr = ptr->next) {
+        left += ptr->time;
+        if (ptr->id == timer_id) {
+            return left;
+        }
+    }
+    return -1;
+}
+
+/**
+*   clears the associated timer.  Returns 1 if succeeded. 
+*/
+int timer_clearTimer(int  timer_id) {
+    struct timeOutQueue  *ptr, *prev;
+    int i = 0;
+
+    if (!timer_id)
+        return 0;
+
+    prev = ptr = queue;
+
+    /*
+     * find the right node, delete it. the subsequent node's time
+     * gets bumped up
+     */
+
+    debugQueue();
+    while (ptr) {
+        if (ptr->id == timer_id) {
+            /* got the right node */
+
+            /* unlink it from the queue */
+            if (ptr == queue)
+                queue = queue->next;
+            else
+                prev->next = ptr->next;
+
+            /* increment next node if any */
+            if (ptr->next != 0)
+                (ptr->next)->time += ptr->time;
+
+            if (ptr->data)
+                free(ptr->data);
+            my_log(LOG_DEBUG, 0, "deleted timer %d (#%d)", ptr->id, i);
+            free(ptr);
+            debugQueue();
+            return 1;
+        }
+        prev = ptr;
+        ptr = ptr->next;
+        i++;
+    }
+    // If we get here, the timer was not deleted.
+    my_log(LOG_DEBUG, 0, "failed to delete timer %d (#%d)", timer_id, i);
+    debugQueue();
+    return 0;
+}
+
+/**
+ * debugging utility
+ */
+static void debugQueue() {
+    struct timeOutQueue  *ptr;
+
+    for (ptr = queue; ptr; ptr = ptr->next) {
+            my_log(LOG_DEBUG, 0, "(Id:%d, Time:%d) ", ptr->id, ptr->time);
+    }
+}
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/callout.o b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/callout.o
new file mode 100644
index 0000000..d593331
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/callout.o differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/config.c b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/config.c
new file mode 100644
index 0000000..5a96ce0
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/config.c
@@ -0,0 +1,361 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   config.c - Contains functions to load and parse config
+*              file, and functions to configure the daemon.              
+*/
+
+#include "igmpproxy.h"
+                                      
+// Structure to keep configuration for VIFs...    
+struct vifconfig {
+    char*               name;
+    short               state;
+    int                 ratelimit;
+    int                 threshold;
+
+    // Keep allowed nets for VIF.
+    struct SubnetList*  allowednets;
+    
+    // Next config in list...
+    struct vifconfig*   next;
+};
+                 
+// Structure to keep vif configuration
+struct vifconfig*   vifconf;
+
+// Keeps common settings...
+static struct Config commonConfig;
+
+// Prototypes...
+struct vifconfig *parsePhyintToken();
+struct SubnetList *parseSubnetAddress(char *addrstr);
+
+
+/**
+*   Initializes common config..
+*/
+void initCommonConfig() {
+    commonConfig.robustnessValue = DEFAULT_ROBUSTNESS;
+    commonConfig.queryInterval = INTERVAL_QUERY;
+    commonConfig.queryResponseInterval = INTERVAL_QUERY_RESPONSE;
+
+    // The defaults are calculated from other settings.
+    commonConfig.startupQueryInterval = (unsigned int)(INTERVAL_QUERY / 4);
+    commonConfig.startupQueryCount = DEFAULT_ROBUSTNESS;
+
+    // Default values for leave intervals...
+    commonConfig.lastMemberQueryInterval = INTERVAL_QUERY_RESPONSE;
+    commonConfig.lastMemberQueryCount    = DEFAULT_ROBUSTNESS;
+
+    // If 1, a leave message is sent upstream on leave messages from downstream.
+    commonConfig.fastUpstreamLeave = 0;
+
+}
+
+/**
+*   Returns a pointer to the common config...
+*/
+struct Config *getCommonConfig() {
+    return &commonConfig;
+}
+
+/**
+*   Loads the configuration from file, and stores the config in 
+*   respective holders...
+*/                 
+int loadConfig(char *configFile) {
+    struct vifconfig  *tmpPtr;
+    struct vifconfig  **currPtr = &vifconf;
+    char *token;
+    
+    // Initialize common config
+    initCommonConfig();
+
+    // Test config file reader...
+    if(!openConfigFile(configFile)) {
+        my_log(LOG_ERR, 0, "Unable to open configfile from %s", configFile);
+    }
+
+    // Get first token...
+    token = nextConfigToken();
+    if(token == NULL) {
+        my_log(LOG_ERR, 0, "Config file was empty.");
+    }
+
+    // Loop until all configuration is read.
+    while ( token != NULL ) {
+        // Check token...
+        if(strcmp("phyint", token)==0) {
+            // Got a phyint token... Call phyint parser
+            my_log(LOG_DEBUG, 0, "Config: Got a phyint token.");
+            tmpPtr = parsePhyintToken();
+            if(tmpPtr == NULL) {
+                // Unparsable token... Exit...
+                closeConfigFile();
+                my_log(LOG_WARNING, 0, "Unknown token '%s' in configfile", token);
+                return 0;
+            } else {
+
+                my_log(LOG_DEBUG, 0, "IF name : %s", tmpPtr->name);
+                my_log(LOG_DEBUG, 0, "Next ptr : %x", tmpPtr->next);
+                my_log(LOG_DEBUG, 0, "Ratelimit : %d", tmpPtr->ratelimit);
+                my_log(LOG_DEBUG, 0, "Threshold : %d", tmpPtr->threshold);
+                my_log(LOG_DEBUG, 0, "State : %d", tmpPtr->state);
+                my_log(LOG_DEBUG, 0, "Allowednet ptr : %x", tmpPtr->allowednets);
+
+                // Insert config, and move temppointer to next location...
+                *currPtr = tmpPtr;
+                currPtr = &tmpPtr->next;
+            }
+        } 
+        else if(strcmp("quickleave", token)==0) {
+            // Got a quickleave token....
+            my_log(LOG_DEBUG, 0, "Config: Quick leave mode enabled.");
+            commonConfig.fastUpstreamLeave = 1;
+            
+            // Read next token...
+            token = nextConfigToken();
+            continue;
+        } else {
+            // Unparsable token... Exit...
+            closeConfigFile();
+            my_log(LOG_WARNING, 0, "Unknown token '%s' in configfile", token);
+            return 0;
+        }
+        // Get token that was not recognized by phyint parser.
+        token = getCurrentConfigToken();
+    }
+
+    // Close the configfile...
+    closeConfigFile();
+
+    return 1;
+}
+
+/**
+*   Appends extra VIF configuration from config file.
+*/
+void configureVifs() {
+    unsigned Ix;
+    struct IfDesc *Dp;
+    struct vifconfig *confPtr;
+
+    // If no config is availible, just return...
+    if(vifconf == NULL) {
+        return;
+    }
+
+    // Loop through all VIFs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+
+            // Now try to find a matching config...
+            for( confPtr = vifconf; confPtr; confPtr = confPtr->next) {
+
+                // I the VIF names match...
+                if(strcmp(Dp->Name, confPtr->name)==0) {
+                    struct SubnetList *vifLast;
+
+                    my_log(LOG_DEBUG, 0, "Found config for %s", Dp->Name);
+
+
+                    // Set the VIF state 
+                    Dp->state = confPtr->state;
+                    
+                    Dp->threshold = confPtr->threshold;
+                    Dp->ratelimit = confPtr->ratelimit;
+
+                    // Go to last allowed net on VIF...
+                    for(vifLast = Dp->allowednets; vifLast->next; vifLast = vifLast->next);
+                        
+                    // Insert the configured nets...
+                    vifLast->next = confPtr->allowednets;
+
+                    break;
+                }
+            }
+        }
+    }
+}
+
+
+/**
+*   Internal function to parse phyint config
+*/
+struct vifconfig *parsePhyintToken() {
+    struct vifconfig  *tmpPtr;
+    struct SubnetList **anetPtr;
+    char *token;
+    short parseError = 0;
+
+    // First token should be the interface name....
+    token = nextConfigToken();
+
+    // Sanitycheck the name...
+    if(token == NULL) return NULL;
+    if(strlen(token) >= IF_NAMESIZE) return NULL;
+    my_log(LOG_DEBUG, 0, "Config: IF: Config for interface %s.", token);
+
+    // Allocate memory for configuration...
+    tmpPtr = (struct vifconfig*)malloc(sizeof(struct vifconfig));
+    if(tmpPtr == NULL) {
+        my_log(LOG_ERR, 0, "Out of memory.");
+    }
+
+    // Set default values...
+    tmpPtr->next = NULL;    // Important to avoid seg fault...
+    tmpPtr->ratelimit = 0;
+    tmpPtr->threshold = 1;
+    tmpPtr->state = IF_STATE_DOWNSTREAM;
+    tmpPtr->allowednets = NULL;
+
+    // Make a copy of the token to store the IF name
+    tmpPtr->name = strdup( token );
+    if(tmpPtr->name == NULL) {
+        my_log(LOG_ERR, 0, "Out of memory.");
+    }
+
+    // Set the altnet pointer to the allowednets pointer.
+    anetPtr = &tmpPtr->allowednets;
+
+    // Parse the rest of the config..
+    token = nextConfigToken();
+    while(token != NULL) {
+        if(strcmp("altnet", token)==0) {
+            // Altnet...
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got altnet token %s.",token);
+
+            *anetPtr = parseSubnetAddress(token);
+            if(*anetPtr == NULL) {
+                parseError = 1;
+                my_log(LOG_WARNING, 0, "Unable to parse subnet address.");
+                break;
+            } else {
+                anetPtr = &(*anetPtr)->next;
+            }
+        }
+        else if(strcmp("upstream", token)==0) {
+            // Upstream
+            my_log(LOG_DEBUG, 0, "Config: IF: Got upstream token.");
+            tmpPtr->state = IF_STATE_UPSTREAM;
+        }
+        else if(strcmp("downstream", token)==0) {
+            // Downstream
+            my_log(LOG_DEBUG, 0, "Config: IF: Got downstream token.");
+            tmpPtr->state = IF_STATE_DOWNSTREAM;
+        }
+        else if(strcmp("disabled", token)==0) {
+            // Disabled
+            my_log(LOG_DEBUG, 0, "Config: IF: Got disabled token.");
+            tmpPtr->state = IF_STATE_DISABLED;
+        }
+        else if(strcmp("ratelimit", token)==0) {
+            // Ratelimit
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got ratelimit token '%s'.", token);
+            tmpPtr->ratelimit = atoi( token );
+            if(tmpPtr->ratelimit < 0) {
+                my_log(LOG_WARNING, 0, "Ratelimit must be 0 or more.");
+                parseError = 1;
+                break;
+            }
+        }
+        else if(strcmp("threshold", token)==0) {
+            // Threshold
+            token = nextConfigToken();
+            my_log(LOG_DEBUG, 0, "Config: IF: Got threshold token '%s'.", token);
+            tmpPtr->threshold = atoi( token );
+            if(tmpPtr->threshold <= 0 || tmpPtr->threshold > 255) {
+                my_log(LOG_WARNING, 0, "Threshold must be between 1 and 255.");
+                parseError = 1;
+                break;
+            }
+        }
+        else {
+            // Unknown token. Break...
+            break;
+        }
+        token = nextConfigToken();
+    }
+
+    // Clean up after a parseerror...
+    if(parseError) {
+        free(tmpPtr);
+        tmpPtr = NULL;
+    }
+
+    return tmpPtr;
+}
+
+/**
+*   Parses a subnet address string on the format
+*   a.b.c.d/n into a SubnetList entry.
+*/
+struct SubnetList *parseSubnetAddress(char *addrstr) {
+    struct SubnetList *tmpSubnet;
+    char        *tmpStr;
+    uint32_t      addr = 0x00000000;
+    uint32_t      mask = 0xFFFFFFFF;
+
+    // First get the network part of the address...
+    tmpStr = strtok(addrstr, "/");
+    addr = inet_addr(tmpStr);
+
+    tmpStr = strtok(NULL, "/");
+    if(tmpStr != NULL) {
+        int bitcnt = atoi(tmpStr);
+        if(bitcnt <= 0 || bitcnt > 32) {
+            my_log(LOG_WARNING, 0, "The bits part of the address is invalid : %d.",tmpStr);
+            return NULL;
+        }
+
+        mask <<= (32 - bitcnt);
+    }
+
+    if(addr == -1 || addr == 0) {
+        my_log(LOG_WARNING, 0, "Unable to parse address token '%s'.", addrstr);
+        return NULL;
+    }
+
+    tmpSubnet = (struct SubnetList*) malloc(sizeof(struct SubnetList));
+    tmpSubnet->subnet_addr = addr;
+    tmpSubnet->subnet_mask = ntohl(mask);
+    tmpSubnet->next = NULL;
+
+    my_log(LOG_DEBUG, 0, "Config: IF: Altnet: Parsed altnet to %s.",
+	    inetFmts(tmpSubnet->subnet_addr, tmpSubnet->subnet_mask,s1));
+
+    return tmpSubnet;
+}
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/config.o b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/config.o
new file mode 100644
index 0000000..82093f4
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/config.o differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/confread.c b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/confread.c
new file mode 100644
index 0000000..6e267dc
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/confread.c
@@ -0,0 +1,213 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   confread.c
+*
+*   Generic config file reader. Used to open a config file,
+*   and read the tokens from it. The parser is really simple,
+*   and does no backlogging. This means that no form of
+*   text escaping and qouting is currently supported.
+*   '#' chars are read as comments, and the comment lasts until 
+*   a newline or EOF
+*
+*/
+
+#include "igmpproxy.h"
+
+#define     READ_BUFFER_SIZE    512   // Inputbuffer size...
+        
+#ifndef MAX_TOKEN_LENGTH
+  #define MAX_TOKEN_LENGTH  30     // Default max token length
+#endif
+                                     
+FILE            *confFilePtr;       // File handle pointer
+char            *iBuffer;           // Inputbuffer for reading...
+unsigned int    bufPtr;             // Buffer position pointer.
+unsigned int    readSize;           // Number of bytes in buffer after last read...
+char    cToken[MAX_TOKEN_LENGTH];   // Token buffer...
+short   validToken;
+
+/**
+*   Opens config file specified by filename.
+*/    
+int openConfigFile(char *filename) {
+
+    // Set the buffer to null initially...
+    iBuffer = NULL;
+
+    // Open the file for reading...
+    confFilePtr = fopen(filename, "r");
+    
+    // On error, return false
+    if(confFilePtr == NULL) {
+        return 0;
+    }
+    
+    // Allocate memory for inputbuffer...
+    iBuffer = (char*) malloc( sizeof(char) * READ_BUFFER_SIZE );
+    
+    if(iBuffer == NULL) {
+        closeConfigFile();
+        return 0;
+    }
+    
+    // Reset bufferpointer and readsize
+    bufPtr = 0;
+    readSize = 0;
+
+    return 1;
+}
+
+/**
+*   Closes the currently open config file.
+*/
+void closeConfigFile() {
+    // Close the file.
+    if(confFilePtr!=NULL) {
+        fclose(confFilePtr);
+    }
+    // Free input buffer memory...
+    if(iBuffer != NULL) {
+        free(iBuffer);
+    }
+}
+
+/**
+*   Returns the next token from the configfile. The function
+*   return NULL if there are no more tokens in the file.    
+*/
+char *nextConfigToken() {
+
+    validToken = 0;
+
+    // If no file or buffer, return NULL
+    if(confFilePtr == NULL || iBuffer == NULL) {
+        return NULL;
+    }
+
+    {
+        unsigned int tokenPtr       = 0;
+        unsigned short finished     = 0;
+        unsigned short commentFound = 0;
+
+        // Outer buffer fill loop...
+        while ( !finished ) {
+            // If readpointer is at the end of the buffer, we should read next chunk...
+            if(bufPtr == readSize) {
+                // Fill up the buffer...
+                readSize = fread (iBuffer, sizeof(char), READ_BUFFER_SIZE, confFilePtr);
+                bufPtr = 0;
+
+                // If the readsize is 0, we should just return...
+                if(readSize == 0) {
+                    return NULL;
+                }
+            }
+
+            // Inner char loop...
+            while ( bufPtr < readSize && !finished ) {
+
+                //printf("Char %s", iBuffer[bufPtr]);
+
+                // Break loop on \0
+                if(iBuffer[bufPtr] == '\0') {
+                    break;
+                }
+
+                if( commentFound ) {
+                    if( iBuffer[bufPtr] == '\n' ) {
+                        commentFound = 0;
+                    }
+                } else {
+
+                    // Check current char...
+                    switch(iBuffer[bufPtr]) {
+                    case '#':
+                        // Found a comment start...
+                        commentFound = 1;
+                        break;
+
+                    case '\n':
+                    case '\r':
+                    case '\t':
+                    case ' ':
+                        // Newline, CR, Tab and space are end of token, or ignored.
+                        if(tokenPtr > 0) {
+                            cToken[tokenPtr] = '\0';    // EOL
+                            finished = 1;
+                        }
+                        break;
+
+                    default:
+                        // Append char to token...
+                        cToken[tokenPtr++] = iBuffer[bufPtr];
+                        break;
+                    }
+                
+                }
+
+                // Check end of token buffer !!!
+                if(tokenPtr == MAX_TOKEN_LENGTH - 1) {
+                    // Prevent buffer overrun...
+                    cToken[tokenPtr] = '\0';
+                    finished = 1;
+                }
+
+                // Next char...
+                bufPtr++;
+            }
+            // If the readsize is less than buffersize, we assume EOF.
+            if(readSize < READ_BUFFER_SIZE && bufPtr == readSize) {
+                if (tokenPtr > 0)
+                    finished = 1;
+                else
+                    return NULL;
+            }
+        }
+        if(tokenPtr>0) {
+            validToken = 1;
+            return cToken;
+        }
+    }
+    return NULL;
+}
+
+
+/**
+*   Returns the currently active token, or null
+*   if no tokens are availible.
+*/
+char *getCurrentConfigToken() {
+    return validToken ? cToken : NULL;
+}
+
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/confread.o b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/confread.o
new file mode 100644
index 0000000..8c5ac54
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/confread.o differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/ifvc.c b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/ifvc.c
new file mode 100644
index 0000000..545b3b4
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/ifvc.c
@@ -0,0 +1,255 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+struct IfDesc IfDescVc[ MAX_IF ], *IfDescEp = IfDescVc;
+
+/*
+** Builds up a vector with the interface of the machine. Calls to the other functions of 
+** the module will fail if they are called before the vector is build.
+**          
+*/
+void buildIfVc() {
+    struct ifreq IfVc[ sizeof( IfDescVc ) / sizeof( IfDescVc[ 0 ] )  ];
+    struct ifreq *IfEp;
+
+    int Sock;
+
+    if ( (Sock = socket( AF_INET, SOCK_DGRAM, 0 )) < 0 )
+        my_log( LOG_ERR, errno, "RAW socket open" );
+
+    /* get If vector
+     */
+    {
+        struct ifconf IoCtlReq;
+
+        IoCtlReq.ifc_buf = (void *)IfVc;
+        IoCtlReq.ifc_len = sizeof( IfVc );
+
+        if ( ioctl( Sock, SIOCGIFCONF, &IoCtlReq ) < 0 )
+            my_log( LOG_ERR, errno, "ioctl SIOCGIFCONF" );
+
+        IfEp = (void *)((char *)IfVc + IoCtlReq.ifc_len);
+    }
+
+    /* loop over interfaces and copy interface info to IfDescVc
+     */
+    {
+        struct ifreq  *IfPt, *IfNext;
+
+        // Temp keepers of interface params...
+        uint32_t addr, subnet, mask;
+
+        for ( IfPt = IfVc; IfPt < IfEp; IfPt = IfNext ) {
+            struct ifreq IfReq;
+            char FmtBu[ 32 ];
+
+	    IfNext = (struct ifreq *)((char *)&IfPt->ifr_addr +
+#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
+				    IfPt->ifr_addr.sa_len
+#else
+				    sizeof(struct sockaddr_in)
+#endif
+		    );
+	    if (IfNext < IfPt + 1)
+		    IfNext = IfPt + 1;
+
+            strncpy( IfDescEp->Name, IfPt->ifr_name, sizeof( IfDescEp->Name ) );
+
+            // Currently don't set any allowed nets...
+            //IfDescEp->allowednets = NULL;
+
+            // Set the index to -1 by default.
+            IfDescEp->index = -1;
+
+            /* don't retrieve more info for non-IP interfaces
+             */
+            if ( IfPt->ifr_addr.sa_family != AF_INET ) {
+                IfDescEp->InAdr.s_addr = 0;  /* mark as non-IP interface */
+                IfDescEp++;
+                continue;
+            }
+
+            // Get the interface adress...
+            IfDescEp->InAdr = ((struct sockaddr_in *)&IfPt->ifr_addr)->sin_addr;
+            addr = IfDescEp->InAdr.s_addr;
+
+            memcpy( IfReq.ifr_name, IfDescEp->Name, sizeof( IfReq.ifr_name ) );
+            IfReq.ifr_addr.sa_family = AF_INET;
+            ((struct sockaddr_in *)&IfReq.ifr_addr)->sin_addr.s_addr = addr;
+
+            // Get the subnet mask...
+            if (ioctl(Sock, SIOCGIFNETMASK, &IfReq ) < 0)
+                my_log(LOG_ERR, errno, "ioctl SIOCGIFNETMASK for %s", IfReq.ifr_name);
+            mask = ((struct sockaddr_in *)&IfReq.ifr_addr)->sin_addr.s_addr;
+            subnet = addr & mask;
+
+            /* get if flags
+            **
+            ** typical flags:
+            ** lo    0x0049 -> Running, Loopback, Up
+            ** ethx  0x1043 -> Multicast, Running, Broadcast, Up
+            ** ipppx 0x0091 -> NoArp, PointToPoint, Up 
+            ** grex  0x00C1 -> NoArp, Running, Up
+            ** ipipx 0x00C1 -> NoArp, Running, Up
+            */
+            if ( ioctl( Sock, SIOCGIFFLAGS, &IfReq ) < 0 )
+                my_log( LOG_ERR, errno, "ioctl SIOCGIFFLAGS" );
+
+            IfDescEp->Flags = IfReq.ifr_flags;
+
+            // Insert the verified subnet as an allowed net...
+            IfDescEp->allowednets = (struct SubnetList *)malloc(sizeof(struct SubnetList));
+            if(IfDescEp->allowednets == NULL) my_log(LOG_ERR, 0, "Out of memory !");
+            
+            // Create the network address for the IF..
+            IfDescEp->allowednets->next = NULL;
+            IfDescEp->allowednets->subnet_mask = mask;
+            IfDescEp->allowednets->subnet_addr = subnet;
+
+            // Set the default params for the IF...
+            IfDescEp->state         = IF_STATE_DOWNSTREAM;
+            IfDescEp->robustness    = DEFAULT_ROBUSTNESS;
+            IfDescEp->threshold     = DEFAULT_THRESHOLD;   /* ttl limit */
+            IfDescEp->ratelimit     = DEFAULT_RATELIMIT; 
+            
+
+            // Debug log the result...
+            my_log( LOG_DEBUG, 0, "buildIfVc: Interface %s Addr: %s, Flags: 0x%04x, Network: %s",
+                 IfDescEp->Name,
+                 fmtInAdr( FmtBu, IfDescEp->InAdr ),
+                 IfDescEp->Flags,
+                 inetFmts(subnet,mask, s1));
+
+            IfDescEp++;
+        } 
+    }
+
+    close( Sock );
+}
+
+/*
+** Returns a pointer to the IfDesc of the interface 'IfName'
+**
+** returns: - pointer to the IfDesc of the requested interface
+**          - NULL if no interface 'IfName' exists
+**          
+*/
+struct IfDesc *getIfByName( const char *IfName ) {
+    struct IfDesc *Dp;
+
+    for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ )
+        if ( ! strcmp( IfName, Dp->Name ) )
+            return Dp;
+
+    return NULL;
+}
+
+/*
+** Returns a pointer to the IfDesc of the interface 'Ix'
+**
+** returns: - pointer to the IfDesc of the requested interface
+**          - NULL if no interface 'Ix' exists
+**          
+*/
+struct IfDesc *getIfByIx( unsigned Ix ) {
+    struct IfDesc *Dp = &IfDescVc[ Ix ];
+    return Dp < IfDescEp ? Dp : NULL;
+}
+
+/**
+*   Returns a pointer to the IfDesc whose subnet matches
+*   the supplied IP adress. The IP must match a interfaces
+*   subnet, or any configured allowed subnet on a interface.
+*/
+struct IfDesc *getIfByAddress( uint32_t ipaddr ) {
+
+    struct IfDesc       *Dp;
+    struct SubnetList   *currsubnet;
+    struct IfDesc       *res = NULL;
+    uint32_t            last_subnet_mask = 0;
+
+    for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ ) {
+        // Loop through all registered allowed nets of the VIF...
+        for(currsubnet = Dp->allowednets; currsubnet != NULL; currsubnet = currsubnet->next) {
+            // Check if the ip falls in under the subnet....
+            if(currsubnet->subnet_mask > last_subnet_mask && (ipaddr & currsubnet->subnet_mask) == currsubnet->subnet_addr) {
+                res = Dp;
+                last_subnet_mask = currsubnet->subnet_mask;
+            }
+        }
+    }
+    return res;
+}
+
+
+/**
+*   Returns a pointer to the IfDesc whose subnet matches
+*   the supplied IP adress. The IP must match a interfaces
+*   subnet, or any configured allowed subnet on a interface.
+*/
+struct IfDesc *getIfByVifIndex( unsigned vifindex ) {
+    struct IfDesc       *Dp;
+    if(vifindex>0) {
+        for ( Dp = IfDescVc; Dp < IfDescEp; Dp++ ) {
+            if(Dp->index == vifindex) {
+                return Dp;
+            }
+        }
+    }
+    return NULL;
+}
+
+
+/**
+*   Function that checks if a given ipaddress is a valid
+*   address for the supplied VIF.
+*/
+int isAdressValidForIf( struct IfDesc* intrface, uint32_t ipaddr ) {
+    struct SubnetList   *currsubnet;
+    
+    if(intrface == NULL) {
+        return 0;
+    }
+    // Loop through all registered allowed nets of the VIF...
+    for(currsubnet = intrface->allowednets; currsubnet != NULL; currsubnet = currsubnet->next) {
+        // Check if the ip falls in under the subnet....
+        if((ipaddr & currsubnet->subnet_mask) == currsubnet->subnet_addr) {
+            return 1;
+        }
+    }
+    return 0;
+}
+
+
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/ifvc.o b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/ifvc.o
new file mode 100644
index 0000000..33bd40e
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/ifvc.o differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmp.c b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmp.c
new file mode 100644
index 0000000..a0cd27d
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmp.c
@@ -0,0 +1,281 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmp.h - Recieves IGMP requests, and handle them 
+*            appropriately...
+*/
+
+#include "igmpproxy.h"
+ 
+// Globals                  
+uint32_t     allhosts_group;          /* All hosts addr in net order */
+uint32_t     allrouters_group;          /* All hosts addr in net order */
+              
+extern int MRouterFD;
+
+/*
+ * Open and initialize the igmp socket, and fill in the non-changing
+ * IP header fields in the output packet buffer.
+ */
+void initIgmp() {
+    struct ip *ip;
+
+    recv_buf = malloc(RECV_BUF_SIZE);
+    send_buf = malloc(RECV_BUF_SIZE);
+
+    k_hdr_include(true);    /* include IP header when sending */
+    k_set_rcvbuf(256*1024,48*1024); /* lots of input buffering        */
+    k_set_ttl(1);       /* restrict multicasts to one hop */
+    k_set_loop(false);      /* disable multicast loopback     */
+
+    ip         = (struct ip *)send_buf;
+    memset(ip, 0, sizeof(struct ip));
+    /*
+     * Fields zeroed that aren't filled in later:
+     * - IP ID (let the kernel fill it in)
+     * - Offset (we don't send fragments)
+     * - Checksum (let the kernel fill it in)
+     */
+    ip->ip_v   = IPVERSION;
+    ip->ip_hl  = sizeof(struct ip) >> 2;
+    ip->ip_tos = 0xc0;      /* Internet Control */
+    ip->ip_ttl = MAXTTL;    /* applies to unicasts only */
+    ip->ip_p   = IPPROTO_IGMP;
+
+    allhosts_group   = htonl(INADDR_ALLHOSTS_GROUP);
+    allrouters_group = htonl(INADDR_ALLRTRS_GROUP);
+}
+
+/**
+*   Finds the textual name of the supplied IGMP request.
+*/
+char *igmpPacketKind(u_int type, u_int code) {
+    static char unknown[20];
+
+    switch (type) {
+    case IGMP_MEMBERSHIP_QUERY:     return  "Membership query  ";
+    case IGMP_V1_MEMBERSHIP_REPORT:  return "V1 member report  ";
+    case IGMP_V2_MEMBERSHIP_REPORT:  return "V2 member report  ";
+    case IGMP_V2_LEAVE_GROUP:        return "Leave message     ";
+    
+    default:
+        sprintf(unknown, "unk: 0x%02x/0x%02x    ", type, code);
+        return unknown;
+    }
+}
+
+
+/**
+ * Process a newly received IGMP packet that is sitting in the input
+ * packet buffer.
+ */
+void acceptIgmp(int recvlen) {
+    register uint32_t src, dst, group;
+    struct ip *ip;
+    struct igmp *igmp;
+    int ipdatalen, iphdrlen, igmpdatalen;
+
+    if (recvlen < sizeof(struct ip)) {
+        my_log(LOG_WARNING, 0,
+            "received packet too short (%u bytes) for IP header", recvlen);
+        return;
+    }
+
+    ip        = (struct ip *)recv_buf;
+    src       = ip->ip_src.s_addr;
+    dst       = ip->ip_dst.s_addr;
+
+    /* 
+     * this is most likely a message from the kernel indicating that
+     * a new src grp pair message has arrived and so, it would be 
+     * necessary to install a route into the kernel for this.
+     */
+    if (ip->ip_p == 0) {
+        if (src == 0 || dst == 0) {
+            my_log(LOG_WARNING, 0, "kernel request not accurate");
+        }
+        else {
+            struct IfDesc *checkVIF;
+            
+            // Check if the source address matches a valid address on upstream vif.
+            checkVIF = getIfByIx( upStreamVif );
+            if(checkVIF == 0) {
+                my_log(LOG_ERR, 0, "Upstream VIF was null.");
+                return;
+            } 
+            else if(src == checkVIF->InAdr.s_addr) {
+                my_log(LOG_NOTICE, 0, "Route activation request from %s for %s is from myself. Ignoring.",
+                    inetFmt(src, s1), inetFmt(dst, s2));
+                return;
+            }
+            else if(!isAdressValidForIf(checkVIF, src)) {
+                my_log(LOG_WARNING, 0, "The source address %s for group %s, is not in any valid net for upstream VIF.",
+                    inetFmt(src, s1), inetFmt(dst, s2));
+                return;
+            }
+            
+            // Activate the route.
+            my_log(LOG_DEBUG, 0, "Route activate request from %s to %s",
+		    inetFmt(src,s1), inetFmt(dst,s2));
+            activateRoute(dst, src);
+            
+
+        }
+        return;
+    }
+
+    iphdrlen  = ip->ip_hl << 2;
+    ipdatalen = ip_data_len(ip);
+
+    if (iphdrlen + ipdatalen != recvlen) {
+        my_log(LOG_WARNING, 0,
+            "received packet from %s shorter (%u bytes) than hdr+data length (%u+%u)",
+            inetFmt(src, s1), recvlen, iphdrlen, ipdatalen);
+        return;
+    }
+
+    igmp        = (struct igmp *)(recv_buf + iphdrlen);
+    group       = igmp->igmp_group.s_addr;
+    igmpdatalen = ipdatalen - IGMP_MINLEN;
+    if (igmpdatalen < 0) {
+        my_log(LOG_WARNING, 0,
+            "received IP data field too short (%u bytes) for IGMP, from %s",
+            ipdatalen, inetFmt(src, s1));
+        return;
+    }
+
+    my_log(LOG_NOTICE, 0, "RECV %s from %-15s to %s",
+        igmpPacketKind(igmp->igmp_type, igmp->igmp_code),
+        inetFmt(src, s1), inetFmt(dst, s2) );
+
+    switch (igmp->igmp_type) {
+    case IGMP_V1_MEMBERSHIP_REPORT:
+    case IGMP_V2_MEMBERSHIP_REPORT:
+        acceptGroupReport(src, group, igmp->igmp_type);
+        return;
+    
+    case IGMP_V2_LEAVE_GROUP:
+        acceptLeaveMessage(src, group);
+        return;
+    
+    case IGMP_MEMBERSHIP_QUERY:
+        return;
+
+    default:
+        my_log(LOG_INFO, 0,
+            "ignoring unknown IGMP message type %x from %s to %s",
+            igmp->igmp_type, inetFmt(src, s1),
+            inetFmt(dst, s2));
+        return;
+    }
+}
+
+
+/*
+ * Construct an IGMP message in the output packet buffer.  The caller may
+ * have already placed data in that buffer, of length 'datalen'.
+ */
+void buildIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, int datalen) {
+    struct ip *ip;
+    struct igmp *igmp;
+    extern int curttl;
+
+    ip                      = (struct ip *)send_buf;
+    ip->ip_src.s_addr       = src;
+    ip->ip_dst.s_addr       = dst;
+    ip_set_len(ip, MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen);
+
+    if (IN_MULTICAST(ntohl(dst))) {
+        ip->ip_ttl = curttl;
+    } else {
+        ip->ip_ttl = MAXTTL;
+    }
+
+    igmp                    = (struct igmp *)(send_buf + MIN_IP_HEADER_LEN);
+    igmp->igmp_type         = type;
+    igmp->igmp_code         = code;
+    igmp->igmp_group.s_addr = group;
+    igmp->igmp_cksum        = 0;
+    igmp->igmp_cksum        = inetChksum((u_short *)igmp,
+                                         IGMP_MINLEN + datalen);
+}
+
+/* 
+ * Call build_igmp() to build an IGMP message in the output packet buffer.
+ * Then send the message from the interface with IP address 'src' to
+ * destination 'dst'.
+ */
+void sendIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, int datalen) {
+    struct sockaddr_in sdst;
+    int setloop = 0, setigmpsource = 0;
+
+    buildIgmp(src, dst, type, code, group, datalen);
+
+    if (IN_MULTICAST(ntohl(dst))) {
+        k_set_if(src);
+        setigmpsource = 1;
+        if (type != IGMP_DVMRP || dst == allhosts_group) {
+            setloop = 1;
+            k_set_loop(true);
+        }
+    }
+
+    memset(&sdst, 0, sizeof(sdst));
+    sdst.sin_family = AF_INET;
+#ifdef HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
+    sdst.sin_len = sizeof(sdst);
+#endif
+    sdst.sin_addr.s_addr = dst;
+    if (sendto(MRouterFD, send_buf,
+               MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen, 0,
+               (struct sockaddr *)&sdst, sizeof(sdst)) < 0) {
+        if (errno == ENETDOWN)
+            my_log(LOG_ERR, errno, "Sender VIF was down.");
+        else
+            my_log(LOG_INFO, errno,
+                "sendto to %s on %s",
+                inetFmt(dst, s1), inetFmt(src, s2));
+    }
+
+    if(setigmpsource) {
+        if (setloop) {
+            k_set_loop(false);
+        }
+        // Restore original...
+        k_set_if(INADDR_ANY);
+    }
+
+    my_log(LOG_DEBUG, 0, "SENT %s from %-15s to %s",
+	    igmpPacketKind(type, code), src == INADDR_ANY ? "INADDR_ANY" :
+	    inetFmt(src, s1), inetFmt(dst, s2));
+}
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmp.o b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmp.o
new file mode 100644
index 0000000..3320ba5
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmp.o differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmpproxy b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmpproxy
new file mode 100755
index 0000000..c81fa83
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmpproxy differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c
new file mode 100644
index 0000000..1ece15a
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.c
@@ -0,0 +1,357 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmpproxy.c - The main file for the IGMP proxy application.
+*
+*   February 2005 - Johnny Egeland
+*/
+
+#include "igmpproxy.h"
+
+static const char Usage[] = 
+"Usage: igmpproxy [-h] [-d] [-v [-v]] <configfile>\n"
+"\n" 
+"   -h   Display this help screen\n"
+"   -d   Run in debug mode. Output all messages on stderr\n"
+"   -v   Be verbose. Give twice to see even debug messages.\n"
+"\n"
+PACKAGE_STRING "\n"
+;
+
+// Local function Prototypes
+static void signalHandler(int);
+int     igmpProxyInit();
+void    igmpProxyCleanUp();
+void    igmpProxyRun();
+
+// Global vars...
+static int sighandled = 0;
+#define	GOT_SIGINT	0x01
+#define	GOT_SIGHUP	0x02
+#define	GOT_SIGUSR1	0x04
+#define	GOT_SIGUSR2	0x08
+
+// The upstream VIF index
+int         upStreamVif;   
+
+/**
+*   Program main method. Is invoked when the program is started
+*   on commandline. The number of commandline arguments, and a
+*   pointer to the arguments are recieved on the line...
+*/    
+int main( int ArgCn, char *ArgVc[] ) {
+
+    // Parse the commandline options and setup basic settings..
+    for (int c; (c = getopt(ArgCn, ArgVc, "vdh")) != -1;) {
+        switch (c) {
+        case 'd':
+            Log2Stderr = true;
+            break;
+        case 'v':
+            if (LogLevel == LOG_INFO)
+                LogLevel = LOG_DEBUG;
+            else
+                LogLevel = LOG_INFO;
+            break;
+        case 'h':
+            fputs(Usage, stderr);
+            exit(0);
+            break;
+        default:
+            exit(1);
+            break;
+        }
+    }
+
+    if (optind != ArgCn - 1) {
+	fputs("You must specify the configuration file.\n", stderr);
+	exit(1);
+    }
+    char *configFilePath = ArgVc[optind];
+
+    // Chech that we are root
+    if (geteuid() != 0) {
+       fprintf(stderr, "igmpproxy: must be root\n");
+       exit(1);
+    }
+
+    openlog("igmpproxy", LOG_PID, LOG_USER);
+
+    // Write debug notice with file path...
+    my_log(LOG_DEBUG, 0, "Searching for config file at '%s'" , configFilePath);
+
+    do {
+
+        // Loads the config file...
+        if( ! loadConfig( configFilePath ) ) {
+            my_log(LOG_ERR, 0, "Unable to load config file...");
+            break;
+        }
+    
+        // Initializes the deamon.
+        if ( !igmpProxyInit() ) {
+            my_log(LOG_ERR, 0, "Unable to initialize IGMPproxy.");
+            break;
+        }
+
+        // Go to the main loop.
+        igmpProxyRun();
+    
+        // Clean up
+        igmpProxyCleanUp();
+
+    } while ( false );
+
+    // Inform that we are exiting.
+    my_log(LOG_INFO, 0, "Shutdown complete....");
+
+    exit(0);
+}
+
+
+
+/**
+*   Handles the initial startup of the daemon.
+*/
+int igmpProxyInit() {
+    struct sigaction sa;
+    int Err;
+
+
+    sa.sa_handler = signalHandler;
+    sa.sa_flags = 0;    /* Interrupt system calls */
+    sigemptyset(&sa.sa_mask);
+    sigaction(SIGTERM, &sa, NULL);
+    sigaction(SIGINT, &sa, NULL);
+
+    // Loads configuration for Physical interfaces...
+    buildIfVc();    
+    
+    // Configures IF states and settings
+    configureVifs();
+
+    switch ( Err = enableMRouter() ) {
+    case 0: break;
+    case EADDRINUSE: my_log( LOG_ERR, EADDRINUSE, "MC-Router API already in use" ); break;
+    default: my_log( LOG_ERR, Err, "MRT_INIT failed" );
+    }
+
+    /* create VIFs for all IP, non-loop interfaces
+     */
+    {
+        unsigned Ix;
+        struct IfDesc *Dp;
+        int     vifcount = 0;
+        upStreamVif = -1;
+
+        for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+
+            if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+                if(Dp->state == IF_STATE_UPSTREAM) {
+                    if(upStreamVif == -1) {
+                        upStreamVif = Ix;
+                    } else {
+                        my_log(LOG_ERR, 0, "Vif #%d was already upstream. Cannot set VIF #%d as upstream as well.",
+                            upStreamVif, Ix);
+                    }
+                }
+
+                addVIF( Dp );
+                vifcount++;
+            }
+        }
+
+        // If there is only one VIF, or no defined upstream VIF, we send an error.
+        if(vifcount < 2 || upStreamVif < 0) {
+            my_log(LOG_ERR, 0, "There must be at least 2 Vif's where one is upstream.");
+        }
+    }  
+    
+    // Initialize IGMP
+    initIgmp();
+    // Initialize Routing table
+    initRouteTable();
+    // Initialize timer
+    callout_init();
+
+
+    return 1;
+}
+
+/**
+*   Clean up all on exit...
+*/
+void igmpProxyCleanUp() {
+
+    my_log( LOG_DEBUG, 0, "clean handler called" );
+    
+    free_all_callouts();    // No more timeouts.
+    clearAllRoutes();       // Remove all routes.
+    disableMRouter();       // Disable the multirout API
+
+}
+
+/**
+*   Main daemon loop.
+*/
+void igmpProxyRun() {
+    // Get the config.
+    //struct Config *config = getCommonConfig();
+    // Set some needed values.
+    register int recvlen;
+    int     MaxFD, Rt, secs;
+    fd_set  ReadFDS;
+    socklen_t dummy = 0;
+    struct  timeval  curtime, lasttime, difftime, tv; 
+    // The timeout is a pointer in order to set it to NULL if nessecary.
+    struct  timeval  *timeout = &tv;
+
+    // Initialize timer vars
+    difftime.tv_usec = 0;
+    gettimeofday(&curtime, NULL);
+    lasttime = curtime;
+
+    // First thing we send a membership query in downstream VIF's...
+    sendGeneralMembershipQuery();
+
+    // Loop until the end...
+    for (;;) {
+
+        // Process signaling...
+        if (sighandled) {
+            if (sighandled & GOT_SIGINT) {
+                sighandled &= ~GOT_SIGINT;
+                my_log(LOG_NOTICE, 0, "Got a interupt signal. Exiting.");
+                break;
+            }
+        }
+
+        // Prepare timeout...
+        secs = timer_nextTimer();
+        if(secs == -1) {
+            timeout = NULL;
+        } else {
+            timeout->tv_usec = 0;
+            timeout->tv_sec = secs;
+        }
+
+        // Prepare for select.
+        MaxFD = MRouterFD;
+
+        FD_ZERO( &ReadFDS );
+        FD_SET( MRouterFD, &ReadFDS );
+
+        // wait for input
+        Rt = select( MaxFD +1, &ReadFDS, NULL, NULL, timeout );
+
+        // log and ignore failures
+        if( Rt < 0 ) {
+            my_log( LOG_WARNING, errno, "select() failure" );
+            continue;
+        }
+        else if( Rt > 0 ) {
+
+            // Read IGMP request, and handle it...
+            if( FD_ISSET( MRouterFD, &ReadFDS ) ) {
+    
+                recvlen = recvfrom(MRouterFD, recv_buf, RECV_BUF_SIZE,
+                                   0, NULL, &dummy);
+                if (recvlen < 0) {
+                    if (errno != EINTR) my_log(LOG_ERR, errno, "recvfrom");
+                    continue;
+                }
+                
+
+                acceptIgmp(recvlen);
+            }
+        }
+
+        // At this point, we can handle timeouts...
+        do {
+            /*
+             * If the select timed out, then there's no other
+             * activity to account for and we don't need to
+             * call gettimeofday.
+             */
+            if (Rt == 0) {
+                curtime.tv_sec = lasttime.tv_sec + secs;
+                curtime.tv_usec = lasttime.tv_usec;
+                Rt = -1; /* don't do this next time through the loop */
+            } else {
+                gettimeofday(&curtime, NULL);
+            }
+            difftime.tv_sec = curtime.tv_sec - lasttime.tv_sec;
+            difftime.tv_usec += curtime.tv_usec - lasttime.tv_usec;
+            while (difftime.tv_usec > 1000000) {
+                difftime.tv_sec++;
+                difftime.tv_usec -= 1000000;
+            }
+            if (difftime.tv_usec < 0) {
+                difftime.tv_sec--;
+                difftime.tv_usec += 1000000;
+            }
+            lasttime = curtime;
+            if (secs == 0 || difftime.tv_sec > 0)
+                age_callout_queue(difftime.tv_sec);
+            secs = -1;
+        } while (difftime.tv_sec > 0);
+
+    }
+
+}
+
+/*
+ * Signal handler.  Take note of the fact that the signal arrived
+ * so that the main loop can take care of it.
+ */
+static void signalHandler(int sig) {
+    switch (sig) {
+    case SIGINT:
+    case SIGTERM:
+        sighandled |= GOT_SIGINT;
+        break;
+        /* XXX: Not in use.
+        case SIGHUP:
+            sighandled |= GOT_SIGHUP;
+            break;
+    
+        case SIGUSR1:
+            sighandled |= GOT_SIGUSR1;
+            break;
+    
+        case SIGUSR2:
+            sighandled |= GOT_SIGUSR2;
+            break;
+        */
+    }
+}
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h
new file mode 100644
index 0000000..4dabd1c
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.h
@@ -0,0 +1,279 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   igmpproxy.h - Header file for common includes.
+*/
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <signal.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <stdbool.h>
+
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/time.h>
+#include <sys/ioctl.h>
+#include <sys/param.h>
+
+#include <net/if.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include "os.h"
+#include "config.h"
+
+/*
+ * Limit on length of route data
+ */
+#define MAX_IP_PACKET_LEN	576
+#define MIN_IP_HEADER_LEN	20
+#define MAX_IP_HEADER_LEN	60
+
+#define MAX_MC_VIFS    32     // !!! check this const in the specific includes
+
+// Useful macros..          
+#define VCMC( Vc )  (sizeof( Vc ) / sizeof( (Vc)[ 0 ] ))
+#define VCEP( Vc )  (&(Vc)[ VCMC( Vc ) ])
+
+// Bit manipulation macros...
+#define BIT_ZERO(X)      ((X) = 0)
+#define BIT_SET(X,n)     ((X) |= 1 << (n))
+#define BIT_CLR(X,n)     ((X) &= ~(1 << (n)))
+#define BIT_TST(X,n)     ((X) & 1 << (n))
+
+
+//#################################################################################
+//  Globals
+//#################################################################################
+
+/*
+ * External declarations for global variables and functions.
+ */
+#define RECV_BUF_SIZE 8192
+extern char     *recv_buf;
+extern char     *send_buf;
+
+extern char     s1[];
+extern char     s2[];
+extern char		s3[];
+extern char		s4[];
+
+
+
+//#################################################################################
+//  Lib function prototypes.
+//#################################################################################
+
+/* syslog.c
+ */
+extern bool Log2Stderr;           // Log to stderr instead of to syslog
+extern int  LogLevel;             // Log threshold, LOG_WARNING .... LOG_DEBUG 
+
+void my_log( int Serverity, int Errno, const char *FmtSt, ... );
+
+/* ifvc.c
+ */
+#define MAX_IF         40     // max. number of interfaces recognized 
+
+// Interface states
+#define IF_STATE_DISABLED      0   // Interface should be ignored.
+#define IF_STATE_UPSTREAM      1   // Interface is the upstream interface
+#define IF_STATE_DOWNSTREAM    2   // Interface is a downstream interface
+
+// Multicast default values...
+#define DEFAULT_ROBUSTNESS     2
+#define DEFAULT_THRESHOLD      1
+#define DEFAULT_RATELIMIT      0
+
+// Define timer constants (in seconds...)
+#define INTERVAL_QUERY          125
+#define INTERVAL_QUERY_RESPONSE  10
+//#define INTERVAL_QUERY_RESPONSE  10
+
+#define ROUTESTATE_NOTJOINED            0   // The group corresponding to route is not joined
+#define ROUTESTATE_JOINED               1   // The group corresponding to route is joined
+#define ROUTESTATE_CHECK_LAST_MEMBER    2   // The router is checking for hosts
+
+
+
+// Linked list of networks... 
+struct SubnetList {
+    uint32_t              subnet_addr;
+    uint32_t              subnet_mask;
+    struct SubnetList*  next;
+};
+
+struct IfDesc {
+    char                Name[IF_NAMESIZE];
+    struct in_addr      InAdr;          /* == 0 for non IP interfaces */            
+    short               Flags;
+    short               state;
+    struct SubnetList*  allowednets;
+    unsigned int        robustness;
+    unsigned char       threshold;   /* ttl limit */
+    unsigned int        ratelimit; 
+    unsigned int        index;
+};
+
+// Keeps common configuration settings 
+struct Config {
+    unsigned int        robustnessValue;
+    unsigned int        queryInterval;
+    unsigned int        queryResponseInterval;
+    // Used on startup..
+    unsigned int        startupQueryInterval;
+    unsigned int        startupQueryCount;
+    // Last member probe...
+    unsigned int        lastMemberQueryInterval;
+    unsigned int        lastMemberQueryCount;
+    // Set if upstream leave messages should be sent instantly..
+    unsigned short      fastUpstreamLeave;
+};
+
+// Defines the Index of the upstream VIF...
+extern int upStreamVif;
+
+/* ifvc.c
+ */
+void buildIfVc( void );
+struct IfDesc *getIfByName( const char *IfName );
+struct IfDesc *getIfByIx( unsigned Ix );
+struct IfDesc *getIfByAddress( uint32_t Ix );
+int isAdressValidForIf(struct IfDesc* intrface, uint32_t ipaddr);
+
+/* mroute-api.c
+ */
+struct MRouteDesc {
+    struct in_addr  OriginAdr, McAdr;
+    short           InVif;
+    uint8_t           TtlVc[ MAX_MC_VIFS ];
+};
+
+// IGMP socket as interface for the mrouted API
+// - receives the IGMP messages
+extern int MRouterFD;
+
+int enableMRouter( void );
+void disableMRouter( void );
+void addVIF( struct IfDesc *Dp );
+int addMRoute( struct MRouteDesc * Dp );
+int delMRoute( struct MRouteDesc * Dp );
+int getVifIx( struct IfDesc *IfDp );
+
+/* config.c
+ */
+int loadConfig(char *configFile);
+void configureVifs();
+struct Config *getCommonConfig();
+
+/* igmp.c
+*/
+extern uint32_t allhosts_group;
+extern uint32_t allrouters_group;
+void initIgmp(void);
+void acceptIgmp(int);
+void sendIgmp (uint32_t, uint32_t, int, int, uint32_t,int);
+
+/* lib.c
+ */
+char   *fmtInAdr( char *St, struct in_addr InAdr );
+char   *inetFmt(uint32_t addr, char *s);
+char   *inetFmts(uint32_t addr, uint32_t mask, char *s);
+uint16_t inetChksum(uint16_t *addr, int len);
+
+/* kern.c
+ */
+void k_set_rcvbuf(int bufsize, int minsize);
+void k_hdr_include(int hdrincl);
+void k_set_ttl(int t);
+void k_set_loop(int l);
+void k_set_if(uint32_t ifa);
+/*
+void k_join(uint32_t grp, uint32_t ifa);
+void k_leave(uint32_t grp, uint32_t ifa);
+*/
+
+/* udpsock.c
+ */
+int openUdpSocket( uint32_t PeerInAdr, uint16_t PeerPort );
+
+/* mcgroup.c
+ */
+int joinMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr );
+int leaveMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr );
+
+
+/* rttable.c
+ */
+void initRouteTable();
+void clearAllRoutes();
+int insertRoute(uint32_t group, int ifx);
+int activateRoute(uint32_t group, uint32_t originAddr);
+void ageActiveRoutes();
+void setRouteLastMemberMode(uint32_t group);
+int lastMemberGroupAge(uint32_t group);
+
+/* request.c
+ */
+void acceptGroupReport(uint32_t src, uint32_t group, uint8_t type);
+void acceptLeaveMessage(uint32_t src, uint32_t group);
+void sendGeneralMembershipQuery();
+
+/* callout.c 
+*/
+typedef void (*timer_f)(void *);
+
+void callout_init();
+void free_all_callouts();
+void age_callout_queue(int);
+int timer_nextTimer();
+int timer_setTimer(int, timer_f, void *);
+int timer_clearTimer(int);
+int timer_leftTimer(int);
+
+/* confread.c
+ */
+#define MAX_TOKEN_LENGTH    30
+
+int openConfigFile(char *filename);
+void closeConfigFile();
+char* nextConfigToken();
+char* getCurrentConfigToken();
+
+
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o
new file mode 100644
index 0000000..f7f42f4
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/igmpproxy.o differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/kern.c b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/kern.c
new file mode 100644
index 0000000..2055636
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/kern.c
@@ -0,0 +1,140 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+
+#include "igmpproxy.h"
+
+int curttl = 0;
+
+void k_set_rcvbuf(int bufsize, int minsize) {
+    int delta = bufsize / 2;
+    int iter = 0;
+
+    /*
+     * Set the socket buffer.  If we can't set it as large as we
+     * want, search around to try to find the highest acceptable
+     * value.  The highest acceptable value being smaller than
+     * minsize is a fatal error.
+     */
+    if (setsockopt(MRouterFD, SOL_SOCKET, SO_RCVBUF,
+                   (char *)&bufsize, sizeof(bufsize)) < 0) {
+        bufsize -= delta;
+        while (1) {
+            iter++;
+            if (delta > 1)
+                delta /= 2;
+
+            if (setsockopt(MRouterFD, SOL_SOCKET, SO_RCVBUF,
+                           (char *)&bufsize, sizeof(bufsize)) < 0) {
+                bufsize -= delta;
+            } else {
+                if (delta < 1024)
+                    break;
+                bufsize += delta;
+            }
+        }
+        if (bufsize < minsize) {
+            my_log(LOG_ERR, 0, "OS-allowed buffer size %u < app min %u",
+                bufsize, minsize);
+            /*NOTREACHED*/
+        }
+    }
+    my_log(LOG_DEBUG, 0, "Got %d byte buffer size in %d iterations", bufsize, iter);
+}
+
+
+void k_hdr_include(int hdrincl) {
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_HDRINCL,
+                   (char *)&hdrincl, sizeof(hdrincl)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_HDRINCL %u", hdrincl);
+}
+
+
+void k_set_ttl(int t) {
+#ifndef RAW_OUTPUT_IS_RAW
+    u_char ttl;
+
+    ttl = t;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_TTL,
+                   (char *)&ttl, sizeof(ttl)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_TTL %u", ttl);
+#endif
+    curttl = t;
+}
+
+
+void k_set_loop(int l) {
+    u_char loop;
+
+    loop = l;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_LOOP,
+                   (char *)&loop, sizeof(loop)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_LOOP %u", loop);
+}
+
+void k_set_if(uint32_t ifa) {
+    struct in_addr adr;
+
+    adr.s_addr = ifa;
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_MULTICAST_IF,
+                   (char *)&adr, sizeof(adr)) < 0)
+        my_log(LOG_ERR, errno, "setsockopt IP_MULTICAST_IF %s",
+            inetFmt(ifa, s1));
+}
+
+/*
+void k_join(uint32_t grp, uint32_t ifa) {
+    struct ip_mreq mreq;
+
+    mreq.imr_multiaddr.s_addr = grp;
+    mreq.imr_interface.s_addr = ifa;
+
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_ADD_MEMBERSHIP,
+                   (char *)&mreq, sizeof(mreq)) < 0)
+        my_log(LOG_WARNING, errno, "can't join group %s on interface %s",
+            inetFmt(grp, s1), inetFmt(ifa, s2));
+}
+
+
+void k_leave(uint32_t grp, uint32_t ifa) {
+    struct ip_mreq mreq;
+
+    mreq.imr_multiaddr.s_addr = grp;
+    mreq.imr_interface.s_addr = ifa;
+
+    if (setsockopt(MRouterFD, IPPROTO_IP, IP_DROP_MEMBERSHIP,
+                   (char *)&mreq, sizeof(mreq)) < 0)
+        my_log(LOG_WARNING, errno, "can't leave group %s on interface %s",
+            inetFmt(grp, s1), inetFmt(ifa, s2));
+}
+*/
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/kern.o b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/kern.o
new file mode 100644
index 0000000..09f1de3
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/kern.o differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/lib.c b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/lib.c
new file mode 100644
index 0000000..70a730a
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/lib.c
@@ -0,0 +1,148 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+/*
+ * Exported variables.
+ */
+char s1[19];        /* buffers to hold the string representations  */
+char s2[19];        /* of IP addresses, to be passed to inet_fmt() */
+char s3[19];        /* or inet_fmts().                             */
+char s4[19];
+            
+/*
+** Formats 'InAdr' into a dotted decimal string. 
+**
+** returns: - pointer to 'St'
+**          
+*/
+char *fmtInAdr( char *St, struct in_addr InAdr ) {
+    sprintf( St, "%u.%u.%u.%u", 
+             ((uint8_t *)&InAdr.s_addr)[ 0 ],
+             ((uint8_t *)&InAdr.s_addr)[ 1 ],
+             ((uint8_t *)&InAdr.s_addr)[ 2 ],
+             ((uint8_t *)&InAdr.s_addr)[ 3 ] );
+
+    return St;
+}
+
+/*
+ * Convert an IP address in u_long (network) format into a printable string.
+ */
+char *inetFmt(uint32_t addr, char *s) {
+    register u_char *a;
+
+    a = (u_char *)&addr;
+    sprintf(s, "%u.%u.%u.%u", a[0], a[1], a[2], a[3]);
+    return(s);
+}
+
+
+/*
+ * Convert an IP subnet number in u_long (network) format into a printable
+ * string including the netmask as a number of bits.
+ */
+char *inetFmts(uint32_t addr, uint32_t mask, char *s) {
+    register u_char *a, *m;
+    int bits;
+
+    if ((addr == 0) && (mask == 0)) {
+        sprintf(s, "default");
+        return(s);
+    }
+    a = (u_char *)&addr;
+    m = (u_char *)&mask;
+    bits = 33 - ffs(ntohl(mask));
+
+    if (m[3] != 0) sprintf(s, "%u.%u.%u.%u/%d", a[0], a[1], a[2], a[3],
+                           bits);
+    else if (m[2] != 0) sprintf(s, "%u.%u.%u/%d",    a[0], a[1], a[2], bits);
+    else if (m[1] != 0) sprintf(s, "%u.%u/%d",       a[0], a[1], bits);
+    else                sprintf(s, "%u/%d",          a[0], bits);
+
+    return(s);
+}
+
+/*
+ * inet_cksum extracted from:
+ *			P I N G . C
+ *
+ * Author -
+ *	Mike Muuss
+ *	U. S. Army Ballistic Research Laboratory
+ *	December, 1983
+ * Modified at Uc Berkeley
+ *
+ * (ping.c) Status -
+ *	Public Domain.  Distribution Unlimited.
+ *
+ *			I N _ C K S U M
+ *
+ * Checksum routine for Internet Protocol family headers (C Version)
+ *
+ */
+uint16_t inetChksum(uint16_t *addr, int len) {
+    register int nleft = len;
+    register uint16_t *w = addr;
+    uint16_t answer = 0;
+    register int32_t sum = 0;
+
+    /*
+     *  Our algorithm is simple, using a 32 bit accumulator (sum),
+     *  we add sequential 16 bit words to it, and at the end, fold
+     *  back all the carry bits from the top 16 bits into the lower
+     *  16 bits.
+     */
+    while (nleft > 1) {
+        sum += *w++;
+        nleft -= 2;
+    }
+
+    /* mop up an odd byte, if necessary */
+    if (nleft == 1) {
+        *(uint8_t *) (&answer) = *(uint8_t *)w ;
+        sum += answer;
+    }
+
+    /*
+     * add back carry outs from top 16 bits to low 16 bits
+     */
+    sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
+    sum += (sum >> 16);         /* add carry */
+    answer = ~sum;              /* truncate to 16 bits */
+    return(answer);
+}
+
+
+
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/lib.o b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/lib.o
new file mode 100644
index 0000000..22f3c01
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/lib.o differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c
new file mode 100644
index 0000000..e657c22
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/mcgroup.c
@@ -0,0 +1,86 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   mcgroup contains functions for joining and leaving multicast groups.
+*
+*/
+
+#include "igmpproxy.h"
+       
+
+/**
+*   Common function for joining or leaving a MCast group.
+*/
+static int joinleave( int Cmd, int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    struct ip_mreq CtlReq;
+    const char *CmdSt = Cmd == 'j' ? "join" : "leave";
+    
+    memset(&CtlReq, 0, sizeof(CtlReq));
+    CtlReq.imr_multiaddr.s_addr = mcastaddr;
+    CtlReq.imr_interface.s_addr = IfDp->InAdr.s_addr;
+    
+    {
+        my_log( LOG_NOTICE, 0, "%sMcGroup: %s on %s", CmdSt, 
+            inetFmt( mcastaddr, s1 ), IfDp ? IfDp->Name : "<any>" );
+    }
+    
+    if( setsockopt( UdpSock, IPPROTO_IP, 
+          Cmd == 'j' ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP, 
+          (void *)&CtlReq, sizeof( CtlReq ) ) ) 
+    {
+        my_log( LOG_WARNING, errno, "MRT_%s_MEMBERSHIP failed", Cmd == 'j' ? "ADD" : "DROP" );
+        return 1;
+    }
+    
+    return 0;
+}
+
+/**
+*   Joins the MC group with the address 'McAdr' on the interface 'IfName'. 
+*   The join is bound to the UDP socket 'UdpSock', so if this socket is 
+*   closed the membership is dropped.
+*          
+*   @return 0 if the function succeeds, 1 if parameters are wrong or the join fails
+*/
+int joinMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    return joinleave( 'j', UdpSock, IfDp, mcastaddr );
+}
+
+/**
+*   Leaves the MC group with the address 'McAdr' on the interface 'IfName'. 
+*          
+*   @return 0 if the function succeeds, 1 if parameters are wrong or the join fails
+*/
+int leaveMcGroup( int UdpSock, struct IfDesc *IfDp, uint32_t mcastaddr ) {
+    return joinleave( 'l', UdpSock, IfDp, mcastaddr );
+}
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o
new file mode 100644
index 0000000..2fdb2f9
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/mcgroup.o differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c
new file mode 100644
index 0000000..7c2be3e
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/mroute-api.c
@@ -0,0 +1,242 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   mroute-api.c
+*
+*   This module contains the interface routines to the Linux mrouted API
+*/
+
+
+#include "igmpproxy.h"
+
+// MAX_MC_VIFS from mclab.h must have same value as MAXVIFS from mroute.h
+#if MAX_MC_VIFS != MAXVIFS
+# error "constants don't match, correct mclab.h"
+#endif
+     
+// need an IGMP socket as interface for the mrouted API
+// - receives the IGMP messages
+int         MRouterFD;        /* socket for all network I/O  */
+char        *recv_buf;           /* input packet buffer         */
+char        *send_buf;           /* output packet buffer        */
+
+
+// my internal virtual interfaces descriptor vector  
+static struct VifDesc {
+    struct IfDesc *IfDp;
+} VifDescVc[ MAXVIFS ];
+
+
+
+/*
+** Initialises the mrouted API and locks it by this exclusively.
+**     
+** returns: - 0 if the functions succeeds     
+**          - the errno value for non-fatal failure condition
+*/
+int enableMRouter()
+{
+    int Va = 1;
+
+    if ( (MRouterFD  = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP)) < 0 )
+        my_log( LOG_ERR, errno, "IGMP socket open" );
+
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_INIT, 
+                     (void *)&Va, sizeof( Va ) ) )
+        return errno;
+
+    return 0;
+}
+
+/*
+** Diables the mrouted API and relases by this the lock.
+**          
+*/
+void disableMRouter()
+{
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_DONE, NULL, 0 ) 
+         || close( MRouterFD )
+       ) {
+        MRouterFD = 0;
+        my_log( LOG_ERR, errno, "MRT_DONE/close" );
+    }
+
+    MRouterFD = 0;
+}
+
+/*
+** Adds the interface '*IfDp' as virtual interface to the mrouted API
+** 
+*/
+void addVIF( struct IfDesc *IfDp )
+{
+    struct vifctl VifCtl;
+    struct VifDesc *VifDp;
+
+    /* search free VifDesc
+     */
+    for ( VifDp = VifDescVc; VifDp < VCEP( VifDescVc ); VifDp++ ) {
+        if ( ! VifDp->IfDp )
+            break;
+    }
+
+    /* no more space
+     */
+    if ( VifDp >= VCEP( VifDescVc ) )
+        my_log( LOG_ERR, ENOMEM, "addVIF, out of VIF space" );
+
+    VifDp->IfDp = IfDp;
+
+    VifCtl.vifc_vifi  = VifDp - VifDescVc; 
+    VifCtl.vifc_flags = 0;        /* no tunnel, no source routing, register ? */
+    VifCtl.vifc_threshold  = VifDp->IfDp->threshold;    // Packet TTL must be at least 1 to pass them
+    VifCtl.vifc_rate_limit = VifDp->IfDp->ratelimit;    // Ratelimit
+
+    VifCtl.vifc_lcl_addr.s_addr = VifDp->IfDp->InAdr.s_addr;
+    VifCtl.vifc_rmt_addr.s_addr = INADDR_ANY;
+
+    // Set the index...
+    VifDp->IfDp->index = VifCtl.vifc_vifi;
+
+    my_log( LOG_NOTICE, 0, "adding VIF, Ix %d Fl 0x%x IP 0x%08x %s, Threshold: %d, Ratelimit: %d", 
+         VifCtl.vifc_vifi, VifCtl.vifc_flags,  VifCtl.vifc_lcl_addr.s_addr, VifDp->IfDp->Name,
+         VifCtl.vifc_threshold, VifCtl.vifc_rate_limit);
+
+    struct SubnetList *currSubnet;
+    for(currSubnet = IfDp->allowednets; currSubnet; currSubnet = currSubnet->next) {
+	my_log(LOG_DEBUG, 0, "        Network for [%s] : %s",
+	    IfDp->Name,
+	    inetFmts(currSubnet->subnet_addr, currSubnet->subnet_mask, s1));
+    }
+
+    if ( setsockopt( MRouterFD, IPPROTO_IP, MRT_ADD_VIF, 
+                     (char *)&VifCtl, sizeof( VifCtl ) ) )
+        my_log( LOG_ERR, errno, "MRT_ADD_VIF" );
+
+}
+
+/*
+** Adds the multicast routed '*Dp' to the kernel routes
+**
+** returns: - 0 if the function succeeds
+**          - the errno value for non-fatal failure condition
+*/
+int addMRoute( struct MRouteDesc *Dp )
+{
+    struct mfcctl CtlReq;
+    int rc;
+
+    CtlReq.mfcc_origin    = Dp->OriginAdr;
+    CtlReq.mfcc_mcastgrp  = Dp->McAdr;
+    CtlReq.mfcc_parent    = Dp->InVif;
+
+    /* copy the TTL vector
+     */
+
+    memcpy( CtlReq.mfcc_ttls, Dp->TtlVc, sizeof( CtlReq.mfcc_ttls ) );
+
+    {
+        char FmtBuO[ 32 ], FmtBuM[ 32 ];
+
+        my_log( LOG_NOTICE, 0, "Adding MFC: %s -> %s, InpVIf: %d", 
+             fmtInAdr( FmtBuO, CtlReq.mfcc_origin ), 
+             fmtInAdr( FmtBuM, CtlReq.mfcc_mcastgrp ),
+             (int)CtlReq.mfcc_parent
+           );
+    }
+
+    rc = setsockopt( MRouterFD, IPPROTO_IP, MRT_ADD_MFC,
+		    (void *)&CtlReq, sizeof( CtlReq ) );
+    if (rc)
+        my_log( LOG_WARNING, errno, "MRT_ADD_MFC" );
+
+    return rc;
+}
+
+/*
+** Removes the multicast routed '*Dp' from the kernel routes
+**
+** returns: - 0 if the function succeeds
+**          - the errno value for non-fatal failure condition
+*/
+int delMRoute( struct MRouteDesc *Dp )
+{
+    struct mfcctl CtlReq;
+    int rc;
+
+    CtlReq.mfcc_origin    = Dp->OriginAdr;
+    CtlReq.mfcc_mcastgrp  = Dp->McAdr;
+    CtlReq.mfcc_parent    = Dp->InVif;
+
+    /* clear the TTL vector
+     */
+    memset( CtlReq.mfcc_ttls, 0, sizeof( CtlReq.mfcc_ttls ) );
+
+    {
+        char FmtBuO[ 32 ], FmtBuM[ 32 ];
+
+        my_log( LOG_NOTICE, 0, "Removing MFC: %s -> %s, InpVIf: %d", 
+             fmtInAdr( FmtBuO, CtlReq.mfcc_origin ), 
+             fmtInAdr( FmtBuM, CtlReq.mfcc_mcastgrp ),
+             (int)CtlReq.mfcc_parent
+           );
+    }
+
+    rc = setsockopt( MRouterFD, IPPROTO_IP, MRT_DEL_MFC,
+		    (void *)&CtlReq, sizeof( CtlReq ) );
+    if (rc)
+        my_log( LOG_WARNING, errno, "MRT_DEL_MFC" );
+
+    return rc;
+}
+
+/*
+** Returns for the virtual interface index for '*IfDp'
+**
+** returns: - the vitrual interface index if the interface is registered
+**          - -1 if no virtual interface exists for the interface 
+**          
+*/
+int getVifIx( struct IfDesc *IfDp )
+{
+    struct VifDesc *Dp;
+
+    for ( Dp = VifDescVc; Dp < VCEP( VifDescVc ); Dp++ )
+        if ( Dp->IfDp == IfDp )
+            return Dp - VifDescVc;
+
+    return -1;
+}
+
+
+
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o
new file mode 100644
index 0000000..d9b483e
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/mroute-api.o differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h
new file mode 100644
index 0000000..735401c
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os-dragonfly.h
@@ -0,0 +1,14 @@
+#include <net/route.h>
+#include <net/ip_mroute/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h
new file mode 100644
index 0000000..ca01cc5
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os-freebsd.h
@@ -0,0 +1,23 @@
+#include <net/route.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#if __FreeBSD_version >= 800069 && defined BURN_BRIDGES \
+	|| __FreeBSD_version >= 800098
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+#endif
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os-linux.h b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os-linux.h
new file mode 100644
index 0000000..7504b1f
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os-linux.h
@@ -0,0 +1,15 @@
+#define _LINUX_IN_H
+#include <linux/types.h>
+#include <linux/mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ntohs(ip->ip_len) - (ip->ip_hl << 2);
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = htons(len);
+}
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h
new file mode 100644
index 0000000..17bd5fa
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os-netbsd.h
@@ -0,0 +1,19 @@
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ip->ip_len;
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = len;
+}
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h
new file mode 100644
index 0000000..873e5fb
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os-openbsd.h
@@ -0,0 +1,21 @@
+#include <netinet/in_systm.h>
+#include <netinet/ip_mroute.h>
+#include <netinet/ip.h>
+#include <netinet/igmp.h>
+
+#define IGMP_MEMBERSHIP_QUERY IGMP_HOST_MEMBERSHIP_QUERY
+#define IGMP_V1_MEMBERSHIP_REPORT IGMP_v1_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_MEMBERSHIP_REPORT IGMP_v2_HOST_MEMBERSHIP_REPORT
+#define IGMP_V2_LEAVE_GROUP IGMP_HOST_LEAVE_MESSAGE
+
+#define INADDR_ALLRTRS_GROUP INADDR_ALLROUTERS_GROUP
+
+static inline u_short ip_data_len(const struct ip *ip)
+{
+	return ntohs(ip->ip_len) - (ip->ip_hl << 2);
+}
+
+static inline void ip_set_len(struct ip *ip, u_short len)
+{
+	ip->ip_len = htons(len);
+}
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os.h b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os.h
new file mode 120000
index 0000000..142e404
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/os.h
@@ -0,0 +1 @@
+../src/os-linux.h
\ No newline at end of file
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/request.c b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/request.c
new file mode 100644
index 0000000..e3589f6
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/request.c
@@ -0,0 +1,222 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   request.c 
+*
+*   Functions for recieveing and processing IGMP requests.
+*
+*/
+
+#include "igmpproxy.h"
+
+// Prototypes...
+void sendGroupSpecificMemberQuery(void *argument);  
+    
+typedef struct {
+    uint32_t      group;
+    uint32_t      vifAddr;
+    short       started;
+} GroupVifDesc;
+
+
+/**
+*   Handles incoming membership reports, and
+*   appends them to the routing table.
+*/
+void acceptGroupReport(uint32_t src, uint32_t group, uint8_t type) {
+    struct IfDesc  *sourceVif;
+
+    // Sanitycheck the group adress...
+    if(!IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group.",
+            inetFmt(group, s1));
+        return;
+    }
+
+    // Find the interface on which the report was recieved.
+    sourceVif = getIfByAddress( src );
+    if(sourceVif == NULL) {
+        my_log(LOG_WARNING, 0, "No interfaces found for source %s",
+            inetFmt(src,s1));
+        return;
+    }
+
+    if(sourceVif->InAdr.s_addr == src) {
+        my_log(LOG_NOTICE, 0, "The IGMP message was from myself. Ignoring.");
+        return;
+    }
+
+    // We have a IF so check that it's an downstream IF.
+    if(sourceVif->state == IF_STATE_DOWNSTREAM) {
+
+        my_log(LOG_DEBUG, 0, "Should insert group %s (from: %s) to route table. Vif Ix : %d",
+            inetFmt(group,s1), inetFmt(src,s2), sourceVif->index);
+
+        // The membership report was OK... Insert it into the route table..
+        insertRoute(group, sourceVif->index);
+
+
+    } else {
+        // Log the state of the interface the report was recieved on.
+        my_log(LOG_INFO, 0, "Mebership report was recieved on %s. Ignoring.",
+            sourceVif->state==IF_STATE_UPSTREAM?"the upstream interface":"a disabled interface");
+    }
+
+}
+
+/**
+*   Recieves and handles a group leave message.
+*/
+void acceptLeaveMessage(uint32_t src, uint32_t group) {
+    struct IfDesc   *sourceVif;
+    
+    my_log(LOG_DEBUG, 0,
+	    "Got leave message from %s to %s. Starting last member detection.",
+	    inetFmt(src, s1), inetFmt(group, s2));
+
+    // Sanitycheck the group adress...
+    if(!IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group.",
+            inetFmt(group, s1));
+        return;
+    }
+
+    // Find the interface on which the report was recieved.
+    sourceVif = getIfByAddress( src );
+    if(sourceVif == NULL) {
+        my_log(LOG_WARNING, 0, "No interfaces found for source %s",
+            inetFmt(src,s1));
+        return;
+    }
+
+    // We have a IF so check that it's an downstream IF.
+    if(sourceVif->state == IF_STATE_DOWNSTREAM) {
+
+        GroupVifDesc   *gvDesc;
+        gvDesc = (GroupVifDesc*) malloc(sizeof(GroupVifDesc));
+
+        // Tell the route table that we are checking for remaining members...
+        setRouteLastMemberMode(group);
+
+        // Call the group spesific membership querier...
+        gvDesc->group = group;
+        gvDesc->vifAddr = sourceVif->InAdr.s_addr;
+        gvDesc->started = 0;
+
+        sendGroupSpecificMemberQuery(gvDesc);
+
+    } else {
+        // just ignore the leave request...
+        my_log(LOG_DEBUG, 0, "The found if for %s was not downstream. Ignoring leave request.", inetFmt(src, s1));
+    }
+}
+
+/**
+*   Sends a group specific member report query until the 
+*   group times out...
+*/
+void sendGroupSpecificMemberQuery(void *argument) {
+    struct  Config  *conf = getCommonConfig();
+
+    // Cast argument to correct type...
+    GroupVifDesc   *gvDesc = (GroupVifDesc*) argument;
+
+    if(gvDesc->started) {
+        // If aging returns false, we don't do any further action...
+        if(!lastMemberGroupAge(gvDesc->group)) {
+            return;
+        }
+    } else {
+        gvDesc->started = 1;
+    }
+
+    // Send a group specific membership query...
+    sendIgmp(gvDesc->vifAddr, gvDesc->group, 
+             IGMP_MEMBERSHIP_QUERY,
+             conf->lastMemberQueryInterval * IGMP_TIMER_SCALE, 
+             gvDesc->group, 0);
+
+    my_log(LOG_DEBUG, 0, "Sent membership query from %s to %s. Delay: %d",
+        inetFmt(gvDesc->vifAddr,s1), inetFmt(gvDesc->group,s2),
+        conf->lastMemberQueryInterval);
+
+    // Set timeout for next round...
+    timer_setTimer(conf->lastMemberQueryInterval, sendGroupSpecificMemberQuery, gvDesc);
+
+}
+
+
+/**
+*   Sends a general membership query on downstream VIFs
+*/
+void sendGeneralMembershipQuery() {
+    struct  Config  *conf = getCommonConfig();
+    struct  IfDesc  *Dp;
+    int             Ix;
+
+    // Loop through all downstream vifs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) {
+            if(Dp->state == IF_STATE_DOWNSTREAM) {
+                // Send the membership query...
+                sendIgmp(Dp->InAdr.s_addr, allhosts_group, 
+                         IGMP_MEMBERSHIP_QUERY,
+                         conf->queryResponseInterval * IGMP_TIMER_SCALE, 0, 0);
+                
+                my_log(LOG_DEBUG, 0,
+			"Sent membership query from %s to %s. Delay: %d",
+			inetFmt(Dp->InAdr.s_addr,s1),
+			inetFmt(allhosts_group,s2),
+			conf->queryResponseInterval);
+            }
+        }
+    }
+
+    // Install timer for aging active routes.
+    timer_setTimer(conf->queryResponseInterval, ageActiveRoutes, NULL);
+
+    // Install timer for next general query...
+    if(conf->startupQueryCount>0) {
+        // Use quick timer...
+        timer_setTimer(conf->startupQueryInterval, sendGeneralMembershipQuery, NULL);
+        // Decrease startup counter...
+        conf->startupQueryCount--;
+    } 
+    else {
+        // Use slow timer...
+        timer_setTimer(conf->queryInterval, sendGeneralMembershipQuery, NULL);
+    }
+
+
+}
+ 
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/request.o b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/request.o
new file mode 100644
index 0000000..8c28a70
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/request.o differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/rttable.c b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/rttable.c
new file mode 100644
index 0000000..f0701a8
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/rttable.c
@@ -0,0 +1,662 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   rttable.c 
+*
+*   Updates the routingtable according to 
+*     recieved request.
+*/
+
+#include "igmpproxy.h"
+    
+/**
+*   Routing table structure definition. Double linked list...
+*/
+struct RouteTable {
+    struct RouteTable   *nextroute;     // Pointer to the next group in line.
+    struct RouteTable   *prevroute;     // Pointer to the previous group in line.
+    uint32_t              group;          // The group to route
+    uint32_t              originAddr;     // The origin adress (only set on activated routes)
+    uint32_t              vifBits;        // Bits representing recieving VIFs.
+
+    // Keeps the upstream membership state...
+    short               upstrState;     // Upstream membership state.
+
+    // These parameters contain aging details.
+    uint32_t              ageVifBits;     // Bits representing aging VIFs.
+    int                 ageValue;       // Downcounter for death.          
+    int                 ageActivity;    // Records any acitivity that notes there are still listeners.
+};
+
+                 
+// Keeper for the routing table...
+static struct RouteTable   *routing_table;
+
+// Prototypes
+void logRouteTable(char *header);
+int  internAgeRoute(struct RouteTable*  croute);
+int internUpdateKernelRoute(struct RouteTable *route, int activate);
+
+// Socket for sending join or leave requests.
+int mcGroupSock = 0;
+
+
+/**
+*   Function for retrieving the Multicast Group socket.
+*/
+int getMcGroupSock() {
+    if( ! mcGroupSock ) {
+        mcGroupSock = openUdpSocket( INADDR_ANY, 0 );;
+    }
+    return mcGroupSock;
+}
+ 
+/**
+*   Initializes the routing table.
+*/
+void initRouteTable() {
+    unsigned Ix;
+    struct IfDesc *Dp;
+
+    // Clear routing table...
+    routing_table = NULL;
+
+    // Join the all routers group on downstream vifs...
+    for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+        // If this is a downstream vif, we should join the All routers group...
+        if( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) && Dp->state == IF_STATE_DOWNSTREAM) {
+            my_log(LOG_DEBUG, 0, "Joining all-routers group %s on vif %s",
+                         inetFmt(allrouters_group,s1),inetFmt(Dp->InAdr.s_addr,s2));
+            
+            //k_join(allrouters_group, Dp->InAdr.s_addr);
+            joinMcGroup( getMcGroupSock(), Dp, allrouters_group );
+        }
+    }
+}
+
+/**
+*   Internal function to send join or leave requests for
+*   a specified route upstream...
+*/
+void sendJoinLeaveUpstream(struct RouteTable* route, int join) {
+    struct IfDesc*      upstrIf;
+    
+    // Get the upstream VIF...
+    upstrIf = getIfByIx( upStreamVif );
+    if(upstrIf == NULL) {
+        my_log(LOG_ERR, 0 ,"FATAL: Unable to get Upstream IF.");
+    }
+
+    // Send join or leave request...
+    if(join) {
+
+        // Only join a group if there are listeners downstream...
+        if(route->vifBits > 0) {
+            my_log(LOG_DEBUG, 0, "Joining group %s upstream on IF address %s",
+                         inetFmt(route->group, s1), 
+                         inetFmt(upstrIf->InAdr.s_addr, s2));
+
+            //k_join(route->group, upstrIf->InAdr.s_addr);
+            joinMcGroup( getMcGroupSock(), upstrIf, route->group );
+
+            route->upstrState = ROUTESTATE_JOINED;
+        } else {
+            my_log(LOG_DEBUG, 0, "No downstream listeners for group %s. No join sent.",
+                inetFmt(route->group, s1));
+        }
+
+    } else {
+        // Only leave if group is not left already...
+        if(route->upstrState != ROUTESTATE_NOTJOINED) {
+            my_log(LOG_DEBUG, 0, "Leaving group %s upstream on IF address %s",
+                         inetFmt(route->group, s1), 
+                         inetFmt(upstrIf->InAdr.s_addr, s2));
+            
+            //k_leave(route->group, upstrIf->InAdr.s_addr);
+            leaveMcGroup( getMcGroupSock(), upstrIf, route->group );
+
+            route->upstrState = ROUTESTATE_NOTJOINED;
+        }
+    }
+}
+
+/**
+*   Clear all routes from routing table, and alerts Leaves upstream.
+*/
+void clearAllRoutes() {
+    struct RouteTable   *croute, *remainroute;
+
+    // Loop through all routes...
+    for(croute = routing_table; croute; croute = remainroute) {
+
+        remainroute = croute->nextroute;
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_DEBUG, 0, "Removing route entry for %s",
+                     inetFmt(croute->group, s1));
+
+        // Uninstall current route
+        if(!internUpdateKernelRoute(croute, 0)) {
+            my_log(LOG_WARNING, 0, "The removal from Kernel failed.");
+        }
+
+        // Send Leave message upstream.
+        sendJoinLeaveUpstream(croute, 0);
+
+        // Clear memory, and set pointer to next route...
+        free(croute);
+    }
+    routing_table = NULL;
+
+    // Send a notice that the routing table is empty...
+    my_log(LOG_NOTICE, 0, "All routes removed. Routing table is empty.");
+}
+                 
+/**
+*   Private access function to find a route from a given 
+*   Route Descriptor.
+*/
+struct RouteTable *findRoute(uint32_t group) {
+    struct RouteTable*  croute;
+
+    for(croute = routing_table; croute; croute = croute->nextroute) {
+        if(croute->group == group) {
+            return croute;
+        }
+    }
+
+    return NULL;
+}
+
+/**
+*   Adds a specified route to the routingtable.
+*   If the route already exists, the existing route 
+*   is updated...
+*/
+int insertRoute(uint32_t group, int ifx) {
+    
+    struct Config *conf = getCommonConfig();
+    struct RouteTable*  croute;
+
+    // Sanitycheck the group adress...
+    if( ! IN_MULTICAST( ntohl(group) )) {
+        my_log(LOG_WARNING, 0, "The group address %s is not a valid Multicast group. Table insert failed.",
+            inetFmt(group, s1));
+        return 0;
+    }
+
+    // Santiycheck the VIF index...
+    //if(ifx < 0 || ifx >= MAX_MC_VIFS) {
+    if(ifx >= MAX_MC_VIFS) {
+        my_log(LOG_WARNING, 0, "The VIF Ix %d is out of range (0-%d). Table insert failed.",ifx,MAX_MC_VIFS);
+        return 0;
+    }
+
+    // Try to find an existing route for this group...
+    croute = findRoute(group);
+    if(croute==NULL) {
+        struct RouteTable*  newroute;
+
+        my_log(LOG_DEBUG, 0, "No existing route for %s. Create new.",
+                     inetFmt(group, s1));
+
+
+        // Create and initialize the new route table entry..
+        newroute = (struct RouteTable*)malloc(sizeof(struct RouteTable));
+        // Insert the route desc and clear all pointers...
+        newroute->group      = group;
+        newroute->originAddr = 0;
+        newroute->nextroute  = NULL;
+        newroute->prevroute  = NULL;
+
+        // The group is not joined initially.
+        newroute->upstrState = ROUTESTATE_NOTJOINED;
+
+        // The route is not active yet, so the age is unimportant.
+        newroute->ageValue    = conf->robustnessValue;
+        newroute->ageActivity = 0;
+        
+        BIT_ZERO(newroute->ageVifBits);     // Initially we assume no listeners.
+
+        // Set the listener flag...
+        BIT_ZERO(newroute->vifBits);    // Initially no listeners...
+        if(ifx >= 0) {
+            BIT_SET(newroute->vifBits, ifx);
+        }
+
+        // Check if there is a table already....
+        if(routing_table == NULL) {
+            // No location set, so insert in on the table top.
+            routing_table = newroute;
+            my_log(LOG_DEBUG, 0, "No routes in table. Insert at beginning.");
+        } else {
+
+            my_log(LOG_DEBUG, 0, "Found existing routes. Find insert location.");
+
+            // Check if the route could be inserted at the beginning...
+            if(routing_table->group > group) {
+                my_log(LOG_DEBUG, 0, "Inserting at beginning, before route %s",inetFmt(routing_table->group,s1));
+
+                // Insert at beginning...
+                newroute->nextroute = routing_table;
+                newroute->prevroute = NULL;
+                routing_table = newroute;
+
+                // If the route has a next node, the previous pointer must be updated.
+                if(newroute->nextroute != NULL) {
+                    newroute->nextroute->prevroute = newroute;
+                }
+
+            } else {
+
+                // Find the location which is closest to the route.
+                for( croute = routing_table; croute->nextroute != NULL; croute = croute->nextroute ) {
+                    // Find insert position.
+                    if(croute->nextroute->group > group) {
+                        break;
+                    }
+                }
+
+                my_log(LOG_DEBUG, 0, "Inserting after route %s",inetFmt(croute->group,s1));
+                
+                // Insert after current...
+                newroute->nextroute = croute->nextroute;
+                newroute->prevroute = croute;
+                if(croute->nextroute != NULL) {
+                    croute->nextroute->prevroute = newroute; 
+                }
+                croute->nextroute = newroute;
+            }
+        }
+
+        // Set the new route as the current...
+        croute = newroute;
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_INFO, 0, "Inserted route table entry for %s on VIF #%d",
+            inetFmt(croute->group, s1),ifx);
+
+    } else if(ifx >= 0) {
+
+        // The route exists already, so just update it.
+        BIT_SET(croute->vifBits, ifx);
+        
+        // Register the VIF activity for the aging routine
+        BIT_SET(croute->ageVifBits, ifx);
+
+        // Log the cleanup in debugmode...
+        my_log(LOG_INFO, 0, "Updated route entry for %s on VIF #%d",
+            inetFmt(croute->group, s1), ifx);
+
+        // If the route is active, it must be reloaded into the Kernel..
+        if(croute->originAddr != 0) {
+
+            // Update route in kernel...
+            if(!internUpdateKernelRoute(croute, 1)) {
+                my_log(LOG_WARNING, 0, "The insertion into Kernel failed.");
+                return 0;
+            }
+        }
+    }
+
+    // Send join message upstream, if the route has no joined flag...
+    if(croute->upstrState != ROUTESTATE_JOINED) {
+        // Send Join request upstream
+        sendJoinLeaveUpstream(croute, 1);
+    }
+
+    logRouteTable("Insert Route");
+
+    return 1;
+}
+
+/**
+*   Activates a passive group. If the group is already
+*   activated, it's reinstalled in the kernel. If
+*   the route is activated, no originAddr is needed.
+*/
+int activateRoute(uint32_t group, uint32_t originAddr) {
+    struct RouteTable*  croute;
+    int result = 0;
+
+    // Find the requested route.
+    croute = findRoute(group);
+    if(croute == NULL) {
+        my_log(LOG_DEBUG, 0,
+		"No table entry for %s [From: %s]. Inserting route.",
+		inetFmt(group, s1),inetFmt(originAddr, s2));
+
+        // Insert route, but no interfaces have yet requested it downstream.
+        insertRoute(group, -1);
+
+        // Retrieve the route from table...
+        croute = findRoute(group);
+    }
+
+    if(croute != NULL) {
+        // If the origin address is set, update the route data.
+        if(originAddr > 0) {
+            if(croute->originAddr > 0 && croute->originAddr!=originAddr) {
+                my_log(LOG_WARNING, 0, "The origin for route %s changed from %s to %s",
+                    inetFmt(croute->group, s1),
+                    inetFmt(croute->originAddr, s2),
+                    inetFmt(originAddr, s3));
+            }
+            croute->originAddr = originAddr;
+        }
+
+        // Only update kernel table if there are listeners !
+        if(croute->vifBits > 0) {
+            result = internUpdateKernelRoute(croute, 1);
+        }
+    }
+    logRouteTable("Activate Route");
+
+    return result;
+}
+
+
+/**
+*   This function loops through all routes, and updates the age 
+*   of any active routes.
+*/
+void ageActiveRoutes() {
+    struct RouteTable   *croute, *nroute;
+    
+    my_log(LOG_DEBUG, 0, "Aging routes in table.");
+
+    // Scan all routes...
+    for( croute = routing_table; croute != NULL; croute = nroute ) {
+        
+        // Keep the next route (since current route may be removed)...
+        nroute = croute->nextroute;
+
+        // Run the aging round algorithm.
+        if(croute->upstrState != ROUTESTATE_CHECK_LAST_MEMBER) {
+            // Only age routes if Last member probe is not active...
+            internAgeRoute(croute);
+        }
+    }
+    logRouteTable("Age active routes");
+}
+
+/**
+*   Should be called when a leave message is recieved, to
+*   mark a route for the last member probe state.
+*/
+void setRouteLastMemberMode(uint32_t group) {
+    struct Config       *conf = getCommonConfig();
+    struct RouteTable   *croute;
+
+    croute = findRoute(group);
+    if(croute!=NULL) {
+        // Check for fast leave mode...
+        if(croute->upstrState == ROUTESTATE_JOINED && conf->fastUpstreamLeave) {
+            // Send a leave message right away..
+            sendJoinLeaveUpstream(croute, 0);
+        }
+        // Set the routingstate to Last member check...
+        croute->upstrState = ROUTESTATE_CHECK_LAST_MEMBER;
+        // Set the count value for expiring... (-1 since first aging)
+        croute->ageValue = conf->lastMemberQueryCount;
+    }
+}
+
+
+/**
+*   Ages groups in the last member check state. If the
+*   route is not found, or not in this state, 0 is returned.
+*/
+int lastMemberGroupAge(uint32_t group) {
+    struct RouteTable   *croute;
+
+    croute = findRoute(group);
+    if(croute!=NULL) {
+        if(croute->upstrState == ROUTESTATE_CHECK_LAST_MEMBER) {
+            return !internAgeRoute(croute);
+        } else {
+            return 0;
+        }
+    }
+    return 0;
+}
+
+/**
+*   Remove a specified route. Returns 1 on success,
+*   and 0 if route was not found.
+*/
+int removeRoute(struct RouteTable*  croute) {
+    struct Config       *conf = getCommonConfig();
+    int result = 1;
+    
+    // If croute is null, no routes was found.
+    if(croute==NULL) {
+        return 0;
+    }
+
+    // Log the cleanup in debugmode...
+    my_log(LOG_DEBUG, 0, "Removed route entry for %s from table.",
+                 inetFmt(croute->group, s1));
+
+    //BIT_ZERO(croute->vifBits);
+
+    // Uninstall current route from kernel
+    if(!internUpdateKernelRoute(croute, 0)) {
+        my_log(LOG_WARNING, 0, "The removal from Kernel failed.");
+        result = 0;
+    }
+
+    // Send Leave request upstream if group is joined
+    if(croute->upstrState == ROUTESTATE_JOINED || 
+       (croute->upstrState == ROUTESTATE_CHECK_LAST_MEMBER && !conf->fastUpstreamLeave)) 
+    {
+        sendJoinLeaveUpstream(croute, 0);
+    }
+
+    // Update pointers...
+    if(croute->prevroute == NULL) {
+        // Topmost node...
+        if(croute->nextroute != NULL) {
+            croute->nextroute->prevroute = NULL;
+        }
+        routing_table = croute->nextroute;
+
+    } else {
+        croute->prevroute->nextroute = croute->nextroute;
+        if(croute->nextroute != NULL) {
+            croute->nextroute->prevroute = croute->prevroute;
+        }
+    }
+    // Free the memory, and set the route to NULL...
+    free(croute);
+    croute = NULL;
+
+    logRouteTable("Remove route");
+
+    return result;
+}
+
+
+/**
+*   Ages a specific route
+*/
+int internAgeRoute(struct RouteTable*  croute) {
+    struct Config *conf = getCommonConfig();
+    int result = 0;
+
+    // Drop age by 1.
+    croute->ageValue--;
+
+    // Check if there has been any activity...
+    if( croute->ageVifBits > 0 && croute->ageActivity == 0 ) {
+        // There was some activity, check if all registered vifs responded.
+        if(croute->vifBits == croute->ageVifBits) {
+            // Everything is in perfect order, so we just update the route age.
+            croute->ageValue = conf->robustnessValue;
+            //croute->ageActivity = 0;
+        } else {
+            // One or more VIF has not gotten any response.
+            croute->ageActivity++;
+
+            // Update the actual bits for the route...
+            croute->vifBits = croute->ageVifBits;
+        }
+    } 
+    // Check if there have been activity in aging process...
+    else if( croute->ageActivity > 0 ) {
+
+        // If the bits are different in this round, we must
+        if(croute->vifBits != croute->ageVifBits) {
+            // Or the bits together to insure we don't lose any listeners.
+            croute->vifBits |= croute->ageVifBits;
+
+            // Register changes in this round as well..
+            croute->ageActivity++;
+        }
+    }
+
+    // If the aging counter has reached zero, its time for updating...
+    if(croute->ageValue == 0) {
+        // Check for activity in the aging process,
+        if(croute->ageActivity>0) {
+            
+            my_log(LOG_DEBUG, 0, "Updating route after aging : %s",
+                         inetFmt(croute->group,s1));
+            
+            // Just update the routing settings in kernel...
+            internUpdateKernelRoute(croute, 1);
+    
+            // We append the activity counter to the age, and continue...
+            croute->ageValue = croute->ageActivity;
+            croute->ageActivity = 0;
+        } else {
+
+            my_log(LOG_DEBUG, 0, "Removing group %s. Died of old age.",
+                         inetFmt(croute->group,s1));
+
+            // No activity was registered within the timelimit, so remove the route.
+            removeRoute(croute);
+        }
+        // Tell that the route was updated...
+        result = 1;
+    }
+
+    // The aging vif bits must be reset for each round...
+    BIT_ZERO(croute->ageVifBits);
+
+    return result;
+}
+
+/**
+*   Updates the Kernel routing table. If activate is 1, the route
+*   is (re-)activated. If activate is false, the route is removed.
+*/
+int internUpdateKernelRoute(struct RouteTable *route, int activate) {
+    struct   MRouteDesc     mrDesc;
+    struct   IfDesc         *Dp;
+    unsigned                Ix;
+    
+    if(route->originAddr>0) {
+
+        // Build route descriptor from table entry...
+        // Set the source address and group address...
+        mrDesc.McAdr.s_addr     = route->group;
+        mrDesc.OriginAdr.s_addr = route->originAddr;
+    
+        // clear output interfaces 
+        memset( mrDesc.TtlVc, 0, sizeof( mrDesc.TtlVc ) );
+    
+        my_log(LOG_DEBUG, 0, "Vif bits : 0x%08x", route->vifBits);
+
+        // Set the TTL's for the route descriptor...
+        for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) {
+            if(Dp->state == IF_STATE_UPSTREAM) {
+                mrDesc.InVif = Dp->index;
+            }
+            else if(BIT_TST(route->vifBits, Dp->index)) {
+                my_log(LOG_DEBUG, 0, "Setting TTL for Vif %d to %d", Dp->index, Dp->threshold);
+                mrDesc.TtlVc[ Dp->index ] = Dp->threshold;
+            }
+        }
+    
+        // Do the actual Kernel route update...
+        if(activate) {
+            // Add route in kernel...
+            addMRoute( &mrDesc );
+    
+        } else {
+            // Delete the route from Kernel...
+            delMRoute( &mrDesc );
+        }
+
+    } else {
+        my_log(LOG_NOTICE, 0, "Route is not active. No kernel updates done.");
+    }
+
+    return 1;
+}
+
+/**
+*   Debug function that writes the routing table entries
+*   to the log.
+*/
+void logRouteTable(char *header) {
+        struct RouteTable*  croute = routing_table;
+        unsigned            rcount = 0;
+    
+        my_log(LOG_DEBUG, 0, "");
+        my_log(LOG_DEBUG, 0, "Current routing table (%s):", header);
+        my_log(LOG_DEBUG, 0, "-----------------------------------------------------");
+        if(croute==NULL) {
+            my_log(LOG_DEBUG, 0, "No routes in table...");
+        } else {
+            do {
+                /*
+                my_log(LOG_DEBUG, 0, "#%d: Src: %s, Dst: %s, Age:%d, St: %s, Prev: 0x%08x, T: 0x%08x, Next: 0x%08x",
+                    rcount, inetFmt(croute->originAddr, s1), inetFmt(croute->group, s2),
+                    croute->ageValue,(croute->originAddr>0?"A":"I"),
+                    croute->prevroute, croute, croute->nextroute);
+                */
+                my_log(LOG_DEBUG, 0, "#%d: Src: %s, Dst: %s, Age:%d, St: %s, OutVifs: 0x%08x",
+                    rcount, inetFmt(croute->originAddr, s1), inetFmt(croute->group, s2),
+                    croute->ageValue,(croute->originAddr>0?"A":"I"),
+                    croute->vifBits);
+                  
+                croute = croute->nextroute; 
+        
+                rcount++;
+            } while ( croute != NULL );
+        }
+    
+        my_log(LOG_DEBUG, 0, "-----------------------------------------------------");
+}
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/rttable.o b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/rttable.o
new file mode 100644
index 0000000..467cfe8
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/rttable.o differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/syslog.c b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/syslog.c
new file mode 100644
index 0000000..7c7166f
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/syslog.c
@@ -0,0 +1,62 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+
+#include "igmpproxy.h"
+
+int LogLevel = LOG_WARNING;
+bool Log2Stderr = false;
+
+void my_log( int Severity, int Errno, const char *FmtSt, ... )
+{
+    char LogMsg[ 128 ];
+
+    va_list ArgPt;
+    unsigned Ln;
+    va_start( ArgPt, FmtSt );
+    Ln = vsnprintf( LogMsg, sizeof( LogMsg ), FmtSt, ArgPt );
+    if( Errno > 0 )
+        snprintf( LogMsg + Ln, sizeof( LogMsg ) - Ln,
+                "; Errno(%d): %s", Errno, strerror(Errno) );
+    va_end( ArgPt );
+
+    if (Severity <= LogLevel) {
+        if (Log2Stderr)
+            fprintf(stderr, "%s\n", LogMsg);
+        else {
+            syslog(Severity, "%s", LogMsg);
+	}
+    }
+
+    if( Severity <= LOG_ERR )
+        exit( -1 );
+}
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/syslog.o b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/syslog.o
new file mode 100644
index 0000000..1a9d31d
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/syslog.o differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/udpsock.c b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/udpsock.c
new file mode 100644
index 0000000..150130e
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/udpsock.c
@@ -0,0 +1,65 @@
+/*
+**  igmpproxy - IGMP proxy based multicast router 
+**  Copyright (C) 2005 Johnny Egeland <johnny@rlo.org>
+**
+**  This program is free software; you can redistribute it and/or modify
+**  it under the terms of the GNU General Public License as published by
+**  the Free Software Foundation; either version 2 of the License, or
+**  (at your option) any later version.
+**
+**  This program is distributed in the hope that it will be useful,
+**  but WITHOUT ANY WARRANTY; without even the implied warranty of
+**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+**  GNU General Public License for more details.
+**
+**  You should have received a copy of the GNU General Public License
+**  along with this program; if not, write to the Free Software
+**  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+**
+**----------------------------------------------------------------------------
+**
+**  This software is derived work from the following software. The original
+**  source code has been modified from it's original state by the author
+**  of igmpproxy.
+**
+**  smcroute 0.92 - Copyright (C) 2001 Carsten Schill <carsten@cschill.de>
+**  - Licensed under the GNU General Public License, version 2
+**  
+**  mrouted 3.9-beta3 - COPYRIGHT 1989 by The Board of Trustees of 
+**  Leland Stanford Junior University.
+**  - Original license can be found in the Stanford.txt file.
+**
+*/
+/**
+*   udpsock.c contains function for creating a UDP socket.
+*
+*/
+
+#include "igmpproxy.h"
+
+/**
+*  Creates and connects a simple UDP socket to the target 
+*  'PeerInAdr':'PeerPort'
+*
+*   @param PeerInAdr - The address to connect to
+*   @param PeerPort  - The port to connect to
+*           
+*/
+int openUdpSocket( uint32_t PeerInAdr, uint16_t PeerPort ) {
+    int Sock;
+    struct sockaddr_in SockAdr;
+    
+    if( (Sock = socket( AF_INET, SOCK_RAW, IPPROTO_IGMP )) < 0 )
+        my_log( LOG_ERR, errno, "UDP socket open" );
+    
+    memset( &SockAdr, 0, sizeof( SockAdr ) );
+    SockAdr.sin_family      = AF_INET;
+    SockAdr.sin_port        = htons(PeerPort);
+    SockAdr.sin_addr.s_addr = htonl(PeerInAdr);
+    
+    if( bind( Sock, (struct sockaddr *)&SockAdr, sizeof( SockAdr ) ) )
+        my_log( LOG_ERR, errno, "UDP socket bind" );
+    
+    return Sock;
+}
+
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/udpsock.o b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/udpsock.o
new file mode 100644
index 0000000..c3d35d9
Binary files /dev/null and b/NONE-WF/src/igmpproxy/igmpproxy-0.1/src/udpsock.o differ
diff --git a/NONE-WF/src/igmpproxy/igmpproxy-0.1/stamp-h1 b/NONE-WF/src/igmpproxy/igmpproxy-0.1/stamp-h1
new file mode 100644
index 0000000..4547fe1
--- /dev/null
+++ b/NONE-WF/src/igmpproxy/igmpproxy-0.1/stamp-h1
@@ -0,0 +1 @@
+timestamp for config.h
diff --git a/NONE-WF/src/ipt-gateway b/NONE-WF/src/ipt-gateway
new file mode 160000
index 0000000..de0ebb6
--- /dev/null
+++ b/NONE-WF/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
diff --git a/NONE-WF/src/ipw2100-fw/LICENSE b/NONE-WF/src/ipw2100-fw/LICENSE
new file mode 100644
index 0000000..a3e83f5
--- /dev/null
+++ b/NONE-WF/src/ipw2100-fw/LICENSE
@@ -0,0 +1,207 @@
+                             TERMS AND CONDITIONS
+    IMPORTANT - PLEASE READ BEFORE INSTALLING OR USING THIS INTEL(C) SOFTWARE
+
+Do not use or load this firmware (the "Software") until you have carefully read
+the following terms and conditions. By loading or using the Software, you agree
+to the terms of this Agreement. If you do not wish to so agree, do not install
+or use the Software.
+
+LICENSEES:
+
+Please note: 
+
+* If you are an End-User, only Exhibit A, the SOFTWARE LICENSE AGREEMENT,
+  applies.
+* If you are an Original Equipment Manufacturer (OEM), Independent Hardware
+  Vendor (IHV), or Independent Software Vendor (ISV), this complete Agreement
+  applies 
+
+--------------------------------------------------------------------------------
+
+For OEMs, IHVs, and ISVs:
+
+LICENSE. This Software is licensed for use only in conjunction with Intel
+component products. Use of the Software in conjunction with non-Intel component
+products is not licensed hereunder. Subject to the terms of this Agreement,
+Intel grants to you a nonexclusive, nontransferable, worldwide, fully paid-up
+license under Intel's copyrights to: (i) copy the Software internally for your
+own development and maintenance purposes; (ii) copy and distribute the Software
+to your end-users, but only under a license agreement with terms at least as
+restrictive as those contained in Intel's Final, Single User License Agreement,
+attached as Exhibit A; and (iii) modify, copy and distribute the end-user
+documentation which may accompany the Software, but only in association with
+the Software.  
+
+If you are not the final manufacturer or vendor of a computer system or software
+program incorporating the Software, then you may transfer a copy of the
+Software, including any related documentation (modified or unmodified) to your
+recipient for use in accordance with the terms of this Agreement, provided such
+recipient agrees to be fully bound by the terms hereof. You shall not otherwise
+assign, sublicense, lease, or in any other way transfer or disclose Software to
+any third party. You may not, nor may you assist any other person or entity to
+modify, translate, convert to another programming language, decompile, reverse
+engineer, or disassemble any portion of the Software or otherwise attempt to
+derive source code from any object code modules of the Software or any internal
+data files generated by the Software. Your rights to redistribute the Software
+shall be contingent upon your installation of this Agreement in its entirety in
+the same directory as the Software.
+
+CONFIDENTIALITY. If you wish to have a third party consultant or subcontractor
+("Contractor") perform work on your behalf which involves access to or use of
+Software, you shall obtain a written confidentiality agreement from the
+Contractor which contains provisions with respect to access to or use of the
+Software no less restrictive than those set forth in this Agreement and
+excluding any distribution rights, and use for any other purpose. Except as 
+expressly provided herein, you shall not disclose the terms or existence of 
+this Agreement or use Intel's name in any publications, advertisements, or 
+other announcements without Intel's prior written consent. You do not have any 
+rights to use any Intel trademarks or logos.
+
+OWNERSHIP OF SOFTWARE AND COPYRIGHTS. Software and accompanying materials, if
+any, are owned by Intel or its suppliers and licensors and may be protected by
+copyright, trademark, patent and trade secret law and international treaties. 
+Any rights, express or implied, in the intellectual property embodied in the
+foregoing, other than those specified in this Agreement, are reserved by Intel
+and its suppliers and licensors or otherwise as set forth in any applicable
+open source license agreement. You will keep the Software free of liens,
+attachments, and other encumbrances.  You agree not to remove any proprietary
+notices and/or any labels from the Software and accompanying materials without
+prior written approval by Intel
+
+LIMITATION OF LIABILITY. IN NO EVENT SHALL INTEL OR ITS SUPPLIERS AND LICENSORS
+BE LIABLE FOR ANY DAMAGES WHATSOEVER FROM ANY CAUSE OF ACTION OF ANY KIND
+(INCLUDING, WITHOUT LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, OR LOST
+INFORMATION) ARISING OUT OF THE USE, MODIFICATION, OR INABILITY TO USE THE
+INTEL SOFTWARE, OR OTHERWISE, NOR FOR PUNITIVE, INCIDENTAL, CONSEQUENTIAL, OR
+SPECIAL DAMAGES OF ANY KIND, EVEN IF INTEL OR ITS SUPPLIERS AND LICENSORS HAS
+BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.   SOME JURISDICTIONS PROHIBIT
+EXCLUSION OR LIMITATION OF LIABILITY FOR IMPLIED WARRANTIES, CONSEQUENTIAL OR
+INCIDENTAL DAMAGES, SO CERTAIN LIMITATIONS MAY NOT APPLY.  YOU MAY ALSO HAVE
+OTHER LEGAL RIGHTS THAT VARY BETWEEN JURISDICTIONS. 
+
+EXCLUSION OF WARRANTIES.  THE SOFTWARE IS PROVIDED "AS IS" AND POSSIBLY WITH
+FAULTS. UNLESS EXPRESSLY AGREED OTHERWISE, INTEL AND ITS SUPPLIERS AND
+LICENSORS DISCLAIM ANY AND ALL WARRANTIES AND GUARANTEES, EXPRESS, IMPLIED OR
+OTHERWISE, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE.  Intel does not warrant
+or assume responsibility for the accuracy or completeness of any information,
+text, graphics, links or other items contained within the Software.  You assume
+all liability, financial or otherwise, associated with Your use or disposition
+of the Software.
+		
+APPLICABLE LAW. Claims arising under this Agreement shall be governed by the
+laws of State of California], excluding its principles of conflict of laws and
+the United Nations Convention on Contracts for the Sale of Goods.  
+
+WAIVER AND AMENDMENT. No modification, amendment or waiver of any provision of
+this Agreement shall be effective unless in writing and signed by an officer of
+Intel.  No failure or delay in exercising any right, power, or remedy under
+this Agreement shall operate as a waiver of any such right, power or remedy. 
+Without limiting the foregoing, terms and conditions on any purchase orders or
+similar materials submitted by you to Intel, and any terms contained in Intel’s
+standard acknowledgment form that are in conflict with these terms, shall be of
+no force or effect.
+
+SEVERABILITY.  If any provision of this Agreement is held by a court of
+competent jurisdiction to be contrary to law, such provision shall be changed
+and interpreted so as to best accomplish the objectives of the original
+provision to the fullest extent allowed by law and the remaining provisions of
+this Agreement shall remain in full force and effect.
+
+EXPORT RESTRICTIONS.  Each party acknowledges that the Software is subject to
+applicable import and export regulations of the United States and of the
+countries in which each party transacts business, specifically including U.S.
+Export Administration Act and Export Administration Regulations.  Each party
+shall comply with such laws and regulations, as well as all other laws and
+regulations applicable to the Software.  Without limiting the generality of the
+foregoing, each party agrees that it will not export, re-export, transfer or
+divert any of the Software or the direct programs thereof to any restricted
+place or party in accordance with U.S. export regulations.  Note that Software
+containing encryption may be subject to additional restrictions.
+
+GOVERNMENT RESTRICTED RIGHTS. The Software is provided with "RESTRICTED RIGHTS."
+Use, duplication, or disclosure by the Government is subject to restrictions as
+set forth in FAR52.227-14 and DFAR252.227-7013 et seq. or their successors. Use
+of the Software by the Government constitutes acknowledgment of Intel's
+proprietary rights therein. Contractor or Manufacturer is Intel Corporation,
+2200 Mission College Blvd., Santa Clara, CA  95052.
+
+TERMINATION OF THE AGREEMENT. Intel may terminate this Agreement if you violate
+its terms. Upon termination, you will immediately destroy the Software or
+return all copies of the Software to Intel.
+
+--------------------------------------------------------------------------------
+
+EXHIBIT "A"
+
+SOFTWARE LICENSE AGREEMENT (Final, Single User)
+
+IMPORTANT - READ BEFORE COPYING, INSTALLING OR USING.
+
+Do not use or load this firmware image (the "Software") until you have carefully
+read the following terms and conditions. By loading or using the Software, you
+agree to the terms of this Agreement. If you do not wish to so agree, do not
+install or use the Software.
+
+LICENSE. You may copy and use the Software, subject to these conditions: 
+1. This Software is licensed for use only in conjunction with Intel component
+   products. Use of the Software in conjunction with non-Intel component 
+   products is not licensed hereunder. 
+2. You may not copy, modify, rent, sell, distribute or transfer any part of the
+   Software except as provided in this Agreement, and you agree to prevent
+   unauthorized copying of the Software. 
+3. You may not reverse engineer, decompile, or disassemble the Software. 
+4. You may not sublicense the Software. 
+5. The Software may contain the software or other property of third party
+   suppliers. 
+
+OWNERSHIP OF SOFTWARE AND COPYRIGHTS. Title to all copies of the Software
+remains with Intel or its suppliers. The Software is copyrighted and protected
+by the laws of the United States and other countries, and international treaty
+provisions. You may not remove any copyright notices from the Software. Intel
+may make changes to the Software, or items referenced therein, at any time
+without notice, but is not obligated to support or update the Software. Except
+as otherwise expressly provided, Intel grants no express or implied right under
+Intel patents, copyrights, trademarks, or other intellectual property rights.
+You may transfer the Software only if a copy of this license accompanies the 
+Software and the recipient agrees to be fully bound by these terms.
+
+EXCLUSION OF OTHER WARRANTIES EXCEPT AS PROVIDED ABOVE, THE SOFTWARE IS PROVIDED
+"AS IS" WITHOUT ANY EXPRESS OR IMPLIED WARRANTY OF ANY KIND INCLUDING
+WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR
+PURPOSE. Intel does not warrant or assume responsibility for the accuracy or
+completeness of any information, text, graphics, links or other items contained
+within the Software.
+
+LIMITATION OF LIABILITY. IN NO EVENT SHALL INTEL OR ITS SUPPLIERS BE LIABLE FOR
+ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, LOST PROFITS, BUSINESS
+INTERRUPTION, OR LOST INFORMATION) ARISING OUT OF THE USE OF OR INABILITY TO
+USE THE SOFTWARE, EVEN IF INTEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES. SOME JURISDICTIONS PROHIBIT EXCLUSION OR LIMITATION OF LIABILITY FOR
+IMPLIED WARRANTIES OR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE
+LIMITATION MAY NOT APPLY TO YOU. YOU MAY ALSO HAVE OTHER LEGAL RIGHTS THAT VARY
+BETWEEN JURISDICTIONS.
+
+TERMINATION OF THIS AGREEMENT. Intel may terminate this Agreement at any time if
+you violate its terms. Upon termination, you will immediately destroy the
+Software.
+
+APPLICABLE LAWS. Claims arising under this Agreement shall be governed by the
+laws of California, excluding its principles of conflict of laws and the United
+Nations Convention on Contracts for the Sale of Goods. You may not export the
+Software in violation of applicable export laws and regulations. Intel is not
+obligated under any other agreements unless they are in writing and signed by
+an authorized representative 
+of Intel.
+
+GOVERNMENT RESTRICTED RIGHTS. The Software is provided with "RESTRICTED RIGHTS."
+Use, duplication, or disclosure by the Government is subject to restrictions as
+set forth in FAR52.227-14 and DFAR252.227-7013 et seq. or their successors. Use
+of the Software by the Government constitutes acknowledgment of Intel's
+proprietary rights therein. Contractor or Manufacturer is Intel Corporation,
+2200 Mission College Blvd., Santa Clara, CA 95052.
+
+
+
+		
+
diff --git a/NONE-WF/src/ipw2100-fw/ipw2100-1.3-i.fw b/NONE-WF/src/ipw2100-fw/ipw2100-1.3-i.fw
new file mode 100644
index 0000000..85c9ca5
Binary files /dev/null and b/NONE-WF/src/ipw2100-fw/ipw2100-1.3-i.fw differ
diff --git a/NONE-WF/src/ipw2100-fw/ipw2100-1.3-p.fw b/NONE-WF/src/ipw2100-fw/ipw2100-1.3-p.fw
new file mode 100644
index 0000000..6fda4c3
Binary files /dev/null and b/NONE-WF/src/ipw2100-fw/ipw2100-1.3-p.fw differ
diff --git a/NONE-WF/src/ipw2100-fw/ipw2100-1.3.fw b/NONE-WF/src/ipw2100-fw/ipw2100-1.3.fw
new file mode 100644
index 0000000..be2a69c
Binary files /dev/null and b/NONE-WF/src/ipw2100-fw/ipw2100-1.3.fw differ
diff --git a/NONE-WF/src/ipw2100-fw/ipw2100-fw-1.3.tgz b/NONE-WF/src/ipw2100-fw/ipw2100-fw-1.3.tgz
new file mode 100644
index 0000000..ad30eee
Binary files /dev/null and b/NONE-WF/src/ipw2100-fw/ipw2100-fw-1.3.tgz differ
diff --git a/NONE-WF/src/mailsystem b/NONE-WF/src/mailsystem
new file mode 160000
index 0000000..03b820b
--- /dev/null
+++ b/NONE-WF/src/mailsystem
@@ -0,0 +1 @@
+Subproject commit 03b820b8b869d6be229340a99ed5994dcd0edec9
diff --git a/OPP/README.txt b/OPP/README.txt
new file mode 100644
index 0000000..7dcd621
--- /dev/null
+++ b/OPP/README.txt
@@ -0,0 +1,25 @@
+
+Notice:
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.OPP: ppp0 comes over eth2
+      interfaces.OPP: see above
+      default_isc-dhcp-server.OPP
+      ipt-firewall.OPP: LAN device (mostly ) = eth1
+                                second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/OPP/bin/admin-stuff b/OPP/bin/admin-stuff
new file mode 160000
index 0000000..6c91fc0
--- /dev/null
+++ b/OPP/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
diff --git a/OPP/bin/manage-gw-config b/OPP/bin/manage-gw-config
new file mode 160000
index 0000000..2a96dfd
--- /dev/null
+++ b/OPP/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit 2a96dfdc8f50605a84059b07e64b8ae6b41b5688
diff --git a/OPP/bin/monitoring b/OPP/bin/monitoring
new file mode 160000
index 0000000..0611d0a
--- /dev/null
+++ b/OPP/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
diff --git a/OPP/bin/os-upgrade.sh b/OPP/bin/os-upgrade.sh
new file mode 120000
index 0000000..02ddc66
--- /dev/null
+++ b/OPP/bin/os-upgrade.sh
@@ -0,0 +1 @@
+admin-stuff/os-upgrade.sh
\ No newline at end of file
diff --git a/OPP/bin/postfix b/OPP/bin/postfix
new file mode 160000
index 0000000..c1934d5
--- /dev/null
+++ b/OPP/bin/postfix
@@ -0,0 +1 @@
+Subproject commit c1934d5bdeee88e6f5b868c7d0bdb955539d34d4
diff --git a/OPP/bin/test_email.sh b/OPP/bin/test_email.sh
new file mode 120000
index 0000000..86f3e17
--- /dev/null
+++ b/OPP/bin/test_email.sh
@@ -0,0 +1 @@
+admin-stuff/test_email.sh
\ No newline at end of file
diff --git a/OPP/bind/bind.keys b/OPP/bind/bind.keys
new file mode 100644
index 0000000..db22d4b
--- /dev/null
+++ b/OPP/bind/bind.keys
@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};
diff --git a/OPP/bind/db.0 b/OPP/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/OPP/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/OPP/bind/db.127 b/OPP/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/OPP/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/OPP/bind/db.192.168.62.0 b/OPP/bind/db.192.168.62.0
new file mode 100644
index 0000000..46a5bb7
--- /dev/null
+++ b/OPP/bind/db.192.168.62.0
@@ -0,0 +1,86 @@
+;
+; BIND reverse data file for local opp.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.opp.netz. ckubu.oopen.de. (
+      2018010301     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-opp.opp.netz.
+
+; - Gateway/Firewall
+254         IN PTR    gw-opp.opp.netz.
+
+
+; - (Caching ) Nameserver
+53          IN PTR    ns-opp.opp.netz.
+
+
+; - Fileserver
+1           IN PTR    file-opp.opp.netz.
+
+
+; - IPMI
+;202         IN PTR    ipmi-opp.opp.netz.
+11           IN PTR    file-ipmi.opp.netz.
+12           IN PTR    gw-ipmi.opp.netz.
+
+
+; - Drucker
+5            IN PTR    hp-lj-3055.opp.netz.
+6            IN PTR    brother-mfc-7460.opp.netz.
+7            IN PTR    kyocera-m6535cidn.opp.netz.
+
+
+; - Accesspoint
+50           IN PTR    wlan-opp.opp.netz.
+51           IN PTR    ap-unifi-1.opp.netz.
+
+
+; - LAN
+104          IN PTR    opp4.opp.netz.
+105          IN PTR    opp5.opp.netz.
+106          IN PTR    opp6.opp.netz.
+
+120          IN PTR    opp3-lan.opp.netz.
+121          IN PTR    katja.opp.netz.
+122          IN PTR    katrin-eth-usb.opp.netz.
+123          IN PTR    marcus-eth-usb.opp.netz.
+124          IN PTR    ines.opp.netz.
+125          IN PTR    tobias.opp.netz.
+126          IN PTR    ulrike.opp.netz.
+127          IN PTR    opp2-lan.opp.netz.
+128          IN PTR    sofia.opp.netz.
+129          IN PTR    judith.opp.netz.
+130          IN PTR    amine.opp.netz.
+131          IN PTR    martin.opp.netz.
+132          IN PTR    cristina.opp.netz.
+133          IN PTR    katrin-priv.opp.netz.
+135          IN PTR    hannes.opp.netz.
+136          IN PTR    ingmar-eth-usb.opp.netz.
+137          IN PTR    opp1-lan.opp.netz.
+139          IN PTR    eli-eth-usb.opp.netz.
+
+
+141          IN PTR    katja-wlan.opp.netz.
+142          IN PTR    katrin-wlan.opp.netz.
+143          IN PTR    marcus-wlan.opp.netz.
+144          IN PTR    ines-wlan.opp.netz.
+145          IN PTR    tobias-wlan.opp.netz.
+146          IN PTR    ulrike-wlan.opp.netz.
+147          IN PTR    anne-wlan.opp.netz.
+148          IN PTR    sofia-wlan.opp.netz.
+149          IN PTR    judith-wlan.opp.netz.
+150          IN PTR    amine-wlan.opp.netz.
+151          IN PTR    martin-wlan.opp.netz.
+152          IN PTR    cristina-wlan.opp.netz.
+153          IN PTR    katrin-priv-wlan.opp.netz.
+155          IN PTR    hannes-wlan.opp.netz.
+156          IN PTR    ingmar-wlan.opp.netz.
+157          IN PTR    opp1-wlan.opp.netz.
+159          IN PTR    eli-wlan.opp.netz
+
diff --git a/OPP/bind/db.255 b/OPP/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/OPP/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/OPP/bind/db.empty b/OPP/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/OPP/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/OPP/bind/db.local b/OPP/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/OPP/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/OPP/bind/db.opp.netz b/OPP/bind/db.opp.netz
new file mode 100644
index 0000000..76f885e
--- /dev/null
+++ b/OPP/bind/db.opp.netz
@@ -0,0 +1,180 @@
+;
+; BIND data file for local opp.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.opp.netz. ckubu.oopen.de. (
+      2018010301     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+                IN NS     ns-opp.opp.netz.
+
+; Gateway/Firewall
+gw-opp          IN A      192.168.62.254
+gate            IN CNAME  gw-opp
+gw              IN CNAME  gw-opp
+
+; (Caching ) Nameserver
+ns-opp          IN A      192.168.62.53
+ns              IN CNAME  ns-opp
+nscache         IN CNAME  ns-opp
+
+
+; Accesspoint Unifi AP AC PRO Ubiquiti
+ap-unifi-1        IN A     192.168.62.51
+ap-1              IN CNAME ap-unifi-1
+
+; Controller for Unifi AP's
+ctl-unifi         IN A     192.168.62.254
+
+
+; - Fileserver
+file-opp        IN A      192.168.62.1
+file            IN CNAME  file-opp
+zapata          IN CNAME  file-opp
+
+
+; - IPMI
+file-ipmi        IN A      192.168.62.11
+zapata-ipmi      IN CNAME  file-ipmi
+
+gw-ipmi          IN A      192.168.62.12
+gate-ipmi        IN CNAME  gw-ipmi
+
+
+; - Drucker
+hp-lj-3055      IN A      192.168.62.5
+hp-laserjet-3055 IN CNAME  hp-lj-3055
+
+brother-mfc-7460 IN A     192.168.62.6
+brother          IN CNAME brother-mfc-7460
+
+kyocera-m6535cidn IN A  192.168.62.7
+kyocera           IN CNAME kyocera-m6535cidn
+
+
+
+; - Accesspoint
+wlan-opp        IN A      192.168.62.50
+ap              IN CNAME  wlan-opp
+accesspoint     IN CNAME  wlan-opp
+
+
+; - LAN
+opp4            IN A      192.168.62.104
+opp4-lan        IN CNAME  opp4
+
+opp5            IN A      192.168.62.105
+opp5-lan        IN CNAME  opp5
+
+opp6            IN A      192.168.62.106
+opp6-lan        IN CNAME  opp6
+
+
+
+opp3-lan        IN A      192.168.62.120
+opp3            IN CNAME  opp3-lan
+opp3-eth-usb    IN CNAME  opp3-lan
+
+katja           IN A      192.168.62.121
+katja-lan       IN CNAME  katja
+
+katrin-eth-usb  IN A      192.168.62.122
+katrin-lan      IN CNAME  katrin-eth-usb
+
+marcus-eth-usb  IN A      192.168.62.123
+marcus-lan      IN CNAME  marcus-eth-usb
+marcus          IN CNAME  marcus-eth-usb
+
+ines            IN A      192.168.62.124
+ines-lan        IN CNAME  ines
+
+tobias          IN A      192.168.62.125
+tobias-lan      IN CNAME  tobias
+
+ulrike          IN A      192.168.62.126
+ulrike-lan      IN CNAME  ulrike
+
+opp2-lan        IN A      192.168.62.127
+opp2            IN CNAME  opp2-lan
+opp2-eth-usb    IN CNAME  opp2-lan
+
+sofia           IN A      192.168.62.128
+sofia-lan       IN CNAME  sofia
+
+judith          IN A      192.168.62.129
+judith-lan      IN CNAME  judith
+
+amine-eth-usb   IN A      192.168.62.130
+amine-lan       IN CNAME  amine-eth-usb
+amine           IN CNAME  amine-eth-usb
+
+martin          IN A      192.168.62.131
+martin-lan      IN CNAME  martin
+
+cristina        IN A      192.168.62.132
+cristina-lan    IN CNAME  cristina
+
+katrin-priv     IN A      192.168.62.133
+katrin-priv-lan IN CNAME  katrin
+
+hannes          IN A      192.168.62.135
+hannes-lan      IN CNAME  hannes
+
+ingmar-eth-usb  IN A      192.168.62.136
+ingmar-lan      IN CNAME  ingmar-eth-usb
+ingmar          IN CNAME  ingmar-eth-usb
+
+opp1-lan        IN A      192.168.62.137
+opp1            IN CNAME  opp1-lan
+opp1-eth-usb    IN CNAME  opp1-lan
+
+eli-eth-usb     IN A      192.168.62.139
+eli             IN CNAME  eli-eth-usb
+eli-lan         IN CNAME  eli-eth-usb
+
+
+; - WLAN
+opp3-wlan       IN A      192.168.62.140
+
+katja-wlan      IN A      192.168.62.141
+
+katrin-wlan     IN A      192.168.62.142
+
+marcus-wlan     IN A      192.168.62.143
+
+ines-wlan       IN A      192.168.62.144
+
+tobias-wlan     IN A      192.168.62.145
+
+ulrike-wlan     IN A      192.168.62.146
+
+opp2-wlan       IN A      192.168.62.147
+
+sofia-wlan      IN A      192.168.62.148
+
+judith-wlan     IN A      192.168.62.149
+
+amine-wlan      IN A      192.168.62.150
+
+martin-wlan     IN A      192.168.62.151
+
+cristina-wlan   IN A      192.168.62.152
+
+katrin-priv-wlan IN A      192.168.62.153
+
+hannes-wlan      IN A      192.168.62.155
+
+ingmar-wlan      IN A      192.168.62.156
+
+opp1-wlan        IN A      192.168.62.157
+
+eli-wlan         IN A      192.168.62.159
+
+
+; - Services
+wiki            IN A      192.168.62.254
diff --git a/OPP/bind/db.root b/OPP/bind/db.root
new file mode 100644
index 0000000..f0b79d2
--- /dev/null
+++ b/OPP/bind/db.root
@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file
diff --git a/OPP/bind/named.conf b/OPP/bind/named.conf
new file mode 100644
index 0000000..880786a
--- /dev/null
+++ b/OPP/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/OPP/bind/named.conf.default-zones b/OPP/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/OPP/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/OPP/bind/named.conf.local b/OPP/bind/named.conf.local
new file mode 100644
index 0000000..f54dd5c
--- /dev/null
+++ b/OPP/bind/named.conf.local
@@ -0,0 +1,19 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+
+
+zone "opp.netz" {
+   type master;
+   file "/etc/bind/db.opp.netz";
+};
+
+zone "62.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.62.0";
+};
diff --git a/OPP/bind/named.conf.local.ORIG b/OPP/bind/named.conf.local.ORIG
new file mode 100644
index 0000000..7a57b10
--- /dev/null
+++ b/OPP/bind/named.conf.local.ORIG
@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
diff --git a/OPP/bind/named.conf.options b/OPP/bind/named.conf.options
new file mode 100644
index 0000000..779238a
--- /dev/null
+++ b/OPP/bind/named.conf.options
@@ -0,0 +1,49 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+   // Security options
+   listen-on {
+      127.0.0.1;
+      192.168.62.53;
+   };
+   allow-query {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/8;
+      ::1;
+      2003:a:b3b:7900::/64;
+      fde2:8acd:e9d3::/64;
+   };
+   allow-recursion {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/16;
+      ::1;
+      2003:a:b3b:7900::/64;
+      fde2:8acd:e9d3::/64;
+   };
+   allow-transfer { none; };
+
+	auth-nxdomain no;    # conform to RFC1035
+   listen-on-v6 { any; };
+};
+
diff --git a/OPP/bind/named.conf.options.ORIG b/OPP/bind/named.conf.options.ORIG
new file mode 100644
index 0000000..b1bef51
--- /dev/null
+++ b/OPP/bind/named.conf.options.ORIG
@@ -0,0 +1,26 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/OPP/bind/rndc.key b/OPP/bind/rndc.key
new file mode 100644
index 0000000..16a14e8
--- /dev/null
+++ b/OPP/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "5r5tsxgWPHVKFjKESl3w+g==";
+};
diff --git a/OPP/bind/zones.rfc1918 b/OPP/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/OPP/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/OPP/chap-secrets.OPP b/OPP/chap-secrets.OPP
new file mode 100644
index 0000000..13e76c3
--- /dev/null
+++ b/OPP/chap-secrets.OPP
@@ -0,0 +1,6 @@
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+
+
+
+"feste-ip3/6TB9UZGGP1GK@t-online-com.de" * "53506202"
diff --git a/OPP/cron_root.OPP b/OPP/cron_root.OPP
new file mode 100644
index 0000000..485a8ee
--- /dev/null
+++ b/OPP/cron_root.OPP
@@ -0,0 +1,43 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.1aoLfD/crontab installed on Wed Jan 31 01:35:00 2018)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+## check forwarding ( /proc/sys/net/ipv4/ip_forward contains "1" )
+## if not set this entry to "1"
+##
+0-59/2 * * * * /root/bin/monitoring/check_forwarding.sh
+
+## check if openvpn is running if not restart the service
+##
+0-59/30 * * * * /root/bin/monitoring/check_vpn.sh
+
+## - Copy gateway configuration
+## -
+49 3 * * * /root/bin/manage-gw-config/copy_gateway-config.sh OPP
+
+# - Check if postfix mailservice is runnung. Restart service if needed.
+# -
+*/10 * * * * /root/bin/monitoring/check_postfix.sh
diff --git a/OPP/ddclient.conf.OPP b/OPP/ddclient.conf.OPP
new file mode 100644
index 0000000..1687a32
--- /dev/null
+++ b/OPP/ddclient.conf.OPP
@@ -0,0 +1,15 @@
+# Configuration file for ddclient generated by debconf
+#
+# /etc/ddclient.conf
+
+protocol=dyndns2
+use=web, web=checkip.dyndns.com, web-skip='IP Address'
+server=members.dyndns.org
+login=ckubu
+password=7213b4e6178a11e6ab1362f831f6741e
+mail=argus@oopen.de
+opp.homelinux.org
+
+ssl=yes
+mail=argus@oopen.de
+mail-failure=root
diff --git a/OPP/default_isc-dhcp-server.OPP b/OPP/default_isc-dhcp-server.OPP
new file mode 100644
index 0000000..3fb715c
--- /dev/null
+++ b/OPP/default_isc-dhcp-server.OPP
@@ -0,0 +1,21 @@
+# Defaults for isc-dhcp-server initscript
+# sourced by /etc/init.d/isc-dhcp-server
+# installed at /etc/default/isc-dhcp-server by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPD_CONF=/etc/dhcp/dhcpd.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPD_PID=/var/run/dhcpd.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="eth1"
diff --git a/OPP/dhcpd.conf.OPP b/OPP/dhcpd.conf.OPP
new file mode 100644
index 0000000..c9dd14b
--- /dev/null
+++ b/OPP/dhcpd.conf.OPP
@@ -0,0 +1,405 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+option domain-name "opp.netz";
+option domain-name-servers 192.168.62.53;
+
+default-lease-time 3600;
+max-lease-time 14400;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+subnet 192.168.62.0 netmask 255.255.255.0 {
+   # --- 192.168.22.160/27 ---
+   # network address....: 192.168.22.160
+   # Broadcast address..: 192.168.22.191
+   # netmask............: 255.255.255.224
+   # network range......: 192.168.22.160 - 192.168.22.191
+   # Usable range.......: 192.168.22.161 - 192.168.22.190
+   range 192.168.62.161 192.168.62.190;
+   # option domain-name "opp.local";
+   option domain-name "opp.netz";
+   option subnet-mask 255.255.255.0;
+   option broadcast-address 192.168.62.255;
+   option domain-name-servers 192.168.62.53;
+   option routers 192.168.62.254;
+   default-lease-time 43200;
+   max-lease-time 86400;
+}
+
+host ap-unifi-1 {
+   hardware ethernet 78:8a:20:5c:d2:f1;
+   fixed-address ap-unifi-1.opp.netz;
+}
+
+host hp_lj_3055 {
+   hardware ethernet 00:14:38:d4:18:61 ;
+   fixed-address hp_lj_3055.opp.netz ;
+}
+
+host zapata {
+   #hardware ethernet 00:08:A1:24:98:07;
+   hardware ethernet 00:25:90:d6:ae:70;
+   fixed-address zapata.opp.netz ;
+}
+
+host file-ipmi {
+   hardware ethernet 00:25:90:d6:ab:c9 ;
+   fixed-address file-ipmi.opp.netz ;
+}
+
+host gw-ipmi {
+   hardware ethernet 0c:c4:7a:41:d5:55 ;
+   fixed-address gw-ipmi.opp.netz ;
+}
+
+## - MFC-7460DN
+## -
+host brother-mfc-7460 {
+   hardware ethernet 30:05:5c:44:0e:01 ;
+   fixed-address brother-mfc-7460.opp.netz ;
+}
+
+# - Kyocero Ecosys M6535cidn
+# -
+host kyocera-m6535cidn {
+   hardware ethernet 00:17:c8:59:78:dd ;
+   fixed-address kyocera-m6535cidn.opp.netz ;
+}
+
+## - opp4 Desktop - (LAN)
+host opp4-lan {
+   hardware ethernet 00:27:0e:11:da:18;
+   fixed-address opp4-lan.opp.netz ;
+}
+## - opp4 Desktop - (WLAN)
+host opp4-wlan {
+   hardware ethernet 00:16:B6:5D:D1:2D;
+   fixed-address opp4-wlan.opp.netz ;
+}
+
+## - opp5 Desktop - (LAN)
+host opp5 {
+   hardware ethernet 00:27:0e:11:ea:cb;
+   fixed-address opp5.opp.netz ;
+}
+
+## - opp6 Desktop - (LAN)
+host opp6 {
+   hardware ethernet fc:aa:14:06:31:64;
+   fixed-address opp6.opp.netz ;
+}
+
+## - laptop katja (ehemals opp3)
+#(LAN)
+host katja {
+    hardware ethernet 00:1C:25:10:B9:DE;
+    fixed-address katja.opp.netz ;
+}
+#(WLAN)
+host katja-wlan {
+    hardware ethernet 00:1C:26:3E:EE:F5;
+    fixed-address katja-wlan.opp.netz ;
+}
+
+## - laptop katrin
+#(LAN)
+host katrin-eth-usb {
+    hardware ethernet 3c:18:a0:09:9d:a2;
+    fixed-address katrin-eth-usb.opp.netz ;
+}
+#(WLAN)
+host katrin-wlan {
+    hardware ethernet 34:f3:9a:f4:53:44;
+    fixed-address katrin-wlan.opp.netz ;
+}
+
+## - laptop marcus 
+#(LAN)
+host marcus-eth-usb {
+    hardware ethernet 3c:18:a0:09:9d:a5;
+    fixed-address marcus-eth-usb.opp.netz ;
+}
+
+#(WLAN)
+host marcus-wlan {
+    hardware ethernet 68:07:15:fe:24:87;
+    fixed-address marcus-wlan.opp.netz ;
+}
+
+## - laptop ines
+## - LAN
+host ines {
+   hardware ethernet 28:d2:44:3c:e1:7f ;
+   fixed-address ines.opp.netz ;
+}
+## - WLAN
+host ines-wlan {
+   hardware ethernet 5c:51:4f:87:13:bf ;
+   fixed-address ines-wlan.opp.netz ;
+}
+
+## - laptop tobias
+## - LAN
+host tobias {
+   hardware ethernet 00:16:d3:b3:dc:96;
+   fixed-address tobias.opp.netz ;
+}
+## - WLAN
+host tobias-wlan {
+   hardware ethernet 00:1b:77:05:b3:0a;
+   fixed-address tobias-wlan.opp.netz ;
+}
+
+## - laptop ulrike
+## - LAN
+host ulrike {
+   hardware ethernet f0:de:f1:60:f1:16 ;
+   fixed-address ulrike.opp.netz ;
+}
+## - WLAN
+host ulrike-wlan {
+   hardware ethernet 00:24:d7:df:85:ac ;
+   fixed-address ulrike-wlan.opp.netz ;
+}
+
+## - laptop anne (laptop-opp2)
+## - WLAN
+host opp2-wlan {
+   hardware ethernet 00:e1:8c:fb:0a:3b ;
+   fixed-address opp2-wlan.opp.netz;
+}
+## - LAN
+host opp2-lan {
+   hardware ethernet 3c:18:a0:0d:31:99 ;
+   fixed-address opp2-lan.opp.netz ;
+}
+
+## - laptop martin (laptop-opp3)
+## - WLAN
+host opp3-wlan {
+   hardware ethernet 00:e1:8c:fb:7c:82 ;
+   fixed-address opp3-wlan.opp.netz;
+}
+## - LAN
+host opp3-lan {
+   hardware ethernet 3c:18:a0:0d:31:9f ;
+   fixed-address opp3-lan.opp.netz ;
+}
+
+## - laptop sofia
+## - LAN
+host sofia {
+   hardware ethernet f0:de:f1:ec:8e:00 ;
+   fixed-address sofia.opp.netz ;
+}
+## - WLAN
+host sofia-wlan {
+   hardware ethernet 44:6d:57:a5:51:d3 ;
+   fixed-address sofia-wlan.opp.netz ;
+}
+
+## - laptop judith
+## - LAN
+host judith {
+   hardware ethernet 28:d2:44:3c:e6:84 ;
+   fixed-address judith.opp.netz ;
+}
+## - WLAN
+host judith-wlan {
+   hardware ethernet 5c:51:4f:87:03:a2 ;
+   fixed-address judith-wlan.opp.netz ;
+}
+
+## - laptop amine
+#(LAN)
+host amine-eth-usb {
+    hardware ethernet 3c:18:a0:0c:2c:dc;
+    fixed-address amine-eth-usb.opp.netz ;
+}
+#(WLAN)
+host amine-wlan {
+    hardware ethernet 90:61:ae:21:4a:c1;
+    fixed-address amine-wlan.opp.netz ;
+}
+
+## - laptop martin
+## - LAN
+host martin {
+   hardware ethernet 60:eb:69:32:50:04 ;
+   fixed-address martin.opp.netz ;
+}
+## - WLAN
+host martin-wlan {
+   hardware ethernet 5c:ac:4c:ba:60:71 ;
+   fixed-address martin-wlan.opp.netz ;
+}
+
+## - laptop cristina
+## - LAN
+host cristina {
+   hardware ethernet 28:d2:44:2f:83:d9 ;
+   fixed-address cristina.opp.netz ;
+}
+## - WLAN
+host cristina-wlan {
+   hardware ethernet 5c:51:4f:9e:73:57 ;
+   fixed-address cristina-wlan.opp.netz ;
+}
+
+## - laptop katrin privat
+## - LAN
+host katrin-priv {
+    hardware ethernet 28:d2:44:d3:df:5b;
+    fixed-address katrin-priv.opp.netz ;
+}
+## - WLAN
+host katrin-priv-wlan {
+    hardware ethernet 28:b2:bd:e8:30:d7;
+    fixed-address katrin-priv-wlan.opp.netz ;
+}
+
+## - laptop hannes
+## - LAN
+host hannes {
+   hardware ethernet 68:f7:28:34:f0:26 ;
+   fixed-address hannes.opp.netz ;
+}
+## - WLAN
+host hannes-wlan {
+   hardware ethernet cc:3d:82:38:3f:42 ;
+   fixed-address hannes-wlan.opp.netz ;
+}
+
+## - laptop ingmer
+## - WLAN
+host ingmer-wlan {
+   hardware ethernet 34:f3:9a:f4:54:e3 ;
+   fixed-address ingmer-wlan.opp.netz ;
+}
+## - LAN
+host ingmar-eth-usb {
+   hardware ethernet 3c:18:a0:09:9d:c1 ;
+   fixed-address ingmar-eth-usb.opp.netz ;
+}
+
+## - laptop joschka (laptop-opp1)
+## - WLAN
+host opp1-wlan {
+   hardware ethernet cc:2f:71:3d:d1:87 ;
+   fixed-address opp1-wlan.opp.netz ;
+}
+## - LAN
+host opp1-lan {
+   hardware ethernet 3c:18:a0:0c:a0:87 ;
+   fixed-address opp1-lan.opp.netz ;
+}
+
+## - laptop eli
+## - WLAN
+host eli-wlan {
+   hardware ethernet 98:54:1b:f1:f8:bf ;
+   fixed-address eli-wlan.opp.netz ;
+}
+## - LAN
+host eli-eth-usb {
+   hardware ethernet 3c:18:a0:0a:8a:cd ;
+   fixed-address eli-eth-usb.opp.netz ;
+}
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/OPP/dhcpd6.conf.OPP b/OPP/dhcpd6.conf.OPP
new file mode 100644
index 0000000..87786b4
--- /dev/null
+++ b/OPP/dhcpd6.conf.OPP
@@ -0,0 +1,102 @@
+# Server configuration file example for DHCPv6
+# From the file used for TAHI tests - addresses chosen
+# to match TAHI rather than example block.
+
+# IPv6 address valid lifetime
+#  (at the end the address is no longer usable by the client)
+#  (set to 30 days, the usual IPv6 default)
+default-lease-time 2592000;
+
+# IPv6 address preferred lifetime
+#  (at the end the address is deprecated, i.e., the client should use
+#   other addresses for new connections)
+#  (set to 7 days, the	usual IPv6 default)
+preferred-lifetime 604800;
+
+# T1, the delay before Renew
+#  (default is 1/2 preferred lifetime)
+#  (set to 1 hour)
+option dhcp-renewal-time 3600;
+
+# T2, the delay before Rebind (if Renews failed)
+#  (default is 3/4 preferred lifetime)
+#  (set to 2 hours)
+option dhcp-rebinding-time 7200;
+
+# Enable RFC 5007 support (same than for DHCPv4)
+allow leasequery;
+
+# Global definitions for name server address(es) and domain search list
+option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
+option dhcp6.domain-search "test.example.com","example.com";
+
+# Set preference to 255 (maximum) in order to avoid waiting for
+# additional servers when there is only one
+##option dhcp6.preference 255;
+
+# Server side command to enable rapid-commit (2 packet exchange)
+##option dhcp6.rapid-commit;
+
+# The delay before information-request refresh
+#  (minimum is 10 minutes, maximum one day, default is to not refresh)
+#  (set to 6 hours)
+option dhcp6.info-refresh-time 21600;
+
+# Static definition (must be global)
+#host myclient {
+#	# The entry is looked up by this
+#	host-identifier option
+#		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
+#
+#	# A fixed address
+#	fixed-address6 3ffe:501:ffff:100::1234;
+#
+#	# A fixed prefix
+#	fixed-prefix6 3ffe:501:ffff:101::/64;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
+#
+#	# For debug (to see when the entry statements are executed)
+#	#  (log "sol" when a matching Solicitation is received)
+#	##if packet(0,1) = 1 { log(debug,"sol"); }
+#}
+#
+#host otherclient {
+#        # This host entry is hopefully matched if the client supplies a DUID-LL
+#        # or DUID-LLT containing this MAC address.
+#        hardware ethernet 01:00:80:a2:55:67;
+#
+#        fixed-address6 3ffe:501:ffff:100::4321;
+#}
+
+# The subnet where the server is attached
+#  (i.e., the server has an address in this subnet)
+#subnet6 3ffe:501:ffff:100::/64 {
+#	# Two addresses available to clients
+#	#  (the third client should get NoAddrsAvail)
+#	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
+#
+#	# Use the whole /64 prefix for temporary addresses
+#	#  (i.e., direct application of RFC 4941)
+#	range6 3ffe:501:ffff:100:: temporary;
+#
+#	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
+#	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
+#}
+
+# A second subnet behind a relay agent
+#subnet6 3ffe:501:ffff:101::/64 {
+#	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
+#
+#}
+
+# A third subnet behind a relay agent chain
+#subnet6 3ffe:501:ffff:102::/64 {
+#	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
+#}
diff --git a/OPP/email_notice.OPP b/OPP/email_notice.OPP
new file mode 100755
index 0000000..fe29335
--- /dev/null
+++ b/OPP/email_notice.OPP
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
+
+
+file=/tmp/mail_ip-up$$
+admin_email=argus@oopen.de
+
+from_address=ip-up_gw-ckubu@oopen.de
+from_name="ip-up - ckubu local net"
+host=`hostname -f`
+
+echo "" > $file
+echo " *************************************************************" >> $file
+echo " *** This is an autogenerated mail from $host ***" >> $file
+echo "" >> $file
+echo " I brought up the ppp-daemon with the following" >> $file
+echo -e " parameters:\n" >> $file
+echo -e "\tInterface name...............: $PPP_IFACE" >> $file
+echo -e "\tThe tty......................: $PPP_TTY" >> $file
+echo -e "\tThe link speed...............: $PPP_SPEED" >> $file
+echo -e "\tLocal IP number..............: $PPP_LOCAL" >> $file
+echo -e "\tPeer  IP number..............: $PPP_REMOTE" >> $file
+if [ "$USEPEERDNS" ] && [ "$DNS1" ] ; then
+   echo -e "\tNameserver 1.................: $DNS1" >> $file
+   if [ "$DNS2" ] ; then
+      echo -e "\tNameserver 2.................: $DNS2" >> $file
+   fi
+fi
+
+
+echo -e "\tOptional \"ipparam\" value.....: $PPP_IPPARAM" >> $file
+echo "" >> $file
+echo -e "\tDate.........................: `date +\"%d.%m.%Y\"`" >> $file
+echo -e "\tTime.........................: `date +\"%H:%M:%S\"`" >> $file
+echo "" >> $file
+echo " **************************************************************" >> $file
+
+echo -e "To:${admin_email}\nSubject:$PPP_LOCAL\n`cat $file`" | /usr/sbin/sendmail -F "$from_name" -f $from_address $admin_email
+
+rm -f $file
+
diff --git a/OPP/hostname.OPP b/OPP/hostname.OPP
new file mode 100644
index 0000000..a144416
--- /dev/null
+++ b/OPP/hostname.OPP
@@ -0,0 +1 @@
+gw-opp
diff --git a/OPP/hosts.OPP b/OPP/hosts.OPP
new file mode 100644
index 0000000..9090d49
--- /dev/null
+++ b/OPP/hosts.OPP
@@ -0,0 +1,7 @@
+127.0.0.1	localhost
+127.0.1.1	gw-opp.opp.netz	gw-opp
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/OPP/interfaces.OPP b/OPP/interfaces.OPP
new file mode 100644
index 0000000..ac1b432
--- /dev/null
+++ b/OPP/interfaces.OPP
@@ -0,0 +1,55 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+
+#-----------------------------
+# eth2 - WAN
+#-----------------------------
+
+auto eth2
+iface eth2 inet static
+   address 172.16.62.1
+   network 172.16.62.0
+   netmask 255.255.255.0
+   gateway 172.16.62.254
+   #post-up vconfig add eth2 7
+   #post-down vconfig rem eth2.7
+
+
+#-----------------------------
+# eth1 - LAN
+#-----------------------------
+
+auto eth1
+iface eth1 inet static
+   address 192.168.62.254
+   network 192.168.62.0
+   netmask 255.255.255.0
+   broadcast 192.168.62.255
+
+auto eth1:0
+iface eth1:0 inet static
+   address 192.168.62.53
+   network 192.168.62.0
+   netmask 255.255.255.0
+   broadcast 192.168.62.255
+
+auto eth1:rescue
+iface eth1:rescue inet static
+   address 172.16.1.1
+   network 172.16.1.0
+   netmask 255.255.255.0
+   broadcast 172.16.1.255
+
+
+#-----------------------------
+# ppp0 - NOT IN USE
+#-----------------------------
+#auto dsl-provider
+#   iface dsl-provider inet ppp
+#   pre-up /sbin/ifconfig eth2.7 up # line maintained by pppoeconf
+#   provider dsl-provider
diff --git a/OPP/ipt-firewall.service.OPP b/OPP/ipt-firewall.service.OPP
new file mode 100644
index 0000000..9842090
--- /dev/null
+++ b/OPP/ipt-firewall.service.OPP
@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+SyslogIdentifier="ipt-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/OPP/ipt-firewall/default_ports.conf b/OPP/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..a6ee932
--- /dev/null
+++ b/OPP/ipt-firewall/default_ports.conf
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/OPP/ipt-firewall/include_functions.conf b/OPP/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/OPP/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/OPP/ipt-firewall/interfaces_ipv4.conf b/OPP/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..0619130
--- /dev/null
+++ b/OPP/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="eth1"
+local_if_2=""
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/OPP/ipt-firewall/load_modules_ipv4.conf b/OPP/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/OPP/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/OPP/ipt-firewall/load_modules_ipv6.conf b/OPP/ipt-firewall/load_modules_ipv6.conf
new file mode 100644
index 0000000..2c55689
--- /dev/null
+++ b/OPP/ipt-firewall/load_modules_ipv6.conf
@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle
diff --git a/OPP/ipt-firewall/logging_ipv4.conf b/OPP/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..e653972
--- /dev/null
+++ b/OPP/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/OPP/ipt-firewall/logging_ipv6.conf b/OPP/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..a024215
--- /dev/null
+++ b/OPP/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/OPP/ipt-firewall/main_ipv4.conf b/OPP/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..9c2066a
--- /dev/null
+++ b/OPP/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1380 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+read -a gateway_ipv4_address_arr <<<$(ifconfig | grep "inet Ad" | awk '{print$2}' | cut -d':' -f2)
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# - =====
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                    86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip=""
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks=""
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195 1196"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - Ist this Gateway DHCP Client?
+# - 
+# - local_dhcp_client_interfaces="<interface1> [<interface> [.."
+# -
+# - Example:
+# -    dhcp_client_interfaces="$ext_if_static_1"
+# -
+dhcp_client_interfaces=""
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# -    172.16.62.254    Zyxel Speedlink 5501
+# -    192.168.62.6     brother MFC-7460DN
+# -    192.168.62.244   Accesspoint LinkSys WRT54G
+# -
+# - Blank separated list
+# -
+http_server_only_local_ips="192.168.62.244 192.168.62.6 172.16.62.254"
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - SMTP server (i.e. mail relay service) Gateway
+# -
+local_smtp_service=false
+
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+samba_server_local_ips="192.168.62.1"
+
+# - Samba Service DMZ
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips="192.168.62.0/24 172.16.62.15"
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=true
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# -    192.168.62.11   IPMI File Server (zapata=
+# -    172.16.62.15    IPMI Gateway
+# -
+# - Blank seoarated list
+# -
+ipmi_server_ips="192.168.62.11 172.16.62.15"
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_ports="623 5900"
+ipmi_tcp_ports="80 443 623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - 192.168.62.1   Zapata cups daemon (maybe not needed here)
+# - 192.168.62.6   brother MFC-7460DN
+# -
+# - Blank separated list
+# -
+printer_ips="192.168.62.1
+             192.168.62.6
+             192.168.62.7"
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# -    192.168.62.6     brother MFC-7460DN
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips="192.168.62.6"
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade (NAT) networks
+# -
+# -    nat_networks="<src-network>:<output-device> [<src-network>:<output-device>] [.."
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -    nat_network="172.16.1.0/24:${local_if_2}
+# -                 172.16.63.0/24:${ext_if_static_1}"
+# -
+# - 172.16.1.0/24    Rescue network (routers)
+# -
+nat_networks=""
+
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+# -    172.16.62.254:43204   FRITZ!Box 7490
+# -    172.16.62.15          IPMI Gateway
+# -    192.168.62.244        Accesspoint LinkSys WRT54G
+# -
+# - Blank separated list
+# -
+#masquerade_tcp_cons="
+#   10.0.0.0/8:192.168.62.244:80:${ext_if_static_1}
+#   192.168.0.0/16:192.168.62.244:80:${ext_if_static_1}
+#   10.0.0.0/8:172.16.62.15:80:${ext_if_static_1}
+#   192.168.0.0/16:172.16.62.15:80:${ext_if_static_1}
+#   10.0.0.0/8:172.16.62.15:443:${ext_if_static_1}
+#   192.168.0.0/16:172.16.62.15:443:${ext_if_static_1}"
+
+masquerade_tcp_cons="
+   10.0.0.0/8:172.16.62.15:80:${ext_if_static_1}
+   192.168.0.0/16:172.16.62.15:80:${ext_if_static_1}
+   10.0.0.0/8:172.16.62.15:443:${ext_if_static_1}
+   192.168.0.0/16:172.16.62.15:443:${ext_if_static_1}
+   10.0.0.0/8:192.168.62.244:80:${ext_if_static_1}
+   192.168.0.0/16:192.168.62.244:80:${ext_if_static_1}
+   10.0.0.0/8:172.16.62.254:43204:${ext_if_static_1}
+   192.168.0.0/16:172.16.62.254:43204:${ext_if_static_1}"
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# - Blank separated list
+# -
+portforward_tcp=""
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+allow_cisco_vpn_out=false
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=false
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=false
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=false
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips=""
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/OPP/ipt-firewall/post_decalrations.conf b/OPP/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..7d0e9bf
--- /dev/null
+++ b/OPP/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/OPP/mailname.OPP b/OPP/mailname.OPP
new file mode 100644
index 0000000..4f38069
--- /dev/null
+++ b/OPP/mailname.OPP
@@ -0,0 +1 @@
+gw-opp.opp.netz
diff --git a/OPP/main.cf.OPP b/OPP/main.cf.OPP
new file mode 100644
index 0000000..a6c78cf
--- /dev/null
+++ b/OPP/main.cf.OPP
@@ -0,0 +1,219 @@
+# ============ Basic settings ============
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+
+## - The Internet protocols Postfix will attempt to use when making
+## - or accepting connections.
+## - DEFAULT: ipv4
+inet_protocols = ipv4
+
+#inet_interfaces = all
+inet_interfaces =
+   127.0.0.1
+   #192.168.62.254
+
+myhostname = gw-opp.opp.netz
+
+mydestination =
+   gw-opp.opp.netz
+   localhost
+
+## - The list of "trusted" SMTP clients that have more
+## - privileges than "strangers"
+## -
+mynetworks =
+   127.0.0.0/8
+   #192.168.62.254/32
+
+#smtp_bind_address = 192.168.62.254
+#smtp_bind_address6 = 
+
+
+## - The maximal size of any local(8) individual mailbox or maildir file,
+## - or zero (no limit). In fact, this limits the size of any file that is
+## - written to upon local delivery, including files written by external
+## - commands that are executed by the local(8) delivery agent.
+## -
+mailbox_size_limit = 0
+
+## - The maximal size in bytes of a message, including envelope information.
+## -
+## - we user 50MB
+## -
+message_size_limit = 52480000
+
+## - The system-wide recipient address extension delimiter
+## -
+recipient_delimiter = +
+
+## - The alias databases that are used for local(8) delivery.
+## -
+alias_maps =
+   hash:/etc/aliases
+
+## - The alias databases for local(8) delivery that are updated
+## - with "newaliases" or with "sendmail -bi".
+## -
+alias_database =
+   hash:/etc/aliases
+
+
+# ============ Relay parameters ============
+
+#relayhost =
+
+
+# ============ SASL authentication ============
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+
+
+
+# ============ TLS parameters ============
+
+## - Aktiviert TLS für den Mailempfang
+## -
+## - may:
+## - Opportunistic TLS. Use TLS if this is supported by the remote
+## - SMTP server, otherwise use plaintext
+## -
+## - This overrides the obsolete parameters smtpd_use_tls and
+## - smtpd_enforce_tls. This parameter is ignored with
+## - "smtpd_tls_wrappermode = yes".
+#smtpd_use_tls=yes
+smtp_tls_security_level = encrypt
+
+## - Aktiviert TLS für den Mailversand
+## -
+## - may:
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients,
+## - but do not require that clients use TLS encryption.
+# smtp_use_tls=yes
+smtpd_tls_security_level=may
+
+## -    0 Disable logging of TLS activity.
+## -    1 Log TLS handshake and certificate information.
+## -    2 Log levels during TLS negotiation.
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process.
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS.
+## -
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
+
+smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
+smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## -
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
+## -
+smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
+## - also possible to use 2048 key with that parameter
+## -
+#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## -
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
+## -
+smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
+
+
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP
+## - server certificates or intermediate CA certificates. These are loaded into
+## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
+## -
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the
+## - necessary "hash" links with, for example, "
+## - /bin/c_rehash /etc/postfix/certs".
+## -
+## - !! Note !!
+## - To use this option in chroot mode, this directory (or a copy) must be inside
+## - the chroot jail.
+## -
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix
+## - queue directory (/var/spool/postfix)
+## -
+#smtpd_tls_CApath = /etc/postfix/certs
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP server
+#
+# List of TLS protocols that the Postfix SMTP server will exclude or
+# include with opportunistic TLS encryption.
+smtpd_tls_protocols = !SSLv2, !SSLv3
+#
+# The SSL/TLS protocols accepted by the Postfix SMTP server
+# with mandatory TLS encryption.
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP client
+#
+# List of TLS protocols that the Postfix SMTP client will exclude or
+# include with opportunistic TLS encryption.
+smtp_tls_protocols = !SSLv2, !SSLv3
+#
+# List of SSL/TLS protocols that the Postfix SMTP client will use
+# with mandatory TLS encryption
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange
+## -    openssl > 1.0
+## -
+smtpd_tls_eecdh_grade = strong
+
+# standard list cryptographic algorithm
+tls_preempt_cipherlist = yes
+
+# Disable ciphers which are less than 256-bit:
+#
+#smtpd_tls_mandatory_ciphers = high
+#
+# opportunistic
+smtpd_tls_ciphers = high
+
+
+# Exclude ciphers
+smtpd_tls_exclude_ciphers =
+   RC4
+   aNULL
+   SEED-SHA
+   EXP
+   MD5
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
diff --git a/OPP/openvpn/ccd/README b/OPP/openvpn/ccd/README
new file mode 100644
index 0000000..c16e561
--- /dev/null
+++ b/OPP/openvpn/ccd/README
@@ -0,0 +1,7 @@
+
+## !! der name der user konfigurationsdatei muss gleich     ##
+##    dem "common name" des zugehorigen zertifikats sein    ##
+##                                                          ##
+##    Show certificate fields:                              ##
+##       openssl x509 -in <cert.crt> -text                  ##
+##                                                       !! ##
diff --git a/OPP/openvpn/ccd/server-gw-ckubu/OPP-Vpn-gw-ckubu b/OPP/openvpn/ccd/server-gw-ckubu/OPP-Vpn-gw-ckubu
new file mode 100644
index 0000000..7c1b9e2
--- /dev/null
+++ b/OPP/openvpn/ccd/server-gw-ckubu/OPP-Vpn-gw-ckubu
@@ -0,0 +1,5 @@
+ifconfig-push 10.1.62.2 255.255.255.0
+push "route 192.168.62.0 255.255.255.0 10.1.62.1"
+push "route 172.16.62.0 255.255.255.0 10.1.62.1"
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0
diff --git a/OPP/openvpn/ccd/server-home/OPP-Vpn-chris b/OPP/openvpn/ccd/server-home/OPP-Vpn-chris
new file mode 100644
index 0000000..009914e
--- /dev/null
+++ b/OPP/openvpn/ccd/server-home/OPP-Vpn-chris
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.62.2 255.255.255.0
+#push "route 192.168.62.0 255.255.255.0 10.0.62.1"
diff --git a/OPP/openvpn/ccd/server-home/OPP-Vpn-chris_win b/OPP/openvpn/ccd/server-home/OPP-Vpn-chris_win
new file mode 100644
index 0000000..9dfed27
--- /dev/null
+++ b/OPP/openvpn/ccd/server-home/OPP-Vpn-chris_win
@@ -0,0 +1 @@
+ifconfig-push 10.0.62.3 255.255.255.0
diff --git a/OPP/openvpn/ccd/server-home/OPP-Vpn-dominique b/OPP/openvpn/ccd/server-home/OPP-Vpn-dominique
new file mode 100644
index 0000000..a7231b4
--- /dev/null
+++ b/OPP/openvpn/ccd/server-home/OPP-Vpn-dominique
@@ -0,0 +1 @@
+ifconfig-push 10.0.62.4 255.255.255.0
diff --git a/OPP/openvpn/ccd/server-home/OPP-Vpn-gesa b/OPP/openvpn/ccd/server-home/OPP-Vpn-gesa
new file mode 100644
index 0000000..be3813a
--- /dev/null
+++ b/OPP/openvpn/ccd/server-home/OPP-Vpn-gesa
@@ -0,0 +1 @@
+ifconfig-push 10.0.62.5 255.255.255.0
diff --git a/OPP/openvpn/ccd/server-home/OPP-Vpn-johanna b/OPP/openvpn/ccd/server-home/OPP-Vpn-johanna
new file mode 100644
index 0000000..74d7c50
--- /dev/null
+++ b/OPP/openvpn/ccd/server-home/OPP-Vpn-johanna
@@ -0,0 +1 @@
+ifconfig-push 10.0.62.6 255.255.255.0
diff --git a/OPP/openvpn/ccd/server-home/OPP-Vpn-jonas b/OPP/openvpn/ccd/server-home/OPP-Vpn-jonas
new file mode 100644
index 0000000..0289e4a
--- /dev/null
+++ b/OPP/openvpn/ccd/server-home/OPP-Vpn-jonas
@@ -0,0 +1 @@
+ifconfig-push 10.0.62.7 255.255.255.0
diff --git a/OPP/openvpn/ccd/server-home/OPP-Vpn-judith b/OPP/openvpn/ccd/server-home/OPP-Vpn-judith
new file mode 100644
index 0000000..a240909
--- /dev/null
+++ b/OPP/openvpn/ccd/server-home/OPP-Vpn-judith
@@ -0,0 +1 @@
+ifconfig-push 10.0.62.8 255.255.255.0
diff --git a/OPP/openvpn/ccd/server-home/OPP-Vpn-melanie b/OPP/openvpn/ccd/server-home/OPP-Vpn-melanie
new file mode 100644
index 0000000..f937986
--- /dev/null
+++ b/OPP/openvpn/ccd/server-home/OPP-Vpn-melanie
@@ -0,0 +1 @@
+ifconfig-push 10.0.62.9 255.255.255.0
diff --git a/OPP/openvpn/ccd/server-home/OPP-Vpn-opp3 b/OPP/openvpn/ccd/server-home/OPP-Vpn-opp3
new file mode 100644
index 0000000..e5cba19
--- /dev/null
+++ b/OPP/openvpn/ccd/server-home/OPP-Vpn-opp3
@@ -0,0 +1 @@
+ifconfig-push 10.0.62.10 255.255.255.0
diff --git a/OPP/openvpn/ccd/server-home/OPP-Vpn-rene b/OPP/openvpn/ccd/server-home/OPP-Vpn-rene
new file mode 100644
index 0000000..f25b129
--- /dev/null
+++ b/OPP/openvpn/ccd/server-home/OPP-Vpn-rene
@@ -0,0 +1 @@
+ifconfig-push 10.0.62.11 255.255.255.0
diff --git a/OPP/openvpn/ccd/server-home/OPP-Vpn-tobias b/OPP/openvpn/ccd/server-home/OPP-Vpn-tobias
new file mode 100644
index 0000000..d8313fc
--- /dev/null
+++ b/OPP/openvpn/ccd/server-home/OPP-Vpn-tobias
@@ -0,0 +1 @@
+ifconfig-push 10.0.62.12 255.255.255.0
diff --git a/OPP/openvpn/ccd/server-home/README b/OPP/openvpn/ccd/server-home/README
new file mode 100644
index 0000000..c16e561
--- /dev/null
+++ b/OPP/openvpn/ccd/server-home/README
@@ -0,0 +1,7 @@
+
+## !! der name der user konfigurationsdatei muss gleich     ##
+##    dem "common name" des zugehorigen zertifikats sein    ##
+##                                                          ##
+##    Show certificate fields:                              ##
+##       openssl x509 -in <cert.crt> -text                  ##
+##                                                       !! ##
diff --git a/OPP/openvpn/client-configs/chris.conf b/OPP/openvpn/client-configs/chris.conf
new file mode 100644
index 0000000..7243d7a
--- /dev/null
+++ b/OPP/openvpn/client-configs/chris.conf
@@ -0,0 +1,182 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-opp.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
+T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
+NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
+BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
+BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
+BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
+75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
+MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
+gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
+nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
+JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
+Y/hjEv3y78V8QA==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIDrTCCAxagAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTEzMTkx
+MFoXDTE4MDUxNzEzMTkxMFowgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
+MBQGA1UEAxMNT1BQLVZwbi1jaHJpczEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKZ8ei4OsN/qAkPpipXs
+M9KpuihqNi9m1dzT1LEAMxg80aBNzKXHIgeFDzp94CAqDRdKEHPGLDR+rB+LHG4x
+Gzvx7vRqMelaPTFPW7qOuMegYyOzfkrIzzxuTzV0loiUNm1Xqp+gcW2WLRkSZrzr
+xXmSCi8uwDeScuBvYGjde+GfAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUNBKw7jurj9fRbOw5po4SKu4CDQswgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
+ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
+AAZIwXWsEwIwbt4Rj45EBVl22JwjV+dTlyrFoY4RPMAoV8h92Umrh//+cuvMVzPT
+hwrGUzcjFlFNKrm5U2kEmfG9nhgViCvqKo16aj5lnF7H+nTlteFa/XYw814Q+RKi
+rDAsrJfwVMOfZAEsDEdr/Lmscuh9ZPphej5rZIRxnCFB
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCmfHouDrDf6gJD6YqV7DPSqbooajYvZtXc09SxADMYPNGgTcyl
+xyIHhQ86feAgKg0XShBzxiw0fqwfixxuMRs78e70ajHpWj0xT1u6jrjHoGMjs35K
+yM88bk81dJaIlDZtV6qfoHFtli0ZEma868V5kgovLsA3knLgb2Bo3XvhnwIDAQAB
+AoGAOdvYuljwr2CsGN35A9Fq0TObNqBy5FZgzLXxnPHsz+eTEpr3HEXwVZywhito
+0MTMd+ONhC7C/htnxi6aWtFGHSdr2xpVS/WUzSgBIlskb5XzJhMf54tbG+PN1dpA
+UG1S2wSRa5rQC2ifX6t3m0UwpMlymtimVxzH5YR7/cwD08ECQQDZ0OG1DqjdYQfH
+PJKH+xat7HI55FV9aWhjH/t2KJcT72wnoKJfjzG5aW8ePAXMX++J6PP28s1HQcXB
+/R3vrQczAkEAw6wG8tFazT0+hNBcT63VsoAW7FxsZp0ME1kFNdceZbbcPMH2SDdR
+QXFLarBCcYnvKthwO9Xeyz93J6k5ZQXL5QJAKf1kpZzP3O2JrFT3ApPbCWhdlN95
+w5WAdCuENIEartMnDHShGL7oHRBARZnYnE+aRAHOljq0bBo332/GR6AZlQJBAKQS
+Vk07AOGBzi99qzngsISZZR9SLE8qtppulbDcrY9qcme72DAbulWekzdljoE3wMTz
+ccCqh8Nzdw1Zl1e/MYUCQQC+p3L5N0j/lC17/jCDWQ424UKCo9Kml9obBcKXW32X
+s2V6x1PgpLcouXzVAgXjlNwbcIRJMEivDYTr3frW9sUT
+-----END RSA PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+ff2b7b56af351769ba703f874d389327
+2e8fed8405df740d51d58eff3eb25af3
+d6de19376333a9b05aa72f8b90124bbf
+5ea3085029070d28952a1fe9baa392fc
+4865bd5dbc58a4ccfc373d2ce772a217
+17f099df7d2354e404ae7690cbc50002
+151667c2af583705bd3896327917327a
+a8b2c9073e58b7deabb3ad04336170b9
+6fcce57b50827b0f393b7d1f0a7f6299
+d15140e46f6108983234eb53b0a6d56c
+6ce3815bc7f5ec9f52bc7eb680562b4f
+1241f1378b774491ca817b56f1d5ba09
+c25e8a4dff3610c60e4f9f3c306c15af
+8a70829075343f2ab24d61560804c78a
+dda39ceb12e11a0079b59dcb607166e5
+567cbf1dc83c2f32f8ce1cb4576c12df
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/OPP/openvpn/client-configs/jenny.conf b/OPP/openvpn/client-configs/jenny.conf
new file mode 100644
index 0000000..bbdaecd
--- /dev/null
+++ b/OPP/openvpn/client-configs/jenny.conf
@@ -0,0 +1,202 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-opp.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
+T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
+NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
+BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
+BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
+BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
+75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
+MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
+gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
+nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
+JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
+Y/hjEv3y78V8QA==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIEiTCCA/KgAwIBAgIBLDANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE4MDIyODIzNTI0
+MFoXDTM4MDIyODIzNTI0MFowgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWplbm55MRAwDgYDVQQp
+EwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMY7okQO+8IO7QsNXV27LOJeejIy6Pt
+QesB+86pV6MgD0E6sRg1nfNSMcfL4YLD5qIHGu9fI24iG+51eGNZtwnm11uafwOm
+nB2NRezuc2uzNkQxmla03sSLTG+UWstfLwzocJjCev4WVbv79XYdpfvbTCOrK3y8
+qNm3euJ39zT136j/68hu8GEp29Kg3/IN+M5/cnlsWsnPnDy76EBTshLPXH/XgIQ9
+sspuSxIP3c3xjKwAenkS3yZNIQB252+fOscAoS8ad+poGKyC+8UiMMyYAiOJv/kz
+wPSofV3ncxBdeK2ZAXn3WNNndxszOFZNeaPD5A4T+ZqDsgvtlqmY8tMCAwEAAaOC
+AVgwggFUMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQURxib0KicE0d0jkEkKDwikV5xpnUw
+gcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJ
+BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
+A1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQD
+EwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdE
+FItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
+CTAHggVqZW5ueTANBgkqhkiG9w0BAQsFAAOBgQBsrcotHRmOTMrGCT3FQ2d+tEJ2
+oAojPknBpmwDopbZ/cyncCrHCW82WeH1UaoRHjXztI0g8HCrAjs+ipYhwFcrlyAW
+FWMYrNanGWzMfP9vuC+4zArojqo5oqQ88oX9jDZpOScfP6IUeXdNxgI4f5FzneD9
+wWnFsSS/PcuWPpPyXQ==
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIS7C0EfAOtV8CAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBZSzA/4v2DJBIIEyPuxNdmVDWIk
+SNpc3sF+WU8cUcOyqiQT854zZNfULzcuQDMaYLxYTDJcJPlrwMkSrXh/W417b6XY
+aOSkS2GqkbSrpVRCUY3e0nuBMYolT8nVgcZINw+x6ZtM2pHPOAGHGYRIg5CBIW7c
+ZGySvj8MXzQDFFf0XnfSDqpviQv6WDBzM/Ekoculh151+gj94CkVd2VsCN6czfNQ
+s6S6n4XFlCO4cehDjekqURCRZ7cB+1tdUlO1Fx0sFvbpJdvCndlizrsgw0TGrYiH
+imgx4qvFJ1YmpKUv3M8/P2ywMSGuukvaUfmZLon82wGD6dtn/Javgq2x32bcqUwf
+helR6VVz9luxkk7DlbcANTn2N1QE8jsbsCCUDPS7TKy7XHZaxKUR1DwroDLf9BNG
+eoxC5T9obpRigECvmmZvwmtZmq+Xscly6w5eICDzN/yquRswQII3kkHHi2K5bMs/
+F2KKf2wheNljvYHgfyzZRM28iDUq7qnpZv1oh/zuwmk3bHVIVtSujFiqDaD4h8uh
+TDt+Ou82VSjlkHMGxkJ5bbMOxEHujZGfQvx77yUEctQi/uhgdhdJYRiLrw6UTIql
+rQ+tPbOqRyiKuv2WRSm0G8uswe4P38mesIbsMKHXT+sRjbJfmjzDCi0rNZlyNfLN
+xUdMLD7mRyiundsXVekSPy5sA7we7Sg/TyPdMuWrHzgU6OzIedLTXpBqQAgFRXhG
+6CmM8CzEcmsSnSCKBedzy6jYH7XaCVG7q+D7n/WEc3YgVilkafiNZWtTgdR5w8Bf
+/Ww5WorrQpB9lwX+Rn4hI7m46pl5mVpNuYNJTrRj+pb3biLMPYpKRQY0tc4HkvrM
+RS9qA1Y1YWwh5ScyxwknGEqqLBsWEyAZcCKagt+SoK7QYSfodm1gQSdUDMNC/4iE
+EsTMipAB9TppMAKMOvkNgOP8m3cr8nm7l8Rwbm2PBRmPCoANNxAKewwh5ZJ26Kiu
+IRZfPptyJu9kSIfRmOjNGyvH13fhaTffwXr5UKZqWB2i/tsRo5d1xj2UIsfXs/2p
+4s4AAfI8qn3jtsi9RDXxws/l0oIHuYbdXN99AwqoN5ZzysO24ieY81IoNjyfayca
+Ymzl6al9BaBaRzgqDpQzKJZxVUrQJFq0MrdS+KHFSc094gbHdi/e/wKkuV7e6sss
+RhSDD/PtUT5BmWiS2Ch9JgglQDYmzuDSC2wLfVARwXBgwpXjlnjUKOtacSQ4T/Zw
+UZJAuxUMPO1rQeR8aUZF4yYZ8xMD0vTyp27BKIPiQDUyLsfjTO9fgVXXOYNc2CKX
+EoWoqnZWrROZ/qoGJHW+0YTFGDYENZfdDxaGFDyaBcd+uXf97nh+6bQmtgqNpqGT
+575/JZ0KRsAfmVLxXhwaYWkRg4Usl7dAqUOslkhHlcuTU209iydTHmTPRKS8GmIC
+dBVFoJDdIIh+/R+euLOb2MQ2A719YRYZjmjsxLpezrXmJOppp6aUBWs6SKrNABah
+8GEumCrKAjWUVoFT85rCm8dlAiXEZhTnVkrAwvsioXx4j6xcRC1OCi0d56wMODai
+RY7dizBLIukqzHmsQaXSVM2jYHE+cbixqgaIW9LgZ28a9M2vWNetbnZV/5DK2kWr
+rKWZ097uKHSd78Ta9/W5yg==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+ff2b7b56af351769ba703f874d389327
+2e8fed8405df740d51d58eff3eb25af3
+d6de19376333a9b05aa72f8b90124bbf
+5ea3085029070d28952a1fe9baa392fc
+4865bd5dbc58a4ccfc373d2ce772a217
+17f099df7d2354e404ae7690cbc50002
+151667c2af583705bd3896327917327a
+a8b2c9073e58b7deabb3ad04336170b9
+6fcce57b50827b0f393b7d1f0a7f6299
+d15140e46f6108983234eb53b0a6d56c
+6ce3815bc7f5ec9f52bc7eb680562b4f
+1241f1378b774491ca817b56f1d5ba09
+c25e8a4dff3610c60e4f9f3c306c15af
+8a70829075343f2ab24d61560804c78a
+dda39ceb12e11a0079b59dcb607166e5
+567cbf1dc83c2f32f8ce1cb4576c12df
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/OPP/openvpn/client-configs/laptop-opp1.conf b/OPP/openvpn/client-configs/laptop-opp1.conf
new file mode 100644
index 0000000..4934914
--- /dev/null
+++ b/OPP/openvpn/client-configs/laptop-opp1.conf
@@ -0,0 +1,202 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-opp.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
+T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
+NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
+BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
+BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
+BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
+75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
+MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
+gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
+nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
+JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
+Y/hjEv3y78V8QA==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIElTCCA/6gAwIBAgIBKDANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MTExNDAyMzg0
+NloXDTM3MTExNDAyMzg0NlowgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAxMRAw
+DgYDVQQpEwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVtoq8Nm7zrdwjTwdp5zprQ
+J3TSXs5oUjXqcmOmuqjVR0GVENVW/AfCJE4oBgT1dEMFUoY2hvmPecVzDqjC51t+
+CHkCoqghWW71GcZZbJZm3CTDHBjgCeRuLDMzxDetvwaTk6zfmIqTEYxrydg53WYB
+2IDtq0Iegngu4KKYPbM5uEcagUuk6cMvshB6q7plc44KI1SdPktPCZX3b8gzOq5j
+hx+6Z/YDAmLFIpu2lzbrEfcTYvMcebEisbjy+e1XDFRQaUnOpuNN8jlBToocMqqH
+nrDekzeHNLYeypTSSApQMcXAQXh7LsGLdZVEEAaRIDlUqVA2tJUvaXshzBOjOC0C
+AwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNB
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUgqI6aUjw3mBYjMZ1vcFU
+T5mjPFAwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIw
+gY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMw
+EQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
+ZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAW
+BgNVHREEDzANggtsYXB0b3Atb3BwMTANBgkqhkiG9w0BAQsFAAOBgQATpNUsLFk/
+n++sNtQhpVrZ874TCfVTn+kt4iWccvCmu4oSbZ34HGSNudtYwWtJugbrRWkxjSIp
+VUrLLE8Nxsev5JrBRzQuh28bDYgJPtvggpaNzbhmBqftoC/l1vCr59uOC1uB5BYt
+gwgKxTNOJ5bKYIg7TIDrr0XVWaLwMc8wUg==
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIvHFbhmmWccUCAggA
+MBQGCCqGSIb3DQMHBAg3Iz/FqmdZ7wSCBMjNGSrcP1d2uS3KGvLQAIHxIcTJado+
+ORafYeIi3yI1Ymw0NuJTBkED7ht6uIHPZObMFvSz6FPKXW4AgJ61bUrUO02FMFWS
+b8dSYOVhNXYUmyUdR0a1Ocq+LWQQehVFckgZoZuWKnSJntLDFlL7rbNj3FQrpS5P
+fjUv7dy/fv9H56EJjsREt7N3IGz3zf5apjFhLFi5G6cvvo0wIZr4TzunkO3/LGRq
+J2GUASJEvYs0U99HpK2wYUN3IJqYI6UfvT+I6Ra57oYMBQsTiJtAsWkiRpxIE3Vw
+/UfrKwp4PnVcw0TAEeZ/uc4HLGWY4YoQueBeagnIZeJcQTpd/Mf9iIGeGWa4Mpp+
+kLEDgS4uyZvgYEQ9iN9I6KykUrHZKgVv+wwC1RlYtQANXkff0RRMIrSKSnxnk2tn
+TncaccDEAlXwB6yQLUdCPzEfa4X7QsM7hSOXPN369qqaM4mwg66Qt2AmWq4c87Ta
+CWITdQ/ko0B6fLrenvY25g1e+NpszjGfDw4MqPE7j8ieXy6BFdlPAdqr2gHGxlwO
+LS2Zt+zbffhNmlq8xQA+b/lU+UpoxzSZzT88I15jFeeT3OsWIHNM66wk1PAKRhPQ
+gj1NAC9zyLftGoJei+B9ZNkF9b/a72rPNac3X5FQzFdVQ20AAsKeEBFgtmwWc/KT
+10206UCSGm9hau63yWv7uOrwnFG/t2pJcA+C8pnHwEMFbNzX7jYJgAG1WwmQNTsJ
+RALHfQkvJwgXlOv0bHntSvOHBhDjVmhDilrqJLjJTlZ1nhFy4U8ziSNWCHTvSXyO
+f95faLJUEdIOFKIdvKvvzkBqTB829EmbkFsJMVJ1vC566jX3IulNzkpO0eP+oRQs
+xBIUipGDFwy8qMaPOW4TC3edjhvBuTGfrriIZfsUaQHuqtD8HDA6tM2BJppjMvfi
+zVPtZB/0LaHjRNqJB5paSws+Q8Rd9ENJIUI8u7aLkOU8foO+17pQZ4msSzUCVd4E
+mWiJ+TAFM8hmlQ2u6NznM9RABBpsGrzmhC1XhkwU9V41KHcKMdRAkrPvixX8qthp
+cG7EoyVXcl2lC8emr6sbGwhKmOCTz0gSm/REnoQZpnIMpSIsTqw6gPzHvK9vVRP4
+nZUt4SCEaVqGrykgj/GzEfiAQyyDqNZDeqJwJnjkcs3qeR7Arr7wlL88Bk14TmHu
+DBoWxkjPxmGD7ZdE2C6yqETNNyMHQVxHDafraOc51WQz8w0HUGl/9OjDt7jZBtdN
+PbtiDFxhZLvHpo6CNKsPTwNgdIfgg/NRRWpjoDnf8prY0m6DVbvwqm4BxKxA5r3E
+k1YreW2evOFP6nOU31ptY58vWlaWTJAv61Xp2N3J4fzydc1sJQckQG/XWdORb7Bl
+FBNona7NPY6y+RGWYhfkzHqoAY4QEpZcjSPEN+Z5ULbxfL1tCN5i145vv9FRDu5A
+MTCCd7XIc5WIKKz2AfIR3H9LSJGEY231VGtPOJkCqkzUF4NHRwcPOnrvRqHwlfOZ
+7h7OGOQsj1FPANBRj4upEM4/WNeyT9fQNWguYR5kNCwLkryO965AqHNCOHeFL7K6
++0+NPEOF9qLxM6dSxnP6HkH2dodVmqiUbDeypPnmrh71ncrgBKMtJ75THEBA5k4Q
+8UQ=
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+ff2b7b56af351769ba703f874d389327
+2e8fed8405df740d51d58eff3eb25af3
+d6de19376333a9b05aa72f8b90124bbf
+5ea3085029070d28952a1fe9baa392fc
+4865bd5dbc58a4ccfc373d2ce772a217
+17f099df7d2354e404ae7690cbc50002
+151667c2af583705bd3896327917327a
+a8b2c9073e58b7deabb3ad04336170b9
+6fcce57b50827b0f393b7d1f0a7f6299
+d15140e46f6108983234eb53b0a6d56c
+6ce3815bc7f5ec9f52bc7eb680562b4f
+1241f1378b774491ca817b56f1d5ba09
+c25e8a4dff3610c60e4f9f3c306c15af
+8a70829075343f2ab24d61560804c78a
+dda39ceb12e11a0079b59dcb607166e5
+567cbf1dc83c2f32f8ce1cb4576c12df
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/OPP/openvpn/client-configs/laptop-opp2.conf b/OPP/openvpn/client-configs/laptop-opp2.conf
new file mode 100644
index 0000000..6af37d6
--- /dev/null
+++ b/OPP/openvpn/client-configs/laptop-opp2.conf
@@ -0,0 +1,202 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-opp.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
+T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
+NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
+BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
+BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
+BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
+75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
+MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
+gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
+nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
+JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
+Y/hjEv3y78V8QA==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIElTCCA/6gAwIBAgIBKjANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MTIxMTIzNDIy
+MVoXDTM3MTIxMTIzNDIyMVowgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAyMRAw
+DgYDVQQpEwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL7iPPaeJzTmsK05kNWd1xS7
+MF//l5D0baIAbmoYbtoJ6AIzALMfoeLigt5clkmsSNbERO2XdmuN1+05QtfaXUZo
+SqV/18Pfoe+NGI8tlMS4IewD5WCGWLkm8akn2AigxUYc92lhRLpZHWu1k5NSjHc+
+Mzgi8QIgIpb7/gjbgFoKnIR5dJy6WLoTke+pDSB7JM73ZXiHuiwT2/MqQ7Clb7e6
+K74yoM5rBZPdgvLbPkRRaaAHg9x15UnmucdQ09Ny3hJ6MAJzao+tOpEQqitrGfzi
+m5yFFIxNLAI1YVnUSHTGcQGAloBJby7o0rTTTIZuQYEGBSozf2F4U8bRJ/3vn98C
+AwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNB
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmgpK2Gop3E6rlrU38NZL
+UnaRhXAwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIw
+gY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMw
+EQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
+ZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAW
+BgNVHREEDzANggtsYXB0b3Atb3BwMjANBgkqhkiG9w0BAQsFAAOBgQBuOP7fJrTK
+ntl8UBuMT6garKT95ZO8ZvXNEhwxhE6Pd7PcLaHlRV/R6f1MQmDjm6PakOswo8aX
+KX0ENM+Bv9cPVOM4/iHpsMo3rVGsJjFxGQmjPYqzBKnhp7scnZe+5fdj31OpB4Qj
+4QyH8FlYvZ4atU7Aao2pSaUprjduTGkg2Q==
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIQGWwJ/0e9vkCAggA
+MBQGCCqGSIb3DQMHBAgYCqryO9FhewSCBMj8TDpUkZHLx1K//VFwpVIB18bMXyhF
+DErbYLXoUeqYPIiZ+Scu1HsHPpVq3whDybcSRDFLL/cKsHRmJzbowHakxI5KABJG
+iW+nxWHmeL75GTOGOexv+WmyjFce0LNTSuoQrLPg5JKZl6sTiq55+0uaU8MqxrXN
+nGv98J/s8AR8u5PVpkbta79gKQEgkQQhd/0FNDLF/2zvrJ4eZAekHwwXBairatWK
+NSu18vJuqX6LzHfxS6d/boexCVsPgp1GfQQP3pQsvafCpUWd5pdrSPaaKEUNPLrt
+39uoybJUMHJLBaAE1VukBXHQUIrhzjYO3cEU07UUJH/91+MNMjFjN5W+FtaIHyuy
+BGlg06x/lVEuuXWXoBw6z9ucIkVsbXo4KsXJWjrCmMyCKpSg2NUY/X6OcjX/oe/M
+FUg08ZoRuE5cWuE00Xc4dGfAaQ0ILlfZr32rBzsCLGE1QaV6qwncWVO9uyK1eIF/
+ekVytBuYRxqNI3zaNG338gDNB5SZZnYlnYqx9BeTenYJXuZp6tqiK1QrL2+Da2m8
+GrL2U9pbihl1QfOURKZMmSY4kiDlyFq6Gg+1YkHKGmc8kx2hGH8VEo9O0nlQ2Dd6
+xPSmio9yHSfkBte+rcPCc35DggBDOd1ZFIgs/m9d8xrxPx8Fn0f//duFbfqdKmty
+hyFksx7ToXRNQamOedaegSxyQ/62okzuQHLhgAQb368asVjfYnlb/o2CBkVLT/t3
+3wyV8waSK1Wlm8aEG33TUBb1QA46qY8Xl3JEdPRLxrSO9BAaU5AlNvhXcg1yvAml
+nvS/2aF/5VHHeh7F2eq2WhFR5CBbOSC20Oxx/PeHcgORxxNzDsbsUWVKhLvB8V6O
+fqz9hsQ6uGG4foFAfEXHA5p/RLXzJT+N2lwAlmq4awyTrddDOptOjnHiUFTcrt0Q
+3AA6QZN6Poi7wTPfdW71/NqwJbxSoW+ZwD5gc6KPc9LGJ4aoTv6hUleK7oVPYlhP
+Nu5ql85bVe3f2FWuYA1pt2uP80OgLy0Sfyx8zrkDLB5IlA7N7krc3BDW4fOuezow
+tYzPypdjhIgUtQEe9+g7UyuK9GQmolakAptcznIgAdpyANuxm6ZzTFZeCnbj5gji
+Bwft3pWz91KUJ9puK8NhgYLK0kX6/1tkzWN1HAJ7EuUVEVDZa84sG18TzP8qA7CV
+S44VmC+G3naDsAhiUkElbOzs9Mon8cMy4WRO5bozwMyPnk2GQAthGI99g+PA7ZJj
+Nnlc9DCxRHhT3sCVw9Hrg6fe/fi2Eecvq94rSHVM5duVlVug0ah9Q1/acA/bmPuE
+h+jIhieD0oduPJ0n0nFRh/m4mRqqVsT981xK+tXOznB2AIlikX/Clb1rWlaWNvO/
+RqnY123/TsAD+fsRVfS0UZY5y4SujSJr6swGuURSpnJnrNR7mRBLVvmOEmknoLRO
+5eLFkWJ2+G1k6nUDcmoVOzicndpPrk87MXFXFA/75UdNLpg+iJv00n5X6oTwokwR
+Cz61T0uYO/R+8eBvIym4ym4ks2H5fZ/tCxzyGrUcCT5Zd9nQ5oQBzaoxfcCqwZlF
+Oxq3/4xNfvrv1KMPUVYDj7zMUDv4Au775yIGBomhayCmDZDzsB6wZL4pMsWZFedB
+5Co=
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+ff2b7b56af351769ba703f874d389327
+2e8fed8405df740d51d58eff3eb25af3
+d6de19376333a9b05aa72f8b90124bbf
+5ea3085029070d28952a1fe9baa392fc
+4865bd5dbc58a4ccfc373d2ce772a217
+17f099df7d2354e404ae7690cbc50002
+151667c2af583705bd3896327917327a
+a8b2c9073e58b7deabb3ad04336170b9
+6fcce57b50827b0f393b7d1f0a7f6299
+d15140e46f6108983234eb53b0a6d56c
+6ce3815bc7f5ec9f52bc7eb680562b4f
+1241f1378b774491ca817b56f1d5ba09
+c25e8a4dff3610c60e4f9f3c306c15af
+8a70829075343f2ab24d61560804c78a
+dda39ceb12e11a0079b59dcb607166e5
+567cbf1dc83c2f32f8ce1cb4576c12df
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/OPP/openvpn/client-configs/laptop-opp3.conf b/OPP/openvpn/client-configs/laptop-opp3.conf
new file mode 100644
index 0000000..295f7fd
--- /dev/null
+++ b/OPP/openvpn/client-configs/laptop-opp3.conf
@@ -0,0 +1,202 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-opp.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
+T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
+NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
+BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
+BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
+BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
+75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
+MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
+gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
+nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
+JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
+Y/hjEv3y78V8QA==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIElTCCA/6gAwIBAgIBKTANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MTIxMTE4MzA0
+OFoXDTM3MTIxMTE4MzA0OFowgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAzMRAw
+DgYDVQQpEwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOY+T33t6+MGoC2ZVVucGMp9
+Bz12/5TsG1oh1L47K1CLckhVM3pUKWvYuxHPmn+cIGn9bnohrBlG2y4YNm1PkTvk
+pWozI8YGYsXVKMPEKD44FuYDZJUYExmV4craQaYcmVYW6/JwwGfcDN3YvG9hB30C
+dsMs9IBMQuhVl6Cg6ngecYq7e7+1LVWmoTQNOg7UAjKTKzyztIEfYznI5irprE+T
+vSptv7N3m9h6Jw2yRNnkuQ/MsCdb+zKieXdV2LbQY8eYxURHT01nIuJAmOAKD7yV
+RtdLNwvppxGo/Qf4GG1ZjVQR/J4jYhRkYs8NSV1BlcTT7NQD5i5pFWs/NhVmWMEC
+AwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNB
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU5+o1f7cxB1BbVCp8NffX
+QMqfsNowgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIw
+gY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMw
+EQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
+ZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAW
+BgNVHREEDzANggtsYXB0b3Atb3BwMzANBgkqhkiG9w0BAQsFAAOBgQBGTCJBsP42
+28Lml/xQ/3QmQg4fD9x2jOo8JLmy04/iWhlXuxXITun6BrhhHWXpRirGz1XFGoF6
+yw8uXWq8VXqo33oWYmp1nd4ZdQ1YKj2Swbx5UrjfGSSsY/2wzoxlEsUDyWLnFIXs
+OiBrkyXKN3tdOn2y8hTP5szeXqrVKaL8Bw==
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIPc/olWb82e8CAggA
+MBQGCCqGSIb3DQMHBAjhtAZshhbq9ASCBMhnZCLp5esIptXvS4mIfbJfO1lRdMwz
+cCUUw5htYnETJZ6E8f2oisM0pYKCkKEXY/C/G0lXpQYduzIDYv3dK2t1pfHbebp+
+KHWWojuMmoXxcE7I4cxrf61dnz7huYHJsUGzJR43IlV9i/VFWvqcPA4ei5Ir1PLG
+3Vn6IlYJlw6BhOWH5Dh7ay080rsqOuQ4rXSqhodKJ4XMal3XCLzhCUm2NyK+bgTX
+kM16O+4QVhG+X8Rq+zUkyLXFuxgc/GEdOGJejHOp4u14ojVkPRD7oj2CPZjnNpen
+3BvxV40lCv7XLXeeTonmWTEsdYnbGeNhFG92TCVvLA/FVo8QaIUUL9OgxIPg2Y0Q
++ui6kUZW97Q1tICvkNC5ZBWv24OXPPELJfxFvNlibw0J6osQ0HJEOxGCFUeJ6e6w
+eW28vof72aW5mtaq74KBlcIfOvdC2sylKxAVIpVGV8SICz928CA16oad9nvnqSTZ
+PLvDwwkQyQL2UoafxovxSHFCH2FdTDPScjfmd+M68TpVZWOpWQFnW5PDIF8ipNla
+nZvWvv8826LY08YNgAUDHtXEGQWUeqB22uel1QEkFWqoVADqmGW7VANvEbuORhMG
+yCbQ66wUbOmaSiAMUX965eXNBPOg7ZWoHEvAxtid94eJK8g9cXKPwKg+ggUx4CYu
+Dexga2P8jYIdZfK8mfFoLuz+A5buCm/nwpEnORPIhoO9NzvGzfUeSy+BJZeM0Ol4
+5eN4NuHzhSiSi6PdIf5oTOS3+lxCQe53OULsRfSZ87jF/bGTMFIR58fLCgte2JYC
+6Z7C09L07+BP/c2yRrI5qiRdYf3xgjsQdQqYgYQCuIu3a/gcvGpneJH/hSTiS/Or
+G5suQ56fjkh6BnPcQ/KRCtsHeR0RaZe66UR+ilI3DRSzBG5BM/+cHI2ZvETu5dsX
+JsPfmvRqcZ5h/GkJ69Sw9h/6DMYvNfZ/7ABwWgS80vX879JCC/G1epjTsI584PXy
+0HcWXe1ZbTECpgZE2D7dnd9yYTFlYJIdCAhdUK3MfML+rLwL6voY5Wi0+OmiAGhP
+9u4jrJpY9lSnD8okZXPyeqX4zDH2F+o5NQ+6lL7rCviaLbBSsAHj255yS/FYH+Wl
+4MV6uprLf1VW97Lk8KU9/uEJfBsKLls7i0zHQJcWHmiyciX7R62KTyKwzyuHdC/Y
+SGy9KEUesA8281oBeIQEPQSGmJJrn90BoDu/Y8zeNOkPma0wRtSUhg8ybncHlHU9
+T8cvY+ZYeHMqOUMzji4FvALqtVSzrxwmRkPhHN9CCJyY4zS2PtuyzKLUKNiL1JF/
+qk5oxoaoEcC6y/eb9Z5WwjNUguvAFjzulzqZ28g47hWQ2o7blkGWv6q1EHY5H8LC
+kBGvrZpXRmysDJnQs17DZi9/AxT9REtPsHSy8zXxk3b5SBBlziiPbta9UQVdas1g
+u4VMXRioJ1AOoSTx9VeOKyp+3AVf8Fbrt189+ea8Hvdx74YTn97O5LFYxyYom5Yd
+eKMH/s62EM+YTE0Px/7MEkXS5ShHGymp3OnmWJ5WA3Go/iBT9SWnPPVExeskhCCd
+PXpHe50srF4NQXISqPWHrGdwil/TDaNbgHv9vloOqpziKAQID92C7I1beeNJ15QC
+e64=
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+ff2b7b56af351769ba703f874d389327
+2e8fed8405df740d51d58eff3eb25af3
+d6de19376333a9b05aa72f8b90124bbf
+5ea3085029070d28952a1fe9baa392fc
+4865bd5dbc58a4ccfc373d2ce772a217
+17f099df7d2354e404ae7690cbc50002
+151667c2af583705bd3896327917327a
+a8b2c9073e58b7deabb3ad04336170b9
+6fcce57b50827b0f393b7d1f0a7f6299
+d15140e46f6108983234eb53b0a6d56c
+6ce3815bc7f5ec9f52bc7eb680562b4f
+1241f1378b774491ca817b56f1d5ba09
+c25e8a4dff3610c60e4f9f3c306c15af
+8a70829075343f2ab24d61560804c78a
+dda39ceb12e11a0079b59dcb607166e5
+567cbf1dc83c2f32f8ce1cb4576c12df
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/OPP/openvpn/client-configs/marcus.conf b/OPP/openvpn/client-configs/marcus.conf
new file mode 100644
index 0000000..defeb1c
--- /dev/null
+++ b/OPP/openvpn/client-configs/marcus.conf
@@ -0,0 +1,185 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-opp.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
+T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
+NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
+BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
+BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
+BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
+75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
+MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
+gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
+nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
+JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
+Y/hjEv3y78V8QA==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBGDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEyMTIyMzAyMjEx
+OFoXDTIyMTIyMTAyMjExOFowgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
+MBUGA1UEAxMOT1BQLVZwbi1tYXJjdXMxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYjd4rAReGsVYhl9Q+
+9JpnXLI9kXTqvpPPijklpsXggo/u+F1lWiC8Ti07xl7vAAhag3ha/FTqjWGDYa2X
+l/LPYS3AzeFr76rdJe3PToxLAFZrmgCXOGZBCXhjHMpBX9XG7KVno9ccmXhRxBk0
+QqYH3wPM5nt5jSf+eQXsNLjuaQIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFMF+61oxtK9x4AUQlfqRWUOVSflyMIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
+FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQFAAOB
+gQChe4cGuoK3Y9dyUPct+jhLKAUGeSDqIgwgSLah4vpd6SNKPFMklapbAENAi8d2
+u0C7ZCY9sY+17f7NCqSvzs5crPxGgXhLxFDg+uWfBDHYbnqnMvGJ5N7KUye1gF7F
+ypHHq6STIdjGaqx2ZunhqlM7tX4jmtyrzpkaVdrtuv79LA==
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,17B9907A94C0924E
+
+krHc1xE84ce/mYSlw95UdKuic+wC1J1cAIMq170+Lez43232Qy9/evNW8lVl7BXS
+9fs9ayCX8Xdr5lyCOxWukZQ6Lk2tySBCkdTFnhDQgUXjwx9tNqLmMkajF/GrGyJ0
+Tn+LQG5r6Z05ogE+4naWH12iE9OMqGNNIebbNbmTc1jYMUtKgWIuQkpe+9DMWBN+
+PhKHM7BA420Z9E74KmkhmAJYdHgSle7U7Ca27IY/u9gXUoa+MxLsET+KTY665NJq
+KP8+H9Hsw3zVQmu2XR9s/UfayOFYcMJBEATI9K7dBDB3zTblcYHmFfXSxpAW7AZz
+bbFHmpitgkzC657Xw6d/TRktYGQbNbi6Zwsc2dcQuyHtpiF443fN77m5N4g/7IgQ
+MghSlTImS+K9r357UQN43cXRIpgEoKk+22H/fLGtxVDlkYmx9MNzXnmGNooJFIkS
+FcV164sSr3FOSZ6oQANsRNIJtHy79gUyh0fgPzng7kKrNwsQCVsTzsdglZEXDCLt
+BbKpiAB8JcB/EHHR/vx0xj0LJPWskVj8v07GKwQCvW8mD0oKnm9OuDAzXUvR/bj+
+mv0yYA2ZRvJeC7ZFYIanzmmMH5EuoKLsFzvp+79+beKDD24x8xbQVjxi5cmfzH6s
+pfXY6suLB4wtzVbj+TzMPuP+W12V5oShO2Q0ifUuBMkgUNEyem593l72yy1CERcf
+O9gR8hUpP0yHCFRhds00EkllKDvb9FixL8EWO9JGVLZhLuYead5yOcop0tdT2aXT
+v8kWDFBcGdNg9u7HgjapeTKjBnI1bYNsC5knB1TugR41PcJUN5qCRw==
+-----END RSA PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+ff2b7b56af351769ba703f874d389327
+2e8fed8405df740d51d58eff3eb25af3
+d6de19376333a9b05aa72f8b90124bbf
+5ea3085029070d28952a1fe9baa392fc
+4865bd5dbc58a4ccfc373d2ce772a217
+17f099df7d2354e404ae7690cbc50002
+151667c2af583705bd3896327917327a
+a8b2c9073e58b7deabb3ad04336170b9
+6fcce57b50827b0f393b7d1f0a7f6299
+d15140e46f6108983234eb53b0a6d56c
+6ce3815bc7f5ec9f52bc7eb680562b4f
+1241f1378b774491ca817b56f1d5ba09
+c25e8a4dff3610c60e4f9f3c306c15af
+8a70829075343f2ab24d61560804c78a
+dda39ceb12e11a0079b59dcb607166e5
+567cbf1dc83c2f32f8ce1cb4576c12df
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/OPP/openvpn/client-configs/oezge.conf b/OPP/openvpn/client-configs/oezge.conf
new file mode 100644
index 0000000..ef1bc54
--- /dev/null
+++ b/OPP/openvpn/client-configs/oezge.conf
@@ -0,0 +1,202 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-opp.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
+T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
+NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
+BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
+BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
+BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
+75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
+MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
+gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
+nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
+JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
+Y/hjEv3y78V8QA==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIEiTCCA/KgAwIBAgIBKzANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE4MDExNTE0NDE1
+NVoXDTM4MDExNTE0NDE1NVowgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLW9lemdlMRAwDgYDVQQp
+EwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALmEvhRYDUvByjUngr8Nn/VcioUI+cFV
+C9ihDBHOMCDdNQGYi5jZkSmMboF/KJRg5UeZNz0ZjxTZfunYvxZPjdGuPUbOtcs2
+t7xwsi1Isuckdnt/a099uhGx34S4yWOIPY/stw7zs+fVZfnmsIH6I/uWXvL5kvdz
+abAqdsp9j74QYrDC1n/ApdakD3xHnL4X7FD6VgAsC+Yx0gHGaZ8ad8sFTn9+LryI
+dumPyEMamzSn39SeUk74dxC15R3Z8Y091U5xCkrjwaQtDVBfbanLYPhHZpC4oG6N
+jus/iOvS+QZtBa6g+nsE71GxOh5eXz++Tekcxqpr5AVjLYytJ5+uQ20CAwEAAaOC
+AVgwggFUMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUAi7CtRdjoxft1/BxZ7ukuHolxygw
+gcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJ
+BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
+A1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQD
+EwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdE
+FItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
+CTAHggVvZXpnZTANBgkqhkiG9w0BAQsFAAOBgQCqbhrn5H8GWGbn6+V7GLK1Ti0I
+TMmqU7xaO7lbTquxFUzMQ/uCtIHbIkH7fYD5ZGiH4PTSjrGmLcQhHFirRche/+EA
+XJVrbVCGdJjbwypI94H0+uv5tijsC+bWSmzfdLYcWYAtVTL0bbakCYWq/dqe4FsB
+6hJRbeRHBqcNKVSJDA==
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQInZcrDe1GppMCAggA
+MBQGCCqGSIb3DQMHBAjoFMe8YudLQgSCBMja856e0ws511Wcto3qmJ3FNYtvYaty
+TFHOaVjXcDqbEyLOv5PztBV+P3kWE8LukwBnlrtcmxuEbsL2yZYmuKOeifZY+87N
+JLyqa6v/3HbmELSn1Zqf8xlgjjr6mmcyJDnORVN8j4lqK0NR2KAAG+2XDXV62EyV
+Umk5TD5LKzsSVvrUJzH0Ve2d/WklNJXJGqB021mJ5f1k1nRxcKW87eqSPMnEy6h/
+6m8moFa8YuFgljw0bnhRo4nP0rL2uIVtQhYXVc2pMc+Jg5TmUI6fyOR2j+FWcvgq
+R1SaHkNaV3Y+1Bb+ujvx5tlnVtiIrSXt7fKUa3NX/3ayAt6PSsWAWbM3hF1oRTsX
+yu7+s/S3sOk1cwOJOYEZMMSb4BOTBnR89dAFQYZl2XmClM1oJW1/01QL8Z3KANf4
+vETbDD03CbGiU7FsKxVjAGUpaI9dvbHNY9L+G2crH4fl+Vqx0Y9XN4Ql7N4xT1LR
+PMTAmkE7msA5QIRpVnqIq1QPa8nR7lSeMQR4yYjMcAEdVykHFJzAifJ/QI9vwzpJ
+5ndp4vvGmHmx0nRCRcwWWLdEdlkL6nfAddW/zrBtVOXX6QzH6G3ab1D8EhrzMe1c
+UJ0dswBz1/nWl/eOdznkddGgu97SQun2wrsvFrkvpaZSSlLMrP+BhoBcWp7wHfWO
+z3cyzbsga9lxT275lYeN3aEL29y/riQ/fgNqi7P3S8CtFo3oG3CICAeLZIzJiHlE
+IoK7tpeGaUgwh6zA3X5p51I8u3WEcq9H8jUhmujSoKkD5RLGSPsh8ZL3S20b8lLW
+CVUBh0Z21jWpCsqA6gPuYcBtIg5NYGvinOvvIpSwEOXYOiTM9cfiQWwqJjBaA1gr
+GAtJwel9lg44D2V8owCKKrvtTS8TYsD+6pKZMWQnhNSQvQg/3pKWlCklQpKKLFsz
+yM3Ga4hCMT3y5XIzIo+Rosd/4m77E02NMO8o/ijCuELUNjQEBFEvESRU4N9DfEqh
+nSPEjh9ADJZzAg5wbEIWSvBBZNlqrir6R6s5ncU8tYNsnrpbUyOnY5QMkyBjfxZQ
+GnQLpy1SmShTpDvqglJjS34HPIJPNCsOd2vjxrMHmgMovjC+8uXIijKbHRTSYENy
+MXJOW2S2ThEZeIHdTxS0NZkeuyxENSeqS7sXtq2nWPMXn4U8bTiVC0EHX3Qz7Afo
+1dzNc76vplz+SrVC+ukKnFA6JkHotxro5jUelzcWw9AV3y+Yv9PnRDCuvcQOmoLS
+rha8PvaEElZ+pUyueUzzTsLaBTO+eMIy4XagEPrYX89YDzHyVG0aHj5eTAofl5gb
+6tKKBmMiTP5mwSpxInU4BxF2BHr/9FTfBwDFTpvagGE9EA7q7CGMjlpQcSGIcIPN
+Mc8a/8O8jhP3DPcKzwBdw2XphM8ffuplX+wZEmxJwVlDBWiW9iODgnC3XeLAmyAp
+BOurcNIk5yI9Lyh31cTN/krn49L9JMVpqpHihN0PhUe+iHlYit3JvzBiNFT6xVco
+S+JWNZeKmc5t6Kx/piuGHvb5iXeCROjW9vDyTIRaqEudb6Mrhu4ZMp+2x0ZtER9g
+m9NpKZrJMz2CUgfs9WXyU5bK56OeFs2NSMnXFsXA3LT/27CeT5q6LBZYcmxfowiV
+Bf0=
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-serve
+ns-cert-type server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+ff2b7b56af351769ba703f874d389327
+2e8fed8405df740d51d58eff3eb25af3
+d6de19376333a9b05aa72f8b90124bbf
+5ea3085029070d28952a1fe9baa392fc
+4865bd5dbc58a4ccfc373d2ce772a217
+17f099df7d2354e404ae7690cbc50002
+151667c2af583705bd3896327917327a
+a8b2c9073e58b7deabb3ad04336170b9
+6fcce57b50827b0f393b7d1f0a7f6299
+d15140e46f6108983234eb53b0a6d56c
+6ce3815bc7f5ec9f52bc7eb680562b4f
+1241f1378b774491ca817b56f1d5ba09
+c25e8a4dff3610c60e4f9f3c306c15af
+8a70829075343f2ab24d61560804c78a
+dda39ceb12e11a0079b59dcb607166e5
+567cbf1dc83c2f32f8ce1cb4576c12df
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/OPP/openvpn/client-configs/tine.conf b/OPP/openvpn/client-configs/tine.conf
new file mode 100644
index 0000000..ed63f58
--- /dev/null
+++ b/OPP/openvpn/client-configs/tine.conf
@@ -0,0 +1,214 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-opp.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
+T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
+NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
+BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
+BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
+BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
+75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
+MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
+gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
+nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
+JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
+Y/hjEv3y78V8QA==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIEhzCCA/CgAwIBAgIBLTANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE4MDMyODExMTYy
+MFoXDTM4MDMyODExMTYyMFowgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLXRpbmUxEDAOBgNVBCkT
+B09QUC1WcG4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA50omlH/EGN/wsMPXSLcKnjcGPkfYDW0b
+VJz7gECICBxbXPVRbdtoxKTjv8agwtdjQAWnz/QQdwkxkkFedQfZTmyoosefS9BH
+CYgQ8Qi2Ecsn82tsv+UqsGG9JAToOAxBQ3pRh5miMP7W3ZXtn/czkZLFktQcaEg/
+nsg1nyruueJKVTfDKz4EeC3NfEAFAC4pkoWMJWABCXxSfSinPiItxrQVaRTPFBz/
+gZc7+Se2xmp8KYZm0oZs10Fo4Gij10HsJXKFi1+xONo5pDWTWPRupLLwkWVqAe/U
++198AT9CbMkXEyRVKh3IvEMpYInAfsibhR1+i6RD+6QUCmH6daly7wIDAQABo4IB
+VzCCAVMwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
+dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSYxQH+ro6ZoC5i6w6LN3taxROr+DCB
+xAYDVR0jBIG8MIG5gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMT
+Ck9QUC1WcG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QU
+i1Wj34gwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQI
+MAaCBHRpbmUwDQYJKoZIhvcNAQELBQADgYEAibRKSFGTe5RySYDZ2js5DfR8vSLa
+itT3m6c+/cAMXw3gbsFWkS7sWDnbIITTjtGKbCOBqvzFSWAjXN7RPStYWZ2Vgnbj
+EFYYsqwRnUZ2oQAkaqb4EWOK388QzcHalJEje59sqL50HbuivjCsvooWxDgf86A1
+adoBSkjcWSDYTII=
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIF/vrJSsqA4MCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBEetYsU2fdyBIIEyB5TzrKMZaI/
++apP3cyZt/GY3fTquGzdfxuZtc4PiFVEsbPrFAen+TZPPw9RITvOTJOJBBwGWgYN
+QtKmGSw5ns4/xM44pVS3jI2CkP5XxNiFTQYwQ+9xiSUjsxzKLn2EbsBhuLVB+8oE
+3MAomBNdLBVaiL1Pb5sKG5IfTprKnPCg6B0/CL5i6woH0cTw9usSuY1p2m8fMsKn
+00mP71V/RP0WzLkbdhUI5pYNe1OLlo6IEp32L1Df4iILbdqMhIhOfZgG9ODGa0rP
+2yPOaU8YHYdTvXwtr9Tdcu4Gh3aKppz1v5UA4McbAbs2TG5org7vLqg8BKx/ne0t
++9K3oRZEA7dIwIOnmO/jowrMngQsldKUSS7GktObSn4pu5E3ElPjdRzJAZvbM5qe
+aKv0zAt2L7zEATPJ4p5bOhAHseYTm2Nf9rzYV3zppQHKPXllrmli0IWoaUIWvdYD
+0DMWg+OBevcF7azfE+AhbvVQ2WMmtqrgvN31MtenwaBrWh2U6FP+ctCe/026EqAO
+2hj5wqgOWA7n09+IswTRM6ApNFI/2bNqWIDXlAjhH8PVDa6UMxTf/2t9zmfP4fT1
+f0i2fNMetLAznhX3N5BawXLHXvFC1C7Lf4vuptJS/oHQevocq7Ke03XEjIB00KAR
+XI5G22x+FIoPMWgY65AWsLT4UgttWODdUc6h37pKthBaZR3wqhKNN5XhJut6kbRG
+X8o1YdunTRvNp77wAA0aaRbeLGS4B7gTZ7EBIZ8OTDn0onYB7Ra/pJFkEizgnbQn
+qKwZadSBBUN7KSdMDQepU8zwnQ5S9uLmlY/YF0a9M+mhyqt270kxGhi5Z0EoNaOz
+NG/20/FZshZ07CzzGhWNCotVrQCsSpT7QSYbVlC4w/VPDUiAdZDS66sQ65lNKL6A
++2ILYcBaB2Z2lZ1pf0h07csMa+XHhoAZvzOw2iHmXl0rJkDmZSpqe6tWAQagbRS9
+Gz77j8UimJpf1WxOpvCHUEqv6baTQE/NhN7iuz4ZSmN4n/yjXyeAlYZNB1oxuKtv
+LQUG7fMel7hwT5Mzkw16v8VD4q/ZVytPho8+VqvAthCxkEJKoJui0SHk4KzqBsaQ
+jFf2eaR4lPDkywd01weBb14kcqXxEDnZ4heeqRcytZPrw2BlHdhcDF7bDYlISxNH
+b+dACg43JmQCVYpDDBOKafB5lSTHKV1zDHmChqq+MCEUyW1gGkNK/DOcbMToQ9lQ
+4WjxvPCWwIcOwrGtgYfakkfIsK+CbFdR1kQ1uUBzpSpRUzwMdndC3+cZ6YoMvl1o
+ICu0oF7af23JYo0iiCcTpVmuU2tKm2psRcjjUiVabLDRVj4Uk6sw8v0HyznHDwWC
+Y8pHgeQhQx5SSpy2p/w7gbxHKxlrwpwfxZNvRDmx9SMZgbUlM/MNjx171ORaDr+V
+eGDUKsqE5p7pYkWrSWp4oK1wX8dA4qzm2bu6tNpANYdJghxrsgGMeO03AX1kQOSr
+uwv5e/PX4COqN2Tk+9B7k0i8FWUf0DuRlLfVuUZ23Cj2b7APhBFS/OH09IN9U7w5
+lvMTHgLRr3u41KKfDwFOS9srKqvL3ZVAxa/nuGoVNGBhY/GXMoxXL2KF8GLBTMsO
+S3Z9EBDJyV3qcr98xfQdbw==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+ff2b7b56af351769ba703f874d389327
+2e8fed8405df740d51d58eff3eb25af3
+d6de19376333a9b05aa72f8b90124bbf
+5ea3085029070d28952a1fe9baa392fc
+4865bd5dbc58a4ccfc373d2ce772a217
+17f099df7d2354e404ae7690cbc50002
+151667c2af583705bd3896327917327a
+a8b2c9073e58b7deabb3ad04336170b9
+6fcce57b50827b0f393b7d1f0a7f6299
+d15140e46f6108983234eb53b0a6d56c
+6ce3815bc7f5ec9f52bc7eb680562b4f
+1241f1378b774491ca817b56f1d5ba09
+c25e8a4dff3610c60e4f9f3c306c15af
+8a70829075343f2ab24d61560804c78a
+dda39ceb12e11a0079b59dcb607166e5
+567cbf1dc83c2f32f8ce1cb4576c12df
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/OPP/openvpn/crl.pem b/OPP/openvpn/crl.pem
new file mode 120000
index 0000000..98dd55e
--- /dev/null
+++ b/OPP/openvpn/crl.pem
@@ -0,0 +1 @@
+keys/crl.pem
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/build-ca b/OPP/openvpn/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/build-dh b/OPP/openvpn/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/build-inter b/OPP/openvpn/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/build-key b/OPP/openvpn/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/build-key-pass b/OPP/openvpn/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/build-key-pkcs12 b/OPP/openvpn/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/build-key-server b/OPP/openvpn/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/build-req b/OPP/openvpn/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/build-req-pass b/OPP/openvpn/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/clean-all b/OPP/openvpn/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/inherit-inter b/OPP/openvpn/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/list-crl b/OPP/openvpn/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/openssl-0.9.6.cnf b/OPP/openvpn/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/OPP/openvpn/easy-rsa/openssl-0.9.8.cnf b/OPP/openvpn/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/OPP/openvpn/easy-rsa/openssl-1.0.0.cnf b/OPP/openvpn/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..5245ed7
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 3650			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/OPP/openvpn/easy-rsa/openssl.cnf b/OPP/openvpn/easy-rsa/openssl.cnf
new file mode 120000
index 0000000..9cc2ab3
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/openssl.cnf
@@ -0,0 +1 @@
+openssl-1.0.0.cnf
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/pkitool b/OPP/openvpn/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/revoke-full b/OPP/openvpn/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/sign-req b/OPP/openvpn/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/OPP/openvpn/easy-rsa/vars b/OPP/openvpn/easy-rsa/vars
new file mode 100644
index 0000000..1b88f44
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/vars
@@ -0,0 +1,95 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+#export EASY_RSA="`pwd`"
+BASE_DIR=/etc/openvpn
+export EASY_RSA=${BASE_DIR}/easy-rsa
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+#export KEY_CONFIG="$EASY_RSA/openssl.cnf"
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+#export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="${BASE_DIR}/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+#export CA_EXPIRE=3650
+export CA_EXPIRE=10957
+
+# In how many days should certificates expire?
+#export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+#export KEY_COUNTRY="US"
+#export KEY_PROVINCE="CA"
+#export KEY_CITY="SanFrancisco"
+#export KEY_ORG="Fort-Funston"
+#export KEY_EMAIL="me@myhost.mydomain"
+#export KEY_OU="MyOrganizationalUnit"
+
+export KEY_COUNTRY=DE
+export KEY_PROVINCE=Berlin
+export KEY_CITY=Berlin
+export KEY_ORG="o.open"
+export KEY_EMAIL="argus@oopen.de"
+export KEY_OU="network services"
+
+export KEY_ALTNAMES="VPN OPP"
+
+# X509 Subject Field
+export KEY_NAME="OPP-Vpn"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/OPP/openvpn/easy-rsa/whichopensslcnf b/OPP/openvpn/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/OPP/openvpn/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/OPP/openvpn/ipaddresses.txt b/OPP/openvpn/ipaddresses.txt
new file mode 100644
index 0000000..6993a35
--- /dev/null
+++ b/OPP/openvpn/ipaddresses.txt
@@ -0,0 +1,20 @@
+10.0.62.1   openvpn server
+10.0.62.2   -- frei --
+10.0.62.3   chris
+10.0.62.4   rene
+10.0.62.5   -- frei --
+10.0.62.6   -- frei --
+10.0.62.7   -- frei --
+10.0.62.8   -- frei --
+10.0.62.9   chris_win
+10.0.62.10  -- reserviert --
+10.0.62.11  gesa
+10.0.62.12  johanna
+10.0.62.13  melanie
+10.0.62.14  dominique
+10.0.62.15  judith
+10.0.62.16  jonas
+10.0.62.17  ulf
+10.0.62.18  antje
+10.0.62.19  tobias
+10.0.62.20  anne
diff --git a/OPP/openvpn/ipp.txt b/OPP/openvpn/ipp.txt
new file mode 100644
index 0000000..497fe02
--- /dev/null
+++ b/OPP/openvpn/ipp.txt
@@ -0,0 +1,4 @@
+OPP-Vpn-ingmar,10.0.62.2
+OPP-Vpn-jenny,10.0.62.3
+OPP-Vpn-oezge,10.0.62.4
+OPP-Vpn-cristina,10.0.62.5
diff --git a/OPP/openvpn/keys-created.txt b/OPP/openvpn/keys-created.txt
new file mode 100644
index 0000000..e1f33ba
--- /dev/null
+++ b/OPP/openvpn/keys-created.txt
@@ -0,0 +1,24 @@
+
+key...............: laptop-opp1.key
+common name.......: OPP-Vpn-laptop-opp1
+password..........: KhhT3CtjkCx4
+
+key...............: laptop-opp3.key
+common name.......: OPP-Vpn-laptop-opp3
+password..........: ncW7fh44L97f
+
+key...............: laptop-opp2.key
+common name.......: OPP-Vpn-laptop-opp2
+password..........: 7NXL9T4cq4Xb
+
+key...............: oezge.key
+common name.......: OPP-Vpn-oezge
+password..........: VNm3LXg9RTrH
+
+key...............: jenny.key
+common name.......: OPP-Vpn-jenny
+password..........: jXzRxb44RnhN
+
+key...............: tine.key
+common name.......: OPP-Vpn-tine
+password..........: Lfj9fWMf9d%g
diff --git a/OPP/openvpn/keys/01.pem b/OPP/openvpn/keys/01.pem
new file mode 100644
index 0000000..f823279
--- /dev/null
+++ b/OPP/openvpn/keys/01.pem
@@ -0,0 +1,70 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 13:17:18 2008 GMT
+            Not After : May 17 13:17:18 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-server/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:dc:bc:9a:57:b7:b0:ab:5a:cf:38:2f:0b:2a:94:
+                    29:d7:20:98:67:3c:fc:f7:1c:9f:fb:75:12:c3:0b:
+                    87:ab:a8:e2:d8:07:67:2b:9a:4c:51:33:2a:4e:e7:
+                    df:f6:be:32:98:15:62:42:d6:38:f1:fc:0f:34:87:
+                    b4:c1:1a:67:e8:b8:2a:b8:fb:f7:ed:d0:a6:54:0a:
+                    30:ea:ab:32:d1:52:01:d5:1d:f7:8d:2a:63:79:65:
+                    ff:cc:40:ae:75:68:b8:32:2f:0a:57:4d:3c:71:35:
+                    af:48:14:f0:b5:b5:73:5c:e7:e4:6e:6c:fc:7a:3e:
+                    47:b6:8c:87:b0:28:55:1b:b5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                OpenSSL Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                02:6B:50:96:D0:73:B9:16:DC:FE:F0:90:50:EE:C2:00:68:2B:14:97
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        1c:e9:c7:6b:54:79:2e:c7:d0:89:0c:c3:ba:54:67:d0:e5:4f:
+        a3:5f:af:3d:39:74:4b:af:25:25:e1:20:be:af:1f:5b:94:26:
+        b3:95:69:8e:1c:8f:cc:b0:ce:3a:52:07:e1:8c:24:5e:f8:df:
+        d5:db:83:12:85:04:16:05:84:9f:c5:c9:12:a6:0d:da:30:ee:
+        6d:bb:92:dd:b5:24:98:61:e1:ec:d0:db:cc:c4:7e:3e:da:91:
+        a2:73:67:b1:60:10:16:e7:e8:d2:1a:e2:b0:75:a3:43:fd:29:
+        a3:c9:34:5c:19:03:cf:0d:39:2e:9f:a3:9c:f5:1f:6c:14:bd:
+        3c:a1
+-----BEGIN CERTIFICATE-----
+MIIDyDCCAzGgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTEzMTcx
+OFoXDTE4MDUxNzEzMTcxOFowgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
+MBUGA1UEAxMOT1BQLVZwbi1zZXJ2ZXIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcvJpXt7CrWs84Lwsq
+lCnXIJhnPPz3HJ/7dRLDC4erqOLYB2crmkxRMypO59/2vjKYFWJC1jjx/A80h7TB
+GmfouCq4+/ft0KZUCjDqqzLRUgHVHfeNKmN5Zf/MQK51aLgyLwpXTTxxNa9IFPC1
+tXNc5+RubPx6Pke2jIewKFUbtQIDAQABo4IBPTCCATkwCQYDVR0TBAIwADARBglg
+hkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVk
+IFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUAmtQltBzuRbc/vCQUO7CAGgr
+FJcwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8x
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYD
+VQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJ
+ANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GBABzpx2tUeS7H0IkMw7pUZ9DlT6Nf
+rz05dEuvJSXhIL6vH1uUJrOVaY4cj8ywzjpSB+GMJF7439XbgxKFBBYFhJ/FyRKm
+Ddow7m27kt21JJhh4ezQ28zEfj7akaJzZ7FgEBbn6NIa4rB1o0P9KaPJNFwZA88N
+OS6fo5z1H2wUvTyh
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/02.pem b/OPP/openvpn/keys/02.pem
new file mode 100644
index 0000000..316a1a6
--- /dev/null
+++ b/OPP/openvpn/keys/02.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 13:19:10 2008 GMT
+            Not After : May 17 13:19:10 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-chris/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:a6:7c:7a:2e:0e:b0:df:ea:02:43:e9:8a:95:ec:
+                    33:d2:a9:ba:28:6a:36:2f:66:d5:dc:d3:d4:b1:00:
+                    33:18:3c:d1:a0:4d:cc:a5:c7:22:07:85:0f:3a:7d:
+                    e0:20:2a:0d:17:4a:10:73:c6:2c:34:7e:ac:1f:8b:
+                    1c:6e:31:1b:3b:f1:ee:f4:6a:31:e9:5a:3d:31:4f:
+                    5b:ba:8e:b8:c7:a0:63:23:b3:7e:4a:c8:cf:3c:6e:
+                    4f:35:74:96:88:94:36:6d:57:aa:9f:a0:71:6d:96:
+                    2d:19:12:66:bc:eb:c5:79:92:0a:2f:2e:c0:37:92:
+                    72:e0:6f:60:68:dd:7b:e1:9f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                34:12:B0:EE:3B:AB:8F:D7:D1:6C:EC:39:A6:8E:12:2A:EE:02:0D:0B
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        06:48:c1:75:ac:13:02:30:6e:de:11:8f:8e:44:05:59:76:d8:
+        9c:23:57:e7:53:97:2a:c5:a1:8e:11:3c:c0:28:57:c8:7d:d9:
+        49:ab:87:ff:fe:72:eb:cc:57:33:d3:87:0a:c6:53:37:23:16:
+        51:4d:2a:b9:b9:53:69:04:99:f1:bd:9e:18:15:88:2b:ea:2a:
+        8d:7a:6a:3e:65:9c:5e:c7:fa:74:e5:b5:e1:5a:fd:76:30:f3:
+        5e:10:f9:12:a2:ac:30:2c:ac:97:f0:54:c3:9f:64:01:2c:0c:
+        47:6b:fc:b9:ac:72:e8:7d:64:fa:61:7a:3e:6b:64:84:71:9c:
+        21:41
+-----BEGIN CERTIFICATE-----
+MIIDrTCCAxagAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTEzMTkx
+MFoXDTE4MDUxNzEzMTkxMFowgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
+MBQGA1UEAxMNT1BQLVZwbi1jaHJpczEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKZ8ei4OsN/qAkPpipXs
+M9KpuihqNi9m1dzT1LEAMxg80aBNzKXHIgeFDzp94CAqDRdKEHPGLDR+rB+LHG4x
+Gzvx7vRqMelaPTFPW7qOuMegYyOzfkrIzzxuTzV0loiUNm1Xqp+gcW2WLRkSZrzr
+xXmSCi8uwDeScuBvYGjde+GfAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUNBKw7jurj9fRbOw5po4SKu4CDQswgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
+ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
+AAZIwXWsEwIwbt4Rj45EBVl22JwjV+dTlyrFoY4RPMAoV8h92Umrh//+cuvMVzPT
+hwrGUzcjFlFNKrm5U2kEmfG9nhgViCvqKo16aj5lnF7H+nTlteFa/XYw814Q+RKi
+rDAsrJfwVMOfZAEsDEdr/Lmscuh9ZPphej5rZIRxnCFB
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/03.pem b/OPP/openvpn/keys/03.pem
new file mode 100644
index 0000000..c2d774d
--- /dev/null
+++ b/OPP/openvpn/keys/03.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 13:55:46 2008 GMT
+            Not After : May 17 13:55:46 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-jonas/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:cb:9c:0c:a4:23:e7:df:db:2b:2e:2d:37:9d:61:
+                    cb:27:8d:ed:9f:1c:e9:b9:2d:83:3f:2f:1a:2a:90:
+                    e7:1c:8b:41:28:a0:2f:3a:c2:67:a9:5a:e8:0a:a5:
+                    fc:3e:38:e8:fb:a6:5e:e4:14:3e:8e:70:ec:49:d6:
+                    20:81:f5:96:69:8e:8f:82:c1:d2:d7:fa:4b:e8:be:
+                    3c:20:05:41:f9:05:9f:8e:2f:38:a8:f7:d8:fe:1e:
+                    65:3c:68:0c:b0:db:74:57:fe:35:3f:70:ac:f9:fd:
+                    e0:9b:31:e5:32:18:ea:eb:87:06:d1:8d:03:fe:de:
+                    ed:17:77:c1:e7:07:92:20:f3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                33:08:DF:6E:0D:57:08:50:3C:7F:87:8F:29:3E:1A:EF:64:69:30:CD
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        1d:1b:07:ad:33:48:cf:b8:59:30:fb:5f:6f:ea:15:37:9f:12:
+        b6:03:30:2a:93:46:47:d4:42:2b:99:d2:a1:c8:ca:20:58:e3:
+        71:9c:fa:a1:ff:53:85:41:5a:dd:df:80:6c:ca:f5:ca:75:56:
+        5b:9f:ff:90:06:07:a4:8b:4f:c1:58:fd:02:ad:d8:1b:6c:6e:
+        bd:4f:6a:40:1e:43:47:3b:b6:cb:45:be:f1:68:9f:9f:05:b9:
+        3b:b9:7f:4a:0c:0f:53:c3:ab:15:54:cc:93:f1:4d:a7:88:7b:
+        f1:e5:59:9e:ac:4f:f6:9e:cb:05:e7:bd:fc:33:27:53:0d:07:
+        c0:07
+-----BEGIN CERTIFICATE-----
+MIIDrTCCAxagAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTEzNTU0
+NloXDTE4MDUxNzEzNTU0NlowgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
+MBQGA1UEAxMNT1BQLVZwbi1qb25hczEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMucDKQj59/bKy4tN51h
+yyeN7Z8c6bktgz8vGiqQ5xyLQSigLzrCZ6la6Aql/D446PumXuQUPo5w7EnWIIH1
+lmmOj4LB0tf6S+i+PCAFQfkFn44vOKj32P4eZTxoDLDbdFf+NT9wrPn94Jsx5TIY
+6uuHBtGNA/7e7Rd3wecHkiDzAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUMwjfbg1XCFA8f4ePKT4a72RpMM0wgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
+ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
+AB0bB60zSM+4WTD7X2/qFTefErYDMCqTRkfUQiuZ0qHIyiBY43Gc+qH/U4VBWt3f
+gGzK9cp1Vluf/5AGB6SLT8FY/QKt2Btsbr1PakAeQ0c7tstFvvFon58FuTu5f0oM
+D1PDqxVUzJPxTaeIe/HlWZ6sT/aeywXnvfwzJ1MNB8AH
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/04.pem b/OPP/openvpn/keys/04.pem
new file mode 100644
index 0000000..fa49df3
--- /dev/null
+++ b/OPP/openvpn/keys/04.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:10:25 2008 GMT
+            Not After : May 17 14:10:25 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-anne/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:a9:01:86:b4:76:7b:0e:42:cc:95:2c:97:8d:c8:
+                    5b:a2:7d:a0:8b:8e:06:97:e7:f3:48:5c:a4:90:1f:
+                    67:3e:ae:43:1d:c0:01:29:c9:f8:3d:b9:a4:42:d7:
+                    2a:18:53:64:22:3b:88:70:62:3b:7c:6f:e1:50:6e:
+                    86:6d:e1:31:13:f7:d3:42:20:d0:b2:83:fb:71:f3:
+                    72:a5:ae:b2:cd:3b:da:c2:61:eb:7f:e8:67:72:83:
+                    de:50:a3:ad:17:ad:e4:b8:a0:09:63:09:9d:8c:5b:
+                    47:a7:fb:9e:51:32:9a:95:2f:81:98:19:c1:94:46:
+                    f9:cd:78:99:41:fe:27:4b:fb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                16:84:EC:50:65:D5:87:51:13:EB:A5:5E:6A:00:8E:4D:1E:80:52:C4
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        35:b0:0a:3e:43:aa:72:39:8a:03:e6:77:36:f3:84:b1:18:dc:
+        b1:45:9c:f9:c6:b5:49:4c:51:ec:e2:ba:c7:39:0f:cd:f6:3f:
+        ed:c6:86:a3:3c:39:82:bb:cb:27:8b:b4:c7:f8:07:a3:ee:d2:
+        9a:8f:fa:34:81:de:a0:68:f0:b3:2b:6e:30:b2:96:5f:84:48:
+        21:25:2e:3a:69:36:49:4d:bc:40:98:5a:56:58:98:d3:22:94:
+        b6:13:33:c6:4b:3c:30:22:04:91:e4:1b:f9:f4:e1:ed:0d:d4:
+        32:05:e7:ab:b9:8b:b7:15:16:97:6d:2a:2a:f4:07:dc:54:be:
+        a4:26
+-----BEGIN CERTIFICATE-----
+MIIDrDCCAxWgAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTAy
+NVoXDTE4MDUxNzE0MTAyNVowgYAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEV
+MBMGA1UEAxMMT1BQLVZwbi1hbm5lMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqQGGtHZ7DkLMlSyXjchb
+on2gi44Gl+fzSFykkB9nPq5DHcABKcn4PbmkQtcqGFNkIjuIcGI7fG/hUG6GbeEx
+E/fTQiDQsoP7cfNypa6yzTvawmHrf+hncoPeUKOtF63kuKAJYwmdjFtHp/ueUTKa
+lS+BmBnBlEb5zXiZQf4nS/sCAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBQWhOxQZdWHURPrpV5qAI5NHoBSxDCBxAYDVR0jBIG8MIG5gBThTcNr9HyBexay
+zG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxp
+bjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5l
+dHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQADgYEA
+NbAKPkOqcjmKA+Z3NvOEsRjcsUWc+ca1SUxR7OK6xzkPzfY/7caGozw5grvLJ4u0
+x/gHo+7Smo/6NIHeoGjwsytuMLKWX4RIISUuOmk2SU28QJhaVliY0yKUthMzxks8
+MCIEkeQb+fTh7Q3UMgXnq7mLtxUWl20qKvQH3FS+pCY=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/05.pem b/OPP/openvpn/keys/05.pem
new file mode 100644
index 0000000..5fc1507
--- /dev/null
+++ b/OPP/openvpn/keys/05.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:11:07 2008 GMT
+            Not After : May 17 14:11:07 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-antje/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d9:af:d5:10:fd:3d:66:4a:1f:86:43:3a:eb:9d:
+                    c3:3d:eb:9a:fd:c9:ac:76:79:b4:8b:62:3a:b0:22:
+                    92:70:ef:dc:b4:90:08:af:0e:69:c1:e1:41:42:f1:
+                    5a:9a:34:28:c1:4b:73:9f:cb:48:8d:e8:4e:fc:ae:
+                    98:aa:87:7a:a0:09:77:6c:d2:db:51:f9:0b:a1:93:
+                    37:57:4d:71:ed:5a:07:2b:0e:29:6c:c1:2c:79:e7:
+                    82:6c:f2:49:fd:1f:44:18:df:07:3b:4a:9e:53:49:
+                    b7:29:1c:17:ed:28:0a:72:64:3e:3d:98:ab:ce:0b:
+                    99:19:a4:36:7d:12:dd:6a:af
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                DD:6A:35:36:EE:4B:F6:AE:4C:80:30:12:74:49:60:87:44:FA:09:D6
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        ad:af:8f:8a:fa:30:43:ce:95:ff:9d:39:65:a9:da:1e:49:dc:
+        df:10:63:4a:76:74:5f:46:e6:2a:e6:be:ca:de:99:1a:84:07:
+        53:f4:ec:1b:27:ae:3d:f5:21:b5:9c:27:5f:18:f8:3b:fa:39:
+        6c:3a:d8:2a:01:2d:61:22:a1:36:4e:21:0a:48:e1:46:57:98:
+        43:fa:f6:b1:6a:32:75:5a:b6:15:f6:3e:5b:61:8d:73:de:ff:
+        cd:3c:90:8a:ca:41:88:55:97:eb:e8:92:d8:89:96:34:99:9f:
+        eb:e7:4e:37:01:3d:33:dd:32:17:c6:d2:0c:1d:9e:ee:72:37:
+        a6:85
+-----BEGIN CERTIFICATE-----
+MIIDrTCCAxagAwIBAgIBBTANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTEw
+N1oXDTE4MDUxNzE0MTEwN1owgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
+MBQGA1UEAxMNT1BQLVZwbi1hbnRqZTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANmv1RD9PWZKH4ZDOuud
+wz3rmv3JrHZ5tItiOrAiknDv3LSQCK8OacHhQULxWpo0KMFLc5/LSI3oTvyumKqH
+eqAJd2zS21H5C6GTN1dNce1aBysOKWzBLHnngmzySf0fRBjfBztKnlNJtykcF+0o
+CnJkPj2Yq84LmRmkNn0S3WqvAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQU3Wo1Nu5L9q5MgDASdElgh0T6CdYwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
+ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
+AK2vj4r6MEPOlf+dOWWp2h5J3N8QY0p2dF9G5irmvsremRqEB1P07Bsnrj31IbWc
+J18Y+Dv6OWw62CoBLWEioTZOIQpI4UZXmEP69rFqMnVathX2PlthjXPe/808kIrK
+QYhVl+voktiJljSZn+vnTjcBPTPdMhfG0gwdnu5yN6aF
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/06.pem b/OPP/openvpn/keys/06.pem
new file mode 100644
index 0000000..836f2c9
--- /dev/null
+++ b/OPP/openvpn/keys/06.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:11:52 2008 GMT
+            Not After : May 17 14:11:52 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-dominique/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c1:38:3f:b0:d4:de:b8:36:d8:39:59:f5:e7:f0:
+                    90:30:28:ea:08:8f:89:22:a6:20:ab:30:cd:fd:6d:
+                    05:49:a8:75:44:5b:2a:8c:d0:f2:7a:ad:8e:2d:f8:
+                    61:3a:ca:96:6b:f7:fa:8f:9e:cf:b6:1f:05:28:0f:
+                    17:7b:30:72:38:b4:d7:2e:11:7d:4e:bd:0e:34:f5:
+                    73:b8:fc:96:bf:dc:08:b4:42:5c:28:79:c9:13:21:
+                    41:56:8b:46:b4:22:3a:ce:67:7e:ee:22:e4:0d:6b:
+                    2a:6d:5e:20:1a:cd:bb:00:98:e6:a8:c5:40:e6:cf:
+                    64:5e:73:c3:5c:07:64:67:4b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E4:85:C4:03:74:D3:5B:17:7C:9A:8A:F7:CE:62:23:56:CE:45:14:80
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        23:5f:8b:84:36:8f:5c:85:64:4c:13:36:df:64:4f:6e:15:b3:
+        21:2e:1c:3f:90:d4:9c:03:2e:1d:c8:6d:54:d7:19:03:46:b5:
+        e9:50:eb:92:7c:cf:14:5d:b4:0c:58:3e:8d:e8:a0:19:aa:16:
+        43:b5:c5:9b:4e:4e:1c:4b:a3:80:78:43:c8:77:79:6e:ac:13:
+        28:c8:5d:c1:a2:b2:dd:1f:ca:ad:c5:7b:81:3f:8d:15:43:6e:
+        e4:39:73:a9:07:85:4c:a7:ad:34:73:80:06:1f:97:63:38:53:
+        77:db:e0:5f:ea:0b:40:a8:55:9a:d2:68:75:20:ca:29:0f:7f:
+        67:e5
+-----BEGIN CERTIFICATE-----
+MIIDsTCCAxqgAwIBAgIBBjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTE1
+MloXDTE4MDUxNzE0MTE1MlowgYUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEa
+MBgGA1UEAxMRT1BQLVZwbi1kb21pbmlxdWUxHTAbBgkqhkiG9w0BCQEWDmFyZ3Vz
+QG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBOD+w1N64Ntg5
+WfXn8JAwKOoIj4kipiCrMM39bQVJqHVEWyqM0PJ6rY4t+GE6ypZr9/qPns+2HwUo
+Dxd7MHI4tNcuEX1OvQ409XO4/Ja/3Ai0QlwoeckTIUFWi0a0IjrOZ37uIuQNaypt
+XiAazbsAmOaoxUDmz2Rec8NcB2RnSwIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAs
+BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFOSFxAN001sXfJqK985iI1bORRSAMIHEBgNVHSMEgbwwgbmAFOFNw2v0
+fIF7FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMG
+QmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UE
+CxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqG
+SIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQF
+AAOBgQAjX4uENo9chWRMEzbfZE9uFbMhLhw/kNScAy4dyG1U1xkDRrXpUOuSfM8U
+XbQMWD6N6KAZqhZDtcWbTk4cS6OAeEPId3lurBMoyF3BorLdH8qtxXuBP40VQ27k
+OXOpB4VMp600c4AGH5djOFN32+Bf6gtAqFWa0mh1IMopD39n5Q==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/07.pem b/OPP/openvpn/keys/07.pem
new file mode 100644
index 0000000..7619b30
--- /dev/null
+++ b/OPP/openvpn/keys/07.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 7 (0x7)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:12:31 2008 GMT
+            Not After : May 17 14:12:31 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-gesa/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:dd:3f:12:ed:6e:50:5f:83:73:b2:02:06:39:79:
+                    4c:8f:5c:1a:cf:24:8b:48:ad:26:30:5e:33:dc:97:
+                    ee:8a:01:4b:4c:be:78:0e:6c:a7:04:5b:2d:12:bd:
+                    2e:c1:7f:71:6d:84:52:b5:19:e8:b2:6c:57:bd:54:
+                    4b:9d:97:ca:12:a4:9e:7b:d6:b3:26:88:b2:f9:ee:
+                    e8:92:27:1a:50:e1:8e:44:ba:a8:81:db:c6:03:9b:
+                    8e:92:a6:f5:28:61:d9:a8:9b:6c:74:41:e4:3d:a2:
+                    2e:98:75:9f:3f:37:6f:79:84:44:ff:53:39:cf:96:
+                    31:b4:82:54:dd:46:b8:8c:85
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                20:D1:BD:E0:49:1C:2D:5C:06:98:E8:85:E7:B4:9B:34:0F:23:DB:21
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        69:8a:2e:2b:93:da:48:7a:0a:3a:8d:84:0e:f9:16:d7:23:c6:
+        29:e2:75:67:e8:59:f2:21:2b:31:7f:15:94:10:0b:49:5a:a4:
+        4c:7f:ef:3e:02:ad:04:d5:be:f7:10:03:cd:77:73:bb:b4:93:
+        03:c8:27:51:0e:1a:27:91:51:e6:6f:43:ad:cd:91:be:ab:3c:
+        5c:ba:54:e8:4f:b5:07:22:d4:46:b1:e6:41:34:cc:56:84:3b:
+        f2:bf:eb:b9:a5:d8:43:95:b5:42:67:3a:08:99:f9:d9:3d:9e:
+        fa:2d:e3:a8:da:4c:de:3e:00:cc:92:8c:56:92:d0:da:47:b0:
+        fa:eb
+-----BEGIN CERTIFICATE-----
+MIIDrDCCAxWgAwIBAgIBBzANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTIz
+MVoXDTE4MDUxNzE0MTIzMVowgYAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEV
+MBMGA1UEAxMMT1BQLVZwbi1nZXNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3T8S7W5QX4NzsgIGOXlM
+j1wazySLSK0mMF4z3JfuigFLTL54DmynBFstEr0uwX9xbYRStRnosmxXvVRLnZfK
+EqSee9azJoiy+e7okicaUOGORLqogdvGA5uOkqb1KGHZqJtsdEHkPaIumHWfPzdv
+eYRE/1M5z5YxtIJU3Ua4jIUCAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBQg0b3gSRwtXAaY6IXntJs0DyPbITCBxAYDVR0jBIG8MIG5gBThTcNr9HyBexay
+zG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxp
+bjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5l
+dHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQADgYEA
+aYouK5PaSHoKOo2EDvkW1yPGKeJ1Z+hZ8iErMX8VlBALSVqkTH/vPgKtBNW+9xAD
+zXdzu7STA8gnUQ4aJ5FR5m9Drc2Rvqs8XLpU6E+1ByLURrHmQTTMVoQ78r/ruaXY
+Q5W1Qmc6CJn52T2e+i3jqNpM3j4AzJKMVpLQ2kew+us=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/08.pem b/OPP/openvpn/keys/08.pem
new file mode 100644
index 0000000..8c5fcdb
--- /dev/null
+++ b/OPP/openvpn/keys/08.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 8 (0x8)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:13:18 2008 GMT
+            Not After : May 17 14:13:18 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-johanna/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:f7:70:f2:cb:57:2c:4b:57:2f:44:0f:26:39:41:
+                    ac:8c:0b:5b:3b:17:9a:f0:9f:1e:3a:9f:43:83:65:
+                    ce:78:1d:ca:33:9b:e8:79:a0:64:d9:2a:3f:37:75:
+                    09:bc:2c:60:78:d0:fe:90:c3:4e:91:70:4d:e4:f7:
+                    a4:df:c5:55:94:10:8c:91:ed:0e:41:22:61:20:67:
+                    f9:87:84:8d:a2:84:95:a2:86:04:49:d2:f5:3e:cf:
+                    54:22:e9:30:90:d5:e0:12:f3:94:39:9a:f4:6a:27:
+                    82:89:d6:a1:2b:f6:41:ca:7b:07:a0:96:cb:bf:7d:
+                    b0:22:66:b0:ae:13:bb:23:81
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                32:7C:8F:D3:1A:02:D7:62:07:F0:D2:64:DD:4A:56:76:38:58:6A:3F
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        6b:6d:1d:fb:22:51:80:dd:c0:d0:45:cd:51:f7:2e:d8:0c:e9:
+        b9:63:62:30:25:8c:37:ae:95:90:2f:e7:d0:a2:fe:08:18:f2:
+        1b:a3:cb:54:36:b3:9e:33:56:7e:fe:68:70:ab:51:0e:0c:30:
+        1d:3a:bc:5f:e3:32:9b:81:2e:87:4c:23:dc:24:70:ac:9e:f1:
+        f1:75:ee:9c:b1:a8:b8:58:23:7d:37:0b:be:43:8d:30:b1:40:
+        e3:72:90:56:40:38:d7:27:d9:1a:58:88:ba:58:a0:7c:16:91:
+        b5:fe:a5:68:55:a8:e7:88:a7:09:1f:28:c0:21:b6:4a:05:95:
+        ae:14
+-----BEGIN CERTIFICATE-----
+MIIDrzCCAxigAwIBAgIBCDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTMx
+OFoXDTE4MDUxNzE0MTMxOFowgYMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEY
+MBYGA1UEAxMPT1BQLVZwbi1qb2hhbm5hMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA93Dyy1csS1cvRA8m
+OUGsjAtbOxea8J8eOp9Dg2XOeB3KM5voeaBk2So/N3UJvCxgeND+kMNOkXBN5Pek
+38VVlBCMke0OQSJhIGf5h4SNooSVooYESdL1Ps9UIukwkNXgEvOUOZr0aieCidah
+K/ZBynsHoJbLv32wImawrhO7I4ECAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJ
+YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBQyfI/TGgLXYgfw0mTdSlZ2OFhqPzCBxAYDVR0jBIG8MIG5gBThTcNr9HyB
+exayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
+cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
+EG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG
+9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQAD
+gYEAa20d+yJRgN3A0EXNUfcu2AzpuWNiMCWMN66VkC/n0KL+CBjyG6PLVDaznjNW
+fv5ocKtRDgwwHTq8X+Mym4Euh0wj3CRwrJ7x8XXunLGouFgjfTcLvkONMLFA43KQ
+VkA41yfZGliIuligfBaRtf6laFWo54inCR8owCG2SgWVrhQ=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/09.pem b/OPP/openvpn/keys/09.pem
new file mode 100644
index 0000000..9acf15e
--- /dev/null
+++ b/OPP/openvpn/keys/09.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 9 (0x9)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:14:03 2008 GMT
+            Not After : May 17 14:14:03 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-judith/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d9:e7:c6:8e:af:9e:0e:c7:3e:12:5b:e2:4a:a2:
+                    45:7f:50:56:14:13:d7:c8:01:22:b5:56:7d:88:a5:
+                    c6:a8:18:21:e3:bc:9d:b6:2a:28:08:8e:1c:14:ca:
+                    13:0d:22:fc:ba:cf:cb:39:8c:6f:b2:0f:de:41:a0:
+                    ba:23:05:13:aa:11:35:3c:0d:51:ef:a5:03:45:8c:
+                    50:d6:91:79:6a:dd:86:1b:87:be:5b:62:89:06:f7:
+                    da:2c:20:3f:ae:59:e0:2f:f5:e3:69:f1:a4:6d:c5:
+                    b0:fb:8f:e9:92:c7:81:2e:a9:d7:44:9d:2f:d5:4f:
+                    78:e4:7c:38:4f:8d:ea:06:47
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                B4:C2:63:23:F6:B4:BE:2C:28:A2:BE:0F:96:77:80:E5:CC:9D:9B:F6
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        62:64:75:56:6e:13:fe:0f:42:1e:99:83:35:fb:f3:5e:06:84:
+        62:82:33:54:8f:d4:0f:08:a5:1d:6c:ea:b3:64:81:43:80:16:
+        46:d4:9b:e2:ac:10:4c:6a:eb:b5:a9:b5:15:05:0d:80:74:fe:
+        e3:33:89:39:67:47:3b:45:4e:9b:5e:5e:0a:07:8b:a7:bb:e7:
+        0a:4e:e9:31:8b:cc:a9:43:26:79:dd:00:b5:e5:8f:f9:8f:93:
+        36:3e:45:ea:df:63:35:69:f0:8c:1e:1f:09:a6:da:07:04:30:
+        51:eb:df:4a:c1:9a:95:1d:dd:9e:eb:29:2d:86:10:6a:03:cb:
+        14:3a
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBCTANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTQw
+M1oXDTE4MDUxNzE0MTQwM1owgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
+MBUGA1UEAxMOT1BQLVZwbi1qdWRpdGgxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZ58aOr54Oxz4SW+JK
+okV/UFYUE9fIASK1Vn2IpcaoGCHjvJ22KigIjhwUyhMNIvy6z8s5jG+yD95BoLoj
+BROqETU8DVHvpQNFjFDWkXlq3YYbh75bYokG99osID+uWeAv9eNp8aRtxbD7j+mS
+x4EuqddEnS/VT3jkfDhPjeoGRwIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFLTCYyP2tL4sKKK+D5Z3gOXMnZv2MIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
+FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQFAAOB
+gQBiZHVWbhP+D0IemYM1+/NeBoRigjNUj9QPCKUdbOqzZIFDgBZG1JvirBBMauu1
+qbUVBQ2AdP7jM4k5Z0c7RU6bXl4KB4unu+cKTukxi8ypQyZ53QC15Y/5j5M2PkXq
+32M1afCMHh8JptoHBDBR699KwZqVHd2e6ykthhBqA8sUOg==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/0A.pem b/OPP/openvpn/keys/0A.pem
new file mode 100644
index 0000000..986417b
--- /dev/null
+++ b/OPP/openvpn/keys/0A.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 10 (0xa)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:14:45 2008 GMT
+            Not After : May 17 14:14:45 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-melanie/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b2:b8:c9:51:71:56:49:22:c5:0b:cf:66:3c:64:
+                    78:95:e7:b3:58:25:4f:31:fa:25:ed:bc:e5:69:e4:
+                    58:84:ca:86:3c:7a:94:39:ae:66:f5:99:7b:36:3c:
+                    f9:84:92:ca:24:e6:1b:f8:9c:f6:81:ca:fe:c7:db:
+                    70:2d:bf:2b:dc:ce:cb:63:1c:e5:79:66:46:83:45:
+                    5b:70:2c:69:3f:cd:0b:5b:95:e5:b2:ca:b9:17:7f:
+                    45:74:e0:0f:d9:f8:12:57:45:9f:2e:c3:85:af:bf:
+                    13:f4:80:e1:67:44:8d:04:80:17:a7:aa:0d:f5:be:
+                    54:6f:11:99:94:76:ec:f4:6f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                C1:FB:C0:38:B2:6D:8B:92:3F:3F:78:3D:5E:E5:17:67:1D:25:B7:4E
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        8b:78:28:3d:87:71:36:a1:e7:66:cd:07:6f:1c:f5:43:80:7f:
+        cf:67:dd:5f:14:b4:e3:33:05:53:36:e0:53:62:e3:16:d7:ca:
+        85:b0:d4:64:72:57:15:fd:c5:54:ac:d8:98:98:5d:43:e5:a8:
+        f8:bf:cb:f9:79:ed:8e:6e:8d:4e:5c:3a:1e:ec:e3:ad:ac:c5:
+        ec:5a:91:7d:2d:9d:c2:6e:51:38:55:6a:0f:27:1b:b6:a7:9d:
+        78:fc:bf:29:d7:a8:93:83:cf:72:62:5f:51:39:5e:f6:f2:e0:
+        59:09:f0:96:4c:25:02:03:21:22:0a:d2:2b:4e:26:53:b4:e6:
+        ab:68
+-----BEGIN CERTIFICATE-----
+MIIDrzCCAxigAwIBAgIBCjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTQ0
+NVoXDTE4MDUxNzE0MTQ0NVowgYMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEY
+MBYGA1UEAxMPT1BQLVZwbi1tZWxhbmllMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsrjJUXFWSSLFC89m
+PGR4leezWCVPMfol7bzlaeRYhMqGPHqUOa5m9Zl7Njz5hJLKJOYb+Jz2gcr+x9tw
+Lb8r3M7LYxzleWZGg0VbcCxpP80LW5Xlssq5F39FdOAP2fgSV0WfLsOFr78T9IDh
+Z0SNBIAXp6oN9b5UbxGZlHbs9G8CAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJ
+YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBTB+8A4sm2Lkj8/eD1e5RdnHSW3TjCBxAYDVR0jBIG8MIG5gBThTcNr9HyB
+exayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
+cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
+EG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG
+9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQAD
+gYEAi3goPYdxNqHnZs0Hbxz1Q4B/z2fdXxS04zMFUzbgU2LjFtfKhbDUZHJXFf3F
+VKzYmJhdQ+Wo+L/L+Xntjm6NTlw6HuzjrazF7FqRfS2dwm5ROFVqDycbtqedePy/
+Kdeok4PPcmJfUTle9vLgWQnwlkwlAgMhIgrSK04mU7Tmq2g=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/0B.pem b/OPP/openvpn/keys/0B.pem
new file mode 100644
index 0000000..7c29057
--- /dev/null
+++ b/OPP/openvpn/keys/0B.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 11 (0xb)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:15:20 2008 GMT
+            Not After : May 17 14:15:20 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-nadja/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bb:cb:0e:5b:38:8b:77:6a:4d:33:ff:b5:cc:13:
+                    55:6e:7c:b1:94:26:88:65:bd:e3:52:c5:cf:26:ad:
+                    0a:f2:81:7a:e1:ea:5a:9e:f8:e8:3f:07:4d:a0:c5:
+                    0a:16:a9:a0:57:fc:b9:e9:36:f2:51:8f:0a:da:8f:
+                    80:d1:cf:4c:b2:20:20:42:e8:54:b9:1f:47:e9:dd:
+                    d6:20:40:1b:70:cd:13:d8:b1:d1:80:81:2c:b3:a0:
+                    bb:14:f3:ce:90:63:06:42:62:db:64:96:7b:8e:b1:
+                    4b:bd:fb:69:f3:ff:28:d4:f2:31:95:d8:20:d2:1a:
+                    ea:42:75:37:b9:0f:62:45:49
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E4:1C:21:CA:A4:EA:2B:E7:DC:08:74:EE:52:64:02:66:34:F6:E6:3E
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        a5:59:81:da:2c:3b:ea:72:23:29:1a:6a:61:0b:a2:f9:d5:ee:
+        6e:cd:3b:6f:c6:c7:8a:75:60:cd:89:1a:a2:dc:e8:b2:85:91:
+        d9:8a:eb:f4:eb:c4:eb:31:3a:35:c1:e0:88:2d:3d:e5:09:ab:
+        dc:22:e4:57:23:2e:38:42:24:b7:9d:41:ae:3c:57:76:dc:17:
+        e7:44:a1:ab:8b:95:c4:64:d2:91:c3:61:73:df:9f:a8:6f:b4:
+        a7:46:09:93:fe:32:51:d9:bd:f5:aa:fa:e6:f3:bc:f2:f9:de:
+        fb:20:97:a5:89:51:3f:e3:92:32:c0:69:4f:0d:ba:8a:4a:90:
+        48:8a
+-----BEGIN CERTIFICATE-----
+MIIDrTCCAxagAwIBAgIBCzANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTUy
+MFoXDTE4MDUxNzE0MTUyMFowgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
+MBQGA1UEAxMNT1BQLVZwbi1uYWRqYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALvLDls4i3dqTTP/tcwT
+VW58sZQmiGW941LFzyatCvKBeuHqWp746D8HTaDFChapoFf8uek28lGPCtqPgNHP
+TLIgIELoVLkfR+nd1iBAG3DNE9ix0YCBLLOguxTzzpBjBkJi22SWe46xS737afP/
+KNTyMZXYINIa6kJ1N7kPYkVJAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQU5BwhyqTqK+fcCHTuUmQCZjT25j4wgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
+ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
+AKVZgdosO+pyIykaamELovnV7m7NO2/Gx4p1YM2JGqLc6LKFkdmK6/TrxOsxOjXB
+4IgtPeUJq9wi5FcjLjhCJLedQa48V3bcF+dEoauLlcRk0pHDYXPfn6hvtKdGCZP+
+MlHZvfWq+ubzvPL53vsgl6WJUT/jkjLAaU8NuopKkEiK
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/0C.pem b/OPP/openvpn/keys/0C.pem
new file mode 100644
index 0000000..61fba7f
--- /dev/null
+++ b/OPP/openvpn/keys/0C.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 12 (0xc)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:15:56 2008 GMT
+            Not After : May 17 14:15:56 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-tobias/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e2:c7:d7:e1:53:0f:08:cf:5d:41:91:b9:c4:66:
+                    5c:bc:75:31:47:c4:17:81:51:d3:be:c2:ee:6f:59:
+                    08:50:80:f7:8a:fa:44:fb:b6:8b:2d:d2:1f:45:61:
+                    7e:de:78:de:b8:6a:59:5b:1b:6a:51:26:cf:9b:42:
+                    d5:03:30:84:e7:0b:0a:51:65:26:9e:f6:9e:c1:3d:
+                    52:1e:74:17:1b:17:b6:19:ba:70:dc:12:79:71:83:
+                    02:e6:fd:62:f2:60:12:56:fb:ec:99:38:b1:88:72:
+                    16:a2:c7:96:bb:e8:74:6e:7e:98:61:49:a9:0e:15:
+                    71:7e:f4:f1:20:1c:c3:77:ed
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                4C:E4:08:62:13:05:07:76:96:1E:FC:03:C3:A5:BF:5B:E1:F3:0B:A5
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        81:38:ca:a2:c9:6e:c4:dc:ce:4c:a3:0a:93:35:d3:21:da:97:
+        d2:d6:cb:4a:91:e1:6f:d8:59:04:60:6f:4d:b2:3f:21:a1:c8:
+        89:11:6b:5f:43:69:88:52:08:09:2e:5c:a0:d4:f8:e5:6f:44:
+        d9:b1:60:16:6e:94:27:b3:3b:90:d1:d1:3f:c8:49:2d:f6:63:
+        bd:f6:57:17:d1:d8:4c:ca:d8:de:bb:47:14:c4:b4:3c:5e:89:
+        a5:60:0e:d1:47:bd:77:ad:ad:c4:1f:99:12:5d:e8:af:ab:8a:
+        07:cc:12:e7:9a:49:dd:71:85:d0:4e:a5:d6:6d:f5:75:ef:12:
+        aa:7d
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBDDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTU1
+NloXDTE4MDUxNzE0MTU1NlowgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
+MBUGA1UEAxMOT1BQLVZwbi10b2JpYXMxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDix9fhUw8Iz11BkbnE
+Zly8dTFHxBeBUdO+wu5vWQhQgPeK+kT7tost0h9FYX7eeN64allbG2pRJs+bQtUD
+MITnCwpRZSae9p7BPVIedBcbF7YZunDcEnlxgwLm/WLyYBJW++yZOLGIchaix5a7
+6HRufphhSakOFXF+9PEgHMN37QIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFEzkCGITBQd2lh78A8Olv1vh8wulMIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
+FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQFAAOB
+gQCBOMqiyW7E3M5MowqTNdMh2pfS1stKkeFv2FkEYG9Nsj8hociJEWtfQ2mIUggJ
+Llyg1Pjlb0TZsWAWbpQnszuQ0dE/yEkt9mO99lcX0dhMytjeu0cUxLQ8XomlYA7R
+R713ra3EH5kSXeivq4oHzBLnmkndcYXQTqXWbfV17xKqfQ==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/0D.pem b/OPP/openvpn/keys/0D.pem
new file mode 100644
index 0000000..2a01aef
--- /dev/null
+++ b/OPP/openvpn/keys/0D.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 13 (0xd)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:16:40 2008 GMT
+            Not After : May 17 14:16:40 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ulf/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:f3:98:dd:19:8d:1d:be:4d:b2:e2:5a:ea:a2:50:
+                    5e:5e:c0:e7:96:12:8e:6e:aa:17:b5:ac:d0:e9:87:
+                    dc:0b:3f:72:6c:10:40:ff:cb:6e:cb:7c:d1:b5:05:
+                    28:77:ac:f6:c1:f9:13:b0:75:0b:4d:ff:3f:f6:52:
+                    5e:a3:e4:04:6f:62:05:d8:4b:65:60:33:d4:1e:df:
+                    d5:c1:fb:eb:36:6a:4b:f2:a3:19:d0:01:ec:2b:95:
+                    bf:b6:c7:c2:5a:e6:87:a7:3b:b2:7f:b9:00:c6:70:
+                    c6:f0:69:96:02:c3:aa:ef:d3:94:af:69:f1:05:17:
+                    a8:8a:7f:9e:b0:f3:04:53:c1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                41:7F:25:CF:1F:B3:E1:DD:A8:D0:C3:CE:38:F3:0D:BC:5B:67:0B:67
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        04:05:3c:f7:be:51:55:46:ee:3b:4f:78:f8:d0:65:ac:78:a1:
+        5c:25:97:f2:a2:0c:e7:c6:95:5d:bf:02:72:d9:6e:f2:7a:26:
+        ef:50:e4:b4:19:c0:31:02:00:9f:0b:85:cf:f9:32:d8:17:ab:
+        fb:58:fa:70:18:78:6a:d7:68:9f:14:2a:80:4d:75:81:e0:24:
+        da:22:e8:82:cc:49:a9:57:87:49:36:ae:54:1f:35:68:13:33:
+        26:7f:92:45:a2:83:54:01:fe:c6:25:21:6a:26:52:88:db:12:
+        d8:b4:b8:94:43:6c:f2:e2:36:1b:96:ec:e2:2c:8d:f3:fd:b6:
+        8f:70
+-----BEGIN CERTIFICATE-----
+MIIDqjCCAxOgAwIBAgIBDTANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTY0
+MFoXDTE4MDUxNzE0MTY0MFowfzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRQw
+EgYDVQQDEwtPUFAtVnBuLXVsZjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPOY3RmNHb5NsuJa6qJQXl7A
+55YSjm6qF7Ws0OmH3As/cmwQQP/Lbst80bUFKHes9sH5E7B1C03/P/ZSXqPkBG9i
+BdhLZWAz1B7f1cH76zZqS/KjGdAB7CuVv7bHwlrmh6c7sn+5AMZwxvBplgLDqu/T
+lK9p8QUXqIp/nrDzBFPBAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCGSAGG
++EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
+QX8lzx+z4d2o0MPOOPMNvFtnC2cwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxt
+JGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3
+b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GBAAQF
+PPe+UVVG7jtPePjQZax4oVwll/KiDOfGlV2/AnLZbvJ6Ju9Q5LQZwDECAJ8Lhc/5
+MtgXq/tY+nAYeGrXaJ8UKoBNdYHgJNoi6ILMSalXh0k2rlQfNWgTMyZ/kkWig1QB
+/sYlIWomUojbEti0uJRDbPLiNhuW7OIsjfP9to9w
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/0E.pem b/OPP/openvpn/keys/0E.pem
new file mode 100644
index 0000000..b8ebd76
--- /dev/null
+++ b/OPP/openvpn/keys/0E.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 14 (0xe)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov  4 11:43:45 2008 GMT
+            Not After : Nov  2 11:43:45 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-nadja/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b0:66:79:ce:2a:e3:aa:4e:0c:c2:0d:ef:57:1e:
+                    c2:86:7a:b0:7f:6c:f7:99:de:ae:d9:37:88:68:2e:
+                    08:85:cc:1d:b9:dc:be:82:92:cd:2c:02:e2:3b:65:
+                    75:34:cf:9d:58:8f:f2:d6:16:a0:78:44:41:a8:fa:
+                    59:eb:9c:7d:96:ed:56:9b:0a:0e:02:30:c9:95:96:
+                    d9:f5:75:2b:40:91:96:35:85:da:26:74:1c:75:5b:
+                    bc:1c:64:64:3d:ac:88:6f:d4:ce:19:76:02:f3:b8:
+                    6a:ba:1c:78:f4:c9:51:e3:0a:76:e6:88:89:42:5e:
+                    67:ef:f1:49:ca:27:3d:be:8b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                7A:EA:DF:B3:C9:13:AC:8A:27:EA:7D:9A:44:EE:10:A6:0D:80:D2:85
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        98:03:4b:16:65:fa:f9:c5:72:8c:1a:dc:c6:58:b7:a5:b6:2b:
+        c6:fd:30:ba:7f:8c:df:17:e7:3d:ca:a8:e9:9b:14:85:ff:55:
+        52:9c:c5:a0:b6:99:18:42:fd:43:f3:8e:37:db:ec:a7:5b:ed:
+        8a:e7:40:8b:17:92:dc:e8:ee:58:d3:c1:07:49:45:86:b9:8a:
+        55:d6:81:e9:d2:42:58:b8:8b:6e:fe:2b:49:43:cb:14:a2:ff:
+        6f:a7:d8:55:13:bf:92:16:8e:69:cf:26:1a:5a:51:cf:9d:5c:
+        fd:e8:78:9b:0f:dc:32:df:08:21:06:e9:48:f5:b8:4d:b1:d7:
+        e3:af
+-----BEGIN CERTIFICATE-----
+MIIDrTCCAxagAwIBAgIBDjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MTEwNDExNDM0
+NVoXDTE4MTEwMjExNDM0NVowgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
+MBQGA1UEAxMNT1BQLVZwbi1uYWRqYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALBmec4q46pODMIN71ce
+woZ6sH9s95nertk3iGguCIXMHbncvoKSzSwC4jtldTTPnViP8tYWoHhEQaj6Weuc
+fZbtVpsKDgIwyZWW2fV1K0CRljWF2iZ0HHVbvBxkZD2siG/Uzhl2AvO4arocePTJ
+UeMKduaIiUJeZ+/xSconPb6LAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUeurfs8kTrIon6n2aRO4Qpg2A0oUwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
+ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
+AJgDSxZl+vnFcowa3MZYt6W2K8b9MLp/jN8X5z3KqOmbFIX/VVKcxaC2mRhC/UPz
+jjfb7Kdb7YrnQIsXktzo7ljTwQdJRYa5ilXWgenSQli4i27+K0lDyxSi/2+n2FUT
+v5IWjmnPJhpaUc+dXP3oeJsP3DLfCCEG6Uj1uE2x1+Ov
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/0F.pem b/OPP/openvpn/keys/0F.pem
new file mode 100644
index 0000000..980c016
--- /dev/null
+++ b/OPP/openvpn/keys/0F.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 15 (0xf)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov  4 11:59:44 2008 GMT
+            Not After : Nov  2 11:59:44 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ausstellung/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:af:cc:6f:d9:4b:11:29:17:6c:44:9c:39:8d:99:
+                    65:fc:1e:8d:84:72:62:68:2c:e0:13:89:4f:60:82:
+                    4a:77:40:49:7c:31:84:11:60:83:07:97:4f:a1:49:
+                    56:a4:d4:b0:af:97:93:a7:a0:5e:97:b5:81:0e:fa:
+                    37:00:41:29:77:f8:35:22:65:85:da:ac:af:72:c2:
+                    01:25:31:5f:3d:53:d0:bb:84:33:00:ad:b2:31:0e:
+                    f2:f3:2f:8b:63:ba:a1:f4:16:0b:e2:f0:60:e8:53:
+                    32:f0:80:14:b9:53:7e:4b:ee:f4:f1:e8:31:44:ba:
+                    6b:d3:9c:18:c0:67:5b:80:5b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                12:DD:3C:18:90:7F:33:F6:DA:97:DC:56:27:89:FA:29:67:03:74:F7
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        72:82:37:cd:78:d7:77:98:aa:5b:e8:64:77:0c:48:8e:c4:fc:
+        a0:1b:5d:ef:c6:c2:32:2b:74:5d:de:9b:f7:69:8e:46:d1:e2:
+        18:df:eb:d0:2f:2c:50:d2:d4:c6:87:39:df:be:c3:7c:f1:5e:
+        93:c6:92:8d:df:e9:ec:17:0a:02:f7:80:08:f0:3b:b3:0e:c2:
+        22:2d:24:d5:07:d5:d4:45:68:35:82:ad:46:b5:41:56:65:0a:
+        a7:3f:06:4d:72:33:db:0c:14:fa:3d:4e:ad:1f:6e:3b:51:6a:
+        51:ff:b3:6a:62:64:48:95:5e:0b:ee:28:91:56:63:64:51:9d:
+        56:be
+-----BEGIN CERTIFICATE-----
+MIIDszCCAxygAwIBAgIBDzANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MTEwNDExNTk0
+NFoXDTE4MTEwMjExNTk0NFowgYcxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEc
+MBoGA1UEAxMTT1BQLVZwbi1hdXNzdGVsbHVuZzEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK/Mb9lLESkX
+bEScOY2ZZfwejYRyYmgs4BOJT2CCSndASXwxhBFggweXT6FJVqTUsK+Xk6egXpe1
+gQ76NwBBKXf4NSJlhdqsr3LCASUxXz1T0LuEMwCtsjEO8vMvi2O6ofQWC+LwYOhT
+MvCAFLlTfkvu9PHoMUS6a9OcGMBnW4BbAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAA
+MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUEt08GJB/M/bal9xWJ4n6KWcDdPcwgcQGA1UdIwSBvDCBuYAU4U3D
+a/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJ
+KoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEB
+BAUAA4GBAHKCN81413eYqlvoZHcMSI7E/KAbXe/GwjIrdF3em/dpjkbR4hjf69Av
+LFDS1MaHOd++w3zxXpPGko3f6ewXCgL3gAjwO7MOwiItJNUH1dRFaDWCrUa1QVZl
+Cqc/Bk1yM9sMFPo9Tq0fbjtRalH/s2piZEiVXgvuKJFWY2RRnVa+
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/10.pem b/OPP/openvpn/keys/10.pem
new file mode 100644
index 0000000..7d0f7c2
--- /dev/null
+++ b/OPP/openvpn/keys/10.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 16 (0x10)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov  7 13:29:53 2008 GMT
+            Not After : Nov  5 13:29:53 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-jule/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e2:d7:c4:d1:97:c4:d5:cf:56:d0:36:72:e7:32:
+                    8f:b2:82:83:a1:2a:e8:97:2a:63:c2:dd:29:69:47:
+                    8a:fe:0c:61:fb:7f:02:08:e1:e9:8a:87:86:2d:95:
+                    74:c4:2c:59:c6:43:09:42:32:38:0f:f8:6c:0a:38:
+                    e9:3a:d7:36:fa:ef:d0:79:a1:ff:f1:fc:31:dd:c2:
+                    03:9e:db:7c:93:9a:90:aa:d7:a6:51:77:bc:48:8b:
+                    fc:a1:16:9f:78:bf:ac:1b:a8:30:f1:a9:e2:a1:26:
+                    3c:e0:54:a6:a4:04:16:78:3e:a6:e1:ad:02:66:08:
+                    a6:7d:16:0f:f1:56:b5:38:1f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                F0:6E:18:39:08:58:5F:92:A5:44:04:9F:87:2A:63:EB:FF:7F:E0:1A
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        42:9a:06:bd:da:97:4d:13:1e:a9:e7:4a:15:fa:12:7f:d6:90:
+        03:68:af:8e:73:1a:3a:66:3f:61:49:69:02:89:be:ba:47:fc:
+        d0:5c:c8:51:b4:6e:ed:31:a8:13:86:24:51:a8:f2:9e:56:d8:
+        43:fd:f2:42:df:7c:41:c4:7c:ad:87:06:b6:92:29:f2:2f:2a:
+        f1:9f:7a:3c:a4:76:ba:d4:99:b7:8f:de:99:98:f0:e9:01:f7:
+        6c:31:36:77:6f:85:2f:cc:5f:a3:59:0a:96:84:a2:98:b3:83:
+        6e:02:ef:d8:50:c6:81:0e:ee:b2:cb:20:e7:0f:71:ed:7e:9a:
+        c7:fd
+-----BEGIN CERTIFICATE-----
+MIIDrDCCAxWgAwIBAgIBEDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MTEwNzEzMjk1
+M1oXDTE4MTEwNTEzMjk1M1owgYAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEV
+MBMGA1UEAxMMT1BQLVZwbi1qdWxlMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4tfE0ZfE1c9W0DZy5zKP
+soKDoSrolypjwt0paUeK/gxh+38CCOHpioeGLZV0xCxZxkMJQjI4D/hsCjjpOtc2
++u/QeaH/8fwx3cIDntt8k5qQqtemUXe8SIv8oRafeL+sG6gw8anioSY84FSmpAQW
+eD6m4a0CZgimfRYP8Va1OB8CAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBTwbhg5CFhfkqVEBJ+HKmPr/3/gGjCBxAYDVR0jBIG8MIG5gBThTcNr9HyBexay
+zG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxp
+bjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5l
+dHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQADgYEA
+QpoGvdqXTRMeqedKFfoSf9aQA2ivjnMaOmY/YUlpAom+ukf80FzIUbRu7TGoE4Yk
+UajynlbYQ/3yQt98QcR8rYcGtpIp8i8q8Z96PKR2utSZt4/emZjw6QH3bDE2d2+F
+L8xfo1kKloSimLODbgLv2FDGgQ7usssg5w9x7X6ax/0=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/11.pem b/OPP/openvpn/keys/11.pem
new file mode 100644
index 0000000..0e5f057
--- /dev/null
+++ b/OPP/openvpn/keys/11.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 17 (0x11)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov  7 13:30:38 2008 GMT
+            Not After : Nov  5 13:30:38 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-toffke/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ef:f5:b4:77:f3:e4:5b:38:04:e2:9c:08:10:68:
+                    03:dc:e1:db:e5:c7:54:31:3e:c7:86:9e:27:17:35:
+                    e5:b7:4b:e4:1e:f6:bc:4b:8e:0a:3c:82:19:2e:0d:
+                    1a:ef:70:00:e2:73:61:12:b0:5c:5b:6c:3f:2e:41:
+                    09:ac:4a:59:bb:df:42:f7:38:72:6c:85:e3:b6:f5:
+                    8c:cb:d6:8f:09:45:0c:6e:7e:03:2f:e4:8c:a1:9f:
+                    60:7f:66:66:7d:83:f7:d7:78:2c:a5:56:cb:88:14:
+                    9b:36:ac:52:6c:11:bf:0d:f8:03:c1:97:23:25:c5:
+                    4d:62:58:3d:e1:c7:d8:dc:65
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                7C:76:BD:BF:AF:36:15:E8:E4:15:F9:E8:2B:A3:6B:08:F2:4E:91:F6
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        0a:a5:71:55:d0:97:02:cb:75:7e:09:f0:7b:89:99:44:2b:39:
+        62:31:7b:21:32:48:38:97:56:9a:0c:ec:0b:fd:4a:44:92:b7:
+        13:a4:77:ce:7f:c9:09:d2:78:15:c2:6c:8f:f5:2f:3b:5e:5f:
+        20:fe:b4:d6:d2:b1:2e:68:9d:75:0d:87:66:67:d5:f7:28:32:
+        b7:19:2e:21:00:92:c6:2d:a0:89:a6:31:85:a8:5c:a4:b9:81:
+        28:c1:68:7b:46:7f:29:67:48:de:c3:00:e2:07:6e:c0:84:3b:
+        65:00:a1:87:c2:66:99:10:0f:76:ce:fa:31:fd:96:b9:47:b5:
+        d9:81
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBETANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MTEwNzEzMzAz
+OFoXDTE4MTEwNTEzMzAzOFowgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
+MBUGA1UEAxMOT1BQLVZwbi10b2Zma2UxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDv9bR38+RbOATinAgQ
+aAPc4dvlx1QxPseGnicXNeW3S+Qe9rxLjgo8ghkuDRrvcADic2ESsFxbbD8uQQms
+Slm730L3OHJsheO29YzL1o8JRQxufgMv5Iyhn2B/ZmZ9g/fXeCylVsuIFJs2rFJs
+Eb8N+APBlyMlxU1iWD3hx9jcZQIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFHx2vb+vNhXo5BX56CujawjyTpH2MIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
+FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQFAAOB
+gQAKpXFV0JcCy3V+CfB7iZlEKzliMXshMkg4l1aaDOwL/UpEkrcTpHfOf8kJ0ngV
+wmyP9S87Xl8g/rTW0rEuaJ11DYdmZ9X3KDK3GS4hAJLGLaCJpjGFqFykuYEowWh7
+Rn8pZ0jewwDiB27AhDtlAKGHwmaZEA92zvox/Za5R7XZgQ==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/12.pem b/OPP/openvpn/keys/12.pem
new file mode 100644
index 0000000..6fe1ea0
--- /dev/null
+++ b/OPP/openvpn/keys/12.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 18 (0x12)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jan 18 13:14:56 2009 GMT
+            Not After : Jan 16 13:14:56 2019 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-opp3/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d4:8f:de:a8:96:80:98:40:7a:d8:c9:bb:aa:2e:
+                    65:01:91:74:b0:ad:93:6a:c5:fa:e0:a6:e1:b2:9e:
+                    f1:8b:6f:a4:5d:e1:24:2c:47:f3:29:73:62:31:d2:
+                    59:86:8e:33:4f:b9:96:68:aa:1f:e8:45:a6:c7:d5:
+                    e5:df:9b:32:2e:96:12:82:cf:9a:3a:9d:cf:8c:fd:
+                    3b:7b:a8:e1:ec:77:ee:cd:c6:e7:2b:c7:c2:bd:fb:
+                    d3:54:e6:9e:4e:67:71:d9:bf:b6:39:9f:90:38:39:
+                    9a:fc:6f:ed:41:ca:5a:4e:02:2d:5a:33:80:ae:4d:
+                    f5:4f:cf:93:e3:7d:1d:64:ef
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E2:81:B6:2F:B4:D7:DA:A1:5F:ED:C0:73:DC:B3:08:87:DC:BB:06:75
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        47:b7:b9:a7:85:e6:f6:48:98:04:8d:17:23:17:c2:08:65:c8:
+        8d:6f:80:99:99:86:49:90:38:be:1e:9b:ca:82:4a:6e:b0:48:
+        81:b0:39:07:5d:7b:f2:e4:f1:9f:ee:65:97:ac:55:23:c3:8a:
+        ca:95:03:59:e4:3c:79:90:fa:56:44:0d:6b:53:74:51:32:33:
+        98:23:67:c0:b6:d6:f6:07:7e:e4:cd:13:08:18:f9:4f:a2:50:
+        1c:a9:13:05:c9:0a:87:bd:fe:35:ea:5d:a2:03:70:de:91:90:
+        80:82:b7:35:66:3f:d7:4a:29:eb:59:78:d6:ba:47:a7:92:73:
+        38:d3
+-----BEGIN CERTIFICATE-----
+MIIDrDCCAxWgAwIBAgIBEjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA5MDExODEzMTQ1
+NloXDTE5MDExNjEzMTQ1NlowgYAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEV
+MBMGA1UEAxMMT1BQLVZwbi1vcHAzMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1I/eqJaAmEB62Mm7qi5l
+AZF0sK2TasX64Kbhsp7xi2+kXeEkLEfzKXNiMdJZho4zT7mWaKof6EWmx9Xl35sy
+LpYSgs+aOp3PjP07e6jh7HfuzcbnK8fCvfvTVOaeTmdx2b+2OZ+QODma/G/tQcpa
+TgItWjOArk31T8+T430dZO8CAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBTigbYvtNfaoV/twHPcswiH3LsGdTCBxAYDVR0jBIG8MIG5gBThTcNr9HyBexay
+zG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxp
+bjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5l
+dHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQADgYEA
+R7e5p4Xm9kiYBI0XIxfCCGXIjW+AmZmGSZA4vh6byoJKbrBIgbA5B1178uTxn+5l
+l6xVI8OKypUDWeQ8eZD6VkQNa1N0UTIzmCNnwLbW9gd+5M0TCBj5T6JQHKkTBckK
+h73+NepdogNw3pGQgIK3NWY/10op61l41rpHp5JzONM=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/13.pem b/OPP/openvpn/keys/13.pem
new file mode 100644
index 0000000..26432f2
--- /dev/null
+++ b/OPP/openvpn/keys/13.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 19 (0x13)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 01:28:34 2009 GMT
+            Not After : May 17 01:28:34 2019 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-mb/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b6:88:ff:06:65:6f:07:f5:4f:0d:39:54:49:cc:
+                    a7:d1:78:6d:2d:33:b2:8a:1c:0d:38:28:59:ce:e0:
+                    f8:c9:89:f4:4e:8d:50:1b:49:02:3d:be:29:54:d7:
+                    11:e1:28:aa:bc:58:21:59:83:ca:d5:ac:22:17:82:
+                    78:4d:1f:b6:b3:bf:07:74:b1:2c:6d:0c:2a:76:8c:
+                    20:f8:f5:fd:6e:22:05:21:11:ec:fa:d4:36:43:23:
+                    17:28:a9:2f:e2:58:43:77:c3:ec:6a:4a:95:03:82:
+                    68:48:3c:e2:67:35:32:96:d9:13:f1:4d:f2:3a:b4:
+                    d5:95:66:df:66:8c:2a:92:31
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                15:34:0E:3A:7A:CE:4E:CA:4C:D5:21:93:9D:C6:A3:FE:EA:FB:13:79
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        8d:04:f9:93:dd:95:23:39:c1:c2:e5:d7:24:99:eb:fc:83:7a:
+        c5:26:b9:82:73:cf:f4:30:ab:9b:77:0a:75:93:a7:18:1a:c5:
+        cd:05:3f:47:90:c6:0b:90:70:d5:7f:93:c8:d2:a0:42:f9:53:
+        45:9c:0a:68:0f:f6:31:57:11:ae:c1:3a:ef:c7:de:3e:76:ce:
+        b7:92:e4:0d:33:9c:59:3a:4f:3f:b8:d1:0e:76:47:0d:c5:1a:
+        dc:18:2d:f0:e4:e8:c6:9d:c0:1c:f2:84:58:ea:ed:4e:e7:5b:
+        f3:c8:01:b8:e9:d0:23:2d:d7:bb:1e:f4:84:ab:ca:e4:b3:dc:
+        fb:a0
+-----BEGIN CERTIFICATE-----
+MIIDqTCCAxKgAwIBAgIBEzANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA5MDUxOTAxMjgz
+NFoXDTE5MDUxNzAxMjgzNFowfjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMw
+EQYDVQQDEwpPUFAtVnBuLW1iMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
+ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtoj/BmVvB/VPDTlUScyn0Xht
+LTOyihwNOChZzuD4yYn0To1QG0kCPb4pVNcR4SiqvFghWYPK1awiF4J4TR+2s78H
+dLEsbQwqdowg+PX9biIFIRHs+tQ2QyMXKKkv4lhDd8PsakqVA4JoSDziZzUyltkT
+8U3yOrTVlWbfZowqkjECAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJYIZIAYb4
+QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQV
+NA46es5OykzVIZOdxqP+6vsTeTCBxAYDVR0jBIG8MIG5gBThTcNr9HyBexayzG0k
+bMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEP
+MA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdv
+cmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQADgYEAjQT5
+k92VIznBwuXXJJnr/IN6xSa5gnPP9DCrm3cKdZOnGBrFzQU/R5DGC5Bw1X+TyNKg
+QvlTRZwKaA/2MVcRrsE678fePnbOt5LkDTOcWTpPP7jRDnZHDcUa3Bgt8OToxp3A
+HPKEWOrtTudb88gBuOnQIy3Xux70hKvK5LPc+6A=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/14.pem b/OPP/openvpn/keys/14.pem
new file mode 100644
index 0000000..78e3b6b
--- /dev/null
+++ b/OPP/openvpn/keys/14.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 20 (0x14)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov  8 16:15:57 2011 GMT
+            Not After : Nov  5 16:15:57 2021 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ulrike/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b9:50:b1:41:be:17:37:01:65:58:fd:0b:73:17:
+                    02:ac:ac:bf:0a:22:47:f1:d4:fb:ae:73:94:c7:1c:
+                    10:54:92:d5:5b:e8:86:4f:72:82:b8:85:5a:a0:49:
+                    19:b3:94:af:c5:40:30:4e:c9:b2:12:fe:76:2d:02:
+                    51:76:16:ab:1c:c8:49:af:fe:c4:0c:f2:01:94:4f:
+                    3d:23:79:67:a3:7f:08:54:57:51:1f:f9:6e:70:19:
+                    bd:7f:ad:c1:17:85:30:1d:64:4e:b7:ec:7b:28:3d:
+                    7d:8f:28:f3:0b:92:fb:3a:bf:f4:1c:fd:1a:37:15:
+                    8d:ac:17:c5:73:d7:8a:66:05
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                73:7C:52:24:78:49:97:4C:29:A5:02:19:5D:E8:C0:69:62:AD:AC:C7
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        a5:95:fb:a8:52:15:0c:01:75:ba:c4:42:e3:d0:f4:46:8d:e7:
+        7d:a1:e6:74:f7:22:b1:da:e4:43:cc:cb:41:62:28:8d:ef:0d:
+        b9:e7:d9:39:dd:2e:e0:6f:a6:2d:8c:9f:48:87:60:06:24:9c:
+        e9:d8:9a:77:5c:7d:a9:87:c0:53:3a:d1:4e:4d:2a:a4:9e:e0:
+        a2:4e:19:1f:a6:b1:4c:09:19:3c:6b:9f:19:99:27:28:b3:bf:
+        50:96:e5:1f:44:69:9f:cc:c0:b6:30:73:cc:eb:c5:82:d7:e7:
+        f9:f6:bd:6d:20:22:8d:b0:73:f6:42:eb:c0:af:d8:86:f2:e0:
+        c4:28
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBFDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTExMTEwODE2MTU1
+N1oXDTIxMTEwNTE2MTU1N1owgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
+MBUGA1UEAxMOT1BQLVZwbi11bHJpa2UxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5ULFBvhc3AWVY/Qtz
+FwKsrL8KIkfx1Puuc5THHBBUktVb6IZPcoK4hVqgSRmzlK/FQDBOybIS/nYtAlF2
+FqscyEmv/sQM8gGUTz0jeWejfwhUV1Ef+W5wGb1/rcEXhTAdZE637HsoPX2PKPML
+kvs6v/Qc/Ro3FY2sF8Vz14pmBQIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFHN8UiR4SZdMKaUCGV3owGlirazHMIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
+FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQFAAOB
+gQCllfuoUhUMAXW6xELj0PRGjed9oeZ09yKx2uRDzMtBYiiN7w2559k53S7gb6Yt
+jJ9Ih2AGJJzp2Jp3XH2ph8BTOtFOTSqknuCiThkfprFMCRk8a58ZmScos79QluUf
+RGmfzMC2MHPM68WC1+f59r1tICKNsHP2QuvAr9iG8uDEKA==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/15.pem b/OPP/openvpn/keys/15.pem
new file mode 100644
index 0000000..2413974
--- /dev/null
+++ b/OPP/openvpn/keys/15.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 21 (0x15)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr 18 14:04:54 2012 GMT
+            Not After : Apr 16 14:04:54 2022 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-veronika/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d7:99:ea:01:61:56:a4:d9:13:bf:2a:35:9f:92:
+                    21:74:38:8e:2f:3f:56:9c:35:dc:6d:c5:e3:db:1f:
+                    84:7e:a7:b0:05:14:a0:53:f2:fe:bc:d2:86:ac:42:
+                    89:bd:6b:19:5a:27:fc:4f:24:c5:b0:0a:2a:5b:e5:
+                    70:c0:e9:ef:da:63:58:21:8a:dd:7d:f3:c0:63:67:
+                    f0:95:ec:5e:8c:c8:c3:c0:66:46:77:9d:d0:21:bf:
+                    0e:c3:ac:6e:c1:ce:68:bd:10:df:a3:de:28:f2:6a:
+                    04:a8:bd:0c:23:84:c1:6b:80:5e:b4:3f:d6:4c:57:
+                    36:63:4e:3f:05:22:11:bf:e3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                31:10:F7:AD:C7:5A:D8:33:B6:7C:7E:A6:C8:67:87:31:AF:FD:03:A7
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        a9:47:66:69:06:7c:73:fb:5c:11:61:21:64:78:81:34:28:fc:
+        b8:b7:f9:9e:70:ed:8d:56:23:9a:8b:d7:ea:73:da:4d:d5:bc:
+        57:9a:84:b3:5f:97:83:cb:18:42:f2:8d:6d:af:c6:32:44:5b:
+        71:37:9b:0a:fc:86:cb:ed:62:9d:87:33:e3:f9:57:ce:27:f6:
+        cc:ae:f0:c1:17:4f:4e:94:53:f1:7a:01:de:3c:a6:ed:44:e8:
+        50:67:14:4b:27:0b:ba:20:e5:3c:35:51:47:ee:6b:18:2c:80:
+        2a:33:4e:d7:51:05:73:73:2b:4f:1b:3f:6e:61:be:19:0b:93:
+        7c:08
+-----BEGIN CERTIFICATE-----
+MIIDsDCCAxmgAwIBAgIBFTANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEyMDQxODE0MDQ1
+NFoXDTIyMDQxNjE0MDQ1NFowgYQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEZ
+MBcGA1UEAxMQT1BQLVZwbi12ZXJvbmlrYTEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANeZ6gFhVqTZE78q
+NZ+SIXQ4ji8/Vpw13G3F49sfhH6nsAUUoFPy/rzShqxCib1rGVon/E8kxbAKKlvl
+cMDp79pjWCGK3X3zwGNn8JXsXozIw8BmRned0CG/DsOsbsHOaL0Q36PeKPJqBKi9
+DCOEwWuAXrQ/1kxXNmNOPwUiEb/jAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwG
+CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQUMRD3rcda2DO2fH6myGeHMa/9A6cwgcQGA1UdIwSBvDCBuYAU4U3Da/R8
+gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZI
+hvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUA
+A4GBAKlHZmkGfHP7XBFhIWR4gTQo/Li3+Z5w7Y1WI5qL1+pz2k3VvFeahLNfl4PL
+GELyjW2vxjJEW3E3mwr8hsvtYp2HM+P5V84n9syu8MEXT06UU/F6Ad48pu1E6FBn
+FEsnC7og5Tw1UUfuaxgsgCozTtdRBXNzK08bP25hvhkLk3wI
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/16.pem b/OPP/openvpn/keys/16.pem
new file mode 100644
index 0000000..13ca57f
--- /dev/null
+++ b/OPP/openvpn/keys/16.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 22 (0x16)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Aug  1 14:02:27 2012 GMT
+            Not After : Jul 30 14:02:27 2022 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-sofia/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b3:5b:f6:01:e3:b7:65:18:c4:94:d9:2f:b6:62:
+                    34:60:56:ac:9f:eb:82:2c:8d:55:73:84:a2:88:26:
+                    21:69:a0:74:f5:4a:78:f7:e5:d5:6a:91:a1:5d:e0:
+                    f1:90:e4:83:38:89:e2:e7:ae:b2:87:c9:e5:a6:0e:
+                    6b:4c:d2:eb:31:61:ff:54:86:60:71:da:3d:66:07:
+                    c2:7d:a2:fc:ac:c7:af:a3:b8:cf:03:cb:07:11:cf:
+                    b3:d1:a9:c5:39:f3:a6:b2:9c:c4:61:28:45:ec:c9:
+                    25:70:c4:1d:d7:6b:4b:d9:12:97:b3:7d:72:95:34:
+                    cb:fc:7e:b7:ab:68:cd:ae:2b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                12:5F:9A:F8:64:79:18:84:33:21:B9:D2:60:7A:D7:08:AC:77:3C:E5
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        94:7c:24:63:0b:88:4b:76:4a:66:57:39:3c:e8:4b:f1:17:0c:
+        26:ec:87:93:4b:c1:af:a5:78:86:a4:a8:88:1b:ea:39:e7:c1:
+        e7:da:c8:13:c8:26:04:ed:bb:b2:b2:10:2d:0f:3f:86:52:45:
+        bf:f6:6c:c2:fa:d9:3c:a1:57:b0:07:24:b3:2e:8a:c6:b6:88:
+        9e:a9:ed:6e:59:1d:36:70:44:90:b2:9d:dc:86:a1:cf:1a:1f:
+        cd:66:be:fa:fe:f3:a1:c9:e6:58:71:d3:a3:d1:4b:95:f3:4b:
+        a7:93:c7:3a:a4:7d:bc:fc:e9:77:86:bd:62:9a:eb:b3:49:68:
+        17:27
+-----BEGIN CERTIFICATE-----
+MIIDrTCCAxagAwIBAgIBFjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEyMDgwMTE0MDIy
+N1oXDTIyMDczMDE0MDIyN1owgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
+MBQGA1UEAxMNT1BQLVZwbi1zb2ZpYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALNb9gHjt2UYxJTZL7Zi
+NGBWrJ/rgiyNVXOEoogmIWmgdPVKePfl1WqRoV3g8ZDkgziJ4ueusofJ5aYOa0zS
+6zFh/1SGYHHaPWYHwn2i/KzHr6O4zwPLBxHPs9GpxTnzprKcxGEoRezJJXDEHddr
+S9kSl7N9cpU0y/x+t6toza4rAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUEl+a+GR5GIQzIbnSYHrXCKx3POUwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
+ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
+AJR8JGMLiEt2SmZXOTzoS/EXDCbsh5NLwa+leIakqIgb6jnnwefayBPIJgTtu7Ky
+EC0PP4ZSRb/2bML62TyhV7AHJLMuisa2iJ6p7W5ZHTZwRJCyndyGoc8aH81mvvr+
+86HJ5lhx06PRS5XzS6eTxzqkfbz86XeGvWKa67NJaBcn
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/17.pem b/OPP/openvpn/keys/17.pem
new file mode 100644
index 0000000..49ee38b
--- /dev/null
+++ b/OPP/openvpn/keys/17.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 23 (0x17)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Dec 17 14:30:55 2012 GMT
+            Not After : Dec 15 14:30:55 2022 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-hannes/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ae:8d:8d:a7:f9:c5:46:c8:ae:8a:a9:15:82:bf:
+                    b3:2c:82:ba:1d:cd:84:0b:6c:77:b1:2e:0c:9a:7d:
+                    f2:38:3a:93:ea:bd:8c:4a:be:78:44:50:53:84:3f:
+                    a5:04:75:a9:d0:49:01:ab:cc:9d:51:e0:b4:2b:d1:
+                    1a:85:a6:2b:67:ac:70:db:56:a3:66:c7:19:e5:91:
+                    8c:85:de:12:5a:21:4b:0f:63:0a:12:8f:ea:ad:21:
+                    1a:8a:9d:c3:b6:30:47:78:ef:2e:25:46:7b:e3:98:
+                    ca:70:03:eb:bc:cd:3f:d5:97:f3:bf:f0:51:16:18:
+                    a2:06:12:31:65:94:29:82:c5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                09:6B:59:54:82:8F:0E:23:0E:26:A7:1B:DE:2B:26:FA:C6:7E:F3:D6
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        96:e3:8d:05:0c:bf:85:81:36:5e:19:9b:e6:38:69:d4:46:f2:
+        3f:56:ef:b8:7c:a6:db:5f:1b:17:32:b9:f6:89:0a:fe:69:c8:
+        a7:c9:9d:12:0b:aa:cf:cb:94:ea:1a:82:b0:3e:0a:d1:8d:15:
+        e6:79:e2:21:30:76:fe:59:d4:9d:2c:81:79:6c:b3:1e:43:9e:
+        65:7d:fe:7f:74:60:01:f0:f3:6f:50:68:5b:41:dc:15:92:2d:
+        63:98:ad:1c:75:10:71:4d:04:d0:91:7b:22:0a:49:e8:83:b1:
+        3d:7e:4c:b5:c9:bd:15:1f:f9:28:a4:5e:4a:49:cb:de:96:bd:
+        cf:85
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBFzANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEyMTIxNzE0MzA1
+NVoXDTIyMTIxNTE0MzA1NVowgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
+MBUGA1UEAxMOT1BQLVZwbi1oYW5uZXMxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCujY2n+cVGyK6KqRWC
+v7MsgrodzYQLbHexLgyaffI4OpPqvYxKvnhEUFOEP6UEdanQSQGrzJ1R4LQr0RqF
+pitnrHDbVqNmxxnlkYyF3hJaIUsPYwoSj+qtIRqKncO2MEd47y4lRnvjmMpwA+u8
+zT/Vl/O/8FEWGKIGEjFllCmCxQIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFAlrWVSCjw4jDianG94rJvrGfvPWMIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
+FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQFAAOB
+gQCW440FDL+FgTZeGZvmOGnURvI/Vu+4fKbbXxsXMrn2iQr+acinyZ0SC6rPy5Tq
+GoKwPgrRjRXmeeIhMHb+WdSdLIF5bLMeQ55lff5/dGAB8PNvUGhbQdwVki1jmK0c
+dRBxTQTQkXsiCknog7E9fky1yb0VH/kopF5KScvelr3PhQ==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/18.pem b/OPP/openvpn/keys/18.pem
new file mode 100644
index 0000000..d60e978
--- /dev/null
+++ b/OPP/openvpn/keys/18.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 24 (0x18)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Dec 23 02:21:18 2012 GMT
+            Not After : Dec 21 02:21:18 2022 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-marcus/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:98:8d:de:2b:01:17:86:b1:56:21:97:d4:3e:f4:
+                    9a:67:5c:b2:3d:91:74:ea:be:93:cf:8a:39:25:a6:
+                    c5:e0:82:8f:ee:f8:5d:65:5a:20:bc:4e:2d:3b:c6:
+                    5e:ef:00:08:5a:83:78:5a:fc:54:ea:8d:61:83:61:
+                    ad:97:97:f2:cf:61:2d:c0:cd:e1:6b:ef:aa:dd:25:
+                    ed:cf:4e:8c:4b:00:56:6b:9a:00:97:38:66:41:09:
+                    78:63:1c:ca:41:5f:d5:c6:ec:a5:67:a3:d7:1c:99:
+                    78:51:c4:19:34:42:a6:07:df:03:cc:e6:7b:79:8d:
+                    27:fe:79:05:ec:34:b8:ee:69
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                C1:7E:EB:5A:31:B4:AF:71:E0:05:10:95:FA:91:59:43:95:49:F9:72
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        a1:7b:87:06:ba:82:b7:63:d7:72:50:f7:2d:fa:38:4b:28:05:
+        06:79:20:ea:22:0c:20:48:b6:a1:e2:fa:5d:e9:23:4a:3c:53:
+        24:95:aa:5b:00:43:40:8b:c7:76:bb:40:bb:64:26:3d:b1:8f:
+        b5:ed:fe:cd:0a:a4:af:ce:ce:5c:ac:fc:46:81:78:4b:c4:50:
+        e0:fa:e5:9f:04:31:d8:6e:7a:a7:32:f1:89:e4:de:ca:53:27:
+        b5:80:5e:c5:ca:91:c7:ab:a4:93:21:d8:c6:6a:ac:76:66:e9:
+        e1:aa:53:3b:b5:7e:23:9a:dc:ab:ce:99:1a:55:da:ed:ba:fe:
+        fd:2c
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBGDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEyMTIyMzAyMjEx
+OFoXDTIyMTIyMTAyMjExOFowgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
+MBUGA1UEAxMOT1BQLVZwbi1tYXJjdXMxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYjd4rAReGsVYhl9Q+
+9JpnXLI9kXTqvpPPijklpsXggo/u+F1lWiC8Ti07xl7vAAhag3ha/FTqjWGDYa2X
+l/LPYS3AzeFr76rdJe3PToxLAFZrmgCXOGZBCXhjHMpBX9XG7KVno9ccmXhRxBk0
+QqYH3wPM5nt5jSf+eQXsNLjuaQIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFMF+61oxtK9x4AUQlfqRWUOVSflyMIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
+FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQFAAOB
+gQChe4cGuoK3Y9dyUPct+jhLKAUGeSDqIgwgSLah4vpd6SNKPFMklapbAENAi8d2
+u0C7ZCY9sY+17f7NCqSvzs5crPxGgXhLxFDg+uWfBDHYbnqnMvGJ5N7KUye1gF7F
+ypHHq6STIdjGaqx2ZunhqlM7tX4jmtyrzpkaVdrtuv79LA==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/19.pem b/OPP/openvpn/keys/19.pem
new file mode 100644
index 0000000..9288a71
--- /dev/null
+++ b/OPP/openvpn/keys/19.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 25 (0x19)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  8 01:18:41 2013 GMT
+            Not After : Feb  6 01:18:41 2023 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-kathrin/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ac:8a:ca:6c:41:fe:b9:52:8f:b6:d8:41:8f:ac:
+                    e3:17:57:59:0c:df:bb:4f:2d:f8:09:1a:4c:ba:25:
+                    d1:68:a4:15:69:06:25:33:aa:28:f1:39:01:b7:a2:
+                    51:1b:1e:9f:e0:8f:9a:b1:e1:e3:01:62:b2:ff:fc:
+                    e5:43:cf:0a:1c:31:86:ce:82:62:f5:d1:42:bb:93:
+                    fd:e8:75:99:77:a8:8e:e3:95:35:2d:be:f9:bf:dd:
+                    a0:72:e1:2b:b0:21:b4:ee:ee:f0:c4:eb:9b:ac:0d:
+                    03:81:10:b4:26:60:72:bf:f5:b7:a3:15:7a:52:dd:
+                    43:5e:37:e6:63:92:2e:5f:4b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D6:AE:B3:AB:C4:5D:22:A6:55:4B:0B:87:B5:3F:79:6B:6D:ED:5C:0C
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        2c:37:3d:00:a7:e3:f9:2a:66:9f:73:0c:06:33:a2:b7:2c:cc:
+        6f:e3:02:98:72:a0:5c:be:da:9c:99:bf:c6:2d:c2:23:4f:84:
+        fe:64:00:81:07:d9:21:7a:05:e5:b9:d8:58:a8:a8:0d:34:38:
+        f4:53:bf:cb:d6:0b:76:4a:ef:8a:46:ca:70:97:02:c9:6e:d2:
+        36:b1:1a:83:a6:12:44:19:06:41:e0:e6:05:70:b6:cc:13:2a:
+        a5:05:40:e1:24:11:60:61:05:e1:97:f9:74:9a:d5:3d:3b:7b:
+        99:09:74:21:98:02:55:3c:f4:64:6a:20:66:1e:14:2b:a3:c1:
+        4e:a4
+-----BEGIN CERTIFICATE-----
+MIIDrzCCAxigAwIBAgIBGTANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEzMDIwODAxMTg0
+MVoXDTIzMDIwNjAxMTg0MVowgYMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEY
+MBYGA1UEAxMPT1BQLVZwbi1rYXRocmluMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArIrKbEH+uVKPtthB
+j6zjF1dZDN+7Ty34CRpMuiXRaKQVaQYlM6oo8TkBt6JRGx6f4I+aseHjAWKy//zl
+Q88KHDGGzoJi9dFCu5P96HWZd6iO45U1Lb75v92gcuErsCG07u7wxOubrA0DgRC0
+JmByv/W3oxV6Ut1DXjfmY5IuX0sCAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJ
+YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBTWrrOrxF0iplVLC4e1P3lrbe1cDDCBxAYDVR0jBIG8MIG5gBThTcNr9HyB
+exayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
+cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
+EG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG
+9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQAD
+gYEALDc9AKfj+Spmn3MMBjOityzMb+MCmHKgXL7anJm/xi3CI0+E/mQAgQfZIXoF
+5bnYWKioDTQ49FO/y9YLdkrvikbKcJcCyW7SNrEag6YSRBkGQeDmBXC2zBMqpQVA
+4SQRYGEF4Zf5dJrVPTt7mQl0IZgCVTz0ZGogZh4UK6PBTqQ=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/1A.pem b/OPP/openvpn/keys/1A.pem
new file mode 100644
index 0000000..c76e46b
--- /dev/null
+++ b/OPP/openvpn/keys/1A.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 26 (0x1a)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr  4 00:01:13 2013 GMT
+            Not After : Apr  2 00:01:13 2023 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-beate/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d7:49:86:90:70:f0:10:50:69:a7:cd:a0:a5:8e:
+                    e9:c3:92:1b:8f:ad:90:2c:66:04:65:3b:15:ea:2e:
+                    a5:cf:0d:18:06:f3:01:cc:db:9c:13:6a:c9:89:68:
+                    a6:f6:ef:9d:b6:9e:8d:24:c3:cd:ba:8b:55:be:99:
+                    3e:21:b8:73:a0:b2:18:71:5b:8a:7f:5f:91:b4:5f:
+                    b1:81:2a:17:18:88:3d:be:41:53:b6:92:3e:4c:06:
+                    d7:dc:ec:68:70:12:82:0d:81:66:bf:c1:88:37:1e:
+                    da:fb:02:aa:f3:9f:77:5b:c8:31:44:d9:10:89:2d:
+                    d2:4c:1d:9c:6f:fa:45:f9:43
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                5C:22:3B:90:D8:EF:5D:D2:8C:16:A1:9A:CD:82:EE:26:ED:93:C8:EA
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        66:86:dd:6c:b5:31:25:5e:56:3d:a7:7c:f7:27:11:8e:66:97:
+        b4:ef:80:1b:6a:7f:89:98:9c:46:b7:82:87:ce:45:0d:39:ee:
+        89:54:08:25:d3:5d:32:02:03:d0:6e:3b:f8:ce:a1:40:27:d6:
+        3f:b4:6c:4e:75:60:0d:aa:c0:78:c3:db:40:c9:7f:89:93:b9:
+        d5:a6:fb:7b:f9:53:6f:bb:00:a7:13:d1:ef:5a:fe:ec:91:d5:
+        6e:4f:2e:db:3e:79:83:f9:4e:5c:a0:a0:b2:44:41:50:a3:2f:
+        5a:6f:5c:cd:a0:13:6f:e4:07:3c:a6:8a:1c:bd:3c:95:70:73:
+        22:06
+-----BEGIN CERTIFICATE-----
+MIIDrTCCAxagAwIBAgIBGjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEzMDQwNDAwMDEx
+M1oXDTIzMDQwMjAwMDExM1owgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
+MBQGA1UEAxMNT1BQLVZwbi1iZWF0ZTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANdJhpBw8BBQaafNoKWO
+6cOSG4+tkCxmBGU7Feoupc8NGAbzAczbnBNqyYlopvbvnbaejSTDzbqLVb6ZPiG4
+c6CyGHFbin9fkbRfsYEqFxiIPb5BU7aSPkwG19zsaHASgg2BZr/BiDce2vsCqvOf
+d1vIMUTZEIkt0kwdnG/6RflDAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUXCI7kNjvXdKMFqGazYLuJu2TyOowgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
+ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
+AGaG3Wy1MSVeVj2nfPcnEY5ml7TvgBtqf4mYnEa3gofORQ057olUCCXTXTICA9Bu
+O/jOoUAn1j+0bE51YA2qwHjD20DJf4mTudWm+3v5U2+7AKcT0e9a/uyR1W5PLts+
+eYP5TlygoLJEQVCjL1pvXM2gE2/kBzymihy9PJVwcyIG
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/1B.pem b/OPP/openvpn/keys/1B.pem
new file mode 100644
index 0000000..6be5879
--- /dev/null
+++ b/OPP/openvpn/keys/1B.pem
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 27 (0x1b)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Sep 20 11:41:43 2013 GMT
+            Not After : Sep 18 11:41:43 2023 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-gw-ckubu/name=VPN OPP/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:97:a7:33:b6:32:9c:b4:75:af:7a:7e:54:53:25:
+                    cc:06:7b:f9:e0:93:3f:2f:9d:83:d2:ce:49:27:ed:
+                    da:35:19:fc:a2:40:67:52:db:8e:ba:42:42:13:74:
+                    73:00:eb:97:12:ad:e0:5f:8e:de:59:ff:c9:d6:8c:
+                    27:a1:95:28:0e:06:5e:ae:49:29:3e:97:60:3a:76:
+                    b4:f0:e4:11:0f:c6:07:fa:e5:42:0d:e8:82:d0:71:
+                    38:a0:07:a6:aa:20:45:7e:d9:78:2e:66:53:8c:10:
+                    77:44:e8:49:57:50:5c:33:85:b0:88:61:1d:64:aa:
+                    4f:0c:bc:b2:1b:b0:5c:6d:cb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                3F:A4:2B:57:0D:33:62:CA:48:8B:87:19:C6:1E:15:A6:31:A6:FE:6B
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        20:73:fd:0e:d1:64:95:60:ef:19:ae:dc:e6:e0:38:c8:f4:aa:
+        fe:1b:89:a6:ff:ed:b2:36:ec:1a:38:08:5f:53:61:c6:b8:7e:
+        c8:fd:82:6d:69:b3:92:bf:ad:40:4e:7e:d1:b3:c4:21:5c:d6:
+        6e:eb:ea:64:51:e2:3a:49:d0:4b:49:dd:ca:9d:4b:ab:a5:b1:
+        1a:82:ff:7b:0d:44:10:91:1a:11:db:ae:8f:2a:88:8f:d9:ce:
+        a9:56:e6:da:8a:ba:27:0d:44:4b:2f:70:da:c9:34:cd:c8:19:
+        79:93:d5:45:16:49:7b:53:7a:83:3c:14:6b:09:71:bc:5c:58:
+        e8:cf
+-----BEGIN CERTIFICATE-----
+MIID9jCCA1+gAwIBAgIBGzANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEzMDkyMDExNDE0
+M1oXDTIzMDkxODExNDE0M1owgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRkwFwYDVQQDExBPUFAtVnBuLWd3LWNrdWJ1MRAwDgYD
+VQQpEwdWUE4gT1BQMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAl6cztjKctHWven5UUyXMBnv54JM/L52D
+0s5JJ+3aNRn8okBnUtuOukJCE3RzAOuXEq3gX47eWf/J1ownoZUoDgZerkkpPpdg
+Ona08OQRD8YH+uVCDeiC0HE4oAemqiBFftl4LmZTjBB3ROhJV1BcM4WwiGEdZKpP
+DLyyG7BcbcsCAwEAAaOCAUYwggFCMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
+HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUP6QrVw0z
+YspIi4cZxh4VpjGm/mswgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuT
+U+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
+BAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNl
+cnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
+DwQEAwIHgDANBgkqhkiG9w0BAQUFAAOBgQAgc/0O0WSVYO8Zrtzm4DjI9Kr+G4mm
+/+2yNuwaOAhfU2HGuH7I/YJtabOSv61ATn7Rs8QhXNZu6+pkUeI6SdBLSd3KnUur
+pbEagv97DUQQkRoR266PKoiP2c6pVubaironDURLL3DayTTNyBl5k9VFFkl7U3qD
+PBRrCXG8XFjozw==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/1C.pem b/OPP/openvpn/keys/1C.pem
new file mode 100644
index 0000000..d844510
--- /dev/null
+++ b/OPP/openvpn/keys/1C.pem
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 28 (0x1c)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Oct 11 15:12:49 2013 GMT
+            Not After : Oct  9 15:12:49 2023 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-katja/name=VPN Opferperspektive/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d9:e2:21:55:b2:cb:8b:c8:d3:c6:09:ed:7c:c0:
+                    ca:64:9e:87:7b:54:e4:14:b6:cb:3e:b8:74:3e:df:
+                    8c:73:69:0e:b2:22:65:37:1d:24:cc:77:d8:0e:fd:
+                    cc:88:44:95:e7:97:e2:2a:05:cc:de:3e:90:e5:af:
+                    d5:1a:05:be:9f:5e:5a:c5:22:48:55:d6:de:33:4f:
+                    ce:50:f0:f0:ce:16:f0:3d:f4:71:c5:b0:be:ad:06:
+                    ca:5e:05:15:85:74:a7:21:16:28:8d:b3:36:06:bb:
+                    d3:48:8c:99:4f:9e:d7:de:6d:ff:82:82:35:b4:43:
+                    04:ca:af:78:bf:12:27:ef:0f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                35:A3:D6:E8:69:F1:4A:4E:5D:BC:46:48:D4:29:E1:B3:DD:0F:0E:21
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        a4:33:fd:04:b8:eb:4f:94:8e:7d:e0:67:ea:d5:cf:fb:3e:c4:
+        91:dc:5a:4a:28:a1:05:46:d1:20:fa:e2:99:8f:57:cf:24:8d:
+        f5:b1:86:17:cd:ee:8d:60:df:30:d3:48:61:d0:65:48:73:43:
+        38:37:0b:fb:a0:9c:d8:e3:b5:dd:8e:2d:18:93:19:af:7c:dd:
+        1f:5d:42:36:ff:df:db:2f:dd:89:2d:3d:75:7d:90:74:33:e0:
+        f5:e5:0b:2d:aa:ed:02:a5:b2:2a:2c:e4:70:f5:f0:bd:66:d2:
+        b8:3a:0e:7d:6c:47:55:8f:89:f6:22:c2:05:07:ce:f6:4e:9e:
+        18:a1
+-----BEGIN CERTIFICATE-----
+MIIEADCCA2mgAwIBAgIBHDANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEzMTAxMTE1MTI0
+OVoXDTIzMTAwOTE1MTI0OVowgbExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWthdGphMR0wGwYDVQQp
+ExRWUE4gT3BmZXJwZXJzcGVrdGl2ZTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANniIVWyy4vI08YJ7XzA
+ymSeh3tU5BS2yz64dD7fjHNpDrIiZTcdJMx32A79zIhEleeX4ioFzN4+kOWv1RoF
+vp9eWsUiSFXW3jNPzlDw8M4W8D30ccWwvq0Gyl4FFYV0pyEWKI2zNga700iMmU+e
+195t/4KCNbRDBMqveL8SJ+8PAgMBAAGjggFGMIIBQjAJBgNVHRMEAjAAMC0GCWCG
+SAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFDWj1uhp8UpOXbxGSNQp4bPdDw4hMIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
+FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDATBgNVHSUEDDAKBggrBgEF
+BQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEFBQADgYEApDP9BLjrT5SOfeBn
+6tXP+z7EkdxaSiihBUbRIPrimY9XzySN9bGGF83ujWDfMNNIYdBlSHNDODcL+6Cc
+2OO13Y4tGJMZr3zdH11CNv/f2y/diS09dX2QdDPg9eULLartAqWyKizkcPXwvWbS
+uDoOfWxHVY+J9iLCBQfO9k6eGKE=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/1D.pem b/OPP/openvpn/keys/1D.pem
new file mode 100644
index 0000000..9083543
--- /dev/null
+++ b/OPP/openvpn/keys/1D.pem
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 29 (0x1d)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb 26 13:41:01 2015 GMT
+            Not After : Feb 23 13:41:01 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=OPP-Vpn-martin/name=Martin/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:bd:c2:d1:06:7f:d6:33:69:5a:69:4c:19:a3:83:
+                    5d:99:6c:14:c2:5e:38:c7:5e:50:b2:df:30:ff:9f:
+                    25:3d:dd:d0:71:64:4a:07:ab:28:e5:79:09:bd:b2:
+                    e1:ca:86:81:ef:e4:de:78:3f:b5:8c:fb:d4:02:83:
+                    28:48:c5:35:bc:75:b1:73:d7:6c:b5:e2:93:5e:ab:
+                    34:ad:f8:70:f5:21:80:8d:f2:05:15:2a:95:e6:d0:
+                    7e:aa:72:d3:83:54:0d:c1:47:54:e7:d8:bc:0c:4a:
+                    23:ae:7c:45:51:a2:80:54:e5:5e:e7:71:7c:0f:8f:
+                    2a:c2:fb:d7:ca:2e:b9:1f:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                27:90:98:28:41:A9:F8:4A:C6:A4:C3:2E:7E:4E:A8:3F:14:6F:08:F6
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         52:fe:14:82:ed:e1:68:51:06:22:42:96:07:66:45:5c:dc:84:
+         ce:ad:cc:f7:48:55:83:53:c8:49:08:ea:45:1a:d7:98:42:38:
+         11:4c:c6:2c:d4:c8:e0:f8:9a:e1:0d:42:4f:30:3b:fe:97:fd:
+         c1:57:6c:07:b9:5e:41:6b:10:37:b2:a3:ce:0e:2f:44:30:6d:
+         3a:2e:8b:d0:d7:35:62:20:cc:d4:f9:94:08:dd:48:e7:e4:af:
+         ff:cf:ab:1b:d8:21:fb:47:c9:6f:e5:eb:4b:07:1a:b4:7c:f1:
+         19:1b:85:27:fb:66:b6:69:2b:d9:e2:b7:40:15:2e:3d:ad:0f:
+         57:fc
+-----BEGIN CERTIFICATE-----
+MIID8zCCA1ygAwIBAgIBHTANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE1MDIyNjEzNDEw
+MVoXDTI1MDIyMzEzNDEwMVowgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBO
+ZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5PUFAtVnBuLW1hcnRpbjEPMA0GA1UE
+KRMGTWFydGluMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAvcLRBn/WM2laaUwZo4NdmWwUwl44x15Qst8w
+/58lPd3QcWRKB6so5XkJvbLhyoaB7+TeeD+1jPvUAoMoSMU1vHWxc9dsteKTXqs0
+rfhw9SGAjfIFFSqV5tB+qnLTg1QNwUdU59i8DEojrnxFUaKAVOVe53F8D48qwvvX
+yi65H80CAwEAAaOCAUYwggFCMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
+c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUJ5CYKEGp+ErG
+pMMufk6oPxRvCPYwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+Oh
+gZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
+BkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZp
+Y2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQE
+AwIHgDANBgkqhkiG9w0BAQUFAAOBgQBS/hSC7eFoUQYiQpYHZkVc3ITOrcz3SFWD
+U8hJCOpFGteYQjgRTMYs1Mjg+JrhDUJPMDv+l/3BV2wHuV5BaxA3sqPODi9EMG06
+LovQ1zViIMzU+ZQI3Ujn5K//z6sb2CH7R8lv5etLBxq0fPEZG4Un+2a2aSvZ4rdA
+FS49rQ9X/A==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/1E.pem b/OPP/openvpn/keys/1E.pem
new file mode 100644
index 0000000..c12d585
--- /dev/null
+++ b/OPP/openvpn/keys/1E.pem
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 30 (0x1e)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr  1 17:02:21 2015 GMT
+            Not After : Mar 29 17:02:21 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-joaschka/name=joaschka/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:ba:2e:80:49:cd:26:0c:a4:46:11:69:b7:1b:bf:
+                    5b:31:db:33:94:69:dd:8d:ae:53:86:77:8a:fc:2e:
+                    9f:81:fc:bb:fd:b5:b2:b7:ba:0c:dc:ef:53:b8:be:
+                    48:1c:4d:a0:1e:e2:ed:f2:30:7e:82:e4:78:2b:18:
+                    1d:dc:f4:4f:93:ad:ac:7f:bc:53:92:a3:56:36:4b:
+                    2f:9d:24:89:d8:d3:47:18:d3:7f:a0:e5:47:a6:34:
+                    a9:2f:38:a4:16:f9:2e:3d:68:24:e6:e9:5a:f0:28:
+                    ae:7d:e3:97:ef:b9:e4:b6:14:59:72:77:c6:77:54:
+                    da:05:22:2b:fb:b7:74:82:39
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                18:72:39:E2:A4:01:00:85:6F:D1:77:8E:1E:86:DC:2D:FD:44:F3:94
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         5d:f4:28:a9:8f:36:1a:4a:52:ad:50:20:48:ca:90:47:24:3b:
+         04:4a:49:b6:56:e8:9e:1c:2b:ea:26:4a:ea:8f:34:c4:7a:46:
+         ab:ca:ff:6c:bc:33:fd:df:bf:f1:94:47:65:ac:9d:0a:18:d0:
+         ef:37:b5:64:55:e8:c6:5a:b7:51:14:92:3b:eb:99:ac:e8:e8:
+         fe:9c:9a:a4:c0:0f:24:e1:7c:bb:c0:09:d3:0a:5c:f5:8f:dc:
+         df:ed:e6:22:7a:a6:bd:37:28:8e:53:bf:63:15:84:49:10:2d:
+         3c:e9:06:2f:b7:e2:c8:c6:7c:18:d6:88:e4:9a:29:1f:1a:cd:
+         d2:5c
+-----BEGIN CERTIFICATE-----
+MIID9zCCA2CgAwIBAgIBHjANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE1MDQwMTE3MDIy
+MVoXDTI1MDMyOTE3MDIyMVowgagxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRkwFwYDVQQDExBPUFAtVnBuLWpvYXNjaGthMREwDwYD
+VQQpEwhqb2FzY2hrYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALougEnNJgykRhFptxu/WzHbM5Rp3Y2u
+U4Z3ivwun4H8u/21sre6DNzvU7i+SBxNoB7i7fIwfoLkeCsYHdz0T5OtrH+8U5Kj
+VjZLL50kidjTRxjTf6DlR6Y0qS84pBb5Lj1oJObpWvAorn3jl++55LYUWXJ3xndU
+2gUiK/u3dII5AgMBAAGjggFGMIIBQjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQg
+Fh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBhyOeKk
+AQCFb9F3jh6G3C39RPOUMIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7FrLMbSRsyt2b
+k1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYD
+VQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBz
+ZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGWCCQDXRBSLVaPfiDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV
+HQ8EBAMCB4AwDQYJKoZIhvcNAQEFBQADgYEAXfQoqY82GkpSrVAgSMqQRyQ7BEpJ
+tlbonhwr6iZK6o80xHpGq8r/bLwz/d+/8ZRHZaydChjQ7ze1ZFXoxlq3URSSO+uZ
+rOjo/pyapMAPJOF8u8AJ0wpc9Y/c3+3mInqmvTcojlO/YxWESRAtPOkGL7fiyMZ8
+GNaI5JopHxrN0lw=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/1F.pem b/OPP/openvpn/keys/1F.pem
new file mode 100644
index 0000000..526ba12
--- /dev/null
+++ b/OPP/openvpn/keys/1F.pem
@@ -0,0 +1,72 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 31 (0x1f)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr  2 10:01:18 2015 GMT
+            Not After : Mar 30 10:01:18 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-opp1/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:a9:12:a5:21:18:02:98:06:6c:da:dd:90:23:a2:
+                    f1:a7:23:c7:a3:2e:06:84:b0:56:17:3a:db:7f:7a:
+                    8a:7e:c9:f7:0a:55:a0:36:13:55:f0:d9:c9:2d:a6:
+                    65:fb:83:a7:7e:8c:21:aa:9b:d9:2b:4b:a5:64:35:
+                    e9:71:71:8f:db:f8:7e:e4:1e:ab:2f:bb:33:56:e2:
+                    bf:fb:92:d9:0b:a6:30:e6:56:d1:5b:cd:c1:0e:73:
+                    b0:e2:d9:8a:db:8e:de:13:1a:95:7f:b6:0b:84:f3:
+                    29:ab:af:79:88:b2:cf:b3:db:46:59:60:53:fc:df:
+                    d3:24:d7:2f:03:e9:7b:8b:23
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E7:A2:6C:EE:FF:91:F4:68:02:C1:04:D1:17:D5:B4:6A:28:CC:05:F4
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         05:4f:19:5e:7f:45:60:aa:5d:73:1f:4b:d7:ac:fb:4b:92:d8:
+         02:83:62:fa:0a:b4:27:ae:2b:2f:b3:c3:58:d6:78:8c:1e:12:
+         e1:7d:b5:99:43:17:e1:43:97:6f:dc:ee:0f:99:97:b6:1c:30:
+         6a:d8:ee:c4:c3:33:34:91:0e:79:19:28:65:f2:08:f1:51:26:
+         1e:15:77:ae:6e:13:c9:b0:f3:a0:f0:89:46:d3:d6:6d:df:a0:
+         8c:0d:52:cf:b4:eb:db:c2:a4:57:d7:e2:d0:c9:60:45:aa:bf:
+         9c:f4:63:c1:c2:7e:4e:79:02:74:bc:e1:f2:dc:a4:3a:ee:51:
+         dd:8e
+-----BEGIN CERTIFICATE-----
+MIID4DCCA0mgAwIBAgIBHzANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE1MDQwMjEwMDEx
+OFoXDTI1MDMzMDEwMDExOFowgZExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLW9wcDExHTAbBgkqhkiG
+9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQCpEqUhGAKYBmza3ZAjovGnI8ejLgaEsFYXOtt/eop+yfcKVaA2E1Xw2cktpmX7
+g6d+jCGqm9krS6VkNelxcY/b+H7kHqsvuzNW4r/7ktkLpjDmVtFbzcEOc7Di2Yrb
+jt4TGpV/tguE8ymrr3mIss+z20ZZYFP839Mk1y8D6XuLIwIDAQABo4IBRjCCAUIw
+CQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENl
+cnRpZmljYXRlMB0GA1UdDgQWBBTnomzu/5H0aALBBNEX1bRqKMwF9DCBxAYDVR0j
+BIG8MIG5gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1W
+cG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gw
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUA
+A4GBAAVPGV5/RWCqXXMfS9es+0uS2AKDYvoKtCeuKy+zw1jWeIweEuF9tZlDF+FD
+l2/c7g+Zl7YcMGrY7sTDMzSRDnkZKGXyCPFRJh4Vd65uE8mw86DwiUbT1m3foIwN
+Us+069vCpFfX4tDJYEWqv5z0Y8HCfk55AnS84fLcpDruUd2O
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/20.pem b/OPP/openvpn/keys/20.pem
new file mode 100644
index 0000000..652c6f9
--- /dev/null
+++ b/OPP/openvpn/keys/20.pem
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 32 (0x20)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  7 17:28:13 2015 GMT
+            Not After : May  4 17:28:13 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-levan/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:aa:dd:c2:b4:70:21:3e:f0:67:5d:11:fc:51:03:
+                    ff:82:dd:7a:21:af:9f:0f:c2:2c:a3:4e:d1:5b:a0:
+                    67:d8:a6:02:0e:9f:e9:77:76:4e:d5:85:26:4d:03:
+                    28:66:72:4c:50:51:18:e6:e0:e4:bc:a2:7d:49:a6:
+                    55:0e:f6:32:7f:d3:97:53:99:00:70:74:3a:24:d6:
+                    d2:7d:13:60:ee:30:d3:1b:92:81:8a:38:e7:67:dc:
+                    20:68:7e:c7:2b:8e:3c:5e:87:c4:a9:ce:bd:fc:29:
+                    50:06:ce:f1:fc:0e:1a:f6:d3:e0:35:cc:b7:99:fb:
+                    19:ef:5c:b0:56:32:b6:c0:df
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                4E:EF:C7:3D:3F:C3:39:B7:BB:3F:4A:C4:65:38:12:1A:F6:52:28:80
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         26:c4:4a:04:f5:14:97:b4:73:91:97:86:10:53:5c:5f:c4:d3:
+         61:cc:b8:38:f3:f5:1a:6b:a7:7e:49:c8:76:0d:0d:a9:ca:55:
+         c2:de:17:33:3b:76:d8:93:11:79:cf:f4:37:82:1e:c7:fd:c9:
+         38:82:5c:2c:7a:42:bf:40:8e:db:56:fd:a3:a1:73:f9:84:c4:
+         60:7f:4b:f0:36:80:b4:da:67:18:e2:85:91:6c:6e:18:c6:e0:
+         34:4e:5c:8d:21:ed:cc:3b:3e:33:9f:74:9e:dd:52:76:3a:6e:
+         a2:44:ff:fc:ea:1f:b0:71:dc:9e:7f:a3:f4:b8:c9:e7:5e:18:
+         c9:98
+-----BEGIN CERTIFICATE-----
+MIID8zCCA1ygAwIBAgIBIDANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE1MDUwNzE3Mjgx
+M1oXDTI1MDUwNDE3MjgxM1owgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWxldmFuMRAwDgYDVQQp
+EwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAqt3CtHAhPvBnXRH8UQP/gt16Ia+fD8Iso07R
+W6Bn2KYCDp/pd3ZO1YUmTQMoZnJMUFEY5uDkvKJ9SaZVDvYyf9OXU5kAcHQ6JNbS
+fRNg7jDTG5KBijjnZ9wgaH7HK448XofEqc69/ClQBs7x/A4a9tPgNcy3mfsZ71yw
+VjK2wN8CAwEAAaOCAUYwggFCMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
+c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUTu/HPT/DObe7
+P0rEZTgSGvZSKIAwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+Oh
+gZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
+BkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZp
+Y2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQE
+AwIHgDANBgkqhkiG9w0BAQUFAAOBgQAmxEoE9RSXtHORl4YQU1xfxNNhzLg48/Ua
+a6d+Sch2DQ2pylXC3hczO3bYkxF5z/Q3gh7H/ck4glwsekK/QI7bVv2joXP5hMRg
+f0vwNoC02mcY4oWRbG4YxuA0TlyNIe3MOz4zn3Se3VJ2Om6iRP/86h+wcdyef6P0
+uMnnXhjJmA==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/21.pem b/OPP/openvpn/keys/21.pem
new file mode 100644
index 0000000..e5039e8
--- /dev/null
+++ b/OPP/openvpn/keys/21.pem
@@ -0,0 +1,72 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 33 (0x21)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 22 22:55:53 2015 GMT
+            Not After : May 19 22:55:53 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-katrin-priv/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:be:4f:1e:d3:bd:2b:84:57:03:b7:6e:64:fc:bb:
+                    94:70:a4:28:37:80:4c:49:a3:90:1d:8e:09:53:40:
+                    8a:e2:97:9e:9e:e1:cd:32:0d:e4:04:a2:da:87:8a:
+                    4f:3d:13:df:f6:87:59:83:04:65:68:23:e7:2f:3c:
+                    c0:25:68:2f:bf:07:cc:fe:b0:9e:fa:30:9d:6e:21:
+                    eb:12:fd:c3:a7:fe:cd:c9:40:bf:14:db:e5:83:4c:
+                    f9:7d:44:12:74:80:bc:38:82:1f:81:ed:49:5e:3a:
+                    a3:35:ca:12:5b:32:f7:6d:2a:bb:e8:5f:ac:22:d7:
+                    59:7c:d5:e1:92:62:57:0a:fb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                CC:F4:5A:3A:2D:0A:78:23:19:14:F2:39:46:24:0F:6F:B0:14:AC:C2
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         84:10:b0:e9:2e:86:74:09:f1:47:9c:56:d4:ff:b4:c4:1a:18:
+         b1:2d:9d:9b:ff:dd:d8:f8:fc:5f:d4:4d:18:0f:b9:ba:28:38:
+         e3:aa:49:66:2a:77:3d:3c:5c:d0:7a:fc:25:d8:5f:a5:ba:67:
+         77:50:9a:46:4c:14:b2:fb:6f:e6:d0:fa:19:1b:43:24:64:8f:
+         c6:7b:b8:4b:ea:62:66:51:dc:6e:a7:df:be:4d:f0:c7:c9:7c:
+         08:08:9f:11:47:90:dc:13:3d:1d:9d:11:24:91:06:60:26:1c:
+         e5:1f:00:d9:57:b0:fe:5d:f9:be:89:0f:ef:24:ae:3e:24:de:
+         80:46
+-----BEGIN CERTIFICATE-----
+MIID5zCCA1CgAwIBAgIBITANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE1MDUyMjIyNTU1
+M1oXDTI1MDUxOTIyNTU1M1owgZgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWthdHJpbi1wcml2MR0w
+GwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAvk8e070rhFcDt25k/LuUcKQoN4BMSaOQHY4JU0CK4peenuHNMg3k
+BKLah4pPPRPf9odZgwRlaCPnLzzAJWgvvwfM/rCe+jCdbiHrEv3Dp/7NyUC/FNvl
+g0z5fUQSdIC8OIIfge1JXjqjNcoSWzL3bSq76F+sItdZfNXhkmJXCvsCAwEAAaOC
+AUYwggFCMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUzPRaOi0KeCMZFPI5RiQPb7AUrMIw
+gcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJ
+BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
+A1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQD
+EwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdE
+FItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG
+9w0BAQUFAAOBgQCEELDpLoZ0CfFHnFbU/7TEGhixLZ2b/93Y+Pxf1E0YD7m6KDjj
+qklmKnc9PFzQevwl2F+lumd3UJpGTBSy+2/m0PoZG0MkZI/Ge7hL6mJmUdxup9++
+TfDHyXwICJ8RR5DcEz0dnREkkQZgJhzlHwDZV7D+Xfm+iQ/vJK4+JN6ARg==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/22.pem b/OPP/openvpn/keys/22.pem
new file mode 100644
index 0000000..5758231
--- /dev/null
+++ b/OPP/openvpn/keys/22.pem
@@ -0,0 +1,84 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 34 (0x22)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Dec 27 20:33:43 2016 GMT
+            Not After : Dec 25 20:33:43 2026 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-hannes/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b6:d5:54:2c:c2:b5:0f:1a:36:92:52:a0:be:aa:
+                    22:41:4f:fb:27:86:a7:11:78:53:7f:80:69:99:a9:
+                    a4:81:95:b9:5b:40:4f:25:d6:40:14:2b:cc:1a:62:
+                    a0:40:79:82:af:f9:ab:fc:22:b8:0b:c8:35:83:d5:
+                    98:f2:7b:08:d1:38:f2:c3:3b:39:a0:97:7a:04:0d:
+                    e6:6c:cb:b8:2e:2a:f8:a5:79:96:8d:c6:e9:0f:22:
+                    2c:fd:e7:50:61:b2:f7:bb:ba:20:05:1a:85:27:d9:
+                    94:82:74:06:39:91:42:fa:1f:c2:dc:e0:f0:c7:70:
+                    03:46:4d:52:44:f1:0e:c9:4e:e2:a3:11:50:23:4d:
+                    0a:dc:2f:13:e3:a3:f7:5f:14:64:a3:03:08:e2:d6:
+                    83:af:46:ac:68:43:ef:5c:12:0e:cf:ab:37:ab:6c:
+                    8d:91:25:dc:91:73:18:18:76:7e:53:4a:b7:54:5e:
+                    2d:80:eb:6c:cc:8e:18:1b:4d:29:51:72:68:4e:4d:
+                    7c:7e:8b:00:17:40:a8:43:02:33:bc:83:72:40:d0:
+                    49:f8:44:1b:88:8f:37:c4:f6:4f:28:28:5f:3b:cd:
+                    e0:14:fc:fc:6a:20:23:45:13:b3:da:ac:b6:d9:e5:
+                    d7:49:8c:21:87:7b:88:a1:38:23:7b:45:62:ac:9b:
+                    65:ab
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                34:BB:16:9D:D8:4B:1C:E1:52:EA:4C:3B:47:5E:0C:4F:B6:E4:A2:0A
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         a6:c3:00:02:cc:53:bc:07:5e:75:ca:a9:99:72:e6:39:91:82:
+         91:55:ca:17:c5:d8:48:c0:62:83:1a:84:23:52:9a:42:ec:6e:
+         fd:56:d7:39:79:d2:5c:a6:27:88:93:50:fe:20:26:e5:38:0c:
+         c4:b1:8b:ce:4f:96:6d:b2:14:0b:88:a3:47:a1:ec:03:51:71:
+         f8:09:57:71:2a:99:89:69:71:87:2d:2e:a6:fb:b5:ae:a0:25:
+         91:8e:7f:2f:9c:bb:87:c1:a5:2c:8a:e5:5f:b9:cf:bf:b3:93:
+         01:05:5c:b7:56:f6:99:79:c9:fd:dd:28:2a:33:d9:81:46:dc:
+         22:d6
+-----BEGIN CERTIFICATE-----
+MIIEeDCCA+GgAwIBAgIBIjANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE2MTIyNzIwMzM0
+M1oXDTI2MTIyNTIwMzM0M1owgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRcwFQYDVQQDEw5PUFAtVnBuLWhhbm5lczEQMA4GA1UE
+KRMHT1BQLVZwbjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC21VQswrUPGjaSUqC+qiJBT/snhqcR
+eFN/gGmZqaSBlblbQE8l1kAUK8waYqBAeYKv+av8IrgLyDWD1ZjyewjROPLDOzmg
+l3oEDeZsy7guKvileZaNxukPIiz951Bhsve7uiAFGoUn2ZSCdAY5kUL6H8Lc4PDH
+cANGTVJE8Q7JTuKjEVAjTQrcLxPjo/dfFGSjAwji1oOvRqxoQ+9cEg7PqzerbI2R
+JdyRcxgYdn5TSrdUXi2A62zMjhgbTSlRcmhOTXx+iwAXQKhDAjO8g3JA0En4RBuI
+jzfE9k8oKF87zeAU/PxqICNFE7ParLbZ5ddJjCGHe4ihOCN7RWKsm2WrAgMBAAGj
+ggFGMIIBQjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5l
+cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFDS7Fp3YSxzhUupMO0deDE+25KIK
+MIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UE
+AxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDX
+RBSLVaPfiDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZI
+hvcNAQEFBQADgYEApsMAAsxTvAdedcqpmXLmOZGCkVXKF8XYSMBigxqEI1KaQuxu
+/VbXOXnSXKYniJNQ/iAm5TgMxLGLzk+WbbIUC4ijR6HsA1Fx+AlXcSqZiWlxhy0u
+pvu1rqAlkY5/L5y7h8GlLIrlX7nPv7OTAQVct1b2mXnJ/d0oKjPZgUbcItY=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/23.pem b/OPP/openvpn/keys/23.pem
new file mode 100644
index 0000000..5a49c95
--- /dev/null
+++ b/OPP/openvpn/keys/23.pem
@@ -0,0 +1,84 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 35 (0x23)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Dec 27 20:39:45 2016 GMT
+            Not After : Dec 25 20:39:45 2026 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ingmar/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b5:bd:72:97:9d:5e:72:39:c8:0f:b8:c6:85:06:
+                    9a:e3:ec:7b:7f:1f:49:72:f9:c9:fe:de:4d:21:ac:
+                    78:bf:13:f8:43:e3:48:5e:28:f0:b4:55:dc:46:6b:
+                    ee:47:16:9d:e8:5d:a9:89:b4:02:59:5d:f0:e7:6e:
+                    41:89:2c:b2:4c:18:54:3a:dc:72:d2:3d:4c:bf:0d:
+                    ca:79:0a:79:57:83:49:7d:9c:49:84:c5:74:ef:7e:
+                    9a:1e:40:38:e4:f8:b9:55:c5:c8:99:fc:c2:88:e5:
+                    d9:bc:f0:2f:7b:ea:b1:1b:77:b8:3b:91:05:a2:d5:
+                    77:3b:ca:e9:11:f2:67:75:1d:6f:ee:59:2b:fb:4a:
+                    17:6d:42:6e:dd:59:17:cc:bd:81:95:25:f3:47:b0:
+                    fb:4a:25:7c:0c:8d:70:cf:7b:ea:83:df:04:8c:8c:
+                    6e:4c:de:38:33:bb:2a:99:4a:dc:db:fc:eb:17:7d:
+                    45:63:d9:e4:c2:8f:98:52:03:36:22:63:58:9e:f4:
+                    47:41:ab:57:8d:69:77:9b:83:67:a3:0e:c2:94:03:
+                    68:cc:ba:2b:3f:4a:85:52:cb:91:c6:6c:95:ef:3d:
+                    01:e6:68:42:10:00:43:15:a6:bb:97:88:b5:3b:fd:
+                    1e:56:53:b9:25:bb:0d:5f:43:9f:78:69:6d:e6:71:
+                    20:53
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                DE:29:18:64:B7:D1:DC:F4:8D:F4:86:36:40:DE:36:4F:C4:01:6C:16
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         84:f7:3e:16:32:37:24:58:24:64:98:8b:22:bd:c6:43:31:78:
+         87:aa:45:ca:9c:32:19:c2:04:27:5e:e2:f9:2c:e2:cb:ee:7a:
+         75:9e:2f:3a:c5:18:bd:fd:66:72:6e:15:23:c8:48:45:8a:2c:
+         e9:9a:62:c9:58:8e:b7:9d:bf:a0:9b:dc:dd:21:2c:53:e6:dc:
+         15:68:1c:fc:01:1f:50:7b:65:57:e0:09:c4:41:a9:3f:4e:f5:
+         73:85:73:d5:5a:f3:2e:4c:93:37:f9:cc:75:a0:69:08:a2:9c:
+         bb:4f:1b:f5:63:26:01:a2:fa:8f:4d:40:13:f5:d5:59:dc:91:
+         a5:d1
+-----BEGIN CERTIFICATE-----
+MIIEeDCCA+GgAwIBAgIBIzANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE2MTIyNzIwMzk0
+NVoXDTI2MTIyNTIwMzk0NVowgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRcwFQYDVQQDEw5PUFAtVnBuLWluZ21hcjEQMA4GA1UE
+KRMHT1BQLVZwbjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1vXKXnV5yOcgPuMaFBprj7Ht/H0ly
++cn+3k0hrHi/E/hD40heKPC0VdxGa+5HFp3oXamJtAJZXfDnbkGJLLJMGFQ63HLS
+PUy/Dcp5CnlXg0l9nEmExXTvfpoeQDjk+LlVxciZ/MKI5dm88C976rEbd7g7kQWi
+1Xc7yukR8md1HW/uWSv7ShdtQm7dWRfMvYGVJfNHsPtKJXwMjXDPe+qD3wSMjG5M
+3jgzuyqZStzb/OsXfUVj2eTCj5hSAzYiY1ie9EdBq1eNaXebg2ejDsKUA2jMuis/
+SoVSy5HGbJXvPQHmaEIQAEMVpruXiLU7/R5WU7kluw1fQ594aW3mcSBTAgMBAAGj
+ggFGMIIBQjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5l
+cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFN4pGGS30dz0jfSGNkDeNk/EAWwW
+MIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UE
+AxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDX
+RBSLVaPfiDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZI
+hvcNAQEFBQADgYEAhPc+FjI3JFgkZJiLIr3GQzF4h6pFypwyGcIEJ17i+Sziy+56
+dZ4vOsUYvf1mcm4VI8hIRYos6ZpiyViOt52/oJvc3SEsU+bcFWgc/AEfUHtlV+AJ
+xEGpP071c4Vz1VrzLkyTN/nMdaBpCKKcu08b9WMmAaL6j01AE/XVWdyRpdE=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/24.pem b/OPP/openvpn/keys/24.pem
new file mode 100644
index 0000000..7224e17
--- /dev/null
+++ b/OPP/openvpn/keys/24.pem
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 36 (0x24)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jan 14 14:55:55 2017 GMT
+            Not After : Jan 14 14:55:55 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ines/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c2:99:2e:75:fe:2b:ea:c1:45:0a:45:58:96:f6:
+                    63:e8:26:2d:90:1a:0c:1f:4d:3c:27:4c:c8:0f:15:
+                    7a:c3:c1:d3:fb:b5:ee:8d:dd:e5:8c:04:a4:75:61:
+                    a7:28:24:83:a8:a0:b6:fa:d6:b8:88:d7:d5:b6:21:
+                    ee:9a:7a:4b:6f:11:d5:77:5b:4a:c1:b6:08:6e:33:
+                    31:1e:1f:c1:1c:b3:17:d2:5d:8b:6a:8b:8b:a4:dc:
+                    cf:33:39:49:92:3e:9e:55:1e:ea:79:87:ff:d7:e4:
+                    ed:0a:98:60:7a:95:05:76:b1:8f:f9:2c:19:15:0c:
+                    df:6e:71:d1:78:71:c6:c4:9e:c3:32:d8:59:25:1e:
+                    5e:2b:2f:83:de:6f:de:c1:40:6d:0b:09:ec:ab:c6:
+                    c1:1b:88:c8:8b:72:50:98:8b:c6:5b:7d:86:d4:f2:
+                    f4:3e:f8:82:2e:f5:bd:6e:08:4e:d2:38:0c:86:17:
+                    86:39:5c:09:de:15:ef:b9:67:e9:e9:0b:ae:dd:68:
+                    7c:f5:be:e8:57:96:07:02:88:d1:78:ea:f2:20:64:
+                    cd:6f:98:6b:5b:d9:82:bd:34:11:ae:aa:4e:b7:27:
+                    81:f8:37:1e:f6:81:96:c8:1f:48:87:5d:8b:72:74:
+                    e5:77:b1:54:49:11:6c:a8:95:37:7d:6b:9b:b7:00:
+                    94:b1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                4C:7D:52:81:5E:B1:46:7E:B6:30:73:51:25:69:10:63:30:BA:73:BC
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:ines
+    Signature Algorithm: sha256WithRSAEncryption
+         7a:53:b1:3f:53:41:a0:62:bc:fa:ad:fd:cf:b3:b5:a2:40:d0:
+         8d:10:77:39:eb:71:91:1c:a3:b1:c9:4b:8d:cb:6f:d0:b1:b0:
+         67:31:8a:87:4e:72:0c:01:e3:ef:e4:f6:89:5b:c7:1e:a8:a8:
+         73:39:9c:49:78:04:df:e1:8a:9a:e6:ce:50:c8:ca:70:ab:f1:
+         01:43:08:4e:bd:38:ca:6c:cf:40:e9:dd:4e:7e:fe:d1:56:49:
+         6c:69:77:90:54:73:97:dd:0c:c0:33:cc:24:45:7c:c1:b1:d6:
+         8d:c4:85:50:b3:19:4a:49:fa:29:e2:19:ec:e0:68:56:e5:76:
+         aa:bb
+-----BEGIN CERTIFICATE-----
+MIIEhzCCA/CgAwIBAgIBJDANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MDExNDE0NTU1
+NVoXDTM3MDExNDE0NTU1NVowgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLWluZXMxEDAOBgNVBCkT
+B09QUC1WcG4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpkudf4r6sFFCkVYlvZj6CYtkBoMH008
+J0zIDxV6w8HT+7Xujd3ljASkdWGnKCSDqKC2+ta4iNfVtiHumnpLbxHVd1tKwbYI
+bjMxHh/BHLMX0l2LaouLpNzPMzlJkj6eVR7qeYf/1+TtCphgepUFdrGP+SwZFQzf
+bnHReHHGxJ7DMthZJR5eKy+D3m/ewUBtCwnsq8bBG4jIi3JQmIvGW32G1PL0PviC
+LvW9bghO0jgMhheGOVwJ3hXvuWfp6Quu3Wh89b7oV5YHAojReOryIGTNb5hrW9mC
+vTQRrqpOtyeB+Dce9oGWyB9Ih12LcnTld7FUSRFsqJU3fWubtwCUsQIDAQABo4IB
+VzCCAVMwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
+dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRMfVKBXrFGfrYwc1ElaRBjMLpzvDCB
+xAYDVR0jBIG8MIG5gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMT
+Ck9QUC1WcG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QU
+i1Wj34gwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQI
+MAaCBGluZXMwDQYJKoZIhvcNAQELBQADgYEAelOxP1NBoGK8+q39z7O1okDQjRB3
+OetxkRyjsclLjctv0LGwZzGKh05yDAHj7+T2iVvHHqioczmcSXgE3+GKmubOUMjK
+cKvxAUMITr04ymzPQOndTn7+0VZJbGl3kFRzl90MwDPMJEV8wbHWjcSFULMZSkn6
+KeIZ7OBoVuV2qrs=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/25.pem b/OPP/openvpn/keys/25.pem
new file mode 100644
index 0000000..0eb367f
--- /dev/null
+++ b/OPP/openvpn/keys/25.pem
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 37 (0x25)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  2 11:42:51 2017 GMT
+            Not After : Feb  2 11:42:51 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-eli/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d4:cd:55:f6:92:f2:6d:9b:49:d4:39:34:88:6e:
+                    fb:d8:00:32:3a:f1:56:dc:47:ab:95:e1:94:22:29:
+                    b2:1d:d9:57:3d:dc:4c:40:f2:d9:8b:0d:24:05:5f:
+                    03:c0:ae:14:f9:5b:7b:2d:3f:33:c3:73:c7:a9:46:
+                    e6:72:f0:f8:22:be:98:a1:55:0a:14:d7:30:62:89:
+                    af:6e:9d:cb:1a:4a:ba:df:81:16:3e:28:c3:71:95:
+                    d9:a3:c9:4f:c8:44:e8:4f:06:ee:18:1a:d3:d4:26:
+                    12:7d:c1:74:28:77:39:e6:c4:cf:2c:5f:4f:0c:10:
+                    7e:22:5c:10:87:4e:49:46:a2:b2:08:b3:75:92:b0:
+                    ec:f8:90:28:23:53:35:5b:cc:e8:19:69:3a:77:e1:
+                    11:d2:3e:19:8b:5c:c0:5e:be:52:62:0e:60:21:d5:
+                    ef:ef:81:8b:71:f4:c3:64:64:8a:e2:e0:7c:71:c1:
+                    57:fa:78:ba:6d:ea:e3:d9:bb:14:01:6d:26:03:6e:
+                    0e:9b:02:b8:25:87:30:5d:0b:63:e0:fc:3b:cb:d5:
+                    76:a5:4c:9e:9c:8d:41:18:f3:bf:8b:e1:c8:a1:ae:
+                    eb:47:c7:90:94:03:41:8f:19:87:ef:72:4a:2e:5d:
+                    05:1f:83:61:00:86:4f:ba:b6:2f:54:7e:3f:e1:76:
+                    4c:8f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                79:1D:DE:0C:92:00:9F:55:5F:53:27:81:B9:C2:DF:DB:3C:86:75:1E
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:eli
+    Signature Algorithm: sha256WithRSAEncryption
+         69:08:44:10:57:57:3b:a1:e4:a2:65:a2:c3:2b:85:9b:5c:0b:
+         d7:5e:d8:3c:79:a4:b1:58:b8:c0:8c:be:6a:00:4d:fb:73:64:
+         c6:ff:eb:0d:35:7e:33:f1:81:eb:84:e4:e3:19:16:52:2f:33:
+         fb:aa:4a:27:5e:9c:7d:4f:e5:49:0d:6e:9c:6d:84:cb:4f:a8:
+         41:27:1d:71:4c:8f:ff:dc:88:96:70:c1:39:ac:35:b7:bd:a7:
+         cf:aa:09:8d:ec:8c:52:4c:a1:b5:3d:00:80:38:af:0b:b6:1b:
+         87:ca:ba:a9:d3:8b:3a:39:44:07:57:ee:bb:fa:6e:56:74:80:
+         fc:cd
+-----BEGIN CERTIFICATE-----
+MIIEhTCCA+6gAwIBAgIBJTANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MDIwMjExNDI1
+MVoXDTM3MDIwMjExNDI1MVowgaIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRQwEgYDVQQDEwtPUFAtVnBuLWVsaTEQMA4GA1UEKRMH
+T1BQLVZwbjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUzVX2kvJtm0nUOTSIbvvYADI68VbcR6uV
+4ZQiKbId2Vc93ExA8tmLDSQFXwPArhT5W3stPzPDc8epRuZy8PgivpihVQoU1zBi
+ia9uncsaSrrfgRY+KMNxldmjyU/IROhPBu4YGtPUJhJ9wXQodznmxM8sX08MEH4i
+XBCHTklGorIIs3WSsOz4kCgjUzVbzOgZaTp34RHSPhmLXMBevlJiDmAh1e/vgYtx
+9MNkZIri4HxxwVf6eLpt6uPZuxQBbSYDbg6bArglhzBdC2Pg/DvL1XalTJ6cjUEY
+87+L4cihrutHx5CUA0GPGYfvckouXQUfg2EAhk+6ti9Ufj/hdkyPAgMBAAGjggFW
+MIIBUjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFHkd3gySAJ9VX1MngbnC39s8hnUeMIHE
+BgNVHSMEgbwwgbmAFOFNw2v0fIF7FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
+T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSL
+VaPfiDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDgYDVR0RBAcw
+BYIDZWxpMA0GCSqGSIb3DQEBCwUAA4GBAGkIRBBXVzuh5KJlosMrhZtcC9de2Dx5
+pLFYuMCMvmoATftzZMb/6w01fjPxgeuE5OMZFlIvM/uqSidenH1P5UkNbpxthMtP
+qEEnHXFMj//ciJZwwTmsNbe9p8+qCY3sjFJMobU9AIA4rwu2G4fKuqnTizo5RAdX
+7rv6blZ0gPzN
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/26.pem b/OPP/openvpn/keys/26.pem
new file mode 100644
index 0000000..61af524
--- /dev/null
+++ b/OPP/openvpn/keys/26.pem
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 38 (0x26)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 15 01:22:04 2017 GMT
+            Not After : May 15 01:22:04 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-cristina/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a0:34:ab:d6:98:48:9b:5c:84:c7:27:2d:d7:d4:
+                    45:b5:e7:d7:b5:4d:99:4a:a5:38:a2:95:a0:d7:78:
+                    5d:3e:de:0e:4f:4e:3d:9c:af:fb:cb:2f:a5:4e:25:
+                    19:f5:84:4f:a3:f8:98:db:77:58:42:7e:c1:16:f1:
+                    c7:09:2f:9a:ca:a5:e5:f3:1e:8d:9c:5f:54:8a:71:
+                    50:43:b5:e0:41:1a:ee:b4:69:32:f2:ab:7c:17:52:
+                    96:d1:7a:51:27:6f:83:44:2b:18:12:da:f9:9a:90:
+                    d4:c6:78:39:02:25:5c:86:d6:95:a1:81:77:54:2d:
+                    45:32:f8:c5:11:f5:75:d0:c2:3e:73:42:00:ba:d2:
+                    ef:a3:f0:52:0c:e7:6a:1a:2a:fd:c6:c4:54:3b:b7:
+                    f0:1f:f8:f6:3c:a2:bf:16:da:3b:fd:31:bd:b4:ec:
+                    16:da:03:78:be:ef:9c:9b:9e:c3:d0:4c:8e:53:2f:
+                    b6:87:cb:5d:b5:98:db:b3:9e:aa:46:09:cf:e0:f0:
+                    b0:35:dd:0a:ee:9a:15:7d:68:19:db:ea:84:42:97:
+                    4b:93:e1:7d:81:c0:d0:08:8a:01:04:23:89:0d:5f:
+                    e1:61:71:73:b6:e6:a0:3f:99:2f:f2:b3:5f:2b:fe:
+                    29:8a:69:d8:51:56:6c:6a:5e:46:25:16:96:cc:0e:
+                    57:97
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                75:75:D5:F4:C5:31:31:04:BB:9A:F7:7A:77:07:B1:18:73:27:54:18
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:cristina
+    Signature Algorithm: sha256WithRSAEncryption
+         53:31:84:22:c1:63:1d:0a:9b:34:4a:9e:d3:78:a5:46:62:87:
+         33:e6:eb:23:72:aa:c6:f0:9c:0b:b2:26:49:0a:f5:bb:de:89:
+         c3:9d:79:1f:d6:2d:79:99:42:04:ff:ad:d8:44:b2:f8:81:b4:
+         a1:84:ca:72:ba:a8:86:ac:bb:fc:8d:a1:26:c2:95:0a:76:55:
+         54:e5:34:b9:57:ce:2c:9a:01:5c:ec:79:ca:0e:2d:f6:80:70:
+         13:bb:c7:d4:cc:cc:d9:ac:26:5c:57:aa:14:9f:ea:da:c2:ca:
+         ef:1c:c3:1d:50:82:f3:5e:34:7d:73:fd:40:2b:db:0d:e1:83:
+         1b:39
+-----BEGIN CERTIFICATE-----
+MIIEjzCCA/igAwIBAgIBJjANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MDUxNTAxMjIw
+NFoXDTM3MDUxNTAxMjIwNFowgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRkwFwYDVQQDExBPUFAtVnBuLWNyaXN0aW5hMRAwDgYD
+VQQpEwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKA0q9aYSJtchMcnLdfURbXn17VN
+mUqlOKKVoNd4XT7eDk9OPZyv+8svpU4lGfWET6P4mNt3WEJ+wRbxxwkvmsql5fMe
+jZxfVIpxUEO14EEa7rRpMvKrfBdSltF6USdvg0QrGBLa+ZqQ1MZ4OQIlXIbWlaGB
+d1QtRTL4xRH1ddDCPnNCALrS76PwUgznahoq/cbEVDu38B/49jyivxbaO/0xvbTs
+FtoDeL7vnJuew9BMjlMvtofLXbWY27OeqkYJz+DwsDXdCu6aFX1oGdvqhEKXS5Ph
+fYHA0AiKAQQjiQ1f4WFxc7bmoD+ZL/KzXyv+KYpp2FFWbGpeRiUWlswOV5cCAwEA
+AaOCAVswggFXMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdl
+bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUdXXV9MUxMQS7mvd6dwexGHMn
+VBgwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8x
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYD
+VQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJ
+ANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNV
+HREEDDAKgghjcmlzdGluYTANBgkqhkiG9w0BAQsFAAOBgQBTMYQiwWMdCps0Sp7T
+eKVGYocz5usjcqrG8JwLsiZJCvW73onDnXkf1i15mUIE/63YRLL4gbShhMpyuqiG
+rLv8jaEmwpUKdlVU5TS5V84smgFc7HnKDi32gHATu8fUzMzZrCZcV6oUn+rawsrv
+HMMdUILzXjR9c/1AK9sN4YMbOQ==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/27.pem b/OPP/openvpn/keys/27.pem
new file mode 100644
index 0000000..5ff8594
--- /dev/null
+++ b/OPP/openvpn/keys/27.pem
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 39 (0x27)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Sep 17 22:15:42 2017 GMT
+            Not After : Sep 17 22:15:42 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-amine/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ce:c6:12:91:aa:6a:5f:86:c8:ab:f0:cb:34:1d:
+                    8f:f5:5e:78:ec:85:b0:d9:6b:1e:2a:c4:70:f5:57:
+                    cd:f0:fb:bc:22:1a:d9:b1:7b:92:a4:83:b0:b3:f7:
+                    96:29:a3:49:81:5c:37:03:85:45:60:70:0e:e3:71:
+                    58:c2:02:5a:19:a1:96:9d:78:69:46:b0:fa:b0:34:
+                    29:8a:56:12:81:7b:00:1e:75:38:e6:09:02:b3:46:
+                    1d:44:5e:c3:44:b5:a7:83:e4:42:c1:75:8f:ec:ee:
+                    0e:62:95:0b:c6:72:3c:20:b3:ff:41:d0:7f:04:e6:
+                    53:1e:d1:47:09:b0:cd:e8:fe:81:f8:9d:4c:e5:bc:
+                    68:32:45:ed:b4:74:c0:28:fa:60:2d:86:79:6a:eb:
+                    30:86:07:42:04:b1:0e:a5:3b:fd:74:42:0c:50:99:
+                    4a:e0:29:05:4f:5c:d5:c5:42:e0:98:7a:9e:e3:49:
+                    47:1d:26:6e:98:70:3e:ac:52:fd:04:e3:24:13:43:
+                    ec:a7:92:74:d2:58:8b:89:46:f0:33:ff:a3:f0:67:
+                    8e:b0:d5:45:0d:43:0c:40:09:86:c6:5d:cc:ad:45:
+                    9e:18:a1:83:12:4c:f8:38:4c:99:cf:90:8b:e1:f1:
+                    39:09:fc:0a:47:8c:71:a5:9b:7b:a1:53:8d:63:44:
+                    0c:2b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                95:F1:35:CE:66:8F:B1:48:2E:54:66:83:5C:FB:E8:3A:0F:F2:78:60
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:amine
+    Signature Algorithm: sha256WithRSAEncryption
+         05:c8:92:b4:40:e7:19:42:6f:43:71:86:59:be:43:9a:6d:45:
+         de:2e:e1:c6:3f:49:3b:62:b2:0d:c8:fc:6c:2c:8a:eb:d3:af:
+         51:46:41:64:ef:39:cd:d3:8f:79:2d:1d:d5:06:1d:81:dc:0c:
+         45:52:67:c0:68:03:15:75:eb:4a:6c:f8:83:97:86:00:8e:b4:
+         a9:ee:d7:45:32:41:23:29:da:d0:57:f7:15:52:98:5f:12:90:
+         2e:ea:ee:3c:34:70:f5:a0:be:02:fb:25:65:34:08:96:1b:84:
+         cb:3f:3c:2e:8b:7b:13:e0:d0:46:f7:0f:a0:16:bc:8d:62:03:
+         8d:3c
+-----BEGIN CERTIFICATE-----
+MIIEiTCCA/KgAwIBAgIBJzANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MDkxNzIyMTU0
+MloXDTM3MDkxNzIyMTU0MlowgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWFtaW5lMRAwDgYDVQQp
+EwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM7GEpGqal+GyKvwyzQdj/VeeOyFsNlr
+HirEcPVXzfD7vCIa2bF7kqSDsLP3limjSYFcNwOFRWBwDuNxWMICWhmhlp14aUaw
++rA0KYpWEoF7AB51OOYJArNGHURew0S1p4PkQsF1j+zuDmKVC8ZyPCCz/0HQfwTm
+Ux7RRwmwzej+gfidTOW8aDJF7bR0wCj6YC2GeWrrMIYHQgSxDqU7/XRCDFCZSuAp
+BU9c1cVC4Jh6nuNJRx0mbphwPqxS/QTjJBND7KeSdNJYi4lG8DP/o/BnjrDVRQ1D
+DEAJhsZdzK1FnhihgxJM+DhMmc+Qi+HxOQn8CkeMcaWbe6FTjWNEDCsCAwEAAaOC
+AVgwggFUMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUlfE1zmaPsUguVGaDXPvoOg/yeGAw
+gcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJ
+BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
+A1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQD
+EwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdE
+FItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
+CTAHggVhbWluZTANBgkqhkiG9w0BAQsFAAOBgQAFyJK0QOcZQm9DcYZZvkOabUXe
+LuHGP0k7YrINyPxsLIrr069RRkFk7znN0495LR3VBh2B3AxFUmfAaAMVdetKbPiD
+l4YAjrSp7tdFMkEjKdrQV/cVUphfEpAu6u48NHD1oL4C+yVlNAiWG4TLPzwui3sT
+4NBG9w+gFryNYgONPA==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/28.pem b/OPP/openvpn/keys/28.pem
new file mode 100644
index 0000000..95d27e9
--- /dev/null
+++ b/OPP/openvpn/keys/28.pem
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 40 (0x28)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov 14 02:38:46 2017 GMT
+            Not After : Nov 14 02:38:46 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-laptop-opp1/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c5:6d:a2:af:0d:9b:bc:eb:77:08:d3:c1:da:79:
+                    ce:9a:d0:27:74:d2:5e:ce:68:52:35:ea:72:63:a6:
+                    ba:a8:d5:47:41:95:10:d5:56:fc:07:c2:24:4e:28:
+                    06:04:f5:74:43:05:52:86:36:86:f9:8f:79:c5:73:
+                    0e:a8:c2:e7:5b:7e:08:79:02:a2:a8:21:59:6e:f5:
+                    19:c6:59:6c:96:66:dc:24:c3:1c:18:e0:09:e4:6e:
+                    2c:33:33:c4:37:ad:bf:06:93:93:ac:df:98:8a:93:
+                    11:8c:6b:c9:d8:39:dd:66:01:d8:80:ed:ab:42:1e:
+                    82:78:2e:e0:a2:98:3d:b3:39:b8:47:1a:81:4b:a4:
+                    e9:c3:2f:b2:10:7a:ab:ba:65:73:8e:0a:23:54:9d:
+                    3e:4b:4f:09:95:f7:6f:c8:33:3a:ae:63:87:1f:ba:
+                    67:f6:03:02:62:c5:22:9b:b6:97:36:eb:11:f7:13:
+                    62:f3:1c:79:b1:22:b1:b8:f2:f9:ed:57:0c:54:50:
+                    69:49:ce:a6:e3:4d:f2:39:41:4e:8a:1c:32:aa:87:
+                    9e:b0:de:93:37:87:34:b6:1e:ca:94:d2:48:0a:50:
+                    31:c5:c0:41:78:7b:2e:c1:8b:75:95:44:10:06:91:
+                    20:39:54:a9:50:36:b4:95:2f:69:7b:21:cc:13:a3:
+                    38:2d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                82:A2:3A:69:48:F0:DE:60:58:8C:C6:75:BD:C1:54:4F:99:A3:3C:50
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:laptop-opp1
+    Signature Algorithm: sha256WithRSAEncryption
+         13:a4:d5:2c:2c:59:3f:9f:ef:ac:36:d4:21:a5:5a:d9:f3:be:
+         13:09:f5:53:9f:e9:2d:e2:25:9c:72:f0:a6:bb:8a:12:6d:9d:
+         f8:1c:64:8d:b9:db:58:c1:6b:49:ba:06:eb:45:69:31:8d:22:
+         29:55:4a:cb:2c:4f:0d:c6:c7:af:e4:9a:c1:47:34:2e:87:6f:
+         1b:0d:88:09:3e:db:e0:82:96:8d:cd:b8:66:06:a7:ed:a0:2f:
+         e5:d6:f0:ab:e7:db:8e:0b:5b:81:e4:16:2d:83:08:0a:c5:33:
+         4e:27:96:ca:60:88:3b:4c:80:eb:af:45:d5:59:a2:f0:31:cf:
+         30:52
+-----BEGIN CERTIFICATE-----
+MIIElTCCA/6gAwIBAgIBKDANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MTExNDAyMzg0
+NloXDTM3MTExNDAyMzg0NlowgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAxMRAw
+DgYDVQQpEwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVtoq8Nm7zrdwjTwdp5zprQ
+J3TSXs5oUjXqcmOmuqjVR0GVENVW/AfCJE4oBgT1dEMFUoY2hvmPecVzDqjC51t+
+CHkCoqghWW71GcZZbJZm3CTDHBjgCeRuLDMzxDetvwaTk6zfmIqTEYxrydg53WYB
+2IDtq0Iegngu4KKYPbM5uEcagUuk6cMvshB6q7plc44KI1SdPktPCZX3b8gzOq5j
+hx+6Z/YDAmLFIpu2lzbrEfcTYvMcebEisbjy+e1XDFRQaUnOpuNN8jlBToocMqqH
+nrDekzeHNLYeypTSSApQMcXAQXh7LsGLdZVEEAaRIDlUqVA2tJUvaXshzBOjOC0C
+AwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNB
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUgqI6aUjw3mBYjMZ1vcFU
+T5mjPFAwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIw
+gY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMw
+EQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
+ZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAW
+BgNVHREEDzANggtsYXB0b3Atb3BwMTANBgkqhkiG9w0BAQsFAAOBgQATpNUsLFk/
+n++sNtQhpVrZ874TCfVTn+kt4iWccvCmu4oSbZ34HGSNudtYwWtJugbrRWkxjSIp
+VUrLLE8Nxsev5JrBRzQuh28bDYgJPtvggpaNzbhmBqftoC/l1vCr59uOC1uB5BYt
+gwgKxTNOJ5bKYIg7TIDrr0XVWaLwMc8wUg==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/29.pem b/OPP/openvpn/keys/29.pem
new file mode 100644
index 0000000..5f468c0
--- /dev/null
+++ b/OPP/openvpn/keys/29.pem
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 41 (0x29)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Dec 11 18:30:48 2017 GMT
+            Not After : Dec 11 18:30:48 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-laptop-opp3/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:e6:3e:4f:7d:ed:eb:e3:06:a0:2d:99:55:5b:9c:
+                    18:ca:7d:07:3d:76:ff:94:ec:1b:5a:21:d4:be:3b:
+                    2b:50:8b:72:48:55:33:7a:54:29:6b:d8:bb:11:cf:
+                    9a:7f:9c:20:69:fd:6e:7a:21:ac:19:46:db:2e:18:
+                    36:6d:4f:91:3b:e4:a5:6a:33:23:c6:06:62:c5:d5:
+                    28:c3:c4:28:3e:38:16:e6:03:64:95:18:13:19:95:
+                    e1:ca:da:41:a6:1c:99:56:16:eb:f2:70:c0:67:dc:
+                    0c:dd:d8:bc:6f:61:07:7d:02:76:c3:2c:f4:80:4c:
+                    42:e8:55:97:a0:a0:ea:78:1e:71:8a:bb:7b:bf:b5:
+                    2d:55:a6:a1:34:0d:3a:0e:d4:02:32:93:2b:3c:b3:
+                    b4:81:1f:63:39:c8:e6:2a:e9:ac:4f:93:bd:2a:6d:
+                    bf:b3:77:9b:d8:7a:27:0d:b2:44:d9:e4:b9:0f:cc:
+                    b0:27:5b:fb:32:a2:79:77:55:d8:b6:d0:63:c7:98:
+                    c5:44:47:4f:4d:67:22:e2:40:98:e0:0a:0f:bc:95:
+                    46:d7:4b:37:0b:e9:a7:11:a8:fd:07:f8:18:6d:59:
+                    8d:54:11:fc:9e:23:62:14:64:62:cf:0d:49:5d:41:
+                    95:c4:d3:ec:d4:03:e6:2e:69:15:6b:3f:36:15:66:
+                    58:c1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E7:EA:35:7F:B7:31:07:50:5B:54:2A:7C:35:F7:D7:40:CA:9F:B0:DA
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:laptop-opp3
+    Signature Algorithm: sha256WithRSAEncryption
+         46:4c:22:41:b0:fe:36:db:c2:e6:97:fc:50:ff:74:26:42:0e:
+         1f:0f:dc:76:8c:ea:3c:24:b9:b2:d3:8f:e2:5a:19:57:bb:15:
+         c8:4e:e9:fa:06:b8:61:1d:65:e9:46:2a:c6:cf:55:c5:1a:81:
+         7a:cb:0f:2e:5d:6a:bc:55:7a:a8:df:7a:16:62:6a:75:9d:de:
+         19:75:0d:58:2a:3d:92:c1:bc:79:52:b8:df:19:24:ac:63:fd:
+         b0:ce:8c:65:12:c5:03:c9:62:e7:14:85:ec:3a:20:6b:93:25:
+         ca:37:7b:5d:3a:7d:b2:f2:14:cf:e6:cc:de:5e:aa:d5:29:a2:
+         fc:07
+-----BEGIN CERTIFICATE-----
+MIIElTCCA/6gAwIBAgIBKTANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MTIxMTE4MzA0
+OFoXDTM3MTIxMTE4MzA0OFowgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAzMRAw
+DgYDVQQpEwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOY+T33t6+MGoC2ZVVucGMp9
+Bz12/5TsG1oh1L47K1CLckhVM3pUKWvYuxHPmn+cIGn9bnohrBlG2y4YNm1PkTvk
+pWozI8YGYsXVKMPEKD44FuYDZJUYExmV4craQaYcmVYW6/JwwGfcDN3YvG9hB30C
+dsMs9IBMQuhVl6Cg6ngecYq7e7+1LVWmoTQNOg7UAjKTKzyztIEfYznI5irprE+T
+vSptv7N3m9h6Jw2yRNnkuQ/MsCdb+zKieXdV2LbQY8eYxURHT01nIuJAmOAKD7yV
+RtdLNwvppxGo/Qf4GG1ZjVQR/J4jYhRkYs8NSV1BlcTT7NQD5i5pFWs/NhVmWMEC
+AwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNB
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU5+o1f7cxB1BbVCp8NffX
+QMqfsNowgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIw
+gY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMw
+EQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
+ZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAW
+BgNVHREEDzANggtsYXB0b3Atb3BwMzANBgkqhkiG9w0BAQsFAAOBgQBGTCJBsP42
+28Lml/xQ/3QmQg4fD9x2jOo8JLmy04/iWhlXuxXITun6BrhhHWXpRirGz1XFGoF6
+yw8uXWq8VXqo33oWYmp1nd4ZdQ1YKj2Swbx5UrjfGSSsY/2wzoxlEsUDyWLnFIXs
+OiBrkyXKN3tdOn2y8hTP5szeXqrVKaL8Bw==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/2A.pem b/OPP/openvpn/keys/2A.pem
new file mode 100644
index 0000000..e1daf52
--- /dev/null
+++ b/OPP/openvpn/keys/2A.pem
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 42 (0x2a)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Dec 11 23:42:21 2017 GMT
+            Not After : Dec 11 23:42:21 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-laptop-opp2/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:be:e2:3c:f6:9e:27:34:e6:b0:ad:39:90:d5:9d:
+                    d7:14:bb:30:5f:ff:97:90:f4:6d:a2:00:6e:6a:18:
+                    6e:da:09:e8:02:33:00:b3:1f:a1:e2:e2:82:de:5c:
+                    96:49:ac:48:d6:c4:44:ed:97:76:6b:8d:d7:ed:39:
+                    42:d7:da:5d:46:68:4a:a5:7f:d7:c3:df:a1:ef:8d:
+                    18:8f:2d:94:c4:b8:21:ec:03:e5:60:86:58:b9:26:
+                    f1:a9:27:d8:08:a0:c5:46:1c:f7:69:61:44:ba:59:
+                    1d:6b:b5:93:93:52:8c:77:3e:33:38:22:f1:02:20:
+                    22:96:fb:fe:08:db:80:5a:0a:9c:84:79:74:9c:ba:
+                    58:ba:13:91:ef:a9:0d:20:7b:24:ce:f7:65:78:87:
+                    ba:2c:13:db:f3:2a:43:b0:a5:6f:b7:ba:2b:be:32:
+                    a0:ce:6b:05:93:dd:82:f2:db:3e:44:51:69:a0:07:
+                    83:dc:75:e5:49:e6:b9:c7:50:d3:d3:72:de:12:7a:
+                    30:02:73:6a:8f:ad:3a:91:10:aa:2b:6b:19:fc:e2:
+                    9b:9c:85:14:8c:4d:2c:02:35:61:59:d4:48:74:c6:
+                    71:01:80:96:80:49:6f:2e:e8:d2:b4:d3:4c:86:6e:
+                    41:81:06:05:2a:33:7f:61:78:53:c6:d1:27:fd:ef:
+                    9f:df
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                9A:0A:4A:D8:6A:29:DC:4E:AB:96:B5:37:F0:D6:4B:52:76:91:85:70
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:laptop-opp2
+    Signature Algorithm: sha256WithRSAEncryption
+         6e:38:fe:df:26:b4:ca:9e:d9:7c:50:1b:8c:4f:a8:1a:ac:a4:
+         fd:e5:93:bc:66:f5:cd:12:1c:31:84:4e:8f:77:b3:dc:2d:a1:
+         e5:45:5f:d1:e9:fd:4c:42:60:e3:9b:a3:da:90:eb:30:a3:c6:
+         97:29:7d:04:34:cf:81:bf:d7:0f:54:e3:38:fe:21:e9:b0:ca:
+         37:ad:51:ac:26:31:71:19:09:a3:3d:8a:b3:04:a9:e1:a7:bb:
+         1c:9d:97:be:e5:f7:63:df:53:a9:07:84:23:e1:0c:87:f0:59:
+         58:bd:9e:1a:b5:4e:c0:6a:8d:a9:49:a5:29:ae:37:6e:4c:69:
+         20:d9
+-----BEGIN CERTIFICATE-----
+MIIElTCCA/6gAwIBAgIBKjANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MTIxMTIzNDIy
+MVoXDTM3MTIxMTIzNDIyMVowgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAyMRAw
+DgYDVQQpEwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL7iPPaeJzTmsK05kNWd1xS7
+MF//l5D0baIAbmoYbtoJ6AIzALMfoeLigt5clkmsSNbERO2XdmuN1+05QtfaXUZo
+SqV/18Pfoe+NGI8tlMS4IewD5WCGWLkm8akn2AigxUYc92lhRLpZHWu1k5NSjHc+
+Mzgi8QIgIpb7/gjbgFoKnIR5dJy6WLoTke+pDSB7JM73ZXiHuiwT2/MqQ7Clb7e6
+K74yoM5rBZPdgvLbPkRRaaAHg9x15UnmucdQ09Ny3hJ6MAJzao+tOpEQqitrGfzi
+m5yFFIxNLAI1YVnUSHTGcQGAloBJby7o0rTTTIZuQYEGBSozf2F4U8bRJ/3vn98C
+AwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNB
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmgpK2Gop3E6rlrU38NZL
+UnaRhXAwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIw
+gY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMw
+EQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
+ZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAW
+BgNVHREEDzANggtsYXB0b3Atb3BwMjANBgkqhkiG9w0BAQsFAAOBgQBuOP7fJrTK
+ntl8UBuMT6garKT95ZO8ZvXNEhwxhE6Pd7PcLaHlRV/R6f1MQmDjm6PakOswo8aX
+KX0ENM+Bv9cPVOM4/iHpsMo3rVGsJjFxGQmjPYqzBKnhp7scnZe+5fdj31OpB4Qj
+4QyH8FlYvZ4atU7Aao2pSaUprjduTGkg2Q==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/2B.pem b/OPP/openvpn/keys/2B.pem
new file mode 100644
index 0000000..03e172a
--- /dev/null
+++ b/OPP/openvpn/keys/2B.pem
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 43 (0x2b)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jan 15 14:41:55 2018 GMT
+            Not After : Jan 15 14:41:55 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-oezge/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b9:84:be:14:58:0d:4b:c1:ca:35:27:82:bf:0d:
+                    9f:f5:5c:8a:85:08:f9:c1:55:0b:d8:a1:0c:11:ce:
+                    30:20:dd:35:01:98:8b:98:d9:91:29:8c:6e:81:7f:
+                    28:94:60:e5:47:99:37:3d:19:8f:14:d9:7e:e9:d8:
+                    bf:16:4f:8d:d1:ae:3d:46:ce:b5:cb:36:b7:bc:70:
+                    b2:2d:48:b2:e7:24:76:7b:7f:6b:4f:7d:ba:11:b1:
+                    df:84:b8:c9:63:88:3d:8f:ec:b7:0e:f3:b3:e7:d5:
+                    65:f9:e6:b0:81:fa:23:fb:96:5e:f2:f9:92:f7:73:
+                    69:b0:2a:76:ca:7d:8f:be:10:62:b0:c2:d6:7f:c0:
+                    a5:d6:a4:0f:7c:47:9c:be:17:ec:50:fa:56:00:2c:
+                    0b:e6:31:d2:01:c6:69:9f:1a:77:cb:05:4e:7f:7e:
+                    2e:bc:88:76:e9:8f:c8:43:1a:9b:34:a7:df:d4:9e:
+                    52:4e:f8:77:10:b5:e5:1d:d9:f1:8d:3d:d5:4e:71:
+                    0a:4a:e3:c1:a4:2d:0d:50:5f:6d:a9:cb:60:f8:47:
+                    66:90:b8:a0:6e:8d:8e:eb:3f:88:eb:d2:f9:06:6d:
+                    05:ae:a0:fa:7b:04:ef:51:b1:3a:1e:5e:5f:3f:be:
+                    4d:e9:1c:c6:aa:6b:e4:05:63:2d:8c:ad:27:9f:ae:
+                    43:6d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                02:2E:C2:B5:17:63:A3:17:ED:D7:F0:71:67:BB:A4:B8:7A:25:C7:28
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:oezge
+    Signature Algorithm: sha256WithRSAEncryption
+         aa:6e:1a:e7:e4:7f:06:58:66:e7:eb:e5:7b:18:b2:b5:4e:2d:
+         08:4c:c9:aa:53:bc:5a:3b:b9:5b:4e:ab:b1:15:4c:cc:43:fb:
+         82:b4:81:db:22:41:fb:7d:80:f9:64:68:87:e0:f4:d2:8e:b1:
+         a6:2d:c4:21:1c:58:ab:45:c8:5e:ff:e1:00:5c:95:6b:6d:50:
+         86:74:98:db:c3:2a:48:f7:81:f4:fa:eb:f9:b6:28:ec:0b:e6:
+         d6:4a:6c:df:74:b6:1c:59:80:2d:55:32:f4:6d:b6:a4:09:85:
+         aa:fd:da:9e:e0:5b:01:ea:12:51:6d:e4:47:06:a7:0d:29:54:
+         89:0c
+-----BEGIN CERTIFICATE-----
+MIIEiTCCA/KgAwIBAgIBKzANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE4MDExNTE0NDE1
+NVoXDTM4MDExNTE0NDE1NVowgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLW9lemdlMRAwDgYDVQQp
+EwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALmEvhRYDUvByjUngr8Nn/VcioUI+cFV
+C9ihDBHOMCDdNQGYi5jZkSmMboF/KJRg5UeZNz0ZjxTZfunYvxZPjdGuPUbOtcs2
+t7xwsi1Isuckdnt/a099uhGx34S4yWOIPY/stw7zs+fVZfnmsIH6I/uWXvL5kvdz
+abAqdsp9j74QYrDC1n/ApdakD3xHnL4X7FD6VgAsC+Yx0gHGaZ8ad8sFTn9+LryI
+dumPyEMamzSn39SeUk74dxC15R3Z8Y091U5xCkrjwaQtDVBfbanLYPhHZpC4oG6N
+jus/iOvS+QZtBa6g+nsE71GxOh5eXz++Tekcxqpr5AVjLYytJ5+uQ20CAwEAAaOC
+AVgwggFUMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUAi7CtRdjoxft1/BxZ7ukuHolxygw
+gcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJ
+BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
+A1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQD
+EwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdE
+FItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
+CTAHggVvZXpnZTANBgkqhkiG9w0BAQsFAAOBgQCqbhrn5H8GWGbn6+V7GLK1Ti0I
+TMmqU7xaO7lbTquxFUzMQ/uCtIHbIkH7fYD5ZGiH4PTSjrGmLcQhHFirRche/+EA
+XJVrbVCGdJjbwypI94H0+uv5tijsC+bWSmzfdLYcWYAtVTL0bbakCYWq/dqe4FsB
+6hJRbeRHBqcNKVSJDA==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/2C.pem b/OPP/openvpn/keys/2C.pem
new file mode 100644
index 0000000..208b381
--- /dev/null
+++ b/OPP/openvpn/keys/2C.pem
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 44 (0x2c)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb 28 23:52:40 2018 GMT
+            Not After : Feb 28 23:52:40 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-jenny/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c3:18:ee:89:10:3b:ef:08:3b:b4:2c:35:75:76:
+                    ec:b3:89:79:e8:c8:cb:a3:ed:41:eb:01:fb:ce:a9:
+                    57:a3:20:0f:41:3a:b1:18:35:9d:f3:52:31:c7:cb:
+                    e1:82:c3:e6:a2:07:1a:ef:5f:23:6e:22:1b:ee:75:
+                    78:63:59:b7:09:e6:d7:5b:9a:7f:03:a6:9c:1d:8d:
+                    45:ec:ee:73:6b:b3:36:44:31:9a:56:b4:de:c4:8b:
+                    4c:6f:94:5a:cb:5f:2f:0c:e8:70:98:c2:7a:fe:16:
+                    55:bb:fb:f5:76:1d:a5:fb:db:4c:23:ab:2b:7c:bc:
+                    a8:d9:b7:7a:e2:77:f7:34:f5:df:a8:ff:eb:c8:6e:
+                    f0:61:29:db:d2:a0:df:f2:0d:f8:ce:7f:72:79:6c:
+                    5a:c9:cf:9c:3c:bb:e8:40:53:b2:12:cf:5c:7f:d7:
+                    80:84:3d:b2:ca:6e:4b:12:0f:dd:cd:f1:8c:ac:00:
+                    7a:79:12:df:26:4d:21:00:76:e7:6f:9f:3a:c7:00:
+                    a1:2f:1a:77:ea:68:18:ac:82:fb:c5:22:30:cc:98:
+                    02:23:89:bf:f9:33:c0:f4:a8:7d:5d:e7:73:10:5d:
+                    78:ad:99:01:79:f7:58:d3:67:77:1b:33:38:56:4d:
+                    79:a3:c3:e4:0e:13:f9:9a:83:b2:0b:ed:96:a9:98:
+                    f2:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                47:18:9B:D0:A8:9C:13:47:74:8E:41:24:28:3C:22:91:5E:71:A6:75
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:jenny
+    Signature Algorithm: sha256WithRSAEncryption
+         6c:ad:ca:2d:1d:19:8e:4c:ca:c6:09:3d:c5:43:67:7e:b4:42:
+         76:a0:0a:23:3e:49:c1:a6:6c:03:a2:96:d9:fd:cc:a7:70:2a:
+         c7:09:6f:36:59:e1:f5:51:aa:11:1e:35:f3:b4:8d:20:f0:70:
+         ab:02:3b:3e:8a:96:21:c0:57:2b:97:20:16:15:63:18:ac:d6:
+         a7:19:6c:cc:7c:ff:6f:b8:2f:b8:cc:0a:e8:8e:aa:39:a2:a4:
+         3c:f2:85:fd:8c:36:69:39:27:1f:3f:a2:14:79:77:4d:c6:02:
+         38:7f:91:73:9d:e0:fd:c1:69:c5:b1:24:bf:3d:cb:96:3e:93:
+         f2:5d
+-----BEGIN CERTIFICATE-----
+MIIEiTCCA/KgAwIBAgIBLDANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE4MDIyODIzNTI0
+MFoXDTM4MDIyODIzNTI0MFowgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWplbm55MRAwDgYDVQQp
+EwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMY7okQO+8IO7QsNXV27LOJeejIy6Pt
+QesB+86pV6MgD0E6sRg1nfNSMcfL4YLD5qIHGu9fI24iG+51eGNZtwnm11uafwOm
+nB2NRezuc2uzNkQxmla03sSLTG+UWstfLwzocJjCev4WVbv79XYdpfvbTCOrK3y8
+qNm3euJ39zT136j/68hu8GEp29Kg3/IN+M5/cnlsWsnPnDy76EBTshLPXH/XgIQ9
+sspuSxIP3c3xjKwAenkS3yZNIQB252+fOscAoS8ad+poGKyC+8UiMMyYAiOJv/kz
+wPSofV3ncxBdeK2ZAXn3WNNndxszOFZNeaPD5A4T+ZqDsgvtlqmY8tMCAwEAAaOC
+AVgwggFUMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQURxib0KicE0d0jkEkKDwikV5xpnUw
+gcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJ
+BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
+A1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQD
+EwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdE
+FItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
+CTAHggVqZW5ueTANBgkqhkiG9w0BAQsFAAOBgQBsrcotHRmOTMrGCT3FQ2d+tEJ2
+oAojPknBpmwDopbZ/cyncCrHCW82WeH1UaoRHjXztI0g8HCrAjs+ipYhwFcrlyAW
+FWMYrNanGWzMfP9vuC+4zArojqo5oqQ88oX9jDZpOScfP6IUeXdNxgI4f5FzneD9
+wWnFsSS/PcuWPpPyXQ==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/2D.pem b/OPP/openvpn/keys/2D.pem
new file mode 100644
index 0000000..4038f33
--- /dev/null
+++ b/OPP/openvpn/keys/2D.pem
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 45 (0x2d)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 28 11:16:20 2018 GMT
+            Not After : Mar 28 11:16:20 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-tine/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:e7:4a:26:94:7f:c4:18:df:f0:b0:c3:d7:48:b7:
+                    0a:9e:37:06:3e:47:d8:0d:6d:1b:54:9c:fb:80:40:
+                    88:08:1c:5b:5c:f5:51:6d:db:68:c4:a4:e3:bf:c6:
+                    a0:c2:d7:63:40:05:a7:cf:f4:10:77:09:31:92:41:
+                    5e:75:07:d9:4e:6c:a8:a2:c7:9f:4b:d0:47:09:88:
+                    10:f1:08:b6:11:cb:27:f3:6b:6c:bf:e5:2a:b0:61:
+                    bd:24:04:e8:38:0c:41:43:7a:51:87:99:a2:30:fe:
+                    d6:dd:95:ed:9f:f7:33:91:92:c5:92:d4:1c:68:48:
+                    3f:9e:c8:35:9f:2a:ee:b9:e2:4a:55:37:c3:2b:3e:
+                    04:78:2d:cd:7c:40:05:00:2e:29:92:85:8c:25:60:
+                    01:09:7c:52:7d:28:a7:3e:22:2d:c6:b4:15:69:14:
+                    cf:14:1c:ff:81:97:3b:f9:27:b6:c6:6a:7c:29:86:
+                    66:d2:86:6c:d7:41:68:e0:68:a3:d7:41:ec:25:72:
+                    85:8b:5f:b1:38:da:39:a4:35:93:58:f4:6e:a4:b2:
+                    f0:91:65:6a:01:ef:d4:fb:5f:7c:01:3f:42:6c:c9:
+                    17:13:24:55:2a:1d:c8:bc:43:29:60:89:c0:7e:c8:
+                    9b:85:1d:7e:8b:a4:43:fb:a4:14:0a:61:fa:75:a9:
+                    72:ef
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                98:C5:01:FE:AE:8E:99:A0:2E:62:EB:0E:8B:37:7B:5A:C5:13:AB:F8
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:tine
+    Signature Algorithm: sha256WithRSAEncryption
+         89:b4:4a:48:51:93:7b:94:72:49:80:d9:da:3b:39:0d:f4:7c:
+         bd:22:da:8a:d4:f7:9b:a7:3e:fd:c0:0c:5f:0d:e0:6e:c1:56:
+         91:2e:ec:58:39:db:20:84:d3:8e:d1:8a:6c:23:81:aa:fc:c5:
+         49:60:23:5c:de:d1:3d:2b:58:59:9d:95:82:76:e3:10:56:18:
+         b2:ac:11:9d:46:76:a1:00:24:6a:a6:f8:11:63:8a:df:cf:10:
+         cd:c1:da:94:91:23:7b:9f:6c:a8:be:74:1d:bb:a2:be:30:ac:
+         be:8a:16:c4:38:1f:f3:a0:35:69:da:01:4a:48:dc:59:20:d8:
+         4c:82
+-----BEGIN CERTIFICATE-----
+MIIEhzCCA/CgAwIBAgIBLTANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE4MDMyODExMTYy
+MFoXDTM4MDMyODExMTYyMFowgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLXRpbmUxEDAOBgNVBCkT
+B09QUC1WcG4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA50omlH/EGN/wsMPXSLcKnjcGPkfYDW0b
+VJz7gECICBxbXPVRbdtoxKTjv8agwtdjQAWnz/QQdwkxkkFedQfZTmyoosefS9BH
+CYgQ8Qi2Ecsn82tsv+UqsGG9JAToOAxBQ3pRh5miMP7W3ZXtn/czkZLFktQcaEg/
+nsg1nyruueJKVTfDKz4EeC3NfEAFAC4pkoWMJWABCXxSfSinPiItxrQVaRTPFBz/
+gZc7+Se2xmp8KYZm0oZs10Fo4Gij10HsJXKFi1+xONo5pDWTWPRupLLwkWVqAe/U
++198AT9CbMkXEyRVKh3IvEMpYInAfsibhR1+i6RD+6QUCmH6daly7wIDAQABo4IB
+VzCCAVMwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
+dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSYxQH+ro6ZoC5i6w6LN3taxROr+DCB
+xAYDVR0jBIG8MIG5gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMT
+Ck9QUC1WcG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QU
+i1Wj34gwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQI
+MAaCBHRpbmUwDQYJKoZIhvcNAQELBQADgYEAibRKSFGTe5RySYDZ2js5DfR8vSLa
+itT3m6c+/cAMXw3gbsFWkS7sWDnbIITTjtGKbCOBqvzFSWAjXN7RPStYWZ2Vgnbj
+EFYYsqwRnUZ2oQAkaqb4EWOK388QzcHalJEje59sqL50HbuivjCsvooWxDgf86A1
+adoBSkjcWSDYTII=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/amine.crt b/OPP/openvpn/keys/amine.crt
new file mode 100644
index 0000000..5ff8594
--- /dev/null
+++ b/OPP/openvpn/keys/amine.crt
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 39 (0x27)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Sep 17 22:15:42 2017 GMT
+            Not After : Sep 17 22:15:42 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-amine/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ce:c6:12:91:aa:6a:5f:86:c8:ab:f0:cb:34:1d:
+                    8f:f5:5e:78:ec:85:b0:d9:6b:1e:2a:c4:70:f5:57:
+                    cd:f0:fb:bc:22:1a:d9:b1:7b:92:a4:83:b0:b3:f7:
+                    96:29:a3:49:81:5c:37:03:85:45:60:70:0e:e3:71:
+                    58:c2:02:5a:19:a1:96:9d:78:69:46:b0:fa:b0:34:
+                    29:8a:56:12:81:7b:00:1e:75:38:e6:09:02:b3:46:
+                    1d:44:5e:c3:44:b5:a7:83:e4:42:c1:75:8f:ec:ee:
+                    0e:62:95:0b:c6:72:3c:20:b3:ff:41:d0:7f:04:e6:
+                    53:1e:d1:47:09:b0:cd:e8:fe:81:f8:9d:4c:e5:bc:
+                    68:32:45:ed:b4:74:c0:28:fa:60:2d:86:79:6a:eb:
+                    30:86:07:42:04:b1:0e:a5:3b:fd:74:42:0c:50:99:
+                    4a:e0:29:05:4f:5c:d5:c5:42:e0:98:7a:9e:e3:49:
+                    47:1d:26:6e:98:70:3e:ac:52:fd:04:e3:24:13:43:
+                    ec:a7:92:74:d2:58:8b:89:46:f0:33:ff:a3:f0:67:
+                    8e:b0:d5:45:0d:43:0c:40:09:86:c6:5d:cc:ad:45:
+                    9e:18:a1:83:12:4c:f8:38:4c:99:cf:90:8b:e1:f1:
+                    39:09:fc:0a:47:8c:71:a5:9b:7b:a1:53:8d:63:44:
+                    0c:2b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                95:F1:35:CE:66:8F:B1:48:2E:54:66:83:5C:FB:E8:3A:0F:F2:78:60
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:amine
+    Signature Algorithm: sha256WithRSAEncryption
+         05:c8:92:b4:40:e7:19:42:6f:43:71:86:59:be:43:9a:6d:45:
+         de:2e:e1:c6:3f:49:3b:62:b2:0d:c8:fc:6c:2c:8a:eb:d3:af:
+         51:46:41:64:ef:39:cd:d3:8f:79:2d:1d:d5:06:1d:81:dc:0c:
+         45:52:67:c0:68:03:15:75:eb:4a:6c:f8:83:97:86:00:8e:b4:
+         a9:ee:d7:45:32:41:23:29:da:d0:57:f7:15:52:98:5f:12:90:
+         2e:ea:ee:3c:34:70:f5:a0:be:02:fb:25:65:34:08:96:1b:84:
+         cb:3f:3c:2e:8b:7b:13:e0:d0:46:f7:0f:a0:16:bc:8d:62:03:
+         8d:3c
+-----BEGIN CERTIFICATE-----
+MIIEiTCCA/KgAwIBAgIBJzANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MDkxNzIyMTU0
+MloXDTM3MDkxNzIyMTU0MlowgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWFtaW5lMRAwDgYDVQQp
+EwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM7GEpGqal+GyKvwyzQdj/VeeOyFsNlr
+HirEcPVXzfD7vCIa2bF7kqSDsLP3limjSYFcNwOFRWBwDuNxWMICWhmhlp14aUaw
++rA0KYpWEoF7AB51OOYJArNGHURew0S1p4PkQsF1j+zuDmKVC8ZyPCCz/0HQfwTm
+Ux7RRwmwzej+gfidTOW8aDJF7bR0wCj6YC2GeWrrMIYHQgSxDqU7/XRCDFCZSuAp
+BU9c1cVC4Jh6nuNJRx0mbphwPqxS/QTjJBND7KeSdNJYi4lG8DP/o/BnjrDVRQ1D
+DEAJhsZdzK1FnhihgxJM+DhMmc+Qi+HxOQn8CkeMcaWbe6FTjWNEDCsCAwEAAaOC
+AVgwggFUMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUlfE1zmaPsUguVGaDXPvoOg/yeGAw
+gcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJ
+BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
+A1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQD
+EwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdE
+FItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
+CTAHggVhbWluZTANBgkqhkiG9w0BAQsFAAOBgQAFyJK0QOcZQm9DcYZZvkOabUXe
+LuHGP0k7YrINyPxsLIrr069RRkFk7znN0495LR3VBh2B3AxFUmfAaAMVdetKbPiD
+l4YAjrSp7tdFMkEjKdrQV/cVUphfEpAu6u48NHD1oL4C+yVlNAiWG4TLPzwui3sT
+4NBG9w+gFryNYgONPA==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/amine.csr b/OPP/openvpn/keys/amine.csr
new file mode 100644
index 0000000..fb3c8cd
--- /dev/null
+++ b/OPP/openvpn/keys/amine.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC6jCCAdICAQAwgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWFtaW5lMRAwDgYDVQQpEwdPUFAt
+VnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAM7GEpGqal+GyKvwyzQdj/VeeOyFsNlrHirEcPVX
+zfD7vCIa2bF7kqSDsLP3limjSYFcNwOFRWBwDuNxWMICWhmhlp14aUaw+rA0KYpW
+EoF7AB51OOYJArNGHURew0S1p4PkQsF1j+zuDmKVC8ZyPCCz/0HQfwTmUx7RRwmw
+zej+gfidTOW8aDJF7bR0wCj6YC2GeWrrMIYHQgSxDqU7/XRCDFCZSuApBU9c1cVC
+4Jh6nuNJRx0mbphwPqxS/QTjJBND7KeSdNJYi4lG8DP/o/BnjrDVRQ1DDEAJhsZd
+zK1FnhihgxJM+DhMmc+Qi+HxOQn8CkeMcaWbe6FTjWNEDCsCAwEAAaAAMA0GCSqG
+SIb3DQEBCwUAA4IBAQAxLIlusK5tXwlC8i+iQq1eMg3cfk9pFYCh6/zAeqUjw8nN
+hEqMnPKo8DRMChUTgbfd8XAr+JpW9zw+RhRODdn5/jaMrC5H4t2bxQPK/UHpibc1
+W5EwF8eM7Uj4TG6to42klUluUp7dfuBfDKyugQAUZx7AXd5XuoxvKvNPnKT9QGHx
+w+ZUlN70w4yFDkCB8wG3839kB96iw09TSY+4x0j6DAop/niSsK49opzmRyY4q3Tb
+mh7hPHF1143pKfyKKMorBPnx2Sw5MSvPssQ8VjQ9ej8KA4QSQ81G+d6QLrqMGlz4
+tS5sYq1Jl6iihu8z+kAOfyXMNHE/npnuDNOjXTcm
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/amine.key b/OPP/openvpn/keys/amine.key
new file mode 100644
index 0000000..bd91986
--- /dev/null
+++ b/OPP/openvpn/keys/amine.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI+yQZUfgv70YCAggA
+MBQGCCqGSIb3DQMHBAj0UZKdE6W8QASCBMjfRXpKKui3cAlNaQ3atz8dZefNEtLJ
+0Xt93g7q/W3+HvGWeMXyWT9cZUhYUxZwl3z8etJ8pPFGkHID9FrKqN5Wphd5RxWa
+boBWlb6EXY/WJb0uA53h9rOZVz+i8kLtavKYqRD+qfYv5Esdl0srzwMp1kquPnpE
+pCS2UB+0doz3Fd+861jp/ZJfyos+6n4c2LxTx/sLTRTfve9er0fiPMoS+1m+55DV
+zuUFW8vk/zmgjZInWB7Wd1lI39OyvS2GTnyGcpWO9utfcZVtPJHT4ZlH23ZgdDrc
+fxKD3GmXEkAR6k0lDkxI1LBDEqrjiyZTFbTfwIAhQ+ev8ixdkPnCne72E5aQd+HW
+OxZHXoeO9M7HKBqC/FunSNZqbuVpoOES7sPu0zc1+otAXCzsgs+E9Y/EMTkn82xE
+4vcuPTOIi0URhbnmi1OwgyfXblSo82C7NBNHBqQpUMclUCqVLPpFuOWeEIvyFjTL
+msDZX6iEXLAOPkVa+yeTBzm8OHknycQFx6QBrN2LvCKOQt5nqn9pm7SvqMwyzOgK
+R9zwxQm6DZcvOi37uBYgw+YCKu+SxgvSybTQOR/ttOfWwTsJz42qhJ27h+UshW7T
+0XYXUBzRtjI0Ag4ABIxVuIw2jE4YVPu4AW3vyA1lEf3TF3eAdwlpiB5iASyr0sAW
+3h6aUgtO57wyNB5qsu/VRLJfTRXN++yXXw3rgRw1wboU8iKAb07hCFYWY/mHTpQK
+2ug3UG5nEauUhRNFJNReaglVA51qcfXfHCFv3j1zesF50vUE0gILCVD6PJy6QgJ7
+nnA11dL2JLJiiLEgOX3/66g0MLJgC+viyRgViGnuIGUVQwMneX4LmQscA0vnlKo6
+8wfAIkwh53tIwfAeVqJCLr/RtBDZYcK+ct8kk12NE7mYh7tiYz6W3K9UyGxQamoG
+SChRkXJMVGSeLsmnxvn/SIPQR+t24VRMAfhLrkYtGSbMAaFSTfmRKe1q2gtOLaD8
+fhJgIW/SfjkAxXy9DfBZDSuJ9yu0cic4sAWYOW0QNOac8TLvSnKHnd/kospUlDlM
+NM1Q/zWwGtoQ950MXzj+UW60NFa7iukiFYvzJiFjyEFWo9q+rsmCSAWmxX/R5UMG
+gLYgXP0jvqbsKQkbReywUo4J5tZWK4GHg2wJgHghB4BdEy/0VFFZ5T4FzIgfMNqc
+f/AtxG99VLM6Prdq8O3WTR0bmIDykuAp4zLeyRMeifQCY8w0p3eilsKBJs/SkD2G
+MSXc3jBxZN4RD/ss29MDyZiPn+aDISvVyozGXqmoftUmVwpH6/z3HAdNUd8mySy5
+ivHuVynbOLWrTX+gaRE8tPucP0riQ1zi/+CcJw+NH0Q72GZVsoe+Ina4fDZbtWU9
+3uZNR7xNzHxVQifLB74tPie95LfrcF2w8L4SQhD4LrA7BbOjhSDuD0tnhyyC8/5e
+ACkCl4MC17BiG0cWC3dF4bCtEfTkVU8TlapVq5XMi+rfgBotx4hS3AhsinTgN4HE
+rMmBME0xKTwK9ybBnjFu4bn+5ZAgBORUMffeEafa1Uo3gNqCwXMpbd4gbfjWEz44
+rTqVdxoUsmC6Xl5H5kZybq3CiC5hbZvSBd+t3Dpat8jyYPxqWqGS3MaPoltpgDNS
+qTk=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/anne.crt b/OPP/openvpn/keys/anne.crt
new file mode 100644
index 0000000..fa49df3
--- /dev/null
+++ b/OPP/openvpn/keys/anne.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:10:25 2008 GMT
+            Not After : May 17 14:10:25 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-anne/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:a9:01:86:b4:76:7b:0e:42:cc:95:2c:97:8d:c8:
+                    5b:a2:7d:a0:8b:8e:06:97:e7:f3:48:5c:a4:90:1f:
+                    67:3e:ae:43:1d:c0:01:29:c9:f8:3d:b9:a4:42:d7:
+                    2a:18:53:64:22:3b:88:70:62:3b:7c:6f:e1:50:6e:
+                    86:6d:e1:31:13:f7:d3:42:20:d0:b2:83:fb:71:f3:
+                    72:a5:ae:b2:cd:3b:da:c2:61:eb:7f:e8:67:72:83:
+                    de:50:a3:ad:17:ad:e4:b8:a0:09:63:09:9d:8c:5b:
+                    47:a7:fb:9e:51:32:9a:95:2f:81:98:19:c1:94:46:
+                    f9:cd:78:99:41:fe:27:4b:fb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                16:84:EC:50:65:D5:87:51:13:EB:A5:5E:6A:00:8E:4D:1E:80:52:C4
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        35:b0:0a:3e:43:aa:72:39:8a:03:e6:77:36:f3:84:b1:18:dc:
+        b1:45:9c:f9:c6:b5:49:4c:51:ec:e2:ba:c7:39:0f:cd:f6:3f:
+        ed:c6:86:a3:3c:39:82:bb:cb:27:8b:b4:c7:f8:07:a3:ee:d2:
+        9a:8f:fa:34:81:de:a0:68:f0:b3:2b:6e:30:b2:96:5f:84:48:
+        21:25:2e:3a:69:36:49:4d:bc:40:98:5a:56:58:98:d3:22:94:
+        b6:13:33:c6:4b:3c:30:22:04:91:e4:1b:f9:f4:e1:ed:0d:d4:
+        32:05:e7:ab:b9:8b:b7:15:16:97:6d:2a:2a:f4:07:dc:54:be:
+        a4:26
+-----BEGIN CERTIFICATE-----
+MIIDrDCCAxWgAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTAy
+NVoXDTE4MDUxNzE0MTAyNVowgYAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEV
+MBMGA1UEAxMMT1BQLVZwbi1hbm5lMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqQGGtHZ7DkLMlSyXjchb
+on2gi44Gl+fzSFykkB9nPq5DHcABKcn4PbmkQtcqGFNkIjuIcGI7fG/hUG6GbeEx
+E/fTQiDQsoP7cfNypa6yzTvawmHrf+hncoPeUKOtF63kuKAJYwmdjFtHp/ueUTKa
+lS+BmBnBlEb5zXiZQf4nS/sCAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBQWhOxQZdWHURPrpV5qAI5NHoBSxDCBxAYDVR0jBIG8MIG5gBThTcNr9HyBexay
+zG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxp
+bjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5l
+dHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQADgYEA
+NbAKPkOqcjmKA+Z3NvOEsRjcsUWc+ca1SUxR7OK6xzkPzfY/7caGozw5grvLJ4u0
+x/gHo+7Smo/6NIHeoGjwsytuMLKWX4RIISUuOmk2SU28QJhaVliY0yKUthMzxks8
+MCIEkeQb+fTh7Q3UMgXnq7mLtxUWl20qKvQH3FS+pCY=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/anne.csr b/OPP/openvpn/keys/anne.csr
new file mode 100644
index 0000000..300ad04
--- /dev/null
+++ b/OPP/openvpn/keys/anne.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0jCCATsCAQAwgZExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLWFubmUxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpAYa0
+dnsOQsyVLJeNyFuifaCLjgaX5/NIXKSQH2c+rkMdwAEpyfg9uaRC1yoYU2QiO4hw
+Yjt8b+FQboZt4TET99NCINCyg/tx83KlrrLNO9rCYet/6Gdyg95Qo60XreS4oAlj
+CZ2MW0en+55RMpqVL4GYGcGURvnNeJlB/idL+wIDAQABoAAwDQYJKoZIhvcNAQEF
+BQADgYEAK+pjp5tR8qIEVHj+mMhh+jcODXLXK+7Voq0tzAJovO7nBgGs+TJR8jmo
+69j2n05y9Jvi1ngqilPwz1GlFQodswudJTxAkFGcg4Q17uM2U2pPQxUaHwYMgqbT
+KARwZi0LKdhIUVvWzGCL6mooTC98boJDKn4JBbvRmYajGNyduy4=
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/anne.key b/OPP/openvpn/keys/anne.key
new file mode 100644
index 0000000..1165fc5
--- /dev/null
+++ b/OPP/openvpn/keys/anne.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B3FEC89B047C3426
+
+QLsWJi2vFaMH/vHv3GR4wSrk0I8DU8JYDVnVgaK0tPxZqiixBL7kk0bFooL0ZLsb
+hSnGz3PJJRxm916zI4W1yYJfv9CWl7l+m3f+gEY3uLdFnyMbJ49P/Z+l03rUZs+u
+wRG2TzzFVTjA2EU6xwGSO0rN0eIBlomFkBXh161FDn77hcluWRjeNc1IrsVFAc3y
+yECdvOR4/H4nIIWk6a/o6k9BTprJ4NBHihsNpuMwass6EltgyhosSJsfIS1ye4KO
+S1Sp5mhLMAz1wEOifHf4bA/QUtn9IJLYMICeqyaSuOrkvSY33jTLjyrFyWjYcV+1
+1A5XmyWmyvDinL7QchTOEfBQfcEUjFAb/oVPz8qQbceNIGMGllT9IeS6NcaFC5op
+hNE5p97FHqZ8ud6Dqg/3sILW0MlPT2JTvN2oD+7rWgNVYxLXUN/90/APJ2BYzpuu
+b8KzaK8eVp2b2w4+NUTn2fBIV2+YwWlbFiALIWzz/LbbJQ0aQj0qMUNAoB/UnVA+
+eTNWbgA55no6AaEBmX6Kdroj0Ga0jjVylxtePFbyANA6+5/N06FqadQHwqzHjQaG
+9w+6FASXFpLl7ZguYFaF7DAwHz1CsgF88Bue0NXumZ64ebBCe35n/M/2ukTHPoKG
+Gb3Bc82krImLOVHq0/bwfGRU9u1FvBGP/JhPdZRtkSzVI5lRGSoo99Z9bsaZNut4
+BsNAn/Wj5DmHjfUDkgaIG45clNbjenasl880wnISyG4aMA7LP25wCqoYUPM6GNWb
+Zf3UECm1rLeKWNAurl8lS8KDJ38FDWFREhD5t6Z79yc=
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/antje.crt b/OPP/openvpn/keys/antje.crt
new file mode 100644
index 0000000..5fc1507
--- /dev/null
+++ b/OPP/openvpn/keys/antje.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:11:07 2008 GMT
+            Not After : May 17 14:11:07 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-antje/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d9:af:d5:10:fd:3d:66:4a:1f:86:43:3a:eb:9d:
+                    c3:3d:eb:9a:fd:c9:ac:76:79:b4:8b:62:3a:b0:22:
+                    92:70:ef:dc:b4:90:08:af:0e:69:c1:e1:41:42:f1:
+                    5a:9a:34:28:c1:4b:73:9f:cb:48:8d:e8:4e:fc:ae:
+                    98:aa:87:7a:a0:09:77:6c:d2:db:51:f9:0b:a1:93:
+                    37:57:4d:71:ed:5a:07:2b:0e:29:6c:c1:2c:79:e7:
+                    82:6c:f2:49:fd:1f:44:18:df:07:3b:4a:9e:53:49:
+                    b7:29:1c:17:ed:28:0a:72:64:3e:3d:98:ab:ce:0b:
+                    99:19:a4:36:7d:12:dd:6a:af
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                DD:6A:35:36:EE:4B:F6:AE:4C:80:30:12:74:49:60:87:44:FA:09:D6
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        ad:af:8f:8a:fa:30:43:ce:95:ff:9d:39:65:a9:da:1e:49:dc:
+        df:10:63:4a:76:74:5f:46:e6:2a:e6:be:ca:de:99:1a:84:07:
+        53:f4:ec:1b:27:ae:3d:f5:21:b5:9c:27:5f:18:f8:3b:fa:39:
+        6c:3a:d8:2a:01:2d:61:22:a1:36:4e:21:0a:48:e1:46:57:98:
+        43:fa:f6:b1:6a:32:75:5a:b6:15:f6:3e:5b:61:8d:73:de:ff:
+        cd:3c:90:8a:ca:41:88:55:97:eb:e8:92:d8:89:96:34:99:9f:
+        eb:e7:4e:37:01:3d:33:dd:32:17:c6:d2:0c:1d:9e:ee:72:37:
+        a6:85
+-----BEGIN CERTIFICATE-----
+MIIDrTCCAxagAwIBAgIBBTANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTEw
+N1oXDTE4MDUxNzE0MTEwN1owgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
+MBQGA1UEAxMNT1BQLVZwbi1hbnRqZTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANmv1RD9PWZKH4ZDOuud
+wz3rmv3JrHZ5tItiOrAiknDv3LSQCK8OacHhQULxWpo0KMFLc5/LSI3oTvyumKqH
+eqAJd2zS21H5C6GTN1dNce1aBysOKWzBLHnngmzySf0fRBjfBztKnlNJtykcF+0o
+CnJkPj2Yq84LmRmkNn0S3WqvAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQU3Wo1Nu5L9q5MgDASdElgh0T6CdYwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
+ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
+AK2vj4r6MEPOlf+dOWWp2h5J3N8QY0p2dF9G5irmvsremRqEB1P07Bsnrj31IbWc
+J18Y+Dv6OWw62CoBLWEioTZOIQpI4UZXmEP69rFqMnVathX2PlthjXPe/808kIrK
+QYhVl+voktiJljSZn+vnTjcBPTPdMhfG0gwdnu5yN6aF
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/antje.csr b/OPP/openvpn/keys/antje.csr
new file mode 100644
index 0000000..17929cf
--- /dev/null
+++ b/OPP/openvpn/keys/antje.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0zCCATwCAQAwgZIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWFudGplMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2a/V
+EP09ZkofhkM6653DPeua/cmsdnm0i2I6sCKScO/ctJAIrw5pweFBQvFamjQowUtz
+n8tIjehO/K6Yqod6oAl3bNLbUfkLoZM3V01x7VoHKw4pbMEseeeCbPJJ/R9EGN8H
+O0qeU0m3KRwX7SgKcmQ+PZirzguZGaQ2fRLdaq8CAwEAAaAAMA0GCSqGSIb3DQEB
+BQUAA4GBANkrpebbxvWh1knqDG5qeviI95fbDpfrCl4bcnOz+kTKu6VQBvcfEJQQ
+xo744kJ2bDPUva5HiWXJJie0Azpne1dU8NIbpGNHBO4BF/5NIajHBVkqfS73Q4ZS
+4233XPEyOPuEJE09BiYPofwBVlmjf6hyXKu17y4PIwsQ9nXC/l0B
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/antje.key b/OPP/openvpn/keys/antje.key
new file mode 100644
index 0000000..72b5564
--- /dev/null
+++ b/OPP/openvpn/keys/antje.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,39F6C18D5220C804
+
+vaXG+foaU+M53VFizjVTtWoqAC8tdLwQse7gpz70vfK+JAWq3MWE0zUpCYUsdVls
+vi4vNz9bLHWZqiHakkRq2oehck1n1cPc+ESJylzECqfcuv6yOu3x2yFBWk8BkK1j
+CUAOEJcyBSktY0aeaWrQAvl1AfT6VkZpSelCitXCkNTz/4nr/wMdrPDiGYM+nP5q
+Tu4BazcMNgx9OVHucuWBORPQQ9Z+GIFCg74OQuEfYccHxzLrOwEhfvz722/tTI1P
+m2MiKY82RaX7v1qpmRh7KKXN2a+NgZwq1xAB8dOpSsOmFBi2Oc9FFk/sYeaqLN5X
+54ZuChKwpT5KbbHp5tTnv1/rWZWB+IXWr9eB14wCH8SZj031M9F5ZTfzvC1OHbxn
+Pn3i5Y5tJUO5dlKDBH/lAsw8BnithS31KgN7FrOtJITFF8lS7RHKYIrZRmOjF2Na
+K4duo0jiwTvgNp7AxAFp8yF112vbHQchvwZgoz5oneV/mcH2JByD3om7260wy3Kd
+hv3/H9dXQuNBokEXv1tDM0/LWc3yGcwrlEIUCOH3c5RhcsawhUKopZAO2mB7SwWz
+ed4yu9ZVIl8rxe4ZYAPuPA9LNICv93gIoSm2vDmbnLKXXjSMVyrrGYJQTtb1FO8i
+mkecW5Mt4fys7EM8xQyzOMDhuzCc3kUqbjC1ShfqRrNgKiR5rKafGgQX0Ao0qBeX
+2P9BnmBqeSMY73S3x7jvJuSQMSx2nLcgPwyNILHhMkQ6ZkeLBbiMikD49cqBZTKb
+/maIhBDOSHyuScD4gdXhwQs9Pnty5K3+oTsrYFSEqKe8nNRXvXSd5Q==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/ausstellung.crt b/OPP/openvpn/keys/ausstellung.crt
new file mode 100644
index 0000000..980c016
--- /dev/null
+++ b/OPP/openvpn/keys/ausstellung.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 15 (0xf)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov  4 11:59:44 2008 GMT
+            Not After : Nov  2 11:59:44 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ausstellung/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:af:cc:6f:d9:4b:11:29:17:6c:44:9c:39:8d:99:
+                    65:fc:1e:8d:84:72:62:68:2c:e0:13:89:4f:60:82:
+                    4a:77:40:49:7c:31:84:11:60:83:07:97:4f:a1:49:
+                    56:a4:d4:b0:af:97:93:a7:a0:5e:97:b5:81:0e:fa:
+                    37:00:41:29:77:f8:35:22:65:85:da:ac:af:72:c2:
+                    01:25:31:5f:3d:53:d0:bb:84:33:00:ad:b2:31:0e:
+                    f2:f3:2f:8b:63:ba:a1:f4:16:0b:e2:f0:60:e8:53:
+                    32:f0:80:14:b9:53:7e:4b:ee:f4:f1:e8:31:44:ba:
+                    6b:d3:9c:18:c0:67:5b:80:5b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                12:DD:3C:18:90:7F:33:F6:DA:97:DC:56:27:89:FA:29:67:03:74:F7
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        72:82:37:cd:78:d7:77:98:aa:5b:e8:64:77:0c:48:8e:c4:fc:
+        a0:1b:5d:ef:c6:c2:32:2b:74:5d:de:9b:f7:69:8e:46:d1:e2:
+        18:df:eb:d0:2f:2c:50:d2:d4:c6:87:39:df:be:c3:7c:f1:5e:
+        93:c6:92:8d:df:e9:ec:17:0a:02:f7:80:08:f0:3b:b3:0e:c2:
+        22:2d:24:d5:07:d5:d4:45:68:35:82:ad:46:b5:41:56:65:0a:
+        a7:3f:06:4d:72:33:db:0c:14:fa:3d:4e:ad:1f:6e:3b:51:6a:
+        51:ff:b3:6a:62:64:48:95:5e:0b:ee:28:91:56:63:64:51:9d:
+        56:be
+-----BEGIN CERTIFICATE-----
+MIIDszCCAxygAwIBAgIBDzANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MTEwNDExNTk0
+NFoXDTE4MTEwMjExNTk0NFowgYcxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEc
+MBoGA1UEAxMTT1BQLVZwbi1hdXNzdGVsbHVuZzEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK/Mb9lLESkX
+bEScOY2ZZfwejYRyYmgs4BOJT2CCSndASXwxhBFggweXT6FJVqTUsK+Xk6egXpe1
+gQ76NwBBKXf4NSJlhdqsr3LCASUxXz1T0LuEMwCtsjEO8vMvi2O6ofQWC+LwYOhT
+MvCAFLlTfkvu9PHoMUS6a9OcGMBnW4BbAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAA
+MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUEt08GJB/M/bal9xWJ4n6KWcDdPcwgcQGA1UdIwSBvDCBuYAU4U3D
+a/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJ
+KoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEB
+BAUAA4GBAHKCN81413eYqlvoZHcMSI7E/KAbXe/GwjIrdF3em/dpjkbR4hjf69Av
+LFDS1MaHOd++w3zxXpPGko3f6ewXCgL3gAjwO7MOwiItJNUH1dRFaDWCrUa1QVZl
+Cqc/Bk1yM9sMFPo9Tq0fbjtRalH/s2piZEiVXgvuKJFWY2RRnVa+
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/ausstellung.csr b/OPP/openvpn/keys/ausstellung.csr
new file mode 100644
index 0000000..0623c71
--- /dev/null
+++ b/OPP/openvpn/keys/ausstellung.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB2TCCAUICAQAwgZgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWF1c3N0ZWxsdW5nMR0wGwYJKoZI
+hvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAr8xv2UsRKRdsRJw5jZll/B6NhHJiaCzgE4lPYIJKd0BJfDGEEWCDB5dPoUlW
+pNSwr5eTp6Bel7WBDvo3AEEpd/g1ImWF2qyvcsIBJTFfPVPQu4QzAK2yMQ7y8y+L
+Y7qh9BYL4vBg6FMy8IAUuVN+S+708egxRLpr05wYwGdbgFsCAwEAAaAAMA0GCSqG
+SIb3DQEBBQUAA4GBAI9wVHHXxLZbdstB0KjlSlLrO2ej7kZn5Em/VE05nbIpk8vS
+v6rINZvpIilExB61l/2OAe7cO15wzEnwlKLIkFexpEPa4i2nxY9Mkjo6/jrUEGnR
+h50J8hd68+n7xydfG36YKJvaYuF7QgkKB2BKCFatMgRrlGM+/h9KBNgesW2O
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/ausstellung.key b/OPP/openvpn/keys/ausstellung.key
new file mode 100644
index 0000000..2bb1990
--- /dev/null
+++ b/OPP/openvpn/keys/ausstellung.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,F06FC954FB4F35C5
+
+QBlI7RrwxH6hRyPBAaqLY8R9HlHKovRdRdPXlErfTJu683BGJNbesXnehC/Lu6EX
+XqGT9UuQJKhMkbrN6APwySRCK4qKXUXjEyDFK6poGimqW+2ZnjFaBNMGxmb0iKOW
+exYjmqBwDN92mAUDfX/aqmG4phbtECUCf5NCap0J9/nV8ym8V/wVEGHrtkTaRWox
+4DpH9WuFhw4txXRrg0oSLkuXkIO12A0l+ov3XMGdnM3tB7NJyxCRYm6sYxGhgbKR
+HXVERdnaqoLP+KWEeqB+kKoZzqwNJjZyN57sIEMIWEjYj7gJu4XFuKpvPYlRUsmo
+ZCyrlBb14cN78R/qYaHPL/GZ1+XT9JjtT95UhF90zcjkKXO+n9TOQBM5NzR5xPDm
+GWvEn4a0m1ouULtXJcAje8qIlwLHenAteys4YOS/w8hMuswNdUq1tl8SUgt2Ef7/
+o8xdbGjUHn+X8RR0Gn/DR66NIdKlVQjJShhJPUY8X5jOd85tnJoZuU5p+AEeiIH1
+zKrCQAfHBOmZ3BEQtbtbvBG2yFpoapwTOjfE0WqUKGYrGw5srgR45DviAnaoKlai
+s6HrGPL4IYULND6bojlMRce8nj2sXvbGH3BYVo7sqkvOjzjIGdsFmgVvhhuEjjfT
+4BPzbwqGUPMmoJnRHz4BtpY77zHKyTvgakSF/MATJnrTQTCnJcZtLexxS7KsP+Lg
+tSDjhXIBwU+C+UhFg2t2pouPK6Kt8WGwm1H/Lc78latvJL1Inri9Y+ODXwb5JFMS
+XX5Hs6wy29SlS/pRPOnal+fM0Xg4xd6fLvcS79C2CY4=
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/beate.crt b/OPP/openvpn/keys/beate.crt
new file mode 100644
index 0000000..c76e46b
--- /dev/null
+++ b/OPP/openvpn/keys/beate.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 26 (0x1a)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr  4 00:01:13 2013 GMT
+            Not After : Apr  2 00:01:13 2023 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-beate/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d7:49:86:90:70:f0:10:50:69:a7:cd:a0:a5:8e:
+                    e9:c3:92:1b:8f:ad:90:2c:66:04:65:3b:15:ea:2e:
+                    a5:cf:0d:18:06:f3:01:cc:db:9c:13:6a:c9:89:68:
+                    a6:f6:ef:9d:b6:9e:8d:24:c3:cd:ba:8b:55:be:99:
+                    3e:21:b8:73:a0:b2:18:71:5b:8a:7f:5f:91:b4:5f:
+                    b1:81:2a:17:18:88:3d:be:41:53:b6:92:3e:4c:06:
+                    d7:dc:ec:68:70:12:82:0d:81:66:bf:c1:88:37:1e:
+                    da:fb:02:aa:f3:9f:77:5b:c8:31:44:d9:10:89:2d:
+                    d2:4c:1d:9c:6f:fa:45:f9:43
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                5C:22:3B:90:D8:EF:5D:D2:8C:16:A1:9A:CD:82:EE:26:ED:93:C8:EA
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        66:86:dd:6c:b5:31:25:5e:56:3d:a7:7c:f7:27:11:8e:66:97:
+        b4:ef:80:1b:6a:7f:89:98:9c:46:b7:82:87:ce:45:0d:39:ee:
+        89:54:08:25:d3:5d:32:02:03:d0:6e:3b:f8:ce:a1:40:27:d6:
+        3f:b4:6c:4e:75:60:0d:aa:c0:78:c3:db:40:c9:7f:89:93:b9:
+        d5:a6:fb:7b:f9:53:6f:bb:00:a7:13:d1:ef:5a:fe:ec:91:d5:
+        6e:4f:2e:db:3e:79:83:f9:4e:5c:a0:a0:b2:44:41:50:a3:2f:
+        5a:6f:5c:cd:a0:13:6f:e4:07:3c:a6:8a:1c:bd:3c:95:70:73:
+        22:06
+-----BEGIN CERTIFICATE-----
+MIIDrTCCAxagAwIBAgIBGjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEzMDQwNDAwMDEx
+M1oXDTIzMDQwMjAwMDExM1owgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
+MBQGA1UEAxMNT1BQLVZwbi1iZWF0ZTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANdJhpBw8BBQaafNoKWO
+6cOSG4+tkCxmBGU7Feoupc8NGAbzAczbnBNqyYlopvbvnbaejSTDzbqLVb6ZPiG4
+c6CyGHFbin9fkbRfsYEqFxiIPb5BU7aSPkwG19zsaHASgg2BZr/BiDce2vsCqvOf
+d1vIMUTZEIkt0kwdnG/6RflDAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUXCI7kNjvXdKMFqGazYLuJu2TyOowgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
+ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
+AGaG3Wy1MSVeVj2nfPcnEY5ml7TvgBtqf4mYnEa3gofORQ057olUCCXTXTICA9Bu
+O/jOoUAn1j+0bE51YA2qwHjD20DJf4mTudWm+3v5U2+7AKcT0e9a/uyR1W5PLts+
+eYP5TlygoLJEQVCjL1pvXM2gE2/kBzymihy9PJVwcyIG
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/beate.csr b/OPP/openvpn/keys/beate.csr
new file mode 100644
index 0000000..dc746a4
--- /dev/null
+++ b/OPP/openvpn/keys/beate.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0zCCATwCAQAwgZIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWJlYXRlMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA10mG
+kHDwEFBpp82gpY7pw5Ibj62QLGYEZTsV6i6lzw0YBvMBzNucE2rJiWim9u+dtp6N
+JMPNuotVvpk+IbhzoLIYcVuKf1+RtF+xgSoXGIg9vkFTtpI+TAbX3OxocBKCDYFm
+v8GINx7a+wKq8593W8gxRNkQiS3STB2cb/pF+UMCAwEAAaAAMA0GCSqGSIb3DQEB
+BQUAA4GBAIDpsGOnI8FL14jEFKZRG2GLoYL9IQVh1nSdX20uPevvINXa03xcedKY
+Fd2NoBvMWwPcozKG0Jy9YWYp2m5XQRzsW3vnjiH/AlVd1CWbpQP/D7EMdfbNBA8f
+nQ6nSdtDTjF0l10afl5XKuLXVDWWZ9uRA8f1PjSSGdRJXRjjXubM
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/beate.key b/OPP/openvpn/keys/beate.key
new file mode 100644
index 0000000..7a5fa7b
--- /dev/null
+++ b/OPP/openvpn/keys/beate.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,A3AA9DB788221FCA
+
++b7fiuugLaOnRoPgmGAjQpZEGgez3nsyUlCOUuPwwxB1TsfN41fM7Cxhjk2wS1tS
+ZtOTQTRyw6JKw/gcRzPtWs70Pn7Y0LoHh1L7cUZeqzZUn2io3uBsSi8xvPwScE2c
+nN8M+vKAzC4ZU5Cq23tn0g8EcwkvWX3nQlXA9awsznVKtnGkZO8vTeaJjtXt6+pc
+XcFKdeEe/vd3Xgmfzz1Vja3yENwAVM4cw00gN2A9tMiDjqWnBvVxob13Y7+4gQsx
+NbR4A5yb1kkfo9vHUCs2vBcGbneainThwS5VFbSXjo9KC5Us2U3mKApAzGYbvF5P
+BF0ukV/FjFt5pfLONV3cdgcGf4vxDTulmpsv4J/VB5FuZ6y1Yu2MTzCZeJu1oAKt
+kLNCZD7+DndvhY1qmEzwqHFvWDjbVgHmvGpsmdCgEaBWlD/XgWgALpta8eB00yqh
+CO4q24R166qYFO2E7cuqJxJ9DlI52Bp0WsMJPnFTR2H6EQgaDgT1Hb8b1N1ixSAH
+5QqsBd7YC+Jt8FXL+CfUsM4xtq9BD/nAUO+lKIyfcZEYQSCVV2dgXpDd3c2OCK6O
+lkQoQIMSOsjUPUMrmGUL6KKaahoBdjX4B+dQaLdxkJgRfggnOQ/js5F404scakmR
+9AUGdxqukyyg1+91clrm/Cv+NLz0ohcUonHN94N1qc/QroW5meZPdjBz9mF1bMqw
+TPwaxG4YkZ3isSiJ4ramXCpDe5yyI8Vm+svYK5YpDZBaoB9bGurIhKYuJ0e3g1zc
+ywOfPfQTpTlClSnHEnutMXv9CGOabz3Jucw6/MPhmS8Lej5v/q+oKg==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/ca.crt b/OPP/openvpn/keys/ca.crt
new file mode 100644
index 0000000..591236e
--- /dev/null
+++ b/OPP/openvpn/keys/ca.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
+T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
+NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
+BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
+BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
+BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
+75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
+MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
+gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
+nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
+JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
+Y/hjEv3y78V8QA==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/ca.key b/OPP/openvpn/keys/ca.key
new file mode 100644
index 0000000..4b7c519
--- /dev/null
+++ b/OPP/openvpn/keys/ca.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX
+6guVBAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2
+fXVg75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQAB
+AoGBALK53nbFvWEoLKEgEcw8FnySbd1JKIA3fWIOSOd7jwZpvjAkFjTb5Z9+3g1W
+7xYn57VHfDu3T0aKN5gEO6/xDDOF/pr+gWnzLVEijfpZ001R5HTpuvzpM2TaLIvL
+hymwN1nF/BJchcFLzPCqW/1EuL3KaxRgbrnsbWBX0HezSJyBAkEA8NSqyhb2VmGz
+yntX6mtrufGSPR0GVQUeOGZbladMSyj9fDu7MM1WKZibtBBpT4GItlXqqMRDOnxT
+5Z5FoBi8SwJBAMCxAcuKuoNAbtBTn64Q9mUruqG57M4zqugLn7dewfFlQWZFlhoq
+eVRmnlu3XNmwUCzQhp640YA+5Trg4mFNpskCQB38XMeM1F8tCxXLBcdKWL9uNKcn
+VgKAAKNFG2Im0nkJQYaWaVhKONA1EC37XSFpH3yUdgNNbJF7qXaNnl2wtsECQEBl
+Z2IslLR0fhQlPkIf7RhWiuKtjhRDdCRkbhYMFuijnD2fl9BazX2FZfrkxqUBpWm0
+rqiwv2MKofURXtaB6vECQQCQZoV/IOd7dU4daESVdQsQTJ21JJu6utJYcqt9uvaw
+VeVDfrun2Kjacxq3zUqfDkjvfpGj84kAOTckDQEn9mlj
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/chris.crt b/OPP/openvpn/keys/chris.crt
new file mode 100644
index 0000000..316a1a6
--- /dev/null
+++ b/OPP/openvpn/keys/chris.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 13:19:10 2008 GMT
+            Not After : May 17 13:19:10 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-chris/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:a6:7c:7a:2e:0e:b0:df:ea:02:43:e9:8a:95:ec:
+                    33:d2:a9:ba:28:6a:36:2f:66:d5:dc:d3:d4:b1:00:
+                    33:18:3c:d1:a0:4d:cc:a5:c7:22:07:85:0f:3a:7d:
+                    e0:20:2a:0d:17:4a:10:73:c6:2c:34:7e:ac:1f:8b:
+                    1c:6e:31:1b:3b:f1:ee:f4:6a:31:e9:5a:3d:31:4f:
+                    5b:ba:8e:b8:c7:a0:63:23:b3:7e:4a:c8:cf:3c:6e:
+                    4f:35:74:96:88:94:36:6d:57:aa:9f:a0:71:6d:96:
+                    2d:19:12:66:bc:eb:c5:79:92:0a:2f:2e:c0:37:92:
+                    72:e0:6f:60:68:dd:7b:e1:9f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                34:12:B0:EE:3B:AB:8F:D7:D1:6C:EC:39:A6:8E:12:2A:EE:02:0D:0B
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        06:48:c1:75:ac:13:02:30:6e:de:11:8f:8e:44:05:59:76:d8:
+        9c:23:57:e7:53:97:2a:c5:a1:8e:11:3c:c0:28:57:c8:7d:d9:
+        49:ab:87:ff:fe:72:eb:cc:57:33:d3:87:0a:c6:53:37:23:16:
+        51:4d:2a:b9:b9:53:69:04:99:f1:bd:9e:18:15:88:2b:ea:2a:
+        8d:7a:6a:3e:65:9c:5e:c7:fa:74:e5:b5:e1:5a:fd:76:30:f3:
+        5e:10:f9:12:a2:ac:30:2c:ac:97:f0:54:c3:9f:64:01:2c:0c:
+        47:6b:fc:b9:ac:72:e8:7d:64:fa:61:7a:3e:6b:64:84:71:9c:
+        21:41
+-----BEGIN CERTIFICATE-----
+MIIDrTCCAxagAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTEzMTkx
+MFoXDTE4MDUxNzEzMTkxMFowgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
+MBQGA1UEAxMNT1BQLVZwbi1jaHJpczEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKZ8ei4OsN/qAkPpipXs
+M9KpuihqNi9m1dzT1LEAMxg80aBNzKXHIgeFDzp94CAqDRdKEHPGLDR+rB+LHG4x
+Gzvx7vRqMelaPTFPW7qOuMegYyOzfkrIzzxuTzV0loiUNm1Xqp+gcW2WLRkSZrzr
+xXmSCi8uwDeScuBvYGjde+GfAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUNBKw7jurj9fRbOw5po4SKu4CDQswgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
+ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
+AAZIwXWsEwIwbt4Rj45EBVl22JwjV+dTlyrFoY4RPMAoV8h92Umrh//+cuvMVzPT
+hwrGUzcjFlFNKrm5U2kEmfG9nhgViCvqKo16aj5lnF7H+nTlteFa/XYw814Q+RKi
+rDAsrJfwVMOfZAEsDEdr/Lmscuh9ZPphej5rZIRxnCFB
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/chris.csr b/OPP/openvpn/keys/chris.csr
new file mode 100644
index 0000000..341d1ad
--- /dev/null
+++ b/OPP/openvpn/keys/chris.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0zCCATwCAQAwgZIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWNocmlzMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApnx6
+Lg6w3+oCQ+mKlewz0qm6KGo2L2bV3NPUsQAzGDzRoE3MpcciB4UPOn3gICoNF0oQ
+c8YsNH6sH4scbjEbO/Hu9Gox6Vo9MU9buo64x6BjI7N+SsjPPG5PNXSWiJQ2bVeq
+n6BxbZYtGRJmvOvFeZIKLy7AN5Jy4G9gaN174Z8CAwEAAaAAMA0GCSqGSIb3DQEB
+BQUAA4GBADQsM9S4BUYqdX3+i2V0ldkCDZ/GbpkxEit13uutXqrhbAhpZj4dwQbf
+/Zzk0AWdRX07VVzAZ5Ppv5FakUd/k2RQz93ARakY3U/jZuf4pO5YYZ2gLtISpK7r
+aadCbYiwTOuAXCOrOinHz9WGgi5bXbi04Hc4t2c8bCJOiA+DTYzy
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/chris.key b/OPP/openvpn/keys/chris.key
new file mode 100644
index 0000000..7706937
--- /dev/null
+++ b/OPP/openvpn/keys/chris.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCmfHouDrDf6gJD6YqV7DPSqbooajYvZtXc09SxADMYPNGgTcyl
+xyIHhQ86feAgKg0XShBzxiw0fqwfixxuMRs78e70ajHpWj0xT1u6jrjHoGMjs35K
+yM88bk81dJaIlDZtV6qfoHFtli0ZEma868V5kgovLsA3knLgb2Bo3XvhnwIDAQAB
+AoGAOdvYuljwr2CsGN35A9Fq0TObNqBy5FZgzLXxnPHsz+eTEpr3HEXwVZywhito
+0MTMd+ONhC7C/htnxi6aWtFGHSdr2xpVS/WUzSgBIlskb5XzJhMf54tbG+PN1dpA
+UG1S2wSRa5rQC2ifX6t3m0UwpMlymtimVxzH5YR7/cwD08ECQQDZ0OG1DqjdYQfH
+PJKH+xat7HI55FV9aWhjH/t2KJcT72wnoKJfjzG5aW8ePAXMX++J6PP28s1HQcXB
+/R3vrQczAkEAw6wG8tFazT0+hNBcT63VsoAW7FxsZp0ME1kFNdceZbbcPMH2SDdR
+QXFLarBCcYnvKthwO9Xeyz93J6k5ZQXL5QJAKf1kpZzP3O2JrFT3ApPbCWhdlN95
+w5WAdCuENIEartMnDHShGL7oHRBARZnYnE+aRAHOljq0bBo332/GR6AZlQJBAKQS
+Vk07AOGBzi99qzngsISZZR9SLE8qtppulbDcrY9qcme72DAbulWekzdljoE3wMTz
+ccCqh8Nzdw1Zl1e/MYUCQQC+p3L5N0j/lC17/jCDWQ424UKCo9Kml9obBcKXW32X
+s2V6x1PgpLcouXzVAgXjlNwbcIRJMEivDYTr3frW9sUT
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/cristina.crt b/OPP/openvpn/keys/cristina.crt
new file mode 100644
index 0000000..61af524
--- /dev/null
+++ b/OPP/openvpn/keys/cristina.crt
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 38 (0x26)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 15 01:22:04 2017 GMT
+            Not After : May 15 01:22:04 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-cristina/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:a0:34:ab:d6:98:48:9b:5c:84:c7:27:2d:d7:d4:
+                    45:b5:e7:d7:b5:4d:99:4a:a5:38:a2:95:a0:d7:78:
+                    5d:3e:de:0e:4f:4e:3d:9c:af:fb:cb:2f:a5:4e:25:
+                    19:f5:84:4f:a3:f8:98:db:77:58:42:7e:c1:16:f1:
+                    c7:09:2f:9a:ca:a5:e5:f3:1e:8d:9c:5f:54:8a:71:
+                    50:43:b5:e0:41:1a:ee:b4:69:32:f2:ab:7c:17:52:
+                    96:d1:7a:51:27:6f:83:44:2b:18:12:da:f9:9a:90:
+                    d4:c6:78:39:02:25:5c:86:d6:95:a1:81:77:54:2d:
+                    45:32:f8:c5:11:f5:75:d0:c2:3e:73:42:00:ba:d2:
+                    ef:a3:f0:52:0c:e7:6a:1a:2a:fd:c6:c4:54:3b:b7:
+                    f0:1f:f8:f6:3c:a2:bf:16:da:3b:fd:31:bd:b4:ec:
+                    16:da:03:78:be:ef:9c:9b:9e:c3:d0:4c:8e:53:2f:
+                    b6:87:cb:5d:b5:98:db:b3:9e:aa:46:09:cf:e0:f0:
+                    b0:35:dd:0a:ee:9a:15:7d:68:19:db:ea:84:42:97:
+                    4b:93:e1:7d:81:c0:d0:08:8a:01:04:23:89:0d:5f:
+                    e1:61:71:73:b6:e6:a0:3f:99:2f:f2:b3:5f:2b:fe:
+                    29:8a:69:d8:51:56:6c:6a:5e:46:25:16:96:cc:0e:
+                    57:97
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                75:75:D5:F4:C5:31:31:04:BB:9A:F7:7A:77:07:B1:18:73:27:54:18
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:cristina
+    Signature Algorithm: sha256WithRSAEncryption
+         53:31:84:22:c1:63:1d:0a:9b:34:4a:9e:d3:78:a5:46:62:87:
+         33:e6:eb:23:72:aa:c6:f0:9c:0b:b2:26:49:0a:f5:bb:de:89:
+         c3:9d:79:1f:d6:2d:79:99:42:04:ff:ad:d8:44:b2:f8:81:b4:
+         a1:84:ca:72:ba:a8:86:ac:bb:fc:8d:a1:26:c2:95:0a:76:55:
+         54:e5:34:b9:57:ce:2c:9a:01:5c:ec:79:ca:0e:2d:f6:80:70:
+         13:bb:c7:d4:cc:cc:d9:ac:26:5c:57:aa:14:9f:ea:da:c2:ca:
+         ef:1c:c3:1d:50:82:f3:5e:34:7d:73:fd:40:2b:db:0d:e1:83:
+         1b:39
+-----BEGIN CERTIFICATE-----
+MIIEjzCCA/igAwIBAgIBJjANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MDUxNTAxMjIw
+NFoXDTM3MDUxNTAxMjIwNFowgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRkwFwYDVQQDExBPUFAtVnBuLWNyaXN0aW5hMRAwDgYD
+VQQpEwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKA0q9aYSJtchMcnLdfURbXn17VN
+mUqlOKKVoNd4XT7eDk9OPZyv+8svpU4lGfWET6P4mNt3WEJ+wRbxxwkvmsql5fMe
+jZxfVIpxUEO14EEa7rRpMvKrfBdSltF6USdvg0QrGBLa+ZqQ1MZ4OQIlXIbWlaGB
+d1QtRTL4xRH1ddDCPnNCALrS76PwUgznahoq/cbEVDu38B/49jyivxbaO/0xvbTs
+FtoDeL7vnJuew9BMjlMvtofLXbWY27OeqkYJz+DwsDXdCu6aFX1oGdvqhEKXS5Ph
+fYHA0AiKAQQjiQ1f4WFxc7bmoD+ZL/KzXyv+KYpp2FFWbGpeRiUWlswOV5cCAwEA
+AaOCAVswggFXMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdl
+bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUdXXV9MUxMQS7mvd6dwexGHMn
+VBgwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8x
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYD
+VQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJ
+ANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNV
+HREEDDAKgghjcmlzdGluYTANBgkqhkiG9w0BAQsFAAOBgQBTMYQiwWMdCps0Sp7T
+eKVGYocz5usjcqrG8JwLsiZJCvW73onDnXkf1i15mUIE/63YRLL4gbShhMpyuqiG
+rLv8jaEmwpUKdlVU5TS5V84smgFc7HnKDi32gHATu8fUzMzZrCZcV6oUn+rawsrv
+HMMdUILzXjR9c/1AK9sN4YMbOQ==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/cristina.csr b/OPP/openvpn/keys/cristina.csr
new file mode 100644
index 0000000..b02f6bf
--- /dev/null
+++ b/OPP/openvpn/keys/cristina.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC7TCCAdUCAQAwgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRkwFwYDVQQDExBPUFAtVnBuLWNyaXN0aW5hMRAwDgYDVQQpEwdP
+UFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKA0q9aYSJtchMcnLdfURbXn17VNmUqlOKKV
+oNd4XT7eDk9OPZyv+8svpU4lGfWET6P4mNt3WEJ+wRbxxwkvmsql5fMejZxfVIpx
+UEO14EEa7rRpMvKrfBdSltF6USdvg0QrGBLa+ZqQ1MZ4OQIlXIbWlaGBd1QtRTL4
+xRH1ddDCPnNCALrS76PwUgznahoq/cbEVDu38B/49jyivxbaO/0xvbTsFtoDeL7v
+nJuew9BMjlMvtofLXbWY27OeqkYJz+DwsDXdCu6aFX1oGdvqhEKXS5PhfYHA0AiK
+AQQjiQ1f4WFxc7bmoD+ZL/KzXyv+KYpp2FFWbGpeRiUWlswOV5cCAwEAAaAAMA0G
+CSqGSIb3DQEBCwUAA4IBAQBDiOIgPbjP5x90nk2nGfB12xyXGo4e+UPHO6kKHmCD
+1rmncakkrGAXCLdagbIX2tNVBHPxhCE3qq9mQIbgYZycbmnG+yohevqWPGlt7ylE
+o0mAkdhfSEdwem8TIYahROa/Rh53TutHqw1tWjs4Z7eJLR1l7di/3Dvjq4ZQDFsT
+4/5PslJIHMQbLmR/yDgKmGkXjl/dKs5Pu5gZb++VuNYIaAss1bf+0uyBnxU2jnHz
+/bOOuJAJC0EaA/HtgPu5PpCEaBsEmukdTKLMoeV9B8Bl6CkRhHhSlsG93ZBM7bMQ
+34oFEeFYoH7IAHM58+h14/SOKD98v4xyWV3s39XrGNKp
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/cristina.key b/OPP/openvpn/keys/cristina.key
new file mode 100644
index 0000000..5b20fbe
--- /dev/null
+++ b/OPP/openvpn/keys/cristina.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIw00lAQZyCdoCAggA
+MBQGCCqGSIb3DQMHBAjqppWn9M+UAwSCBMgT7BaIjlPzH5FWpn7TqtqEPZAZMT0O
+g2uIHPc1aPKG0EdaYIUjdCwzHsmMfEPMwDd83m2GL0CPWiX3QvgFjsZ+4UBU788F
+JeITWKubD/lC63RfbZztQdM71DWx5FtH6ihA2VHsw/RG3NGtI5kyL0+pUYE97vbL
+fiFl0HI0whiMAwNutZNkc/lHh8wzwoHhtwF6ydPQUxD1GHi7OnVrJAhyj8Leaf9L
+OXy+a7D91ptzx4Te8K6D9UdvpWFHScCy+SQ6wGKly6k5p+Z9xGMT/ff6IuJXQl71
+CgID6b+IbUE4DinuevGp32NbuO2mYvJcID4bvKiJAGXndN/Yjiq4uvrhlQNzBAGF
+TM5iOiof5soliA0PMhwbTzNlqyF84uxjsF9tZgb6qdg87E1TsMjZ5CSsM5DP4G0a
+XvT0BEXkBOYbI21cpp+1Di3KWr6H5V+QZvvGupJts7r/gxFwubkjiHnItMAe1h3c
+PFpyoPQnYoVPmpK2W+Q3olJO8aS28dDak8bzFLRcO+hun6ZgY8t4AmV524kctvOq
+/e2hM8qwqyt3L17Tv2Oz05NGExoXzclnljLH4aHxwbr+doBYrKCaIUgn4kwYd1aI
+CniBHwCxJ7NF/YgzsvBGXMDdpZF8wQ4L2BX95QTIASl2XkZe2nO+TUYymuLJgfBT
+h1qnlNDQvMrVlnohCSptUPc4RsFt2derSdx5FyCPR6YyDy326QVY6hCGtYANfrrr
+yt4HyLxO6sp4v4z4ureaOZPZTB10rXeQEHFZAe3qMEJN4a2fPv7N5C0ZRnawrGUR
+paEeQqiXIE1U4DUbHYVHE+LJjYzxOdUDRtX+xagyKoiQ6pEPyNUth23U+Kfn4yhe
+jN69QlVLdatacTLd0042tyu64vpnWW/tNyTSlglIUioWe7wqbiHmoSmxEmKYv/V8
+tYTo88wCXk2sn4TbVXzSWkQUloCNsyJ0p2hrMUI6mv8cQV85FV3zsG6MhiCeHt3S
+H0bJBVQeFVm4Cs2E16RPxImvBEezJKJJCeWwIV3UUGOqr15xlPLHHZrPM3P8bNu3
+4Rv+vWSafjCFTEfUiVAjau2ZI/+p9/TCc+ciQaFknirQltn5erayCJiOh4SvGaiO
+yZZA62kSqMoNA3JoyrGp7ojWQEXK8bWlhUcWp9tuvkuIxEoOpvFiGEjk5x7l/bP2
+p8sMiL2c+ntfOGFxnSiA/ANvMWPK5XAOkxy1Q99Oydiw2jVpu8VeHi0iqti71RDi
+7LmOicvNFMKwJRfvUvbWqkdPd7E+bWFRW8Lco/ivoU/q3zvwgpcPC5lQhE3jcNSe
+1mr/CkGYPigsPrtXhHrp9V085w3/4fXb0u/+gkrPSrUL/a3Uynu9bAfz7TR6sK6v
+DR8wNdJ33K82wdUiE+esyPoOgowNczap++ergolw7HUTcSjMzu+2vILMXRKzgruB
+uGT+jkFPMAKlNGNMHdaOWIh8Pn5BKCa5O0peN07nYtRBGniK5fFOfOBx24YzuJ2C
+0V7DXFAgEB1xRqZ/fhmdjOiDhxopu3mgIVd8gxmEZd7y8v8qmTJMQIpktXhtRDWi
+ysR5YKVGNzZmAukD6LW0Iw0qAfsTRArdZeQwjeJfB93Mf589sy/2/TNxgo11RU1G
+bQI=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/crl.pem b/OPP/openvpn/keys/crl.pem
new file mode 100644
index 0000000..2a02f56
--- /dev/null
+++ b/OPP/openvpn/keys/crl.pem
@@ -0,0 +1,14 @@
+-----BEGIN X509 CRL-----
+MIICDTCCAXYwDQYJKoZIhvcNAQELBQAwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJ
+KoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZRcNMTgwMzAxMDExNzMxWhcNMjgwMjI3
+MDExNzMxWjCBtDASAgEDFw0xODAyMjgyMzU3MTVaMBICAQQXDTE3MTEwNDAwMDMz
+NVowEgIBBRcNMDgxMTA0MTIwNDA5WjASAgEGFw0xODAzMDEwMTE3MzFaMBICAQ0X
+DTA4MTEwNDEyMDQyNlowEgIBDhcNMTcwOTE3MjIxMDQ5WjASAgEPFw0wODExMDcx
+MzI2MzlaMBICARUXDTE3MDExNDE0MzYzNFowEgIBHxcNMTcxMTE0MDIzOTU1WjAN
+BgkqhkiG9w0BAQsFAAOBgQCuA9AAsn3ie5Qa6ZglnkJ+maI+seLV6C71zBcCXxTu
+epjv7TBw8p7aiE4bx+szg2SDNB56SHRs0ubjkOgXCAoB0gv5j5bUF8B6iIWRulR1
+AmmSMscNw7G+eajU3YP0iwOnex+ur0hKbEhu6JhQwGZG/8/f/LoQKO4gghWQM3bT
+7w==
+-----END X509 CRL-----
diff --git a/OPP/openvpn/keys/dh1024.pem b/OPP/openvpn/keys/dh1024.pem
new file mode 100644
index 0000000..d980d70
--- /dev/null
+++ b/OPP/openvpn/keys/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAPYQQ7sgHIe15R0Wo79Xp+SOTx7TYNfumqNRV5LhsHun6AKY4G/xgv5r
+Lu86To5F1KLnE6aFoZtVL0IZW/uOXQ7HEZkl1q2g5fWq60FWVhHIOx5KLMXR5drJ
+RCtqMVUbUlqSsleRFUHS4PL4qsKQ8H710A82ravKPS7U11wQR39zAgEC
+-----END DH PARAMETERS-----
diff --git a/OPP/openvpn/keys/dominique.crt b/OPP/openvpn/keys/dominique.crt
new file mode 100644
index 0000000..836f2c9
--- /dev/null
+++ b/OPP/openvpn/keys/dominique.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:11:52 2008 GMT
+            Not After : May 17 14:11:52 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-dominique/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c1:38:3f:b0:d4:de:b8:36:d8:39:59:f5:e7:f0:
+                    90:30:28:ea:08:8f:89:22:a6:20:ab:30:cd:fd:6d:
+                    05:49:a8:75:44:5b:2a:8c:d0:f2:7a:ad:8e:2d:f8:
+                    61:3a:ca:96:6b:f7:fa:8f:9e:cf:b6:1f:05:28:0f:
+                    17:7b:30:72:38:b4:d7:2e:11:7d:4e:bd:0e:34:f5:
+                    73:b8:fc:96:bf:dc:08:b4:42:5c:28:79:c9:13:21:
+                    41:56:8b:46:b4:22:3a:ce:67:7e:ee:22:e4:0d:6b:
+                    2a:6d:5e:20:1a:cd:bb:00:98:e6:a8:c5:40:e6:cf:
+                    64:5e:73:c3:5c:07:64:67:4b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E4:85:C4:03:74:D3:5B:17:7C:9A:8A:F7:CE:62:23:56:CE:45:14:80
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        23:5f:8b:84:36:8f:5c:85:64:4c:13:36:df:64:4f:6e:15:b3:
+        21:2e:1c:3f:90:d4:9c:03:2e:1d:c8:6d:54:d7:19:03:46:b5:
+        e9:50:eb:92:7c:cf:14:5d:b4:0c:58:3e:8d:e8:a0:19:aa:16:
+        43:b5:c5:9b:4e:4e:1c:4b:a3:80:78:43:c8:77:79:6e:ac:13:
+        28:c8:5d:c1:a2:b2:dd:1f:ca:ad:c5:7b:81:3f:8d:15:43:6e:
+        e4:39:73:a9:07:85:4c:a7:ad:34:73:80:06:1f:97:63:38:53:
+        77:db:e0:5f:ea:0b:40:a8:55:9a:d2:68:75:20:ca:29:0f:7f:
+        67:e5
+-----BEGIN CERTIFICATE-----
+MIIDsTCCAxqgAwIBAgIBBjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTE1
+MloXDTE4MDUxNzE0MTE1MlowgYUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEa
+MBgGA1UEAxMRT1BQLVZwbi1kb21pbmlxdWUxHTAbBgkqhkiG9w0BCQEWDmFyZ3Vz
+QG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBOD+w1N64Ntg5
+WfXn8JAwKOoIj4kipiCrMM39bQVJqHVEWyqM0PJ6rY4t+GE6ypZr9/qPns+2HwUo
+Dxd7MHI4tNcuEX1OvQ409XO4/Ja/3Ai0QlwoeckTIUFWi0a0IjrOZ37uIuQNaypt
+XiAazbsAmOaoxUDmz2Rec8NcB2RnSwIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAs
+BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFOSFxAN001sXfJqK985iI1bORRSAMIHEBgNVHSMEgbwwgbmAFOFNw2v0
+fIF7FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMG
+QmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UE
+CxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqG
+SIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQF
+AAOBgQAjX4uENo9chWRMEzbfZE9uFbMhLhw/kNScAy4dyG1U1xkDRrXpUOuSfM8U
+XbQMWD6N6KAZqhZDtcWbTk4cS6OAeEPId3lurBMoyF3BorLdH8qtxXuBP40VQ27k
+OXOpB4VMp600c4AGH5djOFN32+Bf6gtAqFWa0mh1IMopD39n5Q==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/dominique.csr b/OPP/openvpn/keys/dominique.csr
new file mode 100644
index 0000000..44939b2
--- /dev/null
+++ b/OPP/openvpn/keys/dominique.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB1zCCAUACAQAwgZYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRowGAYDVQQDExFPUFAtVnBuLWRvbWluaXF1ZTEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+AME4P7DU3rg22DlZ9efwkDAo6giPiSKmIKswzf1tBUmodURbKozQ8nqtji34YTrK
+lmv3+o+ez7YfBSgPF3swcji01y4RfU69DjT1c7j8lr/cCLRCXCh5yRMhQVaLRrQi
+Os5nfu4i5A1rKm1eIBrNuwCY5qjFQObPZF5zw1wHZGdLAgMBAAGgADANBgkqhkiG
+9w0BAQUFAAOBgQAwgThA/0YbwTAMSig/F/ctothtcy+DG7fs1525NiGUJGys45Ez
+cdgTq47NipdSZvu1FGRF7/r1M5V1uxjgbvLiIUX8eDjuA23YnPWwFwEiCfIMLWVi
+WjuAzm9Admf65Qs6gZEDsa4LS1CuQJgGj4fvxxkCh2ktgRrGALKZSIW37Q==
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/dominique.key b/OPP/openvpn/keys/dominique.key
new file mode 100644
index 0000000..614c1aa
--- /dev/null
+++ b/OPP/openvpn/keys/dominique.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,07F215DB43A4ACC8
+
+rfeUDynAgdIVx212o/QjU3zGuAsVd8MlNdF8wS7U4CpAwzxPQ8Qg9MY9Ia7Ze11b
+CyjDGHf71VyHKjT1K5F7MVVEb5kjnDrRLh8Mi/Cvm0R7OZuD7F4HgTzAPewFJ6VU
+iPhqedl+1/Q57gvfUQbuwhSfKsrtybO0BFzgkkCIB/igz37QXtyM4ULEAKCTC0rQ
+nsQfaS87A7fdNToC25dXIJUf2Btc4athjECvfRbihdLp6RT4vqJqcAnrEkt4vyU2
+f74J+XoeXj8o2iai8oeOBngiYhIJwteKIRyRKeRMCckY0Gfl+J+IBg6x7zrLxtZb
+wPxBclBvjvcgSKaS4dpEvejauX7DsVpxbIeG99MrtyyNYR+clPkcMqFsj0KKPyJn
+nXu723WDIquzcaI2n7BZYMVo/YiYqCbBz/9z+hAd5CWVYVPQmiwM3uOLpRrXKuQc
+5W+aAOaKczzBAkYwD0YjVxKNL8MPZQldv1O3OBxhhLVk7G9OVzNUNyVGjNbcBIDC
+lnVEOD61VE7VtZ8hTBiscCJwyiXR9zc94htCRvq7alJPaAmO9mJOdOsHOtjPD5OS
+AzFH4XAIb5swbd3vSIjTMsPP+CnEMH01+RfM0y86S6PuGfRzHfrVT4t1BmizGutH
+UjB0oFQrMAj4Vzs2+v38IoI08HmInQgcKPbcVincJS1SxptgNHLRbcxLouMkCzW3
+E1yBwW+jZQT0Ek3vIJkrCKyYMS083x6POp53eCjESqumWfS6GFf2OPXer+7Whh15
+Pva/EWN1O3xGz/ZnTCoPBl+E9HlAUBZVxxf0oyU1VClItXZe3lSwUQ==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/eli.crt b/OPP/openvpn/keys/eli.crt
new file mode 100644
index 0000000..0eb367f
--- /dev/null
+++ b/OPP/openvpn/keys/eli.crt
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 37 (0x25)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  2 11:42:51 2017 GMT
+            Not After : Feb  2 11:42:51 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-eli/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:d4:cd:55:f6:92:f2:6d:9b:49:d4:39:34:88:6e:
+                    fb:d8:00:32:3a:f1:56:dc:47:ab:95:e1:94:22:29:
+                    b2:1d:d9:57:3d:dc:4c:40:f2:d9:8b:0d:24:05:5f:
+                    03:c0:ae:14:f9:5b:7b:2d:3f:33:c3:73:c7:a9:46:
+                    e6:72:f0:f8:22:be:98:a1:55:0a:14:d7:30:62:89:
+                    af:6e:9d:cb:1a:4a:ba:df:81:16:3e:28:c3:71:95:
+                    d9:a3:c9:4f:c8:44:e8:4f:06:ee:18:1a:d3:d4:26:
+                    12:7d:c1:74:28:77:39:e6:c4:cf:2c:5f:4f:0c:10:
+                    7e:22:5c:10:87:4e:49:46:a2:b2:08:b3:75:92:b0:
+                    ec:f8:90:28:23:53:35:5b:cc:e8:19:69:3a:77:e1:
+                    11:d2:3e:19:8b:5c:c0:5e:be:52:62:0e:60:21:d5:
+                    ef:ef:81:8b:71:f4:c3:64:64:8a:e2:e0:7c:71:c1:
+                    57:fa:78:ba:6d:ea:e3:d9:bb:14:01:6d:26:03:6e:
+                    0e:9b:02:b8:25:87:30:5d:0b:63:e0:fc:3b:cb:d5:
+                    76:a5:4c:9e:9c:8d:41:18:f3:bf:8b:e1:c8:a1:ae:
+                    eb:47:c7:90:94:03:41:8f:19:87:ef:72:4a:2e:5d:
+                    05:1f:83:61:00:86:4f:ba:b6:2f:54:7e:3f:e1:76:
+                    4c:8f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                79:1D:DE:0C:92:00:9F:55:5F:53:27:81:B9:C2:DF:DB:3C:86:75:1E
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:eli
+    Signature Algorithm: sha256WithRSAEncryption
+         69:08:44:10:57:57:3b:a1:e4:a2:65:a2:c3:2b:85:9b:5c:0b:
+         d7:5e:d8:3c:79:a4:b1:58:b8:c0:8c:be:6a:00:4d:fb:73:64:
+         c6:ff:eb:0d:35:7e:33:f1:81:eb:84:e4:e3:19:16:52:2f:33:
+         fb:aa:4a:27:5e:9c:7d:4f:e5:49:0d:6e:9c:6d:84:cb:4f:a8:
+         41:27:1d:71:4c:8f:ff:dc:88:96:70:c1:39:ac:35:b7:bd:a7:
+         cf:aa:09:8d:ec:8c:52:4c:a1:b5:3d:00:80:38:af:0b:b6:1b:
+         87:ca:ba:a9:d3:8b:3a:39:44:07:57:ee:bb:fa:6e:56:74:80:
+         fc:cd
+-----BEGIN CERTIFICATE-----
+MIIEhTCCA+6gAwIBAgIBJTANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MDIwMjExNDI1
+MVoXDTM3MDIwMjExNDI1MVowgaIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRQwEgYDVQQDEwtPUFAtVnBuLWVsaTEQMA4GA1UEKRMH
+T1BQLVZwbjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUzVX2kvJtm0nUOTSIbvvYADI68VbcR6uV
+4ZQiKbId2Vc93ExA8tmLDSQFXwPArhT5W3stPzPDc8epRuZy8PgivpihVQoU1zBi
+ia9uncsaSrrfgRY+KMNxldmjyU/IROhPBu4YGtPUJhJ9wXQodznmxM8sX08MEH4i
+XBCHTklGorIIs3WSsOz4kCgjUzVbzOgZaTp34RHSPhmLXMBevlJiDmAh1e/vgYtx
+9MNkZIri4HxxwVf6eLpt6uPZuxQBbSYDbg6bArglhzBdC2Pg/DvL1XalTJ6cjUEY
+87+L4cihrutHx5CUA0GPGYfvckouXQUfg2EAhk+6ti9Ufj/hdkyPAgMBAAGjggFW
+MIIBUjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFHkd3gySAJ9VX1MngbnC39s8hnUeMIHE
+BgNVHSMEgbwwgbmAFOFNw2v0fIF7FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
+T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSL
+VaPfiDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDgYDVR0RBAcw
+BYIDZWxpMA0GCSqGSIb3DQEBCwUAA4GBAGkIRBBXVzuh5KJlosMrhZtcC9de2Dx5
+pLFYuMCMvmoATftzZMb/6w01fjPxgeuE5OMZFlIvM/uqSidenH1P5UkNbpxthMtP
+qEEnHXFMj//ciJZwwTmsNbe9p8+qCY3sjFJMobU9AIA4rwu2G4fKuqnTizo5RAdX
+7rv6blZ0gPzN
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/eli.csr b/OPP/openvpn/keys/eli.csr
new file mode 100644
index 0000000..60fd742
--- /dev/null
+++ b/OPP/openvpn/keys/eli.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC6DCCAdACAQAwgaIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRQwEgYDVQQDEwtPUFAtVnBuLWVsaTEQMA4GA1UEKRMHT1BQLVZw
+bjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDUzVX2kvJtm0nUOTSIbvvYADI68VbcR6uV4ZQiKbId
+2Vc93ExA8tmLDSQFXwPArhT5W3stPzPDc8epRuZy8PgivpihVQoU1zBiia9uncsa
+SrrfgRY+KMNxldmjyU/IROhPBu4YGtPUJhJ9wXQodznmxM8sX08MEH4iXBCHTklG
+orIIs3WSsOz4kCgjUzVbzOgZaTp34RHSPhmLXMBevlJiDmAh1e/vgYtx9MNkZIri
+4HxxwVf6eLpt6uPZuxQBbSYDbg6bArglhzBdC2Pg/DvL1XalTJ6cjUEY87+L4cih
+rutHx5CUA0GPGYfvckouXQUfg2EAhk+6ti9Ufj/hdkyPAgMBAAGgADANBgkqhkiG
+9w0BAQsFAAOCAQEAC2yMg+NocTtd8EVNuVakjF0tEw1YWmM6vaXO1DSPcxVTHvtv
+wQ0mvhSKX+tAnERvjOn0L3DFw16Oq5sIbtmxWuJiaqVB25jPgQgWWsjqvZRYBFjz
+es1JYm2/pjJvLC+sP8MTb6htzYUOfE7MMMgQ4XjSTVSC8+eVhvnHCIAw6EJVfcxO
+oNlBL9gb5HmGJiJWTzlfcaV4RxDdtRe430QlPZN634dIzooAiBWM6mRGzWHwc2RY
+QcPhKNDZrj5RcTYzff5hOiLLV/GFuAJ3pQI/8n/mrus4gfJRLlObpnQIP0t+ip76
+ewL1XGYsuApPGnyeaem4ZkJ5QtHjOLMx6+WbEw==
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/eli.key b/OPP/openvpn/keys/eli.key
new file mode 100644
index 0000000..bfe8e44
--- /dev/null
+++ b/OPP/openvpn/keys/eli.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQICzjCcRugboUCAggA
+MBQGCCqGSIb3DQMHBAhxK4V9fX4VEgSCBMitzt7GWOaDQXXB7DHir1uR6KEssXJI
+KqNCyHAy8mTfR8VQs+K/d3iUXBvNTZQlJ4e9AsdKbuKjZT0yfsqNueC24ZqAyFXF
+2jVXY0+dp7al0AxcCDXgxMe6ewnqTuyNWpzcNk1sbp2Uh+q/q+X2qK8heSeNs9VR
+Tl3Busyh+AYN9RrOsRWztDaEUtdSFfOcIntiz9J4HAm1va/0OigeAwKveO9Z57eI
+7y/68GMGOPnKEkYlkwkWbouEhnUbcXzbclhRAyAociFKYaWbbeiYC/SQqDDVih48
+zyRPDlRYG9rhub+PMZjDshfOfYttD0QUU7VlSg1AMPz7+htftgt02M//8El85FYd
+FUYyN4bKAZyq2PGnqui7YPXAOWZLHRNKtBSpT1EGoAyW4Tqjh1CZReJR5NHMFe6g
+IbvW5I3iJuFhc9dh7e0mWzWEzmQ9U95Pftpd4hOSEopq0o04mZVawKzf1t5jIGp9
+pYda/j8tIIGt+Eya93ycQSa+/z9ukTHy/GRhl0YKVEevT17XNtJo1xU59s+wK8K5
+a1z3oNiJjRuUkNkm7+HvZHnTk9ohTQE8mO+HxHl3QuFYcDRCPZpWrrEVPqt8KgaM
+hW+lGwtay2rrGSGctVlJA3TAg6ISTEviOq8tfo+7HiQ24sqA+P73dUGF/lM+ps/R
+R9uFw33V8Ktq1BRVkaThqrcrBx1WFiHpCfVmPeGL1Y4doeTGTmuL6bZiuiPPErhX
+ImmKW39C0hsEN1YVADXKN6SNsCSuI/RBb7Mg5w3as/VDetMqJg3RcAVC+zgfpsso
+c3t8LzJy8uB29PGifYMQywoHvfnWFyFhksuttS/J03ezJbeeNv7a/1No/qKeIWJ/
+UyPiTu4ncjYBAch+9AOmyxxEpNLZDIXPTx5qe4Ze8ZGO0sIZjwUjODd+unaAWoW9
+AFwIooFmX7fIsB020ISZ+HTT6KZAD4aDhWrcHUlS9rMpz3SKmLWea0qEfPdwdqTv
+24goOoZsdl6TxwYhszxz5WGmuqBdx2F3UvGKIpu6JdZRT4jSmsgb1IIF9FZO4YcW
+/S0hFQ1n0LodZXcoy+2/3eUtHX/7fz9xkDLHjRc6zeWr5QwCirXfFo8wuFvgnQwF
+WjxAoW6LyW5gl1XjaWfTTB7KQ8SqC7lYQPw4HOCnCvwAVR5csq3XWOnQfZplcE/6
+HK5xWT76MFLd+WHZG4ceuvhtysovCzJVWvOIbvPfmeuKYWx901bx1cUPHYFYGbEb
+GBNEahcQtU2V4Lu1UnUnZzaXUaQ+6nHTDLRqib1tt9kFomkAYdgBnOHSBfRsQE/m
+7lTct0H+BrzDZL19bGKCDY2iMPWS0Jnfm+cK46KnhoyTKSgIKV/qzmh3Db+2tlQA
+ajUFra+XoBiBJvf3SAV31c5Zh8E6KDqFuP4JdCSHvS+tbncJorbJS4JSRVwFBJu0
+TT1hef8J+q3AL4CJVvViOrFXSbdVJpiq/NDSJu53LpfpNekj5agYHws8V5YK/NKr
+Cd3htJD2O3x4Yg7hkv/m/cdRErOlh48z7iFmSB3GTko4PHTTR+hbtnD+glqgLJFs
+K/I791pRBmqHlJayDh6U5Wz8hoAsxZ6OCiwg1ap3W336UU7rxJrywXYw+f53pFVa
+Qrg=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/gesa.crt b/OPP/openvpn/keys/gesa.crt
new file mode 100644
index 0000000..7619b30
--- /dev/null
+++ b/OPP/openvpn/keys/gesa.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 7 (0x7)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:12:31 2008 GMT
+            Not After : May 17 14:12:31 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-gesa/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:dd:3f:12:ed:6e:50:5f:83:73:b2:02:06:39:79:
+                    4c:8f:5c:1a:cf:24:8b:48:ad:26:30:5e:33:dc:97:
+                    ee:8a:01:4b:4c:be:78:0e:6c:a7:04:5b:2d:12:bd:
+                    2e:c1:7f:71:6d:84:52:b5:19:e8:b2:6c:57:bd:54:
+                    4b:9d:97:ca:12:a4:9e:7b:d6:b3:26:88:b2:f9:ee:
+                    e8:92:27:1a:50:e1:8e:44:ba:a8:81:db:c6:03:9b:
+                    8e:92:a6:f5:28:61:d9:a8:9b:6c:74:41:e4:3d:a2:
+                    2e:98:75:9f:3f:37:6f:79:84:44:ff:53:39:cf:96:
+                    31:b4:82:54:dd:46:b8:8c:85
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                20:D1:BD:E0:49:1C:2D:5C:06:98:E8:85:E7:B4:9B:34:0F:23:DB:21
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        69:8a:2e:2b:93:da:48:7a:0a:3a:8d:84:0e:f9:16:d7:23:c6:
+        29:e2:75:67:e8:59:f2:21:2b:31:7f:15:94:10:0b:49:5a:a4:
+        4c:7f:ef:3e:02:ad:04:d5:be:f7:10:03:cd:77:73:bb:b4:93:
+        03:c8:27:51:0e:1a:27:91:51:e6:6f:43:ad:cd:91:be:ab:3c:
+        5c:ba:54:e8:4f:b5:07:22:d4:46:b1:e6:41:34:cc:56:84:3b:
+        f2:bf:eb:b9:a5:d8:43:95:b5:42:67:3a:08:99:f9:d9:3d:9e:
+        fa:2d:e3:a8:da:4c:de:3e:00:cc:92:8c:56:92:d0:da:47:b0:
+        fa:eb
+-----BEGIN CERTIFICATE-----
+MIIDrDCCAxWgAwIBAgIBBzANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTIz
+MVoXDTE4MDUxNzE0MTIzMVowgYAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEV
+MBMGA1UEAxMMT1BQLVZwbi1nZXNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3T8S7W5QX4NzsgIGOXlM
+j1wazySLSK0mMF4z3JfuigFLTL54DmynBFstEr0uwX9xbYRStRnosmxXvVRLnZfK
+EqSee9azJoiy+e7okicaUOGORLqogdvGA5uOkqb1KGHZqJtsdEHkPaIumHWfPzdv
+eYRE/1M5z5YxtIJU3Ua4jIUCAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBQg0b3gSRwtXAaY6IXntJs0DyPbITCBxAYDVR0jBIG8MIG5gBThTcNr9HyBexay
+zG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxp
+bjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5l
+dHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQADgYEA
+aYouK5PaSHoKOo2EDvkW1yPGKeJ1Z+hZ8iErMX8VlBALSVqkTH/vPgKtBNW+9xAD
+zXdzu7STA8gnUQ4aJ5FR5m9Drc2Rvqs8XLpU6E+1ByLURrHmQTTMVoQ78r/ruaXY
+Q5W1Qmc6CJn52T2e+i3jqNpM3j4AzJKMVpLQ2kew+us=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/gesa.csr b/OPP/openvpn/keys/gesa.csr
new file mode 100644
index 0000000..d69627a
--- /dev/null
+++ b/OPP/openvpn/keys/gesa.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0jCCATsCAQAwgZExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLWdlc2ExHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdPxLt
+blBfg3OyAgY5eUyPXBrPJItIrSYwXjPcl+6KAUtMvngObKcEWy0SvS7Bf3FthFK1
+GeiybFe9VEudl8oSpJ571rMmiLL57uiSJxpQ4Y5EuqiB28YDm46SpvUoYdmom2x0
+QeQ9oi6YdZ8/N295hET/UznPljG0glTdRriMhQIDAQABoAAwDQYJKoZIhvcNAQEF
+BQADgYEAFA/FTZmEfBalR5AOdk/FtOvWJPyqtctdgi3585OO35CpYpTZPNCzED9s
+8+RD4ABcRTYs4h4AqEo6Oe0CYeTE3ItLZZM3497/U7Alol1bCDwCPQXxZ2C7oWjO
+mioh3GFP4JKh5auA5+SqwkaERe5R2kHcNPLIRokX99IC0S3Rjw4=
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/gesa.key b/OPP/openvpn/keys/gesa.key
new file mode 100644
index 0000000..1ee030b
--- /dev/null
+++ b/OPP/openvpn/keys/gesa.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4D01732E319B8859
+
+abqiqZ/Epe5viK0hEVeGJ65B7g+Jj3lyoV31XBba5QuWXD8d7vAqAX1Dc75v3GtQ
+YiuEMlpCXqlf0uGAeyZTXr4FauH/vINrZgrepg0790X3DlsbPMY1mGb6V/FCE96L
+2rMo4foFN5gbogZ7C/+nQ6jr1hUzt51+E277lYDSosjvFNiXPvcpycLQrvQ5COBr
+O9SDcqq9MmdSIq9H8iO7j6+ExALQ4o0zqs8/rDjZJ7OoKyRolLVOiUHdz0Ms6v2+
+Y1JnWCr5F2ei4go2DYlyUkG4pqQHiI80slNfUbbzLlBD+3LCmbskJs481xcR5rK1
+MQRMhLyFzU5VjAku3z6MbjIeVS6gtyhbtX0QJGSBzYBu0PSaRlVk5SFywLS7kTcx
+D375gLuWwejsuqdXjK1gicScH4AUBXEm8CkGFF0JfoROyr3zM4e8qcX9YGCVBnEM
+xGes71TqcUXoZGFbo/6Oc7o+bZFJ9VnJvlHnc/gn37+1ru2+54z/UvAESzrG+Bnj
+e7EyhHqVK6WcRqpAXKQZKpSHzQMUhNTS2nwUxkL64egAx6NT3JYWY1agUYfBsYQe
+JBni63JxYjvSHt/AUUzsB/mFII5LWxMX0BDp178vnriGbkCTbCvQSkVJ6Set04R9
+qLIcSgnGrsEO3mdnNmlXP+KsyifOkBf6uAvGKsfnVbQ0RQSRpJ4P/gJIf8J36YRF
+AadteNHVnO3W+IjRUZBKnkI7y/+eE/nxHat/XKaFfPMjOVJlUrA2Isyoi9qLUKq9
+IDdpLrUi+5Kyv1M9VrNxczrHIT4nVLfJ3X6ooJdq6KoqonaKCywLdw==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/gw-ckubu.crt b/OPP/openvpn/keys/gw-ckubu.crt
new file mode 100644
index 0000000..6be5879
--- /dev/null
+++ b/OPP/openvpn/keys/gw-ckubu.crt
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 27 (0x1b)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Sep 20 11:41:43 2013 GMT
+            Not After : Sep 18 11:41:43 2023 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-gw-ckubu/name=VPN OPP/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:97:a7:33:b6:32:9c:b4:75:af:7a:7e:54:53:25:
+                    cc:06:7b:f9:e0:93:3f:2f:9d:83:d2:ce:49:27:ed:
+                    da:35:19:fc:a2:40:67:52:db:8e:ba:42:42:13:74:
+                    73:00:eb:97:12:ad:e0:5f:8e:de:59:ff:c9:d6:8c:
+                    27:a1:95:28:0e:06:5e:ae:49:29:3e:97:60:3a:76:
+                    b4:f0:e4:11:0f:c6:07:fa:e5:42:0d:e8:82:d0:71:
+                    38:a0:07:a6:aa:20:45:7e:d9:78:2e:66:53:8c:10:
+                    77:44:e8:49:57:50:5c:33:85:b0:88:61:1d:64:aa:
+                    4f:0c:bc:b2:1b:b0:5c:6d:cb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                3F:A4:2B:57:0D:33:62:CA:48:8B:87:19:C6:1E:15:A6:31:A6:FE:6B
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        20:73:fd:0e:d1:64:95:60:ef:19:ae:dc:e6:e0:38:c8:f4:aa:
+        fe:1b:89:a6:ff:ed:b2:36:ec:1a:38:08:5f:53:61:c6:b8:7e:
+        c8:fd:82:6d:69:b3:92:bf:ad:40:4e:7e:d1:b3:c4:21:5c:d6:
+        6e:eb:ea:64:51:e2:3a:49:d0:4b:49:dd:ca:9d:4b:ab:a5:b1:
+        1a:82:ff:7b:0d:44:10:91:1a:11:db:ae:8f:2a:88:8f:d9:ce:
+        a9:56:e6:da:8a:ba:27:0d:44:4b:2f:70:da:c9:34:cd:c8:19:
+        79:93:d5:45:16:49:7b:53:7a:83:3c:14:6b:09:71:bc:5c:58:
+        e8:cf
+-----BEGIN CERTIFICATE-----
+MIID9jCCA1+gAwIBAgIBGzANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEzMDkyMDExNDE0
+M1oXDTIzMDkxODExNDE0M1owgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRkwFwYDVQQDExBPUFAtVnBuLWd3LWNrdWJ1MRAwDgYD
+VQQpEwdWUE4gT1BQMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAl6cztjKctHWven5UUyXMBnv54JM/L52D
+0s5JJ+3aNRn8okBnUtuOukJCE3RzAOuXEq3gX47eWf/J1ownoZUoDgZerkkpPpdg
+Ona08OQRD8YH+uVCDeiC0HE4oAemqiBFftl4LmZTjBB3ROhJV1BcM4WwiGEdZKpP
+DLyyG7BcbcsCAwEAAaOCAUYwggFCMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAW
+HkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUP6QrVw0z
+YspIi4cZxh4VpjGm/mswgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuT
+U+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNV
+BAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNl
+cnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1Ud
+DwQEAwIHgDANBgkqhkiG9w0BAQUFAAOBgQAgc/0O0WSVYO8Zrtzm4DjI9Kr+G4mm
+/+2yNuwaOAhfU2HGuH7I/YJtabOSv61ATn7Rs8QhXNZu6+pkUeI6SdBLSd3KnUur
+pbEagv97DUQQkRoR266PKoiP2c6pVubaironDURLL3DayTTNyBl5k9VFFkl7U3qD
+PBRrCXG8XFjozw==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/gw-ckubu.csr b/OPP/openvpn/keys/gw-ckubu.csr
new file mode 100644
index 0000000..ffa15b7
--- /dev/null
+++ b/OPP/openvpn/keys/gw-ckubu.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB6DCCAVECAQAwgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRkwFwYDVQQDExBPUFAtVnBuLWd3LWNrdWJ1MRAwDgYDVQQpEwdW
+UE4gT1BQMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAl6cztjKctHWven5UUyXMBnv54JM/L52D0s5JJ+3a
+NRn8okBnUtuOukJCE3RzAOuXEq3gX47eWf/J1ownoZUoDgZerkkpPpdgOna08OQR
+D8YH+uVCDeiC0HE4oAemqiBFftl4LmZTjBB3ROhJV1BcM4WwiGEdZKpPDLyyG7Bc
+bcsCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAERRhKFp2Eb5uWmlMMS3TBqMewjq
+gC/D6FZaNIfQuooBI7d17cEuQOSBAUG/kxA50Jj7kTRGUzPrk6HWaMIZEZ4ayy1B
+ld4h738LnrP3lbvDEPg/PhSvEGT6ThT6xvDbTZb9qqrhgqJRMjSqQRc2OLE/oIS5
+qgFvtDikDsevqu4K
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/gw-ckubu.key b/OPP/openvpn/keys/gw-ckubu.key
new file mode 100644
index 0000000..112e6a0
--- /dev/null
+++ b/OPP/openvpn/keys/gw-ckubu.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,4CB95F5C6DD612B2
+
+Nw2A/U2PvM2266HmN6E58eFsPDSAFKbtiM8FLA1D20R3TDhzGETcv0J3v5iQFRMp
+oeBthXWiNOvT0HfU4cjhR5MPs3gmLN+OF8U61kCRf9767Smp8zaXdRwgQ4gOMM63
+DVQZhNlY0MaeX5IS2HKvO+gZ/DAUDTU/lDnVSe11bAibzmDwbQXZ4eV2gP8dH2/n
+nYKWagqqUjU90HpxkFO1XQgQ3ShGUoTB2v6UYqi6NhvH7Jz/0IN+eTHHPbPr2CXw
+CRm9bFQbKchp3N6V5oHhY5RO3KgNa/w+/XoxjJZ3bBeCjZeFgeNMDkKC0YnTCz+/
++hO6sgHM5I5oYYEvvZflKg7JMBSY/w/XyfWQTh2FLOvcJDh85ozU/JeQ7EbNaiRt
+ZF2TaMHbcmKSdyoW5VL3iRirq93nbpFl6wUFuifKobLniqT/rjwiSvirqoYds2S/
+sDn19aC/DtOxTXXqp3ReRvBQ56CL4exROHTYrHjh6ECvofdiWoO/tjZrcbtpsIla
+v6nTqo/FMvetbvLPoRfzfeoXIzH6q8fBJ7M10L/AGdbAEW0x5VyMTceHhn/rvdWM
+EPIewbUDKb5WQm2nPxST540fvUMizScGrKVhJbA/2uMtsKjN1G0cF0yPUouK9itW
+1ChqDPJWZJegXNcwcVHHX8hIDCcpd/sFFKVlGDThPmDv6LQ2mgy1nkIDslvsRyeZ
+j40+xfwhXQ49PnGLndkBT4MtvxR46Zt2PH9FFPC18EGDoces2Fv8IKjGVlZpd9uO
+W5D1D69vwgYVFV6E7ZMWF9z/mY53ci0VSMnRjVh3R2rTQjqXypDCDQ==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/hannes.crt b/OPP/openvpn/keys/hannes.crt
new file mode 100644
index 0000000..5758231
--- /dev/null
+++ b/OPP/openvpn/keys/hannes.crt
@@ -0,0 +1,84 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 34 (0x22)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Dec 27 20:33:43 2016 GMT
+            Not After : Dec 25 20:33:43 2026 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-hannes/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b6:d5:54:2c:c2:b5:0f:1a:36:92:52:a0:be:aa:
+                    22:41:4f:fb:27:86:a7:11:78:53:7f:80:69:99:a9:
+                    a4:81:95:b9:5b:40:4f:25:d6:40:14:2b:cc:1a:62:
+                    a0:40:79:82:af:f9:ab:fc:22:b8:0b:c8:35:83:d5:
+                    98:f2:7b:08:d1:38:f2:c3:3b:39:a0:97:7a:04:0d:
+                    e6:6c:cb:b8:2e:2a:f8:a5:79:96:8d:c6:e9:0f:22:
+                    2c:fd:e7:50:61:b2:f7:bb:ba:20:05:1a:85:27:d9:
+                    94:82:74:06:39:91:42:fa:1f:c2:dc:e0:f0:c7:70:
+                    03:46:4d:52:44:f1:0e:c9:4e:e2:a3:11:50:23:4d:
+                    0a:dc:2f:13:e3:a3:f7:5f:14:64:a3:03:08:e2:d6:
+                    83:af:46:ac:68:43:ef:5c:12:0e:cf:ab:37:ab:6c:
+                    8d:91:25:dc:91:73:18:18:76:7e:53:4a:b7:54:5e:
+                    2d:80:eb:6c:cc:8e:18:1b:4d:29:51:72:68:4e:4d:
+                    7c:7e:8b:00:17:40:a8:43:02:33:bc:83:72:40:d0:
+                    49:f8:44:1b:88:8f:37:c4:f6:4f:28:28:5f:3b:cd:
+                    e0:14:fc:fc:6a:20:23:45:13:b3:da:ac:b6:d9:e5:
+                    d7:49:8c:21:87:7b:88:a1:38:23:7b:45:62:ac:9b:
+                    65:ab
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                34:BB:16:9D:D8:4B:1C:E1:52:EA:4C:3B:47:5E:0C:4F:B6:E4:A2:0A
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         a6:c3:00:02:cc:53:bc:07:5e:75:ca:a9:99:72:e6:39:91:82:
+         91:55:ca:17:c5:d8:48:c0:62:83:1a:84:23:52:9a:42:ec:6e:
+         fd:56:d7:39:79:d2:5c:a6:27:88:93:50:fe:20:26:e5:38:0c:
+         c4:b1:8b:ce:4f:96:6d:b2:14:0b:88:a3:47:a1:ec:03:51:71:
+         f8:09:57:71:2a:99:89:69:71:87:2d:2e:a6:fb:b5:ae:a0:25:
+         91:8e:7f:2f:9c:bb:87:c1:a5:2c:8a:e5:5f:b9:cf:bf:b3:93:
+         01:05:5c:b7:56:f6:99:79:c9:fd:dd:28:2a:33:d9:81:46:dc:
+         22:d6
+-----BEGIN CERTIFICATE-----
+MIIEeDCCA+GgAwIBAgIBIjANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE2MTIyNzIwMzM0
+M1oXDTI2MTIyNTIwMzM0M1owgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRcwFQYDVQQDEw5PUFAtVnBuLWhhbm5lczEQMA4GA1UE
+KRMHT1BQLVZwbjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC21VQswrUPGjaSUqC+qiJBT/snhqcR
+eFN/gGmZqaSBlblbQE8l1kAUK8waYqBAeYKv+av8IrgLyDWD1ZjyewjROPLDOzmg
+l3oEDeZsy7guKvileZaNxukPIiz951Bhsve7uiAFGoUn2ZSCdAY5kUL6H8Lc4PDH
+cANGTVJE8Q7JTuKjEVAjTQrcLxPjo/dfFGSjAwji1oOvRqxoQ+9cEg7PqzerbI2R
+JdyRcxgYdn5TSrdUXi2A62zMjhgbTSlRcmhOTXx+iwAXQKhDAjO8g3JA0En4RBuI
+jzfE9k8oKF87zeAU/PxqICNFE7ParLbZ5ddJjCGHe4ihOCN7RWKsm2WrAgMBAAGj
+ggFGMIIBQjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5l
+cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFDS7Fp3YSxzhUupMO0deDE+25KIK
+MIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UE
+AxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDX
+RBSLVaPfiDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZI
+hvcNAQEFBQADgYEApsMAAsxTvAdedcqpmXLmOZGCkVXKF8XYSMBigxqEI1KaQuxu
+/VbXOXnSXKYniJNQ/iAm5TgMxLGLzk+WbbIUC4ijR6HsA1Fx+AlXcSqZiWlxhy0u
+pvu1rqAlkY5/L5y7h8GlLIrlX7nPv7OTAQVct1b2mXnJ/d0oKjPZgUbcItY=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/hannes.csr b/OPP/openvpn/keys/hannes.csr
new file mode 100644
index 0000000..5df4ddb
--- /dev/null
+++ b/OPP/openvpn/keys/hannes.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC6zCCAdMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRcwFQYDVQQDEw5PUFAtVnBuLWhhbm5lczEQMA4GA1UEKRMHT1BQ
+LVZwbjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC21VQswrUPGjaSUqC+qiJBT/snhqcReFN/gGmZ
+qaSBlblbQE8l1kAUK8waYqBAeYKv+av8IrgLyDWD1ZjyewjROPLDOzmgl3oEDeZs
+y7guKvileZaNxukPIiz951Bhsve7uiAFGoUn2ZSCdAY5kUL6H8Lc4PDHcANGTVJE
+8Q7JTuKjEVAjTQrcLxPjo/dfFGSjAwji1oOvRqxoQ+9cEg7PqzerbI2RJdyRcxgY
+dn5TSrdUXi2A62zMjhgbTSlRcmhOTXx+iwAXQKhDAjO8g3JA0En4RBuIjzfE9k8o
+KF87zeAU/PxqICNFE7ParLbZ5ddJjCGHe4ihOCN7RWKsm2WrAgMBAAGgADANBgkq
+hkiG9w0BAQsFAAOCAQEAR0q7zDDLidgL2LV26Lkg/fOmY0MYuhGHHiemv17xfCnU
+Ai27+WN2HkywMYw6UNu5fzu9+zKI0WJjVoVuh/K+VjK0BEk6UCeSPDXG1vRYtU/D
+6An40kt3X9G3Ivj1ckkKCnPvmXX0Q8FOoxazzi9CdT6lpFT0H0Av+61MqW/eLEVb
+kAtsikqjgoUiuHK271sqwg1Wn0XnrCr3sbamRxj3avj8f3/R7QLCGEf3OOSytHPt
+DltZ+RPyO9wmBl1etOW2XesPIFXjaR4+K35ehpccZxkCYxOVLfi4zho6+npyohKY
+fMRKlkX6Pj/3+ILO2ilerNObGszLysnQho1nNLNvHw==
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/hannes.key b/OPP/openvpn/keys/hannes.key
new file mode 100644
index 0000000..1581db1
--- /dev/null
+++ b/OPP/openvpn/keys/hannes.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIEQzS/mVf990CAggA
+MBQGCCqGSIb3DQMHBAjg5vx4Es+SfQSCBMgMSB3vqjsqpFMUqjP8kzOnSR6chLQV
+ndlPXb+9RIKRx7RcEdNIQyliiKRIgk84BdJIxk9UHJ7Y7wGo/6ygRBt8Fov1kPvI
+HbitxFEgDCDOLCQ1guGxrxhREXnXktFrnfairbS6ubWQSlX8wtS8RXJ2AmOhWekG
+jdKsmQBavoBPjAuSUVcvtz/JfqCt/YpmkRaMeDTyaFhMDrZHeZWjG8qmbp58AUnK
+L09KVFLuj8iBP81Ly8Zj2bg/LaEiUy/SnOj5YQIDGcR49tXGknziS+Uj43/JV4YU
+RzzoQga68ilJqUCUi8Gp0Sb0+WS/GvtasAHecuF5JP584GYgwK9llNJ7/SrMtM7U
+VY754uj7x7nqZHjt4kYJBWn2R/OkKpHQ72oGitQ2i7/q7wE+rL+Vwc+tx9e7f8bI
+wcEu2wlZYBzl0sCVp9czX+Sn4cBpJ8y9QBoJE3XOuEQ6uQ0ZKtxN3cs68EqLMcz5
+lCzZndSxpv1rmMBGYP2kFSx9lG6zSpMpb/JBHVbEJyFLYOvkrwp9tOnZX6SKAHOc
+QBjuiUhPIOQhh+o3f9fkUw3OANrtOIForjRQCqLXaz8DbaYEILqj9klFDb5A1o33
+1O/3/2BoVf/rk2xK9kt/RksMh9UB0ZafZqP9IwTULxNFAmT7uCAzbrUtNOVzEm1u
+YpDn6yVhEJ7CqdxcFuowNA07yDEp2XSozZDYEb3ylJd3omQ6qSMos8n3O3doKfKz
+g4TnLzrvhKTqKaHGns3zaGjFQJgaYuRvYqA7mPEZKShgw3+pk8H/SgDA+Qvzt10K
+HX52uoUbrnOJWiQhoK8eXjw/ApqUsn6OX0WvahsAcdPYvYkcKB3MLfFEsWLaY3eK
+B56djwDenhYCBrxkmyeU1oQQNflI9zoMJ8wMeFhcmMVqfXQjPWCUkaZvBZ+eZdUg
+Is7q7KrFgfdp3x0iI1ALRUV06l9NTRFnuDqYEDcIkzE8KGpA28ytrEHWp/rW7Txw
+nb6IAUoOOkhuXH1Uk55fZEdNnxe/SvFmgDfa/YC1nozgjAJ7CL5c0iZduM7ZZ5TX
+7/lViLsyW3+NYS23f12T1b7lgrYQBiPsyysiTINZhJM1eHL8tAqM3YIuy+CTmjlg
+SHLrjGzXHRPqufH5xcaUIprZEMuJmBth7GwpwXIumPzBqty4960HOvuDEH5mkq+W
+GUhSaoDFo9R89JHVWpo0E+I71VE6B/tA3+aq8q6Icsh+lhEKgafUycSr75Ij5Ex7
+uTMXYy94XsXMZKp8SyUvNrW/GoTgK0E/OZT319ZDMg6K/8B6DjDKmdPBW8FBsI4K
+0voKyqx5bRna/MUgQZfVJsSWbP36qqfrNimR0MxNQ9ympZtuu8GVw5FCx6GsF/ij
+e2+4/ebiZWwOoGhr5xM3ApBOiVGbeolEIFyz/IBFcT47cqAhPmK8TY4WniM6r+I1
+S5LJ5QUPArsAZV/0I13UPuOVn/hb9Qiq7jWsYspr2FVCsCfqBHkwaKmE8gbeE7Ms
+SYL2hlA2OqjLccNAX0+fuKUSt+bhYu+ZBgY5S/22UGeLiiyCQQQX4NOGZyGPxxlW
+P9pBve9abuMdWUajeKqRmrwOGdnVOK3srTVD7sCL+Wf1zEAkqACFfvapNjnswtak
+Fkk=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/index.txt b/OPP/openvpn/keys/index.txt
new file mode 100644
index 0000000..c77ee65
--- /dev/null
+++ b/OPP/openvpn/keys/index.txt
@@ -0,0 +1,45 @@
+V	180517131718Z		01	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-server/emailAddress=argus@oopen.de
+V	180517131910Z		02	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-chris/emailAddress=argus@oopen.de
+R	180517135546Z	180228235715Z	03	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-jonas/emailAddress=argus@oopen.de
+R	180517141025Z	171104000335Z	04	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-anne/emailAddress=argus@oopen.de
+R	180517141107Z	081104120409Z	05	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-antje/emailAddress=argus@oopen.de
+R	180517141152Z	180301011731Z	06	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-dominique/emailAddress=argus@oopen.de
+V	180517141231Z		07	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-gesa/emailAddress=argus@oopen.de
+V	180517141318Z		08	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-johanna/emailAddress=argus@oopen.de
+V	180517141403Z		09	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-judith/emailAddress=argus@oopen.de
+V	180517141445Z		0A	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-melanie/emailAddress=argus@oopen.de
+V	180517141520Z		0B	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-nadja/emailAddress=argus@oopen.de
+V	180517141556Z		0C	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-tobias/emailAddress=argus@oopen.de
+R	180517141640Z	081104120426Z	0D	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ulf/emailAddress=argus@oopen.de
+R	181102114345Z	170917221049Z	0E	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-nadja/emailAddress=argus@oopen.de
+R	181102115944Z	081107132639Z	0F	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ausstellung/emailAddress=argus@oopen.de
+V	181105132953Z		10	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-jule/emailAddress=argus@oopen.de
+V	181105133038Z		11	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-toffke/emailAddress=argus@oopen.de
+V	190116131456Z		12	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-opp3/emailAddress=argus@oopen.de
+V	190517012834Z		13	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-mb/emailAddress=argus@oopen.de
+V	211105161557Z		14	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ulrike/emailAddress=argus@oopen.de
+R	220416140454Z	170114143634Z	15	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-veronika/emailAddress=argus@oopen.de
+V	220730140227Z		16	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-sofia/emailAddress=argus@oopen.de
+V	221215143055Z		17	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-hannes/emailAddress=argus@oopen.de
+V	221221022118Z		18	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-marcus/emailAddress=argus@oopen.de
+V	230206011841Z		19	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-kathrin/emailAddress=argus@oopen.de
+V	230402000113Z		1A	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-beate/emailAddress=argus@oopen.de
+V	230918114143Z		1B	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-gw-ckubu/name=VPN OPP/emailAddress=argus@oopen.de
+V	231009151249Z		1C	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-katja/name=VPN Opferperspektive/emailAddress=argus@oopen.de
+V	250223134101Z		1D	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=OPP-Vpn-martin/name=Martin/emailAddress=argus@oopen.de
+V	250329170221Z		1E	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-joaschka/name=joaschka/emailAddress=argus@oopen.de
+R	250330100118Z	171114023955Z	1F	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-opp1/emailAddress=argus@oopen.de
+V	250504172813Z		20	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-levan/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	250519225553Z		21	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-katrin-priv/emailAddress=argus@oopen.de
+V	261225203343Z		22	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-hannes/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	261225203945Z		23	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ingmar/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	370114145555Z		24	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ines/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	370202114251Z		25	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-eli/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	370515012204Z		26	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-cristina/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	370917221542Z		27	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-amine/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	371114023846Z		28	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-laptop-opp1/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	371211183048Z		29	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-laptop-opp3/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	371211234221Z		2A	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-laptop-opp2/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	380115144155Z		2B	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-oezge/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	380228235240Z		2C	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-jenny/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	380328111620Z		2D	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-tine/name=OPP-Vpn/emailAddress=argus@oopen.de
diff --git a/OPP/openvpn/keys/index.txt.attr b/OPP/openvpn/keys/index.txt.attr
new file mode 100644
index 0000000..3a7e39e
--- /dev/null
+++ b/OPP/openvpn/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/OPP/openvpn/keys/index.txt.attr.old b/OPP/openvpn/keys/index.txt.attr.old
new file mode 100644
index 0000000..3a7e39e
--- /dev/null
+++ b/OPP/openvpn/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = no
diff --git a/OPP/openvpn/keys/index.txt.old b/OPP/openvpn/keys/index.txt.old
new file mode 100644
index 0000000..b38c001
--- /dev/null
+++ b/OPP/openvpn/keys/index.txt.old
@@ -0,0 +1,44 @@
+V	180517131718Z		01	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-server/emailAddress=argus@oopen.de
+V	180517131910Z		02	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-chris/emailAddress=argus@oopen.de
+R	180517135546Z	180228235715Z	03	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-jonas/emailAddress=argus@oopen.de
+R	180517141025Z	171104000335Z	04	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-anne/emailAddress=argus@oopen.de
+R	180517141107Z	081104120409Z	05	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-antje/emailAddress=argus@oopen.de
+R	180517141152Z	180301011731Z	06	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-dominique/emailAddress=argus@oopen.de
+V	180517141231Z		07	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-gesa/emailAddress=argus@oopen.de
+V	180517141318Z		08	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-johanna/emailAddress=argus@oopen.de
+V	180517141403Z		09	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-judith/emailAddress=argus@oopen.de
+V	180517141445Z		0A	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-melanie/emailAddress=argus@oopen.de
+V	180517141520Z		0B	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-nadja/emailAddress=argus@oopen.de
+V	180517141556Z		0C	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-tobias/emailAddress=argus@oopen.de
+R	180517141640Z	081104120426Z	0D	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ulf/emailAddress=argus@oopen.de
+R	181102114345Z	170917221049Z	0E	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-nadja/emailAddress=argus@oopen.de
+R	181102115944Z	081107132639Z	0F	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ausstellung/emailAddress=argus@oopen.de
+V	181105132953Z		10	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-jule/emailAddress=argus@oopen.de
+V	181105133038Z		11	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-toffke/emailAddress=argus@oopen.de
+V	190116131456Z		12	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-opp3/emailAddress=argus@oopen.de
+V	190517012834Z		13	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-mb/emailAddress=argus@oopen.de
+V	211105161557Z		14	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ulrike/emailAddress=argus@oopen.de
+R	220416140454Z	170114143634Z	15	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-veronika/emailAddress=argus@oopen.de
+V	220730140227Z		16	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-sofia/emailAddress=argus@oopen.de
+V	221215143055Z		17	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-hannes/emailAddress=argus@oopen.de
+V	221221022118Z		18	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-marcus/emailAddress=argus@oopen.de
+V	230206011841Z		19	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-kathrin/emailAddress=argus@oopen.de
+V	230402000113Z		1A	unknown	/C=DE/ST=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-beate/emailAddress=argus@oopen.de
+V	230918114143Z		1B	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-gw-ckubu/name=VPN OPP/emailAddress=argus@oopen.de
+V	231009151249Z		1C	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-katja/name=VPN Opferperspektive/emailAddress=argus@oopen.de
+V	250223134101Z		1D	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=OPP-Vpn-martin/name=Martin/emailAddress=argus@oopen.de
+V	250329170221Z		1E	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-joaschka/name=joaschka/emailAddress=argus@oopen.de
+R	250330100118Z	171114023955Z	1F	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-opp1/emailAddress=argus@oopen.de
+V	250504172813Z		20	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-levan/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	250519225553Z		21	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-katrin-priv/emailAddress=argus@oopen.de
+V	261225203343Z		22	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-hannes/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	261225203945Z		23	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ingmar/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	370114145555Z		24	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ines/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	370202114251Z		25	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-eli/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	370515012204Z		26	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-cristina/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	370917221542Z		27	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-amine/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	371114023846Z		28	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-laptop-opp1/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	371211183048Z		29	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-laptop-opp3/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	371211234221Z		2A	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-laptop-opp2/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	380115144155Z		2B	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-oezge/name=OPP-Vpn/emailAddress=argus@oopen.de
+V	380228235240Z		2C	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-jenny/name=OPP-Vpn/emailAddress=argus@oopen.de
diff --git a/OPP/openvpn/keys/ines.crt b/OPP/openvpn/keys/ines.crt
new file mode 100644
index 0000000..7224e17
--- /dev/null
+++ b/OPP/openvpn/keys/ines.crt
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 36 (0x24)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jan 14 14:55:55 2017 GMT
+            Not After : Jan 14 14:55:55 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ines/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c2:99:2e:75:fe:2b:ea:c1:45:0a:45:58:96:f6:
+                    63:e8:26:2d:90:1a:0c:1f:4d:3c:27:4c:c8:0f:15:
+                    7a:c3:c1:d3:fb:b5:ee:8d:dd:e5:8c:04:a4:75:61:
+                    a7:28:24:83:a8:a0:b6:fa:d6:b8:88:d7:d5:b6:21:
+                    ee:9a:7a:4b:6f:11:d5:77:5b:4a:c1:b6:08:6e:33:
+                    31:1e:1f:c1:1c:b3:17:d2:5d:8b:6a:8b:8b:a4:dc:
+                    cf:33:39:49:92:3e:9e:55:1e:ea:79:87:ff:d7:e4:
+                    ed:0a:98:60:7a:95:05:76:b1:8f:f9:2c:19:15:0c:
+                    df:6e:71:d1:78:71:c6:c4:9e:c3:32:d8:59:25:1e:
+                    5e:2b:2f:83:de:6f:de:c1:40:6d:0b:09:ec:ab:c6:
+                    c1:1b:88:c8:8b:72:50:98:8b:c6:5b:7d:86:d4:f2:
+                    f4:3e:f8:82:2e:f5:bd:6e:08:4e:d2:38:0c:86:17:
+                    86:39:5c:09:de:15:ef:b9:67:e9:e9:0b:ae:dd:68:
+                    7c:f5:be:e8:57:96:07:02:88:d1:78:ea:f2:20:64:
+                    cd:6f:98:6b:5b:d9:82:bd:34:11:ae:aa:4e:b7:27:
+                    81:f8:37:1e:f6:81:96:c8:1f:48:87:5d:8b:72:74:
+                    e5:77:b1:54:49:11:6c:a8:95:37:7d:6b:9b:b7:00:
+                    94:b1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                4C:7D:52:81:5E:B1:46:7E:B6:30:73:51:25:69:10:63:30:BA:73:BC
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:ines
+    Signature Algorithm: sha256WithRSAEncryption
+         7a:53:b1:3f:53:41:a0:62:bc:fa:ad:fd:cf:b3:b5:a2:40:d0:
+         8d:10:77:39:eb:71:91:1c:a3:b1:c9:4b:8d:cb:6f:d0:b1:b0:
+         67:31:8a:87:4e:72:0c:01:e3:ef:e4:f6:89:5b:c7:1e:a8:a8:
+         73:39:9c:49:78:04:df:e1:8a:9a:e6:ce:50:c8:ca:70:ab:f1:
+         01:43:08:4e:bd:38:ca:6c:cf:40:e9:dd:4e:7e:fe:d1:56:49:
+         6c:69:77:90:54:73:97:dd:0c:c0:33:cc:24:45:7c:c1:b1:d6:
+         8d:c4:85:50:b3:19:4a:49:fa:29:e2:19:ec:e0:68:56:e5:76:
+         aa:bb
+-----BEGIN CERTIFICATE-----
+MIIEhzCCA/CgAwIBAgIBJDANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MDExNDE0NTU1
+NVoXDTM3MDExNDE0NTU1NVowgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLWluZXMxEDAOBgNVBCkT
+B09QUC1WcG4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpkudf4r6sFFCkVYlvZj6CYtkBoMH008
+J0zIDxV6w8HT+7Xujd3ljASkdWGnKCSDqKC2+ta4iNfVtiHumnpLbxHVd1tKwbYI
+bjMxHh/BHLMX0l2LaouLpNzPMzlJkj6eVR7qeYf/1+TtCphgepUFdrGP+SwZFQzf
+bnHReHHGxJ7DMthZJR5eKy+D3m/ewUBtCwnsq8bBG4jIi3JQmIvGW32G1PL0PviC
+LvW9bghO0jgMhheGOVwJ3hXvuWfp6Quu3Wh89b7oV5YHAojReOryIGTNb5hrW9mC
+vTQRrqpOtyeB+Dce9oGWyB9Ih12LcnTld7FUSRFsqJU3fWubtwCUsQIDAQABo4IB
+VzCCAVMwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
+dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRMfVKBXrFGfrYwc1ElaRBjMLpzvDCB
+xAYDVR0jBIG8MIG5gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMT
+Ck9QUC1WcG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QU
+i1Wj34gwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQI
+MAaCBGluZXMwDQYJKoZIhvcNAQELBQADgYEAelOxP1NBoGK8+q39z7O1okDQjRB3
+OetxkRyjsclLjctv0LGwZzGKh05yDAHj7+T2iVvHHqioczmcSXgE3+GKmubOUMjK
+cKvxAUMITr04ymzPQOndTn7+0VZJbGl3kFRzl90MwDPMJEV8wbHWjcSFULMZSkn6
+KeIZ7OBoVuV2qrs=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/ines.csr b/OPP/openvpn/keys/ines.csr
new file mode 100644
index 0000000..eff71d9
--- /dev/null
+++ b/OPP/openvpn/keys/ines.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC6TCCAdECAQAwgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLWluZXMxEDAOBgNVBCkTB09QUC1W
+cG4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAwpkudf4r6sFFCkVYlvZj6CYtkBoMH008J0zIDxV6
+w8HT+7Xujd3ljASkdWGnKCSDqKC2+ta4iNfVtiHumnpLbxHVd1tKwbYIbjMxHh/B
+HLMX0l2LaouLpNzPMzlJkj6eVR7qeYf/1+TtCphgepUFdrGP+SwZFQzfbnHReHHG
+xJ7DMthZJR5eKy+D3m/ewUBtCwnsq8bBG4jIi3JQmIvGW32G1PL0PviCLvW9bghO
+0jgMhheGOVwJ3hXvuWfp6Quu3Wh89b7oV5YHAojReOryIGTNb5hrW9mCvTQRrqpO
+tyeB+Dce9oGWyB9Ih12LcnTld7FUSRFsqJU3fWubtwCUsQIDAQABoAAwDQYJKoZI
+hvcNAQELBQADggEBAJfXBwLpz3loEEy4xnhM5YdxIXMWvj141z8Ugka2v2nDTGXw
+AkMg+sP7Aza/PbTTPeX6Sjw9sTt8bCIaIWjgaJ9Pf2QWWh2cJAkgnT/P/ZOQo72d
++786AMw1Lw5GQCqadDr1k3ho8ciNS3aJeZrsHRKiLuNhDs2FtLLtflGv3dOQiqwA
+n0wf2M/LE4di9lScpyK7mTbzWyN6C6Jn7ByjpHU72nx0a+MQJ/AqG+4rGr3WBtrD
+uBzhojFBygOI9gUFmtNgJm28ZpWlBUGpjZFcrFg+TsCSKe6NlYcdejVCih9ewli5
+I9pKn4FiOBRj6XCaHw0fjzIo39paDb3bGVyfXOg=
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/ines.key b/OPP/openvpn/keys/ines.key
new file mode 100644
index 0000000..3edd6d8
--- /dev/null
+++ b/OPP/openvpn/keys/ines.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQInGzp96s0zpUCAggA
+MBQGCCqGSIb3DQMHBAjHNVDGdo0SlgSCBMizG14y7ayvOUmrB1+BEX5C9cCjeXqC
+U1+YgyU0utVS9AYMhExUwsjpx329cjeJaOy7r90d0rP9Z4rSGWzyHBuTSU7r6dpL
+5TdwYDrSP50OHsMQwKD7yLkPSkNryt/yeqgcHHX2jiDNFdRmEBW/pDuJhzShDVtS
+8MLKm946IjhYg1rcwDUXh9vZpic50mz4QNTCWgL/3VpD6Mll1YuIKuAmonWTPEnb
+veK4yVEEnAPzb80QNDBoYVzI9W44zYsJkHtDMksshKLy9VFJls3XzthmRzyrNWCu
+k8etpC4hYC2LQ7LXwKInfaUFXC6unURaX4WGCX5kKTsEyNaOSk3fndd+xmgi5YXX
+K6RDMnBqhBFFzyjLPdIe5EXfMPyTPzQOOU4U7aNLYqs8faZUlgf27kD3oqfGqBVm
+8EmnLoosGz/7Kflym2ayMeyIWPAHzaO4S2+4KtHU65KiW3NyqP58OKu8/iuAmWyk
+xaKkXTrY8AV2hznjYsYTzfdcOgBw9P32jY/t3NVgFWd0/p/MvRkwNoMkteIUJNIs
+90pD+MzczEqAHD4BIHMehuILESC9xKl2y1ImqHKntADmqClBGEbJiVC63DLOcpl2
+N1FkDWI2FcaMdHhsLWe1ymqQF1grWfn4LqtxJX06akD+BZ4ywX59OWm2xcOEXkyF
+0Gj+kpSNJXgxM0aNqViliZnHKo5kEZw9joq4YkymhnDEehu3zy0a12DYj8GUuVYT
+zIej9cL9vgoGYvh8cCen4vkIMdBUTkTepfH4BdmQzpUKWgERTVMh+pO2BsxOOo3T
+JiSCR8kTiP5vBWDczEq5hwQA8hxwG0RUHsdLl3rRV4INuu/g7XRv2b2QaS/UFfd0
+bKyvELYDzsYbCt05TtoYKjUiXkIt/QJDucugADme+JKRqrw9ZkTEzVquT2P5ovSu
+fGX5iLa/x3Y3ZNtR/g2uNPIj7SKEdmV99S5PwG0rMLPJmgTD2z/E8CLPkUYK7a6F
+jaLgN1RHyAJj37SPDfUZQ7Nyw9a4PMgv8CXa5T9bTu+OswWZuYVYZFR/Fyoo5bce
+tNe3NwCPv6Ltn7u95zqMGQaANeU0+p4kWWTrdhUJneydQBFFNS07OrgfQL/FmNg+
+HHixGHLw+Wy+GhQd96BJVj05bquiffTtF3gVhp9YpAYV1/MApLSGSKMrCBiN6YoW
+J9K6EAc7uJiSXF5SVbUbvcjJjM6gx/BxFJK89tzesug0AGuNHjj4gCUzWPI5u6VJ
+5v9dULG68Rb9vgYduDU8SeG4yXhPtdsi+EeAlSiEcipyxS3PXsAC7IWK+D4b2bVk
+BpheBHM+i8TUBtA4Dst+Dl4qwfSvC7oTkqfD5ghepUn2iXH7MBqZfzo8MClWNVTB
+hoIRALfv0m+h8zHDVimjew5vRP4Oi6x4lDRyHaxb6NbJMif9NagF7rnf3IcvhkwO
+rZqXs+/9hP0+9/8itFG0a7z3nwGYxq00Q+YroLkd3GkV4MRYdNyvaSG5oYVVFHaF
+tsCL4GGU67IdZk4VC3SFJqTqRpktbelBbmvMvoCjIEPy4Wa2eNNsdjhYhfDGVuO6
+j261QgHcteI4+kIg+JITapNG5u4E3a+xWpIykMPs/163EsSCmG7vW4vw5LaFl2kN
+jSE=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/ingmar.crt b/OPP/openvpn/keys/ingmar.crt
new file mode 100644
index 0000000..5a49c95
--- /dev/null
+++ b/OPP/openvpn/keys/ingmar.crt
@@ -0,0 +1,84 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 35 (0x23)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Dec 27 20:39:45 2016 GMT
+            Not After : Dec 25 20:39:45 2026 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ingmar/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b5:bd:72:97:9d:5e:72:39:c8:0f:b8:c6:85:06:
+                    9a:e3:ec:7b:7f:1f:49:72:f9:c9:fe:de:4d:21:ac:
+                    78:bf:13:f8:43:e3:48:5e:28:f0:b4:55:dc:46:6b:
+                    ee:47:16:9d:e8:5d:a9:89:b4:02:59:5d:f0:e7:6e:
+                    41:89:2c:b2:4c:18:54:3a:dc:72:d2:3d:4c:bf:0d:
+                    ca:79:0a:79:57:83:49:7d:9c:49:84:c5:74:ef:7e:
+                    9a:1e:40:38:e4:f8:b9:55:c5:c8:99:fc:c2:88:e5:
+                    d9:bc:f0:2f:7b:ea:b1:1b:77:b8:3b:91:05:a2:d5:
+                    77:3b:ca:e9:11:f2:67:75:1d:6f:ee:59:2b:fb:4a:
+                    17:6d:42:6e:dd:59:17:cc:bd:81:95:25:f3:47:b0:
+                    fb:4a:25:7c:0c:8d:70:cf:7b:ea:83:df:04:8c:8c:
+                    6e:4c:de:38:33:bb:2a:99:4a:dc:db:fc:eb:17:7d:
+                    45:63:d9:e4:c2:8f:98:52:03:36:22:63:58:9e:f4:
+                    47:41:ab:57:8d:69:77:9b:83:67:a3:0e:c2:94:03:
+                    68:cc:ba:2b:3f:4a:85:52:cb:91:c6:6c:95:ef:3d:
+                    01:e6:68:42:10:00:43:15:a6:bb:97:88:b5:3b:fd:
+                    1e:56:53:b9:25:bb:0d:5f:43:9f:78:69:6d:e6:71:
+                    20:53
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                DE:29:18:64:B7:D1:DC:F4:8D:F4:86:36:40:DE:36:4F:C4:01:6C:16
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         84:f7:3e:16:32:37:24:58:24:64:98:8b:22:bd:c6:43:31:78:
+         87:aa:45:ca:9c:32:19:c2:04:27:5e:e2:f9:2c:e2:cb:ee:7a:
+         75:9e:2f:3a:c5:18:bd:fd:66:72:6e:15:23:c8:48:45:8a:2c:
+         e9:9a:62:c9:58:8e:b7:9d:bf:a0:9b:dc:dd:21:2c:53:e6:dc:
+         15:68:1c:fc:01:1f:50:7b:65:57:e0:09:c4:41:a9:3f:4e:f5:
+         73:85:73:d5:5a:f3:2e:4c:93:37:f9:cc:75:a0:69:08:a2:9c:
+         bb:4f:1b:f5:63:26:01:a2:fa:8f:4d:40:13:f5:d5:59:dc:91:
+         a5:d1
+-----BEGIN CERTIFICATE-----
+MIIEeDCCA+GgAwIBAgIBIzANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE2MTIyNzIwMzk0
+NVoXDTI2MTIyNTIwMzk0NVowgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRcwFQYDVQQDEw5PUFAtVnBuLWluZ21hcjEQMA4GA1UE
+KRMHT1BQLVZwbjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1vXKXnV5yOcgPuMaFBprj7Ht/H0ly
++cn+3k0hrHi/E/hD40heKPC0VdxGa+5HFp3oXamJtAJZXfDnbkGJLLJMGFQ63HLS
+PUy/Dcp5CnlXg0l9nEmExXTvfpoeQDjk+LlVxciZ/MKI5dm88C976rEbd7g7kQWi
+1Xc7yukR8md1HW/uWSv7ShdtQm7dWRfMvYGVJfNHsPtKJXwMjXDPe+qD3wSMjG5M
+3jgzuyqZStzb/OsXfUVj2eTCj5hSAzYiY1ie9EdBq1eNaXebg2ejDsKUA2jMuis/
+SoVSy5HGbJXvPQHmaEIQAEMVpruXiLU7/R5WU7kluw1fQ594aW3mcSBTAgMBAAGj
+ggFGMIIBQjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5l
+cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFN4pGGS30dz0jfSGNkDeNk/EAWwW
+MIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UE
+AxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDX
+RBSLVaPfiDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZI
+hvcNAQEFBQADgYEAhPc+FjI3JFgkZJiLIr3GQzF4h6pFypwyGcIEJ17i+Sziy+56
+dZ4vOsUYvf1mcm4VI8hIRYos6ZpiyViOt52/oJvc3SEsU+bcFWgc/AEfUHtlV+AJ
+xEGpP071c4Vz1VrzLkyTN/nMdaBpCKKcu08b9WMmAaL6j01AE/XVWdyRpdE=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/ingmar.csr b/OPP/openvpn/keys/ingmar.csr
new file mode 100644
index 0000000..eccafbc
--- /dev/null
+++ b/OPP/openvpn/keys/ingmar.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC6zCCAdMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRcwFQYDVQQDEw5PUFAtVnBuLWluZ21hcjEQMA4GA1UEKRMHT1BQ
+LVZwbjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC1vXKXnV5yOcgPuMaFBprj7Ht/H0ly+cn+3k0h
+rHi/E/hD40heKPC0VdxGa+5HFp3oXamJtAJZXfDnbkGJLLJMGFQ63HLSPUy/Dcp5
+CnlXg0l9nEmExXTvfpoeQDjk+LlVxciZ/MKI5dm88C976rEbd7g7kQWi1Xc7yukR
+8md1HW/uWSv7ShdtQm7dWRfMvYGVJfNHsPtKJXwMjXDPe+qD3wSMjG5M3jgzuyqZ
+Stzb/OsXfUVj2eTCj5hSAzYiY1ie9EdBq1eNaXebg2ejDsKUA2jMuis/SoVSy5HG
+bJXvPQHmaEIQAEMVpruXiLU7/R5WU7kluw1fQ594aW3mcSBTAgMBAAGgADANBgkq
+hkiG9w0BAQsFAAOCAQEABoxCZkDUU/QgrEwrfMaLGUoXlorDwy3F1w+iYBx5Dzs6
+HKK6obt0cNsWqAQZ8t+hl0A+TMBDiQQ9p/COhzAaM1i1Zi4ybijwXICLYV+sb6OG
+AUzH29k6gul+lq0sgeXSbVQBKl8OlvdjSpGlh+ekG903rukbctxo4Yg3Nc8NgwAl
+Vjzd7HjyyLr9z/rbzjj45dmnD058N/yr7hdhhkgNbkTK9nOHUzkvIKII/qfV82MY
+aYWFsBtBf9ogsplM+O1acfdb/XsmrIqUaib5iL2UYM/mK8+K/qiVXQA/fflTKLUV
+Gctkneuqb6iCpdbOA8pW2W2W639lK1eCt/f9HLI2rg==
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/ingmar.key b/OPP/openvpn/keys/ingmar.key
new file mode 100644
index 0000000..8a4db89
--- /dev/null
+++ b/OPP/openvpn/keys/ingmar.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIYSiO2cNaa8oCAggA
+MBQGCCqGSIb3DQMHBAgo3x9tSpuX2gSCBMiC3RQjKdyAUdlNOlDXrzWFv07lWflh
+r75woKYYdKCX025mm/h88TUm/O5BnDt/rH+MDtH4kyx62Ggk6V4lc0kFoGwy1JNt
+j0nTEKIZS+NDJ7EowJrsvqZBo9I3l4a+91IzIHv7mQOuufD1N/8Z7q718zHqRqZj
+eNy4Z2kLZGx68T8L8TYqMCZSq2adNzNE0FM/03imv6hG3+7ZvH7RA8nswc5lqFnH
+WLXXapuwR3Z+n74oqWb+5rWk0AN9Fhs+3XK2StpoAWdb5i5Y9985fK2B4kkGOlOu
+1RreXpu5b3dm+Iwcnpz1EZsxHlh77rIIUhrPqQ92PtP25ho7JAbvm5QQRafyBX8V
+TQKfrydsrUZ7XJ+WTPziDWLY6r04D6VBWSj/BnyDk7yga2Yu28rlLs7pQ1DjV+6U
+i0sVDU+kabU3ySZpXTHKbSRUw2WppWCLckL7rsuBBPXUyrXGgDoixSeGkaMxMi+2
+nngVDiDZ2YxTnH1TxIyawagNKmDcLcx3CuyIotlAqNSHlPVqyotyrgg+16w9WR0F
+sbh0R0GKGYFoNnTHrInR0M+CsOQ7YuCsSv9tchyM5rjSWnRDl7oSJuQ6kKshIkFx
+Ufp9HyqRByx+TKYrb31pJarXu53jxvTizGzqqDvvhvbcjHe4oYIwzWf68UxYByqq
+Da8wd5bF9TNTZP1U9l/90/TdVLcEQZcP8fpB6VnuQN+TDnzBz6YrUL/cM01kkt/l
+1CVnd/Sf1mu5KTmGg/QPTE/CZKolGbZyzFkUkuWkVA4b1JPwVldW7JCHXdGe5gTE
+/U+40xjqdBYVGBaj70JHDd4uTyXCI0Eq1qAW2M4mJFHSD0WIcIBppfX1dxMHsW7g
+GCOCXBd85WVpeXq2qoU59XeO2e24bTvJF2UkjaBt9lrQ6+9EWbAy7AZjp3rKsfGO
+wlz+d7svpCHX9ADQd3o308d9iHdHEz0urECwTfyOn85J0r3lOp284sRy52Qipvif
+7sDXvmtB9qDHT76svpqpD57tFd92avgftsiLw5gD0cTDcTRoomQ5b98JMuQNEAg4
+zRvvmdJ3eKR5fTxdm7OcbunaV4IVHAtyoSS6BFYCNNqbuPN2Zyxz1NPA2JDgAqDG
+I4oUVPZabMbwrUKAeFVprQsbGP+8ob5KsNRHc+nftGdrg8yHzifLRUenQ297P+a3
+8ZqmotOU8bpR3i2/zcMqmkUSnsgfTPAvS0MFDJS2SEHR3PXjFWR6DiCMmkgEQa/w
++mg9PJts19r/63Ldo2GeGbEZ+UfJSVIk3et6IyvXltSw6fUau/fhVXsLluYCV2P0
+Tx/bGOAJTBsiHlBfmZQsqSxdyFWrkRGpieafxaKGGFnJDYsYcVXrKPX7kQEmZq7Y
+55zjijWWdfrqBbBM4jUlOAetUDF7p0mTaJ5dDBrSdZNPMt5kmCzqr/8mFtEN/dxm
+1JVBaLeBZdwSmyueVzubsO/vZpD74dKBguCkkjX5CJxUGFONYGZ/D9T35vKAtCHQ
+LXWhDxde8w6itQTwyWM367+ChwTi9fpw50BRDNtVkaTppNr49jSfkBHFm14tJkLJ
+lNynuqQUmbFMCMGSz3oeBdhXivXajiC0lj7/2pCp5DEUB6WOWz6pJCQhe3tZVKp3
+c8k=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/jenny.crt b/OPP/openvpn/keys/jenny.crt
new file mode 100644
index 0000000..208b381
--- /dev/null
+++ b/OPP/openvpn/keys/jenny.crt
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 44 (0x2c)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb 28 23:52:40 2018 GMT
+            Not After : Feb 28 23:52:40 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-jenny/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c3:18:ee:89:10:3b:ef:08:3b:b4:2c:35:75:76:
+                    ec:b3:89:79:e8:c8:cb:a3:ed:41:eb:01:fb:ce:a9:
+                    57:a3:20:0f:41:3a:b1:18:35:9d:f3:52:31:c7:cb:
+                    e1:82:c3:e6:a2:07:1a:ef:5f:23:6e:22:1b:ee:75:
+                    78:63:59:b7:09:e6:d7:5b:9a:7f:03:a6:9c:1d:8d:
+                    45:ec:ee:73:6b:b3:36:44:31:9a:56:b4:de:c4:8b:
+                    4c:6f:94:5a:cb:5f:2f:0c:e8:70:98:c2:7a:fe:16:
+                    55:bb:fb:f5:76:1d:a5:fb:db:4c:23:ab:2b:7c:bc:
+                    a8:d9:b7:7a:e2:77:f7:34:f5:df:a8:ff:eb:c8:6e:
+                    f0:61:29:db:d2:a0:df:f2:0d:f8:ce:7f:72:79:6c:
+                    5a:c9:cf:9c:3c:bb:e8:40:53:b2:12:cf:5c:7f:d7:
+                    80:84:3d:b2:ca:6e:4b:12:0f:dd:cd:f1:8c:ac:00:
+                    7a:79:12:df:26:4d:21:00:76:e7:6f:9f:3a:c7:00:
+                    a1:2f:1a:77:ea:68:18:ac:82:fb:c5:22:30:cc:98:
+                    02:23:89:bf:f9:33:c0:f4:a8:7d:5d:e7:73:10:5d:
+                    78:ad:99:01:79:f7:58:d3:67:77:1b:33:38:56:4d:
+                    79:a3:c3:e4:0e:13:f9:9a:83:b2:0b:ed:96:a9:98:
+                    f2:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                47:18:9B:D0:A8:9C:13:47:74:8E:41:24:28:3C:22:91:5E:71:A6:75
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:jenny
+    Signature Algorithm: sha256WithRSAEncryption
+         6c:ad:ca:2d:1d:19:8e:4c:ca:c6:09:3d:c5:43:67:7e:b4:42:
+         76:a0:0a:23:3e:49:c1:a6:6c:03:a2:96:d9:fd:cc:a7:70:2a:
+         c7:09:6f:36:59:e1:f5:51:aa:11:1e:35:f3:b4:8d:20:f0:70:
+         ab:02:3b:3e:8a:96:21:c0:57:2b:97:20:16:15:63:18:ac:d6:
+         a7:19:6c:cc:7c:ff:6f:b8:2f:b8:cc:0a:e8:8e:aa:39:a2:a4:
+         3c:f2:85:fd:8c:36:69:39:27:1f:3f:a2:14:79:77:4d:c6:02:
+         38:7f:91:73:9d:e0:fd:c1:69:c5:b1:24:bf:3d:cb:96:3e:93:
+         f2:5d
+-----BEGIN CERTIFICATE-----
+MIIEiTCCA/KgAwIBAgIBLDANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE4MDIyODIzNTI0
+MFoXDTM4MDIyODIzNTI0MFowgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWplbm55MRAwDgYDVQQp
+EwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMY7okQO+8IO7QsNXV27LOJeejIy6Pt
+QesB+86pV6MgD0E6sRg1nfNSMcfL4YLD5qIHGu9fI24iG+51eGNZtwnm11uafwOm
+nB2NRezuc2uzNkQxmla03sSLTG+UWstfLwzocJjCev4WVbv79XYdpfvbTCOrK3y8
+qNm3euJ39zT136j/68hu8GEp29Kg3/IN+M5/cnlsWsnPnDy76EBTshLPXH/XgIQ9
+sspuSxIP3c3xjKwAenkS3yZNIQB252+fOscAoS8ad+poGKyC+8UiMMyYAiOJv/kz
+wPSofV3ncxBdeK2ZAXn3WNNndxszOFZNeaPD5A4T+ZqDsgvtlqmY8tMCAwEAAaOC
+AVgwggFUMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQURxib0KicE0d0jkEkKDwikV5xpnUw
+gcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJ
+BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
+A1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQD
+EwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdE
+FItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
+CTAHggVqZW5ueTANBgkqhkiG9w0BAQsFAAOBgQBsrcotHRmOTMrGCT3FQ2d+tEJ2
+oAojPknBpmwDopbZ/cyncCrHCW82WeH1UaoRHjXztI0g8HCrAjs+ipYhwFcrlyAW
+FWMYrNanGWzMfP9vuC+4zArojqo5oqQ88oX9jDZpOScfP6IUeXdNxgI4f5FzneD9
+wWnFsSS/PcuWPpPyXQ==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/jenny.csr b/OPP/openvpn/keys/jenny.csr
new file mode 100644
index 0000000..b5e0bd6
--- /dev/null
+++ b/OPP/openvpn/keys/jenny.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC6jCCAdICAQAwgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWplbm55MRAwDgYDVQQpEwdPUFAt
+VnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMMY7okQO+8IO7QsNXV27LOJeejIy6PtQesB+86p
+V6MgD0E6sRg1nfNSMcfL4YLD5qIHGu9fI24iG+51eGNZtwnm11uafwOmnB2NRezu
+c2uzNkQxmla03sSLTG+UWstfLwzocJjCev4WVbv79XYdpfvbTCOrK3y8qNm3euJ3
+9zT136j/68hu8GEp29Kg3/IN+M5/cnlsWsnPnDy76EBTshLPXH/XgIQ9sspuSxIP
+3c3xjKwAenkS3yZNIQB252+fOscAoS8ad+poGKyC+8UiMMyYAiOJv/kzwPSofV3n
+cxBdeK2ZAXn3WNNndxszOFZNeaPD5A4T+ZqDsgvtlqmY8tMCAwEAAaAAMA0GCSqG
+SIb3DQEBCwUAA4IBAQAnIEuhvbHJrRQ79UjgKqtSuk5ICOVXUy1abRy5BHnujh6g
+eIDXSzuu2QZPQ7tiN/cf7WUuBiZ0tslxL9Sa46Ce0h+LDfDcnUUC/We1z78v3aY9
+BQVFIsKANrbwDweb8StbPU+ASJkKLAu3lbUosYFBHhT/o6Ruyl5ZA0QTW/a78NGm
+jY0SsJLmzeYgHBoRHyjSgmCJyGWRi5+qDj+WwcAzltA1vt80hk80SYBZkuxEJxSu
+CSFjm8Yk6JH6BD2qnL4TXy9FQLg6dXAzOZl8eecijt5uJWMRYGQf6cS3HEYawvFi
+sdXcp/BigdH0/fm/pvqar4N7hBbesvIQJYS1s5Kr
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/jenny.key b/OPP/openvpn/keys/jenny.key
new file mode 100644
index 0000000..b314229
--- /dev/null
+++ b/OPP/openvpn/keys/jenny.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIS7C0EfAOtV8CAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBZSzA/4v2DJBIIEyPuxNdmVDWIk
+SNpc3sF+WU8cUcOyqiQT854zZNfULzcuQDMaYLxYTDJcJPlrwMkSrXh/W417b6XY
+aOSkS2GqkbSrpVRCUY3e0nuBMYolT8nVgcZINw+x6ZtM2pHPOAGHGYRIg5CBIW7c
+ZGySvj8MXzQDFFf0XnfSDqpviQv6WDBzM/Ekoculh151+gj94CkVd2VsCN6czfNQ
+s6S6n4XFlCO4cehDjekqURCRZ7cB+1tdUlO1Fx0sFvbpJdvCndlizrsgw0TGrYiH
+imgx4qvFJ1YmpKUv3M8/P2ywMSGuukvaUfmZLon82wGD6dtn/Javgq2x32bcqUwf
+helR6VVz9luxkk7DlbcANTn2N1QE8jsbsCCUDPS7TKy7XHZaxKUR1DwroDLf9BNG
+eoxC5T9obpRigECvmmZvwmtZmq+Xscly6w5eICDzN/yquRswQII3kkHHi2K5bMs/
+F2KKf2wheNljvYHgfyzZRM28iDUq7qnpZv1oh/zuwmk3bHVIVtSujFiqDaD4h8uh
+TDt+Ou82VSjlkHMGxkJ5bbMOxEHujZGfQvx77yUEctQi/uhgdhdJYRiLrw6UTIql
+rQ+tPbOqRyiKuv2WRSm0G8uswe4P38mesIbsMKHXT+sRjbJfmjzDCi0rNZlyNfLN
+xUdMLD7mRyiundsXVekSPy5sA7we7Sg/TyPdMuWrHzgU6OzIedLTXpBqQAgFRXhG
+6CmM8CzEcmsSnSCKBedzy6jYH7XaCVG7q+D7n/WEc3YgVilkafiNZWtTgdR5w8Bf
+/Ww5WorrQpB9lwX+Rn4hI7m46pl5mVpNuYNJTrRj+pb3biLMPYpKRQY0tc4HkvrM
+RS9qA1Y1YWwh5ScyxwknGEqqLBsWEyAZcCKagt+SoK7QYSfodm1gQSdUDMNC/4iE
+EsTMipAB9TppMAKMOvkNgOP8m3cr8nm7l8Rwbm2PBRmPCoANNxAKewwh5ZJ26Kiu
+IRZfPptyJu9kSIfRmOjNGyvH13fhaTffwXr5UKZqWB2i/tsRo5d1xj2UIsfXs/2p
+4s4AAfI8qn3jtsi9RDXxws/l0oIHuYbdXN99AwqoN5ZzysO24ieY81IoNjyfayca
+Ymzl6al9BaBaRzgqDpQzKJZxVUrQJFq0MrdS+KHFSc094gbHdi/e/wKkuV7e6sss
+RhSDD/PtUT5BmWiS2Ch9JgglQDYmzuDSC2wLfVARwXBgwpXjlnjUKOtacSQ4T/Zw
+UZJAuxUMPO1rQeR8aUZF4yYZ8xMD0vTyp27BKIPiQDUyLsfjTO9fgVXXOYNc2CKX
+EoWoqnZWrROZ/qoGJHW+0YTFGDYENZfdDxaGFDyaBcd+uXf97nh+6bQmtgqNpqGT
+575/JZ0KRsAfmVLxXhwaYWkRg4Usl7dAqUOslkhHlcuTU209iydTHmTPRKS8GmIC
+dBVFoJDdIIh+/R+euLOb2MQ2A719YRYZjmjsxLpezrXmJOppp6aUBWs6SKrNABah
+8GEumCrKAjWUVoFT85rCm8dlAiXEZhTnVkrAwvsioXx4j6xcRC1OCi0d56wMODai
+RY7dizBLIukqzHmsQaXSVM2jYHE+cbixqgaIW9LgZ28a9M2vWNetbnZV/5DK2kWr
+rKWZ097uKHSd78Ta9/W5yg==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/joaschka.crt b/OPP/openvpn/keys/joaschka.crt
new file mode 100644
index 0000000..c12d585
--- /dev/null
+++ b/OPP/openvpn/keys/joaschka.crt
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 30 (0x1e)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr  1 17:02:21 2015 GMT
+            Not After : Mar 29 17:02:21 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-joaschka/name=joaschka/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:ba:2e:80:49:cd:26:0c:a4:46:11:69:b7:1b:bf:
+                    5b:31:db:33:94:69:dd:8d:ae:53:86:77:8a:fc:2e:
+                    9f:81:fc:bb:fd:b5:b2:b7:ba:0c:dc:ef:53:b8:be:
+                    48:1c:4d:a0:1e:e2:ed:f2:30:7e:82:e4:78:2b:18:
+                    1d:dc:f4:4f:93:ad:ac:7f:bc:53:92:a3:56:36:4b:
+                    2f:9d:24:89:d8:d3:47:18:d3:7f:a0:e5:47:a6:34:
+                    a9:2f:38:a4:16:f9:2e:3d:68:24:e6:e9:5a:f0:28:
+                    ae:7d:e3:97:ef:b9:e4:b6:14:59:72:77:c6:77:54:
+                    da:05:22:2b:fb:b7:74:82:39
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                18:72:39:E2:A4:01:00:85:6F:D1:77:8E:1E:86:DC:2D:FD:44:F3:94
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         5d:f4:28:a9:8f:36:1a:4a:52:ad:50:20:48:ca:90:47:24:3b:
+         04:4a:49:b6:56:e8:9e:1c:2b:ea:26:4a:ea:8f:34:c4:7a:46:
+         ab:ca:ff:6c:bc:33:fd:df:bf:f1:94:47:65:ac:9d:0a:18:d0:
+         ef:37:b5:64:55:e8:c6:5a:b7:51:14:92:3b:eb:99:ac:e8:e8:
+         fe:9c:9a:a4:c0:0f:24:e1:7c:bb:c0:09:d3:0a:5c:f5:8f:dc:
+         df:ed:e6:22:7a:a6:bd:37:28:8e:53:bf:63:15:84:49:10:2d:
+         3c:e9:06:2f:b7:e2:c8:c6:7c:18:d6:88:e4:9a:29:1f:1a:cd:
+         d2:5c
+-----BEGIN CERTIFICATE-----
+MIID9zCCA2CgAwIBAgIBHjANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE1MDQwMTE3MDIy
+MVoXDTI1MDMyOTE3MDIyMVowgagxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRkwFwYDVQQDExBPUFAtVnBuLWpvYXNjaGthMREwDwYD
+VQQpEwhqb2FzY2hrYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALougEnNJgykRhFptxu/WzHbM5Rp3Y2u
+U4Z3ivwun4H8u/21sre6DNzvU7i+SBxNoB7i7fIwfoLkeCsYHdz0T5OtrH+8U5Kj
+VjZLL50kidjTRxjTf6DlR6Y0qS84pBb5Lj1oJObpWvAorn3jl++55LYUWXJ3xndU
+2gUiK/u3dII5AgMBAAGjggFGMIIBQjAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQg
+Fh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBhyOeKk
+AQCFb9F3jh6G3C39RPOUMIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7FrLMbSRsyt2b
+k1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYD
+VQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBz
+ZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGWCCQDXRBSLVaPfiDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNV
+HQ8EBAMCB4AwDQYJKoZIhvcNAQEFBQADgYEAXfQoqY82GkpSrVAgSMqQRyQ7BEpJ
+tlbonhwr6iZK6o80xHpGq8r/bLwz/d+/8ZRHZaydChjQ7ze1ZFXoxlq3URSSO+uZ
+rOjo/pyapMAPJOF8u8AJ0wpc9Y/c3+3mInqmvTcojlO/YxWESRAtPOkGL7fiyMZ8
+GNaI5JopHxrN0lw=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/joaschka.csr b/OPP/openvpn/keys/joaschka.csr
new file mode 100644
index 0000000..b67ddce
--- /dev/null
+++ b/OPP/openvpn/keys/joaschka.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB6TCCAVICAQAwgagxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRkwFwYDVQQDExBPUFAtVnBuLWpvYXNjaGthMREwDwYDVQQpEwhq
+b2FzY2hrYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBALougEnNJgykRhFptxu/WzHbM5Rp3Y2uU4Z3ivwu
+n4H8u/21sre6DNzvU7i+SBxNoB7i7fIwfoLkeCsYHdz0T5OtrH+8U5KjVjZLL50k
+idjTRxjTf6DlR6Y0qS84pBb5Lj1oJObpWvAorn3jl++55LYUWXJ3xndU2gUiK/u3
+dII5AgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQAPP3+BvsJ0s4u34UCk5a/9Dmlt
+D5QUdoM5uoYR8EZAksJHh1OiUIFKIrPBcoHfStlu9Y5TIpcObOiSbzgHK4HyHKFt
+QjT3Ca2pbYCFjcETILOoHc7F1LAcPhEuJLgOf5cX0ADtG0M8c9x/YL3COt/HvUyn
+ITAq1hwbm4cWE8Uy0Q==
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/joaschka.key b/OPP/openvpn/keys/joaschka.key
new file mode 100644
index 0000000..5411fce
--- /dev/null
+++ b/OPP/openvpn/keys/joaschka.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI29qLGGuQPigCAggA
+MBQGCCqGSIb3DQMHBAij316GzEe2WwSCAoDu+5yE/h+xPcVB9OuMmrKzhB/jsFq5
+vTw5jPsrFt6lY94WwhgR2BJS8dbehRaL6gnMihgh6I7Tqlzpinabr3MzDqMOIoHH
+kMRCX8RBD/jiV+kVURj5rTEP2dMFjH8JKQB35N2Ntd2aPLnAvv6XdgZzJRMSBA4Q
+e5Vc7gVWuC2ZTZdio2AY0NGHbXzA4WsJsgX9WgPwNfp/nKTThaapto0bA0E65ShB
+JOuXrN7oovLpJYZF37ce8U0OoFvgH8SJVXqcDojW+STEa5G+akrde/0EO8mO1Nxv
+NqEYRieUoXswOZJqiHWDjZTy+uu57YkUSLYkQmp8qIyll8bq3rw1uJghsj5E8yc9
+OjYSfEgrjUqfJSJOhazwizmSRHoM2z2BRz+HlWfyVWBiakY9tDckM/fFw8NRiYcd
+RgII8gV/nPX7pkOpjXDAFZBjvP32kyV/ZyN43piIolWMGip+GFxeJbs1Uks8rrm1
+F4Bd4SLw27j0p+xzFZDw8N6ynlN4s03N8gsh7RrtG+eOoobJ6Nsl1O6i01GBosMP
+QjcHzYGAejeon1gTZ+wQJPINPImxCEzH3+/u9W4iXZDNTCTI/13MruSiWRdr3pPn
+8uZ8+cN38f+kj2WdNPF+IhEYcFgDAOrf1l+eygqHmcJFdmx/27WOriOI8xie/HYI
+JzOTZAtB5sUTvKszmRZ4qamA3uiMWn2UWgjpIbIBfIMiXwxhTpn2ruIr2hBp0h9I
+OGfECJYJ60X2f9HbLg6uz/OuI7obOpRWP6aFIQaXfM0FXeINMURlZigxoHCKEuQ5
+cHWAQzMrhMc84WEja2kUzgOrv549oROfj91tuM9Ad3IyXHBEMbmmkRLO
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/johanna.crt b/OPP/openvpn/keys/johanna.crt
new file mode 100644
index 0000000..8c5fcdb
--- /dev/null
+++ b/OPP/openvpn/keys/johanna.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 8 (0x8)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:13:18 2008 GMT
+            Not After : May 17 14:13:18 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-johanna/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:f7:70:f2:cb:57:2c:4b:57:2f:44:0f:26:39:41:
+                    ac:8c:0b:5b:3b:17:9a:f0:9f:1e:3a:9f:43:83:65:
+                    ce:78:1d:ca:33:9b:e8:79:a0:64:d9:2a:3f:37:75:
+                    09:bc:2c:60:78:d0:fe:90:c3:4e:91:70:4d:e4:f7:
+                    a4:df:c5:55:94:10:8c:91:ed:0e:41:22:61:20:67:
+                    f9:87:84:8d:a2:84:95:a2:86:04:49:d2:f5:3e:cf:
+                    54:22:e9:30:90:d5:e0:12:f3:94:39:9a:f4:6a:27:
+                    82:89:d6:a1:2b:f6:41:ca:7b:07:a0:96:cb:bf:7d:
+                    b0:22:66:b0:ae:13:bb:23:81
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                32:7C:8F:D3:1A:02:D7:62:07:F0:D2:64:DD:4A:56:76:38:58:6A:3F
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        6b:6d:1d:fb:22:51:80:dd:c0:d0:45:cd:51:f7:2e:d8:0c:e9:
+        b9:63:62:30:25:8c:37:ae:95:90:2f:e7:d0:a2:fe:08:18:f2:
+        1b:a3:cb:54:36:b3:9e:33:56:7e:fe:68:70:ab:51:0e:0c:30:
+        1d:3a:bc:5f:e3:32:9b:81:2e:87:4c:23:dc:24:70:ac:9e:f1:
+        f1:75:ee:9c:b1:a8:b8:58:23:7d:37:0b:be:43:8d:30:b1:40:
+        e3:72:90:56:40:38:d7:27:d9:1a:58:88:ba:58:a0:7c:16:91:
+        b5:fe:a5:68:55:a8:e7:88:a7:09:1f:28:c0:21:b6:4a:05:95:
+        ae:14
+-----BEGIN CERTIFICATE-----
+MIIDrzCCAxigAwIBAgIBCDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTMx
+OFoXDTE4MDUxNzE0MTMxOFowgYMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEY
+MBYGA1UEAxMPT1BQLVZwbi1qb2hhbm5hMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA93Dyy1csS1cvRA8m
+OUGsjAtbOxea8J8eOp9Dg2XOeB3KM5voeaBk2So/N3UJvCxgeND+kMNOkXBN5Pek
+38VVlBCMke0OQSJhIGf5h4SNooSVooYESdL1Ps9UIukwkNXgEvOUOZr0aieCidah
+K/ZBynsHoJbLv32wImawrhO7I4ECAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJ
+YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBQyfI/TGgLXYgfw0mTdSlZ2OFhqPzCBxAYDVR0jBIG8MIG5gBThTcNr9HyB
+exayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
+cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
+EG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG
+9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQAD
+gYEAa20d+yJRgN3A0EXNUfcu2AzpuWNiMCWMN66VkC/n0KL+CBjyG6PLVDaznjNW
+fv5ocKtRDgwwHTq8X+Mym4Euh0wj3CRwrJ7x8XXunLGouFgjfTcLvkONMLFA43KQ
+VkA41yfZGliIuligfBaRtf6laFWo54inCR8owCG2SgWVrhQ=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/johanna.csr b/OPP/openvpn/keys/johanna.csr
new file mode 100644
index 0000000..d29f7fd
--- /dev/null
+++ b/OPP/openvpn/keys/johanna.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB1TCCAT4CAQAwgZQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRgwFgYDVQQDEw9PUFAtVnBuLWpvaGFubmExHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD3
+cPLLVyxLVy9EDyY5QayMC1s7F5rwnx46n0ODZc54Hcozm+h5oGTZKj83dQm8LGB4
+0P6Qw06RcE3k96TfxVWUEIyR7Q5BImEgZ/mHhI2ihJWihgRJ0vU+z1Qi6TCQ1eAS
+85Q5mvRqJ4KJ1qEr9kHKeweglsu/fbAiZrCuE7sjgQIDAQABoAAwDQYJKoZIhvcN
+AQEFBQADgYEAnAtCU5BLjh1UDgn1d3fabORslXA1daEcG47HlJeV16c15CBO3qlj
+5TP5gr1I/O14MIFWfuvQd5tE6SSSTY6Q9RBI7H5LafxFExhA6mRnj7oenB9MBRP1
+yAF1TB2EubePmQvnG/2nqKHlwg21TEJeIgQr7MpVwMZt1JGv2+pIt5g=
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/johanna.key b/OPP/openvpn/keys/johanna.key
new file mode 100644
index 0000000..1475944
--- /dev/null
+++ b/OPP/openvpn/keys/johanna.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,2CAD762B60D58A1B
+
+h/nCTfEsk/adWL6TXhum1JSucJnscOkcs5VTU1JJXEakk4QaI9KtOgZvzII12fZ+
+OWsIqxAfJmj4GbyJj/nRXaCqxNg6ayTwKzaGAyw5QEf+H1/ILiqu7G1JyX1mMkEe
+/g4CRHJhQp5EeJF19U+tpqFrSfA+vq3kGa3KbGTauCQzw8VwmiWALYB2paScPmgj
+muf0i0Kzbzg+VD6T5bXl76y6i1OtB30UstWvkNXYAWYfb3Upli4psPJCZb59ggA4
+Bx5VVBd6QoNWyjhW5bEq5ibZK0tPZhYRjcocEtp34vpjqY/trIuu0Bp5t18lWJrb
+OueCndA8ya4vsj6JUSB7Jrr7siAShsX1b5o81m5Dy0041NRabqA9YVLYWyaG3uxq
+fad11KN699TsAxZvMjjRvjV5ps5eecRdh2vy0pu+RsAbImNXlmSLjiff2vVA+meJ
+DusmcMiiOlEORUSR/uhJSvcVOu/NyxCMlOuasbu3mgubC9LZde8lsELDKp8PxYiX
+tUxD2R0LObOQZHzz+Darsbnl2BLZki7x0I5LNnRWNfHD4C+n+GARJbJZBWsx5HEv
+BkwdBeOtgIHyGSu/Li7/4/ZnwFsXPQ210eZz62aUaLkN7jA0ucCRUJhl8qlkOCBg
+ITmvGiF+JRG9mXf3gkHYWHAQtRFcHkGxPLjK6he2wauYXAS65jiXLpBbidg1NJBE
+7Fmyx/ZGQQVcSgU4RdlQXNHK92B3j3Kit+FW+vES7CUHf3SnPKiUq7SG/asrb6cU
+5ZxN0zdh+tv3s/PTSs7aCETgPOt4dr8JiaiCFFX8+yHVJW31W8zriw==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/jonas.crt b/OPP/openvpn/keys/jonas.crt
new file mode 100644
index 0000000..c2d774d
--- /dev/null
+++ b/OPP/openvpn/keys/jonas.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 13:55:46 2008 GMT
+            Not After : May 17 13:55:46 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-jonas/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:cb:9c:0c:a4:23:e7:df:db:2b:2e:2d:37:9d:61:
+                    cb:27:8d:ed:9f:1c:e9:b9:2d:83:3f:2f:1a:2a:90:
+                    e7:1c:8b:41:28:a0:2f:3a:c2:67:a9:5a:e8:0a:a5:
+                    fc:3e:38:e8:fb:a6:5e:e4:14:3e:8e:70:ec:49:d6:
+                    20:81:f5:96:69:8e:8f:82:c1:d2:d7:fa:4b:e8:be:
+                    3c:20:05:41:f9:05:9f:8e:2f:38:a8:f7:d8:fe:1e:
+                    65:3c:68:0c:b0:db:74:57:fe:35:3f:70:ac:f9:fd:
+                    e0:9b:31:e5:32:18:ea:eb:87:06:d1:8d:03:fe:de:
+                    ed:17:77:c1:e7:07:92:20:f3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                33:08:DF:6E:0D:57:08:50:3C:7F:87:8F:29:3E:1A:EF:64:69:30:CD
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        1d:1b:07:ad:33:48:cf:b8:59:30:fb:5f:6f:ea:15:37:9f:12:
+        b6:03:30:2a:93:46:47:d4:42:2b:99:d2:a1:c8:ca:20:58:e3:
+        71:9c:fa:a1:ff:53:85:41:5a:dd:df:80:6c:ca:f5:ca:75:56:
+        5b:9f:ff:90:06:07:a4:8b:4f:c1:58:fd:02:ad:d8:1b:6c:6e:
+        bd:4f:6a:40:1e:43:47:3b:b6:cb:45:be:f1:68:9f:9f:05:b9:
+        3b:b9:7f:4a:0c:0f:53:c3:ab:15:54:cc:93:f1:4d:a7:88:7b:
+        f1:e5:59:9e:ac:4f:f6:9e:cb:05:e7:bd:fc:33:27:53:0d:07:
+        c0:07
+-----BEGIN CERTIFICATE-----
+MIIDrTCCAxagAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTEzNTU0
+NloXDTE4MDUxNzEzNTU0NlowgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
+MBQGA1UEAxMNT1BQLVZwbi1qb25hczEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMucDKQj59/bKy4tN51h
+yyeN7Z8c6bktgz8vGiqQ5xyLQSigLzrCZ6la6Aql/D446PumXuQUPo5w7EnWIIH1
+lmmOj4LB0tf6S+i+PCAFQfkFn44vOKj32P4eZTxoDLDbdFf+NT9wrPn94Jsx5TIY
+6uuHBtGNA/7e7Rd3wecHkiDzAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUMwjfbg1XCFA8f4ePKT4a72RpMM0wgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
+ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
+AB0bB60zSM+4WTD7X2/qFTefErYDMCqTRkfUQiuZ0qHIyiBY43Gc+qH/U4VBWt3f
+gGzK9cp1Vluf/5AGB6SLT8FY/QKt2Btsbr1PakAeQ0c7tstFvvFon58FuTu5f0oM
+D1PDqxVUzJPxTaeIe/HlWZ6sT/aeywXnvfwzJ1MNB8AH
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/jonas.csr b/OPP/openvpn/keys/jonas.csr
new file mode 100644
index 0000000..165ea3a
--- /dev/null
+++ b/OPP/openvpn/keys/jonas.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0zCCATwCAQAwgZIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWpvbmFzMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy5wM
+pCPn39srLi03nWHLJ43tnxzpuS2DPy8aKpDnHItBKKAvOsJnqVroCqX8Pjjo+6Ze
+5BQ+jnDsSdYggfWWaY6PgsHS1/pL6L48IAVB+QWfji84qPfY/h5lPGgMsNt0V/41
+P3Cs+f3gmzHlMhjq64cG0Y0D/t7tF3fB5weSIPMCAwEAAaAAMA0GCSqGSIb3DQEB
+BQUAA4GBAGCJqfyv9qcakBkE4P8AfFHylno2Ltz121EmlTE0wmniSCEFTJcZYBMs
+PJ7xhXTT/fLmRaG8BOjddTrbesKvPWbAn0R8IArUP36SCUTGfU2dKBxtlo0VBPWC
+29OY/5WwI6trmVwUDee/bx0QgGW5k3n5XwkoJkNkUp8v30r4HfYE
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/jonas.key b/OPP/openvpn/keys/jonas.key
new file mode 100644
index 0000000..ffb41a4
--- /dev/null
+++ b/OPP/openvpn/keys/jonas.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,04666DDD4E465CD1
+
+EoptnCowPVglVJUI6pXFQdzSx1N1c1NQapXF0Q4JTZtpBynjJ5NGGfsCZlvwbTOu
+ykaRYmMUQyZpdL9BTRFLZjPIG9zaDuYASF9U2YXPthjPvvbKaCdWuprulzot+BDy
+sZ0IYzC45YP+WaEh5A5AQS02iykmBRHc4VTD+VoR9IRuzU3bIWBa2PilkjekI7A4
+zKGjjBicdmG7CE+BE1iM7TIO1bbC3ktl7VcT9rprkSv22IMVTmTs6/6o35t3vRDc
+LaaaKgIfWMy9qSCAgqG3qyaQzx79BtU6r0FZipC6r6LW+kqHCUi5P/+TEaz+z41F
+0q4y8bVlSDCZhPrMeKmEilVoD0gjzU+LufsKv0aPbbDso/X6amM7JTLWbJLR26aO
+CVPdup+ZRaM6YLhNX0HT6ebaW8cbuVC7HIE/tXeIedi7nGu34uwU786GfRmB0Xzp
+AQxXtDbFfytLoIKP4lvP7mgls+6ZuJyqLAlikOdm7FaJgdVwCLmaAUR/xAanxBV8
+V73wRtwOXvmuW8tiuyOf9Ui3tbiTGO21f1LEFUJGBMu5K45zDeU3ct5wtf8Q4rLl
+xSakYXnRhIrfoUHbqLgWOb3qPFSE9igBYFfF0VuZH9Dzz4jW0qMJ8qoMce3knPQ0
+CLrSha8a8hge4nyCCo3gqM3sQe3kSMjMPskQbkb4B7+l2RgMtNAFIotn1DHct4hW
+n2m6yyzSPWoDTNQ8cthQ7tHmofgmW4i6SvR9xqfHFbzQklu+mJm6GSMo+Ugrwfgn
+lk+sHIhIZrzlT22jDHwGwS2WJEl0AayHwxS7mByvFlwY+eyTFmciyw==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/judith.crt b/OPP/openvpn/keys/judith.crt
new file mode 100644
index 0000000..9acf15e
--- /dev/null
+++ b/OPP/openvpn/keys/judith.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 9 (0x9)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:14:03 2008 GMT
+            Not After : May 17 14:14:03 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-judith/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d9:e7:c6:8e:af:9e:0e:c7:3e:12:5b:e2:4a:a2:
+                    45:7f:50:56:14:13:d7:c8:01:22:b5:56:7d:88:a5:
+                    c6:a8:18:21:e3:bc:9d:b6:2a:28:08:8e:1c:14:ca:
+                    13:0d:22:fc:ba:cf:cb:39:8c:6f:b2:0f:de:41:a0:
+                    ba:23:05:13:aa:11:35:3c:0d:51:ef:a5:03:45:8c:
+                    50:d6:91:79:6a:dd:86:1b:87:be:5b:62:89:06:f7:
+                    da:2c:20:3f:ae:59:e0:2f:f5:e3:69:f1:a4:6d:c5:
+                    b0:fb:8f:e9:92:c7:81:2e:a9:d7:44:9d:2f:d5:4f:
+                    78:e4:7c:38:4f:8d:ea:06:47
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                B4:C2:63:23:F6:B4:BE:2C:28:A2:BE:0F:96:77:80:E5:CC:9D:9B:F6
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        62:64:75:56:6e:13:fe:0f:42:1e:99:83:35:fb:f3:5e:06:84:
+        62:82:33:54:8f:d4:0f:08:a5:1d:6c:ea:b3:64:81:43:80:16:
+        46:d4:9b:e2:ac:10:4c:6a:eb:b5:a9:b5:15:05:0d:80:74:fe:
+        e3:33:89:39:67:47:3b:45:4e:9b:5e:5e:0a:07:8b:a7:bb:e7:
+        0a:4e:e9:31:8b:cc:a9:43:26:79:dd:00:b5:e5:8f:f9:8f:93:
+        36:3e:45:ea:df:63:35:69:f0:8c:1e:1f:09:a6:da:07:04:30:
+        51:eb:df:4a:c1:9a:95:1d:dd:9e:eb:29:2d:86:10:6a:03:cb:
+        14:3a
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBCTANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTQw
+M1oXDTE4MDUxNzE0MTQwM1owgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
+MBUGA1UEAxMOT1BQLVZwbi1qdWRpdGgxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZ58aOr54Oxz4SW+JK
+okV/UFYUE9fIASK1Vn2IpcaoGCHjvJ22KigIjhwUyhMNIvy6z8s5jG+yD95BoLoj
+BROqETU8DVHvpQNFjFDWkXlq3YYbh75bYokG99osID+uWeAv9eNp8aRtxbD7j+mS
+x4EuqddEnS/VT3jkfDhPjeoGRwIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFLTCYyP2tL4sKKK+D5Z3gOXMnZv2MIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
+FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQFAAOB
+gQBiZHVWbhP+D0IemYM1+/NeBoRigjNUj9QPCKUdbOqzZIFDgBZG1JvirBBMauu1
+qbUVBQ2AdP7jM4k5Z0c7RU6bXl4KB4unu+cKTukxi8ypQyZ53QC15Y/5j5M2PkXq
+32M1afCMHh8JptoHBDBR699KwZqVHd2e6ykthhBqA8sUOg==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/judith.csr b/OPP/openvpn/keys/judith.csr
new file mode 100644
index 0000000..987e242
--- /dev/null
+++ b/OPP/openvpn/keys/judith.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB1DCCAT0CAQAwgZMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRcwFQYDVQQDEw5PUFAtVnBuLWp1ZGl0aDEdMBsGCSqGSIb3DQEJ
+ARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANnn
+xo6vng7HPhJb4kqiRX9QVhQT18gBIrVWfYilxqgYIeO8nbYqKAiOHBTKEw0i/LrP
+yzmMb7IP3kGguiMFE6oRNTwNUe+lA0WMUNaReWrdhhuHvltiiQb32iwgP65Z4C/1
+42nxpG3FsPuP6ZLHgS6p10SdL9VPeOR8OE+N6gZHAgMBAAGgADANBgkqhkiG9w0B
+AQUFAAOBgQBljdCNA9mjNT1nV1KXrvAc2ITvxi0H6HvXorDk/CAnR1k4dMwlWsGF
+8AVuJ8doaLMwPyfR8SBMwV/W7/oywhjZMVoOAAyeSjVk5qBGEsthBcDo58F1f6Wv
+za/Q5oQAGf9JAQ4Yn1ZZRhjzbqndGX9y8dibmeXrqsAe5l7n3SfmWA==
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/judith.key b/OPP/openvpn/keys/judith.key
new file mode 100644
index 0000000..405fbb6
--- /dev/null
+++ b/OPP/openvpn/keys/judith.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,434CBD8D883E6C2E
+
+2/KezfSijGYQ2iTYjUuHu8VJXpFhmZb0jyEVxlG8APnF/e4vvJhp69EzxEXlD3xj
+YdVrWe27E4cnX3O3sXZg0YzyWiRYfy1kIwkUKGZtW1Rhe+bHsJ54pp53TgRzjOii
+Ri3e9EBGJ4jaAKC6sceDML9VdmKd9RneY3Ami/WGTbLs13E9Zt1S5IiuROvgv66f
+WJtOV3rMFzAiA8iaADDCeNTH4bWGIzyxPzT56andAMB9gSk+goAF1Sb9H0NIiQJl
+LRpfKaFi/RTVFer8Y/KcFJZMogvonuxr8V1WJMzMeRU9R401Cx9Ne0xQMBJEbQCc
+fmsiHb1fCOJKx6ypKUiWEpCY14zvzn/1w3vZLar15HJSsim9mtCecI8UrzRxo6+r
+GCrhIBNLn9D28nPwd+fo032fZHvb1QFyE1Gxij8PtdJfuzY+7JPnszIPwlGyEnC+
+g0OqIRDOWf9ti0I3g21p/tpvfXrQNf+rCmxJP2b52fuKG6K4OCZkbYmEpw9H7h18
+SjzFV2omIYZMWdmviYIiZA4fgDz/PuLPlgMcLOiJGCBQmpe06kos0/BMlXoBIf91
+KH1zlEuBflMy9NhkUytGC5906HUGXSCRHiU26Hka0gG6H1RxVAwgd47ZjbCwTX1h
+V0XyiU1lWq7+AJEQ1/6sSfFkan9r3p/5qB7yvBCYMvQTLw9TSrfja0r5GR2ScRI0
+CJUD6WwQpq1kRdgtXHZHpeeCP5x9ssLSGSBDlx6jxXP5OZDrp37UujbfuDNHGvlk
+Xa2lz+Zp8U5sMD0CcUrtfTybUVE5AG5knKw0bXI/JWFuOLO155PEZQ==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/jule.crt b/OPP/openvpn/keys/jule.crt
new file mode 100644
index 0000000..7d0f7c2
--- /dev/null
+++ b/OPP/openvpn/keys/jule.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 16 (0x10)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov  7 13:29:53 2008 GMT
+            Not After : Nov  5 13:29:53 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-jule/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e2:d7:c4:d1:97:c4:d5:cf:56:d0:36:72:e7:32:
+                    8f:b2:82:83:a1:2a:e8:97:2a:63:c2:dd:29:69:47:
+                    8a:fe:0c:61:fb:7f:02:08:e1:e9:8a:87:86:2d:95:
+                    74:c4:2c:59:c6:43:09:42:32:38:0f:f8:6c:0a:38:
+                    e9:3a:d7:36:fa:ef:d0:79:a1:ff:f1:fc:31:dd:c2:
+                    03:9e:db:7c:93:9a:90:aa:d7:a6:51:77:bc:48:8b:
+                    fc:a1:16:9f:78:bf:ac:1b:a8:30:f1:a9:e2:a1:26:
+                    3c:e0:54:a6:a4:04:16:78:3e:a6:e1:ad:02:66:08:
+                    a6:7d:16:0f:f1:56:b5:38:1f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                F0:6E:18:39:08:58:5F:92:A5:44:04:9F:87:2A:63:EB:FF:7F:E0:1A
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        42:9a:06:bd:da:97:4d:13:1e:a9:e7:4a:15:fa:12:7f:d6:90:
+        03:68:af:8e:73:1a:3a:66:3f:61:49:69:02:89:be:ba:47:fc:
+        d0:5c:c8:51:b4:6e:ed:31:a8:13:86:24:51:a8:f2:9e:56:d8:
+        43:fd:f2:42:df:7c:41:c4:7c:ad:87:06:b6:92:29:f2:2f:2a:
+        f1:9f:7a:3c:a4:76:ba:d4:99:b7:8f:de:99:98:f0:e9:01:f7:
+        6c:31:36:77:6f:85:2f:cc:5f:a3:59:0a:96:84:a2:98:b3:83:
+        6e:02:ef:d8:50:c6:81:0e:ee:b2:cb:20:e7:0f:71:ed:7e:9a:
+        c7:fd
+-----BEGIN CERTIFICATE-----
+MIIDrDCCAxWgAwIBAgIBEDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MTEwNzEzMjk1
+M1oXDTE4MTEwNTEzMjk1M1owgYAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEV
+MBMGA1UEAxMMT1BQLVZwbi1qdWxlMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4tfE0ZfE1c9W0DZy5zKP
+soKDoSrolypjwt0paUeK/gxh+38CCOHpioeGLZV0xCxZxkMJQjI4D/hsCjjpOtc2
++u/QeaH/8fwx3cIDntt8k5qQqtemUXe8SIv8oRafeL+sG6gw8anioSY84FSmpAQW
+eD6m4a0CZgimfRYP8Va1OB8CAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBTwbhg5CFhfkqVEBJ+HKmPr/3/gGjCBxAYDVR0jBIG8MIG5gBThTcNr9HyBexay
+zG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxp
+bjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5l
+dHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQADgYEA
+QpoGvdqXTRMeqedKFfoSf9aQA2ivjnMaOmY/YUlpAom+ukf80FzIUbRu7TGoE4Yk
+UajynlbYQ/3yQt98QcR8rYcGtpIp8i8q8Z96PKR2utSZt4/emZjw6QH3bDE2d2+F
+L8xfo1kKloSimLODbgLv2FDGgQ7usssg5w9x7X6ax/0=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/jule.csr b/OPP/openvpn/keys/jule.csr
new file mode 100644
index 0000000..c57fa8a
--- /dev/null
+++ b/OPP/openvpn/keys/jule.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0jCCATsCAQAwgZExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLWp1bGUxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDi18TR
+l8TVz1bQNnLnMo+ygoOhKuiXKmPC3SlpR4r+DGH7fwII4emKh4YtlXTELFnGQwlC
+MjgP+GwKOOk61zb679B5of/x/DHdwgOe23yTmpCq16ZRd7xIi/yhFp94v6wbqDDx
+qeKhJjzgVKakBBZ4PqbhrQJmCKZ9Fg/xVrU4HwIDAQABoAAwDQYJKoZIhvcNAQEF
+BQADgYEAuOMYmMo7udEHe/nSqF+ggU5aXuDQlOqf9OqpUaOAkSFWMH9Ok0ijwSgZ
+EuZAb0VTQcmmt/7r6P97L0cCamEQmZK3jVVq7RTsjoZeGYP+nuECPB45RVGjWNvR
+qkpaXGK47vXrPyogRW3SG/kc9FqCdfYz+xAPyXKNH32SiegvQFQ=
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/jule.key b/OPP/openvpn/keys/jule.key
new file mode 100644
index 0000000..fe61827
--- /dev/null
+++ b/OPP/openvpn/keys/jule.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,392049DE80DFD1FF
+
+gjbeYPQziUF0k0gjUJKL7OqLaiuzt0sbJvxcyoKajWmvifdw3pcr4PhrjhWepeqR
+GH+Ha+DnnTtKwwdyFGmUyWKokBypFhOTYApIiZwn7EP0CxBA7LkTPrdPsXlS3h6M
+im3zF8woLlOi3HnJvnDW0W9urMXCrgzfvsqeuCsHtpAzFRHzdwqofmrtdbjWsH79
+BWtHbhuS/JY2HIre6ffJdyUVibwK3nMynhyFsp4GKZZ1o9jX4aP4z6hGorOeRYUn
+FnleiouOcT7Hr5+FSgjXfuRhSr9s7uLS/Ket5Gi/K64yoZkrZdEFDTBQ1rk+bZL4
+mG6EYvo411k/SqgNPR2tBZxkJJa68NFuPB1/gONp1dUZ7U9RonY/nWIJ91/2E5aW
+aET15iuMVxhWnloBz+jDS0jwb/2hHS/04TPWMWQFFKij/pzHZsJeT4BvKqe9ZDQs
+Jx/NLXQJjmDpLtOR/rsLcSSyO4F67hZedNpAWjUOPTrH1Mo/cWrSxdahoscwMJoc
+st2/sV4CpSSDUGYe2TjynfSpqYSb866yUX7COp+EUX0OIFpKpMUKe/PXIEwiOCBM
+M2U8gZkXITe5HtWEgoNTl9tMeJXykdtHYo+jUMRtIZkelghb0rqbGiGzmeSFmOOH
+ZHZCzbpndYjo0Ai4ueI+6EYgyrXm2nSDRmIU9P9dZGRVJB9tcbdmN16hEbg66pZd
+CCirelMBAHU35QzXSN5ciE4jsmasY2SMPGdGQhU4Q0NIccysbur8IJ4hRBXX2UA1
+i6ykqyTivTlTJZ4KZFsWN9f3Dbr8XZ1Q1HgSZZs2yrZhKoAO+37X6w==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/kathrin.crt b/OPP/openvpn/keys/kathrin.crt
new file mode 100644
index 0000000..9288a71
--- /dev/null
+++ b/OPP/openvpn/keys/kathrin.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 25 (0x19)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb  8 01:18:41 2013 GMT
+            Not After : Feb  6 01:18:41 2023 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-kathrin/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ac:8a:ca:6c:41:fe:b9:52:8f:b6:d8:41:8f:ac:
+                    e3:17:57:59:0c:df:bb:4f:2d:f8:09:1a:4c:ba:25:
+                    d1:68:a4:15:69:06:25:33:aa:28:f1:39:01:b7:a2:
+                    51:1b:1e:9f:e0:8f:9a:b1:e1:e3:01:62:b2:ff:fc:
+                    e5:43:cf:0a:1c:31:86:ce:82:62:f5:d1:42:bb:93:
+                    fd:e8:75:99:77:a8:8e:e3:95:35:2d:be:f9:bf:dd:
+                    a0:72:e1:2b:b0:21:b4:ee:ee:f0:c4:eb:9b:ac:0d:
+                    03:81:10:b4:26:60:72:bf:f5:b7:a3:15:7a:52:dd:
+                    43:5e:37:e6:63:92:2e:5f:4b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D6:AE:B3:AB:C4:5D:22:A6:55:4B:0B:87:B5:3F:79:6B:6D:ED:5C:0C
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        2c:37:3d:00:a7:e3:f9:2a:66:9f:73:0c:06:33:a2:b7:2c:cc:
+        6f:e3:02:98:72:a0:5c:be:da:9c:99:bf:c6:2d:c2:23:4f:84:
+        fe:64:00:81:07:d9:21:7a:05:e5:b9:d8:58:a8:a8:0d:34:38:
+        f4:53:bf:cb:d6:0b:76:4a:ef:8a:46:ca:70:97:02:c9:6e:d2:
+        36:b1:1a:83:a6:12:44:19:06:41:e0:e6:05:70:b6:cc:13:2a:
+        a5:05:40:e1:24:11:60:61:05:e1:97:f9:74:9a:d5:3d:3b:7b:
+        99:09:74:21:98:02:55:3c:f4:64:6a:20:66:1e:14:2b:a3:c1:
+        4e:a4
+-----BEGIN CERTIFICATE-----
+MIIDrzCCAxigAwIBAgIBGTANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEzMDIwODAxMTg0
+MVoXDTIzMDIwNjAxMTg0MVowgYMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEY
+MBYGA1UEAxMPT1BQLVZwbi1rYXRocmluMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArIrKbEH+uVKPtthB
+j6zjF1dZDN+7Ty34CRpMuiXRaKQVaQYlM6oo8TkBt6JRGx6f4I+aseHjAWKy//zl
+Q88KHDGGzoJi9dFCu5P96HWZd6iO45U1Lb75v92gcuErsCG07u7wxOubrA0DgRC0
+JmByv/W3oxV6Ut1DXjfmY5IuX0sCAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJ
+YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBTWrrOrxF0iplVLC4e1P3lrbe1cDDCBxAYDVR0jBIG8MIG5gBThTcNr9HyB
+exayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
+cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
+EG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG
+9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQAD
+gYEALDc9AKfj+Spmn3MMBjOityzMb+MCmHKgXL7anJm/xi3CI0+E/mQAgQfZIXoF
+5bnYWKioDTQ49FO/y9YLdkrvikbKcJcCyW7SNrEag6YSRBkGQeDmBXC2zBMqpQVA
+4SQRYGEF4Zf5dJrVPTt7mQl0IZgCVTz0ZGogZh4UK6PBTqQ=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/kathrin.csr b/OPP/openvpn/keys/kathrin.csr
new file mode 100644
index 0000000..43d56c5
--- /dev/null
+++ b/OPP/openvpn/keys/kathrin.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB1TCCAT4CAQAwgZQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRgwFgYDVQQDEw9PUFAtVnBuLWthdGhyaW4xHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs
+ispsQf65Uo+22EGPrOMXV1kM37tPLfgJGky6JdFopBVpBiUzqijxOQG3olEbHp/g
+j5qx4eMBYrL//OVDzwocMYbOgmL10UK7k/3odZl3qI7jlTUtvvm/3aBy4SuwIbTu
+7vDE65usDQOBELQmYHK/9bejFXpS3UNeN+Zjki5fSwIDAQABoAAwDQYJKoZIhvcN
+AQEFBQADgYEAVQkjD7FMZfh0gGywWhWVbGcpVVd5psoS8btMdtnCQtDZlrzTlk1T
+3md80xOzcjS2uWyn0PLNSmhpXVT9fQ1SXu1NIn2SuREgIXGbOcxTRxAWne+Tl/vO
+T2KI+xbAnTIP9tmXV0BmzX9J7FLfcqjUJ63h8iL0DxYiOeg3lk907B8=
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/kathrin.key b/OPP/openvpn/keys/kathrin.key
new file mode 100644
index 0000000..eb1c13c
--- /dev/null
+++ b/OPP/openvpn/keys/kathrin.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,098EA5619670364A
+
+bQbX1sDr1g4KnleyD+8VKKTqPrEjS6m52XiiJWkqRjThh26Ec+csfi9APYcxGUWN
+BXNHxLkPW8ocnh3Bo/a00faF00Vit2CyYqIhPMfw9jX30v3VCQ8c0hxI4XDJTDiZ
+4bZR5xhEo+oc8OiXPSElVxqmItgenTz9russvtx4dTEAsvGf5M4YOUrzUqbvg2Qs
+jlz5d8qGpe12NfvYUr+8qqxvvffWB2GFu2g7UjBYKFB3x6ZwdA8qFIBqNi0xGBOB
+jCo/7HoMDHqFkulQpvoj+esjaLHuSiWBbPK0H4h4mAhMjF21AH7trCguV9RwRVlN
+P/j0XyUzpxrL3dK3wiN0p1LKd+CtnBWyY1yz+pgZhmmwQPTs7hYOn9p80pcUQg7V
+12QSPE4F/2Vyw+evt6y3kRy/3GQ3dSnnBo2b68SD3WbwZqcLUn7Vrzviq5ruJFzM
+qrACMKwHP4LFuI0KtdnnnhKY9uRxqAPlHom+yq8/aL+h1dZ2Z7P6CpEteGTmwIzT
+qd3CJGP450Js1uOLqnBtSvbiraqZctANY6Jfyl36gT/u9ggeT+kug1YCTFr6vftT
+8ooLFQv9+aG2m7Ntyxn1LOIzhbTOE9Ja40sQCy35hntEO3s7fgc3tcTasurB9ocq
+4gVTg5k8b02Lt3kCpsfV1VSQLvJ9GG6Wsf6MdSG23i6Ur583Ffqao4AjABRkiAax
+uc66nevZunnUsLV5rU37DIKVi5450dunPvp1S3ZWHtL0GxYZC1gYuQM+JiMkFBnA
+ZYkwq2EPDeOI0SuP8MwFVQcszDQ28xHgfiLlxjEHZLE=
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/katja.crt b/OPP/openvpn/keys/katja.crt
new file mode 100644
index 0000000..d844510
--- /dev/null
+++ b/OPP/openvpn/keys/katja.crt
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 28 (0x1c)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Oct 11 15:12:49 2013 GMT
+            Not After : Oct  9 15:12:49 2023 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-katja/name=VPN Opferperspektive/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d9:e2:21:55:b2:cb:8b:c8:d3:c6:09:ed:7c:c0:
+                    ca:64:9e:87:7b:54:e4:14:b6:cb:3e:b8:74:3e:df:
+                    8c:73:69:0e:b2:22:65:37:1d:24:cc:77:d8:0e:fd:
+                    cc:88:44:95:e7:97:e2:2a:05:cc:de:3e:90:e5:af:
+                    d5:1a:05:be:9f:5e:5a:c5:22:48:55:d6:de:33:4f:
+                    ce:50:f0:f0:ce:16:f0:3d:f4:71:c5:b0:be:ad:06:
+                    ca:5e:05:15:85:74:a7:21:16:28:8d:b3:36:06:bb:
+                    d3:48:8c:99:4f:9e:d7:de:6d:ff:82:82:35:b4:43:
+                    04:ca:af:78:bf:12:27:ef:0f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                35:A3:D6:E8:69:F1:4A:4E:5D:BC:46:48:D4:29:E1:B3:DD:0F:0E:21
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+        a4:33:fd:04:b8:eb:4f:94:8e:7d:e0:67:ea:d5:cf:fb:3e:c4:
+        91:dc:5a:4a:28:a1:05:46:d1:20:fa:e2:99:8f:57:cf:24:8d:
+        f5:b1:86:17:cd:ee:8d:60:df:30:d3:48:61:d0:65:48:73:43:
+        38:37:0b:fb:a0:9c:d8:e3:b5:dd:8e:2d:18:93:19:af:7c:dd:
+        1f:5d:42:36:ff:df:db:2f:dd:89:2d:3d:75:7d:90:74:33:e0:
+        f5:e5:0b:2d:aa:ed:02:a5:b2:2a:2c:e4:70:f5:f0:bd:66:d2:
+        b8:3a:0e:7d:6c:47:55:8f:89:f6:22:c2:05:07:ce:f6:4e:9e:
+        18:a1
+-----BEGIN CERTIFICATE-----
+MIIEADCCA2mgAwIBAgIBHDANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEzMTAxMTE1MTI0
+OVoXDTIzMTAwOTE1MTI0OVowgbExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWthdGphMR0wGwYDVQQp
+ExRWUE4gT3BmZXJwZXJzcGVrdGl2ZTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANniIVWyy4vI08YJ7XzA
+ymSeh3tU5BS2yz64dD7fjHNpDrIiZTcdJMx32A79zIhEleeX4ioFzN4+kOWv1RoF
+vp9eWsUiSFXW3jNPzlDw8M4W8D30ccWwvq0Gyl4FFYV0pyEWKI2zNga700iMmU+e
+195t/4KCNbRDBMqveL8SJ+8PAgMBAAGjggFGMIIBQjAJBgNVHRMEAjAAMC0GCWCG
+SAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFDWj1uhp8UpOXbxGSNQp4bPdDw4hMIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
+FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDATBgNVHSUEDDAKBggrBgEF
+BQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEFBQADgYEApDP9BLjrT5SOfeBn
+6tXP+z7EkdxaSiihBUbRIPrimY9XzySN9bGGF83ujWDfMNNIYdBlSHNDODcL+6Cc
+2OO13Y4tGJMZr3zdH11CNv/f2y/diS09dX2QdDPg9eULLartAqWyKizkcPXwvWbS
+uDoOfWxHVY+J9iLCBQfO9k6eGKE=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/katja.csr b/OPP/openvpn/keys/katja.csr
new file mode 100644
index 0000000..ae0d836
--- /dev/null
+++ b/OPP/openvpn/keys/katja.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB8jCCAVsCAQAwgbExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWthdGphMR0wGwYDVQQpExRWUE4g
+T3BmZXJwZXJzcGVrdGl2ZTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANniIVWyy4vI08YJ7XzAymSeh3tU
+5BS2yz64dD7fjHNpDrIiZTcdJMx32A79zIhEleeX4ioFzN4+kOWv1RoFvp9eWsUi
+SFXW3jNPzlDw8M4W8D30ccWwvq0Gyl4FFYV0pyEWKI2zNga700iMmU+e195t/4KC
+NbRDBMqveL8SJ+8PAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQC39Pay1HRCsebm
++i5Y9NPjlBRMfLyDeUSkHTM5glQguX5Km6mssNFl4XzZXxSfIpO18q/AroDI102P
+p1kWb3kKdUYbmJWzkpmI4QZQnC0Hx2DvlE06NmecFgz+gkrRKZs6j5F8KIbXRINa
+VHRAvvPBntfS/3RNBXw52dRLbgyDkg==
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/katja.key b/OPP/openvpn/keys/katja.key
new file mode 100644
index 0000000..1cfb84f
--- /dev/null
+++ b/OPP/openvpn/keys/katja.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,9A0C89BDF70ED93E
+
+fPgvLpUi4FW3qbtOIQiM6LWSb2OkeP/HoWpDC6nLGAvkOZirmuVN71G3S7FHz5xH
+lf0kGTDbs4ajbr2uX67j/AyVsNKetfCondI41lKx6fwo2JCZC2m708mwOMkGZOza
+i4+B7HiB9HeKo8OekYgm/x9Cw/Lw6Aon26Z49i2Q7cRX5Ik2Hjz37YmeWVlK9PUU
+pg/iR5j68KoQTJFmI+48F7IDnG6Z/5bC/d4B/1q5UOqNMxpDyZVculd/8m08ReCD
+f1fzRA909l5YkKbL0hhjFtWHKZyP2J5VYAEViH+9ugzu07AkSgkE+JQmZvek3alz
+b/SE6jMMdkaxwV+6aEBAQcmZsjsEq7T+xyreEL6v3HweR2ZcJyGJAgFmwX9Xdgq9
+M0W7EIHpvemuxaToKeIe20iKYCulm+aiwwzaRlgvoBvJOQw7lPzMzUnhaWcuUwW4
+K8IYnAgchumLRMcATSB905Z04hAjw6bBfvJInqFiYqEKkrCYDrasIS8DLk4MxUeu
+MLTXofNIxcetD40NgxjdMqSQSV8p81hUg1ijs1/JXmzStZx+EpR6MRxL9ywbeOh6
+hOD/npBwJw90jD8L4rpj4g4JRNKjp/Ui/m2doOH5K7V2Va+jzKCHpAWU39tgxI+T
+j81E5SveFLav1gIV8Lj+vwhGrkF3Y9zUa/Y41+1mApMe2prZKAj5hGn3bAzzt2CM
+QgB+e5QYWSkmBLHI6WHXYZVaJ1yN+HyQgv4T2WzW0BNhR3chgT0r8tsIUvBeso7d
+Tvf/8feNgnKet4gvvOAt2jA12nezEr3ema9l7Sr/vKvbREoLS0xGlA==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/katrin-priv.crt b/OPP/openvpn/keys/katrin-priv.crt
new file mode 100644
index 0000000..e5039e8
--- /dev/null
+++ b/OPP/openvpn/keys/katrin-priv.crt
@@ -0,0 +1,72 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 33 (0x21)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 22 22:55:53 2015 GMT
+            Not After : May 19 22:55:53 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-katrin-priv/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:be:4f:1e:d3:bd:2b:84:57:03:b7:6e:64:fc:bb:
+                    94:70:a4:28:37:80:4c:49:a3:90:1d:8e:09:53:40:
+                    8a:e2:97:9e:9e:e1:cd:32:0d:e4:04:a2:da:87:8a:
+                    4f:3d:13:df:f6:87:59:83:04:65:68:23:e7:2f:3c:
+                    c0:25:68:2f:bf:07:cc:fe:b0:9e:fa:30:9d:6e:21:
+                    eb:12:fd:c3:a7:fe:cd:c9:40:bf:14:db:e5:83:4c:
+                    f9:7d:44:12:74:80:bc:38:82:1f:81:ed:49:5e:3a:
+                    a3:35:ca:12:5b:32:f7:6d:2a:bb:e8:5f:ac:22:d7:
+                    59:7c:d5:e1:92:62:57:0a:fb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                CC:F4:5A:3A:2D:0A:78:23:19:14:F2:39:46:24:0F:6F:B0:14:AC:C2
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         84:10:b0:e9:2e:86:74:09:f1:47:9c:56:d4:ff:b4:c4:1a:18:
+         b1:2d:9d:9b:ff:dd:d8:f8:fc:5f:d4:4d:18:0f:b9:ba:28:38:
+         e3:aa:49:66:2a:77:3d:3c:5c:d0:7a:fc:25:d8:5f:a5:ba:67:
+         77:50:9a:46:4c:14:b2:fb:6f:e6:d0:fa:19:1b:43:24:64:8f:
+         c6:7b:b8:4b:ea:62:66:51:dc:6e:a7:df:be:4d:f0:c7:c9:7c:
+         08:08:9f:11:47:90:dc:13:3d:1d:9d:11:24:91:06:60:26:1c:
+         e5:1f:00:d9:57:b0:fe:5d:f9:be:89:0f:ef:24:ae:3e:24:de:
+         80:46
+-----BEGIN CERTIFICATE-----
+MIID5zCCA1CgAwIBAgIBITANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE1MDUyMjIyNTU1
+M1oXDTI1MDUxOTIyNTU1M1owgZgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWthdHJpbi1wcml2MR0w
+GwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEAvk8e070rhFcDt25k/LuUcKQoN4BMSaOQHY4JU0CK4peenuHNMg3k
+BKLah4pPPRPf9odZgwRlaCPnLzzAJWgvvwfM/rCe+jCdbiHrEv3Dp/7NyUC/FNvl
+g0z5fUQSdIC8OIIfge1JXjqjNcoSWzL3bSq76F+sItdZfNXhkmJXCvsCAwEAAaOC
+AUYwggFCMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUzPRaOi0KeCMZFPI5RiQPb7AUrMIw
+gcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJ
+BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
+A1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQD
+EwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdE
+FItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG
+9w0BAQUFAAOBgQCEELDpLoZ0CfFHnFbU/7TEGhixLZ2b/93Y+Pxf1E0YD7m6KDjj
+qklmKnc9PFzQevwl2F+lumd3UJpGTBSy+2/m0PoZG0MkZI/Ge7hL6mJmUdxup9++
+TfDHyXwICJ8RR5DcEz0dnREkkQZgJhzlHwDZV7D+Xfm+iQ/vJK4+JN6ARg==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/katrin-priv.csr b/OPP/openvpn/keys/katrin-priv.csr
new file mode 100644
index 0000000..b914447
--- /dev/null
+++ b/OPP/openvpn/keys/katrin-priv.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB2TCCAUICAQAwgZgxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWthdHJpbi1wcml2MR0wGwYJKoZI
+hvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEAvk8e070rhFcDt25k/LuUcKQoN4BMSaOQHY4JU0CK4peenuHNMg3kBKLah4pP
+PRPf9odZgwRlaCPnLzzAJWgvvwfM/rCe+jCdbiHrEv3Dp/7NyUC/FNvlg0z5fUQS
+dIC8OIIfge1JXjqjNcoSWzL3bSq76F+sItdZfNXhkmJXCvsCAwEAAaAAMA0GCSqG
+SIb3DQEBBQUAA4GBAD6DHPl9u2e4yU0SFv3+xNS/nNNJW6VpeG5z9KHF9PFf6ZX1
+Alxb2uYpZKrOMgGsNe0iu9+IXn26z+dEKaLZGAnD5PHYalNNxrCyozr4kyorXGaC
+X0vWkl6PjYzfZ41e8f3/8X0Qi6Fdp6ecyQOO0vqZGD5xFbbOWfApqwu2Y7ne
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/katrin-priv.key b/OPP/openvpn/keys/katrin-priv.key
new file mode 100644
index 0000000..b8374ad
--- /dev/null
+++ b/OPP/openvpn/keys/katrin-priv.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI+ug+vEeKeRICAggA
+MBQGCCqGSIb3DQMHBAiRaadh3lSBzASCAoDz0VgMz5C4ZvxCDGbVl5VMqRNr7fDT
+Jaah0cGH87s3B/ktIXbUegYKViNhlV05B1NygJ9p5VmTS5ziHFyvQwW4Z222kBBT
+HaRHc+Tf9VoCF3XQ6kyQxag1OFgBpcx1bcZQRi2V+2pRI16zIo3DuBNoJVh9Bqku
+ebDOc5mkWyR3HJt7qPrJmYvuikRSBT9WnfKbl+XDY1RS/ZambM73J0RPfbjUGodG
+7XAZN+giP/k5mthIatQ0tYRR5G7vUuEKY/wp8rFZvLRXjXnrE650y/Ab5mjO1pfy
+GwFRi7OQtqHpNl4P5MRTBBoIDIF3OXGO9I+nCiqTUpgH2iFu/0E0VQi/Dj8x9Gj8
+2GGMLD2zcyl6Pet9VbNopus6dE2vJEqNb2F8Cnu+vkfbR4o5Idu6ptYKNAny4lyP
+xbJ4n59Su5xBJkTlBnxkIa3zDtOn6dXWPBl7YtTQdm276XH4LCAAoiFWdBgJw2NZ
+Pvw7a2jsD4/kSXUfxw5kW+y9ixLdkGSKmbTzroChhIM7k75ZkYapAAnv/AQ/x7vq
+rRSuErE7PXtHz6LwW3ePNTxLdqRG4qkh3sHWncZ59lu2T+78FopkxP81X81FVtOi
+TRx484rpl5mfUyVXdsGZ2DU2oNajvXiG3QTpDAAugf0RZtH1Y3TYsCCQfjgC+/rR
+Utjd7EdSzgaa44IBy5LBBTwGMvP0kijC5gRuqJ6TPUZ7UfY8B31XVel/CrYwusB5
+Naw9dUNRrRheJHWRJL7CphbIXXskgLOUicJbTLJdTFof/gt/9M2EurW3nRP3WCPV
+/ju5kEiFB+P1KvzRVQ0WumE0p/lYbcsRHPCfGfcVbe8N/Mon8MXrU97R
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/laptop-opp1.crt b/OPP/openvpn/keys/laptop-opp1.crt
new file mode 100644
index 0000000..95d27e9
--- /dev/null
+++ b/OPP/openvpn/keys/laptop-opp1.crt
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 40 (0x28)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov 14 02:38:46 2017 GMT
+            Not After : Nov 14 02:38:46 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-laptop-opp1/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c5:6d:a2:af:0d:9b:bc:eb:77:08:d3:c1:da:79:
+                    ce:9a:d0:27:74:d2:5e:ce:68:52:35:ea:72:63:a6:
+                    ba:a8:d5:47:41:95:10:d5:56:fc:07:c2:24:4e:28:
+                    06:04:f5:74:43:05:52:86:36:86:f9:8f:79:c5:73:
+                    0e:a8:c2:e7:5b:7e:08:79:02:a2:a8:21:59:6e:f5:
+                    19:c6:59:6c:96:66:dc:24:c3:1c:18:e0:09:e4:6e:
+                    2c:33:33:c4:37:ad:bf:06:93:93:ac:df:98:8a:93:
+                    11:8c:6b:c9:d8:39:dd:66:01:d8:80:ed:ab:42:1e:
+                    82:78:2e:e0:a2:98:3d:b3:39:b8:47:1a:81:4b:a4:
+                    e9:c3:2f:b2:10:7a:ab:ba:65:73:8e:0a:23:54:9d:
+                    3e:4b:4f:09:95:f7:6f:c8:33:3a:ae:63:87:1f:ba:
+                    67:f6:03:02:62:c5:22:9b:b6:97:36:eb:11:f7:13:
+                    62:f3:1c:79:b1:22:b1:b8:f2:f9:ed:57:0c:54:50:
+                    69:49:ce:a6:e3:4d:f2:39:41:4e:8a:1c:32:aa:87:
+                    9e:b0:de:93:37:87:34:b6:1e:ca:94:d2:48:0a:50:
+                    31:c5:c0:41:78:7b:2e:c1:8b:75:95:44:10:06:91:
+                    20:39:54:a9:50:36:b4:95:2f:69:7b:21:cc:13:a3:
+                    38:2d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                82:A2:3A:69:48:F0:DE:60:58:8C:C6:75:BD:C1:54:4F:99:A3:3C:50
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:laptop-opp1
+    Signature Algorithm: sha256WithRSAEncryption
+         13:a4:d5:2c:2c:59:3f:9f:ef:ac:36:d4:21:a5:5a:d9:f3:be:
+         13:09:f5:53:9f:e9:2d:e2:25:9c:72:f0:a6:bb:8a:12:6d:9d:
+         f8:1c:64:8d:b9:db:58:c1:6b:49:ba:06:eb:45:69:31:8d:22:
+         29:55:4a:cb:2c:4f:0d:c6:c7:af:e4:9a:c1:47:34:2e:87:6f:
+         1b:0d:88:09:3e:db:e0:82:96:8d:cd:b8:66:06:a7:ed:a0:2f:
+         e5:d6:f0:ab:e7:db:8e:0b:5b:81:e4:16:2d:83:08:0a:c5:33:
+         4e:27:96:ca:60:88:3b:4c:80:eb:af:45:d5:59:a2:f0:31:cf:
+         30:52
+-----BEGIN CERTIFICATE-----
+MIIElTCCA/6gAwIBAgIBKDANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MTExNDAyMzg0
+NloXDTM3MTExNDAyMzg0NlowgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAxMRAw
+DgYDVQQpEwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVtoq8Nm7zrdwjTwdp5zprQ
+J3TSXs5oUjXqcmOmuqjVR0GVENVW/AfCJE4oBgT1dEMFUoY2hvmPecVzDqjC51t+
+CHkCoqghWW71GcZZbJZm3CTDHBjgCeRuLDMzxDetvwaTk6zfmIqTEYxrydg53WYB
+2IDtq0Iegngu4KKYPbM5uEcagUuk6cMvshB6q7plc44KI1SdPktPCZX3b8gzOq5j
+hx+6Z/YDAmLFIpu2lzbrEfcTYvMcebEisbjy+e1XDFRQaUnOpuNN8jlBToocMqqH
+nrDekzeHNLYeypTSSApQMcXAQXh7LsGLdZVEEAaRIDlUqVA2tJUvaXshzBOjOC0C
+AwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNB
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUgqI6aUjw3mBYjMZ1vcFU
+T5mjPFAwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIw
+gY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMw
+EQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
+ZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAW
+BgNVHREEDzANggtsYXB0b3Atb3BwMTANBgkqhkiG9w0BAQsFAAOBgQATpNUsLFk/
+n++sNtQhpVrZ874TCfVTn+kt4iWccvCmu4oSbZ34HGSNudtYwWtJugbrRWkxjSIp
+VUrLLE8Nxsev5JrBRzQuh28bDYgJPtvggpaNzbhmBqftoC/l1vCr59uOC1uB5BYt
+gwgKxTNOJ5bKYIg7TIDrr0XVWaLwMc8wUg==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/laptop-opp1.csr b/OPP/openvpn/keys/laptop-opp1.csr
new file mode 100644
index 0000000..5fc5bdb
--- /dev/null
+++ b/OPP/openvpn/keys/laptop-opp1.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC8DCCAdgCAQAwgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAxMRAwDgYDVQQp
+EwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVtoq8Nm7zrdwjTwdp5zprQJ3TSXs5o
+UjXqcmOmuqjVR0GVENVW/AfCJE4oBgT1dEMFUoY2hvmPecVzDqjC51t+CHkCoqgh
+WW71GcZZbJZm3CTDHBjgCeRuLDMzxDetvwaTk6zfmIqTEYxrydg53WYB2IDtq0Ie
+gngu4KKYPbM5uEcagUuk6cMvshB6q7plc44KI1SdPktPCZX3b8gzOq5jhx+6Z/YD
+AmLFIpu2lzbrEfcTYvMcebEisbjy+e1XDFRQaUnOpuNN8jlBToocMqqHnrDekzeH
+NLYeypTSSApQMcXAQXh7LsGLdZVEEAaRIDlUqVA2tJUvaXshzBOjOC0CAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQAuhK570D8SHrXsOxOFfabxVVftaLecUdYhJPTr
+ZmrwuA2XSkf52m8MLcw4hoXlFqmOM3w6+lLR9byCPZe0sEy0ATlI1s+i3IkGa6Ay
+3FkjKo5TdaHY+ZlhDsGB4298AMDM7xoWjnoflpH9rW4T+ca8VrxWAYmo9Mw0Q4JN
+F7OjJM+evKEm/J8IQjGCLbmDqSoW+T1EpzcdGw8kMiRLl944zw8Ap4w0JnzmEY/W
+e/Iv5qnt5hBIMMsFrbFMvIZaBcwlX/qZ3v7nkxONuqdBog9Jdqf12ujNk4z8jO6v
+4jbMXQR7BfBEVrnUNnsBzWedrkGwukVjyn+uspLZoZbNffSd
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/laptop-opp1.key b/OPP/openvpn/keys/laptop-opp1.key
new file mode 100644
index 0000000..3bda181
--- /dev/null
+++ b/OPP/openvpn/keys/laptop-opp1.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIvHFbhmmWccUCAggA
+MBQGCCqGSIb3DQMHBAg3Iz/FqmdZ7wSCBMjNGSrcP1d2uS3KGvLQAIHxIcTJado+
+ORafYeIi3yI1Ymw0NuJTBkED7ht6uIHPZObMFvSz6FPKXW4AgJ61bUrUO02FMFWS
+b8dSYOVhNXYUmyUdR0a1Ocq+LWQQehVFckgZoZuWKnSJntLDFlL7rbNj3FQrpS5P
+fjUv7dy/fv9H56EJjsREt7N3IGz3zf5apjFhLFi5G6cvvo0wIZr4TzunkO3/LGRq
+J2GUASJEvYs0U99HpK2wYUN3IJqYI6UfvT+I6Ra57oYMBQsTiJtAsWkiRpxIE3Vw
+/UfrKwp4PnVcw0TAEeZ/uc4HLGWY4YoQueBeagnIZeJcQTpd/Mf9iIGeGWa4Mpp+
+kLEDgS4uyZvgYEQ9iN9I6KykUrHZKgVv+wwC1RlYtQANXkff0RRMIrSKSnxnk2tn
+TncaccDEAlXwB6yQLUdCPzEfa4X7QsM7hSOXPN369qqaM4mwg66Qt2AmWq4c87Ta
+CWITdQ/ko0B6fLrenvY25g1e+NpszjGfDw4MqPE7j8ieXy6BFdlPAdqr2gHGxlwO
+LS2Zt+zbffhNmlq8xQA+b/lU+UpoxzSZzT88I15jFeeT3OsWIHNM66wk1PAKRhPQ
+gj1NAC9zyLftGoJei+B9ZNkF9b/a72rPNac3X5FQzFdVQ20AAsKeEBFgtmwWc/KT
+10206UCSGm9hau63yWv7uOrwnFG/t2pJcA+C8pnHwEMFbNzX7jYJgAG1WwmQNTsJ
+RALHfQkvJwgXlOv0bHntSvOHBhDjVmhDilrqJLjJTlZ1nhFy4U8ziSNWCHTvSXyO
+f95faLJUEdIOFKIdvKvvzkBqTB829EmbkFsJMVJ1vC566jX3IulNzkpO0eP+oRQs
+xBIUipGDFwy8qMaPOW4TC3edjhvBuTGfrriIZfsUaQHuqtD8HDA6tM2BJppjMvfi
+zVPtZB/0LaHjRNqJB5paSws+Q8Rd9ENJIUI8u7aLkOU8foO+17pQZ4msSzUCVd4E
+mWiJ+TAFM8hmlQ2u6NznM9RABBpsGrzmhC1XhkwU9V41KHcKMdRAkrPvixX8qthp
+cG7EoyVXcl2lC8emr6sbGwhKmOCTz0gSm/REnoQZpnIMpSIsTqw6gPzHvK9vVRP4
+nZUt4SCEaVqGrykgj/GzEfiAQyyDqNZDeqJwJnjkcs3qeR7Arr7wlL88Bk14TmHu
+DBoWxkjPxmGD7ZdE2C6yqETNNyMHQVxHDafraOc51WQz8w0HUGl/9OjDt7jZBtdN
+PbtiDFxhZLvHpo6CNKsPTwNgdIfgg/NRRWpjoDnf8prY0m6DVbvwqm4BxKxA5r3E
+k1YreW2evOFP6nOU31ptY58vWlaWTJAv61Xp2N3J4fzydc1sJQckQG/XWdORb7Bl
+FBNona7NPY6y+RGWYhfkzHqoAY4QEpZcjSPEN+Z5ULbxfL1tCN5i145vv9FRDu5A
+MTCCd7XIc5WIKKz2AfIR3H9LSJGEY231VGtPOJkCqkzUF4NHRwcPOnrvRqHwlfOZ
+7h7OGOQsj1FPANBRj4upEM4/WNeyT9fQNWguYR5kNCwLkryO965AqHNCOHeFL7K6
++0+NPEOF9qLxM6dSxnP6HkH2dodVmqiUbDeypPnmrh71ncrgBKMtJ75THEBA5k4Q
+8UQ=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/laptop-opp2.crt b/OPP/openvpn/keys/laptop-opp2.crt
new file mode 100644
index 0000000..e1daf52
--- /dev/null
+++ b/OPP/openvpn/keys/laptop-opp2.crt
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 42 (0x2a)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Dec 11 23:42:21 2017 GMT
+            Not After : Dec 11 23:42:21 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-laptop-opp2/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:be:e2:3c:f6:9e:27:34:e6:b0:ad:39:90:d5:9d:
+                    d7:14:bb:30:5f:ff:97:90:f4:6d:a2:00:6e:6a:18:
+                    6e:da:09:e8:02:33:00:b3:1f:a1:e2:e2:82:de:5c:
+                    96:49:ac:48:d6:c4:44:ed:97:76:6b:8d:d7:ed:39:
+                    42:d7:da:5d:46:68:4a:a5:7f:d7:c3:df:a1:ef:8d:
+                    18:8f:2d:94:c4:b8:21:ec:03:e5:60:86:58:b9:26:
+                    f1:a9:27:d8:08:a0:c5:46:1c:f7:69:61:44:ba:59:
+                    1d:6b:b5:93:93:52:8c:77:3e:33:38:22:f1:02:20:
+                    22:96:fb:fe:08:db:80:5a:0a:9c:84:79:74:9c:ba:
+                    58:ba:13:91:ef:a9:0d:20:7b:24:ce:f7:65:78:87:
+                    ba:2c:13:db:f3:2a:43:b0:a5:6f:b7:ba:2b:be:32:
+                    a0:ce:6b:05:93:dd:82:f2:db:3e:44:51:69:a0:07:
+                    83:dc:75:e5:49:e6:b9:c7:50:d3:d3:72:de:12:7a:
+                    30:02:73:6a:8f:ad:3a:91:10:aa:2b:6b:19:fc:e2:
+                    9b:9c:85:14:8c:4d:2c:02:35:61:59:d4:48:74:c6:
+                    71:01:80:96:80:49:6f:2e:e8:d2:b4:d3:4c:86:6e:
+                    41:81:06:05:2a:33:7f:61:78:53:c6:d1:27:fd:ef:
+                    9f:df
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                9A:0A:4A:D8:6A:29:DC:4E:AB:96:B5:37:F0:D6:4B:52:76:91:85:70
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:laptop-opp2
+    Signature Algorithm: sha256WithRSAEncryption
+         6e:38:fe:df:26:b4:ca:9e:d9:7c:50:1b:8c:4f:a8:1a:ac:a4:
+         fd:e5:93:bc:66:f5:cd:12:1c:31:84:4e:8f:77:b3:dc:2d:a1:
+         e5:45:5f:d1:e9:fd:4c:42:60:e3:9b:a3:da:90:eb:30:a3:c6:
+         97:29:7d:04:34:cf:81:bf:d7:0f:54:e3:38:fe:21:e9:b0:ca:
+         37:ad:51:ac:26:31:71:19:09:a3:3d:8a:b3:04:a9:e1:a7:bb:
+         1c:9d:97:be:e5:f7:63:df:53:a9:07:84:23:e1:0c:87:f0:59:
+         58:bd:9e:1a:b5:4e:c0:6a:8d:a9:49:a5:29:ae:37:6e:4c:69:
+         20:d9
+-----BEGIN CERTIFICATE-----
+MIIElTCCA/6gAwIBAgIBKjANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MTIxMTIzNDIy
+MVoXDTM3MTIxMTIzNDIyMVowgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAyMRAw
+DgYDVQQpEwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL7iPPaeJzTmsK05kNWd1xS7
+MF//l5D0baIAbmoYbtoJ6AIzALMfoeLigt5clkmsSNbERO2XdmuN1+05QtfaXUZo
+SqV/18Pfoe+NGI8tlMS4IewD5WCGWLkm8akn2AigxUYc92lhRLpZHWu1k5NSjHc+
+Mzgi8QIgIpb7/gjbgFoKnIR5dJy6WLoTke+pDSB7JM73ZXiHuiwT2/MqQ7Clb7e6
+K74yoM5rBZPdgvLbPkRRaaAHg9x15UnmucdQ09Ny3hJ6MAJzao+tOpEQqitrGfzi
+m5yFFIxNLAI1YVnUSHTGcQGAloBJby7o0rTTTIZuQYEGBSozf2F4U8bRJ/3vn98C
+AwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNB
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmgpK2Gop3E6rlrU38NZL
+UnaRhXAwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIw
+gY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMw
+EQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
+ZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAW
+BgNVHREEDzANggtsYXB0b3Atb3BwMjANBgkqhkiG9w0BAQsFAAOBgQBuOP7fJrTK
+ntl8UBuMT6garKT95ZO8ZvXNEhwxhE6Pd7PcLaHlRV/R6f1MQmDjm6PakOswo8aX
+KX0ENM+Bv9cPVOM4/iHpsMo3rVGsJjFxGQmjPYqzBKnhp7scnZe+5fdj31OpB4Qj
+4QyH8FlYvZ4atU7Aao2pSaUprjduTGkg2Q==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/laptop-opp2.csr b/OPP/openvpn/keys/laptop-opp2.csr
new file mode 100644
index 0000000..3759917
--- /dev/null
+++ b/OPP/openvpn/keys/laptop-opp2.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC8DCCAdgCAQAwgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAyMRAwDgYDVQQp
+EwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL7iPPaeJzTmsK05kNWd1xS7MF//l5D0
+baIAbmoYbtoJ6AIzALMfoeLigt5clkmsSNbERO2XdmuN1+05QtfaXUZoSqV/18Pf
+oe+NGI8tlMS4IewD5WCGWLkm8akn2AigxUYc92lhRLpZHWu1k5NSjHc+Mzgi8QIg
+Ipb7/gjbgFoKnIR5dJy6WLoTke+pDSB7JM73ZXiHuiwT2/MqQ7Clb7e6K74yoM5r
+BZPdgvLbPkRRaaAHg9x15UnmucdQ09Ny3hJ6MAJzao+tOpEQqitrGfzim5yFFIxN
+LAI1YVnUSHTGcQGAloBJby7o0rTTTIZuQYEGBSozf2F4U8bRJ/3vn98CAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQAFQcwLwPOYUN4j+Hx+zmJXi3UqoGXCrGwYgm0M
+Cl/12uZ32chsBrbE5FlvD5hbslXsT0B46qFPsi8qhOmQzb0FiinUwivP8NetgI61
+8RSrFnhDvcqjlh6p/3efUaLBgOtw3aoU5QGMzG0halP27pvsjAWDNXqWEjmmkxvr
+X41Ik2Ui6MldjEdKLVVDGJeu0b0e7mhGDIA0CNi4Ipfz9O3D9tdWOasDs/YjPJLs
+CbS8ecE+bmEoHNyZQ/NBNY5NHes4+vEUT4wUyWB8wyx+ptCItaPIs/XWCUJx0gY3
+SHlUJDDFycRZJGAXkH4ep9QZSjNM9t6sKuf6Kal0gmR/H+lM
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/laptop-opp2.key b/OPP/openvpn/keys/laptop-opp2.key
new file mode 100644
index 0000000..b510c20
--- /dev/null
+++ b/OPP/openvpn/keys/laptop-opp2.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIQGWwJ/0e9vkCAggA
+MBQGCCqGSIb3DQMHBAgYCqryO9FhewSCBMj8TDpUkZHLx1K//VFwpVIB18bMXyhF
+DErbYLXoUeqYPIiZ+Scu1HsHPpVq3whDybcSRDFLL/cKsHRmJzbowHakxI5KABJG
+iW+nxWHmeL75GTOGOexv+WmyjFce0LNTSuoQrLPg5JKZl6sTiq55+0uaU8MqxrXN
+nGv98J/s8AR8u5PVpkbta79gKQEgkQQhd/0FNDLF/2zvrJ4eZAekHwwXBairatWK
+NSu18vJuqX6LzHfxS6d/boexCVsPgp1GfQQP3pQsvafCpUWd5pdrSPaaKEUNPLrt
+39uoybJUMHJLBaAE1VukBXHQUIrhzjYO3cEU07UUJH/91+MNMjFjN5W+FtaIHyuy
+BGlg06x/lVEuuXWXoBw6z9ucIkVsbXo4KsXJWjrCmMyCKpSg2NUY/X6OcjX/oe/M
+FUg08ZoRuE5cWuE00Xc4dGfAaQ0ILlfZr32rBzsCLGE1QaV6qwncWVO9uyK1eIF/
+ekVytBuYRxqNI3zaNG338gDNB5SZZnYlnYqx9BeTenYJXuZp6tqiK1QrL2+Da2m8
+GrL2U9pbihl1QfOURKZMmSY4kiDlyFq6Gg+1YkHKGmc8kx2hGH8VEo9O0nlQ2Dd6
+xPSmio9yHSfkBte+rcPCc35DggBDOd1ZFIgs/m9d8xrxPx8Fn0f//duFbfqdKmty
+hyFksx7ToXRNQamOedaegSxyQ/62okzuQHLhgAQb368asVjfYnlb/o2CBkVLT/t3
+3wyV8waSK1Wlm8aEG33TUBb1QA46qY8Xl3JEdPRLxrSO9BAaU5AlNvhXcg1yvAml
+nvS/2aF/5VHHeh7F2eq2WhFR5CBbOSC20Oxx/PeHcgORxxNzDsbsUWVKhLvB8V6O
+fqz9hsQ6uGG4foFAfEXHA5p/RLXzJT+N2lwAlmq4awyTrddDOptOjnHiUFTcrt0Q
+3AA6QZN6Poi7wTPfdW71/NqwJbxSoW+ZwD5gc6KPc9LGJ4aoTv6hUleK7oVPYlhP
+Nu5ql85bVe3f2FWuYA1pt2uP80OgLy0Sfyx8zrkDLB5IlA7N7krc3BDW4fOuezow
+tYzPypdjhIgUtQEe9+g7UyuK9GQmolakAptcznIgAdpyANuxm6ZzTFZeCnbj5gji
+Bwft3pWz91KUJ9puK8NhgYLK0kX6/1tkzWN1HAJ7EuUVEVDZa84sG18TzP8qA7CV
+S44VmC+G3naDsAhiUkElbOzs9Mon8cMy4WRO5bozwMyPnk2GQAthGI99g+PA7ZJj
+Nnlc9DCxRHhT3sCVw9Hrg6fe/fi2Eecvq94rSHVM5duVlVug0ah9Q1/acA/bmPuE
+h+jIhieD0oduPJ0n0nFRh/m4mRqqVsT981xK+tXOznB2AIlikX/Clb1rWlaWNvO/
+RqnY123/TsAD+fsRVfS0UZY5y4SujSJr6swGuURSpnJnrNR7mRBLVvmOEmknoLRO
+5eLFkWJ2+G1k6nUDcmoVOzicndpPrk87MXFXFA/75UdNLpg+iJv00n5X6oTwokwR
+Cz61T0uYO/R+8eBvIym4ym4ks2H5fZ/tCxzyGrUcCT5Zd9nQ5oQBzaoxfcCqwZlF
+Oxq3/4xNfvrv1KMPUVYDj7zMUDv4Au775yIGBomhayCmDZDzsB6wZL4pMsWZFedB
+5Co=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/laptop-opp3.crt b/OPP/openvpn/keys/laptop-opp3.crt
new file mode 100644
index 0000000..5f468c0
--- /dev/null
+++ b/OPP/openvpn/keys/laptop-opp3.crt
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 41 (0x29)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Dec 11 18:30:48 2017 GMT
+            Not After : Dec 11 18:30:48 2037 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-laptop-opp3/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:e6:3e:4f:7d:ed:eb:e3:06:a0:2d:99:55:5b:9c:
+                    18:ca:7d:07:3d:76:ff:94:ec:1b:5a:21:d4:be:3b:
+                    2b:50:8b:72:48:55:33:7a:54:29:6b:d8:bb:11:cf:
+                    9a:7f:9c:20:69:fd:6e:7a:21:ac:19:46:db:2e:18:
+                    36:6d:4f:91:3b:e4:a5:6a:33:23:c6:06:62:c5:d5:
+                    28:c3:c4:28:3e:38:16:e6:03:64:95:18:13:19:95:
+                    e1:ca:da:41:a6:1c:99:56:16:eb:f2:70:c0:67:dc:
+                    0c:dd:d8:bc:6f:61:07:7d:02:76:c3:2c:f4:80:4c:
+                    42:e8:55:97:a0:a0:ea:78:1e:71:8a:bb:7b:bf:b5:
+                    2d:55:a6:a1:34:0d:3a:0e:d4:02:32:93:2b:3c:b3:
+                    b4:81:1f:63:39:c8:e6:2a:e9:ac:4f:93:bd:2a:6d:
+                    bf:b3:77:9b:d8:7a:27:0d:b2:44:d9:e4:b9:0f:cc:
+                    b0:27:5b:fb:32:a2:79:77:55:d8:b6:d0:63:c7:98:
+                    c5:44:47:4f:4d:67:22:e2:40:98:e0:0a:0f:bc:95:
+                    46:d7:4b:37:0b:e9:a7:11:a8:fd:07:f8:18:6d:59:
+                    8d:54:11:fc:9e:23:62:14:64:62:cf:0d:49:5d:41:
+                    95:c4:d3:ec:d4:03:e6:2e:69:15:6b:3f:36:15:66:
+                    58:c1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E7:EA:35:7F:B7:31:07:50:5B:54:2A:7C:35:F7:D7:40:CA:9F:B0:DA
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:laptop-opp3
+    Signature Algorithm: sha256WithRSAEncryption
+         46:4c:22:41:b0:fe:36:db:c2:e6:97:fc:50:ff:74:26:42:0e:
+         1f:0f:dc:76:8c:ea:3c:24:b9:b2:d3:8f:e2:5a:19:57:bb:15:
+         c8:4e:e9:fa:06:b8:61:1d:65:e9:46:2a:c6:cf:55:c5:1a:81:
+         7a:cb:0f:2e:5d:6a:bc:55:7a:a8:df:7a:16:62:6a:75:9d:de:
+         19:75:0d:58:2a:3d:92:c1:bc:79:52:b8:df:19:24:ac:63:fd:
+         b0:ce:8c:65:12:c5:03:c9:62:e7:14:85:ec:3a:20:6b:93:25:
+         ca:37:7b:5d:3a:7d:b2:f2:14:cf:e6:cc:de:5e:aa:d5:29:a2:
+         fc:07
+-----BEGIN CERTIFICATE-----
+MIIElTCCA/6gAwIBAgIBKTANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE3MTIxMTE4MzA0
+OFoXDTM3MTIxMTE4MzA0OFowgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAzMRAw
+DgYDVQQpEwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOY+T33t6+MGoC2ZVVucGMp9
+Bz12/5TsG1oh1L47K1CLckhVM3pUKWvYuxHPmn+cIGn9bnohrBlG2y4YNm1PkTvk
+pWozI8YGYsXVKMPEKD44FuYDZJUYExmV4craQaYcmVYW6/JwwGfcDN3YvG9hB30C
+dsMs9IBMQuhVl6Cg6ngecYq7e7+1LVWmoTQNOg7UAjKTKzyztIEfYznI5irprE+T
+vSptv7N3m9h6Jw2yRNnkuQ/MsCdb+zKieXdV2LbQY8eYxURHT01nIuJAmOAKD7yV
+RtdLNwvppxGo/Qf4GG1ZjVQR/J4jYhRkYs8NSV1BlcTT7NQD5i5pFWs/NhVmWMEC
+AwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNB
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU5+o1f7cxB1BbVCp8NffX
+QMqfsNowgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIw
+gY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMw
+EQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
+ZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAW
+BgNVHREEDzANggtsYXB0b3Atb3BwMzANBgkqhkiG9w0BAQsFAAOBgQBGTCJBsP42
+28Lml/xQ/3QmQg4fD9x2jOo8JLmy04/iWhlXuxXITun6BrhhHWXpRirGz1XFGoF6
+yw8uXWq8VXqo33oWYmp1nd4ZdQ1YKj2Swbx5UrjfGSSsY/2wzoxlEsUDyWLnFIXs
+OiBrkyXKN3tdOn2y8hTP5szeXqrVKaL8Bw==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/laptop-opp3.csr b/OPP/openvpn/keys/laptop-opp3.csr
new file mode 100644
index 0000000..a55a323
--- /dev/null
+++ b/OPP/openvpn/keys/laptop-opp3.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC8DCCAdgCAQAwgaoxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRwwGgYDVQQDExNPUFAtVnBuLWxhcHRvcC1vcHAzMRAwDgYDVQQp
+EwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOY+T33t6+MGoC2ZVVucGMp9Bz12/5Ts
+G1oh1L47K1CLckhVM3pUKWvYuxHPmn+cIGn9bnohrBlG2y4YNm1PkTvkpWozI8YG
+YsXVKMPEKD44FuYDZJUYExmV4craQaYcmVYW6/JwwGfcDN3YvG9hB30CdsMs9IBM
+QuhVl6Cg6ngecYq7e7+1LVWmoTQNOg7UAjKTKzyztIEfYznI5irprE+TvSptv7N3
+m9h6Jw2yRNnkuQ/MsCdb+zKieXdV2LbQY8eYxURHT01nIuJAmOAKD7yVRtdLNwvp
+pxGo/Qf4GG1ZjVQR/J4jYhRkYs8NSV1BlcTT7NQD5i5pFWs/NhVmWMECAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQCDcX0qi/0qb2hLcUiVaVWFYre0zx7AzQcS3SS/
+Y+V/8GkjdQA1VxeHtqJhqRCoHG/yPTE9Hg1jdnfI1Vz6mgHFP/izKP5uf7AoFUDX
+mBSHIDBSa8zWAzXj1jCUOwUuxQqg1TlsuhpUtczRe5EF51nQWgnG5lnzhkhdmCo1
+RzWILlmyYhT/0YDtE6x3tBZiIdZdcl1dvZQ9wWBIOFalueW4z/DR4V7BSHhZaeoF
+nKuePosRDwSo9P5BwHa9RQue0GBJp77EdbJ/KPyEpDou2Xv6Oih2bJyjwPHxnPk0
+LKC+D32wq0/FPtfdX5/QNkc0i2K27jgOayq8nQzC76aY46Lp
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/laptop-opp3.key b/OPP/openvpn/keys/laptop-opp3.key
new file mode 100644
index 0000000..907af7a
--- /dev/null
+++ b/OPP/openvpn/keys/laptop-opp3.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIPc/olWb82e8CAggA
+MBQGCCqGSIb3DQMHBAjhtAZshhbq9ASCBMhnZCLp5esIptXvS4mIfbJfO1lRdMwz
+cCUUw5htYnETJZ6E8f2oisM0pYKCkKEXY/C/G0lXpQYduzIDYv3dK2t1pfHbebp+
+KHWWojuMmoXxcE7I4cxrf61dnz7huYHJsUGzJR43IlV9i/VFWvqcPA4ei5Ir1PLG
+3Vn6IlYJlw6BhOWH5Dh7ay080rsqOuQ4rXSqhodKJ4XMal3XCLzhCUm2NyK+bgTX
+kM16O+4QVhG+X8Rq+zUkyLXFuxgc/GEdOGJejHOp4u14ojVkPRD7oj2CPZjnNpen
+3BvxV40lCv7XLXeeTonmWTEsdYnbGeNhFG92TCVvLA/FVo8QaIUUL9OgxIPg2Y0Q
++ui6kUZW97Q1tICvkNC5ZBWv24OXPPELJfxFvNlibw0J6osQ0HJEOxGCFUeJ6e6w
+eW28vof72aW5mtaq74KBlcIfOvdC2sylKxAVIpVGV8SICz928CA16oad9nvnqSTZ
+PLvDwwkQyQL2UoafxovxSHFCH2FdTDPScjfmd+M68TpVZWOpWQFnW5PDIF8ipNla
+nZvWvv8826LY08YNgAUDHtXEGQWUeqB22uel1QEkFWqoVADqmGW7VANvEbuORhMG
+yCbQ66wUbOmaSiAMUX965eXNBPOg7ZWoHEvAxtid94eJK8g9cXKPwKg+ggUx4CYu
+Dexga2P8jYIdZfK8mfFoLuz+A5buCm/nwpEnORPIhoO9NzvGzfUeSy+BJZeM0Ol4
+5eN4NuHzhSiSi6PdIf5oTOS3+lxCQe53OULsRfSZ87jF/bGTMFIR58fLCgte2JYC
+6Z7C09L07+BP/c2yRrI5qiRdYf3xgjsQdQqYgYQCuIu3a/gcvGpneJH/hSTiS/Or
+G5suQ56fjkh6BnPcQ/KRCtsHeR0RaZe66UR+ilI3DRSzBG5BM/+cHI2ZvETu5dsX
+JsPfmvRqcZ5h/GkJ69Sw9h/6DMYvNfZ/7ABwWgS80vX879JCC/G1epjTsI584PXy
+0HcWXe1ZbTECpgZE2D7dnd9yYTFlYJIdCAhdUK3MfML+rLwL6voY5Wi0+OmiAGhP
+9u4jrJpY9lSnD8okZXPyeqX4zDH2F+o5NQ+6lL7rCviaLbBSsAHj255yS/FYH+Wl
+4MV6uprLf1VW97Lk8KU9/uEJfBsKLls7i0zHQJcWHmiyciX7R62KTyKwzyuHdC/Y
+SGy9KEUesA8281oBeIQEPQSGmJJrn90BoDu/Y8zeNOkPma0wRtSUhg8ybncHlHU9
+T8cvY+ZYeHMqOUMzji4FvALqtVSzrxwmRkPhHN9CCJyY4zS2PtuyzKLUKNiL1JF/
+qk5oxoaoEcC6y/eb9Z5WwjNUguvAFjzulzqZ28g47hWQ2o7blkGWv6q1EHY5H8LC
+kBGvrZpXRmysDJnQs17DZi9/AxT9REtPsHSy8zXxk3b5SBBlziiPbta9UQVdas1g
+u4VMXRioJ1AOoSTx9VeOKyp+3AVf8Fbrt189+ea8Hvdx74YTn97O5LFYxyYom5Yd
+eKMH/s62EM+YTE0Px/7MEkXS5ShHGymp3OnmWJ5WA3Go/iBT9SWnPPVExeskhCCd
+PXpHe50srF4NQXISqPWHrGdwil/TDaNbgHv9vloOqpziKAQID92C7I1beeNJ15QC
+e64=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/levan.crt b/OPP/openvpn/keys/levan.crt
new file mode 100644
index 0000000..652c6f9
--- /dev/null
+++ b/OPP/openvpn/keys/levan.crt
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 32 (0x20)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  7 17:28:13 2015 GMT
+            Not After : May  4 17:28:13 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-levan/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:aa:dd:c2:b4:70:21:3e:f0:67:5d:11:fc:51:03:
+                    ff:82:dd:7a:21:af:9f:0f:c2:2c:a3:4e:d1:5b:a0:
+                    67:d8:a6:02:0e:9f:e9:77:76:4e:d5:85:26:4d:03:
+                    28:66:72:4c:50:51:18:e6:e0:e4:bc:a2:7d:49:a6:
+                    55:0e:f6:32:7f:d3:97:53:99:00:70:74:3a:24:d6:
+                    d2:7d:13:60:ee:30:d3:1b:92:81:8a:38:e7:67:dc:
+                    20:68:7e:c7:2b:8e:3c:5e:87:c4:a9:ce:bd:fc:29:
+                    50:06:ce:f1:fc:0e:1a:f6:d3:e0:35:cc:b7:99:fb:
+                    19:ef:5c:b0:56:32:b6:c0:df
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                4E:EF:C7:3D:3F:C3:39:B7:BB:3F:4A:C4:65:38:12:1A:F6:52:28:80
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         26:c4:4a:04:f5:14:97:b4:73:91:97:86:10:53:5c:5f:c4:d3:
+         61:cc:b8:38:f3:f5:1a:6b:a7:7e:49:c8:76:0d:0d:a9:ca:55:
+         c2:de:17:33:3b:76:d8:93:11:79:cf:f4:37:82:1e:c7:fd:c9:
+         38:82:5c:2c:7a:42:bf:40:8e:db:56:fd:a3:a1:73:f9:84:c4:
+         60:7f:4b:f0:36:80:b4:da:67:18:e2:85:91:6c:6e:18:c6:e0:
+         34:4e:5c:8d:21:ed:cc:3b:3e:33:9f:74:9e:dd:52:76:3a:6e:
+         a2:44:ff:fc:ea:1f:b0:71:dc:9e:7f:a3:f4:b8:c9:e7:5e:18:
+         c9:98
+-----BEGIN CERTIFICATE-----
+MIID8zCCA1ygAwIBAgIBIDANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE1MDUwNzE3Mjgx
+M1oXDTI1MDUwNDE3MjgxM1owgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWxldmFuMRAwDgYDVQQp
+EwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAqt3CtHAhPvBnXRH8UQP/gt16Ia+fD8Iso07R
+W6Bn2KYCDp/pd3ZO1YUmTQMoZnJMUFEY5uDkvKJ9SaZVDvYyf9OXU5kAcHQ6JNbS
+fRNg7jDTG5KBijjnZ9wgaH7HK448XofEqc69/ClQBs7x/A4a9tPgNcy3mfsZ71yw
+VjK2wN8CAwEAAaOCAUYwggFCMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
+c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUTu/HPT/DObe7
+P0rEZTgSGvZSKIAwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+Oh
+gZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
+BkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZp
+Y2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQE
+AwIHgDANBgkqhkiG9w0BAQUFAAOBgQAmxEoE9RSXtHORl4YQU1xfxNNhzLg48/Ua
+a6d+Sch2DQ2pylXC3hczO3bYkxF5z/Q3gh7H/ck4glwsekK/QI7bVv2joXP5hMRg
+f0vwNoC02mcY4oWRbG4YxuA0TlyNIe3MOz4zn3Se3VJ2Om6iRP/86h+wcdyef6P0
+uMnnXhjJmA==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/levan.csr b/OPP/openvpn/keys/levan.csr
new file mode 100644
index 0000000..0010c93
--- /dev/null
+++ b/OPP/openvpn/keys/levan.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB5TCCAU4CAQAwgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLWxldmFuMRAwDgYDVQQpEwdPUFAt
+VnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAqt3CtHAhPvBnXRH8UQP/gt16Ia+fD8Iso07RW6Bn2KYC
+Dp/pd3ZO1YUmTQMoZnJMUFEY5uDkvKJ9SaZVDvYyf9OXU5kAcHQ6JNbSfRNg7jDT
+G5KBijjnZ9wgaH7HK448XofEqc69/ClQBs7x/A4a9tPgNcy3mfsZ71ywVjK2wN8C
+AwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAA1CnC/qfp5Uwnl+hhFC+tCPEIlgapGP
+iBzvILF8QhryH9PBD7Cz8VUpdOnEDiYkxAj2Zl8d5avnCrwmkkMs/LBdJyDvOF79
+QRU9RysHaq+dICNs2cZACDqmpjff/uNCcrP3iEptvpYwHHniqAsIgMnYYtyVyYnD
+HcCdhW5sPRCd
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/levan.key b/OPP/openvpn/keys/levan.key
new file mode 100644
index 0000000..629a668
--- /dev/null
+++ b/OPP/openvpn/keys/levan.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQITrvzpDp8EVECAggA
+MBQGCCqGSIb3DQMHBAgW3fXPLyzDJASCAoAiI55uM0hHPQrHEVHJB1q5L88AR+zK
+FqDgTUY54IfGwBwxda+TVCBuSbzBc+u9GEZtzyPhiZL9qhg7Fs+mt7oVJQ2uPQJM
+gUDJ4aJZ9amlB1HeaufuZcovLOMKgrU7jFUoNFXJMQVdUocKCbMAAoPcU7a6PAem
+5IIXNKGgWrWGiDDrj8YfIWLYMTqpeNcme6VUwRqDHCB4/92TTKba0UhV2gUhGsFq
+G8BcUDnclAorEXBZeIqz2CicZb9y0rDpbUyr/+lU57yb/n8GmiKRkuGFSSP0y8rQ
+uDhqP0xcighnhaMlyb421dNl/Mzsw7vI8XaBscbnFeVqpI/fDD2zRGPhS8O/1GY0
+/1K8ID5Dam5pPQVC5kFp4B3lSxX3Wx2kjoMo08rMh86G1iEwBboPOrg6e+CYW/96
+OrY5tgpwJHIBPZT4ckNPQWsJSDfP4ldrDe2rCxdhmdyReuoFRKPjvav8/gtTsPGh
+d1quhh8k8aIT3fD5inHBwNDyCxJ+dTp+JmMnDpwOD7+r5Dl20izsogjnT1I2R7CS
+5+K4bj6Lbkq+amJLbckm3GLVW4ycHl9+ited0o6isJjKGH6MwpNsvaUbwcHH8kwq
+4KyL908tU2RFuEJUjtPQBZmVX2qc8ivOM5Ja2Bt5xFhc+Ag/dbcQM2APHgtiLm10
+lkBkEvTteYr97P1RJWmAW7DCnSa9kDv858e/b8YUX4yo68bWTz0SuAmxHf6E3/6C
+FWrHYkp8DU46qIGd/bGCyMP19qXyBAeOIjI5Uttozzvv+WsNyTEWz4lXYgYDeoeW
+56X1Pyi6x2nzYvhCCIRJcfaKpKhBvGgnQNLxuOop7qDslOXoO4koqYoE
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/marcus.crt b/OPP/openvpn/keys/marcus.crt
new file mode 100644
index 0000000..d60e978
--- /dev/null
+++ b/OPP/openvpn/keys/marcus.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 24 (0x18)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Dec 23 02:21:18 2012 GMT
+            Not After : Dec 21 02:21:18 2022 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-marcus/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:98:8d:de:2b:01:17:86:b1:56:21:97:d4:3e:f4:
+                    9a:67:5c:b2:3d:91:74:ea:be:93:cf:8a:39:25:a6:
+                    c5:e0:82:8f:ee:f8:5d:65:5a:20:bc:4e:2d:3b:c6:
+                    5e:ef:00:08:5a:83:78:5a:fc:54:ea:8d:61:83:61:
+                    ad:97:97:f2:cf:61:2d:c0:cd:e1:6b:ef:aa:dd:25:
+                    ed:cf:4e:8c:4b:00:56:6b:9a:00:97:38:66:41:09:
+                    78:63:1c:ca:41:5f:d5:c6:ec:a5:67:a3:d7:1c:99:
+                    78:51:c4:19:34:42:a6:07:df:03:cc:e6:7b:79:8d:
+                    27:fe:79:05:ec:34:b8:ee:69
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                C1:7E:EB:5A:31:B4:AF:71:E0:05:10:95:FA:91:59:43:95:49:F9:72
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        a1:7b:87:06:ba:82:b7:63:d7:72:50:f7:2d:fa:38:4b:28:05:
+        06:79:20:ea:22:0c:20:48:b6:a1:e2:fa:5d:e9:23:4a:3c:53:
+        24:95:aa:5b:00:43:40:8b:c7:76:bb:40:bb:64:26:3d:b1:8f:
+        b5:ed:fe:cd:0a:a4:af:ce:ce:5c:ac:fc:46:81:78:4b:c4:50:
+        e0:fa:e5:9f:04:31:d8:6e:7a:a7:32:f1:89:e4:de:ca:53:27:
+        b5:80:5e:c5:ca:91:c7:ab:a4:93:21:d8:c6:6a:ac:76:66:e9:
+        e1:aa:53:3b:b5:7e:23:9a:dc:ab:ce:99:1a:55:da:ed:ba:fe:
+        fd:2c
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBGDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEyMTIyMzAyMjEx
+OFoXDTIyMTIyMTAyMjExOFowgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
+MBUGA1UEAxMOT1BQLVZwbi1tYXJjdXMxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYjd4rAReGsVYhl9Q+
+9JpnXLI9kXTqvpPPijklpsXggo/u+F1lWiC8Ti07xl7vAAhag3ha/FTqjWGDYa2X
+l/LPYS3AzeFr76rdJe3PToxLAFZrmgCXOGZBCXhjHMpBX9XG7KVno9ccmXhRxBk0
+QqYH3wPM5nt5jSf+eQXsNLjuaQIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFMF+61oxtK9x4AUQlfqRWUOVSflyMIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
+FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQFAAOB
+gQChe4cGuoK3Y9dyUPct+jhLKAUGeSDqIgwgSLah4vpd6SNKPFMklapbAENAi8d2
+u0C7ZCY9sY+17f7NCqSvzs5crPxGgXhLxFDg+uWfBDHYbnqnMvGJ5N7KUye1gF7F
+ypHHq6STIdjGaqx2ZunhqlM7tX4jmtyrzpkaVdrtuv79LA==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/marcus.csr b/OPP/openvpn/keys/marcus.csr
new file mode 100644
index 0000000..2cabad4
--- /dev/null
+++ b/OPP/openvpn/keys/marcus.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB1DCCAT0CAQAwgZMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRcwFQYDVQQDEw5PUFAtVnBuLW1hcmN1czEdMBsGCSqGSIb3DQEJ
+ARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJiN
+3isBF4axViGX1D70mmdcsj2RdOq+k8+KOSWmxeCCj+74XWVaILxOLTvGXu8ACFqD
+eFr8VOqNYYNhrZeX8s9hLcDN4Wvvqt0l7c9OjEsAVmuaAJc4ZkEJeGMcykFf1cbs
+pWej1xyZeFHEGTRCpgffA8zme3mNJ/55Bew0uO5pAgMBAAGgADANBgkqhkiG9w0B
+AQUFAAOBgQB9cSkjo5qYZaLun2ZuguPo903tvKmR5X01lqopdJW1rxceZRKrxmDZ
+IGl9h6++wcmmgE9rH/Q15lfZdp2kP1+wvNyo0wYAhS07GTf+bZxYzJL+jzIapXXF
+uaPbiDA8xNH4ChusSgs1yLIuvyo0Uphw2FHz/MKjiLnomocUejvG7A==
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/marcus.key b/OPP/openvpn/keys/marcus.key
new file mode 100644
index 0000000..6ce971f
--- /dev/null
+++ b/OPP/openvpn/keys/marcus.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,17B9907A94C0924E
+
+krHc1xE84ce/mYSlw95UdKuic+wC1J1cAIMq170+Lez43232Qy9/evNW8lVl7BXS
+9fs9ayCX8Xdr5lyCOxWukZQ6Lk2tySBCkdTFnhDQgUXjwx9tNqLmMkajF/GrGyJ0
+Tn+LQG5r6Z05ogE+4naWH12iE9OMqGNNIebbNbmTc1jYMUtKgWIuQkpe+9DMWBN+
+PhKHM7BA420Z9E74KmkhmAJYdHgSle7U7Ca27IY/u9gXUoa+MxLsET+KTY665NJq
+KP8+H9Hsw3zVQmu2XR9s/UfayOFYcMJBEATI9K7dBDB3zTblcYHmFfXSxpAW7AZz
+bbFHmpitgkzC657Xw6d/TRktYGQbNbi6Zwsc2dcQuyHtpiF443fN77m5N4g/7IgQ
+MghSlTImS+K9r357UQN43cXRIpgEoKk+22H/fLGtxVDlkYmx9MNzXnmGNooJFIkS
+FcV164sSr3FOSZ6oQANsRNIJtHy79gUyh0fgPzng7kKrNwsQCVsTzsdglZEXDCLt
+BbKpiAB8JcB/EHHR/vx0xj0LJPWskVj8v07GKwQCvW8mD0oKnm9OuDAzXUvR/bj+
+mv0yYA2ZRvJeC7ZFYIanzmmMH5EuoKLsFzvp+79+beKDD24x8xbQVjxi5cmfzH6s
+pfXY6suLB4wtzVbj+TzMPuP+W12V5oShO2Q0ifUuBMkgUNEyem593l72yy1CERcf
+O9gR8hUpP0yHCFRhds00EkllKDvb9FixL8EWO9JGVLZhLuYead5yOcop0tdT2aXT
+v8kWDFBcGdNg9u7HgjapeTKjBnI1bYNsC5knB1TugR41PcJUN5qCRw==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/martin.crt b/OPP/openvpn/keys/martin.crt
new file mode 100644
index 0000000..9083543
--- /dev/null
+++ b/OPP/openvpn/keys/martin.crt
@@ -0,0 +1,73 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 29 (0x1d)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Feb 26 13:41:01 2015 GMT
+            Not After : Feb 23 13:41:01 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=OPP-Vpn-martin/name=Martin/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:bd:c2:d1:06:7f:d6:33:69:5a:69:4c:19:a3:83:
+                    5d:99:6c:14:c2:5e:38:c7:5e:50:b2:df:30:ff:9f:
+                    25:3d:dd:d0:71:64:4a:07:ab:28:e5:79:09:bd:b2:
+                    e1:ca:86:81:ef:e4:de:78:3f:b5:8c:fb:d4:02:83:
+                    28:48:c5:35:bc:75:b1:73:d7:6c:b5:e2:93:5e:ab:
+                    34:ad:f8:70:f5:21:80:8d:f2:05:15:2a:95:e6:d0:
+                    7e:aa:72:d3:83:54:0d:c1:47:54:e7:d8:bc:0c:4a:
+                    23:ae:7c:45:51:a2:80:54:e5:5e:e7:71:7c:0f:8f:
+                    2a:c2:fb:d7:ca:2e:b9:1f:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                27:90:98:28:41:A9:F8:4A:C6:A4:C3:2E:7E:4E:A8:3F:14:6F:08:F6
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         52:fe:14:82:ed:e1:68:51:06:22:42:96:07:66:45:5c:dc:84:
+         ce:ad:cc:f7:48:55:83:53:c8:49:08:ea:45:1a:d7:98:42:38:
+         11:4c:c6:2c:d4:c8:e0:f8:9a:e1:0d:42:4f:30:3b:fe:97:fd:
+         c1:57:6c:07:b9:5e:41:6b:10:37:b2:a3:ce:0e:2f:44:30:6d:
+         3a:2e:8b:d0:d7:35:62:20:cc:d4:f9:94:08:dd:48:e7:e4:af:
+         ff:cf:ab:1b:d8:21:fb:47:c9:6f:e5:eb:4b:07:1a:b4:7c:f1:
+         19:1b:85:27:fb:66:b6:69:2b:d9:e2:b7:40:15:2e:3d:ad:0f:
+         57:fc
+-----BEGIN CERTIFICATE-----
+MIID8zCCA1ygAwIBAgIBHTANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE1MDIyNjEzNDEw
+MVoXDTI1MDIyMzEzNDEwMVowgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBO
+ZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5PUFAtVnBuLW1hcnRpbjEPMA0GA1UE
+KRMGTWFydGluMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAvcLRBn/WM2laaUwZo4NdmWwUwl44x15Qst8w
+/58lPd3QcWRKB6so5XkJvbLhyoaB7+TeeD+1jPvUAoMoSMU1vHWxc9dsteKTXqs0
+rfhw9SGAjfIFFSqV5tB+qnLTg1QNwUdU59i8DEojrnxFUaKAVOVe53F8D48qwvvX
+yi65H80CAwEAAaOCAUYwggFCMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVh
+c3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUJ5CYKEGp+ErG
+pMMufk6oPxRvCPYwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+Oh
+gZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcT
+BkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZp
+Y2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZYIJANdEFItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQE
+AwIHgDANBgkqhkiG9w0BAQUFAAOBgQBS/hSC7eFoUQYiQpYHZkVc3ITOrcz3SFWD
+U8hJCOpFGteYQjgRTMYs1Mjg+JrhDUJPMDv+l/3BV2wHuV5BaxA3sqPODi9EMG06
+LovQ1zViIMzU+ZQI3Ujn5K//z6sb2CH7R8lv5etLBxq0fPEZG4Un+2a2aSvZ4rdA
+FS49rQ9X/A==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/martin.csr b/OPP/openvpn/keys/martin.csr
new file mode 100644
index 0000000..32a639f
--- /dev/null
+++ b/OPP/openvpn/keys/martin.csr
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB5TCCAU4CAQAwgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRcwFQYDVQQDEw5PUFAtVnBuLW1hcnRpbjEPMA0GA1UEKRMGTWFy
+dGluMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAvcLRBn/WM2laaUwZo4NdmWwUwl44x15Qst8w/58lPd3Q
+cWRKB6so5XkJvbLhyoaB7+TeeD+1jPvUAoMoSMU1vHWxc9dsteKTXqs0rfhw9SGA
+jfIFFSqV5tB+qnLTg1QNwUdU59i8DEojrnxFUaKAVOVe53F8D48qwvvXyi65H80C
+AwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAAbHwaYJ8nHx6+Kq3P6WT5YhjBeT4yqY
+p7alkcNBB/gzXamKn09SpEqrdqgXxcOfcbben7kfv4Hrd0HGNovoWtI6PeqlwhRa
+NNo+7kdZ+urQYeXVIySTrQSo2nA45zTZy5HWQ/EFKbM8noSdHog+AqdHo8Oe/egT
+ogNureTG7l4s
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/martin.key b/OPP/openvpn/keys/martin.key
new file mode 100644
index 0000000..58bab78
--- /dev/null
+++ b/OPP/openvpn/keys/martin.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIz96DhTpKhgACAggA
+MBQGCCqGSIb3DQMHBAgBw4f5jJLv/ASCAoAHP6Iq7UbdWO5nFCUhuJsb1qvHUomN
+Uaydr8SidsCyoKAG7iZSwnfhhq+u1kh8xdcQGm5QUy3KiDvXs/S0rjVXQY+SNOBK
+95tz0Z2yM1ty+UrwFrWesTDgkuEkZQGBpGXKuCoBkY1/hcyp7s5uvt4RJ7j3QTSJ
+mS+MBh5CiESR7OirJRfAh5M/dyd/jCnjTND0Xl+YgTfOsjnV/MAsiu0q+RqPV2So
+ViHqaWd4v9bdQOjIfW1eaf4cen00Tj4mTBQazgppJ74N14dqXYfrr4yLmNNrAv14
+34l33gdohU34qavhvh2xhwOD/DKwfohopEuiWae8x1GD2VkvAJfdPFp0ymXW91IH
+h9DIXXw0adZtUAumDNyWBYjQLQurLJOQ856FfbUHL1yzCFxWgiw9q7V7jgy1fanb
+l+3E3zc3EPmJZVD5NKZ6wm5loOA52DG1tNMprhbX9qBiL8FzkKKDzhyHFcKvtPHt
+repHKU1HWoJTEsPXtAlw99LfHAOBh66hn2hjRtmnX9yxfpK7eN7Mnh4g+0B80kLk
+PVw9G1ysCSsZKSbwL/kYnxvYCGKhZ8eW+3AG+rCzcLzZ6tMp7A2+9+6thByicenB
+W8pK3ZqXe/wU42K64yFK5iQvLSNlMwhEtZ3JrDHGBHus/PMAwvxAhxSWg6N7J2Nm
+UGDxNnKxzYY6GgBsyAenQqmN/NloURK37W7Liw12JjoB7xjNDnThPptxRerPHV7L
+++JpsoWR3yfKD/ejJ8bIoRkfQ/iHXkP+/b5DeJVnnXim5EIpSOyEUHd2dnJN8RfJ
+vEWDzmBqsVihI0ppAApfOTpVTZXGUtaNRhlg7n1FBBsLEpbjrwHqrHQb
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/mb.crt b/OPP/openvpn/keys/mb.crt
new file mode 100644
index 0000000..26432f2
--- /dev/null
+++ b/OPP/openvpn/keys/mb.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 19 (0x13)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 01:28:34 2009 GMT
+            Not After : May 17 01:28:34 2019 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-mb/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b6:88:ff:06:65:6f:07:f5:4f:0d:39:54:49:cc:
+                    a7:d1:78:6d:2d:33:b2:8a:1c:0d:38:28:59:ce:e0:
+                    f8:c9:89:f4:4e:8d:50:1b:49:02:3d:be:29:54:d7:
+                    11:e1:28:aa:bc:58:21:59:83:ca:d5:ac:22:17:82:
+                    78:4d:1f:b6:b3:bf:07:74:b1:2c:6d:0c:2a:76:8c:
+                    20:f8:f5:fd:6e:22:05:21:11:ec:fa:d4:36:43:23:
+                    17:28:a9:2f:e2:58:43:77:c3:ec:6a:4a:95:03:82:
+                    68:48:3c:e2:67:35:32:96:d9:13:f1:4d:f2:3a:b4:
+                    d5:95:66:df:66:8c:2a:92:31
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                15:34:0E:3A:7A:CE:4E:CA:4C:D5:21:93:9D:C6:A3:FE:EA:FB:13:79
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        8d:04:f9:93:dd:95:23:39:c1:c2:e5:d7:24:99:eb:fc:83:7a:
+        c5:26:b9:82:73:cf:f4:30:ab:9b:77:0a:75:93:a7:18:1a:c5:
+        cd:05:3f:47:90:c6:0b:90:70:d5:7f:93:c8:d2:a0:42:f9:53:
+        45:9c:0a:68:0f:f6:31:57:11:ae:c1:3a:ef:c7:de:3e:76:ce:
+        b7:92:e4:0d:33:9c:59:3a:4f:3f:b8:d1:0e:76:47:0d:c5:1a:
+        dc:18:2d:f0:e4:e8:c6:9d:c0:1c:f2:84:58:ea:ed:4e:e7:5b:
+        f3:c8:01:b8:e9:d0:23:2d:d7:bb:1e:f4:84:ab:ca:e4:b3:dc:
+        fb:a0
+-----BEGIN CERTIFICATE-----
+MIIDqTCCAxKgAwIBAgIBEzANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA5MDUxOTAxMjgz
+NFoXDTE5MDUxNzAxMjgzNFowfjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMw
+EQYDVQQDEwpPUFAtVnBuLW1iMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5k
+ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtoj/BmVvB/VPDTlUScyn0Xht
+LTOyihwNOChZzuD4yYn0To1QG0kCPb4pVNcR4SiqvFghWYPK1awiF4J4TR+2s78H
+dLEsbQwqdowg+PX9biIFIRHs+tQ2QyMXKKkv4lhDd8PsakqVA4JoSDziZzUyltkT
+8U3yOrTVlWbfZowqkjECAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJYIZIAYb4
+QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQV
+NA46es5OykzVIZOdxqP+6vsTeTCBxAYDVR0jBIG8MIG5gBThTcNr9HyBexayzG0k
+bMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEP
+MA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdv
+cmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQADgYEAjQT5
+k92VIznBwuXXJJnr/IN6xSa5gnPP9DCrm3cKdZOnGBrFzQU/R5DGC5Bw1X+TyNKg
+QvlTRZwKaA/2MVcRrsE678fePnbOt5LkDTOcWTpPP7jRDnZHDcUa3Bgt8OToxp3A
+HPKEWOrtTudb88gBuOnQIy3Xux70hKvK5LPc+6A=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/mb.csr b/OPP/openvpn/keys/mb.csr
new file mode 100644
index 0000000..8923262
--- /dev/null
+++ b/OPP/openvpn/keys/mb.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLW1iMR0wGwYJKoZIhvcNAQkBFg5h
+cmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtoj/BmVv
+B/VPDTlUScyn0XhtLTOyihwNOChZzuD4yYn0To1QG0kCPb4pVNcR4SiqvFghWYPK
+1awiF4J4TR+2s78HdLEsbQwqdowg+PX9biIFIRHs+tQ2QyMXKKkv4lhDd8PsakqV
+A4JoSDziZzUyltkT8U3yOrTVlWbfZowqkjECAwEAAaAAMA0GCSqGSIb3DQEBBQUA
+A4GBAFliymkGKXS5U4OnR1usQ27IyDO3Nu/PVJOL5++2bvwTMH4z5a33P9bXdKwD
+qnyPgxK1Ew/qjRMQYc6/vyi/DbFrcS1SVHdbwM88lBA+xdTOoLhJUsyX5ItVtKWy
+jNBPXhj0/d5laneWBq5VtV4ndi88H/olWAYtD70nbmMIzq/V
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/mb.key b/OPP/openvpn/keys/mb.key
new file mode 100644
index 0000000..4c03765
--- /dev/null
+++ b/OPP/openvpn/keys/mb.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,A89406C1EE64E159
+
+kdJzvfXoVxlmNKQqL2LMAKM26ZUInPmtmFzVJcdXmZ5AcKMxlOADMGqlCyQklxsI
+b0SDYrxwDvmEmbYb+25itSGtfn8TQvr7jtW2M+OqeeVt0DfVi9fkvOGc1FoL93u0
+7IHAJAG5RLVpzjOCXtHFPAJ6Oc/84FYVc7IrxFOkG8z1eCxFPcsEBojg8QWVhoLK
+9xgsBPJchue/HufDbbTLwi+DiXYX87kM0FjGzHwc1UG7xSuoZ1FH5wna7YnzR8MY
+E+DfedwyEgp3Q9NSj9vO32UcAhPkAbPW33dZWr5WbjHBYR+j7kzScH90RcNYcnVs
+ccq97S20ar868XS3vafYym+GhZ5/s0aEwo4355SWG7ZH8jJ6zKFcaIjqoAF01Ew+
+ysiHR/aEpSjpHJ9iU41ryc3XvdkkTH5QDTVvPtsro+9PYguRA6CFNsYy67fpDkN5
+erh8lJRj6b8AyF6TpfLWXw5JzThoPZqXVypJVwRuLcHt2Akrnf+yX7EgeaOPEu5V
+3GHKmea79e1iZdzaJoHfHR0jOasiuFmv7824Hw1K160ilCwEqjkSDsPNy1gR63SE
+F/JeLGIoswbX+pB6iH9QrLWCHErSmNl2dUMSLsrIvMzFwqfGmCJUtLvJp/WuAwMx
+gmkLwMQw6JH8SiMJTl2K/vs6JRAS0Dpv2TrtvQf8sWtelPH2FycSW9VI6wgH1kvn
+9cTy9A7iJFZ8OkrwCLwE9JxIzhbXbJ23xTxEDGNKTJRxYqVkNOc18uTN3c5x1OOK
+jKt6D0zicQb7HsCZAQErk2Y1pIn1T600ygNgTAqabyKCtfTDCgS/Pw==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/melanie.crt b/OPP/openvpn/keys/melanie.crt
new file mode 100644
index 0000000..986417b
--- /dev/null
+++ b/OPP/openvpn/keys/melanie.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 10 (0xa)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:14:45 2008 GMT
+            Not After : May 17 14:14:45 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-melanie/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b2:b8:c9:51:71:56:49:22:c5:0b:cf:66:3c:64:
+                    78:95:e7:b3:58:25:4f:31:fa:25:ed:bc:e5:69:e4:
+                    58:84:ca:86:3c:7a:94:39:ae:66:f5:99:7b:36:3c:
+                    f9:84:92:ca:24:e6:1b:f8:9c:f6:81:ca:fe:c7:db:
+                    70:2d:bf:2b:dc:ce:cb:63:1c:e5:79:66:46:83:45:
+                    5b:70:2c:69:3f:cd:0b:5b:95:e5:b2:ca:b9:17:7f:
+                    45:74:e0:0f:d9:f8:12:57:45:9f:2e:c3:85:af:bf:
+                    13:f4:80:e1:67:44:8d:04:80:17:a7:aa:0d:f5:be:
+                    54:6f:11:99:94:76:ec:f4:6f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                C1:FB:C0:38:B2:6D:8B:92:3F:3F:78:3D:5E:E5:17:67:1D:25:B7:4E
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        8b:78:28:3d:87:71:36:a1:e7:66:cd:07:6f:1c:f5:43:80:7f:
+        cf:67:dd:5f:14:b4:e3:33:05:53:36:e0:53:62:e3:16:d7:ca:
+        85:b0:d4:64:72:57:15:fd:c5:54:ac:d8:98:98:5d:43:e5:a8:
+        f8:bf:cb:f9:79:ed:8e:6e:8d:4e:5c:3a:1e:ec:e3:ad:ac:c5:
+        ec:5a:91:7d:2d:9d:c2:6e:51:38:55:6a:0f:27:1b:b6:a7:9d:
+        78:fc:bf:29:d7:a8:93:83:cf:72:62:5f:51:39:5e:f6:f2:e0:
+        59:09:f0:96:4c:25:02:03:21:22:0a:d2:2b:4e:26:53:b4:e6:
+        ab:68
+-----BEGIN CERTIFICATE-----
+MIIDrzCCAxigAwIBAgIBCjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTQ0
+NVoXDTE4MDUxNzE0MTQ0NVowgYMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEY
+MBYGA1UEAxMPT1BQLVZwbi1tZWxhbmllMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsrjJUXFWSSLFC89m
+PGR4leezWCVPMfol7bzlaeRYhMqGPHqUOa5m9Zl7Njz5hJLKJOYb+Jz2gcr+x9tw
+Lb8r3M7LYxzleWZGg0VbcCxpP80LW5Xlssq5F39FdOAP2fgSV0WfLsOFr78T9IDh
+Z0SNBIAXp6oN9b5UbxGZlHbs9G8CAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJ
+YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBTB+8A4sm2Lkj8/eD1e5RdnHSW3TjCBxAYDVR0jBIG8MIG5gBThTcNr9HyB
+exayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
+cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
+EG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG
+9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQAD
+gYEAi3goPYdxNqHnZs0Hbxz1Q4B/z2fdXxS04zMFUzbgU2LjFtfKhbDUZHJXFf3F
+VKzYmJhdQ+Wo+L/L+Xntjm6NTlw6HuzjrazF7FqRfS2dwm5ROFVqDycbtqedePy/
+Kdeok4PPcmJfUTle9vLgWQnwlkwlAgMhIgrSK04mU7Tmq2g=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/melanie.csr b/OPP/openvpn/keys/melanie.csr
new file mode 100644
index 0000000..1162236
--- /dev/null
+++ b/OPP/openvpn/keys/melanie.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB1TCCAT4CAQAwgZQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRgwFgYDVQQDEw9PUFAtVnBuLW1lbGFuaWUxHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCy
+uMlRcVZJIsULz2Y8ZHiV57NYJU8x+iXtvOVp5FiEyoY8epQ5rmb1mXs2PPmEksok
+5hv4nPaByv7H23AtvyvczstjHOV5ZkaDRVtwLGk/zQtbleWyyrkXf0V04A/Z+BJX
+RZ8uw4WvvxP0gOFnRI0EgBenqg31vlRvEZmUduz0bwIDAQABoAAwDQYJKoZIhvcN
+AQEFBQADgYEAQgzDtumG4w6WKdSlIkHZeiUOo30BMvoauaLGEqGwnQOhAzeZofnG
+5P2SOMtwZA1Q9KJh3payhys6xYLnGHOMR3F7TjRVnHgs+Yn847r65cptfstpLrrP
+o/PYsVQa9ZBg+jVd5I387VH7SDLpht+GHxYtYcBTGm8ZcwK1alHIFaM=
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/melanie.key b/OPP/openvpn/keys/melanie.key
new file mode 100644
index 0000000..99ca6bf
--- /dev/null
+++ b/OPP/openvpn/keys/melanie.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,49E87330890E4916
+
+HTtzYIot+XdPgSdA9x1LzF1Jt9XFY5CoXUkrfKwJFxaGAsrdJ5eYTCFcTqNKJkpt
+3FsHw3P9avfu2ntktc5EJE4v336yivv0hpwfUw0HgiOaIBYmMls7IIJTM2bMNeXe
+ZlJSv8po18gdIIPLGLGbjElKfbjf2spjug1S30eJAUkmWsrfR9hDNrc9WLjGHLVW
+r6LFUk1Is4BigvWiNu1mS5trmqTyAbUyUIXocQQU+jAg0S/Mh1Q1mfHer0nFXDQC
+lWuyhh4Zz9F3rugbVP9+YP4F/R2qzcWL+4mwNcq7aEKVjhaOCmdzMOerHfw1fWIr
+QzxDxQ/mxSbgXH2S6gXMl6xQk4NDjIZaPzC1tBfGDQ2PSH+bXxXTDnljB8VpyneW
+VWcYmR6J8wKyg+ECrSHklMy07svy3HUXnPcNXlKimOTRuvStD4HYZn+eGPGpzZrS
+eKFHLTbuRzTMSqYwch2q1nm+96ExYJvSTkzAYEygOrK+l4KzmBDYl0eZvBa7Mexz
+r/nWZ1EVh45sVewEH14IdUQrPkwoLv+Fh86mc5Pk7B4oW6E8dokm45KeCaVKp6qy
+FKBEwlLXf4pKT4+ZNx3vf3NtjW5gU9c8RJ8+Gk7mZ6qzTXTfhwDgmZl24paNUO3/
+tM66sbHlcpqr5P6PUYlsMoVV+0YVRbFL5Je0rAPQIi00PVStzF8n2ek87IsJ3t8i
+DlCmlNGf2YuSeD5XlEn5e6v6d9RegmUmjazKBLsGnK6xQ4GF+ys2Etj3+n+tGYIH
+3wOWfWKJmEmWwnVci2V3R4SLIxHk3w2nz7sL4cecsyi4f8oBB+C/Gg==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/nadja.crt b/OPP/openvpn/keys/nadja.crt
new file mode 100644
index 0000000..b8ebd76
--- /dev/null
+++ b/OPP/openvpn/keys/nadja.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 14 (0xe)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov  4 11:43:45 2008 GMT
+            Not After : Nov  2 11:43:45 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-nadja/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b0:66:79:ce:2a:e3:aa:4e:0c:c2:0d:ef:57:1e:
+                    c2:86:7a:b0:7f:6c:f7:99:de:ae:d9:37:88:68:2e:
+                    08:85:cc:1d:b9:dc:be:82:92:cd:2c:02:e2:3b:65:
+                    75:34:cf:9d:58:8f:f2:d6:16:a0:78:44:41:a8:fa:
+                    59:eb:9c:7d:96:ed:56:9b:0a:0e:02:30:c9:95:96:
+                    d9:f5:75:2b:40:91:96:35:85:da:26:74:1c:75:5b:
+                    bc:1c:64:64:3d:ac:88:6f:d4:ce:19:76:02:f3:b8:
+                    6a:ba:1c:78:f4:c9:51:e3:0a:76:e6:88:89:42:5e:
+                    67:ef:f1:49:ca:27:3d:be:8b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                7A:EA:DF:B3:C9:13:AC:8A:27:EA:7D:9A:44:EE:10:A6:0D:80:D2:85
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        98:03:4b:16:65:fa:f9:c5:72:8c:1a:dc:c6:58:b7:a5:b6:2b:
+        c6:fd:30:ba:7f:8c:df:17:e7:3d:ca:a8:e9:9b:14:85:ff:55:
+        52:9c:c5:a0:b6:99:18:42:fd:43:f3:8e:37:db:ec:a7:5b:ed:
+        8a:e7:40:8b:17:92:dc:e8:ee:58:d3:c1:07:49:45:86:b9:8a:
+        55:d6:81:e9:d2:42:58:b8:8b:6e:fe:2b:49:43:cb:14:a2:ff:
+        6f:a7:d8:55:13:bf:92:16:8e:69:cf:26:1a:5a:51:cf:9d:5c:
+        fd:e8:78:9b:0f:dc:32:df:08:21:06:e9:48:f5:b8:4d:b1:d7:
+        e3:af
+-----BEGIN CERTIFICATE-----
+MIIDrTCCAxagAwIBAgIBDjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MTEwNDExNDM0
+NVoXDTE4MTEwMjExNDM0NVowgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
+MBQGA1UEAxMNT1BQLVZwbi1uYWRqYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALBmec4q46pODMIN71ce
+woZ6sH9s95nertk3iGguCIXMHbncvoKSzSwC4jtldTTPnViP8tYWoHhEQaj6Weuc
+fZbtVpsKDgIwyZWW2fV1K0CRljWF2iZ0HHVbvBxkZD2siG/Uzhl2AvO4arocePTJ
+UeMKduaIiUJeZ+/xSconPb6LAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUeurfs8kTrIon6n2aRO4Qpg2A0oUwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
+ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
+AJgDSxZl+vnFcowa3MZYt6W2K8b9MLp/jN8X5z3KqOmbFIX/VVKcxaC2mRhC/UPz
+jjfb7Kdb7YrnQIsXktzo7ljTwQdJRYa5ilXWgenSQli4i27+K0lDyxSi/2+n2FUT
+v5IWjmnPJhpaUc+dXP3oeJsP3DLfCCEG6Uj1uE2x1+Ov
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/nadja.csr b/OPP/openvpn/keys/nadja.csr
new file mode 100644
index 0000000..fdadf75
--- /dev/null
+++ b/OPP/openvpn/keys/nadja.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0zCCATwCAQAwgZIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLW5hZGphMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsGZ5
+zirjqk4Mwg3vVx7Chnqwf2z3md6u2TeIaC4Ihcwdudy+gpLNLALiO2V1NM+dWI/y
+1hageERBqPpZ65x9lu1WmwoOAjDJlZbZ9XUrQJGWNYXaJnQcdVu8HGRkPayIb9TO
+GXYC87hquhx49MlR4wp25oiJQl5n7/FJyic9vosCAwEAAaAAMA0GCSqGSIb3DQEB
+BQUAA4GBAGG5hEVpA5G43+2ysIskiy3V3MxItTmX7gZSz4Z2k5EO/pMDHc/zIt4o
+LX80/6BiW4iPvE01o8aSqsrUmQyxSaO1k9+FFnldnmFHRx+VQnMAIv0ya51k5u68
+1bWhoyKpYZFNTbxDXZHJUYJgodV7beBIqLNUIETxHeJTWyszKuiD
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/nadja.key b/OPP/openvpn/keys/nadja.key
new file mode 100644
index 0000000..e3ef1d3
--- /dev/null
+++ b/OPP/openvpn/keys/nadja.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,8259B3D81BA509BB
+
+1+/sqL2H+ueLSPViLIb9nVjw4hr+HHpolcup4xRPiB5ooLHrr1iMhHjSzMfzP2b0
+1p63CthtqLWUnSbl/B4gRYgd66Xp9sU0pPEZ5Y+PWMgoA+myk6KFLBFAh+0M2LTk
+N4KcUXHHOJUkpRh3leqHrYjt4gkia2eiO/eyCphPIbzxqnQS+JucLCwIXyxy/JR5
+JRIi5AVExnsPTzNYafNB/nqo+SDAAjdLKejn/m/kXVYC7P6TDPdJlfVCLODiuAc9
+qvuRU/35plrwN7pzV4j6JXP6YkocBVZqRXwqzF5EM6XJPg+75XKlFOCHyqFsWrYV
+KlF6SI5iN8Hdixsvl4OLkDKFp/Z5HNVaJKQgyE2HAcP8bIdiI6NtvuXHFKrdBUbz
+ajHXCirD1BjrTkA3HMWYVSZI6SwsvDaV4yngBU2rJOC9cJcBnvzZqBrqtQrge6Yj
+sxb+D2rqNIoc7nqnd8HTiFowONQWWOH9eqApWh7r6Ho6fG9G4cDcZypyTJZEg/Yi
+MRtbwREj3W8lQSo5hL4IZr6yw0LLXIjENTQmaC9hmKBolITSGRPEeXWAwmu150Kl
+dpgmfq2ICRvuNxcndMWBf4DrLbu1enqYNLRastEJYhz4jFgzvNDK1J2goJlQ3gam
++qM0Fv7r/vS4H427dUnbC7ldT2f9GFLaTJifOW0wsgjH6+L7/SwDDqdL5BmHcpGp
+dz1tXjuur41SfRqOXmDUbPzz77r+dzvxZHYMt7vSUleZFbqL28ybKHExLU4Nfwy3
+HN10YAiaMOc+smGxzrLSCsjd8phIe1I0Jb2jq4OnOU8=
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/oezge.crt b/OPP/openvpn/keys/oezge.crt
new file mode 100644
index 0000000..03e172a
--- /dev/null
+++ b/OPP/openvpn/keys/oezge.crt
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 43 (0x2b)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jan 15 14:41:55 2018 GMT
+            Not After : Jan 15 14:41:55 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-oezge/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b9:84:be:14:58:0d:4b:c1:ca:35:27:82:bf:0d:
+                    9f:f5:5c:8a:85:08:f9:c1:55:0b:d8:a1:0c:11:ce:
+                    30:20:dd:35:01:98:8b:98:d9:91:29:8c:6e:81:7f:
+                    28:94:60:e5:47:99:37:3d:19:8f:14:d9:7e:e9:d8:
+                    bf:16:4f:8d:d1:ae:3d:46:ce:b5:cb:36:b7:bc:70:
+                    b2:2d:48:b2:e7:24:76:7b:7f:6b:4f:7d:ba:11:b1:
+                    df:84:b8:c9:63:88:3d:8f:ec:b7:0e:f3:b3:e7:d5:
+                    65:f9:e6:b0:81:fa:23:fb:96:5e:f2:f9:92:f7:73:
+                    69:b0:2a:76:ca:7d:8f:be:10:62:b0:c2:d6:7f:c0:
+                    a5:d6:a4:0f:7c:47:9c:be:17:ec:50:fa:56:00:2c:
+                    0b:e6:31:d2:01:c6:69:9f:1a:77:cb:05:4e:7f:7e:
+                    2e:bc:88:76:e9:8f:c8:43:1a:9b:34:a7:df:d4:9e:
+                    52:4e:f8:77:10:b5:e5:1d:d9:f1:8d:3d:d5:4e:71:
+                    0a:4a:e3:c1:a4:2d:0d:50:5f:6d:a9:cb:60:f8:47:
+                    66:90:b8:a0:6e:8d:8e:eb:3f:88:eb:d2:f9:06:6d:
+                    05:ae:a0:fa:7b:04:ef:51:b1:3a:1e:5e:5f:3f:be:
+                    4d:e9:1c:c6:aa:6b:e4:05:63:2d:8c:ad:27:9f:ae:
+                    43:6d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                02:2E:C2:B5:17:63:A3:17:ED:D7:F0:71:67:BB:A4:B8:7A:25:C7:28
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:oezge
+    Signature Algorithm: sha256WithRSAEncryption
+         aa:6e:1a:e7:e4:7f:06:58:66:e7:eb:e5:7b:18:b2:b5:4e:2d:
+         08:4c:c9:aa:53:bc:5a:3b:b9:5b:4e:ab:b1:15:4c:cc:43:fb:
+         82:b4:81:db:22:41:fb:7d:80:f9:64:68:87:e0:f4:d2:8e:b1:
+         a6:2d:c4:21:1c:58:ab:45:c8:5e:ff:e1:00:5c:95:6b:6d:50:
+         86:74:98:db:c3:2a:48:f7:81:f4:fa:eb:f9:b6:28:ec:0b:e6:
+         d6:4a:6c:df:74:b6:1c:59:80:2d:55:32:f4:6d:b6:a4:09:85:
+         aa:fd:da:9e:e0:5b:01:ea:12:51:6d:e4:47:06:a7:0d:29:54:
+         89:0c
+-----BEGIN CERTIFICATE-----
+MIIEiTCCA/KgAwIBAgIBKzANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE4MDExNTE0NDE1
+NVoXDTM4MDExNTE0NDE1NVowgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLW9lemdlMRAwDgYDVQQp
+EwdPUFAtVnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALmEvhRYDUvByjUngr8Nn/VcioUI+cFV
+C9ihDBHOMCDdNQGYi5jZkSmMboF/KJRg5UeZNz0ZjxTZfunYvxZPjdGuPUbOtcs2
+t7xwsi1Isuckdnt/a099uhGx34S4yWOIPY/stw7zs+fVZfnmsIH6I/uWXvL5kvdz
+abAqdsp9j74QYrDC1n/ApdakD3xHnL4X7FD6VgAsC+Yx0gHGaZ8ad8sFTn9+LryI
+dumPyEMamzSn39SeUk74dxC15R3Z8Y091U5xCkrjwaQtDVBfbanLYPhHZpC4oG6N
+jus/iOvS+QZtBa6g+nsE71GxOh5eXz++Tekcxqpr5AVjLYytJ5+uQ20CAwEAAaOC
+AVgwggFUMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUAi7CtRdjoxft1/BxZ7ukuHolxygw
+gcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJ
+BgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0G
+A1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQD
+EwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdE
+FItVo9+IMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREE
+CTAHggVvZXpnZTANBgkqhkiG9w0BAQsFAAOBgQCqbhrn5H8GWGbn6+V7GLK1Ti0I
+TMmqU7xaO7lbTquxFUzMQ/uCtIHbIkH7fYD5ZGiH4PTSjrGmLcQhHFirRche/+EA
+XJVrbVCGdJjbwypI94H0+uv5tijsC+bWSmzfdLYcWYAtVTL0bbakCYWq/dqe4FsB
+6hJRbeRHBqcNKVSJDA==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/oezge.csr b/OPP/openvpn/keys/oezge.csr
new file mode 100644
index 0000000..a5657dd
--- /dev/null
+++ b/OPP/openvpn/keys/oezge.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC6jCCAdICAQAwgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLW9lemdlMRAwDgYDVQQpEwdPUFAt
+VnBuMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALmEvhRYDUvByjUngr8Nn/VcioUI+cFVC9ihDBHO
+MCDdNQGYi5jZkSmMboF/KJRg5UeZNz0ZjxTZfunYvxZPjdGuPUbOtcs2t7xwsi1I
+suckdnt/a099uhGx34S4yWOIPY/stw7zs+fVZfnmsIH6I/uWXvL5kvdzabAqdsp9
+j74QYrDC1n/ApdakD3xHnL4X7FD6VgAsC+Yx0gHGaZ8ad8sFTn9+LryIdumPyEMa
+mzSn39SeUk74dxC15R3Z8Y091U5xCkrjwaQtDVBfbanLYPhHZpC4oG6Njus/iOvS
++QZtBa6g+nsE71GxOh5eXz++Tekcxqpr5AVjLYytJ5+uQ20CAwEAAaAAMA0GCSqG
+SIb3DQEBCwUAA4IBAQBDAtCElbIBkp6K3UH/hIHaTE5bUnpB4twZ2BJebzJ5R85H
+Sxvnhatr4lsaEaf7qhQx6hzVg2bpDc/Om0Q41UvUJZ6RaFhW1447jr3ZrgIBtFHA
+WiUvyX/qexwZIxMwc1Zo6X6b/5R6MLgNsN7+M+GUezPMkBRQlRh45VhHub7Ln2mz
+IkIsF9iEaiFKiA89mpMJcqQJYTeCrpyZDSSLRvHnQWRZRoszXDufBBBKXBYLqrRF
+gkPX7sildhRHT+yWORAEs4DbYGcMfsnVB9pZBGvix9MBEeSvSrKoLz9iHJzVby+t
+AnwKR5aKfsD6ht3J5LslnCDDwqv8L2X686TYSoSs
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/oezge.key b/OPP/openvpn/keys/oezge.key
new file mode 100644
index 0000000..49070b0
--- /dev/null
+++ b/OPP/openvpn/keys/oezge.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQInZcrDe1GppMCAggA
+MBQGCCqGSIb3DQMHBAjoFMe8YudLQgSCBMja856e0ws511Wcto3qmJ3FNYtvYaty
+TFHOaVjXcDqbEyLOv5PztBV+P3kWE8LukwBnlrtcmxuEbsL2yZYmuKOeifZY+87N
+JLyqa6v/3HbmELSn1Zqf8xlgjjr6mmcyJDnORVN8j4lqK0NR2KAAG+2XDXV62EyV
+Umk5TD5LKzsSVvrUJzH0Ve2d/WklNJXJGqB021mJ5f1k1nRxcKW87eqSPMnEy6h/
+6m8moFa8YuFgljw0bnhRo4nP0rL2uIVtQhYXVc2pMc+Jg5TmUI6fyOR2j+FWcvgq
+R1SaHkNaV3Y+1Bb+ujvx5tlnVtiIrSXt7fKUa3NX/3ayAt6PSsWAWbM3hF1oRTsX
+yu7+s/S3sOk1cwOJOYEZMMSb4BOTBnR89dAFQYZl2XmClM1oJW1/01QL8Z3KANf4
+vETbDD03CbGiU7FsKxVjAGUpaI9dvbHNY9L+G2crH4fl+Vqx0Y9XN4Ql7N4xT1LR
+PMTAmkE7msA5QIRpVnqIq1QPa8nR7lSeMQR4yYjMcAEdVykHFJzAifJ/QI9vwzpJ
+5ndp4vvGmHmx0nRCRcwWWLdEdlkL6nfAddW/zrBtVOXX6QzH6G3ab1D8EhrzMe1c
+UJ0dswBz1/nWl/eOdznkddGgu97SQun2wrsvFrkvpaZSSlLMrP+BhoBcWp7wHfWO
+z3cyzbsga9lxT275lYeN3aEL29y/riQ/fgNqi7P3S8CtFo3oG3CICAeLZIzJiHlE
+IoK7tpeGaUgwh6zA3X5p51I8u3WEcq9H8jUhmujSoKkD5RLGSPsh8ZL3S20b8lLW
+CVUBh0Z21jWpCsqA6gPuYcBtIg5NYGvinOvvIpSwEOXYOiTM9cfiQWwqJjBaA1gr
+GAtJwel9lg44D2V8owCKKrvtTS8TYsD+6pKZMWQnhNSQvQg/3pKWlCklQpKKLFsz
+yM3Ga4hCMT3y5XIzIo+Rosd/4m77E02NMO8o/ijCuELUNjQEBFEvESRU4N9DfEqh
+nSPEjh9ADJZzAg5wbEIWSvBBZNlqrir6R6s5ncU8tYNsnrpbUyOnY5QMkyBjfxZQ
+GnQLpy1SmShTpDvqglJjS34HPIJPNCsOd2vjxrMHmgMovjC+8uXIijKbHRTSYENy
+MXJOW2S2ThEZeIHdTxS0NZkeuyxENSeqS7sXtq2nWPMXn4U8bTiVC0EHX3Qz7Afo
+1dzNc76vplz+SrVC+ukKnFA6JkHotxro5jUelzcWw9AV3y+Yv9PnRDCuvcQOmoLS
+rha8PvaEElZ+pUyueUzzTsLaBTO+eMIy4XagEPrYX89YDzHyVG0aHj5eTAofl5gb
+6tKKBmMiTP5mwSpxInU4BxF2BHr/9FTfBwDFTpvagGE9EA7q7CGMjlpQcSGIcIPN
+Mc8a/8O8jhP3DPcKzwBdw2XphM8ffuplX+wZEmxJwVlDBWiW9iODgnC3XeLAmyAp
+BOurcNIk5yI9Lyh31cTN/krn49L9JMVpqpHihN0PhUe+iHlYit3JvzBiNFT6xVco
+S+JWNZeKmc5t6Kx/piuGHvb5iXeCROjW9vDyTIRaqEudb6Mrhu4ZMp+2x0ZtER9g
+m9NpKZrJMz2CUgfs9WXyU5bK56OeFs2NSMnXFsXA3LT/27CeT5q6LBZYcmxfowiV
+Bf0=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/opp1.crt b/OPP/openvpn/keys/opp1.crt
new file mode 100644
index 0000000..526ba12
--- /dev/null
+++ b/OPP/openvpn/keys/opp1.crt
@@ -0,0 +1,72 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 31 (0x1f)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr  2 10:01:18 2015 GMT
+            Not After : Mar 30 10:01:18 2025 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-opp1/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:a9:12:a5:21:18:02:98:06:6c:da:dd:90:23:a2:
+                    f1:a7:23:c7:a3:2e:06:84:b0:56:17:3a:db:7f:7a:
+                    8a:7e:c9:f7:0a:55:a0:36:13:55:f0:d9:c9:2d:a6:
+                    65:fb:83:a7:7e:8c:21:aa:9b:d9:2b:4b:a5:64:35:
+                    e9:71:71:8f:db:f8:7e:e4:1e:ab:2f:bb:33:56:e2:
+                    bf:fb:92:d9:0b:a6:30:e6:56:d1:5b:cd:c1:0e:73:
+                    b0:e2:d9:8a:db:8e:de:13:1a:95:7f:b6:0b:84:f3:
+                    29:ab:af:79:88:b2:cf:b3:db:46:59:60:53:fc:df:
+                    d3:24:d7:2f:03:e9:7b:8b:23
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E7:A2:6C:EE:FF:91:F4:68:02:C1:04:D1:17:D5:B4:6A:28:CC:05:F4
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha1WithRSAEncryption
+         05:4f:19:5e:7f:45:60:aa:5d:73:1f:4b:d7:ac:fb:4b:92:d8:
+         02:83:62:fa:0a:b4:27:ae:2b:2f:b3:c3:58:d6:78:8c:1e:12:
+         e1:7d:b5:99:43:17:e1:43:97:6f:dc:ee:0f:99:97:b6:1c:30:
+         6a:d8:ee:c4:c3:33:34:91:0e:79:19:28:65:f2:08:f1:51:26:
+         1e:15:77:ae:6e:13:c9:b0:f3:a0:f0:89:46:d3:d6:6d:df:a0:
+         8c:0d:52:cf:b4:eb:db:c2:a4:57:d7:e2:d0:c9:60:45:aa:bf:
+         9c:f4:63:c1:c2:7e:4e:79:02:74:bc:e1:f2:dc:a4:3a:ee:51:
+         dd:8e
+-----BEGIN CERTIFICATE-----
+MIID4DCCA0mgAwIBAgIBHzANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE1MDQwMjEwMDEx
+OFoXDTI1MDMzMDEwMDExOFowgZExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLW9wcDExHTAbBgkqhkiG
+9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQCpEqUhGAKYBmza3ZAjovGnI8ejLgaEsFYXOtt/eop+yfcKVaA2E1Xw2cktpmX7
+g6d+jCGqm9krS6VkNelxcY/b+H7kHqsvuzNW4r/7ktkLpjDmVtFbzcEOc7Di2Yrb
+jt4TGpV/tguE8ymrr3mIss+z20ZZYFP839Mk1y8D6XuLIwIDAQABo4IBRjCCAUIw
+CQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENl
+cnRpZmljYXRlMB0GA1UdDgQWBBTnomzu/5H0aALBBNEX1bRqKMwF9DCBxAYDVR0j
+BIG8MIG5gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZv
+Lm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1W
+cG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gw
+EwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUA
+A4GBAAVPGV5/RWCqXXMfS9es+0uS2AKDYvoKtCeuKy+zw1jWeIweEuF9tZlDF+FD
+l2/c7g+Zl7YcMGrY7sTDMzSRDnkZKGXyCPFRJh4Vd65uE8mw86DwiUbT1m3foIwN
+Us+069vCpFfX4tDJYEWqv5z0Y8HCfk55AnS84fLcpDruUd2O
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/opp1.csr b/OPP/openvpn/keys/opp1.csr
new file mode 100644
index 0000000..c70fdf5
--- /dev/null
+++ b/OPP/openvpn/keys/opp1.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0jCCATsCAQAwgZExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLW9wcDExHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpEqUh
+GAKYBmza3ZAjovGnI8ejLgaEsFYXOtt/eop+yfcKVaA2E1Xw2cktpmX7g6d+jCGq
+m9krS6VkNelxcY/b+H7kHqsvuzNW4r/7ktkLpjDmVtFbzcEOc7Di2Yrbjt4TGpV/
+tguE8ymrr3mIss+z20ZZYFP839Mk1y8D6XuLIwIDAQABoAAwDQYJKoZIhvcNAQEF
+BQADgYEAa4BgKD/0Y8ORqGkmyd1L0aF0TDESd4GUrfT8Opl64baWnOqo1VU1RJ9p
+9dCrdZmXhgnqbnxgTSyxIewq5koDzjSuTx/VHjG8vHqEkGk8nuNalykzFBdo+waJ
+J85jOkI898B4vy3ag8qXDBmf1sOVrbid0yoPmlLlEWnzu5Fg1Uw=
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/opp1.key b/OPP/openvpn/keys/opp1.key
new file mode 100644
index 0000000..251a9cc
--- /dev/null
+++ b/OPP/openvpn/keys/opp1.key
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIsHr74nG1MmgCAggA
+MBQGCCqGSIb3DQMHBAjoT5mhqVgENASCAoDnkscWmo0APEVQSpC5Wi86aJKGhzFr
+F8llTLR1U3iNwwkxUD7hYTxfmozdigoJqg0CX4zQhSAe/XNOm0W1BH0RJ1qUwEvv
+NhzAIGCO9xpmLBDwzlxrkPJ+8i18fT67ez74Oc74AtgMYE0YQUlkbCWjbRvIYI90
+amOQiS5I1vLtbnnXODoNza5i2HrDs2Zg6coYciZ3CZ10zMhmkQ5I9u2aqRi5IvKb
+4RClMkovtGQloIvazBIRm3wtrSjoKNxW7YZoZUND6LKnHT3FRL1hIcznRRpYFmB5
+FCQts3AzITrpYtbYC7vCCdyqG4KAZbyTgan5Y4bN+Hwk8ncaNaTCmd8JuBZaLYdS
+X7iwq+7W2w61dXw6/DcQ8Ibn8KEIvBSGmUHzw0ZZC31ehM9AS+YKd/gFljfR1tvK
+cstM0a8wlF9HmZ5GZKF6CAUnIXiUk4JZSQJaFXfFU68TspPCPUDcc3no3/GY+aG1
+hkBdd3m1nEIzoBfIKTlLrWSaRWcFS1rlttVHswFiatGMvExEDfg/tdQRLXPkALcp
+ezDscg3h5pvhACy6uteMl3dNi8Ny35uqGlcdYzUKcRCqR/cm3w12DzEwiE6KwAEc
+0m6XGrM5GHKVWouJkHje1kGdA2CHw2cFoinJtEzlJksgwA3+67UH4Ehtu3rAPHy/
+Lak36Sbd5YoavXP8zoxh2z6qe7k0zpwcXp6Vjyl37ioU/tY4HFnFAZbzqXMBxPKy
+kgEI4ctO40/eC5iHU21xdEWkhapIEYHZ7RMgp1BomJGZpxHMKn4FiE29ZLH4JYnV
+e2T/3zC1zV2FJUek7VuD6isxGs6KLNlzR0Wqe2CePirRiSK0+tpbVQuH
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/opp3.crt b/OPP/openvpn/keys/opp3.crt
new file mode 100644
index 0000000..6fe1ea0
--- /dev/null
+++ b/OPP/openvpn/keys/opp3.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 18 (0x12)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Jan 18 13:14:56 2009 GMT
+            Not After : Jan 16 13:14:56 2019 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-opp3/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d4:8f:de:a8:96:80:98:40:7a:d8:c9:bb:aa:2e:
+                    65:01:91:74:b0:ad:93:6a:c5:fa:e0:a6:e1:b2:9e:
+                    f1:8b:6f:a4:5d:e1:24:2c:47:f3:29:73:62:31:d2:
+                    59:86:8e:33:4f:b9:96:68:aa:1f:e8:45:a6:c7:d5:
+                    e5:df:9b:32:2e:96:12:82:cf:9a:3a:9d:cf:8c:fd:
+                    3b:7b:a8:e1:ec:77:ee:cd:c6:e7:2b:c7:c2:bd:fb:
+                    d3:54:e6:9e:4e:67:71:d9:bf:b6:39:9f:90:38:39:
+                    9a:fc:6f:ed:41:ca:5a:4e:02:2d:5a:33:80:ae:4d:
+                    f5:4f:cf:93:e3:7d:1d:64:ef
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E2:81:B6:2F:B4:D7:DA:A1:5F:ED:C0:73:DC:B3:08:87:DC:BB:06:75
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        47:b7:b9:a7:85:e6:f6:48:98:04:8d:17:23:17:c2:08:65:c8:
+        8d:6f:80:99:99:86:49:90:38:be:1e:9b:ca:82:4a:6e:b0:48:
+        81:b0:39:07:5d:7b:f2:e4:f1:9f:ee:65:97:ac:55:23:c3:8a:
+        ca:95:03:59:e4:3c:79:90:fa:56:44:0d:6b:53:74:51:32:33:
+        98:23:67:c0:b6:d6:f6:07:7e:e4:cd:13:08:18:f9:4f:a2:50:
+        1c:a9:13:05:c9:0a:87:bd:fe:35:ea:5d:a2:03:70:de:91:90:
+        80:82:b7:35:66:3f:d7:4a:29:eb:59:78:d6:ba:47:a7:92:73:
+        38:d3
+-----BEGIN CERTIFICATE-----
+MIIDrDCCAxWgAwIBAgIBEjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA5MDExODEzMTQ1
+NloXDTE5MDExNjEzMTQ1NlowgYAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEV
+MBMGA1UEAxMMT1BQLVZwbi1vcHAzMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1I/eqJaAmEB62Mm7qi5l
+AZF0sK2TasX64Kbhsp7xi2+kXeEkLEfzKXNiMdJZho4zT7mWaKof6EWmx9Xl35sy
+LpYSgs+aOp3PjP07e6jh7HfuzcbnK8fCvfvTVOaeTmdx2b+2OZ+QODma/G/tQcpa
+TgItWjOArk31T8+T430dZO8CAwEAAaOCASMwggEfMAkGA1UdEwQCMAAwLAYJYIZI
+AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
+BBTigbYvtNfaoV/twHPcswiH3LsGdTCBxAYDVR0jBIG8MIG5gBThTcNr9HyBexay
+zG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxp
+bjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5l
+dHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAbBgkqhkiG9w0B
+CQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDQYJKoZIhvcNAQEEBQADgYEA
+R7e5p4Xm9kiYBI0XIxfCCGXIjW+AmZmGSZA4vh6byoJKbrBIgbA5B1178uTxn+5l
+l6xVI8OKypUDWeQ8eZD6VkQNa1N0UTIzmCNnwLbW9gd+5M0TCBj5T6JQHKkTBckK
+h73+NepdogNw3pGQgIK3NWY/10op61l41rpHp5JzONM=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/opp3.csr b/OPP/openvpn/keys/opp3.csr
new file mode 100644
index 0000000..eb1a6cd
--- /dev/null
+++ b/OPP/openvpn/keys/opp3.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0jCCATsCAQAwgZExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLW9wcDMxHTAbBgkqhkiG9w0BCQEW
+DmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUj96o
+loCYQHrYybuqLmUBkXSwrZNqxfrgpuGynvGLb6Rd4SQsR/Mpc2Ix0lmGjjNPuZZo
+qh/oRabH1eXfmzIulhKCz5o6nc+M/Tt7qOHsd+7Nxucrx8K9+9NU5p5OZ3HZv7Y5
+n5A4OZr8b+1BylpOAi1aM4CuTfVPz5PjfR1k7wIDAQABoAAwDQYJKoZIhvcNAQEF
+BQADgYEAc2OgM0iXI833jzFHjzC1rAMVW1kWt6wLVdA3QmLZKx2LaBJGJbIbbsIU
+L5tBgyhDp0Cm6tq3lK7kVVng/I494Ms1PcPaf6Up5kdowd1/Jqiv7CvuOXqCFJMe
+iYPsZ2J3m6Ofjh1vNVtAfZTuTbe8Q2tRjzBgD81gz6BhE19TnLs=
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/opp3.key b/OPP/openvpn/keys/opp3.key
new file mode 100644
index 0000000..8f70435
--- /dev/null
+++ b/OPP/openvpn/keys/opp3.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FB71E49377F8C6AA
+
+VHqjN19c5vnT6I1om3P5ciG90u2YIqfy8Iii4ExQrq0HnGn2EEVwz9zbTWo0rB+x
+ZZqSPXhC13MCKc81Xdyg5PWIrMz21F3vROU3OcGmp/+kvhIq/EYVZZcwOhDGQROD
+BBeGos+KxcCBlh4rLDKpBppoz6pGCR6O05hEgyXco8rLwNR1wHGODxJNc5Kx/e3+
+kM59itNJwpZJyj/3cKoQ0DgkCfGU/YcpUb/nkbAHtKuReytcYbCWooz/Gd2neaC8
+zw3/RmMb9OOPKXRfRbGQWmzczO/khw2IHeI0WRM7oJPkOoE3+XZ5ZEUOEpbtGxym
+8MuclnhSt9tGhveup2nzB8V+LTatkGI9Lm3s/g1Jfhr0EcHiZ0d7C6UuNLukZbpK
+SOfGEr3/iGoLuZcYKHjyH1WHG5Vl3ScG7hIzSEbh2eUFH38Hzm5D3s/LeCNaOqDX
+0yoatcWDF+b2khK71uNHvl5WeCM8Une2SQ9wWqvtxuR/8N9Qrp9c5oYNEVzspPH/
+EH1C81Zx68CFnN2ONPtGFSbUjQj8441zYcQsm7JE77/ORAnEkm9eGoIf9sauArjn
+xOVYmShJJXmwRQS++xALiZFI3EUO/c2zAxy7VoR5ORi3QoG9WzkjFZHy0WrkQor4
+BkfjCBrXuN9wsiXb1aBsrmjbN3cpLvMkj2tLFNqwgBoCXfrh1PC3FXxY3ljOFx2C
++8RT4BFCXlQOmuxHwPLOrEj0E5bAoFFBLsEhGcYw1XzR6kXUv861GB9ZIjVrvU8b
+q8+mneNY9EcZNJ4jscbfg23QoayPXDxKRG6jGF7VLmtC3TYcKUMFeQ==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/revoke-test.pem b/OPP/openvpn/keys/revoke-test.pem
new file mode 100644
index 0000000..3b54437
--- /dev/null
+++ b/OPP/openvpn/keys/revoke-test.pem
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIDljCCAv+gAwIBAgIJANdEFItVo9+IMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMK
+T1BQLVZwbi1jYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwHhcNMDgw
+NTE5MTMxNDA1WhcNMTgwNTE3MTMxNDA1WjCBjzELMAkGA1UEBhMCREUxDzANBgNV
+BAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAX
+BgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2ExHTAb
+BgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC1RgTR9sLzgKQW/1iSnMYgrl0OIc9KUxg4lwnA0WcMTPk5iQrX6guV
+BAP6gTzf23qd1mwXqJDGIYaeA7D4KI3kKZdM6vCtKPZ+E2d4j8Kt5JzWAdy2fXVg
+75PCqY2KWfkAh8EGlxmGeSQCuDGqVeiL+ekbp0hx7M57Gst5yxN44wIDAQABo4H3
+MIH0MB0GA1UdDgQWBBThTcNr9HyBexayzG0kbMrdm5NT4zCBxAYDVR0jBIG8MIG5
+gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkGA1UEBhMCREUxDzAN
+BgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4x
+GTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4tY2Ex
+HTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QUi1Wj34gwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBgKYEcUleLw/trPJbbeI/s0ZKRGVki
+nk7jY7+k8qa88FqrTP3V7pgGnWunINBgTBxM1dH/H4p8DXiIGWJrY7KCddIJSA5J
+JiX7UJBXFQDXflP+MhqIdHfGjd37djMqUD2//WLAKuahxNSuf4L9FfoeNGghlYKX
+Y/hjEv3y78V8QA==
+-----END CERTIFICATE-----
+-----BEGIN X509 CRL-----
+MIICDTCCAXYwDQYJKoZIhvcNAQELBQAwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJ
+KoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZRcNMTgwMzAxMDExNzMxWhcNMjgwMjI3
+MDExNzMxWjCBtDASAgEDFw0xODAyMjgyMzU3MTVaMBICAQQXDTE3MTEwNDAwMDMz
+NVowEgIBBRcNMDgxMTA0MTIwNDA5WjASAgEGFw0xODAzMDEwMTE3MzFaMBICAQ0X
+DTA4MTEwNDEyMDQyNlowEgIBDhcNMTcwOTE3MjIxMDQ5WjASAgEPFw0wODExMDcx
+MzI2MzlaMBICARUXDTE3MDExNDE0MzYzNFowEgIBHxcNMTcxMTE0MDIzOTU1WjAN
+BgkqhkiG9w0BAQsFAAOBgQCuA9AAsn3ie5Qa6ZglnkJ+maI+seLV6C71zBcCXxTu
+epjv7TBw8p7aiE4bx+szg2SDNB56SHRs0ubjkOgXCAoB0gv5j5bUF8B6iIWRulR1
+AmmSMscNw7G+eajU3YP0iwOnex+ur0hKbEhu6JhQwGZG/8/f/LoQKO4gghWQM3bT
+7w==
+-----END X509 CRL-----
diff --git a/OPP/openvpn/keys/serial b/OPP/openvpn/keys/serial
new file mode 100644
index 0000000..11ddf0a
--- /dev/null
+++ b/OPP/openvpn/keys/serial
@@ -0,0 +1 @@
+2E
diff --git a/OPP/openvpn/keys/serial.old b/OPP/openvpn/keys/serial.old
new file mode 100644
index 0000000..fe909bb
--- /dev/null
+++ b/OPP/openvpn/keys/serial.old
@@ -0,0 +1 @@
+2D
diff --git a/OPP/openvpn/keys/server.crt b/OPP/openvpn/keys/server.crt
new file mode 100644
index 0000000..f823279
--- /dev/null
+++ b/OPP/openvpn/keys/server.crt
@@ -0,0 +1,70 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 13:17:18 2008 GMT
+            Not After : May 17 13:17:18 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-server/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:dc:bc:9a:57:b7:b0:ab:5a:cf:38:2f:0b:2a:94:
+                    29:d7:20:98:67:3c:fc:f7:1c:9f:fb:75:12:c3:0b:
+                    87:ab:a8:e2:d8:07:67:2b:9a:4c:51:33:2a:4e:e7:
+                    df:f6:be:32:98:15:62:42:d6:38:f1:fc:0f:34:87:
+                    b4:c1:1a:67:e8:b8:2a:b8:fb:f7:ed:d0:a6:54:0a:
+                    30:ea:ab:32:d1:52:01:d5:1d:f7:8d:2a:63:79:65:
+                    ff:cc:40:ae:75:68:b8:32:2f:0a:57:4d:3c:71:35:
+                    af:48:14:f0:b5:b5:73:5c:e7:e4:6e:6c:fc:7a:3e:
+                    47:b6:8c:87:b0:28:55:1b:b5
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                OpenSSL Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                02:6B:50:96:D0:73:B9:16:DC:FE:F0:90:50:EE:C2:00:68:2B:14:97
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        1c:e9:c7:6b:54:79:2e:c7:d0:89:0c:c3:ba:54:67:d0:e5:4f:
+        a3:5f:af:3d:39:74:4b:af:25:25:e1:20:be:af:1f:5b:94:26:
+        b3:95:69:8e:1c:8f:cc:b0:ce:3a:52:07:e1:8c:24:5e:f8:df:
+        d5:db:83:12:85:04:16:05:84:9f:c5:c9:12:a6:0d:da:30:ee:
+        6d:bb:92:dd:b5:24:98:61:e1:ec:d0:db:cc:c4:7e:3e:da:91:
+        a2:73:67:b1:60:10:16:e7:e8:d2:1a:e2:b0:75:a3:43:fd:29:
+        a3:c9:34:5c:19:03:cf:0d:39:2e:9f:a3:9c:f5:1f:6c:14:bd:
+        3c:a1
+-----BEGIN CERTIFICATE-----
+MIIDyDCCAzGgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTEzMTcx
+OFoXDTE4MDUxNzEzMTcxOFowgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
+MBUGA1UEAxMOT1BQLVZwbi1zZXJ2ZXIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcvJpXt7CrWs84Lwsq
+lCnXIJhnPPz3HJ/7dRLDC4erqOLYB2crmkxRMypO59/2vjKYFWJC1jjx/A80h7TB
+GmfouCq4+/ft0KZUCjDqqzLRUgHVHfeNKmN5Zf/MQK51aLgyLwpXTTxxNa9IFPC1
+tXNc5+RubPx6Pke2jIewKFUbtQIDAQABo4IBPTCCATkwCQYDVR0TBAIwADARBglg
+hkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVk
+IFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUAmtQltBzuRbc/vCQUO7CAGgr
+FJcwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8x
+CzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEP
+MA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYD
+VQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJ
+ANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GBABzpx2tUeS7H0IkMw7pUZ9DlT6Nf
+rz05dEuvJSXhIL6vH1uUJrOVaY4cj8ywzjpSB+GMJF7439XbgxKFBBYFhJ/FyRKm
+Ddow7m27kt21JJhh4ezQ28zEfj7akaJzZ7FgEBbn6NIa4rB1o0P9KaPJNFwZA88N
+OS6fo5z1H2wUvTyh
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/server.csr b/OPP/openvpn/keys/server.csr
new file mode 100644
index 0000000..53afc5a
--- /dev/null
+++ b/OPP/openvpn/keys/server.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB1DCCAT0CAQAwgZMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRcwFQYDVQQDEw5PUFAtVnBuLXNlcnZlcjEdMBsGCSqGSIb3DQEJ
+ARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANy8
+mle3sKtazzgvCyqUKdcgmGc8/Pccn/t1EsMLh6uo4tgHZyuaTFEzKk7n3/a+MpgV
+YkLWOPH8DzSHtMEaZ+i4Krj79+3QplQKMOqrMtFSAdUd940qY3ll/8xArnVouDIv
+CldNPHE1r0gU8LW1c1zn5G5s/Ho+R7aMh7AoVRu1AgMBAAGgADANBgkqhkiG9w0B
+AQUFAAOBgQAbtQtfVGlAhysHJDHT7UXo7EnEU45gmbPy20sBkaE3OILEqb+3lHii
+6uwm9PJ9zoq9RCPLEqAJecawbjfz7me410UCSv6yETEqgHeJqVQnWnGLduG2krz/
+JCt24JpgDlVx9IP8V58Ve7Ntlw6wr3ca55CKQKXP8lGpADisz7qzpA==
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/server.key b/OPP/openvpn/keys/server.key
new file mode 100644
index 0000000..2251bf4
--- /dev/null
+++ b/OPP/openvpn/keys/server.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDcvJpXt7CrWs84LwsqlCnXIJhnPPz3HJ/7dRLDC4erqOLYB2cr
+mkxRMypO59/2vjKYFWJC1jjx/A80h7TBGmfouCq4+/ft0KZUCjDqqzLRUgHVHfeN
+KmN5Zf/MQK51aLgyLwpXTTxxNa9IFPC1tXNc5+RubPx6Pke2jIewKFUbtQIDAQAB
+AoGAZ+gYN2ZusZrjpKzwcrCgKXZch2x8H87HuFTZ6hqJWNL9RXfmpu3RMwAE0HPy
+R3Is2s5mHNQ+phpjBfVDrwrBEjl+YfxVG7AZZ0N5praBE5skPuyMhsBzEa+XUDbA
+QVso5/QW7PqUV71p+w59v4uge1S9o77yc9jSOHVS8JpXtxkCQQD2RWvLhZSxfuY6
+WOKFvErr+xRiWSyUMWWIwsAXIWpL530U0ypohJEEnY6nqyJfwrTuooSrU6Y0kQ+6
+KAYceyrXAkEA5XTyrtYGsZvGdnbobeQ+PEVe4+tbe8aMVQ5yQ1aBsu2GtQUP1lF0
+3VNxOnriCkrP/n5vr1Gbf/qnOU9M/vyIUwJBAMTDTo77mYP/Sd9QaRxFBu9oWi8B
+5JY6qU8NmwBgGFexCsT6uqVrVZqEcBgSqZItNPZ9LtbcLK1PQWuQ0uEqn10CQGzb
+0tbHi11vvfQt7Y9VHYGSl7YhzsEmLSWdOPBhdh7hOWtf/2d6NatbDvjjm6GuZIck
+jO/sE43f6L3ztV+zhykCQGCxPMRPWq2Gx3LoXXZ2vrZfypIOHgT6RlxL1YmjGQY3
+cL4yxMx+2mfaKHEzxlOznuR6k7hMUHHg8to8gQ+ULIo=
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/sofia.crt b/OPP/openvpn/keys/sofia.crt
new file mode 100644
index 0000000..13ca57f
--- /dev/null
+++ b/OPP/openvpn/keys/sofia.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 22 (0x16)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Aug  1 14:02:27 2012 GMT
+            Not After : Jul 30 14:02:27 2022 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-sofia/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b3:5b:f6:01:e3:b7:65:18:c4:94:d9:2f:b6:62:
+                    34:60:56:ac:9f:eb:82:2c:8d:55:73:84:a2:88:26:
+                    21:69:a0:74:f5:4a:78:f7:e5:d5:6a:91:a1:5d:e0:
+                    f1:90:e4:83:38:89:e2:e7:ae:b2:87:c9:e5:a6:0e:
+                    6b:4c:d2:eb:31:61:ff:54:86:60:71:da:3d:66:07:
+                    c2:7d:a2:fc:ac:c7:af:a3:b8:cf:03:cb:07:11:cf:
+                    b3:d1:a9:c5:39:f3:a6:b2:9c:c4:61:28:45:ec:c9:
+                    25:70:c4:1d:d7:6b:4b:d9:12:97:b3:7d:72:95:34:
+                    cb:fc:7e:b7:ab:68:cd:ae:2b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                12:5F:9A:F8:64:79:18:84:33:21:B9:D2:60:7A:D7:08:AC:77:3C:E5
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        94:7c:24:63:0b:88:4b:76:4a:66:57:39:3c:e8:4b:f1:17:0c:
+        26:ec:87:93:4b:c1:af:a5:78:86:a4:a8:88:1b:ea:39:e7:c1:
+        e7:da:c8:13:c8:26:04:ed:bb:b2:b2:10:2d:0f:3f:86:52:45:
+        bf:f6:6c:c2:fa:d9:3c:a1:57:b0:07:24:b3:2e:8a:c6:b6:88:
+        9e:a9:ed:6e:59:1d:36:70:44:90:b2:9d:dc:86:a1:cf:1a:1f:
+        cd:66:be:fa:fe:f3:a1:c9:e6:58:71:d3:a3:d1:4b:95:f3:4b:
+        a7:93:c7:3a:a4:7d:bc:fc:e9:77:86:bd:62:9a:eb:b3:49:68:
+        17:27
+-----BEGIN CERTIFICATE-----
+MIIDrTCCAxagAwIBAgIBFjANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEyMDgwMTE0MDIy
+N1oXDTIyMDczMDE0MDIyN1owgYExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEW
+MBQGA1UEAxMNT1BQLVZwbi1zb2ZpYTEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29w
+ZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALNb9gHjt2UYxJTZL7Zi
+NGBWrJ/rgiyNVXOEoogmIWmgdPVKePfl1WqRoV3g8ZDkgziJ4ueusofJ5aYOa0zS
+6zFh/1SGYHHaPWYHwn2i/KzHr6O4zwPLBxHPs9GpxTnzprKcxGEoRezJJXDEHddr
+S9kSl7N9cpU0y/x+t6toza4rAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCG
+SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQUEl+a+GR5GIQzIbnSYHrXCKx3POUwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsW
+ssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GB
+AJR8JGMLiEt2SmZXOTzoS/EXDCbsh5NLwa+leIakqIgb6jnnwefayBPIJgTtu7Ky
+EC0PP4ZSRb/2bML62TyhV7AHJLMuisa2iJ6p7W5ZHTZwRJCyndyGoc8aH81mvvr+
+86HJ5lhx06PRS5XzS6eTxzqkfbz86XeGvWKa67NJaBcn
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/sofia.csr b/OPP/openvpn/keys/sofia.csr
new file mode 100644
index 0000000..f3742db
--- /dev/null
+++ b/OPP/openvpn/keys/sofia.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0zCCATwCAQAwgZIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRYwFAYDVQQDEw1PUFAtVnBuLXNvZmlhMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAs1v2
+AeO3ZRjElNkvtmI0YFasn+uCLI1Vc4SiiCYhaaB09Up49+XVapGhXeDxkOSDOIni
+566yh8nlpg5rTNLrMWH/VIZgcdo9ZgfCfaL8rMevo7jPA8sHEc+z0anFOfOmspzE
+YShF7MklcMQd12tL2RKXs31ylTTL/H63q2jNrisCAwEAAaAAMA0GCSqGSIb3DQEB
+BQUAA4GBAJ1pw/2oEPZIuEdP54P8ZPRdMCXRzhnclu+lfDHkGfxYAzBWIe3FTiFP
+wcl8ELnrp2LuHrZFF0fuX74XybG6Q/yqALqLXji+Y2dww/bYqoLk+B+2UWUjuVpa
+S9vv872dMHOAoq9SiRuB1mpu2lyi3+mFIuWGnyQKk9NzW5MSFFZA
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/sofia.key b/OPP/openvpn/keys/sofia.key
new file mode 100644
index 0000000..8c02e53
--- /dev/null
+++ b/OPP/openvpn/keys/sofia.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,D46D8E9E7450A8AF
+
+zXpK5bqeLOLnnpE6aZEVZukqzF0RYExcxdTzMoXb05pPCsplsslZLE8AL2Q4pzKf
+rI7HlZs3UwOTCsXUx4BocQntu2/PWkY0IqeFxK5fwE4x2n90iPC/s1J5nV3WhzSH
+agWm1VkiBP4hjLo3T0Gsn74xaB0UfHShcgQs+asHUQSFjnAJLxS7FSg+/sb/P+w2
+9vz4QK3PUxB0buSCBFCpoPWE8zb3xvs6VJFsX6odhQTPqW/BZum7ZAWc/P4a6yMy
+QEVtG+kEvtxNHNKryyF/Nqw2lAHj9pG7MajRQmRcTeu7nKfUZqxUnVT5SvFA/+NO
+B8M6WugQr9qJ2cXoW05RViB7Zj9gMqmC+0glQxv5T+lKuXr6umDC2Qy+cK55g4u0
+qPCQouZxsWYRAJ/JOYYzywsXysi0CtkZkmR0gc5OxLSKHw55hui5tl34z8mUEfqs
+7rrZo0iNPxfiVRb33HITu7yzkXqwt0R1gw+Kdr8Q8OFeZrj/sZrkONszXST22RL1
+mg457GSktsnC6AkchwaQkhk1s8G8XYp7fqyf6HAS1WxhVJ35D+QGmnYetoFGsaoy
+YNYQqjeo71810+UBZnanMV6/JuwmDEBKTWFUyq7TTN/dO19aI7dX40soPP0lG3Eo
+K1OvBIzfn1EHGg+HiPzIuugx20MH16wEdq5Sc7ffZ4sOP7DufyJuO7Dp1sXNPvug
+40z6VwHuZkqkmPszvs+SCpgWyo41DfLcGGBn/FjU6t6vc72+pDk7efQk0BqvgIRq
+XgTY5IaPGfJ0L1H4HW4Sr/qSYXbJazbbyztEpVe8XIKFEBVS5u7g0A==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/ta.key b/OPP/openvpn/keys/ta.key
new file mode 100644
index 0000000..dde9eff
--- /dev/null
+++ b/OPP/openvpn/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+ff2b7b56af351769ba703f874d389327
+2e8fed8405df740d51d58eff3eb25af3
+d6de19376333a9b05aa72f8b90124bbf
+5ea3085029070d28952a1fe9baa392fc
+4865bd5dbc58a4ccfc373d2ce772a217
+17f099df7d2354e404ae7690cbc50002
+151667c2af583705bd3896327917327a
+a8b2c9073e58b7deabb3ad04336170b9
+6fcce57b50827b0f393b7d1f0a7f6299
+d15140e46f6108983234eb53b0a6d56c
+6ce3815bc7f5ec9f52bc7eb680562b4f
+1241f1378b774491ca817b56f1d5ba09
+c25e8a4dff3610c60e4f9f3c306c15af
+8a70829075343f2ab24d61560804c78a
+dda39ceb12e11a0079b59dcb607166e5
+567cbf1dc83c2f32f8ce1cb4576c12df
+-----END OpenVPN Static key V1-----
diff --git a/OPP/openvpn/keys/tine.crt b/OPP/openvpn/keys/tine.crt
new file mode 100644
index 0000000..4038f33
--- /dev/null
+++ b/OPP/openvpn/keys/tine.crt
@@ -0,0 +1,87 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 45 (0x2d)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 28 11:16:20 2018 GMT
+            Not After : Mar 28 11:16:20 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-tine/name=OPP-Vpn/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:e7:4a:26:94:7f:c4:18:df:f0:b0:c3:d7:48:b7:
+                    0a:9e:37:06:3e:47:d8:0d:6d:1b:54:9c:fb:80:40:
+                    88:08:1c:5b:5c:f5:51:6d:db:68:c4:a4:e3:bf:c6:
+                    a0:c2:d7:63:40:05:a7:cf:f4:10:77:09:31:92:41:
+                    5e:75:07:d9:4e:6c:a8:a2:c7:9f:4b:d0:47:09:88:
+                    10:f1:08:b6:11:cb:27:f3:6b:6c:bf:e5:2a:b0:61:
+                    bd:24:04:e8:38:0c:41:43:7a:51:87:99:a2:30:fe:
+                    d6:dd:95:ed:9f:f7:33:91:92:c5:92:d4:1c:68:48:
+                    3f:9e:c8:35:9f:2a:ee:b9:e2:4a:55:37:c3:2b:3e:
+                    04:78:2d:cd:7c:40:05:00:2e:29:92:85:8c:25:60:
+                    01:09:7c:52:7d:28:a7:3e:22:2d:c6:b4:15:69:14:
+                    cf:14:1c:ff:81:97:3b:f9:27:b6:c6:6a:7c:29:86:
+                    66:d2:86:6c:d7:41:68:e0:68:a3:d7:41:ec:25:72:
+                    85:8b:5f:b1:38:da:39:a4:35:93:58:f4:6e:a4:b2:
+                    f0:91:65:6a:01:ef:d4:fb:5f:7c:01:3f:42:6c:c9:
+                    17:13:24:55:2a:1d:c8:bc:43:29:60:89:c0:7e:c8:
+                    9b:85:1d:7e:8b:a4:43:fb:a4:14:0a:61:fa:75:a9:
+                    72:ef
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                98:C5:01:FE:AE:8E:99:A0:2E:62:EB:0E:8B:37:7B:5A:C5:13:AB:F8
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:tine
+    Signature Algorithm: sha256WithRSAEncryption
+         89:b4:4a:48:51:93:7b:94:72:49:80:d9:da:3b:39:0d:f4:7c:
+         bd:22:da:8a:d4:f7:9b:a7:3e:fd:c0:0c:5f:0d:e0:6e:c1:56:
+         91:2e:ec:58:39:db:20:84:d3:8e:d1:8a:6c:23:81:aa:fc:c5:
+         49:60:23:5c:de:d1:3d:2b:58:59:9d:95:82:76:e3:10:56:18:
+         b2:ac:11:9d:46:76:a1:00:24:6a:a6:f8:11:63:8a:df:cf:10:
+         cd:c1:da:94:91:23:7b:9f:6c:a8:be:74:1d:bb:a2:be:30:ac:
+         be:8a:16:c4:38:1f:f3:a0:35:69:da:01:4a:48:dc:59:20:d8:
+         4c:82
+-----BEGIN CERTIFICATE-----
+MIIEhzCCA/CgAwIBAgIBLTANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTE4MDMyODExMTYy
+MFoXDTM4MDMyODExMTYyMFowgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBu
+ZXR3b3JrIHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLXRpbmUxEDAOBgNVBCkT
+B09QUC1WcG4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA50omlH/EGN/wsMPXSLcKnjcGPkfYDW0b
+VJz7gECICBxbXPVRbdtoxKTjv8agwtdjQAWnz/QQdwkxkkFedQfZTmyoosefS9BH
+CYgQ8Qi2Ecsn82tsv+UqsGG9JAToOAxBQ3pRh5miMP7W3ZXtn/czkZLFktQcaEg/
+nsg1nyruueJKVTfDKz4EeC3NfEAFAC4pkoWMJWABCXxSfSinPiItxrQVaRTPFBz/
+gZc7+Se2xmp8KYZm0oZs10Fo4Gij10HsJXKFi1+xONo5pDWTWPRupLLwkWVqAe/U
++198AT9CbMkXEyRVKh3IvEMpYInAfsibhR1+i6RD+6QUCmH6daly7wIDAQABo4IB
+VzCCAVMwCQYDVR0TBAIwADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJh
+dGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSYxQH+ro6ZoC5i6w6LN3taxROr+DCB
+xAYDVR0jBIG8MIG5gBThTcNr9HyBexayzG0kbMrdm5NT46GBlaSBkjCBjzELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMT
+Ck9QUC1WcG4tY2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA10QU
+i1Wj34gwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA8GA1UdEQQI
+MAaCBHRpbmUwDQYJKoZIhvcNAQELBQADgYEAibRKSFGTe5RySYDZ2js5DfR8vSLa
+itT3m6c+/cAMXw3gbsFWkS7sWDnbIITTjtGKbCOBqvzFSWAjXN7RPStYWZ2Vgnbj
+EFYYsqwRnUZ2oQAkaqb4EWOK388QzcHalJEje59sqL50HbuivjCsvooWxDgf86A1
+adoBSkjcWSDYTII=
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/tine.csr b/OPP/openvpn/keys/tine.csr
new file mode 100644
index 0000000..c1f056b
--- /dev/null
+++ b/OPP/openvpn/keys/tine.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC6TCCAdECAQAwgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRUwEwYDVQQDEwxPUFAtVnBuLXRpbmUxEDAOBgNVBCkTB09QUC1W
+cG4xHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA50omlH/EGN/wsMPXSLcKnjcGPkfYDW0bVJz7gECI
+CBxbXPVRbdtoxKTjv8agwtdjQAWnz/QQdwkxkkFedQfZTmyoosefS9BHCYgQ8Qi2
+Ecsn82tsv+UqsGG9JAToOAxBQ3pRh5miMP7W3ZXtn/czkZLFktQcaEg/nsg1nyru
+ueJKVTfDKz4EeC3NfEAFAC4pkoWMJWABCXxSfSinPiItxrQVaRTPFBz/gZc7+Se2
+xmp8KYZm0oZs10Fo4Gij10HsJXKFi1+xONo5pDWTWPRupLLwkWVqAe/U+198AT9C
+bMkXEyRVKh3IvEMpYInAfsibhR1+i6RD+6QUCmH6daly7wIDAQABoAAwDQYJKoZI
+hvcNAQELBQADggEBAAOoRV2zGV0dI1RBPEayjyrojDDOybWtU+R4X91L6j+NmdHE
+Bb09acQQa5kSi6/0QI98F8JaLIDeVbJO1utPnKhauAiNpwrgqkvrtvLggj/yrWJe
+ok+h7NJ4iZtvjvhJ5GPKVKOroa1pdJPgHIljhygFp07xZBMf6AEfswUc50Cto7CE
+csZGf2J3Ra052ZMGDAwakRsV+AjeUekACOUAVbqavjFuZLWyMFNkVhpHFmTEaTxm
+/xHPp+T6wE8o1SlDS+hUn+qf96lD2YweLkJ8oB7LLpH2DbOrc8sOBLfkP4E9AkIs
+wx0yNgAi1mZOqAThU0aQL1UWhLDnUUFhPxNv3uk=
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/tine.key b/OPP/openvpn/keys/tine.key
new file mode 100644
index 0000000..15b1547
--- /dev/null
+++ b/OPP/openvpn/keys/tine.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIF/vrJSsqA4MCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECBEetYsU2fdyBIIEyB5TzrKMZaI/
++apP3cyZt/GY3fTquGzdfxuZtc4PiFVEsbPrFAen+TZPPw9RITvOTJOJBBwGWgYN
+QtKmGSw5ns4/xM44pVS3jI2CkP5XxNiFTQYwQ+9xiSUjsxzKLn2EbsBhuLVB+8oE
+3MAomBNdLBVaiL1Pb5sKG5IfTprKnPCg6B0/CL5i6woH0cTw9usSuY1p2m8fMsKn
+00mP71V/RP0WzLkbdhUI5pYNe1OLlo6IEp32L1Df4iILbdqMhIhOfZgG9ODGa0rP
+2yPOaU8YHYdTvXwtr9Tdcu4Gh3aKppz1v5UA4McbAbs2TG5org7vLqg8BKx/ne0t
++9K3oRZEA7dIwIOnmO/jowrMngQsldKUSS7GktObSn4pu5E3ElPjdRzJAZvbM5qe
+aKv0zAt2L7zEATPJ4p5bOhAHseYTm2Nf9rzYV3zppQHKPXllrmli0IWoaUIWvdYD
+0DMWg+OBevcF7azfE+AhbvVQ2WMmtqrgvN31MtenwaBrWh2U6FP+ctCe/026EqAO
+2hj5wqgOWA7n09+IswTRM6ApNFI/2bNqWIDXlAjhH8PVDa6UMxTf/2t9zmfP4fT1
+f0i2fNMetLAznhX3N5BawXLHXvFC1C7Lf4vuptJS/oHQevocq7Ke03XEjIB00KAR
+XI5G22x+FIoPMWgY65AWsLT4UgttWODdUc6h37pKthBaZR3wqhKNN5XhJut6kbRG
+X8o1YdunTRvNp77wAA0aaRbeLGS4B7gTZ7EBIZ8OTDn0onYB7Ra/pJFkEizgnbQn
+qKwZadSBBUN7KSdMDQepU8zwnQ5S9uLmlY/YF0a9M+mhyqt270kxGhi5Z0EoNaOz
+NG/20/FZshZ07CzzGhWNCotVrQCsSpT7QSYbVlC4w/VPDUiAdZDS66sQ65lNKL6A
++2ILYcBaB2Z2lZ1pf0h07csMa+XHhoAZvzOw2iHmXl0rJkDmZSpqe6tWAQagbRS9
+Gz77j8UimJpf1WxOpvCHUEqv6baTQE/NhN7iuz4ZSmN4n/yjXyeAlYZNB1oxuKtv
+LQUG7fMel7hwT5Mzkw16v8VD4q/ZVytPho8+VqvAthCxkEJKoJui0SHk4KzqBsaQ
+jFf2eaR4lPDkywd01weBb14kcqXxEDnZ4heeqRcytZPrw2BlHdhcDF7bDYlISxNH
+b+dACg43JmQCVYpDDBOKafB5lSTHKV1zDHmChqq+MCEUyW1gGkNK/DOcbMToQ9lQ
+4WjxvPCWwIcOwrGtgYfakkfIsK+CbFdR1kQ1uUBzpSpRUzwMdndC3+cZ6YoMvl1o
+ICu0oF7af23JYo0iiCcTpVmuU2tKm2psRcjjUiVabLDRVj4Uk6sw8v0HyznHDwWC
+Y8pHgeQhQx5SSpy2p/w7gbxHKxlrwpwfxZNvRDmx9SMZgbUlM/MNjx171ORaDr+V
+eGDUKsqE5p7pYkWrSWp4oK1wX8dA4qzm2bu6tNpANYdJghxrsgGMeO03AX1kQOSr
+uwv5e/PX4COqN2Tk+9B7k0i8FWUf0DuRlLfVuUZ23Cj2b7APhBFS/OH09IN9U7w5
+lvMTHgLRr3u41KKfDwFOS9srKqvL3ZVAxa/nuGoVNGBhY/GXMoxXL2KF8GLBTMsO
+S3Z9EBDJyV3qcr98xfQdbw==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/tobias.crt b/OPP/openvpn/keys/tobias.crt
new file mode 100644
index 0000000..61fba7f
--- /dev/null
+++ b/OPP/openvpn/keys/tobias.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 12 (0xc)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:15:56 2008 GMT
+            Not After : May 17 14:15:56 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-tobias/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e2:c7:d7:e1:53:0f:08:cf:5d:41:91:b9:c4:66:
+                    5c:bc:75:31:47:c4:17:81:51:d3:be:c2:ee:6f:59:
+                    08:50:80:f7:8a:fa:44:fb:b6:8b:2d:d2:1f:45:61:
+                    7e:de:78:de:b8:6a:59:5b:1b:6a:51:26:cf:9b:42:
+                    d5:03:30:84:e7:0b:0a:51:65:26:9e:f6:9e:c1:3d:
+                    52:1e:74:17:1b:17:b6:19:ba:70:dc:12:79:71:83:
+                    02:e6:fd:62:f2:60:12:56:fb:ec:99:38:b1:88:72:
+                    16:a2:c7:96:bb:e8:74:6e:7e:98:61:49:a9:0e:15:
+                    71:7e:f4:f1:20:1c:c3:77:ed
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                4C:E4:08:62:13:05:07:76:96:1E:FC:03:C3:A5:BF:5B:E1:F3:0B:A5
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        81:38:ca:a2:c9:6e:c4:dc:ce:4c:a3:0a:93:35:d3:21:da:97:
+        d2:d6:cb:4a:91:e1:6f:d8:59:04:60:6f:4d:b2:3f:21:a1:c8:
+        89:11:6b:5f:43:69:88:52:08:09:2e:5c:a0:d4:f8:e5:6f:44:
+        d9:b1:60:16:6e:94:27:b3:3b:90:d1:d1:3f:c8:49:2d:f6:63:
+        bd:f6:57:17:d1:d8:4c:ca:d8:de:bb:47:14:c4:b4:3c:5e:89:
+        a5:60:0e:d1:47:bd:77:ad:ad:c4:1f:99:12:5d:e8:af:ab:8a:
+        07:cc:12:e7:9a:49:dd:71:85:d0:4e:a5:d6:6d:f5:75:ef:12:
+        aa:7d
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBDDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTU1
+NloXDTE4MDUxNzE0MTU1NlowgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
+MBUGA1UEAxMOT1BQLVZwbi10b2JpYXMxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDix9fhUw8Iz11BkbnE
+Zly8dTFHxBeBUdO+wu5vWQhQgPeK+kT7tost0h9FYX7eeN64allbG2pRJs+bQtUD
+MITnCwpRZSae9p7BPVIedBcbF7YZunDcEnlxgwLm/WLyYBJW++yZOLGIchaix5a7
+6HRufphhSakOFXF+9PEgHMN37QIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFEzkCGITBQd2lh78A8Olv1vh8wulMIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
+FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQFAAOB
+gQCBOMqiyW7E3M5MowqTNdMh2pfS1stKkeFv2FkEYG9Nsj8hociJEWtfQ2mIUggJ
+Llyg1Pjlb0TZsWAWbpQnszuQ0dE/yEkt9mO99lcX0dhMytjeu0cUxLQ8XomlYA7R
+R713ra3EH5kSXeivq4oHzBLnmkndcYXQTqXWbfV17xKqfQ==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/tobias.csr b/OPP/openvpn/keys/tobias.csr
new file mode 100644
index 0000000..9681fc0
--- /dev/null
+++ b/OPP/openvpn/keys/tobias.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB1DCCAT0CAQAwgZMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRcwFQYDVQQDEw5PUFAtVnBuLXRvYmlhczEdMBsGCSqGSIb3DQEJ
+ARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOLH
+1+FTDwjPXUGRucRmXLx1MUfEF4FR077C7m9ZCFCA94r6RPu2iy3SH0Vhft543rhq
+WVsbalEmz5tC1QMwhOcLClFlJp72nsE9Uh50FxsXthm6cNwSeXGDAub9YvJgElb7
+7Jk4sYhyFqLHlrvodG5+mGFJqQ4VcX708SAcw3ftAgMBAAGgADANBgkqhkiG9w0B
+AQUFAAOBgQC8t7fH06tdz3PFtcNFnZWY0FjVmWKXjKLTbSWSWr3zK94tM3r/hnF2
+xOU3dmpmqE4Nilp2pspMk/XahP7VcTTnMzzQOAROtS0W5nSnlYYH9DTLlCEGPsC2
+K77CSWXEw9P+wy7ocjDn8BWksSRJ0tuUK7rtYxBPVI/zAf9HHZut5A==
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/tobias.key b/OPP/openvpn/keys/tobias.key
new file mode 100644
index 0000000..41bf59c
--- /dev/null
+++ b/OPP/openvpn/keys/tobias.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BBC9948C31768AA0
+
+6WuL55994Pigy1Hh/DnKtTEvsQ8QfVKVFr3WCziRynedzCE4shFldcnS2lvLnYmt
+xXLVoXW2XIREeqXiH10HaFz/fhMz0mPxybogaGRI2w3Vp9RztU2P84ul4ej91/4/
+drcugP+pEUF2D92vuo32+pUWA8DCeRwUmm0d/cequHyi6N/CJHtLA0N8WvTbwefb
+COv62Pbz7Jw1vBu4pjORlpnt5L/+ULIlfWyK21XFRpTLfNxqVdI9wPJWSgAhSIUj
+RTaTKao8t05gtxVh6Yl1h/Rkbnc2gPYAelyWQtgVEM8f4y7scw4DmnB+gnbT6aa6
+soXf0lYEQ5Nia/WEILme8IWJ3o4w67pCN0EDfpRnUBKS9l4HdHxHe4YdbPsp9+c9
+191VMp1wuhUmCGAkP/36hI2lUPKzraUjs0whBmT9syrnfCros/8RpvQKgplJ4Re1
+ziDdmb+6oBsbIKyuYEKIBc+/OwUE2pAoDJ/A1bs+Q/MtLja0TffNms/yAdJUbshW
+E59H1j4l+FsoB/J9XiMWr1dRoOJ4U89H67xWaKFbswM7V1IVzxH9jUcX65V97W9e
+CLMpbYWXWD+lNh8BAxLTcDOSGVgPZbUpbwKAG0/QfeSfWbxwixdxPrbqWUD7zc0E
+d1eWvjpyrrRXWggq2FR9y38k/jTTouBCopykAaGSDvx1mQU/nRT3iw3XL31Z+yDV
+bG9HkoKtm9Ovs0vTmqcf6CCTqlgqTXfvEAtDn3YuGK1f18GUrL5fGMmnQOdqA5ZG
+T5QObj/Ey0uq8sPe+Lv7SJPNEu2qC0NWDYSqeO5VTAYThBaboq0ktQ==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/toffke.crt b/OPP/openvpn/keys/toffke.crt
new file mode 100644
index 0000000..0e5f057
--- /dev/null
+++ b/OPP/openvpn/keys/toffke.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 17 (0x11)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov  7 13:30:38 2008 GMT
+            Not After : Nov  5 13:30:38 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-toffke/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ef:f5:b4:77:f3:e4:5b:38:04:e2:9c:08:10:68:
+                    03:dc:e1:db:e5:c7:54:31:3e:c7:86:9e:27:17:35:
+                    e5:b7:4b:e4:1e:f6:bc:4b:8e:0a:3c:82:19:2e:0d:
+                    1a:ef:70:00:e2:73:61:12:b0:5c:5b:6c:3f:2e:41:
+                    09:ac:4a:59:bb:df:42:f7:38:72:6c:85:e3:b6:f5:
+                    8c:cb:d6:8f:09:45:0c:6e:7e:03:2f:e4:8c:a1:9f:
+                    60:7f:66:66:7d:83:f7:d7:78:2c:a5:56:cb:88:14:
+                    9b:36:ac:52:6c:11:bf:0d:f8:03:c1:97:23:25:c5:
+                    4d:62:58:3d:e1:c7:d8:dc:65
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                7C:76:BD:BF:AF:36:15:E8:E4:15:F9:E8:2B:A3:6B:08:F2:4E:91:F6
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        0a:a5:71:55:d0:97:02:cb:75:7e:09:f0:7b:89:99:44:2b:39:
+        62:31:7b:21:32:48:38:97:56:9a:0c:ec:0b:fd:4a:44:92:b7:
+        13:a4:77:ce:7f:c9:09:d2:78:15:c2:6c:8f:f5:2f:3b:5e:5f:
+        20:fe:b4:d6:d2:b1:2e:68:9d:75:0d:87:66:67:d5:f7:28:32:
+        b7:19:2e:21:00:92:c6:2d:a0:89:a6:31:85:a8:5c:a4:b9:81:
+        28:c1:68:7b:46:7f:29:67:48:de:c3:00:e2:07:6e:c0:84:3b:
+        65:00:a1:87:c2:66:99:10:0f:76:ce:fa:31:fd:96:b9:47:b5:
+        d9:81
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBETANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MTEwNzEzMzAz
+OFoXDTE4MTEwNTEzMzAzOFowgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
+MBUGA1UEAxMOT1BQLVZwbi10b2Zma2UxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDv9bR38+RbOATinAgQ
+aAPc4dvlx1QxPseGnicXNeW3S+Qe9rxLjgo8ghkuDRrvcADic2ESsFxbbD8uQQms
+Slm730L3OHJsheO29YzL1o8JRQxufgMv5Iyhn2B/ZmZ9g/fXeCylVsuIFJs2rFJs
+Eb8N+APBlyMlxU1iWD3hx9jcZQIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFHx2vb+vNhXo5BX56CujawjyTpH2MIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
+FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQFAAOB
+gQAKpXFV0JcCy3V+CfB7iZlEKzliMXshMkg4l1aaDOwL/UpEkrcTpHfOf8kJ0ngV
+wmyP9S87Xl8g/rTW0rEuaJ11DYdmZ9X3KDK3GS4hAJLGLaCJpjGFqFykuYEowWh7
+Rn8pZ0jewwDiB27AhDtlAKGHwmaZEA92zvox/Za5R7XZgQ==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/toffke.csr b/OPP/openvpn/keys/toffke.csr
new file mode 100644
index 0000000..266a89f
--- /dev/null
+++ b/OPP/openvpn/keys/toffke.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB1DCCAT0CAQAwgZMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRcwFQYDVQQDEw5PUFAtVnBuLXRvZmZrZTEdMBsGCSqGSIb3DQEJ
+ARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO/1
+tHfz5Fs4BOKcCBBoA9zh2+XHVDE+x4aeJxc15bdL5B72vEuOCjyCGS4NGu9wAOJz
+YRKwXFtsPy5BCaxKWbvfQvc4cmyF47b1jMvWjwlFDG5+Ay/kjKGfYH9mZn2D99d4
+LKVWy4gUmzasUmwRvw34A8GXIyXFTWJYPeHH2NxlAgMBAAGgADANBgkqhkiG9w0B
+AQUFAAOBgQAnu7x99pSzDm0XOwr12L3Tl/m4UD75Z+Zv8qufRQalW3NugNEyR/n6
+FZgYqeHWIO87Yf4PybgPlNeXQ9Z8hTVYy9zzAcCQzJYq3eSgMYSi2wKHDuv+1D/2
+kqlD5K3lzkYioTKoUaWVSQpLFh6+Ypm0RMo+EXVbxiYQ/1lkHp6hrg==
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/toffke.key b/OPP/openvpn/keys/toffke.key
new file mode 100644
index 0000000..b4204ff
--- /dev/null
+++ b/OPP/openvpn/keys/toffke.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,503059D5A657BCEB
+
+Ysl7q9eArJ8AOd5HgzNQhvIPEuhrUmvsJvUuJz8Y+099yL1riTAVYRYioEKu1UJ+
+Ytu+UkuiV/Q4DsEJtCwOlXydwBjZtqw1ly6BAKgX9lwwO5PsRKUyT3RrMC44b501
+47x77cHGBf5lgi9M3FmuhWzf0+MF0mU81u7ywF5oUXNn+vWA2Eh5mVmfEcD9RH4S
+aYxg1nSzZjDCTy9NOeIR1aKwweSu2J6zUr9OEUvimBIKzYykw/p8h4iyj+fkgzXA
+Gf/9K5IdzHQg+j5KEid9f/H0XAm9tmujEdy72TcwLE57SEorFCHn/pOZDlsmq477
+V26nkwf8+eL/sgFMJfgdXdbv2sm18IleZLBSTaxnJBTDmM0wICDeouqZkataAFB7
+TnYpJ/3P+X98VsrwQGNyC/6nnoRkhhaFXa/A8Swjtgkmgj/G8CvApE0Qs/8PzIO+
+j0smJD5ZLqJrBtQZIlODCpWpQVVP0mjhz4z0iIt4LWt2aZCk29XzGHKaIhMmwjg0
+qtIDH8zeBGxNQR7j/kaKB1tTum9d4r4gIK2te2y1IanDyKTbLmUpHd1d1WAfg3rY
+YqdONAxEbXlo51Nv/S0NSJgaOBA7faPoPV4IMCIN5HELAta27eMvXiaaKgTwAHYR
+uY5gt+EueIqKlVE9JDu/PlQuxujajQiWc2MZQpW9eExB6s1IRum/7KA+pljpSPO1
+Q9bdCiSKgynSb07K96Kd6NCbKFiucZOvDmVBgCyDnVobCjeBOiQs53P9fyF703F7
+bnx1GubgF8dKVF/vophQC2Hn8FaIbD7APaB8FZDQlvLHfGX5H+toBQ==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/ulf.crt b/OPP/openvpn/keys/ulf.crt
new file mode 100644
index 0000000..2a01aef
--- /dev/null
+++ b/OPP/openvpn/keys/ulf.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 13 (0xd)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May 19 14:16:40 2008 GMT
+            Not After : May 17 14:16:40 2018 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ulf/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:f3:98:dd:19:8d:1d:be:4d:b2:e2:5a:ea:a2:50:
+                    5e:5e:c0:e7:96:12:8e:6e:aa:17:b5:ac:d0:e9:87:
+                    dc:0b:3f:72:6c:10:40:ff:cb:6e:cb:7c:d1:b5:05:
+                    28:77:ac:f6:c1:f9:13:b0:75:0b:4d:ff:3f:f6:52:
+                    5e:a3:e4:04:6f:62:05:d8:4b:65:60:33:d4:1e:df:
+                    d5:c1:fb:eb:36:6a:4b:f2:a3:19:d0:01:ec:2b:95:
+                    bf:b6:c7:c2:5a:e6:87:a7:3b:b2:7f:b9:00:c6:70:
+                    c6:f0:69:96:02:c3:aa:ef:d3:94:af:69:f1:05:17:
+                    a8:8a:7f:9e:b0:f3:04:53:c1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                41:7F:25:CF:1F:B3:E1:DD:A8:D0:C3:CE:38:F3:0D:BC:5B:67:0B:67
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        04:05:3c:f7:be:51:55:46:ee:3b:4f:78:f8:d0:65:ac:78:a1:
+        5c:25:97:f2:a2:0c:e7:c6:95:5d:bf:02:72:d9:6e:f2:7a:26:
+        ef:50:e4:b4:19:c0:31:02:00:9f:0b:85:cf:f9:32:d8:17:ab:
+        fb:58:fa:70:18:78:6a:d7:68:9f:14:2a:80:4d:75:81:e0:24:
+        da:22:e8:82:cc:49:a9:57:87:49:36:ae:54:1f:35:68:13:33:
+        26:7f:92:45:a2:83:54:01:fe:c6:25:21:6a:26:52:88:db:12:
+        d8:b4:b8:94:43:6c:f2:e2:36:1b:96:ec:e2:2c:8d:f3:fd:b6:
+        8f:70
+-----BEGIN CERTIFICATE-----
+MIIDqjCCAxOgAwIBAgIBDTANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTA4MDUxOTE0MTY0
+MFoXDTE4MDUxNzE0MTY0MFowfzELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3JrIHNlcnZpY2VzMRQw
+EgYDVQQDEwtPUFAtVnBuLXVsZjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPOY3RmNHb5NsuJa6qJQXl7A
+55YSjm6qF7Ws0OmH3As/cmwQQP/Lbst80bUFKHes9sH5E7B1C03/P/ZSXqPkBG9i
+BdhLZWAz1B7f1cH76zZqS/KjGdAB7CuVv7bHwlrmh6c7sn+5AMZwxvBplgLDqu/T
+lK9p8QUXqIp/nrDzBFPBAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwGCWCGSAGG
++EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
+QX8lzx+z4d2o0MPOOPMNvFtnC2cwgcQGA1UdIwSBvDCBuYAU4U3Da/R8gXsWssxt
+JGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3
+b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZIhvcNAQkB
+Fg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUAA4GBAAQF
+PPe+UVVG7jtPePjQZax4oVwll/KiDOfGlV2/AnLZbvJ6Ju9Q5LQZwDECAJ8Lhc/5
+MtgXq/tY+nAYeGrXaJ8UKoBNdYHgJNoi6ILMSalXh0k2rlQfNWgTMyZ/kkWig1QB
+/sYlIWomUojbEti0uJRDbPLiNhuW7OIsjfP9to9w
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/ulf.csr b/OPP/openvpn/keys/ulf.csr
new file mode 100644
index 0000000..ec2cb7e
--- /dev/null
+++ b/OPP/openvpn/keys/ulf.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB0TCCAToCAQAwgZAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRQwEgYDVQQDEwtPUFAtVnBuLXVsZjEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPOY3RmN
+Hb5NsuJa6qJQXl7A55YSjm6qF7Ws0OmH3As/cmwQQP/Lbst80bUFKHes9sH5E7B1
+C03/P/ZSXqPkBG9iBdhLZWAz1B7f1cH76zZqS/KjGdAB7CuVv7bHwlrmh6c7sn+5
+AMZwxvBplgLDqu/TlK9p8QUXqIp/nrDzBFPBAgMBAAGgADANBgkqhkiG9w0BAQUF
+AAOBgQA3XXGjeUh4RUwS3Fsr7UA3L0hwypwpodmFBQR3uOa8rIf0v/XzU79Ajhez
+3HPMU4DmzlU16CQbbAEX4HlJ/y27473C1zDxuf6dUK6wigetHKCIIrARC0rRv/9a
+BSanoWD6xQby+8CNBtqs0Zmyel28su3l4pJ3un66ZJOHW36eKw==
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/ulf.key b/OPP/openvpn/keys/ulf.key
new file mode 100644
index 0000000..2960f77
--- /dev/null
+++ b/OPP/openvpn/keys/ulf.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,4668FDF31CC1604A
+
+XId4CneXtG5hi3TQEbfT3eCtEeUdsnX0HHPCxeYOUIYiwvx8jPsfrDb9Xyq6kj0P
+8cTozVD4tN5cD8GeETKjZRpl3ZQSr9lzBmyEcahsFynIAtM0xKmDKKy41XBAe5k3
+d9a3svP3MQuigZsFmtoB9o/Nq6hKswoWdwiaCfUrao1p5Y5eR72mc5YNU9dWzMj0
+KQM6YC/3/dS0/LfMhU+B4Zzu7ONNJ7o+uaMZyLYW2lEdyqh26et5V09slC8L+3IF
+1+ImXEKp+JErahTOU5Jwy/wg949UH3+iQmSaPtu5VY+C1o/2hQBDUABPzG5w0+E0
+YEiQiLaCpoZFyiMJDEio+qOHIh4cajK7ySBozOgoVvE0D6uS96XaCI/iwsiRpT7S
+bVUaBcD628U+sa+zT0Kiyn0Yg/vOKoEGt38r4R5fuKs12Q0boY6APjUEMyCgcEuS
+V8+ptqAsr6mrSoKoBwpyiZmM1PtstQm9CQRmlGWA6//FsfJ5AcXvT+8XEn8MkCgZ
+ksE3NOp2JBIIyXwA4UE8YRY4itMJ/B5LjKecPAm+Qin+Lq6Si+UsdaASqbKuHs0P
+1NXZEwV2COl6l1D7Q8Uy1mcYsdLsw4s2dSKbJ+fVsRFl7sZfgp3eh4tuJ0MpkX1O
+l3QZup9anqPaYbB3VNoaLovKyk947F05TlSWJmHLZIJwdJXAeCBzMVexRvHvcywL
+fcpTsTTkFwS/u1l/H0f98hZV3aEuGzt/7Y75riBMCLi6kbCD38KniL2VVKIIQ4/u
+ehsF7+zumwnn11ADrJ/mJiv4RnATzQLgEPKe4cNJJmaT3Xw6YAzREg==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/ulrike.crt b/OPP/openvpn/keys/ulrike.crt
new file mode 100644
index 0000000..78e3b6b
--- /dev/null
+++ b/OPP/openvpn/keys/ulrike.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 20 (0x14)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Nov  8 16:15:57 2011 GMT
+            Not After : Nov  5 16:15:57 2021 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ulrike/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b9:50:b1:41:be:17:37:01:65:58:fd:0b:73:17:
+                    02:ac:ac:bf:0a:22:47:f1:d4:fb:ae:73:94:c7:1c:
+                    10:54:92:d5:5b:e8:86:4f:72:82:b8:85:5a:a0:49:
+                    19:b3:94:af:c5:40:30:4e:c9:b2:12:fe:76:2d:02:
+                    51:76:16:ab:1c:c8:49:af:fe:c4:0c:f2:01:94:4f:
+                    3d:23:79:67:a3:7f:08:54:57:51:1f:f9:6e:70:19:
+                    bd:7f:ad:c1:17:85:30:1d:64:4e:b7:ec:7b:28:3d:
+                    7d:8f:28:f3:0b:92:fb:3a:bf:f4:1c:fd:1a:37:15:
+                    8d:ac:17:c5:73:d7:8a:66:05
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                73:7C:52:24:78:49:97:4C:29:A5:02:19:5D:E8:C0:69:62:AD:AC:C7
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        a5:95:fb:a8:52:15:0c:01:75:ba:c4:42:e3:d0:f4:46:8d:e7:
+        7d:a1:e6:74:f7:22:b1:da:e4:43:cc:cb:41:62:28:8d:ef:0d:
+        b9:e7:d9:39:dd:2e:e0:6f:a6:2d:8c:9f:48:87:60:06:24:9c:
+        e9:d8:9a:77:5c:7d:a9:87:c0:53:3a:d1:4e:4d:2a:a4:9e:e0:
+        a2:4e:19:1f:a6:b1:4c:09:19:3c:6b:9f:19:99:27:28:b3:bf:
+        50:96:e5:1f:44:69:9f:cc:c0:b6:30:73:cc:eb:c5:82:d7:e7:
+        f9:f6:bd:6d:20:22:8d:b0:73:f6:42:eb:c0:af:d8:86:f2:e0:
+        c4:28
+-----BEGIN CERTIFICATE-----
+MIIDrjCCAxegAwIBAgIBFDANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTExMTEwODE2MTU1
+N1oXDTIxMTEwNTE2MTU1N1owgYIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEX
+MBUGA1UEAxMOT1BQLVZwbi11bHJpa2UxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5ULFBvhc3AWVY/Qtz
+FwKsrL8KIkfx1Puuc5THHBBUktVb6IZPcoK4hVqgSRmzlK/FQDBOybIS/nYtAlF2
+FqscyEmv/sQM8gGUTz0jeWejfwhUV1Ef+W5wGb1/rcEXhTAdZE637HsoPX2PKPML
+kvs6v/Qc/Ro3FY2sF8Vz14pmBQIDAQABo4IBIzCCAR8wCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFHN8UiR4SZdMKaUCGV3owGlirazHMIHEBgNVHSMEgbwwgbmAFOFNw2v0fIF7
+FrLMbSRsyt2bk1PjoYGVpIGSMIGPMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+bmV0d29yayBzZXJ2aWNlczETMBEGA1UEAxMKT1BQLVZwbi1jYTEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDXRBSLVaPfiDANBgkqhkiG9w0BAQQFAAOB
+gQCllfuoUhUMAXW6xELj0PRGjed9oeZ09yKx2uRDzMtBYiiN7w2559k53S7gb6Yt
+jJ9Ih2AGJJzp2Jp3XH2ph8BTOtFOTSqknuCiThkfprFMCRk8a58ZmScos79QluUf
+RGmfzMC2MHPM68WC1+f59r1tICKNsHP2QuvAr9iG8uDEKA==
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/ulrike.csr b/OPP/openvpn/keys/ulrike.csr
new file mode 100644
index 0000000..d0c14e4
--- /dev/null
+++ b/OPP/openvpn/keys/ulrike.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB1DCCAT0CAQAwgZMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRcwFQYDVQQDEw5PUFAtVnBuLXVscmlrZTEdMBsGCSqGSIb3DQEJ
+ARYOYXJndXNAb29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALlQ
+sUG+FzcBZVj9C3MXAqysvwoiR/HU+65zlMccEFSS1Vvohk9ygriFWqBJGbOUr8VA
+ME7JshL+di0CUXYWqxzISa/+xAzyAZRPPSN5Z6N/CFRXUR/5bnAZvX+twReFMB1k
+Trfseyg9fY8o8wuS+zq/9Bz9GjcVjawXxXPXimYFAgMBAAGgADANBgkqhkiG9w0B
+AQUFAAOBgQCTm2vGI4yYtjhLFQZIPaP6f7z/cMcfOpFeT66t06Z0ZEnBzAJdPHH5
+OrO/XCMqPsKXjmRQAqBLQngShAnTUPjSE0FBXlyaYP3LKo/6qV2Y5lMDf9LAefDt
+XF+gCRIcRYuVn2BLffbirhEJqDvP49k1m8VIUGFu31KNyNPLGNqcTw==
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/ulrike.key b/OPP/openvpn/keys/ulrike.key
new file mode 100644
index 0000000..cea4d20
--- /dev/null
+++ b/OPP/openvpn/keys/ulrike.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B6B6BE6C58FE1D86
+
+RlVb7GB+7bFIuyM6mPYy8+zVSLIwAMyxxIR2gH6/WH2va2vc7oGVbGefz5TyYnVe
+Dru0iK8IjRVBdO13D6Gh1RVn5Hm1kJBhAwwHr55BNimmxY0MlI4GF0sV0xQorMfO
+sQFKX9sMhgp4g/U83hAYXVNtEpV11JRRF7mlgqi3TjPKRjbhPhBEYQVhPMYxHH71
+SiKb5TzJ3Ej/9WZggErYZi7M/veK+aSD6ZSlnbmBOQ9VHDkozOf78/gKCNuIlUdT
+C9w9BPlYETkGuM/vI79mE/c5MOgzRPHi69GZp0oc84imhXydB0XQSzSKMyHuqHzf
+S8Atpe1rbmb8exC/HHm+QAyxOZe83wMLoWEFbMYSgVWKDF3NxUf3RV2Nd42t0zKC
+6fOQuy3gzS45vUmYUfX2wQyy57n5z+z7yUaVPLvvhyOtJuBoDXaTeOOKwYfcbo3N
+0MY3gyDZXM7EIMBxGUa4+b2lvkopSFHasj1+zTky1DIJ6F07c0cTo75XM0y9F13M
+9CTRFiPq1u7qAHP2dO6z9SQKMt0CA7xLagmVpJHdPETqTs9aKK8c6GiKe45InMO/
+vcxM6yaFbmZ3+P2lI8/V/CPS9T8pMxwj3DWQn5FVTI4YqGwnPamGTLMB/xqP0VgP
+7bUEd37k65ISrOVKYSINI4h3S0EtaSPIv461vCmR3HifWeEt3U9LsCQ1I6BwZlV0
+eBqqizesasR8kOCTEGnXn9X3Fph3YM8HDlUxnXoLLsl0q/KLrp1OYA9vawUlrTIE
+DYEC/WSg923XTLPFjNrAQ+pCmbLZPIpw9LxSKMQ3CZM=
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/keys/veronika.crt b/OPP/openvpn/keys/veronika.crt
new file mode 100644
index 0000000..2413974
--- /dev/null
+++ b/OPP/openvpn/keys/veronika.crt
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 21 (0x15)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Apr 18 14:04:54 2012 GMT
+            Not After : Apr 16 14:04:54 2022 GMT
+        Subject: C=DE, ST=Berlin, O=o.open, OU=network services, CN=OPP-Vpn-veronika/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d7:99:ea:01:61:56:a4:d9:13:bf:2a:35:9f:92:
+                    21:74:38:8e:2f:3f:56:9c:35:dc:6d:c5:e3:db:1f:
+                    84:7e:a7:b0:05:14:a0:53:f2:fe:bc:d2:86:ac:42:
+                    89:bd:6b:19:5a:27:fc:4f:24:c5:b0:0a:2a:5b:e5:
+                    70:c0:e9:ef:da:63:58:21:8a:dd:7d:f3:c0:63:67:
+                    f0:95:ec:5e:8c:c8:c3:c0:66:46:77:9d:d0:21:bf:
+                    0e:c3:ac:6e:c1:ce:68:bd:10:df:a3:de:28:f2:6a:
+                    04:a8:bd:0c:23:84:c1:6b:80:5e:b4:3f:d6:4c:57:
+                    36:63:4e:3f:05:22:11:bf:e3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                31:10:F7:AD:C7:5A:D8:33:B6:7C:7E:A6:C8:67:87:31:AF:FD:03:A7
+            X509v3 Authority Key Identifier: 
+                keyid:E1:4D:C3:6B:F4:7C:81:7B:16:B2:CC:6D:24:6C:CA:DD:9B:93:53:E3
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=network services/CN=OPP-Vpn-ca/emailAddress=argus@oopen.de
+                serial:D7:44:14:8B:55:A3:DF:88
+
+    Signature Algorithm: md5WithRSAEncryption
+        a9:47:66:69:06:7c:73:fb:5c:11:61:21:64:78:81:34:28:fc:
+        b8:b7:f9:9e:70:ed:8d:56:23:9a:8b:d7:ea:73:da:4d:d5:bc:
+        57:9a:84:b3:5f:97:83:cb:18:42:f2:8d:6d:af:c6:32:44:5b:
+        71:37:9b:0a:fc:86:cb:ed:62:9d:87:33:e3:f9:57:ce:27:f6:
+        cc:ae:f0:c1:17:4f:4e:94:53:f1:7a:01:de:3c:a6:ed:44:e8:
+        50:67:14:4b:27:0b:ba:20:e5:3c:35:51:47:ee:6b:18:2c:80:
+        2a:33:4e:d7:51:05:73:73:2b:4f:1b:3f:6e:61:be:19:0b:93:
+        7c:08
+-----BEGIN CERTIFICATE-----
+MIIDsDCCAxmgAwIBAgIBFTANBgkqhkiG9w0BAQQFADCBjzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEG5ldHdvcmsgc2VydmljZXMxEzARBgNVBAMTCk9QUC1WcG4t
+Y2ExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMB4XDTEyMDQxODE0MDQ1
+NFoXDTIyMDQxNjE0MDQ1NFowgYQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQbmV0d29yayBzZXJ2aWNlczEZ
+MBcGA1UEAxMQT1BQLVZwbi12ZXJvbmlrYTEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANeZ6gFhVqTZE78q
+NZ+SIXQ4ji8/Vpw13G3F49sfhH6nsAUUoFPy/rzShqxCib1rGVon/E8kxbAKKlvl
+cMDp79pjWCGK3X3zwGNn8JXsXozIw8BmRned0CG/DsOsbsHOaL0Q36PeKPJqBKi9
+DCOEwWuAXrQ/1kxXNmNOPwUiEb/jAgMBAAGjggEjMIIBHzAJBgNVHRMEAjAAMCwG
+CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQUMRD3rcda2DO2fH6myGeHMa/9A6cwgcQGA1UdIwSBvDCBuYAU4U3Da/R8
+gXsWssxtJGzK3ZuTU+OhgZWkgZIwgY8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBuZXR3b3JrIHNlcnZpY2VzMRMwEQYDVQQDEwpPUFAtVnBuLWNhMR0wGwYJKoZI
+hvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANdEFItVo9+IMA0GCSqGSIb3DQEBBAUA
+A4GBAKlHZmkGfHP7XBFhIWR4gTQo/Li3+Z5w7Y1WI5qL1+pz2k3VvFeahLNfl4PL
+GELyjW2vxjJEW3E3mwr8hsvtYp2HM+P5V84n9syu8MEXT06UU/F6Ad48pu1E6FBn
+FEsnC7og5Tw1UUfuaxgsgCozTtdRBXNzK08bP25hvhkLk3wI
+-----END CERTIFICATE-----
diff --git a/OPP/openvpn/keys/veronika.csr b/OPP/openvpn/keys/veronika.csr
new file mode 100644
index 0000000..57c0e09
--- /dev/null
+++ b/OPP/openvpn/keys/veronika.csr
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIB1jCCAT8CAQAwgZUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBuZXR3b3Jr
+IHNlcnZpY2VzMRkwFwYDVQQDExBPUFAtVnBuLXZlcm9uaWthMR0wGwYJKoZIhvcN
+AQkBFg5hcmd1c0Bvb3Blbi5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+15nqAWFWpNkTvyo1n5IhdDiOLz9WnDXcbcXj2x+EfqewBRSgU/L+vNKGrEKJvWsZ
+Wif8TyTFsAoqW+VwwOnv2mNYIYrdffPAY2fwlexejMjDwGZGd53QIb8Ow6xuwc5o
+vRDfo94o8moEqL0MI4TBa4BetD/WTFc2Y04/BSIRv+MCAwEAAaAAMA0GCSqGSIb3
+DQEBBQUAA4GBAF2wpN9altuXqGKe2/4Hxv4eJPRhpY91Km1mLjGewiH2LQvUIzEy
+zxm89nsmr/nmyP0pzZRd6zC9d3cqs/T0Ht0jEo7cToKoabMUxofd9Az3XEARlwsH
+cb4u4eErtN/XZkCYtlUtXrlFMPw+4wcNfzZqt/1vKvlFrhnOrKRR2nNP
+-----END CERTIFICATE REQUEST-----
diff --git a/OPP/openvpn/keys/veronika.key b/OPP/openvpn/keys/veronika.key
new file mode 100644
index 0000000..571fe0a
--- /dev/null
+++ b/OPP/openvpn/keys/veronika.key
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,B385616FBBD668AE
+
+RUZmTgur8U6eUWPihNZrfX2jzV2qdS79mGTm8jg5P7Yrt0C67q0lUpajglLVZaw2
+0ocnpCRiMzCRviW7Tu/3a59Yq4obgJZTvoavUvnp6S2wzX7RUGkU5ou8XJdPvrfR
+D737DmJfSA5lf0SDO8Exc/0uPcwPIQ5RaY6ygFNRCHlQn/sg9xqUUmqhO4VpX6nF
+GD8gspgGplRQeKgCNYGi/4YlNLNquavCwwqIgaKr7qjUl0Y2O20tIATe2ZXM5Ux5
+FHvkawvYZnjxmBT1tn6r6XxCLDqsseHCK08qgVZXr/XaSP8d96Ge1G1XE54ExVxC
+wEp6ffBW04/E7YotIytRgJGrGbdJchcg/GembLK+ltgoEuQFsdXGZ6wsakiojFPv
+ZeSvMUqAM1pPZDbFSdxxlclfidvXFBdXaEEjchMuBY6dsnbSeY+IjLDAr4a6E1ZD
++dmEYS6InaXHFYz1Ukim+EwwLPl0awVtkWJhl79U7HJAZ5rWxY19OFQUtkC73my3
+ucALUTkqOofF0BfQaOAxZFbNkp+3/l0x0xT1yOecL6IEHRuJ6Vb4veLtlOzN/PLa
+o7ifvqURdaAHFFuuv833JMQMgChczM7zPzdcIj/gIGl6pkH9UAX2sCJm4k4J/foY
+2F0nxXkEqkN+yZkEB5zAt4D5XGcc+nS5QK+DAkYuvpAYNJITN5m95RBix7cW6MD3
+fs5qylm/CoVh7VK6eaLYs+LA/eFWrkJaapOIddAcvYcVP4pnwmu8RXnhUVjJ8FBg
++fJociIWnwHRKG46b7Z1CgkFicbjFTqxW5J5z7gZNQ4hsxTUuNH0Og==
+-----END RSA PRIVATE KEY-----
diff --git a/OPP/openvpn/openvpn-status.log b/OPP/openvpn/openvpn-status.log
new file mode 100644
index 0000000..156f1b3
--- /dev/null
+++ b/OPP/openvpn/openvpn-status.log
@@ -0,0 +1,8 @@
+OpenVPN CLIENT LIST
+Updated,Fri Sep 20 13:50:16 2013
+Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
+ROUTING TABLE
+Virtual Address,Common Name,Real Address,Last Ref
+GLOBAL STATS
+Max bcast/mcast queue length,0
+END
diff --git a/OPP/openvpn/server-gw-ckubu.conf b/OPP/openvpn/server-gw-ckubu.conf
new file mode 100644
index 0000000..64e6c23
--- /dev/null
+++ b/OPP/openvpn/server-gw-ckubu.conf
@@ -0,0 +1,303 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1195
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+route 192.168.63.0 255.255.255.0 10.1.62.1
+route 192.168.64.0 255.255.255.0 10.1.62.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca keys/ca.crt
+cert keys/server.crt
+key keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys. 
+dh keys/dh1024.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.1.62.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 192.168.62.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir ccd/server-gw-ckubu
+
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir ccd
+;route 192.168.40.128 255.255.255.248
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 192.168.62.10"
+;push "dhcp-option DOMAIN opp.netz"
+;push "dhcp-option DNS 192.168.62.53"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+;client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-gw-ckubu.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append openvpn.log
+;log        openvpn.log
+log         /var/log/openvpn/server-gw-ckubu.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/crl.pem
diff --git a/OPP/openvpn/server-home.conf b/OPP/openvpn/server-home.conf
new file mode 100644
index 0000000..a7a376f
--- /dev/null
+++ b/OPP/openvpn/server-home.conf
@@ -0,0 +1,303 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+#route 192.168.63.0 255.255.255.0 10.0.62.1
+#route 192.168.64.0 255.255.255.0 10.0.62.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca keys/ca.crt
+cert keys/server.crt
+key keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys. 
+dh keys/dh1024.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.0.62.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+push "route 192.168.62.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir ccd/server-home
+
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir ccd/server-home
+;route 192.168.40.128 255.255.255.248
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DOMAIN opp.netz"
+push "dhcp-option DNS 192.168.62.53"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+;client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-home.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append openvpn.log
+;log        openvpn.log
+log         /var/log/openvpn/server-home.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/keys/crl.pem
diff --git a/OPP/openvpn/update-resolv-conf b/OPP/openvpn/update-resolv-conf
new file mode 100755
index 0000000..fc2f031
--- /dev/null
+++ b/OPP/openvpn/update-resolv-conf
@@ -0,0 +1,58 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+# 
+# Example envs set from openvpn:
+#
+#     foreign_option_1='dhcp-option DNS 193.43.27.132'
+#     foreign_option_2='dhcp-option DNS 193.43.27.133'
+#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+[ -x /sbin/resolvconf ] || exit 0
+[ "$script_type" ] || exit 0
+[ "$dev" ] || exit 0
+
+split_into_parts()
+{
+	part1="$1"
+	part2="$2"
+	part3="$3"
+}
+
+case "$script_type" in
+  up)
+	NMSRVRS=""
+	SRCHS=""
+	for optionvarname in ${!foreign_option_*} ; do
+		option="${!optionvarname}"
+		echo "$option"
+		split_into_parts $option
+		if [ "$part1" = "dhcp-option" ] ; then
+			if [ "$part2" = "DNS" ] ; then
+				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
+			elif [ "$part2" = "DOMAIN" ] ; then
+				SRCHS="${SRCHS:+$SRCHS }$part3"
+			fi
+		fi
+	done
+	R=""
+	[ "$SRCHS" ] && R="search $SRCHS
+"
+	for NS in $NMSRVRS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
+	;;
+  down)
+	/sbin/resolvconf -d "${dev}.openvpn"
+	;;
+esac
+
diff --git a/OPP/pap-secrets.OPP b/OPP/pap-secrets.OPP
new file mode 100644
index 0000000..ff54f8c
--- /dev/null
+++ b/OPP/pap-secrets.OPP
@@ -0,0 +1,45 @@
+#
+# /etc/ppp/pap-secrets
+#
+# This is a pap-secrets file to be used with the AUTO_PPP function of
+# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
+# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
+# after a user has passed this file. Don't be disturbed therefore by the fact
+# that this file defines logins with any password for users. /etc/passwd
+# (again, /etc/shadow, too) will catch passwd mismatches.
+#
+# This file should block ALL users that should not be able to do AUTO_PPP.
+# AUTO_PPP bypasses the usual login program so it's necessary to list all
+# system userids with regular passwords here.
+#
+# ATTENTION: The definitions here can allow users to login without a
+# password if you don't use the login option of pppd! The mgetty Debian
+# package already provides this option; make sure you don't change that.
+
+# INBOUND connections
+
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+*	hostname	""	*
+
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd!
+guest	hostname	"*"	-
+master	hostname	"*"	-
+root	hostname	"*"	-
+support	hostname	"*"	-
+stats	hostname	"*"	-
+
+# OUTBOUND connections
+
+# Here you should add your userid password to connect to your providers via
+# PAP. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+
+#	*	password
+
+
+
+"feste-ip3/6TB9UZGGP1GK@t-online-com.de" * "53506202"
diff --git a/OPP/peers/dsl-provider b/OPP/peers/dsl-provider
new file mode 120000
index 0000000..416164c
--- /dev/null
+++ b/OPP/peers/dsl-provider
@@ -0,0 +1 @@
+dsl-provider.DSL
\ No newline at end of file
diff --git a/OPP/peers/dsl-provider.DSL b/OPP/peers/dsl-provider.DSL
new file mode 100644
index 0000000..5fdba17
--- /dev/null
+++ b/OPP/peers/dsl-provider.DSL
@@ -0,0 +1,17 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+plugin rp-pppoe.so eth0
+user "feste-ip3/6TB9UZGGP1GK@t-online-com.de"
+#usepeerdns
diff --git a/OPP/peers/dsl-provider.VDSL b/OPP/peers/dsl-provider.VDSL
new file mode 100644
index 0000000..e394b78
--- /dev/null
+++ b/OPP/peers/dsl-provider.VDSL
@@ -0,0 +1,17 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+plugin rp-pppoe.so eth0.7
+user "feste-ip3/6TB9UZP1GK@t-online-com.de"
+#usepeerdns
diff --git a/OPP/peers/provider b/OPP/peers/provider
new file mode 100644
index 0000000..e74d71a
--- /dev/null
+++ b/OPP/peers/provider
@@ -0,0 +1,35 @@
+# example configuration for a dialup connection authenticated with PAP or CHAP
+#
+# This is the default configuration used by pon(1) and poff(1).
+# See the manual page pppd(8) for information on all the options.
+
+# MUST CHANGE: replace myusername@realm with the PPP login name given to
+# your by your provider.
+# There should be a matching entry with the password in /etc/ppp/pap-secrets
+# and/or /etc/ppp/chap-secrets.
+user "myusername@realm"
+
+# MUST CHANGE: replace ******** with the phone number of your provider.
+# The /etc/chatscripts/pap chat script may be modified to change the
+# modem initialization string.
+connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
+
+# Serial device to which the modem is connected.
+/dev/modem
+
+# Speed of the serial line.
+115200
+
+# Assumes that your IP address is allocated dynamically by the ISP.
+noipdefault
+# Try to get the name server addresses from the ISP.
+usepeerdns
+# Use this connection as the default route.
+defaultroute
+
+# Makes pppd "dial again" when the connection is lost.
+persist
+
+# Do not ask the remote to authenticate.
+noauth
+
diff --git a/OPP/radvd.conf.OPP b/OPP/radvd.conf.OPP
new file mode 100644
index 0000000..aed3a3c
--- /dev/null
+++ b/OPP/radvd.conf.OPP
@@ -0,0 +1,28 @@
+#interface eth1
+#{
+#        AdvSendAdvert on;
+#        prefix ::/64
+#        {
+#                AdvOnLink on;
+#                AdvAutonomous on;
+#                AdvRouterAddr on;
+#        };
+#
+#        #RDNSS 2001:4860:4860::8888  2001:4860:4860::8844
+#        #{
+#        #};
+#};
+
+interface eth1 # LAN interface
+{
+   AdvManagedFlag off; # no DHCPv6 server here.
+   AdvOtherConfigFlag off; # not even for options.
+   AdvSendAdvert on;
+   AdvDefaultPreference high;
+   AdvLinkMTU 1280;
+   prefix ::/64 #pick one non-link-local prefix assigned to the interface and start advertising it
+   {
+      AdvOnLink on;
+      AdvAutonomous on;
+   };
+};
diff --git a/OPP/rc.local.OPP b/OPP/rc.local.OPP
new file mode 100755
index 0000000..bfb9f0b
--- /dev/null
+++ b/OPP/rc.local.OPP
@@ -0,0 +1,20 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+# By default this script does nothing.
+
+sleep 2
+/etc/init.d/ipt-firewall > /dev/null 2>&1 || /bin/true
+
+echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
+
+
+exit 0
diff --git a/OPP/resolv.conf.OPP b/OPP/resolv.conf.OPP
new file mode 100644
index 0000000..c14f83d
--- /dev/null
+++ b/OPP/resolv.conf.OPP
@@ -0,0 +1,3 @@
+domain opp.netz
+search opp.netz
+nameserver 127.0.0.1
diff --git a/OPP/sasl_passwd.OPP b/OPP/sasl_passwd.OPP
new file mode 100644
index 0000000..957c330
--- /dev/null
+++ b/OPP/sasl_passwd.OPP
@@ -0,0 +1 @@
+[b.mx.oopen.de] opp@b.mx.oopen.de:dWw84m794P39
diff --git a/OPP/sasl_passwd.db.OPP b/OPP/sasl_passwd.db.OPP
new file mode 100644
index 0000000..96aa707
Binary files /dev/null and b/OPP/sasl_passwd.db.OPP differ
diff --git a/OPP/sbin/ip6t-firewall-gateway b/OPP/sbin/ip6t-firewall-gateway
new file mode 100755
index 0000000..3df216f
--- /dev/null
+++ b/OPP/sbin/ip6t-firewall-gateway
@@ -0,0 +1,3414 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ip6t-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv6 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv6.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv6.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv6.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv6.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ip6t=$(which ip6tables)
+
+if [[ -z "$ip6t" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IPv6)..\033[m"
+else
+   echo "Starting firewall iptables (IPv4).."
+fi
+echo
+
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+# ---
+# - Enable/Disable ip forwarding between interfaces
+# ---
+if $kernel_forward_between_interfaces ; then
+   echononl "\tActivate Forwarding.."
+   echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+else
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
+fi
+
+echo_done
+
+
+# -------------
+# --- Adjust Kernel Parameters
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+
+   # ---
+   # - Deactivate Source Routed Packets
+   # ---
+   for asr in /proc/sys/net/ipv6/conf/*/accept_source_route; do
+      if $kernel_deactivate_source_route ; then
+         echo 0 > $asr
+      fi
+   done
+
+
+   # ---
+   # -  Deactivate sending ICMP redirects
+   # ---
+   if $kernel_dont_accept_redirects ; then
+      echo "0" > /proc/sys/net/ipv6/conf/all/accept_redirects
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+
+fi 
+
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv6).."
+
+# - default policies
+# -
+$ip6t -P INPUT ACCEPT
+$ip6t -P OUTPUT ACCEPT
+$ip6t -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ip6t -F
+$ip6t -F INPUT
+$ip6t -F OUTPUT
+$ip6t -F FORWARD
+$ip6t -F -t mangle
+$ip6t -F -t nat
+$ip6t -F -t raw
+$ip6t -X
+$ip6t -Z
+
+#$ip6t -t nat -A POSTROUTING -o $ext_if_static_1 -j MASQUERADE
+$ip6t -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+echo_done # Flushing firewall iptable (IPv6)..
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ip6t -A INPUT -s $_ip -j LOG --log-prefix "$_ip IN: " --log-level $log_level
+      $ip6t -A OUTPUT -d $_ip -j LOG --log-prefix "$_ip OUT: " --log-level $log_level
+      $ip6t -A FORWARD -s $_ip -j LOG --log-prefix "$_ip FORWARD FROM: " --log-level $log_level
+      $ip6t -A FORWARD -d $_ip -j LOG --log-prefix "$_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP IPv6 traffic.."
+if $permit_all_icmp_traffic ; then
+   $ip6t -A INPUT -p ipv6-icmp -j ACCEPT
+   $ip6t -A OUTPUT -p ipv6-icmp -j ACCEPT
+   $ip6t -A FORWARD -p ipv6-icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ip6t -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ip6t -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ip6t -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -j ACCEPT
+         $ip6t -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ip6t -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ip6t -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ip6t -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ip6t -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -i $_if -j DROP
+      $ip6t -A FORWARD -o $_if -j DROP
+   fi
+   $ip6t -A INPUT -i $_if -j DROP
+   $ip6t -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -d $_ip -j ACCEPT
+         $ip6t -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ip6t -N syn-flood
+   $ip6t -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ip6t -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ip6t -A syn-flood -j DROP
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   if $log_new_not_sync || $log_all  ; then
+      $ip6t -A INPUT -p tcp ! --syn -m state --state NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      $ip6t -A OUTPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      fi
+   fi
+   $ip6t -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
+   $ip6t -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP
+   fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   if $log_invalid_state || $log_all  ; then
+      $ip6t -A INPUT -m state --state INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -m state --state INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+      fi
+   fi
+   $ip6t -A INPUT -m state --state INVALID -j DROP
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -m state --state INVALID -j DROP
+   fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # - Refuse spoofed packets pretending to be from your IP address.
+   if $log_spoofed || $log_all ; then
+      for _ip in ${ext_ip_arr[@]} ; do
+         $ip6t -A INPUT -s $_ip -d $_ip -j LOG --log-prefix "$log_prefix Spoofed (own ip): " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -s $_ip -d $_ip -j LOG --log-prefix "$log_prefix Spoofed (own ip): " --log-level $log_level
+         fi
+      done
+   fi
+   for _ip in ${ext_ip_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -s $_ip -d $_ip -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ipi6t -A FORWARD -s $_ip -d $_ip -j DROP
+      fi
+   done
+
+
+   # - private Adressen auf externen interface verwerfen
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ip6t -A INPUT -i $_dev -s $ula_block -j LOG --log-prefix "$log_prefix Private (ula_block): " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix (loopback): " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -s $ula_block -j LOG --log-prefix "$log_prefix Private (ula_block): " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix (loopback): " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -s $ula_block -j DROP
+      $ip6t -A INPUT -i $_dev -s $loopback -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -s $ula_block -j DROP
+         $ip6t -A FORWARD -i $_dev -s $loopback -j DROP
+      fi
+
+      # Don't allow spoofing from that server
+      $ip6t -A OUTPUT -o $_dev -s $ula_block -j DROP
+      $ip6t -A OUTPUT -o $_dev -s $loopback -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -s $ula_block -j DROP
+         $ip6t -A FORWARD -o $_dev -s $loopback -j DROP
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ip6t -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ip6t -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ip6t -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ip6t -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ip6t -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ip6t -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ip6t -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ip6t -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ip6t -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ip6t -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_forward_between_interfaces ; then
+         if $block_ident ; then
+            $ip6t -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ip6t -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ip6t -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ip6t -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_forward_between_interfaces ; then
+      if $block_ident ; then
+         $ip6t -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ip6t -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ip6t -A INPUT -i lo -j ACCEPT
+$ip6t -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ip6t -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ip6t -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_forward_between_interfaces ; then
+   $ip6t -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ip6t -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ip6t -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv6_address_arr[@]}" ; then
+            $ip6t -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         $ip6t -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ip6t -A FORWARD -p ${_val_arr[3]} -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+echononl "\tSeparate local networks.."
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+echononl "\tSeparate local interfaces.."
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            [[ "$_dev_1" = "$_dev_2" ]] && continue
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+            $ip6t -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+         done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_forward_between_interfaces ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+
+
+# ---
+# - IPv4 over IPv6
+# ---
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 546 -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp --dport 547 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP Service (local network only)"
+
+if $local_dhcp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type echo-request -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
+
+      $ip6t -A INPUT -p udp -i $_dev --sport 546 --dport 547 -j ACCEPT
+      $ip6t -A OUTPUT -p udp -o $_dev --sport 547 --dport 546 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ip6t -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ip6t -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ip6t -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_forward_between_interfaces=true)
+   if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ip6t -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ip6t -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ip6t -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ip6t -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ip6t -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_forward_between_interfaces ; then
+
+            $ip6t -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_forward_between_interfaces ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ip6t -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ip6t -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -t filter -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ip6t -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $standard_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $standard_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ip6t -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_forward_between_interfaces ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then 
+         $ip6t -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+      $ip6t -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ip6t -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_forward_between_interfaces && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_forward_between_interfaces && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ip6t -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tDruck Port 9100 only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ip6t -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces $$ ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ip6t -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ip6t -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv6_address_arr[@]}" ; then
+         $ip6t -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ip6t -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_forward_between_interfaces \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_forward_between_interfaces ; then
+
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces ; then
+
+         # - From extern
+         $ip6t -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ip6t -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ip6t -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv6_address_arr[@]}" ; then
+         $ip6t -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_forward_between_interfaces ; then
+         $ip6t -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ip6t -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=',' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      if [[ "${_val_arr[1]}" = "${_val_arr[3]}" ]] ; then
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination ${_val_arr[2]}
+      else
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination [${_val_arr[2]}]:${_val_arr[3]}
+      fi
+
+      # - Allow Packets
+      # -
+      $ip6t -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=',' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      if [[ "${_val_arr[1]}" = "${_val_arr[3]}" ]] ; then
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination ${_val_arr[2]}
+      else
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination [${_val_arr[2]}]:${_val_arr[3]}
+      fi
+
+      # - Allow Packets
+      # -
+      $ip6t -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ip6t -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ip6t -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ip6t -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+# ---
+# - ICMP is configured above..
+# ---
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_forward_between_interfaces ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ip6t -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ip6t -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ip6t -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ip6t -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ip6t -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ip6t -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ip6t -A INPUT -j DROP
+$ip6t -A OUTPUT -j DROP
+$ip6t -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/OPP/sbin/ipt-firewall-gateway b/OPP/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..5be1a57
--- /dev/null
+++ b/OPP/sbin/ipt-firewall-gateway
@@ -0,0 +1,3947 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/OPP/src/ipt-gateway b/OPP/src/ipt-gateway
new file mode 160000
index 0000000..de0ebb6
--- /dev/null
+++ b/OPP/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
diff --git a/OPP/src/openvpn b/OPP/src/openvpn
new file mode 160000
index 0000000..ebff5a5
--- /dev/null
+++ b/OPP/src/openvpn
@@ -0,0 +1 @@
+Subproject commit ebff5a557b537bcb8192d94f733c4df86594258d
diff --git a/ReachOut/README.txt b/ReachOut/README.txt
new file mode 100644
index 0000000..9ba9f1e
--- /dev/null
+++ b/ReachOut/README.txt
@@ -0,0 +1,25 @@
+
+Notice:
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.ReachOut: ppp0 comes over eth2
+      interfaces.ReachOut: see above
+      default_isc-dhcp-server.ReachOut
+      ipt-firewall.ReachOut: LAN device (mostly ) = eth1
+                                second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/DCMICap.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/DCMICap.dat
new file mode 100755
index 0000000..368e2d4
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/DCMICap.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/GenEvt.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/GenEvt.dat
new file mode 100755
index 0000000..92b4c92
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/GenEvt.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/IPMICFG.exe b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/IPMICFG.exe
new file mode 100755
index 0000000..af97ffe
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/IPMICFG.exe differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/MBType.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/MBType.dat
new file mode 100755
index 0000000..10aa814
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/MBType.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode.dat
new file mode 100755
index 0000000..518dbbe
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode2.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode2.dat
new file mode 100755
index 0000000..6cadcfc
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/MRCCode2.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/Menu.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/Menu.dat
new file mode 100755
index 0000000..da10666
--- /dev/null
+++ b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/Menu.dat
@@ -0,0 +1,96 @@
+  -m                    Show IP and MAC.
+  -m IP                 Set IP (format: ###.###.###.###).
+  -a MAC                Set MAC (format: ##:##:##:##:##:##).
+  -k                    Show Subnet Mask.
+  -k Mask               Set Subnet Mask (format: ###.###.###.###).
+  -dhcp                 Get the DHCP status.
+  -dhcp on              Enable the DHCP.
+  -dhcp off             Disable the DHCP.
+  -g                    Show Gateway IP.
+  -g IP                 Set Gateway IP (format: ###.###.###.###).
+  -r                    BMC cold reset.
+                        option: -d | Detected IPMI device for BMC reset.
+  -garp on              Enable the Gratuitous ARP.
+  -garp off             Disable the Gratuitous ARP.
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -ver                  Get Firmware revision.
+  -vlan                 Get VLAN status.
+  -vlan on <vlan tag>   Enable the VLAN and set the VLAN tag.
+                        If VLANtag is not given it uses previously saved value.
+  -vlan off             Disable the VLAN.
+  -selftest             Checking and reporting on the basic health of BMC.
+  -raw                  Send a RAW IPMI request and print response.
+                        Format: NetFn Cmd [Data1 ... DataN]
+  -fru info             Show FRU inventory area Info.
+  -fru list             Show all FRU values.
+  -fru cthelp           Show chassis type code.
+  -fru help             Show help of FRU Write.
+  -fru <field>          Show FRU field value.
+  -fru <field> <value>  Write FRU.
+  -fru 1m               Update Product-Manufacturer from DMITable to IPMI FRU.
+  -fru 1p               Update Product-Product Name from DMITable to IPMI FRU.
+  -fru 1s               Update Product-S/N from DMITable to IPMI FRU.
+  -fru 2m               Update Board-Manufacturer from DMITable to IPMI FRU.
+  -fru 2p               Update Board-Product Name from DMITable to IPMI FRU.
+  -fru 2s               Update Board-S/N from DMITable to IPMI FRU.
+  -fru 3s               Update Chassis-S/N from DMITable to IPMI FRU.
+  -fru backup <file>    Backup FRU to file <Binary format>.
+  -fru restore <file>   Restore FRU from file <Binary format>.
+  -fru tbackup <file>   Backup FRU to file <Text format>.
+  -fru trestore <file>  Restore FRU from file <Text format>.
+  -fru ver <v1> <v2>    Get/Set FRU version. (v1 v2 are BCD format)
+  -sel info             Show SEL info.
+  -sel list             Show SEL records.
+  -sel del              Delete all SEL records.
+  -sel raw              Show SEL raw data.
+  -sdr [full]           Show SDR records and reading.
+  -sdr del <sdr id>     Delete SDR record.
+  -sdr ver <v1> <v2>    Get/Set SDR version. (v1 v2 are BCD format)
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>           Set Fan Mode.
+  -pminfo [full]        Power supply PMBus health.
+  -psfruinfo            Power supply FRU health.
+  -psbbpinfo            Battery backup power status.
+  -autodischarge        Set auto discharge by days.
+   <module> <day>.      
+  -discharge <module>   Manually discharge battery.
+  -user list            List user privilege information.
+  -user help            Show user privilege code.
+  -user add <user id>   Add user.
+   <name> <password>    
+   <privilege>          
+  -user del <user id>   Delete user.
+  -user level <user id> Update user privilege.
+   <privilege>          
+  -user setpwd          Update user password.
+   <user id> <password> 
+  -conf upload <file>   Upload IPMI configuration form binary file.
+   <option>             option: -p | Bypass warning message.
+  -conf download <file> Download IPMI configuration to binary file.
+  -conf tupload <file>  Upload IPMI configuration from text file.
+   <option>             option: -p | Bypass warning message.
+  -conf tdownload       Download IPMI configuration to text file.
+   <file>               
+  -clrint               Clear chassis intrusion.
+  -reset <index>        Reset System and force to boot from device.
+  -soft <index>         Initiate a soft-shutdown for OS and force to boot from
+                        device.
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/PMBusStatus.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/PMBusStatus.dat
new file mode 100755
index 0000000..d5b8630
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/PMBusStatus.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt1.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt1.dat
new file mode 100755
index 0000000..8b10a40
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt1.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt2.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt2.dat
new file mode 100755
index 0000000..6cfe076
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt2.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt3.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt3.dat
new file mode 100755
index 0000000..aef67c7
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt3.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt4.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt4.dat
new file mode 100755
index 0000000..505e391
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt4.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt5.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt5.dat
new file mode 100755
index 0000000..fed4cfc
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/SpecEvt5.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/sdc.exe b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/sdc.exe
new file mode 100755
index 0000000..8ce02a8
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/DOS/sdc.exe differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/IPMICFG_UserGuide.pdf b/ReachOut/bin/IPMICFG_1.27.0_build.170620/IPMICFG_UserGuide.pdf
new file mode 100755
index 0000000..fe6b137
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/IPMICFG_UserGuide.pdf differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/DCMICap.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/DCMICap.dat
new file mode 100755
index 0000000..368e2d4
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/DCMICap.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/GenEvt.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/GenEvt.dat
new file mode 100755
index 0000000..92b4c92
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/GenEvt.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/IPMICFG-Linux.x86 b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/IPMICFG-Linux.x86
new file mode 100755
index 0000000..d971ad9
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/IPMICFG-Linux.x86 differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MBType.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MBType.dat
new file mode 100755
index 0000000..10aa814
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MBType.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode.dat
new file mode 100755
index 0000000..518dbbe
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode2.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode2.dat
new file mode 100755
index 0000000..6cadcfc
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/MRCCode2.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/Menu.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/Menu.dat
new file mode 100755
index 0000000..84a1273
--- /dev/null
+++ b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/Menu.dat
@@ -0,0 +1,96 @@
+  -m                    Show IP and MAC.
+  -m IP                 Set IP (format: ###.###.###.###).
+  -a MAC                Set MAC (format: ##:##:##:##:##:##).
+  -k                    Show Subnet Mask.
+  -k Mask               Set Subnet Mask (format: ###.###.###.###).
+  -dhcp                 Get the DHCP status.
+  -dhcp on              Enable the DHCP.
+  -dhcp off             Disable the DHCP.
+  -g                    Show Gateway IP.
+  -g IP                 Set Gateway IP (format: ###.###.###.###).
+  -r                    BMC cold reset.
+                        option: -d | Detected IPMI device for BMC reset.
+  -garp on              Enable the Gratuitous ARP.
+  -garp off             Disable the Gratuitous ARP.
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -ver                  Get Firmware revision.
+  -vlan                 Get VLAN status.
+  -vlan on <vlan tag>   Enable the VLAN and set the VLAN tag.
+                        If VLANtag is not given it uses previously saved value.
+  -vlan off             Disable the VLAN.
+  -selftest             Checking and reporting on the basic health of BMC.
+  -raw                  Send a RAW IPMI request and print response.
+                        Format: NetFn Cmd [Data1 ... DataN]
+  -fru info             Show FRU inventory area Info.
+  -fru list             Show all FRU values.
+  -fru cthelp           Show chassis type code.
+  -fru help             Show help of FRU Write.
+  -fru <field>          Show FRU field value.
+  -fru <field> <value>  Write FRU.
+  -fru 1m               Update Product-Manufacturer from DMITable to IPMI FRU.
+  -fru 1p               Update Product-Product Name from DMITable to IPMI FRU.
+  -fru 1s               Update Product-S/N from DMITable to IPMI FRU.
+  -fru 2m               Update Board-Manufacturer from DMITable to IPMI FRU.
+  -fru 2p               Update Board-Product Name from DMITable to IPMI FRU.
+  -fru 2s               Update Board-S/N from DMITable to IPMI FRU.
+  -fru 3s               Update Chassis-S/N from DMITable to IPMI FRU.
+  -fru backup <file>    Backup FRU to file <Binary format>.
+  -fru restore <file>   Restore FRU from file <Binary format>.
+  -fru tbackup <file>   Backup FRU to file <Text format>.
+  -fru trestore <file>  Restore FRU from file <Text format>.
+  -fru ver <v1> <v2>    Get/Set FRU version. (v1 v2 are BCD format)
+  -sel info             Show SEL info.
+  -sel list             Show SEL records.
+  -sel del              Delete all SEL records.
+  -sel raw              Show SEL raw data.
+  -sdr [full]           Show SDR records and reading.
+  -sdr del <sdr id>     Delete SDR record.
+  -sdr ver <v1> <v2>    Get/Set SDR version. (v1 v2 are BCD format)
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>           Set Fan Mode.
+  -pminfo [full]        Power supply PMBus health.
+  -psfruinfo            Power supply FRU health.
+  -psbbpinfo            Battery backup power status.
+  -autodischarge        Set auto discharge by days.
+   <module> <day>.      
+  -discharge <module>   Manually discharge battery.
+  -user list            List user privilege information.
+  -user help            Show user privilege code.
+  -user add <user id>   Add user.
+   <name> <password>    
+   <privilege>          
+  -user del <user id>   Delete user.
+  -user level <user id> Update user privilege.
+   <privilege>          
+  -user setpwd          Update user password.
+   <user id> <password> 
+  -conf upload <file>   Upload IPMI configuration form binary file.
+   <option>             option: -p | Bypass warning message.
+  -conf download <file> Download IPMI configuration to binary file.
+  -conf tupload <file>  Upload IPMI configuration from text file.
+   <option>             option: -p | Bypass warning message.
+  -conf tdownload       Download IPMI configuration to text file.
+   <file>               
+  -clrint               Clear chassis intrusion.
+  -reset <index>        Reset System and force to boot from device.
+  -soft <index>         Initiate a soft-shutdown for OS and force to boot from
+                        device.
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/PMBusStatus.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/PMBusStatus.dat
new file mode 100755
index 0000000..d5b8630
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/PMBusStatus.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt1.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt1.dat
new file mode 100755
index 0000000..8b10a40
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt1.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt2.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt2.dat
new file mode 100755
index 0000000..6cfe076
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt2.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt3.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt3.dat
new file mode 100755
index 0000000..aef67c7
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt3.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt4.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt4.dat
new file mode 100755
index 0000000..505e391
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt4.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt5.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt5.dat
new file mode 100755
index 0000000..fed4cfc
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/32bit/SpecEvt5.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/DCMICap.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/DCMICap.dat
new file mode 100755
index 0000000..368e2d4
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/DCMICap.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/GenEvt.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/GenEvt.dat
new file mode 100755
index 0000000..92b4c92
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/GenEvt.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/IPMICFG-Linux.x86_64 b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/IPMICFG-Linux.x86_64
new file mode 100755
index 0000000..1051cd8
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/IPMICFG-Linux.x86_64 differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MBType.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MBType.dat
new file mode 100755
index 0000000..10aa814
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MBType.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode.dat
new file mode 100755
index 0000000..518dbbe
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode2.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode2.dat
new file mode 100755
index 0000000..6cadcfc
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/MRCCode2.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/Menu.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/Menu.dat
new file mode 100755
index 0000000..84a1273
--- /dev/null
+++ b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/Menu.dat
@@ -0,0 +1,96 @@
+  -m                    Show IP and MAC.
+  -m IP                 Set IP (format: ###.###.###.###).
+  -a MAC                Set MAC (format: ##:##:##:##:##:##).
+  -k                    Show Subnet Mask.
+  -k Mask               Set Subnet Mask (format: ###.###.###.###).
+  -dhcp                 Get the DHCP status.
+  -dhcp on              Enable the DHCP.
+  -dhcp off             Disable the DHCP.
+  -g                    Show Gateway IP.
+  -g IP                 Set Gateway IP (format: ###.###.###.###).
+  -r                    BMC cold reset.
+                        option: -d | Detected IPMI device for BMC reset.
+  -garp on              Enable the Gratuitous ARP.
+  -garp off             Disable the Gratuitous ARP.
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -ver                  Get Firmware revision.
+  -vlan                 Get VLAN status.
+  -vlan on <vlan tag>   Enable the VLAN and set the VLAN tag.
+                        If VLANtag is not given it uses previously saved value.
+  -vlan off             Disable the VLAN.
+  -selftest             Checking and reporting on the basic health of BMC.
+  -raw                  Send a RAW IPMI request and print response.
+                        Format: NetFn Cmd [Data1 ... DataN]
+  -fru info             Show FRU inventory area Info.
+  -fru list             Show all FRU values.
+  -fru cthelp           Show chassis type code.
+  -fru help             Show help of FRU Write.
+  -fru <field>          Show FRU field value.
+  -fru <field> <value>  Write FRU.
+  -fru 1m               Update Product-Manufacturer from DMITable to IPMI FRU.
+  -fru 1p               Update Product-Product Name from DMITable to IPMI FRU.
+  -fru 1s               Update Product-S/N from DMITable to IPMI FRU.
+  -fru 2m               Update Board-Manufacturer from DMITable to IPMI FRU.
+  -fru 2p               Update Board-Product Name from DMITable to IPMI FRU.
+  -fru 2s               Update Board-S/N from DMITable to IPMI FRU.
+  -fru 3s               Update Chassis-S/N from DMITable to IPMI FRU.
+  -fru backup <file>    Backup FRU to file <Binary format>.
+  -fru restore <file>   Restore FRU from file <Binary format>.
+  -fru tbackup <file>   Backup FRU to file <Text format>.
+  -fru trestore <file>  Restore FRU from file <Text format>.
+  -fru ver <v1> <v2>    Get/Set FRU version. (v1 v2 are BCD format)
+  -sel info             Show SEL info.
+  -sel list             Show SEL records.
+  -sel del              Delete all SEL records.
+  -sel raw              Show SEL raw data.
+  -sdr [full]           Show SDR records and reading.
+  -sdr del <sdr id>     Delete SDR record.
+  -sdr ver <v1> <v2>    Get/Set SDR version. (v1 v2 are BCD format)
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>           Set Fan Mode.
+  -pminfo [full]        Power supply PMBus health.
+  -psfruinfo            Power supply FRU health.
+  -psbbpinfo            Battery backup power status.
+  -autodischarge        Set auto discharge by days.
+   <module> <day>.      
+  -discharge <module>   Manually discharge battery.
+  -user list            List user privilege information.
+  -user help            Show user privilege code.
+  -user add <user id>   Add user.
+   <name> <password>    
+   <privilege>          
+  -user del <user id>   Delete user.
+  -user level <user id> Update user privilege.
+   <privilege>          
+  -user setpwd          Update user password.
+   <user id> <password> 
+  -conf upload <file>   Upload IPMI configuration form binary file.
+   <option>             option: -p | Bypass warning message.
+  -conf download <file> Download IPMI configuration to binary file.
+  -conf tupload <file>  Upload IPMI configuration from text file.
+   <option>             option: -p | Bypass warning message.
+  -conf tdownload       Download IPMI configuration to text file.
+   <file>               
+  -clrint               Clear chassis intrusion.
+  -reset <index>        Reset System and force to boot from device.
+  -soft <index>         Initiate a soft-shutdown for OS and force to boot from
+                        device.
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/PMBusStatus.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/PMBusStatus.dat
new file mode 100755
index 0000000..d5b8630
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/PMBusStatus.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt1.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt1.dat
new file mode 100755
index 0000000..8b10a40
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt1.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt2.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt2.dat
new file mode 100755
index 0000000..6cfe076
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt2.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt3.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt3.dat
new file mode 100755
index 0000000..aef67c7
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt3.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt4.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt4.dat
new file mode 100755
index 0000000..505e391
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt4.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt5.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt5.dat
new file mode 100755
index 0000000..fed4cfc
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Linux/64bit/SpecEvt5.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/ReleaseNotes.txt b/ReachOut/bin/IPMICFG_1.27.0_build.170620/ReleaseNotes.txt
new file mode 100755
index 0000000..dda7966
--- /dev/null
+++ b/ReachOut/bin/IPMICFG_1.27.0_build.170620/ReleaseNotes.txt
@@ -0,0 +1,246 @@
+-------------------------------------------------------------------------------
+Supermicro IPMICFG Release Notes
+Copyright(c) 2017 by Super Micro Computer, Inc.          http://supermicro.com/
+-------------------------------------------------------------------------------
+
+-------------------------------------------------------------------------------
+Introduction
+-------------------------------------------------------------------------------
+IPMICFG is a command line tool that let user set IPMI command through keyboard
+controller style (KCS) to the device that support Intelligent Platform
+Management Interface (IPMI) version 2.0 specifications.
+
+-------------------------------------------------------------------------------
+Requirements
+-------------------------------------------------------------------------------
+ - Operating system:
+    * Microsoft DOS 5.0 or later version
+    * Windows Server 2003, 2008, 2012 (32/64bit), 2016
+         - Operating system must be pre-installed Microsoft Visual C++ 2008 SP1
+           Redistributable Package
+           Download Link:
+               http://www.microsoft.com/en-us/download/details.aspx?id=29
+         - Windows 2008 R2 x64 must be pre-installed KB3033929 patch
+           Download Link:
+               https://www.microsoft.com/en-us/download/details.aspx?id=46083
+      Windows 7/8/8.1/10:
+         - Need disabled UAC(User Account Control) or open a command prompt
+           with a run as administrator.
+         - Windows 7 x64 must be pre-installed KB3033929 patch
+           Download Link:
+               https://www.microsoft.com/en-us/download/details.aspx?id=46148
+    * Linux Kernel version 2.6.x or higher.
+      ex: Red Hat Enterprise Linux (RHEL) 6.8 and 7.2,
+          SUSE Linux Enterprise Server (SLES) 11 SP4 and 12 SP1
+          Ubuntu Server 14.04 LTS and 16.04 LTS
+    * Free Disk Space: 200 MB (Linux, Windows)
+    * Available RAM: 64 MB
+ - Hardware:
+    * Baseboard Management Controller (BMC) must support Intelligent Platform
+      Management Interface (IPMI) version 2.0 specifications.
+ - Software:
+    * -tas, -nvme commands must be installed Thin-Agent Service. The TAS
+      minimum required version is 1.4.0.
+
+-------------------------------------------------------------------------------
+Installation and Upgrade Instructions
+-------------------------------------------------------------------------------
+ - DOS
+   Execute IPMICFG.exe
+ - Windows
+   Execute IMPICFG-Win.exe
+ - Linux
+   If your system has installed OpenIPMI driver, you can enabled Linux IPMI
+   driver:
+        # /etc/init.d/ipmi start
+        or
+        # modprobe ipmi_msghandler
+        # modprobe ipmi_devintf
+        # modprobe ipmi_si
+   Then execute IPMICFG-Linux.x86 or IPMICFG-Linux.x86_64
+   
+-------------------------------------------------------------------------------
+Third Party Software
+-------------------------------------------------------------------------------
+ - Phymem
+   Please refer to
+   http://www.codeproject.com/Articles/35378/Access-Physical-Memory-Port-and-PC
+   I-Configuration for more information.
+ - IPMITool
+   Please refer to
+   http://sourceforge.net/projects/ipmitool for more information.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.27.0 build 170620
+-------------------------------------------------------------------------------
+1.  Add DCMI commands.
+2.  Add MCU ID support for 0xA5, 0xA6, 0xA7 and 0xA8 on IPMICFG with the "tp"
+    command.
+3.  Disabled Microblade "VBAT" sensor all the upper threshold value.
+4.  Fix getting PMBus's detail status has duplicate information.
+5.  Update NM commands to Node Manager 4.0.
+6.  Support ATEN 8U Superblade firmware.
+7.  Update board ID.
+8.  Update KCS driver.
+9.  Modify PMBus Revision info.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.26.0 build 161123
+-------------------------------------------------------------------------------
+1.  Support MultiNode config ID = 6 and 12.
+2.  Support MultiNode MCU ID = 0xA7.
+3.  Support TAS 1.4.0.
+4.  Update event log description in SEL command.
+5.  Presenting power module full status information in -pminfo command.
+6.  Improve NVME firmware information in "-nvme info" command.
+7.  Support the watchdog sensor in "-sdr" command.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.25.0 build 160823
+-------------------------------------------------------------------------------
+1.  Support discrete sensor.
+2.  Support NVME 48 nodes.
+3.  Update FRU chassis type.
+4.  Update board id.
+5.  Modify parameter list format.
+6.  Fix FRU fields too many characters lead to FRU wrong issue.
+7.  Add Get/Set host name command.
+8.  Update Windows KCS driver.
+9.  Fix can't boot from UEFI device issue.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.24.2 build 160517
+-------------------------------------------------------------------------------
+1.  Fix power reading is incorrect with command nm oem power.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.24.1 build 160222
+-------------------------------------------------------------------------------
+1.  Update Windows KCS driver.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.24.0 build 160105
+-------------------------------------------------------------------------------
+1.  Add TAS commands. (Not supported DOS)
+2.  Update NVME commands. (Not supported DOS)
+3.  Add summary command.
+4.  Update board id.
+5.  Update MRC Code for SEL.
+6.  Update SEL description.
+7.  Fix MCU Version value wrong issue.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.23.0 build 151106
+-------------------------------------------------------------------------------
+1.  Support MicroCloud device in tp commands.
+2.  Fix temperature sensor reading can't display negative issue.
+3.  Fix TJmax value wrong issue.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.22.0 build 150814
+-------------------------------------------------------------------------------
+1.  Update board id.
+2.  Update GUID.
+3.  When impicfg failed, error message will store to stderr variable.
+4.  When input wrong parameter, ipmicfg will print all the parameters
+    explaination and cancel pause screen mechanism. (Not supported DOS)
+5.  When use not root permission account to launch ipmicfg, ipmicfg will show
+    tip message.
+6.  Fix -sdr hang issue at SuperBlade.
+
+-------------------------------------------------------------------------------
+ IPMICFG 1.21.0 build 150615
+-------------------------------------------------------------------------------
+1.  Add BIOS MRC Code for SEL.
+2.  Add support power consumption sensor(SDR record type = 0x0b).
+3.  Add SDR Type 2 to support PS Status Compact SDR.
+4.  Update Fan mode.
+5.  Udpate SEL description and board id.
+6.  Modify FatTwin Right side node ID.
+7.  Modify TwinPro commands.
+8.  Replace KCS driver.
+9.  Update length of PWS Module Number from 12 bytes to 13 bytes.
+10. Fix memory ECC error description.
+
+-------------------------------------------------------------------------------
+Known Issues, Limitations & Restrictions
+-------------------------------------------------------------------------------
+1. 'Destination IP address' in the first entry under alerts subsection is
+   volatile as per the IPMI spec. So, this field will not be saved if restored
+   to factory defaults.
+
+2. Some parameters need IPMI OEM commands support. If not, the execute result
+   will response error message or information. The parameters include:
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>                       Set Fan Mode.
+  -pminfo                           Power supply PMBus health.
+  -psfruinfo                        Power supply FRU health.
+  -psbbpinfo                        Battery backup power status.
+  -autodischarge <module> <day>     Set auto discharge by days.
+  -discharge <module>               Manually discharge battery.
+  -conf upload <file> <option>      Upload IPMI configuration form binary file.
+                                    option: -p | Bypass warning message.
+  -conf download <file>             Download IPMI configuration to binary file.
+  -conf tupload <file> <option>     Upload IPMI configuration from text file.
+                                    option: -p | Bypass warning message.
+  -conf tdownload <file>            Download IPMI configuration to text file.
+  -clrint                           Clear chassis intrusion.
+  -reset <index>                    Reset System and force to boot from device.
+  -soft <index>                     Initiate a soft-shutdown for OS and force
+                                    to boot from device.
+  -recoverbiosinfo                  Get recovery BIOS information.
+  -reset <index>                    Reset System and force to boot from device.
+  -soft <index>                     Initiate a soft-shutdown for OS and force
+                                    to boot from device.
+  -recoverbiosinfo                  Get recovery BIOS information.
+  -nvme list                        Display the existing NVME SSD list.
+  -nvme info                        NVME SSD information.
+  -nvme rescan                      Rescan all devices by in band.
+  -nvme insert <aoc> <group> <slot> Insert SSD by out of band.
+  -nvme locate <HDD Name>           Locate SSD. (in band)
+  -nvme locate <aoc> <group> <slot> Locate SSD. (out of band)
+  -nvme stoplocate <HDD Name>           Stop Locate SSD. (in band)
+  -nvme stoplocate <aoc> <group> <slot> Stop Locate SSD. (out of band)
+  -nvme remove <HDD Name> [option]  Remove NVME device. (in band)
+        Usage: option 0: Do eject after remove (Default).
+               option 1: Do not eject after remove.
+  -nvme remove <aoc> <group> <slot> Remove NVME device. (out of band)
+  -nvme smartdata [HDD Name]        NVME SMART data.
+  -tp info                          Get MCU Info.
+  -tp info <type>                   Get MCU Type Info. (type: 1 - 3)
+  -tp nodeid                        Get Node ID.
+  -tas info                         Get TAS Information.
+  -tas pause                        Pause TAS Service.
+  -tas resume                       Resume TAS Service.
+  -tas refresh                      Trigger TAS to recollect data.
+  -tas clear                        Clear TAS collected data in BMC.
+  -tas period <sec>                 Set TAS update period <limit 5 to 60 sec>.
+  -tas exec <cmd>                   Execute a user's specified command.
+
+-------------------------------------------------------------------------------
+Technical Support
+-------------------------------------------------------------------------------
+Web Site:        www.supermicro.com
+Headquarters:    support@supermicro.com
+European Branch: support@supermicro.nl
+Asian Branch:    support@supermicro.com.tw
\ No newline at end of file
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/DCMICap.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/DCMICap.dat
new file mode 100755
index 0000000..368e2d4
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/DCMICap.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/GenEvt.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/GenEvt.dat
new file mode 100755
index 0000000..92b4c92
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/GenEvt.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/IPMICFG-Win.exe b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/IPMICFG-Win.exe
new file mode 100755
index 0000000..3bd611f
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/IPMICFG-Win.exe differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MBType.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MBType.dat
new file mode 100755
index 0000000..10aa814
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MBType.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode.dat
new file mode 100755
index 0000000..518dbbe
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode2.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode2.dat
new file mode 100755
index 0000000..6cadcfc
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/MRCCode2.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/Menu.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/Menu.dat
new file mode 100755
index 0000000..da10666
--- /dev/null
+++ b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/Menu.dat
@@ -0,0 +1,96 @@
+  -m                    Show IP and MAC.
+  -m IP                 Set IP (format: ###.###.###.###).
+  -a MAC                Set MAC (format: ##:##:##:##:##:##).
+  -k                    Show Subnet Mask.
+  -k Mask               Set Subnet Mask (format: ###.###.###.###).
+  -dhcp                 Get the DHCP status.
+  -dhcp on              Enable the DHCP.
+  -dhcp off             Disable the DHCP.
+  -g                    Show Gateway IP.
+  -g IP                 Set Gateway IP (format: ###.###.###.###).
+  -r                    BMC cold reset.
+                        option: -d | Detected IPMI device for BMC reset.
+  -garp on              Enable the Gratuitous ARP.
+  -garp off             Disable the Gratuitous ARP.
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -ver                  Get Firmware revision.
+  -vlan                 Get VLAN status.
+  -vlan on <vlan tag>   Enable the VLAN and set the VLAN tag.
+                        If VLANtag is not given it uses previously saved value.
+  -vlan off             Disable the VLAN.
+  -selftest             Checking and reporting on the basic health of BMC.
+  -raw                  Send a RAW IPMI request and print response.
+                        Format: NetFn Cmd [Data1 ... DataN]
+  -fru info             Show FRU inventory area Info.
+  -fru list             Show all FRU values.
+  -fru cthelp           Show chassis type code.
+  -fru help             Show help of FRU Write.
+  -fru <field>          Show FRU field value.
+  -fru <field> <value>  Write FRU.
+  -fru 1m               Update Product-Manufacturer from DMITable to IPMI FRU.
+  -fru 1p               Update Product-Product Name from DMITable to IPMI FRU.
+  -fru 1s               Update Product-S/N from DMITable to IPMI FRU.
+  -fru 2m               Update Board-Manufacturer from DMITable to IPMI FRU.
+  -fru 2p               Update Board-Product Name from DMITable to IPMI FRU.
+  -fru 2s               Update Board-S/N from DMITable to IPMI FRU.
+  -fru 3s               Update Chassis-S/N from DMITable to IPMI FRU.
+  -fru backup <file>    Backup FRU to file <Binary format>.
+  -fru restore <file>   Restore FRU from file <Binary format>.
+  -fru tbackup <file>   Backup FRU to file <Text format>.
+  -fru trestore <file>  Restore FRU from file <Text format>.
+  -fru ver <v1> <v2>    Get/Set FRU version. (v1 v2 are BCD format)
+  -sel info             Show SEL info.
+  -sel list             Show SEL records.
+  -sel del              Delete all SEL records.
+  -sel raw              Show SEL raw data.
+  -sdr [full]           Show SDR records and reading.
+  -sdr del <sdr id>     Delete SDR record.
+  -sdr ver <v1> <v2>    Get/Set SDR version. (v1 v2 are BCD format)
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>           Set Fan Mode.
+  -pminfo [full]        Power supply PMBus health.
+  -psfruinfo            Power supply FRU health.
+  -psbbpinfo            Battery backup power status.
+  -autodischarge        Set auto discharge by days.
+   <module> <day>.      
+  -discharge <module>   Manually discharge battery.
+  -user list            List user privilege information.
+  -user help            Show user privilege code.
+  -user add <user id>   Add user.
+   <name> <password>    
+   <privilege>          
+  -user del <user id>   Delete user.
+  -user level <user id> Update user privilege.
+   <privilege>          
+  -user setpwd          Update user password.
+   <user id> <password> 
+  -conf upload <file>   Upload IPMI configuration form binary file.
+   <option>             option: -p | Bypass warning message.
+  -conf download <file> Download IPMI configuration to binary file.
+  -conf tupload <file>  Upload IPMI configuration from text file.
+   <option>             option: -p | Bypass warning message.
+  -conf tdownload       Download IPMI configuration to text file.
+   <file>               
+  -clrint               Clear chassis intrusion.
+  -reset <index>        Reset System and force to boot from device.
+  -soft <index>         Initiate a soft-shutdown for OS and force to boot from
+                        device.
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/PMBusStatus.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/PMBusStatus.dat
new file mode 100755
index 0000000..d5b8630
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/PMBusStatus.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt1.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt1.dat
new file mode 100755
index 0000000..8b10a40
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt1.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt2.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt2.dat
new file mode 100755
index 0000000..6cfe076
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt2.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt3.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt3.dat
new file mode 100755
index 0000000..aef67c7
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt3.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt4.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt4.dat
new file mode 100755
index 0000000..505e391
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt4.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt5.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt5.dat
new file mode 100755
index 0000000..fed4cfc
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/SpecEvt5.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/phymem32.sys b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/phymem32.sys
new file mode 100755
index 0000000..d14bac3
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/phymem32.sys differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/pmdll.dll b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/pmdll.dll
new file mode 100755
index 0000000..58e5bcb
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/32bit/pmdll.dll differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/DCMICap.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/DCMICap.dat
new file mode 100755
index 0000000..368e2d4
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/DCMICap.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/GenEvt.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/GenEvt.dat
new file mode 100755
index 0000000..92b4c92
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/GenEvt.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/IPMICFG-Win.exe b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/IPMICFG-Win.exe
new file mode 100755
index 0000000..91fb973
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/IPMICFG-Win.exe differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MBType.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MBType.dat
new file mode 100755
index 0000000..10aa814
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MBType.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode.dat
new file mode 100755
index 0000000..518dbbe
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode2.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode2.dat
new file mode 100755
index 0000000..6cadcfc
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/MRCCode2.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/Menu.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/Menu.dat
new file mode 100755
index 0000000..da10666
--- /dev/null
+++ b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/Menu.dat
@@ -0,0 +1,96 @@
+  -m                    Show IP and MAC.
+  -m IP                 Set IP (format: ###.###.###.###).
+  -a MAC                Set MAC (format: ##:##:##:##:##:##).
+  -k                    Show Subnet Mask.
+  -k Mask               Set Subnet Mask (format: ###.###.###.###).
+  -dhcp                 Get the DHCP status.
+  -dhcp on              Enable the DHCP.
+  -dhcp off             Disable the DHCP.
+  -g                    Show Gateway IP.
+  -g IP                 Set Gateway IP (format: ###.###.###.###).
+  -r                    BMC cold reset.
+                        option: -d | Detected IPMI device for BMC reset.
+  -garp on              Enable the Gratuitous ARP.
+  -garp off             Disable the Gratuitous ARP.
+  -fd                   Reset to the factory default.
+                        option: -d | Detected IPMI device for BMC reset.
+  -fdl                  Reset to the factory default. (Clean LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -fde                  Reset to the factory default. (Clean FRU & LAN)
+                        option: -d | Detected IPMI device for BMC reset.
+  -ver                  Get Firmware revision.
+  -vlan                 Get VLAN status.
+  -vlan on <vlan tag>   Enable the VLAN and set the VLAN tag.
+                        If VLANtag is not given it uses previously saved value.
+  -vlan off             Disable the VLAN.
+  -selftest             Checking and reporting on the basic health of BMC.
+  -raw                  Send a RAW IPMI request and print response.
+                        Format: NetFn Cmd [Data1 ... DataN]
+  -fru info             Show FRU inventory area Info.
+  -fru list             Show all FRU values.
+  -fru cthelp           Show chassis type code.
+  -fru help             Show help of FRU Write.
+  -fru <field>          Show FRU field value.
+  -fru <field> <value>  Write FRU.
+  -fru 1m               Update Product-Manufacturer from DMITable to IPMI FRU.
+  -fru 1p               Update Product-Product Name from DMITable to IPMI FRU.
+  -fru 1s               Update Product-S/N from DMITable to IPMI FRU.
+  -fru 2m               Update Board-Manufacturer from DMITable to IPMI FRU.
+  -fru 2p               Update Board-Product Name from DMITable to IPMI FRU.
+  -fru 2s               Update Board-S/N from DMITable to IPMI FRU.
+  -fru 3s               Update Chassis-S/N from DMITable to IPMI FRU.
+  -fru backup <file>    Backup FRU to file <Binary format>.
+  -fru restore <file>   Restore FRU from file <Binary format>.
+  -fru tbackup <file>   Backup FRU to file <Text format>.
+  -fru trestore <file>  Restore FRU from file <Text format>.
+  -fru ver <v1> <v2>    Get/Set FRU version. (v1 v2 are BCD format)
+  -sel info             Show SEL info.
+  -sel list             Show SEL records.
+  -sel del              Delete all SEL records.
+  -sel raw              Show SEL raw data.
+  -sdr [full]           Show SDR records and reading.
+  -sdr del <sdr id>     Delete SDR record.
+  -sdr ver <v1> <v2>    Get/Set SDR version. (v1 v2 are BCD format)
+  -nm nmsdr             Display NM SDR.
+  -nm seltime           Get SEL time.
+  -nm deviceid          Get ME Device ID.
+  -nm reset             Reboots ME.
+  -nm reset2default     Force ME reset to Default.
+  -nm updatemode        Force ME to Update Mode.
+  -nm selftest          Get Self Test Results.
+  -nm listimagesinfo    List ME Images information.
+  -nm oemgetpower       OEM Power command for ME.
+  -nm oemgettemp        OEM Temp. command for ME.
+  -nm pstate            Get Max allowed CPU P-State.
+  -nm tstate            Get Max allowed CPU T-State.
+  -nm cpumemtemp        Get CPU/Memory temperature.
+  -nm hostcpudata       Get host CPU data.
+  -fan                  Get Fan Mode.
+  -fan <mode>           Set Fan Mode.
+  -pminfo [full]        Power supply PMBus health.
+  -psfruinfo            Power supply FRU health.
+  -psbbpinfo            Battery backup power status.
+  -autodischarge        Set auto discharge by days.
+   <module> <day>.      
+  -discharge <module>   Manually discharge battery.
+  -user list            List user privilege information.
+  -user help            Show user privilege code.
+  -user add <user id>   Add user.
+   <name> <password>    
+   <privilege>          
+  -user del <user id>   Delete user.
+  -user level <user id> Update user privilege.
+   <privilege>          
+  -user setpwd          Update user password.
+   <user id> <password> 
+  -conf upload <file>   Upload IPMI configuration form binary file.
+   <option>             option: -p | Bypass warning message.
+  -conf download <file> Download IPMI configuration to binary file.
+  -conf tupload <file>  Upload IPMI configuration from text file.
+   <option>             option: -p | Bypass warning message.
+  -conf tdownload       Download IPMI configuration to text file.
+   <file>               
+  -clrint               Clear chassis intrusion.
+  -reset <index>        Reset System and force to boot from device.
+  -soft <index>         Initiate a soft-shutdown for OS and force to boot from
+                        device.
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/PMBusStatus.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/PMBusStatus.dat
new file mode 100755
index 0000000..d5b8630
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/PMBusStatus.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt1.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt1.dat
new file mode 100755
index 0000000..8b10a40
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt1.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt2.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt2.dat
new file mode 100755
index 0000000..6cfe076
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt2.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt3.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt3.dat
new file mode 100755
index 0000000..aef67c7
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt3.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt4.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt4.dat
new file mode 100755
index 0000000..505e391
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt4.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt5.dat b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt5.dat
new file mode 100755
index 0000000..fed4cfc
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/SpecEvt5.dat differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/phymem64.sys b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/phymem64.sys
new file mode 100755
index 0000000..0b8798d
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/phymem64.sys differ
diff --git a/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/pmdll.dll b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/pmdll.dll
new file mode 100755
index 0000000..c3d2f58
Binary files /dev/null and b/ReachOut/bin/IPMICFG_1.27.0_build.170620/Windows/64bit/pmdll.dll differ
diff --git a/ReachOut/bin/admin-stuff b/ReachOut/bin/admin-stuff
new file mode 160000
index 0000000..6c91fc0
--- /dev/null
+++ b/ReachOut/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
diff --git a/ReachOut/bin/manage-gw-config b/ReachOut/bin/manage-gw-config
new file mode 160000
index 0000000..2a96dfd
--- /dev/null
+++ b/ReachOut/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit 2a96dfdc8f50605a84059b07e64b8ae6b41b5688
diff --git a/ReachOut/bin/monitoring b/ReachOut/bin/monitoring
new file mode 160000
index 0000000..0611d0a
--- /dev/null
+++ b/ReachOut/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
diff --git a/ReachOut/bin/os-upgrade.sh b/ReachOut/bin/os-upgrade.sh
new file mode 120000
index 0000000..02ddc66
--- /dev/null
+++ b/ReachOut/bin/os-upgrade.sh
@@ -0,0 +1 @@
+admin-stuff/os-upgrade.sh
\ No newline at end of file
diff --git a/ReachOut/bin/postfix b/ReachOut/bin/postfix
new file mode 160000
index 0000000..c1934d5
--- /dev/null
+++ b/ReachOut/bin/postfix
@@ -0,0 +1 @@
+Subproject commit c1934d5bdeee88e6f5b868c7d0bdb955539d34d4
diff --git a/ReachOut/bin/test_email.sh b/ReachOut/bin/test_email.sh
new file mode 120000
index 0000000..86f3e17
--- /dev/null
+++ b/ReachOut/bin/test_email.sh
@@ -0,0 +1 @@
+admin-stuff/test_email.sh
\ No newline at end of file
diff --git a/ReachOut/bind/bind.keys b/ReachOut/bind/bind.keys
new file mode 100644
index 0000000..db22d4b
--- /dev/null
+++ b/ReachOut/bind/bind.keys
@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};
diff --git a/ReachOut/bind/db.0 b/ReachOut/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/ReachOut/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/ReachOut/bind/db.127 b/ReachOut/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/ReachOut/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/ReachOut/bind/db.192.168.72.0 b/ReachOut/bind/db.192.168.72.0
new file mode 100644
index 0000000..ad1e431
--- /dev/null
+++ b/ReachOut/bind/db.192.168.72.0
@@ -0,0 +1,74 @@
+;
+; BIND reverse data file for local ro.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.ro.netz. ckubu.oopen.de. (
+      2017031601     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-ro.ro.netz.
+
+; - Gateway/Firewall
+254				IN	PTR	gw-ro.ro.netz.
+
+
+; - (Caching ) Nameserver
+1 					IN	PTR	ns-ro.ro.netz.
+
+
+; - Fileserver
+10				IN	PTR    file-ro.ro.netz.
+20				IN	PTR    file-ro-alt.ro.netz.
+
+; - IPMI - Fileserver
+15				IN	PTR    file-ipmi.ro.netz.
+
+
+; - Drucker
+;
+; Brother MFC-9332CDW (Buero Sabine)
+4              IN PTR   brother-mfc-9332cdw.ro.netz.
+; - Kyocera KM-1635
+5					IN	PTR	km-1635.ro.netz.
+; - HP Color Laser Jet 2600 n
+6					IN	PTR	hp-2600n.ro.netz.
+; - HP Color LaserJet Pro MFP M177fw
+; - Büro Maria
+7              IN PTR   hp-mfp-m177fw.ro.netz.
+; - HP Laser Jet P2055dn (Buero Helga)
+8              IN PTR   hp-p2055dn.ro.netz.
+; - Brother MFC-L2700DW (Buero Biplab/Ulle)
+9              IN PTR   brother-mfc-l2700DW.ro.netz.
+
+
+; - Vodafone easybox
+20             IN PTR  easybox.ro.netz.
+
+; Telefonanlage
+;
+50             IN PTR  tka.ro.netz.
+; Telefone
+51             IN PTR  app01.ro.netz.
+52             IN PTR  app02.ro.netz.
+53             IN PTR  app03.ro.netz.
+
+
+; - Office PCs
+101				IN	PTR	pc101.ro.netz.
+102				IN	PTR	pc102.ro.netz.
+103				IN	PTR	pc103.ro.netz.
+104				IN	PTR	pc104.ro.netz.
+105				IN	PTR	pc105.ro.netz.
+106				IN	PTR	pc106.ro.netz.
+107				IN	PTR	pc107.ro.netz.
+108				IN	PTR	pc108.ro.netz.
+
+
+; - Laptops
+121				IN	PTR	pc121.ro.netz.
+122				IN	PTR	pc122.ro.netz.
+123				IN	PTR	pc123.ro.netz.
diff --git a/ReachOut/bind/db.192.168.73.0 b/ReachOut/bind/db.192.168.73.0
new file mode 100644
index 0000000..cd534ba
--- /dev/null
+++ b/ReachOut/bind/db.192.168.73.0
@@ -0,0 +1,20 @@
+;
+; BIND reverse data file for local ro.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.ro.netz. ckubu.oopen.de. (
+      2016123101     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+            IN NS     ns-ro.ro.netz.
+
+
+; Unifi AP AC PRO
+51          IN PTR    ap-unifi-1.ro.netz.
+52          IN PTR    ap-unifi-2.ro.netz.
+; Controler Unifi AP AC PRO
+254         IN PTR    ctl-unifi.ro.netz.
diff --git a/ReachOut/bind/db.255 b/ReachOut/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/ReachOut/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/ReachOut/bind/db.empty b/ReachOut/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/ReachOut/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/ReachOut/bind/db.local b/ReachOut/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/ReachOut/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/ReachOut/bind/db.ro.netz b/ReachOut/bind/db.ro.netz
new file mode 100644
index 0000000..c58e59d
--- /dev/null
+++ b/ReachOut/bind/db.ro.netz
@@ -0,0 +1,101 @@
+;
+; BIND data file for local ro.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.ro.netz. ckubu.oopen.de. (
+      2017031601     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+					IN	NS		ns-ro.ro.netz.
+
+; Gateway/Firewall
+gw-ro				IN	A		192.168.72.254
+gate				IN	CNAME	gw-ro
+gw					IN	CNAME	gw-ro
+
+; (Caching ) Nameserver
+ns-ro				IN	A		192.168.72.1
+ns					IN	CNAME	ns-ro
+nscache			IN	CNAME	ns-ro
+resolver			IN	CNAME	ns-ro
+
+
+; Accesspoint Unifi AP AC PRO Ubiquiti
+ap-unifi-1     IN A      192.168.73.51
+ap-1           IN CNAME  ap-unifi-1
+ap-unifi-2     IN A      192.168.73.52
+ap-2           IN CNAME  ap-unifi-2
+
+; Controller for Unifi AP's
+ctl-unifi      IN A      192.168.73.254
+
+
+; - Fileserver
+file-ro			IN	A		192.168.72.10
+file				IN	CNAME	file-ro
+pandora			IN	CNAME	file-ro
+file-ro-alt    IN A     192.168.72.20
+file-alt 		IN	CNAME	file-ro-alt
+
+
+; - IPMI - Fileserver
+file-ipmi		IN	A		192.168.72.15
+ipmi				IN	CNAME	file-ipmi
+
+
+; - Drucker
+;
+; Brother MFC-9332CDW (Buero Sabine)
+brother-mfc-9332cdw  IN A     192.168.72.4
+brn3c2af40bfbf2      IN CNAME brother-mfc-9332cdw
+; - Kyocera KM-1635
+km-1635			IN	A		192.168.72.5
+; - HP Color Laser Jet 2600 n
+hp-2600n			IN	A		192.168.72.6
+; - HP Color LaserJet Pro MFP M177fw
+; - Büro Maria
+hp-mfp-m177fw  IN A     192.168.72.7
+; - HP Laser Jet P2055dn (Buero Helga)
+hp-p2055dn		IN	A		192.168.72.8
+; - Brother MFC-L2700DW (Buero Biplab/Ulle)
+brother-mfc-l2700DW  IN A     192.168.72.9
+brn30055c601bd2      IN CNAME brother-mfc-l2700DW
+
+
+; - Vodafone EasyBox
+easybox        IN A     192.168.72.20
+
+
+; Telefonanlage
+tka            IN A     192.168.72.50
+; Telefone
+app01          IN A     192.168.72.51
+app02          IN A     192.168.72.52
+app03          IN A     192.168.72.53
+
+
+
+; - Office PCs
+pc101				IN	A  	192.168.72.101
+pc102				IN	A		192.168.72.102
+pc103				IN	A		192.168.72.103
+pc104				IN	A		192.168.72.104
+pc105				IN	A		192.168.72.105
+pc106				IN	A		192.168.72.106
+pc107				IN	A		192.168.72.107
+pc108				IN	A		192.168.72.108
+
+pc101-alt      IN A     192.168.72.111
+pc104-alt      IN A     192.168.72.114
+pc106-alt      IN A     192.168.72.116
+
+
+; - Laptops
+pc121				IN	A		192.168.72.121
+pc122				IN	A		192.168.72.122
+pc123				IN	A		192.168.72.123
diff --git a/ReachOut/bind/db.root b/ReachOut/bind/db.root
new file mode 100644
index 0000000..f0b79d2
--- /dev/null
+++ b/ReachOut/bind/db.root
@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file
diff --git a/ReachOut/bind/named.conf b/ReachOut/bind/named.conf
new file mode 100644
index 0000000..880786a
--- /dev/null
+++ b/ReachOut/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/ReachOut/bind/named.conf.default-zones b/ReachOut/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/ReachOut/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/ReachOut/bind/named.conf.local b/ReachOut/bind/named.conf.local
new file mode 100644
index 0000000..7804878
--- /dev/null
+++ b/ReachOut/bind/named.conf.local
@@ -0,0 +1,24 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+
+
+zone "ro.netz" {
+   type master;
+   file "/etc/bind/db.ro.netz";
+};
+
+zone "72.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.72.0";
+};
+
+zone "73.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.73.0";
+};
diff --git a/ReachOut/bind/named.conf.local.ORIG b/ReachOut/bind/named.conf.local.ORIG
new file mode 100644
index 0000000..7a57b10
--- /dev/null
+++ b/ReachOut/bind/named.conf.local.ORIG
@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
diff --git a/ReachOut/bind/named.conf.options b/ReachOut/bind/named.conf.options
new file mode 100644
index 0000000..752e218
--- /dev/null
+++ b/ReachOut/bind/named.conf.options
@@ -0,0 +1,91 @@
+options {
+   directory "/var/cache/bind";
+
+   // If there is a firewall between you and nameservers you want
+   // to talk to, you may need to fix the firewall to allow multiple
+   // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+   // If your ISP provided one or more IP addresses for stable
+   // nameservers, you probably want to use them as forwarders.
+   // Uncomment the following block, and insert the addresses replacing
+   // the all-0's placeholder.
+
+   // forwarders {
+   //    0.0.0.0;
+   // };
+
+   //========================================================================
+   // If BIND logs error messages about the root key being expired,
+   // you will need to update your keys.  See https://www.isc.org/bind-keys
+   //========================================================================
+   dnssec-validation auto;
+
+   // Security options
+   listen-on port 53 {
+      127.0.0.1;
+      192.168.72.1;
+   };
+
+   allow-query {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/8;
+   };
+
+   // caching name services
+   recursion yes;
+   allow-recursion {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/16;
+   };
+
+   allow-transfer { none; };
+
+   auth-nxdomain no;    # conform to RFC1035
+   listen-on-v6 { any; };
+};
+
+logging {
+   channel simple_log {
+      file "/var/log/named/bind.log" versions 3 size 5m;
+      //severity warning;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category  yes;
+   };
+   channel queries_log {
+      file "/var/log/named/query.log" versions 10 size 5m;
+      severity debug;
+      //severity notice;
+      print-time yes;
+      print-severity yes;
+      print-category no;
+   };
+   channel log_zone_transfers {
+      file "/var/log/named/axfr.log" versions 5 size 2m;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   category resolver {
+      queries_log;
+   };
+   category queries {
+      queries_log;
+   };
+   category xfer-in {
+      log_zone_transfers;
+   };
+   category xfer-out {
+      log_zone_transfers;
+   };
+   category notify {
+      log_zone_transfers;
+   };
+   category default{
+      simple_log;
+   };
+};
diff --git a/ReachOut/bind/named.conf.options.ORIG b/ReachOut/bind/named.conf.options.ORIG
new file mode 100644
index 0000000..b1bef51
--- /dev/null
+++ b/ReachOut/bind/named.conf.options.ORIG
@@ -0,0 +1,26 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/ReachOut/bind/rndc.key b/ReachOut/bind/rndc.key
new file mode 100644
index 0000000..4b3687b
--- /dev/null
+++ b/ReachOut/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "ssvMqyjOPCMqa8tpDCDnBA==";
+};
diff --git a/ReachOut/bind/zones.rfc1918 b/ReachOut/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/ReachOut/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/ReachOut/chap-secrets.ReachOut b/ReachOut/chap-secrets.ReachOut
new file mode 100644
index 0000000..96b9982
--- /dev/null
+++ b/ReachOut/chap-secrets.ReachOut
@@ -0,0 +1,8 @@
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+
+## - ReachOut Berlin
+## - first (primary) line
+"ar2667509237" * "93925410"
+## - second line
+"ar1435496252" * "93925410"
diff --git a/ReachOut/check_net-logrotate.ReachOut b/ReachOut/check_net-logrotate.ReachOut
new file mode 100644
index 0000000..f0a557b
--- /dev/null
+++ b/ReachOut/check_net-logrotate.ReachOut
@@ -0,0 +1,10 @@
+/var/log/check_net.log
+{
+   rotate 7
+   daily
+   missingok
+   notifempty
+   copytruncate
+   delaycompress
+   compress
+}
diff --git a/ReachOut/check_net.service.ReachOut b/ReachOut/check_net.service.ReachOut
new file mode 100644
index 0000000..0eff326
--- /dev/null
+++ b/ReachOut/check_net.service.ReachOut
@@ -0,0 +1,16 @@
+[Unit]
+Description=Configure Routing for Internet Connections;
+After=network.target
+After=rc-local.service
+
+[Service]
+ExecStart=/usr/local/sbin/check_net.sh
+ExecStartPre=rm -rf /tmp/check_net.sh.LOCK
+ExecStopPost=rm -rf /tmp/check_net.sh.LOCK
+KillMode=control-group
+SendSIGKILL=yes
+TimeoutStopSec=2
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ReachOut/check_net/check_net.conf b/ReachOut/check_net/check_net.conf
new file mode 100644
index 0000000..682add9
--- /dev/null
+++ b/ReachOut/check_net/check_net.conf
@@ -0,0 +1,133 @@
+# - Configuration file for scrupts check_net.sh and netconfig.sh
+# -
+
+LOGGING_CONSOLE=false
+DEBUG=false
+
+# - Where are your scripts located?
+# -
+check_script=/usr/local/sbin/check_net.sh
+netconfig_script=/usr/local/sbin/netconfig.sh
+
+log_file=/var/log/check_net.log
+
+
+# - Put in your DSL devices (refers to your network configuration)
+# - youe wish be congigured by that script
+# -
+# - Notice:
+# -    If not using multiple default gatways, declare the list in the order of your 
+# -    preferred default gatway devices
+# -
+# -    Example:
+# -       _INITIAL_DEVICE_LIST="eth0:192.168.63.254 ppp-light"
+# -
+_INITIAL_DEVICE_LIST="ppp-reachout"
+
+# - Set to "false" uses "0.0.0.0" as remote gateway instead of the real address
+# -
+USE_REMOTE_GATEWAY_ADDRESS=true
+#USE_REMOTE_GATEWAY_ADDRESS=false
+
+# - Set default gw (roundrobin)
+# -
+# - !! SET_MULTIPLE_DEFAULT_GW=true does not work for now..
+# -
+SET_MULTIPLE_DEFAULT_GW=false
+#SET_MULTIPLE_DEFAULT_GW=true
+
+
+# - Set to false uses "0.0.0.0" as default gateway adress instaed of real remote address
+# -
+USE_DEFAULT_GW_ADDRESS=true
+#USE_DEFAULT_GW_ADDRESS=false
+
+
+# - Hostnames for ping test
+# -
+# - Note: The first two reachable hosts will be used for ping test. 
+# -
+# - Space separated list
+# -
+PING_TEST_HOSTS="oopen.de google.com heise.de debian.org ubuntu.com"
+
+
+admin_email=root
+from_address="check-inet-devices@`hostname -f`"
+company="ReachOut"
+content_type='Content-Type: text/plain;\n charset="utf-8"'
+
+
+# - rule_local_ips
+# -
+# - Add rule(s) for routing local ip-address(es) through a given extern interface
+# -
+# - Space separated list of entries '<ext-interface>:<local-ip>'
+# -    rule_local_ips="<ext-interface>:<local-ip> [<ext-interface>:<local-ip>] [.."
+# -
+# - Example:
+# - ========
+# - local ip 192.168.10.1 through extern interface ppp-st and 
+# - local ip 192.168.10.13 through extern interface ppp-surf1
+# -     rule_local_ips="ppp-st:192.168.10.1 ppp-surf1:192.168.10.13"
+# -
+rule_local_ips=""
+
+# - rule_remote_ips
+# -
+# - Add rule(s) for routing remote ip-address(es) through a given extern interface
+# -
+# - Space separated list of entries '<ext-interface>:<remote-ip>'
+# -    rule_remote_ips="<ext-interface>:<remote-ip> [<ext-interface>:<remote-ip>] [.."
+# -
+# - Example:
+# - ========
+# - route remote ip-address  141.1.1.1 through extern interface ppp-ckubu and 
+# - also route ip-address 8.8.8.8 through through extern interface ppp-ckubu
+# -     rule_remote_ips="ppp-ckubu:141.1.1.1 ppp-ckubu:8.8.8.8"
+# - 
+rule_remote_ips=""
+
+# - rule_local_nets
+# -
+# - Add rule(s) for routing local networks through a given extern interface out
+# -
+# - Space separated list of entries '<extern-interface>:<local-net>'
+# -    rule_local_nets="<extern-interface>:<local-net> [<extern-interface>:<local-net>] [.."
+# -
+# -
+# - Example:
+# - ========
+# -     rule_local_nets="ppp-st:192.168.11.0/25 ppp-surf1:192.168.11.128/25"
+# -
+rule_local_nets=""
+
+
+
+## ====================================
+## - Don't make changes after this Line
+## ====================================
+
+# ---
+# - Add rule(s) for routing local ip-address(es)
+# ---
+declare -a rule_local_ip_arr
+for _str in $rule_local_ips ; do
+   rule_local_ip_arr+=("$_str")
+done
+
+# ---
+# - Add rule(s) for routing remote ip-address(es)
+# ---
+declare -a rule_remote_ip_arr
+for _str in $rule_remote_ips ; do
+   rule_remote_ip_arr+=("$_str")
+done
+
+# ---
+# - Add rule(s) for routing local networks
+# ---
+declare -a rule_local_net_arr
+for _str in $rule_local_nets ; do
+   rule_local_net_arr+=("$_str")
+done
diff --git a/ReachOut/check_net/check_net.conf.00 b/ReachOut/check_net/check_net.conf.00
new file mode 100644
index 0000000..7c262e6
--- /dev/null
+++ b/ReachOut/check_net/check_net.conf.00
@@ -0,0 +1,50 @@
+## - Configuration file for scrupts check_net.sh and netconfig.sh
+## -
+
+LOGGING_CONSOLE=false
+DEBUG=true
+
+## - Where are your scripts located?
+## -
+check_script=/root/bin/check_net.sh
+netconfig_script=/root/bin/check_net/netconfig.sh
+
+log_file=/var/log/check_net.log
+
+
+## - Put in your extern devices (refers to your network configuration)
+## -
+## - Notice:
+## -    If not using multiple default gatways, declare the list in the order of your 
+## -    preferred default gatway devices
+## -
+## -    Example:
+## -       _INITIAL_DEVICE_LIST="eth2:172.16.72.254 ppp-reachout"
+## -       _INITIAL_DEVICE_LIST="eth2:172.16.72.254"
+## -       _INITIAL_DEVICE_LIST="ppp-reachout"
+## -
+_INITIAL_DEVICE_LIST="ppp-reachout"
+
+## - Set to "false" uses "0.0.0.0" as remote gateway instead of the real address
+## -
+USE_REMOTE_GATEWAY_ADDRESS=true
+#USE_REMOTE_GATEWAY_ADDRESS=false
+
+## - Set default gw (roundrobin)
+## -
+## - !! SET_MULTIPLE_DEFAULT_GW=true does not work for now..
+## -
+SET_MULTIPLE_DEFAULT_GW=false
+#SET_MULTIPLE_DEFAULT_GW=true
+
+
+## - Set to false uses "0.0.0.0" as default gateway adress instaed of real remote address
+## -
+USE_DEFAULT_GW_ADDRESS=true
+#USE_DEFAULT_GW_ADDRESS=false
+
+
+admin_email=root
+from_address="check-inet-devices@`hostname -f`"
+company="ReachOut"
+content_type='Content-Type: text/plain;\n charset="utf-8"'
diff --git a/ReachOut/cron_root.ReachOut b/ReachOut/cron_root.ReachOut
new file mode 100644
index 0000000..80300c8
--- /dev/null
+++ b/ReachOut/cron_root.ReachOut
@@ -0,0 +1,54 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.Tk6ycK/crontab installed on Wed Oct 11 10:55:23 2017)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+
+# - check forwarding ( /proc/sys/net/ipv4/ip_forward contains "1" )
+# - if not set this entry to "1"
+#
+0-59/2 * * * * /root/bin/monitoring/check_forwarding.sh
+
+# - Check if postfix mailservice is running. Restart service if needed.
+# -
+38 * * * * /root/bin/monitoring/check_postfix.sh
+
+# - check if nameservice (bind) is running if not restart the service
+# -
+*/10 * * * * /root/bin/monitoring/check_dns.sh
+
+# - check if openvpn is running if not restart the service
+# -
+*/30 * * * * /root/bin/monitoring/check_vpn.sh
+
+# - check if DynDNS ip is correct, adjust if needed
+# -
+07,27,47 * * * * /root/bin/monitoring/check_dyndns.sh reachout.homelinux.org
+
+
+## - copy gateway configuration
+## -
+13 4 * * * /root/bin/manage-gw-config/copy_gateway-config.sh ReachOut
diff --git a/ReachOut/ddclient.conf.ReachOut b/ReachOut/ddclient.conf.ReachOut
new file mode 100644
index 0000000..922970b
--- /dev/null
+++ b/ReachOut/ddclient.conf.ReachOut
@@ -0,0 +1,15 @@
+# Configuration file for ddclient generated by debconf
+#
+# /etc/ddclient.conf
+
+protocol=dyndns2
+use=web, web=checkip.dyndns.com, web-skip='IP Address'
+server=members.dyndns.org
+login=ckubu
+password=7213b4e6178a11e6ab1362f831f6741e
+reachout.homelinux.org
+
+ssl=yes
+#mail=argus@oopen.de
+mail-failure=root
+
diff --git a/ReachOut/default_isc-dhcp-server.ReachOut b/ReachOut/default_isc-dhcp-server.ReachOut
new file mode 100644
index 0000000..2f53ed4
--- /dev/null
+++ b/ReachOut/default_isc-dhcp-server.ReachOut
@@ -0,0 +1,21 @@
+# Defaults for isc-dhcp-server initscript
+# sourced by /etc/init.d/isc-dhcp-server
+# installed at /etc/default/isc-dhcp-server by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPD_CONF=/etc/dhcp/dhcpd.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPD_PID=/var/run/dhcpd.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="eth0 eth1"
diff --git a/ReachOut/dhcpd.conf.ReachOut b/ReachOut/dhcpd.conf.ReachOut
new file mode 100644
index 0000000..25987ae
--- /dev/null
+++ b/ReachOut/dhcpd.conf.ReachOut
@@ -0,0 +1,319 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.72.255;
+
+
+option domain-name "ro.netz";
+option domain-name-servers 192.168.72.1;
+#option domain-name "example.org";
+#option domain-name-servers ns1.example.org, ns2.example.org;
+option routers 192.168.72.254;
+
+
+default-lease-time 86400;
+max-lease-time 259200;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+subnet 192.168.72.0 netmask 255.255.255.0 {
+
+   # --- 192.168.72.160/27 ---
+   # network address....: 192.168.72.160
+   # Broadcast address..: 192.168.72.191
+   # netmask............: 255.255.255.224
+   # network range......: 192.168.72.160 - 192.168.72.191
+   # Usable range.......: 192.168.72.161 - 192.168.72.190
+
+   range 192.168.72.161 192.168.72.190;
+   option domain-name "ro.netz";
+   option domain-name-servers nscache.ro.netz;
+   option subnet-mask 255.255.255.0;
+   option broadcast-address 192.168.72.255;
+   option domain-name-servers 192.168.72.1;
+   option routers 192.168.72.254;
+   default-lease-time 86400;
+   max-lease-time 259200;
+
+}
+
+## - Fileserver
+## -
+host file-ro {
+   ## - alter server
+   #hardware ethernet 00:1f:c6:67:24:b2;
+   hardware ethernet 0c:c4:7a:0e:67:f4;
+   fixed-address file-ro.ro.netz ;
+}
+
+## - Drucker
+## -
+host hp-2600n {
+   hardware ethernet 00:1b:78:12:db:19;
+   fixed-address hp-2600n.ro.netz ;
+}
+host hp-p2055dn {
+   hardware ethernet 00:23:7d:87:a5:2c;
+   fixed-address hp-p2055dn.ro.netz ;
+}
+# - HP Color LaserJet Pro MFP M177fw
+# - Büro Maria
+host hp-mfp-m177fw {
+   hardware ethernet c8:d3:ff:11:19:6f;
+   fixed-address hp-mfp-m177fw.ro.netz ;
+}
+host brother-mfc-l2700DW {
+   hardware ethernet 30:05:5c:60:1b:d2;
+   fixed-address brother-mfc-l2700DW.ro.netz ;
+}
+host brother-mfc-9332cdw {
+   hardware ethernet  3c:2a:f4:0b:fb:f2;
+   fixed-address brother-mfc-9332cdw.ro.netz ;
+}
+
+#host km-1635 {
+#   hardware ethernet ;
+#   fixed-address km-1635.ro.netz ;
+#}
+
+## - Buero PCs
+## -
+host pc101-alt {
+   hardware ethernet d0:67:e5:18:a5:4e;
+   fixed-address pc101-alt.ro.netz ;
+}
+
+host pc101 {
+   hardware ethernet 80:ee:73:ba:4a:d7;
+   fixed-address pc101.ro.netz ;
+}
+
+host pc102 {
+   # - ALT
+   #hardware ethernet 00:13:8f:49:01:31;
+   hardware ethernet bc:5f:f4:50:a5:76;
+   fixed-address pc102.ro.netz ;
+}
+
+host pc103 {
+   #hardware ethernet 00:13:8f:49:01:1d;
+   hardware ethernet 68:05:ca:2a:4b:13;
+   fixed-address pc103.ro.netz ;
+}
+
+host pc104 {
+   hardware ethernet b8:ae:ed:7b:61:f1;
+   fixed-address pc104.ro.netz ;
+}
+
+host pc104_alt {
+   hardware ethernet d0:67:e5:18:a4:30;
+   fixed-address pc104-alt.ro.netz ;
+}
+
+host pc105 {
+   ## - ALT
+   #hardware ethernet 00:1b:b9:ac:39:3d;
+   #hardware ethernet 68:05:ca:2a:4b:13;
+   hardware ethernet 40:8d:5c:36:ac:33;
+   fixed-address pc105.ro.netz ;
+}
+
+host pc106 {
+   hardware ethernet 74:d4:35:8d:05:b5;
+   fixed-address pc106.ro.netz ;
+}
+
+host pc106-alt {
+   hardware ethernet 00:1e:c9:7e:2e:97;
+   fixed-address pc106-alt.ro.netz ;
+}
+
+host pc107 {
+   ## - alter Rechner
+   ## -
+   #hardware ethernet 00:19:db:c4:62:87;
+   hardware ethernet 20:25:64:0c:53:84;
+   fixed-address pc107.ro.netz ;
+}
+
+host pc108 {
+   hardware ethernet 80:ee:73:bd:b2:73;
+   # - nicht benutzt:
+   # -
+   #hardware ethernet 80:ee:73:bd:b2:72;
+   fixed-address pc108.ro.netz ;
+}
+
+## - Telefonanlage
+## -
+host TKA {
+   hardware ethernet 00:08:5d:88:c5:0b;
+   fixed-address tka.ro.netz ;
+}
+
+## - Telefone
+## -
+host app01 {
+   hardware ethernet 00:08:5D:92:25:5B;
+   fixed-address app01.ro.netz ;
+}
+
+host app02 {
+   hardware ethernet 00:08:5D:92:24:2D;
+   fixed-address app02.ro.netz ;
+}
+
+host app03 {
+   hardware ethernet 00:08:5D:92:29:41 ;
+   fixed-address app03.ro.netz ;
+}
+
+## - Laptops LAN
+## -
+## - Sanchita - ALT
+host pc121 {
+   hardware ethernet 00:1b:24:1f:c7:10;
+   fixed-address pc121.ro.netz ;
+}
+## - Sanchita
+host pc122 {
+   hardware ethernet 28:d2:44:8a:63:a9;
+   fixed-address pc122.ro.netz ;
+}
+## - Biplab
+host pc123 {
+   hardware ethernet 54:ee:75:b1:87:bf;
+   fixed-address pc123.ro.netz ;
+}
+
+## - wireless LAN
+subnet 192.168.73.0 netmask 255.255.255.0 {
+
+
+
+   # --- 192.168.73.160/27 ---
+   # network address....: 192.168.73.160
+   # Broadcast address..: 192.168.73.191
+   # netmask............: 255.255.255.224
+   # network range......: 192.168.73.160 - 192.168.73.191
+   # Usable range.......: 192.168.73.161 - 192.168.73.190
+
+   range 192.168.73.161 192.168.73.190;
+   option domain-name "ro.netz";
+   option domain-name-servers nscache.ro.netz;
+   option subnet-mask 255.255.255.0;
+   option broadcast-address 192.168.73.255;
+   option domain-name-servers 192.168.72.1;
+   option routers 192.168.73.254;
+   default-lease-time 86400;
+   max-lease-time 259200;
+}
+
+host ap-unifi-1 {
+   hardware ethernet 80:2a:a8:c6:8f:1e;
+   fixed-address ap-unifi-1.ro.netz;
+}
+
+host ap-unifi-2 {
+   hardware ethernet 80:2a:a8:c6:8f:25 ;
+   fixed-address ap-unifi-2.ro.netz;
+}
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/ReachOut/dhcpd6.conf.ReachOut b/ReachOut/dhcpd6.conf.ReachOut
new file mode 100644
index 0000000..87786b4
--- /dev/null
+++ b/ReachOut/dhcpd6.conf.ReachOut
@@ -0,0 +1,102 @@
+# Server configuration file example for DHCPv6
+# From the file used for TAHI tests - addresses chosen
+# to match TAHI rather than example block.
+
+# IPv6 address valid lifetime
+#  (at the end the address is no longer usable by the client)
+#  (set to 30 days, the usual IPv6 default)
+default-lease-time 2592000;
+
+# IPv6 address preferred lifetime
+#  (at the end the address is deprecated, i.e., the client should use
+#   other addresses for new connections)
+#  (set to 7 days, the	usual IPv6 default)
+preferred-lifetime 604800;
+
+# T1, the delay before Renew
+#  (default is 1/2 preferred lifetime)
+#  (set to 1 hour)
+option dhcp-renewal-time 3600;
+
+# T2, the delay before Rebind (if Renews failed)
+#  (default is 3/4 preferred lifetime)
+#  (set to 2 hours)
+option dhcp-rebinding-time 7200;
+
+# Enable RFC 5007 support (same than for DHCPv4)
+allow leasequery;
+
+# Global definitions for name server address(es) and domain search list
+option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
+option dhcp6.domain-search "test.example.com","example.com";
+
+# Set preference to 255 (maximum) in order to avoid waiting for
+# additional servers when there is only one
+##option dhcp6.preference 255;
+
+# Server side command to enable rapid-commit (2 packet exchange)
+##option dhcp6.rapid-commit;
+
+# The delay before information-request refresh
+#  (minimum is 10 minutes, maximum one day, default is to not refresh)
+#  (set to 6 hours)
+option dhcp6.info-refresh-time 21600;
+
+# Static definition (must be global)
+#host myclient {
+#	# The entry is looked up by this
+#	host-identifier option
+#		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
+#
+#	# A fixed address
+#	fixed-address6 3ffe:501:ffff:100::1234;
+#
+#	# A fixed prefix
+#	fixed-prefix6 3ffe:501:ffff:101::/64;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
+#
+#	# For debug (to see when the entry statements are executed)
+#	#  (log "sol" when a matching Solicitation is received)
+#	##if packet(0,1) = 1 { log(debug,"sol"); }
+#}
+#
+#host otherclient {
+#        # This host entry is hopefully matched if the client supplies a DUID-LL
+#        # or DUID-LLT containing this MAC address.
+#        hardware ethernet 01:00:80:a2:55:67;
+#
+#        fixed-address6 3ffe:501:ffff:100::4321;
+#}
+
+# The subnet where the server is attached
+#  (i.e., the server has an address in this subnet)
+#subnet6 3ffe:501:ffff:100::/64 {
+#	# Two addresses available to clients
+#	#  (the third client should get NoAddrsAvail)
+#	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
+#
+#	# Use the whole /64 prefix for temporary addresses
+#	#  (i.e., direct application of RFC 4941)
+#	range6 3ffe:501:ffff:100:: temporary;
+#
+#	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
+#	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
+#}
+
+# A second subnet behind a relay agent
+#subnet6 3ffe:501:ffff:101::/64 {
+#	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
+#
+#}
+
+# A third subnet behind a relay agent chain
+#subnet6 3ffe:501:ffff:102::/64 {
+#	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
+#}
diff --git a/ReachOut/hostname.ReachOut b/ReachOut/hostname.ReachOut
new file mode 100644
index 0000000..ce529a2
--- /dev/null
+++ b/ReachOut/hostname.ReachOut
@@ -0,0 +1 @@
+gw-ro
diff --git a/ReachOut/hosts.ReachOut b/ReachOut/hosts.ReachOut
new file mode 100644
index 0000000..e817b73
--- /dev/null
+++ b/ReachOut/hosts.ReachOut
@@ -0,0 +1,7 @@
+127.0.0.1	localhost
+127.0.1.1	gw-ro.ro.netz	gw-ro
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/ReachOut/interfaces.ReachOut b/ReachOut/interfaces.ReachOut
new file mode 100644
index 0000000..8827ccf
--- /dev/null
+++ b/ReachOut/interfaces.ReachOut
@@ -0,0 +1,79 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+
+#-----------------------------
+# lo - The loopback network interface
+#-----------------------------
+
+auto lo
+iface lo inet loopback
+
+
+
+#-----------------------------
+# eth0 - WLAN
+#-----------------------------
+
+auto eth0
+iface eth0 inet static
+   address 192.168.73.254
+   network 192.168.73.0
+   netmask 255.255.255.0
+   broadcast 192.168.73.255
+
+
+
+#-----------------------------
+# eth1 - LAN + WLAN
+#-----------------------------
+
+auto eth1
+iface eth1 inet static
+   address 192.168.72.254
+   network 192.168.72.0
+   netmask 255.255.255.0
+   broadcast 192.168.72.255
+
+auto eth1:0
+iface eth1:0 inet static
+   address 192.168.72.1
+   network 192.168.72.0
+   netmask 255.255.255.0
+   broadcast 192.168.72.255
+
+
+
+#-----------------------------
+# eth2 - WAN
+#-----------------------------
+
+auto eth2
+iface eth2 inet static
+   address 172.16.72.1
+   network 172.16.72.0
+   netmask 255.255.255.0
+   gateway 172.16.72.254
+   post-up vconfig add eth2 7
+   post-up vconfig add eth2 8
+   post-down vconfig rem eth2.7
+   post-down vconfig rem eth2.8
+
+#auto eth2.8
+#iface eth2.8 inet dhcp
+#   ## - Start igmpprox
+#   post-up /usr/local/igmpproxy/sbin/igmpproxy  /usr/local/igmpproxy/etc/igmpproxy.conf &
+#   #post-up /usr/local/igmpproxy/sbin/igmpproxy -d -v /usr/local/igmpproxy/etc/igmpproxy.conf > /var/log/igmpproxy.log 2>&1 &
+
+
+#-----------------------------
+# dsl-provider
+#-----------------------------
+
+auto dsl-reachout
+iface dsl-reachout inet ppp
+   pre-up /sbin/ifconfig eth2 up
+   pre-up /sbin/ifconfig eth2.7 up
+   provider dsl-reachout
diff --git a/ReachOut/ipt-firewall.service.ReachOut b/ReachOut/ipt-firewall.service.ReachOut
new file mode 100644
index 0000000..cba4a85
--- /dev/null
+++ b/ReachOut/ipt-firewall.service.ReachOut
@@ -0,0 +1,13 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ReachOut/ipt-firewall/default_ports.conf b/ReachOut/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..a6ee932
--- /dev/null
+++ b/ReachOut/ipt-firewall/default_ports.conf
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/ReachOut/ipt-firewall/include_functions.conf b/ReachOut/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/ReachOut/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/ReachOut/ipt-firewall/interfaces_ipv4.conf b/ReachOut/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..b637ca8
--- /dev/null
+++ b/ReachOut/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1="ppp-reachout"
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="eth0"
+local_if_2="eth1"
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/ReachOut/ipt-firewall/load_modules_ipv4.conf b/ReachOut/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/ReachOut/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/ReachOut/ipt-firewall/logging_ipv4.conf b/ReachOut/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..e653972
--- /dev/null
+++ b/ReachOut/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/ReachOut/ipt-firewall/logging_ipv6.conf b/ReachOut/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..a024215
--- /dev/null
+++ b/ReachOut/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/ReachOut/ipt-firewall/main_ipv4.conf b/ReachOut/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..49986e6
--- /dev/null
+++ b/ReachOut/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1370 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+read -a gateway_ipv4_address_arr <<<$(ifconfig | grep "inet Ad" | awk '{print$2}' | cut -d':' -f2)
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# - =====
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                    86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip="192.168.73.0/24:192.168.72.10"
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+#allow_local_if_to_local_ip="${local_if_1}:192.168.72.10"
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks=""
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195 1196"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194 1195"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - Kyocera KM-1635:                    192.168.72.5
+# - HP Color Laser Jet 2600 n:          192.168.72.6
+# - HP Laser Jet P2055dn (Buero Helga): 192.168.72.8
+# - Brother MFC-L2700DW (Buero Ulle):   192.168.72.9
+# -
+# - Telefonanlage:                      192.168.72.50
+# - Telefone:                           192.168.72.51
+# -                                     192.168.72.52
+# -                                     192.168.72.53
+# -
+# - Blank separated list
+# -
+http_server_only_local_ips="
+   192.168.72.5
+   192.168.72.6
+   192.168.72.8
+   192.168.72.9
+   192.168.72.50
+   192.168.72.51
+   192.168.72.52
+   192.168.72.53"
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - SMTP server (i.e. mail relay service) Gateway
+# -
+local_smtp_service=false
+
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+samba_server_local_ips="192.168.72.10"
+
+# - Samba Service DMZ
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips="192.168.72.0/24"
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=true
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - Blank seoarated list
+# -
+ipmi_server_ips="172.16.72.15 192.168.72.15"
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_ports="623 5900"
+ipmi_tcp_ports="80 443 623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - Kyocera KM-1635:                    192.168.72.5
+# - HP Color Laser Jet 2600 n:          192.168.72.6
+# - HP Color Laser Jet Pro MFP M177fw   192.168.72.7
+# - HP Laser Jet P2055dn (Buero Helga): 192.168.72.8
+# - Brother MFC-L2700DW (Buero Ulle):   192.168.72.9
+# -
+# - Blank separated list
+# -
+printer_ips="
+   192.168.72.5
+   192.168.72.6
+   192.168.72.7
+   192.168.72.8
+   192.168.72.9"
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - Brother MFC-L2700DW (Buero Ulle):   192.168.72.9
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips="192.168.72.9"
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade (NAT) networks
+# -
+# -    nat_networks="<src-network>:<output-device> [<src-network>:<output-device>] [.."
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -    nat_network="172.16.1.0/24:${local_if_2}
+# -                 172.16.63.0/24:${ext_if_static_1}"
+# -
+# - 172.16.1.0/24    Rescue network (routers)
+# -
+nat_networks=""
+
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+# -    192.168.64.55: Repeater TP-Link TL-WA850RE
+# -
+# - Blank separated list
+# -
+masquerade_tcp_cons=""
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# - Blank separated list
+# -
+portforward_tcp=""
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+allow_cisco_vpn_out=false
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=false
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=false
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=false
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14"
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/ReachOut/ipt-firewall/post_decalrations.conf b/ReachOut/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..7d0e9bf
--- /dev/null
+++ b/ReachOut/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/ReachOut/mailname.ReachOut b/ReachOut/mailname.ReachOut
new file mode 100644
index 0000000..211344c
--- /dev/null
+++ b/ReachOut/mailname.ReachOut
@@ -0,0 +1 @@
+gw-ro.ro.netz
diff --git a/ReachOut/main.cf.ReachOut b/ReachOut/main.cf.ReachOut
new file mode 100644
index 0000000..7512e34
--- /dev/null
+++ b/ReachOut/main.cf.ReachOut
@@ -0,0 +1,268 @@
+# ============ Basic settings ============
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+
+## - The Internet protocols Postfix will attempt to use when making 
+## - or accepting connections.
+## - DEFAULT: ipv4
+inet_protocols = ipv4
+
+#inet_interfaces = all
+inet_interfaces =
+   127.0.0.1
+   192.168.72.254
+
+myhostname = gw-ro.ro.netz
+
+mydestination = 
+   gw-ro.ro.netz
+   localhost
+
+## - The list of "trusted" SMTP clients that have more 
+## - privileges than "strangers"
+## -
+mynetworks = 
+   127.0.0.0/8
+   192.168.72.254/32
+
+#smtp_bind_address = 192.168.72.254
+#smtp_bind_address6 = 
+
+
+## - The method to generate the default value for the mynetworks parameter.
+## -
+## -   mynetworks_style = host" when Postfix should "trust" only the local machine
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -                       clients in the same IP subnetworks as the local machine.
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -                      IP class A/B/C networks as the local machine.
+## -
+#mynetworks_style = host
+
+
+## - The maximal size of any local(8) individual mailbox or maildir file, 
+## - or zero (no limit). In fact, this limits the size of any file that is 
+## - written to upon local delivery, including files written by external 
+## - commands that are executed by the local(8) delivery agent. 
+## -
+mailbox_size_limit = 0
+
+## - The maximal size in bytes of a message, including envelope information.
+## -
+## - we user 50MB
+## -
+message_size_limit = 52480000
+
+## - The system-wide recipient address extension delimiter
+## -
+recipient_delimiter = +
+
+## - The alias databases that are used for local(8) delivery.
+## -
+alias_maps =
+   hash:/etc/aliases
+
+## - The alias databases for local(8) delivery that are updated 
+## - with "newaliases" or with "sendmail -bi". 
+## -
+alias_database =
+   hash:/etc/aliases
+
+
+## - The maximal time a message is queued before it is sent back as 
+## - undeliverable. Defaults to 5d (5 days)
+## - Specify 0 when mail delivery should be tried only once.
+## - 
+maximal_queue_lifetime = 3d
+bounce_queue_lifetime = $maximal_queue_lifetime
+
+## - delay_warning_time (default: 0h)
+## -
+## - The time after which the sender receives a copy of the message 
+## - headers of mail that is still queued. To enable this feature, 
+## - specify a non-zero time value (an integral value plus an optional 
+## - one-letter suffix that specifies the time unit). 
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
+## - The default time unit is h (hours). 
+delay_warning_time = 1d
+
+
+
+# ============ Relay parameters ============
+
+#relayhost =
+
+
+# ============ SASL authentication ============
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+
+
+
+# ============ TLS parameters ============
+
+## - Aktiviert TLS für den Mailempfang
+## -
+## - may:
+## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - SMTP server, otherwise use plaintext
+## -
+## - This overrides the obsolete parameters smtpd_use_tls and 
+## - smtpd_enforce_tls. This parameter is ignored with 
+## - "smtpd_tls_wrappermode = yes".
+#smtpd_use_tls=yes
+smtp_tls_security_level=encrypt
+
+## - Aktiviert TLS für den Mailversand
+## -
+## - may:
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - but do not require that clients use TLS encryption.
+# smtp_use_tls=yes
+smtpd_tls_security_level=may
+
+## -    0 Disable logging of TLS activity. 
+## -    1 Log TLS handshake and certificate information. 
+## -    2 Log levels during TLS negotiation. 
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
+
+smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
+smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
+## -
+#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
+## - also possible to use 2048 key with that parameter
+## -
+smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
+## -
+smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
+
+
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
+## - server certificates or intermediate CA certificates. These are loaded into 
+## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
+## - 
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - necessary "hash" links with, for example, "
+## - /bin/c_rehash /etc/postfix/certs". 
+## -
+## - !! Note !!
+## - To use this option in chroot mode, this directory (or a copy) must be inside 
+## - the chroot jail. 
+## -
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - queue directory (/var/spool/postfix)
+## -
+#smtpd_tls_CApath = /etc/postfix/certs
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP server 
+# 
+# List of TLS protocols that the Postfix SMTP server will exclude or  
+# include with opportunistic TLS encryption.  
+smtpd_tls_protocols = !SSLv2, !SSLv3
+# 
+# The SSL/TLS protocols accepted by the Postfix SMTP server  
+# with mandatory TLS encryption. 
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP client 
+#  
+# List of TLS protocols that the Postfix SMTP client will exclude or  
+# include with opportunistic TLS encryption.  
+smtp_tls_protocols = !SSLv2, !SSLv3
+# 
+# List of SSL/TLS protocols that the Postfix SMTP client will use  
+# with mandatory TLS encryption 
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
+## -    openssl > 1.0
+## -
+smtpd_tls_eecdh_grade = strong
+
+# standard list cryptographic algorithm
+tls_preempt_cipherlist = yes
+
+# Disable ciphers which are less than 256-bit:
+#
+#smtpd_tls_mandatory_ciphers = high
+#
+# opportunistic
+smtpd_tls_ciphers = high
+
+
+# Exclude ciphers
+#smtpd_tls_exclude_ciphers =
+#   RC4
+#   aNULL
+#   SEED-SHA
+#   EXP
+#   MD5
+smtpd_tls_exclude_ciphers =
+   aNULL
+   eNULL
+   EXPORT
+   DES
+   RC4
+   MD5
+   PSK
+   aECDH
+   EDH-DSS-DES-CBC3-SHA
+   EDH-RSA-DES-CDC3-SHA
+   KRB5-DE5, CBC3-SHA
+
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
diff --git a/ReachOut/openvpn/ccd/server-gw-ckubu/VPN-ReachOut-gw-ckubu b/ReachOut/openvpn/ccd/server-gw-ckubu/VPN-ReachOut-gw-ckubu
new file mode 100644
index 0000000..bd028f3
--- /dev/null
+++ b/ReachOut/openvpn/ccd/server-gw-ckubu/VPN-ReachOut-gw-ckubu
@@ -0,0 +1,5 @@
+ifconfig-push 10.1.72.2 255.255.255.0
+push "route 192.168.72.0 255.255.255.0 10.1.72.1"
+push "route 192.168.73.0 255.255.255.0 10.1.72.1"
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0
diff --git a/ReachOut/openvpn/ccd/server-home/VPN-ReachOut-chris b/ReachOut/openvpn/ccd/server-home/VPN-ReachOut-chris
new file mode 100644
index 0000000..7ed98c8
--- /dev/null
+++ b/ReachOut/openvpn/ccd/server-home/VPN-ReachOut-chris
@@ -0,0 +1 @@
+ifconfig-push 10.0.72.3 255.255.255.0
diff --git a/ReachOut/openvpn/crl.pem b/ReachOut/openvpn/crl.pem
new file mode 120000
index 0000000..98dd55e
--- /dev/null
+++ b/ReachOut/openvpn/crl.pem
@@ -0,0 +1 @@
+keys/crl.pem
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/build-ca b/ReachOut/openvpn/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/build-dh b/ReachOut/openvpn/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/build-inter b/ReachOut/openvpn/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/build-key b/ReachOut/openvpn/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/build-key-pass b/ReachOut/openvpn/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/build-key-pkcs12 b/ReachOut/openvpn/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/build-key-server b/ReachOut/openvpn/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/build-req b/ReachOut/openvpn/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/build-req-pass b/ReachOut/openvpn/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/clean-all b/ReachOut/openvpn/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/inherit-inter b/ReachOut/openvpn/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/list-crl b/ReachOut/openvpn/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/openssl-0.9.6.cnf b/ReachOut/openvpn/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/ReachOut/openvpn/easy-rsa/openssl-0.9.8.cnf b/ReachOut/openvpn/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/ReachOut/openvpn/easy-rsa/openssl-1.0.0.cnf b/ReachOut/openvpn/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..c301e44
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/ReachOut/openvpn/easy-rsa/pkitool b/ReachOut/openvpn/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/revoke-full b/ReachOut/openvpn/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/sign-req b/ReachOut/openvpn/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/ReachOut/openvpn/easy-rsa/vars b/ReachOut/openvpn/easy-rsa/vars
new file mode 100644
index 0000000..74cf22b
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/vars
@@ -0,0 +1,95 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=10957
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="O.OPEN"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="ckubu-adm@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN ReachOut"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-ReachOut"
+
+export KEY_ALTNAMES="VPN ReachOut"
diff --git a/ReachOut/openvpn/easy-rsa/whichopensslcnf b/ReachOut/openvpn/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/ReachOut/openvpn/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/ReachOut/openvpn/ipp.txt b/ReachOut/openvpn/ipp.txt
new file mode 100644
index 0000000..e69de29
diff --git a/ReachOut/openvpn/keys/01.pem b/ReachOut/openvpn/keys/01.pem
new file mode 100644
index 0000000..951494a
--- /dev/null
+++ b/ReachOut/openvpn/keys/01.pem
@@ -0,0 +1,101 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-ReachOut-ca/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Dec  2 13:39:49 2016 GMT
+            Not After : Dec  2 13:39:49 2036 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-ReachOut-server/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b9:5b:fd:e8:c8:ed:ad:6c:e5:f3:0c:3d:cf:bf:
+                    1a:33:c1:f8:9b:f6:47:b2:ef:55:72:9d:68:76:de:
+                    55:e5:82:42:cd:ae:b0:63:ea:94:a2:61:28:bf:b6:
+                    5f:35:b5:6c:53:61:e0:82:f7:8b:4c:fd:34:ae:ea:
+                    5d:2c:5c:84:eb:51:97:20:d6:ec:5f:b9:25:ae:60:
+                    e3:69:66:7d:1f:d8:11:d3:97:da:4e:dc:5c:21:54:
+                    cd:5d:79:08:91:13:e2:08:f0:ba:23:51:23:99:fd:
+                    d2:e6:42:1f:66:1d:dd:9e:f3:c8:eb:51:42:a7:7c:
+                    5c:fb:81:95:1b:9a:73:5b:48:fe:66:d7:02:fd:16:
+                    94:24:dc:94:b1:5b:6e:bc:d1:89:b7:90:1a:93:ee:
+                    49:14:2c:4d:a7:f5:89:03:ec:6c:02:cf:75:5e:87:
+                    ff:76:f1:27:b6:93:5d:7e:cd:2a:51:dd:58:75:f7:
+                    12:a0:9b:64:60:36:07:bc:cd:c4:88:b3:6f:c7:43:
+                    a8:35:6f:54:ea:df:48:e2:cf:39:d4:84:d7:9b:96:
+                    4c:63:18:4d:73:9f:de:5b:a0:ac:4c:19:74:02:4f:
+                    b4:dd:20:bd:97:ad:1f:f5:ec:df:01:98:21:c1:4c:
+                    9a:7f:74:31:e3:6c:d9:f1:61:f5:55:2f:25:6d:ae:
+                    93:2d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                12:3B:C5:E0:5F:D0:39:99:F5:9E:1D:28:27:BD:98:6D:47:BE:C6:33
+            X509v3 Authority Key Identifier: 
+                keyid:5F:DD:9B:C8:1E:20:6B:2D:AA:C9:B2:27:FB:7C:EB:FE:DF:5F:35:7B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-ReachOut-ca/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+                serial:C9:54:AE:D1:38:24:A9:15
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         49:dc:84:e4:5e:d0:2e:a7:92:bf:9b:25:7f:5d:cf:fd:c2:e8:
+         69:15:d7:44:20:18:d0:70:8e:f9:c5:25:b5:7d:50:03:ee:45:
+         99:ec:31:46:6d:0d:98:a4:56:0d:5b:b5:b7:fc:09:9e:d2:55:
+         10:e6:21:67:f9:e7:44:c8:c8:77:80:88:c1:f3:a6:51:8a:f0:
+         38:11:59:5d:c7:fc:d1:dc:c9:e3:56:b0:83:40:06:e0:e6:24:
+         ab:b2:92:9a:cc:77:dc:2c:e4:4f:77:2a:e0:cc:1e:3d:61:59:
+         70:ee:9a:ab:7f:a0:46:e5:54:68:bf:22:47:44:16:c2:bf:a0:
+         f2:2c:71:d6:2e:fa:c2:c6:c2:4b:f9:55:34:f5:2f:b4:f4:ad:
+         b2:bb:c7:d2:93:27:05:4d:0a:2d:76:31:1a:84:39:bb:59:5d:
+         b9:0f:c7:cd:6a:55:c9:9a:92:bc:90:a7:bb:c6:c9:7b:b7:56:
+         82:ef:0f:19:69:7f:68:03:7f:7f:ab:5c:f1:1e:ad:d4:50:7e:
+         02:52:59:67:f4:a7:d9:a9:b6:bf:0f:62:2f:55:fc:b6:46:bf:
+         f6:d5:11:3b:a0:7e:4b:04:83:72:77:ae:88:e4:2d:5e:c7:2f:
+         26:c6:02:52:50:f7:07:f7:35:e8:45:37:32:dc:99:0f:42:17:
+         7b:19:73:55
+-----BEGIN CERTIFICATE-----
+MIIFdDCCBFygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBrzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1SZWFj
+aE91dC1jYTEVMBMGA1UEKRMMVlBOIFJlYWNoT3V0MSEwHwYJKoZIhvcNAQkBFhJj
+a3VidS1hZG1Ab29wZW4uZGUwHhcNMTYxMjAyMTMzOTQ5WhcNMzYxMjAyMTMzOTQ5
+WjCBszELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVy
+bGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMx
+HDAaBgNVBAMTE1ZQTi1SZWFjaE91dC1zZXJ2ZXIxFTATBgNVBCkTDFZQTiBSZWFj
+aE91dDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVv96MjtrWzl8ww9z78aM8H4m/ZHsu9V
+cp1odt5V5YJCza6wY+qUomEov7ZfNbVsU2HggveLTP00rupdLFyE61GXINbsX7kl
+rmDjaWZ9H9gR05faTtxcIVTNXXkIkRPiCPC6I1Ejmf3S5kIfZh3dnvPI61FCp3xc
++4GVG5pzW0j+ZtcC/RaUJNyUsVtuvNGJt5Aak+5JFCxNp/WJA+xsAs91Xof/dvEn
+tpNdfs0qUd1YdfcSoJtkYDYHvM3EiLNvx0OoNW9U6t9I4s851ITXm5ZMYxhNc5/e
+W6CsTBl0Ak+03SC9l60f9ezfAZghwUyaf3Qx42zZ8WH1VS8lba6TLQIDAQABo4IB
+kzCCAY8wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgEN
+BCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFBI7xeBf0DmZ9Z4dKCe9mG1HvsYzMIHkBgNVHSMEgdwwgdmAFF/dm8geIGst
+qsmyJ/t86/7fXzV7oYG1pIGyMIGvMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVJlYWNoT3V0LWNhMRUwEwYD
+VQQpEwxWUE4gUmVhY2hPdXQxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
+bi5kZYIJAMlUrtE4JKkVMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIF
+oDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcNAQELBQADggEBAEnchORe0C6n
+kr+bJX9dz/3C6GkV10QgGNBwjvnFJbV9UAPuRZnsMUZtDZikVg1btbf8CZ7SVRDm
+IWf550TIyHeAiMHzplGK8DgRWV3H/NHcyeNWsINABuDmJKuykprMd9ws5E93KuDM
+Hj1hWXDumqt/oEblVGi/IkdEFsK/oPIscdYu+sLGwkv5VTT1L7T0rbK7x9KTJwVN
+Ci12MRqEObtZXbkPx81qVcmakryQp7vGyXu3VoLvDxlpf2gDf3+rXPEerdRQfgJS
+WWf0p9mptr8PYi9V/LZGv/bVETugfksEg3J3rojkLV7HLybGAlJQ9wf3NehFNzLc
+mQ9CF3sZc1U=
+-----END CERTIFICATE-----
diff --git a/ReachOut/openvpn/keys/02.pem b/ReachOut/openvpn/keys/02.pem
new file mode 100644
index 0000000..11c833f
--- /dev/null
+++ b/ReachOut/openvpn/keys/02.pem
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-ReachOut-ca/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Dec  2 13:41:22 2016 GMT
+            Not After : Dec  2 13:41:22 2036 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-ReachOut-chris/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b9:c4:72:65:27:f8:64:85:43:e3:c5:54:ca:22:
+                    a6:05:d5:b8:83:8d:25:62:a5:a6:0a:c5:cc:a4:1e:
+                    41:1d:2f:92:0d:0e:d4:ad:28:eb:4a:49:79:75:9e:
+                    17:3d:74:a5:e6:77:12:d8:7a:93:5a:71:64:2e:f5:
+                    b6:20:84:d4:d1:7e:54:3f:51:16:e2:7f:09:53:83:
+                    ac:3b:8e:0e:82:81:38:8b:df:b2:2d:76:7d:87:bc:
+                    c9:c0:64:a5:a4:3b:7b:12:1d:0e:30:f6:c8:14:ff:
+                    aa:98:3a:69:86:08:17:cc:b7:b3:48:d3:d1:37:dc:
+                    01:92:ef:a5:6c:5e:5e:5b:77:87:8d:ac:f7:9d:13:
+                    9f:b7:74:af:12:b5:84:d5:1d:53:a9:40:14:89:64:
+                    ce:e2:fe:ae:df:34:94:38:55:45:fe:90:50:22:bc:
+                    c4:21:f5:91:0e:fe:d8:09:52:ca:8e:3e:75:91:dd:
+                    9f:a4:c1:98:19:df:9e:20:03:49:bd:6b:6d:67:f9:
+                    06:60:e9:e0:b3:99:f2:62:0e:3b:cd:b3:30:ae:08:
+                    a4:c7:48:c6:73:a1:b2:a5:d7:fb:60:b7:14:1b:1f:
+                    f2:f1:c0:32:6c:6d:51:44:11:b1:e6:55:96:8b:dc:
+                    dd:60:55:8e:5a:f7:84:8c:be:06:cb:b8:92:08:0b:
+                    46:bb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                8A:A6:3C:FE:E3:6F:E4:B9:C7:13:B4:C8:39:E5:4B:99:98:62:7E:4B
+            X509v3 Authority Key Identifier: 
+                keyid:5F:DD:9B:C8:1E:20:6B:2D:AA:C9:B2:27:FB:7C:EB:FE:DF:5F:35:7B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-ReachOut-ca/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+                serial:C9:54:AE:D1:38:24:A9:15
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         87:ca:b4:33:8d:55:c5:a5:6c:fc:3d:19:9d:e4:67:6b:09:e3:
+         1c:bc:3f:b7:72:a9:a9:a8:39:ee:48:17:80:b3:3d:3f:80:79:
+         5b:09:94:c4:da:f0:80:9a:13:f0:03:ff:31:2e:c6:4c:da:47:
+         97:91:84:fa:60:c6:03:24:ea:f8:61:c9:16:25:8b:b1:11:29:
+         c1:25:53:24:cb:5b:ab:56:57:32:7c:f2:68:c8:40:ec:0e:73:
+         9f:91:b2:13:12:d9:97:f1:c1:31:4d:fd:0f:af:fe:9e:22:8e:
+         8d:82:a3:ad:1e:14:a9:0b:60:d0:7e:c1:e9:fd:df:3a:ef:a4:
+         4c:f9:72:7f:65:d9:0f:1a:38:af:c7:94:fb:31:76:4f:f9:b0:
+         d2:8a:10:83:d3:9c:d7:44:b9:61:46:d1:a3:2a:98:fb:36:22:
+         8e:fb:10:77:39:20:48:97:f0:69:27:dc:e8:3f:1d:e6:b7:b3:
+         5f:bb:09:da:fc:09:40:43:19:92:7d:34:10:d8:28:5d:45:52:
+         17:f9:a2:03:c2:0b:57:91:ef:cf:6e:d6:92:d0:03:c1:15:0a:
+         50:76:95:c3:77:89:7b:3d:60:66:6e:a7:93:52:1c:f1:68:26:
+         6d:c5:aa:8c:7a:0e:31:1b:96:2c:91:09:23:8a:89:3a:40:f2:
+         f3:0b:54:31
+-----BEGIN CERTIFICATE-----
+MIIFWDCCBECgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBrzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1SZWFj
+aE91dC1jYTEVMBMGA1UEKRMMVlBOIFJlYWNoT3V0MSEwHwYJKoZIhvcNAQkBFhJj
+a3VidS1hZG1Ab29wZW4uZGUwHhcNMTYxMjAyMTM0MTIyWhcNMzYxMjAyMTM0MTIy
+WjCBsjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVy
+bGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMx
+GzAZBgNVBAMTElZQTi1SZWFjaE91dC1jaHJpczEVMBMGA1UEKRMMVlBOIFJlYWNo
+T3V0MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5xHJlJ/hkhUPjxVTKIqYF1biDjSVipaYK
+xcykHkEdL5INDtStKOtKSXl1nhc9dKXmdxLYepNacWQu9bYghNTRflQ/URbifwlT
+g6w7jg6CgTiL37Itdn2HvMnAZKWkO3sSHQ4w9sgU/6qYOmmGCBfMt7NI09E33AGS
+76VsXl5bd4eNrPedE5+3dK8StYTVHVOpQBSJZM7i/q7fNJQ4VUX+kFAivMQh9ZEO
+/tgJUsqOPnWR3Z+kwZgZ354gA0m9a21n+QZg6eCzmfJiDjvNszCuCKTHSMZzobKl
+1/tgtxQbH/LxwDJsbVFEEbHmVZaL3N1gVY5a94SMvgbLuJIIC0a7AgMBAAGjggF4
+MIIBdDAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIqmPP7jb+S5xxO0yDnlS5mYYn5LMIHk
+BgNVHSMEgdwwgdmAFF/dm8geIGstqsmyJ/t86/7fXzV7oYG1pIGyMIGvMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMP
+VlBOLVJlYWNoT3V0LWNhMRUwEwYDVQQpEwxWUE4gUmVhY2hPdXQxITAfBgkqhkiG
+9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAMlUrtE4JKkVMBMGA1UdJQQMMAoG
+CCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVjaHJpczANBgkqhkiG
+9w0BAQsFAAOCAQEAh8q0M41VxaVs/D0ZneRnawnjHLw/t3Kpqag57kgXgLM9P4B5
+WwmUxNrwgJoT8AP/MS7GTNpHl5GE+mDGAyTq+GHJFiWLsREpwSVTJMtbq1ZXMnzy
+aMhA7A5zn5GyExLZl/HBMU39D6/+niKOjYKjrR4UqQtg0H7B6f3fOu+kTPlyf2XZ
+Dxo4r8eU+zF2T/mw0ooQg9Oc10S5YUbRoyqY+zYijvsQdzkgSJfwaSfc6D8d5rez
+X7sJ2vwJQEMZkn00ENgoXUVSF/miA8ILV5Hvz27WktADwRUKUHaVw3eJez1gZm6n
+k1Ic8WgmbcWqjHoOMRuWLJEJI4qJOkDy8wtUMQ==
+-----END CERTIFICATE-----
diff --git a/ReachOut/openvpn/keys/ca.crt b/ReachOut/openvpn/keys/ca.crt
new file mode 100644
index 0000000..592c068
--- /dev/null
+++ b/ReachOut/openvpn/keys/ca.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE/TCCA+WgAwIBAgIJAMlUrtE4JKkVMA0GCSqGSIb3DQEBCwUAMIGvMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMP
+VlBOLVJlYWNoT3V0LWNhMRUwEwYDVQQpEwxWUE4gUmVhY2hPdXQxITAfBgkqhkiG
+9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTAeFw0xNjEyMDIxMjQ2MzlaFw00NjEy
+MDIxMjQ2MzlaMIGvMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYD
+VQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBT
+ZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVJlYWNoT3V0LWNhMRUwEwYDVQQpEwxWUE4g
+UmVhY2hPdXQxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ/Xi+e76pcPgW/mq45tSezbSTlH
+qnNmNf82uxgobSdQNKoNm41CJh/W8qjfaGAjLyuIwbPAyRCjxt1WeL9vje0mMd5P
+GVNMZsc2c72R7Yel9La51tWoDfkYjU+uQVUjPo12RTnAQwPRAS4q2riHIu+OkAzZ
+QnEEy1CC/spLqWvDDyaY2vEKWldFyIdCxT1wV/DJUESriCHoz2fgM5stslgbd3Dj
+qHsObhhlGdAI4aZ5KaAbDNk+DyiWRWefTZ7POBcLmSQCYCfbq2JXvt7ZtEt9KZM6
+RUpfPaAC2HXt+m2+zTSBhpwm6WN5MxJkQg8Po5mgVYPSVifsy2UjHNWKsVMCAwEA
+AaOCARgwggEUMB0GA1UdDgQWBBRf3ZvIHiBrLarJsif7fOv+3181ezCB5AYDVR0j
+BIHcMIHZgBRf3ZvIHiBrLarJsif7fOv+3181e6GBtaSBsjCBrzELMAkGA1UEBhMC
+REUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZP
+Lk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1S
+ZWFjaE91dC1jYTEVMBMGA1UEKRMMVlBOIFJlYWNoT3V0MSEwHwYJKoZIhvcNAQkB
+FhJja3VidS1hZG1Ab29wZW4uZGWCCQDJVK7ROCSpFTAMBgNVHRMEBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQBaFsB+tMuVX7/Yj8yGngmA3raqK2kPsyPzIDGMSgyZ
+lBkjaCIG2+VogDlJhdr4qg0WGVhtLwFdUhVlMdzKhmQFvH8BVEYcJRjinlJ4j6/5
+V6eWaVuY2uc/tfOz4vuMLSj2LFIPMjjPlGthUm2M+LITMv8yS27Ww2/5iD4B37vb
+znbJkY0khWK/oDNVvabVm/XNLt18vzmtee4XiCQoZEgnCgh7M42icScjNwPVGJx3
+co4BQk0M0yO1nnwdtLMKDRTX/FpNv2mztvh4qa/Xm74imeFFtY6WfX+jIxHdMrCX
+F4AosN0ktKNj+jFja4Vbhk+r2rME2llSsrrdr3E5JrLy
+-----END CERTIFICATE-----
diff --git a/ReachOut/openvpn/keys/ca.key b/ReachOut/openvpn/keys/ca.key
new file mode 100644
index 0000000..492f463
--- /dev/null
+++ b/ReachOut/openvpn/keys/ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCf14vnu+qXD4Fv
+5quObUns20k5R6pzZjX/NrsYKG0nUDSqDZuNQiYf1vKo32hgIy8riMGzwMkQo8bd
+Vni/b43tJjHeTxlTTGbHNnO9ke2HpfS2udbVqA35GI1PrkFVIz6NdkU5wEMD0QEu
+Ktq4hyLvjpAM2UJxBMtQgv7KS6lrww8mmNrxClpXRciHQsU9cFfwyVBEq4gh6M9n
+4DObLbJYG3dw46h7Dm4YZRnQCOGmeSmgGwzZPg8olkVnn02ezzgXC5kkAmAn26ti
+V77e2bRLfSmTOkVKXz2gAth17fptvs00gYacJuljeTMSZEIPD6OZoFWD0lYn7Mtl
+IxzVirFTAgMBAAECggEBAJhgVxMW5VAUjAQtFia0sOCHO4rLcwaHzbn6ZulkwInV
+wB7M0hkbklSQCMxMDah4YiNSP7YodoTSXGXsZTe6FMaavrd7GF18XA5VLojtcE78
+OglnqBIOHyPz7+Kh785Fxv/8W4nuavRcbo+gctmumfNdKJ3XD6vGMjwSZOpcrqn2
+y5N00ximQxx8lJXucxvtz4KFJyzK5CmNnUjHo514TcKk/9j5xnGk6lX4otpvq99Z
+esOMOv4mDMLlYUbGiEAMK5b+X2LSQn5wCL4NMeC1zG6XxR+JiGzKlCnp+5jqhBHH
+Mmxq0bWuhafS2KCP7FCjerVKwtuOs45B7vwDeCSdP8ECgYEA0z+3Rc9gS35aLSKj
+FHyVK0qhJpL4faIvkIOj5gSudlowz/IclZ3miBfImNqUMxAg3ye77t8cqAlYcDU9
+vm0aCZkLAgwJIgjc9/dxQt/q3WbHKMvB6+Vj+F3Px0re/pC80Ht/bcpdt+H783N6
+LYQP70lcGLHHxFAtJo+vF3vMUzsCgYEAwbP4pk1v7C/fQr56ta1U3+iI7Jl7gbyK
+bGGVsbH73onpRGyYGfrKyQdmsOd7HSkEHjqEybihbo8x4jGUKQGqg1Tvw5ahjJhO
+NqmaBiAbthx4S3TJXdfVF/heacdU0Z/TZ7hY9PBm635GUqLL71Wum5w2kUUpCvrA
+joCS/3dSiMkCgYB5R1Y3vPPiw5qP2RfZNiEJpqHYHH6O2iMGi5z3/G4QwnzNlYk1
+mF52eXkP0EVO/45vr0ckv3CbRCpC2T4makqNghCgzzobEQ2TSrr6ksUq8MucL0aY
+4KxBNdKI7wIREhVkd9JTvN+LJzFXtk9JfE0Nqoc2IjK3EPSq88io6ckHawKBgGpL
+1NuOCylVa/M4jCY+pCDrfpg38arUSDIJqxgET+9jRvshjKZVFgsTYKsbnFf4NiZQ
+fqYkB5KgSgOSqXeHTocbiSeP9b8tpV4h3EAYRpy9KtZdlFNHKc0posXxeP4/8scs
+RsTDV/dLKFQYukjwgA0swFUf2tIHoLuSmxhN5qDhAoGAYgm1oXLAR8+2oMT8wEu7
+KVRQb42mWtSqrVoAZrVxfLX61R+5n/cjh0yeLTXPd/CIlgiSHw//5MHcqzJjyJeZ
+y/0y1gyQLkBAynNHiPCrzeLLyQsf56xBe8p+N31yL+NtML5xEqr2fgTnBtPOHx7f
+lwCCp9ywpVb8ceTx5nvBN9M=
+-----END PRIVATE KEY-----
diff --git a/ReachOut/openvpn/keys/chris.crt b/ReachOut/openvpn/keys/chris.crt
new file mode 100644
index 0000000..11c833f
--- /dev/null
+++ b/ReachOut/openvpn/keys/chris.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-ReachOut-ca/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Dec  2 13:41:22 2016 GMT
+            Not After : Dec  2 13:41:22 2036 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-ReachOut-chris/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b9:c4:72:65:27:f8:64:85:43:e3:c5:54:ca:22:
+                    a6:05:d5:b8:83:8d:25:62:a5:a6:0a:c5:cc:a4:1e:
+                    41:1d:2f:92:0d:0e:d4:ad:28:eb:4a:49:79:75:9e:
+                    17:3d:74:a5:e6:77:12:d8:7a:93:5a:71:64:2e:f5:
+                    b6:20:84:d4:d1:7e:54:3f:51:16:e2:7f:09:53:83:
+                    ac:3b:8e:0e:82:81:38:8b:df:b2:2d:76:7d:87:bc:
+                    c9:c0:64:a5:a4:3b:7b:12:1d:0e:30:f6:c8:14:ff:
+                    aa:98:3a:69:86:08:17:cc:b7:b3:48:d3:d1:37:dc:
+                    01:92:ef:a5:6c:5e:5e:5b:77:87:8d:ac:f7:9d:13:
+                    9f:b7:74:af:12:b5:84:d5:1d:53:a9:40:14:89:64:
+                    ce:e2:fe:ae:df:34:94:38:55:45:fe:90:50:22:bc:
+                    c4:21:f5:91:0e:fe:d8:09:52:ca:8e:3e:75:91:dd:
+                    9f:a4:c1:98:19:df:9e:20:03:49:bd:6b:6d:67:f9:
+                    06:60:e9:e0:b3:99:f2:62:0e:3b:cd:b3:30:ae:08:
+                    a4:c7:48:c6:73:a1:b2:a5:d7:fb:60:b7:14:1b:1f:
+                    f2:f1:c0:32:6c:6d:51:44:11:b1:e6:55:96:8b:dc:
+                    dd:60:55:8e:5a:f7:84:8c:be:06:cb:b8:92:08:0b:
+                    46:bb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                8A:A6:3C:FE:E3:6F:E4:B9:C7:13:B4:C8:39:E5:4B:99:98:62:7E:4B
+            X509v3 Authority Key Identifier: 
+                keyid:5F:DD:9B:C8:1E:20:6B:2D:AA:C9:B2:27:FB:7C:EB:FE:DF:5F:35:7B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-ReachOut-ca/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+                serial:C9:54:AE:D1:38:24:A9:15
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         87:ca:b4:33:8d:55:c5:a5:6c:fc:3d:19:9d:e4:67:6b:09:e3:
+         1c:bc:3f:b7:72:a9:a9:a8:39:ee:48:17:80:b3:3d:3f:80:79:
+         5b:09:94:c4:da:f0:80:9a:13:f0:03:ff:31:2e:c6:4c:da:47:
+         97:91:84:fa:60:c6:03:24:ea:f8:61:c9:16:25:8b:b1:11:29:
+         c1:25:53:24:cb:5b:ab:56:57:32:7c:f2:68:c8:40:ec:0e:73:
+         9f:91:b2:13:12:d9:97:f1:c1:31:4d:fd:0f:af:fe:9e:22:8e:
+         8d:82:a3:ad:1e:14:a9:0b:60:d0:7e:c1:e9:fd:df:3a:ef:a4:
+         4c:f9:72:7f:65:d9:0f:1a:38:af:c7:94:fb:31:76:4f:f9:b0:
+         d2:8a:10:83:d3:9c:d7:44:b9:61:46:d1:a3:2a:98:fb:36:22:
+         8e:fb:10:77:39:20:48:97:f0:69:27:dc:e8:3f:1d:e6:b7:b3:
+         5f:bb:09:da:fc:09:40:43:19:92:7d:34:10:d8:28:5d:45:52:
+         17:f9:a2:03:c2:0b:57:91:ef:cf:6e:d6:92:d0:03:c1:15:0a:
+         50:76:95:c3:77:89:7b:3d:60:66:6e:a7:93:52:1c:f1:68:26:
+         6d:c5:aa:8c:7a:0e:31:1b:96:2c:91:09:23:8a:89:3a:40:f2:
+         f3:0b:54:31
+-----BEGIN CERTIFICATE-----
+MIIFWDCCBECgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBrzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1SZWFj
+aE91dC1jYTEVMBMGA1UEKRMMVlBOIFJlYWNoT3V0MSEwHwYJKoZIhvcNAQkBFhJj
+a3VidS1hZG1Ab29wZW4uZGUwHhcNMTYxMjAyMTM0MTIyWhcNMzYxMjAyMTM0MTIy
+WjCBsjELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVy
+bGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMx
+GzAZBgNVBAMTElZQTi1SZWFjaE91dC1jaHJpczEVMBMGA1UEKRMMVlBOIFJlYWNo
+T3V0MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5xHJlJ/hkhUPjxVTKIqYF1biDjSVipaYK
+xcykHkEdL5INDtStKOtKSXl1nhc9dKXmdxLYepNacWQu9bYghNTRflQ/URbifwlT
+g6w7jg6CgTiL37Itdn2HvMnAZKWkO3sSHQ4w9sgU/6qYOmmGCBfMt7NI09E33AGS
+76VsXl5bd4eNrPedE5+3dK8StYTVHVOpQBSJZM7i/q7fNJQ4VUX+kFAivMQh9ZEO
+/tgJUsqOPnWR3Z+kwZgZ354gA0m9a21n+QZg6eCzmfJiDjvNszCuCKTHSMZzobKl
+1/tgtxQbH/LxwDJsbVFEEbHmVZaL3N1gVY5a94SMvgbLuJIIC0a7AgMBAAGjggF4
+MIIBdDAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIqmPP7jb+S5xxO0yDnlS5mYYn5LMIHk
+BgNVHSMEgdwwgdmAFF/dm8geIGstqsmyJ/t86/7fXzV7oYG1pIGyMIGvMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMP
+VlBOLVJlYWNoT3V0LWNhMRUwEwYDVQQpEwxWUE4gUmVhY2hPdXQxITAfBgkqhkiG
+9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAMlUrtE4JKkVMBMGA1UdJQQMMAoG
+CCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAQBgNVHREECTAHggVjaHJpczANBgkqhkiG
+9w0BAQsFAAOCAQEAh8q0M41VxaVs/D0ZneRnawnjHLw/t3Kpqag57kgXgLM9P4B5
+WwmUxNrwgJoT8AP/MS7GTNpHl5GE+mDGAyTq+GHJFiWLsREpwSVTJMtbq1ZXMnzy
+aMhA7A5zn5GyExLZl/HBMU39D6/+niKOjYKjrR4UqQtg0H7B6f3fOu+kTPlyf2XZ
+Dxo4r8eU+zF2T/mw0ooQg9Oc10S5YUbRoyqY+zYijvsQdzkgSJfwaSfc6D8d5rez
+X7sJ2vwJQEMZkn00ENgoXUVSF/miA8ILV5Hvz27WktADwRUKUHaVw3eJez1gZm6n
+k1Ic8WgmbcWqjHoOMRuWLJEJI4qJOkDy8wtUMQ==
+-----END CERTIFICATE-----
diff --git a/ReachOut/openvpn/keys/chris.csr b/ReachOut/openvpn/keys/chris.csr
new file mode 100644
index 0000000..288858b
--- /dev/null
+++ b/ReachOut/openvpn/keys/chris.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC+DCCAeACAQAwgbIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRswGQYDVQQDExJWUE4tUmVhY2hPdXQtY2hyaXMxFTATBgNVBCkT
+DFZQTiBSZWFjaE91dDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRl
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucRyZSf4ZIVD48VUyiKm
+BdW4g40lYqWmCsXMpB5BHS+SDQ7UrSjrSkl5dZ4XPXSl5ncS2HqTWnFkLvW2IITU
+0X5UP1EW4n8JU4OsO44OgoE4i9+yLXZ9h7zJwGSlpDt7Eh0OMPbIFP+qmDpphggX
+zLezSNPRN9wBku+lbF5eW3eHjaz3nROft3SvErWE1R1TqUAUiWTO4v6u3zSUOFVF
+/pBQIrzEIfWRDv7YCVLKjj51kd2fpMGYGd+eIANJvWttZ/kGYOngs5nyYg47zbMw
+rgikx0jGc6Gypdf7YLcUGx/y8cAybG1RRBGx5lWWi9zdYFWOWveEjL4Gy7iSCAtG
+uwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAJoFWNaPv04c8y0A2qhRqHg4eLNj
+en3W11IimOj/pEr3vHfaXz65Lcc+U6AhKZvInc5nATLoZnIbf3AIWHTo1cFfo3lx
+qB/R7/Uo45tq3FBvugimoAgUkDAxsRvhNCdUnlPhTHuoTi+V8c0vU+9kq7kWKcB0
+ZOkYdNOdBbHeFXvYy5vw6xSD2A65SdG9roDxMWXurSFwOLWOZ2v0XLX0d8Aqw5fz
+UBk01AbyCdyYe5eGNAy26qUfphGnP1vTlRsZ6kAm+tFRuX5v2vFOE8VgQ7NTWt0y
+h2TtJ3CF+3bkymNnsyd8bm3HeIHylFjsoGy986c/a4nJWZI8c7lWaXWNSuc=
+-----END CERTIFICATE REQUEST-----
diff --git a/ReachOut/openvpn/keys/chris.key b/ReachOut/openvpn/keys/chris.key
new file mode 100644
index 0000000..a3ae16b
--- /dev/null
+++ b/ReachOut/openvpn/keys/chris.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIhy9Qt6so118CAggA
+MBQGCCqGSIb3DQMHBAjfnhtwyf86SASCBMgkkblEsVJ/XY2tjFh9aYBKUbqwHVCQ
+rr6FpN1sb1Z1+hvzfYGXLINjJvJDNm/goHoCCsMx1EV/ia5Ve42fcv7g/sndFF8T
+lxSUxhwdl0PtH4RR6k9Oc62XGMcC8l78zHQ1UOYgsX13cgDg0xESCpbXlfebP8Ot
+XSjtkt+prHPJQXNGX7PlbzK4GS9Md5Nf6AX0frtLo5wlf+w7lfWj4oQsTkKybMVP
+RkKU/dtSjxihCP1VyDRX+gNaaT2uh3HG22uEmdCIna9mpiepC0mIpxh1pwx2F0R4
+h/O+MWihipR2jSKF8Yu8qOocpkIJWtflokvvsTHnL+Ba5XcuPin8nzK0A0+7evV6
+3Q4/cmpUHvhkrt9Ju2yNeTz4P5Oztk7rtjYY3GO7gnb7Oq2IktfFsCVcU23OIfCX
+ebIgEVGA3F5YBdWsLkV0gpmkrmczYZ2efU619714SJisXkamCN+KYi2V5XVw80YZ
+kO2tGntG4X3vYNfTuH6wKtNrLZUmcBwvBoP//tYgs0gPT2zWtAQe6Zg10/FpVmu3
+h0ScLAGiTfw4Kwpp0bMSaV1uYZQMdggNgwTxSV7HPbk/X1IA6nb5T+2fWf50NO3N
+NXL0vHj13rz/TrUJeGAb7FW32TF5DUp+V1SoScCIFiy8NnrIWaIHzUj5H5CO4FFb
+p/4QWI2vNGcy+/nij1uodKnixQSKRPoUi9vmykJFot+KHig0o2sN5E43vX2q5N56
+zUtWvqxn+FJTb50DAhS49D2wa1bKsikgXr2+h3cFJJoFPqwuR+NdeeSozcXRNJLi
+LVde4LWW5i+a88A/2RzDS1ajDgAUel215NIZO9tsiBrddtpf/QKmia2aT6PonrIm
+Dx7uPV2ZcLFB4splQctkRHGF4O2ynpDJ1bXzDL69UzpfawhJQulcgM164aLFtLSU
+xTuBUpcQ29BOkQcPluv8s0rv21lysFTwgALqzbH5SVjTuv3BJdMqUCifD/gYx+iN
+s8PQR3tT2PFHwtxHCyzWQucZRymSoSbSh0/mivTsoQQwwwkZPD3dH++N2v2gT/BD
+k+hdTb8kMAEsKebzGce6Y5V0dlzKcK/GHTVVaMxwTNULR7lXSEdtzwjKemYN1fGz
+YbaLkSRBwhNymn37aptQywNcEwpOepYrt3yj2gYE8Q420is7hmOTT4Yjtd+5lh90
+A9mt0HoJCcOszpRePXfs+/q9z6nJaVdOKg3XcsI28OBiP/sOGXx3xrg0JUTVMplF
+ypUSTN60Lw2xH+oJlwWBBKjrGsjX7bl/x/AmlVo6hG8GUxHHIp9YIhNi6kJOSTzx
+kw4W+p44vrBBfQxUKNsqkT9M8zYXJH9A4SKORCn+lbGtmZtnwxjtA52ayepp7WiJ
+6hbSY88E0auklQlAvz8RCfe/rc8EQoYuvzYIhdY0kxvo4eVCS46uyr7ELMk+cNz5
+SfskgCNEfohUqDDA5ACiNsC0yIls1y35LfwHvFtyV96Mv3TzubFruaOrXeQcLPM+
+QsHoXBlLZ4nVXTuh9c8A7XaqxeiZcKUFE5Isr2fM1W7xbYB81iq8QY8ZqQcZaENM
+FBWwa3SrIhQUerL0oBClCbxr+jngEZmAmbcuEhBuZOEPrDvFnVbqOaFYkvCwi9+x
+E2s=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/ReachOut/openvpn/keys/crl.pem b/ReachOut/openvpn/keys/crl.pem
new file mode 100644
index 0000000..0141a3d
--- /dev/null
+++ b/ReachOut/openvpn/keys/crl.pem
@@ -0,0 +1,13 @@
+-----BEGIN X509 CRL-----
+MIIB9jCB3zANBgkqhkiG9w0BAQsFADCBrzELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1SZWFjaE91dC1jYTEV
+MBMGA1UEKRMMVlBOIFJlYWNoT3V0MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1A
+b29wZW4uZGUXDTE2MTIwMjEzNDAxNFoXDTE3MDEwMTEzNDAxNFowDQYJKoZIhvcN
+AQELBQADggEBAA/CvwgzTJGoqXw06XL3rwIbQ2UvAkh7A/Rw1AYrJEnnO037JlZM
+Brr+luLZyequDyrh9PCwoMv0FAfEIN8rpKmasRKIj/VggdPusKxRsoSCG/Vl3Spg
+0gR5U3m1Sb758+6LtWSoL0kwnDlURUZPKH2KaaaPxGu8PXM88/vCfYwRH5sEQHIT
+w4e3QwW6GFrpco5gXVk9IvmkF9HZ9PS/EBqrWWL5RJ7F9bswtwOAb4SUQNZXlftJ
+Cv8jHS2efuJwRIgZqRuqPFHyI7iOaj5Ur3My8i+et4T/L52SfwncvSD7gpsTbI/5
+rdVZfevPIjOp7Y/F+vOYnPPRNWp2O+dAiuU=
+-----END X509 CRL-----
diff --git a/ReachOut/openvpn/keys/dh2048.pem b/ReachOut/openvpn/keys/dh2048.pem
new file mode 100644
index 0000000..bb64d08
--- /dev/null
+++ b/ReachOut/openvpn/keys/dh2048.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA9zC12bXVmqeG75zqi1lMwgWK9Zpe6TB+aueIbbDoCWx3ZmtydLjr
+VmrxFNb8iQlNS7wtDXx4d72L9/+quVklpPwXRboV//3BqPns7Tyd/cLbwmGZ8pJ8
+z66xQ8iJho2LX+o/oyM37G9rb8gm8xLE1N5lRT3O2oZ2zRKtRH8BmqhXmOaV0n9D
+KbZHA6IfeVSEryYu7RbnoGi0KfoH/D3FGgo+HBIDx3EN6GwHZemfW2TE6T3MZcst
+aVgoJqYkxYmKSmvTNF36fSaCEM8TgOIa8mZltd2CZZayDE3x3+GqI1aZ+fGPoe1k
+1Mk/3nbtQfCtYRjGKzdGPgdnn9nxhB7rUwIBAg==
+-----END DH PARAMETERS-----
diff --git a/ReachOut/openvpn/keys/gw-ckubu.crt b/ReachOut/openvpn/keys/gw-ckubu.crt
new file mode 100644
index 0000000..346f52a
--- /dev/null
+++ b/ReachOut/openvpn/keys/gw-ckubu.crt
@@ -0,0 +1,98 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-ReachOut-ca/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Dec 12 19:50:59 2016 GMT
+            Not After : Dec 12 19:50:59 2036 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-ReachOut-gw-ckubu/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:96:37:a7:11:5b:b5:7c:04:77:d3:a1:6d:fc:88:
+                    ba:e0:b1:83:32:0b:29:86:7e:7d:40:5e:79:cc:5f:
+                    35:09:fb:8d:3f:7d:22:4f:7d:ed:c9:4b:73:fb:cd:
+                    e2:eb:14:cb:95:29:67:c6:53:c4:81:01:72:e2:9c:
+                    96:6b:a2:a7:3a:08:dc:29:7e:8f:fa:37:73:21:b6:
+                    49:7e:1c:c0:31:f6:34:0c:94:62:f5:57:a8:00:8a:
+                    b1:28:82:f6:4e:a9:c1:64:d3:aa:81:57:d4:9c:6b:
+                    5d:9e:15:cc:b7:b8:a0:a8:00:68:c5:f8:22:c3:26:
+                    db:18:df:da:91:96:34:37:71:8b:d1:cb:e2:1b:52:
+                    27:db:22:57:23:fb:ec:46:79:5e:67:eb:c5:05:8d:
+                    5f:dd:b0:b9:b8:df:6f:c0:5e:ca:69:7e:66:d1:d0:
+                    63:b1:28:eb:48:82:94:c2:94:8d:95:19:47:3c:ec:
+                    08:43:e9:4e:36:b5:31:5e:a6:5c:b9:92:e9:ef:a5:
+                    3a:5d:aa:78:f1:44:4b:53:78:27:85:9b:09:19:ee:
+                    7d:d7:ec:bb:73:a8:02:e6:3d:01:71:c0:c1:07:ba:
+                    2a:f3:11:b3:c2:52:f6:aa:f6:08:2e:14:8a:b2:25:
+                    df:bb:d9:a4:3b:90:2f:0e:ec:37:cf:0b:6f:cc:23:
+                    ad:4b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                EC:45:15:E6:92:4D:CA:CA:4E:6B:7D:D3:52:18:00:A5:92:69:24:1E
+            X509v3 Authority Key Identifier: 
+                keyid:5F:DD:9B:C8:1E:20:6B:2D:AA:C9:B2:27:FB:7C:EB:FE:DF:5F:35:7B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-ReachOut-ca/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+                serial:C9:54:AE:D1:38:24:A9:15
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         8e:58:7f:4f:ff:32:4f:22:e6:98:95:bf:2c:a8:d0:c9:54:1a:
+         0c:58:4a:d5:11:b6:3d:d7:8e:c2:84:36:9b:4f:c3:0c:e5:b9:
+         f2:40:7e:e1:93:7f:28:b6:61:c6:f4:96:f3:82:f3:be:22:e5:
+         7f:b7:ea:3c:09:b7:ad:db:28:0e:79:ab:03:c0:38:c3:ae:cf:
+         85:91:d1:6d:6f:b5:c5:97:c5:72:5e:87:7a:f1:bc:9a:39:4c:
+         ae:38:e7:9a:6f:8c:ad:7f:37:12:e3:4e:38:63:04:da:20:dd:
+         d0:77:7e:66:93:8f:a3:0d:a0:1d:67:69:7f:3a:a0:b8:47:56:
+         f3:a6:e6:9e:5d:5f:ac:6e:3b:fc:df:2b:9d:31:d2:11:0b:a9:
+         3f:17:ef:9a:2b:9c:af:dc:b7:ba:46:5e:d3:77:dc:52:f3:25:
+         b6:52:c8:ae:ab:48:8b:4d:8b:a2:25:d3:80:f4:76:88:31:18:
+         4a:f1:03:39:1c:30:d1:1b:ee:ec:6d:c8:2e:42:98:56:10:a2:
+         a8:94:16:fa:c7:eb:84:6d:4b:d9:63:43:3d:cb:66:7e:81:47:
+         80:90:4e:d6:ae:a3:66:b6:08:6f:dc:46:81:1f:33:c3:89:23:
+         2e:f8:54:a9:0f:16:23:6c:e9:b5:49:88:34:bf:1e:42:39:42:
+         7f:f8:d6:89
+-----BEGIN CERTIFICATE-----
+MIIFXjCCBEagAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBrzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1SZWFj
+aE91dC1jYTEVMBMGA1UEKRMMVlBOIFJlYWNoT3V0MSEwHwYJKoZIhvcNAQkBFhJj
+a3VidS1hZG1Ab29wZW4uZGUwHhcNMTYxMjEyMTk1MDU5WhcNMzYxMjEyMTk1MDU5
+WjCBtTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVy
+bGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMx
+HjAcBgNVBAMTFVZQTi1SZWFjaE91dC1ndy1ja3VidTEVMBMGA1UEKRMMVlBOIFJl
+YWNoT3V0MSEwHwYJKoZIhvcNAQkBFhJja3VidS1hZG1Ab29wZW4uZGUwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWN6cRW7V8BHfToW38iLrgsYMyCymG
+fn1AXnnMXzUJ+40/fSJPfe3JS3P7zeLrFMuVKWfGU8SBAXLinJZroqc6CNwpfo/6
+N3Mhtkl+HMAx9jQMlGL1V6gAirEogvZOqcFk06qBV9Sca12eFcy3uKCoAGjF+CLD
+JtsY39qRljQ3cYvRy+IbUifbIlcj++xGeV5n68UFjV/dsLm432/AXsppfmbR0GOx
+KOtIgpTClI2VGUc87AhD6U42tTFeply5kunvpTpdqnjxREtTeCeFmwkZ7n3X7Ltz
+qALmPQFxwMEHuirzEbPCUvaq9gguFIqyJd+72aQ7kC8O7DfPC2/MI61LAgMBAAGj
+ggF7MIIBdzAJBgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5l
+cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFOxFFeaSTcrKTmt901IYAKWSaSQe
+MIHkBgNVHSMEgdwwgdmAFF/dm8geIGstqsmyJ/t86/7fXzV7oYG1pIGyMIGvMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UE
+AxMPVlBOLVJlYWNoT3V0LWNhMRUwEwYDVQQpEwxWUE4gUmVhY2hPdXQxITAfBgkq
+hkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5kZYIJAMlUrtE4JKkVMBMGA1UdJQQM
+MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDATBgNVHREEDDAKgghndy1ja3VidTAN
+BgkqhkiG9w0BAQsFAAOCAQEAjlh/T/8yTyLmmJW/LKjQyVQaDFhK1RG2PdeOwoQ2
+m0/DDOW58kB+4ZN/KLZhxvSW84LzviLlf7fqPAm3rdsoDnmrA8A4w67PhZHRbW+1
+xZfFcl6HevG8mjlMrjjnmm+MrX83EuNOOGME2iDd0Hd+ZpOPow2gHWdpfzqguEdW
+86bmnl1frG47/N8rnTHSEQupPxfvmiucr9y3ukZe03fcUvMltlLIrqtIi02LoiXT
+gPR2iDEYSvEDORww0Rvu7G3ILkKYVhCiqJQW+sfrhG1L2WNDPctmfoFHgJBO1q6j
+ZrYIb9xGgR8zw4kjLvhUqQ8WI2zptUmINL8eQjlCf/jWiQ==
+-----END CERTIFICATE-----
diff --git a/ReachOut/openvpn/keys/gw-ckubu.csr b/ReachOut/openvpn/keys/gw-ckubu.csr
new file mode 100644
index 0000000..9f49b13
--- /dev/null
+++ b/ReachOut/openvpn/keys/gw-ckubu.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC+zCCAeMCAQAwgbUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMR4wHAYDVQQDExVWUE4tUmVhY2hPdXQtZ3ctY2t1YnUxFTATBgNV
+BCkTDFZQTiBSZWFjaE91dDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVu
+LmRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljenEVu1fAR306Ft
+/Ii64LGDMgsphn59QF55zF81CfuNP30iT33tyUtz+83i6xTLlSlnxlPEgQFy4pyW
+a6KnOgjcKX6P+jdzIbZJfhzAMfY0DJRi9VeoAIqxKIL2TqnBZNOqgVfUnGtdnhXM
+t7igqABoxfgiwybbGN/akZY0N3GL0cviG1In2yJXI/vsRnleZ+vFBY1f3bC5uN9v
+wF7KaX5m0dBjsSjrSIKUwpSNlRlHPOwIQ+lONrUxXqZcuZLp76U6Xap48URLU3gn
+hZsJGe591+y7c6gC5j0BccDBB7oq8xGzwlL2qvYILhSKsiXfu9mkO5AvDuw3zwtv
+zCOtSwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBACQRt4I4ftEma0p9WWYi98HX
+vI3QaEK8Isr+o5gAJyd73BDv3OONCHVp98RJvQXuPiWv0bZoQYBq9m5Y0MBD5PU1
+fUj1iLKzISABnpyhFNWjEXkuvgNQiDeWi08RRMKlfsIMlo2534HYMcre+ydXFg9a
+oHle5NEiGc3wiCwvetJTsqoxL6XE+KH6a6ntcBLrCtYh8ja08i7UURdgX/3EDzY6
+D6vdWb/y9k+djIeNXWQib6YlhsKgQaiMnhFky2qjuPcoklMuXo7jYlunED4P9Hux
+TSiJMVaVia8ff1J9eq2UWh1EZJtPzFr3RkKTYjmVTVhj1ule+VY5PzOYQPbBigA=
+-----END CERTIFICATE REQUEST-----
diff --git a/ReachOut/openvpn/keys/gw-ckubu.key b/ReachOut/openvpn/keys/gw-ckubu.key
new file mode 100644
index 0000000..92fa684
--- /dev/null
+++ b/ReachOut/openvpn/keys/gw-ckubu.key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIX1f/p8SfdJ4CAggA
+MBQGCCqGSIb3DQMHBAi+ldSjE0eLdwSCBMi3tzjN920KGtkWzX8EqiUpOrNj+HzD
+i/AX1NgTAqOmLatuowdCBuezyBcNTE4YXqqbFZ5LMPi4/4cXP3LjfH3E5D1TMNT4
+QcFzSYbgHkFVTq2ghxCIyWG06J5Z8dx30G+ANfcKt2t/chyCoFf7jaGVqjQaL4cv
+AfKHgPpaVpGvbfW7st/ZzCwkma5M9OskuI716dmjLhhPpXry3HaFXOc0kGQk9UHP
+rn2kM3tPSLnX/0fwMKedb433V6h5+w+H4tiiKMhfSY34XT11NGeZ/WYvV2Ew17yf
+kNHGxewn0ad+dYcdPJVoW/8m64dOTy0opOa0eZyO1WByCqqtGnv5pkXM9tU2vEFq
+87SD50oWQ2lM4Z5jYAyrHRrb0A5ErTTa7ZWSvq+GNid6G71kR8STYnH3PgFzufQA
+14i/WqJ7UJXfv2/0xDsCr+1W0LIF6tnTK1B+08rDVTFatrLpTuVMD3vdYFBMCoF2
+RQ0P8b45Ud9zbKYEr2tVIDH06OP/qW57IQu5yjGBelnUUQhz/cdfSCJOAKqxABfH
+5PoYV01N+NISPMrToGiwl1v75WT/nTzFNwuD+Bj7jylQhXbkPa/1+LOFAoNAm3SK
+U9O8wOm2gOwVMr4FrEfPIG6JjfIuXdSgEMDUnSnSqo/vBT4O7VcHFjAACkJQ1iQU
+ZqE3LaojZrSyFRFGbTeQZd0nRTBqD/i91UwZdAZmMhFHFtbjz5b43WLIsYhIUL9s
+0r8b6CuUS7BGvBGiLFsUhcSKc3cEWChjbQlaamViykk+dp8RluI+N9G97NCEnv29
+HHjoH/1ixQlFGYlU7fnWZkKc1A/U9wog7J2Hw1DJPo1O35p7qkPlDhGJ/5d773U1
+V/dAn59liYGB/u5m33Tig/SXULXgYxPFqB0lQGk3P3J+5BEHbsuaaj0BJpVFDgxH
+1zCX01ctyGbRx/pSNQw6FmpgMRHZgnW2vnAM3LOiDlxf7tSwvD5AqWUZXOzj/uQf
+hWPENVARorjj8aBhVdbeCerHrxhBvt96FZ4xG7460hgu9ZyXTV52fbCVJqcNo7dx
+zFvXQ5KwLEv+nwATD40d4VV7pewIE3kokQ2FFb+3t2SJ9Cjd4sBU9duhrgpVNmjg
+ODA/v+VCr1KNE52JYIZOFiiueyOq93r+Vlo/TRznqcrjB2nMbfTJRJt+Cl8+IRNm
+3GjsZzHAGEg4i91YyKouFXm4pDl8z6oMa9jY7icq79uQMWCJp0SXLyyo528uKf4Q
+MHQQrti/+/41yqNNdnw8XcQFL9FLh8YLCn9Kn7Er0C0XGrmFlcgC78ROi7XxClFO
+a9dwJSlRgsDq5nN9oYRJI+gECHXOLoBtHiXNd8LXyjrO7IxhCcpq/xyF9QA5zxot
+7QsXm9zfhGXp3kE3bJN7qO8yJgwUpcKRb8dL7LUcAJZEP5HkLyL0Aw4FSRfKUJ2f
+Dq92Zee+yyvKxamIpVLZDCLhSHghMOqip1/r4Z50UrFhy+0yyjkzF+0Z8S5Rew9f
+o/oNdZV8acDqYbzY1fDZN1ZHVIc+hf7vyVSxp4nyDvTusa6MxPw0C3fn8/qcv8qN
+Ez2+K15DBtdzkOJXPUFaCPn/HHpl5++WI314o+8eci8E8Q8y36a1btFlr9vMw8hR
+998=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/ReachOut/openvpn/keys/index.txt b/ReachOut/openvpn/keys/index.txt
new file mode 100644
index 0000000..590cebd
--- /dev/null
+++ b/ReachOut/openvpn/keys/index.txt
@@ -0,0 +1,3 @@
+V	361202133949Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-ReachOut-server/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+V	361202134122Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-ReachOut-chris/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+V	361212195059Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-ReachOut-gw-ckubu/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
diff --git a/ReachOut/openvpn/keys/index.txt.attr b/ReachOut/openvpn/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/ReachOut/openvpn/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/ReachOut/openvpn/keys/index.txt.attr.old b/ReachOut/openvpn/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/ReachOut/openvpn/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/ReachOut/openvpn/keys/index.txt.old b/ReachOut/openvpn/keys/index.txt.old
new file mode 100644
index 0000000..bbcdce9
--- /dev/null
+++ b/ReachOut/openvpn/keys/index.txt.old
@@ -0,0 +1,2 @@
+V	361202133949Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-ReachOut-server/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+V	361202134122Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-ReachOut-chris/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
diff --git a/ReachOut/openvpn/keys/serial b/ReachOut/openvpn/keys/serial
new file mode 100644
index 0000000..6496923
--- /dev/null
+++ b/ReachOut/openvpn/keys/serial
@@ -0,0 +1 @@
+04
diff --git a/ReachOut/openvpn/keys/serial.old b/ReachOut/openvpn/keys/serial.old
new file mode 100644
index 0000000..75016ea
--- /dev/null
+++ b/ReachOut/openvpn/keys/serial.old
@@ -0,0 +1 @@
+03
diff --git a/ReachOut/openvpn/keys/server.crt b/ReachOut/openvpn/keys/server.crt
new file mode 100644
index 0000000..951494a
--- /dev/null
+++ b/ReachOut/openvpn/keys/server.crt
@@ -0,0 +1,101 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-ReachOut-ca/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+        Validity
+            Not Before: Dec  2 13:39:49 2016 GMT
+            Not After : Dec  2 13:39:49 2036 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=O.OPEN, OU=Network Services, CN=VPN-ReachOut-server/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b9:5b:fd:e8:c8:ed:ad:6c:e5:f3:0c:3d:cf:bf:
+                    1a:33:c1:f8:9b:f6:47:b2:ef:55:72:9d:68:76:de:
+                    55:e5:82:42:cd:ae:b0:63:ea:94:a2:61:28:bf:b6:
+                    5f:35:b5:6c:53:61:e0:82:f7:8b:4c:fd:34:ae:ea:
+                    5d:2c:5c:84:eb:51:97:20:d6:ec:5f:b9:25:ae:60:
+                    e3:69:66:7d:1f:d8:11:d3:97:da:4e:dc:5c:21:54:
+                    cd:5d:79:08:91:13:e2:08:f0:ba:23:51:23:99:fd:
+                    d2:e6:42:1f:66:1d:dd:9e:f3:c8:eb:51:42:a7:7c:
+                    5c:fb:81:95:1b:9a:73:5b:48:fe:66:d7:02:fd:16:
+                    94:24:dc:94:b1:5b:6e:bc:d1:89:b7:90:1a:93:ee:
+                    49:14:2c:4d:a7:f5:89:03:ec:6c:02:cf:75:5e:87:
+                    ff:76:f1:27:b6:93:5d:7e:cd:2a:51:dd:58:75:f7:
+                    12:a0:9b:64:60:36:07:bc:cd:c4:88:b3:6f:c7:43:
+                    a8:35:6f:54:ea:df:48:e2:cf:39:d4:84:d7:9b:96:
+                    4c:63:18:4d:73:9f:de:5b:a0:ac:4c:19:74:02:4f:
+                    b4:dd:20:bd:97:ad:1f:f5:ec:df:01:98:21:c1:4c:
+                    9a:7f:74:31:e3:6c:d9:f1:61:f5:55:2f:25:6d:ae:
+                    93:2d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                12:3B:C5:E0:5F:D0:39:99:F5:9E:1D:28:27:BD:98:6D:47:BE:C6:33
+            X509v3 Authority Key Identifier: 
+                keyid:5F:DD:9B:C8:1E:20:6B:2D:AA:C9:B2:27:FB:7C:EB:FE:DF:5F:35:7B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=O.OPEN/OU=Network Services/CN=VPN-ReachOut-ca/name=VPN ReachOut/emailAddress=ckubu-adm@oopen.de
+                serial:C9:54:AE:D1:38:24:A9:15
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         49:dc:84:e4:5e:d0:2e:a7:92:bf:9b:25:7f:5d:cf:fd:c2:e8:
+         69:15:d7:44:20:18:d0:70:8e:f9:c5:25:b5:7d:50:03:ee:45:
+         99:ec:31:46:6d:0d:98:a4:56:0d:5b:b5:b7:fc:09:9e:d2:55:
+         10:e6:21:67:f9:e7:44:c8:c8:77:80:88:c1:f3:a6:51:8a:f0:
+         38:11:59:5d:c7:fc:d1:dc:c9:e3:56:b0:83:40:06:e0:e6:24:
+         ab:b2:92:9a:cc:77:dc:2c:e4:4f:77:2a:e0:cc:1e:3d:61:59:
+         70:ee:9a:ab:7f:a0:46:e5:54:68:bf:22:47:44:16:c2:bf:a0:
+         f2:2c:71:d6:2e:fa:c2:c6:c2:4b:f9:55:34:f5:2f:b4:f4:ad:
+         b2:bb:c7:d2:93:27:05:4d:0a:2d:76:31:1a:84:39:bb:59:5d:
+         b9:0f:c7:cd:6a:55:c9:9a:92:bc:90:a7:bb:c6:c9:7b:b7:56:
+         82:ef:0f:19:69:7f:68:03:7f:7f:ab:5c:f1:1e:ad:d4:50:7e:
+         02:52:59:67:f4:a7:d9:a9:b6:bf:0f:62:2f:55:fc:b6:46:bf:
+         f6:d5:11:3b:a0:7e:4b:04:83:72:77:ae:88:e4:2d:5e:c7:2f:
+         26:c6:02:52:50:f7:07:f7:35:e8:45:37:32:dc:99:0f:42:17:
+         7b:19:73:55
+-----BEGIN CERTIFICATE-----
+MIIFdDCCBFygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBrzELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZPLk9Q
+RU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxGDAWBgNVBAMTD1ZQTi1SZWFj
+aE91dC1jYTEVMBMGA1UEKRMMVlBOIFJlYWNoT3V0MSEwHwYJKoZIhvcNAQkBFhJj
+a3VidS1hZG1Ab29wZW4uZGUwHhcNMTYxMjAyMTMzOTQ5WhcNMzYxMjAyMTMzOTQ5
+WjCBszELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVy
+bGluMQ8wDQYDVQQKEwZPLk9QRU4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMx
+HDAaBgNVBAMTE1ZQTi1SZWFjaE91dC1zZXJ2ZXIxFTATBgNVBCkTDFZQTiBSZWFj
+aE91dDEhMB8GCSqGSIb3DQEJARYSY2t1YnUtYWRtQG9vcGVuLmRlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVv96MjtrWzl8ww9z78aM8H4m/ZHsu9V
+cp1odt5V5YJCza6wY+qUomEov7ZfNbVsU2HggveLTP00rupdLFyE61GXINbsX7kl
+rmDjaWZ9H9gR05faTtxcIVTNXXkIkRPiCPC6I1Ejmf3S5kIfZh3dnvPI61FCp3xc
++4GVG5pzW0j+ZtcC/RaUJNyUsVtuvNGJt5Aak+5JFCxNp/WJA+xsAs91Xof/dvEn
+tpNdfs0qUd1YdfcSoJtkYDYHvM3EiLNvx0OoNW9U6t9I4s851ITXm5ZMYxhNc5/e
+W6CsTBl0Ak+03SC9l60f9ezfAZghwUyaf3Qx42zZ8WH1VS8lba6TLQIDAQABo4IB
+kzCCAY8wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgEN
+BCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFBI7xeBf0DmZ9Z4dKCe9mG1HvsYzMIHkBgNVHSMEgdwwgdmAFF/dm8geIGst
+qsmyJ/t86/7fXzV7oYG1pIGyMIGvMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBk8uT1BFTjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVJlYWNoT3V0LWNhMRUwEwYD
+VQQpEwxWUE4gUmVhY2hPdXQxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Bl
+bi5kZYIJAMlUrtE4JKkVMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIF
+oDARBgNVHREECjAIggZzZXJ2ZXIwDQYJKoZIhvcNAQELBQADggEBAEnchORe0C6n
+kr+bJX9dz/3C6GkV10QgGNBwjvnFJbV9UAPuRZnsMUZtDZikVg1btbf8CZ7SVRDm
+IWf550TIyHeAiMHzplGK8DgRWV3H/NHcyeNWsINABuDmJKuykprMd9ws5E93KuDM
+Hj1hWXDumqt/oEblVGi/IkdEFsK/oPIscdYu+sLGwkv5VTT1L7T0rbK7x9KTJwVN
+Ci12MRqEObtZXbkPx81qVcmakryQp7vGyXu3VoLvDxlpf2gDf3+rXPEerdRQfgJS
+WWf0p9mptr8PYi9V/LZGv/bVETugfksEg3J3rojkLV7HLybGAlJQ9wf3NehFNzLc
+mQ9CF3sZc1U=
+-----END CERTIFICATE-----
diff --git a/ReachOut/openvpn/keys/server.csr b/ReachOut/openvpn/keys/server.csr
new file mode 100644
index 0000000..883b019
--- /dev/null
+++ b/ReachOut/openvpn/keys/server.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC+TCCAeECAQAwgbMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGTy5PUEVOMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRwwGgYDVQQDExNWUE4tUmVhY2hPdXQtc2VydmVyMRUwEwYDVQQp
+EwxWUE4gUmVhY2hPdXQxITAfBgkqhkiG9w0BCQEWEmNrdWJ1LWFkbUBvb3Blbi5k
+ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALlb/ejI7a1s5fMMPc+/
+GjPB+Jv2R7LvVXKdaHbeVeWCQs2usGPqlKJhKL+2XzW1bFNh4IL3i0z9NK7qXSxc
+hOtRlyDW7F+5Ja5g42lmfR/YEdOX2k7cXCFUzV15CJET4gjwuiNRI5n90uZCH2Yd
+3Z7zyOtRQqd8XPuBlRuac1tI/mbXAv0WlCTclLFbbrzRibeQGpPuSRQsTaf1iQPs
+bALPdV6H/3bxJ7aTXX7NKlHdWHX3EqCbZGA2B7zNxIizb8dDqDVvVOrfSOLPOdSE
+15uWTGMYTXOf3lugrEwZdAJPtN0gvZetH/Xs3wGYIcFMmn90MeNs2fFh9VUvJW2u
+ky0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAqhWGbGa/v4HbXNspzIyfxNqju
+ARkbUngOFtgW+vAknEO180OgFC+zoH1P+Dg0s5GjInqjSsQinsbLPKL7rzSeb/kc
+86TPywyNjCMXAI1e3h0c91Qe/DCQHjK6mRGdWBRruqEQ7y+7iBXAXwYhGjE6GDGa
+gEiNv3wO54dT/f+H9uFZ+znLOOOxCSPweIlX/HVYYUP2qRPYA0aaU8p9qiANzfv8
+LxWneYPoFZBj8m5o+h5jJiV47yD1tMY/TkyW7/w3qj1NsDqO2z1h/cPGSlqyunts
+N0S8CxQ9nUyTLo/plnaocXnx1P4tpL4rZf/Yp9hpEzVUCLJDR22qSoQojsS9
+-----END CERTIFICATE REQUEST-----
diff --git a/ReachOut/openvpn/keys/server.key b/ReachOut/openvpn/keys/server.key
new file mode 100644
index 0000000..e8b4456
--- /dev/null
+++ b/ReachOut/openvpn/keys/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC5W/3oyO2tbOXz
+DD3Pvxozwfib9key71VynWh23lXlgkLNrrBj6pSiYSi/tl81tWxTYeCC94tM/TSu
+6l0sXITrUZcg1uxfuSWuYONpZn0f2BHTl9pO3FwhVM1deQiRE+II8LojUSOZ/dLm
+Qh9mHd2e88jrUUKnfFz7gZUbmnNbSP5m1wL9FpQk3JSxW2680Ym3kBqT7kkULE2n
+9YkD7GwCz3Veh/928Se2k11+zSpR3Vh19xKgm2RgNge8zcSIs2/HQ6g1b1Tq30ji
+zznUhNeblkxjGE1zn95boKxMGXQCT7TdIL2XrR/17N8BmCHBTJp/dDHjbNnxYfVV
+LyVtrpMtAgMBAAECggEBAJ4RpOXu80EBrNcniU6wWVfqAmh+DYa6MtQbCArWb8nY
+278rSaDrWvVehbF3hJn4rPgub5dAIrr08wh3NB2wiGlkmsyWe9zltwyN82De1bVi
+PVGEHddCdA64kqkzneqaWhflsdaMSx/3JPLXUI90yJnUq3KBSaYql+CjENUJUXZ1
+xW9yoid8SvYqc6+MiSU3/Fu4X4i+cvG55TZ+bgN48gZeaMazkTbHJP8DJ2I3VMEC
+ZsH67kF3gtibKBc05Gxr5AhOYlKTMRhOaG38z37v6M8hsLtXOz8l+NJ7nxV1dO3S
+8AMEQz8idd3NaUr/bvGdMSofRoyKosxwQKrQ0ewOisECgYEA3D4AJlolveYuF8kc
+AeAnpf4QiDbmmspig55Fa/wcoaPKlkEKqzFuBf+v03OeVqJX6LR6LaPfJr7Qxjv1
+qjefQvcNHD7EBV4YLUTxMehG+4ayHIEiROD+qb9yoKUrJSfOrW+FrUU87hQwLiVV
+Jjvwij7IY8lmBA+jx3nVH9Hz3/cCgYEA13Qk1aCtCG/VgY1LZ6Z/X9wkfqS3YBZt
+RCLiALtphs0rysplZovntEPcQRiZzCwB2K+rubCPqTgDtFZG3PeqDMRBfdB1yuqp
+73CM6Tvo9H3LMisRRFkExPOYA84etGrr5Rn2gBKmerrzst+9VJAT3FSH0SAtdkes
+rRwh+G425PsCgYBtVGXUpAl6REp7Sj0Z/UERWJayV7aP/ol61tWVblh0MQ+/GNiH
+9Qit96g7qnhef0ZuYTEJeQCshiqzTU59ShFIN8WNUOcT1wrfZgrpgGnEMLA4EC6H
+zLz+XOg1MOjDEAi79dGBGw7NDL6CGcw0J6sXpWTqjC6VM4JU4njWy+1pLwKBgCKh
+coI771QZ1bGbKnGgm3ym/96zTx5MvIdlK/p+JTobpFxWJ/JRro6VEcQM1juxHyLb
+KbkRHiZO8Jl9/KnrzRN8QCKe7TAOg/4Okzex/4G87npD3eSkglW96cNC0ECjpwMO
+J0byuHulrSIlQGNlPSv/Ek2U5HnMj37LtNIftQcdAoGBAJciB/qFtf1LWYdFe/f8
+fgZBCyb4gDO9CFKFKUAzOxyCmjPmrgMqHHX8flmR4tPl672NbKdKRb0PrmjJ7mfI
+LQ5xAtPY35DcT48C9bRXVCTq3xWqrGzVGYeg3Eu0EUR3YxgmAo+BlA8XgSSdpYME
+pXypj6d3NWQHS8ERR6XSGCVK
+-----END PRIVATE KEY-----
diff --git a/ReachOut/openvpn/keys/ta.key b/ReachOut/openvpn/keys/ta.key
new file mode 100644
index 0000000..86a5b17
--- /dev/null
+++ b/ReachOut/openvpn/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+0d93f89ecf24cf310bd30e8319a142e1
+4ebf7508a293db1392c69e7cd4079271
+a27f9e64288772ffc7d6645cd7c7f5d5
+0681237cff1fe4ef520d9b90609f053f
+e4980b81c1cf14015ea0510114c4a71d
+b0fac8f22a02fa4bb63dbfb90b094842
+9ae86a022ee4f8ea344cfb89cb787fa8
+79b5ac1178bcba8cc27619cdd5ba7a0f
+46d11ea63d7a9fe1f1ff84d631124ce7
+04ea9fd27add0e4462cc5a404227f0bc
+533647d8412d6399010729d4dd4dbd6f
+70d667a64ef8183d9db91ee13c5efe2d
+3f559bf3c5bb0fce0010522dd61ee765
+1b078eb55aea89a0c89f23ba7a6d2c39
+b5ca2616e27001dfbf7e58065a31ad61
+1d236dc8bff5873f97d0790df1de11db
+-----END OpenVPN Static key V1-----
diff --git a/ReachOut/openvpn/server-gw-ckubu.conf b/ReachOut/openvpn/server-gw-ckubu.conf
new file mode 100644
index 0000000..edc6c32
--- /dev/null
+++ b/ReachOut/openvpn/server-gw-ckubu.conf
@@ -0,0 +1,300 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1195
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+
+topology subnet
+route 192.168.63.0 255.255.255.0 10.1.72.1
+route 192.168.64.0 255.255.255.0 10.1.72.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca keys/ca.crt
+cert keys/server.crt
+key keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys. 
+dh keys/dh2048.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.1.72.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 192.168.23.0 255.255.255.0"
+;push "route 192.168.72.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+client-config-dir /etc/openvpn/ccd/server-gw-ckubu
+;route 192.168.40.128 255.255.255.248
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option DNS 10.8.0.1"
+;push "dhcp-option WINS 10.8.0.1"
+;push "dhcp-option DNS 192.168.72.53"
+;push "dhcp-option DOMAIN ro.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+status /var/log/openvpn/status-server-gw-ckubu.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+log         /var/log/openvpn/server-gw-ckubu.log
+;log-append  openvpn.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+#crl-verify /etc/openvpn/keys/crl.pem
diff --git a/ReachOut/openvpn/server-home.conf b/ReachOut/openvpn/server-home.conf
new file mode 100644
index 0000000..994e8b1
--- /dev/null
+++ b/ReachOut/openvpn/server-home.conf
@@ -0,0 +1,300 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+
+topology subnet
+#route 192.168.63.0 255.255.255.0 10.1.72.1
+#route 192.168.64.0 255.255.255.0 10.1.72.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca keys/ca.crt
+cert keys/server.crt
+key keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys. 
+dh keys/dh2048.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+server 10.0.72.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 192.168.23.0 255.255.255.0"
+push "route 192.168.72.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+client-config-dir /etc/openvpn/ccd/server-home
+;route 192.168.40.128 255.255.255.248
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir
+;route 10.9.0.0 255.255.255.252
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option DNS 10.8.0.1"
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.72.1"
+push "dhcp-option DOMAIN ro.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+status /var/log/openvpn/status-server-home.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+log         /var/log/openvpn/server-home.log
+;log-append  openvpn.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 4
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+#crl-verify /etc/openvpn/keys/crl.pem
diff --git a/ReachOut/openvpn/update-resolv-conf b/ReachOut/openvpn/update-resolv-conf
new file mode 100755
index 0000000..fc2f031
--- /dev/null
+++ b/ReachOut/openvpn/update-resolv-conf
@@ -0,0 +1,58 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+# 
+# Example envs set from openvpn:
+#
+#     foreign_option_1='dhcp-option DNS 193.43.27.132'
+#     foreign_option_2='dhcp-option DNS 193.43.27.133'
+#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+[ -x /sbin/resolvconf ] || exit 0
+[ "$script_type" ] || exit 0
+[ "$dev" ] || exit 0
+
+split_into_parts()
+{
+	part1="$1"
+	part2="$2"
+	part3="$3"
+}
+
+case "$script_type" in
+  up)
+	NMSRVRS=""
+	SRCHS=""
+	for optionvarname in ${!foreign_option_*} ; do
+		option="${!optionvarname}"
+		echo "$option"
+		split_into_parts $option
+		if [ "$part1" = "dhcp-option" ] ; then
+			if [ "$part2" = "DNS" ] ; then
+				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
+			elif [ "$part2" = "DOMAIN" ] ; then
+				SRCHS="${SRCHS:+$SRCHS }$part3"
+			fi
+		fi
+	done
+	R=""
+	[ "$SRCHS" ] && R="search $SRCHS
+"
+	for NS in $NMSRVRS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
+	;;
+  down)
+	/sbin/resolvconf -d "${dev}.openvpn"
+	;;
+esac
+
diff --git a/ReachOut/pap-secrets.ReachOut b/ReachOut/pap-secrets.ReachOut
new file mode 100644
index 0000000..3df5956
--- /dev/null
+++ b/ReachOut/pap-secrets.ReachOut
@@ -0,0 +1,47 @@
+#
+# /etc/ppp/pap-secrets
+#
+# This is a pap-secrets file to be used with the AUTO_PPP function of
+# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
+# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
+# after a user has passed this file. Don't be disturbed therefore by the fact
+# that this file defines logins with any password for users. /etc/passwd
+# (again, /etc/shadow, too) will catch passwd mismatches.
+#
+# This file should block ALL users that should not be able to do AUTO_PPP.
+# AUTO_PPP bypasses the usual login program so it's necessary to list all
+# system userids with regular passwords here.
+#
+# ATTENTION: The definitions here can allow users to login without a
+# password if you don't use the login option of pppd! The mgetty Debian
+# package already provides this option; make sure you don't change that.
+
+# INBOUND connections
+
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+*	hostname	""	*
+
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd!
+guest	hostname	"*"	-
+master	hostname	"*"	-
+root	hostname	"*"	-
+support	hostname	"*"	-
+stats	hostname	"*"	-
+
+# OUTBOUND connections
+
+# Here you should add your userid password to connect to your providers via
+# PAP. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+
+#	*	password
+
+## - ReachOut Berlin
+## - first (primary) line
+"ar2667509237" * "93925410"
+## - second line
+"ar1435496252" * "93925410"
diff --git a/ReachOut/peers/dsl-provider b/ReachOut/peers/dsl-provider
new file mode 120000
index 0000000..dcb9fae
--- /dev/null
+++ b/ReachOut/peers/dsl-provider
@@ -0,0 +1 @@
+dsl-reachout
\ No newline at end of file
diff --git a/ReachOut/peers/dsl-provider.00 b/ReachOut/peers/dsl-provider.00
new file mode 100644
index 0000000..41cc976
--- /dev/null
+++ b/ReachOut/peers/dsl-provider.00
@@ -0,0 +1,19 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+plugin rp-pppoe.so eth2
+user "ar2667509237"
+## - second line
+## - DSL 6000
+#user "ar1435496252"
diff --git a/ReachOut/peers/dsl-reachout b/ReachOut/peers/dsl-reachout
new file mode 100644
index 0000000..4126e89
--- /dev/null
+++ b/ReachOut/peers/dsl-reachout
@@ -0,0 +1,20 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+plugin rp-pppoe.so eth2
+ifname ppp-reachout
+user "ar2667509237"
+## - second line
+## - DSL 6000
+#user "ar1435496252"
diff --git a/ReachOut/peers/provider b/ReachOut/peers/provider
new file mode 100644
index 0000000..e74d71a
--- /dev/null
+++ b/ReachOut/peers/provider
@@ -0,0 +1,35 @@
+# example configuration for a dialup connection authenticated with PAP or CHAP
+#
+# This is the default configuration used by pon(1) and poff(1).
+# See the manual page pppd(8) for information on all the options.
+
+# MUST CHANGE: replace myusername@realm with the PPP login name given to
+# your by your provider.
+# There should be a matching entry with the password in /etc/ppp/pap-secrets
+# and/or /etc/ppp/chap-secrets.
+user "myusername@realm"
+
+# MUST CHANGE: replace ******** with the phone number of your provider.
+# The /etc/chatscripts/pap chat script may be modified to change the
+# modem initialization string.
+connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
+
+# Serial device to which the modem is connected.
+/dev/modem
+
+# Speed of the serial line.
+115200
+
+# Assumes that your IP address is allocated dynamically by the ISP.
+noipdefault
+# Try to get the name server addresses from the ISP.
+usepeerdns
+# Use this connection as the default route.
+defaultroute
+
+# Makes pppd "dial again" when the connection is lost.
+persist
+
+# Do not ask the remote to authenticate.
+noauth
+
diff --git a/ReachOut/rc.local.ReachOut b/ReachOut/rc.local.ReachOut
new file mode 100755
index 0000000..bd5032a
--- /dev/null
+++ b/ReachOut/rc.local.ReachOut
@@ -0,0 +1,27 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+# By default this script does nothing.
+
+if ! cat /proc/swaps | grep -q "/dev/sda1" ; then
+   swapon -p 1 /dev/sda1 > /dev/null 2>&1 || /bin/true
+fi
+if ! cat /proc/swaps | grep -q "/dev/sdb1" ; then
+   swapon -p 1 /dev/sdb1 > /dev/null 2>&1 || /bin/true
+fi
+
+sleep 2
+systemctl restart ipt-firewall
+
+#/usr/local/sbin/ipt-firewall-gateway flush
+#systemctl stop openvpn
+
+exit 0
diff --git a/ReachOut/resolv.conf.ReachOut b/ReachOut/resolv.conf.ReachOut
new file mode 100644
index 0000000..9b6f0a7
--- /dev/null
+++ b/ReachOut/resolv.conf.ReachOut
@@ -0,0 +1,3 @@
+domain ro.netz
+search ro.netz
+nameserver 127.0.0.1
diff --git a/ReachOut/sasl_passwd.ReachOut b/ReachOut/sasl_passwd.ReachOut
new file mode 100644
index 0000000..4035ae3
--- /dev/null
+++ b/ReachOut/sasl_passwd.ReachOut
@@ -0,0 +1 @@
+[b.mx.oopen.de] ro-brb@b.mx.oopen.de:qHWp9StTsC
diff --git a/ReachOut/sasl_passwd.db.ReachOut b/ReachOut/sasl_passwd.db.ReachOut
new file mode 100644
index 0000000..579fb59
Binary files /dev/null and b/ReachOut/sasl_passwd.db.ReachOut differ
diff --git a/ReachOut/sbin/check_net.sh b/ReachOut/sbin/check_net.sh
new file mode 100755
index 0000000..e1607fa
--- /dev/null
+++ b/ReachOut/sbin/check_net.sh
@@ -0,0 +1,623 @@
+#!/usr/bin/env bash
+
+## -------------------------------------------------------------------
+## --- All Configurations ill be done in /etc/check_net/check_net.conf
+## -------------------------------------------------------------------
+
+## - Load Configuration
+## -
+source /etc/check_net/check_net.conf
+
+
+## ------------------
+## --- Some functions
+## ------------------
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+fatal(){
+   echo ""
+   echo -e "[ \033[31m\033[1mError\033[m ]: $*"
+   echo ""
+   echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m"
+   echo ""
+
+   echo "" >> $log_file
+   echo "[ Error ]: $*" >> $log_file
+   echo "" >> $log_file
+   echo "           Script is canceled." >> $log_file
+   echo "" >> $log_file
+
+   exit 1
+}
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+set_ping_addresses () {
+
+   if $DEBUG ; then
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Try to set IP-Address(es) for ping test. This may take some time.." >> $log_file
+   fi
+
+   ping_test_ip=""
+   unset ping_ip_arr 
+   declare -i i=0
+   for _host in $PING_TEST_HOSTS ; do
+      while [ $i -lt 2 ]; do
+         if dig +short $_host > /dev/null 2>&1 ; then
+            ping_test_ip=`dig +short $_host | head -1`
+            if ping -q -c2 $ping_test_ip >/dev/null 2>&1 ; then
+               ping_ip_arr+=("$ping_test_ip")
+               let i++
+               break
+            fi
+         fi
+         break
+      done
+   done
+
+   if [ ${#ping_ip_arr[@]} -lt 1 ]; then
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Setting IP-Address(es) for ping test FAILED!" >> $log_file
+   else
+      if $DEBUG ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] IP-Addresses for ping tests set to ${ping_ip_arr[@]}" >> $log_file 
+      fi
+   fi
+}
+usage() { 
+   echo  
+   [ -n  "$1" ] && echo -e "[ \033[1;31mError\033[m ] : $1\n" 
+ 
+echo -e "   Usage:" 
+echo -e "          \033[1m`basename $0` [OPTIONS] <device1> <device2> ..\033[m" 
+echo "" 
+echo -e "   This script checks the status (online/offline) of the given devices. Afterward another"
+echo "      script called \033[1m`basename $netconfig_script`\033[m will be triggered to configure"
+echo "      the routing depending on the status of the devices."
+echo ""
+echo -e "   It is strongly recommend to put \033[1mall devices, which should have a connection to"
+echo -e "   the internet\033[m, on the command line."
+echo ""
+echo -e "   \033[1mNotice\033[m"
+echo -e "      On static line devices \033[1mappend \":<gateway>\"\033[m. This is very important,"
+echo -e "      otherwise this script will \033[1mNOT work as expected\033[m."
+echo -e "      Example:"
+echo -e "            \033[1m`basename $0` -l \"eth0 ppp-light\" eth0:172.16.0.1 ppp-light\033[m"
+echo ""
+echo -e "   The declaration of the device(s) is mandatory."
+echo ""
+echo -e "   Options:"
+echo ""
+echo -e "      \033[1m-h\033[m"
+echo -e "         Prints this help\033[m"
+echo ""   
+echo -e "      \033[1m-l <list of online devices>\033[m"
+echo -e "         List of all (internet) devices known as online."
+echo ""
+
+exit 1
+}
+
+
+if [[ $EUID -ne 0 ]]; then
+   fatal "This script must be run as root" 1>&2
+fi
+
+if [[ ! -f "$netconfig_script" ]]; then
+   fatal "Netconfig script \"$netconfig_script\" not found!"
+fi
+
+
+## -------------------------------------------------
+## --- If script is  already running, stop execution
+## -------------------------------------------------
+
+LOCK_DIR=/tmp/`basename $0`.LOCK
+if mkdir "$LOCK_DIR" 2> /dev/null ; then
+
+   ## - Remove lockdir when the script finishes, or when it receives a signal
+   trap 'rm -rf "$LOCK_DIR"' 0 2 15
+
+else
+
+   datum=`date +"%d.%m.%Y"`
+   msg="[ Error ]: A previos instance of script \"`basename $0`\" seems already be running.\n\n           Exiting now.."
+   echo -e "To:${admin_email}\n${content_type}\nSubject:DSL Script Error $company -- $datum\n\n${msg}\n" | /usr/sbin/sendmail -F "DSL Monitoring $company" -f $from_address $admin_email 2> /dev/null
+
+   if $LOGGING_CONSOLE ; then
+      echo ""
+      echo "[ Error ]: A previos instance script \"`basename $0`\" seems already be running."
+      echo ""
+      echo "           Exiting now.."
+      echo ""
+   fi
+   exit 1
+
+fi
+
+
+## -------------
+## --- Configure
+## -------------
+
+while getopts l:h opt ; do
+   case $opt in
+      h) usage ;;
+      l) ONLINE_DEVICE_LIST=$OPTARG
+         ;;
+   esac
+done
+
+shift `expr $OPTIND - 1`
+
+INITIAL_DEVICE_LIST="$@"
+if [[ -z "$INITIAL_DEVICE_LIST" ]]; then
+   INITIAL_DEVICE_LIST=$_INITIAL_DEVICE_LIST
+fi
+
+[[ -z "$INITIAL_DEVICE_LIST" ]] && usage "No device list given"
+      
+
+## - Define (non associative) array
+## -
+declare -a inet_devices_arr
+declare -a dsl_devices_arr
+declare -a static_devices_arr
+declare -a online_devices_arr
+declare -A static_gw_arr
+declare -A dsl_gw_available_arr
+
+for _device in $INITIAL_DEVICE_LIST ; do
+   if [[ "$_device" =~ : ]]; then
+      static_gateway="${_device##*:}"
+      _device="${_device%:*}"
+      static_gw_arr[$_device]="$static_gateway"
+
+      static_devices_arr+=("$_device")
+
+   else
+      dsl_devices_arr+=("$_device")
+   fi
+   inet_devices_arr+=("$_device")
+done
+
+for _online_device in $ONLINE_DEVICE_LIST ; do
+   online_devices_arr+=("$_online_device")
+done
+
+## - Define associative array
+## -
+declare -A remote_gw_arr
+declare -A filetime_PID_arr
+for inet_device in "${online_devices_arr[@]}" ; do
+
+   if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+      remote_gw_address=`ifconfig $inet_device 2> /dev/null | grep "inet Adresse"  | cut -d":" -f3 | cut -d" " -f1`
+   else
+      remote_gw_address=${static_gw_arr[$inet_device]}
+   fi
+
+   remote_gw_arr[$inet_device]=$remote_gw_address
+   _pid_file=/var/run/${inet_device}.pid
+   if [ -f $_pid_file ]; then
+      filetime_PID_arr[$inet_device]=`stat -c %Y /var/run/${inet_device}.pid`
+   else
+      filetime_PID_arr[$inet_device]="NOT FOUND"
+   fi
+done
+
+declare -a ping_ip_arr;
+
+
+#echo "--"
+#for _key in "${!filetime_PID_arr[@]}" ; do
+#   echo "filetime_PID_arr[$_key]: ${filetime_PID_arr[$_key]}"
+#done
+#
+#for _key in "${!remote_gw_arr[@]}" ; do
+#   echo "remote_gw_arr[$_key]: ${remote_gw_arr[$_key]}"
+#done
+#
+#for _device in ${online_devices_arr[@]} ; do
+#   echo "$_device is online"
+#done
+#echo "--"
+#exit
+
+echo "" >> $log_file
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## ---" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## --- Starting script `basename $0`" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## ---" >> $log_file
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Devices configured..: ${inet_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Devices Online......: ${online_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] DSL Devices.........: ${dsl_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Static Devices......: ${static_devices_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Remote Gateways.....: ${remote_gw_arr[@]}" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## ---" >> $log_file
+
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] ## --- Initial Setup:" >> $log_file
+
+## - Initial: get ping addresses
+## -
+set_ping_addresses
+echo "" >> $log_file
+
+while true ; do
+
+   changed=false
+
+   for inet_device in "${inet_devices_arr[@]}" ; do
+
+      if $DEBUG ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] ## --- Device $inet_device" >> $log_file
+      fi
+
+      ## - Set interface name, routing tables name and, if available, remote gateway.
+      ## -
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+
+         ## - Is remote a remote gateway for this device knpn?
+         ## -
+         remote_gw_address=`ifconfig $inet_device 2> /dev/null | grep "inet Adresse"  | cut -d":" -f3 | cut -d" " -f1`
+         iface_name="dsl-`echo $inet_device | cut -d '-' -f2`"
+         rt_name="dsl_`echo $inet_device | cut -d '-' -f2`"
+         if [[ -n "$remote_gw_address" ]]; then
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Add $remote_gw_address to array dsl_gw_available_arr for DSL line $inet_device" >> $log_file
+            fi
+            dsl_gw_available_arr[$inet_device]=$remote_gw_address
+         else
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] No remote gateway found for DSL line $inet_device" >> $log_file
+            fi
+            if [[ ${dsl_gw_available_arr[$inet_device]+_} ]]; then
+               if $DEBUG; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Unset dsl_gw_available_arr for DSL line $inet_device" >> $log_file
+               fi
+               unset ${dsl_gw_available_arr[$inet_device]}
+            fi
+         fi
+      else
+         remote_gw_address=${static_gw_arr[$inet_device]}
+         iface_name=$inet_device
+         rt_name="static_`echo $inet_device | cut -d '-' -f1`"
+      fi
+
+      
+      ## ---
+      ## ---  Check if routing through this connection works
+      ## ---
+
+      ## - Notice:
+      ## -    if no remote gateway is known (remote_gw_address is empty), then we don't
+      ## -    need to test here. 
+      ## -
+      device_is_online=false
+      if [[ -n "$remote_gw_address" ]]; then
+
+
+         ## - Check if routing through this dsl connection realy works
+         ## -
+         if [ ${#ping_ip_arr[@]} -lt 1 ]; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] No ip-address for ping-test is set. Skipping test.." >> $log_file
+         else
+            failed=true
+            for _key in ${!ping_ip_arr[@]} ; do
+               /sbin/ip rule add to ${ping_ip_arr[$_key]} table $rt_name
+               if ping -q -c2 ${ping_ip_arr[$_key]} >/dev/null 2>&1 ; then
+                  if $DEBUG ; then
+                     _local_gw=`curl -4 https://meine-ip.oopen.de 2> /dev/null` 
+                     if [ -n "$_local_gw" ]; then
+                        echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Using local gateway \"$_local_gw\" for ping test" >> $log_file
+                     fi
+                     echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Ping test (to ${ping_ip_arr[$_key]}) for device \"${inet_device}\" was successful." >> $log_file
+                  fi
+                  /sbin/ip rule del to ${ping_ip_arr[$_key]} table $rt_name
+                  failed=false
+                  device_is_online=true
+                  break
+               fi
+               /sbin/ip rule del to ${ping_ip_arr[$_key]} table $rt_name
+            done
+            if $failed ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Ping test for device \"${inet_device}\" failed" >> $log_file
+               #echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Status Devices \"$inet_device\" changed" >> $log_file
+               #echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Devices \"$inet_device\" is now OFFLINE" >> $log_file
+
+               ## - Remote gateway is not reachable. So empty variable "remote_gw_address"
+               #remote_gw_address=
+
+            fi # End: if $failed
+            
+         fi # End: if [ ${#ping_ip_arr[@]} -lt 1 ]; then
+
+      fi # End: if [[ -n "$remote_gw_address" ]]
+
+
+      ## ---
+      ## --- Now check, if something has changed
+      ## ---
+
+      if $device_is_online; then
+
+         if containsElement "$inet_device" ${online_devices_arr[@]} ; then
+
+            ## - <before>  <now>
+            ## -
+            ## -  online    online
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $inet_device is still online" >> $log_file
+            fi
+
+            ## - Check if remote gateway has changed
+            ## -
+            if [ "$remote_gw_address" != "${remote_gw_arr[$inet_device]}" ]; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ WARN  ] Remote Gateway on device \"$inet_device\" has changed: ${remote_gw_arr[$inet_device]} --> $remote_gw_address" >> $log_file
+               remote_gw_arr[$inet_device]=$remote_gw_address
+
+               _pid_file=/var/run/${inet_device}.pid
+               if [ -f $_pid_file ]; then
+                  filetime_PID_arr[$inet_device]=`stat -c %Y $_pid_file`
+               fi
+               changed=true
+            else
+               if $DEBUG ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] Remote Gateway on device \"$inet_device\": still ${remote_gw_arr[$inet_device]}" >> $log_file
+               fi
+
+               ## - Test if pid-file's modify time hs changed
+               ## -
+               ## - Notice: that happens if your provider forces a reconnect (mostly one time a day
+               ## -         or in other words after 1440 minutes)
+               ## -
+               _pid_file=/var/run/${inet_device}.pid
+               if [ -f $_pid_file ]; then
+                  if [ "`stat -c %Y $_pid_file`" != "${filetime_PID_arr[$inet_device]}" ]; then
+                     echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Modify time for pid-file \"${inet_device}.pid\" has changed" >> $log_file
+                     filetime_PID_arr[$inet_device]=`stat -c %Y $_pid_file`
+                     changed=true
+                  fi
+               fi
+
+            fi
+
+         else
+            ## - <before>  <now>
+            ## -
+            ## -  offline   online
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Status Devices \"$inet_device\" changed" >> $log_file
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Devices \"$inet_device\" is now online" >> $log_file
+
+            ## - Add device to array online_devices_arr
+            ## -            
+            online_devices_arr+=("$inet_device")
+            ## - Add device to array remote_gw_arr
+            ## -
+            remote_gw_arr[$inet_device]=$remote_gw_address
+
+            _pid=/var/run/${inet_device}.pid
+            if [ -f "$_pid" ]; then
+               filetime_PID_arr[$inet_device]=`stat -c %Y /var/run/${inet_device}.pid`
+            fi
+            changed=true
+         fi # END: if containsElement "$inet_device" ${online_devices_arr[@]}
+
+      else # ELSE: if $device_is_online; then
+
+         if containsElement "$inet_device" ${online_devices_arr[@]} ; then
+
+            ## - <before>  <now>
+            ## -
+            ## -  online    offline
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Status Devices \"$inet_device\" changed" >> $log_file
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] Devices \"$inet_device\" is now OFFLINE" >> $log_file
+
+            ## - In case of DSL Device, have a look at the ppp deamon
+            ## -
+            if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+               if ps -x | grep -E "/usr/sbin/pppd\s+call\s+$iface_name" > /dev/null 2>&1 ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] pppd for \"$iface_name\" is running: Waiting another period"  >> $log_file
+               else
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Trying to start pppd for \"$inet_device\".." >> $log_file
+                  /usr/sbin/pppd call $iface_name > /dev/null 2>&1
+               fi
+            fi
+
+            ## - Remove device from array online_devices_arr
+            ## - 
+            for _index in ${!online_devices_arr[@]} ; do
+               if [ "${online_devices_arr[$_index]}" = "$inet_device" ]; then
+                  unset online_devices_arr[$_index]
+                  break
+               fi
+            done
+            ## - Also remove device from remote_gw_arr
+            ## -
+            unset remote_gw_arr[$inet_device]
+
+            ## - In case of DSL Device, kill the concerning the ppp deamon
+            ## -
+            if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+               _pid=`ps -ax | grep -e "pppd call $iface_name" | grep -v grep | awk '{print$1}'`
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Kill ppp-daemon for $iface_name (pid $_pid)" >> $log_file
+
+               kill -9 $_pid
+            fi
+
+            changed=true
+         else
+            ## - <before>  <now>
+            ## -
+            ## -  offline   offline
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $inet_device is still offline" >> $log_file
+            fi
+
+            ## - In case of DSL Device, have a look at the ppp deamon
+            ## -
+            if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+               if ps -x | grep -E "/usr/sbin/pppd\s+call\s+$iface_name" > /dev/null 2>&1 ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] pppd for \"$iface_name\" is running: Waiting another period"  >> $log_file
+               else
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Trying to start pppd for \"$inet_device\".." >> $log_file
+                  /usr/sbin/pppd call $iface_name > /dev/null 2>&1
+               fi
+            fi
+
+         fi # END: if containsElement "$inet_device" ${online_devices_arr[@]}
+
+      fi # END: if $device_is_online; then
+
+   done # End: for inet_device in "${inet_devices_arr[@]}"
+
+
+   if $changed ; then
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Status Online Devices changed" >> $log_file
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Online Devices: ${online_devices_arr[@]}" >> $log_file
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Warn  ] Reconfigure Routing: invoking script \"$netconfig_script\".." >> $log_file
+      if [[ -z "${online_devices_arr[@]}" ]]; then
+         if $DEBUG ; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $netconfig_script $INITIAL_DEVICE_LIST" >> $log_file 
+         fi
+
+         $netconfig_script $INITIAL_DEVICE_LIST > /dev/null 2>&1
+      else
+         
+         _LIST=
+         for _device in ${online_devices_arr[@]} ; do
+            _LIST="$_LIST $_device"
+         done
+         _LIST=`echo "${_LIST}" | sed -e 's/^[ \t]*//'`
+         if $DEBUG ; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Debug ] $netconfig_script -l \"$_LIST\" $INITIAL_DEVICE_LIST" >> $log_file 
+         fi
+         $netconfig_script -l "$_LIST" $INITIAL_DEVICE_LIST > /dev/null 2>&1
+      fi
+
+      datum=`date +"%d.%m.%Y"`
+      msg="[ `date +\"%H:%M:%S\"` ]: Status Online Devices changed..\n              Online Devices: ${online_devices_arr[@]}\n\n              Script \"$netconfig_script\" was invoked to reconfigure routing."
+      echo -e "To:${admin_email}\n${content_type}\nSubject:DSL Status changed $company -- $datum\n\n${msg}\n" | /usr/sbin/sendmail -F "DSL Monitoring $company" -f $from_address $admin_email 2> /dev/null
+   fi # END if $changed
+
+
+   ## - Set IP-adresses for Ping-Test at next run
+   ## -
+   if [[ ${#online_devices_arr[@]} -gt 0 ]]; then
+
+      ## - Try to set IP-Addresses for ping test
+      ## -
+      set_ping_addresses
+
+   elif [[ ${#dsl_gw_available_arr[@]} -gt 0 ]]; then
+
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Try to set default gateway to an existing DSL line .." >> $log_file
+
+      __set_default_gatway=false
+      default_gw_deleted=false
+
+      for _device in "${dsl_devices_arr[@]}" ; do
+
+         if $DEBUG ; then
+            echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Device: $_device - Gateway: ${dsl_gw_available_arr[$_device]}" >> $log_file
+         fi
+
+         if [[ -n "${dsl_gw_available_arr[$_device]}" ]]; then
+
+            ## - Delete old default route
+            ## -
+            if ! $default_gw_deleted ; then
+               if $DEBUG ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route delete default" >> $log_file
+                  /sbin/ip route delete default >> $log_file 2>&1
+               else
+                  /sbin/ip route delete default > /dev/null 2>&1
+               fi
+               default_gw_deleted=true
+            fi
+            
+            ## - Try to set default gateway to this DSL connection
+            ## -
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route add default via ${dsl_gw_available_arr[$_device]} dev $_device" >> $log_file
+               /sbin/ip route add default via ${dsl_gw_available_arr[$_device]} dev $_device >> $log_file 2>&1
+            else
+               /sbin/ip route add default via ${dsl_gw_available_arr[$_device]} dev $_device > /dev/null 2>&1
+            fi
+            if [[ "$?" == "0" ]]; then
+               __set_default_gatway=true
+               break
+            fi
+         fi
+
+      done # END: for _device in "${inet_devices_arr[@]}"
+
+      if ! $__set_default_gatway ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] No default gateway (for DSL Device ${_device}) is set!"  >> $log_file
+      else
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Default gateway on DSL Device $_device is set to ${inet_devices_arr[$_device]}"  >> $log_file 
+
+
+         ## - Try to set IP-Addresses for ping test
+         ## -
+         set_ping_addresses
+      fi
+
+   elif [[  ${#static_devices_arr[@]} -gt 0 ]]; then
+
+      echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Try to set default gateway to an existing static line .." >> $log_file
+
+      __set_default_gatway=false
+      default_gw_deleted=false
+
+      for _device in "${static_devices_arr[@]}" ; do
+
+            ## - Delete old default route
+            ## -
+            if ! $default_gw_deleted ; then
+               if $DEBUG ; then
+                  echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route delete default" >> $log_file
+                  /sbin/ip route delete default >> $log_file 2>&1
+               else
+                  /sbin/ip route delete default > /dev/null 2>&1
+               fi
+               default_gw_deleted=true
+            fi
+
+            ## - Set new default route
+            ## -
+            if $DEBUG ; then
+               echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device" >> $log_file
+               /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device >> $log_file 2>&1
+            else
+               /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device > /dev/null 2>&1
+            fi
+
+            if [[ "$?" == 0 ]] ; then
+               __set_default_gatway=true
+               break
+            fi
+      done
+
+      if ! $__set_default_gatway ; then
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Error ] No default gateway is set!"  >> $log_file
+      else
+         echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Default gateway is set to ${static_gw_arr[$_device]}"  >> $log_file
+
+         ## - Try to set IP-Addresses for ping test
+         ## -
+         set_ping_addresses
+
+      fi
+
+   fi # if [[ ${#online_devices_arr[@]} -gt 0 ]]
+
+   sleep 30
+
+done
+
+exit 0
diff --git a/ReachOut/sbin/ipt-firewall-gateway b/ReachOut/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..5be1a57
--- /dev/null
+++ b/ReachOut/sbin/ipt-firewall-gateway
@@ -0,0 +1,3947 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/ReachOut/sbin/netconfig.sh b/ReachOut/sbin/netconfig.sh
new file mode 100755
index 0000000..bce0dee
--- /dev/null
+++ b/ReachOut/sbin/netconfig.sh
@@ -0,0 +1,993 @@
+#!/usr/bin/env bash
+
+## -------------------------------------------------------------------
+## --- All Configurations ill be done in /etc/check_net/check_net.conf
+## -------------------------------------------------------------------
+
+## - Load Configuration
+## -
+source /etc/check_net/check_net.conf
+
+
+## ------------------
+## --- Some functions
+## ------------------
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+fatal(){
+   echo ""
+   echo -e "[ \033[31m\033[1mError\033[m ]: $*"
+   echo ""
+   echo -e "\t\033[31m\033[1mScript is canceled\033[m\033[m"
+   echo ""
+
+   echo "" >> $log_file
+   echo "[ Error ]: $*" >> $log_file
+   echo "" >> $log_file
+   echo "           Script is canceled." >> $log_file
+   echo "" >> $log_file
+
+   exit 1
+}
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
+usage() {
+   echo 
+   [ -n  "$1" ] && echo -e "[ \033[1;31mError\033[m ] : $1\n"
+
+echo -e "   Usage:"
+echo -e "          \033[1m`basename $0` [OPTIONS] <device1> <device2> ..\033[m"
+echo ""
+echo -e "   This script configures the default route, especially if more than one"
+echo -e "   route to the internet exists. Also the routing tables are managed by this"
+echo -e "   script."
+echo ""
+echo -e "   The Parameter \033[1mdevice list\033[m contains all network devices, which should have"
+echo -e "   a connection to the Internet. Tha can be DSL lines as well as static lines."
+echo -e "   The declaration of the device list is mandatory."
+echo ""
+echo -e "   \033[1mNotice\033[m"
+echo -e "      Declare the device list in the order of your preferred default gatway devices."
+echo ""
+echo -e "   \033[1mNotice\033[m"
+echo -e "      On static line devices \033[1mappend \":<gateway>\033[m. This is very important,"
+echo -e "      otherwise this script will \033[1mNOT work as expected\033[m."
+echo ""
+echo -e "   If this script is invoked with option \033[1m-m\033[m, another script called \033[1m`basename $check_script`\033[m"
+echo -e "   will be triigered to monitor the devices and informs about changes (online/offline"
+echo -e "   status) of the given devices. If the status of a line has changed, this script"
+echo -e "   is reinvoked by the monitoring script \033[1m`basename $check_script`\033[m to reconfigure"
+echo -e "   the routing."
+echo ""
+echo -e "   Options:"
+echo ""
+echo -e "      \033[1m-h\033[m"
+echo -e "         Prints this help\033[m"
+echo ""   
+echo -e "      \033[1m-l <list of online devices>\033[m"
+echo -e "         List of all (internet) devices known as online. Usually, this option will"
+echo -e "         be used by triggering this script from check script \033[1m`basename $check_script`\033[m."
+echo ""   
+echo -e "      \033[1m-m\033[m"
+echo -e "          Activates monitoring of the given network devices."
+echo ""
+echo -e "   Example:"
+echo -e "      - Simply configure routing for devices \"$_INITIAL_DEVICE_LIST\""
+echo -e "            \033[1m`basename $0` $_INITIAL_DEVICE_LIST\033[m"
+echo ""
+echo -e "      - Configure routing for devices \"$_INITIAL_DEVICE_LIST\" and activate monitoring"
+echo -e "            \033[1m`basename $0` -m $_INITIAL_DEVICE_LIST\033[m"
+echo ""
+
+exit 1
+}
+
+if [[ ! -f "$check_script" ]] ; then 
+   fatal "Check script \033[1m$check_script\033[m not found!" 
+fi
+ 
+if [[ "`which sipcalc`" == "" ]]; then
+   fatal "\033[1msipcalc\033[m must be installed to run this script"
+fi
+
+if [[ $EUID -ne 0 ]]; then
+   fatal "This script must be run as root" 1>&2
+fi
+
+## ---
+## --- Configure
+## ---
+
+_monitoring=false
+ONLINE_DEVICE_LIST=
+while getopts hl:m opt ; do
+   case $opt in
+      h) usage
+         ;;
+      l) ONLINE_DEVICE_LIST=$OPTARG
+         ;;
+      m) _monitoring=true
+         ;;
+   esac
+done
+
+shift `expr $OPTIND - 1`
+
+INITIAL_DEVICE_LIST="$@"
+if [[ -z "$INITIAL_DEVICE_LIST" ]]; then
+   INITIAL_DEVICE_LIST=$_INITIAL_DEVICE_LIST
+fi
+
+[[ -z "$INITIAL_DEVICE_LIST" ]] && usage "No device list given"
+
+## - Define (non associative) array
+## -
+declare -a inet_devices_arr
+declare -a dsl_devices_arr
+declare -a static_devices_arr
+declare -a online_devices_arr
+declare -A static_gw_arr
+
+for _device in $INITIAL_DEVICE_LIST ; do
+   if [[ "$_device" =~ : ]]; then
+      static_gateway="${_device##*:}"
+      _device="${_device%:*}"
+      static_gw_arr[$_device]="$static_gateway"
+
+      static_devices_arr+=("$_device")
+
+   else
+      dsl_devices_arr+=("$_device")
+   fi
+   inet_devices_arr+=("$_device")
+done
+
+for _online_device in $ONLINE_DEVICE_LIST ; do
+   online_devices_arr+=("$_online_device")
+done
+
+
+#echo "All Devices:"
+#for _device in "${inet_devices_arr[@]}" ; do
+#   echo -e "\t$_device"
+#done
+#echo "Online Devices:"
+#for _device in "${online_devices_arr[@]}" ; do
+#   echo -e "\t$_device"
+#done
+#
+#for inet_device in "${inet_devices_arr[@]}" ; do
+#   if [ -n "$ONLINE_DEVICE_LIST" ]; then
+#      if ! containsElement "$inet_device" "${online_devices_arr[@]}" ; then
+#         echo "$inet_device is offline"
+#         continue
+#      fi
+#   fi
+#done
+#
+#echo ""
+#exit
+
+
+## - Define associative arrays
+## -
+declare -A default_gw_arr 
+declare -A gw_connection_arr
+
+declare -i number_rt_table=0
+
+
+## ---
+## --- Start
+## ---
+
+#echo "" >> $log_file
+#echo "" >> $log_file
+#echo "#############################" >> $log_file
+#echo "### ---" >> $log_file
+#echo "### --- [ `date +'%Y-%m-%d %H:%M'` ]: Starting Script `basename $0`.." >> $log_file
+#echo "### ---                       Devices all:    $INITIAL_DEVICE_LIST" >> $log_file
+#echo "### ---                       Devices online: $ONLINE_DEVICE_LIST" >> $log_file
+#echo "### ---" >> $log_file
+#echo "### ---" >> $log_file
+#echo "#############################" >> $log_file
+
+echo "" >> $log_file
+echo "`date +'%Y-%m-%d %H:%M:%S'` [ Info  ] Starting Script `basename $0`.." >> $log_file
+echo "                              Devices all:    $INITIAL_DEVICE_LIST" >> $log_file
+echo "                              Devices online: $ONLINE_DEVICE_LIST" >> $log_file
+
+configured=false
+if $_monitoring ; then
+   max_attempts=20
+else
+   max_attempts=1
+fi
+declare -i _try_number=0
+declare -i prio=0
+
+while  ! $configured && [ $_try_number -lt $max_attempts ]  ; do
+
+   let _try_number++
+
+   if [ $_try_number -gt 1 ]; then
+      echo "" >> $log_file
+      echo "# --- sleeping 2 seconds before attempt number $_try_number" >> $log_file
+      sleep 2
+   fi
+
+   number_rt_table=0
+
+   #for inet_device in "${dsl_devices_arr[@]}" ; do
+   for inet_device in "${inet_devices_arr[@]}" ; do
+
+      ## - Create routing table name
+      ## - 
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then      
+         __name=`echo $inet_device | cut -d '-' -f2`
+         rt_name="dsl_$__name"
+      else
+         __name=`echo $inet_device | cut -d '-' -f1`
+         rt_name="static_$__name"
+      fi
+
+      if ! $_monitoring ; then
+
+         ## - Check if device was reported (from check script) as offline
+         ## -
+         _offline=false
+         if [ -n "$ONLINE_DEVICE_LIST" ]; then
+            if ! containsElement "$inet_device" "${online_devices_arr[@]}" ; then
+               _offline=true
+            fi
+         else
+            _offline=true
+         fi
+
+         ## - Cleanup routing tables
+         ## -
+         if $_offline ; then
+
+            if $LOGGING_CONSOLE ; then
+               echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" was reported to be down !"
+               echo -e "\t           So device \"$inet_device\" will be excluded from routing."
+            fi
+
+            echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" was reported to be down !" >> $log_file
+            echo -e "\t           So device \"$inet_device\" will be excluded from routing." >> $log_file
+
+            ## - Delete all existing entries of this routing table
+            ## -
+            echo "" >> $log_file
+            echo "## - Delete all existing entries of routing table \"$rt_name\"" >> $log_file
+            echo "## -" >> $log_file
+            echo "/sbin/ip route flush table $rt_name" >> $log_file
+            /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+            if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 ; then
+               ## - Delete all rules concerning table $rt_name
+               ## -
+               echo "" >> $log_file
+               echo "## - Delete all rules concerning routing table $rt_name" >> $log_file
+               echo "## -" >> $log_file
+               while read line ; do
+                  direction=`echo $line | awk '{print$2}'`
+                  ip=`echo $line | awk '{print$3}'`
+                  echo "/sbin/ip rule delete $direction $ip table $rt_name"  >> $log_file
+                  /sbin/ip rule delete $direction $ip table $rt_name
+               done < <(/sbin/ip rule | grep $rt_name)
+               echo "" >> $log_file
+            fi # End: if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 
+
+            continue
+
+         fi # End: if $_offline
+      fi # End: if ! $_monitoring ; then
+
+      let number_rt_table="$number_rt_table+100"
+      prio=0
+
+
+      ## - Add new routing table to /etc/iproute2/rt_tables
+      ## - if not yet exists
+      ## -
+      if ! grep $rt_name /etc/iproute2/rt_tables > /dev/null 2>&1 ; then
+
+         echo "" >> $log_file
+         echo "## - Add new routing table to /etc/iproute2/rt_tables" >> $log_file
+         echo "## -" >> $log_file
+         echo "echo \"$number_rt_table $rt_name\" >> /etc/iproute2/rt_tables" >> $log_file
+
+         echo -e "$number_rt_table\t$rt_name" >> /etc/iproute2/rt_tables
+      fi
+
+      ## - Is the device present and has local Address ?
+      ## -
+      local_gw_address=`ifconfig $inet_device 2> /dev/null | grep "inet Adresse" | cut -d":" -f2 | cut -d" " -f1`
+      if [ -z $local_gw_address ]; then
+         if $LOGGING_CONSOLE ; then
+            echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !"
+            echo -e "\t           No local address was found."
+         fi
+
+         echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !" >> $log_file
+         echo -e "\t           No local address was found." >> $log_file
+
+
+         ## - Cleanup routing tables
+         ## -
+         ## - Delete all existing entries of this routing table
+         ## -
+         echo "" >> $log_file
+         echo "## - Delete all existing entries of this routing table" >> $log_file
+         echo "## -" >> $log_file
+         echo "/sbin/ip route flush table $rt_name" >> $log_file
+         /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+         if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 ; then
+            ## - Delete all rules concerning table $rt_name
+            ## -
+            echo "" >> $log_file
+            echo "## - Delete all rules concerning routing table $rt_name" >> $log_file
+            echo "## -" >> $log_file
+            while read line ; do
+               direction=`echo $line | awk '{print$2}'`
+               ip=`echo $line | awk '{print$3}'`
+               echo "/sbin/ip rule delete $direction $ip table $rt_name"  >> $log_file
+               /sbin/ip rule delete $direction $ip table $rt_name
+            done < <(/sbin/ip rule | grep $rt_name)
+            echo "" >> $log_file
+         fi
+
+         continue
+      fi # End: if [ -z $local_gw_address ]
+
+      ## - Is the DSL-device known and has remote Address ?
+      ## -
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+         remote_gw_address=`ifconfig $inet_device 2> /dev/null | grep "inet Adresse"  | cut -d":" -f3 | cut -d" " -f1`
+         remote_gw_net="$remote_gw_address/32"
+      else
+         net_address=`sipcalc $inet_device 2> /dev/null | grep -i -e "^network\s*address\s*-" | awk '{print$4}'`
+         remote_gw_address=${static_gw_arr[$inet_device]}
+         _netmask_bits=`sipcalc $inet_device 2> /dev/null | grep -i -e "Network\s*mask\s*(bits)" | awk '{print$5}'`
+         remote_gw_net="${net_address}/$_netmask_bits"
+      fi
+      if [ -z $remote_gw_address ]; then
+         if $LOGGING_CONSOLE ; then
+            echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !"
+            echo -e "\t           No remote gateway was found."
+         fi
+
+
+         echo -e "\n\t[ Error ]: Connection at interface \"$inet_device\" seems to be down !" >> $log_file
+         echo -e "\t           No remote gateway was found." >> $log_file
+
+         ## - Cleanup routing tables
+         ## -
+         ## - Delete all existing entries of this routing table
+         ## -
+         echo "" >> $log_file
+         echo "## - Delete all existing entries of this routing table" >> $log_file
+         echo "## -" >> $log_file
+         echo "/sbin/ip route flush table $rt_name" >> $log_file
+         /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+         if /sbin/ip rule | grep $rt_name > /dev/null 2>&1 ; then
+            ## - Delete all rules concerning table $rt_name
+            ## -
+            echo "" >> $log_file
+            echo "## - Delete all rules concerning routing table $rt_name" >> $log_file
+            echo "## -" >> $log_file
+            while read line ; do
+               direction=`echo $line | awk '{print$2}'`
+               ip=`echo $line | awk '{print$3}'`
+               echo "/sbin/ip rule delete $direction $ip table $rt_name"  >> $log_file
+               /sbin/ip rule delete $direction $ip table $rt_name
+            done < <(/sbin/ip rule | grep $rt_name)
+            echo "" >> $log_file
+         fi
+
+         continue
+      fi
+
+      ## - Device already configured by that script?
+      ## -
+      if [ ${default_gw_arr[$inet_device]+_} ] ; then
+         continue
+      fi
+ 
+
+      # -
+      # - Ready to start configuration for that device
+      # - 
+      echo "" >> $log_file
+      echo "# ---" >> $log_file
+      if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+         echo "# --- Routing Table for (DSL) network device \"$inet_device\" was created" >> $log_file
+      else
+         echo "# --- Routing Table for (static line) network device \"$inet_device\"" >> $log_file
+      fi
+      echo "# ---" >> $log_file
+
+      if $LOGGING_CONSOLE ; then
+         echo
+         echo
+         if containsElement "$inet_device" "${dsl_devices_arr[@]}" ; then
+            echo -e "\t--- DSL Connection at interface $inet_device"
+         else
+            echo -e "\t--- Static Connection at interface $inet_device"
+         fi
+         echo -e "\t---"
+         echo -e "\tRouting Table Name..: $rt_name"
+         echo
+         echo -e "\tInterface...........: $inet_device"
+         echo
+         echo -e "\tLocal GW address....: $local_gw_address"
+         echo -e "\tRemote GW address...: $remote_gw_address"
+         echo -e "\tRemote network......: $remote_gw_net"
+         echo
+      fi
+      echo "# --- Routing Table Name..: $rt_name" >> $log_file
+      echo "# --- " >> $log_file
+      echo "# --- Interface...........: $inet_device" >> $log_file
+      echo "# --- " >> $log_file
+      echo "# --- Local GW address....: $local_gw_address" >> $log_file
+      echo "# --- Remote GW address...: $remote_gw_address" >> $log_file
+      echo "# --- Remote network......: $remote_gw_net" >> $log_file
+      echo "# --- " >> $log_file
+
+      ## - Read routing table from output of "netstat -rn"
+      ## -
+      routing_table_main_arr=()
+      while read  _destination _gateway _genmask _flags _mss _window _irtt _iface; do 
+         if [ "$_destination" = "Destination" -o "$_destination" = "Kernel" \
+            -o "$_destination" = "Ziel" -o "$_destination" = "Kernel-IP-Routentabelle" ]; then 
+               continue 
+         fi  
+         routing_table_main_arr+=("$_destination $_gateway $_genmask $_iface")
+      done < <(netstat -rn)
+
+      ## - First delete all existing entries of this routing table
+      ## -
+      echo "" >> $log_file
+      echo "## - First delete all existing entries of this routing table" >> $log_file
+      echo "## -" >> $log_file
+      echo "/sbin/ip route flush table $rt_name" >> $log_file
+      /sbin/ip route flush table $rt_name >> $log_file 2>&1
+
+
+      ## - Add loopback device to routing table $rt_name
+      ## -
+      echo "" >> $log_file
+      echo "## - Add loopback device to routing table $rt_name " >> $log_file
+      echo "## -" >> $log_file
+      echo "/sbin/ip route add 127.0.0.0/8 dev lo table table $rt_name" >> $log_file
+      /sbin/ip route add 127.0.0.0/8 dev lo table $rt_name >> $log_file 2>&1
+
+
+      ## - Add routing tables of all (local) network interfaces
+      ## -
+      echo "" >> $log_file
+      echo "## - Add routing tables of all (local) network interfaces" >> $log_file
+      echo "## -" >> $log_file
+      for _entry in "${routing_table_main_arr[@]}" ; do
+         dest=`echo $_entry | cut -d " " -f1`
+         gateway=`echo $_entry | cut -d " " -f2`
+         genmask=`echo $_entry | cut -d " " -f3`
+         iface=`echo $_entry | cut -d " " -f4`
+
+         ## - We will set default route later..
+         ## -
+         if  [ "$dest" = "0.0.0.0" ]; then
+            continue
+         fi
+
+         ## - Is this a "ppp"-device ?
+         ## -
+         if [[ "$iface" =~ "ppp" ]]; then
+            continue
+         fi
+
+         if [ "$dest" = "$remote_gw_address" ]; then
+            continue
+         fi
+
+         if [ "$gateway" = "0.0.0.0" ]; then
+            echo "/sbin/ip route add ${dest}/$genmask dev $iface table $rt_name" >> $log_file
+            /sbin/ip route add ${dest}/$genmask dev $iface table $rt_name >> $log_file 2>&1
+         else
+            echo "/sbin/ip route add ${dest}/$genmask via $gateway table $rt_name" >> $log_file
+            /sbin/ip route add ${dest}/$genmask via $gateway table $rt_name >> $log_file 2>&1
+         fi
+      done
+
+      ## - Add this connection to the routing table
+      ## -
+      echo "" >> $log_file
+      echo "## - Add this connection to the routing table $rt_name" >> $log_file
+      echo "## -" >> $log_file
+
+      if $USE_REMOTE_GATEWAY_ADDRESS ; then
+         ## - Remote Network: $remote_gw_net
+         ## -
+         echo "/sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address table $rt_name" >> $log_file
+         /sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address table $rt_name >> $log_file 2>&1
+      else
+         ## - Remote Network: 0.0.0.0
+         ## -
+         echo "/sbin/ip route add 0.0.0.0 dev $inet_device src $local_gw_address table $rt_name" >> $log_file
+         /sbin/ip route add 0.0.0.0 dev $inet_device src $local_gw_address table $rt_name >> $log_file 2>&1
+      fi
+
+      if $SET_MULTIPLE_DEFAULT_GW ; then
+         if /sbin/ip route show table main | grep -e "^$remote_gw_address" | grep $inet_device  > /dev/null 2>&1 ; then
+            echo "" >> $log_file
+            echo "## - Delete route via (dsl remote) host $remote_gw_address" >> $log_file
+            echo "## -"
+            echo "/sbin/ip route delete $remote_gw_address dev $inet_device" >> $log_file
+            /sbin/ip route delete $remote_gw_address dev $inet_device >> $log_file 2>&1
+         fi
+
+         echo "" >> $log_file
+         echo "## - Add this connection also to the main routing table" >> $log_file
+         echo "## -" >> $log_file
+         echo "/sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address" >> $log_file
+         /sbin/ip route add $remote_gw_net dev $inet_device src $local_gw_address >> $log_file 2>&1
+      fi
+
+      ## - Remeber that route in order to add it to the routing table
+      ## - of other connections
+      ## -
+      gw_connection_arr[$inet_device]="$remote_gw_net $local_gw_address" 
+      
+
+      ## - Add the connections associated gateway as default gateway for this
+      ## - routing table
+      ## -
+      echo "" >> $log_file
+      echo "## - Add the connections associated gateway as default gateway for this" >> $log_file
+      echo "## - routing table" >> $log_file
+      echo "## -" >> $log_file
+
+      if $USE_REMOTE_GATEWAY_ADDRESS ; then
+         ## - Default Gatway: $remote_gw_address
+         ## -
+         #echo "/sbin/ip route add default via $remote_gw_address dev $inet_device table $rt_name" >> $log_file
+         #/sbin/ip route add default via $remote_gw_address dev $inet_device table $rt_name >> $log_file 2>&1
+         echo "/sbin/ip route add default via $remote_gw_address table $rt_name" >> $log_file
+         /sbin/ip route add default via $remote_gw_address table $rt_name >> $log_file 2>&1
+      else
+         ## - Default Gatway: 0.0.0.0
+         ## -
+         echo "/sbin/ip route add default via 0.0.0.0 dev $inet_device table $rt_name" >> $log_file
+         /sbin/ip route add default via 0.0.0.0 dev $inet_device table $rt_name >> $log_file 2>&1
+      fi
+
+
+      ## - Make sure that a reply goes out over the same connection as came in
+      ## - 
+      echo "" >> $log_file
+      echo "## - Make sure that a reply goes out over the same connection as came in" >> $log_file
+      echo "## -" >> $log_file
+
+      if ! /sbin/ip rule | grep "from $local_gw_address" > /dev/null 2>&1 ; then
+         let prio="$number_rt_table"
+         echo "/sbin/ip rule add from $local_gw_address table $rt_name prio $prio" >> $log_file
+         /sbin/ip rule add from $local_gw_address table $rt_name prio $prio >> $log_file 2>&1
+         #let prio="10+$prio"
+         #echo "/sbin/ip rule add to $local_gw_address table $rt_name prio $prio" >> $log_file
+         #/sbin/ip rule add to $local_gw_address table $rt_name prio $prio >> $log_file 2>&1
+      else
+         let prio="1010+$number_rt_table"
+         echo -e "#\t[ info ]: Rule already exists.." >> $log_file
+      fi
+
+
+      ## ---
+      ## --- Special Routing (local) IP-Address OUT
+      ## ---
+
+      if [[ ${#rule_local_ip_arr[@]} -gt 0 ]] ; then
+
+         let prio="1000+${number_rt_table}+10"
+
+         for _val in "${rule_local_ip_arr[@]}" ; do
+
+            IFS=':' read -a _val_arr <<< "${_val}"
+
+            if [[ "${_val_arr[0]}" = "$inet_device" ]]; then
+
+               echo "" >> $log_file
+               echo "## - Rule ${prio}: from ${_val_arr[1]} through ${_val_arr[0]}" >> $log_file
+               echo "## -" >> $log_file
+               if ! /sbin/ip rule | grep "from ${_val_arr[1]} " > /dev/null 2>&1 ; then
+                  echo "/sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio" >> $log_file
+                  /sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio >> $log_file 2>&1
+               else
+                  echo "# Rule already exists" >> $log_file
+               fi
+               prio="10+$prio"
+            fi
+         done
+      fi
+
+
+
+      ## ---
+      ## --- Special Routing (remote) Services
+      ## ---
+
+      if [[ ${#rule_remote_ip_arr[@]} -gt 0 ]] ; then
+
+         let prio="5000+${number_rt_table}+10"
+
+         for _val in "${rule_remote_ip_arr[@]}" ; do
+
+            IFS=':' read -a _val_arr <<< "${_val}"
+
+            if [[ "${_val_arr[0]}" = "$inet_device" ]]; then
+
+               echo "" >> $log_file
+               echo "## - Rule ${prio}: to ${_val_arr[1]} through ${_val_arr[0]}" >> $log_file
+               echo "## -" >> $log_file
+               if ! /sbin/ip rule | grep "to ${_val_arr[1]} " > /dev/null 2>&1 ; then
+                  echo "/sbin/ip rule add to ${_val_arr[1]} table $rt_name prio $prio" >> $log_file
+                  /sbin/ip rule add to ${_val_arr[1]} table $rt_name prio $prio >> $log_file 2>&1
+               else
+                  echo "# Rule already exists" >> $log_file
+               fi
+               prio="10+$prio"
+            fi
+         done
+      fi
+
+
+      ## ---
+      ## --- Special Routing Networks
+      ## ---
+
+      if [[ ${#rule_local_net_arr[@]} -gt 0 ]] ; then
+
+         let prio="10000+${number_rt_table}+10"
+
+         for _val in "${rule_local_net_arr[@]}" ; do
+
+            IFS=':' read -a _val_arr <<< "${_val}"
+
+            if [[ "${_val_arr[0]}" = "$inet_device" ]]; then
+
+               echo "" >> $log_file
+               echo "## - Rule ${prio}: from ${_val_arr[1]} through ${_val_arr[0]}" >> $log_file
+               echo "## -" >> $log_file
+               if ! /sbin/ip rule | grep "from ${_val_arr[1]} " > /dev/null 2>&1 ; then
+                  echo "/sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio" >> $log_file
+                  /sbin/ip rule add from ${_val_arr[1]} table $rt_name prio $prio >> $log_file 2>&1
+               else
+                  echo "# Rule already exists" >> $log_file
+               fi
+               prio="10+$prio"
+            fi
+         done
+      fi
+
+
+      ## - Add this connection to the routing tables of other already configured dsl-connections
+      ## -
+      ## - Note:
+      ## -    Connections which will be configured later at this loop will
+      ## -    not have that connection in their routing tables. So you have 
+      ## -    to add missing routes at the end (after that loop has finisched).
+      ## -
+      ## -    _key is eqal to the ppp-device
+      ## -
+      for _key in "${!gw_connection_arr[@]}"; do
+
+         if containsElement "$_key" "${dsl_devices_arr[@]}" ; then      
+            __name=`echo $_key | cut -d '-' -f2`
+            _rt_name="dsl_$__name"
+         else
+            __name=`echo $_key | cut -d '-' -f1`
+            _rt_name="static_$__name"
+         fi
+         if [[ "$_rt_name" == "$rt_name" ]]; then
+            continue
+         fi
+
+         _local_gw_address=`echo ${gw_connection_arr[$_key]} | cut -d " " -f2`
+         _remote_gw_net=`echo ${gw_connection_arr[$_key]} | cut -d " " -f1`
+         echo "" >> $log_file
+         echo "## - Add this connection to the routing table \"$_rt_name\"" >> $log_file
+         echo "## -" >> $log_file
+
+         if $USE_REMOTE_GATEWAY_ADDRESS ; then
+            ## - Remote Network: $_remote_gw_net
+            ## -
+            if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw_net\s+dev\s+$_key" >/dev/null 2>&1 ; then
+               _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+               if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw\s+dev\s+$_key" >/dev/null 2>&1 ; then
+                  echo "/sbin/ip route add $_remote_gw_net dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+                  /sbin/ip route add $_remote_gw_net dev $_key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               else
+                  echo -e "#\t[ info ]: Connection through $_key is already part of table $_rt_name" >> $log_file
+               fi
+            fi
+         else
+            ## - Remote Network: 0.0.0.0
+            ## -
+            if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$_key" >/dev/null 2>&1 ; then
+               _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+               if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$_key" >/dev/null 2>&1 ; then
+                  echo "/sbin/ip route add 0.0.0.0 dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+                  /sbin/ip route add 0.0.0.0 dev $_key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               else
+                  echo -e "#\t[ info ]: Connection through $_key is already part of table $_rt_name" >> $log_file
+               fi
+            fi
+         fi
+      done 
+
+
+      ## - Add this gateway data to the array concerning all outgoing gatways 
+      ## -
+      #default_gw_arr[$inet_device]="$local_gw_address"
+      default_gw_arr[$inet_device]="$remote_gw_address"
+
+
+      if $SET_MULTIPLE_DEFAULT_GW ; then
+
+         default_gw_arg=""
+         for _key in "${!default_gw_arr[@]}"; do
+
+            if $USE_DEFAULT_GW_ADDRESS ; then
+               ## - Default Gateway: $remote_gw_address
+               ## -
+               default_gw_arg="$default_gw_arg nexthop via ${default_gw_arr[$_key]} dev $_key weight 1"
+            else
+               ## - Default Gateway: 0.0.0.0
+               ## -
+               default_gw_arg="$default_gw_arg nexthop via 0.0.0.0 dev $_key weight 1"
+            fi
+
+         done 
+         if [ -n "$default_gw_arg" ] ; then
+            echo "" >> $log_file
+            echo "## - Add multiple default gateways" >> $log_file
+            echo "## -" >> $log_file
+            echo "/sbin/ip route delete default" >> $log_file
+            /sbin/ip route delete default >> $log_file 2>&1
+            echo "/sbin/ip route add default scope global $default_gw_arg" >> $log_file
+            /sbin/ip route add default scope global $default_gw_arg >> $log_file 2>&1
+         else
+            echo "" >> $log_file
+            echo "## -" >> $log_file
+            echo "## - [ Warning]: No default gateway found!" >> $log_file
+            echo "## -" >> $log_file
+         fi
+
+      fi
+
+
+
+      ## - Notice:
+      ## - It is possible to first make a number of changes and then flush 
+      ## - the cache so that all of the changes will be implemented simultaneously. 
+      ## - This is actually convenient when working on an active router. 
+      ## -
+      echo "" >> $log_file
+      echo "## - Flush table cache" >> $log_file
+      echo "## -" >> $log_file
+      echo "/sbin/ip route flush table cache" >> $log_file
+      /sbin/ip route flush table cache >> $log_file 2>&1
+
+      echo "" >> $log_file
+
+      if [ ${#default_gw_arr[@]} -eq ${#inet_devices_arr[@]} ]; then
+         configured=true
+      fi
+
+   done
+
+done
+
+
+## - Some dsl-connections maybe not known to all routing tables. So add
+## - the missing routes to the appropriate tables..
+## -
+echo "" >> $log_file
+echo "" >> $log_file
+echo "## - Some dsl-connections maybe not known to all routing tables. So add" >> $log_file
+echo "## - the missing routes to the appropriate tables.." >> $log_file
+echo "## -" >> $log_file
+_changed=false
+
+if $USE_REMOTE_GATEWAY_ADDRESS ; then
+   ## - Remote Network: $_remote_gw_net
+   ## -
+   for _key in "${!gw_connection_arr[@]}"; do
+
+      if containsElement "$_key" "${dsl_devices_arr[@]}" ; then      
+         __name=`echo $_key | cut -d '-' -f2`
+         _rt_name="dsl_$__name"
+      else
+         __name=`echo $_key | cut -d '-' -f1`
+         _rt_name="static_$__name"
+      fi
+
+      echo "# Routing Table \"$_rt_name\"" >> $log_file
+      for __key in "${!gw_connection_arr[@]}"; do
+         _local_gw_address=`echo ${gw_connection_arr[$__key]} | cut -d " " -f2`
+         _remote_gw_net=`echo ${gw_connection_arr[$__key]} | cut -d " " -f1`
+         if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw_net\s+dev\s+$__key" >/dev/null 2>&1 ; then
+            _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+            if ! /sbin/ip route show table $_rt_name | egrep "^$_remote_gw\s+dev\s+$__key" >/dev/null 2>&1 ; then
+               #echo "/sbin/ip route add $_remote_gw_net dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+               #/sbin/ip route add $_remote_gw_net dev $__key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               echo "/sbin/ip route add $_remote_gw dev $__key table $_rt_name" >> $log_file
+               /sbin/ip route add $_remote_gw dev $__key table $_rt_name >> $log_file 2>&1
+               _changed=true
+            else
+               echo -e "#\t[ info ]: Connection through $__key is already part of table $_rt_name" >> $log_file
+            fi
+         fi
+      done
+   done
+else
+   ## - Remote Network: 0.0.0.0
+   ## -
+   for _key in "${!gw_connection_arr[@]}"; do
+
+
+      if containsElement "$_key" "${dsl_devices_arr[@]}" ; then      
+         __name=`echo $_key | cut -d '-' -f2`
+         _rt_name="dsl_$__name"
+      else
+         __name=`echo $_key | cut -d '-' -f1`
+         _rt_name="static_$__name"
+      fi
+
+      echo "# Routing Table \"$_rt_name\"" >> $log_file
+      for __key in "${!gw_connection_arr[@]}"; do
+         _local_gw_address=`echo ${gw_connection_arr[$__key]} | cut -d " " -f2`
+         _remote_gw_net=`echo ${gw_connection_arr[$__key]} | cut -d " " -f1`
+         if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$__key" >/dev/null 2>&1 ; then
+            _remote_gw=`echo $_remote_gw_net | cut -d "/" -f1`
+            if ! /sbin/ip route show table $_rt_name | egrep "^0.0.0.0\s+dev\s+$__key" >/dev/null 2>&1 ; then
+               echo "/sbin/ip route add 0.0.0.0 dev $_key src $_local_gw_address table $_rt_name" >> $log_file
+               /sbin/ip route add 0.0.0.0 dev $__key src $_local_gw_address table $_rt_name >> $log_file 2>&1
+               _changed=true
+            else
+               echo -e "#\t[ info ]: Connection through $__key is already part of table $_rt_name" >> $log_file
+            fi
+         fi
+      done
+   done
+fi
+
+
+## - If not using multiple default gatways, set the default gateway here
+## -
+if ! $SET_MULTIPLE_DEFAULT_GW ; then
+
+   __set_default_gatway=false
+
+   echo "" >> $log_file
+   echo "" >> $log_file
+   echo "## ---" >> $log_file
+   echo "## --- Add default gateway" >> $log_file
+   echo "## ---" >> $log_file
+
+   ## - Note: the first online device will become default route
+   ## -
+   for _device in "${inet_devices_arr[@]}" ; do
+      ## - Device online ?
+      if [ -n "${default_gw_arr[$_device]}" ]; then
+         echo "/sbin/ip route delete default" >> $log_file
+         /sbin/ip route delete default >> $log_file 2>&1
+         if $USE_REMOTE_GATEWAY_ADDRESS ; then
+            echo "/sbin/ip route add default via ${default_gw_arr[$_device]} dev $_device" >> $log_file
+            /sbin/ip route add default via ${default_gw_arr[$_device]} dev $_device >> $log_file 2>&1
+         else
+            echo "/sbin/ip route add default via 0.0.0.0 dev $_device" >> $log_file
+            /sbin/ip route add default via 0.0.0.0 dev $_device >> $log_file 2>&1
+         fi
+         __set_default_gatway=true
+         _changed=true
+         break
+      else
+         echo "" >> $log_file
+         echo -e "\t[ Warning ]: $_device is OFFLINE ! Trying next.."  >> $log_file
+      fi
+   done
+   if ! $__set_default_gatway ; then
+
+      echo "" >> $log_file
+      echo -e "\t[ Error ]: No connection is online!"  >> $log_file
+      echo -e "\t           Try to set default gateway from an existing static line .."  >> $log_file
+
+      ## - Notice:
+      ## -
+      ## - If no connection is available (the machine is fully offline), the check script will not 
+      ## - recognize, if the static line becomes online. A way to handle this is to let the
+      ## - default gateway active.
+      ## -
+      default_gw_deleted=false
+      for _device in "${inet_devices_arr[@]}" ; do
+         if containsElement "$_device" "${static_devices_arr[@]}" ; then
+
+            ## - Delete old default route
+            ## -
+            if ! $default_gw_deleted ; then
+               echo "" >> $log_file
+               echo "## - Delete existing default gatewy" >> $log_file
+               echo "## - " >> $log_file
+               echo "/sbin/ip route delete default" >> $log_file
+               /sbin/ip route delete default >> $log_file 2>&1
+               default_gw_deleted=true
+            fi
+
+            ## - Set new default route
+            ## -
+
+            echo "" >> $log_file
+            echo "## - Try to set default gateway to ${static_gw_arr[$_device]}.." >> $log_file
+            echo "## - " >> $log_file
+            echo "/sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device" >> $log_file
+            /sbin/ip route add default via ${static_gw_arr[$_device]} dev $_device >> $log_file 2>&1
+
+            if [[ "$?" == 0 ]] ; then
+               __set_default_gatway=true
+               break
+            fi
+         fi
+      done
+
+      if ! $__set_default_gatway ; then
+         echo "" >> $log_file
+         echo -e "\t[ Error ]: No default gateway is set!"  >> $log_file
+      fi
+   fi
+fi
+
+## - Flush the routing tables cache if somethimg has changed
+## -
+if $_changed ; then
+   echo "" >> $log_file
+   echo "" >> $log_file
+   echo "## - Some Routing tables has changed, so flush table cache" >> $log_file
+   echo "## -" >> $log_file
+   echo "/sbin/ip route flush table cache" >> $log_file
+   /sbin/ip route flush table cache >> $log_file 2>&1
+fi
+
+if $_monitoring ; then
+   echo "" >> $log_file
+   echo "" >> $log_file
+   echo "## - Starting monitoring script to check dsl connections.." >> $log_file
+   echo "## -" >> $log_file
+
+   if [[ -z "${!default_gw_arr[@]}" ]] ; then
+      echo "$check_script $INITIAL_DEVICE_LIST &"  >> $log_file 2>&1
+      $check_script $INITIAL_DEVICE_LIST &
+   else
+
+      _LIST=
+      for _device in ${!default_gw_arr[@]} ; do
+         _LIST="$_LIST $_device"
+      done
+      _LIST=`echo "${_LIST}" | sed -e 's/^[ \t]*//'`
+
+      echo "$check_script -l \"$_LIST\" $INITIAL_DEVICE_LIST &"  >> $log_file 2>&1
+      $check_script -l "$_LIST" $INITIAL_DEVICE_LIST &
+   fi
+fi
+
+echo "" >> $log_file
+echo "### -------------------------" >> $log_file
+
+exit 0
diff --git a/ReachOut/sbin/rebind b/ReachOut/sbin/rebind
new file mode 100755
index 0000000..c60e07b
--- /dev/null
+++ b/ReachOut/sbin/rebind
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+case "$1" in
+   on)
+      set -x
+      mount --bind /proc    /ro/proc
+      mount --bind /sys     /ro/sys
+      mount --bind /dev     /ro/dev
+      mount --bind /dev/pts /ro/dev/pts
+   ;;
+   off)
+      set -x
+      umount /ro/dev/pts
+      umount /ro/dev
+      umount /ro/sys
+      umount /ro/proc
+   ;;
+   *)
+      echo "Use: $0 (on|off)"
+esac
diff --git a/ReachOut/src/check_net b/ReachOut/src/check_net
new file mode 160000
index 0000000..6bde0e7
--- /dev/null
+++ b/ReachOut/src/check_net
@@ -0,0 +1 @@
+Subproject commit 6bde0e7c07c4d0ee8cc6f6aa37c49608fe924a5b
diff --git a/ReachOut/src/ipt-gateway b/ReachOut/src/ipt-gateway
new file mode 160000
index 0000000..de0ebb6
--- /dev/null
+++ b/ReachOut/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
diff --git a/SPR-BE/README.txt b/SPR-BE/README.txt
new file mode 100644
index 0000000..7213e3b
--- /dev/null
+++ b/SPR-BE/README.txt
@@ -0,0 +1,25 @@
+
+Notice:
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.SPR-BE: ppp0 comes over eth2
+      interfaces.SPR-BE: see above
+      default_isc-dhcp-server.SPR-BE
+      ipt-firewall.SPR-BE: LAN device (mostly ) = eth1
+                                second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/SPR-BE/bin/admin-stuff b/SPR-BE/bin/admin-stuff
new file mode 160000
index 0000000..6c91fc0
--- /dev/null
+++ b/SPR-BE/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
diff --git a/SPR-BE/bin/manage-gw-config b/SPR-BE/bin/manage-gw-config
new file mode 160000
index 0000000..2a96dfd
--- /dev/null
+++ b/SPR-BE/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit 2a96dfdc8f50605a84059b07e64b8ae6b41b5688
diff --git a/SPR-BE/bin/monitoring b/SPR-BE/bin/monitoring
new file mode 160000
index 0000000..0611d0a
--- /dev/null
+++ b/SPR-BE/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
diff --git a/SPR-BE/bind/bind.keys b/SPR-BE/bind/bind.keys
new file mode 100644
index 0000000..db22d4b
--- /dev/null
+++ b/SPR-BE/bind/bind.keys
@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};
diff --git a/SPR-BE/bind/db.0 b/SPR-BE/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/SPR-BE/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/SPR-BE/bind/db.127 b/SPR-BE/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/SPR-BE/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/SPR-BE/bind/db.192.168.92.0 b/SPR-BE/bind/db.192.168.92.0
new file mode 100644
index 0000000..af4eef9
--- /dev/null
+++ b/SPR-BE/bind/db.192.168.92.0
@@ -0,0 +1,59 @@
+;
+; BIND reverse data file for local sprachenatelier.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.sprachenatelier.netz. ckubu.oopen.de. (
+      2017060301     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+@              IN NS    ns-spr.sprachenatelier.netz.
+
+; - Gateway/Firewall
+254            IN PTR   gw-spr.sprachenatelier.netz.
+
+
+; - (Caching ) Nameserver
+1              IN PTR   ns-spr.sprachenatelier.netz.
+
+
+; - Fileserver
+10             IN PTR   file-spr.sprachenatelier.netz.
+11             IN PTR   file-spr-alt.sprachenatelier.netz.
+
+
+; - IPMI
+15             IN PTR   file-ipmi.sprachenatelier.netz.
+202            IN PTR   file-ipmi-alt.sprachenatelier.netz.
+
+
+; - Drucker
+5              IN PTR   hp-cp1515n.sprachenatelier.netz.
+6              IN PTR   kyocera-p2040dn.sprachenatelier.netz.
+7              IN PTR   br-mfc-jw5910dw.sprachenatelier.netz.   
+8              IN PTR   kyocera-p2135dn.sprachenatelier.netz.
+
+
+; - Accesspoint
+50             IN PTR   wlan-spr.sprachenatelier.netz.
+
+
+; - Buero PC's
+101            IN PTR   cl101.sprachenatelier.netz.
+102            IN PTR   cl102.sprachenatelier.netz.
+103            IN PTR   cl103.sprachenatelier.netz.
+104            IN PTR   cl104.sprachenatelier.netz.
+105            IN PTR   cl105.sprachenatelier.netz.
+106            IN PTR   cl106.sprachenatelier.netz.
+107            IN PTR   cl107.sprachenatelier.netz.
+108            IN PTR   cl108.sprachenatelier.netz.
+109            IN PTR   cl109.sprachenatelier.netz.
+110            IN PTR   cl110.sprachenatelier.netz.
+;111            IN PTR    cl111.sprachenatelier.netz.
+;112            IN PTR    cl112.sprachenatelier.netz.
+
+137            IN PTR   cl107-alt.sprachenatelier.netz.
+138            IN PTR   cl108-alt.sprachenatelier.netz.
diff --git a/SPR-BE/bind/db.255 b/SPR-BE/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/SPR-BE/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/SPR-BE/bind/db.empty b/SPR-BE/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/SPR-BE/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/SPR-BE/bind/db.local b/SPR-BE/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/SPR-BE/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/SPR-BE/bind/db.root b/SPR-BE/bind/db.root
new file mode 100644
index 0000000..f0b79d2
--- /dev/null
+++ b/SPR-BE/bind/db.root
@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file
diff --git a/SPR-BE/bind/db.sprachenatelier.netz b/SPR-BE/bind/db.sprachenatelier.netz
new file mode 100644
index 0000000..028227b
--- /dev/null
+++ b/SPR-BE/bind/db.sprachenatelier.netz
@@ -0,0 +1,148 @@
+;
+; BIND data file for local sprachenatelier.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.sprachenatelier.netz. ckubu.oopen.de. (
+      2017060301     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+@                 IN NS     ns-spr.sprachenatelier.netz.
+
+; Gateway/Firewall
+gw-spr            IN A      192.168.92.254
+gate              IN CNAME  gw-spr
+gw                IN CNAME  gw-spr
+
+
+; (Caching ) Nameserver
+ns-spr            IN A      192.168.92.1
+ns                IN CNAME  ns-spr
+nscache           IN CNAME  ns-spr
+
+
+; - Fileserver
+file-spr          IN A      192.168.92.10
+file              IN CNAME  file-spr
+www               IN CNAME  file-spr
+
+file-spr-alt      IN A      192.168.92.11
+
+
+; - IPMI
+gw-ipmi           IN A      172.16.92.15
+file-ipmi         IN A      192.168.92.15
+
+file-ipmi-alt     IN A      192.168.92.202
+
+
+; - HP Color LaserJet CP1515DN
+;
+hp-cp1515n        IN A      192.168.92.5
+hp-color          IN CNAME  hp-cp1515n
+
+; - Kyocera ECOSYS P3040DN
+;
+kyocera-p2040dn   IN A     192.168.92.6
+km-p2040dn        IN CNAME kyocera-p2040dn
+
+; Brother MFC-J5910DW
+;
+br-mfc-jw5910dw  IN A     192.168.92.7
+brother          IN CNAME br-mfc-jw5910dw
+
+; - KyoceraA P2035D
+; - Gibt es nicht mehr -
+;
+;kyocera-p2135dn  IN A 192.168.92.8
+;kyocera          IN CNAME kyocera-p2135dn
+
+; - Kyocera ECOSYS P2135DN
+;
+kyocera-p2035d    IN A 192.168.92.9
+km29df05          IN CNAME kyocera-p2035d
+
+
+; - Accesspoint
+wlan-spr          IN A      192.168.92.50
+wlan              IN CNAME  wlan-spr
+accesspoint       IN CNAME  wlan-spr
+
+
+; PC's
+cl101-spr         IN A      192.168.92.101
+cl101             IN CNAME  cl101-spr
+
+cl102-spr         IN A      192.168.92.102
+cl102             IN CNAME  cl102-spr
+
+cl103-spr         IN A      192.168.92.103
+cl103             IN CNAME  cl103-spr
+
+cl104-spr         IN A      192.168.92.104
+cl104             IN CNAME  cl104-spr
+
+cl105-spr         IN A      192.168.92.105
+cl105             IN CNAME  cl105-spr
+
+cl106-spr         IN A      192.168.92.106
+cl106             IN CNAME  cl106-spr
+
+cl107-spr         IN A      192.168.92.107
+cl107             IN CNAME  cl107-spr
+
+cl108-spr         IN A      192.168.92.108
+cl108             IN CNAME  cl108-spr
+
+cl109-spr         IN A      192.168.92.109
+cl109             IN CNAME  cl109-spr
+
+cl110-spr         IN A      192.168.92.110
+cl110             IN CNAME  cl110-spr
+
+cl111-spr         IN A      192.168.92.111
+cl111             IN CNAME  cl111-spr
+
+cl112-spr         IN A      192.168.92.112
+cl112             IN CNAME  cl112-spr
+
+
+cl101-alt-spr     IN A      192.168.92.131
+cl101-alt         IN CNAME  cl101-alt-spr
+
+cl102-alt-spr     IN A      192.168.92.132
+cl102-alt         IN CNAME  cl102-alt-spr
+
+cl103-alt-spr     IN A      192.168.92.133
+cl103-alt         IN CNAME  cl103-alt-spr
+
+cl105-alt-spr     IN A      192.168.92.135
+cl105-alt         IN CNAME  cl105-alt-spr
+
+cl106-alt-spr     IN A      192.168.92.136
+cl106-alt         IN CNAME  cl106-alt-spr
+
+cl107-alt-spr     IN A      192.168.92.137
+cl107-alt         IN CNAME  cl107-alt-spr
+
+cl108-alt-spr     IN A      192.168.92.138
+cl108-alt         IN CNAME  cl108-alt-spr
+
+
+; Lancom 1781VAW - Router (von der Telekom)
+;
+lancome-router    IN A       172.16.92.254
+lancom            IN CNAME   lancome-router
+router            IN CNAME   lancome-router
+
+; Lancom L-322agn dual Wireless (R2)
+; 2 * Accespoint (HotSpot)
+;
+lancom-ap1        IN A       192.168.150.11
+ap1               IN CNAME   lancom-ap1
+lancom-ap2        IN A       192.168.150.12
+ap2               IN CNAME   lancom-ap2
diff --git a/SPR-BE/bind/named.conf b/SPR-BE/bind/named.conf
new file mode 100644
index 0000000..880786a
--- /dev/null
+++ b/SPR-BE/bind/named.conf
@@ -0,0 +1,11 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
diff --git a/SPR-BE/bind/named.conf.default-zones b/SPR-BE/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/SPR-BE/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/SPR-BE/bind/named.conf.local b/SPR-BE/bind/named.conf.local
new file mode 100644
index 0000000..c800fe5
--- /dev/null
+++ b/SPR-BE/bind/named.conf.local
@@ -0,0 +1,18 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+
+zone "sprachenatelier.netz" {
+   type master;
+   file "/etc/bind/db.sprachenatelier.netz";
+};
+
+zone "92.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.92.0";
+};
diff --git a/SPR-BE/bind/named.conf.local.ORIG b/SPR-BE/bind/named.conf.local.ORIG
new file mode 100644
index 0000000..7a57b10
--- /dev/null
+++ b/SPR-BE/bind/named.conf.local.ORIG
@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
diff --git a/SPR-BE/bind/named.conf.options b/SPR-BE/bind/named.conf.options
new file mode 100644
index 0000000..397cb49
--- /dev/null
+++ b/SPR-BE/bind/named.conf.options
@@ -0,0 +1,92 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	auth-nxdomain no;    # conform to RFC1035
+
+   // Security options
+   listen-on port 53 {
+      127.0.0.1;
+      192.168.92.1;
+   };
+
+   allow-query {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/8;
+   };
+
+   // caching name services
+   recursion yes;
+   allow-recursion {
+      127.0.0.1;
+      192.168.0.0/16;
+      10.0.0.0/16;
+   };
+   allow-transfer { none; };
+
+	listen-on-v6 { any; };
+};
+
+logging {
+   channel simple_log {
+      file "/var/log/named/bind.log" versions 3 size 5m;
+      //severity warning;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category  yes;
+   };
+   channel queries_log {
+      file "/var/log/named/query.log" versions 10 size 5m;
+      severity debug;
+      //severity notice;
+      print-time yes;
+      print-severity yes;
+      print-category no;
+   };
+   channel log_zone_transfers {
+      file "/var/log/named/axfr.log" versions 5 size 2m;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   category resolver {
+      queries_log;
+   };
+   category queries {
+      queries_log;
+   };
+   category xfer-in {
+      log_zone_transfers;
+   };
+   category xfer-out {
+      log_zone_transfers;
+   };
+   category notify {
+      log_zone_transfers;
+   };
+   category default{
+      simple_log;
+   };
+};
+
diff --git a/SPR-BE/bind/named.conf.options.ORIG b/SPR-BE/bind/named.conf.options.ORIG
new file mode 100644
index 0000000..b1bef51
--- /dev/null
+++ b/SPR-BE/bind/named.conf.options.ORIG
@@ -0,0 +1,26 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	//========================================================================
+	// If BIND logs error messages about the root key being expired,
+	// you will need to update your keys.  See https://www.isc.org/bind-keys
+	//========================================================================
+	dnssec-validation auto;
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/SPR-BE/bind/rndc.key b/SPR-BE/bind/rndc.key
new file mode 100644
index 0000000..a097fee
--- /dev/null
+++ b/SPR-BE/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "O65aHnnePKHRNgUJM4eoLA==";
+};
diff --git a/SPR-BE/bind/zones.rfc1918 b/SPR-BE/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/SPR-BE/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/SPR-BE/cron_root.SPR-BE b/SPR-BE/cron_root.SPR-BE
new file mode 100644
index 0000000..1068d60
--- /dev/null
+++ b/SPR-BE/cron_root.SPR-BE
@@ -0,0 +1,65 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.QGH54q/crontab installed on Sat Mar 24 08:03:53 2018)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+# m h  dom mon dow   command
+PATH=/root/bin/admin-stuff:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+SHELL=/bin/bash
+
+# - check forwarding ( /proc/sys/net/ipv4/ip_forward contains "1" )
+# - if not set this entry to "1"
+# -
+0-59/2 * * * * /root/bin/monitoring/check_forwarding.sh
+
+# - Check if cron service is running. Restart service if needed
+# -
+*/5 * * * * /root/bin/monitoring/check_service.sh CRON
+
+# - Check if postfix mailsystem is running. Restart service if needed.
+# -
+*/5 * * * * /root/bin/monitoring/check_postfix.sh
+
+# - Check if ssh service is running. Restart service if needed
+# -
+*/10 * * * * /root/bin/monitoring/check_ssh.sh
+
+# - Check if ssh service is running. Restart service if needed
+# -
+*/10 * * * * /root/bin/monitoring/check_ntpd.sh
+
+# - Check if dhcp service is running. Restart service if needed
+# -
+*/10 * * * * /root/bin/monitoring/check_dhcp.sh
+
+# - Check if bind name service is running. Restart service if needed
+# -
+*/15 * * * * /root/bin/monitoring/check_dns.sh
+
+# - Check if OpenVPN service is running. Restart service if needed
+# -
+*/15 * * * * /root/bin/monitoring/check_vpn.sh
+
+
+# - copy gatewy configuration
+# -
+41 05 * * * /root/bin/manage-gw-config/copy_gateway-config.sh SPR-BE
diff --git a/SPR-BE/default_isc-dhcp-server.SPR-BE b/SPR-BE/default_isc-dhcp-server.SPR-BE
new file mode 100644
index 0000000..f614399
--- /dev/null
+++ b/SPR-BE/default_isc-dhcp-server.SPR-BE
@@ -0,0 +1,18 @@
+# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
+#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPDv4_PID=/var/run/dhcpd.pid
+#DHCPDv6_PID=/var/run/dhcpd6.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="eth0 eth1"
+#INTERFACESv6=""
diff --git a/SPR-BE/dhcpd.conf.SPR-BE b/SPR-BE/dhcpd.conf.SPR-BE
new file mode 100644
index 0000000..cc72bb7
--- /dev/null
+++ b/SPR-BE/dhcpd.conf.SPR-BE
@@ -0,0 +1,278 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+#option domain-name "example.org";
+#option domain-name-servers ns1.example.org, ns2.example.org;
+option domain-name "sprachenatelier.netz";
+option domain-name-servers 192.168.92.1;
+
+option routers gw-spr.sprachenatelier.netz;
+option ntp-servers 192.168.92.254;
+
+#default-lease-time 600;
+#max-lease-time 7200;
+default-lease-time 10800;
+max-lease-time 43200;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+# - No dhcp service for WAN network
+# -
+subnet 172.16.92.0 netmask 255.255.255.0 {
+}
+
+# - No dhcp service for second LAN (WLAN) network
+# -
+subnet 192.168.93.0 netmask 255.255.255.0 {
+}
+
+subnet 192.168.92.0 netmask 255.255.255.0 {
+
+   # --- 192.168.92.128/25 ---
+   # network address....: 192.168.63.128
+   # Broadcast address..: 192.168.63.255
+   # netmask............: 255.255.255.128
+   # network range......: 192.168.63.128 - 192.168.63.255
+   # Usable range.......: 192.168.63.129 - 192.168.63.254
+
+   range 192.168.92.129 192.168.92.253;
+   option domain-name "sprachenatelier.netz";
+   option domain-name-servers 192.168.92.1;
+   option subnet-mask 255.255.255.0;
+   option broadcast-address 192.168.92.255;
+   option routers 192.168.92.254;
+   option ntp-servers 192.168.92.254;
+
+}
+
+host accesspoint {
+   hardware ethernet 64:ae:0c:eb:12:d0;
+   fixed-address accesspoint.sprachenatelier.netz;
+}
+
+host gw-spr {
+   hardware ethernet 00:25:90:09:1b:8a;
+   fixed-address gw-spr.sprachenatelier.netz;
+}
+
+host file-spr {
+   hardware ethernet 00:25:90:09:1b:d2 ;
+   fixed-address file-spr.sprachenatelier.netz;
+}
+
+host ipmi-spr {
+   hardware ethernet 00:25:90:08:81:b1 ;
+   fixed-address ipmi-akb.sprachenatelier.netz;
+}
+
+host cl101-spr {
+   hardware ethernet 80:ee:73:c5:e9:b9 ;
+   fixed-address cl101-spr.sprachenatelier.netz;
+}
+
+host cl101-alt-spr {
+   hardware ethernet 70:71:bc:72:25:98 ;
+   fixed-address cl101-alt-spr.sprachenatelier.netz;
+}
+
+host cl102-spr {
+   hardware ethernet 80:ee:73:c5:d3:87 ;
+   fixed-address cl102-spr.sprachenatelier.netz;
+}
+
+host cl103-spr {
+   hardware ethernet 80:ee:73:bb:da:93 ;
+   fixed-address cl103-spr.sprachenatelier.netz;
+}
+
+host cl103-alt-spr {
+   hardware ethernet 70:71:bc:72:24:cc ;
+   fixed-address cl103-alt-spr.sprachenatelier.netz;
+}
+
+host cl104-spr {
+   ## - ALT
+   #hardware ethernet 70:71:bc:72:25:8b ;
+   hardware ethernet 74:d4:35:ac:78:19 ;
+   fixed-address cl104-spr.sprachenatelier.netz;
+}
+
+host cl105-spr {
+   hardware ethernet 80:ee:73:c5:2c:97 ;
+   fixed-address cl105-spr.sprachenatelier.netz;
+}
+
+host cl105-alt-spr {
+   hardware ethernet 70:71:bc:72:25:93 ;
+   fixed-address cl105-alt-spr.sprachenatelier.netz;
+}
+
+host cl106-spr {
+   hardware ethernet 80:ee:73:c5:2d:8d ;
+   fixed-address cl106-spr.sprachenatelier.netz;
+}
+
+host cl106-alt-spr {
+   hardware ethernet 70:71:bc:72:26:e4 ;
+   fixed-address cl106-alt-spr.sprachenatelier.netz;
+}
+
+host cl107-spr {
+   hardware ethernet 80:ee:73:c5:2e:83 ;
+   fixed-address cl107-spr.sprachenatelier.netz;
+}
+
+host cl107-alt-spr {
+   hardware ethernet e0:69:95:45:71:4b ;
+   fixed-address cl107-alt-spr.sprachenatelier.netz;
+}
+
+host cl108-spr {
+   hardware ethernet 80:ee:73:d0:a3:30 ;
+   fixed-address cl108-spr.sprachenatelier.netz;
+}
+
+host cl108-alt-spr {
+   hardware ethernet 70:71:bc:72:25:85 ;
+   fixed-address cl108-alt-spr.sprachenatelier.netz;
+}
+
+host cl109-spr {
+   hardware ethernet 38:60:77:39:f2:49 ;
+   fixed-address cl109-spr.sprachenatelier.netz;
+}
+
+host cl110-spr {
+   hardware ethernet 38:60:77:4e:34:fe ;
+   fixed-address cl110-spr.sprachenatelier.netz;
+}
+
+## - HP Color Laserjet CP1515n
+## - NPI3F18AE
+## -
+host hp-cp1515n {
+   hardware ethernet f4:ce:46:3f:18:ae ;
+   fixed-address hp-cp1515n.sprachenatelier.netz ;
+}
+
+## - Kyocera P2040DN
+## -
+host km-p2040dn {
+   hardware ethernet 00:17:c8:30:7a:00;
+   fixed-address kyocera-p2040dn.sprachenatelier.netz ;
+}
+
+## - Brother MFC-J5910DW
+## -
+host br-mfc-jw5910dw {
+   hardware ethernet 00:1b:a9:de:14:bc ;
+   fixed-address br-mfc-jw5910dw.sprachenatelier.netz ;
+}
+
+## - Kyocera ECOSYS P2135DN
+## -
+host km-p2135dn {
+   hardware ethernet 00:17:c8:14:47:8f;
+   fixed-address kyocera-p2135dn.sprachenatelier.netz;
+}
+
+
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.example.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/SPR-BE/dhcpd6.conf.SPR-BE b/SPR-BE/dhcpd6.conf.SPR-BE
new file mode 100644
index 0000000..87786b4
--- /dev/null
+++ b/SPR-BE/dhcpd6.conf.SPR-BE
@@ -0,0 +1,102 @@
+# Server configuration file example for DHCPv6
+# From the file used for TAHI tests - addresses chosen
+# to match TAHI rather than example block.
+
+# IPv6 address valid lifetime
+#  (at the end the address is no longer usable by the client)
+#  (set to 30 days, the usual IPv6 default)
+default-lease-time 2592000;
+
+# IPv6 address preferred lifetime
+#  (at the end the address is deprecated, i.e., the client should use
+#   other addresses for new connections)
+#  (set to 7 days, the	usual IPv6 default)
+preferred-lifetime 604800;
+
+# T1, the delay before Renew
+#  (default is 1/2 preferred lifetime)
+#  (set to 1 hour)
+option dhcp-renewal-time 3600;
+
+# T2, the delay before Rebind (if Renews failed)
+#  (default is 3/4 preferred lifetime)
+#  (set to 2 hours)
+option dhcp-rebinding-time 7200;
+
+# Enable RFC 5007 support (same than for DHCPv4)
+allow leasequery;
+
+# Global definitions for name server address(es) and domain search list
+option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
+option dhcp6.domain-search "test.example.com","example.com";
+
+# Set preference to 255 (maximum) in order to avoid waiting for
+# additional servers when there is only one
+##option dhcp6.preference 255;
+
+# Server side command to enable rapid-commit (2 packet exchange)
+##option dhcp6.rapid-commit;
+
+# The delay before information-request refresh
+#  (minimum is 10 minutes, maximum one day, default is to not refresh)
+#  (set to 6 hours)
+option dhcp6.info-refresh-time 21600;
+
+# Static definition (must be global)
+#host myclient {
+#	# The entry is looked up by this
+#	host-identifier option
+#		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
+#
+#	# A fixed address
+#	fixed-address6 3ffe:501:ffff:100::1234;
+#
+#	# A fixed prefix
+#	fixed-prefix6 3ffe:501:ffff:101::/64;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
+#
+#	# For debug (to see when the entry statements are executed)
+#	#  (log "sol" when a matching Solicitation is received)
+#	##if packet(0,1) = 1 { log(debug,"sol"); }
+#}
+#
+#host otherclient {
+#        # This host entry is hopefully matched if the client supplies a DUID-LL
+#        # or DUID-LLT containing this MAC address.
+#        hardware ethernet 01:00:80:a2:55:67;
+#
+#        fixed-address6 3ffe:501:ffff:100::4321;
+#}
+
+# The subnet where the server is attached
+#  (i.e., the server has an address in this subnet)
+#subnet6 3ffe:501:ffff:100::/64 {
+#	# Two addresses available to clients
+#	#  (the third client should get NoAddrsAvail)
+#	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
+#
+#	# Use the whole /64 prefix for temporary addresses
+#	#  (i.e., direct application of RFC 4941)
+#	range6 3ffe:501:ffff:100:: temporary;
+#
+#	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
+#	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
+#}
+
+# A second subnet behind a relay agent
+#subnet6 3ffe:501:ffff:101::/64 {
+#	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
+#
+#}
+
+# A third subnet behind a relay agent chain
+#subnet6 3ffe:501:ffff:102::/64 {
+#	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
+#}
diff --git a/SPR-BE/hostname.SPR-BE b/SPR-BE/hostname.SPR-BE
new file mode 100644
index 0000000..fc71418
--- /dev/null
+++ b/SPR-BE/hostname.SPR-BE
@@ -0,0 +1 @@
+gw-spr
diff --git a/SPR-BE/hosts.SPR-BE b/SPR-BE/hosts.SPR-BE
new file mode 100644
index 0000000..11628ba
--- /dev/null
+++ b/SPR-BE/hosts.SPR-BE
@@ -0,0 +1,7 @@
+127.0.0.1	localhost
+127.0.1.1	gw-spr.sprachenatelier.netz	gw-spr
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/SPR-BE/interfaces.SPR-BE b/SPR-BE/interfaces.SPR-BE
new file mode 100644
index 0000000..111f53b
--- /dev/null
+++ b/SPR-BE/interfaces.SPR-BE
@@ -0,0 +1,62 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+#-----------------------------
+# eth1 - LAN
+#-----------------------------
+
+auto eth1 eth1:ns
+
+iface eth1 inet static
+   address 192.168.92.254
+   network 192.168.92.0
+   netmask 255.255.255.0
+   broadcast 192.168.92.255
+
+# - Name Service
+# -
+iface eth1:ns inet static
+   address 192.168.92.1
+   network 192.168.92.0
+   netmask 255.255.255.0
+   broadcast 192.168.92.255
+
+
+#-----------------------------
+# eth0 - WLAN
+#-----------------------------
+
+auto eth0
+iface eth0 inet static
+   address 192.168.93.254
+   network 192.168.93.0
+   netmask 255.255.255.0
+   broadcast 192.168.93.255
+
+
+#-----------------------------
+# eth2 - WAN
+#-----------------------------
+
+auto eth2
+
+# - Note: Gateway is 172.16.92.253
+# -
+iface eth2 inet static
+   address 172.16.92.1
+   netmask 255.255.255.0
+   network 172.16.92.1
+   broadcast 172.16.92.255
+   gateway 172.16.92.253
+
+
+#-----------------------------
+# enp0s20f3 - Not in use
+#-----------------------------
+
diff --git a/SPR-BE/ipt-firewall.service.SPR-BE b/SPR-BE/ipt-firewall.service.SPR-BE
new file mode 100644
index 0000000..9842090
--- /dev/null
+++ b/SPR-BE/ipt-firewall.service.SPR-BE
@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+SyslogIdentifier="ipt-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/SPR-BE/ipt-firewall/default_ports.conf b/SPR-BE/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..a6ee932
--- /dev/null
+++ b/SPR-BE/ipt-firewall/default_ports.conf
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/SPR-BE/ipt-firewall/include_functions.conf b/SPR-BE/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/SPR-BE/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/SPR-BE/ipt-firewall/interfaces_ipv4.conf b/SPR-BE/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..d444adf
--- /dev/null
+++ b/SPR-BE/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1=""
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth2"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="eth0"
+local_if_2="eth1"
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/SPR-BE/ipt-firewall/load_modules_ipv4.conf b/SPR-BE/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/SPR-BE/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/SPR-BE/ipt-firewall/load_modules_ipv6.conf b/SPR-BE/ipt-firewall/load_modules_ipv6.conf
new file mode 100644
index 0000000..2c55689
--- /dev/null
+++ b/SPR-BE/ipt-firewall/load_modules_ipv6.conf
@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle
diff --git a/SPR-BE/ipt-firewall/logging_ipv4.conf b/SPR-BE/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..e653972
--- /dev/null
+++ b/SPR-BE/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/SPR-BE/ipt-firewall/logging_ipv6.conf b/SPR-BE/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..a024215
--- /dev/null
+++ b/SPR-BE/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/SPR-BE/ipt-firewall/main_ipv4.conf b/SPR-BE/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..b0352cb
--- /dev/null
+++ b/SPR-BE/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1399 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+
+_ips="$(ip a | grep "inet " | awk '{print$2}' | cut -d'/' -f1)"
+for _ip in $_ips ; do
+   gateway_ipv4_address_arr+=("$_ip")
+done
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# - =====
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                      86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip=""
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks=""
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195 1196"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - Ist this Gateway DHCP Client?
+# - 
+# - local_dhcp_client_interfaces="<interface1> [<interface> [.."
+# -
+# - Example:
+# -    dhcp_client_interfaces="$ext_if_static_1"
+# -
+dhcp_client_interfaces=""
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - 192.168.92.5     HP Color LaserJet CP1515DN
+# - 192.168.92.6     Kyocera ECOSYS P3040DN
+# - 192.168.92.7     Brother MFC-J5910DW
+# - 192.168.92.9     Kyocera ECOSYS P2135DN
+# -
+# - 192.168.92.50    Cisco Accesspoint
+# -
+# - Blank separated list
+# -
+http_server_only_local_ips="
+   192.168.92.5
+   192.168.92.6
+   192.168.92.7
+   192.168.92.9
+   192.168.92.50"
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - SMTP server (i.e. mail relay service) Gateway
+# -
+local_smtp_service=false
+
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+# - 192.168.92.10    Fileserver
+# -
+samba_server_local_ips="192.168.92.10"
+
+# - Samba Service DMZ
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+# - Blank separated list of ip's
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip=""
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips=""
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=false
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - Blank seoarated list
+# -
+# - 172.16.92.15     IPMI Gateway
+# - 192.168.92.15    IPMI Fileserver
+# - 192.168.92.202   IPMI Fileserver ALT
+# -
+ipmi_server_ips="172.16.92.15 192.168.92.15 192.168.92.202"
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_ports="623 5900"
+ipmi_tcp_ports="80 443 623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - 192.168.92.5     HP Color LaserJet CP1515DN
+# - 192.168.92.6     Kyocera ECOSYS P3040DN
+# - 192.168.92.7     Brother MFC-J5910DW
+# - 192.168.92.9     Kyocera ECOSYS P2135DN
+# -
+# - Blank separated list
+# -
+printer_ips="
+   192.168.92.5
+   192.168.92.6
+   192.168.92.7
+   192.168.92.9"
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - 192.168.92.7     Brother MFC-J5910DW
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips="192.168.92.7"
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade (NAT) networks
+# -
+# -    nat_networks="<src-network>:<output-device> [<src-network>:<output-device>] [.."
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -    nat_network="172.16.1.0/24:${local_if_2}
+# -                 172.16.63.0/24:${ext_if_static_1}"
+# -
+# - 172.16.1.0/24    Rescue network (routers)
+# -
+nat_networks=""
+
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+# - 172.16.92.253    Zyxel Speedlink 5501 Router
+# - 172.16.92.254    Lancom 1781VAW Router
+# -
+# - Blank separated list
+# -
+masquerade_tcp_cons="
+   192.168.92.0/24:172.16.92.253:80:${ext_if_static_1}
+   192.168.92.0/24:172.16.92.253:443:${ext_if_static_1}
+   10.0.0.0/8:172.16.92.253:80:${ext_if_static_1}
+   10.0.0.0/8:172.16.92.253:443:${ext_if_static_1}
+   192.168.63.0/24:172.16.92.253:80:${ext_if_static_1}
+   192.168.63.0/24:172.16.92.253:443:${ext_if_static_1}
+   192.168.92.0/24:172.16.92.254:80:${ext_if_static_1}
+   192.168.92.0/24:172.16.92.254:443:${ext_if_static_1}
+   10.0.0.0/8:172.16.92.254:80:${ext_if_static_1}
+   10.0.0.0/8:172.16.92.254:443:${ext_if_static_1}
+   192.168.63.0/24:172.16.92.254:80:${ext_if_static_1}
+   192.168.63.0/24:172.16.92.254:443:${ext_if_static_1}"
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations (blank separated list) are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# - Blank separated list
+# -
+portforward_tcp=""
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations (blank separated list) are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+allow_cisco_vpn_out=true
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=false
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=false
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=false
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14"
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/SPR-BE/ipt-firewall/post_decalrations.conf b/SPR-BE/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..7d0e9bf
--- /dev/null
+++ b/SPR-BE/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/SPR-BE/mailname.SPR-BE b/SPR-BE/mailname.SPR-BE
new file mode 100644
index 0000000..59eb7dc
--- /dev/null
+++ b/SPR-BE/mailname.SPR-BE
@@ -0,0 +1 @@
+gw-spr.sprachenatelier.netz
diff --git a/SPR-BE/main.cf.SPR-BE b/SPR-BE/main.cf.SPR-BE
new file mode 100644
index 0000000..a84a55a
--- /dev/null
+++ b/SPR-BE/main.cf.SPR-BE
@@ -0,0 +1,268 @@
+# ============ Basic settings ============
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+
+## - The Internet protocols Postfix will attempt to use when making 
+## - or accepting connections.
+## - DEFAULT: ipv4
+inet_protocols = ipv4
+
+#inet_interfaces = all
+inet_interfaces =
+   127.0.0.1
+   #192.168.92.254
+
+myhostname = gw-spr.sprachenatelier.netz
+
+mydestination = 
+   gw-spr.sprachenatelier.netz
+   localhost
+
+## - The list of "trusted" SMTP clients that have more 
+## - privileges than "strangers"
+## -
+mynetworks = 
+   127.0.0.0/8
+   192.168.92.254/32
+
+smtp_bind_address = 
+smtp_bind_address6 = 
+
+
+## - The method to generate the default value for the mynetworks parameter.
+## -
+## -   mynetworks_style = host" when Postfix should "trust" only the local machine
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -                       clients in the same IP subnetworks as the local machine.
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -                      IP class A/B/C networks as the local machine.
+## -
+#mynetworks_style = host
+
+
+## - The maximal size of any local(8) individual mailbox or maildir file, 
+## - or zero (no limit). In fact, this limits the size of any file that is 
+## - written to upon local delivery, including files written by external 
+## - commands that are executed by the local(8) delivery agent. 
+## -
+mailbox_size_limit = 0
+
+## - The maximal size in bytes of a message, including envelope information.
+## -
+## - we user 50MB
+## -
+message_size_limit = 52480000
+
+## - The system-wide recipient address extension delimiter
+## -
+recipient_delimiter = +
+
+## - The alias databases that are used for local(8) delivery.
+## -
+alias_maps =
+   hash:/etc/aliases
+
+## - The alias databases for local(8) delivery that are updated 
+## - with "newaliases" or with "sendmail -bi". 
+## -
+alias_database =
+   hash:/etc/aliases
+
+
+## - The maximal time a message is queued before it is sent back as 
+## - undeliverable. Defaults to 5d (5 days)
+## - Specify 0 when mail delivery should be tried only once.
+## - 
+maximal_queue_lifetime = 3d
+bounce_queue_lifetime = $maximal_queue_lifetime
+
+## - delay_warning_time (default: 0h)
+## -
+## - The time after which the sender receives a copy of the message 
+## - headers of mail that is still queued. To enable this feature, 
+## - specify a non-zero time value (an integral value plus an optional 
+## - one-letter suffix that specifies the time unit). 
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
+## - The default time unit is h (hours). 
+delay_warning_time = 1d
+
+
+
+# ============ Relay parameters ============
+
+#relayhost =
+
+
+# ============ SASL authentication ============
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+
+
+
+# ============ TLS parameters ============
+
+## - Aktiviert TLS für den Mailempfang
+## -
+## - may:
+## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - SMTP server, otherwise use plaintext
+## -
+## - This overrides the obsolete parameters smtpd_use_tls and 
+## - smtpd_enforce_tls. This parameter is ignored with 
+## - "smtpd_tls_wrappermode = yes".
+#smtpd_use_tls=yes
+smtp_tls_security_level=encrypt
+
+## - Aktiviert TLS für den Mailversand
+## -
+## - may:
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - but do not require that clients use TLS encryption.
+# smtp_use_tls=yes
+smtpd_tls_security_level=may
+
+## -    0 Disable logging of TLS activity. 
+## -    1 Log TLS handshake and certificate information. 
+## -    2 Log levels during TLS negotiation. 
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
+
+smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
+smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl dhparam -out /etc/postfix/ssl/dh_1024.pem -2 1024
+## -
+#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
+## - also possible to use 2048 key with that parameter
+## -
+smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl dhparam -out /etc/postfix/ssl/dh_512.pem -2 512
+## -
+smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
+
+
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
+## - server certificates or intermediate CA certificates. These are loaded into 
+## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
+## - 
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - necessary "hash" links with, for example, "
+## - /bin/c_rehash /etc/postfix/certs". 
+## -
+## - !! Note !!
+## - To use this option in chroot mode, this directory (or a copy) must be inside 
+## - the chroot jail. 
+## -
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - queue directory (/var/spool/postfix)
+## -
+#smtpd_tls_CApath = /etc/postfix/certs
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP server 
+# 
+# List of TLS protocols that the Postfix SMTP server will exclude or  
+# include with opportunistic TLS encryption.  
+smtpd_tls_protocols = !SSLv2, !SSLv3
+# 
+# The SSL/TLS protocols accepted by the Postfix SMTP server  
+# with mandatory TLS encryption. 
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP client 
+#  
+# List of TLS protocols that the Postfix SMTP client will exclude or  
+# include with opportunistic TLS encryption.  
+smtp_tls_protocols = !SSLv2, !SSLv3
+# 
+# List of SSL/TLS protocols that the Postfix SMTP client will use  
+# with mandatory TLS encryption 
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
+## -    openssl > 1.0
+## -
+smtpd_tls_eecdh_grade = strong
+
+# standard list cryptographic algorithm
+tls_preempt_cipherlist = yes
+
+# Disable ciphers which are less than 256-bit:
+#
+#smtpd_tls_mandatory_ciphers = high
+#
+# opportunistic
+smtpd_tls_ciphers = high
+
+
+# Exclude ciphers
+#smtpd_tls_exclude_ciphers =
+#   RC4
+#   aNULL
+#   SEED-SHA
+#   EXP
+#   MD5
+smtpd_tls_exclude_ciphers =
+   aNULL
+   eNULL
+   EXPORT
+   DES
+   RC4
+   MD5
+   PSK
+   aECDH
+   EDH-DSS-DES-CBC3-SHA
+   EDH-RSA-DES-CDC3-SHA
+   KRB5-DE5, CBC3-SHA
+
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
diff --git a/SPR-BE/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-SPR-gw-ckubu b/SPR-BE/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-SPR-gw-ckubu
new file mode 100644
index 0000000..4b70433
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-SPR-gw-ckubu
@@ -0,0 +1,7 @@
+ifconfig-push 10.1.92.2 255.255.255.0
+push "route 192.168.92.0 255.255.255.0 10.1.92.1"
+push "route 192.168.93.0 255.255.255.0 10.1.92.1"
+push "route 192.168.150.0 255.255.255.0 10.1.92.1"
+push "route 172.16.92.0 255.255.255.0 10.1.92.1"
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0
diff --git a/SPR-BE/openvpn/gw-ckubu/client-configs/gw-ckubu.conf b/SPR-BE/openvpn/gw-ckubu/client-configs/gw-ckubu.conf
new file mode 100644
index 0000000..bee6e20
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/client-configs/gw-ckubu.conf
@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-spr.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGzDCCBLSgAwIBAgIJAMzhic2M9z96MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwIBcNMTgwMzE4MTM1NDAzWhgPMjA1MDAzMTgxMzU0MDNaMIGeMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
+AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3Y3K
+UW+th51pqc+MttFyQNVQ+TwGUFptpoES5KIDqXifbqQfTLNUch1us+C0e6qt6B/t
+ZSotqwAqBgA9bT4ws02sMP2U7U0+sn+rxvb9H/6Q0H4KixfsyTTxqrstEphEE2aF
+eC9L3Z4QlJuafsuUWIxT9LW1KnaPV5CIDz/cJZIO/Xc7/TRyiO0ylgf6+br2zAFH
+Rm8Tnr1TDUm2ftB0ukG2wsmGhd/+lXPBrXWwC83NBYjFi0o9OZZmAUekyNWUTHQY
+UJ1fLJAPLdpoVuxbV0BK6HQdpRvj4KyMBt/kEcGMXSLuAr1/848wI1EI8AuFyaZV
+RQdnS6yHxZ4+Mi8YSdXEj+nb/SwBGxz9kmmVUQCTlPm/B4Y5I+3ivS9PxihpSwHo
+zJkr8tr+xwfnFXSXB3wPdYu9rD8KmY3/uDYy9iWLg0/xW6keL4luDCVNjltMjc0x
+03MOpv9cjN2eBwGyU2dHyyfDPSqSsQi9FZeWmgCzwJ0rL4WywDRc5paXbaWtzdqQ
+98gVox7lFbmQIE5VoFc4VTKEIY9D/cLdmZpWzPHOn3vPEc5eAFKb5qZv2IlN420Q
+CSCFJAb5orrIj9ALAIvFXfvTv5o7G+ZEvk4eMP39nK1ZXc6/cL7/IapPfy3/vUs0
+tEph6pRHP39bcH9pxVAA7WkTS5ZEUshA7NrUEwIDAQABo4IBBzCCAQMwHQYDVR0O
+BBYEFHHdskSE3v+RJciX4ZEOWD5SJZ+qMIHTBgNVHSMEgcswgciAFHHdskSE3v+R
+JciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
+IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQB1cA8o2Fo78xQ8jRdyfbvK
+GFH8+SMoOh/8qxj9prk0kLYAro5QnzEBmftHhf3sXevEAUWpr77VL1FxhTXgKUp2
+S06S/meC24M/KclxM+W/7AuG9yrJuW122l61OuWUcDWA24oj0KG896Mbw13ieeWS
+7XmC1YU5Lix3wiWnjD7QZ+E4dg09z722+zwUi1UwRekzJZmB8pTHHmbX4Yig/K27
+STnxQEiVZzlzcvjY6QvC3Sj/aA3YCSNl0bsSwH6GwXXJZ3BEKmm6w+ZRQMTz7+72
+q0ybGf43XH4sj2OBm1YvCD8LehygPy2uJYlDxG8zRq2kxYxiWLbncs1x9Acusd7l
+Te+k8YArRTqsWLN5Q47sGO4H1clz4ay80TTuz4Vc6JQ3banHDmMFV2nMsR2YtKX6
+lKD3lXvMU04ZvZe2SolP1uTto3Jw3cNarigj/nHjn5s16uvy6Q3x4TyVUqyAOqrG
+cuGrbYAEqtVnMrrovGZTj73HSwAx2PD+3jJKZH+suwBIijNL90wbkNlsNHlNcQeQ
+zQAlYRBdCYWFU+7d86kUWYYrActGZc2MJmBZzZ/Tt7YoOIw6NMnWcpMMTUV+zToP
+WWrD5OMDc7EX9BmMg7uif46UF6ol2puGXpQIF/yVRbFk1IiPwhc1ZyCuh+1ugh5+
+CZSTeKgLDVjfXlqH1ErAvQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODIyMTMwNloXDTM4MDMxODIyMTMwNlowgacxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BS
+LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANmowNDa
+f1Pz+ACS/w8DzUiRIu7i6yfteeWBnVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5D
+jqm1750YUPKVmJi7c+CNKkQt2kNa80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4
+rVKPwC0B2qolvH8lj1VXgt6ieRU6CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9
+DAB6Cr1t4MkawJ7h3mn17N3tmfDUqyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ5
+8rqNlBjssx24T2Kv/V72tvgv0Y88jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9M
+sExKswfEvGLgly+3EkMhPuEU9Jqi+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2
+sVwSWijStYRmf/LmYlS2Ts38MHAC0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FC
+DqVqTWhzJGkMsUowk4AyWrnKNsMfC4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMh
+GZus/VoPJudF5vp+5AkthAo/N5wPxIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O3
+1BWxJZ93n5Pv6uEPlBp1bh5oj69F2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF
++Pz68w/5B170pguuybyq8UQNJJhYMyo9L9nBAgMBAAGjggFqMIIBZjAJBgNVHRME
+AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
+dGUwHQYDVR0OBBYEFBNSxrpHA9HfrvuHjvuKZnTXkdN2MIHTBgNVHSMEgcswgciA
+FHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
+MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4G
+A1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM
+4YnNjPc/ejATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
+BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAEDGKiwnx2nlVB4VpK+H
+4fE6KYLjqGCpZLliRxXD2V/zLwXt63hYGMPUxUmqq+nnQAIzbReOf4/3avwuaoMc
+h8PGmbTdoZic5Qxu0FwN7f24eemYuEtC8R6jrLVHffuCmNX+n94T9Fw8dh5Z4BY9
+W3JHr62y5CkRE03VTWgiu4nRluknwyJFYFcj8p8h6kt9qIoSpcaOTfyrhUUgxu4n
+jECCw7ZjZbLvaWq4k5Sea9zBL/5p9phJVvgmZBfioMXKbYrg9MUunWxMDJ2+DRdL
+vV7wWwByHrMhfbZ71KPAeJF8MsXR6WHaHTzckqOh0l8O5BPzU07IJxhKh2HI2joa
+ZfEf5df99ARtH7yUi9qb2/OgqUe2uF/Z6MDUuuipoK95PACf8yvGGEprzqAEusoS
+kvXJAkTHBajNPZf3M909Wqy0C8rRVC06+y9AT1Toba3yTb2wUEOFQ4vwJK+Iwi3d
+16za6vzZArEgpij2me5RVblwVoSDlqbTTKN/obTOm3Vr2tBX1NCdVaQuwwWTcAmj
+zuMd+bluEOOnlBfATuLdnRdgZAA0LbtQAxOcpdUsxR6KxyXFqlo7wPefx7GJKeTa
+At0U50Jw76gTAwxTgdgyBuol998pZheyuFavjH9KmWY/q1N+WyOtPgF30VjbpDNf
+GXH8zFh56LyFtBxdpjuVSUEj
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsMy/MytYtzsCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM8bcaVcNffeBIIJUNOSqKmf153a
+NBjm25drvNrgo+bEd2kxywgcjqIyl/csUjkbx3WWANZZAdRIFgtM2mN6xiGPAzpB
+AMU+0FhbMeSC4aaoE6kbu0QREcHxgLemoA1+3c/VMfzTXJQ5xtr84pyBfj7lwYTh
+uOC8k5WYV0VCWWwj39TAAfF/eqIzfuN4L2ybSgQyHHyWQPvCgfEPMZi5lBcPtZT5
+OQgS30tFTgNOmz+wTex6uOJi0Qqo6MvH3rWv5rRwO17FZU6v+SLXcopvZfrO4WLN
+AMHzjIvvfwmO+7/ypLnVdBYCd+CpvBUwcEbPVqrddWhNgidlOkoQzVnK34wexRvm
+eDjmm8JbTHFQP8+DMEAODlMPNxMD1vCC/vM7bKMjCNYGjRwrxtL9Z8drp1wgzULJ
+8AY3J72+lL1yMQNoch0Niuda3RDBs68FeVvGaFmGCPlzDdfTlex0Pi+BFeuTao0Q
+7Y9zfcjyv+p4HxMg6YoIIQYOEogWO58GF1UL0zOJD81j4ihkT7HTWtOskw5E6Kfq
+WEWyW5Oe4xR0PZpHNrYVURNg6kIxEBwRFfskFofGac36tKJ2fJseESkuqvXLenNt
+Y0Epi/AxwEZa0E+G2ewNPNoBAIvRlOx0CBWWQKeCVaOgsOD0zyqYPsCGFWDl+2d5
+i8afGhTw/8oqhwNwr25tWhW1xKbMEGchycywGGQloGvquv7kchJb6lDADZtF1++v
+4wgRwtiBYOvkqXSLOpFiZinvmUMmqXD7PqG9yWF7XlnRV8JJ61RP2cuKCTXXCGfI
+dtzLnet/4lUV7S0Wd3g1US2iPz6LJ+ngOBQEbAqFvInBiZFyduPwQJo0yswDyJYd
+WNhmHumuFSSCdnAF6qVjuKhsNhftY5w+xww6RhAqst1idoVqYSt1LLODwKVQfIPs
+uctF108LBYPBGf5tEC5Z1KRpDQO41q3F91eTZTVEH8Su1pW7IbMGt8XTUVRJESbQ
+SYH5ELMdd+tb1ccD2fZZV3R6V7vI7ejAzOWdmjqaITtPGsFcMevc36YmJ18OQVBe
+mTZJjdx28sGrsoqCSvgc7ii0DFLWZrRs4WRrgoxQq/G0zKLuuGXhlEgVw9QhIfeo
+fMj1ebR0oElSimcqwPJYI/DDfhYZUA5Mx2Ewnfs1NS+CGoo+UcDKNHQRR3uEmP7T
+1Mhg+MQ3b6ssZ8uZQut1E6bALf9ipH5xkN6rgniJsBL3lzvkN+/5XiE5qz16bmkN
+gpF1+8G0/pjDi7a0Fw602ffdD1XAfcV6SMobDgTyMmjybgZHzf6cFy9gKrRa6WV0
+do4Oc+uv0Nmj6wrAYO4s/nuJnpeTY0wbuHJgcYnTmUX15kIw+bPJ2UIGjyS8QpkF
+evX8XeN48U9mknoQv1OfC6+kE6jgqQiDzigy9nSHFc4kIQWsihO6NKDEia11RWCn
+QN3t8sHDNZdFY3dy7nnQRIhFNEy6InjLnUbfhuzgZVaVoaqULH8EmoE78z25zi0H
+Xt6P+hkW8zZthYHsucVvyiNqZmIb50MK/5VHuORXsepWD9hX/rEyFxsv71AyBl9x
+TSHjk4cgBqVh3uRH8NxNNvWnx7Th03Zk4/2dzNUc5taj3WX2jCH1vaKBMI1BBHJD
+QWNIrwCExUOIAbYJLGkyihnTv4PCRlZrYQtMyx0laxYRdWR6lsIk83jcMWkWfhPf
+YbYd/XIIR+hOFrUIM28Y2TTPHpJhbuORP7z18o2heUV0ZD3LdMi27/JtsSZHlbOu
+nqdP9reWG8Kx6mjEdSFe5hTD0VmZ3Yks1jGp3QBcxQivAbLoXsP5VOMOPr7zXmb1
+m9uWqtC+/1L6lAg5iH0YNyvrmRL02uzMiEXBQQDx0CYqcWJY+hwaXU6MnSyUMH7F
+H7wAW2cqq1XCBVFWUIPI6P63LUlgewzmseaAGgD7tfbGSsx7BwseMXUwtdOYt+Rp
+H8/3QeLLAfgD2Kl7Mv8F8l+KsBRNpaSJVYCqYH5ogzjRiuwDwsOmRdHKRh+r825g
+fAJsI3grgZOd7poDQSisRZKOAF/ytTclreostJGfwLEE7IpUA/R7yLPCTI/mdPwT
+4zRZ2N0fovkApA6hvhIpnhaA5XXuY7gmN8E0tgokZ7NsiL0JgFUFevEwzvZhlCJI
+7edh2kPl379+bT1lgy37Z0V8ntU0S3I/g+6RsepDuWtCGsW434Z+iAAv7aKPJz0H
+UqNHS4vElG8tQKBkO+qWRdC19hmM5itQoy/nD935hyZgRBZKFTmO3kNPPyvHVTdJ
+hYTN/WAuXAMrP5HvkMv4AXZLQSk/YJCcJsPN5p8Kd40oEuwMumI8HCwXlSnpHnro
+prdZrrCCUQ2232zCw5qQ4KZl7i5LB8AkLmNXtMUscHf6Nge3GSTILFaKoFYrDPF5
+P6u21fO1R2HcA+b7xKzK6ecpPZA25ggxPMqvRwCnT/gueVSXjOIhd3f2pEs3yVWM
+W0HenWuiWcbryuzcPAJytianU1KqtrEYhqFTxcdJAYa4xvFbCtGrmVuJ8NRomSg3
+BdL8lOfdYxE5R8VYfVxw2jcLiK4o2Bqjt17kHTzzP95E8Eybkzgo5vycmMedOBsn
+rBOUJXYFSo6hONNiMR1vlIxNi2Tdo9w5wKHUerVdXhVSLgvC7SeJeArN6+To+MVR
+n73jBAA48VcA8d5miDNnfwEDguP/Fg3+vo9VAWccR3lq9tHT1GkNyz0gyYLxmwoV
+2w+QkNYM2SzbrsDJ0GEN7s8gEkeQHuwcXHsdyJnLJQJsTrZaaHDd65BMXseE9dwu
+Lgf0zuiq2DCDTJEvabd9siS7wDOxJAKzd3atP1O4ylnzSHgvi7DNQJ8Xeu8FF43L
+Sn6KmWhdtfIhL3uNAvI2/6434qWKU4WE5Ro/TjI4uMxmfkTTQPmffJTGnH9nYJjJ
+aURTTNSKQGbeyBS9KEUjSyQAAXBaDka4zP93eOi66aeUNaMcod1aKLo9r1LpjVqe
+3qLBy7cCP56qaMTJChhwhYWtwyu5AqX2fk4LRAOrm7olFNlbJ/QMYEahztZzFuiO
+hCCGNebRqk7IYmXnvoA1gJ7VJEov1QYeLX9xnZqF+qwHzs29pNZwADtvBlWn+MT4
+yCy2JxLwIwfVuMsJWRzvHcpeOzmgtDIgUkqGzpjPB5bdtbr7GFbFkpms29DmGLtT
+Ujfylfy4W1TZtS1ryCsskAiOrTpXH0G7
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+50c09d4cd2d32cbfadcc9ebff8e624d2
+f7a5730ff6b708aad8a6bb14b3a7619d
+e32764bbe875f11ce46213a35500cc2c
+fd0b6bf2e7b8cc2392a478ad7f4e7c7a
+3fbe2e50a781ea9a4fd83cfaf64725db
+98b4740b145e2d948b3b09975866c03b
+a268f82e767fa2517b469ec3e563d321
+8156f8f192f75bf8385697aeed6b9f33
+fd74e02426437c42dc7a85afd828012a
+911e7d8e837249d33a4209dbd0a2c017
+c0ee31207a0e5ba05e736fa1c9af1cbb
+0b39dab31939eb37df367d1eccf61ff3
+28135f42ba70344179186cdd0cac5058
+9cb4bac7dd08436d1efbd452b72416e8
+59bc9118c2c6aba6107faca0604d947f
+ff8569318b234e4ddbb68189b1504969
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/SPR-BE/openvpn/gw-ckubu/crl.pem b/SPR-BE/openvpn/gw-ckubu/crl.pem
new file mode 100644
index 0000000..c32b56d
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/crl.pem
@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC5zCB0DANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIxEDAOBgNVBCkT
+B1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlFw0xODAzMTgx
+NTU5NTZaGA8yMDUwMDMxODE1NTk1NlowDQYJKoZIhvcNAQELBQADggIBAHiAKVWa
+aJxRcohJGD6hfhXEOhBqV1GxWWuoEP1ONgdgsXTEfEDdK+lTS4P0PNyxEkbFS8OH
+TuRfg5OhmONezKAi6C3rGZHeM/jYwlCaoD1mNABgwkBKiU7BeXfdho1j3dhjgZ6f
+IYVEcWFM+0UDJsnZHeA6zkpjRTL1AlB0I+mYg5f8fb85SVoxNIk3C8Hh22X19wVd
+MHYb4/F/k6AAcetLwuptdgS7nsWQama8BkJ1d9nBLV+aKdx39ZSOWKy4TuExicN3
+B41kh1qOqOnTYGkKjLLxn8AGdk4cqvZprraO6UEL4xV7WWRk3n6eaWsp0WLUnpTq
+5y3QhdSwne/nT/WAsUVE0qoKz/0LIHwL3YyEFNPpfdKn+0ulp1loqlPfZiGDEZ9s
+qs1lPAb8hSj8Gtoh6Ehb9rjH3ia78EVhzG/Npnzcq8IkJW9U9KjvJkjLUYQB0cE9
+gAKjMtJ1XWf1G/H6jYHSt85FM/fq8gnQX/yBVJzXlVdYWL4giS1K3kATJ9OjH3TL
+xyB0Evi15vG4a5HlbNT6g/a6GvEEfS6ANaBC82uRFK1AjELRCiKvjnOT5AndB/uV
+Q/tgplEqJJX2CQrH+BRUe0PWtOl0UYC84fGNr1lySHeWaI3Z3UUYeBIgJ+Y3d7/4
+5u5CE+zRVhxqCD1bxxZdJq8F8zQe4fOlWR3L
+-----END X509 CRL-----
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-ca b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-dh b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-inter b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-pass b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12 b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-server b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-req b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-req-pass b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/clean-all b/SPR-BE/openvpn/gw-ckubu/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/inherit-inter b/SPR-BE/openvpn/gw-ckubu/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/list-crl b/SPR-BE/openvpn/gw-ckubu/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf b/SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf b/SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf b/SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..30689ad
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG b/SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
new file mode 100644
index 0000000..c301e44
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl.cnf b/SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl.cnf
new file mode 120000
index 0000000..929baa7
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/openssl.cnf
@@ -0,0 +1 @@
+/etc/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/pkitool b/SPR-BE/openvpn/gw-ckubu/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/revoke-full b/SPR-BE/openvpn/gw-ckubu/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/sign-req b/SPR-BE/openvpn/gw-ckubu/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/vars b/SPR-BE/openvpn/gw-ckubu/easy-rsa/vars
new file mode 100644
index 0000000..25e755f
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/vars
@@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/gw-ckubu"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="o.open"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="argus@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN SPR"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-SPR"
+
+export KEY_ALTNAMES="VPN-SPR"
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/vars.2018-03-18-1452 b/SPR-BE/openvpn/gw-ckubu/easy-rsa/vars.2018-03-18-1452
new file mode 100644
index 0000000..e60420c
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/vars.2018-03-18-1452
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/SPR-BE/openvpn/gw-ckubu/easy-rsa/whichopensslcnf b/SPR-BE/openvpn/gw-ckubu/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/ipp.txt b/SPR-BE/openvpn/gw-ckubu/ipp.txt
new file mode 100644
index 0000000..e69de29
diff --git a/SPR-BE/openvpn/gw-ckubu/keys-created.txt b/SPR-BE/openvpn/gw-ckubu/keys-created.txt
new file mode 100644
index 0000000..f001cbb
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys-created.txt
@@ -0,0 +1,4 @@
+
+key...............: gw-ckubu.key
+common name.......: VPN-SPR-gw-ckubu
+password..........: uoziengeeyiephu5voh7eothu1Aex8ar
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/01.pem b/SPR-BE/openvpn/gw-ckubu/keys/01.pem
new file mode 100644
index 0000000..7de2af2
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/01.pem
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 15:59:51 2018 GMT
+            Not After : Mar 18 15:59:51 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:a3:49:18:ae:69:4f:5c:4a:34:b1:85:9a:4d:a5:
+                    ce:f6:2d:b5:6a:9e:40:27:02:3b:57:e0:75:ee:1c:
+                    fd:eb:20:56:eb:ed:24:f1:57:a5:cb:ad:0d:09:af:
+                    15:f3:9d:a4:67:8d:e5:a8:67:d5:1b:b8:36:f6:e6:
+                    9c:d3:e8:29:08:d6:8f:a3:5e:e1:e5:30:eb:07:bc:
+                    03:c2:95:a4:93:cc:19:86:c1:89:fb:9d:f5:38:9b:
+                    10:01:6b:74:d2:20:8e:4a:65:34:17:1a:85:39:d4:
+                    35:2b:04:f3:37:4f:f5:93:12:06:fa:c5:04:c3:73:
+                    30:30:1f:33:69:86:bc:60:cf:fb:38:ae:6f:8a:21:
+                    0e:76:35:7e:ba:0d:ad:ae:4c:6b:d0:cf:3b:73:a9:
+                    1e:58:cf:ce:bf:45:8c:52:75:ee:da:a3:f4:6c:24:
+                    8b:bd:b6:f2:db:59:fe:b7:7b:ef:8e:b8:30:ad:67:
+                    dc:bf:3d:ca:d6:e4:b3:86:bc:60:fc:f9:a5:ba:5a:
+                    0c:9d:c9:72:ec:ab:73:6d:2b:f5:9b:f0:a6:a5:c2:
+                    31:6c:5c:a6:54:47:1e:65:73:2b:47:80:bc:27:29:
+                    28:be:45:12:77:5c:44:51:cc:91:55:d3:36:5d:dd:
+                    f1:01:18:68:c5:08:de:ee:06:9b:0c:d3:a7:94:c7:
+                    99:75:c2:bb:f8:2e:19:46:db:d8:13:70:7d:a1:96:
+                    6e:21:8b:32:1b:d6:8d:74:4b:a9:1d:43:53:d2:11:
+                    3b:d9:63:b0:6a:ac:a8:e2:70:15:62:aa:c2:15:d2:
+                    1e:df:34:1e:45:3a:30:b7:54:1a:25:2f:73:c0:d8:
+                    1a:6d:8f:80:aa:7e:86:1a:84:e3:0a:c0:89:61:3f:
+                    fd:bd:19:40:b3:cb:de:2d:aa:97:af:dd:cd:a2:28:
+                    33:17:ae:50:bb:2b:00:d1:01:8a:25:32:56:d8:09:
+                    fd:58:22:fe:33:a1:f3:b5:16:cc:59:ca:d8:d3:8e:
+                    dc:62:13:25:05:c6:6a:02:fb:82:83:35:7b:e4:33:
+                    84:71:18:fa:bb:6e:48:3f:ec:be:72:a2:dd:38:bd:
+                    7a:69:89:28:6c:46:79:bf:34:30:39:5a:9f:a7:e3:
+                    9d:15:73:29:f3:24:f0:84:51:27:38:8a:20:5d:cd:
+                    d6:47:e8:2e:7c:6c:e1:8c:10:29:0a:79:96:24:fa:
+                    94:29:a1:6f:dc:d8:94:fd:d6:f7:62:24:6d:a5:cc:
+                    42:89:94:ee:8c:c4:19:31:0a:49:9d:e2:87:0a:29:
+                    cc:f0:b1:ab:8f:d8:11:71:46:de:2c:d3:a7:5b:2e:
+                    5c:f7:54:92:97:f8:1f:7b:42:23:b9:1e:47:0d:57:
+                    2a:24:bb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                BD:B0:0D:2A:D9:8E:FF:E1:91:B4:A5:26:9C:C4:D3:E8:44:B2:BB:D5
+            X509v3 Authority Key Identifier: 
+                keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:CC:E1:89:CD:8C:F7:3F:7A
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         5a:36:4b:aa:dc:7c:3a:1d:93:f5:e3:d3:b4:cd:45:e9:ff:64:
+         9a:61:36:57:06:91:e7:39:24:cf:3c:4d:4a:3a:48:97:49:dc:
+         90:96:d4:4b:0c:35:a2:88:01:47:f6:a0:5a:74:71:cb:7d:08:
+         60:2f:4e:ba:de:99:20:e1:8e:75:d1:f6:96:69:9f:53:ed:e6:
+         7a:31:4a:e2:2a:10:10:94:1b:61:ac:e7:ee:f9:6a:37:ff:80:
+         49:12:35:f8:65:3e:1e:7d:9f:8a:31:cf:0b:31:cb:a2:37:d3:
+         7d:1c:41:cd:c9:0c:34:da:bf:5a:d5:52:da:6d:71:fa:37:10:
+         f1:73:02:5e:0d:01:34:ab:fb:88:5f:ea:ee:9e:e0:1a:e5:58:
+         e1:b7:f2:a6:01:62:bc:80:2c:42:c0:7a:b9:1d:9e:00:0a:bd:
+         87:d6:e4:a5:19:ba:65:c5:24:ba:e5:b7:a5:81:3d:34:b2:20:
+         1c:29:93:98:02:7f:1c:49:53:eb:c9:ef:73:35:cf:31:61:f8:
+         34:1f:cb:76:58:22:fe:4b:ab:93:b3:83:71:93:1a:5d:78:66:
+         29:3f:f4:f6:d5:4b:d5:ff:ff:f4:83:2d:f3:73:c3:d9:33:f2:
+         af:97:4f:f2:f3:f7:54:80:32:30:5b:b3:db:cb:a9:23:e0:df:
+         e1:d6:bd:db:3a:36:55:52:19:e7:1e:6e:72:0c:25:43:31:c3:
+         b5:01:27:af:72:85:e9:ab:ce:5a:62:8b:c0:73:be:67:52:56:
+         a2:6c:04:74:66:46:ab:fb:03:d3:3a:89:e9:7c:8a:0b:e5:d1:
+         01:52:00:41:f1:aa:fe:48:8b:ab:af:e1:4b:40:16:2e:f0:3e:
+         50:cb:6d:d9:bb:95:1f:f3:56:17:6e:67:aa:00:bd:da:9b:2c:
+         8c:b5:dc:3c:41:0d:87:7b:05:5a:6f:a5:a2:d2:cf:bb:a0:7e:
+         d5:aa:d1:cc:d8:57:9a:81:cb:ef:7f:ad:76:95:eb:65:6f:c0:
+         2e:21:61:fa:9c:6a:ee:f3:f9:d3:7a:9c:e1:5a:37:83:1d:61:
+         85:01:70:26:54:29:bf:52:50:7c:ff:5c:24:94:0a:5e:f5:37:
+         a8:36:2a:83:c8:d1:1a:ae:bb:19:b3:1b:a1:68:14:ef:33:a5:
+         7a:d1:b7:ff:74:d5:69:08:91:f7:f2:d6:e1:12:c2:17:70:e2:
+         13:f8:17:92:31:19:46:35:a9:13:79:f9:cf:2a:b9:8b:7a:2b:
+         b4:76:d0:0f:3b:75:0c:99:99:a7:dd:26:f1:da:82:7b:f7:d7:
+         67:8c:cc:c8:16:63:c9:c2:23:47:71:a1:cd:34:88:a9:8a:fa:
+         59:f3:1f:08:ab:e1:33:a6
+-----BEGIN CERTIFICATE-----
+MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODE1NTk1MVoXDTM4MDMxODE1NTk1MVowgaUxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BS
+LXNlcnZlcjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjSRiuaU9c
+SjSxhZpNpc72LbVqnkAnAjtX4HXuHP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9Ub
+uDb25pzT6CkI1o+jXuHlMOsHvAPClaSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU5
+1DUrBPM3T/WTEgb6xQTDczAwHzNphrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Y
+z86/RYxSde7ao/RsJIu9tvLbWf63e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLs
+q3NtK/Wb8KalwjFsXKZURx5lcytHgLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7u
+BpsM06eUx5l1wrv4LhlG29gTcH2hlm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBVi
+qsIV0h7fNB5FOjC3VBolL3PA2Bptj4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2i
+KDMXrlC7KwDRAYolMlbYCf1YIv4zofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4Rx
+GPq7bkg/7L5yot04vXppiShsRnm/NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58
+bOGMECkKeZYk+pQpoW/c2JT91vdiJG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFx
+Rt4s06dbLlz3VJKX+B97QiO5HkcNVyokuwIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
+ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
+bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFL2wDSrZjv/hkbSl
+JpzE0+hEsrvVMIHTBgNVHSMEgcswgciAFHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGk
+pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejATBgNVHSUEDDAKBggrBgEF
+BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
+CwUAA4ICAQBaNkuq3Hw6HZP149O0zUXp/2SaYTZXBpHnOSTPPE1KOkiXSdyQltRL
+DDWiiAFH9qBadHHLfQhgL0663pkg4Y510faWaZ9T7eZ6MUriKhAQlBthrOfu+Wo3
+/4BJEjX4ZT4efZ+KMc8LMcuiN9N9HEHNyQw02r9a1VLabXH6NxDxcwJeDQE0q/uI
+X+runuAa5Vjht/KmAWK8gCxCwHq5HZ4ACr2H1uSlGbplxSS65belgT00siAcKZOY
+An8cSVPrye9zNc8xYfg0H8t2WCL+S6uTs4NxkxpdeGYpP/T21UvV///0gy3zc8PZ
+M/Kvl0/y8/dUgDIwW7Pby6kj4N/h1r3bOjZVUhnnHm5yDCVDMcO1ASevcoXpq85a
+YovAc75nUlaibAR0Zkar+wPTOonpfIoL5dEBUgBB8ar+SIurr+FLQBYu8D5Qy23Z
+u5Uf81YXbmeqAL3amyyMtdw8QQ2HewVab6Wi0s+7oH7VqtHM2Feagcvvf612letl
+b8AuIWH6nGru8/nTepzhWjeDHWGFAXAmVCm/UlB8/1wklApe9TeoNiqDyNEarrsZ
+sxuhaBTvM6V60bf/dNVpCJH38tbhEsIXcOIT+BeSMRlGNakTefnPKrmLeiu0dtAP
+O3UMmZmn3Sbx2oJ799dnjMzIFmPJwiNHcaHNNIipivpZ8x8Iq+Ezpg==
+-----END CERTIFICATE-----
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/02.pem b/SPR-BE/openvpn/gw-ckubu/keys/02.pem
new file mode 100644
index 0000000..28b2224
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/02.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 22:13:06 2018 GMT
+            Not After : Mar 18 22:13:06 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-gw-ckubu/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d9:a8:c0:d0:da:7f:53:f3:f8:00:92:ff:0f:03:
+                    cd:48:91:22:ee:e2:eb:27:ed:79:e5:81:9d:54:e1:
+                    e2:91:74:c2:69:9b:21:5e:ac:ab:b9:c5:5c:77:9f:
+                    20:d6:18:8e:ef:ec:cd:4e:43:8e:a9:b5:ef:9d:18:
+                    50:f2:95:98:98:bb:73:e0:8d:2a:44:2d:da:43:5a:
+                    f3:4a:8f:10:d6:99:e7:44:ee:40:05:a3:1e:02:20:
+                    54:2d:48:3e:99:23:93:ff:b6:74:89:38:ad:52:8f:
+                    c0:2d:01:da:aa:25:bc:7f:25:8f:55:57:82:de:a2:
+                    79:15:3a:0b:02:c2:b8:1e:49:b6:f2:9b:38:4c:f4:
+                    c0:24:b6:b0:22:8f:b1:cc:f4:47:ef:fd:8d:ff:bd:
+                    0c:00:7a:0a:bd:6d:e0:c9:1a:c0:9e:e1:de:69:f5:
+                    ec:dd:ed:99:f0:d4:ab:21:ab:de:17:fc:9e:f2:60:
+                    30:50:53:26:c4:4b:29:c8:1d:34:47:c3:50:66:13:
+                    d5:c2:79:f2:ba:8d:94:18:ec:b3:1d:b8:4f:62:af:
+                    fd:5e:f6:b6:f8:2f:d1:8f:3c:8c:34:0b:24:80:0e:
+                    fe:cc:2a:59:c6:1a:a8:a1:d0:02:fb:e6:83:7c:d8:
+                    7e:b8:b5:d1:5f:4c:b0:4c:4a:b3:07:c4:bc:62:e0:
+                    97:2f:b7:12:43:21:3e:e1:14:f4:9a:a2:f9:ce:66:
+                    e1:ac:0a:1b:1e:96:c3:46:20:24:99:21:80:7c:3e:
+                    0f:cf:fb:fc:48:e2:69:73:36:b1:5c:12:5a:28:d2:
+                    b5:84:66:7f:f2:e6:62:54:b6:4e:cd:fc:30:70:02:
+                    d1:68:d3:77:68:fc:88:e0:75:6b:87:63:0e:fd:a3:
+                    19:2b:f4:8a:ad:f3:a6:fe:b7:23:41:42:0e:a5:6a:
+                    4d:68:73:24:69:0c:b1:4a:30:93:80:32:5a:b9:ca:
+                    36:c3:1f:0b:86:47:1b:67:3c:0d:38:40:02:e2:96:
+                    fc:e3:ae:fa:16:a6:18:09:14:b8:d0:ba:49:83:21:
+                    19:9b:ac:fd:5a:0f:26:e7:45:e6:fa:7e:e4:09:2d:
+                    84:0a:3f:37:9c:0f:c4:89:bf:9d:62:57:57:c3:6b:
+                    f4:27:76:e1:32:1b:ed:37:97:e8:44:96:0a:46:4c:
+                    b3:f3:b7:d4:15:b1:25:9f:77:9f:93:ef:ea:e1:0f:
+                    94:1a:75:6e:1e:68:8f:af:45:da:f5:66:f6:46:a5:
+                    f1:89:a9:3b:c8:e4:bb:0c:ee:c0:98:2c:ed:fd:f4:
+                    d1:a8:86:f8:92:45:f8:fc:fa:f3:0f:f9:07:5e:f4:
+                    a6:0b:ae:c9:bc:aa:f1:44:0d:24:98:58:33:2a:3d:
+                    2f:d9:c1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                13:52:C6:BA:47:03:D1:DF:AE:FB:87:8E:FB:8A:66:74:D7:91:D3:76
+            X509v3 Authority Key Identifier: 
+                keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:CC:E1:89:CD:8C:F7:3F:7A
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         40:c6:2a:2c:27:c7:69:e5:54:1e:15:a4:af:87:e1:f1:3a:29:
+         82:e3:a8:60:a9:64:b9:62:47:15:c3:d9:5f:f3:2f:05:ed:eb:
+         78:58:18:c3:d4:c5:49:aa:ab:e9:e7:40:02:33:6d:17:8e:7f:
+         8f:f7:6a:fc:2e:6a:83:1c:87:c3:c6:99:b4:dd:a1:98:9c:e5:
+         0c:6e:d0:5c:0d:ed:fd:b8:79:e9:98:b8:4b:42:f1:1e:a3:ac:
+         b5:47:7d:fb:82:98:d5:fe:9f:de:13:f4:5c:3c:76:1e:59:e0:
+         16:3d:5b:72:47:af:ad:b2:e4:29:11:13:4d:d5:4d:68:22:bb:
+         89:d1:96:e9:27:c3:22:45:60:57:23:f2:9f:21:ea:4b:7d:a8:
+         8a:12:a5:c6:8e:4d:fc:ab:85:45:20:c6:ee:27:8c:40:82:c3:
+         b6:63:65:b2:ef:69:6a:b8:93:94:9e:6b:dc:c1:2f:fe:69:f6:
+         98:49:56:f8:26:64:17:e2:a0:c5:ca:6d:8a:e0:f4:c5:2e:9d:
+         6c:4c:0c:9d:be:0d:17:4b:bd:5e:f0:5b:00:72:1e:b3:21:7d:
+         b6:7b:d4:a3:c0:78:91:7c:32:c5:d1:e9:61:da:1d:3c:dc:92:
+         a3:a1:d2:5f:0e:e4:13:f3:53:4e:c8:27:18:4a:87:61:c8:da:
+         3a:1a:65:f1:1f:e5:d7:fd:f4:04:6d:1f:bc:94:8b:da:9b:db:
+         f3:a0:a9:47:b6:b8:5f:d9:e8:c0:d4:ba:e8:a9:a0:af:79:3c:
+         00:9f:f3:2b:c6:18:4a:6b:ce:a0:04:ba:ca:12:92:f5:c9:02:
+         44:c7:05:a8:cd:3d:97:f7:33:dd:3d:5a:ac:b4:0b:ca:d1:54:
+         2d:3a:fb:2f:40:4f:54:e8:6d:ad:f2:4d:bd:b0:50:43:85:43:
+         8b:f0:24:af:88:c2:2d:dd:d7:ac:da:ea:fc:d9:02:b1:20:a6:
+         28:f6:99:ee:51:55:b9:70:56:84:83:96:a6:d3:4c:a3:7f:a1:
+         b4:ce:9b:75:6b:da:d0:57:d4:d0:9d:55:a4:2e:c3:05:93:70:
+         09:a3:ce:e3:1d:f9:b9:6e:10:e3:a7:94:17:c0:4e:e2:dd:9d:
+         17:60:64:00:34:2d:bb:50:03:13:9c:a5:d5:2c:c5:1e:8a:c7:
+         25:c5:aa:5a:3b:c0:f7:9f:c7:b1:89:29:e4:da:02:dd:14:e7:
+         42:70:ef:a8:13:03:0c:53:81:d8:32:06:ea:25:f7:df:29:66:
+         17:b2:b8:56:af:8c:7f:4a:99:66:3f:ab:53:7e:5b:23:ad:3e:
+         01:77:d1:58:db:a4:33:5f:19:71:fc:cc:58:79:e8:bc:85:b4:
+         1c:5d:a6:3b:95:49:41:23
+-----BEGIN CERTIFICATE-----
+MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODIyMTMwNloXDTM4MDMxODIyMTMwNlowgacxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BS
+LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANmowNDa
+f1Pz+ACS/w8DzUiRIu7i6yfteeWBnVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5D
+jqm1750YUPKVmJi7c+CNKkQt2kNa80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4
+rVKPwC0B2qolvH8lj1VXgt6ieRU6CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9
+DAB6Cr1t4MkawJ7h3mn17N3tmfDUqyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ5
+8rqNlBjssx24T2Kv/V72tvgv0Y88jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9M
+sExKswfEvGLgly+3EkMhPuEU9Jqi+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2
+sVwSWijStYRmf/LmYlS2Ts38MHAC0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FC
+DqVqTWhzJGkMsUowk4AyWrnKNsMfC4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMh
+GZus/VoPJudF5vp+5AkthAo/N5wPxIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O3
+1BWxJZ93n5Pv6uEPlBp1bh5oj69F2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF
++Pz68w/5B170pguuybyq8UQNJJhYMyo9L9nBAgMBAAGjggFqMIIBZjAJBgNVHRME
+AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
+dGUwHQYDVR0OBBYEFBNSxrpHA9HfrvuHjvuKZnTXkdN2MIHTBgNVHSMEgcswgciA
+FHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
+MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4G
+A1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM
+4YnNjPc/ejATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
+BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAEDGKiwnx2nlVB4VpK+H
+4fE6KYLjqGCpZLliRxXD2V/zLwXt63hYGMPUxUmqq+nnQAIzbReOf4/3avwuaoMc
+h8PGmbTdoZic5Qxu0FwN7f24eemYuEtC8R6jrLVHffuCmNX+n94T9Fw8dh5Z4BY9
+W3JHr62y5CkRE03VTWgiu4nRluknwyJFYFcj8p8h6kt9qIoSpcaOTfyrhUUgxu4n
+jECCw7ZjZbLvaWq4k5Sea9zBL/5p9phJVvgmZBfioMXKbYrg9MUunWxMDJ2+DRdL
+vV7wWwByHrMhfbZ71KPAeJF8MsXR6WHaHTzckqOh0l8O5BPzU07IJxhKh2HI2joa
+ZfEf5df99ARtH7yUi9qb2/OgqUe2uF/Z6MDUuuipoK95PACf8yvGGEprzqAEusoS
+kvXJAkTHBajNPZf3M909Wqy0C8rRVC06+y9AT1Toba3yTb2wUEOFQ4vwJK+Iwi3d
+16za6vzZArEgpij2me5RVblwVoSDlqbTTKN/obTOm3Vr2tBX1NCdVaQuwwWTcAmj
+zuMd+bluEOOnlBfATuLdnRdgZAA0LbtQAxOcpdUsxR6KxyXFqlo7wPefx7GJKeTa
+At0U50Jw76gTAwxTgdgyBuol998pZheyuFavjH9KmWY/q1N+WyOtPgF30VjbpDNf
+GXH8zFh56LyFtBxdpjuVSUEj
+-----END CERTIFICATE-----
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/ca.crt b/SPR-BE/openvpn/gw-ckubu/keys/ca.crt
new file mode 100644
index 0000000..de0a62b
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/ca.crt
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIGzDCCBLSgAwIBAgIJAMzhic2M9z96MA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwIBcNMTgwMzE4MTM1NDAzWhgPMjA1MDAzMTgxMzU0MDNaMIGeMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
+AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU3Y3K
+UW+th51pqc+MttFyQNVQ+TwGUFptpoES5KIDqXifbqQfTLNUch1us+C0e6qt6B/t
+ZSotqwAqBgA9bT4ws02sMP2U7U0+sn+rxvb9H/6Q0H4KixfsyTTxqrstEphEE2aF
+eC9L3Z4QlJuafsuUWIxT9LW1KnaPV5CIDz/cJZIO/Xc7/TRyiO0ylgf6+br2zAFH
+Rm8Tnr1TDUm2ftB0ukG2wsmGhd/+lXPBrXWwC83NBYjFi0o9OZZmAUekyNWUTHQY
+UJ1fLJAPLdpoVuxbV0BK6HQdpRvj4KyMBt/kEcGMXSLuAr1/848wI1EI8AuFyaZV
+RQdnS6yHxZ4+Mi8YSdXEj+nb/SwBGxz9kmmVUQCTlPm/B4Y5I+3ivS9PxihpSwHo
+zJkr8tr+xwfnFXSXB3wPdYu9rD8KmY3/uDYy9iWLg0/xW6keL4luDCVNjltMjc0x
+03MOpv9cjN2eBwGyU2dHyyfDPSqSsQi9FZeWmgCzwJ0rL4WywDRc5paXbaWtzdqQ
+98gVox7lFbmQIE5VoFc4VTKEIY9D/cLdmZpWzPHOn3vPEc5eAFKb5qZv2IlN420Q
+CSCFJAb5orrIj9ALAIvFXfvTv5o7G+ZEvk4eMP39nK1ZXc6/cL7/IapPfy3/vUs0
+tEph6pRHP39bcH9pxVAA7WkTS5ZEUshA7NrUEwIDAQABo4IBBzCCAQMwHQYDVR0O
+BBYEFHHdskSE3v+RJciX4ZEOWD5SJZ+qMIHTBgNVHSMEgcswgciAFHHdskSE3v+R
+JciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
+IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQB1cA8o2Fo78xQ8jRdyfbvK
+GFH8+SMoOh/8qxj9prk0kLYAro5QnzEBmftHhf3sXevEAUWpr77VL1FxhTXgKUp2
+S06S/meC24M/KclxM+W/7AuG9yrJuW122l61OuWUcDWA24oj0KG896Mbw13ieeWS
+7XmC1YU5Lix3wiWnjD7QZ+E4dg09z722+zwUi1UwRekzJZmB8pTHHmbX4Yig/K27
+STnxQEiVZzlzcvjY6QvC3Sj/aA3YCSNl0bsSwH6GwXXJZ3BEKmm6w+ZRQMTz7+72
+q0ybGf43XH4sj2OBm1YvCD8LehygPy2uJYlDxG8zRq2kxYxiWLbncs1x9Acusd7l
+Te+k8YArRTqsWLN5Q47sGO4H1clz4ay80TTuz4Vc6JQ3banHDmMFV2nMsR2YtKX6
+lKD3lXvMU04ZvZe2SolP1uTto3Jw3cNarigj/nHjn5s16uvy6Q3x4TyVUqyAOqrG
+cuGrbYAEqtVnMrrovGZTj73HSwAx2PD+3jJKZH+suwBIijNL90wbkNlsNHlNcQeQ
+zQAlYRBdCYWFU+7d86kUWYYrActGZc2MJmBZzZ/Tt7YoOIw6NMnWcpMMTUV+zToP
+WWrD5OMDc7EX9BmMg7uif46UF6ol2puGXpQIF/yVRbFk1IiPwhc1ZyCuh+1ugh5+
+CZSTeKgLDVjfXlqH1ErAvQ==
+-----END CERTIFICATE-----
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/ca.key b/SPR-BE/openvpn/gw-ckubu/keys/ca.key
new file mode 100644
index 0000000..ecefc0e
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDU3Y3KUW+th51p
+qc+MttFyQNVQ+TwGUFptpoES5KIDqXifbqQfTLNUch1us+C0e6qt6B/tZSotqwAq
+BgA9bT4ws02sMP2U7U0+sn+rxvb9H/6Q0H4KixfsyTTxqrstEphEE2aFeC9L3Z4Q
+lJuafsuUWIxT9LW1KnaPV5CIDz/cJZIO/Xc7/TRyiO0ylgf6+br2zAFHRm8Tnr1T
+DUm2ftB0ukG2wsmGhd/+lXPBrXWwC83NBYjFi0o9OZZmAUekyNWUTHQYUJ1fLJAP
+LdpoVuxbV0BK6HQdpRvj4KyMBt/kEcGMXSLuAr1/848wI1EI8AuFyaZVRQdnS6yH
+xZ4+Mi8YSdXEj+nb/SwBGxz9kmmVUQCTlPm/B4Y5I+3ivS9PxihpSwHozJkr8tr+
+xwfnFXSXB3wPdYu9rD8KmY3/uDYy9iWLg0/xW6keL4luDCVNjltMjc0x03MOpv9c
+jN2eBwGyU2dHyyfDPSqSsQi9FZeWmgCzwJ0rL4WywDRc5paXbaWtzdqQ98gVox7l
+FbmQIE5VoFc4VTKEIY9D/cLdmZpWzPHOn3vPEc5eAFKb5qZv2IlN420QCSCFJAb5
+orrIj9ALAIvFXfvTv5o7G+ZEvk4eMP39nK1ZXc6/cL7/IapPfy3/vUs0tEph6pRH
+P39bcH9pxVAA7WkTS5ZEUshA7NrUEwIDAQABAoICAGlmxyXOCzFuvFgsuFOh1rXv
+OnEc6EbsFMrErpbvVPXhPZQcUfIZpZaD5uUA9pwHvCzeiqie9jKkwLEORaIk7K1q
+q2Q+4eGTWzNXaXZiT7xo0kFcq3yHATLDMo8Tjhk0YucagCJIr4quUu082Iu4iw+K
+hPmxayQowYoavrtQabuVcuwvP5IZv5WTDXiF56+zZot72oozax7Y9EAijURrKMcT
+zyQy8VzF/3LtB+N4A5VHUwFY4y+F2B3W3QznR1VmCLOk47uCd1pAE5kgiEwv9lsI
+KhKtZYmkTtoYTvgLE2O4ExFwsLIP80tfC6C3bBGz4tC9V7pTMuZIB0c3aDK94KkL
+geojeQg/D81yRzrIImcQDW+6asJJBdV6fdjeWW7oMG6pvweg5xKG53dUgqrcC4yz
+EC4mMO4MF4oTUnOv2yYnQOA2GIy7myf87rFKonqB6vzlA7KoE7aOvX3ZTiuydBZ+
+StIZ6aJIK7IINa/4QE1TZBLG51GO+u8SE8BMlm96HB//TVp+AmgtrXlqlbREfYHk
+CgUB4aIYsvtcfBoy/T0tWREByIFBTDZMO68Ifcaspvys62y1H879BmKTGiq9XCX/
+PPQduHUBzcS1wUmnRerSOyvhqqsOvJMEXjbQAJP2J8mBWd8TLaQWtftFb7Y4XXjt
+lTsjK5+a+Vux+bugK4rZAoIBAQD5Mvwd9ETTGrW33Gss2u5GswzFIWQymjYHaXlJ
+j9YgqmUMRnClBFRCODmBONjw5A866/adXi5N8ZZAxCQUOnrCLJ0TdMb5JnhcH//G
+dPHO2iiZV+JUsZbOaxD9m2SPogStqSGVt9i1CRyVC/SWGAxgKdHB52kEfDp/PhOH
+dY5iH+kPaPvQd7DSrIjuY9vqlavDAMZ4Wf/Pigeh1/j1LvALZoqb0fAj/qD81U9W
++4BnPBQz/fMhOTu/z+lUC5T4l2WT5zmQ89knkSeUOboCjQ9Int9FH8DFGXY0YKmC
+5y9HBt1xypWesnqGCCESiU8lWXvM5T3V6zXyOHpF/72+p/e9AoIBAQDarLnG24Ef
+SoIQgEgOuTwajsjducGl/YuHtz6fKLD1OtAbQDYmQCUSUraJXFtYVe0sZa1dQPj3
+yGJ0whJW1Po8tIAIfacjJ/gQ6F4xNhqxmbcxGEvMDCWFyyxKOTcmY4tT/Q00Cv4z
+Oz+RGWD1Mnw90fFs+KLe7gAfbZgXZ/CDriSEyBPGLARZYCrpQ74FogUGAVcAhZb9
+l/2vxaMBr4EVkuIrpd7yP8tWEdnta4ACeW6CcX2KIAGi12o6Z35RO4nfo3BZszUy
+pnA4Lau2TmzSqV3/hn2M6tJP9mXaiF7HnvGw2t+/o5nTv2clBm2L2MZOEpNANS3J
+YUVVb5W+XZAPAoIBAQCgZb+/bAWMt6l1YaueYIB0AzVaAUckBvx1wt7tiWZy+ho2
+T3Sb0nCFevkQgs2oJ7Lh4xWGbyNwyepDX7w1RPrU1rB34Hdd0PQxn+sbCxTFZsgx
+A09L4k7GKEX0ZrvQc6F9Qdq7Km2TAP1jtiFFJs94ahJ4M4H2ABwK4KLjUrhF0nJJ
+l/JVWWT4BVPR1XasxI+c4Xfd6VftdtO4yXGWJxMc03CuIO/nyzJF6uq5ewJH8HS0
+jmWa4eLicGmnzhih9ZjNHUyBT2Nbw2NtVcazc6X9wTzGmkyS0POzfPA+sJ1Oo02P
+u6yYTBrvAHaBHt5RlQpJdNhbQ50iflW9joHMIQMlAoIBAQDU/ucZjhcQPoe/wOPv
+C3hCug9nARdhMjylXdSuPHlY9Adec8YKrfIuDcjktMP4oAGbfBJIQg//cfyMk7g/
+QcXYOUx4eMPC15ymA2Az+Oo5UWuBc5Po1W/7CTJDvcU9LDq6/UHODmMZzb0V/S1W
+x+0CXisVpH0oPZR7CEnbio9YA9hoSWYRYjB+SdCiUyyU2gKgnc97n6O5sUEV46Dp
+9GP8eoy4TSGCvqa1WD/4JPyT7Gm6vwaz8ocFcWN0Lfh48VBTOCQoCwlnI30tCzc1
+JOCUtQns6bgC+XsPDgaZvLjtIaFzTU4hoR4lhUrXYpJzZBuMUkWBhgrqG0fodv7Z
+ZNL7AoIBAFiZkq/ccCajhfGw/3XJaGsT9n+X5IZFr4HwK8ucZhVsBidrV7MVT/iU
+gzmicc0vj3gktvUJt4WpwYxkneriS0Pxlf9yPny499TczgVgkqxaLVdFTUNPE4zv
+MIhvqgtyaSBo1sG9zP01hk7sdUroSnn28TOAPnLXCPgRvdK5q78NflsztokHMGnf
+48RE4kEs8x+1u1xHOOe1SwXSeGjQ2HCiEtHjcHuCkeyIMuc3g7ihHAkflKx3jdRd
+KbQNVAvuMy+9lUzUXgXWbbk3sU27WGP87pP5D+BlAEA2ZeJ+CmxV+jy+9MEVFVi0
+liKWQWNz50yAIjjVr0jSOoWfnCLxXb4=
+-----END PRIVATE KEY-----
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/crl.pem b/SPR-BE/openvpn/gw-ckubu/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/dh4096.pem b/SPR-BE/openvpn/gw-ckubu/keys/dh4096.pem
new file mode 100644
index 0000000..b09ead5
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/dh4096.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA8AcG6srQW5kZUMnDpQ3FlcyKqlJ4qL10h72+PfKfbXeKwg3a5n0v
+kiUIFNSsPZ9Zei9mpEVvVAfy9y1WeewVzvTN+rp5W5gUfMDZHJLSMZt038iWeEhK
+x2Regp3Bb+2suBrG53YfVmKLjxyrtb5lZc25YJWnholXMaf19dCl7B301vLKS5dA
+RXhHqHWrzZ8Mr6Z1IijOZyOY9tK4zpACS/5qs+lPNam89WdTxdRfwNuxdyDWpWV2
+NL5pIJ3D81gslw68bNqVVO2GGjIJlG33CxgvkyR8/WC5YyhkGhufQzyMxmFHeaVb
+bsgF57LhjDCKz7HmmNnwhJJnfoeYis3BGHJsTO2tDh4bxJeyNqtqvAnh0DnK1KED
+QExIcnCrx7UcaoeFZTtYfRzwPejfB3lhlXckvVHcKiDZvCotCJRXyYQJVQja5mYS
+k8a4Qbxx07h94FeEXErHKsLcLqzKXa+RzX07+yzwgWsphWFtmeBroOUzVr+dCtK4
+YLzYcZYq+LBMtl7d6NXXsFS1P5Rw5iu0G1o7CuiXeez6bsoj622gghhc23d727Nx
+phmv74FINMjJsdraJShpwuYwbwVQCevfvE3FddDf/eR5WMqLx1EdpX3WT+udGQ3l
+2oVss5bY7eMFtNnT1eX7G8C9iUSWC9kJEu5ERA8JS0x6eb3pcAy+lWsCAQI=
+-----END DH PARAMETERS-----
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.crt b/SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.crt
new file mode 100644
index 0000000..28b2224
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 22:13:06 2018 GMT
+            Not After : Mar 18 22:13:06 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-gw-ckubu/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d9:a8:c0:d0:da:7f:53:f3:f8:00:92:ff:0f:03:
+                    cd:48:91:22:ee:e2:eb:27:ed:79:e5:81:9d:54:e1:
+                    e2:91:74:c2:69:9b:21:5e:ac:ab:b9:c5:5c:77:9f:
+                    20:d6:18:8e:ef:ec:cd:4e:43:8e:a9:b5:ef:9d:18:
+                    50:f2:95:98:98:bb:73:e0:8d:2a:44:2d:da:43:5a:
+                    f3:4a:8f:10:d6:99:e7:44:ee:40:05:a3:1e:02:20:
+                    54:2d:48:3e:99:23:93:ff:b6:74:89:38:ad:52:8f:
+                    c0:2d:01:da:aa:25:bc:7f:25:8f:55:57:82:de:a2:
+                    79:15:3a:0b:02:c2:b8:1e:49:b6:f2:9b:38:4c:f4:
+                    c0:24:b6:b0:22:8f:b1:cc:f4:47:ef:fd:8d:ff:bd:
+                    0c:00:7a:0a:bd:6d:e0:c9:1a:c0:9e:e1:de:69:f5:
+                    ec:dd:ed:99:f0:d4:ab:21:ab:de:17:fc:9e:f2:60:
+                    30:50:53:26:c4:4b:29:c8:1d:34:47:c3:50:66:13:
+                    d5:c2:79:f2:ba:8d:94:18:ec:b3:1d:b8:4f:62:af:
+                    fd:5e:f6:b6:f8:2f:d1:8f:3c:8c:34:0b:24:80:0e:
+                    fe:cc:2a:59:c6:1a:a8:a1:d0:02:fb:e6:83:7c:d8:
+                    7e:b8:b5:d1:5f:4c:b0:4c:4a:b3:07:c4:bc:62:e0:
+                    97:2f:b7:12:43:21:3e:e1:14:f4:9a:a2:f9:ce:66:
+                    e1:ac:0a:1b:1e:96:c3:46:20:24:99:21:80:7c:3e:
+                    0f:cf:fb:fc:48:e2:69:73:36:b1:5c:12:5a:28:d2:
+                    b5:84:66:7f:f2:e6:62:54:b6:4e:cd:fc:30:70:02:
+                    d1:68:d3:77:68:fc:88:e0:75:6b:87:63:0e:fd:a3:
+                    19:2b:f4:8a:ad:f3:a6:fe:b7:23:41:42:0e:a5:6a:
+                    4d:68:73:24:69:0c:b1:4a:30:93:80:32:5a:b9:ca:
+                    36:c3:1f:0b:86:47:1b:67:3c:0d:38:40:02:e2:96:
+                    fc:e3:ae:fa:16:a6:18:09:14:b8:d0:ba:49:83:21:
+                    19:9b:ac:fd:5a:0f:26:e7:45:e6:fa:7e:e4:09:2d:
+                    84:0a:3f:37:9c:0f:c4:89:bf:9d:62:57:57:c3:6b:
+                    f4:27:76:e1:32:1b:ed:37:97:e8:44:96:0a:46:4c:
+                    b3:f3:b7:d4:15:b1:25:9f:77:9f:93:ef:ea:e1:0f:
+                    94:1a:75:6e:1e:68:8f:af:45:da:f5:66:f6:46:a5:
+                    f1:89:a9:3b:c8:e4:bb:0c:ee:c0:98:2c:ed:fd:f4:
+                    d1:a8:86:f8:92:45:f8:fc:fa:f3:0f:f9:07:5e:f4:
+                    a6:0b:ae:c9:bc:aa:f1:44:0d:24:98:58:33:2a:3d:
+                    2f:d9:c1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                13:52:C6:BA:47:03:D1:DF:AE:FB:87:8E:FB:8A:66:74:D7:91:D3:76
+            X509v3 Authority Key Identifier: 
+                keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:CC:E1:89:CD:8C:F7:3F:7A
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         40:c6:2a:2c:27:c7:69:e5:54:1e:15:a4:af:87:e1:f1:3a:29:
+         82:e3:a8:60:a9:64:b9:62:47:15:c3:d9:5f:f3:2f:05:ed:eb:
+         78:58:18:c3:d4:c5:49:aa:ab:e9:e7:40:02:33:6d:17:8e:7f:
+         8f:f7:6a:fc:2e:6a:83:1c:87:c3:c6:99:b4:dd:a1:98:9c:e5:
+         0c:6e:d0:5c:0d:ed:fd:b8:79:e9:98:b8:4b:42:f1:1e:a3:ac:
+         b5:47:7d:fb:82:98:d5:fe:9f:de:13:f4:5c:3c:76:1e:59:e0:
+         16:3d:5b:72:47:af:ad:b2:e4:29:11:13:4d:d5:4d:68:22:bb:
+         89:d1:96:e9:27:c3:22:45:60:57:23:f2:9f:21:ea:4b:7d:a8:
+         8a:12:a5:c6:8e:4d:fc:ab:85:45:20:c6:ee:27:8c:40:82:c3:
+         b6:63:65:b2:ef:69:6a:b8:93:94:9e:6b:dc:c1:2f:fe:69:f6:
+         98:49:56:f8:26:64:17:e2:a0:c5:ca:6d:8a:e0:f4:c5:2e:9d:
+         6c:4c:0c:9d:be:0d:17:4b:bd:5e:f0:5b:00:72:1e:b3:21:7d:
+         b6:7b:d4:a3:c0:78:91:7c:32:c5:d1:e9:61:da:1d:3c:dc:92:
+         a3:a1:d2:5f:0e:e4:13:f3:53:4e:c8:27:18:4a:87:61:c8:da:
+         3a:1a:65:f1:1f:e5:d7:fd:f4:04:6d:1f:bc:94:8b:da:9b:db:
+         f3:a0:a9:47:b6:b8:5f:d9:e8:c0:d4:ba:e8:a9:a0:af:79:3c:
+         00:9f:f3:2b:c6:18:4a:6b:ce:a0:04:ba:ca:12:92:f5:c9:02:
+         44:c7:05:a8:cd:3d:97:f7:33:dd:3d:5a:ac:b4:0b:ca:d1:54:
+         2d:3a:fb:2f:40:4f:54:e8:6d:ad:f2:4d:bd:b0:50:43:85:43:
+         8b:f0:24:af:88:c2:2d:dd:d7:ac:da:ea:fc:d9:02:b1:20:a6:
+         28:f6:99:ee:51:55:b9:70:56:84:83:96:a6:d3:4c:a3:7f:a1:
+         b4:ce:9b:75:6b:da:d0:57:d4:d0:9d:55:a4:2e:c3:05:93:70:
+         09:a3:ce:e3:1d:f9:b9:6e:10:e3:a7:94:17:c0:4e:e2:dd:9d:
+         17:60:64:00:34:2d:bb:50:03:13:9c:a5:d5:2c:c5:1e:8a:c7:
+         25:c5:aa:5a:3b:c0:f7:9f:c7:b1:89:29:e4:da:02:dd:14:e7:
+         42:70:ef:a8:13:03:0c:53:81:d8:32:06:ea:25:f7:df:29:66:
+         17:b2:b8:56:af:8c:7f:4a:99:66:3f:ab:53:7e:5b:23:ad:3e:
+         01:77:d1:58:db:a4:33:5f:19:71:fc:cc:58:79:e8:bc:85:b4:
+         1c:5d:a6:3b:95:49:41:23
+-----BEGIN CERTIFICATE-----
+MIIHLjCCBRagAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODIyMTMwNloXDTM4MDMxODIyMTMwNlowgacxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BS
+LWd3LWNrdWJ1MRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1
+c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANmowNDa
+f1Pz+ACS/w8DzUiRIu7i6yfteeWBnVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5D
+jqm1750YUPKVmJi7c+CNKkQt2kNa80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4
+rVKPwC0B2qolvH8lj1VXgt6ieRU6CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9
+DAB6Cr1t4MkawJ7h3mn17N3tmfDUqyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ5
+8rqNlBjssx24T2Kv/V72tvgv0Y88jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9M
+sExKswfEvGLgly+3EkMhPuEU9Jqi+c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2
+sVwSWijStYRmf/LmYlS2Ts38MHAC0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FC
+DqVqTWhzJGkMsUowk4AyWrnKNsMfC4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMh
+GZus/VoPJudF5vp+5AkthAo/N5wPxIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O3
+1BWxJZ93n5Pv6uEPlBp1bh5oj69F2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF
++Pz68w/5B170pguuybyq8UQNJJhYMyo9L9nBAgMBAAGjggFqMIIBZjAJBgNVHRME
+AjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNh
+dGUwHQYDVR0OBBYEFBNSxrpHA9HfrvuHjvuKZnTXkdN2MIHTBgNVHSMEgcswgciA
+FHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0G
+A1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZ
+MBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4G
+A1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDM
+4YnNjPc/ejATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0R
+BAwwCoIIZ3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAEDGKiwnx2nlVB4VpK+H
+4fE6KYLjqGCpZLliRxXD2V/zLwXt63hYGMPUxUmqq+nnQAIzbReOf4/3avwuaoMc
+h8PGmbTdoZic5Qxu0FwN7f24eemYuEtC8R6jrLVHffuCmNX+n94T9Fw8dh5Z4BY9
+W3JHr62y5CkRE03VTWgiu4nRluknwyJFYFcj8p8h6kt9qIoSpcaOTfyrhUUgxu4n
+jECCw7ZjZbLvaWq4k5Sea9zBL/5p9phJVvgmZBfioMXKbYrg9MUunWxMDJ2+DRdL
+vV7wWwByHrMhfbZ71KPAeJF8MsXR6WHaHTzckqOh0l8O5BPzU07IJxhKh2HI2joa
+ZfEf5df99ARtH7yUi9qb2/OgqUe2uF/Z6MDUuuipoK95PACf8yvGGEprzqAEusoS
+kvXJAkTHBajNPZf3M909Wqy0C8rRVC06+y9AT1Toba3yTb2wUEOFQ4vwJK+Iwi3d
+16za6vzZArEgpij2me5RVblwVoSDlqbTTKN/obTOm3Vr2tBX1NCdVaQuwwWTcAmj
+zuMd+bluEOOnlBfATuLdnRdgZAA0LbtQAxOcpdUsxR6KxyXFqlo7wPefx7GJKeTa
+At0U50Jw76gTAwxTgdgyBuol998pZheyuFavjH9KmWY/q1N+WyOtPgF30VjbpDNf
+GXH8zFh56LyFtBxdpjuVSUEj
+-----END CERTIFICATE-----
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.csr b/SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.csr
new file mode 100644
index 0000000..cc8db80
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE7TCCAtUCAQAwgacxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tU1BSLWd3LWNrdWJ1MRAwDgYDVQQpEwdW
+UE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBANmowNDaf1Pz+ACS/w8DzUiRIu7i6yfteeWB
+nVTh4pF0wmmbIV6sq7nFXHefINYYju/szU5Djqm1750YUPKVmJi7c+CNKkQt2kNa
+80qPENaZ50TuQAWjHgIgVC1IPpkjk/+2dIk4rVKPwC0B2qolvH8lj1VXgt6ieRU6
+CwLCuB5JtvKbOEz0wCS2sCKPscz0R+/9jf+9DAB6Cr1t4MkawJ7h3mn17N3tmfDU
+qyGr3hf8nvJgMFBTJsRLKcgdNEfDUGYT1cJ58rqNlBjssx24T2Kv/V72tvgv0Y88
+jDQLJIAO/swqWcYaqKHQAvvmg3zYfri10V9MsExKswfEvGLgly+3EkMhPuEU9Jqi
++c5m4awKGx6Ww0YgJJkhgHw+D8/7/EjiaXM2sVwSWijStYRmf/LmYlS2Ts38MHAC
+0WjTd2j8iOB1a4djDv2jGSv0iq3zpv63I0FCDqVqTWhzJGkMsUowk4AyWrnKNsMf
+C4ZHG2c8DThAAuKW/OOu+hamGAkUuNC6SYMhGZus/VoPJudF5vp+5AkthAo/N5wP
+xIm/nWJXV8Nr9Cd24TIb7TeX6ESWCkZMs/O31BWxJZ93n5Pv6uEPlBp1bh5oj69F
+2vVm9kal8YmpO8jkuwzuwJgs7f300aiG+JJF+Pz68w/5B170pguuybyq8UQNJJhY
+Myo9L9nBAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAGvhTaDqObFzTbnEdTmfM
+Oyatagcmh3GIrnyfrn1YK6eZcLCbAodoJMoQE7h0vY32wgwBb59LmjCHElE3GZLG
+8OF/cF8qWwSeQYH3rQ7+xsL1b5VF0pdM6UVFfGWUQZJEybj7Hg99ZDjb3co9NdkZ
+a1qUub+fi6K9ldcZuFfK92eb6ujj8dGCWNcPIsnqbO+hJAvyZBdJxeeEuiaEvPI0
+cv+jaqcuf1txzDwsUG4GVZFjaL2bbk9C+PWKO1lH5dtT0EYhHCGMMthp9dGR513X
+M0CLQZhBSFKVt/ZeYD6u4T5fnMylMkSw10vGFmFZTrOa0mvh8QjRzdOJvlxv1lnr
+9ZRYIBhzZ47I3N7Hm0xopXpLx22em0P1rk6cXyu5Rjt0NQuyLQHbgKV1r5Z/l9KI
+0MN3zB/NSRB/SU+60w0f5Vm4n/6radE4BSXlwMyL9AJy5UpKMePEkSI2eTe58JnH
+bIpphpJapGTKdkKyEegdZql7VuZKEoitZLcsIiY040rMYIPTr4w9QADHHFdF1TGy
+oIYwgJF0KagHLCTUAte35B9WZ+23ASnUIuYFtv2HgpVCGMrW94Psy8efFI+iM+Yk
+zJp3mTVhihoypS36XPnOSgMZJzRkdd0i1tAGSRzfuSqTCHz4CcerXl7W/d7vX5YC
+kE4SPiTbo4N2pDtRsu0leQA=
+-----END CERTIFICATE REQUEST-----
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.key b/SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.key
new file mode 100644
index 0000000..60b37c8
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/gw-ckubu.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIsMy/MytYtzsCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECM8bcaVcNffeBIIJUNOSqKmf153a
+NBjm25drvNrgo+bEd2kxywgcjqIyl/csUjkbx3WWANZZAdRIFgtM2mN6xiGPAzpB
+AMU+0FhbMeSC4aaoE6kbu0QREcHxgLemoA1+3c/VMfzTXJQ5xtr84pyBfj7lwYTh
+uOC8k5WYV0VCWWwj39TAAfF/eqIzfuN4L2ybSgQyHHyWQPvCgfEPMZi5lBcPtZT5
+OQgS30tFTgNOmz+wTex6uOJi0Qqo6MvH3rWv5rRwO17FZU6v+SLXcopvZfrO4WLN
+AMHzjIvvfwmO+7/ypLnVdBYCd+CpvBUwcEbPVqrddWhNgidlOkoQzVnK34wexRvm
+eDjmm8JbTHFQP8+DMEAODlMPNxMD1vCC/vM7bKMjCNYGjRwrxtL9Z8drp1wgzULJ
+8AY3J72+lL1yMQNoch0Niuda3RDBs68FeVvGaFmGCPlzDdfTlex0Pi+BFeuTao0Q
+7Y9zfcjyv+p4HxMg6YoIIQYOEogWO58GF1UL0zOJD81j4ihkT7HTWtOskw5E6Kfq
+WEWyW5Oe4xR0PZpHNrYVURNg6kIxEBwRFfskFofGac36tKJ2fJseESkuqvXLenNt
+Y0Epi/AxwEZa0E+G2ewNPNoBAIvRlOx0CBWWQKeCVaOgsOD0zyqYPsCGFWDl+2d5
+i8afGhTw/8oqhwNwr25tWhW1xKbMEGchycywGGQloGvquv7kchJb6lDADZtF1++v
+4wgRwtiBYOvkqXSLOpFiZinvmUMmqXD7PqG9yWF7XlnRV8JJ61RP2cuKCTXXCGfI
+dtzLnet/4lUV7S0Wd3g1US2iPz6LJ+ngOBQEbAqFvInBiZFyduPwQJo0yswDyJYd
+WNhmHumuFSSCdnAF6qVjuKhsNhftY5w+xww6RhAqst1idoVqYSt1LLODwKVQfIPs
+uctF108LBYPBGf5tEC5Z1KRpDQO41q3F91eTZTVEH8Su1pW7IbMGt8XTUVRJESbQ
+SYH5ELMdd+tb1ccD2fZZV3R6V7vI7ejAzOWdmjqaITtPGsFcMevc36YmJ18OQVBe
+mTZJjdx28sGrsoqCSvgc7ii0DFLWZrRs4WRrgoxQq/G0zKLuuGXhlEgVw9QhIfeo
+fMj1ebR0oElSimcqwPJYI/DDfhYZUA5Mx2Ewnfs1NS+CGoo+UcDKNHQRR3uEmP7T
+1Mhg+MQ3b6ssZ8uZQut1E6bALf9ipH5xkN6rgniJsBL3lzvkN+/5XiE5qz16bmkN
+gpF1+8G0/pjDi7a0Fw602ffdD1XAfcV6SMobDgTyMmjybgZHzf6cFy9gKrRa6WV0
+do4Oc+uv0Nmj6wrAYO4s/nuJnpeTY0wbuHJgcYnTmUX15kIw+bPJ2UIGjyS8QpkF
+evX8XeN48U9mknoQv1OfC6+kE6jgqQiDzigy9nSHFc4kIQWsihO6NKDEia11RWCn
+QN3t8sHDNZdFY3dy7nnQRIhFNEy6InjLnUbfhuzgZVaVoaqULH8EmoE78z25zi0H
+Xt6P+hkW8zZthYHsucVvyiNqZmIb50MK/5VHuORXsepWD9hX/rEyFxsv71AyBl9x
+TSHjk4cgBqVh3uRH8NxNNvWnx7Th03Zk4/2dzNUc5taj3WX2jCH1vaKBMI1BBHJD
+QWNIrwCExUOIAbYJLGkyihnTv4PCRlZrYQtMyx0laxYRdWR6lsIk83jcMWkWfhPf
+YbYd/XIIR+hOFrUIM28Y2TTPHpJhbuORP7z18o2heUV0ZD3LdMi27/JtsSZHlbOu
+nqdP9reWG8Kx6mjEdSFe5hTD0VmZ3Yks1jGp3QBcxQivAbLoXsP5VOMOPr7zXmb1
+m9uWqtC+/1L6lAg5iH0YNyvrmRL02uzMiEXBQQDx0CYqcWJY+hwaXU6MnSyUMH7F
+H7wAW2cqq1XCBVFWUIPI6P63LUlgewzmseaAGgD7tfbGSsx7BwseMXUwtdOYt+Rp
+H8/3QeLLAfgD2Kl7Mv8F8l+KsBRNpaSJVYCqYH5ogzjRiuwDwsOmRdHKRh+r825g
+fAJsI3grgZOd7poDQSisRZKOAF/ytTclreostJGfwLEE7IpUA/R7yLPCTI/mdPwT
+4zRZ2N0fovkApA6hvhIpnhaA5XXuY7gmN8E0tgokZ7NsiL0JgFUFevEwzvZhlCJI
+7edh2kPl379+bT1lgy37Z0V8ntU0S3I/g+6RsepDuWtCGsW434Z+iAAv7aKPJz0H
+UqNHS4vElG8tQKBkO+qWRdC19hmM5itQoy/nD935hyZgRBZKFTmO3kNPPyvHVTdJ
+hYTN/WAuXAMrP5HvkMv4AXZLQSk/YJCcJsPN5p8Kd40oEuwMumI8HCwXlSnpHnro
+prdZrrCCUQ2232zCw5qQ4KZl7i5LB8AkLmNXtMUscHf6Nge3GSTILFaKoFYrDPF5
+P6u21fO1R2HcA+b7xKzK6ecpPZA25ggxPMqvRwCnT/gueVSXjOIhd3f2pEs3yVWM
+W0HenWuiWcbryuzcPAJytianU1KqtrEYhqFTxcdJAYa4xvFbCtGrmVuJ8NRomSg3
+BdL8lOfdYxE5R8VYfVxw2jcLiK4o2Bqjt17kHTzzP95E8Eybkzgo5vycmMedOBsn
+rBOUJXYFSo6hONNiMR1vlIxNi2Tdo9w5wKHUerVdXhVSLgvC7SeJeArN6+To+MVR
+n73jBAA48VcA8d5miDNnfwEDguP/Fg3+vo9VAWccR3lq9tHT1GkNyz0gyYLxmwoV
+2w+QkNYM2SzbrsDJ0GEN7s8gEkeQHuwcXHsdyJnLJQJsTrZaaHDd65BMXseE9dwu
+Lgf0zuiq2DCDTJEvabd9siS7wDOxJAKzd3atP1O4ylnzSHgvi7DNQJ8Xeu8FF43L
+Sn6KmWhdtfIhL3uNAvI2/6434qWKU4WE5Ro/TjI4uMxmfkTTQPmffJTGnH9nYJjJ
+aURTTNSKQGbeyBS9KEUjSyQAAXBaDka4zP93eOi66aeUNaMcod1aKLo9r1LpjVqe
+3qLBy7cCP56qaMTJChhwhYWtwyu5AqX2fk4LRAOrm7olFNlbJ/QMYEahztZzFuiO
+hCCGNebRqk7IYmXnvoA1gJ7VJEov1QYeLX9xnZqF+qwHzs29pNZwADtvBlWn+MT4
+yCy2JxLwIwfVuMsJWRzvHcpeOzmgtDIgUkqGzpjPB5bdtbr7GFbFkpms29DmGLtT
+Ujfylfy4W1TZtS1ryCsskAiOrTpXH0G7
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/index.txt b/SPR-BE/openvpn/gw-ckubu/keys/index.txt
new file mode 100644
index 0000000..a0877ee
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/index.txt
@@ -0,0 +1,2 @@
+V	380318155951Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
+V	380318221306Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-gw-ckubu/name=VPN SPR/emailAddress=argus@oopen.de
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/index.txt.attr b/SPR-BE/openvpn/gw-ckubu/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/index.txt.attr.old b/SPR-BE/openvpn/gw-ckubu/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/index.txt.old b/SPR-BE/openvpn/gw-ckubu/keys/index.txt.old
new file mode 100644
index 0000000..80d6129
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/index.txt.old
@@ -0,0 +1 @@
+V	380318155951Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/serial b/SPR-BE/openvpn/gw-ckubu/keys/serial
new file mode 100644
index 0000000..75016ea
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/serial
@@ -0,0 +1 @@
+03
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/serial.old b/SPR-BE/openvpn/gw-ckubu/keys/serial.old
new file mode 100644
index 0000000..9e22bcb
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/serial.old
@@ -0,0 +1 @@
+02
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/server.crt b/SPR-BE/openvpn/gw-ckubu/keys/server.crt
new file mode 100644
index 0000000..7de2af2
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/server.crt
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 15:59:51 2018 GMT
+            Not After : Mar 18 15:59:51 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:a3:49:18:ae:69:4f:5c:4a:34:b1:85:9a:4d:a5:
+                    ce:f6:2d:b5:6a:9e:40:27:02:3b:57:e0:75:ee:1c:
+                    fd:eb:20:56:eb:ed:24:f1:57:a5:cb:ad:0d:09:af:
+                    15:f3:9d:a4:67:8d:e5:a8:67:d5:1b:b8:36:f6:e6:
+                    9c:d3:e8:29:08:d6:8f:a3:5e:e1:e5:30:eb:07:bc:
+                    03:c2:95:a4:93:cc:19:86:c1:89:fb:9d:f5:38:9b:
+                    10:01:6b:74:d2:20:8e:4a:65:34:17:1a:85:39:d4:
+                    35:2b:04:f3:37:4f:f5:93:12:06:fa:c5:04:c3:73:
+                    30:30:1f:33:69:86:bc:60:cf:fb:38:ae:6f:8a:21:
+                    0e:76:35:7e:ba:0d:ad:ae:4c:6b:d0:cf:3b:73:a9:
+                    1e:58:cf:ce:bf:45:8c:52:75:ee:da:a3:f4:6c:24:
+                    8b:bd:b6:f2:db:59:fe:b7:7b:ef:8e:b8:30:ad:67:
+                    dc:bf:3d:ca:d6:e4:b3:86:bc:60:fc:f9:a5:ba:5a:
+                    0c:9d:c9:72:ec:ab:73:6d:2b:f5:9b:f0:a6:a5:c2:
+                    31:6c:5c:a6:54:47:1e:65:73:2b:47:80:bc:27:29:
+                    28:be:45:12:77:5c:44:51:cc:91:55:d3:36:5d:dd:
+                    f1:01:18:68:c5:08:de:ee:06:9b:0c:d3:a7:94:c7:
+                    99:75:c2:bb:f8:2e:19:46:db:d8:13:70:7d:a1:96:
+                    6e:21:8b:32:1b:d6:8d:74:4b:a9:1d:43:53:d2:11:
+                    3b:d9:63:b0:6a:ac:a8:e2:70:15:62:aa:c2:15:d2:
+                    1e:df:34:1e:45:3a:30:b7:54:1a:25:2f:73:c0:d8:
+                    1a:6d:8f:80:aa:7e:86:1a:84:e3:0a:c0:89:61:3f:
+                    fd:bd:19:40:b3:cb:de:2d:aa:97:af:dd:cd:a2:28:
+                    33:17:ae:50:bb:2b:00:d1:01:8a:25:32:56:d8:09:
+                    fd:58:22:fe:33:a1:f3:b5:16:cc:59:ca:d8:d3:8e:
+                    dc:62:13:25:05:c6:6a:02:fb:82:83:35:7b:e4:33:
+                    84:71:18:fa:bb:6e:48:3f:ec:be:72:a2:dd:38:bd:
+                    7a:69:89:28:6c:46:79:bf:34:30:39:5a:9f:a7:e3:
+                    9d:15:73:29:f3:24:f0:84:51:27:38:8a:20:5d:cd:
+                    d6:47:e8:2e:7c:6c:e1:8c:10:29:0a:79:96:24:fa:
+                    94:29:a1:6f:dc:d8:94:fd:d6:f7:62:24:6d:a5:cc:
+                    42:89:94:ee:8c:c4:19:31:0a:49:9d:e2:87:0a:29:
+                    cc:f0:b1:ab:8f:d8:11:71:46:de:2c:d3:a7:5b:2e:
+                    5c:f7:54:92:97:f8:1f:7b:42:23:b9:1e:47:0d:57:
+                    2a:24:bb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                BD:B0:0D:2A:D9:8E:FF:E1:91:B4:A5:26:9C:C4:D3:E8:44:B2:BB:D5
+            X509v3 Authority Key Identifier: 
+                keyid:71:DD:B2:44:84:DE:FF:91:25:C8:97:E1:91:0E:58:3E:52:25:9F:AA
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:CC:E1:89:CD:8C:F7:3F:7A
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         5a:36:4b:aa:dc:7c:3a:1d:93:f5:e3:d3:b4:cd:45:e9:ff:64:
+         9a:61:36:57:06:91:e7:39:24:cf:3c:4d:4a:3a:48:97:49:dc:
+         90:96:d4:4b:0c:35:a2:88:01:47:f6:a0:5a:74:71:cb:7d:08:
+         60:2f:4e:ba:de:99:20:e1:8e:75:d1:f6:96:69:9f:53:ed:e6:
+         7a:31:4a:e2:2a:10:10:94:1b:61:ac:e7:ee:f9:6a:37:ff:80:
+         49:12:35:f8:65:3e:1e:7d:9f:8a:31:cf:0b:31:cb:a2:37:d3:
+         7d:1c:41:cd:c9:0c:34:da:bf:5a:d5:52:da:6d:71:fa:37:10:
+         f1:73:02:5e:0d:01:34:ab:fb:88:5f:ea:ee:9e:e0:1a:e5:58:
+         e1:b7:f2:a6:01:62:bc:80:2c:42:c0:7a:b9:1d:9e:00:0a:bd:
+         87:d6:e4:a5:19:ba:65:c5:24:ba:e5:b7:a5:81:3d:34:b2:20:
+         1c:29:93:98:02:7f:1c:49:53:eb:c9:ef:73:35:cf:31:61:f8:
+         34:1f:cb:76:58:22:fe:4b:ab:93:b3:83:71:93:1a:5d:78:66:
+         29:3f:f4:f6:d5:4b:d5:ff:ff:f4:83:2d:f3:73:c3:d9:33:f2:
+         af:97:4f:f2:f3:f7:54:80:32:30:5b:b3:db:cb:a9:23:e0:df:
+         e1:d6:bd:db:3a:36:55:52:19:e7:1e:6e:72:0c:25:43:31:c3:
+         b5:01:27:af:72:85:e9:ab:ce:5a:62:8b:c0:73:be:67:52:56:
+         a2:6c:04:74:66:46:ab:fb:03:d3:3a:89:e9:7c:8a:0b:e5:d1:
+         01:52:00:41:f1:aa:fe:48:8b:ab:af:e1:4b:40:16:2e:f0:3e:
+         50:cb:6d:d9:bb:95:1f:f3:56:17:6e:67:aa:00:bd:da:9b:2c:
+         8c:b5:dc:3c:41:0d:87:7b:05:5a:6f:a5:a2:d2:cf:bb:a0:7e:
+         d5:aa:d1:cc:d8:57:9a:81:cb:ef:7f:ad:76:95:eb:65:6f:c0:
+         2e:21:61:fa:9c:6a:ee:f3:f9:d3:7a:9c:e1:5a:37:83:1d:61:
+         85:01:70:26:54:29:bf:52:50:7c:ff:5c:24:94:0a:5e:f5:37:
+         a8:36:2a:83:c8:d1:1a:ae:bb:19:b3:1b:a1:68:14:ef:33:a5:
+         7a:d1:b7:ff:74:d5:69:08:91:f7:f2:d6:e1:12:c2:17:70:e2:
+         13:f8:17:92:31:19:46:35:a9:13:79:f9:cf:2a:b9:8b:7a:2b:
+         b4:76:d0:0f:3b:75:0c:99:99:a7:dd:26:f1:da:82:7b:f7:d7:
+         67:8c:cc:c8:16:63:c9:c2:23:47:71:a1:cd:34:88:a9:8a:fa:
+         59:f3:1f:08:ab:e1:33:a6
+-----BEGIN CERTIFICATE-----
+MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODE1NTk1MVoXDTM4MDMxODE1NTk1MVowgaUxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BS
+LXNlcnZlcjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjSRiuaU9c
+SjSxhZpNpc72LbVqnkAnAjtX4HXuHP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9Ub
+uDb25pzT6CkI1o+jXuHlMOsHvAPClaSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU5
+1DUrBPM3T/WTEgb6xQTDczAwHzNphrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Y
+z86/RYxSde7ao/RsJIu9tvLbWf63e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLs
+q3NtK/Wb8KalwjFsXKZURx5lcytHgLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7u
+BpsM06eUx5l1wrv4LhlG29gTcH2hlm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBVi
+qsIV0h7fNB5FOjC3VBolL3PA2Bptj4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2i
+KDMXrlC7KwDRAYolMlbYCf1YIv4zofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4Rx
+GPq7bkg/7L5yot04vXppiShsRnm/NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58
+bOGMECkKeZYk+pQpoW/c2JT91vdiJG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFx
+Rt4s06dbLlz3VJKX+B97QiO5HkcNVyokuwIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
+ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
+bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFL2wDSrZjv/hkbSl
+JpzE0+hEsrvVMIHTBgNVHSMEgcswgciAFHHdskSE3v+RJciX4ZEOWD5SJZ+qoYGk
+pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQDM4YnNjPc/ejATBgNVHSUEDDAKBggrBgEF
+BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
+CwUAA4ICAQBaNkuq3Hw6HZP149O0zUXp/2SaYTZXBpHnOSTPPE1KOkiXSdyQltRL
+DDWiiAFH9qBadHHLfQhgL0663pkg4Y510faWaZ9T7eZ6MUriKhAQlBthrOfu+Wo3
+/4BJEjX4ZT4efZ+KMc8LMcuiN9N9HEHNyQw02r9a1VLabXH6NxDxcwJeDQE0q/uI
+X+runuAa5Vjht/KmAWK8gCxCwHq5HZ4ACr2H1uSlGbplxSS65belgT00siAcKZOY
+An8cSVPrye9zNc8xYfg0H8t2WCL+S6uTs4NxkxpdeGYpP/T21UvV///0gy3zc8PZ
+M/Kvl0/y8/dUgDIwW7Pby6kj4N/h1r3bOjZVUhnnHm5yDCVDMcO1ASevcoXpq85a
+YovAc75nUlaibAR0Zkar+wPTOonpfIoL5dEBUgBB8ar+SIurr+FLQBYu8D5Qy23Z
+u5Uf81YXbmeqAL3amyyMtdw8QQ2HewVab6Wi0s+7oH7VqtHM2Feagcvvf612letl
+b8AuIWH6nGru8/nTepzhWjeDHWGFAXAmVCm/UlB8/1wklApe9TeoNiqDyNEarrsZ
+sxuhaBTvM6V60bf/dNVpCJH38tbhEsIXcOIT+BeSMRlGNakTefnPKrmLeiu0dtAP
+O3UMmZmn3Sbx2oJ799dnjMzIFmPJwiNHcaHNNIipivpZ8x8Iq+Ezpg==
+-----END CERTIFICATE-----
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/server.csr b/SPR-BE/openvpn/gw-ckubu/keys/server.csr
new file mode 100644
index 0000000..e2072c2
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/server.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6zCCAtMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BSLXNlcnZlcjEQMA4GA1UEKRMHVlBO
+IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQCjSRiuaU9cSjSxhZpNpc72LbVqnkAnAjtX4HXu
+HP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9UbuDb25pzT6CkI1o+jXuHlMOsHvAPC
+laSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU51DUrBPM3T/WTEgb6xQTDczAwHzNp
+hrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Yz86/RYxSde7ao/RsJIu9tvLbWf63
+e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLsq3NtK/Wb8KalwjFsXKZURx5lcytH
+gLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7uBpsM06eUx5l1wrv4LhlG29gTcH2h
+lm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBViqsIV0h7fNB5FOjC3VBolL3PA2Bpt
+j4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2iKDMXrlC7KwDRAYolMlbYCf1YIv4z
+ofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4RxGPq7bkg/7L5yot04vXppiShsRnm/
+NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58bOGMECkKeZYk+pQpoW/c2JT91vdi
+JG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFxRt4s06dbLlz3VJKX+B97QiO5HkcN
+VyokuwIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAI6QRLHWK/ezt9t8yLbpFx4M
+mtORWMRiS1JWK3so4CHiXNihm8RIAUkigfKk8PLn25DO9ZRuv4uoB6/lOcYX448Z
+CuAW3y1ciej3uNYh3ok+rqrd2QMSiNsq1ZKSrxH3apzm7Bx2RcXUzE/1pYbWXcY5
+6VbuKjHmMcGMtRXr2DJyhZURmFs03d38b2qJ+TtbpEQJQr/J9nnC2bouFo9MiV8A
+drBS2mfFtjby7kdvHOGMuE4uoy8ANXdde1dMfpIyy+znsX8o0Byi91wWqKueaWpV
+62TxyJfXCA0BbZH0oeaVDReSYK7Q1oLOai2sGjWpK0JmZV6t+X7Ra3SqWNgQrgPw
+n/W+U/hcKFSedhaY5xu+HnonNUVDLNhHH1P4LngaCpUOGLdW/deJm3DoFGj2jSp3
+eDbLCFdj2Hi+LXYrpN7GNYnz5WdkRhsd2AWDnvxNi+LrQUbM4n0JCCVAglSTHnze
+c/zG1ssuD9AuU5RcvBd9no4EWdeygxr3MFNB85cMuKF5x/fkPcP7XM2JXlEgDusU
+UvJp9VnWNgB/zvpjetqbL5KCfUdXyRAxuQ7NK01vtZzVz3pjiV/iT21ocobIySPB
+LPI9ZpVvWwkQPM1wLmez4nLg7+Kj6fyrX/kx6fAaCQVjOrJI22IoKMg/rNxDgkQe
+Y2UEmQLAqTK8ichJa/Pi
+-----END CERTIFICATE REQUEST-----
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/server.key b/SPR-BE/openvpn/gw-ckubu/keys/server.key
new file mode 100644
index 0000000..069489a
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/server.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjSRiuaU9cSjSx
+hZpNpc72LbVqnkAnAjtX4HXuHP3rIFbr7STxV6XLrQ0JrxXznaRnjeWoZ9UbuDb2
+5pzT6CkI1o+jXuHlMOsHvAPClaSTzBmGwYn7nfU4mxABa3TSII5KZTQXGoU51DUr
+BPM3T/WTEgb6xQTDczAwHzNphrxgz/s4rm+KIQ52NX66Da2uTGvQzztzqR5Yz86/
+RYxSde7ao/RsJIu9tvLbWf63e++OuDCtZ9y/PcrW5LOGvGD8+aW6WgydyXLsq3Nt
+K/Wb8KalwjFsXKZURx5lcytHgLwnKSi+RRJ3XERRzJFV0zZd3fEBGGjFCN7uBpsM
+06eUx5l1wrv4LhlG29gTcH2hlm4hizIb1o10S6kdQ1PSETvZY7BqrKjicBViqsIV
+0h7fNB5FOjC3VBolL3PA2Bptj4CqfoYahOMKwIlhP/29GUCzy94tqpev3c2iKDMX
+rlC7KwDRAYolMlbYCf1YIv4zofO1FsxZytjTjtxiEyUFxmoC+4KDNXvkM4RxGPq7
+bkg/7L5yot04vXppiShsRnm/NDA5Wp+n450VcynzJPCEUSc4iiBdzdZH6C58bOGM
+ECkKeZYk+pQpoW/c2JT91vdiJG2lzEKJlO6MxBkxCkmd4ocKKczwsauP2BFxRt4s
+06dbLlz3VJKX+B97QiO5HkcNVyokuwIDAQABAoICAEX72Vk/h6UdpPIFOjpXe5nl
+w2C8DPDrMvYaHVF+GZKCHN8nl/LcxxHBzNm+siDlCwbbOXhxcFReIyi1dLgaRCQm
+mg/CZf1udv2spsvqiUxTaQlpwDMY43Zsd3K0VLCPBY17TNUuJ7W+bz9N8tRdL/rl
++hnXAZCnuRqW9Nkgx3KTEbCciu/f9SvTB8rEfBE9beRkPa336SrVfl5ad6cMJuCM
+7wC+tSoN1I8RRmvr8aPw6+QWpPVOjbaG9S8lZEho05BIcinaoqgvX9yFv9IjVbmr
+vrUcDKoIhU2kDAOseHgsWusZ/a0s3ZdVn2DyktWuf1Ih3R2+DJZmPGRF/wh0eB/i
+gbht0nQXCylbiA0BxwS3HtRg2eqU7xE07YEuo19hKl8JmWe2aFwqs9L7WvkNU1Y9
+Ega62Z83vPZdDkdWKhEj/y6lgbMj0N8OLHAjXRVfecMM3X5Rq5l6sTpwu6Np2jH4
+J0QSPGipFt1Z1WWrgxuMTh+O0vMYRzZHoBqRORT1fFClAxbBe9NA7hia+uq8c+PQ
+cE2jb8o2gsqm8x236RjgIg0jA8yjryx8KNnpYyN+IHKaXrgykNS6LPM0t7NjpXEA
+Ym98u4Vw6Wx/PjE/uFVvP7IJO0705la7He3Mokqk6Irln5JRyaJcKIPF6goP3UmT
+4cLakO3Rz0jA69T/d6HxAoIBAQDUTjJks9jGOwkOb38Kao761IUUfl2LjNV4SFUm
+S83ZO+8yqEbI2ylcR8WmGGc+y+8RtXDkDEcR/UungnqrmDFMt8DxPlYSvD6AYvnF
+OxBhrR86YF780kIaGR5HCliNyj1nbUsbmPcAZN+DtzPwJ/JcH0hVI77CkaDHaQTM
+CDmJRCW6nThvAkNG5vNEajvdTXW+2WeHtQKBET7foDoEy63E9ic+1bKUeonlsTvN
+JnPSzKzhEQ2mInUF5ujpPrJJLQrkCck0cFrsckGXpYuhtxJKfCy7UUo0JKN2oN5k
+ENXP+yx3/VTs9w8wg5/NtxXfcGTlyExEVRGb8vsAbQ6NNrFTAoIBAQDE5Cv1IoRD
+Wo9pgbQIkr9I1bbqLPN9e2abdGyclvKSr+cs978ZTijo/FEJQZYvs59Gb70hBkHF
+rRXivviLw5Y0Fzf8W9pCh98RfQMuki+eJg9tERvcoqZwYRIJ4lvkiG4WCDdNFV08
+rJTebgUXPExkBjG0iKuFe8Fex2dOSaIpBSf10Y7mEdWgtENySAymvpJrU+Z3S8o5
+c4k3qPuTBLJKCSZ6uAX6CaVsS0kdb1IrnI8h2xrW/rhP14JH/+qEvi7qNOO6X/n3
+cn8RoB8q1O7i9tPnytiQ34MuzIL9qddcK0juXkZHta61rLs+s5mMgOMr0XrYcImB
+LY6H9+O6HUn5AoIBAQCgUykFGTejgyN0rkg+wneU/fY9oqvb3Y+7VMxQrkAWQ4eA
+Nsm1lqOmV2Dv7E/TgUfZlK5a2Na2xBRkvEkM2lKof7+JrqxrW5LLe3LpOZBGYulJ
+OUuiGtnmQX+24B49fTNfro5gmeQ1fPe5zRjAzDnezZTfDq5Y2oaS8EC6H5/rg/YF
+9gKO+iN6IKAm0x7AIWXAqQbg2ZW5iB912tbVlkZ0jfrXHaPNMrh+J5hkdRxUXVJU
+aH9pLW439cd/lGQolIY77RPvsMVI94OHFHHcvpZmf118W4fw1pZG2Hb5FCmS9TgA
+qOOAS5ZB6bQ9MnynDoZzbA4EMEWrAhQAn1q000+XAoIBADXifGVKXQhR8I3fgXYX
+M2KrmrPcOYdODnbdFhyE8z5SBeK4qwQx7+BTrZnq6T+E2UJdslUncTi4dhToTv1x
+OdpnwFrAiKtMpDAVFpnYSE/v+qjO1eE8YnC/IEC0QpH5BKfi97+Q6UOBt/xn/9ys
+E/wL9e6CuO5/QBzAVfWHEWpIjvcnswQkPWMN8qeEMHIyFcBp5dkgVOgERrmE9dT2
+pBS/DFjppDkaCrvonsn/fW2SG1oYrO/KJoczY+Rwla5enlhawThwq+ic3UnlmKIQ
+RJC5HKWDTmHXyf802WSy5s3CyuLxyio1/uqZq2Utoghh/cowOn6hzgAch7WOkjSN
+b4ECggEBALCHLM/0yNro6VoT+4t7xt4qAySwgqHGVB6p6ab4gQlE6vxVc/VizUSg
+Tv+u4TRAvT6zWesaw7rk3EdK+0Rh3YEJRQdA0dPhHF6uKoM3Sm5dBQwbH/EUbpL+
+mfq25Q0ODC63967tx+/w8he5jrjcHUblVCSYbGpap3edOEpTkF+y4afJqqJtDico
+hxog9InN+dO1cQ8VstVVt0WEtBWtCF5MsE8y07UYw1fwagbbrUsX13oqF0iRP3yy
+oZOKgOBMpSMwgHEtQSOxM72GRAMbiqE+NX7TGjCH8TqarSf9d0F16tIx+ThYDrva
+tFQ3nrI6uytJXZJKQ6yzsnPZyLYxRE0=
+-----END PRIVATE KEY-----
diff --git a/SPR-BE/openvpn/gw-ckubu/keys/ta.key b/SPR-BE/openvpn/gw-ckubu/keys/ta.key
new file mode 100644
index 0000000..3aa84e0
--- /dev/null
+++ b/SPR-BE/openvpn/gw-ckubu/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+50c09d4cd2d32cbfadcc9ebff8e624d2
+f7a5730ff6b708aad8a6bb14b3a7619d
+e32764bbe875f11ce46213a35500cc2c
+fd0b6bf2e7b8cc2392a478ad7f4e7c7a
+3fbe2e50a781ea9a4fd83cfaf64725db
+98b4740b145e2d948b3b09975866c03b
+a268f82e767fa2517b469ec3e563d321
+8156f8f192f75bf8385697aeed6b9f33
+fd74e02426437c42dc7a85afd828012a
+911e7d8e837249d33a4209dbd0a2c017
+c0ee31207a0e5ba05e736fa1c9af1cbb
+0b39dab31939eb37df367d1eccf61ff3
+28135f42ba70344179186cdd0cac5058
+9cb4bac7dd08436d1efbd452b72416e8
+59bc9118c2c6aba6107faca0604d947f
+ff8569318b234e4ddbb68189b1504969
+-----END OpenVPN Static key V1-----
diff --git a/SPR-BE/openvpn/server-gw-ckubu.conf b/SPR-BE/openvpn/server-gw-ckubu.conf
new file mode 100644
index 0000000..3e976d5
--- /dev/null
+++ b/SPR-BE/openvpn/server-gw-ckubu.conf
@@ -0,0 +1,314 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1195
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+route 192.168.63.0 255.255.255.0 10.1.92.1
+route 192.168.64.0 255.255.255.0 10.1.92.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Enable TUN IPv6 module
+;tun-ipv6
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca /etc/openvpn/gw-ckubu/keys/ca.crt
+cert /etc/openvpn/gw-ckubu/keys/server.crt
+key /etc/openvpn/gw-ckubu/keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh /etc/openvpn/gw-ckubu/keys/dh4096.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+;server 10.8.0.0 255.255.255.0
+;server-ipv6 2a01:30:1fff:fd00::/64
+server 10.1.92.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/gw-ckubu/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir /etc/openvpn/gw-ckubu/ccd/server-gw-ckubu
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth /etc/openvpn/gw-ckubu/keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+;comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-gw-ckubu.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-gw-ckubu.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 1
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/gw-ckubu/crl.pem
diff --git a/SPR-BE/openvpn/server-spr.conf b/SPR-BE/openvpn/server-spr.conf
new file mode 100644
index 0000000..f3cbb4e
--- /dev/null
+++ b/SPR-BE/openvpn/server-spr.conf
@@ -0,0 +1,314 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Enable TUN IPv6 module
+;tun-ipv6
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca /etc/openvpn/spr/keys/ca.crt
+cert /etc/openvpn/spr/keys/server.crt
+key /etc/openvpn/spr/keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh /etc/openvpn/spr/keys/dh4096.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+;server 10.8.0.0 255.255.255.0
+;server-ipv6 2a01:30:1fff:fd00::/64
+server 10.0.92.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/spr/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.92.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir /etc/openvpn/spr/ccd/server-spr
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.92.1"
+push "dhcp-option DOMAIN sprachenatelier.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth /etc/openvpn/spr/keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+;comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-spr.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-spr.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 1
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/spr/crl.pem
diff --git a/SPR-BE/openvpn/spr/ccd/server-spr/VPN-SPR-chris b/SPR-BE/openvpn/spr/ccd/server-spr/VPN-SPR-chris
new file mode 100644
index 0000000..766049c
--- /dev/null
+++ b/SPR-BE/openvpn/spr/ccd/server-spr/VPN-SPR-chris
@@ -0,0 +1,7 @@
+ifconfig-push 10.0.92.2 255.255.255.0
+push "route 172.16.92.0 255.255.255.0"
+push "route 192.168.93.0 255.255.255.0 10.0.92.1"
+
+# - Already pushed from server config
+# -
+#push "route 192.168.92.0 255.255.255.0 10.0.92.1"
diff --git a/SPR-BE/openvpn/spr/client-configs/chris.conf b/SPR-BE/openvpn/spr/client-configs/chris.conf
new file mode 100644
index 0000000..05c9a8d
--- /dev/null
+++ b/SPR-BE/openvpn/spr/client-configs/chris.conf
@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote gw-spr.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGzDCCBLSgAwIBAgIJAJa8ImRNIVSZMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwIBcNMTgwMzE4MTYwMTU3WhgPMjA1MDAzMTgxNjAxNTdaMIGeMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
+AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEhmCg
+nhfyO/Z8q6/cyBTn7/K74AJRHl+8sUv/YFf0AOTgIrO93qdzDZf16IioZ/2+lg5X
+0exZGcXCIEOnWlrnDiVYYsVyYrCWOhhhLBv5Oe+OZCOwWEBY/+/M9Zp2OUgS5zJ6
+1DX4rtmb+WsAjcNJJmZV6q9M0gEZsuCfpgrNGADpuTCEa4RMk7z4mG/yjh0dkT1a
+RT2vAYD2RgUdVyR/xFQNflWh101i06kKwrJOuBT+iopBbyz3X2NkkBba+F9qoOpJ
+3NiOr4UfIMW6chUQiF1+8/PPtVIPkYFjNpUF5l1HXQBjwRCZZPYog1w701jN0G4u
+9GH6ZJjCBzvuSS8lo5jMdUillMh7EoCNdZTq+LgM8ZAro6GJh9oOXf3YL3RBMTfX
+aLFTxHzN+PCG53buZkNiM23OaackKyeOhXbDIQwiaTOcANVGpXrh63Qoj7BFbKx0
+pLTynp6IUXBbsE+ToX5y/BAtm8Q4DXLLe0h82zJIQ/ZBhTorQaMbi0VpLD0zkamM
+YWdZPVnAv+SOAt/uVVLN9aFUZO4V1ebBKVhYY56iW/OlugcSNo7vRcrvBFLI9TLU
+cS9euI4HxKldRZOejoTIbQXVEV7fZ1v1YHC7dafW/YJIJTkliTCQ05E8eiW/0zQd
+V1DWNIiPBOKm1LnMkVr+Aa1JpgpcEEN7ngMvswIDAQABo4IBBzCCAQMwHQYDVR0O
+BBYEFHSigxuV60X8ONBxrGr1ItbazicLMIHTBgNVHSMEgcswgciAFHSigxuV60X8
+ONBxrGr1ItbazicLoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
+IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJkTSFUmTAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBkzH3PqKEHjXZytQY7usSL
+6uAjH2jMhZb96GJpMNdpgzntACGjYl80Vxtwj0aIAYyOyIbfA9VyZsnc4dsYqJ82
+bN/K3AlEHeMBaxhrD6qOdyoXkwjx80WfvtF/FTyMHxsCIR/N2l0BM6THKOLMZWB2
+TmY/QBBsD+/nSwy/4JOeeJvtxuY0IXu0aONM+n4tDoVO9O7EyvpzcfrT/SosbtBB
+mBI1hH7/ThmXswvcrN7rCn00yaJC5Qv9HN4osKihzgigS5jh4lOYAvXhxTGU9Nzm
+kH21ONSNZql/mZCfs97RaoM7l2Uap5ex5vPA4BJvQ4WXWL89GYJGwTuOmIf77aX3
+Aoxl8ntuiE9R9oQKqcFe9uW25c1h1o6DRglc6oBEP1T40Ni8b/cTnwSeES4RiYAK
+ScSturvc/Nj2Z5nzR5iVKo/mW9SBHlbk52HvsIIhFRMoHahIcv2Z4+nyUPMlJCly
+lvp9yEFCnjwVbc3ruUqtYQHDxJf/SkBxuCLkN7W7W2voq1mOSOl3i7Aw2zf/kmG7
+BTLQVfIkUKLR6F2erz6QdEn8mST/Niz0la9mfK34ZgdG0zFZ0j5lLC3YnW91lr7B
+hlwVD/nIqjSOFLHdK2d/lefY1ZHcTbs3fUA8oKp8CdJb1NhfUWprigKHsSVHyqJ1
+CAgKxVPrsd1y2i/Xhg74YQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODIyMjAzOFoXDTM4MDMxODIyMjAzOFowgaQxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tU1BS
+LWNocmlzMRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALnzXmkGe5c+
+RW0VwkXg4e6ePXjxSQzq74RDNxvKxfwf7CoRBhP6yzQ2XfmZvumesqHHPbI/YjMJ
+Dac9lYKcBMYSAS+IW6WqPdC8NYmpGyRQfvJhoKlxFkDyTD5pOT5S0wXBJf+eZsJp
+H6glWboaJdz/4JpOOPFFGOrxVQyjp0YymCZv3Zc0nsqUhKcgxXTDm09G2oVze/X0
+mju2p1SK5alCyudadE4szi4XQSSctX4YGQ71w/jv7yVnARdIAL92YJ/Xx99wGlWR
+dolMUByrLZYYphEciNZSwXAyHXi/giXteUR5/IuaZ0FAzgWYDldKb5kD4CWzp1tP
+vlV2aw5kiawHzq27TE7sXJfC6UTnp2GIfXAqZ7S9cHT1D2YDMKrlUfMnbBrwyZVg
+rWHlUN6Gf2lmaGnc1loqk19J9v5uf5sD/QiI2R23X7xIxqfRx2QX28vPGUvgb6qI
+87/kpPGeI7q6KAXTW6wDDyhvhTqboSP7xNB/W6Yqc0/QFs2PxHTTBRMZmEkRk8Vd
++qxKwZYLK/4FucQHGWem6xF/XNYwJ/i7WGC4hjCvATN8JZNRCLPoEPrwZtuGiwD+
+jwXwQyX+djjjbkpo6NJGhnaYAQMetXYuGWEvhMzEEhLw7muVxBDIt59VA5lfSy+t
+jeRzWaIJl1IA3N0GQE9YZhMyUt6AlMmvAgMBAAGjggFnMIIBYzAJBgNVHRMEAjAA
+MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFPEa0Qzkh0IB8EoZTuIQl5h6fygPMIHTBgNVHSMEgcswgciAFHSi
+gxuV60X8ONBxrGr1ItbazicLoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UE
+CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcG
+A1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UE
+KRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJk
+TSFUmTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkw
+B4IFY2hyaXMwDQYJKoZIhvcNAQELBQADggIBADqIgd5cpkF8Q1hUrHhJHo0CIyio
+01zOCKQprLum4s8f1B08qUxwOlc82UCh6t/CjN/hYbQzhHth/pZyXoAJXj1AkxMt
+vmapyR3glVjxbwHC6sNj6hZDDKNXnkXLYXszTQx10pWpP51HzgkOWxUJ7qhWW/98
+RHCkvUkft7mfrHe/QuhkYXvgQjGJI3Z0Ab8ZsCh6wSdqEU0QcJOYQKNbGjRI9lfD
+TE1NNVjRtmcUaFPSlLWYuPAr4/UBW0pJifcC6jUtzmpPfs4pkrq/9JdUpO9H2y17
+7TSqU86YXkBf9apxu3l8vM+UQRdB69js+5OSNvtZwyyvmUr5JOujM6bUCN+PWco8
+pydvUNzIYC7H8One7giVV6Q20XSoMd4suR7W37jAkG02FbUHhOwFodtF8oo5UoLu
+EdB4m6ul+Qje7QsRT70BNFxyAUzXsFIW4qfk50Ay8XDlnBzGft4LDsPhmmDMdWJq
+Kt92Tfp5AdH6ga8i3LW1CxsNZFdlF1jXvRd6o5LwqEzEZwV8H/U8I3mUrCysouqw
+3bp68Tc+cQ25bZS16u5c17xh5VMvIbVTzR1IHURhovwcY98212h+J9bsx7RvjMCI
+wEQu81pjNu0Yx6NubhFJQ6pI/1NeF4I7H/Ksr4D1ng0G7xIOYx9yphVI0ZSoHH97
+16CJQbBARZ0gLeJr
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI3P+UTRrv91ECAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIGofT8rXdMtBIIJSMRkl94ROVWC
+v/madZNyDie+Wlec4pGWYgur/dfgeQyjMEleu642IrvRFgJwdZOhEEIDc/syOHzx
+Hiy6zxvWcnMAfzQKwHcMI4HsOcqtZKiA/UZ+mXIH8H0HW62N8WHpryqpVyZC5EZj
+0bFaulmD7rV0MtYS2z5pfGLTnKvsDIE3rMvwyZTcRSA6Zt3bOxsJN+SjD4AlmJbk
+XERauxx47EmvPle3aIna625eIQjfniLxrEq0e5E8FQdZipHzqKz3Pub2bepAbmFO
+S3t1Eqk3DkA1mG5PKog1IrTgFAJ24tk/EZuFLzGEL0Wc5hdtcIijJh0Us8w0lWJ1
+RMp2+Pr6zMZSK5L1GYubi0IfASsAmBPewLPt/cUqdNuaCFc1dUuaX2/1gtBl/G16
+s6GFwjK8BhMuYi3Z2ehwNCA2koWA9nGbWzT4CSL63Znupc0ieCBob1UqrbtiaIPn
+xMFrKvO2wdnDJiKyNVCx3jUeN7700E2BCdS/G1WLoocQZTooQGJIpWUhcjvf6wXa
+AZhz+z/uFBXslWEB4O3t8VTk2M2/dKqJOg6yg+MwpAQSOd/8ogV0VOpft5GD/t4c
+6mgBs5lwtau7GbTFj060X15znpzvtPRUrNbL5QrK9DpLw+vvYB+IwCq/CVpjjchz
+g3nkpPw0O0gzGf6AEBJLGsfGljifMc1pDd0KNNkAweZSOg5XufFJpjiFnuXS5Puo
+O+vnvy0iie1e0KzMBrWJWY1vt9JuNRI85qNcftRNnyboQBmnnBAvdA5hiYib7+lY
+akB6UNwkREl40/FsDYxJl4yLbtUC/Lr1hEmyQt4ZEI9v96nW/L0/qlOyiYNAP1r0
+/PEKfRKn7uMZnJXZ0SYf9uMfdy8M56DYEEG3X08F6MWVbEozGbbF8l46FH/9cqFp
+/crtnJZi/1W/A12wmzSgGk2zzLtr+drZ8w/rO0sI5Ptjh+G1dSqSTobCb0bOC7+t
+H+6vesuSAdEQuxasbleh1IyBKkPRwNf4FqAumFfZDKlh0+PVw/waSEIcg5Ef4whV
+EI6rUHigVoZ7AtU/XsjJ3YkRulBXgIOVNCHCJqd8tRqgc5dUeG1652L3q5sIljtE
+nT1t/CEGOd+/rjLwbYl7ZdW3E67QovB/CRIh/B23u4jsbdBkZgeRINcrwbOIXE6t
+jhzO6uGjVuu/6VxMBRSSfxvIsMVCt1rDumadckn+MMOM8E/jT7qN+5QAurdSVnPq
+d7R6M14Jlz39NXXYkdAjNpAH9XX+8y/isOD1La6J+bcxpO7BqcAlQTzhgwB56DrN
+UZ234vaAW1hNtSjNS0e3jZ6noiEjfG6qOw5+DxtXLP9Rq5DwjPrIc2dscY4//foM
+u1NvDB4SloHVy1r01sEA5OqO4KyJsxXotKMeY6k92c2SmP7E461UHLn54LTLOs3t
+iuzug6aJh9nK/NOGprJoNgI9C/46phTTfPE73eUVCpbnbd46dZ8qpMnil4YIpk1L
++mOZCDOQD0H1CmFRXu+EzZsZLDLFjLtKtiGO/ifxs+zdNpLCcJyycPy44zteoMFq
+mra1b3hFgGestzHz/2ANY6gIe5sZikZVXgTRP9oZYQ7Wm0c1PVqQ003n60hJlajx
+a+EItIYkQl16BZCBbanDuKwofXmxtGZXtU84qcRIzs6X4NSb1N+0xwBC0TM+xYnN
+ZmX6hkj/ELYbrktcML6yJyDJz2UvMRaORBnrUjfisJ8dUFSKX6J0JCQ5IMSyZjeL
+Vzv7CRKFQ3VTvWgAtY31yjpNrr6oHJQ+Wk8B987IAKIKqIBH+RYiBlf3jQVrB3vl
+kQ93LqTXw2Iiapevb0fEREwoU9qEC/lTv39nrYIpHXMlpfQqFLGMPgS1VP5fQzrU
+QET6SCxYaehYT64aWBARpYUcwc7xMA8WwLc40f1JfXvmbIZ4dC4OZeIHNyy+kDu2
+hVKL7bI6jGZVTmFKGXYF9iMjiV8m4q19WqgvBkKZFzmTAZ4gasieHtOi+TzrEH+u
+G06wcEilg6o9NS2JkNl8H+ReOasnhPs/nuWZlB7hUNXnPA6QARQGZEuk6lKAxl6V
+zjtniLdRsZwVBKb8lExcP+BQ0KovnaLOzorFdISlsuOCwt4YWUbQkN1LMDMd1bq9
+Z3ThemCCOvn4C/Ez6DzFul22jTj8s5XPPZXUKEpu8p6Spt7rCYA8+MLoYmeS1Ztu
+L4ufZler6891KMkn2mLhSb91IB/5MDomgo9H9rBJA5JWa6hG/QV/wTxR2WkKuJAv
+IX8Zkhs5pQBTh+WDf9W5ftv4fqqowEOOztN+XotNAqaSmTE8vTxjePbnDAX5+iyp
+s40aHaxj9BFZrj0/Sp0StL9OzgV8qN8rxeblSoBFU0nx3bTAp76CM6fvp0XqK0el
+Ua6PdBBHKmp0RQoguX99cz3WYNqxTWMWE8c9aoXakBGff1Uz1Qgq0Y7kFnaXxCRM
+aUbkPMBOeMJrt1fQQWSlzurYXAO8pPn63uzZGhiplYh6fJQ3m+8m+AYGwzLTXEkS
+Z88Ox1CCdtR40brDba0pvkRNfOkD8wGpe2uYcAjnhc2MF5DeZf+8syxRnTBYsud9
+dBDCjQkYUKEihmqz31SjojoxaYutFkEe5//Nov2BxxoyVHtpjmLWtEdhVTAkcYTt
+05aO30leUBQ3IX97K68s6GFA1nJCe5WrcpCgjA/718N5tGuvc53zACLzpdEaCm5g
+2nowfRP/lx/faFCC1/ePjlT+1g9BJiaqFBaWR2iQ9VR8nKNws4ULCu6uNr5xtpG9
+LIw3C6DrBWtzVHAiZvz6Ufma4u5TlFxR4IlFS2aY7QzL9+EYqrogZUZIvDH3nOHs
+qS/t+CBbItxpb25X5EI/jruhmHplgHmdqdstRtyxjObEOdm5TV4+oRTIA6YYc4Cz
+TXrdjDkOECV+U/OYzHWxKFyCarn6d81pRu79RuksIhE0uAd5rxT5uJlzf9UuQjFr
+63XCVmLnVXuF4qpdfT7lj0cvtGz/Z7itSPgR3gzu/VnR+u+kdAvRgtDg0BJqV/Om
+vJLAnlJxc0bhwVmWB6q1Tmy3ZpDMsEGz7fLsbUQp+TcjNfrFCTrRgMppUdET5fFc
+8+kUQiLjZYYYINwpeS3cU+5tOtNNsnbgt1xkvbQvJ7qEjL8wF3J4j62M36dKCo5p
+LOq4p2liZ+06x9mtaX7NIg==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+0f871c0affde12bf4aa4c3683db554ab
+5b289badc22171c46f4fcf749b94c3b3
+fc8da02a98f067a6b624e3755ff08e28
+6c74f622bcb49a31b94bf9e9e9619fd7
+2949dddce9997bdd6b8c08bf7785baba
+54267e89eabf34f4e729d09dad95fbb4
+f254ed52de9287436f718c138f29e927
+36a77a01b8801be92da98eec772e1d9f
+eb568dc508531ca7dbb92af3098f812f
+4b7bcff4c0badbd34b6e168fc7312da1
+030559d8278ea9d2ac200da87d4b9283
+8994c85e9ef639c82214107f12d67f9a
+d71ca5d6a991bf778222f8a87eb99009
+1e1de4379406d4008daf98437ffe0e98
+0dd90d7d41239a14489e6d077740e97a
+90b30b8b8f445e78073ae1f365601bb1
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher none
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/SPR-BE/openvpn/spr/crl.pem b/SPR-BE/openvpn/spr/crl.pem
new file mode 100644
index 0000000..3245adb
--- /dev/null
+++ b/SPR-BE/openvpn/spr/crl.pem
@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC5zCB0DANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIxEDAOBgNVBCkT
+B1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlFw0xODAzMTgx
+ODA4MTlaGA8yMDUwMDMxODE4MDgxOVowDQYJKoZIhvcNAQELBQADggIBAJCORgWK
+d6nbaAD4ZdnTMAfqRxkiSLyQ1PMTnriA0A6NxXWr905HYwcrPROpSOSF4YCluDwe
+dLmYgfzqJ/FhygXk45Ko9QNnsN6/222CBO0LThN829B3pq4oRmykXVyAp6gCyK3K
++T+GljZ67LOwOe0wz1zqrv2MbqqBeHLkOqlpKnaXSPTFGNhTzwWSUPlubV43Fi8+
+amedFAhchCIAQ8QJ2oY0wE6cnmkPZx5Gd1hmZZxVo/Xh2kBjj2oprxF3R2vMDl3J
+LSkpArUVRuRjo545oSFtEq5qlbuW8L5krgivAPqdGXcvn4fK/2pwzWwPqJxa5MYY
++dHFr29pYcWYT5p0mcZOH56RCTYIGCxNrEnofSgCeotN5q/0/SCbTUT8zUeyPl4P
+FFIeWpifGh6EDB8IW5XtHmxxMykO3g8CPE8KvTRODFj3cYk2DxMgniIX/CoIsNux
+BZ3aMf4KaU5GF3wKipdWe1RBzrO2v5o6nsOKlR8atTsg56pfKZCfqglJwHnblRm2
+DA/Nc8UcCS4DM+wtHgCyhA/ssZGpv0Wli+I004Kwn1BQjpnfwHU/6upSGVza5q37
+NZtJIoh1wSmu3weDaoSgRThSC6KrjlIt7rXeLxfa2qv5h4v1drm5CV65vp/x8nuo
+09TJ/dsYQRRsHXQiSv4Bw6Kiv5t6P+21G6lq
+-----END X509 CRL-----
diff --git a/SPR-BE/openvpn/spr/easy-rsa/build-ca b/SPR-BE/openvpn/spr/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/build-dh b/SPR-BE/openvpn/spr/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/build-inter b/SPR-BE/openvpn/spr/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/build-key b/SPR-BE/openvpn/spr/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/build-key-pass b/SPR-BE/openvpn/spr/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/build-key-pkcs12 b/SPR-BE/openvpn/spr/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/build-key-server b/SPR-BE/openvpn/spr/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/build-req b/SPR-BE/openvpn/spr/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/build-req-pass b/SPR-BE/openvpn/spr/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/clean-all b/SPR-BE/openvpn/spr/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/inherit-inter b/SPR-BE/openvpn/spr/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/list-crl b/SPR-BE/openvpn/spr/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/openssl-0.9.6.cnf b/SPR-BE/openvpn/spr/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/SPR-BE/openvpn/spr/easy-rsa/openssl-0.9.8.cnf b/SPR-BE/openvpn/spr/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/SPR-BE/openvpn/spr/easy-rsa/openssl-1.0.0.cnf b/SPR-BE/openvpn/spr/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..30689ad
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/SPR-BE/openvpn/spr/easy-rsa/openssl-1.0.0.cnf.ORIG b/SPR-BE/openvpn/spr/easy-rsa/openssl-1.0.0.cnf.ORIG
new file mode 100644
index 0000000..c301e44
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/openssl-1.0.0.cnf.ORIG
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/SPR-BE/openvpn/spr/easy-rsa/openssl.cnf b/SPR-BE/openvpn/spr/easy-rsa/openssl.cnf
new file mode 120000
index 0000000..ee8c017
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/openssl.cnf
@@ -0,0 +1 @@
+/etc/openvpn/spr/easy-rsa/openssl-1.0.0.cnf
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/pkitool b/SPR-BE/openvpn/spr/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/revoke-full b/SPR-BE/openvpn/spr/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/sign-req b/SPR-BE/openvpn/spr/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/easy-rsa/vars b/SPR-BE/openvpn/spr/easy-rsa/vars
new file mode 100644
index 0000000..164ff40
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/vars
@@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/spr"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="o.open"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="argus@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN SPR"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-SPR"
+
+export KEY_ALTNAMES="VPN-SPR"
diff --git a/SPR-BE/openvpn/spr/easy-rsa/vars.2018-03-18-1700 b/SPR-BE/openvpn/spr/easy-rsa/vars.2018-03-18-1700
new file mode 100644
index 0000000..e60420c
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/vars.2018-03-18-1700
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/SPR-BE/openvpn/spr/easy-rsa/whichopensslcnf b/SPR-BE/openvpn/spr/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/SPR-BE/openvpn/spr/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/ipp.txt b/SPR-BE/openvpn/spr/ipp.txt
new file mode 100644
index 0000000..e69de29
diff --git a/SPR-BE/openvpn/spr/keys-created.txt b/SPR-BE/openvpn/spr/keys-created.txt
new file mode 100644
index 0000000..972c5f5
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys-created.txt
@@ -0,0 +1,4 @@
+
+key...............: chris.key
+common name.......: VPN-SPR-chris
+password..........: dbddhkpuka.&EadGl15E.
diff --git a/SPR-BE/openvpn/spr/keys/01.pem b/SPR-BE/openvpn/spr/keys/01.pem
new file mode 100644
index 0000000..4081818
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/01.pem
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 18:08:15 2018 GMT
+            Not After : Mar 18 18:08:15 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:f5:57:0f:71:d1:a5:17:ec:2c:74:fd:16:8f:f7:
+                    8d:16:80:5f:0a:60:e9:3b:9e:65:19:fe:30:71:41:
+                    14:55:f3:f8:17:5a:10:c8:b7:16:1c:bf:21:63:bb:
+                    33:64:75:f0:3a:a9:9b:1a:27:68:33:71:fc:85:a7:
+                    f8:7f:b2:f5:31:c4:39:a2:e4:2e:53:8b:3d:20:49:
+                    0d:e7:83:83:82:54:ff:05:00:5e:5a:e5:e1:b4:9d:
+                    2e:0b:61:c2:71:19:11:10:30:2e:ed:95:62:01:70:
+                    f2:5f:77:25:71:8b:2b:b3:4d:f2:68:13:41:85:3f:
+                    03:82:88:98:89:e5:58:b4:83:e2:65:1f:5e:c1:b1:
+                    b9:80:54:35:f4:00:7e:92:fe:e5:2a:ad:c1:d1:b8:
+                    f3:33:f9:c8:de:ac:08:87:84:5c:61:65:25:a7:cc:
+                    7d:c1:b8:00:63:59:31:68:af:8e:0d:26:ef:62:7c:
+                    93:a8:94:32:18:fb:19:0e:d6:39:36:d8:89:35:eb:
+                    82:5e:cd:32:a0:b9:6b:37:83:c7:51:7e:24:38:84:
+                    d9:dd:c3:6c:f9:5e:7a:aa:c8:7e:d8:3b:ee:e3:bb:
+                    b5:9f:87:b8:c1:ce:91:a6:d5:5c:76:e0:cb:40:f8:
+                    97:4a:3d:bc:0a:d3:06:1b:08:ef:72:50:7c:b9:c5:
+                    72:3f:3a:c6:70:da:d5:4f:db:c9:a4:7a:d2:ac:56:
+                    e5:71:37:34:42:48:f8:8b:d1:ce:ae:34:2b:71:5b:
+                    9c:9d:47:5c:47:6e:f0:90:55:95:a3:81:de:f3:a9:
+                    34:c2:9e:9e:be:e3:ce:f5:46:e1:70:7a:42:d4:71:
+                    c9:78:f7:b4:a0:9e:2f:db:97:e6:e3:44:a4:55:29:
+                    1a:d5:d2:23:b8:a5:37:47:40:5d:c1:1f:67:4d:84:
+                    b6:67:2c:bc:dd:83:ea:1a:75:a7:96:f9:90:7c:29:
+                    47:32:72:fe:79:d4:b8:48:13:e1:80:a9:d2:06:20:
+                    ff:52:16:e8:7c:58:86:ab:3e:9a:ff:f4:c0:e0:7e:
+                    aa:46:eb:16:53:5c:9b:9e:b6:07:8f:a7:1d:68:0a:
+                    81:80:49:1e:45:05:78:d1:7f:0c:29:b9:06:9e:19:
+                    2d:d2:39:a1:a0:dc:d6:54:ac:da:da:20:0e:6d:a2:
+                    22:04:23:95:3b:5e:8a:6c:e9:53:b2:41:8a:86:98:
+                    89:e9:a8:60:45:f0:ba:8b:50:c3:4b:a0:a2:a5:16:
+                    ac:d3:27:bd:dc:a4:dc:b7:69:39:10:60:5e:6f:56:
+                    7a:dd:1a:e7:7d:bd:06:3d:be:b5:09:44:48:79:c7:
+                    69:f1:ea:48:60:6b:cb:eb:5a:43:7c:36:0a:a4:05:
+                    d4:ff:ef
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                AE:A8:6B:BE:2E:F3:60:22:A3:76:8F:4F:F5:26:69:83:AC:2E:19:29
+            X509v3 Authority Key Identifier: 
+                keyid:74:A2:83:1B:95:EB:45:FC:38:D0:71:AC:6A:F5:22:D6:DA:CE:27:0B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:96:BC:22:64:4D:21:54:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         b4:51:ec:9d:ec:39:ed:c1:29:83:0e:e8:eb:c3:ec:5f:0e:1d:
+         53:d7:51:b9:d2:2e:90:09:a3:27:e8:f7:24:3f:de:15:d9:92:
+         22:80:ae:12:ab:17:5f:a1:7e:01:44:be:54:28:d8:76:42:ba:
+         60:77:7c:46:1d:42:6d:a9:25:ae:57:52:94:f7:76:44:b9:93:
+         de:a4:a7:c8:a3:4a:8d:72:bd:96:15:9a:42:37:b0:1c:e0:38:
+         7d:72:53:45:dc:11:28:62:e5:7d:0f:f9:32:21:81:8a:23:39:
+         85:05:bc:46:6a:23:34:a9:38:a3:fd:3e:a6:76:ae:82:d3:32:
+         a3:d4:6d:7e:33:0c:91:b2:04:26:99:ab:eb:43:9c:22:ab:ca:
+         ce:b1:c0:e9:10:0c:5b:cc:4e:42:8e:c9:e0:1d:59:b1:83:64:
+         57:7a:02:38:bc:b8:4b:ff:be:36:3f:a0:66:43:c6:1a:7e:17:
+         5a:d6:b8:5b:a7:08:7a:9f:e7:3c:00:0e:0b:46:f1:a1:90:73:
+         bd:b4:3e:11:a3:b6:96:4d:30:24:75:fb:fd:24:cc:63:b7:ac:
+         a5:6e:06:ba:1c:c2:6a:b2:fe:59:6e:5a:53:dc:0f:dc:e4:6f:
+         28:7d:c0:b1:cd:e9:14:95:06:ef:e9:91:7d:39:55:62:61:3c:
+         72:8f:0f:35:b4:e8:9b:49:50:41:2f:07:6d:3f:1f:92:94:ed:
+         e2:10:d3:08:75:43:cc:da:7f:00:3b:f9:d2:f1:97:21:2d:c5:
+         d0:30:2e:0e:84:1b:fd:3c:bd:ab:9d:bf:b7:18:ad:01:36:6c:
+         43:7e:04:33:29:14:b1:c7:68:64:a9:cc:85:57:67:f7:a3:3e:
+         c2:d5:a7:bf:f4:20:fb:41:91:2c:8f:6a:c5:d3:55:76:0f:79:
+         3d:12:59:d7:0e:59:f6:02:0c:31:07:39:09:55:97:40:e1:a9:
+         27:01:ad:fa:42:d7:67:14:7b:0f:e6:e3:1d:6f:28:71:17:9f:
+         de:97:2f:d1:a6:95:ba:d4:42:80:9c:0e:db:06:91:8e:bb:c4:
+         af:23:ae:85:9f:e2:57:e4:4a:87:e1:d0:64:9f:9a:15:30:c8:
+         bc:96:ea:da:98:eb:0a:5a:be:13:70:d6:35:50:0e:48:07:2b:
+         8a:19:e5:35:e6:a7:a2:ca:42:50:7b:bc:72:ea:99:4d:b8:2c:
+         06:75:e9:a6:c1:45:1e:97:42:9b:5b:a4:61:92:3c:45:88:31:
+         f4:1f:da:e4:01:72:f9:93:08:e4:66:4d:2c:4c:2f:19:10:49:
+         21:52:ca:18:59:38:76:79:ae:99:8e:ac:20:85:85:af:a8:b6:
+         ab:73:04:66:d5:56:a5:9e
+-----BEGIN CERTIFICATE-----
+MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODE4MDgxNVoXDTM4MDMxODE4MDgxNVowgaUxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BS
+LXNlcnZlcjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD1Vw9x0aUX
+7Cx0/RaP940WgF8KYOk7nmUZ/jBxQRRV8/gXWhDItxYcvyFjuzNkdfA6qZsaJ2gz
+cfyFp/h/svUxxDmi5C5Tiz0gSQ3ng4OCVP8FAF5a5eG0nS4LYcJxGREQMC7tlWIB
+cPJfdyVxiyuzTfJoE0GFPwOCiJiJ5Vi0g+JlH17BsbmAVDX0AH6S/uUqrcHRuPMz
++cjerAiHhFxhZSWnzH3BuABjWTFor44NJu9ifJOolDIY+xkO1jk22Ik164JezTKg
+uWs3g8dRfiQ4hNndw2z5XnqqyH7YO+7ju7Wfh7jBzpGm1Vx24MtA+JdKPbwK0wYb
+CO9yUHy5xXI/OsZw2tVP28mketKsVuVxNzRCSPiL0c6uNCtxW5ydR1xHbvCQVZWj
+gd7zqTTCnp6+4871RuFwekLUccl497Sgni/bl+bjRKRVKRrV0iO4pTdHQF3BH2dN
+hLZnLLzdg+oadaeW+ZB8KUcycv551LhIE+GAqdIGIP9SFuh8WIarPpr/9MDgfqpG
+6xZTXJuetgePpx1oCoGASR5FBXjRfwwpuQaeGS3SOaGg3NZUrNraIA5toiIEI5U7
+Xops6VOyQYqGmInpqGBF8LqLUMNLoKKlFqzTJ73cpNy3aTkQYF5vVnrdGud9vQY9
+vrUJREh5x2nx6khga8vrWkN8NgqkBdT/7wIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
+ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
+bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFK6oa74u82Aio3aP
+T/UmaYOsLhkpMIHTBgNVHSMEgcswgciAFHSigxuV60X8ONBxrGr1ItbazicLoYGk
+pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJkTSFUmTATBgNVHSUEDDAKBggrBgEF
+BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
+CwUAA4ICAQC0Ueyd7DntwSmDDujrw+xfDh1T11G50i6QCaMn6PckP94V2ZIigK4S
+qxdfoX4BRL5UKNh2Qrpgd3xGHUJtqSWuV1KU93ZEuZPepKfIo0qNcr2WFZpCN7Ac
+4Dh9clNF3BEoYuV9D/kyIYGKIzmFBbxGaiM0qTij/T6mdq6C0zKj1G1+MwyRsgQm
+mavrQ5wiq8rOscDpEAxbzE5CjsngHVmxg2RXegI4vLhL/742P6BmQ8Yafhda1rhb
+pwh6n+c8AA4LRvGhkHO9tD4Ro7aWTTAkdfv9JMxjt6ylbga6HMJqsv5ZblpT3A/c
+5G8ofcCxzekUlQbv6ZF9OVViYTxyjw81tOibSVBBLwdtPx+SlO3iENMIdUPM2n8A
+O/nS8ZchLcXQMC4OhBv9PL2rnb+3GK0BNmxDfgQzKRSxx2hkqcyFV2f3oz7C1ae/
+9CD7QZEsj2rF01V2D3k9ElnXDln2AgwxBzkJVZdA4aknAa36QtdnFHsP5uMdbyhx
+F5/ely/RppW61EKAnA7bBpGOu8SvI66Fn+JX5EqH4dBkn5oVMMi8luramOsKWr4T
+cNY1UA5IByuKGeU15qeiykJQe7xy6plNuCwGdemmwUUel0KbW6RhkjxFiDH0H9rk
+AXL5kwjkZk0sTC8ZEEkhUsoYWTh2ea6ZjqwghYWvqLarcwRm1Valng==
+-----END CERTIFICATE-----
diff --git a/SPR-BE/openvpn/spr/keys/02.pem b/SPR-BE/openvpn/spr/keys/02.pem
new file mode 100644
index 0000000..e85100f
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/02.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 22:20:38 2018 GMT
+            Not After : Mar 18 22:20:38 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-chris/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:b9:f3:5e:69:06:7b:97:3e:45:6d:15:c2:45:e0:
+                    e1:ee:9e:3d:78:f1:49:0c:ea:ef:84:43:37:1b:ca:
+                    c5:fc:1f:ec:2a:11:06:13:fa:cb:34:36:5d:f9:99:
+                    be:e9:9e:b2:a1:c7:3d:b2:3f:62:33:09:0d:a7:3d:
+                    95:82:9c:04:c6:12:01:2f:88:5b:a5:aa:3d:d0:bc:
+                    35:89:a9:1b:24:50:7e:f2:61:a0:a9:71:16:40:f2:
+                    4c:3e:69:39:3e:52:d3:05:c1:25:ff:9e:66:c2:69:
+                    1f:a8:25:59:ba:1a:25:dc:ff:e0:9a:4e:38:f1:45:
+                    18:ea:f1:55:0c:a3:a7:46:32:98:26:6f:dd:97:34:
+                    9e:ca:94:84:a7:20:c5:74:c3:9b:4f:46:da:85:73:
+                    7b:f5:f4:9a:3b:b6:a7:54:8a:e5:a9:42:ca:e7:5a:
+                    74:4e:2c:ce:2e:17:41:24:9c:b5:7e:18:19:0e:f5:
+                    c3:f8:ef:ef:25:67:01:17:48:00:bf:76:60:9f:d7:
+                    c7:df:70:1a:55:91:76:89:4c:50:1c:ab:2d:96:18:
+                    a6:11:1c:88:d6:52:c1:70:32:1d:78:bf:82:25:ed:
+                    79:44:79:fc:8b:9a:67:41:40:ce:05:98:0e:57:4a:
+                    6f:99:03:e0:25:b3:a7:5b:4f:be:55:76:6b:0e:64:
+                    89:ac:07:ce:ad:bb:4c:4e:ec:5c:97:c2:e9:44:e7:
+                    a7:61:88:7d:70:2a:67:b4:bd:70:74:f5:0f:66:03:
+                    30:aa:e5:51:f3:27:6c:1a:f0:c9:95:60:ad:61:e5:
+                    50:de:86:7f:69:66:68:69:dc:d6:5a:2a:93:5f:49:
+                    f6:fe:6e:7f:9b:03:fd:08:88:d9:1d:b7:5f:bc:48:
+                    c6:a7:d1:c7:64:17:db:cb:cf:19:4b:e0:6f:aa:88:
+                    f3:bf:e4:a4:f1:9e:23:ba:ba:28:05:d3:5b:ac:03:
+                    0f:28:6f:85:3a:9b:a1:23:fb:c4:d0:7f:5b:a6:2a:
+                    73:4f:d0:16:cd:8f:c4:74:d3:05:13:19:98:49:11:
+                    93:c5:5d:fa:ac:4a:c1:96:0b:2b:fe:05:b9:c4:07:
+                    19:67:a6:eb:11:7f:5c:d6:30:27:f8:bb:58:60:b8:
+                    86:30:af:01:33:7c:25:93:51:08:b3:e8:10:fa:f0:
+                    66:db:86:8b:00:fe:8f:05:f0:43:25:fe:76:38:e3:
+                    6e:4a:68:e8:d2:46:86:76:98:01:03:1e:b5:76:2e:
+                    19:61:2f:84:cc:c4:12:12:f0:ee:6b:95:c4:10:c8:
+                    b7:9f:55:03:99:5f:4b:2f:ad:8d:e4:73:59:a2:09:
+                    97:52:00:dc:dd:06:40:4f:58:66:13:32:52:de:80:
+                    94:c9:af
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                F1:1A:D1:0C:E4:87:42:01:F0:4A:19:4E:E2:10:97:98:7A:7F:28:0F
+            X509v3 Authority Key Identifier: 
+                keyid:74:A2:83:1B:95:EB:45:FC:38:D0:71:AC:6A:F5:22:D6:DA:CE:27:0B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:96:BC:22:64:4D:21:54:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         3a:88:81:de:5c:a6:41:7c:43:58:54:ac:78:49:1e:8d:02:23:
+         28:a8:d3:5c:ce:08:a4:29:ac:bb:a6:e2:cf:1f:d4:1d:3c:a9:
+         4c:70:3a:57:3c:d9:40:a1:ea:df:c2:8c:df:e1:61:b4:33:84:
+         7b:61:fe:96:72:5e:80:09:5e:3d:40:93:13:2d:be:66:a9:c9:
+         1d:e0:95:58:f1:6f:01:c2:ea:c3:63:ea:16:43:0c:a3:57:9e:
+         45:cb:61:7b:33:4d:0c:75:d2:95:a9:3f:9d:47:ce:09:0e:5b:
+         15:09:ee:a8:56:5b:ff:7c:44:70:a4:bd:49:1f:b7:b9:9f:ac:
+         77:bf:42:e8:64:61:7b:e0:42:31:89:23:76:74:01:bf:19:b0:
+         28:7a:c1:27:6a:11:4d:10:70:93:98:40:a3:5b:1a:34:48:f6:
+         57:c3:4c:4d:4d:35:58:d1:b6:67:14:68:53:d2:94:b5:98:b8:
+         f0:2b:e3:f5:01:5b:4a:49:89:f7:02:ea:35:2d:ce:6a:4f:7e:
+         ce:29:92:ba:bf:f4:97:54:a4:ef:47:db:2d:7b:ed:34:aa:53:
+         ce:98:5e:40:5f:f5:aa:71:bb:79:7c:bc:cf:94:41:17:41:eb:
+         d8:ec:fb:93:92:36:fb:59:c3:2c:af:99:4a:f9:24:eb:a3:33:
+         a6:d4:08:df:8f:59:ca:3c:a7:27:6f:50:dc:c8:60:2e:c7:f0:
+         e9:de:ee:08:95:57:a4:36:d1:74:a8:31:de:2c:b9:1e:d6:df:
+         b8:c0:90:6d:36:15:b5:07:84:ec:05:a1:db:45:f2:8a:39:52:
+         82:ee:11:d0:78:9b:ab:a5:f9:08:de:ed:0b:11:4f:bd:01:34:
+         5c:72:01:4c:d7:b0:52:16:e2:a7:e4:e7:40:32:f1:70:e5:9c:
+         1c:c6:7e:de:0b:0e:c3:e1:9a:60:cc:75:62:6a:2a:df:76:4d:
+         fa:79:01:d1:fa:81:af:22:dc:b5:b5:0b:1b:0d:64:57:65:17:
+         58:d7:bd:17:7a:a3:92:f0:a8:4c:c4:67:05:7c:1f:f5:3c:23:
+         79:94:ac:2c:ac:a2:ea:b0:dd:ba:7a:f1:37:3e:71:0d:b9:6d:
+         94:b5:ea:ee:5c:d7:bc:61:e5:53:2f:21:b5:53:cd:1d:48:1d:
+         44:61:a2:fc:1c:63:df:36:d7:68:7e:27:d6:ec:c7:b4:6f:8c:
+         c0:88:c0:44:2e:f3:5a:63:36:ed:18:c7:a3:6e:6e:11:49:43:
+         aa:48:ff:53:5e:17:82:3b:1f:f2:ac:af:80:f5:9e:0d:06:ef:
+         12:0e:63:1f:72:a6:15:48:d1:94:a8:1c:7f:7b:d7:a0:89:41:
+         b0:40:45:9d:20:2d:e2:6b
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODIyMjAzOFoXDTM4MDMxODIyMjAzOFowgaQxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tU1BS
+LWNocmlzMRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALnzXmkGe5c+
+RW0VwkXg4e6ePXjxSQzq74RDNxvKxfwf7CoRBhP6yzQ2XfmZvumesqHHPbI/YjMJ
+Dac9lYKcBMYSAS+IW6WqPdC8NYmpGyRQfvJhoKlxFkDyTD5pOT5S0wXBJf+eZsJp
+H6glWboaJdz/4JpOOPFFGOrxVQyjp0YymCZv3Zc0nsqUhKcgxXTDm09G2oVze/X0
+mju2p1SK5alCyudadE4szi4XQSSctX4YGQ71w/jv7yVnARdIAL92YJ/Xx99wGlWR
+dolMUByrLZYYphEciNZSwXAyHXi/giXteUR5/IuaZ0FAzgWYDldKb5kD4CWzp1tP
+vlV2aw5kiawHzq27TE7sXJfC6UTnp2GIfXAqZ7S9cHT1D2YDMKrlUfMnbBrwyZVg
+rWHlUN6Gf2lmaGnc1loqk19J9v5uf5sD/QiI2R23X7xIxqfRx2QX28vPGUvgb6qI
+87/kpPGeI7q6KAXTW6wDDyhvhTqboSP7xNB/W6Yqc0/QFs2PxHTTBRMZmEkRk8Vd
++qxKwZYLK/4FucQHGWem6xF/XNYwJ/i7WGC4hjCvATN8JZNRCLPoEPrwZtuGiwD+
+jwXwQyX+djjjbkpo6NJGhnaYAQMetXYuGWEvhMzEEhLw7muVxBDIt59VA5lfSy+t
+jeRzWaIJl1IA3N0GQE9YZhMyUt6AlMmvAgMBAAGjggFnMIIBYzAJBgNVHRMEAjAA
+MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFPEa0Qzkh0IB8EoZTuIQl5h6fygPMIHTBgNVHSMEgcswgciAFHSi
+gxuV60X8ONBxrGr1ItbazicLoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UE
+CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcG
+A1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UE
+KRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJk
+TSFUmTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkw
+B4IFY2hyaXMwDQYJKoZIhvcNAQELBQADggIBADqIgd5cpkF8Q1hUrHhJHo0CIyio
+01zOCKQprLum4s8f1B08qUxwOlc82UCh6t/CjN/hYbQzhHth/pZyXoAJXj1AkxMt
+vmapyR3glVjxbwHC6sNj6hZDDKNXnkXLYXszTQx10pWpP51HzgkOWxUJ7qhWW/98
+RHCkvUkft7mfrHe/QuhkYXvgQjGJI3Z0Ab8ZsCh6wSdqEU0QcJOYQKNbGjRI9lfD
+TE1NNVjRtmcUaFPSlLWYuPAr4/UBW0pJifcC6jUtzmpPfs4pkrq/9JdUpO9H2y17
+7TSqU86YXkBf9apxu3l8vM+UQRdB69js+5OSNvtZwyyvmUr5JOujM6bUCN+PWco8
+pydvUNzIYC7H8One7giVV6Q20XSoMd4suR7W37jAkG02FbUHhOwFodtF8oo5UoLu
+EdB4m6ul+Qje7QsRT70BNFxyAUzXsFIW4qfk50Ay8XDlnBzGft4LDsPhmmDMdWJq
+Kt92Tfp5AdH6ga8i3LW1CxsNZFdlF1jXvRd6o5LwqEzEZwV8H/U8I3mUrCysouqw
+3bp68Tc+cQ25bZS16u5c17xh5VMvIbVTzR1IHURhovwcY98212h+J9bsx7RvjMCI
+wEQu81pjNu0Yx6NubhFJQ6pI/1NeF4I7H/Ksr4D1ng0G7xIOYx9yphVI0ZSoHH97
+16CJQbBARZ0gLeJr
+-----END CERTIFICATE-----
diff --git a/SPR-BE/openvpn/spr/keys/ca.crt b/SPR-BE/openvpn/spr/keys/ca.crt
new file mode 100644
index 0000000..3fa286c
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/ca.crt
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIGzDCCBLSgAwIBAgIJAJa8ImRNIVSZMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMH
+VlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwIBcNMTgwMzE4MTYwMTU3WhgPMjA1MDAzMTgxNjAxNTdaMIGeMQsw
+CQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzAN
+BgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UE
+AxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJn
+dXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEhmCg
+nhfyO/Z8q6/cyBTn7/K74AJRHl+8sUv/YFf0AOTgIrO93qdzDZf16IioZ/2+lg5X
+0exZGcXCIEOnWlrnDiVYYsVyYrCWOhhhLBv5Oe+OZCOwWEBY/+/M9Zp2OUgS5zJ6
+1DX4rtmb+WsAjcNJJmZV6q9M0gEZsuCfpgrNGADpuTCEa4RMk7z4mG/yjh0dkT1a
+RT2vAYD2RgUdVyR/xFQNflWh101i06kKwrJOuBT+iopBbyz3X2NkkBba+F9qoOpJ
+3NiOr4UfIMW6chUQiF1+8/PPtVIPkYFjNpUF5l1HXQBjwRCZZPYog1w701jN0G4u
+9GH6ZJjCBzvuSS8lo5jMdUillMh7EoCNdZTq+LgM8ZAro6GJh9oOXf3YL3RBMTfX
+aLFTxHzN+PCG53buZkNiM23OaackKyeOhXbDIQwiaTOcANVGpXrh63Qoj7BFbKx0
+pLTynp6IUXBbsE+ToX5y/BAtm8Q4DXLLe0h82zJIQ/ZBhTorQaMbi0VpLD0zkamM
+YWdZPVnAv+SOAt/uVVLN9aFUZO4V1ebBKVhYY56iW/OlugcSNo7vRcrvBFLI9TLU
+cS9euI4HxKldRZOejoTIbQXVEV7fZ1v1YHC7dafW/YJIJTkliTCQ05E8eiW/0zQd
+V1DWNIiPBOKm1LnMkVr+Aa1JpgpcEEN7ngMvswIDAQABo4IBBzCCAQMwHQYDVR0O
+BBYEFHSigxuV60X8ONBxrGr1ItbazicLMIHTBgNVHSMEgcswgciAFHSigxuV60X8
+ONBxrGr1ItbazicLoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVy
+bGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQ
+TmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBO
+IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJkTSFUmTAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBkzH3PqKEHjXZytQY7usSL
+6uAjH2jMhZb96GJpMNdpgzntACGjYl80Vxtwj0aIAYyOyIbfA9VyZsnc4dsYqJ82
+bN/K3AlEHeMBaxhrD6qOdyoXkwjx80WfvtF/FTyMHxsCIR/N2l0BM6THKOLMZWB2
+TmY/QBBsD+/nSwy/4JOeeJvtxuY0IXu0aONM+n4tDoVO9O7EyvpzcfrT/SosbtBB
+mBI1hH7/ThmXswvcrN7rCn00yaJC5Qv9HN4osKihzgigS5jh4lOYAvXhxTGU9Nzm
+kH21ONSNZql/mZCfs97RaoM7l2Uap5ex5vPA4BJvQ4WXWL89GYJGwTuOmIf77aX3
+Aoxl8ntuiE9R9oQKqcFe9uW25c1h1o6DRglc6oBEP1T40Ni8b/cTnwSeES4RiYAK
+ScSturvc/Nj2Z5nzR5iVKo/mW9SBHlbk52HvsIIhFRMoHahIcv2Z4+nyUPMlJCly
+lvp9yEFCnjwVbc3ruUqtYQHDxJf/SkBxuCLkN7W7W2voq1mOSOl3i7Aw2zf/kmG7
+BTLQVfIkUKLR6F2erz6QdEn8mST/Niz0la9mfK34ZgdG0zFZ0j5lLC3YnW91lr7B
+hlwVD/nIqjSOFLHdK2d/lefY1ZHcTbs3fUA8oKp8CdJb1NhfUWprigKHsSVHyqJ1
+CAgKxVPrsd1y2i/Xhg74YQ==
+-----END CERTIFICATE-----
diff --git a/SPR-BE/openvpn/spr/keys/ca.key b/SPR-BE/openvpn/spr/keys/ca.key
new file mode 100644
index 0000000..2c196a6
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDEhmCgnhfyO/Z8
+q6/cyBTn7/K74AJRHl+8sUv/YFf0AOTgIrO93qdzDZf16IioZ/2+lg5X0exZGcXC
+IEOnWlrnDiVYYsVyYrCWOhhhLBv5Oe+OZCOwWEBY/+/M9Zp2OUgS5zJ61DX4rtmb
++WsAjcNJJmZV6q9M0gEZsuCfpgrNGADpuTCEa4RMk7z4mG/yjh0dkT1aRT2vAYD2
+RgUdVyR/xFQNflWh101i06kKwrJOuBT+iopBbyz3X2NkkBba+F9qoOpJ3NiOr4Uf
+IMW6chUQiF1+8/PPtVIPkYFjNpUF5l1HXQBjwRCZZPYog1w701jN0G4u9GH6ZJjC
+BzvuSS8lo5jMdUillMh7EoCNdZTq+LgM8ZAro6GJh9oOXf3YL3RBMTfXaLFTxHzN
++PCG53buZkNiM23OaackKyeOhXbDIQwiaTOcANVGpXrh63Qoj7BFbKx0pLTynp6I
+UXBbsE+ToX5y/BAtm8Q4DXLLe0h82zJIQ/ZBhTorQaMbi0VpLD0zkamMYWdZPVnA
+v+SOAt/uVVLN9aFUZO4V1ebBKVhYY56iW/OlugcSNo7vRcrvBFLI9TLUcS9euI4H
+xKldRZOejoTIbQXVEV7fZ1v1YHC7dafW/YJIJTkliTCQ05E8eiW/0zQdV1DWNIiP
+BOKm1LnMkVr+Aa1JpgpcEEN7ngMvswIDAQABAoICAARc82I9gEyZdjR4X1QogQZR
+NnNjWsnQQdHfoc9OpUU+i9ZKDvGFMvSD9b645efPPzvu+uyKNZQY1WIk8zuQ7vm4
+P64Bq16JwF/ldEsb/pb+6UmhAYXVv7/6FqnXPhGn3ejFh0Jg2b3mq+AhnnWJsC88
+kgMQTcoH04xtgz0oI49AHC0UNnaKKIrGsOhYAgxBiXXxloodhWwQPXu6PDzVhXLs
+uez+xAnuzMIH7vXVMr46qgSosL8ZJ8dqL7u40zkTUJL+dZUkOQ6Z6Puy75DfHYab
+cG/0HJKc9PBxi4zXVmGmJqYB85NDYwn0yt5FZFPTsmIHYZrbRB2aBCYyoOr+ZvSF
+/44fBymBWiCNkTSHPp6aJUKh5pUxbpV5JWQtQZMbzc4sWONRhqwLnIQITuJg4b1q
+szWH9xyzrceBNCpKvaIWA8++cAexTR648NW4KxO3Po5EYlAYkfZFBsK3SvE18noV
+hMK/Yis8yBVDCTsg45LlACxi/ErYQAGfY1s4kfBYhJgy5aWow9MnKdnA5v5menOw
+w7N4YkrBy4iRcE2NZzd6YQY6ow0+LcEQMoPyj7UKVnmb2EgMRvjEKMngSdEeHL7w
+Amp+fEzgFGIaNZCxBLwOV7waF8mF3QH5/T4sIl3JfQ1oDDv/yFUJwnROR/RDgJ3X
+PCFyWvPEOBUbd1U4TpqJAoIBAQDrmm7QAY1X9brxH2L10QunCbUcx/B9ckzfDrOW
+D/OXgvDZKS9Vkb76MqUUExbdTjRQncUoma5KiVb2DnmGbQubUmgCiD4CEOeWuJl1
+6MQuOu2qjbCbK6iQIO01Lqz6Dbm3ZebobYB+qrnK5OMIhbHhlBTRhP+j5X1Q0vzv
+jTFMFdW3xt+S0aoc0Y5gLjw6i6Q2gXNgxenrCgyuAxJng82xX25O5DyvsXatxOw5
+DbFj7/96OeWc7OFluhpHAxCsgYgG7ff8UyUzr85DoAVSfU7nqMr/M9WmiTQ7Vvwa
+Ku5KtlaGVX5Pv4PCY+ECX07/YyDOXTdg+uwCuS8ROTaIGxOVAoIBAQDVid6Cvh2Z
+9nvq4Q+tIgem3NTmVrrh9QQNdW/HzAwdUvekDgL3Jlev+aO8D3YQHtJJndTJQ46m
+3H5jE+Rzs+Ld5FlpWS2NUMVya/QuUpUPmJ4lml7jsqof52To8NXKi74drNJt6PHq
+uRFUPPHAlLu+IvinSErCCezcDh75Hkf7b43MMFhH5s8msIC2f18SQI3SNnsdyL2u
+zJI4zYPg1lJ3Cn0gt3V97kkGT+FuRgUj5u5fXkvORi0+2TMmyWqybkZA+RQyRhC+
+rAs6qlxVfEvQt1vnGehDefSlyKlrXHdhyKJJ8RZROvbwNY8XDYo/zm3a7MPnLjWr
+FdMq8uymCWQnAoIBAD/ZpYhns0eQR+6K5AXcdnz5a4T2Rp2ouV6GHHNhtVFtYhpo
+R/S3v/sMeKJ9HegyBomGiGUdaRe4KsIaYCLnMIsShS+SfsOOk0TMmIJU573jqH9d
+UOxso40T71VHZgeKardiPXbmHjm1yQ5Mg57OpMuOlynFEob3bcPWuketixukmzvo
+ALVIbwLKY/x660WujH1dDci/OkrBeXg7SuSU2szkIP/uaOfwf0pOoPpBVL7Rzvnv
+8ONbayZnjjGKih1GKXg/S8KtQdrFHXBEUMzvOtAbdZA+Gvu8GVSvmTj6Q4Qp8D8N
+smKoc2veJ5+99qnN0pk6uARnXEjMqQ3Q5I90TxUCggEAX54mtuCunJyUjG5O+LW+
+O2ezJZk8gaWXNPebIBosao0WOq3Tghv3M+NTAAjkUv+aJkC4YY8Qt4MQTQlBSNYK
+BlYT+2plTVwXrc7NPljYSm2Kk0f2qXr9Vt/kfbIp6VJ9xQf4CiM/AF3ydof7sMJo
+9xDtyupCH3UWTMs970sx7FLdactUHI4rwCVU3WNXjPK/Dpw6sPGMjlMoPqs4HFub
+/ZYCxb2grM0ggeUPCrPr5VGo96dfxnQCGpxjnUCfuFpMtxdRhdl98gNT2+chBV5t
+DH6udmNRb7WSaRHbWynCg1S15uo/lgwTOyigdDAp8bxb0KYoasJ0YbGaJycz9H1M
+DQKCAQBElhUv4LAHzwIJJN5dnhUgqraSDzn7es5zRM1MPc+cFfLuZOrHSldFZ6ss
+DrHZ7+FdBqxPHqBso/iUsKZqmPMZFwrVjiGuRvZm6XqH076Zpq7iijQh+DlT67h/
+G3IbYAcH8h6mBSxDHoDDZSDIB6kw2zczSET/XViDtEQOnZD35n9KpI5n81o3iCi3
+R7bpeJe2aDWiWSMnSTE2q6hjw9yKDe/dcHswVGR6VwPdkwAnFPf3Kaa1e4OKWgyt
+c9nDLtdNLw24XZtEHxJrCBlZGfSGVR+l7IMzIAw76sbfh5H0opOQUMYvY+i7mkiq
+iNFVi9ygF7UxmEskpH/4gFKMSJZq
+-----END PRIVATE KEY-----
diff --git a/SPR-BE/openvpn/spr/keys/chris.crt b/SPR-BE/openvpn/spr/keys/chris.crt
new file mode 100644
index 0000000..e85100f
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/chris.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 22:20:38 2018 GMT
+            Not After : Mar 18 22:20:38 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-chris/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:b9:f3:5e:69:06:7b:97:3e:45:6d:15:c2:45:e0:
+                    e1:ee:9e:3d:78:f1:49:0c:ea:ef:84:43:37:1b:ca:
+                    c5:fc:1f:ec:2a:11:06:13:fa:cb:34:36:5d:f9:99:
+                    be:e9:9e:b2:a1:c7:3d:b2:3f:62:33:09:0d:a7:3d:
+                    95:82:9c:04:c6:12:01:2f:88:5b:a5:aa:3d:d0:bc:
+                    35:89:a9:1b:24:50:7e:f2:61:a0:a9:71:16:40:f2:
+                    4c:3e:69:39:3e:52:d3:05:c1:25:ff:9e:66:c2:69:
+                    1f:a8:25:59:ba:1a:25:dc:ff:e0:9a:4e:38:f1:45:
+                    18:ea:f1:55:0c:a3:a7:46:32:98:26:6f:dd:97:34:
+                    9e:ca:94:84:a7:20:c5:74:c3:9b:4f:46:da:85:73:
+                    7b:f5:f4:9a:3b:b6:a7:54:8a:e5:a9:42:ca:e7:5a:
+                    74:4e:2c:ce:2e:17:41:24:9c:b5:7e:18:19:0e:f5:
+                    c3:f8:ef:ef:25:67:01:17:48:00:bf:76:60:9f:d7:
+                    c7:df:70:1a:55:91:76:89:4c:50:1c:ab:2d:96:18:
+                    a6:11:1c:88:d6:52:c1:70:32:1d:78:bf:82:25:ed:
+                    79:44:79:fc:8b:9a:67:41:40:ce:05:98:0e:57:4a:
+                    6f:99:03:e0:25:b3:a7:5b:4f:be:55:76:6b:0e:64:
+                    89:ac:07:ce:ad:bb:4c:4e:ec:5c:97:c2:e9:44:e7:
+                    a7:61:88:7d:70:2a:67:b4:bd:70:74:f5:0f:66:03:
+                    30:aa:e5:51:f3:27:6c:1a:f0:c9:95:60:ad:61:e5:
+                    50:de:86:7f:69:66:68:69:dc:d6:5a:2a:93:5f:49:
+                    f6:fe:6e:7f:9b:03:fd:08:88:d9:1d:b7:5f:bc:48:
+                    c6:a7:d1:c7:64:17:db:cb:cf:19:4b:e0:6f:aa:88:
+                    f3:bf:e4:a4:f1:9e:23:ba:ba:28:05:d3:5b:ac:03:
+                    0f:28:6f:85:3a:9b:a1:23:fb:c4:d0:7f:5b:a6:2a:
+                    73:4f:d0:16:cd:8f:c4:74:d3:05:13:19:98:49:11:
+                    93:c5:5d:fa:ac:4a:c1:96:0b:2b:fe:05:b9:c4:07:
+                    19:67:a6:eb:11:7f:5c:d6:30:27:f8:bb:58:60:b8:
+                    86:30:af:01:33:7c:25:93:51:08:b3:e8:10:fa:f0:
+                    66:db:86:8b:00:fe:8f:05:f0:43:25:fe:76:38:e3:
+                    6e:4a:68:e8:d2:46:86:76:98:01:03:1e:b5:76:2e:
+                    19:61:2f:84:cc:c4:12:12:f0:ee:6b:95:c4:10:c8:
+                    b7:9f:55:03:99:5f:4b:2f:ad:8d:e4:73:59:a2:09:
+                    97:52:00:dc:dd:06:40:4f:58:66:13:32:52:de:80:
+                    94:c9:af
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                F1:1A:D1:0C:E4:87:42:01:F0:4A:19:4E:E2:10:97:98:7A:7F:28:0F
+            X509v3 Authority Key Identifier: 
+                keyid:74:A2:83:1B:95:EB:45:FC:38:D0:71:AC:6A:F5:22:D6:DA:CE:27:0B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:96:BC:22:64:4D:21:54:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         3a:88:81:de:5c:a6:41:7c:43:58:54:ac:78:49:1e:8d:02:23:
+         28:a8:d3:5c:ce:08:a4:29:ac:bb:a6:e2:cf:1f:d4:1d:3c:a9:
+         4c:70:3a:57:3c:d9:40:a1:ea:df:c2:8c:df:e1:61:b4:33:84:
+         7b:61:fe:96:72:5e:80:09:5e:3d:40:93:13:2d:be:66:a9:c9:
+         1d:e0:95:58:f1:6f:01:c2:ea:c3:63:ea:16:43:0c:a3:57:9e:
+         45:cb:61:7b:33:4d:0c:75:d2:95:a9:3f:9d:47:ce:09:0e:5b:
+         15:09:ee:a8:56:5b:ff:7c:44:70:a4:bd:49:1f:b7:b9:9f:ac:
+         77:bf:42:e8:64:61:7b:e0:42:31:89:23:76:74:01:bf:19:b0:
+         28:7a:c1:27:6a:11:4d:10:70:93:98:40:a3:5b:1a:34:48:f6:
+         57:c3:4c:4d:4d:35:58:d1:b6:67:14:68:53:d2:94:b5:98:b8:
+         f0:2b:e3:f5:01:5b:4a:49:89:f7:02:ea:35:2d:ce:6a:4f:7e:
+         ce:29:92:ba:bf:f4:97:54:a4:ef:47:db:2d:7b:ed:34:aa:53:
+         ce:98:5e:40:5f:f5:aa:71:bb:79:7c:bc:cf:94:41:17:41:eb:
+         d8:ec:fb:93:92:36:fb:59:c3:2c:af:99:4a:f9:24:eb:a3:33:
+         a6:d4:08:df:8f:59:ca:3c:a7:27:6f:50:dc:c8:60:2e:c7:f0:
+         e9:de:ee:08:95:57:a4:36:d1:74:a8:31:de:2c:b9:1e:d6:df:
+         b8:c0:90:6d:36:15:b5:07:84:ec:05:a1:db:45:f2:8a:39:52:
+         82:ee:11:d0:78:9b:ab:a5:f9:08:de:ed:0b:11:4f:bd:01:34:
+         5c:72:01:4c:d7:b0:52:16:e2:a7:e4:e7:40:32:f1:70:e5:9c:
+         1c:c6:7e:de:0b:0e:c3:e1:9a:60:cc:75:62:6a:2a:df:76:4d:
+         fa:79:01:d1:fa:81:af:22:dc:b5:b5:0b:1b:0d:64:57:65:17:
+         58:d7:bd:17:7a:a3:92:f0:a8:4c:c4:67:05:7c:1f:f5:3c:23:
+         79:94:ac:2c:ac:a2:ea:b0:dd:ba:7a:f1:37:3e:71:0d:b9:6d:
+         94:b5:ea:ee:5c:d7:bc:61:e5:53:2f:21:b5:53:cd:1d:48:1d:
+         44:61:a2:fc:1c:63:df:36:d7:68:7e:27:d6:ec:c7:b4:6f:8c:
+         c0:88:c0:44:2e:f3:5a:63:36:ed:18:c7:a3:6e:6e:11:49:43:
+         aa:48:ff:53:5e:17:82:3b:1f:f2:ac:af:80:f5:9e:0d:06:ef:
+         12:0e:63:1f:72:a6:15:48:d1:94:a8:1c:7f:7b:d7:a0:89:41:
+         b0:40:45:9d:20:2d:e2:6b
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODIyMjAzOFoXDTM4MDMxODIyMjAzOFowgaQxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tU1BS
+LWNocmlzMRAwDgYDVQQpEwdWUE4gU1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALnzXmkGe5c+
+RW0VwkXg4e6ePXjxSQzq74RDNxvKxfwf7CoRBhP6yzQ2XfmZvumesqHHPbI/YjMJ
+Dac9lYKcBMYSAS+IW6WqPdC8NYmpGyRQfvJhoKlxFkDyTD5pOT5S0wXBJf+eZsJp
+H6glWboaJdz/4JpOOPFFGOrxVQyjp0YymCZv3Zc0nsqUhKcgxXTDm09G2oVze/X0
+mju2p1SK5alCyudadE4szi4XQSSctX4YGQ71w/jv7yVnARdIAL92YJ/Xx99wGlWR
+dolMUByrLZYYphEciNZSwXAyHXi/giXteUR5/IuaZ0FAzgWYDldKb5kD4CWzp1tP
+vlV2aw5kiawHzq27TE7sXJfC6UTnp2GIfXAqZ7S9cHT1D2YDMKrlUfMnbBrwyZVg
+rWHlUN6Gf2lmaGnc1loqk19J9v5uf5sD/QiI2R23X7xIxqfRx2QX28vPGUvgb6qI
+87/kpPGeI7q6KAXTW6wDDyhvhTqboSP7xNB/W6Yqc0/QFs2PxHTTBRMZmEkRk8Vd
++qxKwZYLK/4FucQHGWem6xF/XNYwJ/i7WGC4hjCvATN8JZNRCLPoEPrwZtuGiwD+
+jwXwQyX+djjjbkpo6NJGhnaYAQMetXYuGWEvhMzEEhLw7muVxBDIt59VA5lfSy+t
+jeRzWaIJl1IA3N0GQE9YZhMyUt6AlMmvAgMBAAGjggFnMIIBYzAJBgNVHRMEAjAA
+MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFPEa0Qzkh0IB8EoZTuIQl5h6fygPMIHTBgNVHSMEgcswgciAFHSi
+gxuV60X8ONBxrGr1ItbazicLoYGkpIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UE
+CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcG
+A1UECxMQTmV0d29yayBTZXJ2aWNlczEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UE
+KRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJk
+TSFUmTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkw
+B4IFY2hyaXMwDQYJKoZIhvcNAQELBQADggIBADqIgd5cpkF8Q1hUrHhJHo0CIyio
+01zOCKQprLum4s8f1B08qUxwOlc82UCh6t/CjN/hYbQzhHth/pZyXoAJXj1AkxMt
+vmapyR3glVjxbwHC6sNj6hZDDKNXnkXLYXszTQx10pWpP51HzgkOWxUJ7qhWW/98
+RHCkvUkft7mfrHe/QuhkYXvgQjGJI3Z0Ab8ZsCh6wSdqEU0QcJOYQKNbGjRI9lfD
+TE1NNVjRtmcUaFPSlLWYuPAr4/UBW0pJifcC6jUtzmpPfs4pkrq/9JdUpO9H2y17
+7TSqU86YXkBf9apxu3l8vM+UQRdB69js+5OSNvtZwyyvmUr5JOujM6bUCN+PWco8
+pydvUNzIYC7H8One7giVV6Q20XSoMd4suR7W37jAkG02FbUHhOwFodtF8oo5UoLu
+EdB4m6ul+Qje7QsRT70BNFxyAUzXsFIW4qfk50Ay8XDlnBzGft4LDsPhmmDMdWJq
+Kt92Tfp5AdH6ga8i3LW1CxsNZFdlF1jXvRd6o5LwqEzEZwV8H/U8I3mUrCysouqw
+3bp68Tc+cQ25bZS16u5c17xh5VMvIbVTzR1IHURhovwcY98212h+J9bsx7RvjMCI
+wEQu81pjNu0Yx6NubhFJQ6pI/1NeF4I7H/Ksr4D1ng0G7xIOYx9yphVI0ZSoHH97
+16CJQbBARZ0gLeJr
+-----END CERTIFICATE-----
diff --git a/SPR-BE/openvpn/spr/keys/chris.csr b/SPR-BE/openvpn/spr/keys/chris.csr
new file mode 100644
index 0000000..3fa562e
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/chris.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6jCCAtICAQAwgaQxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tU1BSLWNocmlzMRAwDgYDVQQpEwdWUE4g
+U1BSMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBALnzXmkGe5c+RW0VwkXg4e6ePXjxSQzq74RDNxvK
+xfwf7CoRBhP6yzQ2XfmZvumesqHHPbI/YjMJDac9lYKcBMYSAS+IW6WqPdC8NYmp
+GyRQfvJhoKlxFkDyTD5pOT5S0wXBJf+eZsJpH6glWboaJdz/4JpOOPFFGOrxVQyj
+p0YymCZv3Zc0nsqUhKcgxXTDm09G2oVze/X0mju2p1SK5alCyudadE4szi4XQSSc
+tX4YGQ71w/jv7yVnARdIAL92YJ/Xx99wGlWRdolMUByrLZYYphEciNZSwXAyHXi/
+giXteUR5/IuaZ0FAzgWYDldKb5kD4CWzp1tPvlV2aw5kiawHzq27TE7sXJfC6UTn
+p2GIfXAqZ7S9cHT1D2YDMKrlUfMnbBrwyZVgrWHlUN6Gf2lmaGnc1loqk19J9v5u
+f5sD/QiI2R23X7xIxqfRx2QX28vPGUvgb6qI87/kpPGeI7q6KAXTW6wDDyhvhTqb
+oSP7xNB/W6Yqc0/QFs2PxHTTBRMZmEkRk8Vd+qxKwZYLK/4FucQHGWem6xF/XNYw
+J/i7WGC4hjCvATN8JZNRCLPoEPrwZtuGiwD+jwXwQyX+djjjbkpo6NJGhnaYAQMe
+tXYuGWEvhMzEEhLw7muVxBDIt59VA5lfSy+tjeRzWaIJl1IA3N0GQE9YZhMyUt6A
+lMmvAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAJngSSAfyxqID3NeeFhxtpb0I
+FE3bQs8tr6UjJusGPGpqLt42t6AZV36saj11WQqt+coexxz6rtevbIThKmi5jleY
+FBjt64cL47TeHY3aM4zIZ7n3YVcxGIbgZS5rDmYYFmydiI7PfOo9P2qUaLoB8I2l
+XL4SKv6NqKuu8k1rKiRt7WjZi3h6YG3P2DhU4BwkP7L/d9JjlLNOcsU7lCS2x/W+
+aBu0wYGZJNb0yxKdY1g0q5G4ciJGtisOt87DPyPi5uMK9zGCrOgdAFNvgYyL7HWy
+sdRPNorcnJxKl2OGTGSGMfy/H8dl7eHnFCtfYlDg1CKPFTrv6RypFE4f0/U1H7n5
+pk2rRKewgsSoex7YZrU8iVgs6/GZZwd+bfSzML0nAgp7Zg9CGV9UmGfgrTz6IdUH
+Me2iZXOSLrHBM8e9rBsDiTC7Fasd/9vm1oTJyEV29aWLodXRVOmE+pA5kloH6Mbk
+CZmKYxU2yBbuHRO7+f3aLa9sMzu5FW+X71qNczTWJ9nGY+mQ9OyPZAYXloRjgchj
+N5rIPu0zJhkWz3m84QG5y3ZCmzVkpqdfQPaY/B0xN9LytqlPcn+wvhiS+DK3PtYL
+jH1vvxaqfnIi89xnCuKEi1o8+SkpCsIKIjZlHAjM76KFnPc6f7w5Jfwh8Ax2jnQ/
++jtW4o7Fj0YKLjomVvo=
+-----END CERTIFICATE REQUEST-----
diff --git a/SPR-BE/openvpn/spr/keys/chris.key b/SPR-BE/openvpn/spr/keys/chris.key
new file mode 100644
index 0000000..16fd5b2
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/chris.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI3P+UTRrv91ECAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECIGofT8rXdMtBIIJSMRkl94ROVWC
+v/madZNyDie+Wlec4pGWYgur/dfgeQyjMEleu642IrvRFgJwdZOhEEIDc/syOHzx
+Hiy6zxvWcnMAfzQKwHcMI4HsOcqtZKiA/UZ+mXIH8H0HW62N8WHpryqpVyZC5EZj
+0bFaulmD7rV0MtYS2z5pfGLTnKvsDIE3rMvwyZTcRSA6Zt3bOxsJN+SjD4AlmJbk
+XERauxx47EmvPle3aIna625eIQjfniLxrEq0e5E8FQdZipHzqKz3Pub2bepAbmFO
+S3t1Eqk3DkA1mG5PKog1IrTgFAJ24tk/EZuFLzGEL0Wc5hdtcIijJh0Us8w0lWJ1
+RMp2+Pr6zMZSK5L1GYubi0IfASsAmBPewLPt/cUqdNuaCFc1dUuaX2/1gtBl/G16
+s6GFwjK8BhMuYi3Z2ehwNCA2koWA9nGbWzT4CSL63Znupc0ieCBob1UqrbtiaIPn
+xMFrKvO2wdnDJiKyNVCx3jUeN7700E2BCdS/G1WLoocQZTooQGJIpWUhcjvf6wXa
+AZhz+z/uFBXslWEB4O3t8VTk2M2/dKqJOg6yg+MwpAQSOd/8ogV0VOpft5GD/t4c
+6mgBs5lwtau7GbTFj060X15znpzvtPRUrNbL5QrK9DpLw+vvYB+IwCq/CVpjjchz
+g3nkpPw0O0gzGf6AEBJLGsfGljifMc1pDd0KNNkAweZSOg5XufFJpjiFnuXS5Puo
+O+vnvy0iie1e0KzMBrWJWY1vt9JuNRI85qNcftRNnyboQBmnnBAvdA5hiYib7+lY
+akB6UNwkREl40/FsDYxJl4yLbtUC/Lr1hEmyQt4ZEI9v96nW/L0/qlOyiYNAP1r0
+/PEKfRKn7uMZnJXZ0SYf9uMfdy8M56DYEEG3X08F6MWVbEozGbbF8l46FH/9cqFp
+/crtnJZi/1W/A12wmzSgGk2zzLtr+drZ8w/rO0sI5Ptjh+G1dSqSTobCb0bOC7+t
+H+6vesuSAdEQuxasbleh1IyBKkPRwNf4FqAumFfZDKlh0+PVw/waSEIcg5Ef4whV
+EI6rUHigVoZ7AtU/XsjJ3YkRulBXgIOVNCHCJqd8tRqgc5dUeG1652L3q5sIljtE
+nT1t/CEGOd+/rjLwbYl7ZdW3E67QovB/CRIh/B23u4jsbdBkZgeRINcrwbOIXE6t
+jhzO6uGjVuu/6VxMBRSSfxvIsMVCt1rDumadckn+MMOM8E/jT7qN+5QAurdSVnPq
+d7R6M14Jlz39NXXYkdAjNpAH9XX+8y/isOD1La6J+bcxpO7BqcAlQTzhgwB56DrN
+UZ234vaAW1hNtSjNS0e3jZ6noiEjfG6qOw5+DxtXLP9Rq5DwjPrIc2dscY4//foM
+u1NvDB4SloHVy1r01sEA5OqO4KyJsxXotKMeY6k92c2SmP7E461UHLn54LTLOs3t
+iuzug6aJh9nK/NOGprJoNgI9C/46phTTfPE73eUVCpbnbd46dZ8qpMnil4YIpk1L
++mOZCDOQD0H1CmFRXu+EzZsZLDLFjLtKtiGO/ifxs+zdNpLCcJyycPy44zteoMFq
+mra1b3hFgGestzHz/2ANY6gIe5sZikZVXgTRP9oZYQ7Wm0c1PVqQ003n60hJlajx
+a+EItIYkQl16BZCBbanDuKwofXmxtGZXtU84qcRIzs6X4NSb1N+0xwBC0TM+xYnN
+ZmX6hkj/ELYbrktcML6yJyDJz2UvMRaORBnrUjfisJ8dUFSKX6J0JCQ5IMSyZjeL
+Vzv7CRKFQ3VTvWgAtY31yjpNrr6oHJQ+Wk8B987IAKIKqIBH+RYiBlf3jQVrB3vl
+kQ93LqTXw2Iiapevb0fEREwoU9qEC/lTv39nrYIpHXMlpfQqFLGMPgS1VP5fQzrU
+QET6SCxYaehYT64aWBARpYUcwc7xMA8WwLc40f1JfXvmbIZ4dC4OZeIHNyy+kDu2
+hVKL7bI6jGZVTmFKGXYF9iMjiV8m4q19WqgvBkKZFzmTAZ4gasieHtOi+TzrEH+u
+G06wcEilg6o9NS2JkNl8H+ReOasnhPs/nuWZlB7hUNXnPA6QARQGZEuk6lKAxl6V
+zjtniLdRsZwVBKb8lExcP+BQ0KovnaLOzorFdISlsuOCwt4YWUbQkN1LMDMd1bq9
+Z3ThemCCOvn4C/Ez6DzFul22jTj8s5XPPZXUKEpu8p6Spt7rCYA8+MLoYmeS1Ztu
+L4ufZler6891KMkn2mLhSb91IB/5MDomgo9H9rBJA5JWa6hG/QV/wTxR2WkKuJAv
+IX8Zkhs5pQBTh+WDf9W5ftv4fqqowEOOztN+XotNAqaSmTE8vTxjePbnDAX5+iyp
+s40aHaxj9BFZrj0/Sp0StL9OzgV8qN8rxeblSoBFU0nx3bTAp76CM6fvp0XqK0el
+Ua6PdBBHKmp0RQoguX99cz3WYNqxTWMWE8c9aoXakBGff1Uz1Qgq0Y7kFnaXxCRM
+aUbkPMBOeMJrt1fQQWSlzurYXAO8pPn63uzZGhiplYh6fJQ3m+8m+AYGwzLTXEkS
+Z88Ox1CCdtR40brDba0pvkRNfOkD8wGpe2uYcAjnhc2MF5DeZf+8syxRnTBYsud9
+dBDCjQkYUKEihmqz31SjojoxaYutFkEe5//Nov2BxxoyVHtpjmLWtEdhVTAkcYTt
+05aO30leUBQ3IX97K68s6GFA1nJCe5WrcpCgjA/718N5tGuvc53zACLzpdEaCm5g
+2nowfRP/lx/faFCC1/ePjlT+1g9BJiaqFBaWR2iQ9VR8nKNws4ULCu6uNr5xtpG9
+LIw3C6DrBWtzVHAiZvz6Ufma4u5TlFxR4IlFS2aY7QzL9+EYqrogZUZIvDH3nOHs
+qS/t+CBbItxpb25X5EI/jruhmHplgHmdqdstRtyxjObEOdm5TV4+oRTIA6YYc4Cz
+TXrdjDkOECV+U/OYzHWxKFyCarn6d81pRu79RuksIhE0uAd5rxT5uJlzf9UuQjFr
+63XCVmLnVXuF4qpdfT7lj0cvtGz/Z7itSPgR3gzu/VnR+u+kdAvRgtDg0BJqV/Om
+vJLAnlJxc0bhwVmWB6q1Tmy3ZpDMsEGz7fLsbUQp+TcjNfrFCTrRgMppUdET5fFc
+8+kUQiLjZYYYINwpeS3cU+5tOtNNsnbgt1xkvbQvJ7qEjL8wF3J4j62M36dKCo5p
+LOq4p2liZ+06x9mtaX7NIg==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/SPR-BE/openvpn/spr/keys/crl.pem b/SPR-BE/openvpn/spr/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/SPR-BE/openvpn/spr/keys/dh4096.pem b/SPR-BE/openvpn/spr/keys/dh4096.pem
new file mode 100644
index 0000000..a8a2d51
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/dh4096.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA8HMy/i1H5AJVhuI3mRhJyAW+60dvO7tHI24uyoVwvUPpyoz5VWYw
+XtqTF1a2pOQNsDORvofWgdV6zoj/pzaWUV1IT4TbTxif/G30a7cMbOKK9yQK5cWZ
+CiaDjh96gEL64qF5qk4o2m/9Yg0qQE3NhJvt9VDz/EcfFu78OJP259/6KsPozSwk
+id93JjaMtXUmoAcLclylvVfKAV0uP03PzO8XlsVQnXYy+zSpvC0nhYpPATMcMFeY
+pDxbhoBaN51VoMP+CUeCZp0/s7hZBsistMVoh/Qgkhorru0TpAhsNVUwG0GfMbE1
+jm3Rq1LMT3rFhlxXy2imiSd4Q2dGz5SBjmjwyQ3Jdoovji62q3MfjMTVi1CI4OMH
+kjDZQiLu3nD8DpgHELfDi/Olel8VnSvQ1j1OOINw2MM4h0tINWKMuKKoBFxG2lCl
+86CYZ6nZKlN99FH3dz6vQjzM03zkB+w05PC6mXSkzkoLaTD+pyU/Q9mbwUyfE4ZE
+T79sJ+tBl1uSNPAflqx8AJYkJIHY1STR9YeAk03ZUF21GZtALSJH/+Vy3BbApKEY
++YpemjqXeUoQ9rMYEJu8O26E78KbSqjt/hh+9CKnqllqbXI6EdAV23MlFimxoFSw
+NvOeD3iyUAlqC2RccNwUD8z2z1/fHozcYHE1GCBgXCsVm9HUV38BQVMCAQI=
+-----END DH PARAMETERS-----
diff --git a/SPR-BE/openvpn/spr/keys/index.txt b/SPR-BE/openvpn/spr/keys/index.txt
new file mode 100644
index 0000000..c61684a
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/index.txt
@@ -0,0 +1,2 @@
+V	380318180815Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
+V	380318222038Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-chris/name=VPN SPR/emailAddress=argus@oopen.de
diff --git a/SPR-BE/openvpn/spr/keys/index.txt.attr b/SPR-BE/openvpn/spr/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/SPR-BE/openvpn/spr/keys/index.txt.attr.old b/SPR-BE/openvpn/spr/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/SPR-BE/openvpn/spr/keys/index.txt.old b/SPR-BE/openvpn/spr/keys/index.txt.old
new file mode 100644
index 0000000..ae3b02f
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/index.txt.old
@@ -0,0 +1 @@
+V	380318180815Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
diff --git a/SPR-BE/openvpn/spr/keys/serial b/SPR-BE/openvpn/spr/keys/serial
new file mode 100644
index 0000000..75016ea
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/serial
@@ -0,0 +1 @@
+03
diff --git a/SPR-BE/openvpn/spr/keys/serial.old b/SPR-BE/openvpn/spr/keys/serial.old
new file mode 100644
index 0000000..9e22bcb
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/serial.old
@@ -0,0 +1 @@
+02
diff --git a/SPR-BE/openvpn/spr/keys/server.crt b/SPR-BE/openvpn/spr/keys/server.crt
new file mode 100644
index 0000000..4081818
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/server.crt
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+        Validity
+            Not Before: Mar 18 18:08:15 2018 GMT
+            Not After : Mar 18 18:08:15 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-SPR-server/name=VPN SPR/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:f5:57:0f:71:d1:a5:17:ec:2c:74:fd:16:8f:f7:
+                    8d:16:80:5f:0a:60:e9:3b:9e:65:19:fe:30:71:41:
+                    14:55:f3:f8:17:5a:10:c8:b7:16:1c:bf:21:63:bb:
+                    33:64:75:f0:3a:a9:9b:1a:27:68:33:71:fc:85:a7:
+                    f8:7f:b2:f5:31:c4:39:a2:e4:2e:53:8b:3d:20:49:
+                    0d:e7:83:83:82:54:ff:05:00:5e:5a:e5:e1:b4:9d:
+                    2e:0b:61:c2:71:19:11:10:30:2e:ed:95:62:01:70:
+                    f2:5f:77:25:71:8b:2b:b3:4d:f2:68:13:41:85:3f:
+                    03:82:88:98:89:e5:58:b4:83:e2:65:1f:5e:c1:b1:
+                    b9:80:54:35:f4:00:7e:92:fe:e5:2a:ad:c1:d1:b8:
+                    f3:33:f9:c8:de:ac:08:87:84:5c:61:65:25:a7:cc:
+                    7d:c1:b8:00:63:59:31:68:af:8e:0d:26:ef:62:7c:
+                    93:a8:94:32:18:fb:19:0e:d6:39:36:d8:89:35:eb:
+                    82:5e:cd:32:a0:b9:6b:37:83:c7:51:7e:24:38:84:
+                    d9:dd:c3:6c:f9:5e:7a:aa:c8:7e:d8:3b:ee:e3:bb:
+                    b5:9f:87:b8:c1:ce:91:a6:d5:5c:76:e0:cb:40:f8:
+                    97:4a:3d:bc:0a:d3:06:1b:08:ef:72:50:7c:b9:c5:
+                    72:3f:3a:c6:70:da:d5:4f:db:c9:a4:7a:d2:ac:56:
+                    e5:71:37:34:42:48:f8:8b:d1:ce:ae:34:2b:71:5b:
+                    9c:9d:47:5c:47:6e:f0:90:55:95:a3:81:de:f3:a9:
+                    34:c2:9e:9e:be:e3:ce:f5:46:e1:70:7a:42:d4:71:
+                    c9:78:f7:b4:a0:9e:2f:db:97:e6:e3:44:a4:55:29:
+                    1a:d5:d2:23:b8:a5:37:47:40:5d:c1:1f:67:4d:84:
+                    b6:67:2c:bc:dd:83:ea:1a:75:a7:96:f9:90:7c:29:
+                    47:32:72:fe:79:d4:b8:48:13:e1:80:a9:d2:06:20:
+                    ff:52:16:e8:7c:58:86:ab:3e:9a:ff:f4:c0:e0:7e:
+                    aa:46:eb:16:53:5c:9b:9e:b6:07:8f:a7:1d:68:0a:
+                    81:80:49:1e:45:05:78:d1:7f:0c:29:b9:06:9e:19:
+                    2d:d2:39:a1:a0:dc:d6:54:ac:da:da:20:0e:6d:a2:
+                    22:04:23:95:3b:5e:8a:6c:e9:53:b2:41:8a:86:98:
+                    89:e9:a8:60:45:f0:ba:8b:50:c3:4b:a0:a2:a5:16:
+                    ac:d3:27:bd:dc:a4:dc:b7:69:39:10:60:5e:6f:56:
+                    7a:dd:1a:e7:7d:bd:06:3d:be:b5:09:44:48:79:c7:
+                    69:f1:ea:48:60:6b:cb:eb:5a:43:7c:36:0a:a4:05:
+                    d4:ff:ef
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                AE:A8:6B:BE:2E:F3:60:22:A3:76:8F:4F:F5:26:69:83:AC:2E:19:29
+            X509v3 Authority Key Identifier: 
+                keyid:74:A2:83:1B:95:EB:45:FC:38:D0:71:AC:6A:F5:22:D6:DA:CE:27:0B
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-SPR/name=VPN SPR/emailAddress=argus@oopen.de
+                serial:96:BC:22:64:4D:21:54:99
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         b4:51:ec:9d:ec:39:ed:c1:29:83:0e:e8:eb:c3:ec:5f:0e:1d:
+         53:d7:51:b9:d2:2e:90:09:a3:27:e8:f7:24:3f:de:15:d9:92:
+         22:80:ae:12:ab:17:5f:a1:7e:01:44:be:54:28:d8:76:42:ba:
+         60:77:7c:46:1d:42:6d:a9:25:ae:57:52:94:f7:76:44:b9:93:
+         de:a4:a7:c8:a3:4a:8d:72:bd:96:15:9a:42:37:b0:1c:e0:38:
+         7d:72:53:45:dc:11:28:62:e5:7d:0f:f9:32:21:81:8a:23:39:
+         85:05:bc:46:6a:23:34:a9:38:a3:fd:3e:a6:76:ae:82:d3:32:
+         a3:d4:6d:7e:33:0c:91:b2:04:26:99:ab:eb:43:9c:22:ab:ca:
+         ce:b1:c0:e9:10:0c:5b:cc:4e:42:8e:c9:e0:1d:59:b1:83:64:
+         57:7a:02:38:bc:b8:4b:ff:be:36:3f:a0:66:43:c6:1a:7e:17:
+         5a:d6:b8:5b:a7:08:7a:9f:e7:3c:00:0e:0b:46:f1:a1:90:73:
+         bd:b4:3e:11:a3:b6:96:4d:30:24:75:fb:fd:24:cc:63:b7:ac:
+         a5:6e:06:ba:1c:c2:6a:b2:fe:59:6e:5a:53:dc:0f:dc:e4:6f:
+         28:7d:c0:b1:cd:e9:14:95:06:ef:e9:91:7d:39:55:62:61:3c:
+         72:8f:0f:35:b4:e8:9b:49:50:41:2f:07:6d:3f:1f:92:94:ed:
+         e2:10:d3:08:75:43:cc:da:7f:00:3b:f9:d2:f1:97:21:2d:c5:
+         d0:30:2e:0e:84:1b:fd:3c:bd:ab:9d:bf:b7:18:ad:01:36:6c:
+         43:7e:04:33:29:14:b1:c7:68:64:a9:cc:85:57:67:f7:a3:3e:
+         c2:d5:a7:bf:f4:20:fb:41:91:2c:8f:6a:c5:d3:55:76:0f:79:
+         3d:12:59:d7:0e:59:f6:02:0c:31:07:39:09:55:97:40:e1:a9:
+         27:01:ad:fa:42:d7:67:14:7b:0f:e6:e3:1d:6f:28:71:17:9f:
+         de:97:2f:d1:a6:95:ba:d4:42:80:9c:0e:db:06:91:8e:bb:c4:
+         af:23:ae:85:9f:e2:57:e4:4a:87:e1:d0:64:9f:9a:15:30:c8:
+         bc:96:ea:da:98:eb:0a:5a:be:13:70:d6:35:50:0e:48:07:2b:
+         8a:19:e5:35:e6:a7:a2:ca:42:50:7b:bc:72:ea:99:4d:b8:2c:
+         06:75:e9:a6:c1:45:1e:97:42:9b:5b:a4:61:92:3c:45:88:31:
+         f4:1f:da:e4:01:72:f9:93:08:e4:66:4d:2c:4c:2f:19:10:49:
+         21:52:ca:18:59:38:76:79:ae:99:8e:ac:20:85:85:af:a8:b6:
+         ab:73:04:66:d5:56:a5:9e
+-----BEGIN CERTIFICATE-----
+MIIHRDCCBSygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxEDAOBgNVBAMTB1ZQTi1TUFIx
+EDAOBgNVBCkTB1ZQTiBTUFIxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MB4XDTE4MDMxODE4MDgxNVoXDTM4MDMxODE4MDgxNVowgaUxCzAJBgNVBAYTAkRF
+MQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5v
+cGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BS
+LXNlcnZlcjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNA
+b29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD1Vw9x0aUX
+7Cx0/RaP940WgF8KYOk7nmUZ/jBxQRRV8/gXWhDItxYcvyFjuzNkdfA6qZsaJ2gz
+cfyFp/h/svUxxDmi5C5Tiz0gSQ3ng4OCVP8FAF5a5eG0nS4LYcJxGREQMC7tlWIB
+cPJfdyVxiyuzTfJoE0GFPwOCiJiJ5Vi0g+JlH17BsbmAVDX0AH6S/uUqrcHRuPMz
++cjerAiHhFxhZSWnzH3BuABjWTFor44NJu9ifJOolDIY+xkO1jk22Ik164JezTKg
+uWs3g8dRfiQ4hNndw2z5XnqqyH7YO+7ju7Wfh7jBzpGm1Vx24MtA+JdKPbwK0wYb
+CO9yUHy5xXI/OsZw2tVP28mketKsVuVxNzRCSPiL0c6uNCtxW5ydR1xHbvCQVZWj
+gd7zqTTCnp6+4871RuFwekLUccl497Sgni/bl+bjRKRVKRrV0iO4pTdHQF3BH2dN
+hLZnLLzdg+oadaeW+ZB8KUcycv551LhIE+GAqdIGIP9SFuh8WIarPpr/9MDgfqpG
+6xZTXJuetgePpx1oCoGASR5FBXjRfwwpuQaeGS3SOaGg3NZUrNraIA5toiIEI5U7
+Xops6VOyQYqGmInpqGBF8LqLUMNLoKKlFqzTJ73cpNy3aTkQYF5vVnrdGud9vQY9
+vrUJREh5x2nx6khga8vrWkN8NgqkBdT/7wIDAQABo4IBgjCCAX4wCQYDVR0TBAIw
+ADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdl
+bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFK6oa74u82Aio3aP
+T/UmaYOsLhkpMIHTBgNVHSMEgcswgciAFHSigxuV60X8ONBxrGr1ItbazicLoYGk
+pIGhMIGeMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZC
+ZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNl
+czEQMA4GA1UEAxMHVlBOLVNQUjEQMA4GA1UEKRMHVlBOIFNQUjEdMBsGCSqGSIb3
+DQEJARYOYXJndXNAb29wZW4uZGWCCQCWvCJkTSFUmTATBgNVHSUEDDAKBggrBgEF
+BQcDATALBgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEB
+CwUAA4ICAQC0Ueyd7DntwSmDDujrw+xfDh1T11G50i6QCaMn6PckP94V2ZIigK4S
+qxdfoX4BRL5UKNh2Qrpgd3xGHUJtqSWuV1KU93ZEuZPepKfIo0qNcr2WFZpCN7Ac
+4Dh9clNF3BEoYuV9D/kyIYGKIzmFBbxGaiM0qTij/T6mdq6C0zKj1G1+MwyRsgQm
+mavrQ5wiq8rOscDpEAxbzE5CjsngHVmxg2RXegI4vLhL/742P6BmQ8Yafhda1rhb
+pwh6n+c8AA4LRvGhkHO9tD4Ro7aWTTAkdfv9JMxjt6ylbga6HMJqsv5ZblpT3A/c
+5G8ofcCxzekUlQbv6ZF9OVViYTxyjw81tOibSVBBLwdtPx+SlO3iENMIdUPM2n8A
+O/nS8ZchLcXQMC4OhBv9PL2rnb+3GK0BNmxDfgQzKRSxx2hkqcyFV2f3oz7C1ae/
+9CD7QZEsj2rF01V2D3k9ElnXDln2AgwxBzkJVZdA4aknAa36QtdnFHsP5uMdbyhx
+F5/ely/RppW61EKAnA7bBpGOu8SvI66Fn+JX5EqH4dBkn5oVMMi8luramOsKWr4T
+cNY1UA5IByuKGeU15qeiykJQe7xy6plNuCwGdemmwUUel0KbW6RhkjxFiDH0H9rk
+AXL5kwjkZk0sTC8ZEEkhUsoYWTh2ea6ZjqwghYWvqLarcwRm1Valng==
+-----END CERTIFICATE-----
diff --git a/SPR-BE/openvpn/spr/keys/server.csr b/SPR-BE/openvpn/spr/keys/server.csr
new file mode 100644
index 0000000..c319f0e
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/server.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6zCCAtMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRcwFQYDVQQDEw5WUE4tU1BSLXNlcnZlcjEQMA4GA1UEKRMHVlBO
+IFNQUjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQD1Vw9x0aUX7Cx0/RaP940WgF8KYOk7nmUZ/jBx
+QRRV8/gXWhDItxYcvyFjuzNkdfA6qZsaJ2gzcfyFp/h/svUxxDmi5C5Tiz0gSQ3n
+g4OCVP8FAF5a5eG0nS4LYcJxGREQMC7tlWIBcPJfdyVxiyuzTfJoE0GFPwOCiJiJ
+5Vi0g+JlH17BsbmAVDX0AH6S/uUqrcHRuPMz+cjerAiHhFxhZSWnzH3BuABjWTFo
+r44NJu9ifJOolDIY+xkO1jk22Ik164JezTKguWs3g8dRfiQ4hNndw2z5XnqqyH7Y
+O+7ju7Wfh7jBzpGm1Vx24MtA+JdKPbwK0wYbCO9yUHy5xXI/OsZw2tVP28mketKs
+VuVxNzRCSPiL0c6uNCtxW5ydR1xHbvCQVZWjgd7zqTTCnp6+4871RuFwekLUccl4
+97Sgni/bl+bjRKRVKRrV0iO4pTdHQF3BH2dNhLZnLLzdg+oadaeW+ZB8KUcycv55
+1LhIE+GAqdIGIP9SFuh8WIarPpr/9MDgfqpG6xZTXJuetgePpx1oCoGASR5FBXjR
+fwwpuQaeGS3SOaGg3NZUrNraIA5toiIEI5U7Xops6VOyQYqGmInpqGBF8LqLUMNL
+oKKlFqzTJ73cpNy3aTkQYF5vVnrdGud9vQY9vrUJREh5x2nx6khga8vrWkN8Ngqk
+BdT/7wIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAA4yKihpqPJAXK45e30X9Prz
+/C/RSinDDRctSxEF1tfleUgg+WhNg0xvzee/C0oDJXEovJy0w0/RJzRTvwnFCTlq
+En8L86Gdan4SOKDV+UkXEJCtOmYOiL6AvqKcfMoVThTYSqbNkZ/rkSHAZ9g5hIq8
+sPVfbt5gdWKD7/ZVzbvqKZC7bvS4taFRJutejKgdHyXHpJr9MYfRZncxQT7XtBFe
+LrM8fqJ14fWYTg8Q/E2qL28kPK1YZf+nEawnAldG4zaOyrKGplWf830815EyrQOn
+AhjJgz5RraTHQwo6l0vDtuSnO+1r52RyUA202O04Kdj/eOhtGDdA1vEsQKmVnFzq
+dvwVGVm+SzRb8otGx8JSf+Bc0W/+zGWT9CewW+apM7tpcZ8IyWlYxObMtcXJTEPL
+8XIvkcOGal9+NEqduSEo6goeuiuYo991WeQStrM/gioa6S9x6zzQW36dFmb7Y0VC
+HYjjgG6YOOfJPd2mWIs61c/2u3NDB+9Jy88PvdbJ7ukOAHxkyGq2ctsBZYwzCfoH
+WGq0dvP4qHNqCfhpfXOZsMKfopDmcE1+M6JFKv6OYYoXgOrCumEEly/AVNcr9ExU
+WmqBp5D1DBlaDrcJe/TBAOOBbDB2Ui/kCO3mhONRDKDemF5vriR+jATU4tZ5AVT0
+37MQGB4tDI1V8Iq9ovdD
+-----END CERTIFICATE REQUEST-----
diff --git a/SPR-BE/openvpn/spr/keys/server.key b/SPR-BE/openvpn/spr/keys/server.key
new file mode 100644
index 0000000..a76ae4c
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/server.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQD1Vw9x0aUX7Cx0
+/RaP940WgF8KYOk7nmUZ/jBxQRRV8/gXWhDItxYcvyFjuzNkdfA6qZsaJ2gzcfyF
+p/h/svUxxDmi5C5Tiz0gSQ3ng4OCVP8FAF5a5eG0nS4LYcJxGREQMC7tlWIBcPJf
+dyVxiyuzTfJoE0GFPwOCiJiJ5Vi0g+JlH17BsbmAVDX0AH6S/uUqrcHRuPMz+cje
+rAiHhFxhZSWnzH3BuABjWTFor44NJu9ifJOolDIY+xkO1jk22Ik164JezTKguWs3
+g8dRfiQ4hNndw2z5XnqqyH7YO+7ju7Wfh7jBzpGm1Vx24MtA+JdKPbwK0wYbCO9y
+UHy5xXI/OsZw2tVP28mketKsVuVxNzRCSPiL0c6uNCtxW5ydR1xHbvCQVZWjgd7z
+qTTCnp6+4871RuFwekLUccl497Sgni/bl+bjRKRVKRrV0iO4pTdHQF3BH2dNhLZn
+LLzdg+oadaeW+ZB8KUcycv551LhIE+GAqdIGIP9SFuh8WIarPpr/9MDgfqpG6xZT
+XJuetgePpx1oCoGASR5FBXjRfwwpuQaeGS3SOaGg3NZUrNraIA5toiIEI5U7Xops
+6VOyQYqGmInpqGBF8LqLUMNLoKKlFqzTJ73cpNy3aTkQYF5vVnrdGud9vQY9vrUJ
+REh5x2nx6khga8vrWkN8NgqkBdT/7wIDAQABAoICAQDNJFneswyXnzxhKgqGoNjR
+Os+9buE2n7Ar9tZsrJ0jbddBN2cXXbfYm5yAttQ3KUKQ2qa9TLwdYC9lVtk7ddj+
+HvSOlruB0chvyYYd0mLRRN7kQLWkzdlXW6JXlAuw4+PXpGJo+GK1j8qqNocRlOwa
+ho+tpIRBtTnrGOprS2FLt4dDROLHlSLmAgQHHa64nPfkItwQz9RT3oWuYyzSm8Nf
+EONWlm+E3qU8bSUaQsjFiIvbzwzshdYJ+1Oti0TV7mN0uZMOUAgISmIzTjYIlzAU
+Lkm526GwNebeDL27cwnCVH9+gE7lhyNU28zv/fEWR4bBZjNo3aCaVHNbI5/W+hkW
+0Ix5cJq18cv0k5pqfdgeUyQsYCH+pWpJg8xRidlq6vrrHnYrYfZfg86WkIZHtkQy
+b81s0Pi4Hy9bd1fvJIwBHG1Q/I47H7G4BD4sRTIGpm4/eXWGk6ceUlQROLu0b0ij
+d9/1K7VeB8IQom+DhRdyJ08tU2p/7/qS+sDR77+A1TfL6pEmtvwaNO8QJmSUE6kR
+/3nQKqJIR0s5R1qHzn6yXQFODVyzi9yWtG92mhyCOIx+hZmyhAzDszx1tTDPDarD
+pxdtaMTO6V6Br7V6x8jlM2iRgh3IVVxdG1pG7ZF5633LPeXycoKaCUL/yyEtGYw1
+NpY4tevGxUueiE8hWp3DYQKCAQEA/9+nkHICSSCWHbRnkkGmJii/ZMWMqr0Yv6wa
+OyaqRswElVFSgh44dYSv2Gw6MkNSb6hytOvSYHMVvbsG54TolO4uXHjsW8KfYaR/
+R7iWsNhJ0woZzJXyjKTPH7vTkeVgwbouqmoM3sFsXdzJMEV2TAsclZYhec7FaWMX
+EYkGEVC2DH7kMrLXddm3h74G4kkm9k8LYVFnXbNeK7Rwlrx9HtdkqrcYC5oiN/cc
+z8JyYt+5WZRB1ovksTv4rhHVe6xsgJb/k/Mdhykdnawl6NnTNcaMGInxH+xt+4st
+7REuwWPGeAa6JWVvuzu618IjIPB4/g5DiYhzKnGbkE6/RpPrsQKCAQEA9XYS/758
+W1W6CdZbo59lfYlKzXJarVJr6PPJxuDEUR3zarKiVdVzcAj8geiQqVTdt5OYFyd0
+Ny4CrnQKqM2EtjUK7m+DJbiMv54jSWItiIvA+3vuoCYE6m0APPfImU3YwxSCOWWF
+f9gNmkk54xON/x/gj5WMmaYezfPPjdCtnXsXq/Eyq0hM2bZwgAfAkmWBRlrVopDr
+9Q61mYm0+lAz6ZSGADldsXIou5zTM5z5kDNk6rbEEpkP5IKeGaNNRvuM4WvfzlUZ
+u7sFCR9GDuvF4C5hNTlH6fRVvoBImcjgAZScgyIqQiDB/7HA1MzSobQOOVWu7pXC
+7+Coygi0s1+tnwKCAQEAkT4SbsLYm0v9ClWKaRIMzyJYKkqc45o9PyfhJ+x1wYQz
+odKspCGlaMftzUr56egfFjSnEB3AqHELSUytyaO/JjLhbCpT+G5MbG+ktECKgU30
+8e+M333KVZ2D2P6URP/QYYdez+ss7REcg1c9eMIlOVshWaQD0pHVq1HNGW4PXKrU
++9jXjhPIjCQOsuXiIHbnv+70hcRgiWa0sNhXBKlv2J7pjKIr6wIOJHiICULWDVvz
+aW7nxHJaWWSyb5S9+trQKFoOL5xUCZIENqkuR7PF2YOfqJo8niNl9uB1LFmRkcMi
+OKWQ6oNe3gg0sh6IND1sYMIWAi7LOK+OX2bj2ptCsQKCAQEApcgshsw5o1pf/xrm
+47jZTBM5EU8lzR/4v+o/onHWRc8Lw0mI+J3kjIuVN4xCgAtQgBdQRnsgM9CAgSDg
+vieodYOXsXhhRE3Dyftda8fCZxG0smV+wm1LLqWV3pefxWLdfsxQM8HMi475iPXi
+AesIIYJ/IZrozjFzZrg/u1FwoQcs8rVB+osnVHeyvdX+iyHBUSoyVcy5gNaBcoSe
+Vd1rYlwssOQN0rX+qs/9mUNxDqKXiysLfGAiaryJWVmA7OsiuHEqRGoXqkJi4Uld
+AODe0U2h29enKW0bqEFuR2dzW73qg2rEzcrgG/kK+u6naA16+eBT+NHvSiIa/fEp
+UmjRkwKCAQAg9Viy5Rm5aBV37X0TDZH0Iftk53N8J/CQtH3jbzUd8H49M92akBdY
+M+X7LZP16iVrIXdvFdSeIGgHNKnHGwDq/Lpnjm3CUpHRSwCXsNKlB1kY8VncSnEe
+zErz7FElHGXWZRJCRfpvMuSxjl3f9QiZrYq9B9VcSrsD5pMIdibXTZngbWyMM7kz
+KW0fasBni5evMASFnWrOsk7RaxAAnj3L+kHF7ijDh1n8X7QzpOv81LPPO+ziwmVm
+bVSoZQKSA6qdODQ6J+5bJjrnWng8JjzJw1554oBZsqj4TB613R80x9UcdoJh2eIN
+39lbdV2Gx8i/VYUZylpD0R8oBgxq4Kkr
+-----END PRIVATE KEY-----
diff --git a/SPR-BE/openvpn/spr/keys/ta.key b/SPR-BE/openvpn/spr/keys/ta.key
new file mode 100644
index 0000000..2b0c55a
--- /dev/null
+++ b/SPR-BE/openvpn/spr/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+0f871c0affde12bf4aa4c3683db554ab
+5b289badc22171c46f4fcf749b94c3b3
+fc8da02a98f067a6b624e3755ff08e28
+6c74f622bcb49a31b94bf9e9e9619fd7
+2949dddce9997bdd6b8c08bf7785baba
+54267e89eabf34f4e729d09dad95fbb4
+f254ed52de9287436f718c138f29e927
+36a77a01b8801be92da98eec772e1d9f
+eb568dc508531ca7dbb92af3098f812f
+4b7bcff4c0badbd34b6e168fc7312da1
+030559d8278ea9d2ac200da87d4b9283
+8994c85e9ef639c82214107f12d67f9a
+d71ca5d6a991bf778222f8a87eb99009
+1e1de4379406d4008daf98437ffe0e98
+0dd90d7d41239a14489e6d077740e97a
+90b30b8b8f445e78073ae1f365601bb1
+-----END OpenVPN Static key V1-----
diff --git a/SPR-BE/openvpn/update-resolv-conf b/SPR-BE/openvpn/update-resolv-conf
new file mode 100755
index 0000000..fc2f031
--- /dev/null
+++ b/SPR-BE/openvpn/update-resolv-conf
@@ -0,0 +1,58 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+# 
+# Example envs set from openvpn:
+#
+#     foreign_option_1='dhcp-option DNS 193.43.27.132'
+#     foreign_option_2='dhcp-option DNS 193.43.27.133'
+#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+[ -x /sbin/resolvconf ] || exit 0
+[ "$script_type" ] || exit 0
+[ "$dev" ] || exit 0
+
+split_into_parts()
+{
+	part1="$1"
+	part2="$2"
+	part3="$3"
+}
+
+case "$script_type" in
+  up)
+	NMSRVRS=""
+	SRCHS=""
+	for optionvarname in ${!foreign_option_*} ; do
+		option="${!optionvarname}"
+		echo "$option"
+		split_into_parts $option
+		if [ "$part1" = "dhcp-option" ] ; then
+			if [ "$part2" = "DNS" ] ; then
+				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
+			elif [ "$part2" = "DOMAIN" ] ; then
+				SRCHS="${SRCHS:+$SRCHS }$part3"
+			fi
+		fi
+	done
+	R=""
+	[ "$SRCHS" ] && R="search $SRCHS
+"
+	for NS in $NMSRVRS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
+	;;
+  down)
+	/sbin/resolvconf -d "${dev}.openvpn"
+	;;
+esac
+
diff --git a/SPR-BE/resolv.conf.SPR-BE b/SPR-BE/resolv.conf.SPR-BE
new file mode 100644
index 0000000..c99ae5b
--- /dev/null
+++ b/SPR-BE/resolv.conf.SPR-BE
@@ -0,0 +1,3 @@
+domain sprachenatelier.netz
+search sprachenatelier.netz
+nameserver 127.0.0.1
diff --git a/SPR-BE/sasl_passwd.SPR-BE b/SPR-BE/sasl_passwd.SPR-BE
new file mode 100644
index 0000000..0590c87
--- /dev/null
+++ b/SPR-BE/sasl_passwd.SPR-BE
@@ -0,0 +1 @@
+[b.mx.oopen.de] spr-be@b.mx.oopen.de:phuwo1AhViso
diff --git a/SPR-BE/sasl_passwd.db.SPR-BE b/SPR-BE/sasl_passwd.db.SPR-BE
new file mode 100644
index 0000000..9019133
Binary files /dev/null and b/SPR-BE/sasl_passwd.db.SPR-BE differ
diff --git a/SPR-BE/sbin/ip6t-firewall-gateway b/SPR-BE/sbin/ip6t-firewall-gateway
new file mode 100755
index 0000000..3df216f
--- /dev/null
+++ b/SPR-BE/sbin/ip6t-firewall-gateway
@@ -0,0 +1,3414 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ip6t-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv6 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv6.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv6.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv6.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv6.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ip6t=$(which ip6tables)
+
+if [[ -z "$ip6t" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IPv6)..\033[m"
+else
+   echo "Starting firewall iptables (IPv4).."
+fi
+echo
+
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+# ---
+# - Enable/Disable ip forwarding between interfaces
+# ---
+if $kernel_forward_between_interfaces ; then
+   echononl "\tActivate Forwarding.."
+   echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+else
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
+fi
+
+echo_done
+
+
+# -------------
+# --- Adjust Kernel Parameters
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+
+   # ---
+   # - Deactivate Source Routed Packets
+   # ---
+   for asr in /proc/sys/net/ipv6/conf/*/accept_source_route; do
+      if $kernel_deactivate_source_route ; then
+         echo 0 > $asr
+      fi
+   done
+
+
+   # ---
+   # -  Deactivate sending ICMP redirects
+   # ---
+   if $kernel_dont_accept_redirects ; then
+      echo "0" > /proc/sys/net/ipv6/conf/all/accept_redirects
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+
+fi 
+
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv6).."
+
+# - default policies
+# -
+$ip6t -P INPUT ACCEPT
+$ip6t -P OUTPUT ACCEPT
+$ip6t -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ip6t -F
+$ip6t -F INPUT
+$ip6t -F OUTPUT
+$ip6t -F FORWARD
+$ip6t -F -t mangle
+$ip6t -F -t nat
+$ip6t -F -t raw
+$ip6t -X
+$ip6t -Z
+
+#$ip6t -t nat -A POSTROUTING -o $ext_if_static_1 -j MASQUERADE
+$ip6t -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+echo_done # Flushing firewall iptable (IPv6)..
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ip6t -A INPUT -s $_ip -j LOG --log-prefix "$_ip IN: " --log-level $log_level
+      $ip6t -A OUTPUT -d $_ip -j LOG --log-prefix "$_ip OUT: " --log-level $log_level
+      $ip6t -A FORWARD -s $_ip -j LOG --log-prefix "$_ip FORWARD FROM: " --log-level $log_level
+      $ip6t -A FORWARD -d $_ip -j LOG --log-prefix "$_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP IPv6 traffic.."
+if $permit_all_icmp_traffic ; then
+   $ip6t -A INPUT -p ipv6-icmp -j ACCEPT
+   $ip6t -A OUTPUT -p ipv6-icmp -j ACCEPT
+   $ip6t -A FORWARD -p ipv6-icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ip6t -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ip6t -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ip6t -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -j ACCEPT
+         $ip6t -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ip6t -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ip6t -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ip6t -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ip6t -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -i $_if -j DROP
+      $ip6t -A FORWARD -o $_if -j DROP
+   fi
+   $ip6t -A INPUT -i $_if -j DROP
+   $ip6t -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -d $_ip -j ACCEPT
+         $ip6t -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ip6t -N syn-flood
+   $ip6t -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ip6t -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ip6t -A syn-flood -j DROP
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   if $log_new_not_sync || $log_all  ; then
+      $ip6t -A INPUT -p tcp ! --syn -m state --state NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      $ip6t -A OUTPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      fi
+   fi
+   $ip6t -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
+   $ip6t -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP
+   fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   if $log_invalid_state || $log_all  ; then
+      $ip6t -A INPUT -m state --state INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -m state --state INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+      fi
+   fi
+   $ip6t -A INPUT -m state --state INVALID -j DROP
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -m state --state INVALID -j DROP
+   fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # - Refuse spoofed packets pretending to be from your IP address.
+   if $log_spoofed || $log_all ; then
+      for _ip in ${ext_ip_arr[@]} ; do
+         $ip6t -A INPUT -s $_ip -d $_ip -j LOG --log-prefix "$log_prefix Spoofed (own ip): " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -s $_ip -d $_ip -j LOG --log-prefix "$log_prefix Spoofed (own ip): " --log-level $log_level
+         fi
+      done
+   fi
+   for _ip in ${ext_ip_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -s $_ip -d $_ip -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ipi6t -A FORWARD -s $_ip -d $_ip -j DROP
+      fi
+   done
+
+
+   # - private Adressen auf externen interface verwerfen
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ip6t -A INPUT -i $_dev -s $ula_block -j LOG --log-prefix "$log_prefix Private (ula_block): " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix (loopback): " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -s $ula_block -j LOG --log-prefix "$log_prefix Private (ula_block): " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix (loopback): " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -s $ula_block -j DROP
+      $ip6t -A INPUT -i $_dev -s $loopback -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -s $ula_block -j DROP
+         $ip6t -A FORWARD -i $_dev -s $loopback -j DROP
+      fi
+
+      # Don't allow spoofing from that server
+      $ip6t -A OUTPUT -o $_dev -s $ula_block -j DROP
+      $ip6t -A OUTPUT -o $_dev -s $loopback -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -s $ula_block -j DROP
+         $ip6t -A FORWARD -o $_dev -s $loopback -j DROP
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ip6t -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ip6t -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ip6t -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ip6t -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ip6t -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ip6t -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ip6t -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ip6t -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ip6t -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ip6t -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_forward_between_interfaces ; then
+         if $block_ident ; then
+            $ip6t -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ip6t -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ip6t -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ip6t -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_forward_between_interfaces ; then
+      if $block_ident ; then
+         $ip6t -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ip6t -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ip6t -A INPUT -i lo -j ACCEPT
+$ip6t -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ip6t -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ip6t -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_forward_between_interfaces ; then
+   $ip6t -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ip6t -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ip6t -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv6_address_arr[@]}" ; then
+            $ip6t -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         $ip6t -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ip6t -A FORWARD -p ${_val_arr[3]} -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+echononl "\tSeparate local networks.."
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+echononl "\tSeparate local interfaces.."
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            [[ "$_dev_1" = "$_dev_2" ]] && continue
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+            $ip6t -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+         done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_forward_between_interfaces ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+
+
+# ---
+# - IPv4 over IPv6
+# ---
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 546 -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp --dport 547 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP Service (local network only)"
+
+if $local_dhcp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type echo-request -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
+
+      $ip6t -A INPUT -p udp -i $_dev --sport 546 --dport 547 -j ACCEPT
+      $ip6t -A OUTPUT -p udp -o $_dev --sport 547 --dport 546 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ip6t -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ip6t -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ip6t -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_forward_between_interfaces=true)
+   if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ip6t -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ip6t -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ip6t -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ip6t -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ip6t -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_forward_between_interfaces ; then
+
+            $ip6t -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_forward_between_interfaces ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ip6t -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ip6t -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -t filter -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ip6t -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $standard_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $standard_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ip6t -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_forward_between_interfaces ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then 
+         $ip6t -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+      $ip6t -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ip6t -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_forward_between_interfaces && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_forward_between_interfaces && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ip6t -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tDruck Port 9100 only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ip6t -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces $$ ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ip6t -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ip6t -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv6_address_arr[@]}" ; then
+         $ip6t -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ip6t -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_forward_between_interfaces \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_forward_between_interfaces ; then
+
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces ; then
+
+         # - From extern
+         $ip6t -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ip6t -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ip6t -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv6_address_arr[@]}" ; then
+         $ip6t -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_forward_between_interfaces ; then
+         $ip6t -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ip6t -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=',' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      if [[ "${_val_arr[1]}" = "${_val_arr[3]}" ]] ; then
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination ${_val_arr[2]}
+      else
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination [${_val_arr[2]}]:${_val_arr[3]}
+      fi
+
+      # - Allow Packets
+      # -
+      $ip6t -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=',' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      if [[ "${_val_arr[1]}" = "${_val_arr[3]}" ]] ; then
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination ${_val_arr[2]}
+      else
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination [${_val_arr[2]}]:${_val_arr[3]}
+      fi
+
+      # - Allow Packets
+      # -
+      $ip6t -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ip6t -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ip6t -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ip6t -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+# ---
+# - ICMP is configured above..
+# ---
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_forward_between_interfaces ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ip6t -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ip6t -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ip6t -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ip6t -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ip6t -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ip6t -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ip6t -A INPUT -j DROP
+$ip6t -A OUTPUT -j DROP
+$ip6t -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/SPR-BE/sbin/ipt-firewall-gateway b/SPR-BE/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..778ecb9
--- /dev/null
+++ b/SPR-BE/sbin/ipt-firewall-gateway
@@ -0,0 +1,3950 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      # - ?? - Don't know which rule is the right one
+      # -
+      #$ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -s ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ipt -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/SPR-BE/src/check_net b/SPR-BE/src/check_net
new file mode 160000
index 0000000..6bde0e7
--- /dev/null
+++ b/SPR-BE/src/check_net
@@ -0,0 +1 @@
+Subproject commit 6bde0e7c07c4d0ee8cc6f6aa37c49608fe924a5b
diff --git a/SPR-BE/src/ipt-gateway b/SPR-BE/src/ipt-gateway
new file mode 160000
index 0000000..de0ebb6
--- /dev/null
+++ b/SPR-BE/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
diff --git a/SPR-BE/src/mailsystem b/SPR-BE/src/mailsystem
new file mode 160000
index 0000000..03b820b
--- /dev/null
+++ b/SPR-BE/src/mailsystem
@@ -0,0 +1 @@
+Subproject commit 03b820b8b869d6be229340a99ed5994dcd0edec9
diff --git a/SPR-BE/src/openvpn b/SPR-BE/src/openvpn
new file mode 160000
index 0000000..ebff5a5
--- /dev/null
+++ b/SPR-BE/src/openvpn
@@ -0,0 +1 @@
+Subproject commit ebff5a557b537bcb8192d94f733c4df86594258d
diff --git a/WF/README.txt b/WF/README.txt
new file mode 100644
index 0000000..9dc510b
--- /dev/null
+++ b/WF/README.txt
@@ -0,0 +1,25 @@
+
+Notice:
+   You have to change some configuration files becaus the because
+   the configuration of network interfaces must not be equal.
+
+   !! Take care, to use the right device names !!
+   Maybe they are called i.e. 'enp0sXX', but you can rename it.
+   See also : README.rename.netdevices
+
+   For the backup gateway host:
+      eth1 --> LAN
+      eth2 --> WAN or ppp0 (DSL device)
+
+      eth0 --> WLAN or second LAN or what ever
+      or
+      br0  --> WLAN or second LAN or what ever
+
+
+   So you have to change the following files
+      dsl-provider.WF: ppp0 comes over eth2
+      interfaces.WF: see above
+      default_isc-dhcp-server.WF
+      ipt-firewall.WF: LAN device (mostly ) = eth1
+                                second LAN WLAN or what ever (if present) = eth0
+         
diff --git a/WF/bin/admin-stuff b/WF/bin/admin-stuff
new file mode 160000
index 0000000..6c91fc0
--- /dev/null
+++ b/WF/bin/admin-stuff
@@ -0,0 +1 @@
+Subproject commit 6c91fc0987a1d4b55910523e167b3755ab1f6718
diff --git a/WF/bin/manage-gw-config b/WF/bin/manage-gw-config
new file mode 160000
index 0000000..820fdbf
--- /dev/null
+++ b/WF/bin/manage-gw-config
@@ -0,0 +1 @@
+Subproject commit 820fdbff49e4b1aeaed45134812a2427ed856b98
diff --git a/WF/bin/monitoring b/WF/bin/monitoring
new file mode 160000
index 0000000..0611d0a
--- /dev/null
+++ b/WF/bin/monitoring
@@ -0,0 +1 @@
+Subproject commit 0611d0a2ad1eefa0a9a094887a76bc5bc8532653
diff --git a/WF/bin/os-upgrade.sh b/WF/bin/os-upgrade.sh
new file mode 120000
index 0000000..02ddc66
--- /dev/null
+++ b/WF/bin/os-upgrade.sh
@@ -0,0 +1 @@
+admin-stuff/os-upgrade.sh
\ No newline at end of file
diff --git a/WF/bin/test_email.sh b/WF/bin/test_email.sh
new file mode 120000
index 0000000..86f3e17
--- /dev/null
+++ b/WF/bin/test_email.sh
@@ -0,0 +1 @@
+admin-stuff/test_email.sh
\ No newline at end of file
diff --git a/WF/bind/bind.keys b/WF/bind/bind.keys
new file mode 100644
index 0000000..db22d4b
--- /dev/null
+++ b/WF/bind/bind.keys
@@ -0,0 +1,69 @@
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+        # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        #
+        # NOTE: The ISC DLV zone is being phased out as of February 2017;
+        # the key will remain in place but the zone will be otherwise empty.
+        # Configuring "dnssec-lookaside auto;" to activate this key is
+        # harmless, but is no longer useful and is not recommended.
+        dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+                brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+                1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+                ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+                Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+                QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+                TDN0YUuWrBNh";
+
+        # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+        # for current trust anchor information.
+        #
+        # These keys are activated by setting "dnssec-validation auto;"
+        # in named.conf.
+        #
+        # This key (19036) is to be phased out starting in 2017. It will
+        # remain in the root zone for some time after its successor key
+        # has been added. It will remain this file until it is removed from
+        # the root zone.
+        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+                QxA+Uk1ihz0=";
+
+        # This key (20326) is to be published in the root zone in 2017.
+        # Servers which were already using the old key (19036) should
+        # roll seamlessly to this new one via RFC 5011 rollover. Servers
+        # being set up for the first time can use the contents of this
+        # file as initializing keys; thereafter, the keys in the
+        # managed key database will be trusted and maintained
+        # automatically.
+        . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+                +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+                ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+                0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+                oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+                RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+                R1AkUTV74bU=";
+};
diff --git a/WF/bind/db.0 b/WF/bind/db.0
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/WF/bind/db.0
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/WF/bind/db.127 b/WF/bind/db.127
new file mode 100644
index 0000000..cd05bef
--- /dev/null
+++ b/WF/bind/db.127
@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+1.0.0	IN	PTR	localhost.
diff --git a/WF/bind/db.192.168.42.0 b/WF/bind/db.192.168.42.0
new file mode 100644
index 0000000..dfff10f
--- /dev/null
+++ b/WF/bind/db.192.168.42.0
@@ -0,0 +1,18 @@
+;
+; BIND data file for local wf.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.wf.netz. ckubu.oopen.de. (
+      2013030701     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+
+                   IN NS     ns.wf.netz.
+
+; Gateway/Firewall
+254                IN PTR    gw-wf.wf-wlan.netz.
diff --git a/WF/bind/db.192.168.43.0 b/WF/bind/db.192.168.43.0
new file mode 100644
index 0000000..5a7ff3d
--- /dev/null
+++ b/WF/bind/db.192.168.43.0
@@ -0,0 +1,18 @@
+;
+; BIND data file for local wf.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.wf.netz. ckubu.oopen.de. (
+      2014031001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+
+                   IN NS     ns.wf.netz.
+
+; Gateway/Firewall
+10                 IN PTR    rapberry.wf.netz.
diff --git a/WF/bind/db.192.168.52.0 b/WF/bind/db.192.168.52.0
new file mode 100644
index 0000000..84983a7
--- /dev/null
+++ b/WF/bind/db.192.168.52.0
@@ -0,0 +1,77 @@
+;
+; BIND data file for local wf.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.wf.netz. ckubu.oopen.de. (
+      2014031001     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+
+                   IN NS     ns.wf.netz.
+
+; Gateway/Firewall
+254                IN PTR    gw-wf.wf.netz.
+
+; Ersatz Gateway
+253                IN PTR    gw-replacement.wf.netz.
+
+
+; (Caching ) Nameserver
+53                 IN PTR    ns-wf.wf.netz.
+
+
+; File-Server
+60                 IN PTR    anita.wf.netz.
+
+
+; Development - Server (Vserver System)
+20                 IN PTR    devel-root.wf.netz.
+
+
+; NAS System
+80                 IN PTR    wf-nas.wf.netz.
+
+
+; IPMI
+21                 IN PTR    devel-ipmi.wf.netz
+61                 IN PTR    anita-ipmi.wf.netz
+
+
+; APC - Smart UPS 3000 RM
+15                 IN PTR    usv.wf.netz.
+
+
+; Drucker
+179                IN PTR    brother-5890.wf.netz.
+
+
+; Vserver Instanzen
+
+22                 IN PTR    devel-php54.wf.netz.
+23                 IN PTR    devel-db.wf.netz.
+24                 IN PTR    devel-php5.wf.netz.
+25                 IN PTR    devel-repos.wf.netz.
+26                 IN PTR    devel-todo.wf.netz.
+27                 IN PTR    devel-spi.wf.netz.
+28                 IN PTR    devel-schott-be.wf.netz.
+29                 IN PTR    devel-schott-fe.wf.netz.
+30                 IN PTR    devel-solr.wf.netz.
+
+31                 IN PTR    devel-php7.wf.netz.
+
+
+; Buero PC's
+78                 IN PTR    kaya.wf.netz.
+84                 IN PTR    christian.wf.netz.
+85                 IN PTR    axel-mini.wf.netz.
+87                 IN PTR    mariettewf.netz.
+
+
+; Ersatz Gatewy
+253                IN PTR    gw-replacement.wf.netz.
+
diff --git a/WF/bind/db.255 b/WF/bind/db.255
new file mode 100644
index 0000000..e3aabdb
--- /dev/null
+++ b/WF/bind/db.255
@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/WF/bind/db.empty b/WF/bind/db.empty
new file mode 100644
index 0000000..8a12858
--- /dev/null
+++ b/WF/bind/db.empty
@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL	86400
+@	IN	SOA	localhost. root.localhost. (
+			      1		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			  86400 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
diff --git a/WF/bind/db.local b/WF/bind/db.local
new file mode 100644
index 0000000..2f272d4
--- /dev/null
+++ b/WF/bind/db.local
@@ -0,0 +1,14 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL	604800
+@	IN	SOA	localhost. root.localhost. (
+			      2		; Serial
+			 604800		; Refresh
+			  86400		; Retry
+			2419200		; Expire
+			 604800 )	; Negative Cache TTL
+;
+@	IN	NS	localhost.
+@	IN	A	127.0.0.1
+@	IN	AAAA	::1
diff --git a/WF/bind/db.local.netz b/WF/bind/db.local.netz
new file mode 100644
index 0000000..12dbb8c
--- /dev/null
+++ b/WF/bind/db.local.netz
@@ -0,0 +1,17 @@
+;
+; BIND data file for local domain local.netz
+;
+$TTL  43600
+@  IN SOA   ns.wf.netz. ckubu.oopen.de. (
+      2017101901     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+
+                   IN NS     ns-wf.wf.netz.
+
+spider             IN A      192.168.63.173
diff --git a/WF/bind/db.root b/WF/bind/db.root
new file mode 100644
index 0000000..f0b79d2
--- /dev/null
+++ b/WF/bind/db.root
@@ -0,0 +1,90 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    February 17, 2016
+;       related version of root zone:   2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000      NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of file
diff --git a/WF/bind/db.wf-wlan.netz b/WF/bind/db.wf-wlan.netz
new file mode 100644
index 0000000..579fcbd
--- /dev/null
+++ b/WF/bind/db.wf-wlan.netz
@@ -0,0 +1,21 @@
+;
+; BIND data file for local wf.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.wf.netz. ckubu.oopen.de. (
+      2013030701     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+
+                   IN NS     ns.wf.netz.
+
+; Gateway/Firewall
+gw-wf              IN A      192.168.42.254
+gate               IN CNAME  gw-wf
+gw                 IN CNAME  gw-wf
+gw-d11             IN CNAME  gw-wf
diff --git a/WF/bind/db.wf.netz b/WF/bind/db.wf.netz
new file mode 100644
index 0000000..110be40
--- /dev/null
+++ b/WF/bind/db.wf.netz
@@ -0,0 +1,199 @@
+;
+; BIND data file for local wf.netz zone
+;
+$TTL  43600
+@  IN SOA   ns.wf.netz. ckubu.oopen.de. (
+      2017071301     ; Serial
+          604800     ; Refresh
+           86400     ; Retry
+         2419200     ; Expire
+          604800 )   ; Negative Cache TTL
+;
+
+
+
+                   IN NS     ns-wf.wf.netz.
+
+; Gateway/Firewall
+gw-wf              IN A      192.168.52.254
+gate               IN CNAME  gw-wf
+gw                 IN CNAME  gw-wf
+gw-d11             IN CNAME  gw-wf
+
+; Ersatz Gateway
+gw-replacement     IN A      192.168.52.253
+
+; (Caching ) Nameserver
+ns-wf              IN A      192.168.52.53
+ns                 IN CNAME  ns-wf
+nscache            IN CNAME  ns-wf
+resolver           IN CNAME  ns-wf
+
+; File-Server
+anita              IN A      192.168.52.60
+
+; Development - Server (Vserver System)
+devel-root         IN A      192.168.52.20
+devel              IN CNAME  devel-root
+
+
+; NAS System
+wf-nas             IN A      192.168.52.80
+nas                IN CNAME  wf-nas
+
+
+; IPMI
+anita-ipmi         IN A      192.168.52.61
+devel-ipmi         IN A      192.168.52.21
+
+
+; APC - Smart UPS 3000 RM
+usv                IN A      192.168.52.15
+ups                IN CNAME  usv
+
+; Drucker
+brother-5890       IN A      192.168.52.179
+
+
+; Vserver Instanzen
+devel-php54        IN A      192.168.52.22
+php54              IN CNAME  devel-php54
+
+devel-db           IN A      192.168.52.23
+db                 IN CNAME  devel-db
+
+devel-php5         IN A      192.168.52.24
+php5               IN CNAME  devel-php5
+
+devel-repos        IN A      192.168.52.25
+repos              IN CNAME  devel-repos
+
+devel-todo         IN A      192.168.52.26
+todo               IN CNAME  devel-todo
+todo-dev           IN CNAME  devel-todo
+
+devel-spi          IN A      192.168.52.27
+spi                IN CNAME  devel-spi
+
+devel-schott-be    IN A      192.168.52.28
+schott-be          IN CNAME  devel-schott-be
+
+devel-schott-fe    IN A      192.168.52.29
+schott-fe          IN CNAME  devel-schott-fe
+
+devel-solr         IN A      192.168.52.30
+solr               IN CNAME  devel-solr
+
+devel-php7         IN A      192.168.52.31
+php7               IN CNAME  devel-php7
+
+
+; php5 - Webserver
+;
+artikelbox         IN A      192.168.52.24
+benjamin-hoff      IN A      192.168.52.24
+bodyvib-shop       IN A      192.168.52.24
+callinus           IN A      192.168.52.24
+contao             IN A      192.168.52.24
+demasi             IN A      192.168.52.24
+die-linke-europa   IN A      192.168.52.24
+dkf                IN A      192.168.52.24
+egypt-at-work      IN A      192.168.52.24
+etherpad           IN A      192.168.52.24
+forum-ds           IN A      192.168.52.24
+gambio-shop        IN A      192.168.52.24
+ism                IN A      192.168.52.24
+hp-address         IN A      192.168.52.24
+helle-panke        IN A      192.168.52.24
+juergen-klute      IN A      192.168.52.24
+jewrovision-voting IN A      192.168.52.24
+jugendkongress     IN A      192.168.52.24
+jw                 IN A      192.168.52.24
+jw56               IN A      192.168.52.24
+jw-test            IN A      192.168.52.24
+kaya-test          IN A      192.168.52.24
+kleinpetersberg    IN A      192.168.52.24
+kontext-chris      IN A      192.168.52.24
+kontext-emt        IN A      192.168.52.24
+kontext-felix      IN A      192.168.52.24
+kontext-test       IN A      192.168.52.24
+kontext-ml         IN A      192.168.52.24
+kontext-emt-zr     IN A      192.168.52.24
+kontext3           IN A      192.168.52.24
+kontext3-mvc       IN A      192.168.52.24
+kontext3-sass      IN A      192.168.52.24
+limesurvey         IN A      192.168.52.24
+medientagung       IN A      192.168.52.24
+mitzvahday         IN A      192.168.52.24
+michael-leutert    IN A      192.168.52.24
+nd                 IN A      192.168.52.24
+nd-2017            IN A      192.168.52.24
+ndkz               IN A      192.168.52.24
+nd-archiv          IN A      192.168.52.24
+nd-2013            IN A      192.168.52.24
+nd-redesign2011    IN A      192.168.52.24
+parkaue            IN A      192.168.52.24
+php-manual         IN A      192.168.52.24
+php5-opcache       IN A      192.168.52.24
+pessach            IN A      192.168.52.24
+platinit           IN A      192.168.52.24
+prager-fruehling-magazin   IN A      192.168.52.24
+zrkalender         IN A      192.168.52.24
+zr-alt             IN A      192.168.52.24
+silverstripe       IN A      192.168.52.24
+solidarische-moderne       IN A      192.168.52.24
+typo3neos          IN A      192.168.52.24
+tvet-laos          IN A      192.168.52.24
+voltaire           IN A      192.168.52.24
+wagenknecht        IN A      192.168.52.24
+wiki               IN A      192.168.52.24
+wwl                IN A      192.168.52.24
+wwl-intellektuelle IN A      192.168.52.24
+wwl-gewerkschafter IN A      192.168.52.24
+wordpress          IN A      192.168.52.24
+
+
+; php54 - Webserver
+devel-php54-neu    IN A      192.168.52.22
+nd-54              IN A      192.168.52.22
+kontext3-54        IN A      192.168.52.22
+kontext-emt-54     IN A      192.168.52.22
+kontext-emt-zr-54  IN A      192.168.52.22
+
+
+; php7 (php57) - Webserver
+helle-panke-php7   IN A      192.168.52.31
+kontext3-php7      IN A      192.168.52.31
+jw-php7            IN A      192.168.52.31
+nd-php7            IN A      192.168.52.31
+
+
+; Repository Server
+trac-efi           IN A      192.168.52.25
+trac-bdb           IN A      192.168.52.25
+spider-trac        IN A      192.168.52.25
+
+
+; spi Server
+spider             IN A      192.168.52.27
+spider-dev         IN A      192.168.52.27
+spider-dev56       IN A      192.168.52.27
+
+
+; Buero PC's
+kaya               IN A      192.168.52.78
+axel               IN A      192.168.52.84
+*.axel             IN CNAME  axel
+axel-mini          IN CNAME  axel
+christian          IN A      192.168.52.85
+*.christian        IN CNAME  christian
+mariette           IN A      192.168.52.87
+
+
+; Ersatz Gatewy
+gw-replacement     IN A      192.168.52.253
+
+
+; raspberry (netz 192.168.43.0/24)
+raspberry          IN A      192.168.43.10
+owncloud           IN CNAME  raspberry
diff --git a/WF/bind/named.conf b/WF/bind/named.conf
new file mode 100644
index 0000000..f4275f9
--- /dev/null
+++ b/WF/bind/named.conf
@@ -0,0 +1,12 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
+// structure of BIND configuration files in Debian, *BEFORE* you customize 
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
+#include "/etc/bind/bind.keys"; 
diff --git a/WF/bind/named.conf.default-zones b/WF/bind/named.conf.default-zones
new file mode 100644
index 0000000..355338b
--- /dev/null
+++ b/WF/bind/named.conf.default-zones
@@ -0,0 +1,30 @@
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
+
diff --git a/WF/bind/named.conf.local b/WF/bind/named.conf.local
new file mode 100644
index 0000000..b026bfa
--- /dev/null
+++ b/WF/bind/named.conf.local
@@ -0,0 +1,43 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+
+// LAN
+//
+zone "wf.netz" {
+   type master;
+   file "/etc/bind/db.wf.netz";
+};
+zone "local.netz" {
+   type master;
+   file "/etc/bind/db.local.netz";
+};
+
+zone "52.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.52.0";
+};
+
+
+// W-LAN
+//
+zone "wf-wlan.netz" {
+   type master;
+   file "/etc/bind/db.wf-wlan.netz";
+};
+
+zone "42.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.42.0";
+};
+
+zone "43.168.192.in-addr.arpa" {
+   type master;
+   file "/etc/bind/db.192.168.43.0";
+};
+
diff --git a/WF/bind/named.conf.local.ORIG b/WF/bind/named.conf.local.ORIG
new file mode 100644
index 0000000..7a57b10
--- /dev/null
+++ b/WF/bind/named.conf.local.ORIG
@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
diff --git a/WF/bind/named.conf.options b/WF/bind/named.conf.options
new file mode 100644
index 0000000..ed42892
--- /dev/null
+++ b/WF/bind/named.conf.options
@@ -0,0 +1,94 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	8.8.8.8;
+	// };
+
+   //========================================================================
+   // If BIND logs error messages about the root key being expired,
+   // you will need to update your keys.  See https://www.isc.org/bind-keys
+   //========================================================================
+   dnssec-validation auto;
+
+   auth-nxdomain no;    # conform to RFC1035
+
+   // Security options
+   listen-on port 53 {
+      127.0.0.1;
+      192.168.52.53;
+   };
+   allow-query {
+      127.0.0.1;
+      192.168.0.0/16;
+      172.16.0.0/12;
+      10.0.0.0/8;
+   };
+
+   // caching name services
+   recursion yes;
+   allow-recursion {
+      127.0.0.1;
+      192.168.0.0/16;
+      172.16.0.0/12;
+      10.0.0.0/16;
+   };
+
+   allow-transfer { none; };
+
+   listen-on-v6 { any; };
+
+};
+
+logging {
+   channel simple_log {
+      file "/var/log/named/bind.log" versions 3 size 5m;
+      //severity warning;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category  yes;
+   };
+   channel queries_log {
+      file "/var/log/named/query.log" versions 10 size 5m;
+      severity debug;
+      //severity notice;
+      print-time yes;
+      print-severity yes;
+      print-category no;
+   };
+   channel log_zone_transfers {
+      file "/var/log/named/axfr.log" versions 5 size 2m;
+      severity info;
+      print-time yes;
+      print-severity yes;
+      print-category yes;
+   };
+   category resolver {
+      queries_log;
+   };
+   category queries {
+      queries_log;
+   };
+   category xfer-in {
+      log_zone_transfers;
+   };
+   category xfer-out {
+      log_zone_transfers;
+   };
+   category notify {
+      log_zone_transfers;
+   };
+   category default{
+      simple_log;
+   };
+};
diff --git a/WF/bind/named.conf.options.ORIG b/WF/bind/named.conf.options.ORIG
new file mode 100644
index 0000000..af79758
--- /dev/null
+++ b/WF/bind/named.conf.options.ORIG
@@ -0,0 +1,20 @@
+options {
+	directory "/var/cache/bind";
+
+	// If there is a firewall between you and nameservers you want
+	// to talk to, you may need to fix the firewall to allow multiple
+	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+
+	// If your ISP provided one or more IP addresses for stable 
+	// nameservers, you probably want to use them as forwarders.  
+	// Uncomment the following block, and insert the addresses replacing 
+	// the all-0's placeholder.
+
+	// forwarders {
+	// 	0.0.0.0;
+	// };
+
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+
diff --git a/WF/bind/rndc.key b/WF/bind/rndc.key
new file mode 100644
index 0000000..5bef037
--- /dev/null
+++ b/WF/bind/rndc.key
@@ -0,0 +1,4 @@
+key "rndc-key" {
+	algorithm hmac-md5;
+	secret "pqwubRNLLzkygQbKaleFjw==";
+};
diff --git a/WF/bind/zones.rfc1918 b/WF/bind/zones.rfc1918
new file mode 100644
index 0000000..03b5546
--- /dev/null
+++ b/WF/bind/zones.rfc1918
@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
diff --git a/WF/chap-secrets.WF b/WF/chap-secrets.WF
new file mode 100644
index 0000000..2887467
--- /dev/null
+++ b/WF/chap-secrets.WF
@@ -0,0 +1,8 @@
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+
+#"feste-ip4/7TB02K2HZ4Q3@t-online-com.de" * "EadGl15E"
+
+#"0025591824365511139967620001@t-online.de" * "EadGl15E"
+
+"0029713004945511268028220001@t-online.de" * "86572293"
diff --git a/WF/cron_root.WF b/WF/cron_root.WF
new file mode 100644
index 0000000..c6433fa
--- /dev/null
+++ b/WF/cron_root.WF
@@ -0,0 +1,49 @@
+# DO NOT EDIT THIS FILE - edit the master and reinstall.
+# (/tmp/crontab.JyiQcI/crontab installed on Fri May  4 18:28:53 2018)
+# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
+# Edit this file to introduce tasks to be run by cron.
+# 
+# Each task to run has to be defined through a single line
+# indicating with different fields when the task will be run
+# and what command to run for the task
+# 
+# To define the time you can provide concrete values for
+# minute (m), hour (h), day of month (dom), month (mon),
+# and day of week (dow) or use '*' in these fields (for 'any').# 
+# Notice that tasks will be started based on the cron's system
+# daemon's notion of time and timezones.
+# 
+# Output of the crontab jobs (including errors) is sent through
+# email to the user the crontab file belongs to (unless redirected).
+# 
+# For example, you can run a backup of all your user accounts
+# at 5 a.m every week with:
+# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+# 
+# For more information see the manual pages of crontab(5) and cron(8)
+# 
+PATH=/root/bin/admin-stuff:/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+
+# m h  dom mon dow   command
+
+# check forwarding ( /proc/sys/net/ipv4/ip_forward contains "1" )
+# if not set this entry to "1"
+#
+0-59/2 * * * * /root/bin/monitoring/check_forwarding.sh
+
+# check if pppd is running and internet access works. if
+# not restart it
+#
+0-59/10 * * * * /root/bin/monitoring/check_inet.sh ppp0 dsl-provider
+
+# - reconnect to internet
+# -
+9 6 * * * /root/bin/admin-stuff/reconnect_inet.sh ppp0 dsl-provider
+
+## - Copy gateway configuration
+## -
+09 3 * * * /root/bin/manage-gw-config/copy_gateway-config.sh WF
+
+#02 13 * * * /etc/init.d/iptables stop
+#1-59/30 * * * * /etc/init.d/iptables stop
diff --git a/WF/default_isc-dhcp-server.WF b/WF/default_isc-dhcp-server.WF
new file mode 100644
index 0000000..face457
--- /dev/null
+++ b/WF/default_isc-dhcp-server.WF
@@ -0,0 +1,14 @@
+# Defaults for dhcp initscript
+# sourced by /etc/init.d/dhcp
+# installed at /etc/default/isc-dhcp-server by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+#INTERFACES=""
+INTERFACESv4="eth1 eth2"
+INTERFACESv6=""
+
diff --git a/WF/dhcpd.conf.WF b/WF/dhcpd.conf.WF
new file mode 100644
index 0000000..4cbcb64
--- /dev/null
+++ b/WF/dhcpd.conf.WF
@@ -0,0 +1,193 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# option definitions common to all supported networks...
+
+option subnet-mask 255.255.255.0;
+option broadcast-address 192.168.52.255;
+
+
+option domain-name "wf.netz";
+option domain-name-servers ns.wf.netz;
+option routers 192.168.52.254;
+
+#default-lease-time 600;
+#max-lease-time 7200;
+default-lease-time 86400;
+max-lease-time 172800;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+## - W-LAN
+## -
+subnet 192.168.42.0 netmask 255.255.255.0 {
+
+   # --- 192.168.42.160/27 ---
+   # network address....: 192.168.42.160
+   # Broadcast address..: 192.168.42.191
+   # netmask............: 255.255.255.224
+   # network range......: 192.168.42.160 - 192.168.42.191
+   # Usable range.......: 192.168.42.161 - 192.168.42.190
+
+  range 192.168.42.161 192.168.42.190;
+  option domain-name "wf-wlan.netz";
+  option domain-name-servers 192.168.52.53;
+  option subnet-mask 255.255.255.0;
+  option broadcast-address 192.168.42.255;
+  option routers gw-d11.wf-wlan.netz;
+
+  default-lease-time 43200;
+  max-lease-time 86400;
+}
+
+## - LAN
+## -
+subnet 192.168.52.0 netmask 255.255.255.0 {
+  range 192.168.52.100 192.168.52.199;
+  # local-address 192.168.52.254;
+  option domain-name "wf.netz";
+  option subnet-mask 255.255.255.0;
+  option broadcast-address 192.168.52.255;
+  # option domain-name-servers 192.168.52.53;
+  option domain-name-servers ns.wf.netz;
+  option routers 192.168.52.254;
+  default-lease-time 86400;
+  max-lease-time 172800;
+}
+
+
+# APC - Smart PS 3000 RM
+host usv {
+  hardware ethernet 00:C0:B7:56:62:5D;
+  fixed-address ups.wf.netz;
+}
+
+# NAS
+host wf-nas {
+   hardware ethernet 00:11:32:13:22:3D;
+   fixed-address wf-nas.wf.netz;
+}
+
+# File Server
+host anita {
+   ## - ALT -
+   ## -
+   #hardware ethernet 00:25:90:0B:77:90;
+   hardware ethernet 0c:c4:7a:41:da:94;
+   fixed-address anita.wf.netz;
+}
+
+# Vserver System
+host devel-root {
+   hardware ethernet 00:25:90:00:BE:6A;
+   fixed-address devel-root.wf.netz;
+}
+
+# Büro PCs
+host axel {
+   hardware ethernet a8:20:66:1e:28:be;
+   fixed-address axel.wf.netz;
+}
+
+host christian {
+   hardware ethernet 74:d4:35:b9:08:f8;
+   fixed-address christian.wf.netz;
+}
+
+
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.fugue.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.fugue.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
diff --git a/WF/dhcpd6.conf.WF b/WF/dhcpd6.conf.WF
new file mode 100644
index 0000000..87786b4
--- /dev/null
+++ b/WF/dhcpd6.conf.WF
@@ -0,0 +1,102 @@
+# Server configuration file example for DHCPv6
+# From the file used for TAHI tests - addresses chosen
+# to match TAHI rather than example block.
+
+# IPv6 address valid lifetime
+#  (at the end the address is no longer usable by the client)
+#  (set to 30 days, the usual IPv6 default)
+default-lease-time 2592000;
+
+# IPv6 address preferred lifetime
+#  (at the end the address is deprecated, i.e., the client should use
+#   other addresses for new connections)
+#  (set to 7 days, the	usual IPv6 default)
+preferred-lifetime 604800;
+
+# T1, the delay before Renew
+#  (default is 1/2 preferred lifetime)
+#  (set to 1 hour)
+option dhcp-renewal-time 3600;
+
+# T2, the delay before Rebind (if Renews failed)
+#  (default is 3/4 preferred lifetime)
+#  (set to 2 hours)
+option dhcp-rebinding-time 7200;
+
+# Enable RFC 5007 support (same than for DHCPv4)
+allow leasequery;
+
+# Global definitions for name server address(es) and domain search list
+option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
+option dhcp6.domain-search "test.example.com","example.com";
+
+# Set preference to 255 (maximum) in order to avoid waiting for
+# additional servers when there is only one
+##option dhcp6.preference 255;
+
+# Server side command to enable rapid-commit (2 packet exchange)
+##option dhcp6.rapid-commit;
+
+# The delay before information-request refresh
+#  (minimum is 10 minutes, maximum one day, default is to not refresh)
+#  (set to 6 hours)
+option dhcp6.info-refresh-time 21600;
+
+# Static definition (must be global)
+#host myclient {
+#	# The entry is looked up by this
+#	host-identifier option
+#		dhcp6.client-id 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2;
+#
+#	# A fixed address
+#	fixed-address6 3ffe:501:ffff:100::1234;
+#
+#	# A fixed prefix
+#	fixed-prefix6 3ffe:501:ffff:101::/64;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:4f4e;
+#
+#	# For debug (to see when the entry statements are executed)
+#	#  (log "sol" when a matching Solicitation is received)
+#	##if packet(0,1) = 1 { log(debug,"sol"); }
+#}
+#
+#host otherclient {
+#        # This host entry is hopefully matched if the client supplies a DUID-LL
+#        # or DUID-LLT containing this MAC address.
+#        hardware ethernet 01:00:80:a2:55:67;
+#
+#        fixed-address6 3ffe:501:ffff:100::4321;
+#}
+
+# The subnet where the server is attached
+#  (i.e., the server has an address in this subnet)
+#subnet6 3ffe:501:ffff:100::/64 {
+#	# Two addresses available to clients
+#	#  (the third client should get NoAddrsAvail)
+#	range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
+#
+#	# Use the whole /64 prefix for temporary addresses
+#	#  (i.e., direct application of RFC 4941)
+#	range6 3ffe:501:ffff:100:: temporary;
+#
+#	# Some /64 prefixes available for Prefix Delegation (RFC 3633)
+#	prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
+#}
+
+# A second subnet behind a relay agent
+#subnet6 3ffe:501:ffff:101::/64 {
+#	range6 3ffe:501:ffff:101::10 3ffe:501:ffff:101::11;
+#
+#	# Override of the global definitions,
+#	# works only when a resource (address or prefix) is assigned
+#	option dhcp6.name-servers 3ffe:501:ffff:101:200:ff:fe00:3f3e;
+#
+#}
+
+# A third subnet behind a relay agent chain
+#subnet6 3ffe:501:ffff:102::/64 {
+#	range6 3ffe:501:ffff:102::10 3ffe:501:ffff:102::11;
+#}
diff --git a/WF/email_notice.WF b/WF/email_notice.WF
new file mode 100755
index 0000000..1542901
--- /dev/null
+++ b/WF/email_notice.WF
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+file=/tmp/mail_ip-up$$
+
+echo "" >> $file
+echo " ********************************************************" >> $file
+echo " *** This is an autogenerated mail from `hostname -f` ***" >> $file
+echo "" >> $file
+echo " I brought up the ppp-daemon with the following" >> $file
+echo -e " parameters:\n" >> $file
+echo -e "\tInterface name...............: $PPP_IFACE" >> $file
+echo -e "\tThe tty......................: $PPP_TTY" >> $file
+echo -e "\tThe link speed...............: $PPP_SPEED" >> $file
+echo -e "\tLocal IP number..............: $PPP_LOCAL" >> $file
+echo -e "\tPeer  IP number..............: $PPP_REMOTE" >> $file
+if [ "$USEPEERDNS" ] && [ "$DNS1" ] ; then
+   echo -e "\tNameserver 1.................: $DNS1" >> $file
+   if [ "$DNS2" ] ; then
+      echo -e "\tNameserver 2.................: $DNS2" >> $file
+   fi
+fi
+
+
+echo -e "\tOptional \"ipparam\" value.....: $PPP_IPPARAM" >> $file
+echo "" >> $file
+echo -e "\tDate.........................: `date +\"%d.%m.%Y\"`" >> $file
+echo -e "\tTime.........................: `date +\"%H:%M:%S\"`" >> $file
+echo "" >> $file
+echo " ********************************************************" >> $file
+
+/bin/echo -e "From:ip-up@`hostname -f`\nTo:root@`hostname -f`\nSubject: $PPP_LOCAL\n`cat $file`" | /usr/sbin/sendmail root
+
+rm -f $file
diff --git a/WF/hostname.WF b/WF/hostname.WF
new file mode 100644
index 0000000..e476e42
--- /dev/null
+++ b/WF/hostname.WF
@@ -0,0 +1 @@
+gw-d11
diff --git a/WF/hosts.WF b/WF/hosts.WF
new file mode 100644
index 0000000..d9d5c62
--- /dev/null
+++ b/WF/hosts.WF
@@ -0,0 +1,11 @@
+127.0.0.1	localhost
+127.0.1.1	gw-d11.wf.netz	gw-d11
+
+192.168.43.10 wf-cloud.oopen.de
+
+# The following lines are desirable for IPv6 capable hosts
+::1     ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/WF/interfaces.WF b/WF/interfaces.WF
new file mode 100644
index 0000000..22c5715
--- /dev/null
+++ b/WF/interfaces.WF
@@ -0,0 +1,66 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+
+#-----------------------------
+# eth0 - WAN
+#-----------------------------
+
+auto eth0
+iface eth0 inet static
+   address 192.168.16.254
+   network 192.168.16.0
+   netmask 255.255.255.0
+   broadcast 192.168.16.255
+   # VDSL needs vlan
+   post-up vconfig add eth0 7
+   post-down vconfig rem eth0.7
+
+auto dsl-provider
+iface dsl-provider inet ppp
+   pre-up /sbin/ifconfig eth0.7 up # line maintained by pppoeconf
+   provider dsl-provider
+
+
+#-----------------------------
+# eth1 - LAN + WLAN
+#-----------------------------
+
+auto eth1 eth1:0
+iface eth1 inet static
+   #pre-up ( /sbin/modprobe -r dmfe ; /sbin/modprobe -r tulip ; modprobe tulip; )
+   address 192.168.52.254
+   network 192.168.52.0
+   netmask 255.255.255.0
+   broadcast 192.168.52.255
+iface eth1:0 inet static
+   address 192.168.52.53
+   network 192.168.52.0
+   netmask 255.255.255.0
+   broadcast 192.168.52.255
+
+## - ownloud local net
+## -
+auto eth1:1
+iface eth1:1 inet static
+   address 192.168.43.254
+   network 192.168.43.0
+   netmask 255.255.255.0
+   broadcast 192.168.43.255
+
+
+#-----------------------------
+# eth2 - WLAN
+#-----------------------------
+
+auto eth2
+iface eth2 inet static
+   address 192.168.42.254
+   network 192.168.42.0
+   netmask 255.255.255.0
+   broadcast 192.168.42.255
+
diff --git a/WF/ipt-firewall.service.WF b/WF/ipt-firewall.service.WF
new file mode 100644
index 0000000..9842090
--- /dev/null
+++ b/WF/ipt-firewall.service.WF
@@ -0,0 +1,14 @@
+[Unit]
+Description=IPv4 Firewall with iptables
+After=network.target
+
+[Service]
+SyslogIdentifier="ipt-gateway"
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/sbin/ipt-firewall-gateway start
+ExecStop=/usr/local/sbin/ipt-firewall-gateway stop
+User=root
+
+[Install]
+WantedBy=multi-user.target
diff --git a/WF/ipt-firewall/ban_ipv4.list b/WF/ipt-firewall/ban_ipv4.list
new file mode 100644
index 0000000..10b7da3
--- /dev/null
+++ b/WF/ipt-firewall/ban_ipv4.list
@@ -0,0 +1,22 @@
+# - IPv4 addresses listet here will be completly banned by the firewall
+# -
+# -    - Line beginning with '#' will be ignored.
+# -    - Blank lines will be ignored
+# -    - Only the first entry (until space sign or end of line) of each line will be considered.
+# -
+# - Valid values are:
+# -    complete IPv4 adresses like 1.2.3.4 (will be converted to 1.2.3.0/32)
+# -    partial IPv4 addresses like 1.2.3 (will be converted to 1.2.3.0/24)
+# -    network/nn CIDR notation like 1.2.3.0/27
+# -    network/netmask notaions like 1.2.3.0/255.255.255.0
+# -    network/partial_netmask  like 1.2.3.4/255
+# -
+# - Note: 
+# -    - wrong addresses like 1.2.3.256 or 1.2.3.4/33 will be ignored
+# -
+# - Example:
+# -    79.171.81.0/24
+# -    79.171.81.0/255.255.255.0
+# -    79.171.81.0/255.255.255
+# -    79.171.81
+
diff --git a/WF/ipt-firewall/default_ports.conf b/WF/ipt-firewall/default_ports.conf
new file mode 100644
index 0000000..a6ee932
--- /dev/null
+++ b/WF/ipt-firewall/default_ports.conf
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Ports for Services out
+# =============
+
+standard_ident_port=113
+standard_silc_port=706
+standard_irc_port=6667
+standard_jabber_port=5222
+standard_smtp_port=25
+standard_ssh_port=22
+standard_http_port=80
+standard_https_port=443
+standard_ftp_port=21
+standard_tftp_udp_port=69
+standard_ntp_port=123
+standard_snmp_port=161
+standard_snmp_trap_port=162
+standard_timeserver_port=37
+standard_pgp_keyserver_port=11371
+standard_telnet_port=23
+standard_whois_port=43
+standard_cpan_wait_port=1404
+standard_xymon_port=1984
+standard_hbci_port=3000
+standard_mysql_port=3306
+standard_ipp_port=631
+standard_cups_port=$standard_ipp_port
+standard_print_raw_port=515
+standard_print_port=9100
+standard_remote_console_port=5900
+
+# - IPsec - Internet Security Association and
+# -  Key Management Protocol
+standard_isakmp_port=500
+standard_ipsec_nat_t=4500
+
+
+# - Comma separated lists
+# -
+standard_http_ports="80,443"
+standard_mailuser_ports="587,465,110,995,143,993"
+
diff --git a/WF/ipt-firewall/include_functions.conf b/WF/ipt-firewall/include_functions.conf
new file mode 100644
index 0000000..9bb5205
--- /dev/null
+++ b/WF/ipt-firewall/include_functions.conf
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Some functions
+# =============
+
+# - Is this script running on terminal ?
+# -
+if [[ -t 1 ]] ; then
+      terminal=true
+else
+   terminal=false
+fi
+
+echononl(){
+   echo X\\c > /tmp/shprompt$$
+   if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+      echo -e -n "$*\\c" 1>&2
+   else
+       echo -e -n "$*" 1>&2
+   fi
+   rm /tmp/shprompt$$
+}
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   else
+      echo " [ done ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   else
+      echo " [ ok ]"
+   fi
+}
+echo_warning() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mwarn\033[m ]"
+   else
+      echo " [ warning ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   else
+      echo ' [ failed! ]'
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[37mskipped\033[m ]"
+   else
+      echo " [ skipped ]"
+   fi
+}
+
+
+fatal (){
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFatal\033[m ]: \033[37m\033[1m$*\033[m"
+      echo ""
+      echo -e "\t\033[31m\033[1m           Firewall Script will be interrupted..\033[m\033[m"
+   else
+      echo "fatal: $*"
+      echo "Firewall Script will be interrupted.."
+   fi
+   echo ""
+   exit 1
+}
+
+error(){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[31m\033[1mFehler\033[m ]: $*"
+   else
+      echo "Error: $*"
+   fi
+   echo ""
+}
+
+warn (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[33m\033[1mWarning\033[m ]: $*"
+   else
+      echo "Warning: $*"
+   fi
+   echo ""
+}
+
+info (){
+   echo ""
+   if $terminal ; then
+      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
+   else
+      echo "Info: $*"
+   fi
+   echo ""
+}
+
+## - Check if a given array (parameter 2) contains a given string (parameter 1)
+## -
+containsElement () {
+   local e
+   for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
+   return 1
+}
+
diff --git a/WF/ipt-firewall/interfaces_ipv4.conf b/WF/ipt-firewall/interfaces_ipv4.conf
new file mode 100644
index 0000000..710ef1f
--- /dev/null
+++ b/WF/ipt-firewall/interfaces_ipv4.conf
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Define Network Interfaces / Ip-Adresses / Ports
+# =============
+
+# - Extern Interfaces DSL Lines
+# -    (blank separated list)
+ext_if_dsl_1="ppp0"
+ext_if_dsl_2=""
+ext_if_dsl_3=""
+ext_if_dsl_4=""
+
+ext_ifs_dsl="$ext_if_dsl_1 $ext_if_dsl_2 $ext_if_dsl_3 $ext_if_dsl_4"
+
+# - Extern Interfaces Static Lines
+# -    (blank separated list)
+ext_if_static_1="eth0"
+ext_if_static_2=""
+ext_if_static_3=""
+
+ext_ifs_static="$ext_if_static_1 $ext_if_static_2 $ext_if_static_3"
+
+# - VPN Interfaces
+# -    (blank separated list)
+vpn_ifs="tun+"
+
+# - Local Interfaces
+local_if_1="eth1"
+local_if_2="eth2"
+local_if_3=""
+local_if_4=""
+local_if_5=""
+local_if_6=""
+local_if_7=""
+
+local_ifs="$local_if_1 $local_if_2 $local_if_3 $local_if_4 $local_if_5 $local_if_6 $local_if_7"
+
+# - Devices given in list "nat_devices" will be natted
+# -
+# - Notice: Devices "ext_if_dsl_n" will be natted and must not been given here.
+# -
+# - Blank separated list
+# -
+nat_devices=""
+
+# - Are local alias interfaces like eth0:0 defined"
+# -
+local_alias_interfaces=true
diff --git a/WF/ipt-firewall/load_modules_ipv4.conf b/WF/ipt-firewall/load_modules_ipv4.conf
new file mode 100644
index 0000000..bc383f0
--- /dev/null
+++ b/WF/ipt-firewall/load_modules_ipv4.conf
@@ -0,0 +1,36 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+# - Note:! 
+# -    Since Kernel 4.7 the automatic conntrack helper assignment
+# -    is disabled by default (net.netfilter.nf_conntrack_helper = 0).
+# -    Enable it by setting this variable in file /etc/sysctl.conf:
+# -
+# -       net.netfilter.nf_conntrack_helper = 1
+# -
+# -    Reboot or type "sysctl -p"
+
+
+ip_tables
+
+iptable_nat
+iptable_filter
+iptable_mangle
+iptable_raw
+
+# - Load base modules for tracking
+# -
+nf_conntrack
+nf_nat
+
+# - Load module for FTP Connection tracking and NAT
+# -
+nf_conntrack_ftp
+nf_nat_ftp
+
+# - Load modules for SIP VOIP
+# -
+nf_conntrack_sip
+nf_nat_sip
+
diff --git a/WF/ipt-firewall/load_modules_ipv6.conf b/WF/ipt-firewall/load_modules_ipv6.conf
new file mode 100644
index 0000000..2c55689
--- /dev/null
+++ b/WF/ipt-firewall/load_modules_ipv6.conf
@@ -0,0 +1,9 @@
+# =============
+# -  Load Kernel Modules
+# =============
+
+ip6_tables
+ip6table_filter
+ip6t_REJECT
+
+ip6table_mangle
diff --git a/WF/ipt-firewall/logging_ipv4.conf b/WF/ipt-firewall/logging_ipv4.conf
new file mode 100644
index 0000000..e653972
--- /dev/null
+++ b/WF/ipt-firewall/logging_ipv4.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv4:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/WF/ipt-firewall/logging_ipv6.conf b/WF/ipt-firewall/logging_ipv6.conf
new file mode 100644
index 0000000..a024215
--- /dev/null
+++ b/WF/ipt-firewall/logging_ipv6.conf
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# =============
+# --- Logging
+# =============
+
+log_all=false
+
+log_syn_flood=false
+log_fragments=false
+log_new_not_sync=false
+log_invalid_state=false
+log_invalid_flags=false
+log_spoofed=false
+log_spoofed_out=false
+log_to_lo=false
+log_not_wanted=false
+log_blocked=false
+log_unprotected=false
+log_prohibited=false
+log_voip=false
+log_rejected=false
+
+log_ssh=false
+
+# - Log using the specified syslog level. 7 (debug) is a good choice 
+# - unless you specifically need something else. 
+# -
+log_level=debug
+
+# - logging messages
+# -
+log_prefix="IPv6:"
+
+
+# ---
+# - Log all traffic for givven ip address
+# ---
+
+log_ips=""
diff --git a/WF/ipt-firewall/main_ipv4.conf b/WF/ipt-firewall/main_ipv4.conf
new file mode 100644
index 0000000..81fe3a2
--- /dev/null
+++ b/WF/ipt-firewall/main_ipv4.conf
@@ -0,0 +1,1367 @@
+#!/usr/bin/env bash
+
+## ---------------------------------------------------------
+## --- Main Configurations Ipv4 Firewall Script ipt-firewall
+## ---------------------------------------------------------
+
+# ---
+# - IPv4 Addresses Gateway
+# ---
+declare -a gateway_ipv4_address_arr
+
+_ips="$(ip a | grep "inet " | awk '{print$2}' | cut -d'/' -f1)"
+for _ip in $_ips ; do
+   gateway_ipv4_address_arr+=("$_ip")
+done
+
+
+# =============
+# --- Interfaces completly blocked
+# =============
+
+# - Interfaces to block (note: they will all be blocked)
+# -
+# - For Example: eth1 is used for DSL Line, that becomes an extra 
+# - interface (ppp-light). A further use of eth1 (which would 
+# - be possible) is not configured at time, so you can block it.
+# -
+blocked_ifs=""
+
+
+
+# =============
+# --- Interfaces not firewalled
+# =============
+
+# - Note:
+# - Can be (for example) an interface, whose (complete) traffic is 
+# - protected by a firewall on an other system in the local area 
+# -
+# - Here: the static line castle stockhausen
+# -
+unprotected_ifs=""
+
+
+
+# =============
+# --- Networks not firewalled through extern interfaces
+# =============
+
+# - Allow these networks any access to the internet.
+# -
+# - Blank separated list of networks
+# -
+any_access_to_inet_networks=""
+
+
+# - Allow these networks getting any access from the internet.
+# -
+# - Note:
+# - =====
+# -    Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Blank separated list of networks
+# -
+any_access_from_inet_networks=""
+
+
+
+# =============
+# - Allow local services from given extern networks
+# =============
+
+# - allow_ext_net_to_local_service
+# - 
+# - allow_ext_net_to_local_service="ext-net:local-address:port:protocol"
+# -
+# - Note:
+# - =====
+# -    - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 194.150.169.139 to ssh service at 83.223.73.210 on port 1036
+# -    allow access from 86.73.85.0/24 to https service at 83.223.73.204
+# -
+# -    allow_ext_net_to_local_service="194.150.169.139/32:83.223.73.210:1036:tcp 
+# -                                      86.73.85.0/24:83.223.73.204:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_ext_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from extern address/network to local address/network
+# =============
+
+# - allow_ext_net_to_local_net
+# -
+# -    allow_ext_net_to_local_net="<src-ext-net>:<dst-local-net> [<src-ext-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -    - If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_ext_net_to_local_net="86.223.85.0/24:86.223.73.192/26
+# -                               83.223.86.96/32:86.223.73.0/24"
+# - 
+# - Blank separated list
+# -
+allow_ext_net_to_local_net=""
+
+
+
+# =============
+# - Block all extern traffic to (given) local network
+# =============
+
+# - block_all_ext_to_local_net
+# -
+# -    block_all_ext_to_local_net="<local-net> [<local-net [<local-net .."
+# -
+# - Blocks all extern traffic to given local network(s)
+# -
+# - Note:
+# - =====
+# -    - Traffic recieved on natted interfaces will be ommitted!
+# -
+# - Example:
+# -    block_all_ext_to_local_net="83.223.73.32/29 83.223.73.48/29"
+# - 
+# - Blank separated list
+# -
+block_all_ext_to_local_net=""
+
+
+
+# =============
+# - Allow local services from given local networks
+# =============
+
+# - allow_local_net_to_local_service
+# - 
+# - allow_local_net_to_local_service="local-net:local-service:port:protocol"
+# -
+# - Only 'tcp' and 'udp' are allowed valuse for protocol.
+# -
+# - Use this parameter to (only) give some local netwoks access to special local 
+# - services (but not for all local networks as you can configure later).
+# -
+# - If you plan to separate local networks (see parameter 'separate_local_networks'), but 
+# - to allow these networks some special local services, you can also use this parameter.
+# -
+# - Example:
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.1
+# -    allow access from 10.113.0.0/16 to https service at 192.168.10.13
+# -
+# -    allow_local_net_to_local_service="10.113.0.0/16:192.168.10.1:$standard_https_port:tcp 
+# -                                      10.113.0.0/16192.168.10.13:$standard_https_port:tcp"
+# -
+# - Blank separated list
+# -    
+allow_local_net_to_local_service=""
+
+
+
+# =============
+# - Allow all traffic from local network to local ip-address
+# =============
+
+# - allow_local_net_to_local_ip
+# -
+# -    allow_local_net_to_local_ip="<src-local-net>:<dst-local-ip> [<src-local-net>:<dst-local-ip>] [..]"
+# -
+# - All traffic from the given network to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_net_to_local_ip="10.113.0.0/16:192.168.10.1 
+# -                                10.113.0.0/16:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_net_to_local_ip=""
+
+
+
+# =============
+# - Allow all traffic from local ip-address to local network
+# =============
+
+# - allow_local_ip_to_local_net
+# -
+# -    allow_local_ip_to_local_net="<src-local-ip>:<dst-local-net> [<src-local-ip>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given ip address to the given network is allowed
+# -
+# - Example:
+# -   allow_local_ip_to_local_net="192.168.10.9:10.10.10.0/24
+# -                                192.168.10.16:10.10.10.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_ip_to_local_net=""
+
+
+
+# =============
+# - Allow all traffic from (one) local network to (another) local network
+# =============
+
+# - allow_local_net_to_local_net
+# -
+# -    allow_local_net_to_local_net="<src-local-net>:<dst-local-net> [<src-local-net>:<dst-local-net>] [..]"
+# -
+# - All traffic from the given first network to the given second network is allowed
+# -
+# - Notice:
+# -    If you want allow both directions, you have to make two entries - one for evry directions.
+# -
+# - Example:
+# -   allow_local_net_to_local_net="192.168.11.0/24:10.10.11.0/24
+# -                                 192.168.78.0/24:10.10.11.0/24"
+# - 
+# - Blank separated list
+# -
+allow_local_net_to_local_net=""
+
+
+
+# =============
+# - Allow local ip address from given local interface
+# =============
+
+# - allow_local_if_to_local_ip
+# -
+# - All traffic from the given network interface to the given ip address is allowed
+# -
+# - Example:
+# -   allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
+# -                               ${local_if_2}:192.168.10.13"
+# -
+# - Blank separated list
+# -
+allow_local_if_to_local_ip=""
+
+
+
+# =============
+# --- Separate local Networks
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="10.113.1.0/24 10.113.2.0/24"
+# -
+# - Blank separated list
+# -
+separate_local_networks=""
+
+
+
+# =============
+# --- Separate local Interfaces
+# =============
+
+# - Don't allow these networks any connections to other local networks
+# -
+# - Example:
+# -    separate_local_networks="$local_if_1 $local_if_2"
+# -
+separate_local_ifs=""
+
+
+
+# =============
+# --- Traffic Shaping
+# =============
+
+TRAFFIC_SHAPING=false
+
+RATE_UP=10000
+LIMIT_UP=$(expr $RATE_UP / 100 \* 85)
+
+LIMIT_CLASS=$(expr $LIMIT_UP / 7)
+
+RTP_PORTS_START=49152
+RTP_PORTS_END=49408
+SIP_PORT_REMOTE=5060
+SIP_PORT_LOCAL=5067
+SIP_LOCAL_IP=192.168.63.240
+STUN_PORTS=3478
+
+TC_DEV=$ext_if_dsl_1
+
+
+
+# =============
+# ---- Allow Forwarding (private) IPs / IP-Ranges
+# =============
+
+# - Maybe useful in case of virtual hosts with private addresses or
+# - if using a vpn network to forward into private areas.
+# -
+# - Note: this rules takes affect before rules to protect against
+# -       unwanted packages e.g. blocking private addresses on
+# -       externel interfaces.
+# -       
+# - Note: you can specify networks using CIDR notation
+# -       like "192.168.2.0/24"
+# -
+forward_private_ips=""
+
+
+
+# =============
+# --- Services local machine / local networksa
+# =============
+
+# ======
+# - IPv6 over IPv4 (SixXS)
+# ======
+
+local_sixxs_service=false
+tic_server=tic.sixxs.net
+six_pop_server=deham01.sixxs.net
+
+
+# ======
+# - VPN Service
+# ======
+
+# - VPN Service on Gateway?
+# -
+local_vpn_service=true
+vpn_gw_ports="1194 1195 1196"
+
+# - VPN Services DMZ (reachable also from WAN)
+# -
+# - vpn_server_dmz_arr=[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -   vpn_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -   vpn_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A vpn_server_dmz_arr
+
+# - Local VPN Ports
+# -
+# - Blank separated list
+# -
+vpn_local_net_ports="1194 1195"
+
+
+# ======
+# - DHCP Service
+# ======
+
+# - Ist this Gateway DHCP Client?
+# - 
+# - local_dhcp_client_interfaces="<interface1> [<interface> [.."
+# -
+# - Example:
+# -    dhcp_client_interfaces="$ext_if_static_1"
+# -
+dhcp_client_interfaces=""
+
+# - DHCP Server Gateway
+# -
+local_dhcp_service=true
+
+# - Are DHCP Failover Servers present?
+# -
+# - Balnk separated list
+# -
+dhcp_failover_server_ips=""
+
+dhcp_failover_port=647
+
+
+# ======
+# - DNS Service
+# ======
+
+# - DNS Service Gateway
+# -
+local_dns_service=true
+
+# - DNS Server local Networks
+# - 
+# - Blank separated list
+# -
+dns_server_ips=""
+
+
+# ======
+# - SSH
+# ======
+
+# - SSH Service Gateway
+# -
+local_ssh_service=true
+
+
+# - SSH Services local Networks
+# -
+# - Blank separated list
+# -
+ssh_server_only_local_ips=""
+
+
+# - SSH Services DMZ (reachable also from WAN)
+# -
+# - ssh_server_dmz_arr[<ip-address>]=<extern-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# -    ssh_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    ssh_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A ssh_server_dmz_arr
+
+
+# - SSH Ports used on Gateway and also local machines
+# -
+# - blank separated list
+# -
+ssh_ports="22"
+
+
+# ======
+# - HTTP(S) Service
+# ======
+
+# - HTTP(S) Service Gateway
+# -
+local_http_service=false
+
+
+# - HTTP(S) Services only locale Networks
+# -
+# - Blank separated list
+# -
+http_server_only_local_ips="192.168.43.10"
+
+
+# - HTTP(S) Services DMZ (reachable also from WAN)
+# -
+# - http_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one service on a certain port.
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - WebServer Luna: 192.168.63.20 (ppp-ckubu = $ext_if_dsl_1)
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_server_dmz_arr
+
+
+# - HTTPS Services DMZ only port 443 (reachable also from WAN)
+# -
+# - http__ssl_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -    Citrix Server: 192.168.10.13 incomming on ppp-surf1 ($ext_if_dsl_1)
+# -
+# -    http_ssl_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -    http_ssl_server_dmz_arr[192.168.10.13]=$ext_if_dsl_1
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A http_ssl_server_dmz_arr
+
+
+# - HTTP(S) Ports 
+# -
+# - comma separated list
+# -
+http_ports="$standard_http_ports"
+
+
+# ======
+# - Mail Services
+# ======
+
+# - SMTP server (i.e. mail relay service) Gateway
+# -
+local_smtp_service=false
+
+
+# - Mailserver (SMTP(POP/IMAP) Gateway
+# -
+# - NOT YET IMPLEMENTED
+# -
+local_mail_service=false
+
+
+# - Mail Services smtp,smtps/pop(s)/imap(s) only local Networks
+# -
+# - comma separated list
+# -
+mail_server_only_local_ips=""
+
+
+# - Mails Services DMZ smtp,smtps/pop(s)/imap(s) (reachable also from WAN)
+# -
+# - mail_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple declarations are possible
+# -
+# - Example:
+# -    Mail Server:   192.168.10.1 incomming on ppp-st ($ext_if_dsl_2)
+# -
+# -    mail_server_dmz_arr[192.168.10.1]=$ext_if_dsl_2
+# -
+declare -A mail_server_dmz_arr
+
+
+# - Mail client ports (smtps/pop(s)/imap(s)
+# -
+# - comma separated list
+# -
+mail_user_ports="$standard_mailuser_ports"
+
+
+# - Mail Server (local Networks) SMTP Port
+# -
+mail_smtp_port="$standard_smtp_port"
+
+
+# ======
+# - FTP Service
+# ======
+
+# - FTP Service Gateway
+# -
+local_ftp_service=false
+
+# - FTP Server at local Networks
+# -
+# - comma separated list
+# -
+ftp_server_only_local_ips=""
+
+# - FTP Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - ftp_server_dmz_arr[<ip-address>]=<dsl-device>
+# - ftp_passive_port_range=<first-port:last-port>
+# -
+declare -A ftp_server_dmz_arr
+#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+ftp_passive_port_range="50000:50400"
+
+# - FTP Ports
+# -
+# - Hard scriptetd:
+# -    FTP Control Port: 21
+# -    FTP Data Port:    20
+
+
+# ======
+# - TFTP Service Gateway
+# ======
+
+# - TFTP Server Gateway (Port udp 69)
+local_tftp_service=false
+
+# - TFTP Server at local Networks
+# -
+tftp_server_ips=""
+
+# - TFTF Ports
+# -
+# - Note: its udp !
+# -
+tftp_udp_port=69
+
+
+# ======
+# - LDAP Service
+# ======
+
+# - Is this a LDAP Server ?
+# -
+local_ldap_service=false
+
+# - LDAP Service local Networks
+# -
+# - Ports: 389 udp 
+# -        389 tcp
+# -
+# - Ports LDAP SSL: 636 tcp
+# -
+ldap_server_local_ips=""
+ldap_udp_ports="389"
+ldap_tcp_ports="389 636"
+
+
+# ======
+# - Samba Service
+# ======
+
+# - Samba Server Gateway
+# -
+local_samba_service=false
+
+# - Samba Service
+# -
+# - Ports: 137,138 udp 
+# -        139,445 tcp
+# -
+samba_udp_ports="137:138"
+samba_tcp_ports="137 138 139 445"
+
+# - Samba Service local networks
+# -
+samba_server_local_ips="192.168.52.60"
+
+# - Samba Service DMZ
+# -
+# -    samba_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - Multiple settins of this parameter is possible
+# -
+declare -A samba_server_dmz_arr
+
+
+# ======
+# - NTP Service
+# ======
+
+# - NTP Service Gateway
+# -
+local_ntp_service=true
+
+
+# ======
+# - SNMP Service
+# ======
+
+# - SNMP services local Networks
+# -
+# - Blank separated list of ip's
+# -
+snmp_server_ips=""
+
+# - SNMP Port
+# -
+# - snmp_port        Port Agent
+# - snmp_trap_port   Port Management Station
+# -
+snmp_port="$standard_snmp_port"
+snmp_trap_port="$standard_snmp_trap_port"
+
+
+# ======
+# - Mumble Service
+# ======
+
+# - NOT YET IMPLEMENTED
+
+# - Mumble ports
+# -
+mumble_ports="64738"
+
+
+# ======
+# - XyMon Service
+# ======
+
+# - XyMon Service Gateway (usually TCP port 1984)
+# -
+local_xymon_server=false
+
+# - XyMon Service (usually TCP port 1984)
+# -
+# - Blank separated list of ip's
+# -
+xymon_server_ips=""
+local_xymon_client=""
+
+# - XyMon Ports
+# -
+xymon_port="$standard_xymon_port"
+
+
+# ======
+# - Munin Service
+# ======
+
+# - Munin Service Gateway (usually TCP port 4949)
+# -
+local_munin_server=false
+
+
+# - If 'local_munin_server=' provide service also to inet?
+# -
+provide_munin_service_to_inet=true
+munin_remote_port="4949"
+
+
+# - Munin Server local Networks (usually TCP port 4949)
+# -
+# - Blank separated list
+# -
+munin_local_server_ips=""
+
+
+# - Munin Remote Server
+# -
+# - Note: 
+# - The munin server himself initiates the connection to the concerning clients.
+# - In case of natted (local) networks you have to also nat the incomming
+# - requests from munin server.
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# - munin_local_client_ip_arr[<ip-address>]=<dsl-device>
+# -
+# - Multiple settins of this parameter is possible
+# -
+#munin_remote_server="83.223.86.163"
+munin_remote_server=""
+
+
+# - Munin - clients on local network (server is $munin_remote_server)
+# -
+# - Example:
+# -    munin_local_client_ip_arr[192.168.63.20]=$ext_if_dsl_1
+# -
+declare -A munin_local_client_ip_arr
+
+# - Munin Port
+# -
+munin_local_port=4949
+
+
+# ======
+# - PowerChut Network Shutdown (PCNS)
+# ======
+
+# - PCNS local Services
+# -
+pcns_server_ips=""
+
+# - local USV
+# -
+usv_ip="192.168.52.15"
+
+# - PCNS Ports
+# -
+# - Webinterface (https): tcp 6547
+# - Connection usv:       tcp/udp 3052
+# -
+pcns_tcp_port=3052
+pcns_udp_port=3052
+pcns_web_port=6547
+
+
+# ======
+# - Remote Console (VNC Service)
+# ======
+
+# - VNC Service local network
+# 
+# - Blank separated list
+# -
+rm_server_ips="192.168.52.0/24"
+
+# - VNC Service DMZ
+# -
+# - Note:
+# -    Each extern interface can have only one thuch service 
+# -
+# -    rm_server_dmz_arr[<ip-address>]=<dsl-device>
+# -
+declare -A rm_server_dmz_arr
+#rm_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
+
+# - Remote Console (VNC) Port
+# -
+remote_console_port=5900
+
+
+# ======
+# - Ubiquiti Unifi
+# ======
+
+# - By default, the UniFi controller will operate on the following ports:
+# -
+# -    unifi_http_port=8080 (port for UAP to inform controller)
+# -    unifi_https_port=8443 (port for controller GUI / API, as seen in web browser)
+# -    unifi_portal_http_port=8880 (port for HTTP portal redirect)
+# -    unifi_portal_https_port=8843 (port for HTTPS portal redirect)
+# -    unifi_http_port=6789 (port used for throughput measurement)
+# -    unifi_db_port=27117 (local-bound port for DB server)
+# -
+# -
+# - In version 4.5.2 and later, users can also define the port assigned to STUN services, 
+# - for scenarios where two or more separate UniFi instances are desired on the 
+# - same controller machine.
+# -
+# - unifi_stun_port=3478 # UDP port used for STUN
+# -
+# -
+# - Ubiquity Networks uses port 10001/UDP for its AirControl 
+# - management discovery protocol
+# -
+# -    unifi_aircontroll_port=10001
+# -
+# -
+# - Since v3.2.9+ and v4.6.0+, two more ports are being reserved for device redirector. 
+# - There is no need to open firewall for these ports on controller. However, on 
+# - controller, avoid to use these ports:
+# -
+# -    port 8881 for redirector port for wireless clients
+# -    port 8882 for redirector port for wired clients
+# -
+# -
+# - For AP-EDU Broadcasts:
+# -
+# -    UDP ports 5656-5699
+# -
+unify_tcp_ports="8080,8443,8880,8843,6789,27117"
+unify_udp_ports="3478"
+unify_broadcast_udp_ports="10001,5656:5699"
+
+# - Unifi Controller at gateway?
+# -
+local_unifi_controller_service=false
+
+# - UniFi Controllers on local network (other than this machine)
+# -
+unify_controller_local_net_ips=""
+
+
+# ======
+# - IPMI Tools 
+# ======
+
+# - IPMI Tools local Networks
+# -
+# - Blank seoarated list
+# -
+# - 172.16.52.61     IPMI anita
+# - 172.16.52.21     IPMI devel server
+# -
+ipmi_server_ips="172.16.52.61 172.16.52.21"
+
+# - IPMI Tools Port
+# -
+# - UDP 623:  Access IPMI Programms (as IPMIView or FreeIPMI)
+# - TCP 623:  Virtual Media for Remote Console
+# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
+# -
+ipmi_udp_ports="623 5900"
+ipmi_tcp_ports="80 443 623 3520"
+
+
+# =============
+# - Rsync Out for given src ip-addresses
+# =============
+
+# - Rsync Protocol
+# -
+# - The given server address (from local network) can access rsyncd at (any) remote machine
+# -
+# - Needed for some integrated provider of clamav-unofficial-sigs
+# -
+rsync_out_ips=""
+rsync_ports="873"
+
+# - rsync out from this machine?
+# - 
+local_rsync_out=false
+
+
+
+# =============
+# - Printer
+# =============
+
+# - IP Addresses Printer
+# -
+# - Blank separated list
+# -
+printer_ips=""
+
+
+
+# =============
+# --- Scanner
+# =============
+
+# ======
+# - Brother (brscan)
+# ======
+
+# - IP Adresses Brother Scanner
+# -
+# - Blank seoarated list
+# -
+brother_scanner_ips=""
+brscan_port=54921
+
+
+
+# =============
+# --- Telefon Systems
+# =============
+
+# - IP Adresses Telephone Systems (Telefonanlagen)
+# -
+# - Dont't foregt to add ip-adresses also to http(s) service if the
+# - systems provide webinterfaces!
+# -
+# - Blank seoarated list
+# -
+tele_sys_ips=""
+tele_sys_remote_sip_server_port=5060
+tele_sys_local_sip_server_port=5067
+allow_between_tele_systems=false
+
+VOIP_PORTS="69 5000:5099 7775 32000:32512"
+# -    TFTP=69 (used from telephones getting their connection data / firmwareupdate )
+# -    RTP_PORTS= UDP i.e. 5000:5099 or here
+# -    RTP_PORTS_END=5099
+#SIP_PORT_REMOTE=5060
+#SIP_PORT_LOCAL=5067
+#SIP_LOCAL_IP=192.168.63.240
+#STUN_PORTS=3478
+udp_voip_ports="7775 5000:5099"
+
+
+# =====
+# - Telekom Internet TV (Entertain)
+# =====
+
+telekom_internet_tv=false
+tv_ip="192.168.63.5"
+tv_extern_if="eth2.8"
+tv_local_if="$local_if_1"
+
+
+
+# ======
+# - Other local Services 
+# ======
+
+# - You can configure further local services here.
+# -
+# -    other_services="<ip-addr-of-service>:<port>:<protocol> [<ip-addr-of-service>:<port>:<protocol> [.."
+# -
+# - Blank seperated list
+# -
+other_services=""
+
+
+# =============
+# --- Masuqerading
+# =============
+
+# - Masquerade (NAT) networks
+# -
+# -    nat_networks="<src-network>:<output-device> [<src-network>:<output-device>] [.."
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -    nat_network="172.16.1.0/24:${local_if_2}
+# -                 172.16.63.0/24:${ext_if_static_1}"
+# -
+# - 172.16.1.0/24    Rescue network (routers)
+# -
+nat_networks=""
+
+
+# - Masquerade TCP Connections
+# -
+# -    masquerade_tcp_con="<src-network>:<dst-host>:<dst-port>:<output-device> [<src-network>:<dst-host>:..]"
+# -
+# - Multiple declarations (blank separated list) are possible
+# -
+# - Example:
+# -
+# -    masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1} 
+# -                        10.0.0.0/8:192.168.62.244:443:${local_if_1}"
+# -
+# -    192.168.64.55: Repeater TP-Link TL-WA850RE
+# -
+# - Blank separated list
+# -
+masquerade_tcp_cons=""
+
+
+# =============
+# --- Portforwarding
+# =============
+
+# - Portforwarding TCP
+# -
+# - portforward_tcp="<device-in>:<port-in>:<ip-to-forward>:<port-out>"
+# -
+# - Multiple declarations (blank separated list) are possible
+# - 
+# - Example:
+# -    portforward_tcp="$ext_if_dsl_1:9997:192.168.52.25:22
+# -                     $ext_if_dsl_1:9998:192.168.53.24:22"
+# -
+# - 192.168.52.24:9080  Etherpad
+# - 192.168.52.24:9443  Etherpad
+# -
+# - Blank separated list
+# -
+portforward_tcp="
+   $ext_if_dsl_1:9080:192.168.52.24:9080
+   $ext_if_dsl_1:9443:192.168.52.24:9443
+   $ext_if_dsl_1:8443:192.168.43.10:443
+"
+
+
+# - Portforwarding UDP
+# -
+# - portforward_udp="<device-in>:<udp-port-in>:<ip-to-forward>:<udp-port-out>"
+# -
+# - Multiple declarations (blank separated list) are possible
+# - 
+# - Example:
+# -    portforward_udp="$ext_if_dsl_1:1094:192.168.52.25:1094
+# -                     $ext_if_dsl_1:9999:192.168.53.24:1095"
+# -
+# - Blank separated list
+# -
+portforward_udp=""
+
+
+
+# =============
+# --- Basic behavior
+# =============
+
+# ===
+# = Services allowed out to the world wide web
+# ===
+
+allow_ssh_request_out=true
+allow_http_request_out=true
+allow_smtp_request_out=true
+allow_mail_request_out=true
+allow_ftp_request_out=true
+allow_tftp_request_out=true
+allow_ntp_request_out=true
+allow_timeserver_request_out=true
+allow_pgpserver_request_out=true
+allow_telnet_request_out=true
+allow_whois_request_out=true
+allow_cpan_wait_request_out=true
+allow_hbci_request_out=true
+allow_jabber_request_out=true
+allow_silc_request_out=true
+allow_irc_request_out=true
+allow_mysql_request_out=true
+allow_ipmi_request_out=true
+allow_remote_console_request_out=true
+
+allow_samba_requests_out=true
+
+allow_vpn_out=true
+vpn_out_ports="1194 1195 1196"
+
+allow_cisco_vpn_out=true
+cisco_vpn_out_ports="$standard_isakmp_port $standard_ipsec_nat_t"
+cisco_vpn_out_protocol="esp"
+
+
+# ===
+# = Services allowed between local networks
+# ===
+
+# - These Parameters are only considered, if traffic 
+# - between local networks are not permitted, thats 
+# - if 'permit_between_local_networks=false' (see below).
+# - 
+allow_ssh_between_local_nets=true
+allow_samba_between_local_nets=false
+allow_ldap_between_local_nets=false
+allow_printing_between_local_nets=true
+allow_scanning_between_local_nets=true
+
+
+# ===
+# = Other Parameters
+# ===
+
+# - Permit internet access to all machines at local network
+# - Does not include this server itself
+# -
+permit_local_net_to_inet=false
+
+# - Do not block any traffic between local machines
+# -
+permit_between_local_networks=false
+
+# - Do not block any ICMP traffic
+# -
+permit_all_icmp_traffic=true
+
+# - Access to Mailservices (LAN and WAN) (pop/imap/smtps) from local (gateway) machine.
+# -
+# - Maybe useful for testing purpose with telnet or openssl
+# -
+provide_mailservice_from_local=true
+
+# - iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# - It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# - SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+# -
+create_iperf_rules=false
+
+
+
+# =============
+# - MAC Address Filtering
+# =============
+
+# - MAC Addreses alowed to all destinations (gateway, remote, local networks)
+# -
+# - Blank separated list
+# -
+allow_all_mac_src_addresses=""
+
+# - MAC Addreses alowed to local networks (gateway, local networks)
+# -
+# - Blank separated list
+# -
+allow_local_mac_src_addresses=""
+
+
+# - MAC Addreses alowed to remote networks
+# -
+# - Blank separated list
+# -
+allow_remote_mac_src_addresses=""
+
+
+
+
+# =============
+# --- Block IP's / IP-Ranges
+# =============
+
+# -    222.184.0.0/13 CHINANET-JS
+# -    61.160.0.0/16 - CHINANET-JS
+# -    116.8.0.0/14 CHINANET-GX
+# -
+# - Blank separated list
+# -
+blocked_ips="222.184.0.0/13 61.160.0.0/16 116.8.0.0/14"
+
+
+# =============
+# --- Block Ports on extern Interfaces
+# =============
+
+# - Generally (for all interfaces) block this ports
+# -
+# - Portmapper
+# - tcp 111
+# - udp 111
+# -
+# - Authentication tap ident
+# - tcp 113
+# -
+# - Location Service
+# - tcp 135
+# -
+# - Windows Stuff
+# - tcp 137:139
+# - udp 137:139
+# - tcp 445
+# -
+block_tcp_ports="111 135 631"
+block_udp_ports="111"
+if ! $allow_samba_requests_out ; then
+   block_tcp_ports="$block_udp_ports 137:139 445"
+   block_udp_ports="$block_udp_ports 137:139"
+fi
+
+block_ident=true
+
+
+# =============
+# - Packets not wanted on gateway on local Interfaces
+# =============
+
+not_wanted_on_gw_tcp_ports="111 113 135 631"
+not_wanted_on_gw_udp_ports="111 631"
+if ! $local_samba_service ; then
+   not_wanted_on_gw_tcp_ports="$not_wanted_on_gw_tcp_ports 137:139 445"
+   not_wanted_on_gw_udp_ports="$not_wanted_on_gw_udp_ports 137:139"
+fi
+
+not_wanted_ident=true
+
+
+# =============
+# --- Router 
+# =============
+
+# - Set to "true" to secure/tune the kernel
+# -
+adjust_kernel_parameters=true
+
+# - Protection against several attacks
+# -
+protect_against_several_attacks=true
+
+
+
+# =============
+# --- Kernel related - Adjust Kernel Parameters (Security/Tuning)
+# =============
+
+# - Activate forwarding
+# -
+# - Enable/disable forwarding to and between interfaces
+# -
+kernel_activate_forwarding=true
+
+# - Activate kernel support for dynamic IP adresses
+# - (not needed in case of static IP)
+# -
+# - see also https://www.frozentux.net/iptables-tutorial/other/ip_dynaddr.txt
+# -
+# - The values for the ip_dynaddr sysctl are [*]:
+# -
+# -   1:  To enable:
+# -   2:  To enable verbosity:
+# -   4:  To enable RST-provoking:
+# -   8:  To enable asymetric routing work-around [**]
+# -
+# -  [*] At boot, by default no address rewriting is attempted.
+# -  [**] This code is currently totaly untested.
+# -
+# - Flags can be combined by adding them. Common settings
+# - would be:
+# -
+# - To enable rewriting in quiet mode:
+# -   # echo 1 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable rewriting in verbose mode:
+# -   # echo 3 > /proc/sys/net/ipv4/ip_dynaddr
+# - To enable quiet RST-provoking mode (1+4):
+# -   # echo 5 > /proc/sys/net/ipv4/ip_dynaddr
+# - ...
+# -
+kernel_support_dynaddr=true
+dynaddr_flag="5"
+
+# - Reduce DoS'ing ability by reducing timeouts
+# -
+kernel_reduce_timeouts=true
+
+# - Hardening TCP/IP Stack Against SYN Floods
+# -
+# - Enable syn cookies prevents against the common 'syn flood attack'
+# -
+kernel_tcp_syncookies=true
+
+# - Protection against ICMP bogus error responses
+# -
+kernel_protect_against_icmp_bogus_messages=true
+
+# - Ignore Broadcast Pings
+# -
+kernel_ignore_broadcast_ping=true
+
+# - Deactivate Source Routed Packets
+# -
+kernel_deactivate_source_route=true
+
+# - Deactivate sending ICMP redirects
+# -
+# - Note: IP TV requires sending ICMP redirects. So if IP TV is provided, this
+# -       Parameter will be set to "false"
+# -
+# - ICMP redirects are used by routers to specify better routing paths out of 
+# - one network, based on the host choice, so basically it affects the way 
+# - packets are routed and destinations. 
+# -
+kernel_dont_accept_redirects=true
+
+# - Activate Reverse Path Filtering (Antispoofing)
+# -
+# - Reverse Pfadfilterung aktivieren. Dies hilft durch automatisches Ablehnen 
+# - von Quelladressen, die nicht mit dem Netzwerkinterface übereinstimmen, 
+# - sicherzustellen, dass Pakete legitime Quelladressen benutzen. Dies hat
+# - Sicherheitsvorteile, da es IP Spoofing verhindert. Wir müssen es für 
+# - alle net/ipv4/conf/* aktivieren, da sonst die Validierung der Quelle 
+# - nicht voll funktionsfähig ist. 
+# -
+kernel_activate_rp_filter=true
+
+# - Logging of spoofed (source routed" and "redirect") packets
+# -
+kernel_log_martians=false
+
+
+
+# =============
+# --- Some further Ports/IP-Address Configuration
+# =============
+
+# - unpriviligierte Ports
+# -
+unprivports="1024:65535"
+
+# - Loopback
+loopback="127.0.0.0/8"
+
+# - Private Networks
+priv_class_a="10.0.0.0/8"
+priv_class_b="172.16.0.0/12"
+priv_class_c="192.168.0.0/16"
+
+# - Multicast Addresse
+class_d_multicast="224.0.0.0/4"
+
+# Reserved Addresse
+class_e_reserved="240.0.0.0/5"
+
diff --git a/WF/ipt-firewall/post_decalrations.conf b/WF/ipt-firewall/post_decalrations.conf
new file mode 100644
index 0000000..7d0e9bf
--- /dev/null
+++ b/WF/ipt-firewall/post_decalrations.conf
@@ -0,0 +1,505 @@
+#!/usr/bin/env bash
+
+
+# -----------
+# --- Define Arrays
+# -----------
+
+# ---
+# - Masquerade TCP Connections
+# ---
+
+declare -a nat_network_arr
+for _net in $nat_networks ; do
+   nat_network_arr+=("$_net")
+done
+
+declare -a masquerade_tcp_con_arr
+for _str in $masquerade_tcp_cons ; do
+   masquerade_tcp_con_arr+=("$_str")
+done
+
+
+# ---
+# - Extern Network interfaces (DSL, Staic Lines, All together)
+# ---
+declare -a nat_device_arr
+declare -a dsl_device_arr
+declare -a ext_if_arr
+for _dev in $ext_ifs_dsl ; do
+   dsl_device_arr+=("$_dev")
+   ext_if_arr+=("$_dev")
+   nat_device_arr+=("$_dev")
+done
+for _dev in $ext_ifs_static ; do
+   ext_if_arr+=("$_dev")
+done
+for _dev in $nat_devices ; do
+   if ! containsElement $_dev "${nat_device_arr[@]}" ; then
+      nat_device_arr+=("$_dev")
+   fi
+done
+
+# ---
+# - VPN Interfaces
+# ---
+declare -a vpn_if_arr
+for _dev in $vpn_ifs ; do
+   vpn_if_arr+=("$_dev")
+done
+
+# ---
+# - Local Network Interfaces
+# ---
+declare -a local_if_arr
+for _dev in $local_ifs ; do
+   local_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces completly blocked
+# ---
+declare -a blocked_if_arr
+for _dev in $blocked_ifs ; do
+   blocked_if_arr+=("$_dev")
+done
+
+# ---
+# - Network Interfaces not firewalled
+# ---
+declare -a unprotected_if_arr
+for _dev in $unprotected_ifs ; do
+   unprotected_if_arr+=("$_dev")
+done
+
+# ---
+# - Allow these local networks any access to the internet
+# ---
+declare -a any_access_to_inet_network_arr
+for _net in $any_access_to_inet_networks ; do
+   any_access_to_inet_network_arr+=("$_net")
+done
+
+declare -a any_access_from_inet_network_arr
+for _net in $any_access_from_inet_networks ; do
+   any_access_from_inet_network_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given extern networks
+# ---
+declare -a allow_ext_net_to_local_service_arr 
+for _val in $allow_ext_net_to_local_service ; do
+   allow_ext_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+declare -a allow_ext_net_to_local_net_arr
+for _val in $allow_ext_net_to_local_net ; do
+   allow_ext_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+declare -a block_all_ext_to_local_net_arr
+for _net in $block_all_ext_to_local_net ; do
+   block_all_ext_to_local_net_arr+=("$_net")
+done
+
+# ---
+# - Allow local services from given local networks
+# ---
+declare -a allow_local_net_to_local_service_arr 
+for _val in $allow_local_net_to_local_service ; do
+   allow_local_net_to_local_service_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+declare -a allow_local_net_to_local_ip_arr
+for _val in $allow_local_net_to_local_ip ; do
+   allow_local_net_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+declare -a allow_local_ip_to_local_net_arr
+for _val in $allow_local_ip_to_local_net ; do
+   allow_local_ip_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+declare -a allow_local_net_to_local_net_arr
+for _val in $allow_local_net_to_local_net ; do
+   allow_local_net_to_local_net_arr+=("$_val")
+done
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+declare -a allow_local_if_to_local_ip_arr
+for _val in $allow_local_if_to_local_ip ; do
+   allow_local_if_to_local_ip_arr+=("$_val")
+done
+
+# ---
+# - Separate local Networks
+# ---
+declare -a separate_local_network_arr
+for _net in $separate_local_networks ; do
+   separate_local_network_arr+=("$_net")
+done
+
+# ---
+# - Separate local Interfaces
+# ---
+declare -a separate_local_if_arr
+for _net in $separate_local_ifs ; do
+   separate_local_if_arr+=("$_net")
+done
+
+# ---
+# - Generally block ports on extern interfaces
+# ---
+declare -a block_tcp_port_arr
+for _port in $block_tcp_ports ; do
+   block_tcp_port_arr+=("$_port")
+done
+
+declare -a block_udp_port_arr
+for _port in $block_udp_ports ; do
+   block_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Not wanted on intern interfaces
+# ---
+declare -a not_wanted_on_gw_tcp_port_arr
+for _port in $not_wanted_on_gw_tcp_ports ; do
+   not_wanted_on_gw_tcp_port_arr+=("$_port")
+done
+
+declare -a not_wanted_on_gw_udp_port_arr
+for _port in $not_wanted_on_gw_udp_ports ; do
+   not_wanted_on_gw_udp_port_arr+=("$_port")
+done
+
+# ---
+# - Private IPs / IP-Ranges allowed to forward
+# ---
+declare -a forward_private_ip_arr
+for _ip in $forward_private_ips ; do
+   forward_private_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses to log
+# ---
+declare -a log_ip_arr
+for _ip in $log_ips ; do
+   log_ip_arr+=("$_ip")
+done
+
+# ---
+# - Network Devices local DHCP Client
+# ---
+declare -a dhcp_client_interfaces_arr
+for _dev in $dhcp_client_interfaces ; do
+   dhcp_client_interfaces_arr+=("$_dev")
+done
+
+# ---
+# - IP Addresses DHCP Failover Server
+# ---
+declare -a dhcp_failover_server_ip_arr
+for _ip in $dhcp_failover_server_ips ; do
+   dhcp_failover_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses DNS Server
+# ---
+declare -a dns_server_ip_arr
+for _ip in $dns_server_ips ; do
+   dns_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SSH Server only at ocal Networks
+# ---
+declare -a ssh_server_only_local_ip_arr
+for _ip in $ssh_server_only_local_ips ; do
+   ssh_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses HTTP Server only local Networks
+# ---
+declare -a http_server_only_local_ip_arr
+for _ip in $http_server_only_local_ips ; do
+   http_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Mail Server only local Networks
+# ---
+declare -a mail_server_only_local_ip_arr
+for _ip in $mail_server_only_local_ips ; do
+   mail_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses FTP Server
+# ---
+declare -a ftp_server_only_local_ip_arr
+for _ip in $ftp_server_only_local_ips ; do
+   ftp_server_only_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Samba Server
+# ---
+declare -a samba_server_local_ip_arr
+for _ip in $samba_server_local_ips ; do
+   samba_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses LDAP Server
+# ---
+declare -a ldap_server_local_ip_arr
+for _ip in $ldap_server_local_ips ; do
+   ldap_server_local_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Telephone Systems
+# ---
+declare -a tele_sys_ip_arr
+for _ip in $tele_sys_ips ; do
+   tele_sys_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses SNMP Server
+# ---
+declare -a snmp_server_ip_arr
+for _ip in $snmp_server_ips ; do
+   snmp_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses Munin Service 
+# ---
+declare -a munin_local_server_ip_arr
+for _ip in $munin_local_server_ips ; do
+   munin_local_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses XyMon
+# ---
+declare -a xymon_server_ip_arr
+for _ip in $xymon_server_ips ; do
+   xymon_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Adresses IPMI interface
+# ---
+declare -a ipmi_server_ip_arr
+for _ip in $ipmi_server_ips ; do
+   ipmi_server_ip_arr+=("$_ip")
+done
+
+# ---
+# -IP Addresses Ubiquiti Unifi Accesspoints
+# ---
+declare -a unifi_ap_local_ip_arr
+for _ip in $unifi_ap_local_ips ; do
+   unifi_ap_local_ip_arr+=("$_ip")
+done
+declare -a unifi_controller_gateway_ip_arr
+for _ip in $unifi_controller_gateway_ips ; do
+   unifi_controller_gateway_ip_arr+=("$_ip")
+done
+declare -a unify_controller_local_net_ip_arr
+for _ip in $unify_controller_local_net_ips ; do
+   unify_controller_local_net_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Printer
+# -
+declare -a printer_ip_arr
+for _ip in $printer_ips ; do
+   printer_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Adresses Brother Scanner (brscan)
+# ---
+declare -a brother_scanner_ip_arr
+for _ip in $brother_scanner_ips ; do
+   brother_scanner_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses PCNS Server
+# ---
+declare -a pcns_server_ip_arr
+for _ip in $pcns_server_ips ; do
+   pcns_server_ip_arr+=("$_ip")
+done
+
+
+# ---
+# - IP Addresses VNC Service
+# ---
+declare -a rm_server_ip_arr
+for _ip in $rm_server_ips ; do
+   rm_server_ip_arr+=("$_ip")
+done
+
+# ---
+# - IP Addresses Rsync Out
+# ---
+# local
+declare -a rsync_out_ip_arr
+for _ip in $rsync_out_ips ; do
+   rsync_out_ip_arr+=("$_ip")
+done
+
+# ---
+# - Other local Services
+# ---
+declare -a other_service_arr
+for _val in $other_services ; do
+   other_service_arr+=("$_val")
+done
+
+# ---
+# - SSH Ports
+# ---
+declare -a ssh_port_arr
+for _port in $ssh_ports ; do
+   ssh_port_arr+=("$_port")
+done
+
+# ---
+# - Cisco kompartible VPN Ports
+# ---
+declare -a cisco_vpn_out_port_arr
+for _port in $cisco_vpn_out_ports ; do
+   cisco_vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - VPN Ports
+# ---
+declare -a vpn_gw_port_arr
+for _port in $vpn_gw_ports ; do
+   vpn_gw_port_arr+=("$_port")
+done
+declare -a vpn_local_net_port_arr
+for _port in $vpn_local_net_ports ; do
+   vpn_local_net_port_arr+=("$_port")
+done
+declare -a vpn_out_port_arr
+for _port in $vpn_out_ports ; do
+   vpn_out_port_arr+=("$_port")
+done
+
+# ---
+# - Rsync Out Ports
+# --
+declare -a rsync_port_arr
+for _port in $rsync_ports ; do
+   rsync_port_arr+=("$_port")
+done
+
+# ---
+# - Samba Ports
+# ---
+
+declare -a samba_udp_port_arr
+for _port in $samba_udp_ports ; do
+   samba_udp_port_arr+=("$_port")
+done
+
+declare -a samba_tcp_port_arr
+for _port in $samba_tcp_ports ; do
+   samba_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - LDAP Ports
+# ---
+
+declare -a ldap_udp_port_arr
+for _port in $ldap_udp_ports ; do
+   ldap_udp_port_arr+=("$_port")
+done
+
+declare -a ldap_tcp_port_arr
+for _port in $ldap_tcp_ports ; do
+   ldap_tcp_port_arr+=("$_port")
+done
+
+# ---
+# - IPMI
+# ---
+
+declare -a ipmi_udp_port_arr
+for _port in $ipmi_udp_ports ; do
+   ipmi_udp_port_arr+=("$_port")
+done
+
+declare -a ipmi_tcp_port_arr
+for _port in $ipmi_tcp_ports ; do
+   ipmi_tcp_port_arr+=("$_port")
+done
+
+
+# ---
+# - Portforwrds TCP
+# ---
+declare -a portforward_tcp_arr
+for _str in $portforward_tcp ; do
+   portforward_tcp_arr+=("$_str")
+done
+
+# ---
+# - Portforwrds UDP
+# ---
+declare -a portforward_udp_arr
+for _str in $portforward_udp ; do
+   portforward_udp_arr+=("$_str")
+done
+
+# ---
+# - MAC Address Filtering
+# ---
+declare -a allow_all_mac_src_address_arr
+for _mac in $allow_all_mac_src_addresses ; do
+   allow_all_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_local_mac_src_address_arr
+for _mac in $allow_local_mac_src_addresses ; do
+   allow_local_mac_src_address_arr+=("$_mac")
+done
+
+declare -a allow_remote_mac_src_address_arr
+for _mac in $allow_remote_mac_src_addresses ; do
+   allow_remote_mac_src_address_arr+=("$_mac")
+done
+
diff --git a/WF/mailname.WF b/WF/mailname.WF
new file mode 100644
index 0000000..3cecd4e
--- /dev/null
+++ b/WF/mailname.WF
@@ -0,0 +1 @@
+gw-d11.wf.netz
diff --git a/WF/main.cf.WF b/WF/main.cf.WF
new file mode 100644
index 0000000..4cffb43
--- /dev/null
+++ b/WF/main.cf.WF
@@ -0,0 +1,268 @@
+# ============ Basic settings ============
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = /usr/share/doc/postfix
+html_directory = /usr/share/doc/postfix/html
+
+## - The Internet protocols Postfix will attempt to use when making 
+## - or accepting connections.
+## - DEFAULT: ipv4
+inet_protocols = ipv4
+
+#inet_interfaces = all
+inet_interfaces =
+   127.0.0.1
+   192.168.52.254
+
+myhostname = gw-d11.wf.netz
+
+mydestination = 
+   gw-d11.wf.netz
+   localhost
+
+## - The list of "trusted" SMTP clients that have more 
+## - privileges than "strangers"
+## -
+mynetworks = 
+   127.0.0.0/8
+   192.168.52.254/32
+
+#smtp_bind_address = 192.168.52.254
+#smtp_bind_address6 = 
+
+
+## - The method to generate the default value for the mynetworks parameter.
+## -
+## -   mynetworks_style = host" when Postfix should "trust" only the local machine
+## -   mynetworks_style = subnet (default value) "when Postfix should "trust" SMTP 
+## -                       clients in the same IP subnetworks as the local machine.
+## -   mynetworks_style = class" when Postfix should "trust" SMTP clients in the same 
+## -                      IP class A/B/C networks as the local machine.
+## -
+#mynetworks_style = host
+
+
+## - The maximal size of any local(8) individual mailbox or maildir file, 
+## - or zero (no limit). In fact, this limits the size of any file that is 
+## - written to upon local delivery, including files written by external 
+## - commands that are executed by the local(8) delivery agent. 
+## -
+mailbox_size_limit = 0
+
+## - The maximal size in bytes of a message, including envelope information.
+## -
+## - we user 50MB
+## -
+message_size_limit = 52480000
+
+## - The system-wide recipient address extension delimiter
+## -
+recipient_delimiter = +
+
+## - The alias databases that are used for local(8) delivery.
+## -
+alias_maps =
+   hash:/etc/aliases
+
+## - The alias databases for local(8) delivery that are updated 
+## - with "newaliases" or with "sendmail -bi". 
+## -
+alias_database =
+   hash:/etc/aliases
+
+
+## - The maximal time a message is queued before it is sent back as 
+## - undeliverable. Defaults to 5d (5 days)
+## - Specify 0 when mail delivery should be tried only once.
+## - 
+maximal_queue_lifetime = 3d
+bounce_queue_lifetime = $maximal_queue_lifetime
+
+## - delay_warning_time (default: 0h)
+## -
+## - The time after which the sender receives a copy of the message 
+## - headers of mail that is still queued. To enable this feature, 
+## - specify a non-zero time value (an integral value plus an optional 
+## - one-letter suffix that specifies the time unit). 
+## - Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). 
+## - The default time unit is h (hours). 
+delay_warning_time = 1d
+
+
+
+# ============ Relay parameters ============
+
+#relayhost =
+
+
+# ============ SASL authentication ============
+
+# Enable SASL authentication
+smtp_sasl_auth_enable = yes
+
+# Forwarding to the ip-adress of host b.mx.oopen.de
+relayhost = [b.mx.oopen.de]
+
+# File including login data
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+
+# Force using a (TLS) security connection
+# obsulete - use smtp_tls_security_level instead
+#smtp_use_tls = yes
+#smtp_tls_enforce_peername = no
+smtp_tls_security_level = encrypt
+
+# Disallow methods that allow anonymous authentication.
+smtp_sasl_security_options = noanonymous
+
+
+
+# ============ TLS parameters ============
+
+## - Aktiviert TLS für den Mailempfang
+## -
+## - may:
+## - Opportunistic TLS. Use TLS if this is supported by the remote 
+## - SMTP server, otherwise use plaintext
+## -
+## - This overrides the obsolete parameters smtpd_use_tls and 
+## - smtpd_enforce_tls. This parameter is ignored with 
+## - "smtpd_tls_wrappermode = yes".
+#smtpd_use_tls=yes
+smtp_tls_security_level=encrypt
+
+## - Aktiviert TLS für den Mailversand
+## -
+## - may:
+## - Opportunistic TLS: announce STARTTLS support to SMTP clients, 
+## - but do not require that clients use TLS encryption.
+# smtp_use_tls=yes
+smtpd_tls_security_level=may
+
+## -    0 Disable logging of TLS activity. 
+## -    1 Log TLS handshake and certificate information. 
+## -    2 Log levels during TLS negotiation. 
+## -    3 Log hexadecimal and ASCII dump of TLS negotiation process. 
+## -    4 Also log hexadecimal and ASCII dump of complete transmission after STARTTLS. 
+## -
+smtpd_tls_loglevel = 1
+smtp_tls_loglevel = 1
+
+smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt
+smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers.
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_1024.pem -2 1024
+## -
+#smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_1024.pem
+## - also possible to use 2048 key with that parameter
+## -
+smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dh_2048.pem
+
+## - File with DH parameters that the Postfix SMTP server should use with EDH ciphers. 
+## - 
+## - Dont't forget to create it, e.g with openssl:
+## -    openssl gendh -out /etc/postfix/ssl/dh_512.pem -2 512
+## -
+smtpd_tls_dh512_param_file = /etc/postfix/ssl/dh_512.pem
+
+
+## - File containing CA certificates of root CAs trusted to sign either remote SMTP 
+## - server certificates or intermediate CA certificates. These are loaded into 
+## - memory !! BEFORE !! the smtp(8) client enters the chroot jail.
+## - 
+smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
+
+## - Directory with PEM format certificate authority certificates that the Postfix SMTP 
+## - client uses to verify a remote SMTP server certificate. Don't forget to create the 
+## - necessary "hash" links with, for example, "
+## - /bin/c_rehash /etc/postfix/certs". 
+## -
+## - !! Note !!
+## - To use this option in chroot mode, this directory (or a copy) must be inside 
+## - the chroot jail. 
+## -
+## - Note that a chrooted daemon resolves all filenames relative to the Postfix 
+## - queue directory (/var/spool/postfix)
+## -
+#smtpd_tls_CApath = /etc/postfix/certs
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP server 
+# 
+# List of TLS protocols that the Postfix SMTP server will exclude or  
+# include with opportunistic TLS encryption.  
+smtpd_tls_protocols = !SSLv2, !SSLv3
+# 
+# The SSL/TLS protocols accepted by the Postfix SMTP server  
+# with mandatory TLS encryption. 
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+# Disable SSLv2 SSLv3 - Postfix SMTP client 
+#  
+# List of TLS protocols that the Postfix SMTP client will exclude or  
+# include with opportunistic TLS encryption.  
+smtp_tls_protocols = !SSLv2, !SSLv3
+# 
+# List of SSL/TLS protocols that the Postfix SMTP client will use  
+# with mandatory TLS encryption 
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+
+
+## - Activate des "Ephemeral Elliptic Curve Diffie-Hellman" (EECDH) key exchange 
+## -    openssl > 1.0
+## -
+smtpd_tls_eecdh_grade = strong
+
+# standard list cryptographic algorithm
+tls_preempt_cipherlist = yes
+
+# Disable ciphers which are less than 256-bit:
+#
+#smtpd_tls_mandatory_ciphers = high
+#
+# opportunistic
+smtpd_tls_ciphers = high
+
+
+# Exclude ciphers
+#smtpd_tls_exclude_ciphers =
+#   RC4
+#   aNULL
+#   SEED-SHA
+#   EXP
+#   MD5
+smtpd_tls_exclude_ciphers =
+   aNULL
+   eNULL
+   EXPORT
+   DES
+   RC4
+   MD5
+   PSK
+   aECDH
+   EDH-DSS-DES-CBC3-SHA
+   EDH-RSA-DES-CDC3-SHA
+   KRB5-DE5, CBC3-SHA
+
+
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
diff --git a/WF/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-WF-gw-ckubu b/WF/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-WF-gw-ckubu
new file mode 100644
index 0000000..5ce9a21
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/ccd/server-gw-ckubu/VPN-WF-gw-ckubu
@@ -0,0 +1,5 @@
+ifconfig-push 10.1.52.2 255.255.255.0
+push "route 192.168.52.0 255.255.255.0 10.1.52.1"
+push "route 192.168.43.0 255.255.255.0 10.1.52.1"
+iroute 192.168.63.0 255.255.255.0
+iroute 192.168.64.0 255.255.255.0
diff --git a/WF/openvpn/gw-ckubu/client-configs/gw-ckubu.conf b/WF/openvpn/gw-ckubu/client-configs/gw-ckubu.conf
new file mode 100644
index 0000000..42e696b
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/client-configs/gw-ckubu.conf
@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote wf.oopen.de 1195
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGxjCCBK6gAwIBAgIJANI5OJTs0bx/MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMCAXDTE4MDUwNDIyMDQzNVoYDzIwNTAwNTA0MjIwNDM1WjCBnDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
+BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+Qg+M2wuVE
+xG3mDM6abF2wyU7bVeIVgbdU3L+aleso8IyCwyZS3JTWafR2HzHGBIRvmmxNVehs
+EAM8AtkxMqKSGTv3HgnaHy6XSNlMqmO78rCUifFs24Uw2vbnbrytxEGGr7aFVaiy
+f+nZ6uc+KT4sJzzxc4UV3BxH6aBt/itNCrx/mPrQ6JBsH1U0pJp8O35UNmgPxRTW
+A96LMxvupC4K5MWCK/ZMgJ+zaKuHY2Zn09vmxIOEkzGY0MSQynLaIa/W6TLlGXpn
+UKRArd098gS6IF3TNLeTHKwwEMdQREguL+C3I4m9a9uCFs9AUGmKx93prRG38RL7
+TrdJTG5J2642xBQae/M4NjjPZ8yiNKMiO5CM6RiINtC3NykwlR+74LmDz0wxvxoz
+zsNdpYKH9eaqE7xmRhpXPYc41oCT7QOg8kh1k11dx7awx1edD+5MBklyr23yph7I
+p4j2aA2Ce4PKgH9p4pPNDuMI7o6AFpQZC/YaKO315PIvkGbI2FPvkD6WAFo6ol4K
+P4Qs8l3dek6cqys5tkq5G1vh61P33hnRqIOlDjZ/03gtsZKjndY+WSR+ilcTb+dP
+I2dYXqX+Cy6xY4bHVxpHg7MXYDZoXtVnjLcC5EviwiShqDBReH1CFCfDlleWjkob
+vlLjvCO19SEzHWK7lAUvSuOk+XFlPwgRAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
+0PJ0ICpJa0iXvNFbAFu9khFc+mkwgdEGA1UdIwSByTCBxoAU0PJ0ICpJa0iXvNFb
+AFu9khFc+mmhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDSOTiU7NG8fzAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQA1PlBb6rHJnwpZwfY0Uvb1CVbCuVF2
+4C54AMdWKTORs8U9fVKTwVxzV+aeHiEztxOoKLhIq8EN3+0HkDdXBKHagHXjzEoe
+h91n/5nfc9IqR4WVO9AqFaqiIQmSOFqtryoG8ZgHtAz65YCGruG3BS95IIooeXQW
+r1sH3L/2rb0ea11zP3CtBy2pKlHiu6289JiLyObKFaQFu7PCJzWARV4pIJf1XgZl
+qk2YundPpKxtxHUhe0UObYFrcgo1ccBnKEsEcMANk7nz27QXML1dSSRMFc/AInpJ
+EMrInTaGI5rGusgbGrPSVAnuLMkmDdNE6r6l4L9cd5m867CUfp89m4BCU8Cjv+UP
+5bnBU9DgUqMs0jlOqbfy27FOsPXBhsyR4QdddJCAg+yYuYdBgVo8XRZiSPYTi55G
+M29n92ma9HVU95WA4cR9d3IlgNk40RhgAVMcGAOgk/sQFfp43DssBtcY5wweva7B
+a9M34o0f4HslXDm6xV8y9P+zcScbs9B9WXE+2HvMwVTrXnM/EhpyL0MlZ5NXcHld
+cBqNwRu84Rw2iw54sQDb8R0a3NJ3ZxHbQG8crgUD80xgZe1ds9k6YoCr4c4wh7SP
+ru1i2v9bdCskC/vsGOR7BNUvVfJFcfk6PcqynHjvGgz8tWWdEkbRA29UZM0paAwZ
+Ic3ZiGwAJvoitQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTQyMzFaFw0zODA1MDUwOTQyMzFaMIGlMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVdGLWd3
+LWNrdWJ1MQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAspSsnUm1LQ7b
+8RkbTcnOZbkY5nrCxuUS48TTR5xldAqAIE4dcBiOt4bk4Owq+Ga/ahSPRE4bzWGg
+sxMPAOwrTQbIzTTSa+hE88yb/Yex+ajFF3l5P8UFDnuhsktYKTO5gmm/s7ylUXkD
+229PVWJSZPDkoyCk6X9dePIr1Y5bp9hVsu+kAbgv+hqDKVs2t9SEz9sR1D3bPBSo
+Qq922A+uAB8TuMO7+Qa56SN3TNeppDbZ8sMJDACo4n6kuGiiwGKwQisuClWc4Ztk
+lyxRyk4nX3tazoZ5/HhnWAVIyDtKJLoGTtuJQPTrg6u73L8dZ/Xdzs44JtcVgFyX
+c/tYfpa0qwOaEjY4eIZbR8fnE1aDVKOxpF6+dT687g2ejZnk7xat7nQ1xO0dOpuU
+nGcHoj6xS/qelJdREhoSmBcM+s47AcChvLQcnYxoMUttGa1IwMQ+JLKAkoe6SxY5
+O/RFc7ikFtxqTjoYhEaeOEdpylddkls2GgY+zhr19Q7fQG4GJAzcaX8kZNW9lCsL
+bnVNKs0NPqSzlH1V8fRW8qbGLBYo4psmv9ZSVz4uSvjeiztxDXacrn/mk6QaCsBU
+iGL5W10SMVzdoCDhZaXLpbav3TqSdO8McJgOrRw4oj6ub4FeRD1PjLfLUJNT4yQU
+xaM4cJrrOREcZrZ/QzFb50A5wPj3XmECAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
+LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUC1o/4VMVvM1Vd/5aZ/6VotQG7/IwgdEGA1UdIwSByTCBxoAU0PJ0
+ICpJa0iXvNFbAFu9khFc+mmhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkT
+BlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDSOTiU7NG8
+fzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
+Z3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAF5Lkr5dmfn07fwGHbjBYQcGapqI
+r4GEBG9E52PFBL432FLlaLy9HrpQfIj+6aCpO6/M7u5GSQH9/2Bo1COQDenWVJdD
+4oAkCcuBFwY2xIMMF4RkWXKrKEVCc+hZsgHl5/ZFKQdx/XYLrJc4s+ZUFgiESfmX
+NpP9d2T5kB/SuxxXIP+1wVe7sbKMsa2VZDTe1KI7c1xgb5Z+azGmED3MyfLf+jS2
+jOPhJZAxpiGhBC8SvTzmaysGkakAEBzgIuPz3a6rKn3lPFKNp1zoALGVRMwkRYdu
+ufdoBlwGq9Vt6WKlih9XFBcuFbKLH20ZG9oPrElMnkMdDucoQZ6hx6WNdvVs5TNb
++kaDaWu4dQqr4VrY1Xx96VctvvkbLT9BWzFBMlOAXJi4Ndox+P9W0z9oq++bOVpN
+7H9qrdIG83tN7El4elemvXeyHfq+4vVgrPvLJ3blhuoZKONauXu/0D3Vt3mB2Gv2
+JL2oYFMa7reU+IYBZ6HzR0AOTmy/9emA6h5jf27WSWY9JYzvflzIRg6i9eH/goDs
+vAYjExeG8UelahsS2XhVhnYzimigBfPE2CkBXCTX9KnEumF/Tk6kb7u9Pqs7Sw+u
+w9dpCWspa9+H75kl/I5k52mJpxg0tbG3GP65DpwnGtIYvTFs0DSywlh/5hnoN5Go
+Ww26mZRoHwHAtAHo
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI59wBCS9KufACAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMafpEYThPSNBIIJSMfS/Nhh6rKg
+wYowIdjqeXtALfdMjYM1VPFesantrtCGxxZgyvGhT8GJylJvyKlHpaGKXnqib9k9
+vtmLEwgte4gfKQ4DfBLKSx59tMWOubFkP0UipolhJeksCzyq8Jz+vqITr8ZIHm3F
++Rw6Vmf/tH6+tl4E+K9RsC6y9DV+3LT8nApLJw1jFCOPTYJ4MGMXyacrQ0s6uluB
+vL0T47A9OVemH9dAJhxIeYXP6oNM5/bbMe7ipAQDmwzAU4YGn3VR7hRdFjhcsw9G
+3MiQQc3/vBKYmIwDKdRhkNr6BWU6kj00aHShchQQB3igc/C0T+OdYjbV395+AoeW
+N2elVKmVR+jPmQCngb4adE13PqzAil29SMNGCYUmrr6w9beof1lkNgaPGMlizSrj
+dyViCIfyKUZIyHoTM2tkWZnvwvTAiLnq/KLb3xeFEz1P52dXNa+iaaT+2/CMJK8y
+/K3tI3LelE4GlJ0pqPeBbgPdJtDjti5eLAzlpVt36FXYIauNHPqdudD2gkU1uyQ+
+UczS0aiHp/HyR35OhOtjTq9WjL6rNcQydYxKZkQS6SftqC9B3ulG6miI1qykoQRt
+7mCOE4hdRLb4qU7ZbuLh3ysX90FgSaCTRkn/WLLRdXL9rnp18/i1o628449p+sCQ
+1Y1BaMSiwBKHu5kvFCUiZ/9gS71rZvz2fWYvZult9hM9++XXwGjmaQFTO/O/YAKA
+PMnsS7XZZLF8kvWp7kXU94ws+Bozhbfd3Owpktr7oe5pnUz3JoIuZZN7kq99u8+c
+0n9hIBrMKcMWbyDOVwlNJ8GvR8QkEcXwzfNjEqawHpjZ4I3FV+nyVuCOt0Ap7ic3
+GqEkpfUQavLyxxYanchf04/obbiW63+r2LbLeouvk44LjOdjP1cD9Q72jdEfYTeS
+bnqeqA7LtNJ334SsetLyfPpf5StF59HGAlOLRQ5zCM2UW8HPGK+BRn5FWw6lfp9x
+8wCIYs8QDzq8PwRNpi5z1YgXGM0GV15uk4JRPphSD0GdB4bDjIufhG1WzAMgHd3K
+99ppEmtguBXQwjt3KnRed+sjbhnPEsdfAKlvGhtHgMlxa9Pt+4HY6BapcVrcpE1U
+yx72S3BrWgY1b+4E6DEkAZurGcqNeBf+3kXzQb/bgZ089oSkcULayx3qMv9I8pWk
+SQ/KiWz0w7LhPcxOHtyLEjn1z/FMnc/H+HYL7nVLHvPQI1QqN6QVDBXMnzWe/LYm
+pRlKnFXL8DSQ+U3Y32CsCGmRFoHnC5IOJ9AyLcH8Cf1mGHtq2AUR6A+5fnDnzs4W
+wneYMYE+chjoEBhyrbhaBmzMsZn1EQeRSWnKFUv380OeBTQvA6UEX2NbYe96Sm8/
+5vym3c9js8SioBiM5nT1IO5w3ySjnaF3UmUldlk3JUCOey7HiuCXBGNiDq06laPX
+Gy3cAy9zasaPdsPaPcOjNyHurSp23qXua446IyBZTdzQewE5AcfQMyJIwzuck/oq
+UDZvHZUbiqcaWtEcquyLRSQPSRj8zAN0+VJoO88ptfC423ye3SV/bsIJV/dlys0W
+NqkfK4e7sqXlbESlxMfhTqKHD0JgC/mvlfWcQi7zQ3KTjWQGKGgkZgPe5YKa9XNy
+r1iA0sVKrvJcFWNb64wXUN5KKP+7j+jnkLdsQKrDDrQcdkFZI3TTjB61We8xG4EK
+vEkhpxf3DG6QOYpC5xpKGKIKDvb3PlxDw2zLoRghlLOYcrzrCKCRpykVdPa2/WtY
+ImvtspFedb1erVuObp7KJtfhnKsiT6D2QXX1YceYwmC+6tbpdyi1/SsnwOnP1vyD
+2Kt+l10ISuDIE50NtEmwWjluSHenQXwgkM57YrYi2cwOB8tPxUiFevpFcQpErVyd
+7Ocgd7n+NEM0Wk2+9Ap8+uAqIGnwy1og41/EzpaSybhMHhI4W8o7ocTIU+P4o3+5
+Lpq67MLebA0nJ2UFK0/CsJFH0mqL+MyYbON5T7IimS5f+dxBTX80zZeyIcV/uf4d
+w5T79/5ltjQ61MYS6nxnuEFVsO+S4iQZPV8lyszucRXhK9czJ7DULvbOcUqFgVU/
+wkkmIeGRiqntohas7mLzl/GIExt6e/yK40jTbIq0wGt2fXncVZ9yLn5Piap0kjTn
+SrDcvBHR2yOjvt/hSiIhB/8Stxfspc+a0gPMWzaFzw5IFxzihA6FI+wnRmLTAIY3
+niq6ORveC/9iZLe0tJ6AAG4vw6oDi9wQPqdqMfwcmiFDqT+lpNd0aWOpTvTnVt07
+ibNVRV7H1DRomeUodkwcnvlONBWyt30WOE46C6zRGnIpfKO8NSUG5CTJd3YKUo2b
+wqSd2N/jhQ5is+vHIxqhHl53p3DvO/OMSb9vYtBoUlHUhxU+4dJa3T1qibKtHXHa
+2gsG64/AFt2OQqq9KS9Zi8Hc2MyI3tPeAy4xMctYM2b1fjE9UHWRfbcVZTOPWbz8
+PWfvyNwc4c8pqeojmMaMyUPYMsoM+yhj8tHRpoTNUSZx2I9VrhrAMQQt5HIThY0n
+/MSWjaWOH1CPbgIyJaBY8WLL1Kz/QsAPV7PgeG5YJVvuqM0uo+iDhf4fHXR4TYqS
+baeXV8sXQg+6WDmBESsPOGpL7jMRg0Ay6HHnAmZHWWC+9J4trVerJct621A26y9V
+3Bh2r1zbL8dkC3WHvBu1uVlWam1z4Qj+sS66HCDlPWsgQZzBOX3JPRn7IUjCFzWM
+q0wZPSNO1outCFEs/uW8nelWr3EOeYBtpJZU81rXSYHvDa0mWZCroabNcgDiHbcj
+DwhtAewmLeJhYUPUkU7SoqZLJy/RRymEO1vaNutQtm61vlbnAatcM6y1v51/vLRl
+xe5fpp9/EZGXMfnjgKApAO0WFYPk6FhZydm4KrXTQueLS63GGCuSmaAVP3aLWt06
+qn5FfIqupymn8xqNkmToUhE4559j7Z+//tvvdNppsD1YY6x6S0NfWreGhArL0uYu
+er9iXtrbb0QCitzXdWh90+CEFvENzeYOqE1T4C7pq1Nhoqu6qCzFk63TPBBhlFm9
+R002jRL/UcjqDy7L4L4hE6TCQqlnVuPl1Ru8uCpRAUARPbmWNBVi+yUeGTh3YFOa
+yPuYDrvQEjzXl16q+U/5MNQ4S0MZzEDtjMYKqLyGsVh503jKO6XH3UmMAFlrWf7J
+1xr8RI04RwGrFDkPkuw1dQ==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+3e5606d9c9b42920092f825f6a23844f
+2f37246d81d815ac43de66f4ecfd7237
+5c7a90624fce693c8b98330f067e3fb0
+3a7e09895d73d7567f1054b54882d4c6
+72b6d4b075c817d6304a2928a03af610
+89090caccd14025b83683285228bb280
+8255101ec75398ec183f14d3ecb45fe7
+e26e6fdb81e7d5ac8a81965acd7094a5
+5b99d8b392a9998f7468e553a049c539
+876925b61b9fc07ebeefad3f672e6baa
+538e516961f37ca0e09666cdd6f67d37
+89a39089fed07e8755a410b86ca40061
+cdb81e6fa11b17b2b5dd74eca1447aa8
+b2611b543751b2d53fc79fddbc26f91f
+4d9ded064e9ea85b882475aa965950d0
+7ee0cd2ce141eb6678d23a7bfa832536
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/WF/openvpn/gw-ckubu/crl.pem b/WF/openvpn/gw-ckubu/crl.pem
new file mode 100644
index 0000000..74dd0c3
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/crl.pem
@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC5TCBzjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEPMA0GA1UEKRMG
+VlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZRcNMTgwNTA1MDkw
+NzQ1WhgPMjA1MDA1MDUwOTA3NDVaMA0GCSqGSIb3DQEBCwUAA4ICAQBGioki44G8
+/5osA+UzYF9xl+l7iaebUnFbysFcs45VGlKTPeXuv4+9zvzhSlpL5jb3s/HRJjvB
+R83j+o+D26m97dDEXlBOV23uuhvj/Ovra3vft5kgjDYR4PGkDvVt6NeL/wAlCVqY
+wAglg6Ul7qwXG5GAgcSk3yZYfgHXeghIWlkZBCu/Id+ctfptQ9ilEENOxIeL6NRw
+YPXnmMwtcbfWKYAM0D/o4p/aJDCd3fNN3657B6BoU5LUywyeMrdmeV82DHon5K+a
+45RdT5YJ2J+WyWQELBGo0sItbfZsaHbKTLtHFCfepiaZrbu4Oy/vdjHIITlY/GML
+Wlfo+H1FY7pMsA5ej7pvT9pKfhYbFx3DFQyguxeP5zRL5NIxRgNR3EPSJ8VOQa4D
+w3u/UilluhDg8WuBUWYkUk2BwmiHp/Bhvz4mlK1xZg45AX3jgnoZ/NxOn69v/D3z
+v5zckSz+rSNCBAUZdyd9fnhNjHjWXJ6PGyQQYDeu+nlHBN6mnc0f0zwEYQMxrHm1
+xww0ak7cDWsh7vgqtXdBFWpGp0CrIkCVZ54ribrAG+6e7VDuiKe0AHC0DVEzV6Be
+x83FTFmD3UzrWHTkbWzCsVTaOJfWBnUGkmVZuB/xGmLyRMBikWkCdHFBiwbyOood
+aaYs3nOeLPQjWQF7a/FQhye1EJ8YVN0K7g==
+-----END X509 CRL-----
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/build-ca b/WF/openvpn/gw-ckubu/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/build-dh b/WF/openvpn/gw-ckubu/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/build-inter b/WF/openvpn/gw-ckubu/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/build-key b/WF/openvpn/gw-ckubu/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/build-key-pass b/WF/openvpn/gw-ckubu/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12 b/WF/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/build-key-server b/WF/openvpn/gw-ckubu/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/build-req b/WF/openvpn/gw-ckubu/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/build-req-pass b/WF/openvpn/gw-ckubu/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/clean-all b/WF/openvpn/gw-ckubu/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/inherit-inter b/WF/openvpn/gw-ckubu/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/list-crl b/WF/openvpn/gw-ckubu/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf b/WF/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf b/WF/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf b/WF/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..30689ad
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG b/WF/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
new file mode 100644
index 0000000..c301e44
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf.ORIG
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/openssl.cnf b/WF/openvpn/gw-ckubu/easy-rsa/openssl.cnf
new file mode 120000
index 0000000..929baa7
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/openssl.cnf
@@ -0,0 +1 @@
+/etc/openvpn/gw-ckubu/easy-rsa/openssl-1.0.0.cnf
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/pkitool b/WF/openvpn/gw-ckubu/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/revoke-full b/WF/openvpn/gw-ckubu/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/sign-req b/WF/openvpn/gw-ckubu/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/vars b/WF/openvpn/gw-ckubu/easy-rsa/vars
new file mode 100644
index 0000000..539a66b
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/vars
@@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/gw-ckubu"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="o.open"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="argus@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN WF"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-WF"
+
+export KEY_ALTNAMES="VPN-WF"
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/vars.2018-05-05-0002 b/WF/openvpn/gw-ckubu/easy-rsa/vars.2018-05-05-0002
new file mode 100644
index 0000000..e60420c
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/vars.2018-05-05-0002
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/WF/openvpn/gw-ckubu/easy-rsa/whichopensslcnf b/WF/openvpn/gw-ckubu/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/ipp.txt b/WF/openvpn/gw-ckubu/ipp.txt
new file mode 100644
index 0000000..e69de29
diff --git a/WF/openvpn/gw-ckubu/keys-created.txt b/WF/openvpn/gw-ckubu/keys-created.txt
new file mode 100644
index 0000000..2dc6c0e
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys-created.txt
@@ -0,0 +1,4 @@
+
+key...............: gw-ckubu.key
+common name.......: VPN-WF-gw-ckubu
+password..........: jeew4rai0bei9noo7Eixoh4aL2Aeveux
diff --git a/WF/openvpn/gw-ckubu/keys/01.pem b/WF/openvpn/gw-ckubu/keys/01.pem
new file mode 100644
index 0000000..2001595
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/01.pem
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:07:33 2018 GMT
+            Not After : May  5 09:07:33 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-server/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:b7:55:76:2f:0a:b9:28:84:08:aa:51:dc:d3:93:
+                    fb:e8:64:f5:7c:c6:4b:90:6d:a8:9f:51:b6:90:69:
+                    81:30:64:6d:32:dc:59:51:f3:cf:68:96:45:11:ae:
+                    2f:17:79:b5:c7:4b:11:ba:27:bb:94:fb:7c:5e:90:
+                    84:c7:89:d3:a7:60:ed:cc:fc:59:b3:38:4f:67:75:
+                    e0:2a:65:2c:54:5a:c0:98:28:f4:b4:65:4c:aa:5d:
+                    3f:6a:a2:e2:33:a2:5e:0c:60:d5:e1:69:4c:35:9e:
+                    aa:03:bb:01:2d:fb:2c:11:b1:43:09:96:27:f6:ca:
+                    18:5e:6d:d1:a7:e0:5d:8d:3e:52:ae:5d:ff:9e:32:
+                    e9:3c:11:da:35:b7:1a:b0:14:79:74:7b:57:51:15:
+                    8c:a9:ca:1a:ba:e4:0d:53:d7:27:ce:7d:24:aa:98:
+                    ae:2a:da:5a:cd:a5:6f:53:6c:22:f4:5a:52:53:6a:
+                    83:52:fe:8f:e3:dc:8b:a9:99:f5:0b:61:a6:05:c2:
+                    ad:f6:6c:cc:c4:7e:13:8c:28:88:09:98:c8:4d:be:
+                    b1:69:6c:5a:4a:85:71:0b:50:22:b4:ee:35:71:82:
+                    31:31:b3:a2:5f:2f:79:d3:75:68:be:37:e8:e0:7b:
+                    77:a0:fe:62:b0:be:a4:7a:1d:a8:8b:30:d1:d4:0e:
+                    2f:08:18:93:2f:32:b7:29:d5:e6:41:a5:e4:92:09:
+                    d3:d4:d7:c3:f9:33:48:e6:be:f5:e0:e3:ae:35:7a:
+                    a4:ee:40:a1:d4:e9:cf:fc:81:7d:31:e6:af:bf:f1:
+                    e6:6d:da:1f:d0:e2:53:35:9d:b8:f4:a7:53:03:8b:
+                    f9:e0:86:71:b9:45:9e:f9:68:2c:d8:a1:9f:04:73:
+                    f9:8c:b2:9a:53:ea:96:63:8d:13:05:a5:fb:72:e6:
+                    9f:92:23:f5:1b:57:ee:44:8d:75:c8:6b:b6:93:ac:
+                    27:43:10:f0:9a:00:12:d5:95:07:22:ec:fe:01:ea:
+                    0c:c6:0a:86:64:2a:20:98:01:b7:8a:d6:de:35:78:
+                    ad:da:6f:93:eb:b8:29:f3:8a:99:5c:58:8f:dd:15:
+                    ee:8e:26:21:e3:9d:df:60:c0:05:cb:83:3c:7e:9c:
+                    f1:b7:68:bf:f0:b2:7d:c5:0f:56:d6:77:e7:5a:1a:
+                    5c:ba:58:dd:fd:da:8b:03:ed:1e:6d:a7:55:e1:42:
+                    3a:82:a6:17:ad:60:7d:98:bc:ae:c7:ed:a2:d7:6f:
+                    82:a2:a3:4c:b7:79:8b:f4:a4:2e:53:51:a3:33:67:
+                    64:ff:10:53:63:a6:ac:4f:7a:ce:22:74:e0:fc:ee:
+                    2c:f1:a7:71:ae:f5:00:fd:52:a6:23:a0:b2:30:f6:
+                    5a:a3:6f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                C0:D2:0C:48:39:41:59:DC:87:C8:23:A2:04:51:EF:F7:BF:98:7E:0C
+            X509v3 Authority Key Identifier: 
+                keyid:D0:F2:74:20:2A:49:6B:48:97:BC:D1:5B:00:5B:BD:92:11:5C:FA:69
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D2:39:38:94:EC:D1:BC:7F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         45:6b:87:25:2c:19:e0:ab:c8:6b:8d:bb:e8:3f:98:30:54:9d:
+         a0:ad:3e:b7:c5:5d:76:a0:ba:2d:1b:16:8a:87:63:9a:23:9a:
+         b4:94:aa:5c:bd:0f:bf:35:af:60:ef:63:14:cb:00:51:b1:c1:
+         0c:ef:5a:52:1a:8e:5f:a1:20:bb:42:cd:50:a5:71:87:a7:24:
+         80:e9:1a:9f:8d:b4:f9:60:42:e1:20:4a:12:f6:a1:a9:6a:17:
+         94:43:6b:2a:1c:78:02:16:aa:e8:6d:50:b0:95:b8:59:66:ae:
+         5f:4b:87:5c:e6:64:ef:b7:78:72:57:18:04:b4:cc:9d:4f:35:
+         73:ec:48:d0:79:6c:20:92:88:32:d3:59:61:57:86:b8:1a:cc:
+         92:69:f1:9c:82:1d:24:c3:aa:d2:27:0b:ab:c3:3b:0d:44:74:
+         35:35:c5:b1:ce:95:29:8e:55:9e:00:3e:66:53:61:8a:3d:cd:
+         99:6b:80:e5:f6:eb:0d:60:54:8a:b5:43:de:02:4c:fd:a2:22:
+         90:b0:ac:ef:e9:39:9a:3b:f9:0c:cd:49:a5:54:e2:27:74:f6:
+         d6:f7:5d:2d:ef:20:2f:d7:4c:9d:16:c6:6b:57:fc:46:ed:e0:
+         44:91:45:c9:d3:1b:c8:be:e6:b5:62:6a:bd:cf:35:2a:66:59:
+         78:ae:d4:a2:3a:c8:af:79:19:40:73:31:60:3f:5a:df:59:d0:
+         92:b7:e8:a5:83:c3:50:4c:76:79:f3:21:70:d9:38:de:b9:37:
+         ee:15:03:82:a0:bc:94:ac:ce:0d:e6:a2:fd:eb:f2:89:96:e9:
+         9c:e4:f2:f1:09:b7:42:ae:e1:74:fc:87:ee:56:03:c3:46:82:
+         2d:68:56:fd:ef:9d:ce:41:e5:b1:08:3b:ef:f2:86:16:8c:0a:
+         21:2f:2b:4a:35:96:dd:34:fd:d3:ef:01:8a:48:ea:4a:7c:22:
+         af:a8:83:73:c3:2e:0f:de:3a:95:dc:fa:c7:9b:e8:66:77:26:
+         9f:36:b3:98:59:c7:c4:19:4b:65:28:15:b8:4f:47:70:7c:a2:
+         5a:33:15:0c:db:9b:2f:c8:73:1a:10:ef:ae:0f:1e:ff:97:1d:
+         ea:6f:ef:bd:a5:46:3f:d5:cb:d0:7d:2c:1c:00:63:2b:7a:ff:
+         8b:a2:5f:27:d7:5c:ff:ab:ed:b7:a5:98:98:db:e7:43:e2:18:
+         97:4d:e1:df:27:d8:57:cd:0e:29:fe:45:84:ee:e4:bf:b9:c5:
+         dc:4a:63:85:7e:6c:c1:d8:25:c2:fe:13:4d:58:79:ae:98:e7:
+         4c:ad:a8:36:4d:08:06:8f:fd:5d:1c:29:5e:c3:c6:04:e6:2b:
+         a8:6a:41:10:cf:fe:22:8b
+-----BEGIN CERTIFICATE-----
+MIIHPjCCBSagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTA3MzNaFw0zODA1MDUwOTA3MzNaMIGjMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEWMBQGA1UEAxMNVlBOLVdGLXNl
+cnZlcjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALdVdi8KuSiECKpR
+3NOT++hk9XzGS5BtqJ9RtpBpgTBkbTLcWVHzz2iWRRGuLxd5tcdLEbonu5T7fF6Q
+hMeJ06dg7cz8WbM4T2d14CplLFRawJgo9LRlTKpdP2qi4jOiXgxg1eFpTDWeqgO7
+AS37LBGxQwmWJ/bKGF5t0afgXY0+Uq5d/54y6TwR2jW3GrAUeXR7V1EVjKnKGrrk
+DVPXJ859JKqYriraWs2lb1NsIvRaUlNqg1L+j+Pci6mZ9QthpgXCrfZszMR+E4wo
+iAmYyE2+sWlsWkqFcQtQIrTuNXGCMTGzol8vedN1aL436OB7d6D+YrC+pHodqIsw
+0dQOLwgYky8ytynV5kGl5JIJ09TXw/kzSOa+9eDjrjV6pO5AodTpz/yBfTHmr7/x
+5m3aH9DiUzWduPSnUwOL+eCGcblFnvloLNihnwRz+YyymlPqlmONEwWl+3Lmn5Ij
+9RtX7kSNdchrtpOsJ0MQ8JoAEtWVByLs/gHqDMYKhmQqIJgBt4rW3jV4rdpvk+u4
+KfOKmVxYj90V7o4mIeOd32DABcuDPH6c8bdov/CyfcUPVtZ351oaXLpY3f3aiwPt
+Hm2nVeFCOoKmF61gfZi8rsftotdvgqKjTLd5i/SkLlNRozNnZP8QU2OmrE96ziJ0
+4PzuLPGnca71AP1SpiOgsjD2WqNvAgMBAAGjggGAMIIBfDAJBgNVHRMEAjAAMBEG
+CWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJh
+dGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUwNIMSDlBWdyHyCOiBFHv
+97+YfgwwgdEGA1UdIwSByTCBxoAU0PJ0ICpJa0iXvNFbAFu9khFc+mmhgaKkgZ8w
+gZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8w
+DQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGWCCQDSOTiU7NG8fzATBgNVHSUEDDAKBggrBgEFBQcDATAL
+BgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IC
+AQBFa4clLBngq8hrjbvoP5gwVJ2grT63xV12oLotGxaKh2OaI5q0lKpcvQ+/Na9g
+72MUywBRscEM71pSGo5foSC7Qs1QpXGHpySA6RqfjbT5YELhIEoS9qGpaheUQ2sq
+HHgCFqrobVCwlbhZZq5fS4dc5mTvt3hyVxgEtMydTzVz7EjQeWwgkogy01lhV4a4
+GsySafGcgh0kw6rSJwurwzsNRHQ1NcWxzpUpjlWeAD5mU2GKPc2Za4Dl9usNYFSK
+tUPeAkz9oiKQsKzv6TmaO/kMzUmlVOIndPbW910t7yAv10ydFsZrV/xG7eBEkUXJ
+0xvIvua1Ymq9zzUqZll4rtSiOsiveRlAczFgP1rfWdCSt+ilg8NQTHZ58yFw2Tje
+uTfuFQOCoLyUrM4N5qL96/KJlumc5PLxCbdCruF0/IfuVgPDRoItaFb9753OQeWx
+CDvv8oYWjAohLytKNZbdNP3T7wGKSOpKfCKvqINzwy4P3jqV3PrHm+hmdyafNrOY
+WcfEGUtlKBW4T0dwfKJaMxUM25svyHMaEO+uDx7/lx3qb++9pUY/1cvQfSwcAGMr
+ev+Lol8n11z/q+23pZiY2+dD4hiXTeHfJ9hXzQ4p/kWE7uS/ucXcSmOFfmzB2CXC
+/hNNWHmumOdMrag2TQgGj/1dHClew8YE5iuoakEQz/4iiw==
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/gw-ckubu/keys/02.pem b/WF/openvpn/gw-ckubu/keys/02.pem
new file mode 100644
index 0000000..3334f86
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/02.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:42:31 2018 GMT
+            Not After : May  5 09:42:31 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-gw-ckubu/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:b2:94:ac:9d:49:b5:2d:0e:db:f1:19:1b:4d:c9:
+                    ce:65:b9:18:e6:7a:c2:c6:e5:12:e3:c4:d3:47:9c:
+                    65:74:0a:80:20:4e:1d:70:18:8e:b7:86:e4:e0:ec:
+                    2a:f8:66:bf:6a:14:8f:44:4e:1b:cd:61:a0:b3:13:
+                    0f:00:ec:2b:4d:06:c8:cd:34:d2:6b:e8:44:f3:cc:
+                    9b:fd:87:b1:f9:a8:c5:17:79:79:3f:c5:05:0e:7b:
+                    a1:b2:4b:58:29:33:b9:82:69:bf:b3:bc:a5:51:79:
+                    03:db:6f:4f:55:62:52:64:f0:e4:a3:20:a4:e9:7f:
+                    5d:78:f2:2b:d5:8e:5b:a7:d8:55:b2:ef:a4:01:b8:
+                    2f:fa:1a:83:29:5b:36:b7:d4:84:cf:db:11:d4:3d:
+                    db:3c:14:a8:42:af:76:d8:0f:ae:00:1f:13:b8:c3:
+                    bb:f9:06:b9:e9:23:77:4c:d7:a9:a4:36:d9:f2:c3:
+                    09:0c:00:a8:e2:7e:a4:b8:68:a2:c0:62:b0:42:2b:
+                    2e:0a:55:9c:e1:9b:64:97:2c:51:ca:4e:27:5f:7b:
+                    5a:ce:86:79:fc:78:67:58:05:48:c8:3b:4a:24:ba:
+                    06:4e:db:89:40:f4:eb:83:ab:bb:dc:bf:1d:67:f5:
+                    dd:ce:ce:38:26:d7:15:80:5c:97:73:fb:58:7e:96:
+                    b4:ab:03:9a:12:36:38:78:86:5b:47:c7:e7:13:56:
+                    83:54:a3:b1:a4:5e:be:75:3e:bc:ee:0d:9e:8d:99:
+                    e4:ef:16:ad:ee:74:35:c4:ed:1d:3a:9b:94:9c:67:
+                    07:a2:3e:b1:4b:fa:9e:94:97:51:12:1a:12:98:17:
+                    0c:fa:ce:3b:01:c0:a1:bc:b4:1c:9d:8c:68:31:4b:
+                    6d:19:ad:48:c0:c4:3e:24:b2:80:92:87:ba:4b:16:
+                    39:3b:f4:45:73:b8:a4:16:dc:6a:4e:3a:18:84:46:
+                    9e:38:47:69:ca:57:5d:92:5b:36:1a:06:3e:ce:1a:
+                    f5:f5:0e:df:40:6e:06:24:0c:dc:69:7f:24:64:d5:
+                    bd:94:2b:0b:6e:75:4d:2a:cd:0d:3e:a4:b3:94:7d:
+                    55:f1:f4:56:f2:a6:c6:2c:16:28:e2:9b:26:bf:d6:
+                    52:57:3e:2e:4a:f8:de:8b:3b:71:0d:76:9c:ae:7f:
+                    e6:93:a4:1a:0a:c0:54:88:62:f9:5b:5d:12:31:5c:
+                    dd:a0:20:e1:65:a5:cb:a5:b6:af:dd:3a:92:74:ef:
+                    0c:70:98:0e:ad:1c:38:a2:3e:ae:6f:81:5e:44:3d:
+                    4f:8c:b7:cb:50:93:53:e3:24:14:c5:a3:38:70:9a:
+                    eb:39:11:1c:66:b6:7f:43:31:5b:e7:40:39:c0:f8:
+                    f7:5e:61
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                0B:5A:3F:E1:53:15:BC:CD:55:77:FE:5A:67:FE:95:A2:D4:06:EF:F2
+            X509v3 Authority Key Identifier: 
+                keyid:D0:F2:74:20:2A:49:6B:48:97:BC:D1:5B:00:5B:BD:92:11:5C:FA:69
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D2:39:38:94:EC:D1:BC:7F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         5e:4b:92:be:5d:99:f9:f4:ed:fc:06:1d:b8:c1:61:07:06:6a:
+         9a:88:af:81:84:04:6f:44:e7:63:c5:04:be:37:d8:52:e5:68:
+         bc:bd:1e:ba:50:7c:88:fe:e9:a0:a9:3b:af:cc:ee:ee:46:49:
+         01:fd:ff:60:68:d4:23:90:0d:e9:d6:54:97:43:e2:80:24:09:
+         cb:81:17:06:36:c4:83:0c:17:84:64:59:72:ab:28:45:42:73:
+         e8:59:b2:01:e5:e7:f6:45:29:07:71:fd:76:0b:ac:97:38:b3:
+         e6:54:16:08:84:49:f9:97:36:93:fd:77:64:f9:90:1f:d2:bb:
+         1c:57:20:ff:b5:c1:57:bb:b1:b2:8c:b1:ad:95:64:34:de:d4:
+         a2:3b:73:5c:60:6f:96:7e:6b:31:a6:10:3d:cc:c9:f2:df:fa:
+         34:b6:8c:e3:e1:25:90:31:a6:21:a1:04:2f:12:bd:3c:e6:6b:
+         2b:06:91:a9:00:10:1c:e0:22:e3:f3:dd:ae:ab:2a:7d:e5:3c:
+         52:8d:a7:5c:e8:00:b1:95:44:cc:24:45:87:6e:b9:f7:68:06:
+         5c:06:ab:d5:6d:e9:62:a5:8a:1f:57:14:17:2e:15:b2:8b:1f:
+         6d:19:1b:da:0f:ac:49:4c:9e:43:1d:0e:e7:28:41:9e:a1:c7:
+         a5:8d:76:f5:6c:e5:33:5b:fa:46:83:69:6b:b8:75:0a:ab:e1:
+         5a:d8:d5:7c:7d:e9:57:2d:be:f9:1b:2d:3f:41:5b:31:41:32:
+         53:80:5c:98:b8:35:da:31:f8:ff:56:d3:3f:68:ab:ef:9b:39:
+         5a:4d:ec:7f:6a:ad:d2:06:f3:7b:4d:ec:49:78:7a:57:a6:bd:
+         77:b2:1d:fa:be:e2:f5:60:ac:fb:cb:27:76:e5:86:ea:19:28:
+         e3:5a:b9:7b:bf:d0:3d:d5:b7:79:81:d8:6b:f6:24:bd:a8:60:
+         53:1a:ee:b7:94:f8:86:01:67:a1:f3:47:40:0e:4e:6c:bf:f5:
+         e9:80:ea:1e:63:7f:6e:d6:49:66:3d:25:8c:ef:7e:5c:c8:46:
+         0e:a2:f5:e1:ff:82:80:ec:bc:06:23:13:17:86:f1:47:a5:6a:
+         1b:12:d9:78:55:86:76:33:8a:68:a0:05:f3:c4:d8:29:01:5c:
+         24:d7:f4:a9:c4:ba:61:7f:4e:4e:a4:6f:bb:bd:3e:ab:3b:4b:
+         0f:ae:c3:d7:69:09:6b:29:6b:df:87:ef:99:25:fc:8e:64:e7:
+         69:89:a7:18:34:b5:b1:b7:18:fe:b9:0e:9c:27:1a:d2:18:bd:
+         31:6c:d0:34:b2:c2:58:7f:e6:19:e8:37:91:a8:5b:0d:ba:99:
+         94:68:1f:01:c0:b4:01:e8
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTQyMzFaFw0zODA1MDUwOTQyMzFaMIGlMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVdGLWd3
+LWNrdWJ1MQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAspSsnUm1LQ7b
+8RkbTcnOZbkY5nrCxuUS48TTR5xldAqAIE4dcBiOt4bk4Owq+Ga/ahSPRE4bzWGg
+sxMPAOwrTQbIzTTSa+hE88yb/Yex+ajFF3l5P8UFDnuhsktYKTO5gmm/s7ylUXkD
+229PVWJSZPDkoyCk6X9dePIr1Y5bp9hVsu+kAbgv+hqDKVs2t9SEz9sR1D3bPBSo
+Qq922A+uAB8TuMO7+Qa56SN3TNeppDbZ8sMJDACo4n6kuGiiwGKwQisuClWc4Ztk
+lyxRyk4nX3tazoZ5/HhnWAVIyDtKJLoGTtuJQPTrg6u73L8dZ/Xdzs44JtcVgFyX
+c/tYfpa0qwOaEjY4eIZbR8fnE1aDVKOxpF6+dT687g2ejZnk7xat7nQ1xO0dOpuU
+nGcHoj6xS/qelJdREhoSmBcM+s47AcChvLQcnYxoMUttGa1IwMQ+JLKAkoe6SxY5
+O/RFc7ikFtxqTjoYhEaeOEdpylddkls2GgY+zhr19Q7fQG4GJAzcaX8kZNW9lCsL
+bnVNKs0NPqSzlH1V8fRW8qbGLBYo4psmv9ZSVz4uSvjeiztxDXacrn/mk6QaCsBU
+iGL5W10SMVzdoCDhZaXLpbav3TqSdO8McJgOrRw4oj6ub4FeRD1PjLfLUJNT4yQU
+xaM4cJrrOREcZrZ/QzFb50A5wPj3XmECAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
+LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUC1o/4VMVvM1Vd/5aZ/6VotQG7/IwgdEGA1UdIwSByTCBxoAU0PJ0
+ICpJa0iXvNFbAFu9khFc+mmhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkT
+BlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDSOTiU7NG8
+fzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
+Z3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAF5Lkr5dmfn07fwGHbjBYQcGapqI
+r4GEBG9E52PFBL432FLlaLy9HrpQfIj+6aCpO6/M7u5GSQH9/2Bo1COQDenWVJdD
+4oAkCcuBFwY2xIMMF4RkWXKrKEVCc+hZsgHl5/ZFKQdx/XYLrJc4s+ZUFgiESfmX
+NpP9d2T5kB/SuxxXIP+1wVe7sbKMsa2VZDTe1KI7c1xgb5Z+azGmED3MyfLf+jS2
+jOPhJZAxpiGhBC8SvTzmaysGkakAEBzgIuPz3a6rKn3lPFKNp1zoALGVRMwkRYdu
+ufdoBlwGq9Vt6WKlih9XFBcuFbKLH20ZG9oPrElMnkMdDucoQZ6hx6WNdvVs5TNb
++kaDaWu4dQqr4VrY1Xx96VctvvkbLT9BWzFBMlOAXJi4Ndox+P9W0z9oq++bOVpN
+7H9qrdIG83tN7El4elemvXeyHfq+4vVgrPvLJ3blhuoZKONauXu/0D3Vt3mB2Gv2
+JL2oYFMa7reU+IYBZ6HzR0AOTmy/9emA6h5jf27WSWY9JYzvflzIRg6i9eH/goDs
+vAYjExeG8UelahsS2XhVhnYzimigBfPE2CkBXCTX9KnEumF/Tk6kb7u9Pqs7Sw+u
+w9dpCWspa9+H75kl/I5k52mJpxg0tbG3GP65DpwnGtIYvTFs0DSywlh/5hnoN5Go
+Ww26mZRoHwHAtAHo
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/gw-ckubu/keys/ca.crt b/WF/openvpn/gw-ckubu/keys/ca.crt
new file mode 100644
index 0000000..4414052
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/ca.crt
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIGxjCCBK6gAwIBAgIJANI5OJTs0bx/MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMCAXDTE4MDUwNDIyMDQzNVoYDzIwNTAwNTA0MjIwNDM1WjCBnDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
+BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+Qg+M2wuVE
+xG3mDM6abF2wyU7bVeIVgbdU3L+aleso8IyCwyZS3JTWafR2HzHGBIRvmmxNVehs
+EAM8AtkxMqKSGTv3HgnaHy6XSNlMqmO78rCUifFs24Uw2vbnbrytxEGGr7aFVaiy
+f+nZ6uc+KT4sJzzxc4UV3BxH6aBt/itNCrx/mPrQ6JBsH1U0pJp8O35UNmgPxRTW
+A96LMxvupC4K5MWCK/ZMgJ+zaKuHY2Zn09vmxIOEkzGY0MSQynLaIa/W6TLlGXpn
+UKRArd098gS6IF3TNLeTHKwwEMdQREguL+C3I4m9a9uCFs9AUGmKx93prRG38RL7
+TrdJTG5J2642xBQae/M4NjjPZ8yiNKMiO5CM6RiINtC3NykwlR+74LmDz0wxvxoz
+zsNdpYKH9eaqE7xmRhpXPYc41oCT7QOg8kh1k11dx7awx1edD+5MBklyr23yph7I
+p4j2aA2Ce4PKgH9p4pPNDuMI7o6AFpQZC/YaKO315PIvkGbI2FPvkD6WAFo6ol4K
+P4Qs8l3dek6cqys5tkq5G1vh61P33hnRqIOlDjZ/03gtsZKjndY+WSR+ilcTb+dP
+I2dYXqX+Cy6xY4bHVxpHg7MXYDZoXtVnjLcC5EviwiShqDBReH1CFCfDlleWjkob
+vlLjvCO19SEzHWK7lAUvSuOk+XFlPwgRAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
+0PJ0ICpJa0iXvNFbAFu9khFc+mkwgdEGA1UdIwSByTCBxoAU0PJ0ICpJa0iXvNFb
+AFu9khFc+mmhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDSOTiU7NG8fzAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQA1PlBb6rHJnwpZwfY0Uvb1CVbCuVF2
+4C54AMdWKTORs8U9fVKTwVxzV+aeHiEztxOoKLhIq8EN3+0HkDdXBKHagHXjzEoe
+h91n/5nfc9IqR4WVO9AqFaqiIQmSOFqtryoG8ZgHtAz65YCGruG3BS95IIooeXQW
+r1sH3L/2rb0ea11zP3CtBy2pKlHiu6289JiLyObKFaQFu7PCJzWARV4pIJf1XgZl
+qk2YundPpKxtxHUhe0UObYFrcgo1ccBnKEsEcMANk7nz27QXML1dSSRMFc/AInpJ
+EMrInTaGI5rGusgbGrPSVAnuLMkmDdNE6r6l4L9cd5m867CUfp89m4BCU8Cjv+UP
+5bnBU9DgUqMs0jlOqbfy27FOsPXBhsyR4QdddJCAg+yYuYdBgVo8XRZiSPYTi55G
+M29n92ma9HVU95WA4cR9d3IlgNk40RhgAVMcGAOgk/sQFfp43DssBtcY5wweva7B
+a9M34o0f4HslXDm6xV8y9P+zcScbs9B9WXE+2HvMwVTrXnM/EhpyL0MlZ5NXcHld
+cBqNwRu84Rw2iw54sQDb8R0a3NJ3ZxHbQG8crgUD80xgZe1ds9k6YoCr4c4wh7SP
+ru1i2v9bdCskC/vsGOR7BNUvVfJFcfk6PcqynHjvGgz8tWWdEkbRA29UZM0paAwZ
+Ic3ZiGwAJvoitQ==
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/gw-ckubu/keys/ca.key b/WF/openvpn/gw-ckubu/keys/ca.key
new file mode 100644
index 0000000..79511f3
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCvkIPjNsLlRMRt
+5gzOmmxdsMlO21XiFYG3VNy/mpXrKPCMgsMmUtyU1mn0dh8xxgSEb5psTVXobBAD
+PALZMTKikhk79x4J2h8ul0jZTKpju/KwlInxbNuFMNr25268rcRBhq+2hVWosn/p
+2ernPik+LCc88XOFFdwcR+mgbf4rTQq8f5j60OiQbB9VNKSafDt+VDZoD8UU1gPe
+izMb7qQuCuTFgiv2TICfs2irh2NmZ9Pb5sSDhJMxmNDEkMpy2iGv1uky5Rl6Z1Ck
+QK3dPfIEuiBd0zS3kxysMBDHUERILi/gtyOJvWvbghbPQFBpisfd6a0Rt/ES+063
+SUxuSduuNsQUGnvzODY4z2fMojSjIjuQjOkYiDbQtzcpMJUfu+C5g89MMb8aM87D
+XaWCh/XmqhO8ZkYaVz2HONaAk+0DoPJIdZNdXce2sMdXnQ/uTAZJcq9t8qYeyKeI
+9mgNgnuDyoB/aeKTzQ7jCO6OgBaUGQv2Gijt9eTyL5BmyNhT75A+lgBaOqJeCj+E
+LPJd3XpOnKsrObZKuRtb4etT994Z0aiDpQ42f9N4LbGSo53WPlkkfopXE2/nTyNn
+WF6l/gsusWOGx1caR4OzF2A2aF7VZ4y3AuRL4sIkoagwUXh9QhQnw5ZXlo5KG75S
+47wjtfUhMx1iu5QFL0rjpPlxZT8IEQIDAQABAoICABrj8a99lcB0FfoXQGLsuChp
+iYvwgGkOjj28W8tlLA1GygFbjfRywKJzbOsqpICFKe/3ABoShlQBKTq1mGIX7P+F
+jSPoJ8uugxQpy9isq3R3NybguXgnCkCOSRuEOyvfGa5HqOY16fba0EjLPfWJSdvh
++2iUOvNpc7tJMHmIH2QWesyAZrgUA2sLhIkSdRvMZ3hkAalSsQcN+K2/eGaQ2MjM
+llnCJGWnNhQ/8IpFRG5M/OAzqmnShpEULPXOj5Oj4YEDU9idypc699kQpxC6CjW7
+JHX6gZqUh9G/0vIUU0ETAfZTVrgkMT7/3+qCmU5xGUfeIMoT+HLF1zqvmWtTGLiH
+WqVmOiDw6TOmEnfN0U0YeWUFKpW2uu8Y1FV4Ga/0fCHZNXbGJWH81a+IQ0U2qXeW
+Vu42b6jBraVrjmnjX72dIU7NceolztwiqURM8vlafU4VG3y8MoVMGlgxgrQ4eDNd
+V+vBHiIcXyxNPOxRZ8xHeqpPBAu3QDpbNU1J91xveRicgzHC1pmQ/CKwP+rxEDt0
+ncO/+yQEAMwf0Lmws+E0htXnlHADDrNFin5OjFMFz1K6E0Dfr+NQQLpEv362ztrb
+a2LIAwSq0tsluSAVNOqkRiXvBqk5oIQJ24nXWbBLWY1iCdFJ93Y1R4tj3stoiRUv
+9eERxGBefsWotZSmZUahAoIBAQDeTVU6Y1a0U8xnL+GwOcyV+7+iFeYrtqDQlKYB
+6q/OenPbsXq9cJvVGTRKwBSoDXEcuqVuYhlAyujOlnPvCXGlK1xxuPO7L+Ei0QR7
+VFLJ33XWz0IdPgjt8zyZHB3wiAPm2L9aCCqKyu7ZFPmki6CsEeT6J0gxz5ihwqB8
+xcAVWQB40kYyJBuaL2ooYeBCmCmqepQ3xdpQWs5k8FvSPY1mBSsmwVT+cGj863Vq
+hklfz0OapJdcQVhI/DsAgKjOvfsyBCHEbC/4adTHUUgxak5C6baLgEajPvPvlPT3
+LkDdAcIAsmpGeh4kq50NruS4jod8gs2l67Ic+KWhEVYdgsVNAoIBAQDKLXtFGbQn
+0I6ZidY6vMqRLzNyaNOO7efi3/eeSe6fTou0ej3nRUITOni8AyDOWDUV08vnRBHI
+mh7eck39CX5f+w1Nie9ucGhp3XXPencAbRk4yBmu94cSdpLBtHRPLGAs0Px6TlEe
+u37CnU2yEmFcyKW20pnmQkvY/uGAipW35ox4LhI/Q77AGWShSnrTXke1657EWh+9
+P6gmGFyKrmyvK1EwWqm3sLu8/vBcrZ8TOBoVX7tBCDo/iK8I0Eg1BnbRlqEPn4/T
++/rCaD9OV27IZbz0i3EeaoMCkttjLVMQ6mPVX/2+B2ptxVEdJk74zDY5gm4f+ZLo
+uNzcmaznSNvVAoIBAGYaVNv1hnxaxNZcGqfLVFlLANCciFRplGFY9QqKVWdbvN0a
+Hkrmbtyor+jpYlNxoRNV8ufJLNoimF1SozsWNllrmhEtptzB+AD6ybkvmLrZ5RDd
+rvspZAaOorWcQXAZuNkNko3ylD+dR6jzRlo6O3js2yO+aR1fwTYC452LYlcrwti7
+k7wx82+U+YhEtDFCHFkN5gfb2xLvMj8QWswss0Y5d4FcaQJYdRA9wXdE6GyWEPH1
+SQP5i2gyWZM4hNA4WCi31x6Vpk7NpQpLHgJ8VifLmqlmKIuQPZA79WuWlfosdYPG
+bqOiMTgcjo0bWDggVsBsf7IGmI9P8RsSkGALkT0CggEBAIwdZx/lh2hMbndUAmck
+rdJefu4cXfnhQOKHy0kk/b3kJogGa95arkc7L69FD7hRg0DETrzQ/O4keZ46Y3go
+2y9Tgs2o+Yl1V7d+poYK3mwqL9+dNcd/flm6WUzrbevs2h5VG5T7r9Z3pIrlj5II
+kPdHiykf3U6pxXz2b3uxD7+qhNFJRJYZshnZv1bUkjjoTxRx3c9AklyKwFLecUwf
+Q+1GPPcg7hwC3KlHmXbxUJx2NgV4GgMg25VqebvG9TPibfgkxyxXrcsBB7ExpCX8
+DCfP8lscRGIK+Q6QjoC2Saogdt3Kr8TByO2YYPWtte9RP4ctsHpycXDdpRsxWZXU
+dZ0CggEBAMD43PH9kGFG7TdyeCZqBOIGu06CnYq9Y205PH4if+I79olujnJs0iA/
+tbfkVMvJxXR7TDg9G/X+oW+cBbblbqe4vRpjfaK6EUvrbEqERfUQ2/dFsp7nrD59
+P6yFj442lnZkhBeK1CE00ocpxNz2Ml32xVlx/yunoDZuWFSupvyBMY6KiXMfVq1X
+FY+WuQO3Wc62LbsTVOMptoKD/uCiD2b1bHrL6pvzhCAdkAU+O8NfNcoYxJjm0hLc
+2Udz/kNggj3I3MRsmPlPmhvZaH1dKvlNjs2ksN47/ppbEDbKh2s//kzLMsXF+Doh
+jNt0lT6X2XxBnx0HQL70xPUVieu/+GA=
+-----END PRIVATE KEY-----
diff --git a/WF/openvpn/gw-ckubu/keys/crl.pem b/WF/openvpn/gw-ckubu/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/WF/openvpn/gw-ckubu/keys/dh4096.pem b/WF/openvpn/gw-ckubu/keys/dh4096.pem
new file mode 100644
index 0000000..bedf146
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/dh4096.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAzrhrnM4U9xb0xkelwjgDcp+Q9+Fyxj6hWt2pG+X8Xa3XybIFQGWe
+Thlu6db1X15hZXEelnmS6TEpBCxSKbiMFOjlCFj52UUSJjs6gidIcmNh0aZoohSn
+jgn1atE05qvWSjZu87fZtG3UVZEYysMBmpJB7iID7FyZqXCmwcZRT0HRd6gJX0L9
+CUrOflnBAzOGE8Jc7CwIPyqjlkaHiWGYCFKvyuClxrhPHo670wtR0xY8Gn0FcAFx
+kygnUmE8g/7UpbfuqhwqxiDQSDW2hz5/hXKcM8CEStRLFH80f9PIvm1lyX+pIxMH
+dUGmT1zPW9b6Z6Af5EGbdZp4TvcOGhehA8f2P97tK4GsQDNwWFj63nCWuGMvPTzw
+d62aakXx+h0bzUsBQ5df7n3PopLw4Kbh2YmJrxbGVv3FeFl+Pzf0HgKtwmha4qnf
+MSVda/EysuGA5uk496zCVPLFbVSWZsn24l4piEXxSQB/EwR7EfqqWnQmEYTxwr54
+UtSu7uLU8BwdH1/MeQipZ8o+WA7nqUrAhv8rSnjkv5QMizd0e7bKZnkUKMK59aB+
+yTGBbsXsH/JSlY/FBgwb4+Hk1VoYOuZUe8lM9ofXYmk7c5FZnhY5CptMxCkBGoUg
+4WQbw+zeC5Ku3A4sU3V7xl1yXk3IlyMYO7FgJlWu7DSlwlDJVdNMOuMCAQI=
+-----END DH PARAMETERS-----
diff --git a/WF/openvpn/gw-ckubu/keys/gw-ckubu.crt b/WF/openvpn/gw-ckubu/keys/gw-ckubu.crt
new file mode 100644
index 0000000..3334f86
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/gw-ckubu.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:42:31 2018 GMT
+            Not After : May  5 09:42:31 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-gw-ckubu/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:b2:94:ac:9d:49:b5:2d:0e:db:f1:19:1b:4d:c9:
+                    ce:65:b9:18:e6:7a:c2:c6:e5:12:e3:c4:d3:47:9c:
+                    65:74:0a:80:20:4e:1d:70:18:8e:b7:86:e4:e0:ec:
+                    2a:f8:66:bf:6a:14:8f:44:4e:1b:cd:61:a0:b3:13:
+                    0f:00:ec:2b:4d:06:c8:cd:34:d2:6b:e8:44:f3:cc:
+                    9b:fd:87:b1:f9:a8:c5:17:79:79:3f:c5:05:0e:7b:
+                    a1:b2:4b:58:29:33:b9:82:69:bf:b3:bc:a5:51:79:
+                    03:db:6f:4f:55:62:52:64:f0:e4:a3:20:a4:e9:7f:
+                    5d:78:f2:2b:d5:8e:5b:a7:d8:55:b2:ef:a4:01:b8:
+                    2f:fa:1a:83:29:5b:36:b7:d4:84:cf:db:11:d4:3d:
+                    db:3c:14:a8:42:af:76:d8:0f:ae:00:1f:13:b8:c3:
+                    bb:f9:06:b9:e9:23:77:4c:d7:a9:a4:36:d9:f2:c3:
+                    09:0c:00:a8:e2:7e:a4:b8:68:a2:c0:62:b0:42:2b:
+                    2e:0a:55:9c:e1:9b:64:97:2c:51:ca:4e:27:5f:7b:
+                    5a:ce:86:79:fc:78:67:58:05:48:c8:3b:4a:24:ba:
+                    06:4e:db:89:40:f4:eb:83:ab:bb:dc:bf:1d:67:f5:
+                    dd:ce:ce:38:26:d7:15:80:5c:97:73:fb:58:7e:96:
+                    b4:ab:03:9a:12:36:38:78:86:5b:47:c7:e7:13:56:
+                    83:54:a3:b1:a4:5e:be:75:3e:bc:ee:0d:9e:8d:99:
+                    e4:ef:16:ad:ee:74:35:c4:ed:1d:3a:9b:94:9c:67:
+                    07:a2:3e:b1:4b:fa:9e:94:97:51:12:1a:12:98:17:
+                    0c:fa:ce:3b:01:c0:a1:bc:b4:1c:9d:8c:68:31:4b:
+                    6d:19:ad:48:c0:c4:3e:24:b2:80:92:87:ba:4b:16:
+                    39:3b:f4:45:73:b8:a4:16:dc:6a:4e:3a:18:84:46:
+                    9e:38:47:69:ca:57:5d:92:5b:36:1a:06:3e:ce:1a:
+                    f5:f5:0e:df:40:6e:06:24:0c:dc:69:7f:24:64:d5:
+                    bd:94:2b:0b:6e:75:4d:2a:cd:0d:3e:a4:b3:94:7d:
+                    55:f1:f4:56:f2:a6:c6:2c:16:28:e2:9b:26:bf:d6:
+                    52:57:3e:2e:4a:f8:de:8b:3b:71:0d:76:9c:ae:7f:
+                    e6:93:a4:1a:0a:c0:54:88:62:f9:5b:5d:12:31:5c:
+                    dd:a0:20:e1:65:a5:cb:a5:b6:af:dd:3a:92:74:ef:
+                    0c:70:98:0e:ad:1c:38:a2:3e:ae:6f:81:5e:44:3d:
+                    4f:8c:b7:cb:50:93:53:e3:24:14:c5:a3:38:70:9a:
+                    eb:39:11:1c:66:b6:7f:43:31:5b:e7:40:39:c0:f8:
+                    f7:5e:61
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                0B:5A:3F:E1:53:15:BC:CD:55:77:FE:5A:67:FE:95:A2:D4:06:EF:F2
+            X509v3 Authority Key Identifier: 
+                keyid:D0:F2:74:20:2A:49:6B:48:97:BC:D1:5B:00:5B:BD:92:11:5C:FA:69
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D2:39:38:94:EC:D1:BC:7F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:gw-ckubu
+    Signature Algorithm: sha256WithRSAEncryption
+         5e:4b:92:be:5d:99:f9:f4:ed:fc:06:1d:b8:c1:61:07:06:6a:
+         9a:88:af:81:84:04:6f:44:e7:63:c5:04:be:37:d8:52:e5:68:
+         bc:bd:1e:ba:50:7c:88:fe:e9:a0:a9:3b:af:cc:ee:ee:46:49:
+         01:fd:ff:60:68:d4:23:90:0d:e9:d6:54:97:43:e2:80:24:09:
+         cb:81:17:06:36:c4:83:0c:17:84:64:59:72:ab:28:45:42:73:
+         e8:59:b2:01:e5:e7:f6:45:29:07:71:fd:76:0b:ac:97:38:b3:
+         e6:54:16:08:84:49:f9:97:36:93:fd:77:64:f9:90:1f:d2:bb:
+         1c:57:20:ff:b5:c1:57:bb:b1:b2:8c:b1:ad:95:64:34:de:d4:
+         a2:3b:73:5c:60:6f:96:7e:6b:31:a6:10:3d:cc:c9:f2:df:fa:
+         34:b6:8c:e3:e1:25:90:31:a6:21:a1:04:2f:12:bd:3c:e6:6b:
+         2b:06:91:a9:00:10:1c:e0:22:e3:f3:dd:ae:ab:2a:7d:e5:3c:
+         52:8d:a7:5c:e8:00:b1:95:44:cc:24:45:87:6e:b9:f7:68:06:
+         5c:06:ab:d5:6d:e9:62:a5:8a:1f:57:14:17:2e:15:b2:8b:1f:
+         6d:19:1b:da:0f:ac:49:4c:9e:43:1d:0e:e7:28:41:9e:a1:c7:
+         a5:8d:76:f5:6c:e5:33:5b:fa:46:83:69:6b:b8:75:0a:ab:e1:
+         5a:d8:d5:7c:7d:e9:57:2d:be:f9:1b:2d:3f:41:5b:31:41:32:
+         53:80:5c:98:b8:35:da:31:f8:ff:56:d3:3f:68:ab:ef:9b:39:
+         5a:4d:ec:7f:6a:ad:d2:06:f3:7b:4d:ec:49:78:7a:57:a6:bd:
+         77:b2:1d:fa:be:e2:f5:60:ac:fb:cb:27:76:e5:86:ea:19:28:
+         e3:5a:b9:7b:bf:d0:3d:d5:b7:79:81:d8:6b:f6:24:bd:a8:60:
+         53:1a:ee:b7:94:f8:86:01:67:a1:f3:47:40:0e:4e:6c:bf:f5:
+         e9:80:ea:1e:63:7f:6e:d6:49:66:3d:25:8c:ef:7e:5c:c8:46:
+         0e:a2:f5:e1:ff:82:80:ec:bc:06:23:13:17:86:f1:47:a5:6a:
+         1b:12:d9:78:55:86:76:33:8a:68:a0:05:f3:c4:d8:29:01:5c:
+         24:d7:f4:a9:c4:ba:61:7f:4e:4e:a4:6f:bb:bd:3e:ab:3b:4b:
+         0f:ae:c3:d7:69:09:6b:29:6b:df:87:ef:99:25:fc:8e:64:e7:
+         69:89:a7:18:34:b5:b1:b7:18:fe:b9:0e:9c:27:1a:d2:18:bd:
+         31:6c:d0:34:b2:c2:58:7f:e6:19:e8:37:91:a8:5b:0d:ba:99:
+         94:68:1f:01:c0:b4:01:e8
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTQyMzFaFw0zODA1MDUwOTQyMzFaMIGlMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVdGLWd3
+LWNrdWJ1MQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAspSsnUm1LQ7b
+8RkbTcnOZbkY5nrCxuUS48TTR5xldAqAIE4dcBiOt4bk4Owq+Ga/ahSPRE4bzWGg
+sxMPAOwrTQbIzTTSa+hE88yb/Yex+ajFF3l5P8UFDnuhsktYKTO5gmm/s7ylUXkD
+229PVWJSZPDkoyCk6X9dePIr1Y5bp9hVsu+kAbgv+hqDKVs2t9SEz9sR1D3bPBSo
+Qq922A+uAB8TuMO7+Qa56SN3TNeppDbZ8sMJDACo4n6kuGiiwGKwQisuClWc4Ztk
+lyxRyk4nX3tazoZ5/HhnWAVIyDtKJLoGTtuJQPTrg6u73L8dZ/Xdzs44JtcVgFyX
+c/tYfpa0qwOaEjY4eIZbR8fnE1aDVKOxpF6+dT687g2ejZnk7xat7nQ1xO0dOpuU
+nGcHoj6xS/qelJdREhoSmBcM+s47AcChvLQcnYxoMUttGa1IwMQ+JLKAkoe6SxY5
+O/RFc7ikFtxqTjoYhEaeOEdpylddkls2GgY+zhr19Q7fQG4GJAzcaX8kZNW9lCsL
+bnVNKs0NPqSzlH1V8fRW8qbGLBYo4psmv9ZSVz4uSvjeiztxDXacrn/mk6QaCsBU
+iGL5W10SMVzdoCDhZaXLpbav3TqSdO8McJgOrRw4oj6ub4FeRD1PjLfLUJNT4yQU
+xaM4cJrrOREcZrZ/QzFb50A5wPj3XmECAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
+LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUC1o/4VMVvM1Vd/5aZ/6VotQG7/IwgdEGA1UdIwSByTCBxoAU0PJ0
+ICpJa0iXvNFbAFu9khFc+mmhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkT
+BlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDSOTiU7NG8
+fzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
+Z3ctY2t1YnUwDQYJKoZIhvcNAQELBQADggIBAF5Lkr5dmfn07fwGHbjBYQcGapqI
+r4GEBG9E52PFBL432FLlaLy9HrpQfIj+6aCpO6/M7u5GSQH9/2Bo1COQDenWVJdD
+4oAkCcuBFwY2xIMMF4RkWXKrKEVCc+hZsgHl5/ZFKQdx/XYLrJc4s+ZUFgiESfmX
+NpP9d2T5kB/SuxxXIP+1wVe7sbKMsa2VZDTe1KI7c1xgb5Z+azGmED3MyfLf+jS2
+jOPhJZAxpiGhBC8SvTzmaysGkakAEBzgIuPz3a6rKn3lPFKNp1zoALGVRMwkRYdu
+ufdoBlwGq9Vt6WKlih9XFBcuFbKLH20ZG9oPrElMnkMdDucoQZ6hx6WNdvVs5TNb
++kaDaWu4dQqr4VrY1Xx96VctvvkbLT9BWzFBMlOAXJi4Ndox+P9W0z9oq++bOVpN
+7H9qrdIG83tN7El4elemvXeyHfq+4vVgrPvLJ3blhuoZKONauXu/0D3Vt3mB2Gv2
+JL2oYFMa7reU+IYBZ6HzR0AOTmy/9emA6h5jf27WSWY9JYzvflzIRg6i9eH/goDs
+vAYjExeG8UelahsS2XhVhnYzimigBfPE2CkBXCTX9KnEumF/Tk6kb7u9Pqs7Sw+u
+w9dpCWspa9+H75kl/I5k52mJpxg0tbG3GP65DpwnGtIYvTFs0DSywlh/5hnoN5Go
+Ww26mZRoHwHAtAHo
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/gw-ckubu/keys/gw-ckubu.csr b/WF/openvpn/gw-ckubu/keys/gw-ckubu.csr
new file mode 100644
index 0000000..47fe54b
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/gw-ckubu.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6zCCAtMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRgwFgYDVQQDEw9WUE4tV0YtZ3ctY2t1YnUxDzANBgNVBCkTBlZQ
+TiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQCylKydSbUtDtvxGRtNyc5luRjmesLG5RLjxNNH
+nGV0CoAgTh1wGI63huTg7Cr4Zr9qFI9EThvNYaCzEw8A7CtNBsjNNNJr6ETzzJv9
+h7H5qMUXeXk/xQUOe6GyS1gpM7mCab+zvKVReQPbb09VYlJk8OSjIKTpf1148ivV
+jlun2FWy76QBuC/6GoMpWza31ITP2xHUPds8FKhCr3bYD64AHxO4w7v5BrnpI3dM
+16mkNtnywwkMAKjifqS4aKLAYrBCKy4KVZzhm2SXLFHKTidfe1rOhnn8eGdYBUjI
+O0okugZO24lA9OuDq7vcvx1n9d3Ozjgm1xWAXJdz+1h+lrSrA5oSNjh4hltHx+cT
+VoNUo7GkXr51PrzuDZ6NmeTvFq3udDXE7R06m5ScZweiPrFL+p6Ul1ESGhKYFwz6
+zjsBwKG8tBydjGgxS20ZrUjAxD4ksoCSh7pLFjk79EVzuKQW3GpOOhiERp44R2nK
+V12SWzYaBj7OGvX1Dt9AbgYkDNxpfyRk1b2UKwtudU0qzQ0+pLOUfVXx9FbypsYs
+Fijimya/1lJXPi5K+N6LO3ENdpyuf+aTpBoKwFSIYvlbXRIxXN2gIOFlpcultq/d
+OpJ07wxwmA6tHDiiPq5vgV5EPU+Mt8tQk1PjJBTFozhwmus5ERxmtn9DMVvnQDnA
++PdeYQIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAD1G7CZjDtBGdx699GNi9EXW
+geui5Y0DSq/4HM3+ixH/23dsukP/YH0yLLqOXjw+FiNLiDy0KXwKUh8Ixxt01GYY
+/9vZmXETN+Wo61imvlTnzL5ku67noMJAG5j9A4+TW4oU10eOwCfTgJRqb25E/Bmo
+rHo/fpw3LXW7H7rRLFKNmJVDVFbyDmJruUpp6Vrq7snAw88NZOkamcKOKmeZSn/6
+HMwaicX6pSOICBohC97N1ycuo07ME50LLiWStujPNWeXaprzmordsRlQ/CIyEbQb
+XbxzoH44IEcdSDXdBvFwgW5GGwbONHX2mZiuqk72xcBxDWt5zjvbjiaWydmf+59s
+rAb68ls4uN6iz8TKS4qgL9eq7S7F4+MQ4ngmCP6fHsm9uUP+EyA1SQkMEYwnBCzu
+Z+ItQB1a4RPaZabGNG+XsJnTCSzSL5kxihS7VJD2h/ZYSXS+ZxbS4MZCyyXkpCQz
+KOMM85uUtWs1RJsmVCCwwMUA3MmLxzptAgcLbN/PZ0Vy4uiTY8tDJaBDEg7er/WS
+HFACCxAChmSaPnI56vNtSD4giVFuufR9rJzO2+1DL1s/9QYO+5n8B0pbQuAAbrMK
+DnEQK6qTYv8REM4x9D2YBfZcmPsE6W8rXDCYhll7G72ywn3g8HSOl0YZbiGVDXTo
+aPedA4ow0NkhbFFxjCSQ
+-----END CERTIFICATE REQUEST-----
diff --git a/WF/openvpn/gw-ckubu/keys/gw-ckubu.key b/WF/openvpn/gw-ckubu/keys/gw-ckubu.key
new file mode 100644
index 0000000..64bf05d
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/gw-ckubu.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI59wBCS9KufACAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECMafpEYThPSNBIIJSMfS/Nhh6rKg
+wYowIdjqeXtALfdMjYM1VPFesantrtCGxxZgyvGhT8GJylJvyKlHpaGKXnqib9k9
+vtmLEwgte4gfKQ4DfBLKSx59tMWOubFkP0UipolhJeksCzyq8Jz+vqITr8ZIHm3F
++Rw6Vmf/tH6+tl4E+K9RsC6y9DV+3LT8nApLJw1jFCOPTYJ4MGMXyacrQ0s6uluB
+vL0T47A9OVemH9dAJhxIeYXP6oNM5/bbMe7ipAQDmwzAU4YGn3VR7hRdFjhcsw9G
+3MiQQc3/vBKYmIwDKdRhkNr6BWU6kj00aHShchQQB3igc/C0T+OdYjbV395+AoeW
+N2elVKmVR+jPmQCngb4adE13PqzAil29SMNGCYUmrr6w9beof1lkNgaPGMlizSrj
+dyViCIfyKUZIyHoTM2tkWZnvwvTAiLnq/KLb3xeFEz1P52dXNa+iaaT+2/CMJK8y
+/K3tI3LelE4GlJ0pqPeBbgPdJtDjti5eLAzlpVt36FXYIauNHPqdudD2gkU1uyQ+
+UczS0aiHp/HyR35OhOtjTq9WjL6rNcQydYxKZkQS6SftqC9B3ulG6miI1qykoQRt
+7mCOE4hdRLb4qU7ZbuLh3ysX90FgSaCTRkn/WLLRdXL9rnp18/i1o628449p+sCQ
+1Y1BaMSiwBKHu5kvFCUiZ/9gS71rZvz2fWYvZult9hM9++XXwGjmaQFTO/O/YAKA
+PMnsS7XZZLF8kvWp7kXU94ws+Bozhbfd3Owpktr7oe5pnUz3JoIuZZN7kq99u8+c
+0n9hIBrMKcMWbyDOVwlNJ8GvR8QkEcXwzfNjEqawHpjZ4I3FV+nyVuCOt0Ap7ic3
+GqEkpfUQavLyxxYanchf04/obbiW63+r2LbLeouvk44LjOdjP1cD9Q72jdEfYTeS
+bnqeqA7LtNJ334SsetLyfPpf5StF59HGAlOLRQ5zCM2UW8HPGK+BRn5FWw6lfp9x
+8wCIYs8QDzq8PwRNpi5z1YgXGM0GV15uk4JRPphSD0GdB4bDjIufhG1WzAMgHd3K
+99ppEmtguBXQwjt3KnRed+sjbhnPEsdfAKlvGhtHgMlxa9Pt+4HY6BapcVrcpE1U
+yx72S3BrWgY1b+4E6DEkAZurGcqNeBf+3kXzQb/bgZ089oSkcULayx3qMv9I8pWk
+SQ/KiWz0w7LhPcxOHtyLEjn1z/FMnc/H+HYL7nVLHvPQI1QqN6QVDBXMnzWe/LYm
+pRlKnFXL8DSQ+U3Y32CsCGmRFoHnC5IOJ9AyLcH8Cf1mGHtq2AUR6A+5fnDnzs4W
+wneYMYE+chjoEBhyrbhaBmzMsZn1EQeRSWnKFUv380OeBTQvA6UEX2NbYe96Sm8/
+5vym3c9js8SioBiM5nT1IO5w3ySjnaF3UmUldlk3JUCOey7HiuCXBGNiDq06laPX
+Gy3cAy9zasaPdsPaPcOjNyHurSp23qXua446IyBZTdzQewE5AcfQMyJIwzuck/oq
+UDZvHZUbiqcaWtEcquyLRSQPSRj8zAN0+VJoO88ptfC423ye3SV/bsIJV/dlys0W
+NqkfK4e7sqXlbESlxMfhTqKHD0JgC/mvlfWcQi7zQ3KTjWQGKGgkZgPe5YKa9XNy
+r1iA0sVKrvJcFWNb64wXUN5KKP+7j+jnkLdsQKrDDrQcdkFZI3TTjB61We8xG4EK
+vEkhpxf3DG6QOYpC5xpKGKIKDvb3PlxDw2zLoRghlLOYcrzrCKCRpykVdPa2/WtY
+ImvtspFedb1erVuObp7KJtfhnKsiT6D2QXX1YceYwmC+6tbpdyi1/SsnwOnP1vyD
+2Kt+l10ISuDIE50NtEmwWjluSHenQXwgkM57YrYi2cwOB8tPxUiFevpFcQpErVyd
+7Ocgd7n+NEM0Wk2+9Ap8+uAqIGnwy1og41/EzpaSybhMHhI4W8o7ocTIU+P4o3+5
+Lpq67MLebA0nJ2UFK0/CsJFH0mqL+MyYbON5T7IimS5f+dxBTX80zZeyIcV/uf4d
+w5T79/5ltjQ61MYS6nxnuEFVsO+S4iQZPV8lyszucRXhK9czJ7DULvbOcUqFgVU/
+wkkmIeGRiqntohas7mLzl/GIExt6e/yK40jTbIq0wGt2fXncVZ9yLn5Piap0kjTn
+SrDcvBHR2yOjvt/hSiIhB/8Stxfspc+a0gPMWzaFzw5IFxzihA6FI+wnRmLTAIY3
+niq6ORveC/9iZLe0tJ6AAG4vw6oDi9wQPqdqMfwcmiFDqT+lpNd0aWOpTvTnVt07
+ibNVRV7H1DRomeUodkwcnvlONBWyt30WOE46C6zRGnIpfKO8NSUG5CTJd3YKUo2b
+wqSd2N/jhQ5is+vHIxqhHl53p3DvO/OMSb9vYtBoUlHUhxU+4dJa3T1qibKtHXHa
+2gsG64/AFt2OQqq9KS9Zi8Hc2MyI3tPeAy4xMctYM2b1fjE9UHWRfbcVZTOPWbz8
+PWfvyNwc4c8pqeojmMaMyUPYMsoM+yhj8tHRpoTNUSZx2I9VrhrAMQQt5HIThY0n
+/MSWjaWOH1CPbgIyJaBY8WLL1Kz/QsAPV7PgeG5YJVvuqM0uo+iDhf4fHXR4TYqS
+baeXV8sXQg+6WDmBESsPOGpL7jMRg0Ay6HHnAmZHWWC+9J4trVerJct621A26y9V
+3Bh2r1zbL8dkC3WHvBu1uVlWam1z4Qj+sS66HCDlPWsgQZzBOX3JPRn7IUjCFzWM
+q0wZPSNO1outCFEs/uW8nelWr3EOeYBtpJZU81rXSYHvDa0mWZCroabNcgDiHbcj
+DwhtAewmLeJhYUPUkU7SoqZLJy/RRymEO1vaNutQtm61vlbnAatcM6y1v51/vLRl
+xe5fpp9/EZGXMfnjgKApAO0WFYPk6FhZydm4KrXTQueLS63GGCuSmaAVP3aLWt06
+qn5FfIqupymn8xqNkmToUhE4559j7Z+//tvvdNppsD1YY6x6S0NfWreGhArL0uYu
+er9iXtrbb0QCitzXdWh90+CEFvENzeYOqE1T4C7pq1Nhoqu6qCzFk63TPBBhlFm9
+R002jRL/UcjqDy7L4L4hE6TCQqlnVuPl1Ru8uCpRAUARPbmWNBVi+yUeGTh3YFOa
+yPuYDrvQEjzXl16q+U/5MNQ4S0MZzEDtjMYKqLyGsVh503jKO6XH3UmMAFlrWf7J
+1xr8RI04RwGrFDkPkuw1dQ==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/WF/openvpn/gw-ckubu/keys/index.txt b/WF/openvpn/gw-ckubu/keys/index.txt
new file mode 100644
index 0000000..244c8d5
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/index.txt
@@ -0,0 +1,2 @@
+V	380505090733Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-server/name=VPN WF/emailAddress=argus@oopen.de
+V	380505094231Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-gw-ckubu/name=VPN WF/emailAddress=argus@oopen.de
diff --git a/WF/openvpn/gw-ckubu/keys/index.txt.attr b/WF/openvpn/gw-ckubu/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/WF/openvpn/gw-ckubu/keys/index.txt.attr.old b/WF/openvpn/gw-ckubu/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/WF/openvpn/gw-ckubu/keys/index.txt.old b/WF/openvpn/gw-ckubu/keys/index.txt.old
new file mode 100644
index 0000000..a96b2b1
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/index.txt.old
@@ -0,0 +1 @@
+V	380505090733Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-server/name=VPN WF/emailAddress=argus@oopen.de
diff --git a/WF/openvpn/gw-ckubu/keys/serial b/WF/openvpn/gw-ckubu/keys/serial
new file mode 100644
index 0000000..75016ea
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/serial
@@ -0,0 +1 @@
+03
diff --git a/WF/openvpn/gw-ckubu/keys/serial.old b/WF/openvpn/gw-ckubu/keys/serial.old
new file mode 100644
index 0000000..9e22bcb
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/serial.old
@@ -0,0 +1 @@
+02
diff --git a/WF/openvpn/gw-ckubu/keys/server.crt b/WF/openvpn/gw-ckubu/keys/server.crt
new file mode 100644
index 0000000..2001595
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/server.crt
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:07:33 2018 GMT
+            Not After : May  5 09:07:33 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-server/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:b7:55:76:2f:0a:b9:28:84:08:aa:51:dc:d3:93:
+                    fb:e8:64:f5:7c:c6:4b:90:6d:a8:9f:51:b6:90:69:
+                    81:30:64:6d:32:dc:59:51:f3:cf:68:96:45:11:ae:
+                    2f:17:79:b5:c7:4b:11:ba:27:bb:94:fb:7c:5e:90:
+                    84:c7:89:d3:a7:60:ed:cc:fc:59:b3:38:4f:67:75:
+                    e0:2a:65:2c:54:5a:c0:98:28:f4:b4:65:4c:aa:5d:
+                    3f:6a:a2:e2:33:a2:5e:0c:60:d5:e1:69:4c:35:9e:
+                    aa:03:bb:01:2d:fb:2c:11:b1:43:09:96:27:f6:ca:
+                    18:5e:6d:d1:a7:e0:5d:8d:3e:52:ae:5d:ff:9e:32:
+                    e9:3c:11:da:35:b7:1a:b0:14:79:74:7b:57:51:15:
+                    8c:a9:ca:1a:ba:e4:0d:53:d7:27:ce:7d:24:aa:98:
+                    ae:2a:da:5a:cd:a5:6f:53:6c:22:f4:5a:52:53:6a:
+                    83:52:fe:8f:e3:dc:8b:a9:99:f5:0b:61:a6:05:c2:
+                    ad:f6:6c:cc:c4:7e:13:8c:28:88:09:98:c8:4d:be:
+                    b1:69:6c:5a:4a:85:71:0b:50:22:b4:ee:35:71:82:
+                    31:31:b3:a2:5f:2f:79:d3:75:68:be:37:e8:e0:7b:
+                    77:a0:fe:62:b0:be:a4:7a:1d:a8:8b:30:d1:d4:0e:
+                    2f:08:18:93:2f:32:b7:29:d5:e6:41:a5:e4:92:09:
+                    d3:d4:d7:c3:f9:33:48:e6:be:f5:e0:e3:ae:35:7a:
+                    a4:ee:40:a1:d4:e9:cf:fc:81:7d:31:e6:af:bf:f1:
+                    e6:6d:da:1f:d0:e2:53:35:9d:b8:f4:a7:53:03:8b:
+                    f9:e0:86:71:b9:45:9e:f9:68:2c:d8:a1:9f:04:73:
+                    f9:8c:b2:9a:53:ea:96:63:8d:13:05:a5:fb:72:e6:
+                    9f:92:23:f5:1b:57:ee:44:8d:75:c8:6b:b6:93:ac:
+                    27:43:10:f0:9a:00:12:d5:95:07:22:ec:fe:01:ea:
+                    0c:c6:0a:86:64:2a:20:98:01:b7:8a:d6:de:35:78:
+                    ad:da:6f:93:eb:b8:29:f3:8a:99:5c:58:8f:dd:15:
+                    ee:8e:26:21:e3:9d:df:60:c0:05:cb:83:3c:7e:9c:
+                    f1:b7:68:bf:f0:b2:7d:c5:0f:56:d6:77:e7:5a:1a:
+                    5c:ba:58:dd:fd:da:8b:03:ed:1e:6d:a7:55:e1:42:
+                    3a:82:a6:17:ad:60:7d:98:bc:ae:c7:ed:a2:d7:6f:
+                    82:a2:a3:4c:b7:79:8b:f4:a4:2e:53:51:a3:33:67:
+                    64:ff:10:53:63:a6:ac:4f:7a:ce:22:74:e0:fc:ee:
+                    2c:f1:a7:71:ae:f5:00:fd:52:a6:23:a0:b2:30:f6:
+                    5a:a3:6f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                C0:D2:0C:48:39:41:59:DC:87:C8:23:A2:04:51:EF:F7:BF:98:7E:0C
+            X509v3 Authority Key Identifier: 
+                keyid:D0:F2:74:20:2A:49:6B:48:97:BC:D1:5B:00:5B:BD:92:11:5C:FA:69
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D2:39:38:94:EC:D1:BC:7F
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         45:6b:87:25:2c:19:e0:ab:c8:6b:8d:bb:e8:3f:98:30:54:9d:
+         a0:ad:3e:b7:c5:5d:76:a0:ba:2d:1b:16:8a:87:63:9a:23:9a:
+         b4:94:aa:5c:bd:0f:bf:35:af:60:ef:63:14:cb:00:51:b1:c1:
+         0c:ef:5a:52:1a:8e:5f:a1:20:bb:42:cd:50:a5:71:87:a7:24:
+         80:e9:1a:9f:8d:b4:f9:60:42:e1:20:4a:12:f6:a1:a9:6a:17:
+         94:43:6b:2a:1c:78:02:16:aa:e8:6d:50:b0:95:b8:59:66:ae:
+         5f:4b:87:5c:e6:64:ef:b7:78:72:57:18:04:b4:cc:9d:4f:35:
+         73:ec:48:d0:79:6c:20:92:88:32:d3:59:61:57:86:b8:1a:cc:
+         92:69:f1:9c:82:1d:24:c3:aa:d2:27:0b:ab:c3:3b:0d:44:74:
+         35:35:c5:b1:ce:95:29:8e:55:9e:00:3e:66:53:61:8a:3d:cd:
+         99:6b:80:e5:f6:eb:0d:60:54:8a:b5:43:de:02:4c:fd:a2:22:
+         90:b0:ac:ef:e9:39:9a:3b:f9:0c:cd:49:a5:54:e2:27:74:f6:
+         d6:f7:5d:2d:ef:20:2f:d7:4c:9d:16:c6:6b:57:fc:46:ed:e0:
+         44:91:45:c9:d3:1b:c8:be:e6:b5:62:6a:bd:cf:35:2a:66:59:
+         78:ae:d4:a2:3a:c8:af:79:19:40:73:31:60:3f:5a:df:59:d0:
+         92:b7:e8:a5:83:c3:50:4c:76:79:f3:21:70:d9:38:de:b9:37:
+         ee:15:03:82:a0:bc:94:ac:ce:0d:e6:a2:fd:eb:f2:89:96:e9:
+         9c:e4:f2:f1:09:b7:42:ae:e1:74:fc:87:ee:56:03:c3:46:82:
+         2d:68:56:fd:ef:9d:ce:41:e5:b1:08:3b:ef:f2:86:16:8c:0a:
+         21:2f:2b:4a:35:96:dd:34:fd:d3:ef:01:8a:48:ea:4a:7c:22:
+         af:a8:83:73:c3:2e:0f:de:3a:95:dc:fa:c7:9b:e8:66:77:26:
+         9f:36:b3:98:59:c7:c4:19:4b:65:28:15:b8:4f:47:70:7c:a2:
+         5a:33:15:0c:db:9b:2f:c8:73:1a:10:ef:ae:0f:1e:ff:97:1d:
+         ea:6f:ef:bd:a5:46:3f:d5:cb:d0:7d:2c:1c:00:63:2b:7a:ff:
+         8b:a2:5f:27:d7:5c:ff:ab:ed:b7:a5:98:98:db:e7:43:e2:18:
+         97:4d:e1:df:27:d8:57:cd:0e:29:fe:45:84:ee:e4:bf:b9:c5:
+         dc:4a:63:85:7e:6c:c1:d8:25:c2:fe:13:4d:58:79:ae:98:e7:
+         4c:ad:a8:36:4d:08:06:8f:fd:5d:1c:29:5e:c3:c6:04:e6:2b:
+         a8:6a:41:10:cf:fe:22:8b
+-----BEGIN CERTIFICATE-----
+MIIHPjCCBSagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTA3MzNaFw0zODA1MDUwOTA3MzNaMIGjMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEWMBQGA1UEAxMNVlBOLVdGLXNl
+cnZlcjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALdVdi8KuSiECKpR
+3NOT++hk9XzGS5BtqJ9RtpBpgTBkbTLcWVHzz2iWRRGuLxd5tcdLEbonu5T7fF6Q
+hMeJ06dg7cz8WbM4T2d14CplLFRawJgo9LRlTKpdP2qi4jOiXgxg1eFpTDWeqgO7
+AS37LBGxQwmWJ/bKGF5t0afgXY0+Uq5d/54y6TwR2jW3GrAUeXR7V1EVjKnKGrrk
+DVPXJ859JKqYriraWs2lb1NsIvRaUlNqg1L+j+Pci6mZ9QthpgXCrfZszMR+E4wo
+iAmYyE2+sWlsWkqFcQtQIrTuNXGCMTGzol8vedN1aL436OB7d6D+YrC+pHodqIsw
+0dQOLwgYky8ytynV5kGl5JIJ09TXw/kzSOa+9eDjrjV6pO5AodTpz/yBfTHmr7/x
+5m3aH9DiUzWduPSnUwOL+eCGcblFnvloLNihnwRz+YyymlPqlmONEwWl+3Lmn5Ij
+9RtX7kSNdchrtpOsJ0MQ8JoAEtWVByLs/gHqDMYKhmQqIJgBt4rW3jV4rdpvk+u4
+KfOKmVxYj90V7o4mIeOd32DABcuDPH6c8bdov/CyfcUPVtZ351oaXLpY3f3aiwPt
+Hm2nVeFCOoKmF61gfZi8rsftotdvgqKjTLd5i/SkLlNRozNnZP8QU2OmrE96ziJ0
+4PzuLPGnca71AP1SpiOgsjD2WqNvAgMBAAGjggGAMIIBfDAJBgNVHRMEAjAAMBEG
+CWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJh
+dGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUwNIMSDlBWdyHyCOiBFHv
+97+YfgwwgdEGA1UdIwSByTCBxoAU0PJ0ICpJa0iXvNFbAFu9khFc+mmhgaKkgZ8w
+gZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8w
+DQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGWCCQDSOTiU7NG8fzATBgNVHSUEDDAKBggrBgEFBQcDATAL
+BgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IC
+AQBFa4clLBngq8hrjbvoP5gwVJ2grT63xV12oLotGxaKh2OaI5q0lKpcvQ+/Na9g
+72MUywBRscEM71pSGo5foSC7Qs1QpXGHpySA6RqfjbT5YELhIEoS9qGpaheUQ2sq
+HHgCFqrobVCwlbhZZq5fS4dc5mTvt3hyVxgEtMydTzVz7EjQeWwgkogy01lhV4a4
+GsySafGcgh0kw6rSJwurwzsNRHQ1NcWxzpUpjlWeAD5mU2GKPc2Za4Dl9usNYFSK
+tUPeAkz9oiKQsKzv6TmaO/kMzUmlVOIndPbW910t7yAv10ydFsZrV/xG7eBEkUXJ
+0xvIvua1Ymq9zzUqZll4rtSiOsiveRlAczFgP1rfWdCSt+ilg8NQTHZ58yFw2Tje
+uTfuFQOCoLyUrM4N5qL96/KJlumc5PLxCbdCruF0/IfuVgPDRoItaFb9753OQeWx
+CDvv8oYWjAohLytKNZbdNP3T7wGKSOpKfCKvqINzwy4P3jqV3PrHm+hmdyafNrOY
+WcfEGUtlKBW4T0dwfKJaMxUM25svyHMaEO+uDx7/lx3qb++9pUY/1cvQfSwcAGMr
+ev+Lol8n11z/q+23pZiY2+dD4hiXTeHfJ9hXzQ4p/kWE7uS/ucXcSmOFfmzB2CXC
+/hNNWHmumOdMrag2TQgGj/1dHClew8YE5iuoakEQz/4iiw==
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/gw-ckubu/keys/server.csr b/WF/openvpn/gw-ckubu/keys/server.csr
new file mode 100644
index 0000000..fa95405
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/server.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6TCCAtECAQAwgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tV0Ytc2VydmVyMQ8wDQYDVQQpEwZWUE4g
+V0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAt1V2Lwq5KIQIqlHc05P76GT1fMZLkG2on1G2kGmB
+MGRtMtxZUfPPaJZFEa4vF3m1x0sRuie7lPt8XpCEx4nTp2DtzPxZszhPZ3XgKmUs
+VFrAmCj0tGVMql0/aqLiM6JeDGDV4WlMNZ6qA7sBLfssEbFDCZYn9soYXm3Rp+Bd
+jT5Srl3/njLpPBHaNbcasBR5dHtXURWMqcoauuQNU9cnzn0kqpiuKtpazaVvU2wi
+9FpSU2qDUv6P49yLqZn1C2GmBcKt9mzMxH4TjCiICZjITb6xaWxaSoVxC1AitO41
+cYIxMbOiXy9503Vovjfo4Ht3oP5isL6keh2oizDR1A4vCBiTLzK3KdXmQaXkkgnT
+1NfD+TNI5r714OOuNXqk7kCh1OnP/IF9Meavv/Hmbdof0OJTNZ249KdTA4v54IZx
+uUWe+Wgs2KGfBHP5jLKaU+qWY40TBaX7cuafkiP1G1fuRI11yGu2k6wnQxDwmgAS
+1ZUHIuz+AeoMxgqGZCogmAG3itbeNXit2m+T67gp84qZXFiP3RXujiYh453fYMAF
+y4M8fpzxt2i/8LJ9xQ9W1nfnWhpculjd/dqLA+0ebadV4UI6gqYXrWB9mLyux+2i
+12+CoqNMt3mL9KQuU1GjM2dk/xBTY6asT3rOInTg/O4s8adxrvUA/VKmI6CyMPZa
+o28CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQBU5G7QjZgZ23SAUp+V98QvxZzU
+sQGV1l8tENGMe6NKEvNwQ3DYS7ix3ixmD2TgMWYfG6arnlJZAAZbcVGxUIxpGUY1
+8dz4GTJtq2Gum+24hqZJ51o7+kepBFt8MuF8bUMeIMbx1DaK2OgaITwOn+yHkbC5
+8FxLlbJKdDZtWM/By+kP9RFlyfLPCYlAop8bPsff+ePs0V2wpjFLTY6j5wII/qY5
+4Fla2ofaP66SKFh94MqRVU7JJ4AbgsMmFl+wIXWtCILOXYmNZZMtjhjTSnboT7g5
+i9RNM1kcc8DgbRR6OBf91uMF4gluzDA5eUdQGrKhhf9Ydc1bTIFIe/c54+JYY/MJ
+a9OZLiM/hRthTtaBVhyKOWswcavcge55czcqNwid56Fq4YUCEzt2CZwHHRFnK8Pr
+NpFRWc3z0oAgungBFKVE/0P3Pt1pXL4ud6ZwwTTxaUuSeS5okdiYiq8UnXJMm+tj
+3UgJ4LH5DWiuybQHFiYAcN1ytlcL5bpbERLCwOO8bh/X3lYbtJdKgCh8llQq25Di
+pLWpg+YlXxQV2Oc3ScV6lC4jxalD3OjQok2D1DD2k7XF1OgCMkSq+NqlDgRTUHM4
+/pdbtkUJMMy4USXol3ENJb1i3wUUjJyqsvpmlehkONXw5G+UkMtUygjZdrfEKAD9
+KCTZXfxVfQlZ5cJSpA==
+-----END CERTIFICATE REQUEST-----
diff --git a/WF/openvpn/gw-ckubu/keys/server.key b/WF/openvpn/gw-ckubu/keys/server.key
new file mode 100644
index 0000000..a429833
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/server.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC3VXYvCrkohAiq
+UdzTk/voZPV8xkuQbaifUbaQaYEwZG0y3FlR889olkURri8XebXHSxG6J7uU+3xe
+kITHidOnYO3M/FmzOE9ndeAqZSxUWsCYKPS0ZUyqXT9qouIzol4MYNXhaUw1nqoD
+uwEt+ywRsUMJlif2yhhebdGn4F2NPlKuXf+eMuk8Edo1txqwFHl0e1dRFYypyhq6
+5A1T1yfOfSSqmK4q2lrNpW9TbCL0WlJTaoNS/o/j3IupmfULYaYFwq32bMzEfhOM
+KIgJmMhNvrFpbFpKhXELUCK07jVxgjExs6JfL3nTdWi+N+jge3eg/mKwvqR6HaiL
+MNHUDi8IGJMvMrcp1eZBpeSSCdPU18P5M0jmvvXg4641eqTuQKHU6c/8gX0x5q+/
+8eZt2h/Q4lM1nbj0p1MDi/nghnG5RZ75aCzYoZ8Ec/mMsppT6pZjjRMFpfty5p+S
+I/UbV+5EjXXIa7aTrCdDEPCaABLVlQci7P4B6gzGCoZkKiCYAbeK1t41eK3ab5Pr
+uCnziplcWI/dFe6OJiHjnd9gwAXLgzx+nPG3aL/wsn3FD1bWd+daGly6WN392osD
+7R5tp1XhQjqCphetYH2YvK7H7aLXb4Kio0y3eYv0pC5TUaMzZ2T/EFNjpqxPes4i
+dOD87izxp3Gu9QD9UqYjoLIw9lqjbwIDAQABAoICAEJzHXULg/UldiaVqV6ewq2G
++luRXA4rUPT+HxfUxdiObe4DY/SKVGDqJnq0EamGmdZ0ZSZ+BEWJqZh09UuFr0t5
+nHex96k3/b/YP7neFeU1R51fKuK/3LvbNIMoKqjgbwo5hww+qDq/GYxkmZba9Sws
+fcnZvP58XbzMPTOF5SKutjUxKNdkSJlXNypFBc1Qfn0zv4BKOUPJV0rqIdKDp4/2
+V/XlhStPHZ5wGhu4lCrRGgnWD2djkS/b3ltIzEKl0BFCcN9irA2ETP1+K2CfGerj
+9VXqygc8uq6JCytdM83CjKYhH/c0NAnrAl3/0c6bsc6OpaK+VstUOKTKuyMLSQwe
+ecrXQkcSy8myVi9SWEetl7dxS6J1vIK5BnlInwCSqs5bbY60CS0WBK5rTP7NbkLR
+8eBqF6iX1LMUmyOFXeb3CCLhfvN+/J8kCN2nRfHWk44kUZ1C5OSpA+aKFC7K2/yM
+Pi1jD/j3eDU65/LDY+Hsr4fXUyaeOnnHxx4lh0mk7P+Sw7MmHNdyBbUZRg+yTy7p
+t+iSdChMq1QTyaFv9h3PSNHmohhspQIKbcAldcDbjnm9Ga1du/fr5oOMYHG2sKmI
+VdBLW9A827Rn7ra3ZFlxCUSy9RUj/KAUWcXB+JeQEmNpT5bGD4mtAgr45LPL2+HM
+0lTRwXZqgSgqNbFKotyBAoIBAQDtRj0xB0CE9SBZJtgPruBtnY2dawLyW09W74tR
+lyZrwTIE9IJptJ1LLJUjHXngS6+SkPcBOSZt1FNYkqwGtAOwjMLbZHA3uuoSaeNS
+16KTWbUB1Wqhkay213BB63JiGJgxJVJC8tX/oVHtcMgkSNargaYJ1lCeDruF86sK
+YXEqPmk5Erw5TQWc52kuyhkIJUNZEcrLmSV9DlIV99ijhaiSbj7DfCupazkxng9i
+SXKrngDtjD+I1NIOHR0QUBJ943AYSrvFoqFxmVpIPIqQejndC08yEFBMCmNirBCP
+ySMoXlPF26QYmHJXZUTsmu8DKwX9l8Gn/NcymhjIkE8Rts5hAoIBAQDFzXALaumg
+v4HA9oaQgt3OO6le3sa1L3XhDVshcS0NzxoFmWPf9ZLeySYyAWyRQec9/ZRgRp1d
+184rMEiPgOEtMHRkoQoBskoubzRKMGRX4+Rdw4bWQ4qtIqS9NxvKSWIJ/aHsLrbj
+7TNtdfkYLVjEC2CTzZiqwTF8ONI0yizETfPnAD1JHvHY5AAD1VBXvroVukT15dB0
+9lU1w6b1uq4qhW0kDvqzZV7xaTK4hS9dKPA12haBZDhSr6Xz+hw7l3hJm10TaQuU
+wJRfw34GislE7YLF50jAz3xAY70foXIH3oTiaiADnBFsTya9+AU/RD8oOPatDxi9
+hvAEGsZdYqPPAoIBAQCumqh/AsoszUG/uUD30YWfxHgo5k2l0SHCZMaOBP+l/eZ0
+FQY/CUVSw3z/+Tntn2SVI45Q3SB1Y/DtVgm3aRLqAbuGvRODP03uvPMmzD371uDH
+d6hfOxbw+frG1581psmgKMmvMInf8nOamgr+AIfQb7iito5esZK3UQeFvQ0MvB6s
+fCf8trwxqW0SnG/tOZak3d3xE0KuEzK+rcNDGiFhmDUhn6d1pczRwXGqr0fuGHiw
+ViuO4qWs8ymnDnV9JDgh+CTTnAjX0rTIQZzqErev/RmLSsv8GQzn2JzbYnU3yKo3
+CJlp7A0AWSpuPtkx6KAg7GL63qnxt8oTFXbKH08hAoIBAQCxGc12C5V+fbj5QkEd
+Zm6d1kFBVgln9ESA6epsON7z/Df6R2pq/X8wxbzTDP9d1znqAP82bEM94JkRhjuR
+cP0r7rRn3OAOwMk2Zg7VVhqhrsOrSAOUGAk0F06Us6DIL4f+Ff9CblkGHjzrhrMu
+eHt/nAgujehhCnT6Gg3rghEu+fSlIUu+ClzTquBwji9PQM9v4MUZvVg1QNDuQG1e
+mnSSUcB0hozkzqCBWYU2PNk5egwIy2lXFJpxPh9CIO/iUy46CUb+uBDMcNjoHSrb
+RKwMcPOjqf8z0xIWvLZ6eZyVeyBTcF2VncjjxsKTWFuqV7qMkuQZ8uhd2VFQ+4Ab
+4NN1AoIBAQCF782PzfuPk5kQo5CKRTQr+0O8klb5iU1yWy1siuOfLVl/WxAItkYT
+Av5cgVbmcwbsvxFhDxophPppPxdgYT4koVxuPyBn/OtptVQv0MAje8AZEg+1CfMy
+3XldbrvMLJWAmy4HNSfEPS+fvGFA8UIrFZ6XDSxFv63S1qGn+gdH+cvScRJs8lRw
+IZiYHdXVTy2ySwE26p+CSsxMmPgP0e2/pOwk+dIWXHULXFELmlSTLE2t1xVH1zxT
+CEXNzdJnRjIHDVPoHqykSSliM+zxCWgx70kG5OY6dxAMn1lMDlhZtA0ZORNefYuZ
+4WNlCrStLLo7j/jAQyD5mX5jWxRlsgyG
+-----END PRIVATE KEY-----
diff --git a/WF/openvpn/gw-ckubu/keys/ta.key b/WF/openvpn/gw-ckubu/keys/ta.key
new file mode 100644
index 0000000..735eda6
--- /dev/null
+++ b/WF/openvpn/gw-ckubu/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+3e5606d9c9b42920092f825f6a23844f
+2f37246d81d815ac43de66f4ecfd7237
+5c7a90624fce693c8b98330f067e3fb0
+3a7e09895d73d7567f1054b54882d4c6
+72b6d4b075c817d6304a2928a03af610
+89090caccd14025b83683285228bb280
+8255101ec75398ec183f14d3ecb45fe7
+e26e6fdb81e7d5ac8a81965acd7094a5
+5b99d8b392a9998f7468e553a049c539
+876925b61b9fc07ebeefad3f672e6baa
+538e516961f37ca0e09666cdd6f67d37
+89a39089fed07e8755a410b86ca40061
+cdb81e6fa11b17b2b5dd74eca1447aa8
+b2611b543751b2d53fc79fddbc26f91f
+4d9ded064e9ea85b882475aa965950d0
+7ee0cd2ce141eb6678d23a7bfa832536
+-----END OpenVPN Static key V1-----
diff --git a/WF/openvpn/server-gw-ckubu.conf b/WF/openvpn/server-gw-ckubu.conf
new file mode 100644
index 0000000..3ad331a
--- /dev/null
+++ b/WF/openvpn/server-gw-ckubu.conf
@@ -0,0 +1,314 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1195
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+route 192.168.63.0 255.255.255.0 10.1.52.1
+route 192.168.0.64 255.255.255.0 10.1.52.1
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Enable TUN IPv6 module
+;tun-ipv6
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca /etc/openvpn/gw-ckubu/keys/ca.crt
+cert /etc/openvpn/gw-ckubu/keys/server.crt
+key /etc/openvpn/gw-ckubu/keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh /etc/openvpn/gw-ckubu/keys/dh4096.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+;server 10.8.0.0 255.255.255.0
+;server-ipv6 2a01:30:1fff:fd00::/64
+server 10.1.52.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/gw-ckubu/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir /etc/openvpn/gw-ckubu/ccd/server-gw-ckubu
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth /etc/openvpn/gw-ckubu/keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+;comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-gw-ckubu.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-gw-ckubu.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 1
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/gw-ckubu/crl.pem
diff --git a/WF/openvpn/server-wf.conf b/WF/openvpn/server-wf.conf
new file mode 100644
index 0000000..560980c
--- /dev/null
+++ b/WF/openvpn/server-wf.conf
@@ -0,0 +1,317 @@
+#################################################
+# Sample OpenVPN 2.0 config file for            #
+# multi-client server.                          #
+#                                               #
+# This file is for the server side              #
+# of a many-clients <-> one-server              #
+# OpenVPN configuration.                        #
+#                                               #
+# OpenVPN also supports                         #
+# single-machine <-> single-machine             #
+# configurations (See the Examples page         #
+# on the web site for more info).               #
+#                                               #
+# This config should work on Windows            #
+# or Linux/BSD systems.  Remember on            #
+# Windows to quote pathnames and use            #
+# double backslashes, e.g.:                     #
+# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
+#                                               #
+# Comments are preceded with '#' or ';'         #
+#################################################
+
+# Which local IP address should OpenVPN
+# listen on? (optional)
+;local a.b.c.d
+
+# Which TCP/UDP port should OpenVPN listen on?
+# If you want to run multiple OpenVPN instances
+# on the same machine, use a different port
+# number for each one.  You will need to
+# open up this port on your firewall.
+port 1194
+
+# TCP or UDP server?
+;proto tcp
+proto udp
+
+topology subnet
+
+# "dev tun" will create a routed IP tunnel,
+# "dev tap" will create an ethernet tunnel.
+# Use "dev tap" if you are ethernet bridging.
+# If you want to control access policies
+# over the VPN, you must create firewall
+# rules for the the TUN/TAP interface.
+# On non-Windows systems, you can give
+# an explicit unit number, such as tun0.
+# On Windows, use "dev-node" for this.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Enable TUN IPv6 module
+;tun-ipv6
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel if you
+# have more than one.  On XP SP2 or higher,
+# you may need to selectively disable the
+# Windows firewall for the TAP adapter.
+# Non-Windows systems usually don't need this.
+;dev-node MyTap
+
+# SSL/TLS root certificate (ca), certificate
+# (cert), and private key (key).  Each client
+# and the server must have their own cert and
+# key file.  The server and all clients will
+# use the same ca file.
+#
+# See the "easy-rsa" directory for a series
+# of scripts for generating RSA certificates
+# and private keys.  Remember to use
+# a unique Common Name for the server
+# and each of the client certificates.
+#
+# Any X509 key management system can be used.
+# OpenVPN can also use a PKCS #12 formatted key file
+# (see "pkcs12" directive in man page).
+ca /etc/openvpn/wf/keys/ca.crt
+cert /etc/openvpn/wf/keys/server.crt
+key /etc/openvpn/wf/keys/server.key  # This file should be kept secret
+
+# Diffie hellman parameters.
+# Generate your own with:
+#   openssl dhparam -out dh1024.pem 1024
+# Substitute 2048 for 1024 if you are using
+# 2048 bit keys.
+dh /etc/openvpn/wf/keys/dh4096.pem
+
+# Configure server mode and supply a VPN subnet
+# for OpenVPN to draw client addresses from.
+# The server will take 10.8.0.1 for itself,
+# the rest will be made available to clients.
+# Each client will be able to reach the server
+# on 10.8.0.1. Comment this line out if you are
+# ethernet bridging. See the man page for more info.
+;server 10.8.0.0 255.255.255.0
+;server-ipv6 2a01:30:1fff:fd00::/64
+server 10.0.52.0 255.255.255.0
+
+# Maintain a record of client <-> virtual IP address
+# associations in this file.  If OpenVPN goes down or
+# is restarted, reconnecting clients can be assigned
+# the same virtual IP address from the pool that was
+# previously assigned.
+ifconfig-pool-persist /etc/openvpn/wf/ipp.txt
+
+# Configure server mode for ethernet bridging.
+# You must first use your OS's bridging capability
+# to bridge the TAP interface with the ethernet
+# NIC interface.  Then you must manually set the
+# IP/netmask on the bridge interface, here we
+# assume 10.8.0.4/255.255.255.0.  Finally we
+# must set aside an IP range in this subnet
+# (start=10.8.0.50 end=10.8.0.100) to allocate
+# to connecting clients.  Leave this line commented
+# out unless you are ethernet bridging.
+;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
+
+# Push routes to the client to allow it
+# to reach other private subnets behind
+# the server.  Remember that these
+# private subnets will also need
+# to know to route the OpenVPN client
+# address pool (10.8.0.0/255.255.255.0)
+# back to the OpenVPN server.
+;push "route 10.8.0.0  255.255.255.0"
+push "route 192.168.52.0 255.255.255.0"
+push "route 192.168.42.0 255.255.255.0"
+push "route 192.168.43.0 255.255.255.0"
+
+# To assign specific IP addresses to specific
+# clients or if a connecting client has a private
+# subnet behind it that should also have VPN access,
+# use the subdirectory "ccd" for client-specific
+# configuration files (see man page for more info).
+client-config-dir /etc/openvpn/wf/ccd/server-wf
+
+# ---
+# EXAMPLE: Suppose the client
+# having the certificate common name "Thelonious"
+# also has a small subnet behind his connecting
+# machine, such as 192.168.40.128/255.255.255.248.
+# First, uncomment out these lines:
+;client-config-dir /etc/openvpn/ccd
+;route 192.168.40.128 255.255.255.248
+
+# Then create a file ccd/Thelonious with this line:
+#   iroute 192.168.40.128 255.255.255.248
+# This will allow Thelonious' private subnet to
+# access the VPN.  This example will only work
+# if you are routing, not bridging, i.e. you are
+# using "dev tun" and "server" directives.
+# ---
+
+# ---
+# EXAMPLE: Suppose you want to give
+# Thelonious a fixed VPN IP address of 10.9.0.1.
+# First uncomment out these lines:
+;client-config-dir ccd
+;route 10.9.0.0 255.255.255.252
+
+# Then add this line to ccd/Thelonious:
+#   ifconfig-push 10.9.0.1 10.9.0.2
+# ---
+
+# ---
+# Suppose that you want to enable different
+# firewall access policies for different groups
+# of clients.  There are two methods:
+# (1) Run multiple OpenVPN daemons, one for each
+#     group, and firewall the TUN/TAP interface
+#     for each group/daemon appropriately.
+# (2) (Advanced) Create a script to dynamically
+#     modify the firewall in response to access
+#     from different clients.  See man
+#     page for more info on learn-address script.
+;learn-address ./script
+# ---
+
+# If enabled, this directive will configure
+# all clients to redirect their default
+# network gateway through the VPN, causing
+# all IP traffic such as web browsing and
+# and DNS lookups to go through the VPN
+# (The OpenVPN server machine may need to NAT
+# the TUN/TAP interface to the internet in
+# order for this to work properly).
+# CAVEAT: May break client's network config if
+# client's local DHCP server packets get routed
+# through the tunnel.  Solution: make sure
+# client's local DHCP server is reachable via
+# a more specific route than the default route
+# of 0.0.0.0/0.0.0.0.
+;push "redirect-gateway"
+
+# Certain Windows-specific network settings
+# can be pushed to clients, such as DNS
+# or WINS server addresses.  CAVEAT:
+# http://openvpn.net/faq.html#dhcpcaveats
+;push "dhcp-option WINS 10.8.0.1"
+push "dhcp-option DNS 192.168.52.53"
+push "dhcp-option DOMAIN wf.netz"
+
+# Uncomment this directive to allow different
+# clients to be able to "see" each other.
+# By default, clients will only see the server.
+# To force clients to only see the server, you
+# will also need to appropriately firewall the
+# server's TUN/TAP interface.
+client-to-client
+
+# Uncomment this directive if multiple clients
+# might connect with the same certificate/key
+# files or common names.  This is recommended
+# only for testing purposes.  For production use,
+# each client should have its own certificate/key
+# pair.
+#
+# IF YOU HAVE NOT GENERATED INDIVIDUAL
+# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+# UNCOMMENT THIS LINE OUT.
+;duplicate-cn
+
+# The keepalive directive causes ping-like
+# messages to be sent back and forth over
+# the link so that each side knows when
+# the other side has gone down.
+# Ping every 10 seconds, assume that remote
+# peer is down if no ping received during
+# a 120 second time period.
+keepalive 10 120
+
+# For extra security beyond that provided
+# by SSL/TLS, create an "HMAC firewall"
+# to help block DoS attacks and UDP port flooding.
+#
+# Generate with:
+#   openvpn --genkey --secret ta.key
+#
+# The server and each client must have
+# a copy of this key.
+# The second parameter should be '0'
+# on the server and '1' on the clients.
+;tls-auth ta.key 0 # This file is secret
+tls-auth /etc/openvpn/wf/keys/ta.key 0
+
+# Select a cryptographic cipher.
+# This config item must be copied to
+# the client config file as well.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# If you enable it here, you must also
+# enable it in the client config file.
+;comp-lzo
+
+# The maximum number of concurrently connected
+# clients we want to allow.
+;max-clients 100
+
+# It's a good idea to reduce the OpenVPN
+# daemon's privileges after initialization.
+#
+# You can uncomment this out on
+# non-Windows systems.
+user nobody
+group nogroup
+
+# The persist options will try to avoid
+# accessing certain resources on restart
+# that may no longer be accessible because
+# of the privilege downgrade.
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+# Output a short status file showing
+# current connections, truncated
+# and rewritten every minute.
+;status openvpn-status.log
+status /var/log/openvpn/status-server-wf.log
+
+# By default, log messages will go to the syslog (or
+# on Windows, if running as a service, they will go to
+# the "\Program Files\OpenVPN\log" directory).
+# Use log or log-append to override this default.
+# "log" will truncate the log file on OpenVPN startup,
+# while "log-append" will append to it.  Use one
+# or the other (but not both).
+;log-append  openvpn.log
+;log         openvpn.log
+log         /var/log/openvpn/server-wf.log
+
+# Set the appropriate level of log
+# file verbosity.
+#
+# 0 is silent, except for fatal errors
+# 4 is reasonable for general usage
+# 5 and 6 can help to debug connection problems
+# 9 is extremely verbose
+verb 1
+
+# Silence repeating messages.  At most 20
+# sequential messages of the same message
+# category will be output to the log.
+;mute 20
+
+# CRL (certificate revocation list) verification
+crl-verify /etc/openvpn/wf/crl.pem
diff --git a/WF/openvpn/update-resolv-conf b/WF/openvpn/update-resolv-conf
new file mode 100755
index 0000000..fc2f031
--- /dev/null
+++ b/WF/openvpn/update-resolv-conf
@@ -0,0 +1,58 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+# 
+# Example envs set from openvpn:
+#
+#     foreign_option_1='dhcp-option DNS 193.43.27.132'
+#     foreign_option_2='dhcp-option DNS 193.43.27.133'
+#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+[ -x /sbin/resolvconf ] || exit 0
+[ "$script_type" ] || exit 0
+[ "$dev" ] || exit 0
+
+split_into_parts()
+{
+	part1="$1"
+	part2="$2"
+	part3="$3"
+}
+
+case "$script_type" in
+  up)
+	NMSRVRS=""
+	SRCHS=""
+	for optionvarname in ${!foreign_option_*} ; do
+		option="${!optionvarname}"
+		echo "$option"
+		split_into_parts $option
+		if [ "$part1" = "dhcp-option" ] ; then
+			if [ "$part2" = "DNS" ] ; then
+				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
+			elif [ "$part2" = "DOMAIN" ] ; then
+				SRCHS="${SRCHS:+$SRCHS }$part3"
+			fi
+		fi
+	done
+	R=""
+	[ "$SRCHS" ] && R="search $SRCHS
+"
+	for NS in $NMSRVRS ; do
+        	R="${R}nameserver $NS
+"
+	done
+	echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
+	;;
+  down)
+	/sbin/resolvconf -d "${dev}.openvpn"
+	;;
+esac
+
diff --git a/WF/openvpn/wf/ccd/server-wf/VPN-WF-axel b/WF/openvpn/wf/ccd/server-wf/VPN-WF-axel
new file mode 100644
index 0000000..3c5e6e8
--- /dev/null
+++ b/WF/openvpn/wf/ccd/server-wf/VPN-WF-axel
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.52.2 255.255.255.0
+#push "route 192.168.52.0 255.255.255.0 10.0.52.1"
diff --git a/WF/openvpn/wf/ccd/server-wf/VPN-WF-chris b/WF/openvpn/wf/ccd/server-wf/VPN-WF-chris
new file mode 100644
index 0000000..4774ed5
--- /dev/null
+++ b/WF/openvpn/wf/ccd/server-wf/VPN-WF-chris
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.52.3 255.255.255.0
+#push "route 192.168.52.0 255.255.255.0 10.0.52.1"
diff --git a/WF/openvpn/wf/ccd/server-wf/VPN-WF-christian b/WF/openvpn/wf/ccd/server-wf/VPN-WF-christian
new file mode 100644
index 0000000..569581a
--- /dev/null
+++ b/WF/openvpn/wf/ccd/server-wf/VPN-WF-christian
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.52.4 255.255.255.0
+#push "route 192.168.52.0 255.255.255.0 10.0.52.1"
diff --git a/WF/openvpn/wf/ccd/server-wf/VPN-WF-kaya b/WF/openvpn/wf/ccd/server-wf/VPN-WF-kaya
new file mode 100644
index 0000000..e3e7c5b
--- /dev/null
+++ b/WF/openvpn/wf/ccd/server-wf/VPN-WF-kaya
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.52.7 255.255.255.0
+#push "route 192.168.52.0 255.255.255.0 10.0.52.1"
diff --git a/WF/openvpn/wf/ccd/server-wf/VPN-WF-lalix b/WF/openvpn/wf/ccd/server-wf/VPN-WF-lalix
new file mode 100644
index 0000000..6332578
--- /dev/null
+++ b/WF/openvpn/wf/ccd/server-wf/VPN-WF-lalix
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.52.8 255.255.255.0
+#push "route 192.168.52.0 255.255.255.0 10.0.52.1"
diff --git a/WF/openvpn/wf/ccd/server-wf/VPN-WF-mariette b/WF/openvpn/wf/ccd/server-wf/VPN-WF-mariette
new file mode 100644
index 0000000..a523604
--- /dev/null
+++ b/WF/openvpn/wf/ccd/server-wf/VPN-WF-mariette
@@ -0,0 +1,2 @@
+ifconfig-push 10.0.52.9 255.255.255.0
+#push "route 192.168.52.0 255.255.255.0 10.0.52.1"
diff --git a/WF/openvpn/wf/client-configs/axel.conf b/WF/openvpn/wf/client-configs/axel.conf
new file mode 100644
index 0000000..b505c94
--- /dev/null
+++ b/WF/openvpn/wf/client-configs/axel.conf
@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote wf.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGxjCCBK6gAwIBAgIJANhMyyi1cVS7MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMCAXDTE4MDUwNDE4MjA0MloYDzIwNTAwNTA0MTgyMDQyWjCBnDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
+BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+cDn8x2oBG
+oH7SDD3d9p+rRE4uzVDp/7YxuvvCXazhPUVc0BGE8hj6jCwB+tbbNlhbm/uwxAX6
+96kz2AmoGzEZQy/Icb+UKNkKni15PUEaCcFWkgb9mMb/6XBP4JLUdnxxUn5rYB8A
+m4jpKzMz6tBRlNmLbDVbcHriLuJJ3mgFBN/QYV9zurKzMRLv6Y8MVzLXY6MPYaFs
+Lw398Iz/lIVLq40FxZ7oktvT3RFQUFjiTqBvdmQw91MYxJHGYZH6XB+tPhGw+9D7
+w2ejAvv3MQU246oaEyyH3Pgh8GajSdKmiTH5YHRkp6LVnh7IGEZ1G7dbq8d5KlZP
+zBP+Xdsf0gkjl3HI5cu4RJHWFg3dpNJxatxXc8owhaLa3wiVwSXobNsQBUNI5CeE
+OItnetBLZzAmDlS5WoOAj5KMApun4xQQJXaazTaM5LhUN1TmXL6dq6rHSZrnrciV
+aM0M6F96h0OFYq0RxsztXHiWFxJgbuNQSx1pzqsaFe4MtEEpMlI4SRQjtJPbje80
+HCELo3Qfuxm6vLSGH1jXozhDt3/3jB96yBT+wemN3wxiiR/fWfmwH0k3VEFxbsBR
+sMcgA3xopoyHU3cUQqWkFaKT0gBa0t2sZqpsaRgaR4YzKVuHu7Wezb3VRAt9VH35
+E97yq3vv0J2OFN4trPMZ6TdRcRppe79bAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
+Tz6IFOGhISjj5ltza9wPl9lg9fEwgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltz
+a9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQApiMctoi++fFyKUOzdI5p+mJLxldQD
+Jx6V6aY3wZRtKerXFuH+rAZDcBg5pCc+IwVYhR0ilJGvSFrN3nsipSRYkev3W8F7
+8NBD0I0A02WmwOZA9GM5LAwc3w7dkGKLTIFM/qfwti4Y6o0Sb10r8QKhggiNBO53
+Z10StshS5ciUtw0oH7oTRbsXhLOwwikkBxQgeCU5IJUtC2Xp8uG6Mrkqva/l+PIe
+I83YPlE6NGiok2N9Cg7wx7Y65hg6F8lLePIh81pPLVujr91B1Y9Oc/iKwDZ+f0ep
+uWnLSZJYbCrv4/QqPi4Km7CqJlPy4Wj861U2SmNkzJC721d2UDVBcFoGw3zIszYl
+zGdXF71fcLqThlU/EwNgSOa/hQd6mcCZVBh0qlQHp1nefCUM4O5Qd7swSTV3Bdbx
+wkkH/lWRPURL0qMevF5KNYT+dUV7Tplf11cW8D3cIe8+mr7p7FnFjKlbQ+YQQZ+O
+d1zX06ADQPLsOat4FNwAkxBLSQ0anK9iu0xZUNy3RMRsLIX/gtl6qvxnWvuy2OJs
+3bjs7hauPZLwycL5uaFoKt8twwomLPj4tE0AsWwxIGK7vQajJl755QNEgHfUd8Ng
+U9tR185HsyrrKii3tuxGRwJGeN5IQkp/04CL2jVYYzkqe7tsr4SPE++hj/vK4zrw
+E+i0hdVFGZBFNQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHIDCCBQigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTMwNDZaFw0zODA1MDUwOTMwNDZaMIGhMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxMLVlBOLVdGLWF4
+ZWwxDzANBgNVBCkTBlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDA0eJw8/wfxlpVJeWU
+4cY+FVfSuZ8ufh4aY/KWzaRLfxv3kPa/y84Eb2hQUmo3sqSz/TyIx/Cb/kxdri2a
+PJY3Aa87rK1EUZMg7tSFmSLRxW16g9DmKeXJbLFzkFhAIX7xvHoIlMdHlrOC3BOx
+6OWHTowhLH83XCoK6h2gF7s7++cKEhzuAfPeSkf9ufl37oeEydUz7rlX1xKwTb/6
+FvGCGC2yyJZ//ggglmXZd5LnD1/8ojq2rlnWE7y/0aNaFHTt9ONrp8kOa7XHX9i2
+717pDmhKfS7iGhO5+eDcs0MZCUJNCeBF0Y82QF3wa8ksJhcXxlsl+qgwH2JX6Q8J
+ql+AjnaMwemPWWJHNbMLbcE7VBkjtxFjdO3uqr+guVExY2TpBrEQZRTbQcxSEdm7
+rt51cIAT9WzsLS3VtbEL3S9rEsAcLJyS5amIGdWQ8pAI2qC8lUB/EMuJrAPxgJjK
+3xB6cqhUgDO69uUj9G3WEXVh3YcO9OHkKrdue2r6czqXIwV4n1MFfl3OlSf26jcZ
+stbtg57AhbgWerNXCfSUi4BUmAbRLM0vK8O/iLWizcbztARLvQhqeATYixaEW6U3
+DC47HgsUYzVFZyqiJh84QVPog0gMYKAl1n46nmh2ncrwJ0RFbZ+t+xkuvIsrY3Z4
+Y9eLCix2uEiM64epHYKvc4AlzwIDAQABo4IBZDCCAWAwCQYDVR0TBAIwADAtBglg
+hkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBTOxbPc2G+P6gmZuUFktyLVvPmmmDCB0QYDVR0jBIHJMIHGgBRPPogU4aEh
+KOPmW3Nr3A+X2WD18aGBoqSBnzCBnDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
+cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
+EE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEPMA0GA1UEKRMGVlBO
+IFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANhMyyi1cVS7MBMG
+A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAPBgNVHREECDAGggRheGVs
+MA0GCSqGSIb3DQEBCwUAA4ICAQBdYgR+uA1hT/tWVz9NqfhvaKWrkhyyBDJfpAIu
+Oh3YWSgvjBucM6PDF6hfUt8M0ipSbAhHXxLKUJ7LTbJISmcmn6B5OUG+oS7xUYKB
+kL00VJufelZZdOZ0sOnPWlKF39tmdhQDrgr9PG0q5fR2tSwyaRHXlAtABS/avQEE
+05060ZO8JgXxF5m521KTELba0CFTe+SGEv1nv4d9z811gC106Z7Idt8jPDfLwJBB
+6vc4I9ZfVFWyJzFO01QsUal/FzDHIRk3HR1186Rzy3nRvrRvEtrwvlHG2y9OtEZs
+WrXFDcdEAO7MlnmpRe7N3GlxYcClRgUk6YWGzk0+OqW7fO8uClqfsh84S7Bn9Y94
+bnGGQ56ncYVu4hm0XBhjSWsK2lQpTRgFgPkIh+bEagGww3rS7s+TuUO8Lwsfi2Hl
+ZAjERVxbUr4fUVantBXEiGrP0Dr6NAPou4rlSbtgHbf949O/DHwoFSbe+FsqnIg1
+gKZbolWtv2lW+Ol+qEwKmURI1ZCKQT/RysHEGMaW4fByzCw1jmN4GwD2HWuh28/1
+tuWUJ+kCvTUqAYGFegEqiCMVTj1bmjH+EGof0SkMRnLtJXNhLIwpiFV+ROlv2TNK
+R0ihbhePvRLfR9rWOkp+1UN+xgFeKbxEFJ8MOPqGD0FdWukngxJ/dS/oBtYq+V0K
+bP4Pyw==
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIYiFMMREJCT0CAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLm6bnbYcf1gBIIJUMrfL2VOB/rd
+fSk74V0FZkJVsFhVEGZJ0jWM8n75cUO+yOB1wcXv9RczeEtW2e8ZU4LEb4aJZ7T3
+RoGG2UxTsrkrN1Tw2sotuNIea2hT1+sTPbc74GJmZjf2BD2BIxpAS6VLkKGLoN11
+c+1euUsLcs8Y1Y6T0Ig0aah9tUjp3qeA0pPMvmtWg2BjnmG6oU5FJnxOpuX/ItJi
+vm38fMzApjh6vW6vxhD0sPdhanWdKilE+SPpe6sPCfHanVzVmP42NwMofoDrE5bP
+CxMTJa2Pi6dA7qt+9HfeDfzOHsfCvlGAnwzumwKQx4O2BO+JQjC1V9WUEvo0zoHR
+/+aHWZIF33pJmZJw0kIbC/WdG/SevK22BtcGy/+So1WRywkmtckP5oPcQ/ej+p0V
+2bkgRGCfyehuoiBv8W7lCqvJDbdmSLBLrbSWhLHPfxfhW9Yqau3J2oUgQXel3G8F
+9pECEQHVm3T54anPqEol96dYhP9inz2/BwFQqGaGrobJ+TOsh1DRAQpM8QMElWaZ
+xjX5qcFk6O6Uf61uTOwcQnfxZD6vOhqHSmFJ4AQy6M2SBXM65Q1S3ZnRpWKJxXBg
+jspgK2iWDwtoXHGFWpazBaIMd/PRmYmibOAZbCSfRvgfkTXE3+HeZwk7ZCwKBATY
+u7oHxdcEaccuLiq0HXutTOjyKUk8ui33FkwI6i2v6bcsSDbj0RiGjPQmdxxZG2bO
+yL1JKHMpj5sIS0ZjfSmoOK4u3bEd5TvShPplIVqf79SRUJEEOlqNxXTjkAdG2OXQ
+GuNscbIMrvJ7zVyQgWjzfMS0PdSHpeHAqgVLxcjkDTFEHIssmzUSCq9sHVKAQX4h
+IDyNJPHWwRnH4pfUGaS62zK2WCFM6GSolPtS5ZwJxgg7TRbKF7Z+ThW7n0MwHhZy
+zJXKUL5fJurZYnLRgDzlVR3NsKkYg+Wwxy4k8NDGuYsx7zlQOfjoYe506ObxY9ih
+YkQUX/s9AY2VZGWPypis+hZkJCVn7F9NMKOXVjDs4zMGWyhzRVoIwU0p10JqqRPI
+k2V/UTYMkWseo1blIitT4ZEZQHVG+ciQsHQA/MBCBELQCl/NKGHjC0I9LRcFp5Sd
+x6nTLCRb1i6Xqd1NRN/uF3BgJWJoPu+fBhRPF4ZI1YF+POaegKf80y3vbIMpaBUp
+Ok/kS5L22NQvd0moHDKKbIu9H0q3WKokkipmi4cQZWslLO1ZGH3eoN+hyX1qHQOk
+kr/bSRfYLdjFumXmw1t7HIu9I8sFnpyoJwVlC3I6zBYPysS3XRzQM4+sLcHR2Stw
+9/ucvoLPuYI8Pyyk1WhFMLZtAjsDdRrlNgd3DcBbuR0ldCdMb7DQwj2LJDhaX0md
+0E9xpwy415GQDYFkKAuOL5s1oTPbYBVqugErdfZMYU74BDrcxi6Bo2DfnmTF8/SR
+0fhhihy5PboH+vsWT1CD4rHaxEFi0JnUQoMgFjUrdcfykz4Y7EPOAKOQ2I6XRhfF
+fJfMi4c3iVa1NOd/4Kw6sh+/l1/XZxbdEwNd5CQ9Xa5WDQDglOqkf4Owkg9dYnTS
+sfIX9NkQ9yV3n32UqYCDCIIlYnXfHo+cuFMqTwcVOi+acfag39aVSer5M7RUoeVu
+JRcS+yOCRkIvm/SRt1XFVB4S1ZEseiSwjwdIvTtXr8bRzIpd3WF+q95qGYZLwISR
+zc6WspL6d5Ll48yRntjV7lIgFt1bZB/Vj/U2c/+S5pIIXSPZyIuN8RYiL4IhZmxa
+deMIB8Sx5ZriTn52vEUSje1dlolBr5xL+ifpG8IRSwa4GaRctBVrSNguTfx0ZKyQ
+Ku+jdBiGFs1TcAec2Zlj2IGL+LkLuCF/ZaHQwkp7egG6tSXmpK6dk1VoUGb4HUXi
+lwSJsW1kNj8nVvEvh8m1H7+UyI6y/jFUeuyisM5KV3UFOQNidKsmRBKaC2JlI3Zu
+iKJ/jW2O2SwRMm44U2DgNjB05Jr22V/plKhUYFxhVB/1aBeoIywtij0BVY85/KZz
+5Q2I3U33nyu5ewTfrT5essBcgKYJne+7s61yaGQeHjJCEbKNKtRtLkQ5vgdleWgg
+LM29Oxr+3jjyB+dcIVe9EtYHZ/lF6ywuEeLH3RAdbmhPigt6rM0+MOnsIQOvjN9O
+2DpGRvaBeA7acFPzmMJoKk3tQDh7tpJY4cgot9AvBt0US0XUvYSQf2In2S3ifSWU
+9uz8otdB2rDf+OFU6L4xg5dTD8nqTHt9z7oUEeJWFz2C4qkZ4+10Czb3QRxj0OlB
+isIkMh8k7kYQ4rtrZCbvkVjAJwnUQFI5zFBlo/8GfroOVFdFlx8kG3t0WAXJ9aX3
+YnqUoMywxSAz8iBfN/sjv7rkgobozPlqEhGwEJ8hKBAf1HCwVegi5tmlXfXmLbSt
+BWhKrJG98NwRApnWzFFvui4qiAGeXAsKx2/3w0An3sUwLJjUcfZNGsn/0wt56Hid
+RP5Od59n1+UHWe1eMBhw6lZdvaVHostAj51kdGsuacr3tJN/g5Cko49NyJNI0k+U
+/0+Lgxs8rUHHYe4SXeGR4Ri2YgVEJR3dqOPaiIiK4vg3wop8VLN4W+4PLqNFKDd6
+RGn3yyS9CkR4Jqu3B5ezLCjwvTV+pcZ9UqlOUOK2O/diE5ro+2sj3zuw5rUUolwx
+OQ9ex3m7JrqGadARhtc5ALPY4OmkbddIDL0ewc1PysMB5vATWMH149bmtKJSx5u9
+tWnxzpFGpQu2YMyFMkNexbWHLMtZff7mXlwUk5NMgvnHQ+EdCaqj22zhQoRgL+us
+SdL20wEBm+eEPgiWMSk1nmrgen1kU3gKRQzw7miqsSPnW+PSfJvxnbib2uuclHZS
+8Sz56xwPksT2gNQvA6ir6ndeOAYJpMW3bQrQr8GLfiNDcUJ9cCNWJtfqZcBTxvvf
+iHpLlNGBzwk5XDJuCJE1o6pkmF5fQMjBzpntre4df2kIbxuC8Fyu1TLnT9bgLywe
+H8azR+2ZYDzSXtPYN+dOgNfH7AoCzLHczvMGLeCttzeUgvMPAesJK6BthIuJpxNV
+01oaEQSrU49tiRgC89tgZs267MrIPnkUTlJoz/PW/wZ9f0RqnAfCMZLb7nj+p083
+5v+d5g33xex9CZ2XUb051wdir7pamEUV0fpnCBAjRtjjb7PWMuOZjop7L23eMgbp
+9obNF+BPYXYzLgSAioucrODoPEV2gYSi
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+055e6b31c205ec1ace25b0ef1f0b3e80
+e74c454b9136ba2a73e77af7d1a69e27
+961a2792f86003c7e5477606511ab117
+86a4c648a987b4aed406d30bcf5c32b4
+da5405b247161f9f1cafcb82df78f63e
+e2151005472f97c913ab994c2b2fc3b0
+2c8e2b7d9b466a1f092f375f2a08f561
+b8e0c6bd019a5e9b9bc821715287f279
+ca56cdd6fcbb3fde55d44da9be2ec86a
+b81e52bc44f7c92174795dc12f95a6c1
+beeca15154a9c72872c3f205ccf601ea
+c610bd2aa828e052febb747c02cfdf4a
+959e9a86a01863bebb30ed8f79d13dae
+f58e8dde86d46026a27de24e6db51348
+1d395e5736eab696c653d1f68a972dc1
+e47de0993b8b5d57ecab103e70c4874a
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/WF/openvpn/wf/client-configs/chris.conf b/WF/openvpn/wf/client-configs/chris.conf
new file mode 100644
index 0000000..4123805
--- /dev/null
+++ b/WF/openvpn/wf/client-configs/chris.conf
@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote wf.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGxjCCBK6gAwIBAgIJANhMyyi1cVS7MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMCAXDTE4MDUwNDE4MjA0MloYDzIwNTAwNTA0MTgyMDQyWjCBnDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
+BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+cDn8x2oBG
+oH7SDD3d9p+rRE4uzVDp/7YxuvvCXazhPUVc0BGE8hj6jCwB+tbbNlhbm/uwxAX6
+96kz2AmoGzEZQy/Icb+UKNkKni15PUEaCcFWkgb9mMb/6XBP4JLUdnxxUn5rYB8A
+m4jpKzMz6tBRlNmLbDVbcHriLuJJ3mgFBN/QYV9zurKzMRLv6Y8MVzLXY6MPYaFs
+Lw398Iz/lIVLq40FxZ7oktvT3RFQUFjiTqBvdmQw91MYxJHGYZH6XB+tPhGw+9D7
+w2ejAvv3MQU246oaEyyH3Pgh8GajSdKmiTH5YHRkp6LVnh7IGEZ1G7dbq8d5KlZP
+zBP+Xdsf0gkjl3HI5cu4RJHWFg3dpNJxatxXc8owhaLa3wiVwSXobNsQBUNI5CeE
+OItnetBLZzAmDlS5WoOAj5KMApun4xQQJXaazTaM5LhUN1TmXL6dq6rHSZrnrciV
+aM0M6F96h0OFYq0RxsztXHiWFxJgbuNQSx1pzqsaFe4MtEEpMlI4SRQjtJPbje80
+HCELo3Qfuxm6vLSGH1jXozhDt3/3jB96yBT+wemN3wxiiR/fWfmwH0k3VEFxbsBR
+sMcgA3xopoyHU3cUQqWkFaKT0gBa0t2sZqpsaRgaR4YzKVuHu7Wezb3VRAt9VH35
+E97yq3vv0J2OFN4trPMZ6TdRcRppe79bAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
+Tz6IFOGhISjj5ltza9wPl9lg9fEwgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltz
+a9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQApiMctoi++fFyKUOzdI5p+mJLxldQD
+Jx6V6aY3wZRtKerXFuH+rAZDcBg5pCc+IwVYhR0ilJGvSFrN3nsipSRYkev3W8F7
+8NBD0I0A02WmwOZA9GM5LAwc3w7dkGKLTIFM/qfwti4Y6o0Sb10r8QKhggiNBO53
+Z10StshS5ciUtw0oH7oTRbsXhLOwwikkBxQgeCU5IJUtC2Xp8uG6Mrkqva/l+PIe
+I83YPlE6NGiok2N9Cg7wx7Y65hg6F8lLePIh81pPLVujr91B1Y9Oc/iKwDZ+f0ep
+uWnLSZJYbCrv4/QqPi4Km7CqJlPy4Wj861U2SmNkzJC721d2UDVBcFoGw3zIszYl
+zGdXF71fcLqThlU/EwNgSOa/hQd6mcCZVBh0qlQHp1nefCUM4O5Qd7swSTV3Bdbx
+wkkH/lWRPURL0qMevF5KNYT+dUV7Tplf11cW8D3cIe8+mr7p7FnFjKlbQ+YQQZ+O
+d1zX06ADQPLsOat4FNwAkxBLSQ0anK9iu0xZUNy3RMRsLIX/gtl6qvxnWvuy2OJs
+3bjs7hauPZLwycL5uaFoKt8twwomLPj4tE0AsWwxIGK7vQajJl755QNEgHfUd8Ng
+U9tR185HsyrrKii3tuxGRwJGeN5IQkp/04CL2jVYYzkqe7tsr4SPE++hj/vK4zrw
+E+i0hdVFGZBFNQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHIjCCBQqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTMyNTBaFw0zODA1MDUwOTMyNTBaMIGiMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLVdGLWNo
+cmlzMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArCi8XLI6OCowQPLf
+JMJixpFh687fZPQ9C3LD91gnRbZ7eY6hXBA795Jd19lhAnB8w47xykFgUGhfvaLP
+5u+yrYLd87tCJ1obeYcekyoaJuLNOaGmRLtQBfYAuYwREuxkwYxiLCfyIXGrLwGX
+DgusermEa01ppZAIxkNyuSd+MbEYQWDIWgYxnI9fBmoWdUetxl9tS8E6nH1ALC0B
+5HYTFwsOiq7YVPtpxJuFpL3YTUguyC+5kumMu1xEfjmkK+orHYrA0jkE7nZDoQke
+LpWD0YWR/NegEgq5bNQi4vlONqZ5GhJTdVb08neYgtndY8G/l2KZ7W9VNiD61hFB
+tvskstUqLFxY0rz91BQzKtfb3nnJJR6SztCOA1iawfipKypvU0dlQjlN8L7z2a8H
+QgeL+owX+29IX8oBwt8ZOCX1M+hP2sWeRsO0nLTEdb2H9RH7+9YBZ9NJRWWWHidH
+e1aAFH0CiRe8egoqnVofHKXXwO5DGuFBsKpqi8m+X/9jbMOgWmQSoMUEiHoUnBfu
+nei7RZ4LMnSNifqVK0IbKpyQ8w91eqRB9HQNKv02M8lJ/AsfRXjhxCVepGyh3syF
+d53e+F2wJfX1SyIZSRDyuayaHNtgGMEqN+FeuXwXsyZoj/f0EHXsEaoJvZNA144r
+M+IHOU7MX3rmWz52oUcaRZDCje0CAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
+YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQURLi5LZhzOnrufjlEXb56hJYcmpkwgdEGA1UdIwSByTCBxoAUTz6IFOGh
+ISjj5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQ
+TiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAT
+BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hy
+aXMwDQYJKoZIhvcNAQELBQADggIBAH83wyx/dT3/7Qyeq8H1BvfmHSMgdfCxWopm
+ziGhL2UNOBbXKcf+Vm52i9UlzSCVZ2/w04cDA+dph+pFjZ/qvY7ZrUAkDZQrG7ou
+Z4twULERVLVl2vdfQgixbC2DOzx5l7DbVJKYXnb09WsklXAGZl8TyO340YwDz107
+RjGFLnrlPCb2fyBV1i68vxNB9jKHryY9q2QCLNK7zP3+bGeHLdYt/1CgQoydc4pn
+L/Z7YcnLKcyGViyfIQzrM7ZmdAceLQA2aaAtanJ9eDMfWU+j73ROrfy6p+aAndXE
+uai2ESwson7+5Rf8mLIfda30JFj9QE9RS04/yOGSG8W5s3pww+vpxX9A9MpTLiiX
+fErYCZT3yAvpRXbvEiNBL5m4TPGVzZPiV4MRfgm6ydxzsJVWR5WYcObPSbbykuMp
+ql9BDzWh/YSZqMV543CrPGJfr5DcSpQflMD9f+bha7z1dzk4Hcz+/Kl8XEW8Pc0/
+4yIn4K5tIOB0c5IEiQqK5+rDf+I2umzw5CL0odPrek4TPaahqOkJL4L/ZKmqBy8h
+G6ieS7qHi6MkTCMVYPREUy0qsS390GmRVwJtrZdV9ugjoyOfzjh4zh1GkCoyngeB
+5Q8+nr8GQYFUA0+rVau2E42bXnFDwC+SqGxisZFkj6uyA6QiAnwVqxmDXtgwaJXy
+6K9l2Ogr
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIO8xdzGddC/ICAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAssHpVt0na2BIIJSHCBMo0JSJOq
+YeavxKLQaHgi4cYhkRb5tpe+Rw79lKDOAnWOvf1omRdqapHAQfxworEXp3YbxUXe
+aV37UgUR9dXKGf/ctRCHou864NeE3+XRCjKbhEit5jO+IqqvuoI+7jL4HVa6Btv6
+KL7bMnVmafymTaA308qg6Z4RG5zDIuktOtozDq3JAMT8DslRlsh0rL91rhSM00/z
+KHot9q4Vd4XJ7f5NOR6FBUnDDB3+fHJlvJBWCdE4foWSTHQYJHdh5iIsvPOAj9SS
+uwRvtX9QaucoRsjc+YCHTn7BLkyDbfgabjBOA6bDwgG45sJH+lYW8Wj2oZjZDQ6n
+rjm9kjYK/7tVCP/6djXI0xl32g6KxUsU8GcOwpKqofOQ8gpJy/8ygiJbHQIv0xY2
+kYE509bPQQdVvrEJciX2vkb9L2F6I8Q6q0gwQ1vIO7MdPbZ+FZNjQYtcwyregJzj
+DRQnCqLtsfuPg8CfV/6fhLIwpdCgGf1dCxJXG+MqntNS6bIqgcNB8/S/v6FWd5n0
+IzdaCpMQq9VVDVyHDH4ZJaiTom62vaOn4fJZBhPv63csg4GpMiy+na9OYaCk+m76
+zK3YKitw7Mvj9xaQ4swsGxLdP48dXuxRYweytZkK7wlf4L1qhVbsMK2akeZxq301
+OcKAI1lfZykD+4CD5SGPWBDNrTPtZxPqy6SB0F7G9Dv5PtkJDdQ8EZwYTjZNRMKO
+Pc4Rhj7RxBXLcUDG299hmUi0LaS/bDJax7xAs3YmmuDkR0Je6S+vTfAMHycof4KP
+/4xXiYnP8qB6do4XL+ZpONhTciUSVDbR69ODcfvJr6cRq0QPANy2m3nQE1d+aVhO
+kQ/weVpkiH1U+rJEaA6DdhBuMi1p6X+GehV7KUoKhlR8mgBpyGER0NQkAvWdcs4y
+2g/tcQ23KC2k3uBgA2OI/JiALPJn1Z2f+7UE5E53g0C0J8IlioxEMYwNz/lMikXs
+kcGZbMVApzvoE473S0LZ2vIx+hU+U24iGNRqpZis3fZt8Sry1HPynD6ShFzk64fj
+nwLdYrUmhra0l7DkRfJns9SHo3T6lv/MptbemeEog3/L5NEN3nnovAWXJOfi6XOd
+Ih9P+x+xXYQlR48V0/hSutN1sk9zcr5ctDrvWJYiw/mPgX2VdvcULTN3dwelwnP7
+H9uOYwPiDiSRahoRDceNu3kFWyMkfaFjizK5tdyF6IS7xqkPWegc7akfZNf3V05M
+YeOnhUiFvJ6nG9B33SVB/uaOrCPLdfalPfzcqHM8xmfpgabr6EqEYKklniNZhMrz
+3l8H+tDtUT1sWUoVD/SM/hry2Gfrb3mYFQcoUCh6Nm4ughNGjdqN3OfHvtlXlgBI
++QekPCU4G9qHeLw82aemnioJIYpp1YEES/C0MEhrbQotcNyWBiOrYX9HlMbN4s+o
+uQGpRwdLigp1lHwKCeh2JxcIy+ol9wDeB3GojcFC28Q5pegx9fHeHnARGyqH2zDg
+KsCARH2Px+OJ5GdNktW1pDPZNtPL321fEqbJS2RFIH2lTqZ4iiTe7EFnxVWYTGcj
+PizsE0drgNEOdHOU6R3YbguM5FjPUuHRQ3xY/5EBxDNVugWAE+eyj2I1UEtl8vle
+pwmPOlD4kPI2LpyhaG5us7e3RnjUt1zr+u+OYTnr3NQ2EbHV6okR3f+l8cey6xmR
+Q4G7CgddLcdmkKz/cKodzobxzlk7jw4WOKG0GAOcnDp3EnuGISCzFu+nJwBt3nCk
+VWTIg4TsD1LbFmeamXwLGJ6QryTQ0oqKc9OPV0M6SGvyhABax+3px9KI0/7sgCg0
+4ehcs1WZA6DXTO4ZDGEdVguYUQ7UAvIgq5UswKARowQPWO3MVuivlXtJz6yXAlzl
+/s5P7XCETAGB+6qh1+Ofq7zV8Pr6Ply00qNNU2hbBjLYHrip5Wjb2IqRT00k033m
+N2Dyyg13Xika3jj6aaDphQ2XjFghL3f08NZ2RPKo2B1vz/XKNDCcTse9mACGlSjp
+cd6SmvRnOf24laFvkSKYG/oBmpUPnZVtnIzP8jprxbXzIAeqd2wx0PeSaDNzts+9
+UeOfUAM+Gn+ER5teHoStVs5x2EF/EDWQV0RPTEWuQIrtf0xxG+5owWrFN+msk24h
+VYi4cg6gVaUDOjp7W2Mvk10AnBnFZkiNf6LnpCQfH28UEZmthPzclQUZGk982Pt/
+ZZ5vcScNZXLZtOr4Chpg3nwGfmf+UaIP9O+cGmlL0rLUthQvvPDSCwbZ3USrQufG
+Mp4y67fVOBqkiR2jOqlD4jfMZ3K8oEKyKEJ4FTw9VWpWBMF+5PxRTsKZKq+xigSA
+BQYAQai52xPquFVKcp+SQuVNDDlzvIwaVkXDVA53TbBxki3EGgP8D5zZSteIyW7e
+bPKgX/IJ0v5/iI+9DYBqpBTFVETwjCIXBfq3JwngZHicrHGw7suguafXhF6nQx62
+ccZalnd+Rx5l4d5bPbvymw0dzmBH8/Z2tPO+DASsfRoNKOo1lbI/g4Z1HOhW2HV2
+qs9UR0F/G0y+vswEaNTAYyupuiRNCSw6L5pFkiKOFgqm83MccNOImvGfS6r7zUIN
+p24E+Y8EwQrP74AOqywOLcQpKIrkS4iYkVcCIHmun3pvD/r28Vs5gFd1g2InrfKO
+U75RSOrxqX2a3wkbpmRvOUuT0rsHlpnDHm6k5ImHaad6XHVnUptPeIE3STupQlDu
+XzWRe2dHIhWrV1yMgxjgj+Ai1GqmA1WBfDF8aXrF6hvPk16cSZp/UDwtjl4XLAZ5
+L9e3r0Pj3NVLooNdbOeh/mdNnjtziibSFl4PFutzpFGLvpY4ud4GS+28oBZeSo4A
+NMTNKB+Ht+QdBjVtUaKNafMl6lgeMpIdQyNIUg5OAAjepX/g8vRJX+PYBdr+DV+a
+hu453n2dQzCkXMaU/rYyN9saGji+eaaeOremDPp7TEqMIzDWEw4OlYPiStciSInQ
+LfwzwNdb3Q1C6DZr+QQaGjUYEkmz2Z+Gg40Vb1Ym+0QfKVVYtzy52Rrho8DC9zjk
+EIOxlGJ+EIdUbV/eIGUpJmxaW/ttDLTq6yHogjB/S2w+Lch4DPptrDDqN0gwFfw+
+Cz+apIU9u2o3GPdrTlaZmHtrEsFgOFma3lWWtafLlHdUSOjL7/QDwXJi/8W+JFAF
+Kb6X6klzhdmY/fmoxJ1e1w==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+055e6b31c205ec1ace25b0ef1f0b3e80
+e74c454b9136ba2a73e77af7d1a69e27
+961a2792f86003c7e5477606511ab117
+86a4c648a987b4aed406d30bcf5c32b4
+da5405b247161f9f1cafcb82df78f63e
+e2151005472f97c913ab994c2b2fc3b0
+2c8e2b7d9b466a1f092f375f2a08f561
+b8e0c6bd019a5e9b9bc821715287f279
+ca56cdd6fcbb3fde55d44da9be2ec86a
+b81e52bc44f7c92174795dc12f95a6c1
+beeca15154a9c72872c3f205ccf601ea
+c610bd2aa828e052febb747c02cfdf4a
+959e9a86a01863bebb30ed8f79d13dae
+f58e8dde86d46026a27de24e6db51348
+1d395e5736eab696c653d1f68a972dc1
+e47de0993b8b5d57ecab103e70c4874a
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/WF/openvpn/wf/client-configs/christian.conf b/WF/openvpn/wf/client-configs/christian.conf
new file mode 100644
index 0000000..3b8981c
--- /dev/null
+++ b/WF/openvpn/wf/client-configs/christian.conf
@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote wf.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGxjCCBK6gAwIBAgIJANhMyyi1cVS7MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMCAXDTE4MDUwNDE4MjA0MloYDzIwNTAwNTA0MTgyMDQyWjCBnDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
+BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+cDn8x2oBG
+oH7SDD3d9p+rRE4uzVDp/7YxuvvCXazhPUVc0BGE8hj6jCwB+tbbNlhbm/uwxAX6
+96kz2AmoGzEZQy/Icb+UKNkKni15PUEaCcFWkgb9mMb/6XBP4JLUdnxxUn5rYB8A
+m4jpKzMz6tBRlNmLbDVbcHriLuJJ3mgFBN/QYV9zurKzMRLv6Y8MVzLXY6MPYaFs
+Lw398Iz/lIVLq40FxZ7oktvT3RFQUFjiTqBvdmQw91MYxJHGYZH6XB+tPhGw+9D7
+w2ejAvv3MQU246oaEyyH3Pgh8GajSdKmiTH5YHRkp6LVnh7IGEZ1G7dbq8d5KlZP
+zBP+Xdsf0gkjl3HI5cu4RJHWFg3dpNJxatxXc8owhaLa3wiVwSXobNsQBUNI5CeE
+OItnetBLZzAmDlS5WoOAj5KMApun4xQQJXaazTaM5LhUN1TmXL6dq6rHSZrnrciV
+aM0M6F96h0OFYq0RxsztXHiWFxJgbuNQSx1pzqsaFe4MtEEpMlI4SRQjtJPbje80
+HCELo3Qfuxm6vLSGH1jXozhDt3/3jB96yBT+wemN3wxiiR/fWfmwH0k3VEFxbsBR
+sMcgA3xopoyHU3cUQqWkFaKT0gBa0t2sZqpsaRgaR4YzKVuHu7Wezb3VRAt9VH35
+E97yq3vv0J2OFN4trPMZ6TdRcRppe79bAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
+Tz6IFOGhISjj5ltza9wPl9lg9fEwgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltz
+a9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQApiMctoi++fFyKUOzdI5p+mJLxldQD
+Jx6V6aY3wZRtKerXFuH+rAZDcBg5pCc+IwVYhR0ilJGvSFrN3nsipSRYkev3W8F7
+8NBD0I0A02WmwOZA9GM5LAwc3w7dkGKLTIFM/qfwti4Y6o0Sb10r8QKhggiNBO53
+Z10StshS5ciUtw0oH7oTRbsXhLOwwikkBxQgeCU5IJUtC2Xp8uG6Mrkqva/l+PIe
+I83YPlE6NGiok2N9Cg7wx7Y65hg6F8lLePIh81pPLVujr91B1Y9Oc/iKwDZ+f0ep
+uWnLSZJYbCrv4/QqPi4Km7CqJlPy4Wj861U2SmNkzJC721d2UDVBcFoGw3zIszYl
+zGdXF71fcLqThlU/EwNgSOa/hQd6mcCZVBh0qlQHp1nefCUM4O5Qd7swSTV3Bdbx
+wkkH/lWRPURL0qMevF5KNYT+dUV7Tplf11cW8D3cIe8+mr7p7FnFjKlbQ+YQQZ+O
+d1zX06ADQPLsOat4FNwAkxBLSQ0anK9iu0xZUNy3RMRsLIX/gtl6qvxnWvuy2OJs
+3bjs7hauPZLwycL5uaFoKt8twwomLPj4tE0AsWwxIGK7vQajJl755QNEgHfUd8Ng
+U9tR185HsyrrKii3tuxGRwJGeN5IQkp/04CL2jVYYzkqe7tsr4SPE++hj/vK4zrw
+E+i0hdVFGZBFNQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHKjCCBRKgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTM4MDVaFw0zODA1MDUwOTM4MDVaMIGmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQVlBOLVdGLWNo
+cmlzdGlhbjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMrjSiWHxe62
+Rb+tLgvs4MCHwSg4QayhlcVv6u99TdTjPNKJrfgwD3DtDxPTKyhjShXEebTbd7hJ
+TuHmKWCVs37Bj8fCuSx548tz8OU0kzhyWXM93+6HbwwLyCbWO2OmwWYvTKaD9lng
+Nq8XdcwUFpTvwtZh/kryL3ssckjKTi7mwHOXEOAFFx+gbNGUZ7AJ8pINymFgkebC
+0OMKJCr77YkYOJyO9Kyb0AaJ0n6IpjlxS5tke1Os7hF/MSIFyz1yQC0aZo0b+M6U
+IMXAbMVkrCmD5ZkQbqfA1c+pQVLOxt7gSX+gj3wBmScwiiMLpFo0MIxhkUrsdfa/
+eR84/9GL1+1zUgfHN5cfzikJDKdL8xTIPxUzhdRl63Hmr/EXcZdQ6xQdlgvIJYIV
+6fwuPlNbunoLNezWpaNw3KCvD9wI/0FwlxZ2bxO/7wQSLMCrIq21VjcR/igy2Gqw
+0QnvLYsAwra2QbxLYBw+ZJYEnoRe/KqdDo2mpa9uKrg/BxVlCow9Gj0KWDwFy3wz
+UN/bYzNqCmFaqA2ZErjHLKhTCHfA1qnekyznUug4k+QuHQa67nFBSbeuj84I128q
+Qxxm7ZYWaTR+ZEP0GQ265uVzNRk90egU2Pn2OG1TJ21mH4h982KXogD1hdPUkr1N
+FGnO9Wuq0DHTpmTRIVOgpZ6jPeDZRZvhAgMBAAGjggFpMIIBZTAJBgNVHRMEAjAA
+MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFGkNeUkJ9ZXFcSLpt/1Zp1oO9d8cMIHRBgNVHSMEgckwgcaAFE8+
+iBThoSEo4+Zbc2vcD5fZYPXxoYGipIGfMIGcMQswCQYDVQQGEwJERTEPMA0GA1UE
+CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcG
+A1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMGVlBOLVdGMQ8wDQYDVQQp
+EwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA2EzLKLVx
+VLswEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBQGA1UdEQQNMAuC
+CWNocmlzdGlhbjANBgkqhkiG9w0BAQsFAAOCAgEAqy+hcnbioyN3CIVwiZOUG7Ia
++ya+EWo7HDCP0xYUm7MTofFF6uOZrqluOOYuDAFmyNPg+7ZA5e4c7/GHbHsMvQf+
+CG1SwMso5/+nmjbbJagCNeHl43BM0kwSLNeZwBWjQ12K1BIu45nMbuBaB3rlQ96j
+FwMVFW9HTRobO0ebqDVt+wsa1ivfPCpdYmS0RUExX0/uLtUy/mKcth6Sm7htTf3L
+V89i2qi2SbpSWOhPxUeDGLx5ZPOfPGP0mzJICeidnS4ouEB2coVBkqkHGh5CWb++
+9qKpotJEjhzyAN+wKdUEu7q34rfCMbyjl45A/64t30lgn8qaXN0DXyYxlL/qfqX9
+FJ0/WxYwc47BVUbcu+GkmbhtL3+rQM6VvQVyCxnwejsK48PNutz7hT2eM61jq7uF
+eHNVgHTccvnzBUOd5S2VSVSqlq/umLbMsIuzNx3xh3+fmzIgHxwRQVrqJWDGMjF4
+/KFZ37GUApW2GtPwy5V6LSZI0y18RPfNaszHJ8UzFo490L6HornpdBL61EHNasAl
+PSMAvM5L7/gFN8yAK1j87Hsjtfm8d2O+lJ08uMbWUwki2gmtBaBojZM/XOs9ypVd
+lmAo8LZfFifGv/GQHLgxFp1etBfS0mJriGCcFIAmuYpbG02DnJ0XR3B6xbkXIqdy
+vcVpwxPH3DQ7oM+3aLo=
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIYxWFm6i77QYCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECL/vfl9kVMbOBIIJUBZec079+iYr
+LJ6lSmyYTPl8sPjJKvOp2aWuAFyOb5TuB/6Z+VMnkl14Iop+zDdWx59LjN75Ec98
+YH2YZgz2HwzokK6pPUYXJkCNfVKCxarBIwmd45OZRIbzhUCpTHiMH+oknU3W/7B6
+pCjS0cPyYQb886QdisqJtq2kynBk/k4mu9ZRmjl+glQ2Xl39UjtlOAsRKZXDlrbP
+8I4pI3K8Rwsh1q9ggGgLLIGFxcWjnFMqtRHGaVG9aIyYZ4FimjM/J31Bpj8tmP5+
+hSz/X5wVLV0/olwonPa06fHdntKcIDArgtG+Um8eHxU4qd5AarbhUMJlfthWdi31
+GrQtKrCfDirMb7aJAcxzSEc3TF8SqFqQjt/uJStyuhGJq+2EFwcE9kIGvi+v6jw7
+EvncFlPHaPW44NWQOvG0iVMjJP+9hE8XAbMMlMKy4aYeQT+Ek2BTXRYo2MK0UmX8
+L99Dv4e9oskjd6qtbmLs16OHFvQibMi598eznlEN5+esWFV4GKFIrFislrlcaUeA
+JwdSgCqB5VGkN0oD2DY1GMZ7ewRDJh277tUZ93VkbbL0PHKIw4slbU+WC2rRZG9q
+CSAfcKj1EePrRRXbBvAoZbdDtSkmWQE+A9NWggz/rQowGFnkQidnQ7mlRmR4IdUd
+bWH8uJSqDm3Zeuk/Y56gz/zIbywQs5CJjYHO5EtK3tCuht2UvBcfsP+gyJCr6Kn1
+PmPS6jXNnHBw0EulFtNAbYRkbKod/Jt62rBerD4gbiIwj8BMMs5cWd7fFJNUJK+e
+wuFme2rkmyxT5rknoEp3eKBY6FGfDfYiMxLtDNiyngZEFxeFH8V5fV+FqdPVshPg
+/izOTl/RKXS/m6XKbO5abGXpFN85yzePYLkhBmhyMsGFT6JUfNx0OdhgOrSnWOjW
+8D2HQVK9FuNEYGM8OKWYN0LbjcZTxbdjQd8fMY3MMDVY+hYwXvDvc4KxsmjQUzo8
+uM8di8ywOtVYUZ2HCE3f69qcekzuHyuqVTEF5Iy3NRodVoeImfmpvWE1RckzUyKR
+VcuDWtwcjTq6NSTl8HG/zyil7n1e0UwpYM48xdulJ7HFBi7AEaWmbro/vnxj17xs
+hcWHhm5ornwG5U+GM+YywXIpR8pvMbijodvgTeR3krF0JjMFXwq4j6KaIde3sXuW
+guAPkaSSbjy6h23LYRxt/iXu7A0g5MH/R8r3SbSkTnaAOLkRfq4U3/+/rBEXhW7r
+0YokXJ724EBsIaq2eD6rd2wxnUvxPHDpoBD32++3YnFz5aO4R5jBYs+pOThr43Y6
+l8NqRG0uiflvpgPXAadk9dHl2ziaeltsGolNroqZNSHU8eUlWdTHW3iFdKXh9Tta
+BAO9FJ/vX4+cbmwWlGGAQVZ+AQusdkVKPqemX8ZdJimpKceyaM1vzwIH6xCVNimP
+VOfhik8mnEcaltINmTshKihpm2nfLSfRWi6PyyBe842U2G4czcNmHmD5uD7ng5aJ
+wiPzfIbyAGWUfJHkuqRkz1aiZHhALhCadYcmUCJan0kzYBLsYWPMIKI+vcrotKHr
+FYbtf4jUhpsefb7ot0U2Fbr4xvtdx3W4OykJs9aDz3jtPv20nhMkCRmTWvBFaCOg
+MwhGjn2uIBAwgVBj/8n9T6XLGfB/M1PgXp8tCu53ZqwzspfcxgGqFYU0RcjJMWJq
+LXMHwx8WaarEEBaJxGiirQP3gT7qqaiLBczA3x4LFiFawruGptPlOdptQmwD9QO0
+wD5SsUfFIAmSjSgWZ9TvJ193eEefKe1TBcII5I30FkGgtayXL0eHXOG/FeYFiomS
+/DasmToVlqvV3tUWSxLmOBAH3NA3NeoFbv+KyZVNSjHJQ6V4VurQ1gp2bl1Z0AJ6
+Hfx7X/u5iVcGJf1+HgvpAQuLoLdBkYKOrEUoDtaeVGs8OZDZ44McyCeMVD+Tn1VO
+b0dg1GOGrvYwbwsZSrupd3B3oXmvkeZEQSd6CYuwxUvpJmmAyX6wpHnlFTGyptYu
+m/gfaU76A+Yiic8maDY3RumrkCfe8KBUfXiTWW9Rx+nl0AilKwpjTFh60dBiQ3+V
+Yg7wcKPTYCODO24CUlgHy/+M1fbx6YjcUhdPp2rGmbNQyJM21vKeBQoJeBTyOaTO
+jJl1sXu/ijevN88obuE/OtKDrivjrR12xicHCXVka60n6LNqrwtJQDuhux88WsqG
+95Lo+/g+1AOXSlHAaHpeThf+1X2emBFwdQ7lEpo4lobTVIfwNNUzD6ka96a+bTtQ
+H2REYnncM3WJLfy3/tB+oikcGTj8ZWzlWjlHUrsO4elMmHb6zKnpnUCMEL0gmsgy
+Andcty/Cb34Gr3TCSFO0yt/JpSaKW9ZNkq3gcuhTT2fS8OvJjYeVkmrkHJFq+rr4
++sHiYnBxCPn3o8wOwBnuiMDCeOGWsRrunFmBhu9v5c7LtX+qhP9cWTU987f3u8Oq
+910/vh0rYpKHL5MHV4aepySeheZuIrlL3Pi4SU3TTgT8f7bgojlClriqUfS1+NKh
+HZX4EaSMLrJ1tXoKk6iRduun3jW04V/3vsYHldXu86N2a0A0uyKpOB5TANxqbs06
+io+iJIQ2jZYOYvu2Ihisnkt3OLpst1VKmZkA50myPMOr9H5w7GGVviQbKUH8SWEu
+o498Bj21qr5DKj2490hVwbXC/RVojI8PcdNVdzcp4zSkTmHZmjeapg4txitlnccq
+WRMc0ttypr5tKtaoCZQo07TcfURez1ANxKPbT9MlPEXI6aFG+BOxTaJ1qnTv+Mvp
+64w5/yt+pqSxr8kP4JnBLmEKlXlfzoRN2VvoUAs6uQoZC8cQd1Auj+5yk9H4/1Hq
+c5xnNqOQ2QLqFwSFuKfMhyUjS9W8f0gRD7sh3IDkXJ3DomdgPLrRpkgpA56haTMK
+iXVQK4ZWq06u4gg/E5wgHEA20J3UOMYdpBjx9EWZmwvTnPAhkP9UpiavU92+O/jM
+G28FNnAEQZWL9yHwunL82PslqnW+BhheYXxY4bYRZsjZVPX1LBzA8X+oYl8dwllj
+t3jFShNVoa6CVr7Dg/7dSmU4CP+j9SyAYaijYls4FHUFkt6A4x0HvGO6ehjV4Ofq
+liX3D0dtAmHMt9MdO2c+ue0zEMHEd6pFndbn/EWBNFnVSeH2TGJ0qfskRCrTgjBC
+59dxcUO8PsODy1S/ME2UMsr8IvKG3o3n
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+055e6b31c205ec1ace25b0ef1f0b3e80
+e74c454b9136ba2a73e77af7d1a69e27
+961a2792f86003c7e5477606511ab117
+86a4c648a987b4aed406d30bcf5c32b4
+da5405b247161f9f1cafcb82df78f63e
+e2151005472f97c913ab994c2b2fc3b0
+2c8e2b7d9b466a1f092f375f2a08f561
+b8e0c6bd019a5e9b9bc821715287f279
+ca56cdd6fcbb3fde55d44da9be2ec86a
+b81e52bc44f7c92174795dc12f95a6c1
+beeca15154a9c72872c3f205ccf601ea
+c610bd2aa828e052febb747c02cfdf4a
+959e9a86a01863bebb30ed8f79d13dae
+f58e8dde86d46026a27de24e6db51348
+1d395e5736eab696c653d1f68a972dc1
+e47de0993b8b5d57ecab103e70c4874a
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/WF/openvpn/wf/client-configs/kaya.conf b/WF/openvpn/wf/client-configs/kaya.conf
new file mode 100644
index 0000000..ef65b4c
--- /dev/null
+++ b/WF/openvpn/wf/client-configs/kaya.conf
@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote wf.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGxjCCBK6gAwIBAgIJANhMyyi1cVS7MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMCAXDTE4MDUwNDE4MjA0MloYDzIwNTAwNTA0MTgyMDQyWjCBnDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
+BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+cDn8x2oBG
+oH7SDD3d9p+rRE4uzVDp/7YxuvvCXazhPUVc0BGE8hj6jCwB+tbbNlhbm/uwxAX6
+96kz2AmoGzEZQy/Icb+UKNkKni15PUEaCcFWkgb9mMb/6XBP4JLUdnxxUn5rYB8A
+m4jpKzMz6tBRlNmLbDVbcHriLuJJ3mgFBN/QYV9zurKzMRLv6Y8MVzLXY6MPYaFs
+Lw398Iz/lIVLq40FxZ7oktvT3RFQUFjiTqBvdmQw91MYxJHGYZH6XB+tPhGw+9D7
+w2ejAvv3MQU246oaEyyH3Pgh8GajSdKmiTH5YHRkp6LVnh7IGEZ1G7dbq8d5KlZP
+zBP+Xdsf0gkjl3HI5cu4RJHWFg3dpNJxatxXc8owhaLa3wiVwSXobNsQBUNI5CeE
+OItnetBLZzAmDlS5WoOAj5KMApun4xQQJXaazTaM5LhUN1TmXL6dq6rHSZrnrciV
+aM0M6F96h0OFYq0RxsztXHiWFxJgbuNQSx1pzqsaFe4MtEEpMlI4SRQjtJPbje80
+HCELo3Qfuxm6vLSGH1jXozhDt3/3jB96yBT+wemN3wxiiR/fWfmwH0k3VEFxbsBR
+sMcgA3xopoyHU3cUQqWkFaKT0gBa0t2sZqpsaRgaR4YzKVuHu7Wezb3VRAt9VH35
+E97yq3vv0J2OFN4trPMZ6TdRcRppe79bAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
+Tz6IFOGhISjj5ltza9wPl9lg9fEwgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltz
+a9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQApiMctoi++fFyKUOzdI5p+mJLxldQD
+Jx6V6aY3wZRtKerXFuH+rAZDcBg5pCc+IwVYhR0ilJGvSFrN3nsipSRYkev3W8F7
+8NBD0I0A02WmwOZA9GM5LAwc3w7dkGKLTIFM/qfwti4Y6o0Sb10r8QKhggiNBO53
+Z10StshS5ciUtw0oH7oTRbsXhLOwwikkBxQgeCU5IJUtC2Xp8uG6Mrkqva/l+PIe
+I83YPlE6NGiok2N9Cg7wx7Y65hg6F8lLePIh81pPLVujr91B1Y9Oc/iKwDZ+f0ep
+uWnLSZJYbCrv4/QqPi4Km7CqJlPy4Wj861U2SmNkzJC721d2UDVBcFoGw3zIszYl
+zGdXF71fcLqThlU/EwNgSOa/hQd6mcCZVBh0qlQHp1nefCUM4O5Qd7swSTV3Bdbx
+wkkH/lWRPURL0qMevF5KNYT+dUV7Tplf11cW8D3cIe8+mr7p7FnFjKlbQ+YQQZ+O
+d1zX06ADQPLsOat4FNwAkxBLSQ0anK9iu0xZUNy3RMRsLIX/gtl6qvxnWvuy2OJs
+3bjs7hauPZLwycL5uaFoKt8twwomLPj4tE0AsWwxIGK7vQajJl755QNEgHfUd8Ng
+U9tR185HsyrrKii3tuxGRwJGeN5IQkp/04CL2jVYYzkqe7tsr4SPE++hj/vK4zrw
+E+i0hdVFGZBFNQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHHjCCBQagAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTM0MTVaFw0zODA1MDUwOTM0MTVaMIGfMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczENMAsGA1UEAxMEa2F5YTEUMBIG
+A1UEKRMLVlBOLVdGLWtheWExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1aAgdbOeOnnqCekdB7T8
+cipBFMG8skSc03yBbvtcjwqvVnVDbCe7NGr2mzl2//OphxqwqJSfGD6PtVPH+P/F
+AhT1CqVyfYwd+/iJtPk3mwSJZYbCuuZYkVnsjXG8qvNYYPRiBosm3EejlPt4whNO
+httS6x2d3KkHjg1AVg6+J7KW+gV7do+QHFY++iM7xgzImGQsu8xJ9MMqZmzH4ktR
+XR3r1xCwvxeQo/pZ7gf1SAsDKIeOCDS3OLnakl10LsjvUFMY4vsFpKgwo2THDkoj
+NUSGHmVE+392V9KIogA2tLyDevQmVqi+zt6Wbz+OPJPSEcvATPEwU5oxcjXpE3lh
+1kTnWAlZlIsjGBRfiEJkP7/1x7BeUgd/gJ3pv0dfwQ8SkPqo137X28aZlcWoPxiW
+mkaCPeiCSkCpE6ss8oI3OQkFiVLEt6IlOfatTCFsYo5Dexa6kaDwICeYSF/c5LQm
+xNCSsAwXsLxq++QfiF6PHoMVF1aq22I3iqlYE89QkfA6/Bl9WSWKwblZJiLYQlQl
+K6SfUSubAWk20e+xMpS9hak6ACyzyUXVKfob298cgvJJU4jwkfwoEvwv74JF0L0F
+sIsqFo/9XG93ev3sETzwW7YHbvHi7042TRUnvt7NVoU4mjOI9TkOg2JvhkIsKXD3
+sR4dKXoy2ufvmFIRtqr+HC0CAwEAAaOCAWQwggFgMAkGA1UdEwQCMAAwLQYJYIZI
+AYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQU1ISGq3nbuc6XEQy36N7oCw4bqx0wgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj
+5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBO
+ZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBX
+RjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzATBgNV
+HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEa2F5YTAN
+BgkqhkiG9w0BAQsFAAOCAgEAW7vB0wTa1UAGhMP4Tml78fpCrqw9O90ywX88EQPz
+iB0O45sXmTsiSRuN4iBcLtK37GiUnKNIH821xlhWocZUJt65cl5zuqUB33x6utr0
+wWYLvErQ6LOCPkfSf0kL3PN/FkoeAHGZ3sGN6sDbg3FWaMV/k5XycJwOQe0WAISh
+R8SoO2GiQU74HXyiqrxxUpSAxnvzxclf0QFYitmcOHj7/gqMLeodTampUwYu4GkJ
+rv6Yc8aaHTqlQLF1YCyByO22k2tf/QDn/cU95wLO4z1GwsUXd1E8r+zFeM+yiGOY
+ge23AAbYW6fod3P/pe5GWWSx/h4oQY2Co982mPsZFMgu+EtjsOESH6M9CzxK/w8T
+7V21KUvK87u8tT2FH+7Oq20KIH8zJvdweUQtTc/WcjfEhlG4z3C+iByaHncTlBko
+b5wQ24e9eLR+qj1sa9JAhOYStJtfvm8GyNXL0nuwgpdR5y9xRAnxo/9RVOFOGcwZ
+Kn2HnSKB8gRZpN1dQnVTotB+uP5FwOVAX5LRaXcZQiEHiXfULE0zKfht8phX6uRE
+2xYTY29Zo6rpZY2dZ0zQCIso1dhSqAlACBByZNeKD4045SjdjE5xaNx8YWPLPssf
+MQ4SGToeLuZN0Zxc5eLmYumYHf5tDdIuRcYT/PzMriJxmoGSRrIxQ0VQ6CeNjvYw
+EI0=
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQICoSzZdpB2sACAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECEI2/CbJk/nkBIIJSDW5JZnrijlX
+X1FMYKNVB/TXBjad1xNhs6UiG+cnz0ug4v8gMkE3ZZogEaHu2+uPtrz3ud/jtjc5
+KeLnUuCpPksKDj6peCHxT6s88vcq9gJ25PWH3gDhonToPRI+tkFbmpFrQrR30ZjZ
+SOxjN2Zm61Eo9i3JJLdbzlqrjTroTIAoMQixW1mxHzpl8qeIE5xSAFjLBwYcoUEW
+EOCRoRlutZAUfn9mzk2REaXLbrMcaebat3l9TIHst4WGA9ihHYn7taLaT+gO2DNW
+7JiaSuyzJnUNGz1jRMkaayrS84jiAvxhLZsTI1yPH3iqUr7sHTaGSIkNZgV/xHKf
+lrZXvIcQbdIVemfQETmGJfAA175GdCkLXibvxgWrJRSr1z+f75t9kbN/i7F/JgGd
+MRo/1Ge2qIkj8PxTvNyn2fk2tWF2Pi4IzBnzWZNDdH+WvaoCMq/zIOZRXlWI3XPo
+OZBi3VGgDOvNz1C6XLEBKsLG4MwGVqD/q4dQK9ROEnzGj88gOEAc9x5x1a6BCsmp
+LDRK2agWch8I2KTpSWwlNw8QtcSCMCiEbNicy8BgQtZWvvkhmbPWIlpZ9hV993lD
+GWdOQSi5NqJC6I/yOTH++STVahiCqs1TWOexqtFGqAm+vWZgFCeipMykCMeIyEjV
+1rlDME75y8WOa+YB27MYgUA9qaLeuvWdGedyGCwUO/i/FEkhBeYRz+vdefSDuady
+pNLY/cmEKa3HwD7SKSpdtcMG0EzYKj5ysxiQQ3xHUhQEAsJ1cUbt/cZPemK5+eNu
+yULc/QtF8QEkTXurdaCLAOEykUccb6wiIJcCN6AFSerWBIh8HJxGS7QgqkHV2y2y
+MJX0OJ2qII9s+LNhpXR1zvmdBwAkAAmxsI0vwGAH/1iJ9Pldc0a8o+gWT+m8pmJf
+khcpURrkRu4VSWA3t0yEkixR868IAYYGHTLII/CXOqrBdBuanZUHVLvoMdw/4k2x
+H6YQtPGbqlsPg+nQ5b5QoWkzjLqVCyuVob5xwSjaIu19qIz8EmXsOXTJRfWbn0Yq
+jB267xCwB2BtaK2/IC/TohbWKUowFYr5mcHwjkCaJq8zX9txeJACNktpQm9orXgL
+UaSTPFyFOaSUr7ImG92hzCU2nMGwaIwfRvzABIXXNo6pR1O5sS7tPfp08nvRgDwq
+ybA+6XKmBPQKrI9GjhcJmoe237RkZlJz3UgjzQqfXRDnq+0E7ApIoWEs90clSZdE
+j8I6DMMk1skFuVIsaK75gRaSYbGGyoW7xogzFZdmaqlLOJDbjECZhMnZs2m4nSGf
+LqZI/5TNRR1j9a2Xy350V+XZb9vOgxTOzfw8QeIa1iOXX8w9xf6c5BX0e1tworwo
+k4yXkgmUivSUtJdPfr5PssHt2m2QBY53LCiku9rseIWO++uu63pUMXhu5tJTJ7mP
+q7Q4OOjs9xurd9kSgiqF0VUHATqr1xPOCgbKHIJuScbo7fKsv8UMFH7WFh2i1+W9
+dbYxGrdOR233sHYIE0VskFKCDWZEEARm02mxgAXA7nmOY0BBH4t5BQxvKtmx/sSb
+O0LUC2LhalTuaSdoqxzj6PkVhvXB4tFOvTRuE4k5P3GcUbeIDcNocZ9mqdMFp/nX
+2x1tcdSIxUqw54VQAe7ccRz2CeIHRGnW0IkgE1rS2yrQvykqd54PQPvMJE+CcIMY
+9qipwMNuMYAdBK4FzNYTXDZtopyBtBPNWbuieFBf5xOtr65NnA2UHlyYlxq8zG4z
+7vGePSzLbSVQjqDFmRY13LxeFtQA+lnlAkb84FvzzIXb3DyPnvfPbXF+i4WPLfiT
+Q6avCVDUecoo7zFDEwuHj+ZKi0ObnGLlOvqUtoae7L4rPUYUykgbO5IKfxbbiB6o
+KWW5befhyg4X1JOpxkqBMf7tXWAGOTIwGSZk7ZMHjL7i14WYPgd11dqENCAufv26
+QRdMdT2g8BLAqCoqX/sdSyow/aS3T88BkWTudXXrPwL0jMxsxg1yJ0mCD9lSZWDe
+LPASBVqnmtGQqk/8EBzENMKWebX5iCIZdMgWV+sZMF3CNevcItKKFEib5yosF9Th
+cmi6SIy/8dAjnyDDrK0+QB/rSQcp9g0nrjXwHZZv3OvGg6g+WvN2w4b9hHuHVeXP
+FLyTJA32RD1xrfmUSTC5ZEWbfcM6erzBPB4I6TIH/TFEG89EoIbg4wOkapilSp4p
+68lOuFJGX/dTmHpRvNPqBLG02gz4gSvFu8zl0lVcuARlcTH1FtxB4JaLosWhRySv
+q9kj4PDLdWHFWCWQuaZfR3qocVBycpkBDozrBsnag+FADQn3P5GqV7JyXybcIWWN
+4/8dNJTwHQhKWyXBMKVAF9DwPUcIFfFoWLTC9dl7JawMiCySxOulILB2LSnqzRhT
+I6BDuTcCkYxGsdBxAogO/aGUCNsLdg6q9ZQ4w3LeCYBsvAarUhU/+47CoCEJRNBx
+7Ee33WFm7ry8zRik0PaBXifLNt0SByf5xzPn+fKMSXuXapjY7F5Np29O0HeasD0E
+F3Me7fJPe0/aVvkvL/dzwjZiWBYlSiz6Q/FvzPa50mrpkXBXDb2jqpviFhW3MA1p
+d24q7BxWiO5WpeSQyqMXEucT0hhorfDZ0647g9dwtnuO1iovU3GVc0xbmmDMesTq
+ZGlIdZZqxurr6ORjAHkm4hbVOHWdy2yLbFttpiOOZExWQ7zVVcRIApE8pSfcbcdz
+7uCQngU/ndbDkpcHdK4TkaOutRRVYu/z1uASiFf6iHIcwFw/Z/R864aQJQszF9WO
+XjhEEi4Hgx93+pxNw3pn1oWa+NUf0FM+YdGLPBGrMhrvrM58BcwwEcv5oHOYnra3
+es18t57BfzVLpF3qv/0XKRpqodyrRqhSEsVytVPHpkJ0Cia9y448DDNaM8L4S8wG
+ILtR8kdk7J2/4V3Uzxyvl8uVWxvxMJ+eVH3zKWTVhhqWm8WUgOd8HCN+tdVLimIW
+JsUYq4q7B+1cFWxfsRDRKRonNzEQz6lOviJcKCK531wp6A2Mthi85M92ffkLu7yR
+1o6tEOvAVqnFEuJhIjs5dB3TVRLrg5pj877ABc3zKLj+PonDAHzAdl4+IoXeShS2
+ag+VfsFS/gaQD/V9iAUuE232dSHTSpP8oKn6Gsw/LHeYkCLBP/O7zwB2dF62bn87
+BKvlb18cQk3sw75FG843BA==
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+055e6b31c205ec1ace25b0ef1f0b3e80
+e74c454b9136ba2a73e77af7d1a69e27
+961a2792f86003c7e5477606511ab117
+86a4c648a987b4aed406d30bcf5c32b4
+da5405b247161f9f1cafcb82df78f63e
+e2151005472f97c913ab994c2b2fc3b0
+2c8e2b7d9b466a1f092f375f2a08f561
+b8e0c6bd019a5e9b9bc821715287f279
+ca56cdd6fcbb3fde55d44da9be2ec86a
+b81e52bc44f7c92174795dc12f95a6c1
+beeca15154a9c72872c3f205ccf601ea
+c610bd2aa828e052febb747c02cfdf4a
+959e9a86a01863bebb30ed8f79d13dae
+f58e8dde86d46026a27de24e6db51348
+1d395e5736eab696c653d1f68a972dc1
+e47de0993b8b5d57ecab103e70c4874a
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/WF/openvpn/wf/client-configs/lalix.conf b/WF/openvpn/wf/client-configs/lalix.conf
new file mode 100644
index 0000000..58c1ba4
--- /dev/null
+++ b/WF/openvpn/wf/client-configs/lalix.conf
@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote wf.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGxjCCBK6gAwIBAgIJANhMyyi1cVS7MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMCAXDTE4MDUwNDE4MjA0MloYDzIwNTAwNTA0MTgyMDQyWjCBnDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
+BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+cDn8x2oBG
+oH7SDD3d9p+rRE4uzVDp/7YxuvvCXazhPUVc0BGE8hj6jCwB+tbbNlhbm/uwxAX6
+96kz2AmoGzEZQy/Icb+UKNkKni15PUEaCcFWkgb9mMb/6XBP4JLUdnxxUn5rYB8A
+m4jpKzMz6tBRlNmLbDVbcHriLuJJ3mgFBN/QYV9zurKzMRLv6Y8MVzLXY6MPYaFs
+Lw398Iz/lIVLq40FxZ7oktvT3RFQUFjiTqBvdmQw91MYxJHGYZH6XB+tPhGw+9D7
+w2ejAvv3MQU246oaEyyH3Pgh8GajSdKmiTH5YHRkp6LVnh7IGEZ1G7dbq8d5KlZP
+zBP+Xdsf0gkjl3HI5cu4RJHWFg3dpNJxatxXc8owhaLa3wiVwSXobNsQBUNI5CeE
+OItnetBLZzAmDlS5WoOAj5KMApun4xQQJXaazTaM5LhUN1TmXL6dq6rHSZrnrciV
+aM0M6F96h0OFYq0RxsztXHiWFxJgbuNQSx1pzqsaFe4MtEEpMlI4SRQjtJPbje80
+HCELo3Qfuxm6vLSGH1jXozhDt3/3jB96yBT+wemN3wxiiR/fWfmwH0k3VEFxbsBR
+sMcgA3xopoyHU3cUQqWkFaKT0gBa0t2sZqpsaRgaR4YzKVuHu7Wezb3VRAt9VH35
+E97yq3vv0J2OFN4trPMZ6TdRcRppe79bAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
+Tz6IFOGhISjj5ltza9wPl9lg9fEwgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltz
+a9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQApiMctoi++fFyKUOzdI5p+mJLxldQD
+Jx6V6aY3wZRtKerXFuH+rAZDcBg5pCc+IwVYhR0ilJGvSFrN3nsipSRYkev3W8F7
+8NBD0I0A02WmwOZA9GM5LAwc3w7dkGKLTIFM/qfwti4Y6o0Sb10r8QKhggiNBO53
+Z10StshS5ciUtw0oH7oTRbsXhLOwwikkBxQgeCU5IJUtC2Xp8uG6Mrkqva/l+PIe
+I83YPlE6NGiok2N9Cg7wx7Y65hg6F8lLePIh81pPLVujr91B1Y9Oc/iKwDZ+f0ep
+uWnLSZJYbCrv4/QqPi4Km7CqJlPy4Wj861U2SmNkzJC721d2UDVBcFoGw3zIszYl
+zGdXF71fcLqThlU/EwNgSOa/hQd6mcCZVBh0qlQHp1nefCUM4O5Qd7swSTV3Bdbx
+wkkH/lWRPURL0qMevF5KNYT+dUV7Tplf11cW8D3cIe8+mr7p7FnFjKlbQ+YQQZ+O
+d1zX06ADQPLsOat4FNwAkxBLSQ0anK9iu0xZUNy3RMRsLIX/gtl6qvxnWvuy2OJs
+3bjs7hauPZLwycL5uaFoKt8twwomLPj4tE0AsWwxIGK7vQajJl755QNEgHfUd8Ng
+U9tR185HsyrrKii3tuxGRwJGeN5IQkp/04CL2jVYYzkqe7tsr4SPE++hj/vK4zrw
+E+i0hdVFGZBFNQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHIjCCBQqgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTM2NThaFw0zODA1MDUwOTM2NThaMIGiMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLVdGLWxh
+bGl4MQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0sJTpgaiu8z6Z7wS
+k41zXZoYxqJeTIJdhXVhh8R+i+e84nps/GdE1W2olLwtqWp2sYrm9L/VzkNn/UbY
+UR12jkRGSMCy6CwLvdSJhtXBrmX0GSXUlSQ0O470UArgbpPkK7sWXDwkLkd7Zlql
+LTzFr10LWlKeCk6HIbqxfKyxsgyyjFvMX5eKSGYBaloziZwyk6O2u+LX+C7FkxYP
+1IeRmA0ntOiqZoyV7y+Z24lsuDOPpK2zUon7sR0gWgrawl24aJHgPJYI12l0qT2q
+RJHrpG0VioaujUe2p47Pa+ulCy4Mz6udKqooUyLSkRvnVHJtbeWFBtgF7t4zvkme
+HVm8rnqgC0whpzoVcnSgX7VrGhWcD3lImT0wOQK94ZUgXB9nSgsvW9bRpAEyW2cY
+sgH6Q17q1Ln6UJ31jRZXVefyzXD1yO5HRVm7yUhbXE8CLJlIYfVz6W3yBpS0m1I4
+Abq8UKSQDEhuYB0eK9NHnb6npKuvfoiW/sMtKXbNfcDr/ww6rXbI0sLlYW2CDNzR
+UZJGwNO5WzJKdInQBIs/1Y4waIE1fM8reTAsqFeh/dgJhHBDskrt1YoWWt5xw4Ga
+yFi0WgH9kIhQ7C1W0jmJb/0kAK7h9Ga0c9k3FrgN/61ZEkQo2eIWvYaMr3kG2rDd
+wukTVTOCo7E0Ifhuj/0AcIvzxTMCAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
+YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQU19HWCnWFb52ojGp9mAwkEcdRkRkwgdEGA1UdIwSByTCBxoAUTz6IFOGh
+ISjj5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQ
+TiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAT
+BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFbGFs
+aXgwDQYJKoZIhvcNAQELBQADggIBABTVZ7d2QbzUsakRHJzBHiAo250sIWdet+D0
+okeKbNq9pdT78IS7CwWVCLpkdvDYrJVehUUVuMAKoedfITb3mEP23O/UkV4ZyjPp
+vBJ3eHYn0PGVAmwJLIauXQ1QGHFUMd81a8M8gV495lVBP4nOnCb6uh6waG7W2FH2
+7rI9LqsNDehEN0XYD6tCK5h5Ynm7NPFq/RxW1nfybwAEw125TIlVlz3C8mhPslZF
+UisdDTjSuhTmBmgNwrKJyVyHB9OHofoSqykkf/KlARfAHNF9hLgHB1YYwj6bO/AX
+WNokIzoSa9ejEr44NhtwlDYhaGhTZ6zJr/cUQmzt5+g70eo0z2L2GZaDj3DofPih
+rPLY1Q1Z+vTnuTUoMJOe6uGKS8WtS57J/OtgEcubMywgG1mV5evh/xfSGyiCW6hO
+RxS4ekg+hGD93cIcEcFITKV0gX7iH+wg8zihzaGyOsBai5DMu0dVrLFODx7wlMYo
+hubWBknTR7zcdM9F1xsSfbXiCJci0nVxyfz87Bh2YL7Z0oj8iT4Npw6t5jro8xEa
+e6+lYxwHkX/cVb+NuOA878M6e92XyioPr//l+MvqpP0Oe66SZ3z9TODNLPQxezVd
+QpI27YqioI9hx6uInu6onoaRxFqb4juU6w2EXov/qihIxOwnGK+00g80ULBEt8+j
+5zzgFMsW
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI0HCBSTPa7qICAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECD/KDImZws4GBIIJUDtf1PZIZQzO
+iN5RuMQGPsHBGxRhxfRemCG8p2QHM/oAoI+NnEZN8nTf1nnc5PO6bgV7LWIrjVHw
+/6oZ7PLh2cq5e1i1gq3aimt5zZQMaD6e4GE/KlzL+jErJU8iPxG1HwgN1W2nWqyQ
+/GR55niq81E8PZAk1JwBJYswXJVEr6ybjAtKHwbtB63UJWSmZnIWMgt28zTr2Xpu
+B1/CpHBTtaL10klNg8CTYn+t7F0E8e8OUsy5RV6WboMBu/O+2i58sR8K51DC4AH9
+OfcvhncBHv8HQHWddzfAbrMUNiw+vzc8yMsYTZt0jhcAuXBuVieALI3+zfkh9SYO
+3vcAumLip/s2jkuEta6y19zb7hoC7gKXQiEa9/ikyAfGjhqI0Rz5M5/lWe0p7obG
+YEaqI5yWKaI6cKHSVl9K4ItUnq+KZHxJaGdYSutRdYdaMQ2uhe+gvImn6Zyc5JwA
+WA11vYTGVlKBDRaoAbSyhKd+saKAoMgboKEGww3zbfMg6bfzqc8maiqZ6kQmj1FF
+HGSDEF9gvpenCOYP0txGp9KpfcA/TgNRtzNmQi6M9CbjWKL1yZbb4EvrGPlzPJ6K
+YNMmU9mPjESaM32Tq79LZsb47L4eBm4ET+qjUZ/1JaDAFGxxIrLfqDxgONa+BwGV
+YZIKtOLxLPM5pSzR77o01IA7IcYXAy0G8v6eaJ5YKj2NVKF6r/a5bgVksbB7NJFp
+mHqgq/Ch4pnPCqtDuId595Gzylyva6BtsN7KOOT845K7TZY1mLtiAtkAuXm/zO1G
+uD5vMJ7gvtVueKdzszeDn8sJpa3idCFJNdnmv84v4LXkHdibwBnWRb1SFSNr4ige
+ONBueXHvAyoBDKgGQeXwhW/U0t/kpkDl3rYCJ446YnJVUL0rulaRGTmnQPR12URG
+aYXBFZkgm+4fzCxXOJCxNcw3ZtnzRMtwh7ZFZ7BsrGVWbEFa4X+aV7VZ01TfgEjA
+fK0I4zbEzxxwZz/5OvINleTCQ3sTfgLYpEOtGldsVIilKY5lVAigXKI+9eSssT/W
+MHasNk2Uim+s3bzNeRfJF+l6N9vHC4Kxk2DdX03jK+05Uf4WYXCd/rgkq2J/Cep1
+Go+2NXfQADUWzCauzhNubaYFZQgQjZl5CXNeJj0/MxwwLUAaPcvcuG8H5K1Egiy8
+vmgafktTg1P+k+La3dx8a371lqeTP0zB1JMGor1SwlcuMSt063FQdrUHth9BlTFE
+A+OghYIntkQcheWutIv1Nb+DDeFVEgf7oYcsT7E4IcV2yjQ2kabI7veJzKgN1F76
+7lG7xIJgB5XPhLuGPN52XghiP9ie6dtBJCFeR90TQ4wRMAII2cJXksPCnI1zSGfY
+1beGSyq7mQsIWqJRuDeGuZYS4V+p2WNO7y1OKVastR0pqCkvl4VPqQwdMDIDYaqq
+VPcicG3td1dd0o45aMDACxHiLhjR6FnKGzaAYbjGfUy00VqStKcuAf83WCuGPo9H
+tr01jzEB2VQdO85B0kJubl+I1ns7WXxMMNTvz8l9n4HzJ6fX418EL3UxolhfBiYZ
+xiGgQjA+X3CBXAiK8GTu/WzHXeRi/RooeNY91js65lXzxdzc47maG0Rx1j5QyAid
+w3NxCQ0+uDAmVbBUo4noPDXhNlpbRPF2Za+WD5e225Vrui6nCy8qwl9b8gxkZ1wb
+tP+Uc6+sIWBueFVAOOzO8vURumvT6FsxVcs8zZurZjuiuWqXF/sM2JJmF3Jm24RO
+BpZo3G1o6wcbSdQbPfH3fTJ6aFLibRCMv0Kzb2tL7Y3wXT90tofWC5ZFQN0Yx6C9
+mBRXFEeAWw//IWroo6ypY3q9zcEQ8QAGC++rpRNVDYRLwpB19m/QK2oeOiWCKkSM
+mf7jnDH6I8sqTU2CZ/zEtCVg0pBgdBiwaCw0d+j9CDHdPmUZ3LP/9qXv/4MzycKU
+DGX9rEzzFydGwgyKC1GZ5B5366Tvaqzcd8jCahxickWBB81g6nw2zGCVipiaOAbA
+n3K8Y2n66+K7H64u2wDGj5sXK1pBR0hsxNoxm60IlClWS8o/q3H5Oji4sE5l9eGC
+SbjFDzrdWOYAlEIY5b+PzRpm6RlscGsQ6Q/6x7TbUjztK6qtNlQnhADKB4gog7et
+12N7K2p0qOqyz8kaHyjEz8bV/AIE6v6bGBL8KGDQIkv1h2rctMf8CP9GtE7h6DXk
+OahqtazAAqXnjPj54g5Odf2A61jh9lSkG6EOU6GBA1CAz99sVrmR5AWPrGDbgO0V
+aW9lf5w9HF5ItranrY4NKwkuEHVca+WGdaov5JbwuglOlBf0pHYDhr6FjNecqgGL
+HJ4EqAdCnKmWYdLJe7nzkHG0CrQ0JfLtT8MRnNRFbEmno8NmNcD6zYQyEf5i5CXA
+0ZUcGzv3RcEBMzRNjSbmAG78I5jvmcmuGLKOj0e2R9IU+HW7A1xmK9mwLVWjl+Sy
+XbVGLePpfwBHBauQ5B8w25G+bACnixXsGpINXgHaU52aTblyyXl14yt1hRgcHv/4
+ot9r+YBZ1nz71+RDIP2wV87Mt8n0wFKiKju7a6QU5TZ6bPhm8vtRqoV9G88UWvCk
+aX6kkw9H3fIEoegy3Nqm8Li++cgyOXHMXtU99xaUYcnXPYb8xF9pC/Ip1o6GxJx8
+o7N1FkXkG9Pu7urc18TBTy/G2c6NUTAu74vycS4bmVgxXep0PtjE7tIoun3oQY7F
+VedR6p7LGxVziq1OAw6MUBmfHMcPl5hZ7GDCCd99QJ2D6Gw5XrJpkbcOMVoL3DXc
+znYC67DVSRY8GXZJ2ZmjXrosjQlvDMhiV31ZuZiFk5/T0+m4SpgnmgvBEJPk69Ut
+UvsPrHrZGniP6BkUjq6yRHwGcBGotoLl6m9+g3jDcLMrIcGs9Ig812kUuxldvM+I
+9OUeGVANnXosTkSmCPEQvZVlerHPjWEy0ZJEhhnlNHOfTC9noEZOyyo5xhNBEK5Q
+JLJ6XyGFcxdqZ5Ksp2Kz69bdht3Svg+i5C3ZzzGlnTgExh+KaGbbyez4JQEA5yPG
+hd0H8k5a+CsJGiNrIdiAw7HXUDBhvZDuo2yCjj/Ft1jx29+G+yYZe9kDr2wk0zYQ
+RRfLH1wi9IYQThw3bXhiNklrBlWiJEXU0RJfmV5kxYVdqg0LJdIEGdw4Swb9wZdN
+p8STDgChsK/ZzgX7EyItgHFCKIWYf+gs
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+055e6b31c205ec1ace25b0ef1f0b3e80
+e74c454b9136ba2a73e77af7d1a69e27
+961a2792f86003c7e5477606511ab117
+86a4c648a987b4aed406d30bcf5c32b4
+da5405b247161f9f1cafcb82df78f63e
+e2151005472f97c913ab994c2b2fc3b0
+2c8e2b7d9b466a1f092f375f2a08f561
+b8e0c6bd019a5e9b9bc821715287f279
+ca56cdd6fcbb3fde55d44da9be2ec86a
+b81e52bc44f7c92174795dc12f95a6c1
+beeca15154a9c72872c3f205ccf601ea
+c610bd2aa828e052febb747c02cfdf4a
+959e9a86a01863bebb30ed8f79d13dae
+f58e8dde86d46026a27de24e6db51348
+1d395e5736eab696c653d1f68a972dc1
+e47de0993b8b5d57ecab103e70c4874a
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/WF/openvpn/wf/client-configs/mariette.conf b/WF/openvpn/wf/client-configs/mariette.conf
new file mode 100644
index 0000000..46b20df
--- /dev/null
+++ b/WF/openvpn/wf/client-configs/mariette.conf
@@ -0,0 +1,270 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote wf.oopen.de 1194
+
+topology subnet
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# Server CA
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIGxjCCBK6gAwIBAgIJANhMyyi1cVS7MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMCAXDTE4MDUwNDE4MjA0MloYDzIwNTAwNTA0MTgyMDQyWjCBnDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
+BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+cDn8x2oBG
+oH7SDD3d9p+rRE4uzVDp/7YxuvvCXazhPUVc0BGE8hj6jCwB+tbbNlhbm/uwxAX6
+96kz2AmoGzEZQy/Icb+UKNkKni15PUEaCcFWkgb9mMb/6XBP4JLUdnxxUn5rYB8A
+m4jpKzMz6tBRlNmLbDVbcHriLuJJ3mgFBN/QYV9zurKzMRLv6Y8MVzLXY6MPYaFs
+Lw398Iz/lIVLq40FxZ7oktvT3RFQUFjiTqBvdmQw91MYxJHGYZH6XB+tPhGw+9D7
+w2ejAvv3MQU246oaEyyH3Pgh8GajSdKmiTH5YHRkp6LVnh7IGEZ1G7dbq8d5KlZP
+zBP+Xdsf0gkjl3HI5cu4RJHWFg3dpNJxatxXc8owhaLa3wiVwSXobNsQBUNI5CeE
+OItnetBLZzAmDlS5WoOAj5KMApun4xQQJXaazTaM5LhUN1TmXL6dq6rHSZrnrciV
+aM0M6F96h0OFYq0RxsztXHiWFxJgbuNQSx1pzqsaFe4MtEEpMlI4SRQjtJPbje80
+HCELo3Qfuxm6vLSGH1jXozhDt3/3jB96yBT+wemN3wxiiR/fWfmwH0k3VEFxbsBR
+sMcgA3xopoyHU3cUQqWkFaKT0gBa0t2sZqpsaRgaR4YzKVuHu7Wezb3VRAt9VH35
+E97yq3vv0J2OFN4trPMZ6TdRcRppe79bAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
+Tz6IFOGhISjj5ltza9wPl9lg9fEwgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltz
+a9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQApiMctoi++fFyKUOzdI5p+mJLxldQD
+Jx6V6aY3wZRtKerXFuH+rAZDcBg5pCc+IwVYhR0ilJGvSFrN3nsipSRYkev3W8F7
+8NBD0I0A02WmwOZA9GM5LAwc3w7dkGKLTIFM/qfwti4Y6o0Sb10r8QKhggiNBO53
+Z10StshS5ciUtw0oH7oTRbsXhLOwwikkBxQgeCU5IJUtC2Xp8uG6Mrkqva/l+PIe
+I83YPlE6NGiok2N9Cg7wx7Y65hg6F8lLePIh81pPLVujr91B1Y9Oc/iKwDZ+f0ep
+uWnLSZJYbCrv4/QqPi4Km7CqJlPy4Wj861U2SmNkzJC721d2UDVBcFoGw3zIszYl
+zGdXF71fcLqThlU/EwNgSOa/hQd6mcCZVBh0qlQHp1nefCUM4O5Qd7swSTV3Bdbx
+wkkH/lWRPURL0qMevF5KNYT+dUV7Tplf11cW8D3cIe8+mr7p7FnFjKlbQ+YQQZ+O
+d1zX06ADQPLsOat4FNwAkxBLSQ0anK9iu0xZUNy3RMRsLIX/gtl6qvxnWvuy2OJs
+3bjs7hauPZLwycL5uaFoKt8twwomLPj4tE0AsWwxIGK7vQajJl755QNEgHfUd8Ng
+U9tR185HsyrrKii3tuxGRwJGeN5IQkp/04CL2jVYYzkqe7tsr4SPE++hj/vK4zrw
+E+i0hdVFGZBFNQ==
+-----END CERTIFICATE-----
+</ca>
+
+# Client Certificate
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTM1NDlaFw0zODA1MDUwOTM1NDlaMIGlMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVdGLW1h
+cmlldHRlMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4q7SbkKiN98b
+zF6jTg14NbVjbsTbhmF1DmzhDfyvcCR3TpppWhGF8ao6aKjU5Oghn2anB3uqSY5/
+4H+D4crrDh4LeKPWKaJV2ZK7kgAI6mMAhVWdO7oVkU70iQcRZW5hMZ6aZm1qRC1T
+xcFRsayHIkDnoXjPLZseYYYAXSmWcRnzSeeQz+EPSeZGeMMB9vsS4qFbQtTpJFFa
+HAzegHTmJTVkxYVE0yEF/jTBaF3qLTd4WhHwyzJkxZk2u9pI248mRXLKj63Uo1dC
+2Sh4UKi7z5ulz8nqCarWhnHIS7hZr+Br8NhqAN6uhWlKLwtUAogCMH40iUY3ZjbL
+387yVD1xCWHWCj92CXTWt2vtnVU5pE+81IvqRUFy1g+UfH5Wc9VqY+k1Va2y1FbR
+G2dXJ462aXBJRGZuayFo+mXAaowJMMDwYFC2+7u+KFeCJQOGXlC9zeOpU1bSPqrm
+LUkZI4VK+sbaLuCLi57twyHAsHskeJ75dE5wLXII3+tXUHoici2uXVAfrHRxX0M1
+nF+GRT3ZxduwapWsmpT9Q8APEI0cbNyKJV3Uu1hDk8z4olPj8lZ9qyofKRIy2b8R
+lmLjYS8xqnGYcTACIvI3m5nf+V/R3qQS1S1EaC+pJs5ufkG0VKW3B+twRWOZI5n0
+AHB26mll5+OjTZn20kUNPmxVkHscxFUCAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
+LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUxrj5/616MhsuFBDedHA0UwJQc4kwgdEGA1UdIwSByTCBxoAUTz6I
+FOGhISjj5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkT
+BlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFU
+uzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
+bWFyaWV0dGUwDQYJKoZIhvcNAQELBQADggIBAHit7TZviuYMqNNBJ7ftvJVtIIPd
+GrGmyJPe9zeKlvXBtHxdkueN1B0xbiCZh4lBXG6X5dTHfWn4uG4OdOsG0qy0rZqF
++uxKRXAhRw7uSGRWl2StOoeV4B0KUz5KRdCL+hGkHawEZzpTjByHc+qqhW2g/RGq
+y5WXjDmcnrUMVCsId8vfLyhUg9CttTzbaWIENarq3q12FRCYfoy07ErekO8qhBqm
+X/v5IXIQxQpPAd72vljKzfM2X9eDLwurWOL++AkI6PGs7haDQ4b2vBRnNmO4pg5R
+Jh50O4PzvbRexKNjzT64Y33xQe4TOLmP8Mul9a3xOYikdrkITptj+vKrR2rXUT0J
+L9kJ7iTAkxQgVRGPxj8yq4eHtvimhrcLlp6Xd3WmkUBn76uNkSsLvrPgO/FUv0Sg
+Eo+QVeLNnC5TjmhPAH801B6m1VxoPMCegQhn8buecUztxz8yKB8ZxnLBctrx8t0F
+csk03x0nbBz4KH+vkZ1zD26/rqFIqIhhP6d9n5JuVcx3IToVc9I3NjdHPkSAujbo
+YT2UINm/0GQoufigqS6I4AAjmiGwlrcaOYJ8OAfxRi8wfHJMikkmWK97/0bNpI0Z
+V/1J5aIVZYGnJz4AWBHcGRKp3Sbontv0sGkx7J3srRNMbJZnD/GQXKv/Lb+79E4y
+jsrzmdsWZwukEqTo
+-----END CERTIFICATE-----
+</cert>
+
+# Client Key
+<key>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQItmmGXbThBbsCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECGzVTuYqI+5SBIIJUAZiu3vVN58v
+ZxkslP58bx8N2vvk4wmhkeozlIDCeMmsd9nrRVBN53IFlqqEL+irgCiZAqQsNlJF
+CAkh4ZhhOE5BhXTEFrkFtMDf2nzfAEZUVDPGwvC038gEC0kCeBk6cEm3gqIaWVov
+OCmQmDLXgYXHoY/a+Bu7BVBwFFfDl82M1EkAuVLhjh8PHVRjF0QbfLenCZEE7k0h
+q7XWpcoonQB51nbBVZn3LvCdcG8YAHymCjahE7V5SsjYR/boxQMRduyFApXbKik2
+9cachDg85gnqRVDNMhHbCZv3ZwmDXFkstjPmq+IF4zTKXdDD3Vm6Rk52P4hSiLvM
+1BR8ECsxk3W2u3ughXIv13FD/jt8Hy22LKkso0S6SL4hhgdvdZLqa9A8F+g50rQ7
+vYvN366cd8xP9GODUPK9nMMou0IpA1460ZUI54n2u06rWJ/ABtcjgG1hlOecywHY
+l0IFnm5HrE+WzkIrD4iNQa5dbDlS9dw1t0J9OY58H5SjHM0+GoKhz8wH6mBE9THU
+dRL/z3QHauEu5nTqsrWIPKQdxAUblVu4uLgEUwt6neC15d9U0NOp3flf4GoK+ONF
+BkQCFUh0UqfzY+30hD1cIU1kXYV4dMxF8hu5IRbFt+cp89KDPM5s4TBdYPYLGLnh
+mnTZQjFtWrfrZdY/Is4m8qY5qkIKu2LZQF50KFOuHsOPiTX6heBk9A8YQJk7WTBJ
+mfz4lzejZ2tHhZNT7hIcK4EnaxKkWOiEIHx03xk6/dKcnNdusv0VUEGDfK4MXX9f
+Arc0jOf+URgRAdO5m0etkyLp6u3/5DTfq7sM+Vns4f42jdUrB1FW0Ho60EZgsZef
+T3bPlXXGw/qc38HDZB0o+tBAgYYpOLvFzIg3ckY7ds3H6KMrxr2suQ6CLZwzju78
+xf6BYQYCbh2QuGMhSlG+t3FX4HHhzurmH0ZVTOlBJpK9dyWCPQzGNL2nF37HMRpa
+YKT8wxcPfi2DRpmN1ESIAzuWIg5JBuxKSrQhNiz/8jJ2YISTpj/N+sjvb51yvfrJ
+I7QOKqePnKjfEy567pKmRNMTr0InGEbcmhIJKWzmsdGTgxZK4oAuA59FZEcxwzIA
+rh91L/gcS+rDMCcFdTtIcQK1BIfRvWHo3s/ab7Szow2MNyrgTAPTCjfDKvSEGYvi
+latAZFIxlpZkd+W9BETiwk84uUYap9c1gAxg9K3Vm0dXX/O9YDM5iYm6wZ50oCk/
+5jzF9JfcivzpFtxumWW4zDTA2xnCTEURXFpIwMdLR/oUfj1uVE5SrKLUjqKxiI4H
+0Zk+wfXU39nSusNMB+v5dGU/KMsMXt7KrAh+nMra22TKlUjfpv7yX2se7UfsdiYz
+l+SRRHWIucbPgseghsHLjUdQRKiIrqGXZMfHmqNB/Sl7kWD+ifSKSKznS4Z7tDRu
+f3LOOSh466nW+kVJnjaFU0RDglLI2SGrRMwDihUU5x31aJs0q+IdS/aJu8suRpCN
+AJjnUiDVQ++kHWfCr1DyMijf46wIDpDc9Kff43RnZR0ImEWu5w2DCbPXTJttCKPZ
+t17gINkLovFIx5Zz6MlJ6xu+lPfHG8W8b3LfryWatbFVTODMxft0cPGoMip3MCEw
+G7ZCD0W08WSHKHQjVzSeKdDyJ49q71tpiSuvKNOSgZUkssP8fSRR0xaZoPAZd17w
+99TJi9pI+CJwpcnXb1L98PyCpyMt7U5/ULgsrGey8gEMSVuC3/K8zG5kb6MnkVNi
+dweXBReyfw+VYLSkHe/Sbyr9g3Z1w+i7MHsULIxyRE0ItP+nTynE1PKUNW8T38x8
+pjb/ugEv4yOWG09D8ZXa3QpJy2ReQAHR7S346R/BiPtJspnOQLaegGM4mTjNLXHO
+AZ702X85sNJxDiqz/od9osStbAEmlTSvOnTdKgnjC0gnDeV5M0ZWEYPOX7s93Gbq
+n8QxzdgLiM2AplLDnDYYhqAhGLklchL37ftFNBfVx1xv9tfc1zgVjmWh8GrSZriB
+C8BpdyhBrxAkomUNi8Lr/f2oSFekOCs9WK1+XDs23f4dsvVbi8FdEYP6UBytEJdQ
+lY+SguBg6VQXx3ilswHJOFZ6hlRcO+iP3u6ZHc9nFyGDPt0EBwrRyLb7mwNU8U2s
+vI7BFp/LK4p7t49AR0bywI6Y6OI6yTnsr+5zGx9nOggzHdNttQ+YSeTDEMdhTV6w
+70jJXnXfyHcqO0WrDXUX9WtHxD8VVN1wx61HuvOnx/m0623FnKaCSHR0X0SroCR8
+5DFd0GR9oR8lhmPM/W44acRL0PphCHPoUud39XJodKVgqZoesURYGekD678cUlsv
+/1xLVY0CHnlcreR6jPjVYRrJbMgkaHtkCw79QkfzFJLAdv7MbzbiH1eOqOc+rw1K
+UytjgJozQSosgvznseV9eYGaM6prPVyNpHBVDz7RuXNu60izDDWIG6y5lMoPmX/C
+/h3hY15r5DwUgQ5awgNHk2TmW5qQQJT8Ef3hvkuISKY/vyMcOoBtN8P4KDRV8MGJ
+0dDl58ReeND9KYwj5y9IgruSqqfw/9n6ujbgdmPwIW/EQkxd7cBj93rz8AkZwHyq
+2PYMIAu7K9UHP9z+WQsdt4rv3LCQlj/tKYy9MhwRnSFDKNl0Aaa5vXi17pnf5aAw
+o0MrDyDRgLITGiYHqBdCAaOpnlno62F9QTwnnbTq+a26nMe29t8e7Woy4P+SMDwW
+W3hbK98etSgjyHw/0i41iqi1w4SQZP7tKYUR9KcbH8GpGOOZdwv8e5AZ3j9qnd4k
+1iUVXQOhwL3kP0F2FBVHc/RDpBQDstkdlNYRh4+2wRz24bbjbILMEfx/+KMb/53m
+MLdVhmN2b6roqwWppp9OnYADLzdZ4uGI+dLenLEYP+y0Ah5kp3jCbwMLTabLSG7s
+u1615I/mHq4c9cqeK3XJ+RjGG5VWSIFraHmdeXXLqWnafFPx84NI0sVOL0rrmDh4
+sW5S5WhMdtj59vJGdB19gyi7nTY6uVMsTVLQtU7InHyGHxWPzlUJNJnGkpLlwqJ4
+Mx6RG7OR5zyzwDvlFFK7Thk3BpA6RirKIySv4kNZUVswsNwEAMJ0P2Yl/nd92Fpw
+1Z4Um5FwwQjopdKXIWqcJgKUv0YIUvTWnHVAEB75/zZ+DdVei8eavS6exRJPbDVy
+BJuNlwVX9zwlecirUQdF01OBIVs+atz9
+-----END ENCRYPTED PRIVATE KEY-----
+</key>
+
+# Verify server certificate by checking
+# that the certicate has the nsCertType
+# field set to "server".  This is an
+# important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the nsCertType
+# field set to "server".  The build-key-server
+# script in the easy-rsa folder will do this.
+#
+# Note!
+# The option "ns-cert-type" has been deprecated since 
+# version 2.4 and will be removed from later distributions.
+#
+# Use the modern equivalent "remote-cert-tls"
+# 
+;ns-cert-type server
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+#
+# Don't forget to set the 'key-direction' Parameter if using
+# Inline Key. Usualy , sever has key direction '0', while client
+# has ke direction '1'.
+#
+key-direction 1
+<tls-auth>
+-----BEGIN OpenVPN Static key V1-----
+055e6b31c205ec1ace25b0ef1f0b3e80
+e74c454b9136ba2a73e77af7d1a69e27
+961a2792f86003c7e5477606511ab117
+86a4c648a987b4aed406d30bcf5c32b4
+da5405b247161f9f1cafcb82df78f63e
+e2151005472f97c913ab994c2b2fc3b0
+2c8e2b7d9b466a1f092f375f2a08f561
+b8e0c6bd019a5e9b9bc821715287f279
+ca56cdd6fcbb3fde55d44da9be2ec86a
+b81e52bc44f7c92174795dc12f95a6c1
+beeca15154a9c72872c3f205ccf601ea
+c610bd2aa828e052febb747c02cfdf4a
+959e9a86a01863bebb30ed8f79d13dae
+f58e8dde86d46026a27de24e6db51348
+1d395e5736eab696c653d1f68a972dc1
+e47de0993b8b5d57ecab103e70c4874a
+-----END OpenVPN Static key V1-----
+</tls-auth>
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+;cipher BF-CBC        # Blowfish (default)
+;cipher AES-128-CBC   # AES
+;cipher DES-EDE3-CBC  # Triple-DES
+cipher AES-256-CBC
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+;comp-lzo
+
+# Verbosity level.
+# 0 -- quiet except for fatal errors.
+# 1 -- mostly quiet, but display non-fatal network errors.
+# 3 -- medium output, good for normal operation.
+# 9 -- verbose, good for troubleshooting
+verb 1
+
+# Setting 'pull' on the client takes care to get the 'push' durectives
+# from the server
+pull
diff --git a/WF/openvpn/wf/crl.pem b/WF/openvpn/wf/crl.pem
new file mode 100644
index 0000000..2c054bf
--- /dev/null
+++ b/WF/openvpn/wf/crl.pem
@@ -0,0 +1,18 @@
+-----BEGIN X509 CRL-----
+MIIC5TCBzjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUxDzANBgNVBAgT
+BkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNV
+BAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEPMA0GA1UEKRMG
+VlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZRcNMTgwNTA0MTgz
+OTQzWhgPMjA1MDA1MDQxODM5NDNaMA0GCSqGSIb3DQEBCwUAA4ICAQClEKxg1LCG
+R6IHYZaVNO4HiLAOePi+bMs+gd2ym8258UBFApMHnD0zfYGeyCSB0NtdWcddOKHH
+ecjAT6kuHxAfKkEBgAdpqPov9RNI7ECQvy3QXdZMM+1AxXjsYRxg3GE9AW1/gRpU
+WvnMtK4MrkXoXtYVey/X6uOD3qoApM3M6CEuS8ZyTjh5bKiLHI3Alu09fPm2apvs
+jZfOxfkDVrG29coLfnMDRW91CSznBR4cKq0ePfg0W6DMgtY9cx3PYFtCov1yrCLN
+OTFGJsMg/D/VbBFr6lMyDJMmwlpA7UAItGeI/px2mId+W7yGijaqt2GBrBgu4zwF
+R+ib+L6VKaQs1lkq+m+6Qhd2ZTG2fL3BX8CkpM04cOJIyI5cCtjhOjg7OZYj42r7
+jA2L9bZmbJjrimVt7mV7gBGR3ZPJqcdWUYAEiNJDC9pEs7S6BFZI5LRObBNp7wF0
++sGSf709MNyAizPgAm4wEgpJhsqywhsMim2zNa5etr74kGQgeq+fAcCwkicmAp5F
+BRvUnU47GwaRBeEtranRy4pbKWqV9/GJ01ncV8K4SPb0FlT9cfoc42zWNOccp16e
+/tZ49Bgi7COj3DSE2SUpKKKjWenvw+7cjLt1rw/aFLxHQCCNnYd1upweRFPZQtf+
+3a4aTnwu1sUBcreS4WfrBk69GbNbClAF+A==
+-----END X509 CRL-----
diff --git a/WF/openvpn/wf/easy-rsa/build-ca b/WF/openvpn/wf/easy-rsa/build-ca
new file mode 120000
index 0000000..b76c6bc
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/build-ca
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-ca
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/build-dh b/WF/openvpn/wf/easy-rsa/build-dh
new file mode 120000
index 0000000..2baa885
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/build-dh
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-dh
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/build-inter b/WF/openvpn/wf/easy-rsa/build-inter
new file mode 120000
index 0000000..cada729
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/build-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-inter
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/build-key b/WF/openvpn/wf/easy-rsa/build-key
new file mode 120000
index 0000000..715432c
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/build-key
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/build-key-pass b/WF/openvpn/wf/easy-rsa/build-key-pass
new file mode 120000
index 0000000..49d0356
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/build-key-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pass
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/build-key-pkcs12 b/WF/openvpn/wf/easy-rsa/build-key-pkcs12
new file mode 120000
index 0000000..cf8e73e
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/build-key-pkcs12
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-pkcs12
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/build-key-server b/WF/openvpn/wf/easy-rsa/build-key-server
new file mode 120000
index 0000000..528087d
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/build-key-server
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-key-server
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/build-req b/WF/openvpn/wf/easy-rsa/build-req
new file mode 120000
index 0000000..870d885
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/build-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/build-req-pass b/WF/openvpn/wf/easy-rsa/build-req-pass
new file mode 120000
index 0000000..d35daa8
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/build-req-pass
@@ -0,0 +1 @@
+/usr/share/easy-rsa/build-req-pass
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/clean-all b/WF/openvpn/wf/easy-rsa/clean-all
new file mode 120000
index 0000000..c9f2970
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/clean-all
@@ -0,0 +1 @@
+/usr/share/easy-rsa/clean-all
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/inherit-inter b/WF/openvpn/wf/easy-rsa/inherit-inter
new file mode 120000
index 0000000..87736c6
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/inherit-inter
@@ -0,0 +1 @@
+/usr/share/easy-rsa/inherit-inter
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/list-crl b/WF/openvpn/wf/easy-rsa/list-crl
new file mode 120000
index 0000000..dfe3fa0
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/list-crl
@@ -0,0 +1 @@
+/usr/share/easy-rsa/list-crl
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/openssl-0.9.6.cnf b/WF/openvpn/wf/easy-rsa/openssl-0.9.6.cnf
new file mode 100644
index 0000000..fb08fea
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/openssl-0.9.6.cnf
@@ -0,0 +1,268 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/WF/openvpn/wf/easy-rsa/openssl-0.9.8.cnf b/WF/openvpn/wf/easy-rsa/openssl-0.9.8.cnf
new file mode 100644
index 0000000..90331a0
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/openssl-0.9.8.cnf
@@ -0,0 +1,293 @@
+# For use with easy-rsa version 2.0
+
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines                 = engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key	 	# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType			= server
+nsComment			= "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/WF/openvpn/wf/easy-rsa/openssl-1.0.0.cnf b/WF/openvpn/wf/easy-rsa/openssl-1.0.0.cnf
new file mode 100644
index 0000000..30689ad
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/openssl-1.0.0.cnf
@@ -0,0 +1,290 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+#default_days	= 3650			# how long to certify for
+default_days   = 11688
+#default_crl_days= 30			# how long before next CRL
+default_crl_days   = 11688
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/WF/openvpn/wf/easy-rsa/openssl-1.0.0.cnf.ORIG b/WF/openvpn/wf/easy-rsa/openssl-1.0.0.cnf.ORIG
new file mode 100644
index 0000000..c301e44
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/openssl-1.0.0.cnf.ORIG
@@ -0,0 +1,288 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+subjectAltName=$ENV::KEY_ALTNAMES
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName=$ENV::KEY_ALTNAMES
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0
diff --git a/WF/openvpn/wf/easy-rsa/openssl.cnf b/WF/openvpn/wf/easy-rsa/openssl.cnf
new file mode 120000
index 0000000..32474bd
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/openssl.cnf
@@ -0,0 +1 @@
+/etc/openvpn/wf/easy-rsa/openssl-1.0.0.cnf
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/pkitool b/WF/openvpn/wf/easy-rsa/pkitool
new file mode 120000
index 0000000..2f7047b
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/pkitool
@@ -0,0 +1 @@
+/usr/share/easy-rsa/pkitool
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/revoke-full b/WF/openvpn/wf/easy-rsa/revoke-full
new file mode 120000
index 0000000..5612776
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/revoke-full
@@ -0,0 +1 @@
+/usr/share/easy-rsa/revoke-full
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/sign-req b/WF/openvpn/wf/easy-rsa/sign-req
new file mode 120000
index 0000000..aad0401
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/sign-req
@@ -0,0 +1 @@
+/usr/share/easy-rsa/sign-req
\ No newline at end of file
diff --git a/WF/openvpn/wf/easy-rsa/vars b/WF/openvpn/wf/easy-rsa/vars
new file mode 100644
index 0000000..192652e
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/vars
@@ -0,0 +1,96 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+##export EASY_RSA="`pwd`"
+export BASE_DIR="/etc/openvpn/wf"
+export EASY_RSA="$BASE_DIR/easy-rsa"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+##export KEY_DIR="$EASY_RSA/keys"
+export KEY_DIR="$BASE_DIR/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+##export KEY_SIZE=2048
+export KEY_SIZE=4096
+
+# In how many days should the root CA key expire?
+##export CA_EXPIRE=3650
+export CA_EXPIRE=11688
+
+# In how many days should certificates expire?
+##export KEY_EXPIRE=3650
+export KEY_EXPIRE=7305
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+##export KEY_COUNTRY="US"
+export KEY_COUNTRY="DE"
+##export KEY_PROVINCE="CA"
+export KEY_PROVINCE="Berlin"
+##export KEY_CITY="SanFrancisco"
+export KEY_CITY="Berlin"
+##export KEY_ORG="Fort-Funston"
+export KEY_ORG="o.open"
+##export KEY_EMAIL="me@myhost.mydomain"
+export KEY_EMAIL="argus@oopen.de"
+##export KEY_OU="MyOrganizationalUnit"
+export KEY_OU="Network Services"
+
+# X509 Subject Field
+##export KEY_NAME="EasyRSA"
+export KEY_NAME="VPN WF"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+## export KEY_CN="CommonName"
+export KEY_CN="VPN-WF"
+
+export KEY_ALTNAMES="VPN-WF"
diff --git a/WF/openvpn/wf/easy-rsa/vars.2018-05-04-2014 b/WF/openvpn/wf/easy-rsa/vars.2018-05-04-2014
new file mode 100644
index 0000000..e60420c
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/vars.2018-05-04-2014
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="`pwd`"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid.  This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE=2048
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY="US"
+export KEY_PROVINCE="CA"
+export KEY_CITY="SanFrancisco"
+export KEY_ORG="Fort-Funston"
+export KEY_EMAIL="me@myhost.mydomain"
+export KEY_OU="MyOrganizationalUnit"
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
diff --git a/WF/openvpn/wf/easy-rsa/whichopensslcnf b/WF/openvpn/wf/easy-rsa/whichopensslcnf
new file mode 120000
index 0000000..d1d4acf
--- /dev/null
+++ b/WF/openvpn/wf/easy-rsa/whichopensslcnf
@@ -0,0 +1 @@
+/usr/share/easy-rsa/whichopensslcnf
\ No newline at end of file
diff --git a/WF/openvpn/wf/ipp.txt b/WF/openvpn/wf/ipp.txt
new file mode 100644
index 0000000..b0d8c5e
--- /dev/null
+++ b/WF/openvpn/wf/ipp.txt
@@ -0,0 +1 @@
+kaya,10.0.52.2
diff --git a/WF/openvpn/wf/keys-created.txt b/WF/openvpn/wf/keys-created.txt
new file mode 100644
index 0000000..639bc09
--- /dev/null
+++ b/WF/openvpn/wf/keys-created.txt
@@ -0,0 +1,24 @@
+
+key...............: axel.key
+common name.......: VPN-WF-axel
+password..........: q9LdCJL9WtHm
+
+key...............: chris.key
+common name.......: VPN-WF-chris
+password..........: dbddhkpuka.&EadGl15E.
+
+key...............: kaya.key
+common name.......: VPN-WF-kaya
+password..........: T4gJW4b3v333
+
+key...............: mariette.key
+common name.......: VPN-WF-mariette
+password..........: fFdxvj4zvFqx
+
+key...............: lalix.key
+common name.......: VPN-WF-lalix
+password..........: xwF3JVtH7vRd
+
+key...............: christian.key
+common name.......: VPN-WF-christian
+password..........: wt4chFxH7pFp
diff --git a/WF/openvpn/wf/keys/01.pem b/WF/openvpn/wf/keys/01.pem
new file mode 100644
index 0000000..65cd422
--- /dev/null
+++ b/WF/openvpn/wf/keys/01.pem
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  4 18:39:28 2018 GMT
+            Not After : May  4 18:39:28 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-server/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:aa:1f:6d:98:84:46:ad:d4:b9:bf:08:13:8c:b6:
+                    6b:21:91:0d:7f:69:e0:a0:9e:79:61:d8:1c:43:07:
+                    0e:e8:a3:96:e5:83:22:41:32:87:94:1a:dd:56:05:
+                    7e:aa:40:a4:bb:23:fd:31:9c:57:c8:eb:06:be:02:
+                    22:15:e7:3d:25:57:4e:48:46:4b:ec:e1:f5:b2:1b:
+                    fc:2d:f7:38:4c:71:1b:11:26:a0:2a:bc:01:19:78:
+                    df:e2:03:73:5e:3a:45:bc:1e:d4:f9:25:0d:56:ea:
+                    06:ec:58:cb:4b:11:a1:a7:7b:c1:06:f9:a6:44:30:
+                    03:68:71:05:7e:f8:12:a4:53:b4:83:21:bb:3d:52:
+                    5e:0b:f2:d7:99:7a:e8:e7:4a:99:42:85:8b:f0:b3:
+                    3d:16:b8:30:44:0f:12:2e:e1:d0:ab:74:ac:27:50:
+                    ad:30:2d:08:eb:b0:ff:1e:13:8a:d7:c4:09:a1:93:
+                    c8:a8:08:25:ce:f9:c2:6d:47:b3:f8:f9:70:7f:dc:
+                    6d:03:ba:66:6b:27:cf:69:b9:b1:84:24:1d:e4:da:
+                    4a:d0:c5:8e:93:33:8f:ef:da:00:f1:dd:55:8f:86:
+                    ef:8b:9a:0f:c6:75:9d:42:d5:e4:69:20:fd:86:54:
+                    19:18:c5:e0:ee:ec:9a:a1:2b:19:82:aa:d9:c4:23:
+                    23:00:06:ba:b1:45:c2:80:7e:d4:62:9a:9e:36:02:
+                    7e:9c:3f:0f:66:f1:ee:17:4c:11:e0:ca:4c:ab:62:
+                    0e:0c:2d:e9:89:86:66:e1:d6:9c:8e:13:22:eb:a8:
+                    1d:11:57:4b:4a:c9:ac:f2:a9:38:60:0e:3a:d9:02:
+                    21:35:c0:25:9a:6a:57:46:e6:87:e0:10:58:ac:5a:
+                    cc:35:df:18:5e:de:65:93:09:37:4f:42:62:43:e2:
+                    18:a9:60:cd:26:0f:c1:1c:48:97:ac:35:0a:e5:f4:
+                    55:42:15:53:d4:b7:7a:23:a6:4e:f0:8d:9c:1d:cc:
+                    b4:a3:47:bf:ae:25:9e:47:48:c3:43:76:f2:af:f1:
+                    a9:7b:e2:62:3c:e1:09:19:22:43:44:36:1f:4b:cd:
+                    71:82:04:50:be:18:56:8c:7d:d7:53:7d:ae:06:a4:
+                    cf:cc:dd:18:1e:88:35:13:54:0f:af:20:dd:6c:3c:
+                    6a:40:95:5d:26:af:bb:93:fa:19:23:f7:c4:a9:2a:
+                    a1:2e:3d:9d:50:cd:e8:8f:04:2b:c5:bc:84:f5:50:
+                    1b:b2:ab:bf:90:1b:fc:28:ce:a9:fe:ed:dc:df:7a:
+                    13:7d:49:90:31:c8:96:31:2b:84:5f:83:c6:6d:60:
+                    c7:2a:67:5e:e2:dc:a6:8e:6a:b4:77:30:d4:18:9a:
+                    d9:7b:2b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                2D:CE:7B:8E:D1:5B:3D:27:B4:94:77:91:2A:7F:6C:5D:30:48:19:6D
+            X509v3 Authority Key Identifier: 
+                keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D8:4C:CB:28:B5:71:54:BB
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         0b:8a:78:db:46:df:b5:60:cd:88:b9:9c:52:be:7b:e6:60:5b:
+         ef:a7:9c:24:ab:9c:04:87:b5:59:fc:11:16:2b:d8:64:7e:0c:
+         c5:01:2b:3d:29:97:5a:b0:1e:77:5d:39:f1:f5:dc:31:55:56:
+         d5:f7:10:1b:8f:9e:8e:f2:47:36:d1:fe:fb:a5:5b:69:58:16:
+         82:49:2c:5c:54:82:4c:0a:71:f7:e0:c8:f8:a2:1f:85:7d:fa:
+         f2:9b:6e:6e:78:04:88:49:65:cc:02:59:c8:73:66:75:3f:81:
+         6e:ac:83:b4:ed:54:2d:5e:0e:9e:d3:40:88:6e:91:e4:9c:6e:
+         4b:06:77:ec:74:cd:f9:f9:7f:5d:1b:72:5e:a0:14:7a:82:63:
+         ea:55:88:e3:23:59:36:e5:69:37:a0:7b:ae:b5:63:25:6a:e2:
+         b6:b3:35:b7:06:f9:17:6e:ed:b5:3d:1b:2f:5f:ea:96:b5:a2:
+         a8:d0:45:14:7a:b6:96:a8:ee:3d:2f:5e:7f:40:1a:69:81:c6:
+         2a:fa:10:a7:5d:8c:a1:c2:ed:00:f0:72:71:6e:6d:f1:0c:91:
+         ee:2d:0e:c5:4c:d1:e1:99:8c:4a:92:3a:f9:42:5b:cc:12:3f:
+         9e:17:31:5f:b0:6f:2e:e8:24:8f:1f:a1:82:bd:06:6e:e9:6d:
+         32:06:1c:58:d4:61:7e:05:8d:9b:57:8d:29:6a:d5:c6:c8:21:
+         d2:8a:26:c4:1e:40:7c:c8:f3:9b:99:8f:43:57:93:b7:dc:7f:
+         80:19:e7:cf:b3:25:35:46:00:38:e7:ec:1f:1a:4f:eb:4c:fd:
+         f5:fd:cc:14:96:58:51:ae:7e:7a:2a:78:2c:85:9d:c3:ae:a0:
+         6d:9d:45:ac:e1:67:36:e9:f1:b3:8c:e2:ac:55:9e:8c:7a:8d:
+         05:61:11:40:36:ae:cb:f5:13:0f:a0:27:16:96:01:3a:d3:13:
+         a6:ed:6f:77:20:36:2c:8b:86:60:5c:74:28:5d:2c:37:66:8b:
+         ae:a1:ae:0b:e9:87:05:8f:37:6a:96:1e:8f:bc:67:18:cb:e2:
+         77:56:42:4c:97:a4:2e:0c:f6:d9:0e:eb:80:41:de:a3:01:dd:
+         e3:62:05:af:e4:48:a4:93:a1:c2:0e:3a:13:27:86:b8:1d:fe:
+         7b:78:18:f0:41:83:8d:7a:ec:40:9b:c9:80:29:78:dd:da:a2:
+         64:6b:74:89:ed:23:bd:08:3f:fe:51:95:ff:33:bc:0e:6c:b5:
+         6d:02:da:2e:48:a7:04:4f:b6:ff:b4:a5:04:c4:95:3e:2a:94:
+         2a:73:b9:e0:99:21:b5:d1:dd:c7:0f:76:ae:e5:f1:98:5c:01:
+         d2:9c:23:69:0b:12:10:ef
+-----BEGIN CERTIFICATE-----
+MIIHPjCCBSagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDQxODM5MjhaFw0zODA1MDQxODM5MjhaMIGjMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEWMBQGA1UEAxMNVlBOLVdGLXNl
+cnZlcjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKofbZiERq3Uub8I
+E4y2ayGRDX9p4KCeeWHYHEMHDuijluWDIkEyh5Qa3VYFfqpApLsj/TGcV8jrBr4C
+IhXnPSVXTkhGS+zh9bIb/C33OExxGxEmoCq8ARl43+IDc146Rbwe1PklDVbqBuxY
+y0sRoad7wQb5pkQwA2hxBX74EqRTtIMhuz1SXgvy15l66OdKmUKFi/CzPRa4MEQP
+Ei7h0Kt0rCdQrTAtCOuw/x4TitfECaGTyKgIJc75wm1Hs/j5cH/cbQO6Zmsnz2m5
+sYQkHeTaStDFjpMzj+/aAPHdVY+G74uaD8Z1nULV5Gkg/YZUGRjF4O7smqErGYKq
+2cQjIwAGurFFwoB+1GKanjYCfpw/D2bx7hdMEeDKTKtiDgwt6YmGZuHWnI4TIuuo
+HRFXS0rJrPKpOGAOOtkCITXAJZpqV0bmh+AQWKxazDXfGF7eZZMJN09CYkPiGKlg
+zSYPwRxIl6w1CuX0VUIVU9S3eiOmTvCNnB3MtKNHv64lnkdIw0N28q/xqXviYjzh
+CRkiQ0Q2H0vNcYIEUL4YVox911N9rgakz8zdGB6INRNUD68g3Ww8akCVXSavu5P6
+GSP3xKkqoS49nVDN6I8EK8W8hPVQG7Krv5Ab/CjOqf7t3N96E31JkDHIljErhF+D
+xm1gxypnXuLcpo5qtHcw1Bia2XsrAgMBAAGjggGAMIIBfDAJBgNVHRMEAjAAMBEG
+CWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJh
+dGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQULc57jtFbPSe0lHeRKn9s
+XTBIGW0wgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltza9wPl9lg9fGhgaKkgZ8w
+gZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8w
+DQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzATBgNVHSUEDDAKBggrBgEFBQcDATAL
+BgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IC
+AQALinjbRt+1YM2IuZxSvnvmYFvvp5wkq5wEh7VZ/BEWK9hkfgzFASs9KZdasB53
+XTnx9dwxVVbV9xAbj56O8kc20f77pVtpWBaCSSxcVIJMCnH34Mj4oh+Fffrym25u
+eASISWXMAlnIc2Z1P4FurIO07VQtXg6e00CIbpHknG5LBnfsdM35+X9dG3JeoBR6
+gmPqVYjjI1k25Wk3oHuutWMlauK2szW3BvkXbu21PRsvX+qWtaKo0EUUeraWqO49
+L15/QBppgcYq+hCnXYyhwu0A8HJxbm3xDJHuLQ7FTNHhmYxKkjr5QlvMEj+eFzFf
+sG8u6CSPH6GCvQZu6W0yBhxY1GF+BY2bV40patXGyCHSiibEHkB8yPObmY9DV5O3
+3H+AGefPsyU1RgA45+wfGk/rTP31/cwUllhRrn56KngshZ3DrqBtnUWs4Wc26fGz
+jOKsVZ6Meo0FYRFANq7L9RMPoCcWlgE60xOm7W93IDYsi4ZgXHQoXSw3Zouuoa4L
+6YcFjzdqlh6PvGcYy+J3VkJMl6QuDPbZDuuAQd6jAd3jYgWv5Eikk6HCDjoTJ4a4
+Hf57eBjwQYONeuxAm8mAKXjd2qJka3SJ7SO9CD/+UZX/M7wObLVtAtouSKcET7b/
+tKUExJU+KpQqc7ngmSG10d3HD3au5fGYXAHSnCNpCxIQ7w==
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/wf/keys/02.pem b/WF/openvpn/wf/keys/02.pem
new file mode 100644
index 0000000..b3a86bc
--- /dev/null
+++ b/WF/openvpn/wf/keys/02.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:30:46 2018 GMT
+            Not After : May  5 09:30:46 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-axel/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c0:d1:e2:70:f3:fc:1f:c6:5a:55:25:e5:94:e1:
+                    c6:3e:15:57:d2:b9:9f:2e:7e:1e:1a:63:f2:96:cd:
+                    a4:4b:7f:1b:f7:90:f6:bf:cb:ce:04:6f:68:50:52:
+                    6a:37:b2:a4:b3:fd:3c:88:c7:f0:9b:fe:4c:5d:ae:
+                    2d:9a:3c:96:37:01:af:3b:ac:ad:44:51:93:20:ee:
+                    d4:85:99:22:d1:c5:6d:7a:83:d0:e6:29:e5:c9:6c:
+                    b1:73:90:58:40:21:7e:f1:bc:7a:08:94:c7:47:96:
+                    b3:82:dc:13:b1:e8:e5:87:4e:8c:21:2c:7f:37:5c:
+                    2a:0a:ea:1d:a0:17:bb:3b:fb:e7:0a:12:1c:ee:01:
+                    f3:de:4a:47:fd:b9:f9:77:ee:87:84:c9:d5:33:ee:
+                    b9:57:d7:12:b0:4d:bf:fa:16:f1:82:18:2d:b2:c8:
+                    96:7f:fe:08:20:96:65:d9:77:92:e7:0f:5f:fc:a2:
+                    3a:b6:ae:59:d6:13:bc:bf:d1:a3:5a:14:74:ed:f4:
+                    e3:6b:a7:c9:0e:6b:b5:c7:5f:d8:b6:ef:5e:e9:0e:
+                    68:4a:7d:2e:e2:1a:13:b9:f9:e0:dc:b3:43:19:09:
+                    42:4d:09:e0:45:d1:8f:36:40:5d:f0:6b:c9:2c:26:
+                    17:17:c6:5b:25:fa:a8:30:1f:62:57:e9:0f:09:aa:
+                    5f:80:8e:76:8c:c1:e9:8f:59:62:47:35:b3:0b:6d:
+                    c1:3b:54:19:23:b7:11:63:74:ed:ee:aa:bf:a0:b9:
+                    51:31:63:64:e9:06:b1:10:65:14:db:41:cc:52:11:
+                    d9:bb:ae:de:75:70:80:13:f5:6c:ec:2d:2d:d5:b5:
+                    b1:0b:dd:2f:6b:12:c0:1c:2c:9c:92:e5:a9:88:19:
+                    d5:90:f2:90:08:da:a0:bc:95:40:7f:10:cb:89:ac:
+                    03:f1:80:98:ca:df:10:7a:72:a8:54:80:33:ba:f6:
+                    e5:23:f4:6d:d6:11:75:61:dd:87:0e:f4:e1:e4:2a:
+                    b7:6e:7b:6a:fa:73:3a:97:23:05:78:9f:53:05:7e:
+                    5d:ce:95:27:f6:ea:37:19:b2:d6:ed:83:9e:c0:85:
+                    b8:16:7a:b3:57:09:f4:94:8b:80:54:98:06:d1:2c:
+                    cd:2f:2b:c3:bf:88:b5:a2:cd:c6:f3:b4:04:4b:bd:
+                    08:6a:78:04:d8:8b:16:84:5b:a5:37:0c:2e:3b:1e:
+                    0b:14:63:35:45:67:2a:a2:26:1f:38:41:53:e8:83:
+                    48:0c:60:a0:25:d6:7e:3a:9e:68:76:9d:ca:f0:27:
+                    44:45:6d:9f:ad:fb:19:2e:bc:8b:2b:63:76:78:63:
+                    d7:8b:0a:2c:76:b8:48:8c:eb:87:a9:1d:82:af:73:
+                    80:25:cf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                CE:C5:B3:DC:D8:6F:8F:EA:09:99:B9:41:64:B7:22:D5:BC:F9:A6:98
+            X509v3 Authority Key Identifier: 
+                keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D8:4C:CB:28:B5:71:54:BB
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:axel
+    Signature Algorithm: sha256WithRSAEncryption
+         5d:62:04:7e:b8:0d:61:4f:fb:56:57:3f:4d:a9:f8:6f:68:a5:
+         ab:92:1c:b2:04:32:5f:a4:02:2e:3a:1d:d8:59:28:2f:8c:1b:
+         9c:33:a3:c3:17:a8:5f:52:df:0c:d2:2a:52:6c:08:47:5f:12:
+         ca:50:9e:cb:4d:b2:48:4a:67:26:9f:a0:79:39:41:be:a1:2e:
+         f1:51:82:81:90:bd:34:54:9b:9f:7a:56:59:74:e6:74:b0:e9:
+         cf:5a:52:85:df:db:66:76:14:03:ae:0a:fd:3c:6d:2a:e5:f4:
+         76:b5:2c:32:69:11:d7:94:0b:40:05:2f:da:bd:01:04:d3:9d:
+         3a:d1:93:bc:26:05:f1:17:99:b9:db:52:93:10:b6:da:d0:21:
+         53:7b:e4:86:12:fd:67:bf:87:7d:cf:cd:75:80:2d:74:e9:9e:
+         c8:76:df:23:3c:37:cb:c0:90:41:ea:f7:38:23:d6:5f:54:55:
+         b2:27:31:4e:d3:54:2c:51:a9:7f:17:30:c7:21:19:37:1d:1d:
+         75:f3:a4:73:cb:79:d1:be:b4:6f:12:da:f0:be:51:c6:db:2f:
+         4e:b4:46:6c:5a:b5:c5:0d:c7:44:00:ee:cc:96:79:a9:45:ee:
+         cd:dc:69:71:61:c0:a5:46:05:24:e9:85:86:ce:4d:3e:3a:a5:
+         bb:7c:ef:2e:0a:5a:9f:b2:1f:38:4b:b0:67:f5:8f:78:6e:71:
+         86:43:9e:a7:71:85:6e:e2:19:b4:5c:18:63:49:6b:0a:da:54:
+         29:4d:18:05:80:f9:08:87:e6:c4:6a:01:b0:c3:7a:d2:ee:cf:
+         93:b9:43:bc:2f:0b:1f:8b:61:e5:64:08:c4:45:5c:5b:52:be:
+         1f:51:56:a7:b4:15:c4:88:6a:cf:d0:3a:fa:34:03:e8:bb:8a:
+         e5:49:bb:60:1d:b7:fd:e3:d3:bf:0c:7c:28:15:26:de:f8:5b:
+         2a:9c:88:35:80:a6:5b:a2:55:ad:bf:69:56:f8:e9:7e:a8:4c:
+         0a:99:44:48:d5:90:8a:41:3f:d1:ca:c1:c4:18:c6:96:e1:f0:
+         72:cc:2c:35:8e:63:78:1b:00:f6:1d:6b:a1:db:cf:f5:b6:e5:
+         94:27:e9:02:bd:35:2a:01:81:85:7a:01:2a:88:23:15:4e:3d:
+         5b:9a:31:fe:10:6a:1f:d1:29:0c:46:72:ed:25:73:61:2c:8c:
+         29:88:55:7e:44:e9:6f:d9:33:4a:47:48:a1:6e:17:8f:bd:12:
+         df:47:da:d6:3a:4a:7e:d5:43:7e:c6:01:5e:29:bc:44:14:9f:
+         0c:38:fa:86:0f:41:5d:5a:e9:27:83:12:7f:75:2f:e8:06:d6:
+         2a:f9:5d:0a:6c:fe:0f:cb
+-----BEGIN CERTIFICATE-----
+MIIHIDCCBQigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTMwNDZaFw0zODA1MDUwOTMwNDZaMIGhMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxMLVlBOLVdGLWF4
+ZWwxDzANBgNVBCkTBlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDA0eJw8/wfxlpVJeWU
+4cY+FVfSuZ8ufh4aY/KWzaRLfxv3kPa/y84Eb2hQUmo3sqSz/TyIx/Cb/kxdri2a
+PJY3Aa87rK1EUZMg7tSFmSLRxW16g9DmKeXJbLFzkFhAIX7xvHoIlMdHlrOC3BOx
+6OWHTowhLH83XCoK6h2gF7s7++cKEhzuAfPeSkf9ufl37oeEydUz7rlX1xKwTb/6
+FvGCGC2yyJZ//ggglmXZd5LnD1/8ojq2rlnWE7y/0aNaFHTt9ONrp8kOa7XHX9i2
+717pDmhKfS7iGhO5+eDcs0MZCUJNCeBF0Y82QF3wa8ksJhcXxlsl+qgwH2JX6Q8J
+ql+AjnaMwemPWWJHNbMLbcE7VBkjtxFjdO3uqr+guVExY2TpBrEQZRTbQcxSEdm7
+rt51cIAT9WzsLS3VtbEL3S9rEsAcLJyS5amIGdWQ8pAI2qC8lUB/EMuJrAPxgJjK
+3xB6cqhUgDO69uUj9G3WEXVh3YcO9OHkKrdue2r6czqXIwV4n1MFfl3OlSf26jcZ
+stbtg57AhbgWerNXCfSUi4BUmAbRLM0vK8O/iLWizcbztARLvQhqeATYixaEW6U3
+DC47HgsUYzVFZyqiJh84QVPog0gMYKAl1n46nmh2ncrwJ0RFbZ+t+xkuvIsrY3Z4
+Y9eLCix2uEiM64epHYKvc4AlzwIDAQABo4IBZDCCAWAwCQYDVR0TBAIwADAtBglg
+hkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBTOxbPc2G+P6gmZuUFktyLVvPmmmDCB0QYDVR0jBIHJMIHGgBRPPogU4aEh
+KOPmW3Nr3A+X2WD18aGBoqSBnzCBnDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
+cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
+EE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEPMA0GA1UEKRMGVlBO
+IFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANhMyyi1cVS7MBMG
+A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAPBgNVHREECDAGggRheGVs
+MA0GCSqGSIb3DQEBCwUAA4ICAQBdYgR+uA1hT/tWVz9NqfhvaKWrkhyyBDJfpAIu
+Oh3YWSgvjBucM6PDF6hfUt8M0ipSbAhHXxLKUJ7LTbJISmcmn6B5OUG+oS7xUYKB
+kL00VJufelZZdOZ0sOnPWlKF39tmdhQDrgr9PG0q5fR2tSwyaRHXlAtABS/avQEE
+05060ZO8JgXxF5m521KTELba0CFTe+SGEv1nv4d9z811gC106Z7Idt8jPDfLwJBB
+6vc4I9ZfVFWyJzFO01QsUal/FzDHIRk3HR1186Rzy3nRvrRvEtrwvlHG2y9OtEZs
+WrXFDcdEAO7MlnmpRe7N3GlxYcClRgUk6YWGzk0+OqW7fO8uClqfsh84S7Bn9Y94
+bnGGQ56ncYVu4hm0XBhjSWsK2lQpTRgFgPkIh+bEagGww3rS7s+TuUO8Lwsfi2Hl
+ZAjERVxbUr4fUVantBXEiGrP0Dr6NAPou4rlSbtgHbf949O/DHwoFSbe+FsqnIg1
+gKZbolWtv2lW+Ol+qEwKmURI1ZCKQT/RysHEGMaW4fByzCw1jmN4GwD2HWuh28/1
+tuWUJ+kCvTUqAYGFegEqiCMVTj1bmjH+EGof0SkMRnLtJXNhLIwpiFV+ROlv2TNK
+R0ihbhePvRLfR9rWOkp+1UN+xgFeKbxEFJ8MOPqGD0FdWukngxJ/dS/oBtYq+V0K
+bP4Pyw==
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/wf/keys/03.pem b/WF/openvpn/wf/keys/03.pem
new file mode 100644
index 0000000..9f3e5e2
--- /dev/null
+++ b/WF/openvpn/wf/keys/03.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:32:50 2018 GMT
+            Not After : May  5 09:32:50 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-chris/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:ac:28:bc:5c:b2:3a:38:2a:30:40:f2:df:24:c2:
+                    62:c6:91:61:eb:ce:df:64:f4:3d:0b:72:c3:f7:58:
+                    27:45:b6:7b:79:8e:a1:5c:10:3b:f7:92:5d:d7:d9:
+                    61:02:70:7c:c3:8e:f1:ca:41:60:50:68:5f:bd:a2:
+                    cf:e6:ef:b2:ad:82:dd:f3:bb:42:27:5a:1b:79:87:
+                    1e:93:2a:1a:26:e2:cd:39:a1:a6:44:bb:50:05:f6:
+                    00:b9:8c:11:12:ec:64:c1:8c:62:2c:27:f2:21:71:
+                    ab:2f:01:97:0e:0b:ac:7a:b9:84:6b:4d:69:a5:90:
+                    08:c6:43:72:b9:27:7e:31:b1:18:41:60:c8:5a:06:
+                    31:9c:8f:5f:06:6a:16:75:47:ad:c6:5f:6d:4b:c1:
+                    3a:9c:7d:40:2c:2d:01:e4:76:13:17:0b:0e:8a:ae:
+                    d8:54:fb:69:c4:9b:85:a4:bd:d8:4d:48:2e:c8:2f:
+                    b9:92:e9:8c:bb:5c:44:7e:39:a4:2b:ea:2b:1d:8a:
+                    c0:d2:39:04:ee:76:43:a1:09:1e:2e:95:83:d1:85:
+                    91:fc:d7:a0:12:0a:b9:6c:d4:22:e2:f9:4e:36:a6:
+                    79:1a:12:53:75:56:f4:f2:77:98:82:d9:dd:63:c1:
+                    bf:97:62:99:ed:6f:55:36:20:fa:d6:11:41:b6:fb:
+                    24:b2:d5:2a:2c:5c:58:d2:bc:fd:d4:14:33:2a:d7:
+                    db:de:79:c9:25:1e:92:ce:d0:8e:03:58:9a:c1:f8:
+                    a9:2b:2a:6f:53:47:65:42:39:4d:f0:be:f3:d9:af:
+                    07:42:07:8b:fa:8c:17:fb:6f:48:5f:ca:01:c2:df:
+                    19:38:25:f5:33:e8:4f:da:c5:9e:46:c3:b4:9c:b4:
+                    c4:75:bd:87:f5:11:fb:fb:d6:01:67:d3:49:45:65:
+                    96:1e:27:47:7b:56:80:14:7d:02:89:17:bc:7a:0a:
+                    2a:9d:5a:1f:1c:a5:d7:c0:ee:43:1a:e1:41:b0:aa:
+                    6a:8b:c9:be:5f:ff:63:6c:c3:a0:5a:64:12:a0:c5:
+                    04:88:7a:14:9c:17:ee:9d:e8:bb:45:9e:0b:32:74:
+                    8d:89:fa:95:2b:42:1b:2a:9c:90:f3:0f:75:7a:a4:
+                    41:f4:74:0d:2a:fd:36:33:c9:49:fc:0b:1f:45:78:
+                    e1:c4:25:5e:a4:6c:a1:de:cc:85:77:9d:de:f8:5d:
+                    b0:25:f5:f5:4b:22:19:49:10:f2:b9:ac:9a:1c:db:
+                    60:18:c1:2a:37:e1:5e:b9:7c:17:b3:26:68:8f:f7:
+                    f4:10:75:ec:11:aa:09:bd:93:40:d7:8e:2b:33:e2:
+                    07:39:4e:cc:5f:7a:e6:5b:3e:76:a1:47:1a:45:90:
+                    c2:8d:ed
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                44:B8:B9:2D:98:73:3A:7A:EE:7E:39:44:5D:BE:7A:84:96:1C:9A:99
+            X509v3 Authority Key Identifier: 
+                keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D8:4C:CB:28:B5:71:54:BB
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         7f:37:c3:2c:7f:75:3d:ff:ed:0c:9e:ab:c1:f5:06:f7:e6:1d:
+         23:20:75:f0:b1:5a:8a:66:ce:21:a1:2f:65:0d:38:16:d7:29:
+         c7:fe:56:6e:76:8b:d5:25:cd:20:95:67:6f:f0:d3:87:03:03:
+         e7:69:87:ea:45:8d:9f:ea:bd:8e:d9:ad:40:24:0d:94:2b:1b:
+         ba:2e:67:8b:70:50:b1:11:54:b5:65:da:f7:5f:42:08:b1:6c:
+         2d:83:3b:3c:79:97:b0:db:54:92:98:5e:76:f4:f5:6b:24:95:
+         70:06:66:5f:13:c8:ed:f8:d1:8c:03:cf:5d:3b:46:31:85:2e:
+         7a:e5:3c:26:f6:7f:20:55:d6:2e:bc:bf:13:41:f6:32:87:af:
+         26:3d:ab:64:02:2c:d2:bb:cc:fd:fe:6c:67:87:2d:d6:2d:ff:
+         50:a0:42:8c:9d:73:8a:67:2f:f6:7b:61:c9:cb:29:cc:86:56:
+         2c:9f:21:0c:eb:33:b6:66:74:07:1e:2d:00:36:69:a0:2d:6a:
+         72:7d:78:33:1f:59:4f:a3:ef:74:4e:ad:fc:ba:a7:e6:80:9d:
+         d5:c4:b9:a8:b6:11:2c:2c:a2:7e:fe:e5:17:fc:98:b2:1f:75:
+         ad:f4:24:58:fd:40:4f:51:4b:4e:3f:c8:e1:92:1b:c5:b9:b3:
+         7a:70:c3:eb:e9:c5:7f:40:f4:ca:53:2e:28:97:7c:4a:d8:09:
+         94:f7:c8:0b:e9:45:76:ef:12:23:41:2f:99:b8:4c:f1:95:cd:
+         93:e2:57:83:11:7e:09:ba:c9:dc:73:b0:95:56:47:95:98:70:
+         e6:cf:49:b6:f2:92:e3:29:aa:5f:41:0f:35:a1:fd:84:99:a8:
+         c5:79:e3:70:ab:3c:62:5f:af:90:dc:4a:94:1f:94:c0:fd:7f:
+         e6:e1:6b:bc:f5:77:39:38:1d:cc:fe:fc:a9:7c:5c:45:bc:3d:
+         cd:3f:e3:22:27:e0:ae:6d:20:e0:74:73:92:04:89:0a:8a:e7:
+         ea:c3:7f:e2:36:ba:6c:f0:e4:22:f4:a1:d3:eb:7a:4e:13:3d:
+         a6:a1:a8:e9:09:2f:82:ff:64:a9:aa:07:2f:21:1b:a8:9e:4b:
+         ba:87:8b:a3:24:4c:23:15:60:f4:44:53:2d:2a:b1:2d:fd:d0:
+         69:91:57:02:6d:ad:97:55:f6:e8:23:a3:23:9f:ce:38:78:ce:
+         1d:46:90:2a:32:9e:07:81:e5:0f:3e:9e:bf:06:41:81:54:03:
+         4f:ab:55:ab:b6:13:8d:9b:5e:71:43:c0:2f:92:a8:6c:62:b1:
+         91:64:8f:ab:b2:03:a4:22:02:7c:15:ab:19:83:5e:d8:30:68:
+         95:f2:e8:af:65:d8:e8:2b
+-----BEGIN CERTIFICATE-----
+MIIHIjCCBQqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTMyNTBaFw0zODA1MDUwOTMyNTBaMIGiMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLVdGLWNo
+cmlzMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArCi8XLI6OCowQPLf
+JMJixpFh687fZPQ9C3LD91gnRbZ7eY6hXBA795Jd19lhAnB8w47xykFgUGhfvaLP
+5u+yrYLd87tCJ1obeYcekyoaJuLNOaGmRLtQBfYAuYwREuxkwYxiLCfyIXGrLwGX
+DgusermEa01ppZAIxkNyuSd+MbEYQWDIWgYxnI9fBmoWdUetxl9tS8E6nH1ALC0B
+5HYTFwsOiq7YVPtpxJuFpL3YTUguyC+5kumMu1xEfjmkK+orHYrA0jkE7nZDoQke
+LpWD0YWR/NegEgq5bNQi4vlONqZ5GhJTdVb08neYgtndY8G/l2KZ7W9VNiD61hFB
+tvskstUqLFxY0rz91BQzKtfb3nnJJR6SztCOA1iawfipKypvU0dlQjlN8L7z2a8H
+QgeL+owX+29IX8oBwt8ZOCX1M+hP2sWeRsO0nLTEdb2H9RH7+9YBZ9NJRWWWHidH
+e1aAFH0CiRe8egoqnVofHKXXwO5DGuFBsKpqi8m+X/9jbMOgWmQSoMUEiHoUnBfu
+nei7RZ4LMnSNifqVK0IbKpyQ8w91eqRB9HQNKv02M8lJ/AsfRXjhxCVepGyh3syF
+d53e+F2wJfX1SyIZSRDyuayaHNtgGMEqN+FeuXwXsyZoj/f0EHXsEaoJvZNA144r
+M+IHOU7MX3rmWz52oUcaRZDCje0CAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
+YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQURLi5LZhzOnrufjlEXb56hJYcmpkwgdEGA1UdIwSByTCBxoAUTz6IFOGh
+ISjj5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQ
+TiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAT
+BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hy
+aXMwDQYJKoZIhvcNAQELBQADggIBAH83wyx/dT3/7Qyeq8H1BvfmHSMgdfCxWopm
+ziGhL2UNOBbXKcf+Vm52i9UlzSCVZ2/w04cDA+dph+pFjZ/qvY7ZrUAkDZQrG7ou
+Z4twULERVLVl2vdfQgixbC2DOzx5l7DbVJKYXnb09WsklXAGZl8TyO340YwDz107
+RjGFLnrlPCb2fyBV1i68vxNB9jKHryY9q2QCLNK7zP3+bGeHLdYt/1CgQoydc4pn
+L/Z7YcnLKcyGViyfIQzrM7ZmdAceLQA2aaAtanJ9eDMfWU+j73ROrfy6p+aAndXE
+uai2ESwson7+5Rf8mLIfda30JFj9QE9RS04/yOGSG8W5s3pww+vpxX9A9MpTLiiX
+fErYCZT3yAvpRXbvEiNBL5m4TPGVzZPiV4MRfgm6ydxzsJVWR5WYcObPSbbykuMp
+ql9BDzWh/YSZqMV543CrPGJfr5DcSpQflMD9f+bha7z1dzk4Hcz+/Kl8XEW8Pc0/
+4yIn4K5tIOB0c5IEiQqK5+rDf+I2umzw5CL0odPrek4TPaahqOkJL4L/ZKmqBy8h
+G6ieS7qHi6MkTCMVYPREUy0qsS390GmRVwJtrZdV9ugjoyOfzjh4zh1GkCoyngeB
+5Q8+nr8GQYFUA0+rVau2E42bXnFDwC+SqGxisZFkj6uyA6QiAnwVqxmDXtgwaJXy
+6K9l2Ogr
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/wf/keys/04.pem b/WF/openvpn/wf/keys/04.pem
new file mode 100644
index 0000000..12f1ae1
--- /dev/null
+++ b/WF/openvpn/wf/keys/04.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:34:15 2018 GMT
+            Not After : May  5 09:34:15 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=kaya/name=VPN-WF-kaya/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d5:a0:20:75:b3:9e:3a:79:ea:09:e9:1d:07:b4:
+                    fc:72:2a:41:14:c1:bc:b2:44:9c:d3:7c:81:6e:fb:
+                    5c:8f:0a:af:56:75:43:6c:27:bb:34:6a:f6:9b:39:
+                    76:ff:f3:a9:87:1a:b0:a8:94:9f:18:3e:8f:b5:53:
+                    c7:f8:ff:c5:02:14:f5:0a:a5:72:7d:8c:1d:fb:f8:
+                    89:b4:f9:37:9b:04:89:65:86:c2:ba:e6:58:91:59:
+                    ec:8d:71:bc:aa:f3:58:60:f4:62:06:8b:26:dc:47:
+                    a3:94:fb:78:c2:13:4e:86:db:52:eb:1d:9d:dc:a9:
+                    07:8e:0d:40:56:0e:be:27:b2:96:fa:05:7b:76:8f:
+                    90:1c:56:3e:fa:23:3b:c6:0c:c8:98:64:2c:bb:cc:
+                    49:f4:c3:2a:66:6c:c7:e2:4b:51:5d:1d:eb:d7:10:
+                    b0:bf:17:90:a3:fa:59:ee:07:f5:48:0b:03:28:87:
+                    8e:08:34:b7:38:b9:da:92:5d:74:2e:c8:ef:50:53:
+                    18:e2:fb:05:a4:a8:30:a3:64:c7:0e:4a:23:35:44:
+                    86:1e:65:44:fb:7f:76:57:d2:88:a2:00:36:b4:bc:
+                    83:7a:f4:26:56:a8:be:ce:de:96:6f:3f:8e:3c:93:
+                    d2:11:cb:c0:4c:f1:30:53:9a:31:72:35:e9:13:79:
+                    61:d6:44:e7:58:09:59:94:8b:23:18:14:5f:88:42:
+                    64:3f:bf:f5:c7:b0:5e:52:07:7f:80:9d:e9:bf:47:
+                    5f:c1:0f:12:90:fa:a8:d7:7e:d7:db:c6:99:95:c5:
+                    a8:3f:18:96:9a:46:82:3d:e8:82:4a:40:a9:13:ab:
+                    2c:f2:82:37:39:09:05:89:52:c4:b7:a2:25:39:f6:
+                    ad:4c:21:6c:62:8e:43:7b:16:ba:91:a0:f0:20:27:
+                    98:48:5f:dc:e4:b4:26:c4:d0:92:b0:0c:17:b0:bc:
+                    6a:fb:e4:1f:88:5e:8f:1e:83:15:17:56:aa:db:62:
+                    37:8a:a9:58:13:cf:50:91:f0:3a:fc:19:7d:59:25:
+                    8a:c1:b9:59:26:22:d8:42:54:25:2b:a4:9f:51:2b:
+                    9b:01:69:36:d1:ef:b1:32:94:bd:85:a9:3a:00:2c:
+                    b3:c9:45:d5:29:fa:1b:db:df:1c:82:f2:49:53:88:
+                    f0:91:fc:28:12:fc:2f:ef:82:45:d0:bd:05:b0:8b:
+                    2a:16:8f:fd:5c:6f:77:7a:fd:ec:11:3c:f0:5b:b6:
+                    07:6e:f1:e2:ef:4e:36:4d:15:27:be:de:cd:56:85:
+                    38:9a:33:88:f5:39:0e:83:62:6f:86:42:2c:29:70:
+                    f7:b1:1e:1d:29:7a:32:da:e7:ef:98:52:11:b6:aa:
+                    fe:1c:2d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D4:84:86:AB:79:DB:B9:CE:97:11:0C:B7:E8:DE:E8:0B:0E:1B:AB:1D
+            X509v3 Authority Key Identifier: 
+                keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D8:4C:CB:28:B5:71:54:BB
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:kaya
+    Signature Algorithm: sha256WithRSAEncryption
+         5b:bb:c1:d3:04:da:d5:40:06:84:c3:f8:4e:69:7b:f1:fa:42:
+         ae:ac:3d:3b:dd:32:c1:7f:3c:11:03:f3:88:1d:0e:e3:9b:17:
+         99:3b:22:49:1b:8d:e2:20:5c:2e:d2:b7:ec:68:94:9c:a3:48:
+         1f:cd:b5:c6:58:56:a1:c6:54:26:de:b9:72:5e:73:ba:a5:01:
+         df:7c:7a:ba:da:f4:c1:66:0b:bc:4a:d0:e8:b3:82:3e:47:d2:
+         7f:49:0b:dc:f3:7f:16:4a:1e:00:71:99:de:c1:8d:ea:c0:db:
+         83:71:56:68:c5:7f:93:95:f2:70:9c:0e:41:ed:16:00:84:a1:
+         47:c4:a8:3b:61:a2:41:4e:f8:1d:7c:a2:aa:bc:71:52:94:80:
+         c6:7b:f3:c5:c9:5f:d1:01:58:8a:d9:9c:38:78:fb:fe:0a:8c:
+         2d:ea:1d:4d:a9:a9:53:06:2e:e0:69:09:ae:fe:98:73:c6:9a:
+         1d:3a:a5:40:b1:75:60:2c:81:c8:ed:b6:93:6b:5f:fd:00:e7:
+         fd:c5:3d:e7:02:ce:e3:3d:46:c2:c5:17:77:51:3c:af:ec:c5:
+         78:cf:b2:88:63:98:81:ed:b7:00:06:d8:5b:a7:e8:77:73:ff:
+         a5:ee:46:59:64:b1:fe:1e:28:41:8d:82:a3:df:36:98:fb:19:
+         14:c8:2e:f8:4b:63:b0:e1:12:1f:a3:3d:0b:3c:4a:ff:0f:13:
+         ed:5d:b5:29:4b:ca:f3:bb:bc:b5:3d:85:1f:ee:ce:ab:6d:0a:
+         20:7f:33:26:f7:70:79:44:2d:4d:cf:d6:72:37:c4:86:51:b8:
+         cf:70:be:88:1c:9a:1e:77:13:94:19:28:6f:9c:10:db:87:bd:
+         78:b4:7e:aa:3d:6c:6b:d2:40:84:e6:12:b4:9b:5f:be:6f:06:
+         c8:d5:cb:d2:7b:b0:82:97:51:e7:2f:71:44:09:f1:a3:ff:51:
+         54:e1:4e:19:cc:19:2a:7d:87:9d:22:81:f2:04:59:a4:dd:5d:
+         42:75:53:a2:d0:7e:b8:fe:45:c0:e5:40:5f:92:d1:69:77:19:
+         42:21:07:89:77:d4:2c:4d:33:29:f8:6d:f2:98:57:ea:e4:44:
+         db:16:13:63:6f:59:a3:aa:e9:65:8d:9d:67:4c:d0:08:8b:28:
+         d5:d8:52:a8:09:40:08:10:72:64:d7:8a:0f:8d:38:e5:28:dd:
+         8c:4e:71:68:dc:7c:61:63:cb:3e:cb:1f:31:0e:12:19:3a:1e:
+         2e:e6:4d:d1:9c:5c:e5:e2:e6:62:e9:98:1d:fe:6d:0d:d2:2e:
+         45:c6:13:fc:fc:cc:ae:22:71:9a:81:92:46:b2:31:43:45:50:
+         e8:27:8d:8e:f6:30:10:8d
+-----BEGIN CERTIFICATE-----
+MIIHHjCCBQagAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTM0MTVaFw0zODA1MDUwOTM0MTVaMIGfMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczENMAsGA1UEAxMEa2F5YTEUMBIG
+A1UEKRMLVlBOLVdGLWtheWExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1aAgdbOeOnnqCekdB7T8
+cipBFMG8skSc03yBbvtcjwqvVnVDbCe7NGr2mzl2//OphxqwqJSfGD6PtVPH+P/F
+AhT1CqVyfYwd+/iJtPk3mwSJZYbCuuZYkVnsjXG8qvNYYPRiBosm3EejlPt4whNO
+httS6x2d3KkHjg1AVg6+J7KW+gV7do+QHFY++iM7xgzImGQsu8xJ9MMqZmzH4ktR
+XR3r1xCwvxeQo/pZ7gf1SAsDKIeOCDS3OLnakl10LsjvUFMY4vsFpKgwo2THDkoj
+NUSGHmVE+392V9KIogA2tLyDevQmVqi+zt6Wbz+OPJPSEcvATPEwU5oxcjXpE3lh
+1kTnWAlZlIsjGBRfiEJkP7/1x7BeUgd/gJ3pv0dfwQ8SkPqo137X28aZlcWoPxiW
+mkaCPeiCSkCpE6ss8oI3OQkFiVLEt6IlOfatTCFsYo5Dexa6kaDwICeYSF/c5LQm
+xNCSsAwXsLxq++QfiF6PHoMVF1aq22I3iqlYE89QkfA6/Bl9WSWKwblZJiLYQlQl
+K6SfUSubAWk20e+xMpS9hak6ACyzyUXVKfob298cgvJJU4jwkfwoEvwv74JF0L0F
+sIsqFo/9XG93ev3sETzwW7YHbvHi7042TRUnvt7NVoU4mjOI9TkOg2JvhkIsKXD3
+sR4dKXoy2ufvmFIRtqr+HC0CAwEAAaOCAWQwggFgMAkGA1UdEwQCMAAwLQYJYIZI
+AYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQU1ISGq3nbuc6XEQy36N7oCw4bqx0wgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj
+5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBO
+ZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBX
+RjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzATBgNV
+HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEa2F5YTAN
+BgkqhkiG9w0BAQsFAAOCAgEAW7vB0wTa1UAGhMP4Tml78fpCrqw9O90ywX88EQPz
+iB0O45sXmTsiSRuN4iBcLtK37GiUnKNIH821xlhWocZUJt65cl5zuqUB33x6utr0
+wWYLvErQ6LOCPkfSf0kL3PN/FkoeAHGZ3sGN6sDbg3FWaMV/k5XycJwOQe0WAISh
+R8SoO2GiQU74HXyiqrxxUpSAxnvzxclf0QFYitmcOHj7/gqMLeodTampUwYu4GkJ
+rv6Yc8aaHTqlQLF1YCyByO22k2tf/QDn/cU95wLO4z1GwsUXd1E8r+zFeM+yiGOY
+ge23AAbYW6fod3P/pe5GWWSx/h4oQY2Co982mPsZFMgu+EtjsOESH6M9CzxK/w8T
+7V21KUvK87u8tT2FH+7Oq20KIH8zJvdweUQtTc/WcjfEhlG4z3C+iByaHncTlBko
+b5wQ24e9eLR+qj1sa9JAhOYStJtfvm8GyNXL0nuwgpdR5y9xRAnxo/9RVOFOGcwZ
+Kn2HnSKB8gRZpN1dQnVTotB+uP5FwOVAX5LRaXcZQiEHiXfULE0zKfht8phX6uRE
+2xYTY29Zo6rpZY2dZ0zQCIso1dhSqAlACBByZNeKD4045SjdjE5xaNx8YWPLPssf
+MQ4SGToeLuZN0Zxc5eLmYumYHf5tDdIuRcYT/PzMriJxmoGSRrIxQ0VQ6CeNjvYw
+EI0=
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/wf/keys/05.pem b/WF/openvpn/wf/keys/05.pem
new file mode 100644
index 0000000..1ca4486
--- /dev/null
+++ b/WF/openvpn/wf/keys/05.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:35:49 2018 GMT
+            Not After : May  5 09:35:49 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-mariette/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:e2:ae:d2:6e:42:a2:37:df:1b:cc:5e:a3:4e:0d:
+                    78:35:b5:63:6e:c4:db:86:61:75:0e:6c:e1:0d:fc:
+                    af:70:24:77:4e:9a:69:5a:11:85:f1:aa:3a:68:a8:
+                    d4:e4:e8:21:9f:66:a7:07:7b:aa:49:8e:7f:e0:7f:
+                    83:e1:ca:eb:0e:1e:0b:78:a3:d6:29:a2:55:d9:92:
+                    bb:92:00:08:ea:63:00:85:55:9d:3b:ba:15:91:4e:
+                    f4:89:07:11:65:6e:61:31:9e:9a:66:6d:6a:44:2d:
+                    53:c5:c1:51:b1:ac:87:22:40:e7:a1:78:cf:2d:9b:
+                    1e:61:86:00:5d:29:96:71:19:f3:49:e7:90:cf:e1:
+                    0f:49:e6:46:78:c3:01:f6:fb:12:e2:a1:5b:42:d4:
+                    e9:24:51:5a:1c:0c:de:80:74:e6:25:35:64:c5:85:
+                    44:d3:21:05:fe:34:c1:68:5d:ea:2d:37:78:5a:11:
+                    f0:cb:32:64:c5:99:36:bb:da:48:db:8f:26:45:72:
+                    ca:8f:ad:d4:a3:57:42:d9:28:78:50:a8:bb:cf:9b:
+                    a5:cf:c9:ea:09:aa:d6:86:71:c8:4b:b8:59:af:e0:
+                    6b:f0:d8:6a:00:de:ae:85:69:4a:2f:0b:54:02:88:
+                    02:30:7e:34:89:46:37:66:36:cb:df:ce:f2:54:3d:
+                    71:09:61:d6:0a:3f:76:09:74:d6:b7:6b:ed:9d:55:
+                    39:a4:4f:bc:d4:8b:ea:45:41:72:d6:0f:94:7c:7e:
+                    56:73:d5:6a:63:e9:35:55:ad:b2:d4:56:d1:1b:67:
+                    57:27:8e:b6:69:70:49:44:66:6e:6b:21:68:fa:65:
+                    c0:6a:8c:09:30:c0:f0:60:50:b6:fb:bb:be:28:57:
+                    82:25:03:86:5e:50:bd:cd:e3:a9:53:56:d2:3e:aa:
+                    e6:2d:49:19:23:85:4a:fa:c6:da:2e:e0:8b:8b:9e:
+                    ed:c3:21:c0:b0:7b:24:78:9e:f9:74:4e:70:2d:72:
+                    08:df:eb:57:50:7a:22:72:2d:ae:5d:50:1f:ac:74:
+                    71:5f:43:35:9c:5f:86:45:3d:d9:c5:db:b0:6a:95:
+                    ac:9a:94:fd:43:c0:0f:10:8d:1c:6c:dc:8a:25:5d:
+                    d4:bb:58:43:93:cc:f8:a2:53:e3:f2:56:7d:ab:2a:
+                    1f:29:12:32:d9:bf:11:96:62:e3:61:2f:31:aa:71:
+                    98:71:30:02:22:f2:37:9b:99:df:f9:5f:d1:de:a4:
+                    12:d5:2d:44:68:2f:a9:26:ce:6e:7e:41:b4:54:a5:
+                    b7:07:eb:70:45:63:99:23:99:f4:00:70:76:ea:69:
+                    65:e7:e3:a3:4d:99:f6:d2:45:0d:3e:6c:55:90:7b:
+                    1c:c4:55
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                C6:B8:F9:FF:AD:7A:32:1B:2E:14:10:DE:74:70:34:53:02:50:73:89
+            X509v3 Authority Key Identifier: 
+                keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D8:4C:CB:28:B5:71:54:BB
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:mariette
+    Signature Algorithm: sha256WithRSAEncryption
+         78:ad:ed:36:6f:8a:e6:0c:a8:d3:41:27:b7:ed:bc:95:6d:20:
+         83:dd:1a:b1:a6:c8:93:de:f7:37:8a:96:f5:c1:b4:7c:5d:92:
+         e7:8d:d4:1d:31:6e:20:99:87:89:41:5c:6e:97:e5:d4:c7:7d:
+         69:f8:b8:6e:0e:74:eb:06:d2:ac:b4:ad:9a:85:fa:ec:4a:45:
+         70:21:47:0e:ee:48:64:56:97:64:ad:3a:87:95:e0:1d:0a:53:
+         3e:4a:45:d0:8b:fa:11:a4:1d:ac:04:67:3a:53:8c:1c:87:73:
+         ea:aa:85:6d:a0:fd:11:aa:cb:95:97:8c:39:9c:9e:b5:0c:54:
+         2b:08:77:cb:df:2f:28:54:83:d0:ad:b5:3c:db:69:62:04:35:
+         aa:ea:de:ad:76:15:10:98:7e:8c:b4:ec:4a:de:90:ef:2a:84:
+         1a:a6:5f:fb:f9:21:72:10:c5:0a:4f:01:de:f6:be:58:ca:cd:
+         f3:36:5f:d7:83:2f:0b:ab:58:e2:fe:f8:09:08:e8:f1:ac:ee:
+         16:83:43:86:f6:bc:14:67:36:63:b8:a6:0e:51:26:1e:74:3b:
+         83:f3:bd:b4:5e:c4:a3:63:cd:3e:b8:63:7d:f1:41:ee:13:38:
+         b9:8f:f0:cb:a5:f5:ad:f1:39:88:a4:76:b9:08:4e:9b:63:fa:
+         f2:ab:47:6a:d7:51:3d:09:2f:d9:09:ee:24:c0:93:14:20:55:
+         11:8f:c6:3f:32:ab:87:87:b6:f8:a6:86:b7:0b:96:9e:97:77:
+         75:a6:91:40:67:ef:ab:8d:91:2b:0b:be:b3:e0:3b:f1:54:bf:
+         44:a0:12:8f:90:55:e2:cd:9c:2e:53:8e:68:4f:00:7f:34:d4:
+         1e:a6:d5:5c:68:3c:c0:9e:81:08:67:f1:bb:9e:71:4c:ed:c7:
+         3f:32:28:1f:19:c6:72:c1:72:da:f1:f2:dd:05:72:c9:34:df:
+         1d:27:6c:1c:f8:28:7f:af:91:9d:73:0f:6e:bf:ae:a1:48:a8:
+         88:61:3f:a7:7d:9f:92:6e:55:cc:77:21:3a:15:73:d2:37:36:
+         37:47:3e:44:80:ba:36:e8:61:3d:94:20:d9:bf:d0:64:28:b9:
+         f8:a0:a9:2e:88:e0:00:23:9a:21:b0:96:b7:1a:39:82:7c:38:
+         07:f1:46:2f:30:7c:72:4c:8a:49:26:58:af:7b:ff:46:cd:a4:
+         8d:19:57:fd:49:e5:a2:15:65:81:a7:27:3e:00:58:11:dc:19:
+         12:a9:dd:26:e8:9e:db:f4:b0:69:31:ec:9d:ec:ad:13:4c:6c:
+         96:67:0f:f1:90:5c:ab:ff:2d:bf:bb:f4:4e:32:8e:ca:f3:99:
+         db:16:67:0b:a4:12:a4:e8
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTM1NDlaFw0zODA1MDUwOTM1NDlaMIGlMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVdGLW1h
+cmlldHRlMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4q7SbkKiN98b
+zF6jTg14NbVjbsTbhmF1DmzhDfyvcCR3TpppWhGF8ao6aKjU5Oghn2anB3uqSY5/
+4H+D4crrDh4LeKPWKaJV2ZK7kgAI6mMAhVWdO7oVkU70iQcRZW5hMZ6aZm1qRC1T
+xcFRsayHIkDnoXjPLZseYYYAXSmWcRnzSeeQz+EPSeZGeMMB9vsS4qFbQtTpJFFa
+HAzegHTmJTVkxYVE0yEF/jTBaF3qLTd4WhHwyzJkxZk2u9pI248mRXLKj63Uo1dC
+2Sh4UKi7z5ulz8nqCarWhnHIS7hZr+Br8NhqAN6uhWlKLwtUAogCMH40iUY3ZjbL
+387yVD1xCWHWCj92CXTWt2vtnVU5pE+81IvqRUFy1g+UfH5Wc9VqY+k1Va2y1FbR
+G2dXJ462aXBJRGZuayFo+mXAaowJMMDwYFC2+7u+KFeCJQOGXlC9zeOpU1bSPqrm
+LUkZI4VK+sbaLuCLi57twyHAsHskeJ75dE5wLXII3+tXUHoici2uXVAfrHRxX0M1
+nF+GRT3ZxduwapWsmpT9Q8APEI0cbNyKJV3Uu1hDk8z4olPj8lZ9qyofKRIy2b8R
+lmLjYS8xqnGYcTACIvI3m5nf+V/R3qQS1S1EaC+pJs5ufkG0VKW3B+twRWOZI5n0
+AHB26mll5+OjTZn20kUNPmxVkHscxFUCAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
+LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUxrj5/616MhsuFBDedHA0UwJQc4kwgdEGA1UdIwSByTCBxoAUTz6I
+FOGhISjj5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkT
+BlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFU
+uzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
+bWFyaWV0dGUwDQYJKoZIhvcNAQELBQADggIBAHit7TZviuYMqNNBJ7ftvJVtIIPd
+GrGmyJPe9zeKlvXBtHxdkueN1B0xbiCZh4lBXG6X5dTHfWn4uG4OdOsG0qy0rZqF
++uxKRXAhRw7uSGRWl2StOoeV4B0KUz5KRdCL+hGkHawEZzpTjByHc+qqhW2g/RGq
+y5WXjDmcnrUMVCsId8vfLyhUg9CttTzbaWIENarq3q12FRCYfoy07ErekO8qhBqm
+X/v5IXIQxQpPAd72vljKzfM2X9eDLwurWOL++AkI6PGs7haDQ4b2vBRnNmO4pg5R
+Jh50O4PzvbRexKNjzT64Y33xQe4TOLmP8Mul9a3xOYikdrkITptj+vKrR2rXUT0J
+L9kJ7iTAkxQgVRGPxj8yq4eHtvimhrcLlp6Xd3WmkUBn76uNkSsLvrPgO/FUv0Sg
+Eo+QVeLNnC5TjmhPAH801B6m1VxoPMCegQhn8buecUztxz8yKB8ZxnLBctrx8t0F
+csk03x0nbBz4KH+vkZ1zD26/rqFIqIhhP6d9n5JuVcx3IToVc9I3NjdHPkSAujbo
+YT2UINm/0GQoufigqS6I4AAjmiGwlrcaOYJ8OAfxRi8wfHJMikkmWK97/0bNpI0Z
+V/1J5aIVZYGnJz4AWBHcGRKp3Sbontv0sGkx7J3srRNMbJZnD/GQXKv/Lb+79E4y
+jsrzmdsWZwukEqTo
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/wf/keys/06.pem b/WF/openvpn/wf/keys/06.pem
new file mode 100644
index 0000000..4c8a551
--- /dev/null
+++ b/WF/openvpn/wf/keys/06.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:36:58 2018 GMT
+            Not After : May  5 09:36:58 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-lalix/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d2:c2:53:a6:06:a2:bb:cc:fa:67:bc:12:93:8d:
+                    73:5d:9a:18:c6:a2:5e:4c:82:5d:85:75:61:87:c4:
+                    7e:8b:e7:bc:e2:7a:6c:fc:67:44:d5:6d:a8:94:bc:
+                    2d:a9:6a:76:b1:8a:e6:f4:bf:d5:ce:43:67:fd:46:
+                    d8:51:1d:76:8e:44:46:48:c0:b2:e8:2c:0b:bd:d4:
+                    89:86:d5:c1:ae:65:f4:19:25:d4:95:24:34:3b:8e:
+                    f4:50:0a:e0:6e:93:e4:2b:bb:16:5c:3c:24:2e:47:
+                    7b:66:5a:a5:2d:3c:c5:af:5d:0b:5a:52:9e:0a:4e:
+                    87:21:ba:b1:7c:ac:b1:b2:0c:b2:8c:5b:cc:5f:97:
+                    8a:48:66:01:6a:5a:33:89:9c:32:93:a3:b6:bb:e2:
+                    d7:f8:2e:c5:93:16:0f:d4:87:91:98:0d:27:b4:e8:
+                    aa:66:8c:95:ef:2f:99:db:89:6c:b8:33:8f:a4:ad:
+                    b3:52:89:fb:b1:1d:20:5a:0a:da:c2:5d:b8:68:91:
+                    e0:3c:96:08:d7:69:74:a9:3d:aa:44:91:eb:a4:6d:
+                    15:8a:86:ae:8d:47:b6:a7:8e:cf:6b:eb:a5:0b:2e:
+                    0c:cf:ab:9d:2a:aa:28:53:22:d2:91:1b:e7:54:72:
+                    6d:6d:e5:85:06:d8:05:ee:de:33:be:49:9e:1d:59:
+                    bc:ae:7a:a0:0b:4c:21:a7:3a:15:72:74:a0:5f:b5:
+                    6b:1a:15:9c:0f:79:48:99:3d:30:39:02:bd:e1:95:
+                    20:5c:1f:67:4a:0b:2f:5b:d6:d1:a4:01:32:5b:67:
+                    18:b2:01:fa:43:5e:ea:d4:b9:fa:50:9d:f5:8d:16:
+                    57:55:e7:f2:cd:70:f5:c8:ee:47:45:59:bb:c9:48:
+                    5b:5c:4f:02:2c:99:48:61:f5:73:e9:6d:f2:06:94:
+                    b4:9b:52:38:01:ba:bc:50:a4:90:0c:48:6e:60:1d:
+                    1e:2b:d3:47:9d:be:a7:a4:ab:af:7e:88:96:fe:c3:
+                    2d:29:76:cd:7d:c0:eb:ff:0c:3a:ad:76:c8:d2:c2:
+                    e5:61:6d:82:0c:dc:d1:51:92:46:c0:d3:b9:5b:32:
+                    4a:74:89:d0:04:8b:3f:d5:8e:30:68:81:35:7c:cf:
+                    2b:79:30:2c:a8:57:a1:fd:d8:09:84:70:43:b2:4a:
+                    ed:d5:8a:16:5a:de:71:c3:81:9a:c8:58:b4:5a:01:
+                    fd:90:88:50:ec:2d:56:d2:39:89:6f:fd:24:00:ae:
+                    e1:f4:66:b4:73:d9:37:16:b8:0d:ff:ad:59:12:44:
+                    28:d9:e2:16:bd:86:8c:af:79:06:da:b0:dd:c2:e9:
+                    13:55:33:82:a3:b1:34:21:f8:6e:8f:fd:00:70:8b:
+                    f3:c5:33
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D7:D1:D6:0A:75:85:6F:9D:A8:8C:6A:7D:98:0C:24:11:C7:51:91:19
+            X509v3 Authority Key Identifier: 
+                keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D8:4C:CB:28:B5:71:54:BB
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:lalix
+    Signature Algorithm: sha256WithRSAEncryption
+         14:d5:67:b7:76:41:bc:d4:b1:a9:11:1c:9c:c1:1e:20:28:db:
+         9d:2c:21:67:5e:b7:e0:f4:a2:47:8a:6c:da:bd:a5:d4:fb:f0:
+         84:bb:0b:05:95:08:ba:64:76:f0:d8:ac:95:5e:85:45:15:b8:
+         c0:0a:a1:e7:5f:21:36:f7:98:43:f6:dc:ef:d4:91:5e:19:ca:
+         33:e9:bc:12:77:78:76:27:d0:f1:95:02:6c:09:2c:86:ae:5d:
+         0d:50:18:71:54:31:df:35:6b:c3:3c:81:5e:3d:e6:55:41:3f:
+         89:ce:9c:26:fa:ba:1e:b0:68:6e:d6:d8:51:f6:ee:b2:3d:2e:
+         ab:0d:0d:e8:44:37:45:d8:0f:ab:42:2b:98:79:62:79:bb:34:
+         f1:6a:fd:1c:56:d6:77:f2:6f:00:04:c3:5d:b9:4c:89:55:97:
+         3d:c2:f2:68:4f:b2:56:45:52:2b:1d:0d:38:d2:ba:14:e6:06:
+         68:0d:c2:b2:89:c9:5c:87:07:d3:87:a1:fa:12:ab:29:24:7f:
+         f2:a5:01:17:c0:1c:d1:7d:84:b8:07:07:56:18:c2:3e:9b:3b:
+         f0:17:58:da:24:23:3a:12:6b:d7:a3:12:be:38:36:1b:70:94:
+         36:21:68:68:53:67:ac:c9:af:f7:14:42:6c:ed:e7:e8:3b:d1:
+         ea:34:cf:62:f6:19:96:83:8f:70:e8:7c:f8:a1:ac:f2:d8:d5:
+         0d:59:fa:f4:e7:b9:35:28:30:93:9e:ea:e1:8a:4b:c5:ad:4b:
+         9e:c9:fc:eb:60:11:cb:9b:33:2c:20:1b:59:95:e5:eb:e1:ff:
+         17:d2:1b:28:82:5b:a8:4e:47:14:b8:7a:48:3e:84:60:fd:dd:
+         c2:1c:11:c1:48:4c:a5:74:81:7e:e2:1f:ec:20:f3:38:a1:cd:
+         a1:b2:3a:c0:5a:8b:90:cc:bb:47:55:ac:b1:4e:0f:1e:f0:94:
+         c6:28:86:e6:d6:06:49:d3:47:bc:dc:74:cf:45:d7:1b:12:7d:
+         b5:e2:08:97:22:d2:75:71:c9:fc:fc:ec:18:76:60:be:d9:d2:
+         88:fc:89:3e:0d:a7:0e:ad:e6:3a:e8:f3:11:1a:7b:af:a5:63:
+         1c:07:91:7f:dc:55:bf:8d:b8:e0:3c:ef:c3:3a:7b:dd:97:ca:
+         2a:0f:af:ff:e5:f8:cb:ea:a4:fd:0e:7b:ae:92:67:7c:fd:4c:
+         e0:cd:2c:f4:31:7b:35:5d:42:92:36:ed:8a:a2:a0:8f:61:c7:
+         ab:88:9e:ee:a8:9e:86:91:c4:5a:9b:e2:3b:94:eb:0d:84:5e:
+         8b:ff:aa:28:48:c4:ec:27:18:af:b4:d2:0f:34:50:b0:44:b7:
+         cf:a3:e7:3c:e0:14:cb:16
+-----BEGIN CERTIFICATE-----
+MIIHIjCCBQqgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTM2NThaFw0zODA1MDUwOTM2NThaMIGiMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLVdGLWxh
+bGl4MQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0sJTpgaiu8z6Z7wS
+k41zXZoYxqJeTIJdhXVhh8R+i+e84nps/GdE1W2olLwtqWp2sYrm9L/VzkNn/UbY
+UR12jkRGSMCy6CwLvdSJhtXBrmX0GSXUlSQ0O470UArgbpPkK7sWXDwkLkd7Zlql
+LTzFr10LWlKeCk6HIbqxfKyxsgyyjFvMX5eKSGYBaloziZwyk6O2u+LX+C7FkxYP
+1IeRmA0ntOiqZoyV7y+Z24lsuDOPpK2zUon7sR0gWgrawl24aJHgPJYI12l0qT2q
+RJHrpG0VioaujUe2p47Pa+ulCy4Mz6udKqooUyLSkRvnVHJtbeWFBtgF7t4zvkme
+HVm8rnqgC0whpzoVcnSgX7VrGhWcD3lImT0wOQK94ZUgXB9nSgsvW9bRpAEyW2cY
+sgH6Q17q1Ln6UJ31jRZXVefyzXD1yO5HRVm7yUhbXE8CLJlIYfVz6W3yBpS0m1I4
+Abq8UKSQDEhuYB0eK9NHnb6npKuvfoiW/sMtKXbNfcDr/ww6rXbI0sLlYW2CDNzR
+UZJGwNO5WzJKdInQBIs/1Y4waIE1fM8reTAsqFeh/dgJhHBDskrt1YoWWt5xw4Ga
+yFi0WgH9kIhQ7C1W0jmJb/0kAK7h9Ga0c9k3FrgN/61ZEkQo2eIWvYaMr3kG2rDd
+wukTVTOCo7E0Ifhuj/0AcIvzxTMCAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
+YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQU19HWCnWFb52ojGp9mAwkEcdRkRkwgdEGA1UdIwSByTCBxoAUTz6IFOGh
+ISjj5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQ
+TiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAT
+BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFbGFs
+aXgwDQYJKoZIhvcNAQELBQADggIBABTVZ7d2QbzUsakRHJzBHiAo250sIWdet+D0
+okeKbNq9pdT78IS7CwWVCLpkdvDYrJVehUUVuMAKoedfITb3mEP23O/UkV4ZyjPp
+vBJ3eHYn0PGVAmwJLIauXQ1QGHFUMd81a8M8gV495lVBP4nOnCb6uh6waG7W2FH2
+7rI9LqsNDehEN0XYD6tCK5h5Ynm7NPFq/RxW1nfybwAEw125TIlVlz3C8mhPslZF
+UisdDTjSuhTmBmgNwrKJyVyHB9OHofoSqykkf/KlARfAHNF9hLgHB1YYwj6bO/AX
+WNokIzoSa9ejEr44NhtwlDYhaGhTZ6zJr/cUQmzt5+g70eo0z2L2GZaDj3DofPih
+rPLY1Q1Z+vTnuTUoMJOe6uGKS8WtS57J/OtgEcubMywgG1mV5evh/xfSGyiCW6hO
+RxS4ekg+hGD93cIcEcFITKV0gX7iH+wg8zihzaGyOsBai5DMu0dVrLFODx7wlMYo
+hubWBknTR7zcdM9F1xsSfbXiCJci0nVxyfz87Bh2YL7Z0oj8iT4Npw6t5jro8xEa
+e6+lYxwHkX/cVb+NuOA878M6e92XyioPr//l+MvqpP0Oe66SZ3z9TODNLPQxezVd
+QpI27YqioI9hx6uInu6onoaRxFqb4juU6w2EXov/qihIxOwnGK+00g80ULBEt8+j
+5zzgFMsW
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/wf/keys/07.pem b/WF/openvpn/wf/keys/07.pem
new file mode 100644
index 0000000..77f044b
--- /dev/null
+++ b/WF/openvpn/wf/keys/07.pem
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 7 (0x7)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:38:05 2018 GMT
+            Not After : May  5 09:38:05 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-christian/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:ca:e3:4a:25:87:c5:ee:b6:45:bf:ad:2e:0b:ec:
+                    e0:c0:87:c1:28:38:41:ac:a1:95:c5:6f:ea:ef:7d:
+                    4d:d4:e3:3c:d2:89:ad:f8:30:0f:70:ed:0f:13:d3:
+                    2b:28:63:4a:15:c4:79:b4:db:77:b8:49:4e:e1:e6:
+                    29:60:95:b3:7e:c1:8f:c7:c2:b9:2c:79:e3:cb:73:
+                    f0:e5:34:93:38:72:59:73:3d:df:ee:87:6f:0c:0b:
+                    c8:26:d6:3b:63:a6:c1:66:2f:4c:a6:83:f6:59:e0:
+                    36:af:17:75:cc:14:16:94:ef:c2:d6:61:fe:4a:f2:
+                    2f:7b:2c:72:48:ca:4e:2e:e6:c0:73:97:10:e0:05:
+                    17:1f:a0:6c:d1:94:67:b0:09:f2:92:0d:ca:61:60:
+                    91:e6:c2:d0:e3:0a:24:2a:fb:ed:89:18:38:9c:8e:
+                    f4:ac:9b:d0:06:89:d2:7e:88:a6:39:71:4b:9b:64:
+                    7b:53:ac:ee:11:7f:31:22:05:cb:3d:72:40:2d:1a:
+                    66:8d:1b:f8:ce:94:20:c5:c0:6c:c5:64:ac:29:83:
+                    e5:99:10:6e:a7:c0:d5:cf:a9:41:52:ce:c6:de:e0:
+                    49:7f:a0:8f:7c:01:99:27:30:8a:23:0b:a4:5a:34:
+                    30:8c:61:91:4a:ec:75:f6:bf:79:1f:38:ff:d1:8b:
+                    d7:ed:73:52:07:c7:37:97:1f:ce:29:09:0c:a7:4b:
+                    f3:14:c8:3f:15:33:85:d4:65:eb:71:e6:af:f1:17:
+                    71:97:50:eb:14:1d:96:0b:c8:25:82:15:e9:fc:2e:
+                    3e:53:5b:ba:7a:0b:35:ec:d6:a5:a3:70:dc:a0:af:
+                    0f:dc:08:ff:41:70:97:16:76:6f:13:bf:ef:04:12:
+                    2c:c0:ab:22:ad:b5:56:37:11:fe:28:32:d8:6a:b0:
+                    d1:09:ef:2d:8b:00:c2:b6:b6:41:bc:4b:60:1c:3e:
+                    64:96:04:9e:84:5e:fc:aa:9d:0e:8d:a6:a5:af:6e:
+                    2a:b8:3f:07:15:65:0a:8c:3d:1a:3d:0a:58:3c:05:
+                    cb:7c:33:50:df:db:63:33:6a:0a:61:5a:a8:0d:99:
+                    12:b8:c7:2c:a8:53:08:77:c0:d6:a9:de:93:2c:e7:
+                    52:e8:38:93:e4:2e:1d:06:ba:ee:71:41:49:b7:ae:
+                    8f:ce:08:d7:6f:2a:43:1c:66:ed:96:16:69:34:7e:
+                    64:43:f4:19:0d:ba:e6:e5:73:35:19:3d:d1:e8:14:
+                    d8:f9:f6:38:6d:53:27:6d:66:1f:88:7d:f3:62:97:
+                    a2:00:f5:85:d3:d4:92:bd:4d:14:69:ce:f5:6b:aa:
+                    d0:31:d3:a6:64:d1:21:53:a0:a5:9e:a3:3d:e0:d9:
+                    45:9b:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                69:0D:79:49:09:F5:95:C5:71:22:E9:B7:FD:59:A7:5A:0E:F5:DF:1C
+            X509v3 Authority Key Identifier: 
+                keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D8:4C:CB:28:B5:71:54:BB
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:christian
+    Signature Algorithm: sha256WithRSAEncryption
+         ab:2f:a1:72:76:e2:a3:23:77:08:85:70:89:93:94:1b:b2:1a:
+         fb:26:be:11:6a:3b:1c:30:8f:d3:16:14:9b:b3:13:a1:f1:45:
+         ea:e3:99:ae:a9:6e:38:e6:2e:0c:01:66:c8:d3:e0:fb:b6:40:
+         e5:ee:1c:ef:f1:87:6c:7b:0c:bd:07:fe:08:6d:52:c0:cb:28:
+         e7:ff:a7:9a:36:db:25:a8:02:35:e1:e5:e3:70:4c:d2:4c:12:
+         2c:d7:99:c0:15:a3:43:5d:8a:d4:12:2e:e3:99:cc:6e:e0:5a:
+         07:7a:e5:43:de:a3:17:03:15:15:6f:47:4d:1a:1b:3b:47:9b:
+         a8:35:6d:fb:0b:1a:d6:2b:df:3c:2a:5d:62:64:b4:45:41:31:
+         5f:4f:ee:2e:d5:32:fe:62:9c:b6:1e:92:9b:b8:6d:4d:fd:cb:
+         57:cf:62:da:a8:b6:49:ba:52:58:e8:4f:c5:47:83:18:bc:79:
+         64:f3:9f:3c:63:f4:9b:32:48:09:e8:9d:9d:2e:28:b8:40:76:
+         72:85:41:92:a9:07:1a:1e:42:59:bf:be:f6:a2:a9:a2:d2:44:
+         8e:1c:f2:00:df:b0:29:d5:04:bb:ba:b7:e2:b7:c2:31:bc:a3:
+         97:8e:40:ff:ae:2d:df:49:60:9f:ca:9a:5c:dd:03:5f:26:31:
+         94:bf:ea:7e:a5:fd:14:9d:3f:5b:16:30:73:8e:c1:55:46:dc:
+         bb:e1:a4:99:b8:6d:2f:7f:ab:40:ce:95:bd:05:72:0b:19:f0:
+         7a:3b:0a:e3:c3:cd:ba:dc:fb:85:3d:9e:33:ad:63:ab:bb:85:
+         78:73:55:80:74:dc:72:f9:f3:05:43:9d:e5:2d:95:49:54:aa:
+         96:af:ee:98:b6:cc:b0:8b:b3:37:1d:f1:87:7f:9f:9b:32:20:
+         1f:1c:11:41:5a:ea:25:60:c6:32:31:78:fc:a1:59:df:b1:94:
+         02:95:b6:1a:d3:f0:cb:95:7a:2d:26:48:d3:2d:7c:44:f7:cd:
+         6a:cc:c7:27:c5:33:16:8e:3d:d0:be:87:a2:b9:e9:74:12:fa:
+         d4:41:cd:6a:c0:25:3d:23:00:bc:ce:4b:ef:f8:05:37:cc:80:
+         2b:58:fc:ec:7b:23:b5:f9:bc:77:63:be:94:9d:3c:b8:c6:d6:
+         53:09:22:da:09:ad:05:a0:68:8d:93:3f:5c:eb:3d:ca:95:5d:
+         96:60:28:f0:b6:5f:16:27:c6:bf:f1:90:1c:b8:31:16:9d:5e:
+         b4:17:d2:d2:62:6b:88:60:9c:14:80:26:b9:8a:5b:1b:4d:83:
+         9c:9d:17:47:70:7a:c5:b9:17:22:a7:72:bd:c5:69:c3:13:c7:
+         dc:34:3b:a0:cf:b7:68:ba
+-----BEGIN CERTIFICATE-----
+MIIHKjCCBRKgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTM4MDVaFw0zODA1MDUwOTM4MDVaMIGmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQVlBOLVdGLWNo
+cmlzdGlhbjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMrjSiWHxe62
+Rb+tLgvs4MCHwSg4QayhlcVv6u99TdTjPNKJrfgwD3DtDxPTKyhjShXEebTbd7hJ
+TuHmKWCVs37Bj8fCuSx548tz8OU0kzhyWXM93+6HbwwLyCbWO2OmwWYvTKaD9lng
+Nq8XdcwUFpTvwtZh/kryL3ssckjKTi7mwHOXEOAFFx+gbNGUZ7AJ8pINymFgkebC
+0OMKJCr77YkYOJyO9Kyb0AaJ0n6IpjlxS5tke1Os7hF/MSIFyz1yQC0aZo0b+M6U
+IMXAbMVkrCmD5ZkQbqfA1c+pQVLOxt7gSX+gj3wBmScwiiMLpFo0MIxhkUrsdfa/
+eR84/9GL1+1zUgfHN5cfzikJDKdL8xTIPxUzhdRl63Hmr/EXcZdQ6xQdlgvIJYIV
+6fwuPlNbunoLNezWpaNw3KCvD9wI/0FwlxZ2bxO/7wQSLMCrIq21VjcR/igy2Gqw
+0QnvLYsAwra2QbxLYBw+ZJYEnoRe/KqdDo2mpa9uKrg/BxVlCow9Gj0KWDwFy3wz
+UN/bYzNqCmFaqA2ZErjHLKhTCHfA1qnekyznUug4k+QuHQa67nFBSbeuj84I128q
+Qxxm7ZYWaTR+ZEP0GQ265uVzNRk90egU2Pn2OG1TJ21mH4h982KXogD1hdPUkr1N
+FGnO9Wuq0DHTpmTRIVOgpZ6jPeDZRZvhAgMBAAGjggFpMIIBZTAJBgNVHRMEAjAA
+MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFGkNeUkJ9ZXFcSLpt/1Zp1oO9d8cMIHRBgNVHSMEgckwgcaAFE8+
+iBThoSEo4+Zbc2vcD5fZYPXxoYGipIGfMIGcMQswCQYDVQQGEwJERTEPMA0GA1UE
+CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcG
+A1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMGVlBOLVdGMQ8wDQYDVQQp
+EwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA2EzLKLVx
+VLswEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBQGA1UdEQQNMAuC
+CWNocmlzdGlhbjANBgkqhkiG9w0BAQsFAAOCAgEAqy+hcnbioyN3CIVwiZOUG7Ia
++ya+EWo7HDCP0xYUm7MTofFF6uOZrqluOOYuDAFmyNPg+7ZA5e4c7/GHbHsMvQf+
+CG1SwMso5/+nmjbbJagCNeHl43BM0kwSLNeZwBWjQ12K1BIu45nMbuBaB3rlQ96j
+FwMVFW9HTRobO0ebqDVt+wsa1ivfPCpdYmS0RUExX0/uLtUy/mKcth6Sm7htTf3L
+V89i2qi2SbpSWOhPxUeDGLx5ZPOfPGP0mzJICeidnS4ouEB2coVBkqkHGh5CWb++
+9qKpotJEjhzyAN+wKdUEu7q34rfCMbyjl45A/64t30lgn8qaXN0DXyYxlL/qfqX9
+FJ0/WxYwc47BVUbcu+GkmbhtL3+rQM6VvQVyCxnwejsK48PNutz7hT2eM61jq7uF
+eHNVgHTccvnzBUOd5S2VSVSqlq/umLbMsIuzNx3xh3+fmzIgHxwRQVrqJWDGMjF4
+/KFZ37GUApW2GtPwy5V6LSZI0y18RPfNaszHJ8UzFo490L6HornpdBL61EHNasAl
+PSMAvM5L7/gFN8yAK1j87Hsjtfm8d2O+lJ08uMbWUwki2gmtBaBojZM/XOs9ypVd
+lmAo8LZfFifGv/GQHLgxFp1etBfS0mJriGCcFIAmuYpbG02DnJ0XR3B6xbkXIqdy
+vcVpwxPH3DQ7oM+3aLo=
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/wf/keys/axel.crt b/WF/openvpn/wf/keys/axel.crt
new file mode 100644
index 0000000..b3a86bc
--- /dev/null
+++ b/WF/openvpn/wf/keys/axel.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:30:46 2018 GMT
+            Not After : May  5 09:30:46 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-axel/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:c0:d1:e2:70:f3:fc:1f:c6:5a:55:25:e5:94:e1:
+                    c6:3e:15:57:d2:b9:9f:2e:7e:1e:1a:63:f2:96:cd:
+                    a4:4b:7f:1b:f7:90:f6:bf:cb:ce:04:6f:68:50:52:
+                    6a:37:b2:a4:b3:fd:3c:88:c7:f0:9b:fe:4c:5d:ae:
+                    2d:9a:3c:96:37:01:af:3b:ac:ad:44:51:93:20:ee:
+                    d4:85:99:22:d1:c5:6d:7a:83:d0:e6:29:e5:c9:6c:
+                    b1:73:90:58:40:21:7e:f1:bc:7a:08:94:c7:47:96:
+                    b3:82:dc:13:b1:e8:e5:87:4e:8c:21:2c:7f:37:5c:
+                    2a:0a:ea:1d:a0:17:bb:3b:fb:e7:0a:12:1c:ee:01:
+                    f3:de:4a:47:fd:b9:f9:77:ee:87:84:c9:d5:33:ee:
+                    b9:57:d7:12:b0:4d:bf:fa:16:f1:82:18:2d:b2:c8:
+                    96:7f:fe:08:20:96:65:d9:77:92:e7:0f:5f:fc:a2:
+                    3a:b6:ae:59:d6:13:bc:bf:d1:a3:5a:14:74:ed:f4:
+                    e3:6b:a7:c9:0e:6b:b5:c7:5f:d8:b6:ef:5e:e9:0e:
+                    68:4a:7d:2e:e2:1a:13:b9:f9:e0:dc:b3:43:19:09:
+                    42:4d:09:e0:45:d1:8f:36:40:5d:f0:6b:c9:2c:26:
+                    17:17:c6:5b:25:fa:a8:30:1f:62:57:e9:0f:09:aa:
+                    5f:80:8e:76:8c:c1:e9:8f:59:62:47:35:b3:0b:6d:
+                    c1:3b:54:19:23:b7:11:63:74:ed:ee:aa:bf:a0:b9:
+                    51:31:63:64:e9:06:b1:10:65:14:db:41:cc:52:11:
+                    d9:bb:ae:de:75:70:80:13:f5:6c:ec:2d:2d:d5:b5:
+                    b1:0b:dd:2f:6b:12:c0:1c:2c:9c:92:e5:a9:88:19:
+                    d5:90:f2:90:08:da:a0:bc:95:40:7f:10:cb:89:ac:
+                    03:f1:80:98:ca:df:10:7a:72:a8:54:80:33:ba:f6:
+                    e5:23:f4:6d:d6:11:75:61:dd:87:0e:f4:e1:e4:2a:
+                    b7:6e:7b:6a:fa:73:3a:97:23:05:78:9f:53:05:7e:
+                    5d:ce:95:27:f6:ea:37:19:b2:d6:ed:83:9e:c0:85:
+                    b8:16:7a:b3:57:09:f4:94:8b:80:54:98:06:d1:2c:
+                    cd:2f:2b:c3:bf:88:b5:a2:cd:c6:f3:b4:04:4b:bd:
+                    08:6a:78:04:d8:8b:16:84:5b:a5:37:0c:2e:3b:1e:
+                    0b:14:63:35:45:67:2a:a2:26:1f:38:41:53:e8:83:
+                    48:0c:60:a0:25:d6:7e:3a:9e:68:76:9d:ca:f0:27:
+                    44:45:6d:9f:ad:fb:19:2e:bc:8b:2b:63:76:78:63:
+                    d7:8b:0a:2c:76:b8:48:8c:eb:87:a9:1d:82:af:73:
+                    80:25:cf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                CE:C5:B3:DC:D8:6F:8F:EA:09:99:B9:41:64:B7:22:D5:BC:F9:A6:98
+            X509v3 Authority Key Identifier: 
+                keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D8:4C:CB:28:B5:71:54:BB
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:axel
+    Signature Algorithm: sha256WithRSAEncryption
+         5d:62:04:7e:b8:0d:61:4f:fb:56:57:3f:4d:a9:f8:6f:68:a5:
+         ab:92:1c:b2:04:32:5f:a4:02:2e:3a:1d:d8:59:28:2f:8c:1b:
+         9c:33:a3:c3:17:a8:5f:52:df:0c:d2:2a:52:6c:08:47:5f:12:
+         ca:50:9e:cb:4d:b2:48:4a:67:26:9f:a0:79:39:41:be:a1:2e:
+         f1:51:82:81:90:bd:34:54:9b:9f:7a:56:59:74:e6:74:b0:e9:
+         cf:5a:52:85:df:db:66:76:14:03:ae:0a:fd:3c:6d:2a:e5:f4:
+         76:b5:2c:32:69:11:d7:94:0b:40:05:2f:da:bd:01:04:d3:9d:
+         3a:d1:93:bc:26:05:f1:17:99:b9:db:52:93:10:b6:da:d0:21:
+         53:7b:e4:86:12:fd:67:bf:87:7d:cf:cd:75:80:2d:74:e9:9e:
+         c8:76:df:23:3c:37:cb:c0:90:41:ea:f7:38:23:d6:5f:54:55:
+         b2:27:31:4e:d3:54:2c:51:a9:7f:17:30:c7:21:19:37:1d:1d:
+         75:f3:a4:73:cb:79:d1:be:b4:6f:12:da:f0:be:51:c6:db:2f:
+         4e:b4:46:6c:5a:b5:c5:0d:c7:44:00:ee:cc:96:79:a9:45:ee:
+         cd:dc:69:71:61:c0:a5:46:05:24:e9:85:86:ce:4d:3e:3a:a5:
+         bb:7c:ef:2e:0a:5a:9f:b2:1f:38:4b:b0:67:f5:8f:78:6e:71:
+         86:43:9e:a7:71:85:6e:e2:19:b4:5c:18:63:49:6b:0a:da:54:
+         29:4d:18:05:80:f9:08:87:e6:c4:6a:01:b0:c3:7a:d2:ee:cf:
+         93:b9:43:bc:2f:0b:1f:8b:61:e5:64:08:c4:45:5c:5b:52:be:
+         1f:51:56:a7:b4:15:c4:88:6a:cf:d0:3a:fa:34:03:e8:bb:8a:
+         e5:49:bb:60:1d:b7:fd:e3:d3:bf:0c:7c:28:15:26:de:f8:5b:
+         2a:9c:88:35:80:a6:5b:a2:55:ad:bf:69:56:f8:e9:7e:a8:4c:
+         0a:99:44:48:d5:90:8a:41:3f:d1:ca:c1:c4:18:c6:96:e1:f0:
+         72:cc:2c:35:8e:63:78:1b:00:f6:1d:6b:a1:db:cf:f5:b6:e5:
+         94:27:e9:02:bd:35:2a:01:81:85:7a:01:2a:88:23:15:4e:3d:
+         5b:9a:31:fe:10:6a:1f:d1:29:0c:46:72:ed:25:73:61:2c:8c:
+         29:88:55:7e:44:e9:6f:d9:33:4a:47:48:a1:6e:17:8f:bd:12:
+         df:47:da:d6:3a:4a:7e:d5:43:7e:c6:01:5e:29:bc:44:14:9f:
+         0c:38:fa:86:0f:41:5d:5a:e9:27:83:12:7f:75:2f:e8:06:d6:
+         2a:f9:5d:0a:6c:fe:0f:cb
+-----BEGIN CERTIFICATE-----
+MIIHIDCCBQigAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTMwNDZaFw0zODA1MDUwOTMwNDZaMIGhMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEUMBIGA1UEAxMLVlBOLVdGLWF4
+ZWwxDzANBgNVBCkTBlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4u
+ZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDA0eJw8/wfxlpVJeWU
+4cY+FVfSuZ8ufh4aY/KWzaRLfxv3kPa/y84Eb2hQUmo3sqSz/TyIx/Cb/kxdri2a
+PJY3Aa87rK1EUZMg7tSFmSLRxW16g9DmKeXJbLFzkFhAIX7xvHoIlMdHlrOC3BOx
+6OWHTowhLH83XCoK6h2gF7s7++cKEhzuAfPeSkf9ufl37oeEydUz7rlX1xKwTb/6
+FvGCGC2yyJZ//ggglmXZd5LnD1/8ojq2rlnWE7y/0aNaFHTt9ONrp8kOa7XHX9i2
+717pDmhKfS7iGhO5+eDcs0MZCUJNCeBF0Y82QF3wa8ksJhcXxlsl+qgwH2JX6Q8J
+ql+AjnaMwemPWWJHNbMLbcE7VBkjtxFjdO3uqr+guVExY2TpBrEQZRTbQcxSEdm7
+rt51cIAT9WzsLS3VtbEL3S9rEsAcLJyS5amIGdWQ8pAI2qC8lUB/EMuJrAPxgJjK
+3xB6cqhUgDO69uUj9G3WEXVh3YcO9OHkKrdue2r6czqXIwV4n1MFfl3OlSf26jcZ
+stbtg57AhbgWerNXCfSUi4BUmAbRLM0vK8O/iLWizcbztARLvQhqeATYixaEW6U3
+DC47HgsUYzVFZyqiJh84QVPog0gMYKAl1n46nmh2ncrwJ0RFbZ+t+xkuvIsrY3Z4
+Y9eLCix2uEiM64epHYKvc4AlzwIDAQABo4IBZDCCAWAwCQYDVR0TBAIwADAtBglg
+hkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
+DgQWBBTOxbPc2G+P6gmZuUFktyLVvPmmmDCB0QYDVR0jBIHJMIHGgBRPPogU4aEh
+KOPmW3Nr3A+X2WD18aGBoqSBnzCBnDELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJl
+cmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9wZW4xGTAXBgNVBAsT
+EE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEPMA0GA1UEKRMGVlBO
+IFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZYIJANhMyyi1cVS7MBMG
+A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAPBgNVHREECDAGggRheGVs
+MA0GCSqGSIb3DQEBCwUAA4ICAQBdYgR+uA1hT/tWVz9NqfhvaKWrkhyyBDJfpAIu
+Oh3YWSgvjBucM6PDF6hfUt8M0ipSbAhHXxLKUJ7LTbJISmcmn6B5OUG+oS7xUYKB
+kL00VJufelZZdOZ0sOnPWlKF39tmdhQDrgr9PG0q5fR2tSwyaRHXlAtABS/avQEE
+05060ZO8JgXxF5m521KTELba0CFTe+SGEv1nv4d9z811gC106Z7Idt8jPDfLwJBB
+6vc4I9ZfVFWyJzFO01QsUal/FzDHIRk3HR1186Rzy3nRvrRvEtrwvlHG2y9OtEZs
+WrXFDcdEAO7MlnmpRe7N3GlxYcClRgUk6YWGzk0+OqW7fO8uClqfsh84S7Bn9Y94
+bnGGQ56ncYVu4hm0XBhjSWsK2lQpTRgFgPkIh+bEagGww3rS7s+TuUO8Lwsfi2Hl
+ZAjERVxbUr4fUVantBXEiGrP0Dr6NAPou4rlSbtgHbf949O/DHwoFSbe+FsqnIg1
+gKZbolWtv2lW+Ol+qEwKmURI1ZCKQT/RysHEGMaW4fByzCw1jmN4GwD2HWuh28/1
+tuWUJ+kCvTUqAYGFegEqiCMVTj1bmjH+EGof0SkMRnLtJXNhLIwpiFV+ROlv2TNK
+R0ihbhePvRLfR9rWOkp+1UN+xgFeKbxEFJ8MOPqGD0FdWukngxJ/dS/oBtYq+V0K
+bP4Pyw==
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/wf/keys/axel.csr b/WF/openvpn/wf/keys/axel.csr
new file mode 100644
index 0000000..b7d10ae
--- /dev/null
+++ b/WF/openvpn/wf/keys/axel.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE5zCCAs8CAQAwgaExCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRQwEgYDVQQDEwtWUE4tV0YtYXhlbDEPMA0GA1UEKRMGVlBOIFdG
+MR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEB
+BQADggIPADCCAgoCggIBAMDR4nDz/B/GWlUl5ZThxj4VV9K5ny5+Hhpj8pbNpEt/
+G/eQ9r/LzgRvaFBSajeypLP9PIjH8Jv+TF2uLZo8ljcBrzusrURRkyDu1IWZItHF
+bXqD0OYp5clssXOQWEAhfvG8egiUx0eWs4LcE7Ho5YdOjCEsfzdcKgrqHaAXuzv7
+5woSHO4B895KR/25+Xfuh4TJ1TPuuVfXErBNv/oW8YIYLbLIln/+CCCWZdl3kucP
+X/yiOrauWdYTvL/Ro1oUdO3042unyQ5rtcdf2LbvXukOaEp9LuIaE7n54NyzQxkJ
+Qk0J4EXRjzZAXfBrySwmFxfGWyX6qDAfYlfpDwmqX4COdozB6Y9ZYkc1swttwTtU
+GSO3EWN07e6qv6C5UTFjZOkGsRBlFNtBzFIR2buu3nVwgBP1bOwtLdW1sQvdL2sS
+wBwsnJLlqYgZ1ZDykAjaoLyVQH8Qy4msA/GAmMrfEHpyqFSAM7r25SP0bdYRdWHd
+hw704eQqt257avpzOpcjBXifUwV+Xc6VJ/bqNxmy1u2DnsCFuBZ6s1cJ9JSLgFSY
+BtEszS8rw7+ItaLNxvO0BEu9CGp4BNiLFoRbpTcMLjseCxRjNUVnKqImHzhBU+iD
+SAxgoCXWfjqeaHadyvAnREVtn637GS68iytjdnhj14sKLHa4SIzrh6kdgq9zgCXP
+AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEALOHNZO9R9IChEHhCzr5pkglnRjz2
+szfuv8D/kkZVQBSrEccgD0osp7eDzOpTCASP7sJJidlzeRfudUQ2Z7wrc8lIiaAt
+48g9PnGSb++G6b/63OtAtw2l42GaLU00Nxk4VCcjDEtyAqXN4ijLNiPA8XNJkGjF
+NA0+qMvC1LEqjqLs+DESO8b4BTXqxZHRc7Z22Nh1IcKBDFR/RnfhWgSsW3WQ5evD
+9pKOW/Pv0FjrjZqi1o5nKXW9wW0ff8NwG77yGD6dT9mNYKu5e9nwn8zc9MAkIU2X
+cBiR/jmm9qFaZWWRl0MghSMFqMjH6CQsRBgWmdI90Hg8DBA8NsAD1oS+65WBMSXv
+I2wqXkwAxscy+kwVaH7oFNJ0jSOadmww5OtHMOswrTFsyPl8bDX3IA/dXPfpHSyt
+DdvkCxRfarV55nfUZbx5QWYfmyrC37Wk/ccI3rLB2ezGC+ymeaRk+ZbClKcxtTiK
+YPdv5J8qkk+SINe5gDCQpTdvxFBOeaM1rWmMd5nLHvmzHOZHq9ntFmOPVs3PPSW9
+XeoguiLzZaUb7Du/k8wef6w+dN8J+RmbLdfDIPtsHYugxiLQmG0R2wumi8QENTcf
+TWMV0UKu4B/KntaTV2lhL+bMXXmzhBYMQQRW13XvYBlPggRYmHQfofy2/OYfX6Df
+nfS+T45TdmNzkKg=
+-----END CERTIFICATE REQUEST-----
diff --git a/WF/openvpn/wf/keys/axel.key b/WF/openvpn/wf/keys/axel.key
new file mode 100644
index 0000000..7b6d0e6
--- /dev/null
+++ b/WF/openvpn/wf/keys/axel.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIYiFMMREJCT0CAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECLm6bnbYcf1gBIIJUMrfL2VOB/rd
+fSk74V0FZkJVsFhVEGZJ0jWM8n75cUO+yOB1wcXv9RczeEtW2e8ZU4LEb4aJZ7T3
+RoGG2UxTsrkrN1Tw2sotuNIea2hT1+sTPbc74GJmZjf2BD2BIxpAS6VLkKGLoN11
+c+1euUsLcs8Y1Y6T0Ig0aah9tUjp3qeA0pPMvmtWg2BjnmG6oU5FJnxOpuX/ItJi
+vm38fMzApjh6vW6vxhD0sPdhanWdKilE+SPpe6sPCfHanVzVmP42NwMofoDrE5bP
+CxMTJa2Pi6dA7qt+9HfeDfzOHsfCvlGAnwzumwKQx4O2BO+JQjC1V9WUEvo0zoHR
+/+aHWZIF33pJmZJw0kIbC/WdG/SevK22BtcGy/+So1WRywkmtckP5oPcQ/ej+p0V
+2bkgRGCfyehuoiBv8W7lCqvJDbdmSLBLrbSWhLHPfxfhW9Yqau3J2oUgQXel3G8F
+9pECEQHVm3T54anPqEol96dYhP9inz2/BwFQqGaGrobJ+TOsh1DRAQpM8QMElWaZ
+xjX5qcFk6O6Uf61uTOwcQnfxZD6vOhqHSmFJ4AQy6M2SBXM65Q1S3ZnRpWKJxXBg
+jspgK2iWDwtoXHGFWpazBaIMd/PRmYmibOAZbCSfRvgfkTXE3+HeZwk7ZCwKBATY
+u7oHxdcEaccuLiq0HXutTOjyKUk8ui33FkwI6i2v6bcsSDbj0RiGjPQmdxxZG2bO
+yL1JKHMpj5sIS0ZjfSmoOK4u3bEd5TvShPplIVqf79SRUJEEOlqNxXTjkAdG2OXQ
+GuNscbIMrvJ7zVyQgWjzfMS0PdSHpeHAqgVLxcjkDTFEHIssmzUSCq9sHVKAQX4h
+IDyNJPHWwRnH4pfUGaS62zK2WCFM6GSolPtS5ZwJxgg7TRbKF7Z+ThW7n0MwHhZy
+zJXKUL5fJurZYnLRgDzlVR3NsKkYg+Wwxy4k8NDGuYsx7zlQOfjoYe506ObxY9ih
+YkQUX/s9AY2VZGWPypis+hZkJCVn7F9NMKOXVjDs4zMGWyhzRVoIwU0p10JqqRPI
+k2V/UTYMkWseo1blIitT4ZEZQHVG+ciQsHQA/MBCBELQCl/NKGHjC0I9LRcFp5Sd
+x6nTLCRb1i6Xqd1NRN/uF3BgJWJoPu+fBhRPF4ZI1YF+POaegKf80y3vbIMpaBUp
+Ok/kS5L22NQvd0moHDKKbIu9H0q3WKokkipmi4cQZWslLO1ZGH3eoN+hyX1qHQOk
+kr/bSRfYLdjFumXmw1t7HIu9I8sFnpyoJwVlC3I6zBYPysS3XRzQM4+sLcHR2Stw
+9/ucvoLPuYI8Pyyk1WhFMLZtAjsDdRrlNgd3DcBbuR0ldCdMb7DQwj2LJDhaX0md
+0E9xpwy415GQDYFkKAuOL5s1oTPbYBVqugErdfZMYU74BDrcxi6Bo2DfnmTF8/SR
+0fhhihy5PboH+vsWT1CD4rHaxEFi0JnUQoMgFjUrdcfykz4Y7EPOAKOQ2I6XRhfF
+fJfMi4c3iVa1NOd/4Kw6sh+/l1/XZxbdEwNd5CQ9Xa5WDQDglOqkf4Owkg9dYnTS
+sfIX9NkQ9yV3n32UqYCDCIIlYnXfHo+cuFMqTwcVOi+acfag39aVSer5M7RUoeVu
+JRcS+yOCRkIvm/SRt1XFVB4S1ZEseiSwjwdIvTtXr8bRzIpd3WF+q95qGYZLwISR
+zc6WspL6d5Ll48yRntjV7lIgFt1bZB/Vj/U2c/+S5pIIXSPZyIuN8RYiL4IhZmxa
+deMIB8Sx5ZriTn52vEUSje1dlolBr5xL+ifpG8IRSwa4GaRctBVrSNguTfx0ZKyQ
+Ku+jdBiGFs1TcAec2Zlj2IGL+LkLuCF/ZaHQwkp7egG6tSXmpK6dk1VoUGb4HUXi
+lwSJsW1kNj8nVvEvh8m1H7+UyI6y/jFUeuyisM5KV3UFOQNidKsmRBKaC2JlI3Zu
+iKJ/jW2O2SwRMm44U2DgNjB05Jr22V/plKhUYFxhVB/1aBeoIywtij0BVY85/KZz
+5Q2I3U33nyu5ewTfrT5essBcgKYJne+7s61yaGQeHjJCEbKNKtRtLkQ5vgdleWgg
+LM29Oxr+3jjyB+dcIVe9EtYHZ/lF6ywuEeLH3RAdbmhPigt6rM0+MOnsIQOvjN9O
+2DpGRvaBeA7acFPzmMJoKk3tQDh7tpJY4cgot9AvBt0US0XUvYSQf2In2S3ifSWU
+9uz8otdB2rDf+OFU6L4xg5dTD8nqTHt9z7oUEeJWFz2C4qkZ4+10Czb3QRxj0OlB
+isIkMh8k7kYQ4rtrZCbvkVjAJwnUQFI5zFBlo/8GfroOVFdFlx8kG3t0WAXJ9aX3
+YnqUoMywxSAz8iBfN/sjv7rkgobozPlqEhGwEJ8hKBAf1HCwVegi5tmlXfXmLbSt
+BWhKrJG98NwRApnWzFFvui4qiAGeXAsKx2/3w0An3sUwLJjUcfZNGsn/0wt56Hid
+RP5Od59n1+UHWe1eMBhw6lZdvaVHostAj51kdGsuacr3tJN/g5Cko49NyJNI0k+U
+/0+Lgxs8rUHHYe4SXeGR4Ri2YgVEJR3dqOPaiIiK4vg3wop8VLN4W+4PLqNFKDd6
+RGn3yyS9CkR4Jqu3B5ezLCjwvTV+pcZ9UqlOUOK2O/diE5ro+2sj3zuw5rUUolwx
+OQ9ex3m7JrqGadARhtc5ALPY4OmkbddIDL0ewc1PysMB5vATWMH149bmtKJSx5u9
+tWnxzpFGpQu2YMyFMkNexbWHLMtZff7mXlwUk5NMgvnHQ+EdCaqj22zhQoRgL+us
+SdL20wEBm+eEPgiWMSk1nmrgen1kU3gKRQzw7miqsSPnW+PSfJvxnbib2uuclHZS
+8Sz56xwPksT2gNQvA6ir6ndeOAYJpMW3bQrQr8GLfiNDcUJ9cCNWJtfqZcBTxvvf
+iHpLlNGBzwk5XDJuCJE1o6pkmF5fQMjBzpntre4df2kIbxuC8Fyu1TLnT9bgLywe
+H8azR+2ZYDzSXtPYN+dOgNfH7AoCzLHczvMGLeCttzeUgvMPAesJK6BthIuJpxNV
+01oaEQSrU49tiRgC89tgZs267MrIPnkUTlJoz/PW/wZ9f0RqnAfCMZLb7nj+p083
+5v+d5g33xex9CZ2XUb051wdir7pamEUV0fpnCBAjRtjjb7PWMuOZjop7L23eMgbp
+9obNF+BPYXYzLgSAioucrODoPEV2gYSi
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/WF/openvpn/wf/keys/ca.crt b/WF/openvpn/wf/keys/ca.crt
new file mode 100644
index 0000000..a652590
--- /dev/null
+++ b/WF/openvpn/wf/keys/ca.crt
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIGxjCCBK6gAwIBAgIJANhMyyi1cVS7MA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
+VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNV
+BAoTBm8ub3BlbjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMG
+VlBOLVdGMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMCAXDTE4MDUwNDE4MjA0MloYDzIwNTAwNTA0MTgyMDQyWjCBnDELMAkG
+A1UEBhMCREUxDzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYD
+VQQKEwZvLm9wZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMT
+BlZQTi1XRjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK+cDn8x2oBG
+oH7SDD3d9p+rRE4uzVDp/7YxuvvCXazhPUVc0BGE8hj6jCwB+tbbNlhbm/uwxAX6
+96kz2AmoGzEZQy/Icb+UKNkKni15PUEaCcFWkgb9mMb/6XBP4JLUdnxxUn5rYB8A
+m4jpKzMz6tBRlNmLbDVbcHriLuJJ3mgFBN/QYV9zurKzMRLv6Y8MVzLXY6MPYaFs
+Lw398Iz/lIVLq40FxZ7oktvT3RFQUFjiTqBvdmQw91MYxJHGYZH6XB+tPhGw+9D7
+w2ejAvv3MQU246oaEyyH3Pgh8GajSdKmiTH5YHRkp6LVnh7IGEZ1G7dbq8d5KlZP
+zBP+Xdsf0gkjl3HI5cu4RJHWFg3dpNJxatxXc8owhaLa3wiVwSXobNsQBUNI5CeE
+OItnetBLZzAmDlS5WoOAj5KMApun4xQQJXaazTaM5LhUN1TmXL6dq6rHSZrnrciV
+aM0M6F96h0OFYq0RxsztXHiWFxJgbuNQSx1pzqsaFe4MtEEpMlI4SRQjtJPbje80
+HCELo3Qfuxm6vLSGH1jXozhDt3/3jB96yBT+wemN3wxiiR/fWfmwH0k3VEFxbsBR
+sMcgA3xopoyHU3cUQqWkFaKT0gBa0t2sZqpsaRgaR4YzKVuHu7Wezb3VRAt9VH35
+E97yq3vv0J2OFN4trPMZ6TdRcRppe79bAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQU
+Tz6IFOGhISjj5ltza9wPl9lg9fEwgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltz
+a9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4x
+DzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3
+b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAMBgNVHRME
+BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQApiMctoi++fFyKUOzdI5p+mJLxldQD
+Jx6V6aY3wZRtKerXFuH+rAZDcBg5pCc+IwVYhR0ilJGvSFrN3nsipSRYkev3W8F7
+8NBD0I0A02WmwOZA9GM5LAwc3w7dkGKLTIFM/qfwti4Y6o0Sb10r8QKhggiNBO53
+Z10StshS5ciUtw0oH7oTRbsXhLOwwikkBxQgeCU5IJUtC2Xp8uG6Mrkqva/l+PIe
+I83YPlE6NGiok2N9Cg7wx7Y65hg6F8lLePIh81pPLVujr91B1Y9Oc/iKwDZ+f0ep
+uWnLSZJYbCrv4/QqPi4Km7CqJlPy4Wj861U2SmNkzJC721d2UDVBcFoGw3zIszYl
+zGdXF71fcLqThlU/EwNgSOa/hQd6mcCZVBh0qlQHp1nefCUM4O5Qd7swSTV3Bdbx
+wkkH/lWRPURL0qMevF5KNYT+dUV7Tplf11cW8D3cIe8+mr7p7FnFjKlbQ+YQQZ+O
+d1zX06ADQPLsOat4FNwAkxBLSQ0anK9iu0xZUNy3RMRsLIX/gtl6qvxnWvuy2OJs
+3bjs7hauPZLwycL5uaFoKt8twwomLPj4tE0AsWwxIGK7vQajJl755QNEgHfUd8Ng
+U9tR185HsyrrKii3tuxGRwJGeN5IQkp/04CL2jVYYzkqe7tsr4SPE++hj/vK4zrw
+E+i0hdVFGZBFNQ==
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/wf/keys/ca.key b/WF/openvpn/wf/keys/ca.key
new file mode 100644
index 0000000..2908aeb
--- /dev/null
+++ b/WF/openvpn/wf/keys/ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCvnA5/MdqARqB+
+0gw93fafq0ROLs1Q6f+2Mbr7wl2s4T1FXNARhPIY+owsAfrW2zZYW5v7sMQF+vep
+M9gJqBsxGUMvyHG/lCjZCp4teT1BGgnBVpIG/ZjG/+lwT+CS1HZ8cVJ+a2AfAJuI
+6SszM+rQUZTZi2w1W3B64i7iSd5oBQTf0GFfc7qyszES7+mPDFcy12OjD2GhbC8N
+/fCM/5SFS6uNBcWe6JLb090RUFBY4k6gb3ZkMPdTGMSRxmGR+lwfrT4RsPvQ+8Nn
+owL79zEFNuOqGhMsh9z4IfBmo0nSpokx+WB0ZKei1Z4eyBhGdRu3W6vHeSpWT8wT
+/l3bH9IJI5dxyOXLuESR1hYN3aTScWrcV3PKMIWi2t8IlcEl6GzbEAVDSOQnhDiL
+Z3rQS2cwJg5UuVqDgI+SjAKbp+MUECV2ms02jOS4VDdU5ly+nauqx0ma563IlWjN
+DOhfeodDhWKtEcbM7Vx4lhcSYG7jUEsdac6rGhXuDLRBKTJSOEkUI7ST243vNBwh
+C6N0H7sZury0hh9Y16M4Q7d/94wfesgU/sHpjd8MYokf31n5sB9JN1RBcW7AUbDH
+IAN8aKaMh1N3FEKlpBWik9IAWtLdrGaqbGkYGkeGMylbh7u1ns291UQLfVR9+RPe
+8qt779CdjhTeLazzGek3UXEaaXu/WwIDAQABAoICAAwenhWDMExIE42NG5Etf3bX
+kBhBPKRH8gD1/6yeZm6nAN6HoEiFP1wf9oqW/GPVrzN75xEAyxaKkosX6+IGuxGx
+Z6SllcweAo+wHuiOhH64uFGikuNunxukz8yThrE7fo3qGEJnULPzC8jwJq4a+Cq2
+Zqp459fq3qFseMXfST0uk36K2B2JVCo/GbTv39Oii2YT3WmEhz1nxPuXOgHRJcPp
+TAaojlIARRpszcYDH/hybfC+oJIbmwYeIHrbESLM/4ykHTOFXmu25G6DnpIbJkPw
+3NeBgy9AlSx+0yOSQ2cJXVCYoGKIC9W+HnKLZrl+HZKS/hD/OL/KNBBxLrMPyCQC
+CyZhfs0WEvtjAZ5f31EqACEnCR13ZjSycMtTi/NzSEwenUriYF486rdAFDIQ5fXd
+f5IhLhqVbjDWUNve56n0C2rKJhVYgQIjYTTzSnLAvvqfwRNp98s/98DHMxwSbQBz
+Gwq+witmhqj3cv1xfddkv1bJbf7EWwgwvFzBwxu5lfZrl6Ws9Tq0C7TuNE6znhEs
+SZSptUydRrfdY8OfFT9d9eEHqjR0QROcBkbjOOGxegYgw3Jc4QfpqMms01KLxmDe
+w5P0N/iQX48g7OUrpSN1VHngwJARio6JZMrEuW3lTwxO6WifgoApUdEdJFVK0eIe
+CvoXBPVbAwmi5PdvI7wBAoIBAQDbdnrbN/2wEPxEvIFYXbg7pvIoWWtEm+q7ZFWb
+iAbGcHRkmCRQUNXPSrLWiSje2OI8y0l5ypz8Ix4YEw0Ww2YOoLTnVC8OcruoVWCR
+ggAgZPfxoR/jYWnaYEBH1T0AY1LI3OX6ZYKGVmAIVTtldDi4cmkLDO25jBkFzqqc
+Hg5/ZwRQeyrGcKSehBSK+meeP0ZPR04RaVkkmTKLJt0+GP2GBoG9qV47iDCAA3w9
++05r9gah0KPEaVQK6MGYF8+fiIlSGlCjZzHu+CTj94tsIswU5J7Hlc9ABr0d6HL1
+e2Zt9u32gQKpzC+TeSw8cSrdk89es8GbkG0+MJC1RShPcsIBAoIBAQDM2Iy2B/3d
+on5OVeesvsB7T0EclG1+wDntBXAdL5zwwjGkC4PZqGVjJTDfiRs4tYqPW2cfoHDf
+gVMzQnb6bOO8Rruc5Y8vwHRNDwutznWiei7qgPbpLONp3pE+bj6iJvJ8JBhhMNUW
+tJ8HOO5xJJz51eakyGhJvXoHJgbzazsF7svfyRoJAeqTa4GcuGSFveOzTCRUyng5
+VMhN5U7aOnNynqdfegCDcA2v0LH6eHuzyqXfLJ181SfAfMgkayw+Dmk/ubQtgglz
+VulBXpyFghqfChlidzUJa/dw3qRz5xLB2bhiM8AoMs2HnzOXaY2Czd+ttE41dIOY
+kmjOn9fVXslbAoIBAQCARJ9JwU/kuAi5o/N1UlF7i/e83YZ0cyyemeXvIXHUSaW9
+pa6Twqs0nNQpz8Czfs+7+JTZOjLGqz/Lklb0FwBvTD5vdiSKrURA/qWSZgjs5haE
+g0e//g+AMwFe+qLMt0CLZZCE6Q+AtLssI6Szh1ofc78xVj0bVWbKnh/ZXzfZ/rvm
+zhYSJYQRoeDf2br2IsVVULewNYKEgYWpDu4AfVqwGt15nKQW52Jxb5gOIfOT5he6
+O9d71JPqTF/aJRCUjZi1A+xdlNL6eM4W73ftm+jrzTOAM28OXOHruRB3qcgUPV6X
+1I9Z7p1f9FKGgR4so1dwYl+mLKOs1XW+fM0yokABAoIBAQCrtGDOPIipfQlOdGeL
+vyDsu5QidrAJbOuhJ8vASybMEJs3nIdarPK/Vm9PEEgHEvUgEUexlPTIBElPUEkW
+xKtoKAofC7UoG7Pg29m4SLUGClDFNHDDJ2NAXNV2dUZ++RKMyFy/KwWS0Lf0f94u
+bLhAGvIH8gyosvBUiaWN6LZC1NWDsbfnEPoltBmi2lU4XeE9a3eQs15vAAgeczXT
+audWjnJRb5x6kDSIyPBGuTNHk3fSSD2CY9G8YVwKWuNs6PuD9Q94jeWKDrHan4mn
+x1S1NuvsQ2vrh9qTe6xxkqGAaBVMC4DosRzir6m5IzsBB7yUh+x+ljmwbBj6CbYL
+Hja9AoIBAAOS3cIms52b6efa3yhFNjOceUrC+4S2Suj7dBX0AYZFALAnK6bmgdMk
+a8+zcmqxW5dDaS55xHZ2D1Tfh01wQYC7AmdSXog3RBCVkgij0jVoJOkMMcoHBiIc
+BHa/6sAcvZJZeHXzkT7zTVlPtvboMHJt2QU6rA2eBJAiOpQhFh9/jbph3LoZiCt2
+0mTxhnmQU+EZZ8sp1cPitj0r2mMaRgxnIKOcvaavKrmqwo9MKV5n4hi43M8/nLG5
+scdvaRcpkP809tdN0ewIqzLwgSymM3TRP2AcbrNCe0Y3dqgi+D3dfDmZPLO/psoz
+5+fG19pe9kCo7mTnxNlgfWElZiONWHw=
+-----END PRIVATE KEY-----
diff --git a/WF/openvpn/wf/keys/chris.crt b/WF/openvpn/wf/keys/chris.crt
new file mode 100644
index 0000000..9f3e5e2
--- /dev/null
+++ b/WF/openvpn/wf/keys/chris.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:32:50 2018 GMT
+            Not After : May  5 09:32:50 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-chris/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:ac:28:bc:5c:b2:3a:38:2a:30:40:f2:df:24:c2:
+                    62:c6:91:61:eb:ce:df:64:f4:3d:0b:72:c3:f7:58:
+                    27:45:b6:7b:79:8e:a1:5c:10:3b:f7:92:5d:d7:d9:
+                    61:02:70:7c:c3:8e:f1:ca:41:60:50:68:5f:bd:a2:
+                    cf:e6:ef:b2:ad:82:dd:f3:bb:42:27:5a:1b:79:87:
+                    1e:93:2a:1a:26:e2:cd:39:a1:a6:44:bb:50:05:f6:
+                    00:b9:8c:11:12:ec:64:c1:8c:62:2c:27:f2:21:71:
+                    ab:2f:01:97:0e:0b:ac:7a:b9:84:6b:4d:69:a5:90:
+                    08:c6:43:72:b9:27:7e:31:b1:18:41:60:c8:5a:06:
+                    31:9c:8f:5f:06:6a:16:75:47:ad:c6:5f:6d:4b:c1:
+                    3a:9c:7d:40:2c:2d:01:e4:76:13:17:0b:0e:8a:ae:
+                    d8:54:fb:69:c4:9b:85:a4:bd:d8:4d:48:2e:c8:2f:
+                    b9:92:e9:8c:bb:5c:44:7e:39:a4:2b:ea:2b:1d:8a:
+                    c0:d2:39:04:ee:76:43:a1:09:1e:2e:95:83:d1:85:
+                    91:fc:d7:a0:12:0a:b9:6c:d4:22:e2:f9:4e:36:a6:
+                    79:1a:12:53:75:56:f4:f2:77:98:82:d9:dd:63:c1:
+                    bf:97:62:99:ed:6f:55:36:20:fa:d6:11:41:b6:fb:
+                    24:b2:d5:2a:2c:5c:58:d2:bc:fd:d4:14:33:2a:d7:
+                    db:de:79:c9:25:1e:92:ce:d0:8e:03:58:9a:c1:f8:
+                    a9:2b:2a:6f:53:47:65:42:39:4d:f0:be:f3:d9:af:
+                    07:42:07:8b:fa:8c:17:fb:6f:48:5f:ca:01:c2:df:
+                    19:38:25:f5:33:e8:4f:da:c5:9e:46:c3:b4:9c:b4:
+                    c4:75:bd:87:f5:11:fb:fb:d6:01:67:d3:49:45:65:
+                    96:1e:27:47:7b:56:80:14:7d:02:89:17:bc:7a:0a:
+                    2a:9d:5a:1f:1c:a5:d7:c0:ee:43:1a:e1:41:b0:aa:
+                    6a:8b:c9:be:5f:ff:63:6c:c3:a0:5a:64:12:a0:c5:
+                    04:88:7a:14:9c:17:ee:9d:e8:bb:45:9e:0b:32:74:
+                    8d:89:fa:95:2b:42:1b:2a:9c:90:f3:0f:75:7a:a4:
+                    41:f4:74:0d:2a:fd:36:33:c9:49:fc:0b:1f:45:78:
+                    e1:c4:25:5e:a4:6c:a1:de:cc:85:77:9d:de:f8:5d:
+                    b0:25:f5:f5:4b:22:19:49:10:f2:b9:ac:9a:1c:db:
+                    60:18:c1:2a:37:e1:5e:b9:7c:17:b3:26:68:8f:f7:
+                    f4:10:75:ec:11:aa:09:bd:93:40:d7:8e:2b:33:e2:
+                    07:39:4e:cc:5f:7a:e6:5b:3e:76:a1:47:1a:45:90:
+                    c2:8d:ed
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                44:B8:B9:2D:98:73:3A:7A:EE:7E:39:44:5D:BE:7A:84:96:1C:9A:99
+            X509v3 Authority Key Identifier: 
+                keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D8:4C:CB:28:B5:71:54:BB
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:chris
+    Signature Algorithm: sha256WithRSAEncryption
+         7f:37:c3:2c:7f:75:3d:ff:ed:0c:9e:ab:c1:f5:06:f7:e6:1d:
+         23:20:75:f0:b1:5a:8a:66:ce:21:a1:2f:65:0d:38:16:d7:29:
+         c7:fe:56:6e:76:8b:d5:25:cd:20:95:67:6f:f0:d3:87:03:03:
+         e7:69:87:ea:45:8d:9f:ea:bd:8e:d9:ad:40:24:0d:94:2b:1b:
+         ba:2e:67:8b:70:50:b1:11:54:b5:65:da:f7:5f:42:08:b1:6c:
+         2d:83:3b:3c:79:97:b0:db:54:92:98:5e:76:f4:f5:6b:24:95:
+         70:06:66:5f:13:c8:ed:f8:d1:8c:03:cf:5d:3b:46:31:85:2e:
+         7a:e5:3c:26:f6:7f:20:55:d6:2e:bc:bf:13:41:f6:32:87:af:
+         26:3d:ab:64:02:2c:d2:bb:cc:fd:fe:6c:67:87:2d:d6:2d:ff:
+         50:a0:42:8c:9d:73:8a:67:2f:f6:7b:61:c9:cb:29:cc:86:56:
+         2c:9f:21:0c:eb:33:b6:66:74:07:1e:2d:00:36:69:a0:2d:6a:
+         72:7d:78:33:1f:59:4f:a3:ef:74:4e:ad:fc:ba:a7:e6:80:9d:
+         d5:c4:b9:a8:b6:11:2c:2c:a2:7e:fe:e5:17:fc:98:b2:1f:75:
+         ad:f4:24:58:fd:40:4f:51:4b:4e:3f:c8:e1:92:1b:c5:b9:b3:
+         7a:70:c3:eb:e9:c5:7f:40:f4:ca:53:2e:28:97:7c:4a:d8:09:
+         94:f7:c8:0b:e9:45:76:ef:12:23:41:2f:99:b8:4c:f1:95:cd:
+         93:e2:57:83:11:7e:09:ba:c9:dc:73:b0:95:56:47:95:98:70:
+         e6:cf:49:b6:f2:92:e3:29:aa:5f:41:0f:35:a1:fd:84:99:a8:
+         c5:79:e3:70:ab:3c:62:5f:af:90:dc:4a:94:1f:94:c0:fd:7f:
+         e6:e1:6b:bc:f5:77:39:38:1d:cc:fe:fc:a9:7c:5c:45:bc:3d:
+         cd:3f:e3:22:27:e0:ae:6d:20:e0:74:73:92:04:89:0a:8a:e7:
+         ea:c3:7f:e2:36:ba:6c:f0:e4:22:f4:a1:d3:eb:7a:4e:13:3d:
+         a6:a1:a8:e9:09:2f:82:ff:64:a9:aa:07:2f:21:1b:a8:9e:4b:
+         ba:87:8b:a3:24:4c:23:15:60:f4:44:53:2d:2a:b1:2d:fd:d0:
+         69:91:57:02:6d:ad:97:55:f6:e8:23:a3:23:9f:ce:38:78:ce:
+         1d:46:90:2a:32:9e:07:81:e5:0f:3e:9e:bf:06:41:81:54:03:
+         4f:ab:55:ab:b6:13:8d:9b:5e:71:43:c0:2f:92:a8:6c:62:b1:
+         91:64:8f:ab:b2:03:a4:22:02:7c:15:ab:19:83:5e:d8:30:68:
+         95:f2:e8:af:65:d8:e8:2b
+-----BEGIN CERTIFICATE-----
+MIIHIjCCBQqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTMyNTBaFw0zODA1MDUwOTMyNTBaMIGiMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLVdGLWNo
+cmlzMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArCi8XLI6OCowQPLf
+JMJixpFh687fZPQ9C3LD91gnRbZ7eY6hXBA795Jd19lhAnB8w47xykFgUGhfvaLP
+5u+yrYLd87tCJ1obeYcekyoaJuLNOaGmRLtQBfYAuYwREuxkwYxiLCfyIXGrLwGX
+DgusermEa01ppZAIxkNyuSd+MbEYQWDIWgYxnI9fBmoWdUetxl9tS8E6nH1ALC0B
+5HYTFwsOiq7YVPtpxJuFpL3YTUguyC+5kumMu1xEfjmkK+orHYrA0jkE7nZDoQke
+LpWD0YWR/NegEgq5bNQi4vlONqZ5GhJTdVb08neYgtndY8G/l2KZ7W9VNiD61hFB
+tvskstUqLFxY0rz91BQzKtfb3nnJJR6SztCOA1iawfipKypvU0dlQjlN8L7z2a8H
+QgeL+owX+29IX8oBwt8ZOCX1M+hP2sWeRsO0nLTEdb2H9RH7+9YBZ9NJRWWWHidH
+e1aAFH0CiRe8egoqnVofHKXXwO5DGuFBsKpqi8m+X/9jbMOgWmQSoMUEiHoUnBfu
+nei7RZ4LMnSNifqVK0IbKpyQ8w91eqRB9HQNKv02M8lJ/AsfRXjhxCVepGyh3syF
+d53e+F2wJfX1SyIZSRDyuayaHNtgGMEqN+FeuXwXsyZoj/f0EHXsEaoJvZNA144r
+M+IHOU7MX3rmWz52oUcaRZDCje0CAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
+YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQURLi5LZhzOnrufjlEXb56hJYcmpkwgdEGA1UdIwSByTCBxoAUTz6IFOGh
+ISjj5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQ
+TiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAT
+BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFY2hy
+aXMwDQYJKoZIhvcNAQELBQADggIBAH83wyx/dT3/7Qyeq8H1BvfmHSMgdfCxWopm
+ziGhL2UNOBbXKcf+Vm52i9UlzSCVZ2/w04cDA+dph+pFjZ/qvY7ZrUAkDZQrG7ou
+Z4twULERVLVl2vdfQgixbC2DOzx5l7DbVJKYXnb09WsklXAGZl8TyO340YwDz107
+RjGFLnrlPCb2fyBV1i68vxNB9jKHryY9q2QCLNK7zP3+bGeHLdYt/1CgQoydc4pn
+L/Z7YcnLKcyGViyfIQzrM7ZmdAceLQA2aaAtanJ9eDMfWU+j73ROrfy6p+aAndXE
+uai2ESwson7+5Rf8mLIfda30JFj9QE9RS04/yOGSG8W5s3pww+vpxX9A9MpTLiiX
+fErYCZT3yAvpRXbvEiNBL5m4TPGVzZPiV4MRfgm6ydxzsJVWR5WYcObPSbbykuMp
+ql9BDzWh/YSZqMV543CrPGJfr5DcSpQflMD9f+bha7z1dzk4Hcz+/Kl8XEW8Pc0/
+4yIn4K5tIOB0c5IEiQqK5+rDf+I2umzw5CL0odPrek4TPaahqOkJL4L/ZKmqBy8h
+G6ieS7qHi6MkTCMVYPREUy0qsS390GmRVwJtrZdV9ugjoyOfzjh4zh1GkCoyngeB
+5Q8+nr8GQYFUA0+rVau2E42bXnFDwC+SqGxisZFkj6uyA6QiAnwVqxmDXtgwaJXy
+6K9l2Ogr
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/wf/keys/chris.csr b/WF/openvpn/wf/keys/chris.csr
new file mode 100644
index 0000000..a2c3d9c
--- /dev/null
+++ b/WF/openvpn/wf/keys/chris.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6DCCAtACAQAwgaIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRUwEwYDVQQDEwxWUE4tV0YtY2hyaXMxDzANBgNVBCkTBlZQTiBX
+RjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCsKLxcsjo4KjBA8t8kwmLGkWHrzt9k9D0LcsP3WCdF
+tnt5jqFcEDv3kl3X2WECcHzDjvHKQWBQaF+9os/m77Ktgt3zu0InWht5hx6TKhom
+4s05oaZEu1AF9gC5jBES7GTBjGIsJ/IhcasvAZcOC6x6uYRrTWmlkAjGQ3K5J34x
+sRhBYMhaBjGcj18GahZ1R63GX21LwTqcfUAsLQHkdhMXCw6KrthU+2nEm4WkvdhN
+SC7IL7mS6Yy7XER+OaQr6isdisDSOQTudkOhCR4ulYPRhZH816ASCrls1CLi+U42
+pnkaElN1VvTyd5iC2d1jwb+XYpntb1U2IPrWEUG2+ySy1SosXFjSvP3UFDMq19ve
+ecklHpLO0I4DWJrB+KkrKm9TR2VCOU3wvvPZrwdCB4v6jBf7b0hfygHC3xk4JfUz
+6E/axZ5Gw7SctMR1vYf1Efv71gFn00lFZZYeJ0d7VoAUfQKJF7x6CiqdWh8cpdfA
+7kMa4UGwqmqLyb5f/2Nsw6BaZBKgxQSIehScF+6d6LtFngsydI2J+pUrQhsqnJDz
+D3V6pEH0dA0q/TYzyUn8Cx9FeOHEJV6kbKHezIV3nd74XbAl9fVLIhlJEPK5rJoc
+22AYwSo34V65fBezJmiP9/QQdewRqgm9k0DXjisz4gc5TsxfeuZbPnahRxpFkMKN
+7QIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAJ2EMBlJrASr7mErOk2p4WiW5wjQ
+b5kqowsT2G/guRnlQEqYLCdlsqq+to7gyB1czZbUkSc6ig+8xKy8Ezv1a34lM3Pa
+8GQptOpCz1NMNb0FkPQmPpcYWtjKvOgjGJn5B/N8vhb1V6mLkRfw9luN2F55kq4n
+WdPwGlPpxlDdksflAR+JLyUdm2t22Oe1ZaNtba+72JmMU7Js7bHXLSf2LwPNOXO1
+kIl8l0JJW7sLAXemPdF5Wu/c2Qa4JulbEstjvpIS76jI6Xk/iMuYUmoZOotMtKrR
+mxkPLR9l36VUfCc9BeHWdjYTsS4CTVSSEpyI9qH5IO6otCbrlC3UuadQHoLXjOYh
+E4cZhdcPp3cVYX9hDjbum3JXmjNze7F6R22WeHsW3lUNUlQi2JN7xopfRfm7KnQu
+cZqtcT85e7+KxWFJLCs5ODzXdJs9Rad7sTnooc7LOM53EJBdRFUKYL6RlpIX4MV9
+3TMsWm+feXlg3Xab9LGoqGEjK71xovhtEyY4OXexxnyP7O1IqTJlTCfi/BAQT9M8
+b4k8+9BSx+PXa42pvOuSiAETNDKRndgDnEcQpWxw2r5acgj4Xht0xcrmmUQN3LAl
+fBh3/odCka+qyC/qwx97A7B5Qc6WX3IBLBuENHYA6eMHg7rrROWGYvPDIwgCQU5S
+AZnnLuDRWbqNKVcc
+-----END CERTIFICATE REQUEST-----
diff --git a/WF/openvpn/wf/keys/chris.key b/WF/openvpn/wf/keys/chris.key
new file mode 100644
index 0000000..b20ccce
--- /dev/null
+++ b/WF/openvpn/wf/keys/chris.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIO8xdzGddC/ICAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAssHpVt0na2BIIJSHCBMo0JSJOq
+YeavxKLQaHgi4cYhkRb5tpe+Rw79lKDOAnWOvf1omRdqapHAQfxworEXp3YbxUXe
+aV37UgUR9dXKGf/ctRCHou864NeE3+XRCjKbhEit5jO+IqqvuoI+7jL4HVa6Btv6
+KL7bMnVmafymTaA308qg6Z4RG5zDIuktOtozDq3JAMT8DslRlsh0rL91rhSM00/z
+KHot9q4Vd4XJ7f5NOR6FBUnDDB3+fHJlvJBWCdE4foWSTHQYJHdh5iIsvPOAj9SS
+uwRvtX9QaucoRsjc+YCHTn7BLkyDbfgabjBOA6bDwgG45sJH+lYW8Wj2oZjZDQ6n
+rjm9kjYK/7tVCP/6djXI0xl32g6KxUsU8GcOwpKqofOQ8gpJy/8ygiJbHQIv0xY2
+kYE509bPQQdVvrEJciX2vkb9L2F6I8Q6q0gwQ1vIO7MdPbZ+FZNjQYtcwyregJzj
+DRQnCqLtsfuPg8CfV/6fhLIwpdCgGf1dCxJXG+MqntNS6bIqgcNB8/S/v6FWd5n0
+IzdaCpMQq9VVDVyHDH4ZJaiTom62vaOn4fJZBhPv63csg4GpMiy+na9OYaCk+m76
+zK3YKitw7Mvj9xaQ4swsGxLdP48dXuxRYweytZkK7wlf4L1qhVbsMK2akeZxq301
+OcKAI1lfZykD+4CD5SGPWBDNrTPtZxPqy6SB0F7G9Dv5PtkJDdQ8EZwYTjZNRMKO
+Pc4Rhj7RxBXLcUDG299hmUi0LaS/bDJax7xAs3YmmuDkR0Je6S+vTfAMHycof4KP
+/4xXiYnP8qB6do4XL+ZpONhTciUSVDbR69ODcfvJr6cRq0QPANy2m3nQE1d+aVhO
+kQ/weVpkiH1U+rJEaA6DdhBuMi1p6X+GehV7KUoKhlR8mgBpyGER0NQkAvWdcs4y
+2g/tcQ23KC2k3uBgA2OI/JiALPJn1Z2f+7UE5E53g0C0J8IlioxEMYwNz/lMikXs
+kcGZbMVApzvoE473S0LZ2vIx+hU+U24iGNRqpZis3fZt8Sry1HPynD6ShFzk64fj
+nwLdYrUmhra0l7DkRfJns9SHo3T6lv/MptbemeEog3/L5NEN3nnovAWXJOfi6XOd
+Ih9P+x+xXYQlR48V0/hSutN1sk9zcr5ctDrvWJYiw/mPgX2VdvcULTN3dwelwnP7
+H9uOYwPiDiSRahoRDceNu3kFWyMkfaFjizK5tdyF6IS7xqkPWegc7akfZNf3V05M
+YeOnhUiFvJ6nG9B33SVB/uaOrCPLdfalPfzcqHM8xmfpgabr6EqEYKklniNZhMrz
+3l8H+tDtUT1sWUoVD/SM/hry2Gfrb3mYFQcoUCh6Nm4ughNGjdqN3OfHvtlXlgBI
++QekPCU4G9qHeLw82aemnioJIYpp1YEES/C0MEhrbQotcNyWBiOrYX9HlMbN4s+o
+uQGpRwdLigp1lHwKCeh2JxcIy+ol9wDeB3GojcFC28Q5pegx9fHeHnARGyqH2zDg
+KsCARH2Px+OJ5GdNktW1pDPZNtPL321fEqbJS2RFIH2lTqZ4iiTe7EFnxVWYTGcj
+PizsE0drgNEOdHOU6R3YbguM5FjPUuHRQ3xY/5EBxDNVugWAE+eyj2I1UEtl8vle
+pwmPOlD4kPI2LpyhaG5us7e3RnjUt1zr+u+OYTnr3NQ2EbHV6okR3f+l8cey6xmR
+Q4G7CgddLcdmkKz/cKodzobxzlk7jw4WOKG0GAOcnDp3EnuGISCzFu+nJwBt3nCk
+VWTIg4TsD1LbFmeamXwLGJ6QryTQ0oqKc9OPV0M6SGvyhABax+3px9KI0/7sgCg0
+4ehcs1WZA6DXTO4ZDGEdVguYUQ7UAvIgq5UswKARowQPWO3MVuivlXtJz6yXAlzl
+/s5P7XCETAGB+6qh1+Ofq7zV8Pr6Ply00qNNU2hbBjLYHrip5Wjb2IqRT00k033m
+N2Dyyg13Xika3jj6aaDphQ2XjFghL3f08NZ2RPKo2B1vz/XKNDCcTse9mACGlSjp
+cd6SmvRnOf24laFvkSKYG/oBmpUPnZVtnIzP8jprxbXzIAeqd2wx0PeSaDNzts+9
+UeOfUAM+Gn+ER5teHoStVs5x2EF/EDWQV0RPTEWuQIrtf0xxG+5owWrFN+msk24h
+VYi4cg6gVaUDOjp7W2Mvk10AnBnFZkiNf6LnpCQfH28UEZmthPzclQUZGk982Pt/
+ZZ5vcScNZXLZtOr4Chpg3nwGfmf+UaIP9O+cGmlL0rLUthQvvPDSCwbZ3USrQufG
+Mp4y67fVOBqkiR2jOqlD4jfMZ3K8oEKyKEJ4FTw9VWpWBMF+5PxRTsKZKq+xigSA
+BQYAQai52xPquFVKcp+SQuVNDDlzvIwaVkXDVA53TbBxki3EGgP8D5zZSteIyW7e
+bPKgX/IJ0v5/iI+9DYBqpBTFVETwjCIXBfq3JwngZHicrHGw7suguafXhF6nQx62
+ccZalnd+Rx5l4d5bPbvymw0dzmBH8/Z2tPO+DASsfRoNKOo1lbI/g4Z1HOhW2HV2
+qs9UR0F/G0y+vswEaNTAYyupuiRNCSw6L5pFkiKOFgqm83MccNOImvGfS6r7zUIN
+p24E+Y8EwQrP74AOqywOLcQpKIrkS4iYkVcCIHmun3pvD/r28Vs5gFd1g2InrfKO
+U75RSOrxqX2a3wkbpmRvOUuT0rsHlpnDHm6k5ImHaad6XHVnUptPeIE3STupQlDu
+XzWRe2dHIhWrV1yMgxjgj+Ai1GqmA1WBfDF8aXrF6hvPk16cSZp/UDwtjl4XLAZ5
+L9e3r0Pj3NVLooNdbOeh/mdNnjtziibSFl4PFutzpFGLvpY4ud4GS+28oBZeSo4A
+NMTNKB+Ht+QdBjVtUaKNafMl6lgeMpIdQyNIUg5OAAjepX/g8vRJX+PYBdr+DV+a
+hu453n2dQzCkXMaU/rYyN9saGji+eaaeOremDPp7TEqMIzDWEw4OlYPiStciSInQ
+LfwzwNdb3Q1C6DZr+QQaGjUYEkmz2Z+Gg40Vb1Ym+0QfKVVYtzy52Rrho8DC9zjk
+EIOxlGJ+EIdUbV/eIGUpJmxaW/ttDLTq6yHogjB/S2w+Lch4DPptrDDqN0gwFfw+
+Cz+apIU9u2o3GPdrTlaZmHtrEsFgOFma3lWWtafLlHdUSOjL7/QDwXJi/8W+JFAF
+Kb6X6klzhdmY/fmoxJ1e1w==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/WF/openvpn/wf/keys/christian.crt b/WF/openvpn/wf/keys/christian.crt
new file mode 100644
index 0000000..77f044b
--- /dev/null
+++ b/WF/openvpn/wf/keys/christian.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 7 (0x7)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:38:05 2018 GMT
+            Not After : May  5 09:38:05 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-christian/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:ca:e3:4a:25:87:c5:ee:b6:45:bf:ad:2e:0b:ec:
+                    e0:c0:87:c1:28:38:41:ac:a1:95:c5:6f:ea:ef:7d:
+                    4d:d4:e3:3c:d2:89:ad:f8:30:0f:70:ed:0f:13:d3:
+                    2b:28:63:4a:15:c4:79:b4:db:77:b8:49:4e:e1:e6:
+                    29:60:95:b3:7e:c1:8f:c7:c2:b9:2c:79:e3:cb:73:
+                    f0:e5:34:93:38:72:59:73:3d:df:ee:87:6f:0c:0b:
+                    c8:26:d6:3b:63:a6:c1:66:2f:4c:a6:83:f6:59:e0:
+                    36:af:17:75:cc:14:16:94:ef:c2:d6:61:fe:4a:f2:
+                    2f:7b:2c:72:48:ca:4e:2e:e6:c0:73:97:10:e0:05:
+                    17:1f:a0:6c:d1:94:67:b0:09:f2:92:0d:ca:61:60:
+                    91:e6:c2:d0:e3:0a:24:2a:fb:ed:89:18:38:9c:8e:
+                    f4:ac:9b:d0:06:89:d2:7e:88:a6:39:71:4b:9b:64:
+                    7b:53:ac:ee:11:7f:31:22:05:cb:3d:72:40:2d:1a:
+                    66:8d:1b:f8:ce:94:20:c5:c0:6c:c5:64:ac:29:83:
+                    e5:99:10:6e:a7:c0:d5:cf:a9:41:52:ce:c6:de:e0:
+                    49:7f:a0:8f:7c:01:99:27:30:8a:23:0b:a4:5a:34:
+                    30:8c:61:91:4a:ec:75:f6:bf:79:1f:38:ff:d1:8b:
+                    d7:ed:73:52:07:c7:37:97:1f:ce:29:09:0c:a7:4b:
+                    f3:14:c8:3f:15:33:85:d4:65:eb:71:e6:af:f1:17:
+                    71:97:50:eb:14:1d:96:0b:c8:25:82:15:e9:fc:2e:
+                    3e:53:5b:ba:7a:0b:35:ec:d6:a5:a3:70:dc:a0:af:
+                    0f:dc:08:ff:41:70:97:16:76:6f:13:bf:ef:04:12:
+                    2c:c0:ab:22:ad:b5:56:37:11:fe:28:32:d8:6a:b0:
+                    d1:09:ef:2d:8b:00:c2:b6:b6:41:bc:4b:60:1c:3e:
+                    64:96:04:9e:84:5e:fc:aa:9d:0e:8d:a6:a5:af:6e:
+                    2a:b8:3f:07:15:65:0a:8c:3d:1a:3d:0a:58:3c:05:
+                    cb:7c:33:50:df:db:63:33:6a:0a:61:5a:a8:0d:99:
+                    12:b8:c7:2c:a8:53:08:77:c0:d6:a9:de:93:2c:e7:
+                    52:e8:38:93:e4:2e:1d:06:ba:ee:71:41:49:b7:ae:
+                    8f:ce:08:d7:6f:2a:43:1c:66:ed:96:16:69:34:7e:
+                    64:43:f4:19:0d:ba:e6:e5:73:35:19:3d:d1:e8:14:
+                    d8:f9:f6:38:6d:53:27:6d:66:1f:88:7d:f3:62:97:
+                    a2:00:f5:85:d3:d4:92:bd:4d:14:69:ce:f5:6b:aa:
+                    d0:31:d3:a6:64:d1:21:53:a0:a5:9e:a3:3d:e0:d9:
+                    45:9b:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                69:0D:79:49:09:F5:95:C5:71:22:E9:B7:FD:59:A7:5A:0E:F5:DF:1C
+            X509v3 Authority Key Identifier: 
+                keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D8:4C:CB:28:B5:71:54:BB
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:christian
+    Signature Algorithm: sha256WithRSAEncryption
+         ab:2f:a1:72:76:e2:a3:23:77:08:85:70:89:93:94:1b:b2:1a:
+         fb:26:be:11:6a:3b:1c:30:8f:d3:16:14:9b:b3:13:a1:f1:45:
+         ea:e3:99:ae:a9:6e:38:e6:2e:0c:01:66:c8:d3:e0:fb:b6:40:
+         e5:ee:1c:ef:f1:87:6c:7b:0c:bd:07:fe:08:6d:52:c0:cb:28:
+         e7:ff:a7:9a:36:db:25:a8:02:35:e1:e5:e3:70:4c:d2:4c:12:
+         2c:d7:99:c0:15:a3:43:5d:8a:d4:12:2e:e3:99:cc:6e:e0:5a:
+         07:7a:e5:43:de:a3:17:03:15:15:6f:47:4d:1a:1b:3b:47:9b:
+         a8:35:6d:fb:0b:1a:d6:2b:df:3c:2a:5d:62:64:b4:45:41:31:
+         5f:4f:ee:2e:d5:32:fe:62:9c:b6:1e:92:9b:b8:6d:4d:fd:cb:
+         57:cf:62:da:a8:b6:49:ba:52:58:e8:4f:c5:47:83:18:bc:79:
+         64:f3:9f:3c:63:f4:9b:32:48:09:e8:9d:9d:2e:28:b8:40:76:
+         72:85:41:92:a9:07:1a:1e:42:59:bf:be:f6:a2:a9:a2:d2:44:
+         8e:1c:f2:00:df:b0:29:d5:04:bb:ba:b7:e2:b7:c2:31:bc:a3:
+         97:8e:40:ff:ae:2d:df:49:60:9f:ca:9a:5c:dd:03:5f:26:31:
+         94:bf:ea:7e:a5:fd:14:9d:3f:5b:16:30:73:8e:c1:55:46:dc:
+         bb:e1:a4:99:b8:6d:2f:7f:ab:40:ce:95:bd:05:72:0b:19:f0:
+         7a:3b:0a:e3:c3:cd:ba:dc:fb:85:3d:9e:33:ad:63:ab:bb:85:
+         78:73:55:80:74:dc:72:f9:f3:05:43:9d:e5:2d:95:49:54:aa:
+         96:af:ee:98:b6:cc:b0:8b:b3:37:1d:f1:87:7f:9f:9b:32:20:
+         1f:1c:11:41:5a:ea:25:60:c6:32:31:78:fc:a1:59:df:b1:94:
+         02:95:b6:1a:d3:f0:cb:95:7a:2d:26:48:d3:2d:7c:44:f7:cd:
+         6a:cc:c7:27:c5:33:16:8e:3d:d0:be:87:a2:b9:e9:74:12:fa:
+         d4:41:cd:6a:c0:25:3d:23:00:bc:ce:4b:ef:f8:05:37:cc:80:
+         2b:58:fc:ec:7b:23:b5:f9:bc:77:63:be:94:9d:3c:b8:c6:d6:
+         53:09:22:da:09:ad:05:a0:68:8d:93:3f:5c:eb:3d:ca:95:5d:
+         96:60:28:f0:b6:5f:16:27:c6:bf:f1:90:1c:b8:31:16:9d:5e:
+         b4:17:d2:d2:62:6b:88:60:9c:14:80:26:b9:8a:5b:1b:4d:83:
+         9c:9d:17:47:70:7a:c5:b9:17:22:a7:72:bd:c5:69:c3:13:c7:
+         dc:34:3b:a0:cf:b7:68:ba
+-----BEGIN CERTIFICATE-----
+MIIHKjCCBRKgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTM4MDVaFw0zODA1MDUwOTM4MDVaMIGmMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEZMBcGA1UEAxMQVlBOLVdGLWNo
+cmlzdGlhbjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bv
+b3Blbi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMrjSiWHxe62
+Rb+tLgvs4MCHwSg4QayhlcVv6u99TdTjPNKJrfgwD3DtDxPTKyhjShXEebTbd7hJ
+TuHmKWCVs37Bj8fCuSx548tz8OU0kzhyWXM93+6HbwwLyCbWO2OmwWYvTKaD9lng
+Nq8XdcwUFpTvwtZh/kryL3ssckjKTi7mwHOXEOAFFx+gbNGUZ7AJ8pINymFgkebC
+0OMKJCr77YkYOJyO9Kyb0AaJ0n6IpjlxS5tke1Os7hF/MSIFyz1yQC0aZo0b+M6U
+IMXAbMVkrCmD5ZkQbqfA1c+pQVLOxt7gSX+gj3wBmScwiiMLpFo0MIxhkUrsdfa/
+eR84/9GL1+1zUgfHN5cfzikJDKdL8xTIPxUzhdRl63Hmr/EXcZdQ6xQdlgvIJYIV
+6fwuPlNbunoLNezWpaNw3KCvD9wI/0FwlxZ2bxO/7wQSLMCrIq21VjcR/igy2Gqw
+0QnvLYsAwra2QbxLYBw+ZJYEnoRe/KqdDo2mpa9uKrg/BxVlCow9Gj0KWDwFy3wz
+UN/bYzNqCmFaqA2ZErjHLKhTCHfA1qnekyznUug4k+QuHQa67nFBSbeuj84I128q
+Qxxm7ZYWaTR+ZEP0GQ265uVzNRk90egU2Pn2OG1TJ21mH4h982KXogD1hdPUkr1N
+FGnO9Wuq0DHTpmTRIVOgpZ6jPeDZRZvhAgMBAAGjggFpMIIBZTAJBgNVHRMEAjAA
+MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFGkNeUkJ9ZXFcSLpt/1Zp1oO9d8cMIHRBgNVHSMEgckwgcaAFE8+
+iBThoSEo4+Zbc2vcD5fZYPXxoYGipIGfMIGcMQswCQYDVQQGEwJERTEPMA0GA1UE
+CBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3BlbjEZMBcG
+A1UECxMQTmV0d29yayBTZXJ2aWNlczEPMA0GA1UEAxMGVlBOLVdGMQ8wDQYDVQQp
+EwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlggkA2EzLKLVx
+VLswEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBQGA1UdEQQNMAuC
+CWNocmlzdGlhbjANBgkqhkiG9w0BAQsFAAOCAgEAqy+hcnbioyN3CIVwiZOUG7Ia
++ya+EWo7HDCP0xYUm7MTofFF6uOZrqluOOYuDAFmyNPg+7ZA5e4c7/GHbHsMvQf+
+CG1SwMso5/+nmjbbJagCNeHl43BM0kwSLNeZwBWjQ12K1BIu45nMbuBaB3rlQ96j
+FwMVFW9HTRobO0ebqDVt+wsa1ivfPCpdYmS0RUExX0/uLtUy/mKcth6Sm7htTf3L
+V89i2qi2SbpSWOhPxUeDGLx5ZPOfPGP0mzJICeidnS4ouEB2coVBkqkHGh5CWb++
+9qKpotJEjhzyAN+wKdUEu7q34rfCMbyjl45A/64t30lgn8qaXN0DXyYxlL/qfqX9
+FJ0/WxYwc47BVUbcu+GkmbhtL3+rQM6VvQVyCxnwejsK48PNutz7hT2eM61jq7uF
+eHNVgHTccvnzBUOd5S2VSVSqlq/umLbMsIuzNx3xh3+fmzIgHxwRQVrqJWDGMjF4
+/KFZ37GUApW2GtPwy5V6LSZI0y18RPfNaszHJ8UzFo490L6HornpdBL61EHNasAl
+PSMAvM5L7/gFN8yAK1j87Hsjtfm8d2O+lJ08uMbWUwki2gmtBaBojZM/XOs9ypVd
+lmAo8LZfFifGv/GQHLgxFp1etBfS0mJriGCcFIAmuYpbG02DnJ0XR3B6xbkXIqdy
+vcVpwxPH3DQ7oM+3aLo=
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/wf/keys/christian.csr b/WF/openvpn/wf/keys/christian.csr
new file mode 100644
index 0000000..2a79fe4
--- /dev/null
+++ b/WF/openvpn/wf/keys/christian.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE7DCCAtQCAQAwgaYxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRkwFwYDVQQDExBWUE4tV0YtY2hyaXN0aWFuMQ8wDQYDVQQpEwZW
+UE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAyuNKJYfF7rZFv60uC+zgwIfBKDhBrKGVxW/q
+731N1OM80omt+DAPcO0PE9MrKGNKFcR5tNt3uElO4eYpYJWzfsGPx8K5LHnjy3Pw
+5TSTOHJZcz3f7odvDAvIJtY7Y6bBZi9MpoP2WeA2rxd1zBQWlO/C1mH+SvIveyxy
+SMpOLubAc5cQ4AUXH6Bs0ZRnsAnykg3KYWCR5sLQ4wokKvvtiRg4nI70rJvQBonS
+foimOXFLm2R7U6zuEX8xIgXLPXJALRpmjRv4zpQgxcBsxWSsKYPlmRBup8DVz6lB
+Us7G3uBJf6CPfAGZJzCKIwukWjQwjGGRSux19r95Hzj/0YvX7XNSB8c3lx/OKQkM
+p0vzFMg/FTOF1GXrceav8Rdxl1DrFB2WC8glghXp/C4+U1u6egs17Nalo3DcoK8P
+3Aj/QXCXFnZvE7/vBBIswKsirbVWNxH+KDLYarDRCe8tiwDCtrZBvEtgHD5klgSe
+hF78qp0Ojaalr24quD8HFWUKjD0aPQpYPAXLfDNQ39tjM2oKYVqoDZkSuMcsqFMI
+d8DWqd6TLOdS6DiT5C4dBrrucUFJt66PzgjXbypDHGbtlhZpNH5kQ/QZDbrm5XM1
+GT3R6BTY+fY4bVMnbWYfiH3zYpeiAPWF09SSvU0Uac71a6rQMdOmZNEhU6ClnqM9
+4NlFm+ECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQAKz28JU2tOFIXxInSmuygy
+dHlQ06lYKlwnfKdSl5d7qFqmFXcIGHQlQJfown+g3SCNtB5gEQze0wY31dgQcWXT
+2VVuuNPKUiYXoCkvKbACXoeQrffj2KMNVNUTy8HwaBINWtFbERbJPgV6ZskO853Q
+kHQ1EftvCbbkFutvZhNZYFnEjp4kVq3p+6CR+3CdzSOtPIechEtOSdkiOlOHL8X5
+Tb7kz4ucv6rrXq42HbRp5il0DjLO7VohR4jly8T+Ig+RuadZIVd25OrLwwiD73eV
+CXRFA/bzmXP/tqJ7+VuPkGsgYdpOw/SAV1LCm1QjUaggBXIwgJKS91aHbnSkjbqw
+N+CjCbVZOoKmLZoAsa35bsPEYC5e2EpMdsJHkyWur1Ttwok8HFxUa9HM9b/bOX2F
+UH6/m6TvPkz9zx5QTnG+UZpKGlk7OQOtTA1cnLjvzSdn8mh1KFRU2AVjM69BcAc0
+ItBLSxkFqeg4D2LlPO8d6AR0aOMoe4NX1uhBvgllbPoj22RhEeKPtOGJN2+ftEpH
+3+UhuqJ6UnoTK4DgVLUF5DQppIJUrs/FPp51CF4dwhgc27FWeYm9GavKnv9MuR+c
+qiR+oKV47g0D5D7614BNVGBliPVbeFUUmEwOFzjGbEglJQSMY8aJg8FB0nmK43Vo
+1aBpydUC1qZS2JttmjdFGA==
+-----END CERTIFICATE REQUEST-----
diff --git a/WF/openvpn/wf/keys/christian.key b/WF/openvpn/wf/keys/christian.key
new file mode 100644
index 0000000..68026c7
--- /dev/null
+++ b/WF/openvpn/wf/keys/christian.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIYxWFm6i77QYCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECL/vfl9kVMbOBIIJUBZec079+iYr
+LJ6lSmyYTPl8sPjJKvOp2aWuAFyOb5TuB/6Z+VMnkl14Iop+zDdWx59LjN75Ec98
+YH2YZgz2HwzokK6pPUYXJkCNfVKCxarBIwmd45OZRIbzhUCpTHiMH+oknU3W/7B6
+pCjS0cPyYQb886QdisqJtq2kynBk/k4mu9ZRmjl+glQ2Xl39UjtlOAsRKZXDlrbP
+8I4pI3K8Rwsh1q9ggGgLLIGFxcWjnFMqtRHGaVG9aIyYZ4FimjM/J31Bpj8tmP5+
+hSz/X5wVLV0/olwonPa06fHdntKcIDArgtG+Um8eHxU4qd5AarbhUMJlfthWdi31
+GrQtKrCfDirMb7aJAcxzSEc3TF8SqFqQjt/uJStyuhGJq+2EFwcE9kIGvi+v6jw7
+EvncFlPHaPW44NWQOvG0iVMjJP+9hE8XAbMMlMKy4aYeQT+Ek2BTXRYo2MK0UmX8
+L99Dv4e9oskjd6qtbmLs16OHFvQibMi598eznlEN5+esWFV4GKFIrFislrlcaUeA
+JwdSgCqB5VGkN0oD2DY1GMZ7ewRDJh277tUZ93VkbbL0PHKIw4slbU+WC2rRZG9q
+CSAfcKj1EePrRRXbBvAoZbdDtSkmWQE+A9NWggz/rQowGFnkQidnQ7mlRmR4IdUd
+bWH8uJSqDm3Zeuk/Y56gz/zIbywQs5CJjYHO5EtK3tCuht2UvBcfsP+gyJCr6Kn1
+PmPS6jXNnHBw0EulFtNAbYRkbKod/Jt62rBerD4gbiIwj8BMMs5cWd7fFJNUJK+e
+wuFme2rkmyxT5rknoEp3eKBY6FGfDfYiMxLtDNiyngZEFxeFH8V5fV+FqdPVshPg
+/izOTl/RKXS/m6XKbO5abGXpFN85yzePYLkhBmhyMsGFT6JUfNx0OdhgOrSnWOjW
+8D2HQVK9FuNEYGM8OKWYN0LbjcZTxbdjQd8fMY3MMDVY+hYwXvDvc4KxsmjQUzo8
+uM8di8ywOtVYUZ2HCE3f69qcekzuHyuqVTEF5Iy3NRodVoeImfmpvWE1RckzUyKR
+VcuDWtwcjTq6NSTl8HG/zyil7n1e0UwpYM48xdulJ7HFBi7AEaWmbro/vnxj17xs
+hcWHhm5ornwG5U+GM+YywXIpR8pvMbijodvgTeR3krF0JjMFXwq4j6KaIde3sXuW
+guAPkaSSbjy6h23LYRxt/iXu7A0g5MH/R8r3SbSkTnaAOLkRfq4U3/+/rBEXhW7r
+0YokXJ724EBsIaq2eD6rd2wxnUvxPHDpoBD32++3YnFz5aO4R5jBYs+pOThr43Y6
+l8NqRG0uiflvpgPXAadk9dHl2ziaeltsGolNroqZNSHU8eUlWdTHW3iFdKXh9Tta
+BAO9FJ/vX4+cbmwWlGGAQVZ+AQusdkVKPqemX8ZdJimpKceyaM1vzwIH6xCVNimP
+VOfhik8mnEcaltINmTshKihpm2nfLSfRWi6PyyBe842U2G4czcNmHmD5uD7ng5aJ
+wiPzfIbyAGWUfJHkuqRkz1aiZHhALhCadYcmUCJan0kzYBLsYWPMIKI+vcrotKHr
+FYbtf4jUhpsefb7ot0U2Fbr4xvtdx3W4OykJs9aDz3jtPv20nhMkCRmTWvBFaCOg
+MwhGjn2uIBAwgVBj/8n9T6XLGfB/M1PgXp8tCu53ZqwzspfcxgGqFYU0RcjJMWJq
+LXMHwx8WaarEEBaJxGiirQP3gT7qqaiLBczA3x4LFiFawruGptPlOdptQmwD9QO0
+wD5SsUfFIAmSjSgWZ9TvJ193eEefKe1TBcII5I30FkGgtayXL0eHXOG/FeYFiomS
+/DasmToVlqvV3tUWSxLmOBAH3NA3NeoFbv+KyZVNSjHJQ6V4VurQ1gp2bl1Z0AJ6
+Hfx7X/u5iVcGJf1+HgvpAQuLoLdBkYKOrEUoDtaeVGs8OZDZ44McyCeMVD+Tn1VO
+b0dg1GOGrvYwbwsZSrupd3B3oXmvkeZEQSd6CYuwxUvpJmmAyX6wpHnlFTGyptYu
+m/gfaU76A+Yiic8maDY3RumrkCfe8KBUfXiTWW9Rx+nl0AilKwpjTFh60dBiQ3+V
+Yg7wcKPTYCODO24CUlgHy/+M1fbx6YjcUhdPp2rGmbNQyJM21vKeBQoJeBTyOaTO
+jJl1sXu/ijevN88obuE/OtKDrivjrR12xicHCXVka60n6LNqrwtJQDuhux88WsqG
+95Lo+/g+1AOXSlHAaHpeThf+1X2emBFwdQ7lEpo4lobTVIfwNNUzD6ka96a+bTtQ
+H2REYnncM3WJLfy3/tB+oikcGTj8ZWzlWjlHUrsO4elMmHb6zKnpnUCMEL0gmsgy
+Andcty/Cb34Gr3TCSFO0yt/JpSaKW9ZNkq3gcuhTT2fS8OvJjYeVkmrkHJFq+rr4
++sHiYnBxCPn3o8wOwBnuiMDCeOGWsRrunFmBhu9v5c7LtX+qhP9cWTU987f3u8Oq
+910/vh0rYpKHL5MHV4aepySeheZuIrlL3Pi4SU3TTgT8f7bgojlClriqUfS1+NKh
+HZX4EaSMLrJ1tXoKk6iRduun3jW04V/3vsYHldXu86N2a0A0uyKpOB5TANxqbs06
+io+iJIQ2jZYOYvu2Ihisnkt3OLpst1VKmZkA50myPMOr9H5w7GGVviQbKUH8SWEu
+o498Bj21qr5DKj2490hVwbXC/RVojI8PcdNVdzcp4zSkTmHZmjeapg4txitlnccq
+WRMc0ttypr5tKtaoCZQo07TcfURez1ANxKPbT9MlPEXI6aFG+BOxTaJ1qnTv+Mvp
+64w5/yt+pqSxr8kP4JnBLmEKlXlfzoRN2VvoUAs6uQoZC8cQd1Auj+5yk9H4/1Hq
+c5xnNqOQ2QLqFwSFuKfMhyUjS9W8f0gRD7sh3IDkXJ3DomdgPLrRpkgpA56haTMK
+iXVQK4ZWq06u4gg/E5wgHEA20J3UOMYdpBjx9EWZmwvTnPAhkP9UpiavU92+O/jM
+G28FNnAEQZWL9yHwunL82PslqnW+BhheYXxY4bYRZsjZVPX1LBzA8X+oYl8dwllj
+t3jFShNVoa6CVr7Dg/7dSmU4CP+j9SyAYaijYls4FHUFkt6A4x0HvGO6ehjV4Ofq
+liX3D0dtAmHMt9MdO2c+ue0zEMHEd6pFndbn/EWBNFnVSeH2TGJ0qfskRCrTgjBC
+59dxcUO8PsODy1S/ME2UMsr8IvKG3o3n
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/WF/openvpn/wf/keys/crl.pem b/WF/openvpn/wf/keys/crl.pem
new file mode 120000
index 0000000..d00f007
--- /dev/null
+++ b/WF/openvpn/wf/keys/crl.pem
@@ -0,0 +1 @@
+../crl.pem
\ No newline at end of file
diff --git a/WF/openvpn/wf/keys/dh4096.pem b/WF/openvpn/wf/keys/dh4096.pem
new file mode 100644
index 0000000..3492b80
--- /dev/null
+++ b/WF/openvpn/wf/keys/dh4096.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAwYkI9XS49w9OrDyCIJOg72RxPhQol8fh296wlJamLDYKJoK/LYbL
+r9p97a8JsIYwea4cEg3+VKgS861HcALfTkzsQY0kZolaTyjTki4GADiGs0k4u8ZL
+vv5w3g7K0RrJnQUbu7fjJ2HtUSos4YaW//gqMbaG+5NucuGbGr/lNG20mX4lL0hi
+K/9KWK6c9/R6QWttp8Y8RGjPXYt1ujMsQF+VHalRkm4zIBXSpxosPWHTJb6Pa0vf
+opoQXbsphal4eeOGB0M1S6ZNH9b/zgdlgYViB3RZ4NjVrCr8/zXAT77fncDhhaUI
+hFmq4B3kx72fnAkZ37HT/qs116/WHq2qR7hHWvCPPXkVNTSNJ2eTsKRHt66y4WSN
+Ljw2FQSxHUK+Y8SEJFIUV9DBqKk1QzDZRv0Y2MQCdw7XETLo9w4mqTksy3EQoeuR
+Z0J921QgUrt+IpPROY1fzmKbeIC2FMypgkddASpNJEklG4f24MFvu8ZvMMmujvxY
+8X6WgcptqyhQH9wjeayDP/lNwi2Ah/CG5eqtZIydlIydt1ef4B4jfj7kC2lRyaTB
+qqrZEJVPh9skL2d3GRqzhHHBypQrc6zkivOs+f9THc4TlrnbV8pPUE+WLWbQPu6T
+/7hcR6VObFk8zU2W/u5ajuwbFpGQqZxmAVS/66GRaGgowB7avEjoYSMCAQI=
+-----END DH PARAMETERS-----
diff --git a/WF/openvpn/wf/keys/index.txt b/WF/openvpn/wf/keys/index.txt
new file mode 100644
index 0000000..c8616ca
--- /dev/null
+++ b/WF/openvpn/wf/keys/index.txt
@@ -0,0 +1,7 @@
+V	380504183928Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-server/name=VPN WF/emailAddress=argus@oopen.de
+V	380505093046Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-axel/name=VPN WF/emailAddress=argus@oopen.de
+V	380505093250Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-chris/name=VPN WF/emailAddress=argus@oopen.de
+V	380505093415Z		04	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=kaya/name=VPN-WF-kaya/emailAddress=argus@oopen.de
+V	380505093549Z		05	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-mariette/name=VPN WF/emailAddress=argus@oopen.de
+V	380505093658Z		06	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-lalix/name=VPN WF/emailAddress=argus@oopen.de
+V	380505093805Z		07	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-christian/name=VPN WF/emailAddress=argus@oopen.de
diff --git a/WF/openvpn/wf/keys/index.txt.attr b/WF/openvpn/wf/keys/index.txt.attr
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/WF/openvpn/wf/keys/index.txt.attr
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/WF/openvpn/wf/keys/index.txt.attr.old b/WF/openvpn/wf/keys/index.txt.attr.old
new file mode 100644
index 0000000..8f7e63a
--- /dev/null
+++ b/WF/openvpn/wf/keys/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/WF/openvpn/wf/keys/index.txt.old b/WF/openvpn/wf/keys/index.txt.old
new file mode 100644
index 0000000..bc7df29
--- /dev/null
+++ b/WF/openvpn/wf/keys/index.txt.old
@@ -0,0 +1,6 @@
+V	380504183928Z		01	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-server/name=VPN WF/emailAddress=argus@oopen.de
+V	380505093046Z		02	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-axel/name=VPN WF/emailAddress=argus@oopen.de
+V	380505093250Z		03	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-chris/name=VPN WF/emailAddress=argus@oopen.de
+V	380505093415Z		04	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=kaya/name=VPN-WF-kaya/emailAddress=argus@oopen.de
+V	380505093549Z		05	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-mariette/name=VPN WF/emailAddress=argus@oopen.de
+V	380505093658Z		06	unknown	/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF-lalix/name=VPN WF/emailAddress=argus@oopen.de
diff --git a/WF/openvpn/wf/keys/kaya.crt b/WF/openvpn/wf/keys/kaya.crt
new file mode 100644
index 0000000..12f1ae1
--- /dev/null
+++ b/WF/openvpn/wf/keys/kaya.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:34:15 2018 GMT
+            Not After : May  5 09:34:15 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=kaya/name=VPN-WF-kaya/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d5:a0:20:75:b3:9e:3a:79:ea:09:e9:1d:07:b4:
+                    fc:72:2a:41:14:c1:bc:b2:44:9c:d3:7c:81:6e:fb:
+                    5c:8f:0a:af:56:75:43:6c:27:bb:34:6a:f6:9b:39:
+                    76:ff:f3:a9:87:1a:b0:a8:94:9f:18:3e:8f:b5:53:
+                    c7:f8:ff:c5:02:14:f5:0a:a5:72:7d:8c:1d:fb:f8:
+                    89:b4:f9:37:9b:04:89:65:86:c2:ba:e6:58:91:59:
+                    ec:8d:71:bc:aa:f3:58:60:f4:62:06:8b:26:dc:47:
+                    a3:94:fb:78:c2:13:4e:86:db:52:eb:1d:9d:dc:a9:
+                    07:8e:0d:40:56:0e:be:27:b2:96:fa:05:7b:76:8f:
+                    90:1c:56:3e:fa:23:3b:c6:0c:c8:98:64:2c:bb:cc:
+                    49:f4:c3:2a:66:6c:c7:e2:4b:51:5d:1d:eb:d7:10:
+                    b0:bf:17:90:a3:fa:59:ee:07:f5:48:0b:03:28:87:
+                    8e:08:34:b7:38:b9:da:92:5d:74:2e:c8:ef:50:53:
+                    18:e2:fb:05:a4:a8:30:a3:64:c7:0e:4a:23:35:44:
+                    86:1e:65:44:fb:7f:76:57:d2:88:a2:00:36:b4:bc:
+                    83:7a:f4:26:56:a8:be:ce:de:96:6f:3f:8e:3c:93:
+                    d2:11:cb:c0:4c:f1:30:53:9a:31:72:35:e9:13:79:
+                    61:d6:44:e7:58:09:59:94:8b:23:18:14:5f:88:42:
+                    64:3f:bf:f5:c7:b0:5e:52:07:7f:80:9d:e9:bf:47:
+                    5f:c1:0f:12:90:fa:a8:d7:7e:d7:db:c6:99:95:c5:
+                    a8:3f:18:96:9a:46:82:3d:e8:82:4a:40:a9:13:ab:
+                    2c:f2:82:37:39:09:05:89:52:c4:b7:a2:25:39:f6:
+                    ad:4c:21:6c:62:8e:43:7b:16:ba:91:a0:f0:20:27:
+                    98:48:5f:dc:e4:b4:26:c4:d0:92:b0:0c:17:b0:bc:
+                    6a:fb:e4:1f:88:5e:8f:1e:83:15:17:56:aa:db:62:
+                    37:8a:a9:58:13:cf:50:91:f0:3a:fc:19:7d:59:25:
+                    8a:c1:b9:59:26:22:d8:42:54:25:2b:a4:9f:51:2b:
+                    9b:01:69:36:d1:ef:b1:32:94:bd:85:a9:3a:00:2c:
+                    b3:c9:45:d5:29:fa:1b:db:df:1c:82:f2:49:53:88:
+                    f0:91:fc:28:12:fc:2f:ef:82:45:d0:bd:05:b0:8b:
+                    2a:16:8f:fd:5c:6f:77:7a:fd:ec:11:3c:f0:5b:b6:
+                    07:6e:f1:e2:ef:4e:36:4d:15:27:be:de:cd:56:85:
+                    38:9a:33:88:f5:39:0e:83:62:6f:86:42:2c:29:70:
+                    f7:b1:1e:1d:29:7a:32:da:e7:ef:98:52:11:b6:aa:
+                    fe:1c:2d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D4:84:86:AB:79:DB:B9:CE:97:11:0C:B7:E8:DE:E8:0B:0E:1B:AB:1D
+            X509v3 Authority Key Identifier: 
+                keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D8:4C:CB:28:B5:71:54:BB
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:kaya
+    Signature Algorithm: sha256WithRSAEncryption
+         5b:bb:c1:d3:04:da:d5:40:06:84:c3:f8:4e:69:7b:f1:fa:42:
+         ae:ac:3d:3b:dd:32:c1:7f:3c:11:03:f3:88:1d:0e:e3:9b:17:
+         99:3b:22:49:1b:8d:e2:20:5c:2e:d2:b7:ec:68:94:9c:a3:48:
+         1f:cd:b5:c6:58:56:a1:c6:54:26:de:b9:72:5e:73:ba:a5:01:
+         df:7c:7a:ba:da:f4:c1:66:0b:bc:4a:d0:e8:b3:82:3e:47:d2:
+         7f:49:0b:dc:f3:7f:16:4a:1e:00:71:99:de:c1:8d:ea:c0:db:
+         83:71:56:68:c5:7f:93:95:f2:70:9c:0e:41:ed:16:00:84:a1:
+         47:c4:a8:3b:61:a2:41:4e:f8:1d:7c:a2:aa:bc:71:52:94:80:
+         c6:7b:f3:c5:c9:5f:d1:01:58:8a:d9:9c:38:78:fb:fe:0a:8c:
+         2d:ea:1d:4d:a9:a9:53:06:2e:e0:69:09:ae:fe:98:73:c6:9a:
+         1d:3a:a5:40:b1:75:60:2c:81:c8:ed:b6:93:6b:5f:fd:00:e7:
+         fd:c5:3d:e7:02:ce:e3:3d:46:c2:c5:17:77:51:3c:af:ec:c5:
+         78:cf:b2:88:63:98:81:ed:b7:00:06:d8:5b:a7:e8:77:73:ff:
+         a5:ee:46:59:64:b1:fe:1e:28:41:8d:82:a3:df:36:98:fb:19:
+         14:c8:2e:f8:4b:63:b0:e1:12:1f:a3:3d:0b:3c:4a:ff:0f:13:
+         ed:5d:b5:29:4b:ca:f3:bb:bc:b5:3d:85:1f:ee:ce:ab:6d:0a:
+         20:7f:33:26:f7:70:79:44:2d:4d:cf:d6:72:37:c4:86:51:b8:
+         cf:70:be:88:1c:9a:1e:77:13:94:19:28:6f:9c:10:db:87:bd:
+         78:b4:7e:aa:3d:6c:6b:d2:40:84:e6:12:b4:9b:5f:be:6f:06:
+         c8:d5:cb:d2:7b:b0:82:97:51:e7:2f:71:44:09:f1:a3:ff:51:
+         54:e1:4e:19:cc:19:2a:7d:87:9d:22:81:f2:04:59:a4:dd:5d:
+         42:75:53:a2:d0:7e:b8:fe:45:c0:e5:40:5f:92:d1:69:77:19:
+         42:21:07:89:77:d4:2c:4d:33:29:f8:6d:f2:98:57:ea:e4:44:
+         db:16:13:63:6f:59:a3:aa:e9:65:8d:9d:67:4c:d0:08:8b:28:
+         d5:d8:52:a8:09:40:08:10:72:64:d7:8a:0f:8d:38:e5:28:dd:
+         8c:4e:71:68:dc:7c:61:63:cb:3e:cb:1f:31:0e:12:19:3a:1e:
+         2e:e6:4d:d1:9c:5c:e5:e2:e6:62:e9:98:1d:fe:6d:0d:d2:2e:
+         45:c6:13:fc:fc:cc:ae:22:71:9a:81:92:46:b2:31:43:45:50:
+         e8:27:8d:8e:f6:30:10:8d
+-----BEGIN CERTIFICATE-----
+MIIHHjCCBQagAwIBAgIBBDANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTM0MTVaFw0zODA1MDUwOTM0MTVaMIGfMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczENMAsGA1UEAxMEa2F5YTEUMBIG
+A1UEKRMLVlBOLVdGLWtheWExHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRl
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1aAgdbOeOnnqCekdB7T8
+cipBFMG8skSc03yBbvtcjwqvVnVDbCe7NGr2mzl2//OphxqwqJSfGD6PtVPH+P/F
+AhT1CqVyfYwd+/iJtPk3mwSJZYbCuuZYkVnsjXG8qvNYYPRiBosm3EejlPt4whNO
+httS6x2d3KkHjg1AVg6+J7KW+gV7do+QHFY++iM7xgzImGQsu8xJ9MMqZmzH4ktR
+XR3r1xCwvxeQo/pZ7gf1SAsDKIeOCDS3OLnakl10LsjvUFMY4vsFpKgwo2THDkoj
+NUSGHmVE+392V9KIogA2tLyDevQmVqi+zt6Wbz+OPJPSEcvATPEwU5oxcjXpE3lh
+1kTnWAlZlIsjGBRfiEJkP7/1x7BeUgd/gJ3pv0dfwQ8SkPqo137X28aZlcWoPxiW
+mkaCPeiCSkCpE6ss8oI3OQkFiVLEt6IlOfatTCFsYo5Dexa6kaDwICeYSF/c5LQm
+xNCSsAwXsLxq++QfiF6PHoMVF1aq22I3iqlYE89QkfA6/Bl9WSWKwblZJiLYQlQl
+K6SfUSubAWk20e+xMpS9hak6ACyzyUXVKfob298cgvJJU4jwkfwoEvwv74JF0L0F
+sIsqFo/9XG93ev3sETzwW7YHbvHi7042TRUnvt7NVoU4mjOI9TkOg2JvhkIsKXD3
+sR4dKXoy2ufvmFIRtqr+HC0CAwEAAaOCAWQwggFgMAkGA1UdEwQCMAAwLQYJYIZI
+AYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
+FgQU1ISGq3nbuc6XEQy36N7oCw4bqx0wgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj
+5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJs
+aW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBO
+ZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBX
+RjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzATBgNV
+HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDwYDVR0RBAgwBoIEa2F5YTAN
+BgkqhkiG9w0BAQsFAAOCAgEAW7vB0wTa1UAGhMP4Tml78fpCrqw9O90ywX88EQPz
+iB0O45sXmTsiSRuN4iBcLtK37GiUnKNIH821xlhWocZUJt65cl5zuqUB33x6utr0
+wWYLvErQ6LOCPkfSf0kL3PN/FkoeAHGZ3sGN6sDbg3FWaMV/k5XycJwOQe0WAISh
+R8SoO2GiQU74HXyiqrxxUpSAxnvzxclf0QFYitmcOHj7/gqMLeodTampUwYu4GkJ
+rv6Yc8aaHTqlQLF1YCyByO22k2tf/QDn/cU95wLO4z1GwsUXd1E8r+zFeM+yiGOY
+ge23AAbYW6fod3P/pe5GWWSx/h4oQY2Co982mPsZFMgu+EtjsOESH6M9CzxK/w8T
+7V21KUvK87u8tT2FH+7Oq20KIH8zJvdweUQtTc/WcjfEhlG4z3C+iByaHncTlBko
+b5wQ24e9eLR+qj1sa9JAhOYStJtfvm8GyNXL0nuwgpdR5y9xRAnxo/9RVOFOGcwZ
+Kn2HnSKB8gRZpN1dQnVTotB+uP5FwOVAX5LRaXcZQiEHiXfULE0zKfht8phX6uRE
+2xYTY29Zo6rpZY2dZ0zQCIso1dhSqAlACBByZNeKD4045SjdjE5xaNx8YWPLPssf
+MQ4SGToeLuZN0Zxc5eLmYumYHf5tDdIuRcYT/PzMriJxmoGSRrIxQ0VQ6CeNjvYw
+EI0=
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/wf/keys/kaya.csr b/WF/openvpn/wf/keys/kaya.csr
new file mode 100644
index 0000000..f2a582d
--- /dev/null
+++ b/WF/openvpn/wf/keys/kaya.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE5TCCAs0CAQAwgZ8xCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMQ0wCwYDVQQDEwRrYXlhMRQwEgYDVQQpEwtWUE4tV0Yta2F5YTEd
+MBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDVoCB1s546eeoJ6R0HtPxyKkEUwbyyRJzTfIFu+1yPCq9W
+dUNsJ7s0avabOXb/86mHGrColJ8YPo+1U8f4/8UCFPUKpXJ9jB37+Im0+TebBIll
+hsK65liRWeyNcbyq81hg9GIGiybcR6OU+3jCE06G21LrHZ3cqQeODUBWDr4nspb6
+BXt2j5AcVj76IzvGDMiYZCy7zEn0wypmbMfiS1FdHevXELC/F5Cj+lnuB/VICwMo
+h44INLc4udqSXXQuyO9QUxji+wWkqDCjZMcOSiM1RIYeZUT7f3ZX0oiiADa0vIN6
+9CZWqL7O3pZvP448k9IRy8BM8TBTmjFyNekTeWHWROdYCVmUiyMYFF+IQmQ/v/XH
+sF5SB3+Anem/R1/BDxKQ+qjXftfbxpmVxag/GJaaRoI96IJKQKkTqyzygjc5CQWJ
+UsS3oiU59q1MIWxijkN7FrqRoPAgJ5hIX9zktCbE0JKwDBewvGr75B+IXo8egxUX
+VqrbYjeKqVgTz1CR8Dr8GX1ZJYrBuVkmIthCVCUrpJ9RK5sBaTbR77EylL2FqToA
+LLPJRdUp+hvb3xyC8klTiPCR/CgS/C/vgkXQvQWwiyoWj/1cb3d6/ewRPPBbtgdu
+8eLvTjZNFSe+3s1WhTiaM4j1OQ6DYm+GQiwpcPexHh0pejLa5++YUhG2qv4cLQID
+AQABoAAwDQYJKoZIhvcNAQELBQADggIBAGjJlRFDy/VVUphrbXMf21g+ke8RXTb/
+oRBvF2luWwHCqcLWuYQAC8+pc6Yvj1M+xzEZtQIunKyFo2zJjwbV9y4r+3YA7DT9
+veFmGVDgCuG2uETYUiH93J9bB35QQzSYOjYpFHXYyrhl1HR1GY7Fbd80HW9A3Av3
+A/WkYV0kZ/Z/Uj1BDgc2Q4u3HoVzwZa/J4U7hxgxyY1JvKq7HmiAnUo6Ej20Ycsw
+lPfhA76nIk2YphHEODUoiRUorER3HXn9NdqJUfFmysIyyAndgKezUvcTAlp6FWmo
+4TdhtVlG3MHjdTnhSII5FRgXHePre5mpjqY5kj2B2odwj3LhRBk3zQUX2Fg1Jm4L
+2r9d0JL45QWpuA4dcIHjrIa0vpl5vbj36on4QVXrF/G6UgOyevDiIIs1KLScl0II
+tTnL/M0Fy8gIYAky2UJkM9IiFnVzrZxsHcOf78/XctPyX9jqplwdjOBkymqtzamG
+UyX/PJddAEYqLIRn1R7djKdt3YZMGw+4L2ZnlGXIeHna5BjavHhhQIIDlJQr4HRr
+A1DoyVVc0h2OQmTLYQZwgMqJWhOCqqNub/CaLdmnBgYSCunpzaAF2Vy3EUsr8B8x
+lA+dxddjhxMtRtia01ue6ZOjnLH0MJUC6d2zJBJEqnpqRO/EgjUF4vGSsFxa1hjA
+m+o0E7tcQI24
+-----END CERTIFICATE REQUEST-----
diff --git a/WF/openvpn/wf/keys/kaya.key b/WF/openvpn/wf/keys/kaya.key
new file mode 100644
index 0000000..bdd711f
--- /dev/null
+++ b/WF/openvpn/wf/keys/kaya.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQICoSzZdpB2sACAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECEI2/CbJk/nkBIIJSDW5JZnrijlX
+X1FMYKNVB/TXBjad1xNhs6UiG+cnz0ug4v8gMkE3ZZogEaHu2+uPtrz3ud/jtjc5
+KeLnUuCpPksKDj6peCHxT6s88vcq9gJ25PWH3gDhonToPRI+tkFbmpFrQrR30ZjZ
+SOxjN2Zm61Eo9i3JJLdbzlqrjTroTIAoMQixW1mxHzpl8qeIE5xSAFjLBwYcoUEW
+EOCRoRlutZAUfn9mzk2REaXLbrMcaebat3l9TIHst4WGA9ihHYn7taLaT+gO2DNW
+7JiaSuyzJnUNGz1jRMkaayrS84jiAvxhLZsTI1yPH3iqUr7sHTaGSIkNZgV/xHKf
+lrZXvIcQbdIVemfQETmGJfAA175GdCkLXibvxgWrJRSr1z+f75t9kbN/i7F/JgGd
+MRo/1Ge2qIkj8PxTvNyn2fk2tWF2Pi4IzBnzWZNDdH+WvaoCMq/zIOZRXlWI3XPo
+OZBi3VGgDOvNz1C6XLEBKsLG4MwGVqD/q4dQK9ROEnzGj88gOEAc9x5x1a6BCsmp
+LDRK2agWch8I2KTpSWwlNw8QtcSCMCiEbNicy8BgQtZWvvkhmbPWIlpZ9hV993lD
+GWdOQSi5NqJC6I/yOTH++STVahiCqs1TWOexqtFGqAm+vWZgFCeipMykCMeIyEjV
+1rlDME75y8WOa+YB27MYgUA9qaLeuvWdGedyGCwUO/i/FEkhBeYRz+vdefSDuady
+pNLY/cmEKa3HwD7SKSpdtcMG0EzYKj5ysxiQQ3xHUhQEAsJ1cUbt/cZPemK5+eNu
+yULc/QtF8QEkTXurdaCLAOEykUccb6wiIJcCN6AFSerWBIh8HJxGS7QgqkHV2y2y
+MJX0OJ2qII9s+LNhpXR1zvmdBwAkAAmxsI0vwGAH/1iJ9Pldc0a8o+gWT+m8pmJf
+khcpURrkRu4VSWA3t0yEkixR868IAYYGHTLII/CXOqrBdBuanZUHVLvoMdw/4k2x
+H6YQtPGbqlsPg+nQ5b5QoWkzjLqVCyuVob5xwSjaIu19qIz8EmXsOXTJRfWbn0Yq
+jB267xCwB2BtaK2/IC/TohbWKUowFYr5mcHwjkCaJq8zX9txeJACNktpQm9orXgL
+UaSTPFyFOaSUr7ImG92hzCU2nMGwaIwfRvzABIXXNo6pR1O5sS7tPfp08nvRgDwq
+ybA+6XKmBPQKrI9GjhcJmoe237RkZlJz3UgjzQqfXRDnq+0E7ApIoWEs90clSZdE
+j8I6DMMk1skFuVIsaK75gRaSYbGGyoW7xogzFZdmaqlLOJDbjECZhMnZs2m4nSGf
+LqZI/5TNRR1j9a2Xy350V+XZb9vOgxTOzfw8QeIa1iOXX8w9xf6c5BX0e1tworwo
+k4yXkgmUivSUtJdPfr5PssHt2m2QBY53LCiku9rseIWO++uu63pUMXhu5tJTJ7mP
+q7Q4OOjs9xurd9kSgiqF0VUHATqr1xPOCgbKHIJuScbo7fKsv8UMFH7WFh2i1+W9
+dbYxGrdOR233sHYIE0VskFKCDWZEEARm02mxgAXA7nmOY0BBH4t5BQxvKtmx/sSb
+O0LUC2LhalTuaSdoqxzj6PkVhvXB4tFOvTRuE4k5P3GcUbeIDcNocZ9mqdMFp/nX
+2x1tcdSIxUqw54VQAe7ccRz2CeIHRGnW0IkgE1rS2yrQvykqd54PQPvMJE+CcIMY
+9qipwMNuMYAdBK4FzNYTXDZtopyBtBPNWbuieFBf5xOtr65NnA2UHlyYlxq8zG4z
+7vGePSzLbSVQjqDFmRY13LxeFtQA+lnlAkb84FvzzIXb3DyPnvfPbXF+i4WPLfiT
+Q6avCVDUecoo7zFDEwuHj+ZKi0ObnGLlOvqUtoae7L4rPUYUykgbO5IKfxbbiB6o
+KWW5befhyg4X1JOpxkqBMf7tXWAGOTIwGSZk7ZMHjL7i14WYPgd11dqENCAufv26
+QRdMdT2g8BLAqCoqX/sdSyow/aS3T88BkWTudXXrPwL0jMxsxg1yJ0mCD9lSZWDe
+LPASBVqnmtGQqk/8EBzENMKWebX5iCIZdMgWV+sZMF3CNevcItKKFEib5yosF9Th
+cmi6SIy/8dAjnyDDrK0+QB/rSQcp9g0nrjXwHZZv3OvGg6g+WvN2w4b9hHuHVeXP
+FLyTJA32RD1xrfmUSTC5ZEWbfcM6erzBPB4I6TIH/TFEG89EoIbg4wOkapilSp4p
+68lOuFJGX/dTmHpRvNPqBLG02gz4gSvFu8zl0lVcuARlcTH1FtxB4JaLosWhRySv
+q9kj4PDLdWHFWCWQuaZfR3qocVBycpkBDozrBsnag+FADQn3P5GqV7JyXybcIWWN
+4/8dNJTwHQhKWyXBMKVAF9DwPUcIFfFoWLTC9dl7JawMiCySxOulILB2LSnqzRhT
+I6BDuTcCkYxGsdBxAogO/aGUCNsLdg6q9ZQ4w3LeCYBsvAarUhU/+47CoCEJRNBx
+7Ee33WFm7ry8zRik0PaBXifLNt0SByf5xzPn+fKMSXuXapjY7F5Np29O0HeasD0E
+F3Me7fJPe0/aVvkvL/dzwjZiWBYlSiz6Q/FvzPa50mrpkXBXDb2jqpviFhW3MA1p
+d24q7BxWiO5WpeSQyqMXEucT0hhorfDZ0647g9dwtnuO1iovU3GVc0xbmmDMesTq
+ZGlIdZZqxurr6ORjAHkm4hbVOHWdy2yLbFttpiOOZExWQ7zVVcRIApE8pSfcbcdz
+7uCQngU/ndbDkpcHdK4TkaOutRRVYu/z1uASiFf6iHIcwFw/Z/R864aQJQszF9WO
+XjhEEi4Hgx93+pxNw3pn1oWa+NUf0FM+YdGLPBGrMhrvrM58BcwwEcv5oHOYnra3
+es18t57BfzVLpF3qv/0XKRpqodyrRqhSEsVytVPHpkJ0Cia9y448DDNaM8L4S8wG
+ILtR8kdk7J2/4V3Uzxyvl8uVWxvxMJ+eVH3zKWTVhhqWm8WUgOd8HCN+tdVLimIW
+JsUYq4q7B+1cFWxfsRDRKRonNzEQz6lOviJcKCK531wp6A2Mthi85M92ffkLu7yR
+1o6tEOvAVqnFEuJhIjs5dB3TVRLrg5pj877ABc3zKLj+PonDAHzAdl4+IoXeShS2
+ag+VfsFS/gaQD/V9iAUuE232dSHTSpP8oKn6Gsw/LHeYkCLBP/O7zwB2dF62bn87
+BKvlb18cQk3sw75FG843BA==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/WF/openvpn/wf/keys/lalix.crt b/WF/openvpn/wf/keys/lalix.crt
new file mode 100644
index 0000000..4c8a551
--- /dev/null
+++ b/WF/openvpn/wf/keys/lalix.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:36:58 2018 GMT
+            Not After : May  5 09:36:58 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-lalix/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:d2:c2:53:a6:06:a2:bb:cc:fa:67:bc:12:93:8d:
+                    73:5d:9a:18:c6:a2:5e:4c:82:5d:85:75:61:87:c4:
+                    7e:8b:e7:bc:e2:7a:6c:fc:67:44:d5:6d:a8:94:bc:
+                    2d:a9:6a:76:b1:8a:e6:f4:bf:d5:ce:43:67:fd:46:
+                    d8:51:1d:76:8e:44:46:48:c0:b2:e8:2c:0b:bd:d4:
+                    89:86:d5:c1:ae:65:f4:19:25:d4:95:24:34:3b:8e:
+                    f4:50:0a:e0:6e:93:e4:2b:bb:16:5c:3c:24:2e:47:
+                    7b:66:5a:a5:2d:3c:c5:af:5d:0b:5a:52:9e:0a:4e:
+                    87:21:ba:b1:7c:ac:b1:b2:0c:b2:8c:5b:cc:5f:97:
+                    8a:48:66:01:6a:5a:33:89:9c:32:93:a3:b6:bb:e2:
+                    d7:f8:2e:c5:93:16:0f:d4:87:91:98:0d:27:b4:e8:
+                    aa:66:8c:95:ef:2f:99:db:89:6c:b8:33:8f:a4:ad:
+                    b3:52:89:fb:b1:1d:20:5a:0a:da:c2:5d:b8:68:91:
+                    e0:3c:96:08:d7:69:74:a9:3d:aa:44:91:eb:a4:6d:
+                    15:8a:86:ae:8d:47:b6:a7:8e:cf:6b:eb:a5:0b:2e:
+                    0c:cf:ab:9d:2a:aa:28:53:22:d2:91:1b:e7:54:72:
+                    6d:6d:e5:85:06:d8:05:ee:de:33:be:49:9e:1d:59:
+                    bc:ae:7a:a0:0b:4c:21:a7:3a:15:72:74:a0:5f:b5:
+                    6b:1a:15:9c:0f:79:48:99:3d:30:39:02:bd:e1:95:
+                    20:5c:1f:67:4a:0b:2f:5b:d6:d1:a4:01:32:5b:67:
+                    18:b2:01:fa:43:5e:ea:d4:b9:fa:50:9d:f5:8d:16:
+                    57:55:e7:f2:cd:70:f5:c8:ee:47:45:59:bb:c9:48:
+                    5b:5c:4f:02:2c:99:48:61:f5:73:e9:6d:f2:06:94:
+                    b4:9b:52:38:01:ba:bc:50:a4:90:0c:48:6e:60:1d:
+                    1e:2b:d3:47:9d:be:a7:a4:ab:af:7e:88:96:fe:c3:
+                    2d:29:76:cd:7d:c0:eb:ff:0c:3a:ad:76:c8:d2:c2:
+                    e5:61:6d:82:0c:dc:d1:51:92:46:c0:d3:b9:5b:32:
+                    4a:74:89:d0:04:8b:3f:d5:8e:30:68:81:35:7c:cf:
+                    2b:79:30:2c:a8:57:a1:fd:d8:09:84:70:43:b2:4a:
+                    ed:d5:8a:16:5a:de:71:c3:81:9a:c8:58:b4:5a:01:
+                    fd:90:88:50:ec:2d:56:d2:39:89:6f:fd:24:00:ae:
+                    e1:f4:66:b4:73:d9:37:16:b8:0d:ff:ad:59:12:44:
+                    28:d9:e2:16:bd:86:8c:af:79:06:da:b0:dd:c2:e9:
+                    13:55:33:82:a3:b1:34:21:f8:6e:8f:fd:00:70:8b:
+                    f3:c5:33
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D7:D1:D6:0A:75:85:6F:9D:A8:8C:6A:7D:98:0C:24:11:C7:51:91:19
+            X509v3 Authority Key Identifier: 
+                keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D8:4C:CB:28:B5:71:54:BB
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:lalix
+    Signature Algorithm: sha256WithRSAEncryption
+         14:d5:67:b7:76:41:bc:d4:b1:a9:11:1c:9c:c1:1e:20:28:db:
+         9d:2c:21:67:5e:b7:e0:f4:a2:47:8a:6c:da:bd:a5:d4:fb:f0:
+         84:bb:0b:05:95:08:ba:64:76:f0:d8:ac:95:5e:85:45:15:b8:
+         c0:0a:a1:e7:5f:21:36:f7:98:43:f6:dc:ef:d4:91:5e:19:ca:
+         33:e9:bc:12:77:78:76:27:d0:f1:95:02:6c:09:2c:86:ae:5d:
+         0d:50:18:71:54:31:df:35:6b:c3:3c:81:5e:3d:e6:55:41:3f:
+         89:ce:9c:26:fa:ba:1e:b0:68:6e:d6:d8:51:f6:ee:b2:3d:2e:
+         ab:0d:0d:e8:44:37:45:d8:0f:ab:42:2b:98:79:62:79:bb:34:
+         f1:6a:fd:1c:56:d6:77:f2:6f:00:04:c3:5d:b9:4c:89:55:97:
+         3d:c2:f2:68:4f:b2:56:45:52:2b:1d:0d:38:d2:ba:14:e6:06:
+         68:0d:c2:b2:89:c9:5c:87:07:d3:87:a1:fa:12:ab:29:24:7f:
+         f2:a5:01:17:c0:1c:d1:7d:84:b8:07:07:56:18:c2:3e:9b:3b:
+         f0:17:58:da:24:23:3a:12:6b:d7:a3:12:be:38:36:1b:70:94:
+         36:21:68:68:53:67:ac:c9:af:f7:14:42:6c:ed:e7:e8:3b:d1:
+         ea:34:cf:62:f6:19:96:83:8f:70:e8:7c:f8:a1:ac:f2:d8:d5:
+         0d:59:fa:f4:e7:b9:35:28:30:93:9e:ea:e1:8a:4b:c5:ad:4b:
+         9e:c9:fc:eb:60:11:cb:9b:33:2c:20:1b:59:95:e5:eb:e1:ff:
+         17:d2:1b:28:82:5b:a8:4e:47:14:b8:7a:48:3e:84:60:fd:dd:
+         c2:1c:11:c1:48:4c:a5:74:81:7e:e2:1f:ec:20:f3:38:a1:cd:
+         a1:b2:3a:c0:5a:8b:90:cc:bb:47:55:ac:b1:4e:0f:1e:f0:94:
+         c6:28:86:e6:d6:06:49:d3:47:bc:dc:74:cf:45:d7:1b:12:7d:
+         b5:e2:08:97:22:d2:75:71:c9:fc:fc:ec:18:76:60:be:d9:d2:
+         88:fc:89:3e:0d:a7:0e:ad:e6:3a:e8:f3:11:1a:7b:af:a5:63:
+         1c:07:91:7f:dc:55:bf:8d:b8:e0:3c:ef:c3:3a:7b:dd:97:ca:
+         2a:0f:af:ff:e5:f8:cb:ea:a4:fd:0e:7b:ae:92:67:7c:fd:4c:
+         e0:cd:2c:f4:31:7b:35:5d:42:92:36:ed:8a:a2:a0:8f:61:c7:
+         ab:88:9e:ee:a8:9e:86:91:c4:5a:9b:e2:3b:94:eb:0d:84:5e:
+         8b:ff:aa:28:48:c4:ec:27:18:af:b4:d2:0f:34:50:b0:44:b7:
+         cf:a3:e7:3c:e0:14:cb:16
+-----BEGIN CERTIFICATE-----
+MIIHIjCCBQqgAwIBAgIBBjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTM2NThaFw0zODA1MDUwOTM2NThaMIGiMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEVMBMGA1UEAxMMVlBOLVdGLWxh
+bGl4MQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVu
+LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0sJTpgaiu8z6Z7wS
+k41zXZoYxqJeTIJdhXVhh8R+i+e84nps/GdE1W2olLwtqWp2sYrm9L/VzkNn/UbY
+UR12jkRGSMCy6CwLvdSJhtXBrmX0GSXUlSQ0O470UArgbpPkK7sWXDwkLkd7Zlql
+LTzFr10LWlKeCk6HIbqxfKyxsgyyjFvMX5eKSGYBaloziZwyk6O2u+LX+C7FkxYP
+1IeRmA0ntOiqZoyV7y+Z24lsuDOPpK2zUon7sR0gWgrawl24aJHgPJYI12l0qT2q
+RJHrpG0VioaujUe2p47Pa+ulCy4Mz6udKqooUyLSkRvnVHJtbeWFBtgF7t4zvkme
+HVm8rnqgC0whpzoVcnSgX7VrGhWcD3lImT0wOQK94ZUgXB9nSgsvW9bRpAEyW2cY
+sgH6Q17q1Ln6UJ31jRZXVefyzXD1yO5HRVm7yUhbXE8CLJlIYfVz6W3yBpS0m1I4
+Abq8UKSQDEhuYB0eK9NHnb6npKuvfoiW/sMtKXbNfcDr/ww6rXbI0sLlYW2CDNzR
+UZJGwNO5WzJKdInQBIs/1Y4waIE1fM8reTAsqFeh/dgJhHBDskrt1YoWWt5xw4Ga
+yFi0WgH9kIhQ7C1W0jmJb/0kAK7h9Ga0c9k3FrgN/61ZEkQo2eIWvYaMr3kG2rDd
+wukTVTOCo7E0Ifhuj/0AcIvzxTMCAwEAAaOCAWUwggFhMAkGA1UdEwQCMAAwLQYJ
+YIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
+HQ4EFgQU19HWCnWFb52ojGp9mAwkEcdRkRkwgdEGA1UdIwSByTCBxoAUTz6IFOGh
+ISjj5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZC
+ZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQL
+ExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQ
+TiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzAT
+BgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEAYDVR0RBAkwB4IFbGFs
+aXgwDQYJKoZIhvcNAQELBQADggIBABTVZ7d2QbzUsakRHJzBHiAo250sIWdet+D0
+okeKbNq9pdT78IS7CwWVCLpkdvDYrJVehUUVuMAKoedfITb3mEP23O/UkV4ZyjPp
+vBJ3eHYn0PGVAmwJLIauXQ1QGHFUMd81a8M8gV495lVBP4nOnCb6uh6waG7W2FH2
+7rI9LqsNDehEN0XYD6tCK5h5Ynm7NPFq/RxW1nfybwAEw125TIlVlz3C8mhPslZF
+UisdDTjSuhTmBmgNwrKJyVyHB9OHofoSqykkf/KlARfAHNF9hLgHB1YYwj6bO/AX
+WNokIzoSa9ejEr44NhtwlDYhaGhTZ6zJr/cUQmzt5+g70eo0z2L2GZaDj3DofPih
+rPLY1Q1Z+vTnuTUoMJOe6uGKS8WtS57J/OtgEcubMywgG1mV5evh/xfSGyiCW6hO
+RxS4ekg+hGD93cIcEcFITKV0gX7iH+wg8zihzaGyOsBai5DMu0dVrLFODx7wlMYo
+hubWBknTR7zcdM9F1xsSfbXiCJci0nVxyfz87Bh2YL7Z0oj8iT4Npw6t5jro8xEa
+e6+lYxwHkX/cVb+NuOA878M6e92XyioPr//l+MvqpP0Oe66SZ3z9TODNLPQxezVd
+QpI27YqioI9hx6uInu6onoaRxFqb4juU6w2EXov/qihIxOwnGK+00g80ULBEt8+j
+5zzgFMsW
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/wf/keys/lalix.csr b/WF/openvpn/wf/keys/lalix.csr
new file mode 100644
index 0000000..7b34239
--- /dev/null
+++ b/WF/openvpn/wf/keys/lalix.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6DCCAtACAQAwgaIxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRUwEwYDVQQDEwxWUE4tV0YtbGFsaXgxDzANBgNVBCkTBlZQTiBX
+RjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDSwlOmBqK7zPpnvBKTjXNdmhjGol5Mgl2FdWGHxH6L
+57ziemz8Z0TVbaiUvC2panaxiub0v9XOQ2f9RthRHXaOREZIwLLoLAu91ImG1cGu
+ZfQZJdSVJDQ7jvRQCuBuk+QruxZcPCQuR3tmWqUtPMWvXQtaUp4KTochurF8rLGy
+DLKMW8xfl4pIZgFqWjOJnDKTo7a74tf4LsWTFg/Uh5GYDSe06KpmjJXvL5nbiWy4
+M4+krbNSifuxHSBaCtrCXbhokeA8lgjXaXSpPapEkeukbRWKhq6NR7anjs9r66UL
+LgzPq50qqihTItKRG+dUcm1t5YUG2AXu3jO+SZ4dWbyueqALTCGnOhVydKBftWsa
+FZwPeUiZPTA5Ar3hlSBcH2dKCy9b1tGkATJbZxiyAfpDXurUufpQnfWNFldV5/LN
+cPXI7kdFWbvJSFtcTwIsmUhh9XPpbfIGlLSbUjgBurxQpJAMSG5gHR4r00edvqek
+q69+iJb+wy0pds19wOv/DDqtdsjSwuVhbYIM3NFRkkbA07lbMkp0idAEiz/VjjBo
+gTV8zyt5MCyoV6H92AmEcEOySu3VihZa3nHDgZrIWLRaAf2QiFDsLVbSOYlv/SQA
+ruH0ZrRz2TcWuA3/rVkSRCjZ4ha9hoyveQbasN3C6RNVM4KjsTQh+G6P/QBwi/PF
+MwIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAHc9H/odC3TAp07dxgZdU2ElgG08
+EzM87fHO3HOYT2NGrlng31RKbgW6/gC2+Nu36nt+Sa02Morv6qLoCkEkHAppNvtx
+uhLNTg2A0eGdl3HOoSN1xtSp47lGt6Udt1SRI0A5bAOmg6QC1qt7bF8rQu1gRL1s
+XGO2+LxEzWtppjuGDjIzIfGIafYxx4vRCrX4BqztBsO3DkeRulS8deemmmmbSLzk
+2K2DM/0ji2hWPS2ob7a3JR3x9eTWXmN/iHpn6xMJEXf06aWz+mnDZJ9mi+jV+G1q
+jrtiL+XYRHX7anrVYgHkpHFgJ6g+FE3EOrLWQk0T/x2U84HSxIaBxacp2ChXPsQv
+pAegzqmEv5HI2wTSd8+Svoik7uY2hNjaLONKx7hmL2nR8MfTGMQWtBvTIi6bS6dN
+b1Cz/6nXc+Sx+N8drzxoSr9aUx/839MaUCt44pB1ogdxC/Z7njf89A1072pEL9Lb
+3Sc33hGwXOcAvY8tq58DiFMtb21zVRY/5HpJgTM2UyUjkkt5I7i+iBASO3EijcDC
+E2E3Z4LOOMM8hBVzKOgRem0exEtlwnpwDnGkDRyrTLqfZCQrA8qfXzeYeevjBhaU
+qZwhJGd92hen54raJsV+yEXzrFivMYkUkXgkPhEaBSPHouaU8BrrxcXQcsNZJriC
+A39Yc5xJ1tmOimdE
+-----END CERTIFICATE REQUEST-----
diff --git a/WF/openvpn/wf/keys/lalix.key b/WF/openvpn/wf/keys/lalix.key
new file mode 100644
index 0000000..c271663
--- /dev/null
+++ b/WF/openvpn/wf/keys/lalix.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI0HCBSTPa7qICAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECD/KDImZws4GBIIJUDtf1PZIZQzO
+iN5RuMQGPsHBGxRhxfRemCG8p2QHM/oAoI+NnEZN8nTf1nnc5PO6bgV7LWIrjVHw
+/6oZ7PLh2cq5e1i1gq3aimt5zZQMaD6e4GE/KlzL+jErJU8iPxG1HwgN1W2nWqyQ
+/GR55niq81E8PZAk1JwBJYswXJVEr6ybjAtKHwbtB63UJWSmZnIWMgt28zTr2Xpu
+B1/CpHBTtaL10klNg8CTYn+t7F0E8e8OUsy5RV6WboMBu/O+2i58sR8K51DC4AH9
+OfcvhncBHv8HQHWddzfAbrMUNiw+vzc8yMsYTZt0jhcAuXBuVieALI3+zfkh9SYO
+3vcAumLip/s2jkuEta6y19zb7hoC7gKXQiEa9/ikyAfGjhqI0Rz5M5/lWe0p7obG
+YEaqI5yWKaI6cKHSVl9K4ItUnq+KZHxJaGdYSutRdYdaMQ2uhe+gvImn6Zyc5JwA
+WA11vYTGVlKBDRaoAbSyhKd+saKAoMgboKEGww3zbfMg6bfzqc8maiqZ6kQmj1FF
+HGSDEF9gvpenCOYP0txGp9KpfcA/TgNRtzNmQi6M9CbjWKL1yZbb4EvrGPlzPJ6K
+YNMmU9mPjESaM32Tq79LZsb47L4eBm4ET+qjUZ/1JaDAFGxxIrLfqDxgONa+BwGV
+YZIKtOLxLPM5pSzR77o01IA7IcYXAy0G8v6eaJ5YKj2NVKF6r/a5bgVksbB7NJFp
+mHqgq/Ch4pnPCqtDuId595Gzylyva6BtsN7KOOT845K7TZY1mLtiAtkAuXm/zO1G
+uD5vMJ7gvtVueKdzszeDn8sJpa3idCFJNdnmv84v4LXkHdibwBnWRb1SFSNr4ige
+ONBueXHvAyoBDKgGQeXwhW/U0t/kpkDl3rYCJ446YnJVUL0rulaRGTmnQPR12URG
+aYXBFZkgm+4fzCxXOJCxNcw3ZtnzRMtwh7ZFZ7BsrGVWbEFa4X+aV7VZ01TfgEjA
+fK0I4zbEzxxwZz/5OvINleTCQ3sTfgLYpEOtGldsVIilKY5lVAigXKI+9eSssT/W
+MHasNk2Uim+s3bzNeRfJF+l6N9vHC4Kxk2DdX03jK+05Uf4WYXCd/rgkq2J/Cep1
+Go+2NXfQADUWzCauzhNubaYFZQgQjZl5CXNeJj0/MxwwLUAaPcvcuG8H5K1Egiy8
+vmgafktTg1P+k+La3dx8a371lqeTP0zB1JMGor1SwlcuMSt063FQdrUHth9BlTFE
+A+OghYIntkQcheWutIv1Nb+DDeFVEgf7oYcsT7E4IcV2yjQ2kabI7veJzKgN1F76
+7lG7xIJgB5XPhLuGPN52XghiP9ie6dtBJCFeR90TQ4wRMAII2cJXksPCnI1zSGfY
+1beGSyq7mQsIWqJRuDeGuZYS4V+p2WNO7y1OKVastR0pqCkvl4VPqQwdMDIDYaqq
+VPcicG3td1dd0o45aMDACxHiLhjR6FnKGzaAYbjGfUy00VqStKcuAf83WCuGPo9H
+tr01jzEB2VQdO85B0kJubl+I1ns7WXxMMNTvz8l9n4HzJ6fX418EL3UxolhfBiYZ
+xiGgQjA+X3CBXAiK8GTu/WzHXeRi/RooeNY91js65lXzxdzc47maG0Rx1j5QyAid
+w3NxCQ0+uDAmVbBUo4noPDXhNlpbRPF2Za+WD5e225Vrui6nCy8qwl9b8gxkZ1wb
+tP+Uc6+sIWBueFVAOOzO8vURumvT6FsxVcs8zZurZjuiuWqXF/sM2JJmF3Jm24RO
+BpZo3G1o6wcbSdQbPfH3fTJ6aFLibRCMv0Kzb2tL7Y3wXT90tofWC5ZFQN0Yx6C9
+mBRXFEeAWw//IWroo6ypY3q9zcEQ8QAGC++rpRNVDYRLwpB19m/QK2oeOiWCKkSM
+mf7jnDH6I8sqTU2CZ/zEtCVg0pBgdBiwaCw0d+j9CDHdPmUZ3LP/9qXv/4MzycKU
+DGX9rEzzFydGwgyKC1GZ5B5366Tvaqzcd8jCahxickWBB81g6nw2zGCVipiaOAbA
+n3K8Y2n66+K7H64u2wDGj5sXK1pBR0hsxNoxm60IlClWS8o/q3H5Oji4sE5l9eGC
+SbjFDzrdWOYAlEIY5b+PzRpm6RlscGsQ6Q/6x7TbUjztK6qtNlQnhADKB4gog7et
+12N7K2p0qOqyz8kaHyjEz8bV/AIE6v6bGBL8KGDQIkv1h2rctMf8CP9GtE7h6DXk
+OahqtazAAqXnjPj54g5Odf2A61jh9lSkG6EOU6GBA1CAz99sVrmR5AWPrGDbgO0V
+aW9lf5w9HF5ItranrY4NKwkuEHVca+WGdaov5JbwuglOlBf0pHYDhr6FjNecqgGL
+HJ4EqAdCnKmWYdLJe7nzkHG0CrQ0JfLtT8MRnNRFbEmno8NmNcD6zYQyEf5i5CXA
+0ZUcGzv3RcEBMzRNjSbmAG78I5jvmcmuGLKOj0e2R9IU+HW7A1xmK9mwLVWjl+Sy
+XbVGLePpfwBHBauQ5B8w25G+bACnixXsGpINXgHaU52aTblyyXl14yt1hRgcHv/4
+ot9r+YBZ1nz71+RDIP2wV87Mt8n0wFKiKju7a6QU5TZ6bPhm8vtRqoV9G88UWvCk
+aX6kkw9H3fIEoegy3Nqm8Li++cgyOXHMXtU99xaUYcnXPYb8xF9pC/Ip1o6GxJx8
+o7N1FkXkG9Pu7urc18TBTy/G2c6NUTAu74vycS4bmVgxXep0PtjE7tIoun3oQY7F
+VedR6p7LGxVziq1OAw6MUBmfHMcPl5hZ7GDCCd99QJ2D6Gw5XrJpkbcOMVoL3DXc
+znYC67DVSRY8GXZJ2ZmjXrosjQlvDMhiV31ZuZiFk5/T0+m4SpgnmgvBEJPk69Ut
+UvsPrHrZGniP6BkUjq6yRHwGcBGotoLl6m9+g3jDcLMrIcGs9Ig812kUuxldvM+I
+9OUeGVANnXosTkSmCPEQvZVlerHPjWEy0ZJEhhnlNHOfTC9noEZOyyo5xhNBEK5Q
+JLJ6XyGFcxdqZ5Ksp2Kz69bdht3Svg+i5C3ZzzGlnTgExh+KaGbbyez4JQEA5yPG
+hd0H8k5a+CsJGiNrIdiAw7HXUDBhvZDuo2yCjj/Ft1jx29+G+yYZe9kDr2wk0zYQ
+RRfLH1wi9IYQThw3bXhiNklrBlWiJEXU0RJfmV5kxYVdqg0LJdIEGdw4Swb9wZdN
+p8STDgChsK/ZzgX7EyItgHFCKIWYf+gs
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/WF/openvpn/wf/keys/mariette.crt b/WF/openvpn/wf/keys/mariette.crt
new file mode 100644
index 0000000..1ca4486
--- /dev/null
+++ b/WF/openvpn/wf/keys/mariette.crt
@@ -0,0 +1,139 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  5 09:35:49 2018 GMT
+            Not After : May  5 09:35:49 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-mariette/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:e2:ae:d2:6e:42:a2:37:df:1b:cc:5e:a3:4e:0d:
+                    78:35:b5:63:6e:c4:db:86:61:75:0e:6c:e1:0d:fc:
+                    af:70:24:77:4e:9a:69:5a:11:85:f1:aa:3a:68:a8:
+                    d4:e4:e8:21:9f:66:a7:07:7b:aa:49:8e:7f:e0:7f:
+                    83:e1:ca:eb:0e:1e:0b:78:a3:d6:29:a2:55:d9:92:
+                    bb:92:00:08:ea:63:00:85:55:9d:3b:ba:15:91:4e:
+                    f4:89:07:11:65:6e:61:31:9e:9a:66:6d:6a:44:2d:
+                    53:c5:c1:51:b1:ac:87:22:40:e7:a1:78:cf:2d:9b:
+                    1e:61:86:00:5d:29:96:71:19:f3:49:e7:90:cf:e1:
+                    0f:49:e6:46:78:c3:01:f6:fb:12:e2:a1:5b:42:d4:
+                    e9:24:51:5a:1c:0c:de:80:74:e6:25:35:64:c5:85:
+                    44:d3:21:05:fe:34:c1:68:5d:ea:2d:37:78:5a:11:
+                    f0:cb:32:64:c5:99:36:bb:da:48:db:8f:26:45:72:
+                    ca:8f:ad:d4:a3:57:42:d9:28:78:50:a8:bb:cf:9b:
+                    a5:cf:c9:ea:09:aa:d6:86:71:c8:4b:b8:59:af:e0:
+                    6b:f0:d8:6a:00:de:ae:85:69:4a:2f:0b:54:02:88:
+                    02:30:7e:34:89:46:37:66:36:cb:df:ce:f2:54:3d:
+                    71:09:61:d6:0a:3f:76:09:74:d6:b7:6b:ed:9d:55:
+                    39:a4:4f:bc:d4:8b:ea:45:41:72:d6:0f:94:7c:7e:
+                    56:73:d5:6a:63:e9:35:55:ad:b2:d4:56:d1:1b:67:
+                    57:27:8e:b6:69:70:49:44:66:6e:6b:21:68:fa:65:
+                    c0:6a:8c:09:30:c0:f0:60:50:b6:fb:bb:be:28:57:
+                    82:25:03:86:5e:50:bd:cd:e3:a9:53:56:d2:3e:aa:
+                    e6:2d:49:19:23:85:4a:fa:c6:da:2e:e0:8b:8b:9e:
+                    ed:c3:21:c0:b0:7b:24:78:9e:f9:74:4e:70:2d:72:
+                    08:df:eb:57:50:7a:22:72:2d:ae:5d:50:1f:ac:74:
+                    71:5f:43:35:9c:5f:86:45:3d:d9:c5:db:b0:6a:95:
+                    ac:9a:94:fd:43:c0:0f:10:8d:1c:6c:dc:8a:25:5d:
+                    d4:bb:58:43:93:cc:f8:a2:53:e3:f2:56:7d:ab:2a:
+                    1f:29:12:32:d9:bf:11:96:62:e3:61:2f:31:aa:71:
+                    98:71:30:02:22:f2:37:9b:99:df:f9:5f:d1:de:a4:
+                    12:d5:2d:44:68:2f:a9:26:ce:6e:7e:41:b4:54:a5:
+                    b7:07:eb:70:45:63:99:23:99:f4:00:70:76:ea:69:
+                    65:e7:e3:a3:4d:99:f6:d2:45:0d:3e:6c:55:90:7b:
+                    1c:c4:55
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                C6:B8:F9:FF:AD:7A:32:1B:2E:14:10:DE:74:70:34:53:02:50:73:89
+            X509v3 Authority Key Identifier: 
+                keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D8:4C:CB:28:B5:71:54:BB
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+            X509v3 Subject Alternative Name: 
+                DNS:mariette
+    Signature Algorithm: sha256WithRSAEncryption
+         78:ad:ed:36:6f:8a:e6:0c:a8:d3:41:27:b7:ed:bc:95:6d:20:
+         83:dd:1a:b1:a6:c8:93:de:f7:37:8a:96:f5:c1:b4:7c:5d:92:
+         e7:8d:d4:1d:31:6e:20:99:87:89:41:5c:6e:97:e5:d4:c7:7d:
+         69:f8:b8:6e:0e:74:eb:06:d2:ac:b4:ad:9a:85:fa:ec:4a:45:
+         70:21:47:0e:ee:48:64:56:97:64:ad:3a:87:95:e0:1d:0a:53:
+         3e:4a:45:d0:8b:fa:11:a4:1d:ac:04:67:3a:53:8c:1c:87:73:
+         ea:aa:85:6d:a0:fd:11:aa:cb:95:97:8c:39:9c:9e:b5:0c:54:
+         2b:08:77:cb:df:2f:28:54:83:d0:ad:b5:3c:db:69:62:04:35:
+         aa:ea:de:ad:76:15:10:98:7e:8c:b4:ec:4a:de:90:ef:2a:84:
+         1a:a6:5f:fb:f9:21:72:10:c5:0a:4f:01:de:f6:be:58:ca:cd:
+         f3:36:5f:d7:83:2f:0b:ab:58:e2:fe:f8:09:08:e8:f1:ac:ee:
+         16:83:43:86:f6:bc:14:67:36:63:b8:a6:0e:51:26:1e:74:3b:
+         83:f3:bd:b4:5e:c4:a3:63:cd:3e:b8:63:7d:f1:41:ee:13:38:
+         b9:8f:f0:cb:a5:f5:ad:f1:39:88:a4:76:b9:08:4e:9b:63:fa:
+         f2:ab:47:6a:d7:51:3d:09:2f:d9:09:ee:24:c0:93:14:20:55:
+         11:8f:c6:3f:32:ab:87:87:b6:f8:a6:86:b7:0b:96:9e:97:77:
+         75:a6:91:40:67:ef:ab:8d:91:2b:0b:be:b3:e0:3b:f1:54:bf:
+         44:a0:12:8f:90:55:e2:cd:9c:2e:53:8e:68:4f:00:7f:34:d4:
+         1e:a6:d5:5c:68:3c:c0:9e:81:08:67:f1:bb:9e:71:4c:ed:c7:
+         3f:32:28:1f:19:c6:72:c1:72:da:f1:f2:dd:05:72:c9:34:df:
+         1d:27:6c:1c:f8:28:7f:af:91:9d:73:0f:6e:bf:ae:a1:48:a8:
+         88:61:3f:a7:7d:9f:92:6e:55:cc:77:21:3a:15:73:d2:37:36:
+         37:47:3e:44:80:ba:36:e8:61:3d:94:20:d9:bf:d0:64:28:b9:
+         f8:a0:a9:2e:88:e0:00:23:9a:21:b0:96:b7:1a:39:82:7c:38:
+         07:f1:46:2f:30:7c:72:4c:8a:49:26:58:af:7b:ff:46:cd:a4:
+         8d:19:57:fd:49:e5:a2:15:65:81:a7:27:3e:00:58:11:dc:19:
+         12:a9:dd:26:e8:9e:db:f4:b0:69:31:ec:9d:ec:ad:13:4c:6c:
+         96:67:0f:f1:90:5c:ab:ff:2d:bf:bb:f4:4e:32:8e:ca:f3:99:
+         db:16:67:0b:a4:12:a4:e8
+-----BEGIN CERTIFICATE-----
+MIIHKDCCBRCgAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDUwOTM1NDlaFw0zODA1MDUwOTM1NDlaMIGlMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEYMBYGA1UEAxMPVlBOLVdGLW1h
+cmlldHRlMQ8wDQYDVQQpEwZWUE4gV0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9v
+cGVuLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4q7SbkKiN98b
+zF6jTg14NbVjbsTbhmF1DmzhDfyvcCR3TpppWhGF8ao6aKjU5Oghn2anB3uqSY5/
+4H+D4crrDh4LeKPWKaJV2ZK7kgAI6mMAhVWdO7oVkU70iQcRZW5hMZ6aZm1qRC1T
+xcFRsayHIkDnoXjPLZseYYYAXSmWcRnzSeeQz+EPSeZGeMMB9vsS4qFbQtTpJFFa
+HAzegHTmJTVkxYVE0yEF/jTBaF3qLTd4WhHwyzJkxZk2u9pI248mRXLKj63Uo1dC
+2Sh4UKi7z5ulz8nqCarWhnHIS7hZr+Br8NhqAN6uhWlKLwtUAogCMH40iUY3ZjbL
+387yVD1xCWHWCj92CXTWt2vtnVU5pE+81IvqRUFy1g+UfH5Wc9VqY+k1Va2y1FbR
+G2dXJ462aXBJRGZuayFo+mXAaowJMMDwYFC2+7u+KFeCJQOGXlC9zeOpU1bSPqrm
+LUkZI4VK+sbaLuCLi57twyHAsHskeJ75dE5wLXII3+tXUHoici2uXVAfrHRxX0M1
+nF+GRT3ZxduwapWsmpT9Q8APEI0cbNyKJV3Uu1hDk8z4olPj8lZ9qyofKRIy2b8R
+lmLjYS8xqnGYcTACIvI3m5nf+V/R3qQS1S1EaC+pJs5ufkG0VKW3B+twRWOZI5n0
+AHB26mll5+OjTZn20kUNPmxVkHscxFUCAwEAAaOCAWgwggFkMAkGA1UdEwQCMAAw
+LQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUxrj5/616MhsuFBDedHA0UwJQc4kwgdEGA1UdIwSByTCBxoAUTz6I
+FOGhISjj5ltza9wPl9lg9fGhgaKkgZ8wgZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQI
+EwZCZXJsaW4xDzANBgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYD
+VQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8wDQYDVQQDEwZWUE4tV0YxDzANBgNVBCkT
+BlZQTiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGWCCQDYTMsotXFU
+uzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEwYDVR0RBAwwCoII
+bWFyaWV0dGUwDQYJKoZIhvcNAQELBQADggIBAHit7TZviuYMqNNBJ7ftvJVtIIPd
+GrGmyJPe9zeKlvXBtHxdkueN1B0xbiCZh4lBXG6X5dTHfWn4uG4OdOsG0qy0rZqF
++uxKRXAhRw7uSGRWl2StOoeV4B0KUz5KRdCL+hGkHawEZzpTjByHc+qqhW2g/RGq
+y5WXjDmcnrUMVCsId8vfLyhUg9CttTzbaWIENarq3q12FRCYfoy07ErekO8qhBqm
+X/v5IXIQxQpPAd72vljKzfM2X9eDLwurWOL++AkI6PGs7haDQ4b2vBRnNmO4pg5R
+Jh50O4PzvbRexKNjzT64Y33xQe4TOLmP8Mul9a3xOYikdrkITptj+vKrR2rXUT0J
+L9kJ7iTAkxQgVRGPxj8yq4eHtvimhrcLlp6Xd3WmkUBn76uNkSsLvrPgO/FUv0Sg
+Eo+QVeLNnC5TjmhPAH801B6m1VxoPMCegQhn8buecUztxz8yKB8ZxnLBctrx8t0F
+csk03x0nbBz4KH+vkZ1zD26/rqFIqIhhP6d9n5JuVcx3IToVc9I3NjdHPkSAujbo
+YT2UINm/0GQoufigqS6I4AAjmiGwlrcaOYJ8OAfxRi8wfHJMikkmWK97/0bNpI0Z
+V/1J5aIVZYGnJz4AWBHcGRKp3Sbontv0sGkx7J3srRNMbJZnD/GQXKv/Lb+79E4y
+jsrzmdsWZwukEqTo
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/wf/keys/mariette.csr b/WF/openvpn/wf/keys/mariette.csr
new file mode 100644
index 0000000..7107cab
--- /dev/null
+++ b/WF/openvpn/wf/keys/mariette.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6zCCAtMCAQAwgaUxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRgwFgYDVQQDEw9WUE4tV0YtbWFyaWV0dGUxDzANBgNVBCkTBlZQ
+TiBXRjEdMBsGCSqGSIb3DQEJARYOYXJndXNAb29wZW4uZGUwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQDirtJuQqI33xvMXqNODXg1tWNuxNuGYXUObOEN
+/K9wJHdOmmlaEYXxqjpoqNTk6CGfZqcHe6pJjn/gf4PhyusOHgt4o9YpolXZkruS
+AAjqYwCFVZ07uhWRTvSJBxFlbmExnppmbWpELVPFwVGxrIciQOeheM8tmx5hhgBd
+KZZxGfNJ55DP4Q9J5kZ4wwH2+xLioVtC1OkkUVocDN6AdOYlNWTFhUTTIQX+NMFo
+XeotN3haEfDLMmTFmTa72kjbjyZFcsqPrdSjV0LZKHhQqLvPm6XPyeoJqtaGcchL
+uFmv4Gvw2GoA3q6FaUovC1QCiAIwfjSJRjdmNsvfzvJUPXEJYdYKP3YJdNa3a+2d
+VTmkT7zUi+pFQXLWD5R8flZz1Wpj6TVVrbLUVtEbZ1cnjrZpcElEZm5rIWj6ZcBq
+jAkwwPBgULb7u74oV4IlA4ZeUL3N46lTVtI+quYtSRkjhUr6xtou4IuLnu3DIcCw
+eyR4nvl0TnAtcgjf61dQeiJyLa5dUB+sdHFfQzWcX4ZFPdnF27BqlayalP1DwA8Q
+jRxs3IolXdS7WEOTzPiiU+PyVn2rKh8pEjLZvxGWYuNhLzGqcZhxMAIi8jebmd/5
+X9HepBLVLURoL6kmzm5+QbRUpbcH63BFY5kjmfQAcHbqaWXn46NNmfbSRQ0+bFWQ
+exzEVQIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAIaq2PxksvLqUhJaFQksgm8w
+Iz6ndxAfWR5VOhL8VuQXwKNt06beInu3VmAZ0pC29okEhNcN/Qy53BsYuYsij4PD
+iXt+dbhc8LmpVymbHY2JNjVy56CC2eRtJm51s1KWPlQQSbVO5RGo7s/Co9p1yxZx
+/Kg6EwPWBWZZt7TdU7ZQWGlDRjhj8Dze3KQzJGuCPafVFemTJpqfJF8CggIaRkZs
+uH36tfs92DISToLVKZyTXQFD5Mq8VRxrgbBmmvbI7uh8Q5qEqY47rxmtZlNGlTek
+AtrGyfWvCarxzaFN/dMwrjPUQ33PP6jqnLHyKt8KfO2fk0JJnsRxo3BbSY9LNC48
+rG1+Siy+pUr2ZIJBevxtHjMrobQcywtHYAuZcRT/iqgJhUkWoQySgJwtOutOQnW0
+smKD8Tux0ReuL3A6o6aS9Ch6a/dFlhZz215wLRypFS3v9wljAYazTGnAhOBNKTx6
+YFn6SR+L/F/+WJnDtLwJa3QhlvFrg218MKw0If8zl2S3GyzkTYCumRcaQHdYsHyj
+DuJfiWZTKtf1MPb9sWWyt0byA3ow7p2mVVeZW7PZAwnWnWsIu6Fl46wWa9gJklwa
++6cYdegLEPDCs5PRZk+om1PTAJJNqOdATtPGVU1rOyVtB76ghy+U0yhtgyszeC8B
+riZYvM9DmLGv3MdWlf94
+-----END CERTIFICATE REQUEST-----
diff --git a/WF/openvpn/wf/keys/mariette.key b/WF/openvpn/wf/keys/mariette.key
new file mode 100644
index 0000000..27916fe
--- /dev/null
+++ b/WF/openvpn/wf/keys/mariette.key
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQItmmGXbThBbsCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECGzVTuYqI+5SBIIJUAZiu3vVN58v
+ZxkslP58bx8N2vvk4wmhkeozlIDCeMmsd9nrRVBN53IFlqqEL+irgCiZAqQsNlJF
+CAkh4ZhhOE5BhXTEFrkFtMDf2nzfAEZUVDPGwvC038gEC0kCeBk6cEm3gqIaWVov
+OCmQmDLXgYXHoY/a+Bu7BVBwFFfDl82M1EkAuVLhjh8PHVRjF0QbfLenCZEE7k0h
+q7XWpcoonQB51nbBVZn3LvCdcG8YAHymCjahE7V5SsjYR/boxQMRduyFApXbKik2
+9cachDg85gnqRVDNMhHbCZv3ZwmDXFkstjPmq+IF4zTKXdDD3Vm6Rk52P4hSiLvM
+1BR8ECsxk3W2u3ughXIv13FD/jt8Hy22LKkso0S6SL4hhgdvdZLqa9A8F+g50rQ7
+vYvN366cd8xP9GODUPK9nMMou0IpA1460ZUI54n2u06rWJ/ABtcjgG1hlOecywHY
+l0IFnm5HrE+WzkIrD4iNQa5dbDlS9dw1t0J9OY58H5SjHM0+GoKhz8wH6mBE9THU
+dRL/z3QHauEu5nTqsrWIPKQdxAUblVu4uLgEUwt6neC15d9U0NOp3flf4GoK+ONF
+BkQCFUh0UqfzY+30hD1cIU1kXYV4dMxF8hu5IRbFt+cp89KDPM5s4TBdYPYLGLnh
+mnTZQjFtWrfrZdY/Is4m8qY5qkIKu2LZQF50KFOuHsOPiTX6heBk9A8YQJk7WTBJ
+mfz4lzejZ2tHhZNT7hIcK4EnaxKkWOiEIHx03xk6/dKcnNdusv0VUEGDfK4MXX9f
+Arc0jOf+URgRAdO5m0etkyLp6u3/5DTfq7sM+Vns4f42jdUrB1FW0Ho60EZgsZef
+T3bPlXXGw/qc38HDZB0o+tBAgYYpOLvFzIg3ckY7ds3H6KMrxr2suQ6CLZwzju78
+xf6BYQYCbh2QuGMhSlG+t3FX4HHhzurmH0ZVTOlBJpK9dyWCPQzGNL2nF37HMRpa
+YKT8wxcPfi2DRpmN1ESIAzuWIg5JBuxKSrQhNiz/8jJ2YISTpj/N+sjvb51yvfrJ
+I7QOKqePnKjfEy567pKmRNMTr0InGEbcmhIJKWzmsdGTgxZK4oAuA59FZEcxwzIA
+rh91L/gcS+rDMCcFdTtIcQK1BIfRvWHo3s/ab7Szow2MNyrgTAPTCjfDKvSEGYvi
+latAZFIxlpZkd+W9BETiwk84uUYap9c1gAxg9K3Vm0dXX/O9YDM5iYm6wZ50oCk/
+5jzF9JfcivzpFtxumWW4zDTA2xnCTEURXFpIwMdLR/oUfj1uVE5SrKLUjqKxiI4H
+0Zk+wfXU39nSusNMB+v5dGU/KMsMXt7KrAh+nMra22TKlUjfpv7yX2se7UfsdiYz
+l+SRRHWIucbPgseghsHLjUdQRKiIrqGXZMfHmqNB/Sl7kWD+ifSKSKznS4Z7tDRu
+f3LOOSh466nW+kVJnjaFU0RDglLI2SGrRMwDihUU5x31aJs0q+IdS/aJu8suRpCN
+AJjnUiDVQ++kHWfCr1DyMijf46wIDpDc9Kff43RnZR0ImEWu5w2DCbPXTJttCKPZ
+t17gINkLovFIx5Zz6MlJ6xu+lPfHG8W8b3LfryWatbFVTODMxft0cPGoMip3MCEw
+G7ZCD0W08WSHKHQjVzSeKdDyJ49q71tpiSuvKNOSgZUkssP8fSRR0xaZoPAZd17w
+99TJi9pI+CJwpcnXb1L98PyCpyMt7U5/ULgsrGey8gEMSVuC3/K8zG5kb6MnkVNi
+dweXBReyfw+VYLSkHe/Sbyr9g3Z1w+i7MHsULIxyRE0ItP+nTynE1PKUNW8T38x8
+pjb/ugEv4yOWG09D8ZXa3QpJy2ReQAHR7S346R/BiPtJspnOQLaegGM4mTjNLXHO
+AZ702X85sNJxDiqz/od9osStbAEmlTSvOnTdKgnjC0gnDeV5M0ZWEYPOX7s93Gbq
+n8QxzdgLiM2AplLDnDYYhqAhGLklchL37ftFNBfVx1xv9tfc1zgVjmWh8GrSZriB
+C8BpdyhBrxAkomUNi8Lr/f2oSFekOCs9WK1+XDs23f4dsvVbi8FdEYP6UBytEJdQ
+lY+SguBg6VQXx3ilswHJOFZ6hlRcO+iP3u6ZHc9nFyGDPt0EBwrRyLb7mwNU8U2s
+vI7BFp/LK4p7t49AR0bywI6Y6OI6yTnsr+5zGx9nOggzHdNttQ+YSeTDEMdhTV6w
+70jJXnXfyHcqO0WrDXUX9WtHxD8VVN1wx61HuvOnx/m0623FnKaCSHR0X0SroCR8
+5DFd0GR9oR8lhmPM/W44acRL0PphCHPoUud39XJodKVgqZoesURYGekD678cUlsv
+/1xLVY0CHnlcreR6jPjVYRrJbMgkaHtkCw79QkfzFJLAdv7MbzbiH1eOqOc+rw1K
+UytjgJozQSosgvznseV9eYGaM6prPVyNpHBVDz7RuXNu60izDDWIG6y5lMoPmX/C
+/h3hY15r5DwUgQ5awgNHk2TmW5qQQJT8Ef3hvkuISKY/vyMcOoBtN8P4KDRV8MGJ
+0dDl58ReeND9KYwj5y9IgruSqqfw/9n6ujbgdmPwIW/EQkxd7cBj93rz8AkZwHyq
+2PYMIAu7K9UHP9z+WQsdt4rv3LCQlj/tKYy9MhwRnSFDKNl0Aaa5vXi17pnf5aAw
+o0MrDyDRgLITGiYHqBdCAaOpnlno62F9QTwnnbTq+a26nMe29t8e7Woy4P+SMDwW
+W3hbK98etSgjyHw/0i41iqi1w4SQZP7tKYUR9KcbH8GpGOOZdwv8e5AZ3j9qnd4k
+1iUVXQOhwL3kP0F2FBVHc/RDpBQDstkdlNYRh4+2wRz24bbjbILMEfx/+KMb/53m
+MLdVhmN2b6roqwWppp9OnYADLzdZ4uGI+dLenLEYP+y0Ah5kp3jCbwMLTabLSG7s
+u1615I/mHq4c9cqeK3XJ+RjGG5VWSIFraHmdeXXLqWnafFPx84NI0sVOL0rrmDh4
+sW5S5WhMdtj59vJGdB19gyi7nTY6uVMsTVLQtU7InHyGHxWPzlUJNJnGkpLlwqJ4
+Mx6RG7OR5zyzwDvlFFK7Thk3BpA6RirKIySv4kNZUVswsNwEAMJ0P2Yl/nd92Fpw
+1Z4Um5FwwQjopdKXIWqcJgKUv0YIUvTWnHVAEB75/zZ+DdVei8eavS6exRJPbDVy
+BJuNlwVX9zwlecirUQdF01OBIVs+atz9
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/WF/openvpn/wf/keys/serial b/WF/openvpn/wf/keys/serial
new file mode 100644
index 0000000..adb9de8
--- /dev/null
+++ b/WF/openvpn/wf/keys/serial
@@ -0,0 +1 @@
+08
diff --git a/WF/openvpn/wf/keys/serial.old b/WF/openvpn/wf/keys/serial.old
new file mode 100644
index 0000000..2c7456e
--- /dev/null
+++ b/WF/openvpn/wf/keys/serial.old
@@ -0,0 +1 @@
+07
diff --git a/WF/openvpn/wf/keys/server.crt b/WF/openvpn/wf/keys/server.crt
new file mode 100644
index 0000000..65cd422
--- /dev/null
+++ b/WF/openvpn/wf/keys/server.crt
@@ -0,0 +1,141 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+        Validity
+            Not Before: May  4 18:39:28 2018 GMT
+            Not After : May  4 18:39:28 2038 GMT
+        Subject: C=DE, ST=Berlin, L=Berlin, O=o.open, OU=Network Services, CN=VPN-WF-server/name=VPN WF/emailAddress=argus@oopen.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (4096 bit)
+                Modulus:
+                    00:aa:1f:6d:98:84:46:ad:d4:b9:bf:08:13:8c:b6:
+                    6b:21:91:0d:7f:69:e0:a0:9e:79:61:d8:1c:43:07:
+                    0e:e8:a3:96:e5:83:22:41:32:87:94:1a:dd:56:05:
+                    7e:aa:40:a4:bb:23:fd:31:9c:57:c8:eb:06:be:02:
+                    22:15:e7:3d:25:57:4e:48:46:4b:ec:e1:f5:b2:1b:
+                    fc:2d:f7:38:4c:71:1b:11:26:a0:2a:bc:01:19:78:
+                    df:e2:03:73:5e:3a:45:bc:1e:d4:f9:25:0d:56:ea:
+                    06:ec:58:cb:4b:11:a1:a7:7b:c1:06:f9:a6:44:30:
+                    03:68:71:05:7e:f8:12:a4:53:b4:83:21:bb:3d:52:
+                    5e:0b:f2:d7:99:7a:e8:e7:4a:99:42:85:8b:f0:b3:
+                    3d:16:b8:30:44:0f:12:2e:e1:d0:ab:74:ac:27:50:
+                    ad:30:2d:08:eb:b0:ff:1e:13:8a:d7:c4:09:a1:93:
+                    c8:a8:08:25:ce:f9:c2:6d:47:b3:f8:f9:70:7f:dc:
+                    6d:03:ba:66:6b:27:cf:69:b9:b1:84:24:1d:e4:da:
+                    4a:d0:c5:8e:93:33:8f:ef:da:00:f1:dd:55:8f:86:
+                    ef:8b:9a:0f:c6:75:9d:42:d5:e4:69:20:fd:86:54:
+                    19:18:c5:e0:ee:ec:9a:a1:2b:19:82:aa:d9:c4:23:
+                    23:00:06:ba:b1:45:c2:80:7e:d4:62:9a:9e:36:02:
+                    7e:9c:3f:0f:66:f1:ee:17:4c:11:e0:ca:4c:ab:62:
+                    0e:0c:2d:e9:89:86:66:e1:d6:9c:8e:13:22:eb:a8:
+                    1d:11:57:4b:4a:c9:ac:f2:a9:38:60:0e:3a:d9:02:
+                    21:35:c0:25:9a:6a:57:46:e6:87:e0:10:58:ac:5a:
+                    cc:35:df:18:5e:de:65:93:09:37:4f:42:62:43:e2:
+                    18:a9:60:cd:26:0f:c1:1c:48:97:ac:35:0a:e5:f4:
+                    55:42:15:53:d4:b7:7a:23:a6:4e:f0:8d:9c:1d:cc:
+                    b4:a3:47:bf:ae:25:9e:47:48:c3:43:76:f2:af:f1:
+                    a9:7b:e2:62:3c:e1:09:19:22:43:44:36:1f:4b:cd:
+                    71:82:04:50:be:18:56:8c:7d:d7:53:7d:ae:06:a4:
+                    cf:cc:dd:18:1e:88:35:13:54:0f:af:20:dd:6c:3c:
+                    6a:40:95:5d:26:af:bb:93:fa:19:23:f7:c4:a9:2a:
+                    a1:2e:3d:9d:50:cd:e8:8f:04:2b:c5:bc:84:f5:50:
+                    1b:b2:ab:bf:90:1b:fc:28:ce:a9:fe:ed:dc:df:7a:
+                    13:7d:49:90:31:c8:96:31:2b:84:5f:83:c6:6d:60:
+                    c7:2a:67:5e:e2:dc:a6:8e:6a:b4:77:30:d4:18:9a:
+                    d9:7b:2b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                2D:CE:7B:8E:D1:5B:3D:27:B4:94:77:91:2A:7F:6C:5D:30:48:19:6D
+            X509v3 Authority Key Identifier: 
+                keyid:4F:3E:88:14:E1:A1:21:28:E3:E6:5B:73:6B:DC:0F:97:D9:60:F5:F1
+                DirName:/C=DE/ST=Berlin/L=Berlin/O=o.open/OU=Network Services/CN=VPN-WF/name=VPN WF/emailAddress=argus@oopen.de
+                serial:D8:4C:CB:28:B5:71:54:BB
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+         0b:8a:78:db:46:df:b5:60:cd:88:b9:9c:52:be:7b:e6:60:5b:
+         ef:a7:9c:24:ab:9c:04:87:b5:59:fc:11:16:2b:d8:64:7e:0c:
+         c5:01:2b:3d:29:97:5a:b0:1e:77:5d:39:f1:f5:dc:31:55:56:
+         d5:f7:10:1b:8f:9e:8e:f2:47:36:d1:fe:fb:a5:5b:69:58:16:
+         82:49:2c:5c:54:82:4c:0a:71:f7:e0:c8:f8:a2:1f:85:7d:fa:
+         f2:9b:6e:6e:78:04:88:49:65:cc:02:59:c8:73:66:75:3f:81:
+         6e:ac:83:b4:ed:54:2d:5e:0e:9e:d3:40:88:6e:91:e4:9c:6e:
+         4b:06:77:ec:74:cd:f9:f9:7f:5d:1b:72:5e:a0:14:7a:82:63:
+         ea:55:88:e3:23:59:36:e5:69:37:a0:7b:ae:b5:63:25:6a:e2:
+         b6:b3:35:b7:06:f9:17:6e:ed:b5:3d:1b:2f:5f:ea:96:b5:a2:
+         a8:d0:45:14:7a:b6:96:a8:ee:3d:2f:5e:7f:40:1a:69:81:c6:
+         2a:fa:10:a7:5d:8c:a1:c2:ed:00:f0:72:71:6e:6d:f1:0c:91:
+         ee:2d:0e:c5:4c:d1:e1:99:8c:4a:92:3a:f9:42:5b:cc:12:3f:
+         9e:17:31:5f:b0:6f:2e:e8:24:8f:1f:a1:82:bd:06:6e:e9:6d:
+         32:06:1c:58:d4:61:7e:05:8d:9b:57:8d:29:6a:d5:c6:c8:21:
+         d2:8a:26:c4:1e:40:7c:c8:f3:9b:99:8f:43:57:93:b7:dc:7f:
+         80:19:e7:cf:b3:25:35:46:00:38:e7:ec:1f:1a:4f:eb:4c:fd:
+         f5:fd:cc:14:96:58:51:ae:7e:7a:2a:78:2c:85:9d:c3:ae:a0:
+         6d:9d:45:ac:e1:67:36:e9:f1:b3:8c:e2:ac:55:9e:8c:7a:8d:
+         05:61:11:40:36:ae:cb:f5:13:0f:a0:27:16:96:01:3a:d3:13:
+         a6:ed:6f:77:20:36:2c:8b:86:60:5c:74:28:5d:2c:37:66:8b:
+         ae:a1:ae:0b:e9:87:05:8f:37:6a:96:1e:8f:bc:67:18:cb:e2:
+         77:56:42:4c:97:a4:2e:0c:f6:d9:0e:eb:80:41:de:a3:01:dd:
+         e3:62:05:af:e4:48:a4:93:a1:c2:0e:3a:13:27:86:b8:1d:fe:
+         7b:78:18:f0:41:83:8d:7a:ec:40:9b:c9:80:29:78:dd:da:a2:
+         64:6b:74:89:ed:23:bd:08:3f:fe:51:95:ff:33:bc:0e:6c:b5:
+         6d:02:da:2e:48:a7:04:4f:b6:ff:b4:a5:04:c4:95:3e:2a:94:
+         2a:73:b9:e0:99:21:b5:d1:dd:c7:0f:76:ae:e5:f1:98:5c:01:
+         d2:9c:23:69:0b:12:10:ef
+-----BEGIN CERTIFICATE-----
+MIIHPjCCBSagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUx
+DzANBgNVBAgTBkJlcmxpbjEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZvLm9w
+ZW4xGTAXBgNVBAsTEE5ldHdvcmsgU2VydmljZXMxDzANBgNVBAMTBlZQTi1XRjEP
+MA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Blbi5kZTAe
+Fw0xODA1MDQxODM5MjhaFw0zODA1MDQxODM5MjhaMIGjMQswCQYDVQQGEwJERTEP
+MA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xDzANBgNVBAoTBm8ub3Bl
+bjEZMBcGA1UECxMQTmV0d29yayBTZXJ2aWNlczEWMBQGA1UEAxMNVlBOLVdGLXNl
+cnZlcjEPMA0GA1UEKRMGVlBOIFdGMR0wGwYJKoZIhvcNAQkBFg5hcmd1c0Bvb3Bl
+bi5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKofbZiERq3Uub8I
+E4y2ayGRDX9p4KCeeWHYHEMHDuijluWDIkEyh5Qa3VYFfqpApLsj/TGcV8jrBr4C
+IhXnPSVXTkhGS+zh9bIb/C33OExxGxEmoCq8ARl43+IDc146Rbwe1PklDVbqBuxY
+y0sRoad7wQb5pkQwA2hxBX74EqRTtIMhuz1SXgvy15l66OdKmUKFi/CzPRa4MEQP
+Ei7h0Kt0rCdQrTAtCOuw/x4TitfECaGTyKgIJc75wm1Hs/j5cH/cbQO6Zmsnz2m5
+sYQkHeTaStDFjpMzj+/aAPHdVY+G74uaD8Z1nULV5Gkg/YZUGRjF4O7smqErGYKq
+2cQjIwAGurFFwoB+1GKanjYCfpw/D2bx7hdMEeDKTKtiDgwt6YmGZuHWnI4TIuuo
+HRFXS0rJrPKpOGAOOtkCITXAJZpqV0bmh+AQWKxazDXfGF7eZZMJN09CYkPiGKlg
+zSYPwRxIl6w1CuX0VUIVU9S3eiOmTvCNnB3MtKNHv64lnkdIw0N28q/xqXviYjzh
+CRkiQ0Q2H0vNcYIEUL4YVox911N9rgakz8zdGB6INRNUD68g3Ww8akCVXSavu5P6
+GSP3xKkqoS49nVDN6I8EK8W8hPVQG7Krv5Ab/CjOqf7t3N96E31JkDHIljErhF+D
+xm1gxypnXuLcpo5qtHcw1Bia2XsrAgMBAAGjggGAMIIBfDAJBgNVHRMEAjAAMBEG
+CWCGSAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJh
+dGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQULc57jtFbPSe0lHeRKn9s
+XTBIGW0wgdEGA1UdIwSByTCBxoAUTz6IFOGhISjj5ltza9wPl9lg9fGhgaKkgZ8w
+gZwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzANBgNVBAcTBkJlcmxp
+bjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3JrIFNlcnZpY2VzMQ8w
+DQYDVQQDEwZWUE4tV0YxDzANBgNVBCkTBlZQTiBXRjEdMBsGCSqGSIb3DQEJARYO
+YXJndXNAb29wZW4uZGWCCQDYTMsotXFUuzATBgNVHSUEDDAKBggrBgEFBQcDATAL
+BgNVHQ8EBAMCBaAwEQYDVR0RBAowCIIGc2VydmVyMA0GCSqGSIb3DQEBCwUAA4IC
+AQALinjbRt+1YM2IuZxSvnvmYFvvp5wkq5wEh7VZ/BEWK9hkfgzFASs9KZdasB53
+XTnx9dwxVVbV9xAbj56O8kc20f77pVtpWBaCSSxcVIJMCnH34Mj4oh+Fffrym25u
+eASISWXMAlnIc2Z1P4FurIO07VQtXg6e00CIbpHknG5LBnfsdM35+X9dG3JeoBR6
+gmPqVYjjI1k25Wk3oHuutWMlauK2szW3BvkXbu21PRsvX+qWtaKo0EUUeraWqO49
+L15/QBppgcYq+hCnXYyhwu0A8HJxbm3xDJHuLQ7FTNHhmYxKkjr5QlvMEj+eFzFf
+sG8u6CSPH6GCvQZu6W0yBhxY1GF+BY2bV40patXGyCHSiibEHkB8yPObmY9DV5O3
+3H+AGefPsyU1RgA45+wfGk/rTP31/cwUllhRrn56KngshZ3DrqBtnUWs4Wc26fGz
+jOKsVZ6Meo0FYRFANq7L9RMPoCcWlgE60xOm7W93IDYsi4ZgXHQoXSw3Zouuoa4L
+6YcFjzdqlh6PvGcYy+J3VkJMl6QuDPbZDuuAQd6jAd3jYgWv5Eikk6HCDjoTJ4a4
+Hf57eBjwQYONeuxAm8mAKXjd2qJka3SJ7SO9CD/+UZX/M7wObLVtAtouSKcET7b/
+tKUExJU+KpQqc7ngmSG10d3HD3au5fGYXAHSnCNpCxIQ7w==
+-----END CERTIFICATE-----
diff --git a/WF/openvpn/wf/keys/server.csr b/WF/openvpn/wf/keys/server.csr
new file mode 100644
index 0000000..7db5d7c
--- /dev/null
+++ b/WF/openvpn/wf/keys/server.csr
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIE6TCCAtECAQAwgaMxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIEwZCZXJsaW4xDzAN
+BgNVBAcTBkJlcmxpbjEPMA0GA1UEChMGby5vcGVuMRkwFwYDVQQLExBOZXR3b3Jr
+IFNlcnZpY2VzMRYwFAYDVQQDEw1WUE4tV0Ytc2VydmVyMQ8wDQYDVQQpEwZWUE4g
+V0YxHTAbBgkqhkiG9w0BCQEWDmFyZ3VzQG9vcGVuLmRlMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAqh9tmIRGrdS5vwgTjLZrIZENf2ngoJ55YdgcQwcO
+6KOW5YMiQTKHlBrdVgV+qkCkuyP9MZxXyOsGvgIiFec9JVdOSEZL7OH1shv8Lfc4
+THEbESagKrwBGXjf4gNzXjpFvB7U+SUNVuoG7FjLSxGhp3vBBvmmRDADaHEFfvgS
+pFO0gyG7PVJeC/LXmXro50qZQoWL8LM9FrgwRA8SLuHQq3SsJ1CtMC0I67D/HhOK
+18QJoZPIqAglzvnCbUez+Plwf9xtA7pmayfPabmxhCQd5NpK0MWOkzOP79oA8d1V
+j4bvi5oPxnWdQtXkaSD9hlQZGMXg7uyaoSsZgqrZxCMjAAa6sUXCgH7UYpqeNgJ+
+nD8PZvHuF0wR4MpMq2IODC3piYZm4dacjhMi66gdEVdLSsms8qk4YA462QIhNcAl
+mmpXRuaH4BBYrFrMNd8YXt5lkwk3T0JiQ+IYqWDNJg/BHEiXrDUK5fRVQhVT1Ld6
+I6ZO8I2cHcy0o0e/riWeR0jDQ3byr/Gpe+JiPOEJGSJDRDYfS81xggRQvhhWjH3X
+U32uBqTPzN0YHog1E1QPryDdbDxqQJVdJq+7k/oZI/fEqSqhLj2dUM3ojwQrxbyE
+9VAbsqu/kBv8KM6p/u3c33oTfUmQMciWMSuEX4PGbWDHKmde4tymjmq0dzDUGJrZ
+eysCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQAVScYpYPusscwUEFl0aADxiS+s
+Apx0RAXUZCc/BJ1EkVnIcG0qoCvI91tsFAFvRNw3gGH/yw8b7hduBAeqp00i7iZP
+JKIter5sZaE6eS+qyIv8udXK6nSaAxjnzqc5IVJWiS41rGI5BXSLjHxevwWMJErD
+BXKzUqpELTjE414aBIkbk2U5EI8GXejMHBQPl1Fph2XZ020KKebo5+wgGgzKOgcL
+gr5ku63bWUke+bAQriwIjBzZ7Fe+MlmW+XzlU2OfUu/Ys0OAeadNDGRbow1eore9
+zFQ25fvxnLFVGei4+u1VaE6VGwHCEFSZw+K+YzjMPXof5K75ApP2v4zzHay+Dsew
+sT/VZMpvwQMfQGA9ej7Q8a0mFplDrHqn8GTZuBnH1R0TA4amlSXWDVB9mIfTgwYD
+SSyR5XaKjgVUIdVzZ2watRHEW6rYpVUAWOY/V5z0X+Uqwi+vjJPdXZI4BrTCqqw+
+M5wIZV6riUVDG3rihTEBIannLo7FdvhRtOao+YaqF4ZWwwDf/tkYKMVmQalp0EF1
+NcGkkod5KkrwwVVLK/rM9EbZYnbVzvTaaNE+2JYo9K7BKLaLrvztnuuL4ynRps7k
+BQCs1FJMK/DS3yk7sFW/0/tHwpm4YL/o55vEu50yPHgU/VtZNJQpy6zMfAxs1Brd
+1Ax1zXAKA4piwIO5rg==
+-----END CERTIFICATE REQUEST-----
diff --git a/WF/openvpn/wf/keys/server.key b/WF/openvpn/wf/keys/server.key
new file mode 100644
index 0000000..2de20bb
--- /dev/null
+++ b/WF/openvpn/wf/keys/server.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCqH22YhEat1Lm/
+CBOMtmshkQ1/aeCgnnlh2BxDBw7oo5blgyJBMoeUGt1WBX6qQKS7I/0xnFfI6wa+
+AiIV5z0lV05IRkvs4fWyG/wt9zhMcRsRJqAqvAEZeN/iA3NeOkW8HtT5JQ1W6gbs
+WMtLEaGne8EG+aZEMANocQV++BKkU7SDIbs9Ul4L8teZeujnSplChYvwsz0WuDBE
+DxIu4dCrdKwnUK0wLQjrsP8eE4rXxAmhk8ioCCXO+cJtR7P4+XB/3G0DumZrJ89p
+ubGEJB3k2krQxY6TM4/v2gDx3VWPhu+Lmg/GdZ1C1eRpIP2GVBkYxeDu7JqhKxmC
+qtnEIyMABrqxRcKAftRimp42An6cPw9m8e4XTBHgykyrYg4MLemJhmbh1pyOEyLr
+qB0RV0tKyazyqThgDjrZAiE1wCWaaldG5ofgEFisWsw13xhe3mWTCTdPQmJD4hip
+YM0mD8EcSJesNQrl9FVCFVPUt3ojpk7wjZwdzLSjR7+uJZ5HSMNDdvKv8al74mI8
+4QkZIkNENh9LzXGCBFC+GFaMfddTfa4GpM/M3RgeiDUTVA+vIN1sPGpAlV0mr7uT
++hkj98SpKqEuPZ1QzeiPBCvFvIT1UBuyq7+QG/wozqn+7dzfehN9SZAxyJYxK4Rf
+g8ZtYMcqZ17i3KaOarR3MNQYmtl7KwIDAQABAoICAQCMxOa1/jZR3qU4WmF63PM2
+2kT1+lFB9v/vo5h3Kh7/B2Z0UZcFpd8kATrG1FMkY8srgzMeWwUUns18al10DFy/
+SkffbDOlNrBMifWYv2lZb3n7Lh/4XIr4Xdm7tik/fi535HdMFYm9Mnc6GJtXaaZ+
+5Nsrf2ZCJAyd3m+yyWj7irviigXaTw69Clu2h0qzIDpDHihWqqnQ4+YkWugr3PUC
++s781TgJlio8hMAFThxkP7XMenHeAKfwZSCptlxIl3ashmO6YwIehtmM3XfzJMOL
+u8mOiPpZ+Z+P069Wc1Q6KGiM9pU5HddcF4siJodCINKHei2O5j9pPzWjtuXs8zog
+kQzrlopK6JhyDbIMeNqkRDO62DZXU5EeQroUR9xc+i4rk0N4GeZ/frjFe7uuADaE
+c5bn3+d+X+4IoFJ0MpnfA6574Ul9X4qdMhUdTp2jfLwkTIiJ1QAYxB6pRyFpxmAx
+TFUE/IKllnD3u92a1lZSX0SSTUG7MmhMuG3BMrKUPK4A+hmb0fvq/pe4wp9rWeAX
+8X+mnoSwe2EMExkR7Dq4Mn2S2ydEbjjJWa6OiRmsawq3eVExrO2kL2iYhr4D4Sb6
+np1Rx7bMRCfkpPv7/TSIua5mVwuDwKF0/Q5q8OvD30D61JtAcU43bt+z+Jh6boi9
+DL8kw6E4eFDrfw9lyry1+QKCAQEA0w6O4ndSq46l1bS6kA4+Ud+gvawbBnk19gVR
+6FWddeRaIkXC3EQaH5ahReRIds5jZCsXVf8GC8tYmMoofI+tTX+AEkT0V0zC1xg+
+1CiFAlneXYnwlLNWmB9zAG2x/WWO/PLCnBJ+ziz8ojc4CsXkDHuo3TCSqhsSa40W
+Zk826LBjinmRL5Wxxuar4Wg6NDoT26xFYzOjQQCAtNfbMo8oCDk+ZOOPOCYZ0g7L
+48m7ZqBSmejD0Hc65sNG5I7k/LfkD4vbgtD4c+iYCQOzs+oslZt1dFUMoePxVz9N
+vwrgXr09QVdn4KGYV4UHH4o9PVHF08eWkyMacOtqXMNCdc6otQKCAQEAzllo/SIS
+1S2Lm1+53p0dMlv/a2eDO6XPg8F5e3RiUdSBlhasHcWObv5dprpoUdzvND6tviHp
+clacgLituJfXBZTfOOHARe6KhB8lq6ngEfyHSYGAz7q/qrj/0Lo88HyR+KNkEvvb
+p/I6RshYBEg8KBzjNtBsVPB1prRzvrSlDtMCepoSN5KUJt2dNtJ9jdqTzBfZNprf
+g2IHscmRXJgwTlYuTbTs46xdvftM8wM8g07G3Is+wdU39VdNHGHsZA7rQErUpzkv
+qL7WsSH1DV2Idt3Xa+RtWt20guBzVcqOwOca5WpiZZvHIObuMVphs4i/8tI6pGWa
+eujOqoAUvHFgXwKCAQBJ3emCN1LWukkuH1/ANUv4abUfTRH0VQ3eugPttbEzZqVp
+I1NMtgUSkyyEgp4d/qPolfBH58ac8CFk8DP1TG/SFNKlEj8WIsZ6c4DhzgCnTv61
+bCaoVI/1E+Sy/LFzx0yhGPGloA+DZ1lQCNVzZ8kl2U3DhFGAeZMb0zhIvGayT7G2
+8E8xAUpEG82CSXE9gCodExEB5Du570wcfwO3kUTog+hjdQVWGHem/gi8A4m0JF5k
+gYOu/Vu/Eg9IxP49uLp3+nHsOekK4Bf9567IRCgwgEU+XtnZ+yYna/9w4oSeg8rh
+iI7Rnpzr3KIelspSIMGFGnCHtJx3ct059BjZlGeVAoIBAEcgbp4CZrdwkZSm9GyV
+f4DiUTJ2ZbfjuZnS0MsLHPDT7S8M9Zr1g9kieKmFy3ucSh+aE01cZxlwXVXJUqg0
+PnvACwmSVzJDvR85lUSMs52/i+p8ZygzWOnCBvutll/WsIIh39bjVZ2YUxoe6Kfh
+NkslWfSE9zJ4CDXEMblkjxiDB3G3NdxN/B9BeHVzLK/+zb8l4Ut/KtggrEJOFnry
+QoReFGvYl2cK/O0FeEqzrOId/1H59VHe6wD4bK4B2vfKZLCumophndnunhZEfDF1
+Mhq28RBRlpghn50VPOwve/FmN9EoUG5xubvPnf8JBnBaDL/oUypjk1IWeVYv+/XQ
+psUCggEBAIivEYV48WJXVrCxZy4esjlYkMtaBosmbxIvNTwm1bNEEqnWhCBZSZmm
+jpnHdKt8G3/9krBMhRZNFcMu1Udu15DpDwlY2x5pHi3xtBXUhrBqPH04gifsTapc
+gmzMw+0+3EBAGapCUCz6FuDX98lQHZph04t3t5suAeTJhc6Wid4RSwpy0JpcJRDL
+mBoYFZbEr9BsWCM6IU2+/3CnMMSAB5vT6TBzY+M8hnJJqybXrdRrkjgVzGOlU6Bf
+QIY4CsQOvufVATmQZInSdXxzgEHk6/vBSgTt8rajxmKyK8fH9KjfPYwEgC+KzYlL
+7lgpGiEExPag+ueGDoJ3fnt0XzVuuEI=
+-----END PRIVATE KEY-----
diff --git a/WF/openvpn/wf/keys/ta.key b/WF/openvpn/wf/keys/ta.key
new file mode 100644
index 0000000..c9c56bc
--- /dev/null
+++ b/WF/openvpn/wf/keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+055e6b31c205ec1ace25b0ef1f0b3e80
+e74c454b9136ba2a73e77af7d1a69e27
+961a2792f86003c7e5477606511ab117
+86a4c648a987b4aed406d30bcf5c32b4
+da5405b247161f9f1cafcb82df78f63e
+e2151005472f97c913ab994c2b2fc3b0
+2c8e2b7d9b466a1f092f375f2a08f561
+b8e0c6bd019a5e9b9bc821715287f279
+ca56cdd6fcbb3fde55d44da9be2ec86a
+b81e52bc44f7c92174795dc12f95a6c1
+beeca15154a9c72872c3f205ccf601ea
+c610bd2aa828e052febb747c02cfdf4a
+959e9a86a01863bebb30ed8f79d13dae
+f58e8dde86d46026a27de24e6db51348
+1d395e5736eab696c653d1f68a972dc1
+e47de0993b8b5d57ecab103e70c4874a
+-----END OpenVPN Static key V1-----
diff --git a/WF/pap-secrets.WF b/WF/pap-secrets.WF
new file mode 100644
index 0000000..799bf2e
--- /dev/null
+++ b/WF/pap-secrets.WF
@@ -0,0 +1,48 @@
+#
+# /etc/ppp/pap-secrets
+#
+# This is a pap-secrets file to be used with the AUTO_PPP function of
+# mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
+# which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
+# after a user has passed this file. Don't be disturbed therefore by the fact
+# that this file defines logins with any password for users. /etc/passwd
+# (again, /etc/shadow, too) will catch passwd mismatches.
+#
+# This file should block ALL users that should not be able to do AUTO_PPP.
+# AUTO_PPP bypasses the usual login program so it's necessary to list all
+# system userids with regular passwords here.
+#
+# ATTENTION: The definitions here can allow users to login without a
+# password if you don't use the login option of pppd! The mgetty Debian
+# package already provides this option; make sure you don't change that.
+
+# INBOUND connections
+
+# Every regular user can use PPP and has to use passwords from /etc/passwd
+*	hostname	""	*
+
+# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
+# other accounts that should not be able to use pppd!
+guest	hostname	"*"	-
+master	hostname	"*"	-
+root	hostname	"*"	-
+support	hostname	"*"	-
+stats	hostname	"*"	-
+
+# OUTBOUND connections
+
+# Here you should add your userid password to connect to your providers via
+# PAP. The * means that the password is to be used for ANY host you connect
+# to. Thus you do not have to worry about the foreign machine name. Just
+# replace password with your password.
+# If you have different providers with different passwords then you better
+# remove the following line.
+
+#	*	password
+
+#"feste-ip4/7TB02K2HZ4Q3@t-online-com.de" * "EadGl15E"
+
+#"0025591824365511139967620001@t-online.de" * "EadGl15E"
+
+"0029713004945511268028220001@t-online.de" * "86572293"
+
diff --git a/WF/peers/dsl-provider b/WF/peers/dsl-provider
new file mode 100644
index 0000000..da73d6b
--- /dev/null
+++ b/WF/peers/dsl-provider
@@ -0,0 +1,27 @@
+# Minimalistic default options file for DSL/PPPoE connections
+
+noipdefault
+defaultroute
+replacedefaultroute
+hide-password
+#lcp-echo-interval 30
+#lcp-echo-failure 4
+noauth
+persist
+
+## mtu 1492
+## - notwendig bei vergabe einer festen ip
+## - von t-online:
+## -    mtu 1456
+## -
+mtu 1456
+
+#mtu 1492
+#persist
+#maxfail 0
+#holdoff 20
+plugin rp-pppoe.so eth0.7
+##user "0025591824365511139967620001@t-online.de"
+#user "feste-ip4/7TB02K2HZ4Q3@t-online-com.de"
+user "0029713004945511268028220001@t-online.de"
+
diff --git a/WF/peers/provider b/WF/peers/provider
new file mode 100644
index 0000000..e74d71a
--- /dev/null
+++ b/WF/peers/provider
@@ -0,0 +1,35 @@
+# example configuration for a dialup connection authenticated with PAP or CHAP
+#
+# This is the default configuration used by pon(1) and poff(1).
+# See the manual page pppd(8) for information on all the options.
+
+# MUST CHANGE: replace myusername@realm with the PPP login name given to
+# your by your provider.
+# There should be a matching entry with the password in /etc/ppp/pap-secrets
+# and/or /etc/ppp/chap-secrets.
+user "myusername@realm"
+
+# MUST CHANGE: replace ******** with the phone number of your provider.
+# The /etc/chatscripts/pap chat script may be modified to change the
+# modem initialization string.
+connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T ********"
+
+# Serial device to which the modem is connected.
+/dev/modem
+
+# Speed of the serial line.
+115200
+
+# Assumes that your IP address is allocated dynamically by the ISP.
+noipdefault
+# Try to get the name server addresses from the ISP.
+usepeerdns
+# Use this connection as the default route.
+defaultroute
+
+# Makes pppd "dial again" when the connection is lost.
+persist
+
+# Do not ask the remote to authenticate.
+noauth
+
diff --git a/WF/rc.local.WF b/WF/rc.local.WF
new file mode 100755
index 0000000..65634df
--- /dev/null
+++ b/WF/rc.local.WF
@@ -0,0 +1,14 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+# By default this script does nothing.
+
+exit 0
diff --git a/WF/resolv.conf.WF b/WF/resolv.conf.WF
new file mode 100644
index 0000000..ce07abe
--- /dev/null
+++ b/WF/resolv.conf.WF
@@ -0,0 +1,3 @@
+domain wf.netz
+search wf.netz
+nameserver 127.0.0.1
diff --git a/WF/sasl_passwd.WF b/WF/sasl_passwd.WF
new file mode 100644
index 0000000..f2753c0
--- /dev/null
+++ b/WF/sasl_passwd.WF
@@ -0,0 +1 @@
+[b.mx.oopen.de] warenform@b.mx.oopen.de:vohfaiNie2ch
diff --git a/WF/sasl_passwd.db.WF b/WF/sasl_passwd.db.WF
new file mode 100644
index 0000000..f73d7af
Binary files /dev/null and b/WF/sasl_passwd.db.WF differ
diff --git a/WF/sbin/ip6t-firewall-gateway b/WF/sbin/ip6t-firewall-gateway
new file mode 100755
index 0000000..3df216f
--- /dev/null
+++ b/WF/sbin/ip6t-firewall-gateway
@@ -0,0 +1,3414 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ip6t-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv6 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv6.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv6.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv6.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv6.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ip6t=$(which ip6tables)
+
+if [[ -z "$ip6t" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IPv6)..\033[m"
+else
+   echo "Starting firewall iptables (IPv4).."
+fi
+echo
+
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+# ---
+# - Enable/Disable ip forwarding between interfaces
+# ---
+if $kernel_forward_between_interfaces ; then
+   echononl "\tActivate Forwarding.."
+   echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+else
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
+fi
+
+echo_done
+
+
+# -------------
+# --- Adjust Kernel Parameters
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+
+   # ---
+   # - Deactivate Source Routed Packets
+   # ---
+   for asr in /proc/sys/net/ipv6/conf/*/accept_source_route; do
+      if $kernel_deactivate_source_route ; then
+         echo 0 > $asr
+      fi
+   done
+
+
+   # ---
+   # -  Deactivate sending ICMP redirects
+   # ---
+   if $kernel_dont_accept_redirects ; then
+      echo "0" > /proc/sys/net/ipv6/conf/all/accept_redirects
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+
+fi 
+
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv6).."
+
+# - default policies
+# -
+$ip6t -P INPUT ACCEPT
+$ip6t -P OUTPUT ACCEPT
+$ip6t -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ip6t -F
+$ip6t -F INPUT
+$ip6t -F OUTPUT
+$ip6t -F FORWARD
+$ip6t -F -t mangle
+$ip6t -F -t nat
+$ip6t -F -t raw
+$ip6t -X
+$ip6t -Z
+
+#$ip6t -t nat -A POSTROUTING -o $ext_if_static_1 -j MASQUERADE
+$ip6t -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+echo_done # Flushing firewall iptable (IPv6)..
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ip6t -A INPUT -s $_ip -j LOG --log-prefix "$_ip IN: " --log-level $log_level
+      $ip6t -A OUTPUT -d $_ip -j LOG --log-prefix "$_ip OUT: " --log-level $log_level
+      $ip6t -A FORWARD -s $_ip -j LOG --log-prefix "$_ip FORWARD FROM: " --log-level $log_level
+      $ip6t -A FORWARD -d $_ip -j LOG --log-prefix "$_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP IPv6 traffic.."
+if $permit_all_icmp_traffic ; then
+   $ip6t -A INPUT -p ipv6-icmp -j ACCEPT
+   $ip6t -A OUTPUT -p ipv6-icmp -j ACCEPT
+   $ip6t -A FORWARD -p ipv6-icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ip6t -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ip6t -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ip6t -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -j ACCEPT
+         $ip6t -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ip6t -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ip6t -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ip6t -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ip6t -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -i $_if -j DROP
+      $ip6t -A FORWARD -o $_if -j DROP
+   fi
+   $ip6t -A INPUT -i $_if -j DROP
+   $ip6t -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -d $_ip -j ACCEPT
+         $ip6t -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ip6t -N syn-flood
+   $ip6t -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ip6t -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ip6t -A syn-flood -j DROP
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   if $log_new_not_sync || $log_all  ; then
+      $ip6t -A INPUT -p tcp ! --syn -m state --state NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      $ip6t -A OUTPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+      fi
+   fi
+   $ip6t -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
+   $ip6t -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP
+   fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   if $log_invalid_state || $log_all  ; then
+      $ip6t -A INPUT -m state --state INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -m state --state INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+      fi
+   fi
+   $ip6t -A INPUT -m state --state INVALID -j DROP
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -m state --state INVALID -j DROP
+   fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ip6t -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ip6t -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # - Refuse spoofed packets pretending to be from your IP address.
+   if $log_spoofed || $log_all ; then
+      for _ip in ${ext_ip_arr[@]} ; do
+         $ip6t -A INPUT -s $_ip -d $_ip -j LOG --log-prefix "$log_prefix Spoofed (own ip): " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -s $_ip -d $_ip -j LOG --log-prefix "$log_prefix Spoofed (own ip): " --log-level $log_level
+         fi
+      done
+   fi
+   for _ip in ${ext_ip_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -s $_ip -d $_ip -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ipi6t -A FORWARD -s $_ip -d $_ip -j DROP
+      fi
+   done
+
+
+   # - private Adressen auf externen interface verwerfen
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ip6t -A INPUT -i $_dev -s $ula_block -j LOG --log-prefix "$log_prefix Private (ula_block): " --log-level $log_level
+         $ip6t -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix (loopback): " --log-level $log_level
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -s $ula_block -j LOG --log-prefix "$log_prefix Private (ula_block): " --log-level $log_level
+            $ip6t -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix (loopback): " --log-level $log_level
+         fi
+      fi
+      $ip6t -A INPUT -i $_dev -s $ula_block -j DROP
+      $ip6t -A INPUT -i $_dev -s $loopback -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -i $_dev -s $ula_block -j DROP
+         $ip6t -A FORWARD -i $_dev -s $loopback -j DROP
+      fi
+
+      # Don't allow spoofing from that server
+      $ip6t -A OUTPUT -o $_dev -s $ula_block -j DROP
+      $ip6t -A OUTPUT -o $_dev -s $loopback -j DROP
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -s $ula_block -j DROP
+         $ip6t -A FORWARD -o $_dev -s $loopback -j DROP
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ip6t -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ip6t -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ip6t -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ip6t -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ip6t -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ip6t -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ip6t -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ip6t -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ip6t -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ip6t -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_forward_between_interfaces ; then
+         if $block_ident ; then
+            $ip6t -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ip6t -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ip6t -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ip6t -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_forward_between_interfaces ; then
+      if $block_ident ; then
+         $ip6t -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ip6t -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ip6t -A INPUT -i lo -j ACCEPT
+$ip6t -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ip6t -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ip6t -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_forward_between_interfaces ; then
+   $ip6t -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ip6t -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ip6t -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv6_address_arr[@]}" ; then
+            $ip6t -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         $ip6t -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ip6t -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ip6t -A FORWARD -p ${_val_arr[3]} -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      $ip6t -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+echononl "\tSeparate local networks.."
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+echononl "\tSeparate local interfaces.."
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            [[ "$_dev_1" = "$_dev_2" ]] && continue
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+            $ip6t -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+         done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_forward_between_interfaces ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+
+
+# ---
+# - IPv4 over IPv6
+# ---
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p udp -m udp --dport 546 -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p udp -m udp --dport 547 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP Service (local network only)"
+
+if $local_dhcp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type router-advertisement -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type router-solicitation -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type echo-request -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
+
+      $ip6t -A INPUT -p udp -i $_dev --sport 546 --dport 547 -j ACCEPT
+      $ip6t -A OUTPUT -p udp -o $_dev --sport 547 --dport 546 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ip6t -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ip6t -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ip6t -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_forward_between_interfaces=true)
+   if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ip6t -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ip6t -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ip6t -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ip6t -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ip6t -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_forward_between_interfaces ; then
+
+            $ip6t -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_forward_between_interfaces ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ip6t -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ip6t -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ip6t -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_forward_between_interfaces ; then
+            $ip6t -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -t filter -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ip6t -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip -m multiport --dports $standard_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip -m multiport --sports $standard_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+            $ip6t -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ip6t -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_forward_between_interfaces ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then 
+         $ip6t -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ip6t -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+      $ip6t -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ip6t -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_forward_between_interfaces && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_forward_between_interfaces ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ip6t -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ip6t -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_forward_between_interfaces && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ip6t -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_local_net_to_inet ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tDruck Port 9100 only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_forward_between_interfaces && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ip6t -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_forward_between_interfaces \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -o $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=',' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ip6t -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces $$ ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ip6t -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ip6t -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ip6t -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ip6t -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv6_address_arr[@]}" ; then
+         $ip6t -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ip6t -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_forward_between_interfaces \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ip6t -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_forward_between_interfaces ; then
+
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ip6t -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ip6t -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ip6t -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces ; then
+         $ip6t -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ip6t -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces ; then
+
+         # - From extern
+         $ip6t -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ip6t -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ip6t -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ip6t -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ip6t -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ip6t -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ip6t -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv6_address_arr[@]}" ; then
+         $ip6t -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_forward_between_interfaces ; then
+         $ip6t -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ip6t -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ip6t -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ip6t -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_forward_between_interfaces && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ip6t -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_forward_between_interfaces && $local_alias_interfaces ; then
+         $ip6t -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ip6t -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=',' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      if [[ "${_val_arr[1]}" = "${_val_arr[3]}" ]] ; then
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination ${_val_arr[2]}
+      else
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination [${_val_arr[2]}]:${_val_arr[3]}
+      fi
+
+      # - Allow Packets
+      # -
+      $ip6t -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=',' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      if [[ "${_val_arr[1]}" = "${_val_arr[3]}" ]] ; then
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination ${_val_arr[2]}
+      else
+         $ip6t -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to-destination [${_val_arr[2]}]:${_val_arr[3]}
+      fi
+
+      # - Allow Packets
+      # -
+      $ip6t -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ip6t -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ip6t -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_forward_between_interfaces ; then
+      $ip6t -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ip6t -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+# ---
+# - ICMP is configured above..
+# ---
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_forward_between_interfaces ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ip6t -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ip6t -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ip6t -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ip6t -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ip6t -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ip6t -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ip6t -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ip6t -A INPUT -j DROP
+$ip6t -A OUTPUT -j DROP
+$ip6t -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/WF/sbin/ipt-firewall-gateway b/WF/sbin/ipt-firewall-gateway
new file mode 100755
index 0000000..223a537
--- /dev/null
+++ b/WF/sbin/ipt-firewall-gateway
@@ -0,0 +1,4132 @@
+#!/usr/bin/env bash
+
+### BEGIN INIT INFO
+# Provides:          ipt-firewall
+# Required-Start:    $local_fs $remote_fs $syslog $network $time
+# Required-Stop:     $local_fs $remote_fs $syslog $network
+# Should-Start:
+# Should-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 Firewall
+### END INIT INFO
+
+
+# -------------
+# - Settings
+# -------------
+
+ipt_conf_dir="/etc/ipt-firewall"
+
+inc_functions_file="${ipt_conf_dir}/include_functions.conf"
+
+load_modules_file=${ipt_conf_dir}/load_modules_ipv4.conf
+
+conf_logging=${ipt_conf_dir}/logging_ipv4.conf
+conf_interfaces=${ipt_conf_dir}/interfaces_ipv4.conf
+conf_default_ports=${ipt_conf_dir}/default_ports.conf
+conf_main=${ipt_conf_dir}/main_ipv4.conf
+conf_post_declarations=${ipt_conf_dir}/post_decalrations.conf
+
+# -------------
+# - Some checks and preloads..
+# -------------
+
+ipt=$(which iptables)
+
+if [[ -z "$ipt" ]] ; then
+   echo ""
+   echo -e "\tiptables was not found on this server!"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+fi
+
+if [[ ! -f "$inc_functions_file" ]] ; then
+   echo ""
+   echo -e "\tMissing include file '$inc_functions_file'"
+   echo
+   echo -e "\tFirewall Script was stopped!"
+   echo
+   exit 1
+else
+   source $inc_functions_file
+fi
+
+if [[ ! -f "$load_modules_file" ]]; then
+   warn "No modules for loading configured. Missing file '$load_modules_file'!"
+else
+
+   while read -r module ; do
+      if ! lsmod | grep -q -E "^$module\s+" ; then
+         /sbin/modprobe  $module > /dev/null 2>&1
+         if [[ "$?" != "0" ]]; then
+            warn "Loading module '$module' failed!"
+         fi
+      fi
+   done < <(sed -ne 's/^[[:space:]]*\([^#].*\)[[:space:]]*/\1/p' $load_modules_file)
+
+fi
+
+if [[ ! -f "$conf_logging" ]]; then
+   fatal "Missing configuration for logging - file '$conf_logging'"
+else
+   source $conf_logging
+fi
+
+if [[ ! -f "$conf_default_ports" ]]; then
+   fatal "Missing configuration for default_ports - file '$conf_default_ports'"
+else
+   source $conf_default_ports
+fi
+
+if [[ ! -f "$conf_interfaces" ]]; then
+   fatal "Missing interface configurations  - file '$conf_interfaces'"
+else
+   source $conf_interfaces
+fi
+
+if [[ ! -f "$conf_main" ]]; then
+   fatal "Missing main configurations  - file '$conf_main'"
+else
+   source $conf_main
+fi
+
+if [[ ! -f "$conf_post_declarations" ]]; then
+   fatal "Missing post declarations  - file '$conf_post_declarations'"
+else
+   source $conf_post_declarations
+fi
+
+
+echo
+if $terminal ; then
+   echo -e "\033[37m\033[1m\tStarting firewall iptables (IpV4)..\033[m"
+else
+   echo "Starting firewall iptables (IpV4).."
+fi
+echo
+
+
+# -------------
+# --- Activate IP Forwarding
+# -------------
+
+## - IP Forwarding aktivieren/deaktivieren. 
+## -
+## - Dieses benötigen wir lediglich bei einem Rechner in mehreren Netzen. 
+## - Es ist anzuraten, diese Einstellung vor allen anderen vorzunehmen, 
+## - weil hiermit auch andere (de)aktiviert werden.
+## -
+if $kernel_activate_forwarding ; then
+   echo 1 > /proc/sys/net/ipv4/ip_forward
+   echononl "\tActivate Forwarding.."
+   echo_done
+else
+   echo 0 > /proc/sys/net/ipv4/ip_forward
+   echononl "\t\033[33m\033[1mDisable Forwarding.."
+   echo_done
+fi
+
+if $kernel_support_dynaddr ; then
+   echononl "\tActivate kernel support for dynamic addresses.."
+   if [[ -n $dynaddr_flag ]] && [[ $dynaddr_flag =~ ^-?[0-9]+$ ]]; then
+      echo $dynaddr_flag > /proc/sys/net/ipv4/ip_dynaddr
+      echo_done
+   else
+      echo_failed
+   fi
+else
+   echo 0 > /proc/sys/net/ipv4/ip_dynaddr
+   echononl "\t\033[33m\033[1mDisable Forwarding..\033[m"
+   echo_done
+fi
+
+# -------------
+# --- Adjust Kernel Parameters (Security/Tuning)
+# -------------
+
+echononl "\tAdjust Kernel Parameters (Security/Tuning).."
+
+if $adjust_kernel_parameters ; then
+   ## - Reduce DoS'ing ability by reducing timeouts
+   ## -
+   if $kernel_reduce_timeouts ; then
+      echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
+      echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
+      echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
+      echo 0 > /proc/sys/net/ipv4/tcp_sack
+   fi
+
+   ## - SYN COOKIES
+   ## -
+   if  $kernel_tcp_syncookies ; then
+      echo 1 > /proc/sys/net/ipv4/tcp_syncookies
+      echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
+      echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
+   fi
+
+   ## - Protection against ICMP bogus error responses
+   ## -
+   if $kernel_protect_against_icmp_bogus_messages ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
+   fi
+
+   ## - Ignore Broadcast Pings
+   ## - 
+   if $kernel_ignore_broadcast_ping ; then
+      echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
+   fi
+
+   ## - Deactivate Source Routed Packets
+   ## - 
+   if $kernel_deactivate_source_route ; then
+      for asr in /proc/sys/net/ipv4/conf/*/accept_source_route ; do
+         echo 0 > $asr
+      done
+   fi
+
+   ## - Deactivate sending ICMP redirects
+   ## -
+   if ! $telekom_internet_tv ; then
+      if $kernel_dont_accept_redirects ; then
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 1 > $rp_filter
+         done
+      else
+         for rp_filter in /proc/sys/net/ipv4/conf/*/rp_filter ; do
+            echo 0 > $rp_filter
+         done
+      fi
+   fi
+
+   ## - Logging of spoofed (source routed" and "redirect") packets
+   ## -
+   if $kernel_log_martians ; then
+      echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
+   fi
+
+   echo_done # Adjust Kernel Parameters (Security/Tuning)
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Set default policies / Flush Rules
+# -------------
+
+echo
+echononl "\tFlushing firewall iptable (IPv4).."
+
+# - default policies
+# -
+$ipt -P INPUT ACCEPT
+$ipt -P OUTPUT ACCEPT
+$ipt -P FORWARD ACCEPT
+
+## - flush chains
+## -
+$ipt -F
+$ipt -F INPUT
+$ipt -F OUTPUT
+$ipt -F FORWARD
+$ipt -F -t mangle
+$ipt -F -t nat
+$ipt -F -t raw
+$ipt -X
+$ipt -Z
+
+$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+
+unset natted_interface_arr
+declare -a natted_interface_arr
+
+for _dev in ${nat_device_arr[@]} ; do
+   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
+done
+
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      # - ?? - Don't know which rule is the right one
+      # -
+      #$ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -s ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
+if $telekom_internet_tv ; then
+   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
+fi
+
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${masquerade_tcp_con_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${_val_arr[3]}" ]] ; then
+         no_if_for_ip_arr+=("${_val_arr[1]}")
+         continue
+      fi
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE
+   done
+fi
+
+#echo_done # Flushing firewall iptable (IPv4)..
+if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+   echo_warning
+   for _ip in ${no_if_for_ip_arr[@]} ; do
+      warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!"
+   done
+else
+   echo_done
+fi
+echo
+
+
+# -------------
+# - Log given IP Addresses
+# -------------
+
+echononl "\tLog given IP Addresses"
+if [[ ${#log_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${log_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -j LOG --log-prefix "IPv4: $_ip IN: " --log-level $log_level
+      $ipt -A OUTPUT -d $_ip -j LOG --log-prefix "IPv4: $_ip OUT: " --log-level $log_level
+      $ipt -A FORWARD -s $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD FROM: " --log-level $log_level
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "IPv4: $_ip FORWARD TO: " --log-level $log_level
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Stopping firewall if only flushing was requested (parameter flush)
+# -------------
+
+case $1 in
+   flush)
+      warn No firewall rules are active!
+      exit 0;;
+esac
+
+
+# ---
+# - Stop here, if no extern interface is configured
+# ---
+
+if [[ ${#ext_if_arr[@]} -lt 1 ]] ; then
+   fatal "No extern Interface is configured!"
+fi
+
+
+
+# -------------
+# --- Traffic Shaping
+# -------------
+
+echo ""
+if $terminal ; then
+   echononl "\033[37m\033[1m\tStarting outbound shaping...\033[m"
+else
+   echo -n "Starting outbound shaping"
+fi
+
+if $TRAFFIC_SHAPING  && [[ -n "$TC_DEV" ]] ; then
+
+   tc=$(which tc)
+
+   if [[ -z "$tc" ]]; then
+      echo_skipped
+      warn "'tc'-programm not found. Outbound shaping was ommitted!"
+   else
+
+      ## - Löschen aller Klassen für $TC_DEV und der Filterregeln
+      ## -
+      $tc qdisc del dev $TC_DEV root 2> /dev/null > /dev/null
+      $ipt -t mangle -D POSTROUTING -o $TC_DEV -j MYSHAPER-OUT 2> /dev/null > /dev/null
+      $ipt -t mangle -F MYSHAPER-OUT 
+      $ipt -t mangle -X MYSHAPER-OUT
+
+
+      # add HTB root qdisc
+      $tc qdisc add dev $TC_DEV root handle 1:0 htb default 26
+
+      # add main rate limit class(es)
+      $tc class add dev $TC_DEV parent 1: classid 1:1 htb rate ${LIMIT_UP}kbit 
+
+      # create fair-share-classes, descending priority 
+      $tc class add dev $TC_DEV parent 1:1 classid 1:20 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 0
+      $tc class add dev $TC_DEV parent 1:1 classid 1:21 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 1
+      $tc class add dev $TC_DEV parent 1:1 classid 1:22 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 2
+      $tc class add dev $TC_DEV parent 1:1 classid 1:23 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 3
+      $tc class add dev $TC_DEV parent 1:1 classid 1:24 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 4
+      $tc class add dev $TC_DEV parent 1:1 classid 1:25 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 5
+      $tc class add dev $TC_DEV parent 1:1 classid 1:26 htb rate ${LIMIT_CLASS}kbit ceil ${LIMIT_UP}kbit prio 6
+
+
+      # attach qdisc to leaf classes 
+      #
+      #    here we at SFQ to each priority class.  SFQ insures that
+      #    within each class connections will be treated (almost) fairly.
+      $tc qdisc add dev $TC_DEV parent 1:20 handle 20: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:21 handle 21: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:22 handle 22: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:23 handle 23: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:24 handle 24: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:25 handle 25: sfq perturb 10
+      $tc qdisc add dev $TC_DEV parent 1:26 handle 26: sfq perturb 10
+
+
+      # filter traffic into classes by fwmark
+      #
+      #    here we direct traffic into priority class according to
+      #    the fwmark set on the packet (we set fwmark with iptables
+      #    later).  Note that above we've set the default priority
+      #    class to 1:26 so unmarked packets (or packets marked with
+      #    unfamiliar IDs) will be defaulted to the lowest priority
+      #    class.
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
+      $tc filter add dev $TC_DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
+
+
+      # add MYSHAPER-OUT chain to the mangle table in iptables
+      #
+      #    this sets up the table we'll use
+      #    to filter and mark packets.
+      $ipt -t mangle -N MYSHAPER-OUT
+      $ipt -t mangle -I POSTROUTING -o $TC_DEV -j MYSHAPER-OUT
+
+
+      # add fwmark entries to classify different types of traffic
+      #
+      #    Set fwmark from 20-26 according to
+      #    desired class. 20 is highest prio.
+
+      # mark 20 - high prio 0
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 20
+      $ipt -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
+
+      # mark 21 - high prio 1 
+      #    - DNS Service
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
+
+      # mark 22 - high prio 2
+      #    - VoIP SIP (sip ports, rtp ports, stun ports(3478))
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${RTP_PORTS_START}:${RTP_PORTS_END} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --dport ${SIP_PORT_REMOTE} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp --sport ${SIP_PORT_LOCAL} -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p udp -m multiport --dport ${STUN_PORTS} -j RETURN
+
+      # mark 23 - prio 3
+      #    - OpenVPN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --sport 1094,1095 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 23
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j MARK --set-mark 23 
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp --sport 22 -j RETURN
+
+      # mark 24 - prio 4
+      #    - WWW
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j MARK --set-mark 24
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 80,443 -j RETURN
+
+
+      # mark 25 - prio 5
+      #    - Mailtraffic
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j MARK --set-mark 25
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m multiport --dport 587,110,995,143,993 -j RETURN
+
+
+      # Remaining packets are marked according to TOS
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark 22
+      $ipt -t mangle -A MYSHAPER-OUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark 25
+      # redundant- mark any unmarked packets as 26 (low prio)
+      $ipt -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26
+
+      echo_done
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Provide (Telekom) IP TV
+# ---
+
+echo
+echononl "\tProvide (Telekom) Internet TV"
+
+if $telekom_internet_tv && [[ -n "$tv_local_if" ]] ; then
+
+   # - Telekom VDSL - Rules for IPTV 
+   # -
+   $ipt -A INPUT -i $tv_local_if -p igmp -s $tv_ip -j ACCEPT
+   #$ipt -A INPUT -i $tv_local_if -p igmp -j DROP
+
+   $ipt -A FORWARD -s $tv_ip -j ACCEPT
+   $ipt -A FORWARD -d $tv_ip -j ACCEPT
+
+   $ipt -A FORWARD -i $tv_ip -j ACCEPT
+   $ipt -A FORWARD -o $tv_ip -j ACCEPT
+
+
+   # - Forward all networks defined defind by igmpproxy
+   # - (see: phyint eth2.8 upstream  ratelimit 0  threshold 1)
+   #
+   #$ipt -A FORWARD -s 217.0.119.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 193.158.35.0/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 239.35.100.6/24 -d 224.0.0.0/4 -j ACCEPT
+   #$ipt -A FORWARD -s 93.230.64.0/19 -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -s 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -d 224.0.0.0/4 -j ACCEPT
+
+   $ipt -A INPUT -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A INPUT -i $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A OUTPUT -o $tv_local_if -d 224.0.0.0/4 -j ACCEPT
+
+   #$ipt -A FORWARD -d 224.0.0.0/4 -j ACCEPT
+   $ipt -A FORWARD -i $tv_local_if -o $tv_extern_if -j ACCEPT
+   $ipt -A FORWARD -i $tv_extern_if -d 224.0.0.0/4 -j ACCEPT
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Pass through Devices Interfaces (not firewalled)
+# -------------
+
+if [[ ${#unprotected_if_arr[@]} -gt 0 ]]; then
+   echononl "\tPass through Devices (not firewalled)"
+   for _dev in ${unprotected_if_arr[@]} ; do
+      if $log_unprotected || $log_all ; then
+         $ipt -A INPUT -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+            $ipt -A FORWARD -o $_dev -j LOG --log-prefix "$log_prefix Not firewalled ${_dev}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -j ACCEPT
+         $ipt -A FORWARD -o $_dev -j ACCEPT
+      fi
+   done
+   echo_done
+fi
+
+
+
+# -------------
+# --- Block IPs / Networks / Interfaces
+# -------------
+echononl "\tBlock IPs / Networks / Interfaces.."
+
+
+# ---
+# - Block IPs
+# ---
+
+for _ip in $blocked_ips ; do
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_blocked_ip || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -s $_ip -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+      fi
+   done
+done
+
+
+# ---
+# - Block Interfaces
+# ---
+
+for _if in ${blocked_if_arr[@]} ; do
+   if $log_blocked_if || $log_all ; then
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+         $ipt -A FORWARD -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      fi
+      $ipt -A INPUT -i $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+      $ipt -A OUTPUT -o $_if -j LOG --log-prefix "$log_prefix Blocked IF ${_if}: " --log-level $log_level
+   fi
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -i $_if -j DROP
+      $ipt -A FORWARD -o $_if -j DROP
+   fi
+   $ipt -A INPUT -i $_if -j DROP
+   $ipt -A OUTPUT -o $_if -j DROP
+done
+
+echo_done # Block IPs / Networks / Interfaces..
+
+
+
+# ---
+# - Block IPs/Netwoks reading from file 'ban_ipv4.list'"
+# ---
+
+echononl "\tBlock IPs/Netwoks reading from file 'ban_ipv4.list' .."
+
+if [[ -f "${ipt_conf_dir}/ban_ipv4.list" ]] ; then
+
+   declare -a octets
+   declare -i index
+
+   while IFS='' read -r _line || [[ -n $_line ]] ; do
+
+      is_valid_ipv4=true
+      is_valid_mask=true
+      ipv4=""
+      mask=""
+      
+      # Ignore comment lines
+      #
+      [[ $_line =~ ^[[:space:]]{0,}# ]] && continue
+
+      # Ignore blank lines
+      #
+      [[ $_line =~ ^[[:space:]]*$ ]] && continue
+
+      # Remove leading whitespace characters
+      #
+      _line="${_line#"${_line%%[![:space:]]*}"}"
+
+
+      # Catch IPv4 Address
+      #
+      given_ipv4="$(echo  $_line | cut -d ' ' -f1)"
+
+
+      # Splitt Ipv4 address from possible given CIDR number
+      #
+      IFS='/' read -ra _addr <<< "$given_ipv4"
+      _ipv4="${_addr[0]}"
+
+      if [[ -n "${_addr[1]}" ]] ; then
+         _mask="${_addr[1]}"
+         test_netmask=false
+
+         # Is 'mask' a valid CIDR number? If not, test agains a valid netmask
+         #
+         if $(test -z "${_mask##*[!0-9]*}" > /dev/null 2>&1) ; then
+
+            # Its not a vaild mask number, but naybe a valit netmask.
+            # 
+            test_netmask=true
+         else
+            if [[ $_mask -gt 32 ]]; then
+
+               # Its not a vaild cidr number, but naybe a valit netmask.
+               # 
+               test_netmask=true
+            else
+
+               # OK, we have a vaild cidr number between '0' and '32'
+               #
+               mask=$_mask
+            fi
+         fi
+
+         # Test if given '_mask' is a valid netmask.
+         #
+         if $test_netmask ; then
+            octets=( ${_mask//\./ } )
+
+            # Complete netmask if necessary
+            #
+            while [[ ${#octets[@]} -lt 4 ]]; do
+               octets+=(0)
+            done
+
+            [[ ${#octets[@]} -gt 4 ]] && is_valid_mask=false
+
+            index=0
+            for octet in ${octets[@]} ; do
+               if [[ ${octet} =~ ^[0-9]{1,3}$ ]] ; then
+                  if [[ $octet -gt 255 ]] ; then
+                     is_valid_mask=false
+                  fi
+                  if [[ $index -gt 0 ]] ; then
+                     mask="${mask}.${octet}"
+                  else
+                     mask="${octet}"
+                  fi
+                  
+               else
+                  is_valid_mask=false
+               fi
+
+               ((index++))
+            done
+         fi
+
+         adjust_mask=false
+      else
+         mask=32
+         adjust_mask=true
+      fi
+
+      # Splitt given address into their octets
+      #
+      octets=( ${_ipv4//\./ } )
+
+      # Complete IPv4 address if necessary
+      #
+      while [[ ${#octets[@]} -lt 4 ]]; do
+         octets+=(0)
+
+         # Only adjust CIDR number if not given
+         #
+         if $adjust_mask ; then
+            mask="$(expr $mask - 8)"
+         fi
+      done
+
+      # Pre-check if given IPv4 Address seems to be a valid address
+      #
+      [[ ${#octets[@]} -gt 4 ]] && is_valid_ipv4=false
+
+      # Check if given IPv4 Address is a valid address
+      #
+      if $is_valid_ipv4 ; then
+         index=0
+         for octet in ${octets[@]} ; do
+            if [[ ${octet} =~ ^[0-9]{1,3}$ ]] ; then
+               if [[ $octet -gt 255 ]] ; then
+                  is_valid_ipv4=false
+               fi
+               if [[ $index -gt 0 ]] ; then
+                  ipv4="${ipv4}.${octet}"
+               else
+                  ipv4="${octet}"
+               fi
+               
+            else
+               is_valid_ipv4=false
+            fi
+
+            ((index++))
+         done
+      fi
+
+      if $is_valid_ipv4 && $is_valid_mask; then
+
+         _ip="${ipv4}/${mask}"
+
+         for _dev in ${ext_if_arr[@]} ; do
+            if $log_blocked_ip || $log_all ; then
+               $ipt -A INPUT -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+               if $kernel_activate_forwarding ; then
+                  $ipt -A FORWARD -i $_dev -s $_ip -j LOG --log-prefix "$log_prefix Blocked ${_ip}: " --log-level $log_level
+               fi
+            fi
+            $ipt -A INPUT -i $_dev -s $_ip -j DROP
+            if $kernel_activate_forwarding ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -j DROP
+            fi
+         done
+
+
+      else
+         msg="$msg '${given_ipv4}'"
+      fi
+
+   done < "${ipt_conf_dir}/ban_ipv4.list"
+   echo_done
+
+   if [[ -n "$msg" ]]; then
+      warn "Ignored:$msg"
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow Forwarding certain private Addresses
+# ---
+
+echononl "\tAllow forwarding (private) IPs / IP-Ranges.."
+if [[ ${#forward_private_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${forward_private_ip_arr[@]}; do
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -d $_ip -j ACCEPT
+         $ipt -A FORWARD -s $_ip -j ACCEPT
+         echo_done
+      else
+         echo_skipped
+      fi
+   done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Protections against several attacks / unwanted packages
+# -------------
+echo
+echononl "\tProtections against several attacks / unwanted packages.."
+
+if $protect_against_several_attacks ; then
+
+   # ---
+   # - Protection against syn-flooding
+   # ---
+
+   $ipt -N syn-flood
+   $ipt -A syn-flood -m limit --limit 1/second --limit-burst 3 -j RETURN
+   if $log_syn_flood || $log_all ; then
+      $ipt -A syn-flood -j LOG --log-prefix "$log_prefix SYN flood: " --log-level $log_level
+   fi
+   $ipt -A syn-flood -j DROP
+
+
+   # ---
+   # - Drop Fragments
+   # ---
+
+   # I have to say that fragments scare me more than anything.
+   # Sending lots of non-first fragments was what allowed Jolt2  to effectively "drown"
+   # Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
+   # fragments is very OS-dependent (see this paper for details).
+   # I am not going to trust any fragments.
+   # Log fragments just to see if we get any, and deny them too
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_fragments || $log_all ; then
+         $ipt -A INPUT -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -f -j LOG --log-prefix "$log_prefix IPTABLES FRAGMENTS: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -f -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -f -j DROP
+      fi
+   done
+
+
+   # ---
+   # - drop new packages without syn flag
+   # ---
+
+   #if $log_new_not_sync || $log_all  ; then
+   #   $ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j  LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   $ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j LOG --log-prefix "$log_prefix New but not SYN: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #$ipt -A OUTPUT -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
+   #fi
+
+
+   # ---
+   # - drop invalid packages
+   # ---
+
+   #if $log_invalid_state || $log_all  ; then
+   #   $ipt -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   if $kernel_activate_forwarding ; then
+   #      $ipt -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "$log_prefix Invalid state: " --log-level $log_level
+   #   fi
+   #fi
+   #$ipt -A INPUT -m conntrack --ctstate INVALID -j DROP
+   #if $kernel_activate_forwarding ; then
+   #   $ipt -A FORWARD -m conntrack --ctstate INVALID -j DROP
+   #fi
+
+
+   # ---
+   # - ungewöhnliche Flags verwerfen
+   # ---
+
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_invalid_flags || $log_all ; then
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j LOG --log-prefix "$log_prefix Invalid flags: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+      $ipt -A INPUT -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
+         $ipt -A FORWARD -i $_dev -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse private addresses on extern interfaces
+   # ---
+
+   # Refuse packets claiming to be from a 
+   #   Class A private network
+   #   Class B private network
+   #   Class C private network
+   #   loopback interface
+   #   Class D multicast address
+   #   Class E reserved IP address
+   #   broadcast address
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed || $log_all ; then
+         $ipt -A INPUT -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+         $ipt -A INPUT -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+         #$ipt -A INPUT -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         #
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix Class A private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix Class B private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix Class C private net: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $loopback -j LOG --log-prefix "$log_prefix From Loopback: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_d_multicast -j LOG --log-prefix "$log_prefix Class D Multicast: " --log-level $log_level
+            $ipt -A FORWARD -i $_dev -s $class_e_reserved -j LOG --log-prefix "$log_prefix Class E reserved: " --log-level $log_level
+            #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j LOG --log-prefix "$log_prefix Broadcast Address: " --log-level $log_level
+         fi
+      fi
+      # Refuse packets claiming to be from a Class A private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_a -j DROP
+      # Refuse packets claiming to be from a Class B private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_b -j DROP
+      # Retfuse packets claiming to be from a Class C private network.
+      $ipt -A INPUT -i $_dev -s $priv_class_c -j DROP
+      # Refuse packets claiming to be from loopback interface.
+      $ipt -A INPUT -i $_dev -s $loopback -j DROP
+      # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+      $ipt -A INPUT -i $_dev -s $class_d_multicast -j DROP
+      # Refuse Class E reserved IP addresses.
+      $ipt -A INPUT -i $_dev -s $class_e_reserved -j DROP
+      # Refuse broadcast address packets.
+      #$ipt -A INPUT -i $_dev -d $broadcast_addr -j DROP
+      if $kernel_activate_forwarding ; then
+         # Refuse packets claiming to be from a Class A private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_a -j DROP
+         # Refuse packets claiming to be from a Class B private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_b -j DROP
+         # Refuse packets claiming to be from a Class C private network.
+         $ipt -A FORWARD -i $_dev -s $priv_class_c -j DROP
+         # Refuse packets claiming to be from loopback interface.
+         $ipt -A FORWARD -i $_dev -s $loopback -j DROP
+         # Refuse Class D multicast addresses. Multicast is illegal as a source address.
+         $ipt -A FORWARD -i $_dev -s $class_d_multicast -j DROP
+         # Refuse Class E reserved IP addresses.
+         $ipt -A FORWARD -i $_dev -s $class_e_reserved -j DROP
+         # Refuse broadcast address packets.
+         #$ipt -A FORWARD -i $_dev -d $broadcast_addr -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Refuse packets claiming to be to the loopback interface.
+   # ---
+
+   # Refusing packets claiming to be to the loopback interface protects against
+   # source quench, whereby a machine can be told to slow itself down by an icmp source
+   # quench to the loopback.
+   for _dev in ${ext_if_arr[@]} ; do
+      if $log_to_lo || $log_all ; then
+         $ipt -A INPUT -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -d $loopback -j LOG --log-prefix "$log_prefix To Loopback: " --log-level $log_level
+         fi
+      fi
+      $ipt -A INPUT -i $_dev -d $loopback -j DROP
+      if $kernel_activate_forwarding  ; then
+         $ipt -A FORWARD -i $_dev -d $loopback -j DROP
+      fi
+   done
+
+
+   # ---
+   # - Don't allow spoofing from that server
+   # ---
+
+   for _dev in ${dsl_device_arr[@]} ; do
+      if $log_spoofed_out || $log_all ; then
+         $ipt -A OUTPUT -o $_dev -s $priv_class_a -j LOG --log-prefix "$log_prefix out Class A: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_b -j LOG --log-prefix "$log_prefix out Class B: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $priv_class_c -j LOG --log-prefix "$log_prefix out Class C: " --log-level $log_level
+         $ipt -A OUTPUT -o $_dev -s $loopback -j LOG --log-prefix "$log_prefix out Loopback: " --log-level $log_level
+      fi
+      $ipt -A OUTPUT -o $_dev -s $priv_class_a -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_b -j DROP
+      $ipt -A OUTPUT -o $_dev -s $priv_class_c -j DROP
+      $ipt -A OUTPUT -o $_dev -s $loopback -j DROP
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log VoIP Traffic (local telephone systems ( ${tel_sys_ip_arr[@]})
+# -------------
+
+if $log_voip || $log_all ; then
+   for _ip in ${tel_sys_ip_arr[@]} ; do
+      $ipt -A FORWARD -d $_ip -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+   done
+fi
+#for _PORT in ${VOIP_PORTS} ; do
+#   $ipt -A FORWARD -p udp --sport $_PORT -j LOG --log-prefix "$log_prefix [VoIP] " --log-level $log_level
+#done
+
+
+# -------------
+# ------------- Stopping firewall here if requested (parameter stop)
+# -------------
+
+
+case $1 in
+   sto*)
+      echo
+      if $terminal ; then
+         echo -e "\t\033[37m\033[1mStop was requested. No more firewall rules..\033[m"
+      else
+         echo "Stop was requested. No more firewall rules.."
+      fi
+      echo
+      exit 0;;
+esac
+
+
+echo
+
+
+# -------------
+# --- iPerf
+# -------------
+
+# iPerf is a tool for active measurements of the maximum achievable bandwidth on IP networks. 
+# It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, 
+# SCTP with IPv4 and IPv6). For each test it reports the bandwidth, loss, and other parameters.
+
+echononl "\tCreate \"iPerf\" rules.."
+if $create_iperf_rules ; then
+   $ipt -A INPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A INPUT -p tcp --sport 5001 -j ACCEPT
+   #
+   $ipt -A OUTPUT -p tcp --dport 5001 -j ACCEPT
+   $ipt -A OUTPUT -p tcp --sport 5001 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -p tcp --dport 5001 -j ACCEPT
+      $ipt -A FORWARD -p tcp --sport 5001 -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Drop packets not wanted on gateway
+# ---
+
+echononl "\tDrop packets not wanted on gateway"
+
+for _dev in ${local_if_arr[@]} ; do
+   if $log_not_wanted || $log_all ; then
+      if $not_wanted_ident ; then
+         $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      fi
+      for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+      for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -j LOG --log-prefix "$log_prefix not wanted: " --log-level $log_level
+      done
+   fi
+   if $not_wanted_ident ; then
+      $ipt -A INPUT -i $_dev -p tcp --dport $standard_ident_port -j REJECT --reject-with tcp-reset 
+   fi
+   for _port in ${not_wanted_on_gw_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $_port -j DROP
+   done
+   for _port in ${not_wanted_on_gw_udp_port_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p udp --dport $_port -j DROP
+   done
+done
+
+echo_done
+
+
+# -------------
+# --- Generally prohibited from WAN
+# -------------
+
+echononl "\tGenerally prohibited from WAN"
+
+for _dev in ${ext_if_arr[@]} ; do
+   if $log_prohibited || $log_all ; then
+      if $block_ident ; then
+         $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A INPUT -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+      done
+      if $kernel_activate_forwarding ; then
+         if $block_ident ; then
+            $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         fi
+         for _port in ${block_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+         for _port in ${block_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -i $_dev --dport $_port -j LOG --log-prefix "$log_prefix gen. prohibited: " --log-level $log_level
+         done
+      fi
+   fi
+   if $block_ident ; then
+       $ipt -A INPUT -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+   fi
+   for _port in ${block_tcp_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $_port -j DROP
+   done
+   for _port in ${block_udp_port_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev --dport $_port -j DROP
+   done
+   if $kernel_activate_forwarding ; then
+      if $block_ident ; then
+         $ipt -A FORWARD -p tcp -i $_dev --dport $standard_ident_port -j REJECT --reject-with tcp-reset
+      fi
+      for _port in ${block_tcp_port_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -i $_dev --dport $_port -j DROP
+      done
+      for _port in ${block_udp_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -i $_dev --dport $_port -j DROP
+      done
+   fi
+done
+
+echo_done
+echo
+
+
+# -------------
+# --- Traffic generally allowed
+# -------------
+
+echononl "\tLoopback device generally allowed.."
+
+# ---
+# - Loopback device
+# ---
+
+$ipt -A INPUT -i lo -j ACCEPT
+$ipt -A OUTPUT -o lo -j ACCEPT
+
+echo_done
+
+
+# ---
+# - Allow all Traffic from source mac-address
+# ---
+
+echononl "\tAllow all Traffic from MAC Source-Address"
+
+if [[ ${#allow_all_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_all_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow local Traffic from source mac-address
+# ---
+
+echononl "\tAllow local Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_local_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_local_mac_src_address_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -m mac --mac-source $_mac -j ACCEPT
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Allow remote Traffic from source mac-address
+# ---
+
+echononl "\tAllow remote Traffic from MAC Source-Address"
+
+
+if [[ ${#allow_remote_mac_src_address_arr[@]} -gt 0 ]] ; then
+   for _mac in ${allow_remote_mac_src_address_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+         if $kernel_activate_forwarding ; then
+            $ipt -A FORWARD -o $_dev -m mac --mac-source $_mac -j ACCEPT
+         fi
+      done 
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Already established connections
+# ---
+
+echononl "\tAccept already established connections.."
+
+$ipt -A INPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+$ipt -A OUTPUT -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+if $kernel_activate_forwarding ; then
+   $ipt -A FORWARD -p ALL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+echo_done
+
+
+# ---
+# - Permit all traffic through VPN lines
+# ---
+echononl "\tPermit all traffic through VPN lines.."
+for _vpn_if in ${vpn_if_arr[@]} ; do
+   $ipt -A INPUT -i $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      for _local_dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_vpn_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+done
+echo_done
+
+
+
+# ---
+# - Telefon Systems
+# ---
+
+echononl "\tAllow all Traffic between Telefon Systems"
+if [[ ${#tele_sys_ip_arr[@]} -gt 1 ]] && $allow_between_tele_systems && ! $permit_between_local_networks ; then
+   for _ip_1 in ${tele_sys_ip_arr[@]} ; do
+      for _ip_2 in ${tele_sys_ip_arr[@]} ; do
+         #[[ "$_ip_1" = "$_ip_2" ]] && continue
+         $ipt -A FORWARD -s $_ip_1 -d $_ip_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telefon Systems to remote SIP-Server
+# ---
+
+echononl "\tTelefon System to remote SIP-Server"
+if [[ ${#tele_sys_ip_arr[@]} -gt 0 ]] ; then
+   if [ -z "$tele_sys_remote_sip_server_port" -o -z "$tele_sys_local_sip_server_port" ] ; then
+      echo_failed
+      warn "Local or remote SIP Port not given"!
+   else
+      for _ip in ${tele_sys_ip_arr[@]} ; do
+         $ipt -A FORWARD -p udp -s $_ip --sport $tele_sys_local_sip_server_port \
+            --dport $tele_sys_remote_sip_server_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - All request from local networks to the internet
+# ---
+
+echononl "\tPermit all traffic from local networks to the internet.."
+if $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p ALL -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Networks not firewalled through extern interfaces
+# ---
+
+echononl "\tAllow these local networks any access to the internet"
+if [[ ${#any_access_to_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_local_net_to_inet ; then
+
+   for _net in ${any_access_to_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p ALL -s $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\tAllow these local networks any access from the internet"
+if [[ ${#any_access_from_inet_network_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${any_access_from_inet_network_arr[@]}; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ALL -d $_net -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given extern networks
+# ---
+
+echononl "\tAllow local services from given extern networks"
+if [[ ${#allow_ext_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in "${allow_ext_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         if containsElement "${_val_arr[1]}" "${gateway_ipv4_address_arr[@]}" ; then
+            $ipt -A INPUT -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+   
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from extern address/network to local address/network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from extern to local network/address"
+
+if [[ ${#allow_ext_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _val in ${allow_ext_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Block all extern traffic to (given) local network
+# ---
+
+echononl "\tBlock all extern traffic to (given) local network"
+if [[ ${#block_all_ext_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   _found=false
+   for _net in ${block_all_ext_to_local_net_arr[@]} ; do
+      for _dev in ${ext_if_arr[@]} ; do
+
+         # - Traffic recieved on natted interfaces will be ommitted!
+         # -
+         if containsElement "$_dev" "${nat_device_arr[@]}" ; then
+            continue
+         else
+            _found=true
+         fi
+
+         $ipt -A FORWARD -p ALL -i $_dev -d $_net -m conntrack --ctstate NEW -j DROP
+
+      done
+   done
+
+   if $_found ; then
+      echo_done
+   else
+      echo_skipped
+   fi
+
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local services from given local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local services from given local networks"
+if [[ ${#allow_local_net_to_local_service_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in "${allow_local_net_to_local_service_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ${_val_arr[3]} -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         if [[ "${_val_arr[3]}" = "tcp" ]]; then
+            $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --dport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --sport ${_val_arr[2]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+   
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local network to local ip-address
+# ---
+
+echononl "\tAllow all traffic from local network to local ip-address"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_net_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from local ip-address to local network
+# ---
+
+echononl "\tAllow all traffic from local ip-address to local network"
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+if [[ ${#allow_local_ip_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_ip_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow all traffic from (one) local network to (another) local network
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow all traffic from local network to (another) local network"
+
+if [[ ${#allow_local_net_to_local_net_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_net_to_local_net_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -s ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Allow local ip address from given local interface
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tAllow local ip address from given local interface"
+
+if [[ ${#allow_local_if_to_local_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding ; then
+
+   for _val in ${allow_local_if_to_local_ip_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      $ipt -A FORWARD -p ALL -i ${_val_arr[0]} -d ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -i ${_val_arr[0]} -d ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -o ${_val_arr[0]} -s ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local networks
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local networks.."
+
+if [[ ${#separate_local_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _net in ${separate_local_network_arr[@]}; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -o $_dev -p all -s $_net -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Separate local interfaces
+# ---
+
+# - !! Note:
+# -    does NOT depend on settings 'permit_between_local_networks' !!
+# -
+echononl "\tSeparate local interfaces.."
+
+if [[ ${#separate_local_if_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _dev_1 in ${separate_local_if_arr[@]}; do
+      for _dev_2 in ${local_if_arr[@]} ; do
+         [[ "$_dev_1" = "$_dev_2" ]] && continue
+         $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p all -j DROP
+         $ipt -A FORWARD -i $_dev_2 -o $_dev_1 -p all -j DROP
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Permit all traffic between local networks
+# ---
+
+echononl "\tPermit all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            # - Notice:
+            # - In case of routing multiple netwoks on the same interface or 
+            # - using alias interfaces like eth0:0, you need a rule with
+            # - incomming- and outgoing interface are equal!
+            # -
+            # - So DON'T add statement like this:
+            # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+            # -
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --tcp-flag ACK ACK -j ACCEPT
+            fi
+
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Services
+# -------------
+
+echo
+if $terminal ; then
+   echo -e "\t\033[37m\033[1mAdd Rules for Services..\033[m"
+else
+   echo "Add Rules for Services.."
+fi
+
+
+# ---
+# - IPv6 over IPv4 (Tunnel Provider SixXS)
+# ---
+
+echononl "\t\tIPv6 Tunnel SixXS"
+if $local_sixxs_service ; then
+   if [ -n "$tic_server" -a -n "$six_pop_server" ]; then
+      # TIC (tunnel information & control) packages, from/to tic.sixxs.net
+      $ipt -A OUTPUT -p tcp -d $tic_server --dport 3874 -m conntrack --ctstate NEW -j ACCEPT
+
+      # heartbeat packets (outgoing only)
+      $ipt -A OUTPUT -p udp -d $six_pop_server --dport 3740 -m conntrack --ctstate NEW -j ACCEPT
+
+      # 6over4 tunnel packets
+      $ipt -A OUTPUT -p 41 -d $six_pop_server -j ACCEPT
+      $ipt -A INPUT -p 41 -d $six_pop_server -j ACCEPT
+
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP
+# ---
+
+echononl "\t\tLocal DHCP Client"
+
+if [[ ${#dhcp_client_interfaces_arr[@]} -gt 0 ]] ; then
+   for _dev in ${dhcp_client_interfaces_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp -m udp -d 255.255.255.255 --dport 67 -j ACCEPT
+      $ipt -A INPUT -i $_dev -p udp -m udp --dport 68 -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+echononl "\t\tDHCP"
+
+if $local_dhcp_service ; then
+   # - Allow requests from intern networks
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+      # - out
+      $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DHCP Failover
+# ---
+
+echononl "\t\tDHCP Failover Server"
+if $local_dhcp_service && [[ ${#dhcp_failover_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${dhcp_failover_server_ip_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $dhcp_failover_port -s $_ip -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $dhcp_failover_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - DNS out only
+# ---
+
+echononl "\t\tDNS out only"
+
+# - Nameservers on the INET must be reachable for the local recursiv nameserver
+# - but also for all others
+# -
+for _dev in ${ext_if_arr[@]} ; do
+   # - out from local and virtual mashine(s)
+   $ipt -A OUTPUT -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+   # - Only useful (needed) if kernel forwarding is activated (kernel_activate_forwarding=true)
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      # - forward from virtual mashine(s)
+      $ipt -A FORWARD -o $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A FORWARD -o $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# ---
+# - DNS Service Gateway
+# ---
+
+echononl "\t\tDNS Service Gateway"
+
+# - Local Nameservice
+# -
+if $local_dns_service ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   # - Allow requests from local networks
+   # -
+   for _dev in ${local_if_arr[@]} ; do
+      # - in
+      $ipt -A INPUT -i $_dev -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -i $_dev -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   # - Zonetransfere (uses tcp/53)
+   # 
+   for _ip in ${dns_server_ips[@]} ; do
+      # - out
+      # -
+      # - local master (here) gets request for a zone from slave ($_ip)
+      $ipt -A INPUT -p tcp -s $_ip --sport $unprivports --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - in
+      # -
+      # - local slave (here) requests zone from master ($_ip)
+      $ipt -A OUTPUT -p tcp --sport $unprivports -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else 
+   echo_skipped
+fi
+
+
+# ---
+# - DNS Services at local Network
+# ---
+
+echononl "\t\tDNS Service local Network"
+
+# - Make nameservers at the local network area rechable for all
+# -
+if [[ ${#dns_server_ip_arr[@]} -gt 0 ]] ; then
+
+   # dns requests 
+   #
+   # Note:
+   #    If the total size of the DNS record is larger than 512 bytes, 
+   #    it will be sent over TCP, not UDP.
+   #
+
+   for _ip in ${dns_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - SSH out only
+# ---
+
+echononl "\t\tSSH out only"
+
+if $allow_ssh_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SSH to everywhere (also LAN)
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_ssh_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service Gateway
+# ---
+
+echononl "\t\tSSH Service Gateway (also from WAN)"
+
+if $local_ssh_service ; then
+   # - Provides SSH in from everywhere
+   for _port in ${ssh_port_arr[@]} ; do
+      $ipt -A INPUT -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services only local Network
+# ---
+
+echononl "\t\tSSH Services only local Network"
+
+if [[ ${#ssh_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${ssh_server_only_local_ip_arr[@]} ; do
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Services DMZ
+# ---
+
+echononl "\t\tSSH Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!ssh_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ssh_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${ssh_port_arr[@]} ; do
+
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+
+         # - From intern
+         if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${ssh_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SSH Service between local Netwotks
+# ---
+
+echononl "\t\tSSH Service between local Netwotks"
+if $allow_ssh_between_local_nets ; then
+   if $kernel_activate_forwarding ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+
+         for _port in ${ssh_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev_1 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         for _dev_2 in ${local_if_arr[@]} ; do
+
+            if ! $permit_between_local_networks ; then
+               # - Notice:
+               # - In case of routing multiple netwoks on the same interface or 
+               # - using alias interfaces like eth0:0, you need a rule with
+               # - incomming- and outgoing interface are equal!
+               # -
+               # - So DON'T add statement like this:
+               # -    [[ "$_dev_2" = "$_dev_1" ]] && continue
+               # -
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+               done
+            fi
+
+            # - Note:
+            # - If (local) alias interfaces like eth1:0 in use, youe need a further
+            # - special rule.
+            # -
+            if [[ "$_dev_2" = "$_dev_1" ]] && $local_alias_interfaces ; then
+               for _port in ${ssh_port_arr[@]} ; do
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --sport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p tcp --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         done
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Cisco kompartibles VPN (FRITZ!Box)
+# ---
+
+echononl "\t\tCisco VPN Service (FRITZ\!Box) only out"
+
+if $allow_cisco_vpn_out && [[ ${#cisco_vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${cisco_vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -p $cisco_vpn_out_protocol -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service only out
+# ---
+
+echononl "\t\tVPN Service only out"
+
+if $allow_vpn_out && [[ ${#vpn_out_port_arr[@]} -gt 0 ]]; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${vpn_out_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+   done
+
+   for _vpn_if in ${vpn_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_vpn_if -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service Gateway
+# ---
+
+echononl "\t\tVPN Service Gateway"
+
+if $local_vpn_service ; then
+
+   # - Cconnection establishment
+   # -
+   for _port in ${vpn_gw_port_arr[@]} ; do
+      $ipt -A INPUT -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - VPN Service DMZ
+# ---
+
+echononl "\t\tVPN Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _ip in ${!vpn_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${vpn_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${vpn_local_net_port_arr[@]} ; do
+         $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+         fi
+      done
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) OUT
+# ---
+
+echononl "\t\tHTTP(S) out only"
+
+if $allow_http_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_http_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - HTTP(S) (local) Webserver
+# ---
+
+echononl "\t\tHTTP(S) Services Gateway"
+# - Access to the local Webservice
+if $local_http_service ; then
+   $ipt -A INPUT -p tcp -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services only local Network
+# ---
+
+echononl "\t\tHTTP(S) Services only local Network"
+# - Access to the Webservices (LAN)
+if [[ ${#http_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${http_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTP(S) Services DMZ
+# ---
+
+echononl "\t\tHTTP(S) Services DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
+   http_port_arr=(${http_ports//,/ })  
+   for _ip in "${!http_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${http_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         if $kernel_activate_forwarding ; then
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+            $ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+         fi
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $http_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $http_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $http_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HTTPS Services DMZ (only port 443)
+# ---
+
+echononl "\t\tHTTPS Services DMZ (only port $standard_https_port)"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!http_ssl_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${http_ssl_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
+         fi
+         $ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_https_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_https_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only out
+# ---
+
+echononl "\t\tMail Services SMTP only out"
+
+if $allow_smtp_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide SMTP out for all to WAN
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -p tcp -o $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SMTP (Relay) Service Gateway
+# ---
+
+echononl "\t\tSMTP (Relay) Service Gateway (only on local network)"
+if $local_smtp_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p tcp -i $_dev --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+   
+
+
+# ---
+# - Mail User Services smtps/pop(s)/imap(s) only out
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only out"
+
+if $allow_mail_request_out && ! $permit_local_net_to_inet ; then
+   # - Provide using Mailservices (WAN) from whole LAN
+   # -
+   # - Not needed from local machine. But for testing pupose (i.e. telnet <port>)
+   # -
+   # - 
+   for _dev in ${ext_if_arr[@]} ; do
+      if $provide_mailservice_from_local ; then
+         # - Note!
+         # - this provides access both to LAN and WAN
+         $ipt -A OUTPUT -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         for _dev in ${ext_if_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp -m multiport --dports $standard_mailuser_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Service SMTP only local Networks
+# ---
+
+echononl "\t\tMail Service SMTP only local Networks"
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_smtp_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $standard_smtp_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+      echo_done
+   done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Services smtps/pop(s)/imap(s) only local Networks
+# ---
+
+echononl "\t\tMail Services smtps/pop(s)/imap(s) only local Networks"
+
+if [[ ${#mail_server_only_local_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${mail_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Mail Server DMZ
+# ---
+
+echononl "\t\tMail Server DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
+   mail_port_arr=(${mail_user_ports//,/ })  
+   mail_port_arr+=("$mail_smtp_port")
+   for _ip in "${!mail_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${mail_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      for _port in ${mail_port_arr[@]}  ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
+         fi
+         $ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
+      done
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip -m multiport --dports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip -m multiport --sports $mail_smtp_port,$mail_user_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP out only
+# ---
+
+echononl "\t\tFTP out only"
+
+if $allow_ftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+            $ipt -A FORWARD -o $_dev -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp --sport $unprivports --dport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_done
+fi
+
+
+# ---
+# - FTP Service Gateway
+# ---
+
+echononl "\t\tFTP Service Gateway"
+
+if $local_ftp_service ; then
+   $ipt -A INPUT -p tcp  --dport $standard_ftp_port --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services only local Network
+# ---
+
+echononl "\t\tFTP Service local Networks"
+if [[ ${#ftp_server_only_local_ip_arr[@]} -gt 0 ]] &&  $kernel_activate_forwarding ; then
+   for _ip in ${ftp_server_only_local_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+
+      if ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --sport $unprivports -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $local_alias_interfaces ; then
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $unprivports --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - FTP Services DMZ
+# ---
+
+echononl "\t\tFTP Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; then
+   IFS=':' read -a ftp_passive_port_arr <<< "${ftp_passive_port_range}"
+   for _ip in "${!ftp_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${ftp_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+      # - From extern
+      if $kernel_activate_forwarding ; then 
+         $ipt -A FORWARD -i ${ftp_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
+            $ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
+         fi
+      fi
+
+      # - From intern
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport 21 -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+
+         # - Control Port
+         $ipt -A FORWARD -p tcp -d $_ip --dport 21 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 21 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port activ
+         $ipt -A FORWARD -p tcp -d $_ip --dport 20 --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport 20 --tcp-flag ACK ACK -j ACCEPT
+         # - Data Port passiv
+         $ipt -A FORWARD -p tcp -d $_ip --sport $unprivports --dport $ftp_passive_port_range --tcp-flag ACK ACK -j ACCEPT
+
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+   
+
+# ---
+# - TFTF Service out only
+# ---
+
+echononl "\t\tTFTF Service out only"
+
+if $allow_tftp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   done
+
+   if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+      $ipt -A FORWARD -o $_dev -p udp --dport $standard_tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - TFTP Service Gateway
+# ---
+
+echononl "\t\tTFTF Service Gateway"
+
+if $local_tftp_service ; then
+   $ipt -A INPUT -p udp --dport $tftp_udp_port  -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Samba Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tSamba Service Gateway (only for local Networks)"
+
+if $local_samba_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${samba_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${samba_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service only between local Networks
+# ---
+
+echononl "\t\tSamba Service only local Networks"
+
+if [[ ${#samba_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${samba_server_local_ip_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_samba_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${samba_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${samba_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Samba Service DMZ
+# ---
+
+echononl "\t\tSamba Service DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in "${!samba_server_dmz_arr[@]}"; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${samba_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From extern
+      if $kernel_activate_forwarding ; then
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               IFS=':' read -a _udp_port_arr <<< ${_port}
+               if [[ -n "${_udp_port_arr[1]}" ]] ; then
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
+               else
+                  $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
+               fi
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -i ${samba_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+
+            # - Nat if interface is on a dsl line
+            # -
+            if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+               $ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
+            fi
+         done
+      fi
+
+      # - From intern
+      for _dev in ${local_if_arr[@]} ; do
+         for _port in ${samba_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+         for _port in ${samba_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $kernel_activate_forwarding && $local_alias_interfaces ; then
+            for _port in ${samba_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      done
+
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service Gateway (only for local Networks)
+# ---
+
+echononl "\t\tLDAP(S) Service Gateway (only for local Networks)"
+
+if $local_ldap_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _port in ${ldap_udp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ldap_tcp_port_arr[@]} ; do
+         $ipt -A INPUT -i $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - LDAP and LDAP SSL Service only between local Networks
+# ---
+
+echononl "\t\tLDAP(S) Service only local Networks"
+
+if [[ ${#ldap_server_local_ip_arr[@]} -gt 0 ]] ; then
+   for _dev in ${local_if_arr[@]} ; do
+      for _ip in ${ldap_server_local_ip_arr[@]} ; do
+         for _port in ${ldap_udp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ldap_tcp_port_arr[@]} ; do
+            $ipt -A OUTPUT -o $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         if $kernel_activate_forwarding && $allow_ldap_between_local_nets && ! $permit_between_local_networks ; then
+
+            for _port in ${ldap_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ldap_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+
+            # - Rule is needed if (local) interface aliases in use (like eth0:1)
+            # -
+            if $local_alias_interfaces ; then
+               for _port in ${ldap_tcp_port_arr[@]} ; do
+                  $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+                  $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+               done
+            fi
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP out only
+# ---
+
+echononl "\t\tNTP Service out only"
+
+if $allow_ntp_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - NTP Service Gateway
+# ---
+
+echononl "\t\tNTP Service Gateway"
+if $local_ntp_service ; then
+   if ! $allow_ntp_request_out ; then
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   fi
+   $ipt -A INPUT -p udp --dport $standard_ntp_port -m conntrack --ctstate NEW -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Timeserver (Port 37 NOT NTP!)"
+# ---
+
+echononl "\t\tTimeserver (Port 37 NOT NTP!) out only"
+
+if $allow_timeserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_timeserver_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - PGP Keyserver out only
+# ---
+
+echononl "\t\tPGP Keyserver out only"
+
+if $allow_pgpserver_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_pgp_keyserver_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Telnet
+# ---
+
+echononl "\t\tTelnet (only OUT)"
+
+if $allow_telnet_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_telnet_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Whois out only
+# ---
+
+echononl "\t\tWhois out only"
+
+if $allow_whois_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_whois_port  -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CPAN Wait only out
+# ---
+
+# - CPAN::WAIT adds some comands to the CPAN shell() to perform searches on 
+# - a WAIT server. It connects to a WAIT server using a simple protocoll 
+# - resembling NNTP as described in RFC977.
+
+echononl "\t\tCPAN Wait only out"
+
+if $allow_cpan_wait_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_cpan_wait_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - HBCI only out (only forward)
+# ---
+
+echononl "\t\tHBCI only out (only forward)"
+
+if $allow_hbci_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_hbci_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Jabber only out 
+# ---
+
+echononl "\t\tJabber only out"
+
+if $allow_jabber_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -o $_dev -p udp --dport $standard_jabber_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Silc only out 
+# ---
+
+echononl "\t\tSilc only out"
+
+if $allow_silc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_silc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IRC (Internet Relay Chat) only out 
+# ---
+
+echononl "\t\tIRC only out"
+
+if $allow_irc_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -p tcp -o $_dev --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_local_net_to_inet ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_irc_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - MySQL
+# ---
+
+echononl "\t\tMySQL (only OUT)"
+
+if $allow_mysql_request_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_mysql_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - CUPS only between local Networks (IPP Port 631)
+# ---
+
+echononl "\t\tCUPS/IPP (Port 631) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_cups_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_cups_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck Port 9100 (RAW) only out between local Networks
+# ---
+
+echononl "\t\tRAW Druck Port 9100 only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Druck LPD (Port 515) only out between local Networks
+# ---
+
+echononl "\t\tDruck LPD (Port 515) only between local Networks"
+
+if $kernel_activate_forwarding && ! $permit_between_local_networks && $allow_printing_between_local_nets ; then
+   for _local_dev_1 in ${local_if_arr[@]} ; do
+      for _local_dev_2 in ${local_if_arr[@]} ; do
+         if ! $local_alias_interfaces ; then
+            [[ "$_local_dev_1" = "$_local_dev_2" ]] && continue
+         fi
+         $ipt -A FORWARD -i $_local_dev_1 -o $_local_dev_2 -p tcp --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -o $_local_dev_1 -p tcp --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Printer
+# ---
+
+echononl "\t\tKnown Printers (Ports: 515/631/9100) only local Networks"
+if [[ ${#printer_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && ! $allow_printing_between_local_nets ; then 
+   for _ip in ${printer_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_ipp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $standard_print_raw_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_ipp_port --tcp-flag ACK ACK -j ACCEPT
+
+            $ipt -A FORWARD -o $_dev -p tcp -d $_ip --dport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $standard_print_raw_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Scanner
+# ---
+
+echononl "\t\tBrother Scanner (Port $brscan_port) only between local Networks"
+
+if [[ ${#brother_scanner_ip_arr[@]} -gt 0 ]] \
+      && $kernel_activate_forwarding \
+      && ! $permit_between_local_networks \
+      && $allow_scanning_between_local_nets ; then 
+   for _ip in ${brother_scanner_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         # - UDP
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+         # - TCP
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s $_ip --sport $brscan_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Other local Services
+# ---
+
+echononl "\t\tOther local Services"
+
+if [[ ${#other_service_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in ${other_service_arr[@]} ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p ${_val_arr[2]} -d ${_val_arr[0]} --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Note:
+         # - If (local) alias interfaces like eth1:0 in use, youe need a further
+         # - special rule.
+         # -
+         if $local_alias_interfaces && [[ "${_val_arr[2]}" = "tcp" ]] ; then
+            $ipt -A FORWARD -i $_dev -p tcp -d ${_val_arr[0]} --dport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -o $_dev -p tcp -s ${_val_arr[0]} --sport ${_val_arr[1]} --tcp-flag ACK ACK -j ACCEPT
+         fi
+      done
+   done
+   echo_ok
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out Gateway 
+# ---
+
+echononl "\t\tRsync (only OUT) Gateway"
+
+if $local_rsync_out ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      for _port in ${rsync_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Rsync only Out from given local machines
+# ---
+
+echononl "\t\tRsync Out from given local machines"
+
+if [[ ${#rsync_out_ip_arr[@]} -gt 0 ]] && $kernel_activate_forwarding && ! $permit_local_net_to_inet; then
+   for _port in ${rsync_port_arr[@]} ; do
+      for _ip in ${rsync_out_ip_arr[@]} ; do
+         $ipt -A FORWARD -p tcp -s $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - SNMP Services local Networks
+# ---
+
+echononl "\t\tSNMP Services local Networks"
+
+if [[ ${#snmp_server_ip_arr[@]} -gt 0 ]] && ! $permit_between_local_networks; then
+   for _ip in ${snmp_server_ip_arr[@]} ; do
+      $ipt -A OUTPUT -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p udp -s $_ip --dport $snmp_port -m conntrack --ctstate NEW -j ACCEPT
+            $ipt -A FORWARD -i $_dev -p udp -d $_ip --dport $snmp_trap_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - WakeOnLan only out into local Networks
+# ---
+
+echononl "\t\tWakeOnLan only out into local Networks"
+$ipt -A OUTPUT -p udp --dport 9 -j ACCEPT
+echo_done
+
+
+# ---
+# - NFS Service (portmapper, mountd, nfs)
+# ---
+
+if $terminal; then
+   echononl "\t\tNFS Service\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tVoIP\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSip\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+
+   echononl "\t\tSkype\t\t\t\t - \033[37m\033[1mNot yet implemented\033[m -"
+   echo -e "\033[75G[ \033[37mskipped\033[m ]"
+else
+   echo "NFS Service - Not yet implemented"
+   echo "VoIP - Not yet implemented"
+   echo "Sip - Not yet implemented"
+   echo "Skype - Not yet implemented"
+fi
+
+
+# ---
+# - PowerChute Network Shutdown local Network
+# ---
+
+echononl "\t\tPowerChute Network Shutdown local Network"
+
+if [[ ${#pcns_server_ip_arr[@]} -gt 0 ]] && [[ -n "$usv_ip" ]] ; then
+
+   for _ip in ${pcns_server_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -p tcp -s $usv_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p udp -s $usv_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A INPUT -p tcp --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -s $usv_ip -d $_ip --dport $pcns_tcp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p udp -s $usv_ip -d $_ip --dport $pcns_udp_port -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_tcp_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -d $_ip --dport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $pcns_web_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) Gateway
+# ---
+
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) Gateway"
+if $local_unifi_controller_service ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A INPUT -p tcp -i $_dev -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Ubiquiti Unifi Controler (Accesspoints) local Network
+# ---
+
+echononl "\t\tUbiquiti Unifi Controler (Accesspoints) local Network"
+if [[ ${#unify_controller_local_net_ip_arr[@]} -gt 0 ]] \
+   && $kernel_activate_forwarding \
+   && ! $permit_between_local_networks ; then
+
+   for _ip_ctl in ${unify_controller_local_net_ip_arr[@]} ; do
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ipt -A FORWARD -i $_dev -p tcp -d $_ip_ctl  -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_dev -p udp -d $_ip_ctl  -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      # - Note:
+      # - If (local) alias interfaces like eth1:0 in use, youe need a further
+      # - special rule.
+      # -
+      if $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip_ctl -m multiport --dports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip_ctl -m multiport --sports $unify_tcp_ports --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) only out
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) only out"
+
+if $allow_ipmi_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+
+      if $kernel_activate_forwarding ; then
+         
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p udp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -o $_dev -p tcp --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - IPMI Tools (e.g. IPMIView) local Networks
+# ---
+
+echononl "\t\tIPMI Tools (e.g. IPMIView) local Networks"
+
+if [[ ${#ipmi_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${ipmi_server_ip_arr[@]} ; do
+
+      for _port in ${ipmi_udp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      for _port in ${ipmi_tcp_port_arr[@]} ; do
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _port in ${ipmi_udp_port_arr[@]} ; do
+            $ipt -A FORWARD -p udp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+         for _port in ${ipmi_tcp_port_arr[@]} ; do
+            $ipt -A FORWARD -p tcp -d $_ip --dport $_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            for _port in ${ipmi_udp_port_arr[@]} ; do
+               $ipt -A FORWARD -p udp -s $_ip --sport $_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+            for _port in ${ipmi_tcp_port_arr[@]} ; do
+               $ipt -A FORWARD -p tcp -d $_ip --dport $_port --tcp-flag ACK ACK -j ACCEPT
+               $ipt -A FORWARD -p tcp -s $_ip --sport $_port --tcp-flag ACK ACK -j ACCEPT
+            done
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) only out
+# ---
+
+echononl "\t\tRemote Console (VNC) only out"
+
+if $allow_remote_console_request_out && ! $permit_local_net_to_inet ; then
+   for _dev in ${ext_if_arr[@]} ; do
+      $ipt -A OUTPUT -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+         $ipt -A FORWARD -o $_dev -p tcp --dport $standard_remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) local Networks
+# ---
+
+echononl "\t\tRemote Console (VNC) local Networks"
+
+
+if [[ ${#rm_server_ip_arr[@]} -gt 0 ]]; then
+   for _ip in ${rm_server_ip_arr[@]} ; do
+
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+      
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Remote Console (VNC) DMZ
+# ---
+
+echononl "\t\tRemote Console (VNC) DMZ"
+unset no_if_for_ip_arr
+declare -a no_if_for_ip_arr
+
+if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
+   for _ip in ${!rm_server_dmz_arr[@]} ; do
+
+      # - Skip if no interface is given
+      # -
+      if [[ -z "${rm_server_dmz_arr[$_ip]}" ]] ; then
+         no_if_for_ip_arr+=("$_ip")
+         continue
+      fi
+
+      # - From Gateway
+      $ipt -A OUTPUT -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding ; then
+
+         # - From extern
+
+         # - Nat if interface is on a dsl line
+         # -
+         if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
+            $ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
+         fi
+         $ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port  -m conntrack --ctstate NEW -j ACCEPT
+
+         # - From intern
+         if ! $permit_between_local_networks ; then
+            for _dev in ${local_if_arr[@]} ; do
+               $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
+            done
+         fi
+
+         # - Rule is needed if (local) interface aliases in use (like eth0:1)
+         # -
+         if $local_alias_interfaces ; then
+            $ipt -A FORWARD -p tcp -d $_ip --dport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+            $ipt -A FORWARD -p tcp -s $_ip --sport $remote_console_port --tcp-flag ACK ACK -j ACCEPT
+         fi
+      fi
+   done
+
+   if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then
+      echo_warning
+      for _ip in ${no_if_for_ip_arr[@]} ; do
+         warn "No Interface given for ip '$_ip'"
+      done
+   else
+      echo_done
+   fi
+
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service Gateway
+# ---
+
+echononl "\t\tMunin Service Gateway"
+
+if $local_munin_server ; then
+
+   if $provide_munin_service_to_inet ; then
+      # - Provide Service for local and extern networks
+      # -
+      $ipt -A OUTPUT -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+   else
+      # - Provide Service only for for local network
+      # -
+      for _dev in ${local_if_arr[@]} ; do
+         $ipt -A OUTPUT -o $_dev -p tcp --dport $munin_remote_port -m conntrack --ctstate NEW -j ACCEPT
+      done
+   fi
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin Service local Networks
+# ---
+
+echononl "\t\tMunin Service local Networks"
+if [[ ${#munin_local_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${munin_local_server_ip_arr[@]} ; do
+      $ipt -A INPUT -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            if ! $permit_between_local_networks ; then
+               $ipt -A FORWARD -i $_dev -s $_ip -p tcp --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+            fi
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --sport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --dport $munin_local_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Munin remote Server
+# ---
+
+echononl "\t\tMunin remote Server"
+
+if [[ -n $munin_remote_server ]] && [[ ${#munin_local_client_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${!munin_local_client_ip_arr[@]} ; do
+      if containsElement "$_ip" "${gateway_ipv4_address_arr[@]}" ; then
+         $ipt -A INPUT -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port  -m conntrack --ctstate NEW -j ACCEPT
+      elif $kernel_activate_forwarding ; then
+         $ipt -t nat -A PREROUTING -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server --dport $munin_local_port -j DNAT --to $_ip:$munin_local_port
+         $ipt -A FORWARD -i ${munin_local_client_ip_arr[$_ip]} -p tcp -s $munin_remote_server -d $_ip --dport $munin_local_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon local service
+# ---
+
+echononl "\t\tXyMon Service Gateway"
+
+if $local_xymon_server ; then
+   for _dev in ${local_if_arr[@]} ; do
+      $ipt -A INPUT -i $_dev -p tcp --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - XyMon Service Intranet
+# ---
+
+echononl "\t\tXyMon Service Intranet"
+
+if [[ ${#xymon_server_ip_arr[@]} -gt 0 ]] ; then
+   for _ip in ${xymon_server_ip_arr[@]} ; do
+      if $local_xymon_client ; then
+         $ipt -A OUTPUT -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+      fi
+      if $kernel_activate_forwarding && ! $permit_between_local_networks ; then
+         for _dev in ${local_if_arr[@]} ; do
+            $ipt -A FORWARD -i $_dev -p tcp -d $_ip --dport $xymon_port -m conntrack --ctstate NEW -j ACCEPT
+         done
+      fi
+
+      # - Rule is needed if (local) interface aliases in use (like eth0:1)
+      # -
+      if $kernel_activate_forwarding && $local_alias_interfaces ; then
+         $ipt -A FORWARD -p tcp -d $_ip --dport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+         $ipt -A FORWARD -p tcp -s $_ip --sport $xymon_port --tcp-flag ACK ACK -j ACCEPT
+      fi
+   done
+
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- Portforwarding
+# -------------
+
+# ---
+# - Portforwarding TCP
+# ---
+
+echo
+echononl "\tPortforwarding TCP"
+
+if [[ ${#portforward_tcp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_tcp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p tcp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p tcp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - Portforwarding UDP
+# ---
+
+echononl "\tPortforwarding UDP"
+
+if [[ ${#portforward_udp_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${portforward_udp_arr[@]}" ; do
+
+      # - Split value
+      # -
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - DNAT
+      # -
+      $ipt -t nat -A PREROUTING -i ${_val_arr[0]} -p udp --dport ${_val_arr[1]} -m conntrack --ctstate NEW -j DNAT --to ${_val_arr[2]}:${_val_arr[3]}
+
+      # - Allow Packets
+      # -
+      $ipt -t filter -A FORWARD -i ${_val_arr[0]} -p udp -d ${_val_arr[2]} --dport ${_val_arr[3]} -m conntrack --ctstate NEW -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+
+
+# ---
+# - UNIX Traceroute
+# ---
+
+echo
+echononl "\tUNIX Traceroute"
+
+#   versendet udp packete im gegensatz zu tracert von windows
+#   der icmp-echo-request pakete versendet
+#   einige implementierungen von traceroute (linux) erm�lichens
+#   die option -I und versenden dann ebenfalls icmp-echo-request pakete
+
+for _dev in ${ext_if_arr[@]} ; do
+   $ipt -A OUTPUT -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   $ipt -A INPUT -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   if $kernel_activate_forwarding ; then
+      $ipt -A FORWARD -o $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+      $ipt -A FORWARD -i $_dev -p udp -m conntrack --ctstate NEW --dport 33434:33530 -j ACCEPT
+   fi
+done
+
+echo_done
+
+
+# -------------
+# --- ICMP Traffic (i.e. ping requests)
+# -------------
+
+echononl "\tPermit all ICMP traffic.."
+if $permit_all_icmp_traffic ; then
+   $ipt -A INPUT -p icmp -j ACCEPT
+   $ipt -A OUTPUT -p icmp -j ACCEPT
+   $ipt -A FORWARD -p icmp -j ACCEPT
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# ---
+# - Deny between local networks
+# ---
+
+echo
+echononl "\tDeny all traffic between local networks.."
+if $kernel_activate_forwarding ; then
+   if ! $permit_between_local_networks ; then
+      for _dev_1 in ${local_if_arr[@]} ; do
+         for _dev_2 in ${local_if_arr[@]} ; do
+            if $log_rejected || $log_all ; then
+               $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -j LOG --log-prefix "$log_prefix Rejected local NET: " --log-level $log_level
+            fi
+            $ipt -A FORWARD -i $_dev_1 -o $_dev_2 -p ALL -m conntrack --ctstate NEW -j DROP
+         done
+      done
+      echo_done
+   else
+      echo_skipped
+   fi
+else
+   echo_skipped
+fi
+
+
+# -------------
+# --- Log traffic not matched so far
+# -------------
+echo
+
+echononl "\tLog traffic not matched so far.."
+if $log_rejected || $log_all ; then
+   $ipt -A OUTPUT -j LOG --log-prefix "$log_prefix OUT Rejected: " --log-level $log_level
+   $ipt -A INPUT -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   $ipt -A FORWARD -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   #$ipt -A OUTPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix OUT Rejected: "  --log-level $log_level
+   #$ipt -A INPUT -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix IN Rejected: " --log-level $log_level
+   #$ipt -A FORWARD -m limit --limit-burst 5 -j LOG --log-prefix "$log_prefix FORWARD Rejected: " --log-level $log_level
+   echo_done
+else
+   echo_skipped
+fi
+
+
+
+# -------------
+# --- DROP traffic not matched so far
+# -------------
+echononl "\tDROP traffic not matched so far.."
+
+# - drop all other for all interfaces..
+#
+$ipt -A INPUT -j DROP
+$ipt -A OUTPUT -j DROP
+$ipt -A FORWARD -j DROP
+#
+# ---------- Ende: DROP ----------
+
+echo_done
+
+
+# ---
+# - Warning, if no intern (local) interface is configured
+# ---
+
+if [[ ${#local_if_arr[@]} -lt 1 ]] ; then
+   echo ""
+   echo ""
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+   warn "No local Interface is configured!"
+   if $terminal ; then
+      echo -e "\t\033[33m\033[1m----------\033[m"
+   else
+      echo "----------"
+   fi
+fi
+
+echo
+exit 0
+
diff --git a/WF/src/APC/PowerChute/Linux_x64/install.sh b/WF/src/APC/PowerChute/Linux_x64/install.sh
new file mode 100755
index 0000000..b4196e6
--- /dev/null
+++ b/WF/src/APC/PowerChute/Linux_x64/install.sh
@@ -0,0 +1,1687 @@
+#!/bin/sh
+######################################################################
+# 
+# PowerChute Network Shutdown v.3.1.0
+# Copyright (c) 1999-2013 Schneider Electric, All Rights Reserved. 
+#
+# History:
+#   16Oct2007 Initial revision
+#   12Dec2008 Supported VIMA
+#   16thMay2013 changed the bundled JRE to 1.7
+#
+######################################################################
+
+
+######################################################################
+# Global Constants
+######################################################################
+PCNS_TAR="pcns310.tar"
+PCNS_ZIP="$PCNS_TAR.gz"
+JRE_VERSION="jre1.7.0_45"
+JRE_TGZ_FILE="jre-7u45"
+JRE_REQUIRED_MAJOR=1
+JRE_REQUIRED_MINOR=7
+JRE_REQUIRED_MINI=0
+JRE_REQUIRED_MICRO=0
+LINUX="Linux"
+SOLARIS="Solaris"
+HPUX="HP-UX"
+AIX="AIX"
+VIMA="VIMA"
+UNKNOWN="UNKNOWN"
+XENSERVER="XenServer"
+x86_64="x86_64"
+GROUP1="group1"
+GROUP2="group2"
+GROUP3="group3"
+ARCH="x64"
+
+TRUE=0
+FALSE=1
+STR_YES="YES"
+YES=0
+NO=1
+QUIT=2
+INVALID=99
+# PCNS-1512: Make sure we have /sbin on the path
+PATH=/sbin:$PATH
+
+######################################################################
+# Exit Codes
+######################################################################
+EXIT_SUCCESS=0
+EXIT_USAGE=1
+EXIT_NOT_ROOT_USER=4
+EXIT_UNSUPPORTED_OS=5
+EXIT_UPGRADE_NOT_SUPPORTED=6
+EXIT_USER_ABORT=7
+EXIT_CONFLICT_PCPLUS=8
+EXIT_CONFLICT_PCBE=9
+EXIT_CONFLICT_PCS=10
+EXIT_CONFLICT_VMWARE=11
+EXIT_INVALID_INSTALL_DIR=12
+EXIT_INVALID_JAVA_VERSION=13
+EXIT_INVALID_LOCALE=14
+EXIT_ZIPFILE_MISSING=15
+EXIT_SILENT_CONFIG_MISSING=16
+EXIT_EULA_NOT_ACCEPTED=17
+EXIT_SILENT_INSTALL_JAVA_DIR=20
+
+######################################################################
+# Global Variables
+######################################################################
+UPDATE_INSTALL=$FALSE
+OS=$UNKNOWN
+SILENT_MODE=$FALSE
+
+SRC_DIR=""
+INSTALL_DIR=""
+APP_DIR=""
+JAVA_DIR=""
+ACCEPT_EULA="NO"
+REGISTER_NMC="NO"
+STARTUP=""
+PCBE_STARTUP=""
+PCS_STARTUP=""
+OLD_INSTALL_DIR=""
+JRE_FILE=""
+SPARC=$FALSE
+TR="tr"
+
+######################################################################
+#  Functions
+######################################################################
+
+# trap keyboard interrupt on the following:
+# 1 SIGHUP
+# 2 SIGINT
+# 3 SIGQUIT
+# 6 SIGABRT
+trap control_c 1 2 3 6
+
+control_c()
+# run if user hits control-c
+{
+  echo -en "\n*** User Abort Detected! Exiting ***\n"
+  Echo "Aborting with error code-$EXIT_USER_ABORT"
+  CancelAll $EXIT_USER_ABORT
+}
+
+# Waits for user key press.
+Pause() {
+    OLDCONFIG=`stty -g`
+    stty -icanon -echo min 1 time 0
+    dd count=1 2>/dev/null
+    stty $OLDCONFIG
+}
+
+Echo() {
+    string="$1"
+    echo "$string"
+#    if [ $SILENT_MODE = $TRUE ]; then
+#        echo "$string" >> pcns_install.log
+#    fi
+}
+
+PrintUsage() {
+    Echo "Usage:"
+    Echo "  $0 [-f <config file>] : Silent install with configuration file."
+    Echo "  $0 [-h|-H] : Print help."
+    exit $EXIT_USAGE
+}
+
+IsYN() {
+    rval=$INVALID
+    query_string="$1"
+    loop=$TRUE
+    while [ $loop -eq $TRUE ]
+    do
+        Echo ""
+        Echo "$query_string "
+        read ynq
+        case "$ynq" in
+        [Yy]*)
+            rval=$YES
+            loop=$FALSE
+            ;;
+        [Nn]*)
+            rval=$NO
+            loop=$FALSE
+            ;;
+        *)
+            Echo "Invalid response."
+            ;;
+        esac
+    done
+    return $rval
+}
+
+SetSilentConfig() {
+    # Check parameter
+    cnt=`grep '^INSTALL_DIR=' $SILENT_CONFIG | wc -l`
+    if [ $cnt -gt 1 ]; then
+	    Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+        Echo "Error: Too many INSTALL_DIR in $SILENT_CONFIG"
+        exit $EXIT_INVALID_INSTALL_DIR
+    fi
+    cnt=`grep '^JAVA_DIR=' $SILENT_CONFIG | wc -l`
+    if [ $cnt -gt 1 ]; then
+	    Echo "Aborting with error code-$EXIT_SILENT_INSTALL_JAVA_DIR"
+        Echo "Error: Too many JAVA_DIR in $SILENT_CONFIG"
+        exit $EXIT_SILENT_INSTALL_JAVA_DIR
+    fi
+
+    # Get values from config file
+    INSTALL_DIR=`grep '^INSTALL_DIR=' $SILENT_CONFIG | sed s/INSTALL_DIR=//`
+    JAVA_DIR=`grep '^JAVA_DIR=' $SILENT_CONFIG | sed s/JAVA_DIR=//`
+    ACCEPT_EULA=`grep '^ACCEPT_EULA=' $SILENT_CONFIG | sed s/ACCEPT_EULA=// | sed 's/[^a-zA-Z]*//g' | $TR "[:lower:]" "[:upper:]" `
+    REGISTER_NMC=`grep '^REGISTER_WITH_NMC=' $SILENT_CONFIG | sed s/REGISTER_WITH_NMC=// | $TR "[:lower:]" "[:upper:]" `
+
+    # Verify INSTALL_DIR
+    if [ -n "$INSTALL_DIR" ]; then
+        # Collapse multiple slashes on the path
+        INSTALL_DIR=`echo $INSTALL_DIR | tr -s /`
+    
+        # Remove trailing slash (if any)
+        buf=`echo $INSTALL_DIR | grep '/$' `
+        if [ -n "$buf" ]; then
+            INSTALL_DIR=`echo $INSTALL_DIR | sed 's/\/*$//'`
+        fi
+        
+        # Ensure leading slash
+        buf=`echo $INSTALL_DIR | grep '^/' ` 
+        if [ -z "$buf" ]; then
+		    Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+            Echo "Error: INSTALL_DIR must start with '/'"
+            exit $EXIT_INVALID_INSTALL_DIR
+        fi
+        
+        # Ensure no white space on path
+        buf=`echo $INSTALL_DIR | grep ' ' ` 
+        if [ -n "$buf" ]; then
+		    Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+            Echo "Error: INSTALL_DIR must not contain white space."
+            exit $EXIT_INVALID_INSTALL_DIR
+        fi
+        
+        # Ensure no backslashes on path
+        buf=`echo $INSTALL_DIR | grep '\\\' ` 
+        if [ -n "$buf" ]; then
+		    Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+            Echo "Error: INSTALL_DIR must not contain back slash '\\'"
+            exit $EXIT_INVALID_INSTALL_DIR
+        fi
+        
+        Echo "INSTALL_DIR=$INSTALL_DIR"
+    else
+        buf=`grep '^INSTALL_DIR=' $SILENT_CONFIG`
+        buf2=`grep '^#INSTALL_DIR=' $SILENT_CONFIG`
+        if [ -n "$buf" -o -n "$buf2" ]; then
+            Echo "INSTALL_DIR is not specified."
+            Echo "PCNS will be installed to the default directory \"/opt/APC/PowerChute\""
+            Echo ""
+        else
+		    Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+            Echo "Error: INSTALL_DIR is not configured"
+            exit $EXIT_INVALID_INSTALL_DIR
+        fi
+    fi
+    # Verify JAVA_DIR
+    if [ -n "$JAVA_DIR" ]; then
+
+        #must have / at the end, so add it    
+        buf=`echo $JAVA_DIR | grep '/$' ` 
+        if [ -z "$buf" ]; then
+           JAVA_DIR="$JAVA_DIR/bin/"
+        fi
+
+        # Add"/bin" at the end of JAVA_DIR if needed.
+        # This allows it to be backward compatible with previous versions, 
+        # which did not have the bin
+        
+        buf=`echo $JAVA_DIR | grep '/bin/$' ` 
+        if [ -z "$buf" ]; then
+               JAVA_DIR="$JAVA_DIR/bin/"
+        fi
+        buf=`echo $JAVA_DIR | grep '^/' ` 
+        if [ -z "$buf" ]; then
+            Echo "Error: JAVA_DIR must start with /"
+			Echo "Aborting with error code-$EXIT_SILENT_INSTALL_JAVA_DIR"
+            exit $EXIT_SILENT_INSTALL_JAVA_DIR
+        fi
+        
+        buf=`echo $JAVA_DIR | grep ' ' ` 
+        if [ -n "$buf" ]; then
+            Echo "Error: JAVA_DIR must not contain white space \" \""
+			Echo "Aborting with error code-$EXIT_SILENT_INSTALL_JAVA_DIR"
+            exit $EXIT_SILENT_INSTALL_JAVA_DIR
+        fi
+        
+        buf=`echo $JAVA_DIR | grep '\\\' ` 
+        if [ -n "$buf" ]; then
+            Echo "Error: JAVA_DIR must not contain back slash \"\\\""
+			Echo "Aborting with error code-$EXIT_SILENT_INSTALL_JAVA_DIR"
+            exit $EXIT_SILENT_INSTALL_JAVA_DIR
+        fi
+        if [ ! -d "$JAVA_DIR" ]; then
+            Echo "Error: Invalid JAVA_DIR. $JAVA_DIR does not exist."
+			Echo "Aborting with error code-$EXIT_SILENT_INSTALL_JAVA_DIR"
+            exit $EXIT_SILENT_INSTALL_JAVA_DIR
+        fi
+        Echo "JAVA_DIR=$JAVA_DIR"
+    fi
+}
+
+IsSilentMode() {
+    Echo "IsSilentMode"
+}
+
+IsRootUser() {
+    ROOT="root"
+    case "$OS" in    
+    $SOLARIS)
+        id | grep root > /dev/null 2>&1
+        if [ $? -eq 0 ]; then
+            USER=$ROOT
+        fi
+        ;;
+    *)
+        USER=`id -nu`
+        ;;
+    esac
+    
+    if [ $USER != $ROOT ]; then
+        Echo "Error: $0 must be run with root privileges!"
+		Echo "Aborting with error code-$EXIT_NOT_ROOT_USER"
+        exit $EXIT_NOT_ROOT_USER
+    fi
+}
+
+CheckOS() {
+    OS=`uname | grep -i Linux`
+    if [ ! -z "$OS" ]; then
+        # We're a Linux derivative, decide which one.
+        if [ -f /etc/vima-release ] || [ -f /etc/vma-release ]; then
+            OS=$VIMA
+        else 
+            grep XenServer /etc/redhat-release > /dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                OS=$XENSERVER
+            else
+                OS=$LINUX
+            fi
+        fi
+    else
+        OS=`uname | grep -i HP-UX`
+        if [ ! -z "$OS" ] 
+        then
+            OS=$HPUX
+        else
+            OS=`uname | grep -i AIX`
+            if [ ! -z "$OS" ] 
+            then
+                OS=$AIX
+            else
+                OS=`uname | grep -i SOLARIS`
+                if [ ! -z "$OS" ]
+                then
+                    OS=$SOLARIS
+                    isSparc
+                    SPARC=$?
+                else 
+                    OS=`uname | grep -i SUNOS`
+                    if [ ! -z "$OS" ]
+                    then
+                        OS=$SOLARIS
+                        isSparc
+                        SPARC=$?                        
+                    else
+					    Echo "Aborting with error code-$EXIT_UNSUPPORTED_OS"
+                        Echo "Error: Unknown OS."
+                        exit $EXIT_UNSUPPORTED_OS
+                    fi
+                fi
+            fi
+        fi
+    fi
+    Echo "OS=$OS"
+    Echo ""
+}
+
+isSparc() {
+    rval=$FALSE
+    tmp=`uname -a | grep -i SPARC`
+    if [ ! -z "$tmp" ] 
+    then
+        rval=$TRUE
+    fi
+    return $rval
+}                        
+
+Initialize() {
+    Echo "Initializing ..."
+    case "$OS" in
+    $VIMA)
+        Echo "This version of PowerChute Network Shutdown does not support VMWare ESX or ESXi."
+	Echo "Please consult www.apc.com for the required version of PowerChute Network Shutdown."
+	    Echo "Aborting with error code-$EXIT_UNSUPPORTED_OS"
+        CancelAll $EXIT_UNSUPPORTED_OS
+        ;;
+    $XENSERVER)
+        STARTUP=/etc/rc.d/init.d/PowerChute
+        PCBE_STARTUP=/etc/rc.d/init.d/PBEAgent
+        PCS_STARTUP=/etc/rc.d/init.d/pcs
+        ;;
+    $LINUX)
+        if [ -f /etc/SuSE-release ]; then
+            STARTUP=/etc/init.d/PowerChute
+        elif [ -f /etc/vmware-release ] ; then
+	    Echo "This version of PowerChute Network Shutdown does not support VMWare ESX or ESXi."
+	    Echo "Please consult www.apc.com for the required version of PowerChute Network Shutdown."
+		Echo "Aborting with error code-$EXIT_UNSUPPORTED_OS"
+            CancelAll $EXIT_UNSUPPORTED_OS
+        elif [ -d /etc/rc.d/init.d ]; then
+            STARTUP=/etc/rc.d/init.d/PowerChute
+	    else
+            STARTUP=/etc/init.d/PowerChute
+        fi
+        PCBE_STARTUP=/etc/rc.d/init.d/PBEAgent
+        PCS_STARTUP=/etc/rc.d/init.d/pcs
+        ;;
+    $SOLARIS)
+        STARTUP=/etc/rc2.d/S99PowerChute
+        PCBE_STARTUP=/etc/rc2.d/S99PBEAgent
+        TR=/usr/xpg4/bin/tr
+        ;;
+    $HPUX)
+        STARTUP=/sbin/init.d/pcns
+        ;;
+    $AIX)
+        STARTUP=/etc/rc.APCpcns
+        ;;
+    esac
+}
+
+IsPCNSInstalled() {
+    upgrade=$FALSE    
+    version="Unknown"
+    if [ -f "$STARTUP" ]; then
+        grep 'PowerChute Network Shutdown, v2.2.4' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v2.2.4."
+            version="2.2.4"
+            upgrade=$FALSE
+        fi
+        
+        grep 'PowerChute Network Shutdown, v2.2.5' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v2.2.5."
+            version="2.2.5"
+            upgrade=$FALSE
+        fi
+        
+        grep 'PowerChute Network Shutdown, v2.2.6' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v2.2.6."
+            version="2.2.6"
+            upgrade=$FALSE
+        fi
+        
+        grep 'PowerChute Network Shutdown, v2.2.7' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v2.2.7."
+            version="2.2.7"
+            upgrade=$FALSE
+        fi
+        
+		grep 'PowerChute Network Shutdown, v3.0.0' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v3.0.0"
+            version="3.0.0"
+            upgrade=$TRUE
+        fi
+		
+        grep 'PowerChute Network Shutdown, v3.0.1' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v3.0.1"
+            version="3.0.1"
+            upgrade=$TRUE
+        fi
+        
+        grep 'PowerChute Network Shutdown, v3.1.0' $STARTUP 1>/dev/null 2>/dev/null
+        if [ $? = 0 ]; then
+            Echo "Found PowerChute Network Shutdown v3.1.0"
+            version="3.1.0"
+            upgrade=$TRUE
+        fi
+        
+        if [ $upgrade = $FALSE ]; then
+            Echo "PowerChute Network Shutdown is already installed. Upgrade is not supported for this version."
+            Echo "Please uninstall existing PCNS to continue with installation of PCNS v.3.1.0"
+            Echo "Installation cancelled."
+			Echo "Aborting with error code-$EXIT_UPGRADE_NOT_SUPPORTED"
+            Echo ""
+            exit $EXIT_UPGRADE_NOT_SUPPORTED
+        fi
+        
+        result=$FALSE
+        while [ $result = $FALSE ]
+        do
+            prev_install_dir=`grep '^INSTALL_PATH='  $STARTUP | sed s/INSTALL_PATH=\"// | sed s/\"//`
+            if [ -d "$prev_install_dir/$GROUP2" ]; then
+                Echo "Previous version of PowerChute Network Shutdown is installed."
+                Echo "Update install does not support multiple instances."
+                Echo "Please uninstall PCNS and run this install program again."
+				Echo "Aborting with error code-$EXIT_UPGRADE_NOT_SUPPORTED"
+                Echo "Installation cancelled."
+                Echo ""
+                exit $EXIT_UPGRADE_NOT_SUPPORTED
+            fi
+            if [ $SILENT_MODE = $TRUE ]; then
+                if [ $version = "3.1.0" ]; then
+					Echo "Current version of PowerChute Network Shutdown is installed."
+				else
+					Echo "Previous version of PowerChute Network Shutdown is installed."
+				fi
+                Echo "Start update installation."
+                val=$YES
+            else
+                if [ $version = "3.1.0" ]; then
+					Echo "Current version of PowerChute Network Shutdown is installed."
+				else
+					Echo "Previous version of PowerChute Network Shutdown is installed."
+				fi
+                IsYN "Do you want to update it [Yes|No]?"
+                val=$?
+            fi
+            case $val in
+            $YES)
+                Echo "Update selected for existing version of PowerChute Network Shutdown."
+                UPDATE_INSTALL=$TRUE
+                result=$TRUE
+                ;;
+            $NO)
+                Echo "Installation cancelled."
+				Echo "Aborting with error code-$EXIT_USER_ABORT"
+                Echo ""
+                exit $EXIT_USER_ABORT
+                ;;
+            *)
+                Echo "Invalid response."
+                ;;
+            esac
+        done
+    fi
+}
+
+IsPCPlusInstalled() {
+    if [ -d "/etc/apc_repository" ]; then
+        Echo "PowerChute Plus is installed. Please uninstall PowerChute Plus."
+		Echo "Aborting with error code-$EXIT_CONFLICT_PCPLUS."
+        exit $EXIT_CONFLICT_PCPLUS
+    fi
+}
+
+IsPCBEInstalled() {
+    if [ -n "$PCBE_STARTUP" -a -f "$PCBE_STARTUP" ]
+    then
+	    Echo "Aborting with error code-$EXIT_CONFLICT_PCBE."
+        Echo "PowerChute Business Edition Agent is installed. Please uninstall PCBE Agent."
+        exit $EXIT_CONFLICT_PCBE
+    fi
+}
+
+IsPCSInstalled() {
+    if [ -n "$PCS_STARTUP" -a -f "$PCS_STARTUP" ]
+    then
+        Echo "PowerChute Server is installed. Please uninstall PowerChute Server."
+		Echo "Aborting with error code-$EXIT_CONFLICT_PCS."
+        exit $EXIT_CONFLICT_PCS
+    fi
+}
+
+checkForVMWare() {
+    lang='ja_'
+    if env | grep ^LANG=$lang &>/dev/null;
+    then
+       if [ -e /usr/bin/vmware ]
+       then
+           # VMware detected!
+           
+           # Check for VMware Server
+           if /usr/bin/vmware -v | grep Server &> /dev/null
+           then
+                Echo "VMware Server has been detected on your system. This version of PowerChute Network Shutdown does not support VMware. Please uninstall VMware Server, or consult www.apc.com for the required version of PowerChute Network Shutdown."
+				Echo "Aborting with error code-$EXIT_CONFLICT_VMWARE."
+                exit $EXIT_CONFLICT_VMWARE
+           fi
+           
+           # Check for VMware Workstation
+           if /usr/bin/vmware -v | grep Workstation &> /dev/null
+           then
+                Echo "VMware Workstation has been detected on your system. This version of PowerChute Network Shutdown does not support VMware. Please uninstall VMware Workstation, or consult www.apc.com for the required version of PowerChute Network Shutdown."
+				Echo "Aborting with error code-$EXIT_CONFLICT_VMWARE."
+                exit $EXIT_CONFLICT_VMWARE
+           fi
+       fi
+       
+       # Check for VMware-Player
+       if [ -e /usr/bin/vmplayer ]
+       then
+           # VMware Player detected.
+            Echo "VMware Player has been detected on your system. This version of PowerChute Network Shutdown does not support VMware. Please uninstall VMware Player, or consult www.apc.com for the required version of PowerChute Network Shutdown."
+			Echo "Aborting with error code-$EXIT_CONFLICT_VMWARE."
+            exit $EXIT_CONFLICT_VMWARE
+       fi
+
+     fi
+}
+
+checkForXenServer() {
+    grep XenServer /etc/redhat-release > /dev/null 2>&1
+    if [ $? -eq 0 ]; then
+        Echo "Xen Server has been detected on your system."
+        Echo "This version of PowerChute Network Shutdown does not support Xen Server."
+        Echo "Please consult www.apc.com for the required version of PowerChute Network Shutdown."
+		Echo "Aborting with error code-$EXIT_CONFLICT_VMWARE."
+        exit $EXIT_CONFLICT_VMWARE
+    fi
+}
+
+InitUpdate() {
+    if [ $UPDATE_INSTALL = $TRUE ]; then
+        # Get PCNS Path
+        OLD_INSTALL_DIR=`grep '^INSTALL_PATH='  $STARTUP | sed s/INSTALL_PATH=\"// | sed s/\"//`
+        Echo "PowerChute Network Shutdown previously installed at:$OLD_INSTALL_DIR" 
+        # Stop daemon
+        case "$OS" in
+        $VIMA)
+            /etc/rc.d/init.d/PowerChute stop
+            ;;
+        $XENSERVER)
+            /etc/rc.d/init.d/PowerChute stop
+            ;;
+        $LINUX)
+            if [ -f /etc/SuSE-release ]; then
+            	if [ -f /etc/init.d/PowerChute ]; then
+                	/etc/init.d/PowerChute stop
+                fi
+            else
+            	if [ -f /etc/rc.d/init.d/PowerChute ]; then
+                	/etc/rc.d/init.d/PowerChute stop
+               	fi
+               	if [ -f /etc/init.d/PowerChute ]; then
+                	/etc/init.d/PowerChute stop
+                fi
+            fi
+            ;;
+        $SOLARIS)
+            /etc/rc2.d/S99PowerChute stop
+            ;;
+        $HPUX)
+            /sbin/init.d/pcns stop
+            ;;
+        $AIX)
+            /etc/rc.APCpcns stop
+            ;;
+        esac
+    fi
+}
+
+BackupOldPCNS() {
+    if [ $UPDATE_INSTALL = $TRUE ]; then
+        # Install dir is same as old PCNS
+        if [ "$INSTALL_DIR/PowerChute" = "$OLD_INSTALL_DIR" ]; then
+            backup_dir="$INSTALL_DIR/PowerChute_update_backup"
+            rm -rf $backup_dir
+            mv $OLD_INSTALL_DIR $backup_dir
+            mkdir -p $OLD_INSTALL_DIR
+            OLD_INSTALL_DIR=$backup_dir
+            Echo "Backup old PCNS directory to $OLD_INSTALL_DIR"
+        fi
+    fi
+}
+
+UninstallOldPCNS() {
+    if [ $UPDATE_INSTALL = $TRUE ]; then
+        # remove all files
+        rm -rf $OLD_INSTALL_DIR
+    fi
+}
+
+CopyUpdateFiles() {
+    if [ $UPDATE_INSTALL = $TRUE ]; then
+        Echo "Copying update files ..."
+        if [ -d "$OLD_INSTALL_DIR/$GROUP1" ]; then
+            # PCNS 222
+            backup_dir="$OLD_INSTALL_DIR/$GROUP1"
+        else
+            backup_dir="$OLD_INSTALL_DIR"
+        fi
+        cp "$backup_dir/m11.cfg" "$APP_DIR/$GROUP1/" 1>/dev/null 2>/dev/null
+        cp "$backup_dir/EventLog.txt" "$APP_DIR/$GROUP1/" 1>/dev/null 2>/dev/null
+        
+        # Convert m11.cfg to INI
+        oldDir=$PWD
+        cd $APP_DIR/$GROUP1
+        m11Path="$backup_dir/m11.cfg"
+        #merge pcnsconfig.ini files.
+        oldIniPath="$backup_dir/pcnsconfig.ini"
+        
+        javaParams="-Xms32m -Xmx64m -cp .:comp/pcns.jar:lib/m11.jar:lib/commons-codec-1.4.jar:lib/commons-collections-3.2.1.jar:lib/commons-configuration-1.6.jar:lib/commons-lang-2.5.jar:lib/commons-logging-1.1.1.jar:lib/log4j-1.2.16.jar:lib/bcprov-jdk16-146.jar:lib/json_simple-1.1.jar:lib/jasypt-1.9.0.jar -Dm11Path=$m11Path -DoldIniPath=$oldIniPath -DapplicationDirectory=$APP_DIR -Dgroup=1 com.apcc.pcns.m11converter.M11Converter"
+        #Echo ${JAVA_DIR}java  $javaParams
+        ${JAVA_DIR}java  $javaParams 1>/dev/null 2>/dev/null
+        cd $oldDir
+    fi
+}
+
+SetInstallDir() {
+    if [ $SILENT_MODE = $TRUE ]; then
+        if [ -z "$INSTALL_DIR" ]; then
+            INSTALL_DIR="/opt/APC"
+        fi
+    elif [ $UPDATE_INSTALL = $TRUE ]; then
+        # Use the old location
+        INSTALL_DIR=`dirname $OLD_INSTALL_DIR`
+    else
+        res=$FALSE
+        while [ $res = $FALSE ]
+        do
+            Echo ""
+            Echo "Please enter the installation directory or press enter to install to the default directory (/opt/APC/PowerChute):"
+            read val
+            if [ -z "$val" ]; then
+                INSTALL_DIR="/opt/APC"    
+            else
+                INSTALL_DIR=$val    
+                # Verify install path
+                if [ -n "$INSTALL_DIR" ]; then
+                    buf=`echo $INSTALL_DIR | grep '^/' ` 
+                    if [ -z "$buf" ]; then
+                        Echo "Installation directory must start with \"/\""
+						Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+                        exit $EXIT_INVALID_INSTALL_DIR
+                    fi
+                    buf=`echo $INSTALL_DIR | grep ' ' ` 
+                    if [ -n "$buf" ]; then
+                        Echo "Installation directory must not contain white space \" \""
+						Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+                        exit $EXIT_INVALID_INSTALL_DIR
+                    fi
+                    buf=`echo $INSTALL_DIR | grep '\\\' ` 
+                    if [ -n "$buf" ]; then
+                        Echo "Installation directory must not contain back slash \"\\\""
+						Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+                        exit $EXIT_INVALID_INSTALL_DIR
+                    fi
+                fi
+            fi
+
+            IsYN "Are you sure you want to install PCNS to $INSTALL_DIR/PowerChute [Yes|No]?"
+            val=$?
+            case $val in
+            $YES)
+                if [ -d "$INSTALL_DIR/PowerChute" ]; then
+                    IsYN "$INSTALL_DIR/PowerChute already exists. Do you want to use it [Yes|No]?"
+                    val=$?
+                    case $val in
+                    $YES)
+                        BackupOldPCNS
+                        res=$TRUE
+                        ;;
+                    $NO)
+#                        Echo "Please enter the installation directory:"
+#                        read INSTALL_DIR
+                        ;;
+                    *)
+                        Echo "Invalid response."
+                        ;;
+                    esac
+                else
+                    res=$TRUE
+                fi
+                ;;
+            $NO)
+#                Echo "Please enter the installation directory (Example:/opt/APC):"
+#                read INSTALL_DIR
+                ;;
+            *)
+                Echo "Invalid response."
+                ;;
+            esac
+        done
+    fi
+
+    if [ ! -d "$INSTALL_DIR" ]; then
+        Echo "Creating $INSTALL_DIR directory ..."
+        mkdir -p "$INSTALL_DIR"
+        if [ ! $? = 0 ]; then
+            Echo "Failed to create directory $INSTALL_DIR."
+				Echo "Aborting with error code-$EXIT_INVALID_INSTALL_DIR"
+            exit $EXIT_INVALID_INSTALL_DIR
+        fi
+    fi
+    Echo "PCNS will be installed to $INSTALL_DIR/PowerChute"
+}
+
+CheckBundledJava() {
+    rval=$FALSE
+    case "$OS" in
+    $VIMA)
+        JRE_FILE=$JRE_TGZ_FILE"-linux-x64.tar.gz"
+        ;;
+    $LINUX)
+		if [ "$ARCH" = "x64" ]; then
+			JRE_FILE=$JRE_TGZ_FILE"-linux-x64.tar.gz"
+		else
+			JRE_FILE=$JRE_TGZ_FILE"-linux-i586.tar.gz"
+		fi
+        ;;
+    $SOLARIS)
+        if [ $SPARC = $TRUE ]; then
+            JRE_FILE=$JRE_TGZ_FILE"-solaris-sparc.tar.gz"            
+        else
+            JRE_FILE=$JRE_TGZ_FILE"-solaris-i586.tar.gz"
+        fi
+        ;;
+    $XENSERVER)
+        JRE_FILE=$JRE_TGZ_FILE"-linux-i586.tar.gz"
+        ;;
+    $HPUX)
+        ;;
+    $AIX)
+        ;;
+    esac
+    if [ -f "$SRC_DIR/$JRE_FILE" ]; then
+        rval=$TRUE
+    fi
+    return $rval
+}
+
+AskJavaPath() {
+    CheckBundledJava
+    bundled=$?
+    res=$FALSE
+    while [ $res = $FALSE ]
+    do
+        Echo ""
+        if [ $bundled = $TRUE ];then
+            Echo "Please enter java directory if you want to use your system java (example:/usr/local/bin/jre/$JRE_VERSION) or press enter to install the bundled Java:"
+        else
+            Echo "JRE is not bundled. Please enter your java directory (example:/usr/local/bin/jre/$JRE_VERSION):"
+        fi
+        
+        read str
+                
+        if [ $bundled = $TRUE -a -z "$str" ]; then
+            #the empty string is ok, means use the path JRE
+            JAVA_DIR=""
+            res=$TRUE
+        else
+            JAVA_DIR=$str
+            res=$FALSE
+        fi
+        
+        if [ $res = $FALSE -a -n "$JAVA_DIR" ]; then
+            #Fix it as needed
+            
+            #must have / at the end, so add it    
+            buf=`echo $JAVA_DIR | grep '/$' ` 
+            if [ -z "$buf" ]; then
+                  JAVA_DIR="${JAVA_DIR}/"
+            fi
+        
+            # Add/bin at the end of JAVA_DIR if needed
+            # This allows it to be backward compatible
+            # with previous versions, which did not have 
+            # the bin
+            buf=`echo $JAVA_DIR | grep '/bin/$' ` 
+            if [ -z "$buf" ]; then
+                   JAVA_DIR="$JAVA_DIR/bin/"
+            fi
+            
+            buf=`echo $JAVA_DIR | grep ' ' ` 
+            if [ -n "$buf" ]; then
+                Echo "Java directory must not contain white space \" \""
+            else
+                buf=`echo $JAVA_DIR | grep '^/' ` 
+                if [ -z "$buf" ]; then
+                    Echo "Java directory must start with /"
+                else
+                    buf=`echo $JAVA_DIR | grep '\\\' ` 
+                    if [ -n "$buf" ]; then
+                        Echo "Java directory must not contain back slash \"\\\""
+                    elif [ ! -d $JAVA_DIR ]; then
+                        Echo "Invalid path: $JAVA_DIR"
+                    else                                      
+                        #Check the java version before confirming, no point in 
+                        #asking them if they want it is we can't accept it anyway.
+                         CheckJavaVersion
+                         res=$?                        
+                    fi
+                fi
+            fi            
+         fi 
+    done
+}
+
+InstallBundledJava() {
+    CheckBundledJava
+    if [ $? = $FALSE ]; then
+        Echo "No private JRE is bundled for this OS.  Please install and specify a JRE"
+		Echo "Aborting with error code-$EXIT_INVALID_JAVA_VERSION."
+        CancelAll $EXIT_INVALID_JAVA_VERSION
+    fi 
+    
+    # Copy jre file
+	APP_JRE_DIR=$APP_DIR/$JRE_VERSION
+	JAVA_DIR="$APP_DIR/$JRE_VERSION/bin/"
+
+    Echo "Copying jre to $APP_DIR ..."
+    mkdir -p $APP_DIR
+    cp "$SRC_DIR/$JRE_FILE" "$APP_DIR/jre.tar.gz"
+    if [ ! $? -eq 0 ]; then
+        Echo "Failed to copy jre file."
+        CancelAll
+    fi
+    cd $APP_DIR
+    chmod 700 jre.tar.gz
+
+    # Extract Java
+    Echo "Extracting jre to $APP_DIR/jre ..."
+    gunzip jre.tar.gz
+    tar -xf jre.tar
+    if [ ! $? -eq 0 ]; then
+        Echo "Failed to extract jre file."
+        CancelAll
+    fi
+    rm -rf jre.tar
+	chmod -R 0755 $APP_JRE_DIR
+    
+    # Regenerating the Shared Archive
+    if [ ! $OS = "$VIMA" ]; then
+        $JAVA_DIR/java -Xshare:dump 1>/dev/null 2>/dev/null
+    fi
+    cd $APP_DIR
+}
+
+CheckJavaVersion() {
+    Echo "Checking version of Java ..."
+    rval=$FALSE
+
+    # Show JRE Version
+    ${JAVA_DIR}java -version >/dev/null 2>&1
+    if [ ! $? -eq 0 ]; then 
+        Echo 
+        Echo "Java not found at ${JAVA_DIR}."
+    else
+        VERSION=`${JAVA_DIR}java -version 2>&1 | head -n 1 | cut -d\" -f 2 | sed s/_/\./g`
+        Echo "Detected Java Version: $VERSION"
+
+        MAJOR=`echo $VERSION | cut -d\. -f 1`
+        MINOR=`echo $VERSION | cut -d\. -f 2`
+        MINI=`echo $VERSION | cut -d\. -f 3`
+        MICRO=`echo $VERSION | cut -d\. -f 4`
+
+        if [ -z "$MICRO" ]; then
+            MICRO=0
+        fi
+        
+        case "$OS" in
+        $HPUX)
+            JRE_REQUIRED_MICRO=08
+            ;;
+        *) 
+            JRE_REQUIRED_MICRO=0
+            ;;
+        esac
+        
+        if [ $VERSION ]; then
+            if [ \( $MAJOR -gt $JRE_REQUIRED_MAJOR \) -o \( $MAJOR -eq $JRE_REQUIRED_MAJOR -a $MINOR -gt $JRE_REQUIRED_MINOR \) -o \( $MAJOR -eq $JRE_REQUIRED_MAJOR -a $MINOR -eq $JRE_REQUIRED_MINOR -a $MINI -gt $JRE_REQUIRED_MINI \) -o \( $MAJOR -eq $JRE_REQUIRED_MAJOR -a $MINOR -eq $JRE_REQUIRED_MINOR -a $MINI -eq $JRE_REQUIRED_MINI -a $MICRO -ge $JRE_REQUIRED_MICRO \) ]; then
+                Echo "Acceptable version"
+                rval=$TRUE
+            else
+                Echo "Wrong version of Java.  Minimum Java version required is $JRE_REQUIRED_MAJOR.$JRE_REQUIRED_MINOR.$JRE_REQUIRED_MINI.$JRE_REQUIRED_MICRO "
+                Echo "Java can be downloaded from www.java.com"
+            fi
+        else
+            Echo 
+            Echo "Java not found at $JAVA_DIR"
+        fi
+    fi
+    return $rval
+}
+CheckOSArch(){
+tmp=`uname -a | grep -i x86_64`
+if [ ! -z "$tmp" ]; then
+#it is a 64 bit OS
+   if [ "$ARCH" = "x32" ]; then
+     echo "64 bit OS detected.  This installer is for 32 bit OS. Please download the 64 bit installer for this OS"
+	 CancelAll
+   fi  
+else
+#It is a 32 bit OS
+   if [ "$ARCH" = "x64" ]; then
+     echo "32 bit OS detected.  This installer is for 64 bit OS. Please download the 32 bit installer for this OS"
+	 CancelAll
+   fi  
+fi
+
+}
+
+SetupJava() {
+    if [ $SILENT_MODE = $TRUE ]; then
+        if [ -z "$JAVA_DIR" ]; then
+            InstallBundledJava
+            res=$TRUE
+        else
+            CheckJavaVersion
+            res=$?
+            
+            if [ $res -eq $FALSE ]; then
+                # invalid java path
+				Echo "Aborting with error code-$EXIT_INVALID_JAVA_VERSION."
+                CancelAll $EXIT_INVALID_JAVA_VERSION
+            fi
+        fi        
+    else
+        AskJavaPath
+        if [ -z "$JAVA_DIR" ]; then
+            InstallBundledJava
+        fi
+    fi
+
+    # Show JRE Version
+    Echo ""
+    $JAVA_DIR/java -version
+    if [ ! $? -eq 0 ]; then 
+        Echo "" 
+		CheckOSArch
+        Echo "Invalid jre path."
+		CancelAll
+    fi
+    Echo ""
+    # Create java path config file
+    Echo "JAVA_DIR=$JAVA_DIR"
+    Echo ""
+    cd "$SRC_DIR"
+}
+
+SetupM11Cfg() {
+   Echo "Setup the m11.cfg file"
+   filename="$GROUP_DIR/m11.cfg"
+   setting1="host.ApplicationDirectory=$GROUP_DIR"
+   setting2="host.ComponentDirectory=$GROUP_DIR/comp"
+   setting3="Notifier.NotifierExe=$GROUP_DIR/bin/notifier"
+
+    #echo "DEBUG: $setting1"
+    #echo "DEBUG: $setting2"
+    #echo "DEBUG: $setting3"
+    
+    PARAMS=" -cp .:$GROUP_DIR/comp/pcns.jar:$GROUP_DIR/lib/m11.jar com.apcc.pcns.m11cfgInit.M11cfgInit $filename $setting1 $setting2 $setting3"
+    #echo "DEBUG: ${JAVA_DIR}java $PARAMS"
+   #Note:JAVA_DIR has the \ on the end
+   ${JAVA_DIR}java $PARAMS 1>/dev/null 2>/dev/null
+   
+}
+
+SetupCommandFiles() {
+    case "$OS" in
+    $VIMA)
+        cp VIMA/notifier.sh notifier
+        cp VIMA/shutdown.sh shutdown
+        cp VIMA/shutdownhost.pl shutdownhost.pl
+        chmod 744 shutdownhost.pl
+        ;;
+    $XENSERVER)
+        cp Linux/notifier.sh notifier
+        cp Linux/shutdown.sh shutdown
+        ;;        
+    $LINUX)
+        cp Linux/notifier.sh notifier
+        cp Linux/shutdown.sh shutdown
+        ;;
+    $SOLARIS)
+        cp Solaris/notifier.sh notifier
+        cp Solaris/shutdown.sh shutdown
+        ;;
+    $HPUX)
+        cp Hpux/notifier.sh notifier
+        cp Hpux/shutdown.sh shutdown
+        ;;
+    $AIX)
+        cp Aix/notifier.sh notifier
+        cp Aix/shutdown.sh shutdown
+        ;;
+    esac    
+    chmod 744 notifier
+    chmod 744 shutdown
+    rm -rf Linux Solaris Hpux Aix VIMA ESX XenServer
+    cd "$APP_DIR"
+}
+
+SetupAllCommandFiles() {
+    cd "$APP_DIR"
+    if [ -d $GROUP1 ]; then
+        cd ./$GROUP1/bin
+        SetupCommandFiles
+    else
+        cd ./bin
+        SetupCommandFiles
+    fi
+    cd "$APP_DIR"
+}
+
+ConfigureStartup() {
+    APP_DIR_QUOTED=\"$APP_DIR\"
+    group_dir_quoted=\"$GROUP_DIR\"
+
+    # Update scripts
+    if [ $OS = "$HPUX" ]; then
+        sed -e "s:nohup:/bin/nohup:g" powerchute.sh > powerchute.sh.tmp$$
+        mv -f powerchute.sh.tmp$$ powerchute.sh
+    fi
+    sed -e "s:GSUB_INSTALL_PATH:$APP_DIR_QUOTED:g" startup.sh > startup.sh.tmp$$
+    sed -e "s:GSUB_INSTALL_PATH:$group_dir_quoted:g" powerchute.sh > powerchute.sh.tmp$$
+    mv -f startup.sh.tmp$$ startup.sh
+    cp powerchute.sh.tmp$$ $GROUP_DIR/powerchute.sh
+    chmod 744 $GROUP_DIR/powerchute.sh
+    rm -f *.tmp$$
+
+    echo $JAVA_DIR > ${GROUP_DIR}/java.cfg
+}
+
+ConfigureAllStartup() {
+    Echo "Configuring startup files ..."
+    cd "$APP_DIR"
+    
+    if [ -d $GROUP1 ]; then
+        GROUP_DIR="$APP_DIR/$GROUP1"
+        ConfigureStartup
+        rm -f powerchute.sh*
+    else
+        GROUP_DIR=$APP_DIR
+        ConfigureStartup
+    fi
+    Echo "Startup script=$STARTUP"
+
+    cp startup.sh $STARTUP
+    chmod 0544 $STARTUP
+    rm -f startup.sh
+}
+
+UninstallOldStartupLink() {
+    if [ $UPDATE_INSTALL = $TRUE ]; then
+        if [ $OS = "$LINUX" -o $OS = "$VIMA" -o $OS = "$XENSERVER" ]; then
+            Echo "Deleting Linux symbolic link ..."
+       	 if [ -d /etc/rc0.d ]; then
+            rm -f /etc/rc0.d/K99PowerChute
+            rm -f /etc/rc1.d/K99PowerChute
+            rm -f /etc/rc2.d/K99PowerChute
+            rm -f /etc/rc3.d/K99PowerChute
+            rm -f /etc/rc4.d/K99PowerChute
+            rm -f /etc/rc5.d/K99PowerChute
+            rm -f /etc/rc6.d/K99PowerChute
+         else
+            rm -f /etc/rc.d/rc0.d/*99PowerChute
+            rm -f /etc/rc.d/rc1.d/*99PowerChute
+            rm -f /etc/rc.d/rc2.d/*99PowerChute
+            rm -f /etc/rc.d/rc3.d/*99PowerChute
+            rm -f /etc/rc.d/rc4.d/*99PowerChute
+            rm -f /etc/rc.d/rc5.d/*99PowerChute
+            rm -f /etc/rc.d/rc6.d/*99PowerChute
+         fi
+ 	fi
+    fi
+}
+
+ConfigureStartupLink() {
+     if [ $OS = "$LINUX" -o $OS = "$VIMA" -o $OS = "$XENSERVER" ]; then
+        Echo "Updating Linux symbolic link ..."
+        if [ -f /etc/SuSE-release ]; then
+	    insserv PowerChute 1>/dev/null 2>/dev/null
+        elif [ -f /sbin/chkconfig ]; then
+            chkconfig --add PowerChute
+            chkconfig PowerChute on
+        elif [ -d /etc/rc0.d ]; then
+        	if [ ! -L /etc/rc0.d/K99PowerChute ]; then
+            	ln -s /etc/init.d/PowerChute /etc/rc0.d/K99PowerChute
+            fi
+            if [ ! -L /etc/rc1.d/K99PowerChute ]; then
+            	ln -s /etc/init.d/PowerChute /etc/rc1.d/K99PowerChute
+            fi
+            if [ ! -L /etc/rc2.d/S99PowerChute ]; then
+            	ln -s /etc/init.d/PowerChute /etc/rc2.d/S99PowerChute
+            fi
+            if [ ! -L /etc/rc3.d/S99PowerChute ]; then
+            	ln -s /etc/init.d/PowerChute /etc/rc3.d/S99PowerChute
+            fi
+            if [ ! -L /etc/rc4.d/S99PowerChute ]; then
+            	ln -s /etc/init.d/PowerChute /etc/rc4.d/S99PowerChute
+			fi
+			if [ ! -L /etc/rc5.d/S99PowerChute ]; then            	
+            	ln -s /etc/init.d/PowerChute /etc/rc5.d/S99PowerChute
+            fi
+            if [ ! -L /etc/rc6.d/K99PowerChute ]; then
+            	ln -s /etc/init.d/PowerChute /etc/rc6.d/K99PowerChute
+            fi
+        else
+        	if [ ! -L /etc/rc.d/rc0.d/K99PowerChute ]; then
+            	ln -s /etc/rc.d/init.d/PowerChute /etc/rc.d/rc0.d/K99PowerChute
+			fi
+			if [ ! -L /etc/rc.d/rc1.d/K99PowerChute ]; then
+            	ln -s /etc/rc.d/init.d/PowerChute /etc/rc.d/rc1.d/K99PowerChute
+            fi
+            if [ ! -L /etc/rc.d/rc2.d/S99PowerChute ]; then
+            	ln -s /etc/rc.d/init.d/PowerChute /etc/rc.d/rc2.d/S99PowerChute
+            fi
+            if [ ! -L /etc/rc.d/rc3.d/S99PowerChute ]; then
+            	ln -s /etc/rc.d/init.d/PowerChute /etc/rc.d/rc3.d/S99PowerChute
+            fi
+            if [ ! -L /etc/rc.d/rc4.d/S99PowerChute ]; then
+            	ln -s /etc/rc.d/init.d/PowerChute /etc/rc.d/rc4.d/S99PowerChute
+            fi
+            if [ ! -L /etc/rc.d/rc5.d/S99PowerChute ]; then
+            	ln -s /etc/rc.d/init.d/PowerChute /etc/rc.d/rc5.d/S99PowerChute
+            fi
+            if [ ! -L /etc/rc.d/rc6.d/K99PowerChute ]; then
+            	ln -s /etc/rc.d/init.d/PowerChute /etc/rc.d/rc6.d/K99PowerChute
+            fi
+        fi
+    else
+        case "$OS" in
+        $SOLARIS)
+            cp $STARTUP /etc/rc0.d/K99PowerChute
+            ;;
+        $HPUX)
+            Echo "Updating HP-UX symbolic link ..."
+            ln -s $STARTUP /sbin/rc1.d/K990pcns
+            ln -s $STARTUP /sbin/rc2.d/S990pcns
+            ;;
+        $AIX)
+            Echo "Updating AIX inittab ..."
+            mkitab "PCNS:2:wait:$STARTUP start #PowerChute Network Shutdown" >/dev/null 2>&1
+            ;;
+        esac
+    fi
+}
+
+ConfigureUninstall() {
+    Echo "Configuring uninstall script ..."
+    cd "$APP_DIR"
+    APP_DIR_QUOTED=\"$APP_DIR\"
+    sed -e "s:GSUB_INSTALL_PATH:$APP_DIR_QUOTED:g" uninstall > uninstall.tmp$$
+    mv -f uninstall.tmp$$ uninstall
+    chmod 0544 uninstall 
+}
+
+ConfigureOwner() {
+    chown -R root "$APP_DIR"
+    if [ $OS = "$AIX" ]; then
+        chgrp -R system $APP_DIR
+    else
+        chgrp -R root $APP_DIR
+    fi
+}
+
+RemoveStartup() {
+  if [ $OS = "$LINUX" -o $OS = "$VIMA" -o $OS = "$XENSERVER" ]; then
+    if [ -f $STARTUP ]; then
+        if [ -f /sbin/chkconfig ]; then
+            chkconfig PowerChute off
+            chkconfig --del PowerChute
+        else
+            rm -f /etc/rc.d/rc1.d/K99PowerChute
+            rm -f /etc/rc.d/rc2.d/S99PowerChute
+            rm -f /etc/rc.d/rc3.d/S99PowerChute
+            rm -f /etc/rc.d/rc4.d/S99PowerChute
+            rm -f /etc/rc.d/rc5.d/S99PowerChute
+            rm -f /etc/rc.d/rc6.d/K99PowerChute
+        fi
+        rm -f $STARTUP
+    fi
+  else
+    case "$OS" in
+    $SOLARIS)
+        rm -f /etc/rc2.d/S99PowerChute
+        rm -f /etc/rc0.d/K99PowerChute
+        ;;
+    $HPUX)
+        if [ -f /sbin/init.d/pcns ]; then
+            rm -f /sbin/rc1.d/K990pcns
+            rm -f /sbin/rc2.d/S990pcns
+            rm -f /sbin/init.d/pcns
+        fi
+        ;;
+    $AIX)
+        if [ -f /etc/rc.APCpcns ]; then
+            rmitab PCNS
+            rm -f /etc/rc.APCpcns
+        fi
+        ;;
+    esac
+  fi
+}
+
+CancelAll() {
+    cd "$SRC_DIR"
+    if [ -n "$INSTALL_DIR" ]; then
+        if [ -d "$INSTALL_DIR/PowerChute" ]; then
+             # Fix for PCNS-2463. Perform install rollback if update installation aborts due to some error and rollback to previous configuration 
+        	RollBackInstall
+        else
+            rm -f "$INSTALL_DIR/$PCNS_TAR*"
+        fi
+    fi
+    Echo ""
+    Echo "Installation cancelled."
+    Echo ""
+    exit $1
+}
+
+RollBackInstall() {
+	if [ $UPDATE_INSTALL = $TRUE ]; then
+    	if [ -d "$INSTALL_DIR/PowerChute_update_backup" ]; then
+    		echo "Performing Install Rollback"
+            rm -rf "$INSTALL_DIR/PowerChute"
+            mv "$INSTALL_DIR/PowerChute_update_backup/" "$INSTALL_DIR/PowerChute"
+            Echo "Startup script=$STARTUP"
+            $STARTUP start
+      	else
+            rm -rf "$INSTALL_DIR/PowerChute"
+            RemoveStartup
+      	fi
+ 	else
+    	rm -rf "$INSTALL_DIR/PowerChute"
+    	RemoveStartup
+ 	fi 
+}
+
+ConfigureFirewall(){
+    if [ -f /usr/sbin/esxcfg-firewall ]; then
+        esxcfg-firewall -o 80,tcp,out,"APC PowerChute Port 80"
+        esxcfg-firewall -o 3052,tcp,out,"APC PowerChute Port 3052"
+        esxcfg-firewall -o 3052,tcp,in,"APC PowerChute Port 3052"
+        esxcfg-firewall -o 3052,udp,out,"APC PowerChute Port 3052"
+        esxcfg-firewall -o 3052,udp,in,"APC PowerChute Port 3052"
+        esxcfg-firewall -o 6547,tcp,in,"APC PowerChute Port 6547"
+    else
+        if [ -f /sbin/iptables ] || [ -f /usr/sbin/iptables ]; then
+            iptables -I OUTPUT -p tcp --sport 80 -j ACCEPT
+            iptables -I OUTPUT -p tcp --sport 3052 -j ACCEPT
+            iptables -I INPUT -p tcp --dport 3052 -j ACCEPT
+            iptables -I OUTPUT -p udp --sport 3052 -j ACCEPT
+            iptables -I INPUT -p udp --dport 3052 -j ACCEPT
+            iptables -I INPUT -p tcp --dport 6547 -j ACCEPT
+            
+            service iptables save
+        fi
+		
+		if [ -f /sbin/ip6tables ] || [ -f /usr/sbin/ip6tables ]; then
+            ip6tables -I OUTPUT -p tcp --sport 80 -j ACCEPT
+            ip6tables -I OUTPUT -p tcp --sport 3052 -j ACCEPT
+            ip6tables -I INPUT -p tcp --dport 3052 -j ACCEPT
+            ip6tables -I OUTPUT -p udp --sport 3052 -j ACCEPT
+            ip6tables -I INPUT -p udp --dport 3052 -j ACCEPT
+            ip6tables -I INPUT -p tcp --dport 6547 -j ACCEPT
+            
+            service ip6tables save
+        fi
+               
+   fi
+}
+
+DisplayEULA(){
+    
+    # Default to english license
+    EULA="apclicense.txt"
+
+    Echo "$LANG" | grep -i 'ja_JP.utf-*8'
+    if [ $? -eq 0 ]; then
+       EULA="apclicense.txt.ja_UTF8"
+    fi
+
+    Echo "$LANG" | grep -i 'ja_JP.IBM-*943'
+    if [ $? -eq 0 ]; then
+       EULA="apclicense.txt.ja_ANSI"
+    fi
+
+    Echo "$LANG" | grep -i 'eucJP'
+    if [ $? -eq 0 ]; then
+        EULA="apclicense.txt.ja_EUC"
+    fi 
+    
+    # Extract EULA
+    cp $PCNS_ZIP backup.tar.gz
+    gunzip $PCNS_ZIP
+    tar -xof $PCNS_TAR > /dev/null 2>&1
+        
+    # Display EULA
+    printf "\nPress any key to display End User License Agreement\n"
+    Pause
+    more "PowerChute/group1/$EULA"
+    
+    # Remove file, now that we've read it.
+    rm -rf PowerChute > /dev/null 2>&1
+    rm -rf $PCNS_TAR > /dev/null 2>&1
+    mv backup.tar.gz $PCNS_ZIP > /dev/null 2>&1
+    
+    agreed=
+    while [ -z "$agreed" ]
+    do
+        printf "\nDo you agree to the above license terms? [yes or no]\n"
+        read reply leftover
+        case $reply in
+            [yY] | [yY][eE][sS])
+                agreed=1
+                ;;
+            [nN] | [nN][oO])
+                printf "If you don't agree to the license you can't install this software\n"
+				printf "Aborting with error code-$EXIT_USER_ABORT\n"
+                exit $EXIT_USER_ABORT
+                ;;
+            *)
+                printf "Please enter \"yes\" or \"no\"."
+                ;;
+        esac
+     done
+}
+
+AddESXiTargetServer() {
+
+    if [ -f /etc/vima-release ] || [ -f /etc/vma-release ]; then
+        echo " "
+        echo "In order for PCNS to shutdown the ESXi host, it must be added as a target server."
+        
+        # validIP:
+        # 0 - IP is valid
+        # 1 - IP is invalid
+        # 2 - User is skipping this
+        
+        validIP=1
+                
+        while [ $validIP -eq 1 ]
+        do
+            echo "Please enter ESXi host IP (XXX.XXX.XXX.XXX) or (q) to skip:"
+            read esxihostip
+        
+            case $esxihostip in
+                [qQ])
+                    validIP=2
+                    printf "\nSkipping configuration of ESXi Host Shutdown.\n"
+                    ;;
+            esac
+            
+            
+            if [ $validIP -ne 2 ]; then
+                #
+                # Validate IP
+                #
+                valid_ip $esxihostip
+                if [ $? -ne 0 ]; then
+                    # invalid ip
+                    printf "\nInvalid IP entered.\n"
+                    validIP=1
+                else
+                    validIP=0
+                fi                
+            fi            
+        done
+        
+        if [ $validIP -eq 0 ]; then
+            echo "Please enter ESXi host username:"
+            read esxihostuser
+        
+            echo "Please enter ESXi host password:"
+            OLDCONFIG=`stty -g`
+            stty -icanon -echo min 1 time 0
+            read esxihostpwd
+            stty $OLDCONFIG
+        
+            echo "Adding target server..."
+            
+            vifp addserver $esxihostip --username $esxihostuser --password $esxihostpwd
+            vifp listservers | grep $esxihostip
+            if [ $? -eq 0 ]; then
+                    echo "Successfully added ESXi host to target server list."                    
+                    echo ""
+            else
+                    echo "Failed to add ESXi host."
+                    echo "To add the host manually please run - sudo vifp addserver <ipaddress>"
+                    echo ""
+            fi        
+        fi        
+    fi
+}
+
+valid_ip()
+{
+    ERROR=0
+    oldIFS=$IFS
+    IFS=.
+    set -f
+    set -- $1
+    if [ $# -eq 4 ]; then
+        for seg
+        do
+            case $seg in
+                ""|*[!0-9]*) ERROR=1;break ;; ## Segment empty or non-numeric char
+                *) [ $seg -gt 255 ] && ERROR=2 ;;
+            esac
+        done
+    else
+        ERROR=3 ## Not 4 segments
+    fi
+    IFS=$oldIFS
+    set +f
+    return $ERROR
+}
+
+CheckLocale(){
+    Echo "$LANG" | grep -i 'ja*'
+    if [ $? -eq 0 ]; then   
+        # Abort, can't install english on Japanese OS.
+        printf "\nThis version of PowerChute Network Shutdown does not support the Japanese language. Please consult www.apc.com for the required version of PowerChute Network Shutdown.\n"
+		Echo "Aborting with error code-$EXIT_INVALID_LOCALE"
+        exit $EXIT_INVALID_LOCALE
+    fi    
+}
+
+ApplySilentConfig(){
+    if [ "$SILENT_MODE" = "$TRUE" ]; then
+        Echo "Applying Configuration ..."
+        
+        # Register with NMC
+        oldDir=$PWD
+        cd $APP_DIR/$GROUP1
+
+        upgrade="false"
+        if [ "$UPDATE_INSTALL" = "$TRUE" ]; then
+            upgrade="true"
+        fi                
+        
+        javaParams="-Xms32m -Xmx64m -cp .:comp/pcns.jar:lib/m11.jar:lib/commons-codec-1.4.jar:lib/commons-collections-3.2.1.jar:lib/commons-configuration-1.6.jar:lib/commons-lang-2.5.jar:lib/commons-logging-1.1.1.jar:lib/log4j-1.2.16.jar:lib/bcprov-jdk16-146.jar:lib/json_simple-1.1.jar -DsilentConfig=$SILENT_CONFIG -DsourceDir=\"$SRC_DIR\" -DapplicationDirectory=\"$APP_DIR\" -Dgroup=1 -Dupgrade=$upgrade com.apcc.pcns.silentconfig.SilentConfig"
+        echo ${JAVA_DIR}java  $javaParams 2>/dev/null > $APP_DIR/$GROUP1/run.sh
+        chmod +x $APP_DIR/$GROUP1/run.sh
+		$APP_DIR/$GROUP1/run.sh
+		
+        code=$?
+		rm -f $APP_DIR/$GROUP1/run.sh
+        if [ $code -ne 0 ]; then
+            Echo "Error applying configuration.  Error code is: $code"
+            CancelAll $code
+        fi
+        
+        Echo "Configuration complete."
+        cd $oldDir    
+    fi
+}
+
+
+InstallHelp() {
+    # Copy Standard Help files
+    HELP_DIR="$INSTALL_DIR/PowerChute/group1/comp/http/html/Help"
+    mv $HELP_DIR/Standard/* $HELP_DIR/.
+    rmdir $HELP_DIR/Standard 1>/dev/null 2>/dev/null
+    rm -rf $HELP_DIR/VMware/* 1>/dev/null 2>/dev/null
+    rmdir $HELP_DIR/VMware 1>/dev/null 2>/dev/null
+}
+
+InstallComplete(){
+    NODE_NAME=`uname -n`
+    Echo ""
+    Echo "Installation has completed."
+    Echo "PowerChute Network Shutdown can be accessed through your browser at https://<your_server_ip_address>:6547"
+
+    if [ $UPDATE_INSTALL = $FALSE ]; then    
+        Echo "Please complete the configuration wizard so that PowerChute Network Shutdown can protect your server."
+    fi
+    
+    Echo ""
+}
+
+######################################################################
+# Main routine
+######################################################################
+SRC_DIR=`pwd`
+
+# Check zipped install file
+if [ ! -f $PCNS_ZIP ]; then
+    Echo "Can\'t find $PCNS_ZIP"
+	Echo "Aborting with error code-$EXIT_ZIPFILE_MISSING\n"
+    exit $EXIT_ZIPFILE_MISSING
+fi
+
+# Print Banner
+Echo "------------------------------------------------------------------"
+Echo "     PowerChute Network Shutdown 3.1.0 for Linux"
+Echo "     Copyright (c) 1999-2013 Schneider Electric."
+Echo "     All Rights Reserved."
+Echo "------------------------------------------------------------------"
+Echo ""
+
+# Check OS type
+CheckOS
+
+# Check root account
+IsRootUser
+
+# Check Locale Compatibility
+CheckLocale
+
+# Check the OS architecture
+CheckOSArch
+
+# Initialize
+Initialize
+
+# Check silent install
+if [ -z "$1" ]; then
+    SILENT_MODE=$FALSE
+elif [ "$1" = "-f" ]; then 
+    if [ -r "$2" ]; then
+        SILENT_MODE=$TRUE
+        SILENT_CONFIG=$2
+        Echo "Silent mode input from $SILENT_CONFIG"
+        Echo ""
+        SetSilentConfig
+    else
+	    Echo "Aborting with error code-$EXIT_SILENT_CONFIG_MISSING"
+        Echo "Error: Invalid file $2"
+        exit $EXIT_SILENT_CONFIG_MISSING
+    fi
+else
+    PrintUsage
+fi
+
+# Show EULA
+if [ $SILENT_MODE = $TRUE ]; then
+   if [ "$ACCEPT_EULA" = "$STR_YES" ];  then
+        Echo "EULA has been accepted"
+   else
+        Echo "Aborting with error code-$EXIT_EULA_NOT_ACCEPTED"
+        Echo "Error: EULA must be accepted by setting ACCEPT_EULA=$STR_YES in config file"
+        exit $EXIT_EULA_NOT_ACCEPTED
+   fi
+else
+   DisplayEULA
+fi
+
+# Check installed applications
+IsPCPlusInstalled
+IsPCBEInstalled
+IsPCSInstalled
+IsPCNSInstalled
+
+InitUpdate
+
+# Set Install dir
+SetInstallDir
+BackupOldPCNS
+
+APP_DIR="$INSTALL_DIR/PowerChute"
+
+#Check the dependent packages to install java in 64 bit arch
+
+# Setup java
+SetupJava
+
+# Copy tar file to install dir
+Echo "Copying the installation files ..."
+cp "$PCNS_ZIP" "$INSTALL_DIR"
+cd "$INSTALL_DIR"
+
+# Extract PCNS files
+Echo "Extracting PCNS files ..."
+gunzip $PCNS_ZIP
+tar -xf $PCNS_TAR > /dev/null 2>&1
+if [ ! $? = 0 ]
+then
+    Echo "Failed to extract files"
+fi
+rm -rf $PCNS_TAR
+
+
+cd "$APP_DIR"
+Echo "PCNS is extracted to $APP_DIR"
+
+# Setup script files
+SetupAllCommandFiles
+
+# Configure startup script
+ConfigureAllStartup 
+UninstallOldStartupLink
+ConfigureStartupLink
+
+# Fix for PCNS-2453. Multiple entries in 'iptables' on installing PCNS over existing install
+if [ $OS = $VIMA ] || [ $OS = $LINUX ]; then
+service iptables status 1>/dev/null 2>/dev/null
+OUT=$?
+if [ $OUT -eq 0 ] && [ $UPDATE_INSTALL = $FALSE ]; then
+   ConfigureFirewall
+fi
+else
+ConfigureFirewall
+fi
+
+# Configure uninstall script
+ConfigureUninstall
+ConfigureOwner
+
+# For Update install
+CopyUpdateFiles
+
+#Install Help
+InstallHelp
+
+# Start the Service
+SetupM11Cfg
+ApplySilentConfig
+# Fix for PCNS-2463. Delete the back up PowerChute folder once the update is done successfully.
+UninstallOldPCNS
+$STARTUP start
+
+InstallComplete
+
+cd "$SRC_DIR"
+exit $EXIT_SUCCESS
diff --git a/WF/src/APC/PowerChute/Linux_x64/jre-7u45-linux-x64.tar.gz b/WF/src/APC/PowerChute/Linux_x64/jre-7u45-linux-x64.tar.gz
new file mode 100755
index 0000000..7d24ba3
Binary files /dev/null and b/WF/src/APC/PowerChute/Linux_x64/jre-7u45-linux-x64.tar.gz differ
diff --git a/WF/src/APC/PowerChute/Linux_x64/pcns310.tar.gz b/WF/src/APC/PowerChute/Linux_x64/pcns310.tar.gz
new file mode 100755
index 0000000..dcf1f1f
Binary files /dev/null and b/WF/src/APC/PowerChute/Linux_x64/pcns310.tar.gz differ
diff --git a/WF/src/APC/PowerChute/Linux_x64/silentInstall.sample b/WF/src/APC/PowerChute/Linux_x64/silentInstall.sample
new file mode 100755
index 0000000..cd97ec4
--- /dev/null
+++ b/WF/src/APC/PowerChute/Linux_x64/silentInstall.sample
@@ -0,0 +1,181 @@
+# APC PowerChute Network Shutdown (PCNS) Silent Installer
+# 
+# This file contains parameters used by the PCNS silent
+# install option to support mass installation.
+#
+# Do not enclose values in quotes
+#
+# -------------------------------------------------------------------
+# Accept the EULA.
+#
+# This must be changed to YES to accept the EULA.  This is not case
+# sensitive.
+
+ACCEPT_EULA=NO
+#ACCEPT_EULA=YES
+
+# -------------------------------------------------------------------
+# The directory in which to install PCNS:
+# The default value /opt/APC is used if commented out or specified 
+# null value as "INSTALL_DIR="
+#
+# Values specified here are case sensitive.
+# -------------------------------------------------------------------
+
+INSTALL_DIR=/opt/APC
+
+# -------------------------------------------------------------------
+# The directory in which java is installed:
+# A PowerChute only private Java Runtime is used if commented out or
+# specified null value as "JAVA_DIR="
+#
+# PowerChute only private Java Runtime is NOT available on some 
+# Operating Systems.  See PowerChute Documentation for more details.
+#
+# This directory must specify a Java Runtime version 1.7.0 or later.
+#
+# Values specified here are case sensitive. 
+# -------------------------------------------------------------------
+
+JAVA_DIR=/usr/java/latest
+
+# -------------------------------------------------------------------
+# The silent install can register this host's IP address with the 
+# management card. If you are installing PCNS on more than 50 hosts
+# for one management card, consult the PCNS Installation Guide. Valid
+# values for this parameter are "no" or "yes".
+#
+# Values specified here are not case sensitive.
+# -------------------------------------------------------------------
+
+REGISTER_WITH_NMC=YES
+
+# -------------------------------------------------------------------
+# Uncomment and edit the following to specify the installation 
+# configuration.  The installation mode can have one of the 
+# following values:
+#
+# 'single': Register with a single NMC card.
+# 'redundant': Register with several NMC cards in a redundant  
+#	configuration.
+# 'parallel': Register with several NMC cards in a parallel 
+#	configuration.
+#
+# Values specified here are not case sensitive.
+# -------------------------------------------------------------------
+
+# MODE=single
+
+# -------------------------------------------------------------------
+# Fill in the below fields with the correct network configuration. Ensure
+# all the NMCs and servers are in the same network configuration.
+#
+# Valid values for NETWORKCONFIG are 'IPv4' and 'IPv6'
+#
+# Valid values for IPV6NETWORKCONFIG are 'Unicast' and 'Multicast'. This
+# parameter need not specified if the network configuration is IPv4
+# -------------------------------------------------------------------
+
+NETWORKCONFIG=IPv4
+#IPV6NETWORKCONFIG= 
+
+# -------------------------------------------------------------------
+# Uncomment and edit the following to specify the UPS Network 
+# Management cards to register with.
+# -------------------------------------------------------------------
+
+# IP_1=000.000.000.000
+# IP_2=000.000.000.000
+# IP_3=000.000.000.000
+# IP_4=000.000.000.000
+# IP_5=000.000.000.000
+# IP_6=000.000.000.000
+# IP_7=000.000.000.000
+# IP_8=000.000.000.000
+# IP_9=000.000.000.000
+
+# -------------------------------------------------------------------
+# Uncomment and edit the following to specify the UPS Outlet Group 
+# for each UPS NMC.  The value given is the outlet number.
+# -------------------------------------------------------------------
+
+# IP_1_Outlet=0
+# IP_2_Outlet=0
+# IP_3_Outlet=0
+# IP_4_Outlet=0
+# IP_5_Outlet=0
+# IP_6_Outlet=0
+# IP_7_Outlet=0
+# IP_8_Outlet=0
+# IP_9_Outlet=0
+
+# -------------------------------------------------------------------
+# This value specifies the UPS Network Management Port to use for
+# registration.  Valid values are 80, 443, and 5000 to 32768.
+# -------------------------------------------------------------------
+
+PORT=80
+
+# -------------------------------------------------------------------
+# This value specifies the protocol to use when registering with the
+# UPS Network Management Card.  Valid values are 'http' or 'https'.
+#
+# Values specified here are not case sensitive.
+# -------------------------------------------------------------------
+
+PROTOCOL=http
+
+# -------------------------------------------------------------------
+# When using the https protocol, SSL certificates are used to secure the 
+# connection.  By default the NMC uses a self signed certificate, 
+# which needs to be accepted.
+#
+# ACCEPTCERTS=YES 
+# Certificates which are self signed, or have some other issue, will
+# be automatically accepted (Recommended)
+#
+# ACCEPTCERTS=NO
+# Connection will only be established if the NMC has been configured
+# with a valid certificate.
+#
+# Values specified here are not case sensitive.
+# -------------------------------------------------------------------
+
+#ACCEPTCERTS=YES
+
+# -------------------------------------------------------------------
+# Fill in the below fields with the correct security information.
+# The Administrator User Name and Authentication Phrase must match
+# the settings of the Management Card in your UPS.
+#
+# Values specified here are case sensitive.
+# -------------------------------------------------------------------
+
+USERNAME=
+PASSWORD=
+AUTHENTICATION_PHRASE=
+
+# -------------------------------------------------------------------
+# Uncomment and edit the following only if you have more than one
+# network card installed locally. The below fields should specify
+# which local IP address to register with the UPS Network Management
+# Card. 
+# 
+# This field will be read if the network configuration is IPv4
+# -------------------------------------------------------------------
+
+#LOCAL_IP_ADDRESS=000.000.000.000
+
+# -------------------------------------------------------------------
+# The below fields should specify unicast/multicast address to register 
+# with the UPS Network Management Card. 
+# 
+# This field will be read if the network configuration is IPv6.
+#
+# Both Unicast and Multicast address are required if the IPV6NETWORKCONFIG
+# is 'Multicast'. If IPV6NETWORKCONFIG is 'Unicast' only Unicast address
+# is required.
+# -------------------------------------------------------------------
+
+#UNICAST_ADDRESS=
+#MULTICAST_ADDRESS=
\ No newline at end of file
diff --git a/WF/src/APC/PowerChute/pcns310Linux-x86-64.tar.gz b/WF/src/APC/PowerChute/pcns310Linux-x86-64.tar.gz
new file mode 100644
index 0000000..aa2b380
Binary files /dev/null and b/WF/src/APC/PowerChute/pcns310Linux-x86-64.tar.gz differ
diff --git a/WF/src/ipt-gateway b/WF/src/ipt-gateway
new file mode 160000
index 0000000..de0ebb6
--- /dev/null
+++ b/WF/src/ipt-gateway
@@ -0,0 +1 @@
+Subproject commit de0ebb616266e09c1ded3ae277b5b184093f9cc5
diff --git a/WF/src/mailsystem b/WF/src/mailsystem
new file mode 160000
index 0000000..03b820b
--- /dev/null
+++ b/WF/src/mailsystem
@@ -0,0 +1 @@
+Subproject commit 03b820b8b869d6be229340a99ed5994dcd0edec9
diff --git a/WF/src/openvpn b/WF/src/openvpn
new file mode 160000
index 0000000..ebff5a5
--- /dev/null
+++ b/WF/src/openvpn
@@ -0,0 +1 @@
+Subproject commit ebff5a557b537bcb8192d94f733c4df86594258d